| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
| |
Co-authored-by: Jörg Deckert <jdeckert@unitas-network.de>
|
| |
|
|
|
|
| |
This allows to limit units to machines that run on a certain firmware
type. For device tree defined machines checking against the machine's
compatible is also possible.
|
| |
|
|
|
| |
In some optimization level with gcc, including netdev->ifname in log
message causes error.
|
| | |
|
| |
|
|
|
|
|
| |
With some versions of the compiler, the _cleanup_ attr makes it think
the variable might be freed/closed when uninitialized, even though it
cannot happen. The added cost is small enough to be worth the benefit,
and optimized builds will help reduce it even further.
|
| |
|
| |
The encapsulation limit of IPv6 tunnel can not be set to 4, which is the default value of the encapsulation limit.
|
| |
|
|
| |
Another batch of fixes (mostly) generated by Coccinelle.
|
| |
|
|
| |
This also drops unnecessary fseek().
|
| | |
|
| |
|
|
| |
No functional change as long as only one path is passed.
|
| | |
|
| |
|
|
|
|
| |
I started working on this because I wanted to change how
DEFINE_TRIVIAL_CLEANUP_FUNC is defined. Even independently of that change, it's
nice to make make things more consistent and predictable.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
As suggested in https://github.com/systemd/systemd/pull/11484#issuecomment-775288617.
This does not touch anything exposed in src/systemd. Changing the defines there
would be a compatibility break.
Note that tests are broken after this commit. They will be fixed in the next one.
|
| |
|
|
|
|
| |
Even though many of those scripts are very simple, it is easier to include
the header than to try to say whether each of those files is trivial enough
not to require one.
|
| |\
| |
| | |
tree wide use ensure_put
|
| | | |
|
| |/ |
|
| | |
|
| |\
| |
| | |
network: macvlan - add support to configure rx queue for broadcast / multicast
|
| | | |
|
| |\ \
| | |
| | | |
tree-wide: introduce hashmap_ensure_put() and use it
|
| | | | |
|
| | |/ |
|
| |/ |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |\
| |
| | |
libsystemd-network: split network-internal.c
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
Just for consistency.
|
| | |
| |
| |
| |
| | |
There is no "Multicast" constant, and NULL doesn't make sense in the
context of addresses.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
name
This beefs up the READ_FULL_FILE_CONNECT_SOCKET logic of
read_full_file_full() a bit: when used a sender socket name may be
specified. If specified as NULL behaviour is as before: the client
socket name is picked by the kernel. But if specified as non-NULL the
client can pick a socket name to use when connecting. This is useful to
communicate a minimal amount of metainformation from client to server,
outside of the transport payload.
Specifically, these beefs up the service credential logic to pass an
abstract AF_UNIX socket name as client socket name when connecting via
READ_FULL_FILE_CONNECT_SOCKET, that includes the requesting unit name
and the eventual credential name. This allows servers implementing the
trivial credential socket logic to distinguish clients: via a simple
getpeername() it can be determined which unit is requesting a
credential, and which credential specifically.
Example: with this patch in place, in a unit file "waldo.service" a
configuration line like the following:
LoadCredential=foo:/run/quux/creds.sock
will result in a connection to the AF_UNIX socket /run/quux/creds.sock,
originating from an abstract namespace AF_UNIX socket:
@$RANDOM/unit/waldo.service/foo
(The $RANDOM is replaced by some randomized string. This is included in
the socket name order to avoid namespace squatting issues: the abstract
socket namespace is open to unprivileged users after all, and care needs
to be taken not to use guessable names)
The services listening on the /run/quux/creds.sock socket may thus
easily retrieve the name of the unit the credential is requested for
plus the credential name, via a simpler getpeername(), discarding the
random preifx and the /unit/ string.
This logic uses "/" as separator between the fields, since both unit
names and credential names appear in the file system, and thus are
designed to use "/" as outer separators. Given that it's a good safe
choice to use as separators here, too avoid any conflicts.
This is a minimal patch only: the new logic is used only for the unit
file credential logic. For other places where we use
READ_FULL_FILE_CONNECT_SOCKET it is probably a good idea to use this
scheme too, but this should be done carefully in later patches, since
the socket names become API that way, and we should determine the right
amount of info to pass over.
|
| |/ |
|
| | |
|
| | |
|
| |\
| |
| | |
network: introduce Bare UDP Tunnelling
|
| | | |
|
| |/ |
|
| | |
|
| | |
|
| | |
|
| | |
|
