| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| | |
Erradicate strerror
|
| |
| |
| |
| | |
https://github.com/systemd/systemd/pull/24933#discussion_r991242789
|
| |
| |
| |
| |
| | |
Though, it should be already freed already freed in link_stop_engines()
-> ndisc_stop(). Just for safety.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
After the commit 773024685b37170395a11716f8e4ad99d3580455, DNS servers
or domains are dropped when their lifefime become zero. Hence, it is not
necessary to try to them when writing state file.
Of course, because of the accuracy of the timer event source or priority
of event sources, a possibility is introduced that a DNS server or domain
with zero lifetime is stored in the state file. However, such entry will
be dropped soon when the timer event source is triggered. Hence, that
should not cause any real issues.
|
| |
| |
| |
| |
| | |
If there exists multiple routers, then the previous logic may introduce
too many DNS servers or domains.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
received
Routers may send options with zero lifetime if previously announced
information is outdated. Hence, if we receive such messages, then we
need to drop relevant addresses or friends.
See e.g. https://www.rfc-editor.org/rfc/rfc4861#section-12.
Follow-up for 2ccada8dc4a3571468a335808fd6fe49b8c6c6dd.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Zero lifetime in RA is special, and we should not assign possibly very
short lifetime addresses or friends.
This should not change anything at least now, preparation for later
commits. Note, DHCPv4 and v6 code also uses it, but sd-dhcp-client and
sd-dhcp6-client already filtered messages with zero lifetime. Hence,
the change should not affect DHCP code.
|
| |
| |
| |
| |
| | |
Otherwise, settings based on previously received RA messages will never
removed without receiving a new RA message.
|
| |
| |
| |
| |
| |
| |
| | |
Otherwise, e.g. if a router is replaced, then the previously received
settings may never dropped.
Follow-up for 2ccada8dc4a3571468a335808fd6fe49b8c6c6dd.
|
| |
| |
| |
| |
| | |
After the commit 3b6a3bdebfb555754fdc6ee507e3f6964de7b61c, address_get()
does not return 1.
|
| |
| |
| |
| | |
Preparation for later commits.
|
| |
| |
| |
| | |
See https://www.rfc-editor.org/rfc/rfc4861#section-4.6.2.
|
|/
|
|
| |
No functional changes.
|
|
|
|
|
|
|
|
| |
If the lifetime of the route is already expired, do not try to
configure it.
Fixes a use-after-free, as the Request object is already freed, thus, we
cannot use Route or Link stored in Request object.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
IPv6 Neighbor Discovery lets us autoconfigure a link's IPv6 addresses,
routes, DNS servers, and DNS search domains by listening for Router
Advertisement (RA) packets broadcast by one or more routers on the link.
Each RA can contain zero or more "options," each describing one piece of
configuration (e.g. a single route).
Currently, when we receive an RA from a router, we delete any addresses,
routes, etc. that originated from that router's previous RAs unless
they're also present as options in the new RA.
That behavior is a violation of RFC 4861[1]. In Section 9, the RFC
states that
Senders MAY send a subset of options in different packets. ... Thus,
a receiver MUST NOT associate any action with the absence of an
option in a particular packet. This protocol specifies that
receivers should only act on the expiration of timers and on the
information that is received in the packets.
Several other passages in the RFC reiterate this. Section 6.2.3:
A router MAY choose not to include some or all options when sending
unsolicited Router Advertisements.
Section 6.3.4:
Hosts accept the union of all received information; the receipt of a
Router Advertisement MUST NOT invalidate all information received in
a previous advertisement or from another source.
At least one consumer router in production today, the Google Nest Wifi,
often sends RAs that omit its global IPv6 prefix. When current versions
of systemd-networkd receive those RAs, they immediately delete the
interface's global IPv6 address, which breaks IPv6 connectivity.
Fix the issue by removing the invalidation logic entirely. It's not
needed at all, since we already invalidate addresses, routes, and DNS
configuration when the interface goes down or their lifetimes expire.
This fix does have the side effect of preventing changes to the .network
file (e.g. denylisted prefixes, whether to add routes from RAs) from
taking effect as soon as a new RA arrives. Instead, a full interface
reconfiguration is needed. But triggering those changes on RA receipt
was already rather arbitrary and out of the administrator's control, so
I think this change is fine.
commit 69203fba700e ("network: ndisc: remove old addresses and routes
after at least one SLAAC address becomes ready") introduced this
behavior. commit 50550722e3ba fixed it partially, by preventing one
router's RAs from invalidating another router's configuration.
[1] https://www.rfc-editor.org/rfc/rfc4861
Fixes: 69203fba700e ("network: ndisc: remove old addresses and routes after at least one SLAAC address becomes ready")
|
|\
| |
| | |
sd-network: several cleanups
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This drops spurious lines in `networkctl status` for unmanaged interfaces.
Before:
```
$ networkctl status --lines 0 lo
● 1: lo
Link File: n/a
Network File: n/a
Type: loopback
State: carrier (unmanaged)
Online state: unknown
HW Address: 00:00:00:00:00:00
MTU: 65536
QDisc: noqueue
IPv6 Address Generation Mode: eui64
Queue Length (Tx/Rx): 1/1
Address: 127.0.0.1
::1
Activation Policy: up
Required For Online: yes
```
After:
```
$ networkctl status --lines 0 lo
● 1: lo
Link File: n/a
Network File: n/a
State: carrier (unmanaged)
Online state: unknown
Type: loopback
Hardware Address: 00:00:00:00:00:00
MTU: 65536
QDisc: noqueue
IPv6 Address Generation Mode: eui64
Number of Queues (Tx/Rx): 1/1
Address: 127.0.0.1
::1
```
That is, the lines for Activation Policy and Required For Online are
dropped.
|
| | |
|
| |
| |
| |
| |
| |
| | |
"unmanaged"
We have already ignored all errors in other fields.
|
|\ \
| |/
|/| |
sd-device: introduce sd_device_get_child_first() and _next()
|
| | |
|
| | |
|
| |
| |
| |
| | |
Also fixes "Speed:" field, which may show empty value.
|
|/ |
|
|
|
|
|
|
|
|
|
|
|
|
| |
All users were setting this to some static string (usually "-"), so let's
simplify things by not doing strdup, but instead limiting callers to a fixed
set of values. In preparation for the next commit, the function is renamed from
"empty" to "replacement", because it'll be used for more than empty fields. I
didn't do the whole string-table setup, because it's all used internally in one
file and this way we can immediately assert if an invalid value is passed in.
Some callers were (void)ing the error, others were ignoring it, and others
propagating. It's nicer to remove the boilerplate.
|
|
|
|
|
| |
This looks nicer. Some fields were already using "-" as fallback, e.g. Speed,
so this makes things more consistent too.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Building with GCC 12.2 and binutils 2.39 fails on riscv64 Ubuntu Kinetic
with:
FAILED: systemd-oomd
/usr/bin/ld: systemd-oomd.p/src_oom_oomd-util.c.o:
in function `oomd_cgroup_context_acquire':
build/../src/oom/oomd-util.c:415:
undefined reference to `__atomic_exchange_1'
We have to link with -latomic.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
| |
|
|
|
|
|
| |
All these are really unsigned and used as such. This silences some
-Wformat-signedness warnings with gcc.
|
|
|
|
| |
gcc will complain about all these with -Wformat-signedness.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New directive `NetLabel=` provides a method for integrating static and dynamic
network configuration into Linux NetLabel subsystem rules, used by Linux
Security Modules (LSMs) for network access control. The label, with suitable
LSM rules, can be used to control connectivity of (for example) a service with
peers in the local network. At least with SELinux, only the ingress can be
controlled but not egress. The benefit of using this setting is that it may be
possible to apply interface independent part of NetLabel configuration at very
early stage of system boot sequence, at the time when the network interfaces
are not available yet, with netlabelctl(8), and the per-interface configuration
with systemd-networkd once the interfaces appear later. Currently this feature
is only implemented for SELinux.
The option expects a single NetLabel label. The label must conform to lexical
restrictions of LSM labels. When an interface is configured with IP addresses,
the addresses and subnetwork masks will be appended to the NetLabel Fallback
Peer Labeling rules. They will be removed when the interface is
deconfigured. Failures to manage the labels will be ignored.
Example:
```
[DHCPv4]
NetLabel=system_u:object_r:localnet_peer_t:s0
```
With the above rules for interface `eth0`, when the interface is configured with
an IPv4 address of 10.0.0.123/8, `systemd-networkd` performs the equivalent of
`netlabelctl` operation
```
$ sudo netlabelctl unlbl add interface eth0 address:10.0.0.0/8 label:system_u:object_r:localnet_peer_t:s0
```
Result:
```
$ sudo netlabelctl -p unlbl list
...
interface: eth0
address: 10.0.0.0/8
label: "system_u:object_r:localnet_peer_t:s0"
...
```
|
| |
|
|
|
|
| |
Closes #24432.
|
| |
|
|\
| |
| | |
Small improvements to the sd-netlink api
|
| |
| |
| |
| | |
sd_netlink_message_set_request_dump
|
| |
| |
| |
| |
| |
| | |
On reconfiguring an interface, the new setting may not enable IPv4ACD
for an existing address anymore. Hence, we need to unref it. Otherwise,
newly requested addresses may never be ready for (re-)configuring.
|
| |
| |
| |
| |
| | |
Otherwise, if the setting is changed on reconfigure, the new setting
is not applied to the existing addresses.
|
|/
|
|
|
|
|
|
|
|
| |
Previously, when a DHCP address is renewed and if the IPv4ACD for the
address is enabled, the address will never drop the probing flag, thus
the lifetime of the address will never be updated.
This drops NETWORK_CONFIG_STATE_PROBING, and the IPv4ACD status is
managed another bit, Address.acd_bound. And, the flag is updated only
when the IPv4ACD announced the address or detects conflict.
|
| |
|
|
|
|
| |
Closes #24267.
|
|
|
|
|
|
|
| |
- merge unnecessarily split functions,
- drop unnecessary initializations,
- tighten variable scopes,
- introduce TUNTAP() helper function.
|
|
|
|
|
|
| |
Fixes bugs caused by 7f9915f0de67f3a10a4b22810d119da65af8c84a.
Fixes #24268.
|
|
|
|
| |
bus_call_method_async() (#24290)
|
|
|
|
| |
This will be used to save the list of drop-in files for each partition
|
| |
|
| |
|
|
|
|
| |
Preparation for next commit.
|
|
|
| |
This modifies some sd_bus calls to equivalent bus calls.
|
| |
|