network: support negation in matching patterns (#4809)
This commit is contained in:
parent
3e7b9f76f5
commit
618b196e9d
|
@ -123,7 +123,10 @@
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>A whitespace-separated list of shell-style globs
|
<para>A whitespace-separated list of shell-style globs
|
||||||
matching the persistent path, as exposed by the udev
|
matching the persistent path, as exposed by the udev
|
||||||
property <literal>ID_PATH</literal>.</para>
|
property <literal>ID_PATH</literal>. If the list is
|
||||||
|
prefixed with a "!", the test is inverted; i.e. it is
|
||||||
|
true when <literal>ID_PATH</literal> does not match any
|
||||||
|
item in the list.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
|
@ -134,7 +137,8 @@
|
||||||
exposed by the udev property <literal>DRIVER</literal>
|
exposed by the udev property <literal>DRIVER</literal>
|
||||||
of its parent device, or if that is not set the driver
|
of its parent device, or if that is not set the driver
|
||||||
as exposed by <literal>ethtool -i</literal> of the
|
as exposed by <literal>ethtool -i</literal> of the
|
||||||
device itself.</para>
|
device itself. If the list is prefixed with a "!", the
|
||||||
|
test is inverted.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
|
@ -142,7 +146,8 @@
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>A whitespace-separated list of shell-style globs
|
<para>A whitespace-separated list of shell-style globs
|
||||||
matching the device type, as exposed by the udev property
|
matching the device type, as exposed by the udev property
|
||||||
<literal>DEVTYPE</literal>.</para>
|
<literal>DEVTYPE</literal>. If the list is prefixed with
|
||||||
|
a "!", the test is inverted.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
|
@ -150,7 +155,8 @@
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>A whitespace-separated list of shell-style globs
|
<para>A whitespace-separated list of shell-style globs
|
||||||
matching the device name, as exposed by the udev property
|
matching the device name, as exposed by the udev property
|
||||||
<literal>INTERFACE</literal>.</para>
|
<literal>INTERFACE</literal>. If the list is prefixed
|
||||||
|
with a "!", the test is inverted.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
|
|
|
@ -86,6 +86,27 @@ int net_get_unique_predictable_data(struct udev_device *device, uint64_t *result
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static bool net_condition_test_strv(char * const *raw_patterns, char *string) {
|
||||||
|
if (strv_isempty(raw_patterns))
|
||||||
|
return true;
|
||||||
|
|
||||||
|
/* If the patterns begin with "!", edit it out and negate the test. */
|
||||||
|
if (raw_patterns[0][0] == '!') {
|
||||||
|
char **patterns;
|
||||||
|
unsigned i, length;
|
||||||
|
|
||||||
|
length = strv_length(raw_patterns) + 1; /* Include the NULL. */
|
||||||
|
patterns = newa(char*, length);
|
||||||
|
patterns[0] = raw_patterns[0] + 1; /* Skip the "!". */
|
||||||
|
for (i = 1; i < length; i++)
|
||||||
|
patterns[i] = raw_patterns[i];
|
||||||
|
|
||||||
|
return !string || !strv_fnmatch(patterns, string, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
return string && strv_fnmatch(raw_patterns, string, 0);
|
||||||
|
}
|
||||||
|
|
||||||
bool net_match_config(const struct ether_addr *match_mac,
|
bool net_match_config(const struct ether_addr *match_mac,
|
||||||
char * const *match_paths,
|
char * const *match_paths,
|
||||||
char * const *match_drivers,
|
char * const *match_drivers,
|
||||||
|
@ -117,20 +138,16 @@ bool net_match_config(const struct ether_addr *match_mac,
|
||||||
if (match_mac && (!dev_mac || memcmp(match_mac, dev_mac, ETH_ALEN)))
|
if (match_mac && (!dev_mac || memcmp(match_mac, dev_mac, ETH_ALEN)))
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
if (!strv_isempty(match_paths) &&
|
if (!net_condition_test_strv(match_paths, dev_path))
|
||||||
(!dev_path || !strv_fnmatch(match_paths, dev_path, 0)))
|
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
if (!strv_isempty(match_drivers) &&
|
if (!net_condition_test_strv(match_drivers, dev_driver))
|
||||||
(!dev_driver || !strv_fnmatch(match_drivers, dev_driver, 0)))
|
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
if (!strv_isempty(match_types) &&
|
if (!net_condition_test_strv(match_types, dev_type))
|
||||||
(!dev_type || !strv_fnmatch_or_empty(match_types, dev_type, 0)))
|
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
if (!strv_isempty(match_names) &&
|
if (!net_condition_test_strv(match_names, dev_name))
|
||||||
(!dev_name || !strv_fnmatch_or_empty(match_names, dev_name, 0)))
|
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
|
|
|
@ -74,6 +74,14 @@ class NetworkdTestingUtilities:
|
||||||
some required methods.
|
some required methods.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
def add_veth_pair(self, veth, peer, veth_options=(), peer_options=()):
|
||||||
|
"""Add a veth interface pair, and queue them to be removed."""
|
||||||
|
subprocess.check_call(['ip', 'link', 'add', 'name', veth] +
|
||||||
|
list(veth_options) +
|
||||||
|
['type', 'veth', 'peer', 'name', peer] +
|
||||||
|
list(peer_options))
|
||||||
|
self.addCleanup(subprocess.call, ['ip', 'link', 'del', 'dev', peer])
|
||||||
|
|
||||||
def write_network(self, unit_name, contents):
|
def write_network(self, unit_name, contents):
|
||||||
"""Write a network unit file, and queue it to be removed."""
|
"""Write a network unit file, and queue it to be removed."""
|
||||||
unit_path = os.path.join(NETWORK_UNITDIR, unit_name)
|
unit_path = os.path.join(NETWORK_UNITDIR, unit_name)
|
||||||
|
@ -439,9 +447,7 @@ IPv6AcceptRA=False''' % self.iface)
|
||||||
|
|
||||||
# create second device/dnsmasq for a .company/.lab VPN interface
|
# create second device/dnsmasq for a .company/.lab VPN interface
|
||||||
# static IPs for simplicity
|
# static IPs for simplicity
|
||||||
subprocess.check_call(['ip', 'link', 'add', 'name', 'testvpnclient', 'type',
|
self.add_veth_pair('testvpnclient', 'testvpnrouter')
|
||||||
'veth', 'peer', 'name', 'testvpnrouter'])
|
|
||||||
self.addCleanup(subprocess.call, ['ip', 'link', 'del', 'dev', 'testvpnrouter'])
|
|
||||||
subprocess.check_call(['ip', 'a', 'flush', 'dev', 'testvpnrouter'])
|
subprocess.check_call(['ip', 'a', 'flush', 'dev', 'testvpnrouter'])
|
||||||
subprocess.check_call(['ip', 'a', 'add', '10.241.3.1/24', 'dev', 'testvpnrouter'])
|
subprocess.check_call(['ip', 'a', 'add', '10.241.3.1/24', 'dev', 'testvpnrouter'])
|
||||||
subprocess.check_call(['ip', 'link', 'set', 'testvpnrouter', 'up'])
|
subprocess.check_call(['ip', 'link', 'set', 'testvpnrouter', 'up'])
|
||||||
|
@ -768,6 +774,42 @@ DNS=127.0.0.1''')
|
||||||
raise
|
raise
|
||||||
|
|
||||||
|
|
||||||
|
class MatchClientTest(unittest.TestCase, NetworkdTestingUtilities):
|
||||||
|
"""Test [Match] sections in .network files.
|
||||||
|
|
||||||
|
Be aware that matching the test host's interfaces will wipe their
|
||||||
|
configuration, so as a precaution, all network files should have a
|
||||||
|
restrictive [Match] section to only ever interfere with the
|
||||||
|
temporary veth interfaces created here.
|
||||||
|
"""
|
||||||
|
|
||||||
|
def tearDown(self):
|
||||||
|
"""Stop networkd."""
|
||||||
|
subprocess.call(['systemctl', 'stop', 'systemd-networkd'])
|
||||||
|
|
||||||
|
def test_basic_matching(self):
|
||||||
|
"""Verify the Name= line works throughout this class."""
|
||||||
|
self.add_veth_pair('test_if1', 'fake_if2')
|
||||||
|
self.write_network('test.network', "[Match]\nName=test_*\n[Network]")
|
||||||
|
subprocess.check_call(['systemctl', 'start', 'systemd-networkd'])
|
||||||
|
self.assert_link_states(test_if1='managed', fake_if2='unmanaged')
|
||||||
|
|
||||||
|
def test_inverted_matching(self):
|
||||||
|
"""Verify that a '!'-prefixed value inverts the match."""
|
||||||
|
# Use a MAC address as the interfaces' common matching attribute
|
||||||
|
# to avoid depending on udev, to support testing in containers.
|
||||||
|
mac = '00:01:02:03:98:99'
|
||||||
|
self.add_veth_pair('test_veth', 'test_peer',
|
||||||
|
['addr', mac], ['addr', mac])
|
||||||
|
self.write_network('no-veth.network', """\
|
||||||
|
[Match]
|
||||||
|
MACAddress=%s
|
||||||
|
Name=!nonexistent *peer*
|
||||||
|
[Network]""" % mac)
|
||||||
|
subprocess.check_call(['systemctl', 'start', 'systemd-networkd'])
|
||||||
|
self.assert_link_states(test_veth='managed', test_peer='unmanaged')
|
||||||
|
|
||||||
|
|
||||||
class UnmanagedClientTest(unittest.TestCase, NetworkdTestingUtilities):
|
class UnmanagedClientTest(unittest.TestCase, NetworkdTestingUtilities):
|
||||||
"""Test if networkd manages the correct interfaces."""
|
"""Test if networkd manages the correct interfaces."""
|
||||||
|
|
||||||
|
@ -798,11 +840,7 @@ class UnmanagedClientTest(unittest.TestCase, NetworkdTestingUtilities):
|
||||||
def create_iface(self):
|
def create_iface(self):
|
||||||
"""Create temporary veth pairs for interface matching."""
|
"""Create temporary veth pairs for interface matching."""
|
||||||
for veth, peer in self.veths.items():
|
for veth, peer in self.veths.items():
|
||||||
subprocess.check_call(['ip', 'link', 'add',
|
self.add_veth_pair(veth, peer)
|
||||||
'name', veth, 'type', 'veth',
|
|
||||||
'peer', 'name', peer])
|
|
||||||
self.addCleanup(subprocess.call,
|
|
||||||
['ip', 'link', 'del', 'dev', peer])
|
|
||||||
|
|
||||||
def test_unmanaged_setting(self):
|
def test_unmanaged_setting(self):
|
||||||
"""Verify link states with Unmanaged= settings, hot-plug."""
|
"""Verify link states with Unmanaged= settings, hot-plug."""
|
||||||
|
|
Loading…
Reference in a new issue