picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
48528 commits 2 branches 0 tags 166 MiB
Commit graph

48 commits

Author SHA1 Message Date
walbit-de 2d453f3597
network: add Protocol= to vlan netdev (#17794) 2020-12-02 14:58:02 +01:00
Yu Watanabe dc0e90d2e0
Merge pull request #16929 from ssahani/network-bare-udp 
network: introduce Bare UDP Tunnelling
 2020-09-17 20:34:15 +09:00
Susant Sahani a9b8450bd4 network: Allow vxlan to be created without .network file 2020-09-17 15:49:36 +09:00
Susant Sahani e6980c7270 network: Introduce bare UDP 2020-09-17 15:05:58 +09:00
Alvin Šipraga 0d0de133f0 network: add support for MACVLAN source mode 
Add support for creating a MACVLAN interface in "source" mode by
specifying Mode=source in the [MACVLAN] section of a .netdev file.

A list of allowed MAC addresses for the corresponding MACVLAN can also
be specified with the SourceMACAddress= option of the [MACVLAN] section.

An example .netdev file:

    [NetDev]
    Name=macvlan0
    Kind=macvlan
    MACAddress=02:DE:AD:BE:EF:00

    [MACVLAN]
    Mode=source
    SourceMACAddress=02:AB:AB:AB:AB:01 02:CD:CD:CD:CD:01
    SourceMACAddress=02:EF:EF:EF:EF:01

The same keys can also be specified in [MACVTAP] for MACVTAP kinds of
interfaces, with the same semantics.
 2020-07-08 18:01:52 +02:00
Zbigniew Jędrzejewski-Szmek 804a436582 fuzz-netdev-parser: add test case for earlier version of preceding patches 
AddressSanitizer:DEADLYSIGNAL
=================================================================
==12==ERROR: AddressSanitizer: ABRT on unknown address 0x00000000000c (pc 0x7f0a518b3428 bp 0x7fffa463bfd0 sp 0x7fffa463be68 T0)
SCARINESS: 10 (signal)
    #0 0x7f0a518b3428 in raise (/lib/x86_64-linux-gnu/libc.so.6+0x35428)
    #1 0x7f0a518b5029 in abort (/lib/x86_64-linux-gnu/libc.so.6+0x37029)
    #2 0x7f0a52ca635a in log_assert_failed_realm /work/build/../../src/systemd/src/basic/log.c:819:9
    #3 0x4eea92 in config_parse_wireguard_endpoint /work/build/../../src/systemd/src/network/netdev/wireguard.c:808:9
    #4 0x7f0a52b2f74e in next_assignment /work/build/../../src/systemd/src/shared/conf-parser.c:133:32
    #5 0x7f0a52b2954e in parse_line /work/build/../../src/systemd/src/shared/conf-parser.c:242:16
    #6 0x7f0a52b28911 in config_parse /work/build/../../src/systemd/src/shared/conf-parser.c:377:21
    #7 0x7f0a52b29ec6 in config_parse_many_files /work/build/../../src/systemd/src/shared/conf-parser.c:439:21
    #8 0x7f0a52b2a5a6 in config_parse_many /work/build/../../src/systemd/src/shared/conf-parser.c:507:16
    #9 0x4d8d6c in netdev_load_one /work/build/../../src/systemd/src/network/netdev/netdev.c:732:13
    #10 0x4d3e2b in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/network/fuzz-netdev-parser.c:23:16
    #11 0x6b3266 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:558:15
    #12 0x6af860 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:470:3
    #13 0x6b6970 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__1::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/libfuzzer/FuzzerLoop.cpp:770:7
    #14 0x6b7376 in fuzzer::Fuzzer::Loop(std::__1::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/libfuzzer/FuzzerLoop.cpp:799:3
    #15 0x67573f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:846:6
    #16 0x667097 in main /src/libfuzzer/FuzzerMain.cpp:19:10
    #17 0x7f0a5189e82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #18 0x4295a8 in _start (out/fuzz-netdev-parser+0x4295a8)

DEDUP_TOKEN: raise--abort--log_assert_failed_realm
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: ABRT (/lib/x86_64-linux-gnu/libc.so.6+0x35428) in raise
==12==ABORTING
 2020-06-22 16:32:37 +02:00
Yu Watanabe 0e77fc66bc network: fix double free in macsec_receive_channel_free() 
Fixes #15941.
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22547
 2020-06-01 09:39:46 +02:00
Evgeny Vereshchagin fdd156dd99 tests: add a testcase triggering https://github.com/systemd/systemd/issues/15968 
It's just a follow-up to https://github.com/systemd/systemd/pull/15976
 2020-05-31 21:39:37 +02:00
Rubens Figueiredo 4df4df5b56 network: allow setting VLAN protocol on bridges 
Signed-off-by: Rubens Figueiredo <rubens.figueiredo@bisdn.de>
 2020-05-14 17:59:57 +02:00
Yu Watanabe e8489008cb network: rename IGMPVersion= -> MulticastIGMPVersion= 2019-07-26 11:00:56 +09:00
Susant Sahani afa51e2dfb networkd: bridge add support to set IGMP version 2019-07-25 10:05:06 +09:00
Yu Watanabe 8c9c703c55 network: add AssignToLoopback= setting to [Tunnel] section 
networkd does not manage loopback interface lo. So, previously, we have
no way to assign tunnel devices to lo.
 2019-07-11 09:59:06 +09:00
1848 98d20a17a9 Added support for xfrm interfaces 2019-07-10 23:02:19 +09:00
Yu Watanabe 75eed300a9 network: Allow IFF_VNET_HDR to also be set for tun devices 
f5f07dbf06 adds VnetHeader= for tap
devices, but the flag is also used for tun devices.
This adds VnetHeader= setting in [Tun] section.
 2019-05-22 17:58:46 +09:00
Susant Sahani 8f02c9b085 networkd: FOU netdev add support to configure peer port 2019-05-18 10:25:36 +09:00
Yu Watanabe db439337f9
Merge pull request #12576 from ssahani/fou 
networkd: FOU tunnel support Local and Peer tunnel addresses
 2019-05-16 05:10:35 +02:00
Susant Sahani 4502a61c8a networkd: FOU tunnel support Local and Peer tunnel addresses 2019-05-16 10:24:48 +09:00
Susant Sahani 69c317a07f networkd: introduce netdev ipvtap 
This patch adds netdev ipvtap that is based on the
IP-VLAN network interface, called ipvtap. An ipvtap device can be created
in the same way as an ipvlan device, using 'kind ipvtap', and then accessed
using the tap user space interface.
 2019-05-16 09:48:53 +09:00
Susant Sahani aac350192b networkd: Geneve add support configure IP don't fragment 2019-05-10 22:45:26 +09:00
Susant Sahani 1189c00a3c networkd: VXLAN add support to configure IP Don't fragment. 
Allow users to set the IPv4 DF bit in outgoing packets, or to inherit its
value from the IPv4 inner header. If the encapsulated protocol is IPv6 and
DF is configured to be inherited, always set it.
 2019-05-09 06:40:33 +02:00
Zbigniew Jędrzejewski-Szmek 29e19a6f19 fuzz: fix spelling of MACsec and MACAddress in the corpus 2019-05-08 06:53:07 +05:30
Susant Sahani 4cc0fd7531 networkd: VXLAN add support to configure Generic Protocol Extension 
See https://tools.ietf.org/html/draft-ietf-nvo3-vxlan-gpe-07
 2019-05-08 06:52:42 +05:30
Susant Sahani 6f213e4a34 networkd: VXLAN rename Id to VNI 
It makes more sense to call VXLAN ID as

1. the VXLAN Network Identifier (VNI) (or VXLAN Segment ID)
2. test-network: rename VXLAN Id to VNI
3. fuzzer: Add VXLAN VNI directive to fuzzer
 2019-05-07 20:52:11 +05:30
Yu Watanabe 1c30b174ed network: rename WireGuard.FwMark -> FirewallMark 
For the consistency with FirewallMark= in [RoutingPolicyRule] section.
 2019-05-04 17:20:23 +02:00
Yu Watanabe b0e13c3122 network: add MACsecTransmitAssociation.UseForEncoding= setting 2019-04-12 10:12:42 +09:00
Yu Watanabe a7b9c52f1f network: add MACsec*Association.Activate= setting 2019-04-12 10:12:42 +09:00
Yu Watanabe eb4705fb36 network: add MACsec*Association.KeyFile= setting 2019-04-12 10:12:42 +09:00
Susant Sahani 81962db798 network: Introduce MACsec 
Media Access Control Security (MACsec) is an 802.1AE IEEE
industry-standard security technology that provides secure
communication for all traffic on Ethernet links.
MACsec provides point-to-point security on Ethernet links between
directly connected nodes and is capable of identifying and preventing
most security threats, including denial of service, intrusion,
man-in-the-middle, masquerading, passive wiretapping, and playback attacks.

Closes #5754
 2019-04-12 10:12:41 +09:00
Yu Watanabe 86a3d44de5 network: fix use-of-uninitialized-value or null dereference 
This fixes a bug introduced by 6ef5c881dd.

Fixes oss-fuzz#14157 and oss-fuzz#14158.
 2019-04-10 18:18:11 +09:00
Yu Watanabe a3945c6361 network: add WireGuardPeer.PresharedKeyFile= setting 2019-04-09 15:50:22 +09:00
Yu Watanabe 4d6cd572a7 fuzz: add testcases for the bug in condition_free_list_type() 2019-03-24 00:35:39 +09:00
Yu Watanabe 5ba40bb2cc fuzz: add a testcase for oss-fuzz#13719 2019-03-15 23:47:41 +09:00
Susant Sahani 3a56e697c8 networkd: Introduce l2tp tunnel 
This works allows networkd to configure l2tp tunnel.
See http://man7.org/linux/man-pages/man8/ip-l2tp.8.html
 2019-03-14 10:57:41 +09:00
Yu Watanabe 76df77794a wireguard: add PrivateKeyFile= option 
Closes #11878.
 2019-03-13 12:02:03 +09:00
Susant Sahani fde60a424e netdev bond: add support to configure tlb_dynamic_lb 
Closes https://github.com/systemd/systemd/issues/11135

Add test for bond : tlb_dynamic_lb
 2018-12-15 18:15:16 +05:30
Susant Sahani 918049ad53 networkd: Add support to configure ISATAP tunnel 
Let's just reuse the code of sit tunnel to create a ISATAP tunnel.
Matter of turning a flag

Please see https://elixir.bootlin.com/linux/v4.19.6/source/net/ipv6/sit.c#L208
 2018-12-03 09:15:24 +05:30
Evgeny Vereshchagin 5260482d4c tests: update test/fuzz/fuzz-netdev-parser/directives.netdev 
This is a follow-up to 2266864b04.
 2018-11-28 05:19:12 +01:00
Lennart Poettering bdc0bcf014
Merge pull request #10731 from yuwata/fix-oss-fuzz-11344 
Fixes oss-fuzz#11344
 2018-11-12 10:23:23 +01:00
Yu Watanabe bf877a54c7
Merge pull request #10669 from danderson/networkd-6rd 
networkd: add 6rd support for sit netdevs
 2018-11-12 15:55:03 +09:00
Yu Watanabe c1b4a2b03a fuzz: add testcase of oss-fuzz#11344 2018-11-12 00:36:48 +09:00
Yu Watanabe 3ee0942908 fuzz: add testcase for oss-fuzz#11324 2018-11-10 15:53:32 +09:00
David Anderson 6e42bd5504 Add 6rd directive to the netdev fuzzing corpus. 2018-11-09 17:56:33 -08:00
Yu Watanabe 9f7d3db3ed fuzz: add more testcases of already fixed issue about multiple netdev kind 
This adds testcases of oss-fuzz#11286, oss-fuzz#11287, oss-fuzz#11296,
oss-fuzz#11297, and oss-fuzz#11299.

The issue was fixed by 62facba19a.
 2018-11-08 12:16:13 +09:00
Yu Watanabe 348784e62a fuzz: add testcases for oss-fuzz#11279 and #11280 2018-11-07 17:24:41 +09:00
Evgeny Vereshchagin 220fa139de tests: add a couple of files containing all the sections and directives 
This should help the fuzzers to discover code paths faster.

In case anyone is interested, they were generated with the following script
```
perl -aF'/[\s,]+/' -ne '
if (my ($s, $d) = ($F[0] =~ /^([^\s\.]+)\.([^\s\.]+)$/)) { $d{$s}{$d} = 1; }
END { while (my ($key, $value) = each %d) {
    printf "[%s]\n%s\n", $key, join("\n", keys(%$value))
}}'
```
by passing src/network/networkd-network-gperf.gperf and
src/network/netdev/netdev-gperf.gperf to it.
 2018-11-06 19:42:29 +01:00
Evgeny Vereshchagin cf02fd1b7a tests: replace AdActorSysPrio with AdActorSystemPriority 
This is a follow-up to https://github.com/systemd/systemd/pull/10653.
 2018-11-06 19:36:40 +01:00
Evgeny Vereshchagin a633d5b997 tests: add a reproducer for https://github.com/systemd/systemd/issues/10629 2018-11-06 19:01:32 +01:00
Evgeny Vereshchagin e27aac11f2 networkd: make netdev_load_one "public" and add a fuzzer for it 2018-11-06 19:01:32 +01:00