- Do not allocate NetworkConfigSection when filename == NULL
- set .network element before calling hashmap_put()
- Always free NetworkConfigSection in each object.
In case networkd is restarted this prevents a removal of an already existing IP
address that would be configured using networkd. With the proposed changes the
IP address will be kept on the interface without removing. This happens only on
physical hosts or VMs since networkd handles interface configuration slightly
different in containers.
Looked for definitions of functions using the *_compare_func() suffix.
Tested:
- Unit tests passed (ninja -C build/ test)
- Installed this build and booted with it.
This part of the copyright blurb stems from the GPL use recommendations:
https://www.gnu.org/licenses/gpl-howto.en.html
The concept appears to originate in times where version control was per
file, instead of per tree, and was a way to glue the files together.
Ultimately, we nowadays don't live in that world anymore, and this
information is entirely useless anyway, as people are very welcome to
copy these files into any projects they like, and they shouldn't have to
change bits that are part of our copyright header for that.
hence, let's just get rid of this old cruft, and shorten our codebase a
bit.
This drops a good number of type-specific _cleanup_ macros, and patches
all users to just use the generic ones.
In most recent code we abstained from defining type-specific macros, and
this basically removes all those added already, with the exception of
the really low-level ones.
Having explicit macros for this is not too useful, as the expression
without the extra macro is generally just 2ch wider. We should generally
emphesize generic code, unless there are really good reasons for
specific code, hence let's follow this in this case too.
Note that _cleanup_free_ and similar really low-level, libc'ish, Linux
API'ish macros continue to be defined, only the really high-level OO
ones are dropped. From now on this should really be the rule: for really
low-level stuff, such as memory allocation, fd handling and so one, go
ahead and define explicit per-type macros, but for high-level, specific
program code, just use the generic _cleanup_() macro directly, in order
to keep things simple and as readable as possible for the uninitiated.
Note that before this patch some of the APIs (notable libudev ones) were
already used with the high-level macros at some places and with the
generic _cleanup_ macro at others. With this patch we hence unify on the
latter.
Files which are installed as-is (any .service and other unit files, .conf
files, .policy files, etc), are left as is. My assumption is that SPDX
identifiers are not yet that well known, so it's better to retain the
extended header to avoid any doubt.
I also kept any copyright lines. We can probably remove them, but it'd nice to
obtain explicit acks from all involved authors before doing that.
When configuring a network address with /31 using networkd, a /31 without a
broadcast specified should be present.
A /31 which has neither a network nor a broadcast address. See
https://tools.ietf.org/html/rfc3021Fixes#4038
When we are receiving address lifetime valid and lifetime preferred
'0' we set them via ndisc. That makes is shows as depricated and we
treat this as not ready.
In link_check_ready we look for whether address is depricated and
since this is depricated we never configure this link.
Thanks to Marc Haber <mh+github@zugschlus.de>
lifetime 0 a valid, and common, use case. It enables an installation to
autoconfigure systems in a way that they become immediately reachable
without needing local configuration after they have been turned on (for
example, for remote configuration). The local admin can then configure
additional, static IP addresses to be used for the server's service (and
the IP adress _only_, while the rest of network configuration still comes
from autoconfiguration), while _KEEPING_ the possibiltiy to reach the
system over the autoconfigured address in the case that static
configuration fails.
The correct way is to handle the announcement exactly as it is correctly
handled in the released software: It configures the address as
"deprecated", causing the kernel to accept packets addresses to it, and
not to use it for outgoing packets/connections _UNLESS_ there is no other
way to send the packet out.
The only change that is needed is that systemd-networkd should not wedge
itself in that case, it should just continue working (with two IP
addresses configured on the interface).
An IPv6 address with a remamining lifetime of zero is _NOT_ like an
expired IPv4 DHCP lease, it's still a valid and useable IP address. It
is just that the network advises the host not to use the address any
more for outgoing traffic _UNLESS_ there is no other way to send the
traffic.
Fixes#6359
Let's rename all our functions that process IPv4 in_addr structures
in4_addr_xyz(), following the already establishing naming logic for
this.
Leave the in_addr_xyz() prefix for functions that process the IPv4/IPv6
in_addr_union union instead.
Add variables for enabling Router Advertisements, router lifetime as
well as managed and other information flags indicating use of DHCPv6.
Add configuration of default router preferences as defined in RFC 4191.
IPv6PrefixDelegation in the [Network] section has to be set in order
to enable prefix delegation. The rest of the prefix delegation values
are stored in the [IPv6PrefixDelegation] section. The host will act as
a default router if it is given a non-zero lifetime with
RouterLifetimeSec. Managed and OtherInformation booleans set the level
of DHCPv6 support, and the RouterPreference configures the router's
preference between low, medium and high. Words 'normal' and 'default'
are added as synonyms for 'medium' just to make configuration simpler.
This adds a section like the following to .network configuration files:
[Network]
IPv6PrefixDelegation=true
[IPv6PrefixDelegation]
RouterLifetimeSec=2000
Managed=false
OtherInformation=true
RouterPreference=medium
Support zero or more [IPv6Prefix] sections in the network configuration
files. Each section can have one Prefix=<subnet>[/<prefixlength>]
option, with the preferred and valid lifetimes specified by
ValidLifetimeSec and PreferredLifetimeSec measured in seconds, and
with onlink and address autoconfiguration booleans specified by
OnLink and AddressAutoconfiguration variables.
This adds a section like the following to .network configuration files:
[IPv6Prefix]
Prefix=2001:db8:dead:beef::/64
OnLink=true
AddressAutoconfiguration=true
ValidLifetimeSec=1500
PreferredLifetimeSec=1000
section_line and filename should be set together or not at all. Change the
if to test filename, since it's the first of the pair and it seems more natural
to test that.
Now we track the sections for example [Address] via line number.
Which was fine till we din't had dropins dir. If we have multiple
sections which have the ideantical line number in diffrent files
we are overwriting these since line number is the key.
This patch fixes this by taking filename and line number as key.
This fixes [Address] and [Route] section overwriting.
fixes: #5141
Now we are not dropping the IPv6LL address when link is down.
So next time when link is up and before kernel acquired this address
we are using the old address.
When the link is down kernel tells us that this address is no longer
valid . Let's remove this address and again when kernel tells us
that the address is added let's use it.
fixes#3264
This is partial fix for #2228 and #2977, #3204.
bridge-test: netdev ready
docker0: Gained IPv6LL
wlan0: Gained IPv6LL
eth0: Gained IPv6LL
Enumeration completed
bridge-test: netdev exists, using existing without changing its
parameters
vboxnet0: IPv6 enabled for interface: Success
lo: Configured
docker0: Could not drop address: No such process
vboxnet0: Gained carrier
wlan0: Could not drop address: No such process
eth0: Could not drop address: No such process
eth0: Could not drop address: No such process
eth0: Could not drop address: No such process
vboxnet0: Gained IPv6LL
vboxnet0: Could not set NDisc route or address: Invalid argument
vboxnet0: Failed
[New Thread 0x7ffff6505700 (LWP 1111)]
[Thread 0x7ffff6505700 (LWP 1111) exited]
Assertion 'link->state == LINK_STATE_SETTING_ROUTES' failed at
src/network/networkd-link.c:672, function link_enter_configured().
Aborting.
Program received signal SIGABRT, Aborted.
0x00007ffff6dc6a98 in raise () from /lib64/libc.so.6
Missing separate debuginfos, use: dnf debuginfo-install
iptables-1.4.21-15.fc23.x86_64 libattr-2.4.47-14.fc23.x86_64
libidn-1.32-1.fc23.x86_64 pcre-8.38-7.fc23.x86_64
Debugging
(gdb) bt
"link->state == LINK_STATE_SETTING_ROUTES", file=0x5555556a34c8
"src/network/networkd-link.c", line=672,
func=0x5555556a56d0 <__PRETTY_FUNCTION__.14850>
"link_enter_configured") at src/basic/log.c:788
src/network/networkd-link.c:672
src/network/networkd-link.c:720
flags=0 '\000', scope=0 '\000', cinfo=0x7fffffffe020) at
src/network/networkd-address.c:344
(rtnl=0x5555556eded0, message=0x55555570ff20, userdata=0x5555556ec590)
at src/network/networkd-manager.c:604
m=0x55555570ff20) at src/libsystemd/sd-netlink/sd-netlink.c:365
at src/libsystemd/sd-netlink/sd-netlink.c:395
ret=0x0) at src/libsystemd/sd-netlink/sd-netlink.c:429
revents=1, userdata=0x5555556eded0) at
src/libsystemd/sd-netlink/sd-netlink.c:723
src/libsystemd/sd-event/sd-event.c:2268
src/libsystemd/sd-event/sd-event.c:2629
timeout=18446744073709551615) at src/libsystemd/sd-event/sd-event.c:2688
bus=0x5555556eeba0, name=0x55555568a2f5 "org.freedesktop.network1",
timeout=30000000,
check_idle=0x55555556adb6 <manager_check_idle>,
userdata=0x5555556ec590) at src/shared/bus-util.c:134
src/network/networkd-manager.c:1130
src/network/networkd.c:127
(gdb) f 3
src/network/networkd-link.c:672
672 assert(link->state == LINK_STATE_SETTING_ROUTES);
(gdb) p link->state
$1 = LINK_STATE_FAILED
We should not be in this state .
even if vboxnet0 failed we went into this state.
vboxnet0: Could not set NDisc route or address: Invalid argument
vboxnet0: Failed
GLIB has recently started to officially support the gcc cleanup
attribute in its public API, hence let's do the same for our APIs.
With this patch we'll define an xyz_unrefp() call for each public
xyz_unref() call, to make it easy to use inside a
__attribute__((cleanup())) expression. Then, all code is ported over to
make use of this.
The new calls are also documented in the man pages, with examples how to
use them (well, I only added docs where the _unref() call itself already
had docs, and the examples, only cover sd_bus_unrefp() and
sd_event_unrefp()).
This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we
tend to call our destructors these days.
Note that this defines no public macro that wraps gcc's attribute and
makes it easier to use. While I think it's our duty in the library to
make our stuff easy to use, I figure it's not our duty to make gcc's own
features easy to use on its own. Most likely, client code which wants to
make use of this should define its own:
#define _cleanup_(function) __attribute__((cleanup(function)))
Or similar, to make the gcc feature easier to use.
Making this logic public has the benefit that we can remove three header
files whose only purpose was to define these functions internally.
See #2008.
This is managed by the kernel, but we should track whether or not we have
a configured IPv6LL address. This fixes two issues:
- we now wait for IPv6LL before considering the link ready
- we now wait for IPv6LL before attempting to do NDisc or DHCPv6
these protocols relies on an LL address being available.
For now only deserialize some basic state and the applied addresses.
When a link is added, try to deserialize it's state from /run. This
is relevant only when networkd is restarted at runtime.
There are more than enough calls doing string manipulations to deserve
its own files, hence do something about it.
This patch also sorts the #include blocks of all files that needed to be
updated, according to the sorting suggestions from CODING_STYLE. Since
pretty much every file needs our string manipulation functions this
effectively means that most files have sorted #include blocks now.
Also touches a few unrelated include files.
We only keep the addresses that we added ourselves in link->addresses, and
introduce a new set link->addresses_foreign to keep addresses of unknown
origin.
Only functional change is that "foreign" addresses no longer prevent a link
from entering "configured" state.
Establish the firewall rule before creating the address, and do not create the address
if the firewall rule could not be created. Also, only drop the firewall rule once
the address has been removed from the kernel.
Add compare_func and hash_func for the Address object. The notion of
address equality is the same as in the kernel, and hashing preserves
preserves equality.
Two addresses are considered equal if:
- they have the same address family, and
- they are neither IPv4 nor IPv6 addresses, or
- the local addresses are identical, and
- they are IPv6 addresses, or
- they have the same prefixlength, and
- their peer prefixes are identical
This fixes a bug in the old equality check, which got the local address
and the peer prefix mixed up.
- Rely everywhere that we use abs() on the error code passed in anyway,
thus don't need to explicitly negate what we pass in
- Never attach synthetic error number information to log messages. Only
log about errors we *receive* with the error number we got there,
don't log any synthetic error, that don#t even propagate, but just eat
up.
- Be more careful with attaching exactly the error we get, instead of
errno or unrelated errors randomly.
- Fix one occasion where the error number and line number got swapped.
- Make sure we never tape over OOM issues, or inability to resolve
specifiers
When setting IPv6 addresses acquired by DHCPv6, systemd-networkd sets
the IFA_F_NOPREFIXROUTE flag in the IFA_FLAGS netlink attribute. As
the flag and the attribute are present starting with Linux 3.14, older
kernels will need systemd-network to manage prefix route expiry.
By default, DHCPv6 addresses are first assigned setting the
IFA_F_NOPREFIXROUTE flag in the IFA_FLAGS netlink attribute. Should
the address assignment fail, the same assignment is tried without
the IFA_FLAGS attribute. Should also the second attempt fail, an error
is printed and address assignment ends with failure. As successful use
of the IFA_FLAGS netlink attribute is recorded in the Link structure,
the DHCPv6 code will know if the kernel or systemd-network fallback
code handles expiring prefixes.
The prefix expiration and IPv6 address updating fallback code is
resurrected from the parts deleted with commit
47d45d3cde.
This patch can be removed once the minimum kernel requirements are
greater than or equal to 3.14.
This makes adds a couple of fixes:
- Introduces log_netdev_error_errno() and friends, which takes an error
number, and matches what log_link_error_errno() and friends do.
- Replaces a lof ot strerror() usage with log_netdev_error_errno(),
log_link_error_errno() and log_erro_errno()
- Uppercases the first character of many log messages, after all this is
supposed to be english language
- Drops manual negating of error codes before passing them to log
functions, the log functions all do that internally anyway.
Some other minor fixes.
Behaviour should not change really.
The IFA_F_NOPREFIXROUTE flag prevents the kernel from creating new onlink
prefixes when a DHCPv6 IPv6 address with a prefix length is set from user
space. IPv6 routing will follow the onlink status from Router Advertisment
Prefix Information options or any manually set route, which is the correct
thing to do.
As this flag has a larger value than what fits into an unsigned char, update
the flag attribute to an uint32_t and set it with an IFA_FLAGS attribute
when writing netlink messages to the kernel.
This patch removes includes that are not used. The removals were found with
include-what-you-use which checks if any of the symbols from a header is
in use.
This adds two new settings to networkd's .network files:
IPForwarding=yes and IPMasquerade=yes. The former controls the
"forwarding" sysctl setting of the interface, thus controlling whether
IP forwarding shall be enabled on the specific interface. The latter
controls whether a firewall rule shall be installed that exposes traffic
coming from the interface as coming from the local host to all other
interfaces.
This also enables both options by default for container network
interfaces, thus making "systemd-nspawn --network-veth" have network
connectivity out of the box.
As a followup to 086891e5c1 "log: add an "error" parameter to all
low-level logging calls and intrdouce log_error_errno() as log calls
that take error numbers", use sed to convert the simple cases to use
the new macros:
find . -name '*.[ch]' | xargs sed -r -i -e \
's/log_(debug|info|notice|warning|error|emergency)\("(.*)%s"(.*), strerror\(-([a-zA-Z_]+)\)\);/log_\1_errno(-\4, "\2%m"\3);/'
Multi-line log_*() invocations are not covered.
And we also should add log_unit_*_errno().
- Rename log_meta() → log_internal(), to follow naming scheme of most
other log functions that are usually invoked through macros, but never
directly.
- Rename log_info_object() to log_object_info(), simply because the
object should be before any other parameters, to follow OO-style
programming style.
Primarily, this means we get rid of net_parse_inaddr(), and replace it
everywhere with in_addr_from_string() and in_addr_from_string_auto().
These functions do not clobber the callers arguments on failure, which
is more close to our usual coding style.
This patch adds peer address support for
networkd . In the [Address] a new configurable
param is Peer.
[Match]
Name=ipip-tun
[Address]
Address=10.0.0.1/32
Peer=10.0.0.2/32
When an address is configured to be all zeroes, networkd will now
automatically find a locally unused network of the right size from a
list of pre-configured pools. Currently those pools are 10.0.0.0/8,
172.16.0.0/12, 192.168.0.0/16 and fc00::/7, i.e. the network ranges for
private networks. They are compiled in, but should be configurable
eventually.
This allows applying the same configuration to a large number of
interfaces with each time a different IP range block, and management of
these IP ranges is fully automatic.
When allocating an address range from the pool it is made sure the range
is not used otherwise.
Currently when both ipv4ll and dhcp are enabled, ipv4ll
address (if one has been claimed) is removed when dhcp
address is aquired. This is not the best thing to do
since there might be clients unaware of the removal
trying to communicate.
This patch provides a smooth transition between ipv4ll
and dhcp. If ipv4ll address was claimed [1] before dhcp,
address is marked as deprecated. Deprecated address is still
a valid address and packets can be received on it but address
cannot be selected as a source address. If dhcp lease cannot
be extended, then ipv4ll address is marked as valid again.
[1] If there is no collision, claiming IPv4LL takes between 4 to
7 seconds.
This does not belong in shared as it is mostly a detail of our networking subsystem.
Moreover, now we can use libudev here, which will simplify things.
Implements IPv4LL with respect to RFC 3927
(http://tools.ietf.org/rfc/rfc3927.txt) and integrates it
with networkd. Majority of the IPv4LL state machine is
taken from avahi (http://avahi.org/) project's autoip.
IPv4LL can be enabled by IPv4LL=yes under [Network]
section of .network file.
IPv4LL works independent of DHCP but if DHCP lease is
aquired, then LL address will be dropped.
[tomegun: removed a trailing newline and a compiler warning]
Previously the returned object of constructor functions where sometimes
returned as last, sometimes as first and sometimes as second parameter.
Let's clean this up a bit. Here are the new rules:
1. The object the new object is derived from is put first, if there is any
2. The object we are creating will be returned in the next arguments
3. This is followed by any additional arguments
Rationale:
For functions that operate on an object we always put that object first.
Constructors should probably not be too different in this regard. Also,
if the additional parameters might want to use varargs which suggests to
put them last.
Note that this new scheme only applies to constructor functions, not to
all other functions. We do give a lot of freedom for those.
Note that this commit only changes the order of the new functions we
added, for old ones we accept the wrong order and leave it like that.
So far we followed the rule to always indicate the "flavour" of
constructors after the "_new_" or "_open_" in the function name, so
let's keep things in sync here for rtnl and do the same.
The "sd_" prefix is supposed to be used on exported symbols only, and
not in the middle of names. Let's drop it from the cleanup macros hence,
to make things simpler.
The bus cleanup macros don't carry the "sd_" either, so this brings the
APIs a bit nearer.
This adds support to generate a basic resolv.conf in /run/systemd/network.
This file will not take any effect unless a symlink is created from
/etc/resolv.conf.
Nameservers received over DHCP takes precedence over statically configured ones.
Note: /etc/resolv.conf is severely limited, so in the future we will likely
rather provide a much more powerfull nss plugin (or something to that effect),
but this should allow current users to function without any loss of
functionality.
Static addresses/routes are associated with a network. Dynamic
addresses/routes are associtade with links (as the corresponding network
may be shared by several links).
This will allow specifying more options per address than the
simple Address= entry in the [Network] section.
Preliminary support for the same functionality for [Route] sections
are added, but not yet hooked up, as more testing is needed.
Pass on the line on which a section was decleared to the parsers, so they
can distinguish between multiple sections (if they chose to). Currently
no parsers take advantage of this, but a follow-up patch will do that
to distinguish
[Address]
Address=192.168.0.1/24
Label=one
[Address]
Address=192.168.0.2/24
Label=two
from
[Address]
Address=192.168.0.1/24
Label=one
Address=192.168.0.2/24
Label=two
This daemon listens for and configures network devices tagged with
'systemd-networkd'. By default, no devices are tagged so this daemon
can safely run in parallel with existing network daemons/scripts.
Networks are configured in /etc/systemd/network/*.network. The first .network
file that matches a given link is applied. The matching logic is similar to
the one for .link files, but additionally supports matching on interface name.
The mid-term aim is to provide an alternative to ad-hoc scripts currently used
in initrd's and for wired setups that don't change much (e.g., as seen on
servers/and some embedded systems).
Currently, static addresses and a gateway can be configured.
Example .network file:
[Match]
Name=wlp2s0
[Network]
Description=My Network
Gateway=192.168.1.1
Address=192.168.1.23/24
Address=fe80::9aee:94ff:fe3f:c618/64