picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
44958 commits 2 branches 0 tags 166 MiB
Commit graph

279 commits

Author SHA1 Message Date
Yu Watanabe 8d968fdd99 network: support matching based on wifi SSID 2019-10-15 01:59:06 +09:00
Susant Sahani cb29c15605 network: DHCPv4 client: add support to send arbitary option and data 2019-10-15 00:14:02 +09:00
Susant Sahani c16c780804 network: introduce ip nexthop routing 
Used to manipulate entries in the kernel's nexthop tables.
Example:
```
[NextHop]
Id=3
Gateway=192.168.5.1
```
 2019-10-14 21:32:48 +09:00
Zbigniew Jędrzejewski-Szmek 6e2d361d53
Merge pull request #13696 from keszybz/keep-dhcp-on-restart 
Add a way to differentiate restart from stop and keep dhcp config on restart
 2019-10-03 11:25:12 +02:00
Zbigniew Jędrzejewski-Szmek a232ebcc2c core: add support for RestartKillSignal= to override signal used for restart jobs 
v2:
- if RestartKillSignal= is not specified, fall back to KillSignal=. This is necessary
  to preserve backwards compatibility (and keep KillSignal= generally useful).
 2019-10-02 14:01:25 +02:00
Susant Sahani 2805536bff network: DHCPv6 client add support for prefix delegation hint 
Add support for prefix hint lenth and prefix hint address
```
Frame 43: 177 bytes on wire (1416 bits), 177 bytes captured (1416 bits) on interface 0
Ethernet II, Src: f6:c1:08:4d:45:f1 (f6:c1:08:4d:45:f1), Dst: IPv6mcast_01:00:02 (33:33:00:01:00:02)
Internet Protocol Version 6, Src: fe80::d250:c82:7f6e:28d6, Dst: ff02::1:2
User Datagram Protocol, Src Port: 546, Dst Port: 547
DHCPv6
    Message type: Solicit (1)
    Transaction ID: 0x5c7902
    Rapid Commit
    Identity Association for Non-temporary Address
    Fully Qualified Domain Name
    Identity Association for Prefix Delegation
        Option: Identity Association for Prefix Delegation (25)
        Length: 41
        Value: 1b97b1690000000000000000001a0019ffffffffffffffff…
        IAID: 1b97b169
        T1: 0
        T2: 0
        IA Prefix
            Option: IA Prefix (26)
            Length: 25
            Value: ffffffffffffffff3c000000000000000000000000000000…
            Preferred lifetime: infinity
            Valid lifetime: infinity
            Prefix length: 60
            Prefix address: ::
    Option Request
    Client Identifier
    Elapsed time
```
 2019-10-01 23:52:40 +09:00
Siddharth Chandrasekara afe42aef39 dhcp4: make IPServiceType configurable 
IPServiceType set to CS6 (network control) causes problems on some old
network setups that continue to interpret the field as IP TOS.

Make DHCP work on such networks by allowing this field to be set to
CS4 (Realtime) instead, as this maps to IPTOS_LOWDELAY.

Signed-off-by: Siddharth Chandrasekaran <csiddharth@vmware.com>
 2019-09-26 11:39:46 +09:00
Susant Sahani 224ded670f link: Add support to configure NIC ring buffer size 2019-09-24 16:33:35 +02:00
Susant Sahani 299d578f7f network: DHCP server Add support to transmit SIP server 
1. DHCP server trasmit
2. Client parses and saves in leases
Implements http://www.rfc-editor.org/rfc/rfc3361.txt

```
Frame 134: 348 bytes on wire (2784 bits), 348 bytes captured (2784 bits) on interface 0
Ethernet II, Src: 42:65:85:d6:4e:32 (42:65:85:d6:4e:32), Dst: 1e:04:f8:b8:2f:d4 (1e:04:f8:b8:2f:d4)
Internet Protocol Version 4, Src: 192.168.5.1, Dst: 192.168.5.11
User Datagram Protocol, Src Port: 67, Dst Port: 68
Dynamic Host Configuration Protocol (ACK)
    Message type: Boot Reply (2)
    Hardware type: Ethernet (0x01)
    Hardware address length: 6
    Hops: 0
    Transaction ID: 0x7cc87cb4
    Seconds elapsed: 0
    Bootp flags: 0x0000 (Unicast)
    Client IP address: 0.0.0.0
    Your (client) IP address: 192.168.5.11
    Next server IP address: 0.0.0.0
    Relay agent IP address: 0.0.0.0
    Client MAC address: 1e:04:f8:b8:2f:d4 (1e:04:f8:b8:2f:d4)
    Client hardware address padding: 00000000000000000000
    Server host name not given
    Boot file name not given
    Magic cookie: DHCP
    Option: (53) DHCP Message Type (ACK)
        Length: 1
        DHCP: ACK (5)
    Option: (51) IP Address Lease Time
        Length: 4
        IP Address Lease Time: (3600s) 1 hour
    Option: (1) Subnet Mask (255.255.255.0)
        Length: 4
        Subnet Mask: 255.255.255.0
    Option: (3) Router
        Length: 4
        Router: 192.168.5.1
    Option: (6) Domain Name Server
        Length: 4
        Domain Name Server: 192.168.5.1
    Option: (42) Network Time Protocol Servers
        Length: 4
        Network Time Protocol Server: 192.168.1.1
    Option: (120) SIP Servers <=====here
        Length: 9
        SIP Server Encoding: IPv4 Address (1)
        SIP Server Address: 192.168.1.1
        SIP Server Address: 192.168.5.2
    Option: (101) TCode
        Length: 13
        TZ TCode: Europe/Berlin
    Option: (54) DHCP Server Identifier (192.168.5.1)
        Length: 4
        DHCP Server Identifier: 192.168.5.1
    Option: (255) End
        Option End: 255
```

```
cat /run/systemd/netif/state                                                                                                   ✔    3148  16:40:51
OPER_STATE=routable
CARRIER_STATE=carrier
ADDRESS_STATE=routable
DNS=192.168.94.2 192.168.5.1
NTP=192.168.5.1
SIP=192.168.1.1 192.168.5.2

```

aa
 2019-09-20 21:22:23 +09:00
Susant Sahani 5bc945bec4 network dhcp4: Add support send request options in a generic manner 2019-09-20 21:05:48 +09:00
Yu Watanabe 0eb5e6d3f0 dhcp6: use unaligned_read_be32() 
Closes #13591.
 2019-09-20 08:04:15 +00:00
Yu Watanabe 6ffe71d0e2 dhcp6: add missing option length check 
Closes #13578.
 2019-09-17 18:29:20 +00:00
Susant Sahani 203d4df573 network: Add support to advertie ipv6 route 
Implements https://tools.ietf.org/html/rfc4191

cat veth99.network
```
[Match]
Name=veth99

[Network]
DHCP=no
IPv6PrefixDelegation=yes
Address=2001:db8:0:1::1/64

[IPv6Prefix]
Prefix=2001:db8:0:1::4/64

[IPv6RoutePrefix]
Route=2001:db0:fff::/48

```
Wireshark

```
Frame 481: 142 bytes on wire (1136 bits), 142 bytes captured (1136 bits) on interface 0
Ethernet II, Src: 1e:04:f8:b8:2f:d4 (1e:04:f8:b8:2f:d4), Dst: IPv6mcast_01 (33:33:00:00:00:01)
Internet Protocol Version 6, Src: fe80::1c04:f8ff:feb8:2fd4, Dst: ff02::1
Internet Control Message Protocol v6
    Type: Router Advertisement (134)
    Code: 0
    Checksum: 0xec77 [correct]
    [Checksum Status: Good]
    Cur hop limit: 0
    Flags: 0x00, Prf (Default Router Preference): Medium
    Router lifetime (s): 0
    Reachable time (ms): 0
    Retrans timer (ms): 0
    ICMPv6 Option (Source link-layer address : 1e:04:f8:b8:2f:d4)
        Type: Source link-layer address (1)
        Length: 1 (8 bytes)
        Link-layer address: 1e:04:f8:b8:2f:d4 (1e:04:f8:b8:2f:d4)
    ICMPv6 Option (MTU : 1500)
        Type: MTU (5)
        Length: 1 (8 bytes)
        Reserved
        MTU: 1500
    ICMPv6 Option (Prefix information : 2001:db8:0:1::4/64)
        Type: Prefix information (3)
        Length: 4 (32 bytes)
        Prefix Length: 64
        Flag: 0xc0, On-link flag(L), Autonomous address-configuration flag(A)
        Valid Lifetime: 2592000
        Preferred Lifetime: 604800
        Reserved
        Prefix: 2001:db8:0:1::4
    ICMPv6 Option (Route Information : Medium 2001:db0:fff::/48)
        Type: Route Information (24)
        Length: 3 (24 bytes)
        Prefix Length: 48
        Flag: 0x00, Route Preference: Medium
            ...0 0... = Route Preference: Medium (0)
            000. .000 = Reserved: 0
        Route Lifetime: 604800
        Prefix: 2001:db0:fff::
```
 2019-09-17 12:09:59 +02:00
Fabian Henneke d45ee2f31a udev: Add id program and rule for FIDO security tokens 
Add a fido_id program meant to be run for devices in the hidraw
subsystem via an IMPORT directive. The program parses the HID report
descriptor and assigns the ID_SECURITY_TOKEN environment variable if a
declared usage matches the FIDO_CTAPHID_USAGE declared in the FIDO CTAP
specification. This replaces the previous approach of whitelisting all
known security token models manually.

This commit is accompanied by a test suite and a fuzzer target for the
descriptor parsing routine.

Fixes: #11996.
 2019-09-07 02:23:58 +09:00
Yu Watanabe f6c6ff97f5 network: add RoutingPolicyRule.Family= setting 
Closes #13233.
 2019-08-16 22:02:17 +09:00
Yu Watanabe e8489008cb network: rename IGMPVersion= -> MulticastIGMPVersion= 2019-07-26 11:00:56 +09:00
Yu Watanabe 4bd04e3dcb network: drop recently added settings from deprecated [DHCP] section 2019-07-25 12:39:33 +09:00
Susant Sahani afa51e2dfb networkd: bridge add support to set IGMP version 2019-07-25 10:05:06 +09:00
Luca Boccassi 65224c1d0e core: rename ShutdownWatchdogSec to RebootWatchdogSec 
This option is only used on reboot, not on other types of shutdown
modes, so it is misleading.
Keep the old name working for backward compatibility, but remove it
from the documentation.
 2019-07-23 20:29:03 +01:00
Luca Boccassi acafd7d8a6 core: add KExecWatchdogSec option 
Rather than always enabling the shutdown WD on kexec, which might be
dangerous in case the kernel driver and/or the hardware implementation
does not reset the wd on kexec, add a new timer, disabled by default,
to let users optionally enable the shutdown WD on kexec separately
from the runtime and reboot ones. Advise in the documentation to
also use the runtime WD in conjunction with it.

Fixes: a637d0f9ec ("core: set shutdown watchdog on kexec too")
 2019-07-23 20:29:03 +01:00
Yu Watanabe a24e12f020 network: add DHCPv4.RoutesToDNS= setting 2019-07-19 01:49:39 +09:00
Anita Zhang 31cd5f63ce core: ExecCondition= for services 
Closes #10596
 2019-07-17 11:35:02 +02:00
Yu Watanabe b956364db0 network: rename Neighbor.MACAddress= to Neighbor.LinkLayerAddress= 
And make it support IPv4 address.

Closes #13015.
 2019-07-11 22:22:29 +09:00
Lennart Poettering 7e82b4059b
Merge pull request #13006 from yuwata/network-split-dhcp-12917 
networkd: DHCPv6 - separate DHCPv6 options from DHCPv4 options
 2019-07-11 10:28:03 +02:00
Yu Watanabe 8c9c703c55 network: add AssignToLoopback= setting to [Tunnel] section 
networkd does not manage loopback interface lo. So, previously, we have
no way to assign tunnel devices to lo.
 2019-07-11 09:59:06 +09:00
Yu Watanabe f392c06566
Merge pull request #12863 from 1848/if_xfrm 
Added support for xfrm interfaces
 2019-07-10 23:04:49 +09:00
1848 98d20a17a9 Added support for xfrm interfaces 2019-07-10 23:02:19 +09:00
Yu Watanabe e4443f9bfc network: fix memleak 
set_put() does not return -EEXIST.

Fixes #12995 and oss-fuzz#15678.
 2019-07-10 12:27:48 +02:00
Yu Watanabe 4f7331a85e network: rename [DHCP] section to [DHCPv4] 
To keep the backward compatibility broken by the previous commit.
 2019-07-10 17:33:09 +09:00
Susant Sahani caa8ca4286 networkd: DHCPv6 - separate DHCPv6 options from DHCPv4 options 
Closes https://github.com/systemd/systemd/issues/12917
 2019-07-10 16:59:29 +09:00
Yu Watanabe 44005bfb4e network,udev: add Property= setting in [Match] section 
Closes #5665.
 2019-07-01 01:24:42 +09:00
Evgeny Vereshchagin 9bd2422ac3 travis: turn on nonnull-attribute on Fuzzit 2019-06-15 23:12:24 +02:00
Zbigniew Jędrzejewski-Szmek 4b381a9ef6
Merge pull request #12753 from jrouleau/fix/hibernate-resume-timeout 
hibernate-resume: fix resume device timeout
 2019-06-15 17:50:37 +02:00
Susant Sahani 7da377ef16 networkd: add support to keep configuration 2019-06-06 22:50:29 +09:00
Jonathan Rouleau 8b6805a25b hibernate-resume: add resumeflags= kernel option 
Adds the resumeflags= kernel command line option to allow setting a
custom device timeout for the resume device (defaults to the same as the
root device).
 2019-06-05 18:59:05 -06:00
Yu Watanabe 75eed300a9 network: Allow IFF_VNET_HDR to also be set for tun devices 
f5f07dbf06 adds VnetHeader= for tap
devices, but the flag is also used for tun devices.
This adds VnetHeader= setting in [Tun] section.
 2019-05-22 17:58:46 +09:00
Susant Sahani e520ce6440 networkd: Ability to selectively ignore IPv6 prefixes supplied via router advertisement 
Closes https://github.com/systemd/systemd/issues/10647
 2019-05-19 22:23:06 +09:00
Yu Watanabe e7b621ee1f
Merge pull request #12586 from ssahani/route-properties 
Route properties
 2019-05-18 10:31:37 +09:00
Susant Sahani 9b88f20aba networkd: route add MPLS TTL propagate 2019-05-18 10:30:41 +09:00
Susant Sahani 8f02c9b085 networkd: FOU netdev add support to configure peer port 2019-05-18 10:25:36 +09:00
Zbigniew Jędrzejewski-Szmek be44e09162 shared/varlink: add missing setting of output_buffer_allocated 
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14708,
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14735,
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14725,
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14720,
and probably others.
 2019-05-17 15:09:32 +02:00
Yu Watanabe 8688c29b5a varlink: initialize Varlink with 0 
Closes oss-fuzz#14688.
 2019-05-16 18:51:33 +02:00
Yu Watanabe db439337f9
Merge pull request #12576 from ssahani/fou 
networkd: FOU tunnel support Local and Peer tunnel addresses
 2019-05-16 05:10:35 +02:00
Susant Sahani 4502a61c8a networkd: FOU tunnel support Local and Peer tunnel addresses 2019-05-16 10:24:48 +09:00
Susant Sahani 69c317a07f networkd: introduce netdev ipvtap 
This patch adds netdev ipvtap that is based on the
IP-VLAN network interface, called ipvtap. An ipvtap device can be created
in the same way as an ipvlan device, using 'kind ipvtap', and then accessed
using the tap user space interface.
 2019-05-16 09:48:53 +09:00
Yu Watanabe 5d5003ab35 network: add DefaultRouteOnDevice= setting in [Network] section 
When enabled, then default route bound to the interface will be created.
This is useful when adding routes on point-to-point interfaces.

Closes #788.
 2019-05-15 12:44:30 +09:00
Yu Watanabe 6e114a2475
Merge pull request #12555 from ssahani/route-properties 
networkd: route add support to configure fastopen_no_cookie
 2019-05-14 09:03:52 +02:00
Susant Sahani 1501b429a9 networkd: DHCP client add support to send RELEASE packet 
closes #10820
 2019-05-14 09:03:01 +02:00
Susant Sahani 633c725865 networkd: route add support to configure fastopen_no_cookie 
This patch adds fastopen_no_cookie option to enable/disable TCP fastopen
without a cookie on a per-route basis.
 2019-05-14 08:08:36 +05:30
Susant Sahani bdb397ed10 networkd: bridge FDB support more NTF_* flags 
Add support to configure NTF_ROUTER and NTF_USE
 2019-05-14 02:24:51 +02:00
Yu Watanabe cd43199671
Merge pull request #12520 from ssahani/geneve 
networkd: Geneve add DF feature and allow TTL to bechosen by kernel
 2019-05-10 19:47:19 +02:00
Susant Sahani aac350192b networkd: Geneve add support configure IP don't fragment 2019-05-10 22:45:26 +09:00
Yu Watanabe 5af7bc6f4c
Merge pull request #12480 from ssahani/proxy-arp 
network: bridge add support to configure proxy ARP/WIFI
 2019-05-10 15:30:41 +02:00
Susant Sahani 727b573418 networkd: Add support for blacklisting servers 
closes #6260

fuzzer: Add DHCP support for blacklisting servers
 2019-05-10 15:29:55 +02:00
Lennart Poettering d768467563 fuzzer: add varlink fuzzer 2019-05-09 14:14:20 -04:00
Susant Sahani 0fadb2a46f network: add support to configure proxy ARP/WIFI 2019-05-09 15:03:04 +09:00
Susant Sahani 1189c00a3c networkd: VXLAN add support to configure IP Don't fragment. 
Allow users to set the IPv4 DF bit in outgoing packets, or to inherit its
value from the IPv4 inner header. If the encapsulated protocol is IPv6 and
DF is configured to be inherited, always set it.
 2019-05-09 06:40:33 +02:00
Susant Sahani 1087623bac networkd: Add support to configure proxy ARP and proxy ARP Wifi 2019-05-09 01:44:26 +02:00
Zbigniew Jędrzejewski-Szmek d1c377da0d
Merge pull request #12489 from ssahani/vxlan 
networkd: VXLAN rename Id to VNI
 2019-05-08 12:02:54 +02:00
Susant Sahani 61b824c561 networkd: bridge fdb add support to configure VXLAN VNI 2019-05-08 03:43:43 +02:00
Zbigniew Jędrzejewski-Szmek 29e19a6f19 fuzz: fix spelling of MACsec and MACAddress in the corpus 2019-05-08 06:53:07 +05:30
Susant Sahani 4cc0fd7531 networkd: VXLAN add support to configure Generic Protocol Extension 
See https://tools.ietf.org/html/draft-ietf-nvo3-vxlan-gpe-07
 2019-05-08 06:52:42 +05:30
Zbigniew Jędrzejewski-Szmek 9175aabfb6
Merge pull request #12481 from ssahani/dhcp-max-retry 
networkd: Allow DHCP4 client to set the number to attempt to configure/reconfigure
 2019-05-07 19:58:40 +02:00
Susant Sahani 6f213e4a34 networkd: VXLAN rename Id to VNI 
It makes more sense to call VXLAN ID as

1. the VXLAN Network Identifier (VNI) (or VXLAN Segment ID)
2. test-network: rename VXLAN Id to VNI
3. fuzzer: Add VXLAN VNI directive to fuzzer
 2019-05-07 20:52:11 +05:30
Susant Sahani 715cedfbf0 networkd: Allow DHCP4 client to set the number to attempt to reconfigure. 
Otherwise current value is 6 and after 6 it will give up.
 2019-05-07 17:12:04 +02:00
Yu Watanabe 1c30b174ed network: rename WireGuard.FwMark -> FirewallMark 
For the consistency with FirewallMark= in [RoutingPolicyRule] section.
 2019-05-04 17:20:23 +02:00
Susant Sahani c2c2793f39 networkd: Add support to configure destination address for bridge FDB 
Closes #5145.

Example conf:
```
[Match]
Name=vxlan1309

[BridgeFDB]
MACAddress=00:00:00:00:00:00
Destination=10.0.0.2

[BridgeFDB]
MACAddress=00:00:00:00:00:00
Destination=10.0.0.4

[BridgeFDB]
MACAddress=00:00:00:00:00:00
Destination=10.0.0.5
```
 2019-05-03 06:11:52 +02:00
Jan Klötzke dc653bf487 service: handle abort stops with dedicated timeout 
When shooting down a service with SIGABRT the user might want to have a
much longer stop timeout than on regular stops/shutdowns. Especially in
the face of short stop timeouts the time might not be sufficient to
write huge core dumps before the service is killed.

This commit adds a dedicated (Default)TimeoutAbortSec= timer that is
used when stopping a service via SIGABRT. In all other cases the
existing TimeoutStopSec= is used. The timer value is unset by default
to skip the special handling and use TimeoutStopSec= for state
'stop-watchdog' to keep the old behaviour.

If the service is in state 'stop-watchdog' and the service should be
stopped explicitly we still go to 'stop-sigterm' and re-apply the usual
TimeoutStopSec= timeout.
 2019-04-12 17:32:52 +02:00
Yu Watanabe b0e13c3122 network: add MACsecTransmitAssociation.UseForEncoding= setting 2019-04-12 10:12:42 +09:00
Yu Watanabe a7b9c52f1f network: add MACsec*Association.Activate= setting 2019-04-12 10:12:42 +09:00
Yu Watanabe eb4705fb36 network: add MACsec*Association.KeyFile= setting 2019-04-12 10:12:42 +09:00
Susant Sahani 81962db798 network: Introduce MACsec 
Media Access Control Security (MACsec) is an 802.1AE IEEE
industry-standard security technology that provides secure
communication for all traffic on Ethernet links.
MACsec provides point-to-point security on Ethernet links between
directly connected nodes and is capable of identifying and preventing
most security threats, including denial of service, intrusion,
man-in-the-middle, masquerading, passive wiretapping, and playback attacks.

Closes #5754
 2019-04-12 10:12:41 +09:00
Zbigniew Jędrzejewski-Szmek f0ae945ecc bus-message: validate signature in gvariant messages 
We would accept a message with 40k signature and spend a lot of time iterating
over the nested arrays. Let's just reject it early, as we do for !gvariant
messages.
 2019-04-11 14:01:38 +02:00
Yu Watanabe 86a3d44de5 network: fix use-of-uninitialized-value or null dereference 
This fixes a bug introduced by 6ef5c881dd.

Fixes oss-fuzz#14157 and oss-fuzz#14158.
 2019-04-10 18:18:11 +09:00
Zbigniew Jędrzejewski-Szmek 52efbd8f0e
Merge pull request #12223 from yuwata/network-wireguard-preshared-key-file 
network: add PresharedKeyFile= setting and make reading key file failure fatal
 2019-04-09 10:52:52 +02:00
Yu Watanabe a3945c6361 network: add WireGuardPeer.PresharedKeyFile= setting 2019-04-09 15:50:22 +09:00
Yu Watanabe daa4aca1cb calendarspec: fix possible integer overflow 
Fixes oss-fuzz#14108.
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14108
 2019-04-08 00:50:07 +09:00
Lennart Poettering f69567cbe2 core: expose SUID/SGID restriction as new unit setting RestrictSUIDSGID= 2019-04-02 16:56:48 +02:00
Yu Watanabe 4d6cd572a7 fuzz: add testcases for the bug in condition_free_list_type() 2019-03-24 00:35:39 +09:00
Zbigniew Jędrzejewski-Szmek b2645747b7 nspawn-oci: fix double free 
Also rename function to make it clear that it also frees the array
object itself.
 2019-03-22 17:39:12 +01:00
Zbigniew Jędrzejewski-Szmek b1f13b0e75 nspawn-oci: mount source is optional 2019-03-22 12:04:32 +01:00
Zbigniew Jędrzejewski-Szmek 9ddd62cda1 fuzz-nspawn-oci: add fuzzer for the oci bundle loader 2019-03-22 11:09:52 +01:00
Yu Watanabe c7a67ba5eb fuzz: add testcase for oss-fuzz#13691 2019-03-15 23:54:30 +09:00
Yu Watanabe 5ba40bb2cc fuzz: add a testcase for oss-fuzz#13719 2019-03-15 23:47:41 +09:00
Susant Sahani 3a56e697c8 networkd: Introduce l2tp tunnel 
This works allows networkd to configure l2tp tunnel.
See http://man7.org/linux/man-pages/man8/ip-l2tp.8.html
 2019-03-14 10:57:41 +09:00
Tobias Jungel 7f15b71460 networkd: Add bridge port capabilities 
This PR adds the configuration switches for multicast flooding, neighbor
suppression and learning of a bridge port.
 2019-03-13 16:27:22 +01:00
Yu Watanabe 76df77794a wireguard: add PrivateKeyFile= option 
Closes #11878.
 2019-03-13 12:02:03 +09:00
Davide Cavalca 1485aacb16 meson: scope more git invocations with current_source_dir() 2019-03-12 15:01:47 +01:00
Lennart Poettering 35d3a35e56
Merge pull request #11960 from mrc0mmand/more-fuzzers 
fuzz: introduce more fuzzers
 2019-03-11 18:04:22 +01:00
Clemens Gruber c423be28a0 network: introduce TripleSampling= option in CAN section 
When enabled, three samples are used to determine the value of a
received bit by majority rule.

This patch adds support for the TripleSampling= option in the [CAN]
section of .network files.
 2019-03-11 17:15:47 +01:00
Frantisek Sumsal ea1cdaf262 fuzz: add a memleak reproducer for fuzz-nspawn-settings 2019-03-11 14:13:09 +01:00
Frantisek Sumsal b5b499b32c fuzz: add nspawn-settings fuzzer 2019-03-11 14:13:00 +01:00
Frantisek Sumsal 18d51b4509 fuzz: add env-file fuzzer 2019-03-11 14:11:28 +01:00
Zbigniew Jędrzejewski-Szmek f27abfccd0 fuzz-dns-packet: add test case with lots of labels 
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13422
 2019-03-04 15:53:37 +01:00
Yu Watanabe 9cb8c55934 network: rename GatewayOnlink= to GatewayOnLink= 
But still GatewayOnlink= is supported for backward compatibility.
 2019-02-28 10:00:22 +09:00
Zbigniew Jędrzejewski-Szmek c448459d56 networkd: refuse more than 128 NTP servers 
This test case is a bit silly, but it shows that our code is unprepared to
handle so many network servers, with quadratic complexity in various places.
I don't think there are any valid reasons to have hundres of NTP servers
configured, so let's just emit a warning and cut the list short.

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13354
 2019-02-27 14:52:33 +01:00
Zbigniew Jędrzejewski-Szmek 83ec459276 networkd: fix memleak when the same NetDev is specified twice 
hashmap_put() returns 0 if the (key, value) pair is already present in the
hashmap, and -EEXIST if the key exists, but the value is different.

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13433
 2019-02-27 14:31:28 +01:00
Lennart Poettering f3892edd5e
Merge pull request #11824 from keszybz/fuzzer-fixes 
Fuzzer fixes
 2019-02-26 19:02:12 +01:00
Lennart Poettering 8c28360a21
Merge pull request #11823 from keszybz/more-fuzz-coverage 
More fuzz coverage
 2019-02-26 17:21:32 +01:00
Zbigniew Jędrzejewski-Szmek 92e068b465 basic/utf8: do not read past end of string when looking for a multi-byte character 
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9341.
 2019-02-26 12:37:40 +01:00
Yu Watanabe 10f6188b67 fuzz: add a sample for fuzz-udev-database 2019-02-26 13:28:30 +09:00
Zbigniew Jędrzejewski-Szmek 4c4589227e fuzz-unit-file: add some directives for stuff coverage reports as not covered 
Some of those directives appear in the corpus, but without arguments, so maybe
the fuzzing libraries can't trigger the right cases. Let's help them.
 2019-02-25 15:46:23 +01:00
Yu Watanabe eac31d708f fuzz: add directives.link and 99-default.link for fuzz-link-parser 
Also adds several reproducers of errors fixed in earlier commits.
 2019-02-25 12:40:42 +09:00
Zbigniew Jędrzejewski-Szmek 95b2903bde tests: shorten the fuzz test case 
The test was failing in Ubuntu CI with a 30s timeout. It makes
sense to keep the file so exercise the set allocation logic, but
we can make it shorter.
 2019-02-21 12:30:13 +01:00
Zbigniew Jędrzejewski-Szmek 5e2a51d588 networkd: use OrderedSets instead of strvs to store lists of domains 
We were already using OrderedSets in the manager object, but strvs in the
configuration parsing code. Using sets gives us better scaling when many
domains are used.

In oss-fuzz #13059 the attached reproducer takes approximately 30.5 s to be
parsed. Converting to sets makes this go down to 10s. This is not _vastly_
faster, but using sets seems like a nicer approach anyway. In particular, we
avoid the quadratic de-unification operation after each addition.
 2019-02-21 12:04:27 +01:00
Zbigniew Jędrzejewski-Szmek ea53cfd195 shared/calendarspec: do not allocate a big string on stack 
The string can be as long as a logical line in a unit file — so no unlimited,
but quite big. Let's use a normal heap allocation when making a copy.

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13125
 2019-02-16 23:31:07 +01:00
Lennart Poettering 84e4b0b893
Merge pull request #11716 from ssahani/drop-autoconf-address 
networkd: ipv6ra allow to ignore addresses
 2019-02-15 12:17:46 +01:00
Lennart Poettering 19df3047f3
Merge pull request #9262 from ssahani/ignore-carrier-9111 
networkd: allow to retain configs even if carrier is lost
 2019-02-15 11:35:43 +01:00
Susant Sahani 24433ffa6d Add to fuzzer 2019-02-14 21:10:59 +05:30
Yu Watanabe be18d18bd8 test: add testcase for oss-fuzz#12980 2019-02-13 04:16:30 +09:00
Susant Sahani 93b4dab57e networkd: Allow to retain configs even if carrier is lost 
When there is bad link in the network the carrier goes up/down.
This makes networkd stops all the clients and drop config.
But if the remote router/dhcpserver running a prevention
of DHCP Starvation attack or DHCP Flood attack it does not allow
networkd to take a DHCP lease resulting failure in configuration.
This patch allows to keep the client running and keep the conf
also for this scenario.

Closes #9111
 2019-02-06 13:35:11 +01:00
Lennart Poettering 7ece6f5897 networkd: permit DNS "DefaultRoute" configuration in .network files 2018-12-21 12:10:07 +01:00
Susant Sahani fde60a424e netdev bond: add support to configure tlb_dynamic_lb 
Closes https://github.com/systemd/systemd/issues/11135

Add test for bond : tlb_dynamic_lb
 2018-12-15 18:15:16 +05:30
Lennart Poettering 8f3fd07ac0
Merge pull request #11105 from keszybz/path-parsing 
Some tightening of our path parsing code
 2018-12-10 15:50:08 +01:00
Zbigniew Jędrzejewski-Szmek a5dfc36ce6 fuzz-unit-file: add one more test case 
There seems to be no error per se. RequiresMountsFor=%s%s%s..%s%s%s is expanded to
RequiresMountsFor=/bin/zsh/bin/zsh/bin/zsh/bin/zsh/..., which takes a bit of time,
and then we iterate over this a few times, creating a hashmap with a hashmap
for each prefix of the path, each with one item pointing back to the original unit.
Takes about 0.8 s on my machine.
 2018-12-10 11:57:26 +01:00
William A. Kennington III e4a71bf36f networkd: Static neighbor support 
When using networkd we currently have no way of ensuring that static
neighbor entries are set when our link comes up. This change adds a new
section to the network definition that allows multiple static neighbors
to be set on a link.
 2018-12-09 16:56:37 -08:00
Yu Watanabe 801503d22b
Merge pull request #10988 from ssahani/IFLA_BRPORT_MCAST_TO_UCAST 
networkd: bridge add support to configure multicast_to_unicast
 2018-12-06 14:32:52 +01:00
Susant Sahani 8b220643b1 networkd: RPDB rule - add support to configure inverted rule. 
Closes #10706
 2018-12-06 10:42:36 +05:30
Yu Watanabe 253de60634
Merge pull request #11021 from ssahani/isatap 
networkd: Add support to configure ISATAP tunnel
 2018-12-05 23:13:17 +01:00
Susant Sahani d3aa8b49e5 networkd: bridge add support to configure multicast_to_unicast 
closes #10649
 2018-12-03 23:49:46 +05:30
Susant Sahani 918049ad53 networkd: Add support to configure ISATAP tunnel 
Let's just reuse the code of sit tunnel to create a ISATAP tunnel.
Matter of turning a flag

Please see https://elixir.bootlin.com/linux/v4.19.6/source/net/ipv6/sit.c#L208
 2018-12-03 09:15:24 +05:30
Yu Watanabe 97f9df9e30 network: rename Protocol= in [RoutingPolicyRule] to IPProtocol= 2018-12-02 06:13:47 +01:00
Evgeny Vereshchagin c90c39ff7b catalog: reject entries where the language is too short early 
Closes https://oss-fuzz.com/testcase-detail/5674475278827520
 2018-11-29 13:41:40 +09:00
Susant Sahani 926062f083 networkd: add support to configure ip rule port range and protocol. 
Please see:

iprule: support for ip_proto, sport and dport match options
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=f686f764682745daf6a93b0a6330ba42a961f858

Closes 10622
 2018-11-28 20:06:28 +05:30
Evgeny Vereshchagin 5260482d4c tests: update test/fuzz/fuzz-netdev-parser/directives.netdev 
This is a follow-up to 2266864b04.
 2018-11-28 05:19:12 +01:00
Evgeny Vereshchagin 2e646cbed8 tests: add a fuzzer for the udev rules parser (#10929) 2018-11-26 18:14:30 +09:00
Evgeny Vereshchagin a4aa59bae2 tests: add a fuzzer for server_process_native_file 2018-11-23 17:29:59 +01:00
Evgeny Vereshchagin 4928e8adba tests: add a fuzzer for catalog_import_file 2018-11-22 21:02:34 +01:00
Evgeny Vereshchagin 9541f5ff5c tests: add a fuzzer for journald streams 2018-11-20 03:03:32 +01:00
Evgeny Vereshchagin 1dab14aba7 journald: check whether sscanf has changed the value corresponding to %n 
It's possible for sscanf to receive strings containing all three fields
and not matching the template at the same time. When this happens the
value of k doesn't change, which basically means that process_audit_string
tries to access memory randomly. Sometimes it works and sometimes it doesn't :-)

See also https://bugzilla.redhat.com/show_bug.cgi?id=1059314.
 2018-11-17 11:25:19 +01:00
Evgeny Vereshchagin 090a20cfaf tests: add a fuzzer for process_audit_string 2018-11-16 23:14:31 +01:00
Lennart Poettering 143fadf369 core: remove JoinControllers= configuration setting 
This removes the ability to configure which cgroup controllers to mount
together. Instead, we'll now hardcode that "cpu" and "cpuacct" are
mounted together as well as "net_cls" and "net_prio".

The concept of mounting controllers together has no future as it does
not exist to cgroupsv2. Moreover, the current logic is systematically
broken, as revealed by the discussions in #10507. Also, we surveyed Red
Hat customers and couldn't find a single user of the concept (which
isn't particularly surprising, as it is broken...)

This reduced the (already way too complex) cgroup handling for us, since
we now know whenever we make a change to a cgroup for one controller to
which other controllers it applies.
 2018-11-16 14:54:13 +01:00
Evgeny Vereshchagin f7a6b40187 tests: add a reproducer for a heap-buffer-overflow fixed in 937b117137 2018-11-16 08:45:16 +01:00
Evgeny Vereshchagin 1dd485b700 tests: add a reproducer for a memory leak fixed in 30eddcd51b in August 2018-11-16 08:45:16 +01:00
Evgeny Vereshchagin 8857fb9beb tests: add a fuzzer for dev_kmsg_record 2018-11-16 08:44:35 +01:00
Lennart Poettering 8a26dae88f
Merge pull request #10736 from yuwata/coredump-comment 
fuzz: fix oss-fuzz#8658
 2018-11-12 11:42:16 +01:00
Lennart Poettering bdc0bcf014
Merge pull request #10731 from yuwata/fix-oss-fuzz-11344 
Fixes oss-fuzz#11344
 2018-11-12 10:23:23 +01:00
Yu Watanabe 9544a1ceb0 fuzz: add testcase of oss-fuzz#8658 2018-11-12 18:10:24 +09:00
Yu Watanabe bf877a54c7
Merge pull request #10669 from danderson/networkd-6rd 
networkd: add 6rd support for sit netdevs
 2018-11-12 15:55:03 +09:00
Yu Watanabe 34d178bbac fuzz: add testcase of oss-fuzz#10734 2018-11-12 02:04:35 +09:00
Yu Watanabe 89c7e7aa97 fuzz: add testcase of already fixed issue 10908 2018-11-12 01:17:45 +09:00
Yu Watanabe c1b4a2b03a fuzz: add testcase of oss-fuzz#11344 2018-11-12 00:36:48 +09:00
Yu Watanabe e2e6148619 fuzz: add testcase of oss-fuzz#11345 2018-11-11 12:03:52 +09:00
Yu Watanabe 3ee0942908 fuzz: add testcase for oss-fuzz#11324 2018-11-10 15:53:32 +09:00
David Anderson 6e42bd5504 Add 6rd directive to the netdev fuzzing corpus. 2018-11-09 17:56:33 -08:00
Yu Watanabe 872faf59c0 fuzz: add testcases of recent issues 2018-11-09 11:45:43 +09:00
Yu Watanabe d571998498 fuzz: add a testcase for oss-fuzz#11285 2018-11-08 12:31:02 +09:00
Yu Watanabe 9f7d3db3ed fuzz: add more testcases of already fixed issue about multiple netdev kind 
This adds testcases of oss-fuzz#11286, oss-fuzz#11287, oss-fuzz#11296,
oss-fuzz#11297, and oss-fuzz#11299.

The issue was fixed by 62facba19a.
 2018-11-08 12:16:13 +09:00
Yu Watanabe 348784e62a fuzz: add testcases for oss-fuzz#11279 and #11280 2018-11-07 17:24:41 +09:00
Evgeny Vereshchagin 220fa139de tests: add a couple of files containing all the sections and directives 
This should help the fuzzers to discover code paths faster.

In case anyone is interested, they were generated with the following script
```
perl -aF'/[\s,]+/' -ne '
if (my ($s, $d) = ($F[0] =~ /^([^\s\.]+)\.([^\s\.]+)$/)) { $d{$s}{$d} = 1; }
END { while (my ($key, $value) = each %d) {
    printf "[%s]\n%s\n", $key, join("\n", keys(%$value))
}}'
```
by passing src/network/networkd-network-gperf.gperf and
src/network/netdev/netdev-gperf.gperf to it.
 2018-11-06 19:42:29 +01:00