Lennart Poettering
b51629ad84
Merge pull request #12222 from yuwata/macsec
...
network: introduce MACsec
2019-04-12 13:59:30 +02:00
Zbigniew Jędrzejewski-Szmek
41f6e627d7
Make fopen_temporary and fopen_temporary_label unlocked
...
This is partially a refactoring, but also makes many more places use
unlocked operations implicitly, i.e. all users of fopen_temporary().
AFAICT, the uses are always for short-lived files which are not shared
externally, and are just used within the same context. Locking is not
necessary.
2019-04-12 11:44:56 +02:00
Yu Watanabe
e57319dd54
network: re-indent gperf files
2019-04-12 10:12:42 +09:00
Yu Watanabe
70c5754761
network: warn when private key is stored in world readable files
2019-04-12 10:12:42 +09:00
Yu Watanabe
b0e13c3122
network: add MACsecTransmitAssociation.UseForEncoding= setting
2019-04-12 10:12:42 +09:00
Yu Watanabe
a7b9c52f1f
network: add MACsec*Association.Activate= setting
2019-04-12 10:12:42 +09:00
Yu Watanabe
eb4705fb36
network: add MACsec*Association.KeyFile= setting
2019-04-12 10:12:42 +09:00
Yu Watanabe
e482018672
network: explicitly clear security key for macsec
2019-04-12 10:12:42 +09:00
Yu Watanabe
e0fde24c97
network: support multiple security associations for macsec channels
2019-04-12 10:12:42 +09:00
Susant Sahani
81962db798
network: Introduce MACsec
...
Media Access Control Security (MACsec) is an 802.1AE IEEE
industry-standard security technology that provides secure
communication for all traffic on Ethernet links.
MACsec provides point-to-point security on Ethernet links between
directly connected nodes and is capable of identifying and preventing
most security threats, including denial of service, intrusion,
man-in-the-middle, masquerading, passive wiretapping, and playback attacks.
Closes #5754
2019-04-12 10:12:41 +09:00
Yu Watanabe
01234e1fe7
tree-wide: drop several missing_*.h and import relevant headers from kernel-5.0
2019-04-11 19:00:37 +02:00
Yu Watanabe
86a3d44de5
network: fix use-of-uninitialized-value or null dereference
...
This fixes a bug introduced by 6ef5c881dd
.
Fixes oss-fuzz#14157 and oss-fuzz#14158.
2019-04-10 18:18:11 +09:00
Yu Watanabe
2b942a926c
network: make wireguard_decode_key_and_warn() take uint8_t buf[static WG_KEY_LEN]
2019-04-09 15:50:23 +09:00
Yu Watanabe
26f86d500e
network: warn when wireguard keys are stored in world readable files
2019-04-09 15:50:22 +09:00
Yu Watanabe
a3945c6361
network: add WireGuardPeer.PresharedKeyFile= setting
2019-04-09 15:50:22 +09:00
Yu Watanabe
6ef5c881dd
network: clear wireguard keys on failure or on exit
2019-04-09 15:50:22 +09:00
Yu Watanabe
cb31e7c861
network: make reading PrivateKeyFile= failure always fatal
...
This also refactor wireguard_read_key_file().
2019-04-09 15:50:22 +09:00
Yu Watanabe
03fec54396
network: re-indent conf parsers in wireguard.c
2019-04-08 00:52:34 +09:00
Yu Watanabe
dd09a9ec0f
Merge pull request #12160 from yuwata/wait-online-allow-configuring
...
wait-online: add --any option
2019-04-02 06:10:36 +09:00
Yu Watanabe
2f9859baa8
wait-online: add --any option
...
When this option is specified, wait-online exits with success even
when several interfaces are in configuring state.
Closes #9714 .
2019-04-02 03:37:50 +09:00
Yu Watanabe
7df5c6ba90
network: make FooOverUDP.Protocol= support name of ipproto
2019-04-02 03:29:41 +09:00
Yu Watanabe
881c74bd64
network: use asynchronous call for creating FOU tunnels
...
Otherwise, multiple FOU tunnels cannot be created correctly.
2019-04-02 03:08:49 +09:00
Yu Watanabe
3abf950fdb
network: do not ignore FooOverUDP.Encapsulation= setting
...
Previously the setting is ignored and always FOU_ENCAP_GUE is sent.
2019-04-02 03:07:42 +09:00
Yu Watanabe
a27a0ad641
network: merge ipip_init() and sit_init()
2019-04-02 03:07:08 +09:00
Yu Watanabe
4799d932b5
network: add FooOverUDP support for SIT and GRE tunnels
2019-04-02 03:07:08 +09:00
Yu Watanabe
c6e77d7b22
network: add '=' to config key names in log
...
Also, long lines are wrapped.
2019-04-01 10:30:31 +09:00
Yu Watanabe
b519908cac
network: do not abort execution when NetDev.Name= conflicts
...
This also changes that .netdev files are loaded in ascending order.
Otherwise, when NetDev.ifname= setting conflicts with other .netdev file,
then .netdev file with large prefix number wins.
2019-04-01 10:30:31 +09:00
Yu Watanabe
a8b9a65c50
network: make GRE and GRETAP support Key=, InputKey=, OutputKey=, and SerializeTunneledPackets=
...
This also merge netdev_gre_fill_message_create() and netdev_erspan_fill_message_create().
2019-03-30 21:16:03 +09:00
Yu Watanabe
9282f75bf4
network: make erspan netdev can be specified in Network.Tunnel=
2019-03-30 03:52:25 +09:00
Yu Watanabe
1a9bc3d8f6
network: do not continue when appending data to netlink message fails
2019-03-30 03:52:21 +09:00
Jörg Thalheim
7232c1f9da
wireguard: fix exponential backoff when resolving hosts
...
It should stop at 25s, not start.
Fixes #12134
2019-03-28 20:00:19 +01:00
Zbigniew Jędrzejewski-Szmek
10c353e1c5
Remove variable only used for an assert
...
When compiled with -DNDEBUG, we get warnings about set-but-unused variables.
In general, it's not something we care about, but since removing those
variables arguably makes the code nicer, let's just to it in this case.
2019-03-28 09:03:06 +01:00
Lennart Poettering
6990fb6bc6
tree-wide: (void)ify a few unlink() and rmdir()
...
Let's be helpful to static analyzers which care about whether we
knowingly ignore return values. We do in these cases, since they are
usually part of error paths.
2019-03-27 18:09:56 +01:00
Zbigniew Jędrzejewski-Szmek
ca78ad1de9
headers: remove unneeded includes from util.h
...
This means we need to include many more headers in various files that simply
included util.h before, but it seems cleaner to do it this way.
2019-03-27 11:53:12 +01:00
Lennart Poettering
b82f71c7ff
tree-wide: constify a few static string tables
2019-03-25 14:04:34 +01:00
Yu Watanabe
1beabe08d6
network,udev: explicitly declare 'conditions' is a list
2019-03-24 00:35:39 +09:00
Evgeny Vereshchagin
53294d9496
network: add missing nulstr terminator
...
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13821
2019-03-22 13:25:42 +01:00
Yu Watanabe
3f4c9bc04c
Merge pull request #12066 from yuwata/fix-network-tunnel-12041
...
network: fix netdev_tunnel_verify()
2019-03-22 05:57:38 +09:00
Yu Watanabe
bb9683e096
network: fix netdev_tunnel_verify()
...
Fixes #12041 .
2019-03-22 01:47:38 +09:00
Yu Watanabe
c4f58deab5
network,udev: split static condition tests from net_match_config()
2019-03-21 23:37:39 +09:00
Lennart Poettering
d449d63a0d
Merge pull request #11975 from keszybz/fuzzer-fixes-n
...
Fixes for a few fuzzer issues
2019-03-15 17:34:37 +01:00
Yu Watanabe
50969cff60
network: clear previous assignment
...
Prompted by oss-fuzz#13719.
2019-03-16 00:12:25 +09:00
Yu Watanabe
5f07d640ca
network: clear previous assignment
...
Fixes oss-fuzz#13719.
2019-03-15 23:44:51 +09:00
Yu Watanabe
3a27af62b5
network: wait for L2TP tunnel to be created before creating sessions
...
And if failed to create L2TP tunnel, then do not try to create sessions.
2019-03-14 10:57:41 +09:00
Yu Watanabe
d053d08a37
network: automatically pick an address on link when L2TP.Local= is not specified
...
This makes L2TP.Local= support an empty string, 'auto', 'static', and
'dynamic'. When one of the values are specified, a local address is
automatically picked from the local interface of the tunnel.
2019-03-14 10:57:41 +09:00
Susant Sahani
3a56e697c8
networkd: Introduce l2tp tunnel
...
This works allows networkd to configure l2tp tunnel.
See http://man7.org/linux/man-pages/man8/ip-l2tp.8.html
2019-03-14 10:57:41 +09:00
Yu Watanabe
7033af49df
network: introduce new netdev create type NETDEV_CREATE_AFTER_CONFIGURED
...
It will be used to support L2TP tunnel in later commits.
2019-03-14 10:57:41 +09:00
Yu Watanabe
859e9c0487
network: introduce netdev_get_create_type() helper function
2019-03-14 10:57:41 +09:00
Yu Watanabe
2b6db913e2
network: do not call link_joined() when not all netdevs are configured
...
If some of stacked netdevs are already configured, then link_joined()
is called before netdevs are fully configured.
2019-03-14 10:57:41 +09:00
Zbigniew Jędrzejewski-Szmek
a3b1790c1a
Merge pull request #11986 from poettering/util-split
...
some splitting up of util.[ch]
2019-03-13 17:02:14 +01:00