for planned nft backend we have three choices:
- open/close a new nfnetlink socket for every operation
- keep a nfnetlink socket open internally
- expose a opaque fw_ctx and stash all internal data here.
Originally I opted for the 2nd option, but during review it was
suggested to avoid static storage duration because of perceived
problems with threaded applications.
This adds fw_ctx and new/free functions, then converts the existing api
and nspawn and networkd to use it.
This partially reverts fe841414ef and
2a236f9fc0.
For IPv4, kernel compares the local address, prefix, and prefixlen.
For IPv6, kernel compares only the local address.
Let's follow the kernel's comparison way.
Fixes#17831.
Similar to the previous commit. All callers pass NULL. This will
ease initial nftables backend implementation (less features to cover).
Add the function parameters as local variables and let compiler
remove branches. Followup patch can remove the if (NULL) conditionals.
This passes the legacy ethernet address to functions in a lot of places,
which all will need migrated to handle arbitrary size hardware addresses
eventually.
The link state file is always removed when networkd is stopping. So,
the deserialization logic does not work. Moreover, the ADDRESSES=
entry is not used by sd-network, so serialization is also not necessary.
Previously, the address was taken from the state file, but DHCP4_ADDRESS=
entry was dropped by 46986251d6.
Moreover, the link state file is always removed when networkd is
stopping. Let's take the address from the list of enumerated addresses.
This should not change any behavior, as currently link_free_engines() is
always called after all addresses are dropped. But the function may be
used in other places in the future. So, let's also stop the clients.
When peer address is set, address_compare_func() (or address_equal())
does not work in link_is_static_address_configured(), as an Address object
stored in a Link does not contain peer addresses. So, we need to also
compare with in_addr element for IPv4 case.
Fixes#17304.
Previously, address_establish() took Address object stored in Network
object. And address_release() took Address object stored in Link
object. Thus, address_release() always did nothing.
When the MAC address of a link is updated, an address on the link may
be under checking address duplication. Or, (currently such code is not
implemented yet, but) address duplication check may be restarted later.
For that case, the IPv4 ACD clients must use the new updated MAC address.
Previously, IPv4 DAD is configured in each Address object stored in
Network object. If a .network file matches multipe links, then it causes
an assertion. To prevent it, now IPv4 DAD is configured in each Address
object belogs to Link object.
Florian Westphal