Merge write_string_file(), write_string_file_no_create() and
write_string_file_atomic() into write_string_file() and provide a flags mask
that allows combinations of atomic writing, newline appending and automatic
file creation. Change all users accordingly.
- Make sure that the IPv6PrivacyExtensions=yes results in
prefer-temporary, not prefer-public.
- Introduce special enum value "kernel" to leave setting unset, similar
how we have it for the IP forwarding settings.
- Bring the enum values in sync with the the strings we parse for them,
to the level this makes sense (specifically, rename "disabled" to
"no", and "prefer-temporary" to "yes").
- Make sure we really set the value to to "no" by default, the way it is
already documented in the man page.
- Fix whitespace error.
- Make sure link_ipv6_privacy_extensions() actually returns the correct
enum type, rather than implicitly casting it to "bool".
- properly size formatting buffer for ipv6 sysctl value
- Don't complain if /proc/sys isn't writable
- Document that the enum follows the kernel's own values (0 = off, 1 =
prefer-public, 2 = prefer-temporary)
- Drop redundant negating of error code passed to log_syntax()
- Manpage fixes
This fixes a number of issues from PR #417
1) never bother with setting the flag for loopback devices
2) if we fail to write the flag due to EROFS (which is likely to happen
in containers where /proc/sys is read-only) or any other error, check
if the flag already has the right value. If so, don't complain.
Closes#469
This patch add support for ipv6 privacy extensions.
The variable /proc/sys/net/ipv6/conf/<if>/use_tempaddr
can be changed via the boolean
IPv6PrivacyExtensions=[yes/no/prefer-temporary]
When true enables privacy extensions, but prefer public addresses over
temporary addresses.
prefer-temporary prefers temporary adresses over public addresses.
Defaults to false.
[Match]
Name=enp0s25
[Network]
IPv6PrivacyExtensions=prefer-temporary
If a link is attempted t obe enslaved by a netdev that has already failed, we
must fail immediately and not save the callback for later, as it will then
never get triggered.
In 5a8bcb674f, IPForwarding was introduced
to set forwarding flags on interfaces in .network files. networkd sets
forwarding options regardless of the previous setting, even if it was
set by e.g. sysctl. This commit creates a new option for IPForwarding,
"kernel", that preserves the sysctl settings rather than always setting
them.
See https://bugs.freedesktop.org/show_bug.cgi?id=89509 for the initial
bug report.
In 5a8bcb674f, IPForwarding was introduced
to set forwarding flags on interfaces in .network files. networkd sets
forwarding options regardless of the previous setting, even if it was
set by e.g. sysctl. This commit creates a new option for IPForwarding,
"kernel", that preserves the sysctl settings rather than always setting
them.
See https://bugs.freedesktop.org/show_bug.cgi?id=89509 for the initial
bug report.
This reverts commit 43c6d5abac
(and a small part of 4046d8361c)
It turns out we don't actually need to set the global ip_forward setting.
The only relevant setting is the one on each interface.
What the global toggle actually does is switch forwarding on/off for all
currently present interfaces and change the default for new ones.
That means that by setting the global ip_forward we
- Introduce a race condition, because if the interface with IPForward=yes
is brought up after one with IPForward=no, both will have forwarding
enabled, because the global switch turns it on for all interfaces.
If the other interface comes up first networkd correctly sets forward=0
and it doesn't get overridden.
- Change the forwarding setting for interfaces that networkd is not
configured to touch, even if the user disabled forwarding via sysctl,
either globally or per-interface
As forwarding works fine without this, as long as all relevant interfacest
individually set IPForward=yes: just drop it
This means that non-networkd interfaces use the global default while
networkd interfaces default to off if IPForward isn't given.
This changes log_unit_info() (and friends) to take a real Unit* object
insted of just a unit name as parameter. The call will now prefix all
logged messages with the unit name, thus allowing the unit name to be
dropped from the various passed romat strings, simplifying invocations
drastically, and unifying log output across messages. Also, UNIT= vs.
USER_UNIT= is now derived from the Manager object attached to the Unit
object, instead of getpid(). This has the benefit of correcting the
field for --test runs.
Also contains a couple of other logging improvements:
- Drops a couple of strerror() invocations in favour of using %m.
- Not only .mount units now warn if a symlinks exist for the mount
point already, .automount units do that too, now.
- A few invocations of log_struct() that didn't actually pass any
additional structured data have been replaced by simpler invocations
of log_unit_info() and friends.
- For structured data a new LOG_UNIT_MESSAGE() macro has been added,
that works like LOG_MESSAGE() but prefixes the message with the unit
name. Similar, there's now LOG_LINK_MESSAGE() and
LOG_NETDEV_MESSAGE().
- For structured data new LOG_UNIT_ID(), LOG_LINK_INTERFACE(),
LOG_NETDEV_INTERFACE() macros have been added that generate the
necessary per object fields. The old log_unit_struct() call has been
removed in favour of these new macros used in raw log_struct()
invocations. In addition to removing one more function call this
allows generated structured log messages that contain two object
fields, as necessary for example for network interfaces that are
joined into another network interface, and whose messages shall be
indexed by both.
- The LOG_ERRNO() macro has been removed, in favour of
log_struct_errno(). The latter has the benefit of ensuring that %m in
format strings is properly resolved to the specified error number.
- A number of logging messages have been converted to use
log_unit_info() instead of log_info()
- The client code in sysv-generator no longer #includes core code from
src/core/.
- log_unit_full_errno() has been removed, log_unit_full() instead takes
an errno now, too.
- log_unit_info(), log_link_info(), log_netdev_info() and friends, now
avoid double evaluation of their parameters
When setting IPv6 addresses acquired by DHCPv6, systemd-networkd sets
the IFA_F_NOPREFIXROUTE flag in the IFA_FLAGS netlink attribute. As
the flag and the attribute are present starting with Linux 3.14, older
kernels will need systemd-network to manage prefix route expiry.
By default, DHCPv6 addresses are first assigned setting the
IFA_F_NOPREFIXROUTE flag in the IFA_FLAGS netlink attribute. Should
the address assignment fail, the same assignment is tried without
the IFA_FLAGS attribute. Should also the second attempt fail, an error
is printed and address assignment ends with failure. As successful use
of the IFA_FLAGS netlink attribute is recorded in the Link structure,
the DHCPv6 code will know if the kernel or systemd-network fallback
code handles expiring prefixes.
The prefix expiration and IPv6 address updating fallback code is
resurrected from the parts deleted with commit
47d45d3cde.
This patch can be removed once the minimum kernel requirements are
greater than or equal to 3.14.
This should simplify the prototype a bit. The bus parameter is redundant
in most cases, and in the few where it matters it can be derived from
the message via sd_bus_message_get_bus().
This makes adds a couple of fixes:
- Introduces log_netdev_error_errno() and friends, which takes an error
number, and matches what log_link_error_errno() and friends do.
- Replaces a lof ot strerror() usage with log_netdev_error_errno(),
log_link_error_errno() and log_erro_errno()
- Uppercases the first character of many log messages, after all this is
supposed to be english language
- Drops manual negating of error codes before passing them to log
functions, the log functions all do that internally anyway.
Some other minor fixes.
Behaviour should not change really.
The IFA_F_NOPREFIXROUTE flag prevents the kernel from creating new onlink
prefixes when a DHCPv6 IPv6 address with a prefix length is set from user
space. IPv6 routing will follow the onlink status from Router Advertisment
Prefix Information options or any manually set route, which is the correct
thing to do.
As this flag has a larger value than what fits into an unsigned char, update
the flag attribute to an uint32_t and set it with an IFA_FLAGS attribute
when writing netlink messages to the kernel.
Introduce BindCarrier= to indicate the set of links that determine if
the current link should be brought UP or DOWN.
[tomegun: add a bit to commit message]
This patch removes includes that are not used. The removals were found with
include-what-you-use which checks if any of the symbols from a header is
in use.
Pass around Link objcets rather than FdbEntry objects. The link objects have an up-to-date
ifname we can use for logging. match_name sholud _never_ be used for anything except
matching. Firstly, it may be unset (usually is), and secondly it may not be up-to-date.
This allows the admin to set the host-specific part of IPv6 addresses, but still
receive the prefix via SLAAC.
.network file snippet:
[Network]
IPv6Token=::12
gives:
$ ip token
token ::12 dev eth0
This closes https://bugs.freedesktop.org/show_bug.cgi?id=81177.
This allows both IPv4 and IPv6 link-local addresses to be enabled or disabled. By default
we still enable IPv6LL and disable IPv4LL. The old config option is kept for backwards
compatibility, but removed from the documentation.
We will be woken up on rtnl or dbus activity, so let's just quit if some time has passed and that is the only thing that can happen.
Note that we will always stay around if we expect network activity (e.g. DHCP is enabled), as we are not restarted on that.
Only the very basics, more to come.
For now:
$ busctl tree org.freedesktop.network1
└─/org/freedesktop/network1
└─/org/freedesktop/network1/link
├─/org/freedesktop/network1/link/1
├─/org/freedesktop/network1/link/2
├─/org/freedesktop/network1/link/3
├─/org/freedesktop/network1/link/4
├─/org/freedesktop/network1/link/5
├─/org/freedesktop/network1/link/6
├─/org/freedesktop/network1/link/7
├─/org/freedesktop/network1/link/8
└─/org/freedesktop/network1/link/9
$ busctl introspect org.freedesktop.network1 /org/freedesktop/network1
NAME TYPE SIGNATURE RESULT/VALUE FLAGS
org.freedesktop.network1.Manager interface - - -
.OperationalState property s "carrier" emits-change
$ busctl introspect org.freedesktop.network1 /org/freedesktop/network1/link/1
NAME TYPE SIGNATURE RESULT/VALUE FLAGS
org.freedesktop.network1.Link interface - - -
.AdministrativeState property s "unmanaged" emits-change
.OperationalState property s "carrier" emits-change
If we get a NEWLINK + NEWADDR between enumerating the links and enumerating the addresses, we
would get a warning that the link corresponding to the address does not exist. This is a false
warning as both the NEWLINK and NEWADDR would be processed after enumerating completed, so drop
it.
After all it is now much more like strjoin() than strappend(). At the
same time, add support for NULL sentinels, even if they are normally not
necessary.
We would otherwise wait for the interface to be completely configured, which
could take considerable time with IPv4LL. As a result nspawn was very slow
at obtaining IP addresses.
We need to turn on /proc/sys/net/ipv4/ip_forward before the
per-interface forwarding setting is useful, hence let's propagate the
per-interface setting once to the system-wide setting.
Due to the unclear ownership rules of that flag, and the fact that
turning it on also has effects on other sysctl flags we try to minimize
changes to the flag, and only turn it on once. There's no logic to
turning it off again, but this should be fairly unproblematic as the
per-interface setting defaults to off anyway.
This introduces am AddressFamilyBoolean type that works more or less
like a booleaan, but can optionally turn on/off things for ipv4 and ipv6
independently. THis also ports the DHCP field over to it.
This adds two new settings to networkd's .network files:
IPForwarding=yes and IPMasquerade=yes. The former controls the
"forwarding" sysctl setting of the interface, thus controlling whether
IP forwarding shall be enabled on the specific interface. The latter
controls whether a firewall rule shall be installed that exposes traffic
coming from the interface as coming from the local host to all other
interfaces.
This also enables both options by default for container network
interfaces, thus making "systemd-nspawn --network-veth" have network
connectivity out of the box.
This patch add support to specify path cost of the
bridge port to be configured via conf file.
Exampe: conf
file: br.netdev
[NetDev]
Name=br-test
Kind=bridge
file: br.network
[Match]
Name=em1
[Network]
Bridge=br-test
[BridgePort]
Cost=332
bridge link
2: em1 state UP : <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master
br-test state disabled priority 32 cost 332
- Rename log_meta() → log_internal(), to follow naming scheme of most
other log functions that are usually invoked through macros, but never
directly.
- Rename log_info_object() to log_object_info(), simply because the
object should be before any other parameters, to follow OO-style
programming style.
Like Infiniband. See RFC 4390 section 2.1 for details on DHCP
and Infiniband; chaddr is zeroed, hlen is set to 0, and htype
is set to ARPHRD_INFINIBAND because IB hardware addresses
are 20 bytes in length.
systemctl would print 'CPUQuotaPerSecUSec=(null)' for no limit. This
does not look right.
Since USEC_INFINITY is one of the valid values, format_timespan()
could return NULL, and we should wrap every use of it in strna() or
similar. But most callers didn't do that, and it seems more robust to
return a string ("infinity") that makes sense most of the time, even
if in some places the result will not be grammatically correct.
sd_bus_message_get_errno can currently return either a number of
different poitive errno values (from bus-error-mapping), or a negative
EINVAL if passed null as parameter.
The check for null parameter was introduced in 40ca29a137
at the same as the function was renamed from bus_message_to_errno and
made public API. Before becoming public the function used to return
only negative values.
It is weird to have a function return both positive and negative errno
and it generally looks like a mistake. The function is guarded by the
--enable-kdbus flags so I wonder if we still have time to fix it up?
It does not have any documentation yet. However, except for a few details
it is just a convenient way to call sd_bus_error_get_errno which is documented
to return only positive errno.
This patch makes it return only positive errno and fixes up the two
calls to the function that tried to cope with both positive and negative
values.
It is redundant to store 'hash' and 'compare' function pointers in
struct Hashmap separately. The functions always comprise a pair.
Store a single pointer to struct hash_ops instead.
systemd keeps hundreds of hashmaps, so this saves a little bit of
memory.
We are only guaranteed to stay in ENSLAVING state whilst enslaving by bridges/bonds, not
when adding stacked devices (as then the underlying device can be IFF_UP'ed and configured
in parallel), so drop these asserts.
This is primarily important for the domains list, as we really should
prefer the locally configured domain over the dhcp supplied ones when we
use it as a search list.
For now this only exposes the domain name (DHCP Option 15), and not
the search string (DHCP Option 119), which will be implemented in
a follow-up patch.
This is the state when we are waiting for udev to initialize the device, and waiting for
libudev and rtnl to be in sync. In the future we probably will also be waiting for nl80211.
At this point we do not yet have enough information to know whether or not networkd should
be handling the device.
Primarily, this means we get rid of net_parse_inaddr(), and replace it
everywhere with in_addr_from_string() and in_addr_from_string_auto().
These functions do not clobber the callers arguments on failure, which
is more close to our usual coding style.
This changes the behavior when both DHCPv4 and IPv4LL are enabled. Before,
we would disable IPv4LL when we got a DHCPv4 lease and enable it if the
lease was lost.
Now we just always set up both, if both are enabled, but the DHCPv4
addresses and routes will always take precedence due to their metric
and scope.
All routes added by networkd are currently set RTPROT_BOOT, which according
to the kernel means "Route installed during boot" (rtnetlink.h). But this
is not always the case as networkd changes routing after boot too. Since
the kernel gives more detailed protocols, use them.
With this patch, user-configured static routes now use RTPROT_STATIC (which
they are) and DHCP routes use RTPROT_DHCP. There is no define for IPv4LL
yet, so those are installed as RTPROT_STATIC (though perhaps RTPROT_RA is
better?).
[tomegun: fixup
src/network/networkd-link.c:972:33: error: too few arguments to function 'route_new_dynamic']
Do not expose link_is_loopback, people should just get this from rtnl directly.
Do not expose NTP servers as IP addresses, these must be strings.
Expose ifindex as int, not unsigned. This is what the kernel (mostly) and glibc uses.
As long as the number of array entries is relatively small it's nicer to
simply return the number of entries directly, instead of using a size_t*
return parameter for it.
It appears there is no good way to decide whether or not broadcasts should be enabled,
there is hardware that must have broadcast, and there are networks that only allow
unicast. So we give up and make this configurable.
By default, unicast is used, but if the kernel were to inform us abotu certain
interfaces requiring broadcast, we could change this to opt-in by default in
those cases.
Vendor Class Identifier be used by DHCP clients to identify
their vendor type and configuration. When using this option,
vendors can define their own specific identifier values, such
as to convey a particular hardware or operating system
configuration or other identifying information.
Vendor-specified DHCP options—features that let administrators assign
separate options to clients with similar configuration requirements.
For example, if DHCP-aware clients for example we want to separate
different gateway and option for different set of people
(dev/test/hr/finance) in a org or devices for example web/database
servers or let's say in a embedded device etc and require a different
default gateway or DNS server than the rest of clients.
When doing a NEWADDR, the reply we get back is the NEWADDR itself, rather
than just an empty ack (unlike how NEWLINK works). For this reason, the
process that did the NEWADDR does not get the broadcast message.
We were only listening for broadcast messages, and hence not tracking the
addresses we added ourselves. This went unnoticed as the kernel will usually
send NEWADDR messages from time to time anyway, so things would mostly work,
but in the worst case we would not notice that a routable address was available
and consider ourselves offline.
Send hostname (option 12) in DISCOVER and REQUEST messages so the
DHCP server could use it to register with dynamic DNS and such.
To opt-out of this behaviour set SendHostname to false in [DHCP]
section of .network file
[tomegun: rebased, made sure a failing set_hostname is a noop and moved
config from DHCPv4 to DHCP]
We failed to take a ref when waiting for udev synchronization. Fix that and also
make unreffing in callbacks simpler throughout by using _cleanup_ macros.
Fixes <https://bugs.freedesktop.org/show_bug.cgi?id=80556>.
The logic otherwise is that we leave anything preconfigured alone, but in the case of DHCP
we actually need to update it whenever the lease is renewed.
This adds support for DHCP options 33 and 121: Static Route and
Classless Static Route. To enable this feature, set UseRoutes=true
in .network file. Returned routes are added to the routing table.
If there are v4 or v6 specific options we can keep those in separate sections,
but for the common options, we will use only one.
Moreovere only use DHCP=[yes/both|no/none|v4|v6] to enable or disable the clients.
When an address is configured to be all zeroes, networkd will now
automatically find a locally unused network of the right size from a
list of pre-configured pools. Currently those pools are 10.0.0.0/8,
172.16.0.0/12, 192.168.0.0/16 and fc00::/7, i.e. the network ranges for
private networks. They are compiled in, but should be configurable
eventually.
This allows applying the same configuration to a large number of
interfaces with each time a different IP range block, and management of
these IP ranges is fully automatic.
When allocating an address range from the pool it is made sure the range
is not used otherwise.
We could still have an old interface name and/or mac address when libudev
tells us that the device is initialized, as the up-to-date info could still
be on its way from the kernel.
It should not be possible to have a DHCP lease on a link without also having
an associated network. Add assert() to avoid compiler warnings.
Reported by Thomas H. P. Andersen
When enabled in [Network] it will set up a dhcp server on the interface, listening
on one of its statically configured IPv4 addresses and with a fixed size pool of
leases determined from it.
Example:
[Match]
Name=ve-arch-tree
[Network]
Address=192.168.12.5/24
DHCPServer=yes
[Route]
Gateway=192.168.12.5
Destination=192.168.12.0/24
In this case we will configure ve-arch-tree with the address 192.168.12.5 and
hand out addresses in the range 192.168.12.6 - 192.168.12.38.
In the future, we should (as suggested by Lennart) introduce a syntax to pick the
server address automatically.
Configuration will be in
root:root /run/systemd/network
and state will be in
systemd-network:systemd-network /run/systemd/netif
This matches what we do for logind's seat/session state.
This makes callback behaviour more like sd-event or sd-resolve, and
creates proper object for unregistering callbacks.
Taking the refernce to the slot is optional. If not taken life time of
the slot will be bound to the underlying bus object (or in the case of
an async call until the reply has been recieved).
Make the logging less verbose by only printing all the changed flags on one line,
at the same time make it more complete by supporting all flags currently supported
by the kernel.
We still fall back to printing the raw flags in case we get something we do not recognize
This may be useful when running on new kernels.
We need to take a refcount on the link whenever we expect a callback. The exceptions
are the ipv4ll/dhcp clients as their lifetimes are guaranteed to be shorter than that
of the link.
Otherwise:
eth0: unknown link flags gained: 0x00040 (ignoring)
[tomegun: hiding these messages is ok, as IFF_RUNNING is redundant
and can be deduced from operstate and IFF_LOWER_UP]
To make sure we don't delay boot on systems where (some) network links are managed by someone else
we don't block if something else has successfully brought up a link.
We will still block until all links we are aware of that are managed by networkd have been
configured, but if no such links exist, and someone else have configured a link sufficiently
that it has a carrier, it may be that the link is ready so we should no longer block.
Note that in all likelyhood the link is not ready (no addresses/routes configured),
so whatever network managment daemon configured it should provide a similar wait-online
service to block network-online.target until it is ready.
The aim is to block as long as we know networking is not fully configured, but no longer. This
will allow systemd-networkd-wait-online.service to be enabled on any system, even if we don't
know whether networkd is the main/only network manager.
Even in the case networking is fully configured by networkd, the default behavior may not be
sufficient: if two links need to be configured, but the first is fully configured before the
second one appears we will assume the network is up. To work around that, we allow specifying
specific devices to wait for before considering the network up.
This unit is enabled by default, just like systemd-networkd, but will only be pulled in if
anyone pulls in network-online.target.
This properly detects the state of the link based on both the link flags and the
operstate.
Moreover, always log state-changes even if we are not yet managing the link.
Avoid having two code-paths racing with eacother to do the same thing. The change
of flags will be detected in the normal way, so only use the link_up_handler
to detect if the 'up' failed and in that case fail the link.
This essentially swaps the roles of rtnl and udev in networkd. After this
change libudev is only used for waiting for udev to initialize devices and
to get udev-specific information needed for some [Match] attributes.
This in particular simplifies the code in containers where udev is not really
useful, but also simplifies things and reduces round-trips in the non-container
case.
Usually RUNNING implies LOWER_UP, but for drivers that don't support oper state, RUNNING can
also mean that the state is unknown. In that case we should just trust LOWER_UP directly.
The interface is not fully ready until it enterns RUNNING. This was causing
problems with sending out DHCP messages before the interface was ready, so they
would get lost. In particular this affected DHCP INIT-REBOOT, as it relies on
the first package sent being successful (or it will fall back to a full reboot).
Also improve the logging a lot, to make future debugging of link state a lot
easier.
This error should never happen, so replace the check with an assert. The check
was anyway broken due to an uninitialized return value.
Reported by Thomas Hindoe Paaboel Andersen <phomes@gmail.com>.
Similar to DHCP, the IPv4LL library user can decide to free the LL
client any time the callback is called. Guard against freeing the
LL client in the callback by introducing proper reference counting.
Also update code using the IPv4LL library to properly handle a
returned NULL from the notify and stop functions if the IPv4LL
client was freed.
The DHCP library user can decide to free the DHCP client any time
the callback is called. After the callback has been called, other
computations may still be needed - the best example being a full
restart of the DHCP procedure in case of lease expiry.
Fix this by introducing proper reference counting. Properly handle
a returned NULL from the notify and stop functions if the DHCP
client was freed.
Currently when both ipv4ll and dhcp are enabled, ipv4ll
address (if one has been claimed) is removed when dhcp
address is aquired. This is not the best thing to do
since there might be clients unaware of the removal
trying to communicate.
This patch provides a smooth transition between ipv4ll
and dhcp. If ipv4ll address was claimed [1] before dhcp,
address is marked as deprecated. Deprecated address is still
a valid address and packets can be received on it but address
cannot be selected as a source address. If dhcp lease cannot
be extended, then ipv4ll address is marked as valid again.
[1] If there is no collision, claiming IPv4LL takes between 4 to
7 seconds.
This does not belong in shared as it is mostly a detail of our networking subsystem.
Moreover, now we can use libudev here, which will simplify things.
Increase the chance of using the same link local address between reboots. The
pseudo random sequence of addresses we attempt is now seeded with data that is
very likely to stay the same between reboots, but at the same time be unique
to the specific machine/nic.
First we try to use the ID_NET_NAME_* data from the udev db combined with the
machin-id, which is guaranteed to be unique and persistent, if available. If
that is not possible (e.g., in containers where we don't have access to the
udev db) we fallback to using the MAC address of the interface, which is
guaranteed to be unique, and likely to be persistent.
[tomegun: three minor changes:
- don't expose HASH_KEY in the siphash24 header
- get rid of some compile-warnings (and some casts at the same time),
by using uint8_t[8] rather than uint64_t in the api
- added commit message]
Some DHCP servers gives you a netmask of 255.255.255.255 so the gateway is not
routable. Other DHCP client implementations look through the existing routes to
figure out if they should add an explicit host route. See below for a link.
However, it makes sense to just create the route explicitly whether it is
needed or not since it is explicit, makes the dhcp route entries independent of
other entries and saves us from knowing the state of the kernel tables.
After patch route table on a machine with a network (common case):
default via 10.0.2.2 dev ens3
10.0.2.0/24 dev ens3 proto kernel scope link src 10.0.2.15
10.0.2.2 dev ens3 scope link
After patch route table on a machine without a network (this case):
default via 10.240.0.1 dev ens4v1
10.240.0.1 dev ens4v1 scope link
The code from dhcpcd that works around this issue is on line 637.
https://android.googlesource.com/platform/external/dhcpcd/+/master/configure.c
Pass the mac address on to ipv4ll and dhcp clients so they always have
up-to-date information, and may react appropriately to the change.
Also drop setting the mac address from uevent, and only log when the
address actually changes.
Bridges will change their MAC address when other devices are enslaved. We need
the correct MAC address to acquire a DHCP lease, so take note of it whenever
it changes.
Implements IPv4LL with respect to RFC 3927
(http://tools.ietf.org/rfc/rfc3927.txt) and integrates it
with networkd. Majority of the IPv4LL state machine is
taken from avahi (http://avahi.org/) project's autoip.
IPv4LL can be enabled by IPv4LL=yes under [Network]
section of .network file.
IPv4LL works independent of DHCP but if DHCP lease is
aquired, then LL address will be dropped.
[tomegun: removed a trailing newline and a compiler warning]
Previously the returned object of constructor functions where sometimes
returned as last, sometimes as first and sometimes as second parameter.
Let's clean this up a bit. Here are the new rules:
1. The object the new object is derived from is put first, if there is any
2. The object we are creating will be returned in the next arguments
3. This is followed by any additional arguments
Rationale:
For functions that operate on an object we always put that object first.
Constructors should probably not be too different in this regard. Also,
if the additional parameters might want to use varargs which suggests to
put them last.
Note that this new scheme only applies to constructor functions, not to
all other functions. We do give a lot of freedom for those.
Note that this commit only changes the order of the new functions we
added, for old ones we accept the wrong order and leave it like that.
If -flto is used then gcc will generate a lot more warnings than before,
among them a number of use-without-initialization warnings. Most of them
without are false positives, but let's make them go away, because it
doesn't really matter.
Don't set set **ret when returning r < 0, as matching on the errno may easily
give false positives in the future leading to null pointer dereference.
Reported-by: David Herrmann <dh.herrmann@gmail.com>
So far we followed the rule to always indicate the "flavour" of
constructors after the "_new_" or "_open_" in the function name, so
let's keep things in sync here for rtnl and do the same.
The "sd_" prefix is supposed to be used on exported symbols only, and
not in the middle of names. Let's drop it from the cleanup macros hence,
to make things simpler.
The bus cleanup macros don't carry the "sd_" either, so this brings the
APIs a bit nearer.
Also limit the range of vlan ids. Other implementations and
documentation use the ranges {0,1}-{4094,4095}, but we use
the one accepted by the kernel: 0-4094.
Reported-by: Oleksii Shevchuk <alxchk@gmail.com>
This allows us users of the library to keep copies of old leases. This is
used by networkd to know what addresses to drop (if any) when the lease
expires.
In the future this may be used by DNAv4 and sd-dhcp-server.
When creating a new link, the kernel will not inform us about the new ifindex
in its ack. We have to listen for newly created devices and deduce the new
ifindex by matching on the ifname.
We used to do this by waiting for a new device from libudev, but that is asking
for trouble, as udev will happily rename the device before handing it to us.
Listen on rtnl instead, the chance of the name being changed before reaching us
is much smaller (if not nil).
Kernel patch in the works to make this unneccessary.
These connections are never torn down, even when the DHCP specifications say that
they should be. This is useful/necessary when the rootfs (or another critical fs)
is mounted over this network connection, and dataloss would result if the connection
is lost.
This option defaults to off, but our initrd generator (TBD) will enable it when
applicable.
Make them more simiar to sd_bus and friends. Also factor out the event attachment. In the future,
we will likely want to support external main-loops, so this is a first step. For the time being,
we are still requiring an sd_event to be attached though.
We may not have a dbus daemon in the initrd (until we can rely on kdbus). In
this case, simply ignore any attempts at using the bus. There is only one user
for now, but surely more to come.
In order to work reliably in the real root without kdbus, but at the same time
don't delay boot when kdbus is in use, order ourselves after dbus.service.
This adds support to generate a basic resolv.conf in /run/systemd/network.
This file will not take any effect unless a symlink is created from
/etc/resolv.conf.
Nameservers received over DHCP takes precedence over statically configured ones.
Note: /etc/resolv.conf is severely limited, so in the future we will likely
rather provide a much more powerfull nss plugin (or something to that effect),
but this should allow current users to function without any loss of
functionality.
It seems that networkd stores in_addr.s_addr contents in reverse
order (little-endian, not network order). This is a bit confusing,
but sd_rtnl evidently likes this order.
This adds basic DHCPv4 support. Link-sense is enabled unconditionally,
but the plan is to make that configurable.
I tested this in a VM with lots of NICs and over wifi in the various
coffee shops I found this Christmas, but more testing would definitely
be appreciated.
Static addresses/routes are associated with a network. Dynamic
addresses/routes are associtade with links (as the corresponding network
may be shared by several links).
This listens to rtnetlink for changes to IFF_UP and IFF_LOWER_UP (link sense). The latter
is simply logged at the moment, but will be useful once we add dhcp support.
A bridge is specified in a .netdev file with a section [Bridge]
and at least the entry Name=.
A link may be joined to a bridge if the .network applied to it has
a Bridge= entry giving the name of the bridge in its [Network] section.
We eagerly create all bridges on startup, and links are added to
bridges as soon as they both appear.
This daemon listens for and configures network devices tagged with
'systemd-networkd'. By default, no devices are tagged so this daemon
can safely run in parallel with existing network daemons/scripts.
Networks are configured in /etc/systemd/network/*.network. The first .network
file that matches a given link is applied. The matching logic is similar to
the one for .link files, but additionally supports matching on interface name.
The mid-term aim is to provide an alternative to ad-hoc scripts currently used
in initrd's and for wired setups that don't change much (e.g., as seen on
servers/and some embedded systems).
Currently, static addresses and a gateway can be configured.
Example .network file:
[Match]
Name=wlp2s0
[Network]
Description=My Network
Gateway=192.168.1.1
Address=192.168.1.23/24
Address=fe80::9aee:94ff:fe3f:c618/64
