summaryrefslogtreecommitdiffstats
path: root/network (follow)
Commit message (Collapse)AuthorAgeFilesLines
* network: request non-NULL SSID when a wlan interface is configured as stationYu Watanabe2024-07-311-0/+1
| | | | | To avoid conflicts with user .network file for the wlan interface with Bond=. See https://github.com/systemd/systemd/issues/19832#issuecomment-857661200.
* Reapply "network: add "mac" to alternatives name policy by default"Yu Watanabe2024-06-121-1/+1
| | | | | | | | | | | | | This reverts commit 152c8946b3a93bb2c086568832d614cb54f11e13. The kernel patch https://lore.kernel.org/linux-usb/20240605153340.25694-1-gmazyland@gmail.com/ is now in net-next branch, and will be hopefully merged soon. Note that Debian's 73-usb-net-by-mac.link now also supports the kernel patch: https://salsa.debian.org/systemd-team/systemd/-/commit/c1afbb2dc295929085be86072c7942c8517ec598 So, hopefully, the change is ready. Let's reapply it.
* Revert "network: add "mac" to alternatives name policy by default" (#33227)Zbigniew Jędrzejewski-Szmek2024-06-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 0f5a529217f1327f020ab54deed09e6fae1f1fef. As discussed in https://github.com/systemd/systemd/issues/33104, that patch caused problems in Debian which has a udev drop-in with [Match] Path=*-usb-* [Link] NamePolicy=mac The rename fails: eth0: Policy *mac* yields "enx00*". eth0: /usr/lib/udev/rules.d/80-net-setup-link.rules:11 NAME 'enx00*' eth0: /usr/lib/udev/rules.d/99-systemd.rules:69 RUN '/usr/lib/systemd/systemd-sysctl --prefix=/net/ipv4/conf/$name --prefix=/net/ipv4/neigh/$ eth0: sd-device: Created database file '/run/udev/data/n9' for '/devices/pci0000:00/0000:00:1c.4/0000:02:00.0/0000:03:01.0/0000:05:00.0/0000: eth0: Failed to rename network interface 9 from 'eth0' to 'enx00*': File exists eth0: sd-device: Created database file '/run/udev/data/n9' for '/devices/pci0000:00/0000:00:1c.4/0000:02:00.0/0000:03:01.0/0000:05:00.0/0000: eth0: Failed to process device, ignoring: File exists Two network interfaces have the same MAC and it's not marked NET_ADDR_STOLEN. In this case the conflict is very visible because it causes the rename to fail, but it would also occur in other cases, for alternative names. A patch has been submitted for r8152 to properly set NET_ADDR_STOLEN: https://lore.kernel.org/linux-usb/20240605153340.25694-1-gmazyland@gmail.com/T/#u Let's revert this now to avoid a regression. We can try again after the kernel issue is resolved. Closes https://github.com/systemd/systemd/issues/33104.
* network: configure a tun host0 interface in a containerHelmut Grohne2024-05-162-0/+23
| | | | | | | | | | | | | | | | | While containers often have their host0 network provided by veth when the container runtime is privileged, unprivileged containers tend to have their network provided via slirp4netns or pasta. These tools use a tun interface rather than a veth interface and systemd should still set configure such networks. We should have different .network files for the veth and tun use cases as there may arise a need to configure them differently. We should not rename 80-container-host0.network as that would cause existing drop-ins to no longer apply. Closes: #32095 Fixes: f139393dd20a ("network: use Kind= instead of Driver=") Signed-off-by: Helmut Grohne <helmut@subdivi.de>
* network: suggest using "networkctl edit" instead of copying manuallyMike Yuan2024-04-2315-90/+15
|
* network: add .link file to match 80-namespace.networkLennart Poettering2024-04-222-0/+25
| | | | | | | | This file makes clear the interface shall be owned by networkd. This does what 658169e6d307b5b1aea0d82b4a6430fa9d529c68 did for nspawn's regular devices for the devices defined through 8aee931e7ae1adb01eeac0e1e4c0aef6ed3969ec too.
* network: add "mac" to alternatives name policy by defaultLennart Poettering2024-04-221-1/+1
| | | | | Alternative names are basically free, hence add "mac" there too, to make it easier to see what names could be used as primary options too.
* nsresourced: add new daemon for granting clients user namespaces and ↵Lennart Poettering2024-04-062-0/+32
| | | | | | | | | | | | | | | | | | | | | | | | assigning resources to them This adds a small, socket-activated Varlink daemon that can delegate UID ranges for user namespaces to clients asking for it. The primary call is AllocateUserRange() where the user passes in an uninitialized userns fd, which is then set up. There are other calls that allow assigning a mount fd to a userns allocated that way, to set up permissions for a cgroup subtree, and to allocate a veth for such a user namespace. Since the UID assignments are supposed to be transitive, i.e. not permanent, care is taken to ensure that users cannot create inodes owned by these UIDs, so that persistancy cannot be acquired. This is implemented via a BPF-LSM module that ensures that any member of a userns allocated that way cannot create files unless the mount it operates on is owned by the userns itself, or is explicitly allowelisted. BPF LSM program with contributions from Alexei Starovoitov.
* network: fix 6rd tunnel link section nameFrantisek Sumsal2024-01-121-1/+1
| | | | | | | | Spotted randomly when going through CI logs: systemd-udevd[658]: /usr/lib/systemd/network/80-6rd-tunnel.link:21: Unknown section 'Network'. Ignoring. Follow-up for 658169e6d30.
* network: fix Name= -> OriginalName= in the default .link filesYu Watanabe2024-01-115-5/+5
| | | | Follow-up for 658169e6d307b5b1aea0d82b4a6430fa9d529c68.
* network: take explicit ownership of our own interfacesLennart Poettering2024-01-109-8/+131
| | | | | | | | | | This is a follow-up for #30786 and uses it to assign ID_NET_MANAGED_BY=io.systemd.Network to all all network interfaces that we consider ours to manage. This should hopefully have the effect that other well-behaving managers won't fight for these devices. This doesn't bother with network interfaces we match inside containers, since udev is not available there anyway.
* meson: always install network example filesZbigniew Jędrzejewski-Szmek2023-11-231-5/+4
| | | | | | | | I started working on integrating this in the Fedora package and realized that the example files should be installed regardless of the renamed files when default-network=true is used. This is because the renamed files become part of a different package, and we want to have the other files which are used as documentation in the main package anyway.
* Merge pull request #29928 from yuwata/meson-default-networkZbigniew Jędrzejewski-Szmek2023-11-141-1/+1
|\ | | | | meson: follow-ups for -Ddefault-network=
| * meson: fix install path of example .network filesYu Watanabe2023-11-081-1/+1
| | | | | | | | | | | | | | | | | | It seems that when 'rename' field is set, the path (instead of the filename) is appended to the 'install_dir'. Follow-up for 9b7a624267fddc5c20bd15480e7a393d7a3b270e. Fixes #29925.
* | network: make 89-ethernet.network match only physical interfacesYu Watanabe2023-11-081-1/+2
| | | | | | | | | | For safety. We already add similar condition to a generated one: c25aa6c8acc6d95eaacae7858a7057907d61a25e
* | network: use Kind= instead of Driver=Yu Watanabe2023-11-086-6/+7
|/ | | | | | | | networkd ignores errors in reading driver through ethtool. The kind of network interface is retrieved through netlink, and networkd checks checks many failures. So, using Kind= should be safer. No functional change, just for safety.
* meson: /etc/systemd/network is also used by udevdYu Watanabe2023-11-031-3/+4
|
* network: add meson option to rename .example files on installYu Watanabe2023-11-032-3/+19
| | | | | | | | Also this renames 80-ethernet.network.example -> 89-ethernet.network.example, to make it have lower precedence over other default .network files for Ethernet interfaces. Closes #29765.
* network: disable IPv6AcceptRA= in several default configYu Watanabe2023-11-036-1/+7
| | | | | | | Also, - drop DHCP=no, as it is the default setting, - enable IPv6SendRA= for wifi access point, - enable MulticastDNS= for wifi adhoc mode.
* meson: install newly added example .network fileYu Watanabe2023-11-031-11/+13
| | | | Follow-up for e6ba085398866ab05511fe748b8e9f7cbe85148e.
* network: add default .network file matching ID_NET_AUTO_LINK_LOCAL_ONLY=1Lennart Poettering2023-10-301-0/+21
| | | | | | | | | | This is name ".network.example" for now, to match the existing 80-ethernet.network file. I think it would make sense to actually install this by default if told so via a meson file (and then hopefully this would happen even on Fedora, though in a split off RPM or so). However, we aren't there yet, hence for now, just ship the .network files as example, like the others.
* meson: use install_emptydir() and drop meson-make-symlink.shYu Watanabe2023-08-081-2/+1
| | | | | | The script is mostly equivalent to 'mkdir -p' and 'ln -sfr'. Let's replace it with install_emptydir() builtin function and inline meson call.
* meson: Install missing network fileJan Janssen2023-01-271-0/+1
|
* network: change license of examples to MIT-0Zbigniew Jędrzejewski-Szmek2022-10-2611-22/+22
| | | | | | | | | | | | | | | Arguably, CC0 is just fine for examples since they are not code. But it's easier to be consistent and just use MIT-0 for all "documentation". Thus, the license is changed similarly code examples under man/. Based on 'git shortlog -ns network/*' and 'git log -p', the following folks should ack this: Zbigniew Jędrzejewski-Szmek Lennart Poettering Tom Gundersen Yu Watanabe Daan De Meyer Marc-André Lureau
* network: add example file that enables DHCP on ethernet linksZbigniew Jędrzejewski-Szmek2022-01-122-0/+18
| | | | | | | | The file has instructions how to "enable" it by symlinking into the appropriate place. If we create a different mechanism to do enablement later on, we can always adjust the instructions. Closes #3998.
* network: license all config files as CC0Zbigniew Jędrzejewski-Szmek2022-01-128-48/+80
| | | | | | | | Same justification as the previous commit. $ for i in network/*-*; do git blame $i;done | less shows that those files were written by Tom Gundersen, Lennart Poettering, Yu Watanabe, me, and Marc-André Lureau.
* network: say that our example files are licensed as CC0Zbigniew Jędrzejewski-Szmek2022-01-122-0/+22
| | | | | | This matches what we have for example programs under man/, and is nice because it allows people to copy the files as they wish without worrying about copyright. The files are too trivial to copyright anyway.
* network: dhcp-pd: add 6rd supportYu Watanabe2021-12-072-1/+20
| | | | Closes #19152.
* licensing: add missing header to one .network fileZbigniew Jędrzejewski-Szmek2021-10-011-0/+9
| | | | | It should have the full header because it will be installed onto user systems like the other .network files.
* network: add 80-container-vb.networkYu Watanabe2021-09-041-0/+22
|
* meson: use a/b instead of join_paths(a,b)Zbigniew Jędrzejewski-Szmek2021-07-271-1/+1
| | | | It is nicer and shorter.
* network: examples: use wlan for Type instead of wifiLucas Magasweran2021-05-103-3/+3
|
* network: use IPMasquerade=both instead of yesYu Watanabe2021-02-244-4/+4
| | | | Follow-up for 4c72d851cd007e945a85811f89376a2675daa1a5.
* networkd: Enable IPv6SendRA on builtin network filesDaan De Meyer2021-01-063-0/+3
| | | | | | | | | RAs trigger neighbor discovery which allows users to query the LL address of the container/VM via `ip neighbor get dev`. This is useful as it gives users an easy way to connect to the container without needing LLMNR or mDNS to resolve the hostname of the container to an IP address. In practice, this allows connecting with only networkd enabled and without resolved running in the host/container.
* meson: add option to skip installing to $sysconfdirJörg Thalheim2020-11-121-2/+4
| | | | | | | | | | | | | | | | | | | | | This is useful for development where overwriting files out side the configured prefix will affect the host as well as stateless systems such as NixOS that don't let packages install to /etc but handle configuration on their own. Alternative to https://github.com/systemd/systemd/pull/17501 tested with: $ mkdir inst build && cd build $ meson \ -Dcreate-log-dirs=false \ -Dsysvrcnd-path=$(realpath ../inst)/etc/rc.d \ -Dsysvinit-path=$(realpath ../inst)/etc/init.d \ -Drootprefix=$(realpath ../inst) \ -Dinstall-sysconfdir=false \ --prefix=$(realpath ../inst) .. $ ninja install
* license: LGPL-2.1+ -> LGPL-2.1-or-laterYu Watanabe2020-11-096-6/+6
|
* network: add TUN/TAP vt-* network rule for VMsMarc-André Lureau2020-04-172-0/+25
| | | | | VM typically use a TAP device, and work similarly to a veth device from the host side.
* Remove stray fileZbigniew Jędrzejewski-Szmek2020-04-061-0/+0
|
* sd-dhcp: Add support to emit and retrieve SMTP serverSusant Sahani2020-03-281-0/+0
|
* network: set AlternativeNamesPolicy= in 99-default.linkYu Watanabe2019-12-171-0/+1
|
* network: install wifi-adhoc.network by default, make wifi-{ap,station} examplesZbigniew Jędrzejewski-Szmek2019-10-303-0/+3
| | | | | | I think 80-wifi-adhoc.network is safe enough, since it just enables the link-local addressing. But the other two enable DHCP in client or server modes, and we should not do this by default.
* Merge pull request #13623 from yuwata/network-wifi-iftypeZbigniew Jędrzejewski-Szmek2019-10-253-0/+20
|\
| * network: add default configurations for wireless interfacesYu Watanabe2019-10-253-0/+20
|/
* udev,network: warn when .link or .network file has no [Match] sectionYu Watanabe2019-04-251-0/+3
| | | | Closes #12098.
* link-config: add "keep" policy and use it by defaultZbigniew Jędrzejewski-Szmek2019-01-171-1/+1
| | | | | | | | | | | | | | If "keep" policy is specified, and the interface has a name that is NET_NAME_USER or NET_NAME_RENAMED, we stop processing rules. "keep" should probably be specified either first or last depending on the preference. This partially reimplements 55b6530baacf4658a183b15b010a8cf3483fde08, in the sense that if the "keep" policy is not specified, and if the interface has a NamingPolicy, it will be renamed, even if it had a name previously. So this breaks backwards compatibility in this case, but that's more in line with what users expect. Closes #9006.
* Drop my copyright headersZbigniew Jędrzejewski-Szmek2018-06-141-2/+0
| | | | | | | perl -i -0pe 's/\s*Copyright © .... Zbigniew Jędrzejewski.*?\n/\n/gms' man/*xml git grep -e 'Copyright.*Jędrzejewski' -l | xargs perl -i -0pe 's/(#\n)?# +Copyright © [0-9, -]+ Zbigniew Jędrzejewski.*?\n//gms' git grep -e 'Copyright.*Jędrzejewski' -l | xargs perl -i -0pe 's/\s*\/\*\*\*\s+Copyright © [0-9, -]+ Zbigniew Jędrzejewski[^\n]*?\s*\*\*\*\/\s*/\n\n/gms' git grep -e 'Copyright.*Jędrzejewski' -l | xargs perl -i -0pe 's/\s+Copyright © [0-9, -]+ Zbigniew Jędrzejewski[^\n]*//gms'
* tree-wide: beautify remaining copyright statementsLennart Poettering2018-06-141-1/+1
| | | | | | Let's unify an beautify our remaining copyright statements, with a unicode ©. This means our copyright statements are now always formatted the same way. Yay.
* tree-wide: drop license boilerplateZbigniew Jędrzejewski-Szmek2018-04-061-13/+0
| | | | | | | | | | Files which are installed as-is (any .service and other unit files, .conf files, .policy files, etc), are left as is. My assumption is that SPDX identifiers are not yet that well known, so it's better to retain the extended header to avoid any doubt. I also kept any copyright lines. We can probably remove them, but it'd nice to obtain explicit acks from all involved authors before doing that.
* Add license headers and SPDX identifiers to meson.build filesZbigniew Jędrzejewski-Szmek2017-11-191-0/+17
| | | | | | | So far I avoided adding license headers to meson files, but they are pretty big and important and should carry license headers like everything else. I added my own copyright, even though other people modified those files too. But this is mostly symbolic, so I hope that's OK.
* Add SPDX license headers to various assorted filesZbigniew Jędrzejewski-Szmek2017-11-194-0/+15
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-01 19:11:05 +0100