| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
address_{compare,hash}_func()
Previously, we had two compare/hash functions. But we do not have
one of them anymore. Let's rename them.
|
| | |
|
| |
|
|
|
|
|
| |
Some properties of address can be updated, but some cannot.
On reconfiguring an interface or restarting networkd, let's keep an
assigned address only when it can be updated later with the requested
setting, and otherwise drop it.
|
| |
|
|
|
|
|
|
|
| |
IPv6 address can update the peer address without removing the address.
If an address have a peer, but now we want to drop the peer, we need to
specify a null address in IFA_ADDRESS attribute.
IPv4 address cannot update the peer address, so let's specify peer
address only when necessary.
|
| |
|
|
| |
We usually reset setting when an emptry string is specified.
|
| | |
|
| |
|
|
|
| |
Fixes copy-and-paste error.
Follow-up for 0a0c2672dbd22dc85d660e5baa7e1bef701beb88.
|
| |
|
|
|
| |
Strictly speaking, this is not necessary, but let's make the managed
Address objects more consistent with the kernel's addresses.
|
| |
|
|
|
|
| |
With the previous change, now Address objects under requesting are not
owned by Link object, hence we need to also search corresponding Address
object in the request queue.
|
| |
|
|
|
|
|
|
|
| |
Then, all addresses managed by a link really exist (unless the kernel
silently removes addresses).
By this change, now Address objects managed by Link and owned by Request
are decoupled, and always requested settings will be applied.
Fixes #25843.
|
| |
|
|
|
|
|
|
|
|
|
| |
This makes `manager_rtnl_process_address()`
- first read minimal information to get managed Address object,
- then update the managed Address object directly.
Previously, we updated the Address object managed by Link partially,
e.g. peer address did not updated.
This makes the managed Address object more consistent with the assigned
address.
|
| |\
| |
| | |
network: check specified address settings in more detail
|
| | | |
|
| | | |
|
| |\ \
| | |
| | | |
network: split-out sd_ipv4acd object management from Address object
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
Then, we can start IPv4ACD without adding corresponding Address object
to Link.
Hopefully, no functional change, just refactoring and preparation for
later commits.
|
| | |
| |
| |
| |
| |
| | |
address_get_broadcast()
No functional change, preparation for later commits.
|
| | |
| |
| |
| | |
No functional change, preparation for later commits.
|
| | |
| |
| |
| | |
When link_get_by_index() succeeds, the result is always non-NULL.
|
| |/
|
|
|
|
|
|
|
| |
link_request_address()
Follow-up for 9684a8ded083dd427f843b0c40aa0292e6c7ae06.
Now, the input Address object is always copied, hence it is not
necessary to free it in link_request_address().
|
| |\
| |
| | |
Add RET_GATHER macro to make continue-but-remember-first-error functions easier
|
| | |
| |
| |
| | |
No functional change intended.
|
| |\ \
| | |
| | | |
Various small cleanups
|
| | | |
| | |
| | |
| | |
| | | |
"Address 1.2.3.4" works as a proper noun, so the article is not
appropriate.
|
| |/ /
| |
| |
| |
| |
| |
| |
| | |
This reverts commit 6e8477edd3a988357ad5f5fa6610904d44ec402c.
The commit intended to fix a race reported at #28009. However,
unfortunately, it does not fix the root of the race, and reveals
the race in more simple setups. See reports in #28358.
|
| |/
|
|
|
|
|
|
| |
Otherwise, we may configure a route that depends on the existence
of an address or another route, and may fail when lifetime of one
of them are already zero.
Hopefully fixes #28358.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a static null address is requested, e.g. Address=0.0.0.0/24,
then the corresponding Address object owned by Network object has
null address, and previously it did not match any addresses already
assigne to the interface.
Let's search matching Address object when originally it is requested as
the null address.
Then, the address configured with requested as a null address will be
kept on reconfigure.
Fixes #26113.
|
| |
|
|
|
|
|
| |
Then, the code becomes much simpler.
This also adds several missing log messages.
No functional change, just refactoring.
|
| |
|
|
|
|
|
|
| |
requests
Request may refer Address object owned by Link, but its broadcast
address or label may be updated by address_equalify(), hence these
fields cannot be used in the hash and compare functions.
|
| | |
|
| |
|
|
|
|
| |
When an address is requested with null address, then broadcast should be
determined after an address aquired that will be assigned to the
interface.
|
| |
|
|
| |
No functional change, just refactoring.
|
| |
|
|
|
|
|
|
|
| |
When we request an address that already exists and is under removing,
we need to wait for the address being removed. Otherwise, configuration
of a route whose preferred source is the address will fail.
Fixes #28009.
Replaces #28088.
|
| |
|
|
|
|
|
|
| |
Notable change is,
- UseAddress=no in [DHCPv6],
- Assign=no in [DHCPPrefixDelegation], and
- UseAutonomousPrefix=no in [IPv6AcceptRA]
are gracefully handled now.
|
| |
|
|
|
|
|
|
|
|
|
| |
The commit 0f707207b9fc04d45ad176930cfefc77c0068545 enables strong
warning about missing prefix length in Address= setting.
The change was done in v241, and was about 4 years ago.
Let's drop the legacy assumption and make the parser consistent with
'ip address' command.
C.f. #11307.
Closes #26102.
|
| |
|
|
|
|
| |
Fixes a bug introduced by af2aea8bb64b0dc42ecbe5549216eb567681a803.
Fixes #25883 and #25891.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This effectively reverts 5d0030310c134a016321ad8cf0b4ede8b1800d84.
With the commit 5d0030310c134a016321ad8cf0b4ede8b1800d84, networkd manages
addresses with the detailed hash and compare functions. But that causes
networkd cannot detect address update by the kernel or an external tool.
See issue
https://github.com/systemd/systemd/issues/481#issuecomment-1328132401.
With this commit, networkd (again) manages addresses in the way that the
kernel does. Hence, we can correctly detect address update.
|
| | |
|
| |
|
|
| |
The removed address might be in the tentative state.
|
| |
|
|
|
| |
util.h is now about logarithms only, so we can rename it. Many files included
util.h for no apparent reason… Those includes are dropped.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
received
Routers may send options with zero lifetime if previously announced
information is outdated. Hence, if we receive such messages, then we
need to drop relevant addresses or friends.
See e.g. https://www.rfc-editor.org/rfc/rfc4861#section-12.
Follow-up for 2ccada8dc4a3571468a335808fd6fe49b8c6c6dd.
|
| |
|
|
| |
Preparation for later commits.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
IPv6 Neighbor Discovery lets us autoconfigure a link's IPv6 addresses,
routes, DNS servers, and DNS search domains by listening for Router
Advertisement (RA) packets broadcast by one or more routers on the link.
Each RA can contain zero or more "options," each describing one piece of
configuration (e.g. a single route).
Currently, when we receive an RA from a router, we delete any addresses,
routes, etc. that originated from that router's previous RAs unless
they're also present as options in the new RA.
That behavior is a violation of RFC 4861[1]. In Section 9, the RFC
states that
Senders MAY send a subset of options in different packets. ... Thus,
a receiver MUST NOT associate any action with the absence of an
option in a particular packet. This protocol specifies that
receivers should only act on the expiration of timers and on the
information that is received in the packets.
Several other passages in the RFC reiterate this. Section 6.2.3:
A router MAY choose not to include some or all options when sending
unsolicited Router Advertisements.
Section 6.3.4:
Hosts accept the union of all received information; the receipt of a
Router Advertisement MUST NOT invalidate all information received in
a previous advertisement or from another source.
At least one consumer router in production today, the Google Nest Wifi,
often sends RAs that omit its global IPv6 prefix. When current versions
of systemd-networkd receive those RAs, they immediately delete the
interface's global IPv6 address, which breaks IPv6 connectivity.
Fix the issue by removing the invalidation logic entirely. It's not
needed at all, since we already invalidate addresses, routes, and DNS
configuration when the interface goes down or their lifetimes expire.
This fix does have the side effect of preventing changes to the .network
file (e.g. denylisted prefixes, whether to add routes from RAs) from
taking effect as soon as a new RA arrives. Instead, a full interface
reconfiguration is needed. But triggering those changes on RA receipt
was already rather arbitrary and out of the administrator's control, so
I think this change is fine.
commit 69203fba700e ("network: ndisc: remove old addresses and routes
after at least one SLAAC address becomes ready") introduced this
behavior. commit 50550722e3ba fixed it partially, by preventing one
router's RAs from invalidating another router's configuration.
[1] https://www.rfc-editor.org/rfc/rfc4861
Fixes: 69203fba700e ("network: ndisc: remove old addresses and routes after at least one SLAAC address becomes ready")
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New directive `NetLabel=` provides a method for integrating static and dynamic
network configuration into Linux NetLabel subsystem rules, used by Linux
Security Modules (LSMs) for network access control. The label, with suitable
LSM rules, can be used to control connectivity of (for example) a service with
peers in the local network. At least with SELinux, only the ingress can be
controlled but not egress. The benefit of using this setting is that it may be
possible to apply interface independent part of NetLabel configuration at very
early stage of system boot sequence, at the time when the network interfaces
are not available yet, with netlabelctl(8), and the per-interface configuration
with systemd-networkd once the interfaces appear later. Currently this feature
is only implemented for SELinux.
The option expects a single NetLabel label. The label must conform to lexical
restrictions of LSM labels. When an interface is configured with IP addresses,
the addresses and subnetwork masks will be appended to the NetLabel Fallback
Peer Labeling rules. They will be removed when the interface is
deconfigured. Failures to manage the labels will be ignored.
Example:
```
[DHCPv4]
NetLabel=system_u:object_r:localnet_peer_t:s0
```
With the above rules for interface `eth0`, when the interface is configured with
an IPv4 address of 10.0.0.123/8, `systemd-networkd` performs the equivalent of
`netlabelctl` operation
```
$ sudo netlabelctl unlbl add interface eth0 address:10.0.0.0/8 label:system_u:object_r:localnet_peer_t:s0
```
Result:
```
$ sudo netlabelctl -p unlbl list
...
interface: eth0
address: 10.0.0.0/8
label: "system_u:object_r:localnet_peer_t:s0"
...
```
|
| |\
| |
| | |
Small improvements to the sd-netlink api
|
| | |
| |
| |
| | |
sd_netlink_message_set_request_dump
|
| | |
| |
| |
| |
| | |
Otherwise, if the setting is changed on reconfigure, the new setting
is not applied to the existing addresses.
|
| |/
|
|
|
|
|
|
|
|
| |
Previously, when a DHCP address is renewed and if the IPv4ACD for the
address is enabled, the address will never drop the probing flag, thus
the lifetime of the address will never be updated.
This drops NETWORK_CONFIG_STATE_PROBING, and the IPv4ACD status is
managed another bit, Address.acd_bound. And, the flag is updated only
when the IPv4ACD announced the address or detects conflict.
|
| |
|
|
| |
Fixes the IPv6LL issue in #23197.
|
| |
|
|
| |
Fixes #23625.
|
