shaba/systemd-stable
1
1
Fork 0
mirror of https://github.com/systemd/systemd-stable.git synced 2025-01-10 01:17:44 +03:00
Code

network: add MACsec*Association.Activate= setting

Browse Source
This commit is contained in:
Yu Watanabe 2019-04-05 15:33:52 +09:00
parent eb4705fb36
commit a7b9c52f1f
5 changed files with 89 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
man/systemd.netdev.xml
View File

@ -941,6 +941,13 @@
<literal>root:systemd-network</literal> with a <literal>0640</literal> file mode.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>Activate=</varname></term>
<listitem>
<para>Takes a boolean. If enabled, then the security association is activated. Defaults to
unset.</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
@ -986,6 +993,12 @@
<para>Accepts the same key in <literal>[MACsecTransmitAssociation]</literal> section.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>Activate=</varname></term>
<listitem>
<para>Accepts the same key in <literal>[MACsecTransmitAssociation]</literal> section.</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>

70
src/network/netdev/macsec.c
View File

@ -32,6 +32,12 @@ static void security_association_clear(SecurityAssociation *sa) {
free(sa->key_file);
}
static void security_association_init(SecurityAssociation *sa) {
assert(sa);
sa->activate = -1;
}
static void macsec_receive_association_free(ReceiveAssociation *c) {
if (!c)
return;
@ -76,6 +82,8 @@ static int macsec_receive_association_new_static(MACsec *s, const char *filename
.section = TAKE_PTR(n),
};
security_association_init(&c->sa);
r = ordered_hashmap_ensure_allocated(&s->receive_associations_by_section, &network_config_hash_ops);
if (r < 0)
return r;
@ -209,6 +217,8 @@ static int macsec_transmit_association_new_static(MACsec *s, const char *filenam
.section = TAKE_PTR(n),
};
security_association_init(&a->sa);
r = ordered_hashmap_ensure_allocated(&s->transmit_associations_by_section, &network_config_hash_ops);
if (r < 0)
return r;
@ -295,6 +305,12 @@ static int netdev_macsec_fill_message_sa(NetDev *netdev, SecurityAssociation *a,
return log_netdev_error_errno(netdev, r, "Could not append MACSEC_SA_ATTR_KEY attribute: %m");
}
if (a->activate >= 0) {
r = sd_netlink_message_append_u8(m, MACSEC_SA_ATTR_ACTIVE, a->activate);
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append MACSEC_SA_ATTR_ACTIVE attribute: %m");
}
r = sd_netlink_message_close_container(m);
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append MACSEC_ATTR_SA_CONFIG attribute: %m");
@ -849,6 +865,60 @@ int config_parse_macsec_key_id(
return 0;
}
int config_parse_macsec_sa_activate(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
_cleanup_(macsec_transmit_association_free_or_set_invalidp) TransmitAssociation *a = NULL;
_cleanup_(macsec_receive_association_free_or_set_invalidp) ReceiveAssociation *b = NULL;
MACsec *s = userdata;
int *dest;
int r;
assert(filename);
assert(section);
assert(lvalue);
assert(rvalue);
assert(data);
if (streq(section, "MACsecTransmitAssociation"))
r = macsec_transmit_association_new_static(s, filename, section_line, &a);
else
r = macsec_receive_association_new_static(s, filename, section_line, &b);
if (r < 0)
return r;
dest = a ? &a->sa.activate : &b->sa.activate;
if (isempty(rvalue))
r = -1;
else {
r = parse_boolean(rvalue);
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, r,
"Failed to parse activation mode of %s security association. "
"Ignoring assignment: %s",
streq(section, "MACsecTransmitAssociation") ? "transmit" : "receive",
rvalue);
return 0;
}
}
*dest = r;
TAKE_PTR(a);
TAKE_PTR(b);
return 0;
}
static int macsec_read_key_file(NetDev *netdev, SecurityAssociation *sa) {
_cleanup_free_ uint8_t *key = NULL;
size_t key_len;

2
src/network/netdev/macsec.h
View File

@ -31,6 +31,7 @@ typedef struct SecurityAssociation {
uint8_t *key;
uint32_t key_len;
char *key_file;
int activate;
} SecurityAssociation;
typedef struct TransmitAssociation {
@ -78,3 +79,4 @@ CONFIG_PARSER_PROTOTYPE(config_parse_macsec_packet_number);
CONFIG_PARSER_PROTOTYPE(config_parse_macsec_key_id);
CONFIG_PARSER_PROTOTYPE(config_parse_macsec_key);
CONFIG_PARSER_PROTOTYPE(config_parse_macsec_key_file);
CONFIG_PARSER_PROTOTYPE(config_parse_macsec_sa_activate);

2
src/network/netdev/netdev-gperf.gperf
View File

@ -141,12 +141,14 @@ MACsecTransmitAssociation.PacketNumber, config_parse_macsec_packet_number, 0,
MACsecTransmitAssociation.KeyId, config_parse_macsec_key_id, 0, 0
MACsecTransmitAssociation.Key, config_parse_macsec_key, 0, 0
MACsecTransmitAssociation.KeyFile, config_parse_macsec_key_file, 0, 0
MACsecTransmitAssociation.Activate, config_parse_macsec_sa_activate, 0, 0
MACsecReceiveAssociation.Port, config_parse_macsec_port, 0, 0
MACsecReceiveAssociation.MACAddress, config_parse_macsec_hw_address, 0, 0
MACsecReceiveAssociation.PacketNumber, config_parse_macsec_packet_number, 0, 0
MACsecReceiveAssociation.KeyId, config_parse_macsec_key_id, 0, 0
MACsecReceiveAssociation.Key, config_parse_macsec_key, 0, 0
MACsecReceiveAssociation.KeyFile, config_parse_macsec_key_file, 0, 0
MACsecReceiveAssociation.Activate, config_parse_macsec_sa_activate, 0, 0
Tun.OneQueue, config_parse_bool, 0, offsetof(TunTap, one_queue)
Tun.MultiQueue, config_parse_bool, 0, offsetof(TunTap, multi_queue)
Tun.PacketInfo, config_parse_bool, 0, offsetof(TunTap, packet_info)

2
test/fuzz/fuzz-netdev-parser/directives.netdev
View File

@ -184,6 +184,7 @@ PacketNumber=
KeyId=
Key=
KeyFile=
Activate=
[MACsecReceiveChannel]
Port=
MACAddress=
@ -192,3 +193,4 @@ PacketNumber=
KeyId=
Key=
KeyFile=
Activate=