shaba/systemd-stable
1
1
Fork 0
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-27 03:21:32 +03:00
Code

Merge pull request #12429 from ssahani/link-local-fallback

Browse Source 
networkd: Option to use LinkLocalAddressing only when DHCP fails
This commit is contained in:
Yu Watanabe 2019-05-04 16:52:07 +02:00 committed by GitHub
commit c26f3b1c86
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 165 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
man/systemd.network.xml
View File

@ -326,9 +326,16 @@
<term><varname>LinkLocalAddressing=</varname></term>
<listitem>
<para>Enables link-local address autoconfiguration. Accepts <literal>yes</literal>,
<literal>no</literal>, <literal>ipv4</literal>, or <literal>ipv6</literal>. If
<varname>Bridge=</varname> is set, defaults to <literal>no</literal>, and if not,
defaults to <literal>ipv6</literal>.</para>
<literal>no</literal>, <literal>ipv4</literal>, <literal>ipv6</literal>,
<literal>fallback</literal>, or <literal>ipv4-fallback</literal>. If
<literal>fallback</literal> or <literal>ipv4-fallback</literal> is specified, then an IPv4
link-local address is configured only when DHCPv4 fails. If <literal>fallback</literal>,
an IPv6 link-local address is always configured, and if <literal>ipv4-fallback</literal>,
the address is not configured. Note that, the fallback mechanism works only when DHCPv4
client is enabled, that is, it requires <literal>DHCP=yes</literal> or
<literal>DHCP=ipv4</literal>. If <varname>Bridge=</varname> is set, defaults to
<literal>no</literal>, and if not, defaults to <literal>ipv6</literal>.
</para>
</listitem>
</varlistentry>
<varlistentry>

12
src/libsystemd-network/sd-dhcp-client.c
View File

@ -32,6 +32,8 @@
#define MAX_CLIENT_ID_LEN (sizeof(uint32_t) + MAX_DUID_LEN) /* Arbitrary limit */
#define MAX_MAC_ADDR_LEN CONST_MAX(INFINIBAND_ALEN, ETH_ALEN)
#define MAX_CLIENT_ATTEMPT 64
#define RESTART_AFTER_NAK_MIN_USEC (1 * USEC_PER_SEC)
#define RESTART_AFTER_NAK_MAX_USEC (30 * USEC_PER_MINUTE)
@ -1050,8 +1052,10 @@ static int client_timeout_resend(
case DHCP_STATE_REQUESTING:
case DHCP_STATE_BOUND:
if (client->attempt < 64)
if (client->attempt < MAX_CLIENT_ATTEMPT)
client->attempt *= 2;
else
goto error;
next_timeout = time_now + (client->attempt - 1) * USEC_PER_SEC;
@ -1079,7 +1083,7 @@ static int client_timeout_resend(
client->state = DHCP_STATE_SELECTING;
client->attempt = 1;
} else {
if (client->attempt >= 64)
if (client->attempt >= MAX_CLIENT_ATTEMPT)
goto error;
}
@ -1087,7 +1091,7 @@ static int client_timeout_resend(
case DHCP_STATE_SELECTING:
r = client_send_discover(client);
if (r < 0 && client->attempt >= 64)
if (r < 0 && client->attempt >= MAX_CLIENT_ATTEMPT)
goto error;
break;
@ -1097,7 +1101,7 @@ static int client_timeout_resend(
case DHCP_STATE_RENEWING:
case DHCP_STATE_REBINDING:
r = client_send_request(client);
if (r < 0 && client->attempt >= 64)
if (r < 0 && client->attempt >= MAX_CLIENT_ATTEMPT)
goto error;
if (client->state == DHCP_STATE_INIT_REBOOT)

18
src/network/networkd-dhcp4.c
View File

@ -511,6 +511,7 @@ static int dhcp_lease_acquired(sd_dhcp_client *client, Link *link) {
return 0;
}
static void dhcp4_handler(sd_dhcp_client *client, int event, void *userdata) {
Link *link = userdata;
int r = 0;
@ -523,9 +524,24 @@ static void dhcp4_handler(sd_dhcp_client *client, int event, void *userdata) {
return;
switch (event) {
case SD_DHCP_CLIENT_EVENT_EXPIRED:
case SD_DHCP_CLIENT_EVENT_STOP:
if (link_ipv4ll_fallback_enabled(link)) {
assert(link->ipv4ll);
log_link_debug(link, "DHCP client is stopped. Acquiring IPv4 link-local address");
r = sd_ipv4ll_start(link->ipv4ll);
if (r < 0) {
log_link_warning(link, "Could not acquire IPv4 link-local address: %m");
return;
}
}
_fallthrough_;
case SD_DHCP_CLIENT_EVENT_EXPIRED:
case SD_DHCP_CLIENT_EVENT_IP_CHANGE:
if (link->network->dhcp_critical) {
log_link_error(link, "DHCPv4 connection considered system critical, ignoring request to reconfigure it.");
return;

2
src/network/networkd-ipv4ll.c
View File

@ -197,7 +197,7 @@ int ipv4ll_configure(Link *link) {
assert(link);
assert(link->network);
assert(link->network->link_local & ADDRESS_FAMILY_IPV4);
assert(link->network->link_local & (ADDRESS_FAMILY_IPV4 | ADDRESS_FAMILY_FALLBACK_IPV4));
if (!link->ipv4ll) {
r = sd_ipv4ll_new(&link->ipv4ll);

39
src/network/networkd-link.c
View File

@ -110,7 +110,7 @@ static bool link_dhcp4_server_enabled(Link *link) {
return link->network->dhcp_server;
}
static bool link_ipv4ll_enabled(Link *link) {
bool link_ipv4ll_enabled(Link *link) {
assert(link);
if (link->flags & IFF_LOOPBACK)
@ -128,6 +128,24 @@ static bool link_ipv4ll_enabled(Link *link) {
return link->network->link_local & ADDRESS_FAMILY_IPV4;
}
bool link_ipv4ll_fallback_enabled(Link *link) {
assert(link);
if (link->flags & IFF_LOOPBACK)
return false;
if (!link->network)
return false;
if (STRPTR_IN_SET(link->kind, "vrf", "wireguard"))
return false;
if (link->network->bond)
return false;
return link->network->link_local & ADDRESS_FAMILY_FALLBACK_IPV4;
}
static bool link_ipv6ll_enabled(Link *link) {
assert(link);
@ -994,21 +1012,18 @@ void link_check_ready(Link *link) {
if (!link->routing_policy_rules_configured)
return;
if (link_ipv4ll_enabled(link))
if (!link->ipv4ll_address ||
!link->ipv4ll_route)
return;
if (link_ipv4ll_enabled(link) && !(link->ipv4ll_address && link->ipv4ll_route))
return;
if (link_ipv6ll_enabled(link) &&
in_addr_is_null(AF_INET6, (const union in_addr_union*) &link->ipv6ll_address))
return;
if ((link_dhcp4_enabled(link) && !link_dhcp6_enabled(link) &&
!link->dhcp4_configured) ||
(link_dhcp6_enabled(link) && !link_dhcp4_enabled(link) &&
!link->dhcp6_configured) ||
(link_dhcp4_enabled(link) && link_dhcp6_enabled(link) &&
!link->dhcp4_configured && !link->dhcp6_configured))
if ((link_dhcp4_enabled(link) || link_dhcp6_enabled(link)) &&
!(link->dhcp4_configured || link->dhcp6_configured) &&
!(link_ipv4ll_fallback_enabled(link) && link->ipv4ll_address && link->ipv4ll_route))
/* When DHCP is enabled, at least one protocol must provide an address, or
* an IPv4ll fallback address must be configured. */
return;
if (link_ipv6_accept_ra_enabled(link) && !link->ndisc_configured)
@ -3114,7 +3129,7 @@ static int link_configure(Link *link) {
if (r < 0)
return r;
if (link_ipv4ll_enabled(link)) {
if (link_ipv4ll_enabled(link) || link_ipv4ll_fallback_enabled(link)) {
r = ipv4ll_configure(link);
if (r < 0)
return r;

3
src/network/networkd-link.h
View File

@ -160,6 +160,9 @@ int link_ipv6ll_gained(Link *link, const struct in6_addr *address);
int link_set_mtu(Link *link, uint32_t mtu, bool force);
int ipv4ll_configure(Link *link);
bool link_ipv4ll_enabled(Link *link);
bool link_ipv4ll_fallback_enabled(Link *link);
int dhcp4_configure(Link *link);
int dhcp4_set_client_identifier(Link *link);
int dhcp4_set_promote_secondaries(Link *link);

2
src/network/networkd-network-gperf.gperf
View File

@ -51,7 +51,7 @@ Network.Tunnel, config_parse_stacked_netdev,
Network.VRF, config_parse_ifname, 0, offsetof(Network, vrf_name)
Network.DHCP, config_parse_dhcp, 0, offsetof(Network, dhcp)
Network.DHCPServer, config_parse_bool, 0, offsetof(Network, dhcp_server)
Network.LinkLocalAddressing, config_parse_address_family_boolean, 0, offsetof(Network, link_local)
Network.LinkLocalAddressing, config_parse_link_local_address_family_boolean, 0, offsetof(Network, link_local)
Network.IPv4LLRoute, config_parse_bool, 0, offsetof(Network, ipv4ll_route)
Network.IPv6Token, config_parse_ipv6token, 0, offsetof(Network, ipv6_token)
Network.LLDP, config_parse_lldp_mode, 0, offsetof(Network, lldp_mode)

23
src/network/networkd-network.c
View File

@ -236,6 +236,13 @@ int network_verify(Network *network) {
if (network->link_local < 0)
network->link_local = network->bridge ? ADDRESS_FAMILY_NO : ADDRESS_FAMILY_IPV6;
if (FLAGS_SET(network->link_local, ADDRESS_FAMILY_FALLBACK_IPV4) &&
!FLAGS_SET(network->dhcp, ADDRESS_FAMILY_IPV4)) {
log_warning("%s: fallback assignment of IPv4 link local address is enabled but DHCPv4 is disabled. "
"Disabling the fallback assignment.", network->filename);
SET_FLAG(network->link_local, ADDRESS_FAMILY_FALLBACK_IPV4, false);
}
if (network->ipv6_accept_ra < 0 && network->bridge)
network->ipv6_accept_ra = false;
@ -818,6 +825,7 @@ int config_parse_ipv4ll(
void *userdata) {
AddressFamilyBoolean *link_local = data;
int r;
assert(filename);
assert(lvalue);
@ -828,7 +836,20 @@ int config_parse_ipv4ll(
* config_parse_address_family_boolean(), except that it
* applies only to IPv4 */
SET_FLAG(*link_local, ADDRESS_FAMILY_IPV4, parse_boolean(rvalue));
r = parse_boolean(rvalue);
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, r,
"Failed to parse %s=%s, ignoring assignment. "
"Note that the setting %s= is deprecated, please use LinkLocalAddressing= instead.",
lvalue, rvalue, lvalue);
return 0;
}
SET_FLAG(*link_local, ADDRESS_FAMILY_IPV4, r);
log_syntax(unit, LOG_WARNING, filename, line, 0,
"%s=%s is deprecated, please use LinkLocalAddressing=%s instead.",
lvalue, rvalue, address_family_boolean_to_string(*link_local));
return 0;
}

48
src/network/networkd-util.c
View File

@ -8,38 +8,26 @@
#include "string-util.h"
#include "util.h"
const char *address_family_boolean_to_string(AddressFamilyBoolean b) {
if (IN_SET(b, ADDRESS_FAMILY_YES, ADDRESS_FAMILY_NO))
return yes_no(b == ADDRESS_FAMILY_YES);
static const char * const address_family_boolean_table[_ADDRESS_FAMILY_BOOLEAN_MAX] = {
[ADDRESS_FAMILY_NO] = "no",
[ADDRESS_FAMILY_YES] = "yes",
[ADDRESS_FAMILY_IPV4] = "ipv4",
[ADDRESS_FAMILY_IPV6] = "ipv6",
};
if (b == ADDRESS_FAMILY_IPV4)
return "ipv4";
if (b == ADDRESS_FAMILY_IPV6)
return "ipv6";
static const char * const link_local_address_family_boolean_table[_ADDRESS_FAMILY_BOOLEAN_MAX] = {
[ADDRESS_FAMILY_NO] = "no",
[ADDRESS_FAMILY_YES] = "yes",
[ADDRESS_FAMILY_IPV4] = "ipv4",
[ADDRESS_FAMILY_IPV6] = "ipv6",
[ADDRESS_FAMILY_FALLBACK] = "fallback",
[ADDRESS_FAMILY_FALLBACK_IPV4] = "ipv4-fallback",
};
return NULL;
}
AddressFamilyBoolean address_family_boolean_from_string(const char *s) {
int r;
/* Make this a true superset of a boolean */
r = parse_boolean(s);
if (r > 0)
return ADDRESS_FAMILY_YES;
if (r == 0)
return ADDRESS_FAMILY_NO;
if (streq(s, "ipv4"))
return ADDRESS_FAMILY_IPV4;
if (streq(s, "ipv6"))
return ADDRESS_FAMILY_IPV6;
return _ADDRESS_FAMILY_BOOLEAN_INVALID;
}
DEFINE_CONFIG_PARSE_ENUM(config_parse_address_family_boolean, address_family_boolean, AddressFamilyBoolean, "Failed to parse option");
DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(address_family_boolean, AddressFamilyBoolean, ADDRESS_FAMILY_YES);
DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(link_local_address_family_boolean, AddressFamilyBoolean, ADDRESS_FAMILY_YES);
DEFINE_CONFIG_PARSE_ENUM(config_parse_link_local_address_family_boolean, link_local_address_family_boolean,
AddressFamilyBoolean, "Failed to parse option");
int config_parse_address_family_boolean_with_kernel(
const char* unit,

17
src/network/networkd-util.h
View File

@ -7,10 +7,12 @@
typedef enum AddressFamilyBoolean {
/* This is a bitmask, though it usually doesn't feel that way! */
ADDRESS_FAMILY_NO = 0,
ADDRESS_FAMILY_IPV4 = 1 << 0,
ADDRESS_FAMILY_IPV6 = 1 << 1,
ADDRESS_FAMILY_YES = ADDRESS_FAMILY_IPV4 | ADDRESS_FAMILY_IPV6,
ADDRESS_FAMILY_NO = 0,
ADDRESS_FAMILY_IPV4 = 1 << 0,
ADDRESS_FAMILY_IPV6 = 1 << 1,
ADDRESS_FAMILY_YES = ADDRESS_FAMILY_IPV4 | ADDRESS_FAMILY_IPV6,
ADDRESS_FAMILY_FALLBACK_IPV4 = 1 << 2,
ADDRESS_FAMILY_FALLBACK = ADDRESS_FAMILY_FALLBACK_IPV4 | ADDRESS_FAMILY_IPV6,
_ADDRESS_FAMILY_BOOLEAN_MAX,
_ADDRESS_FAMILY_BOOLEAN_INVALID = -1,
} AddressFamilyBoolean;
@ -21,11 +23,14 @@ typedef struct NetworkConfigSection {
char filename[];
} NetworkConfigSection;
CONFIG_PARSER_PROTOTYPE(config_parse_address_family_boolean);
CONFIG_PARSER_PROTOTYPE(config_parse_link_local_address_family_boolean);
CONFIG_PARSER_PROTOTYPE(config_parse_address_family_boolean_with_kernel);
const char *address_family_boolean_to_string(AddressFamilyBoolean b) _const_;
AddressFamilyBoolean address_family_boolean_from_string(const char *s) _const_;
AddressFamilyBoolean address_family_boolean_from_string(const char *s) _pure_;
const char *link_local_address_family_boolean_to_string(AddressFamilyBoolean b) _const_;
AddressFamilyBoolean link_local_address_family_boolean_from_string(const char *s) _pure_;
int kernel_route_expiration_supported(void);

2
src/network/test-network-tables.c
View File

@ -14,7 +14,6 @@
#include "test-tables.h"
int main(int argc, char **argv) {
test_table(address_family_boolean, ADDRESS_FAMILY_BOOLEAN);
test_table(bond_ad_select, NETDEV_BOND_AD_SELECT);
test_table(bond_arp_all_targets, NETDEV_BOND_ARP_ALL_TARGETS);
test_table(bond_arp_validate, NETDEV_BOND_ARP_VALIDATE);
@ -42,6 +41,7 @@ int main(int argc, char **argv) {
test_table_sparse(ipvlan_mode, NETDEV_IPVLAN_MODE);
test_table_sparse(macvlan_mode, NETDEV_MACVLAN_MODE);
test_table_sparse(address_family_boolean, ADDRESS_FAMILY_BOOLEAN);
return EXIT_SUCCESS;
}

7
test/test-network/conf/dhcp-client-with-ipv4ll-fallback.network Normal file
View File

@ -0,0 +1,7 @@
[Match]
Name=veth99
[Network]
DHCP=ipv4
LinkLocalAddressing=fallback
IPv6AcceptRA=no

41
test/test-network/systemd-networkd-tests.py
View File

@ -139,8 +139,8 @@ class Utilities():
if (os.path.exists(os.path.join(network_unit_file_path, unit + '.d'))):
shutil.rmtree(os.path.join(network_unit_file_path, unit + '.d'))
def start_dnsmasq(self, additional_options=''):
dnsmasq_command = 'dnsmasq -8 /var/run/networkd-ci/test-dnsmasq-log-file --log-queries=extra --log-dhcp --pid-file=/var/run/networkd-ci/test-test-dnsmasq.pid --conf-file=/dev/null --interface=veth-peer --enable-ra --dhcp-range=2600::10,2600::20 --dhcp-range=192.168.5.10,192.168.5.200 -R --dhcp-leasefile=/var/run/networkd-ci/lease --dhcp-option=26,1492 --dhcp-option=option:router,192.168.5.1 --dhcp-option=33,192.168.5.4,192.168.5.5 --port=0 ' + additional_options
def start_dnsmasq(self, additional_options='', lease_time='1h'):
dnsmasq_command = f'dnsmasq -8 /var/run/networkd-ci/test-dnsmasq-log-file --log-queries=extra --log-dhcp --pid-file=/var/run/networkd-ci/test-test-dnsmasq.pid --conf-file=/dev/null --interface=veth-peer --enable-ra --dhcp-range=2600::10,2600::20,{lease_time} --dhcp-range=192.168.5.10,192.168.5.200,{lease_time} -R --dhcp-leasefile=/var/run/networkd-ci/lease --dhcp-option=26,1492 --dhcp-option=option:router,192.168.5.1 --dhcp-option=33,192.168.5.4,192.168.5.5 --port=0 ' + additional_options
subprocess.check_call(dnsmasq_command, shell=True)
time.sleep(10)
@ -1880,6 +1880,7 @@ class NetworkdNetworkDHCPClientTests(unittest.TestCase, Utilities):
'dhcp-client-route-metric.network',
'dhcp-client-route-table.network',
'dhcp-client-vrf.network',
'dhcp-client-with-ipv4ll-fallback.network',
'dhcp-client.network',
'dhcp-server-veth-peer.network',
'dhcp-v4-server-veth-peer.network',
@ -2176,6 +2177,42 @@ class NetworkdNetworkDHCPClientTests(unittest.TestCase, Utilities):
print(output)
self.assertRegex(output, 'onlink')
def test_dhcp_client_with_ipv4ll_fallback(self):
self.copy_unit_to_networkd_unit_path('25-veth.netdev', 'dhcp-server-veth-peer.network',
'dhcp-client-with-ipv4ll-fallback.network')
self.start_networkd(0)
self.start_dnsmasq(lease_time='2m')
self.wait_online(['veth99:routable', 'veth-peer:routable'])
output = subprocess.check_output(['ip', 'address', 'show', 'dev', 'veth99']).rstrip().decode('utf-8')
print(output)
output = subprocess.check_output(['ip', '-6', 'address', 'show', 'dev', 'veth99', 'scope', 'global', 'dynamic']).rstrip().decode('utf-8')
self.assertNotRegex(output, 'inet6 2600::[0-9a-f]*/128 scope global dynamic')
output = subprocess.check_output(['ip', '-6', 'address', 'show', 'dev', 'veth99', 'scope', 'link']).rstrip().decode('utf-8')
self.assertRegex(output, 'inet6 .* scope link')
output = subprocess.check_output(['ip', '-4', 'address', 'show', 'dev', 'veth99', 'scope', 'global', 'dynamic']).rstrip().decode('utf-8')
self.assertRegex(output, 'inet 192.168.5.[0-9]*/24 brd 192.168.5.255 scope global dynamic veth99')
output = subprocess.check_output(['ip', '-4', 'address', 'show', 'dev', 'veth99', 'scope', 'link']).rstrip().decode('utf-8')
self.assertNotRegex(output, 'inet .* scope link')
print('Wait for the dynamic address to be expired')
time.sleep(130)
output = subprocess.check_output(['ip', 'address', 'show', 'dev', 'veth99']).rstrip().decode('utf-8')
print(output)
output = subprocess.check_output(['ip', '-6', 'address', 'show', 'dev', 'veth99', 'scope', 'global', 'dynamic']).rstrip().decode('utf-8')
self.assertNotRegex(output, 'inet6 2600::[0-9a-f]*/128 scope global dynamic')
output = subprocess.check_output(['ip', '-6', 'address', 'show', 'dev', 'veth99', 'scope', 'link']).rstrip().decode('utf-8')
self.assertRegex(output, 'inet6 .* scope link')
output = subprocess.check_output(['ip', '-4', 'address', 'show', 'dev', 'veth99', 'scope', 'global', 'dynamic']).rstrip().decode('utf-8')
self.assertRegex(output, 'inet 192.168.5.[0-9]*/24 brd 192.168.5.255 scope global dynamic veth99')
output = subprocess.check_output(['ip', '-4', 'address', 'show', 'dev', 'veth99', 'scope', 'link']).rstrip().decode('utf-8')
self.assertNotRegex(output, 'inet .* scope link')
self.search_words_in_dnsmasq_log('DHCPOFFER', show_all=True)
if __name__ == '__main__':
unittest.main(testRunner=unittest.TextTestRunner(stream=sys.stdout,
verbosity=3))