1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-23 17:34:00 +03:00
Commit Graph

407 Commits

Author SHA1 Message Date
Susant Sahani
c695dcf929 network: Add support to configure DHCPv4 route MTU
This is useful for transitioning systems from small frames to jumbo frames.

Closes #14302
2019-12-28 21:37:26 +09:00
Susant Sahani
a9a5d632da network: tc introduce codel
Please see http://man7.org/linux/man-pages/man8/tc-codel.8.html
2019-12-28 21:35:39 +09:00
Susant Sahani
0f3ff4eae2 network: DHCP4 introduce send decline 2019-12-21 00:26:44 +09:00
Yu Watanabe
de697db05b network: introduce AddPrefixRoute= and deprecate PrefixRoute=
PrefixRoute= was added by e63be0847c,
but unfortunately, the meaning of PrefixRoute= is inverted; when true
IFA_F_NOPREFIXROUTE flag is added. This introduces AddPrefixRoute=
setting.
2019-12-18 16:32:31 +01:00
Yu Watanabe
6ff5cc6b7a network: introduce multipath route
Closes #12541.
2019-12-18 22:12:57 +09:00
Yu Watanabe
6e5df4036f
Merge pull request #14337 from yuwata/network-tc-fq-more
network: tc: introduce more FQ settings
2019-12-17 23:30:10 +09:00
Yu Watanabe
ef1d2c07f9 udev: introduce AlternativeNamesPolicy= setting 2019-12-17 15:44:43 +09:00
Yu Watanabe
a5053a158b udev: support AlternativeName= setting in .link file 2019-12-16 10:52:22 +09:00
Yu Watanabe
e83562e51e network: tc: add more settings for FQ 2019-12-13 23:36:17 +09:00
Yu Watanabe
ac810b75c1 network: tc: support more attributes for FQ-CoDel 2019-12-12 23:36:48 +09:00
Susant Sahani
7234b91596 network tc: inroduce FQ - Fair Queue traffic policing
Please see http://man7.org/linux/man-pages/man8/tc-fq.8.html
2019-12-12 17:26:20 +09:00
Susant Sahani
4e5ef14919 network tc: Add support to conkfigure CoDel - Controlled-Delay Active Queue Management algorithm
```
$ tc qdisc show dev dummy99
qdisc fq_codel 8005: dev dummy99 root refcnt 2 limit 1000p flows 1024 quantum 1514 target 5.0ms interval 100.0ms memory_limit 32Mb ecn
$ network cat dumm99.network
[Match]
Name=dummy99

[TrafficControlQueueingDiscipline]
Parent=root
FairQueuingControlledDelayPacketLimit=1000

```
2019-12-11 00:06:31 +09:00
Yu Watanabe
dcfc23ae77 network: tc: add more options for TBF 2019-12-10 01:28:38 +09:00
Susant Sahani
9942b71089 network: tc introduce sfq - Stochastic Fairness Queueing
Stochastic Fairness Queueing is a classless queueing discipline.
SFQ does not shape traffic but only schedules the transmission of packets, based on 'flows'.
The goal is to ensure fairness so that each flow is able to send data in turn,
thus preventing any single flow from drowning out the rest.
2019-12-04 20:58:17 +09:00
Susant Sahani
ba5841b520 networkd tc: introduce tbf
See https://linux.die.net/man/8/tc-tbf
2019-12-04 20:55:48 +09:00
Zbigniew Jędrzejewski-Szmek
83dbb4df99 fuzz-unit-file: add new items to the corpus 2019-11-25 14:02:58 +01:00
Yu Watanabe
d8b736bd0c network: rename SendRawOption= to SendOption=
As DHCPv4.SendOption= and DHCPServer.SendRawOption= take the same
format.
2019-11-18 23:35:48 +09:00
Yu Watanabe
c1ed516cde test: add testcase for issue #13938 2019-11-05 10:49:07 +09:00
Susant Sahani
b9c5aa3c65 qdisc: netem add support to duplicate packets.
using this option the chosen percent of packets is duplicated before
queuing them
2019-10-31 10:36:28 +01:00
Susant Sahani
564ca98484 networkd: dhcp server Support Vendor specific 43
Implementes https://tools.ietf.org/html/rfc2132

```
[DHCPServer]
SendRawOption=26:uint32:1400
SendRawOption=23:uint8:10

```
Frame 448: 350 bytes on wire (2800 bits), 350 bytes captured (2800 bits) on interface 0
Linux cooked capture
Internet Protocol Version 4, Src: 192.168.5.1, Dst: 192.168.5.11
User Datagram Protocol, Src Port: 67, Dst Port: 68
Dynamic Host Configuration Protocol (ACK)
    Message type: Boot Reply (2)
    Hardware type: Ethernet (0x01)
    Hardware address length: 6
    Hops: 0
    Transaction ID: 0x71f8de9d
    Seconds elapsed: 0
    Bootp flags: 0x0000 (Unicast)
    Client IP address: 0.0.0.0
    Your (client) IP address: 192.168.5.11
    Next server IP address: 0.0.0.0
    Relay agent IP address: 0.0.0.0
    Client MAC address: 1e:04:f8:b8:2f:d4 (1e:04:f8:b8:2f:d4)
    Client hardware address padding: 00000000000000000000
    Server host name not given
    Boot file name not given
    Magic cookie: DHCP
    Option: (53) DHCP Message Type (ACK)
        Length: 1
        DHCP: ACK (5)
    Option: (51) IP Address Lease Time
        Length: 4
        IP Address Lease Time: (3600s) 1 hour
    Option: (1) Subnet Mask (255.255.255.0)
        Length: 4
        Subnet Mask: 255.255.255.0
    Option: (3) Router
        Length: 4
        Router: 192.168.5.1
    Option: (6) Domain Name Server
        Length: 4
        Domain Name Server: 192.168.5.1
    Option: (42) Network Time Protocol Servers
        Length: 4
        Network Time Protocol Server: 192.168.5.1
    Option: (101) TCode
        Length: 13
        TZ TCode: Europe/Berlin
    Option: (43) Vendor-Specific Information
        Length: 9
        Value: 1701311a0431343030
    Option: (54) DHCP Server Identifier (192.168.5.1)
        Length: 4
        DHCP Server Identifier: 192.168.5.1
    Option: (255) End
        Option End: 255

```
2019-10-31 09:03:43 +09:00
Zbigniew Jędrzejewski-Szmek
864edb39cf network: rename SendOptions= to SendOption=
The name with plural made more sense where multiple options could be specified
in one line. After changes in the pull request, this option only accepts one
value, so from users' POV it should be singular.

(The field in the data structure remains plural, because it actually stores
multiple values.)
2019-10-30 08:56:18 +01:00
Susant Sahani
0f5bd7fe24 network: introduce TrafficControl
Add network delay to a interface
2019-10-30 09:33:51 +09:00
Zbigniew Jędrzejewski-Szmek
a5f6f346d3
Merge pull request #13423 from pwithnall/12035-session-time-limits
Add `RuntimeMaxSec=` support to scope units (time-limited login sessions)
2019-10-28 14:57:00 +01:00
Philip Withnall
9ed7de605d scope: Support RuntimeMaxSec= directive in scope units
Just as `RuntimeMaxSec=` is supported for service units, add support for
it to scope units. This will gracefully kill a scope after the timeout
expires from the moment the scope enters the running state.

This could be used for time-limited login sessions, for example.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

Fixes: #12035
2019-10-28 09:44:31 +01:00
Yu Watanabe
78404d22cc network: support matching based on wifi interfece type 2019-10-25 16:43:18 +09:00
Zbigniew Jędrzejewski-Szmek
510c4bb31f
Merge pull request #13142 from yuwata/network-wifi-ssid-support-nl80211
network: wifi ssid support with nl80211
2019-10-23 14:51:23 +02:00
Zbigniew Jędrzejewski-Szmek
c8966bffdd
Merge pull request #13663 from ssahani/dhcp-send-option-data
network: DHCPv4 client- add support to send arbitary option and data
2019-10-16 11:31:22 +02:00
Yu Watanabe
277ba8d1ab network: add support matching based on BSSID= 2019-10-15 01:59:56 +09:00
Yu Watanabe
8d968fdd99 network: support matching based on wifi SSID 2019-10-15 01:59:06 +09:00
Susant Sahani
cb29c15605 network: DHCPv4 client: add support to send arbitary option and data 2019-10-15 00:14:02 +09:00
Susant Sahani
c16c780804 network: introduce ip nexthop routing
Used to manipulate entries in the kernel's nexthop tables.
Example:
```
[NextHop]
Id=3
Gateway=192.168.5.1
```
2019-10-14 21:32:48 +09:00
Zbigniew Jędrzejewski-Szmek
6e2d361d53
Merge pull request #13696 from keszybz/keep-dhcp-on-restart
Add a way to differentiate restart from stop and keep dhcp config on restart
2019-10-03 11:25:12 +02:00
Zbigniew Jędrzejewski-Szmek
a232ebcc2c core: add support for RestartKillSignal= to override signal used for restart jobs
v2:
- if RestartKillSignal= is not specified, fall back to KillSignal=. This is necessary
  to preserve backwards compatibility (and keep KillSignal= generally useful).
2019-10-02 14:01:25 +02:00
Susant Sahani
2805536bff network: DHCPv6 client add support for prefix delegation hint
Add support for prefix hint lenth and prefix hint address
```
Frame 43: 177 bytes on wire (1416 bits), 177 bytes captured (1416 bits) on interface 0
Ethernet II, Src: f6:c1:08:4d:45:f1 (f6:c1:08:4d:45:f1), Dst: IPv6mcast_01:00:02 (33:33:00:01:00:02)
Internet Protocol Version 6, Src: fe80::d250:c82:7f6e:28d6, Dst: ff02::1:2
User Datagram Protocol, Src Port: 546, Dst Port: 547
DHCPv6
    Message type: Solicit (1)
    Transaction ID: 0x5c7902
    Rapid Commit
    Identity Association for Non-temporary Address
    Fully Qualified Domain Name
    Identity Association for Prefix Delegation
        Option: Identity Association for Prefix Delegation (25)
        Length: 41
        Value: 1b97b1690000000000000000001a0019ffffffffffffffff…
        IAID: 1b97b169
        T1: 0
        T2: 0
        IA Prefix
            Option: IA Prefix (26)
            Length: 25
            Value: ffffffffffffffff3c000000000000000000000000000000…
            Preferred lifetime: infinity
            Valid lifetime: infinity
            Prefix length: 60
            Prefix address: ::
    Option Request
    Client Identifier
    Elapsed time
```
2019-10-01 23:52:40 +09:00
Siddharth Chandrasekara
afe42aef39 dhcp4: make IPServiceType configurable
IPServiceType set to CS6 (network control) causes problems on some old
network setups that continue to interpret the field as IP TOS.

Make DHCP work on such networks by allowing this field to be set to
CS4 (Realtime) instead, as this maps to IPTOS_LOWDELAY.

Signed-off-by: Siddharth Chandrasekaran <csiddharth@vmware.com>
2019-09-26 11:39:46 +09:00
Susant Sahani
224ded670f link: Add support to configure NIC ring buffer size 2019-09-24 16:33:35 +02:00
Susant Sahani
299d578f7f network: DHCP server Add support to transmit SIP server
1. DHCP server trasmit
2. Client parses and saves in leases
Implements http://www.rfc-editor.org/rfc/rfc3361.txt

```
Frame 134: 348 bytes on wire (2784 bits), 348 bytes captured (2784 bits) on interface 0
Ethernet II, Src: 42:65:85:d6:4e:32 (42:65:85:d6:4e:32), Dst: 1e:04:f8:b8:2f:d4 (1e:04:f8:b8:2f:d4)
Internet Protocol Version 4, Src: 192.168.5.1, Dst: 192.168.5.11
User Datagram Protocol, Src Port: 67, Dst Port: 68
Dynamic Host Configuration Protocol (ACK)
    Message type: Boot Reply (2)
    Hardware type: Ethernet (0x01)
    Hardware address length: 6
    Hops: 0
    Transaction ID: 0x7cc87cb4
    Seconds elapsed: 0
    Bootp flags: 0x0000 (Unicast)
    Client IP address: 0.0.0.0
    Your (client) IP address: 192.168.5.11
    Next server IP address: 0.0.0.0
    Relay agent IP address: 0.0.0.0
    Client MAC address: 1e:04:f8:b8:2f:d4 (1e:04:f8:b8:2f:d4)
    Client hardware address padding: 00000000000000000000
    Server host name not given
    Boot file name not given
    Magic cookie: DHCP
    Option: (53) DHCP Message Type (ACK)
        Length: 1
        DHCP: ACK (5)
    Option: (51) IP Address Lease Time
        Length: 4
        IP Address Lease Time: (3600s) 1 hour
    Option: (1) Subnet Mask (255.255.255.0)
        Length: 4
        Subnet Mask: 255.255.255.0
    Option: (3) Router
        Length: 4
        Router: 192.168.5.1
    Option: (6) Domain Name Server
        Length: 4
        Domain Name Server: 192.168.5.1
    Option: (42) Network Time Protocol Servers
        Length: 4
        Network Time Protocol Server: 192.168.1.1
    Option: (120) SIP Servers <=====here
        Length: 9
        SIP Server Encoding: IPv4 Address (1)
        SIP Server Address: 192.168.1.1
        SIP Server Address: 192.168.5.2
    Option: (101) TCode
        Length: 13
        TZ TCode: Europe/Berlin
    Option: (54) DHCP Server Identifier (192.168.5.1)
        Length: 4
        DHCP Server Identifier: 192.168.5.1
    Option: (255) End
        Option End: 255
```

```
cat /run/systemd/netif/state                                                                                                   ✔    3148  16:40:51
OPER_STATE=routable
CARRIER_STATE=carrier
ADDRESS_STATE=routable
DNS=192.168.94.2 192.168.5.1
NTP=192.168.5.1
SIP=192.168.1.1 192.168.5.2

```

aa
2019-09-20 21:22:23 +09:00
Susant Sahani
5bc945bec4 network dhcp4: Add support send request options in a generic manner 2019-09-20 21:05:48 +09:00
Yu Watanabe
0eb5e6d3f0 dhcp6: use unaligned_read_be32()
Closes #13591.
2019-09-20 08:04:15 +00:00
Yu Watanabe
6ffe71d0e2 dhcp6: add missing option length check
Closes #13578.
2019-09-17 18:29:20 +00:00
Susant Sahani
203d4df573 network: Add support to advertie ipv6 route
Implements https://tools.ietf.org/html/rfc4191

cat veth99.network
```
[Match]
Name=veth99

[Network]
DHCP=no
IPv6PrefixDelegation=yes
Address=2001:db8:0:1::1/64

[IPv6Prefix]
Prefix=2001:db8:0:1::4/64

[IPv6RoutePrefix]
Route=2001:db0:fff::/48

```
Wireshark

```
Frame 481: 142 bytes on wire (1136 bits), 142 bytes captured (1136 bits) on interface 0
Ethernet II, Src: 1e:04:f8:b8:2f:d4 (1e:04:f8:b8:2f:d4), Dst: IPv6mcast_01 (33:33:00:00:00:01)
Internet Protocol Version 6, Src: fe80::1c04:f8ff:feb8:2fd4, Dst: ff02::1
Internet Control Message Protocol v6
    Type: Router Advertisement (134)
    Code: 0
    Checksum: 0xec77 [correct]
    [Checksum Status: Good]
    Cur hop limit: 0
    Flags: 0x00, Prf (Default Router Preference): Medium
    Router lifetime (s): 0
    Reachable time (ms): 0
    Retrans timer (ms): 0
    ICMPv6 Option (Source link-layer address : 1e:04:f8:b8:2f:d4)
        Type: Source link-layer address (1)
        Length: 1 (8 bytes)
        Link-layer address: 1e:04:f8:b8:2f:d4 (1e:04:f8:b8:2f:d4)
    ICMPv6 Option (MTU : 1500)
        Type: MTU (5)
        Length: 1 (8 bytes)
        Reserved
        MTU: 1500
    ICMPv6 Option (Prefix information : 2001:db8:0:1::4/64)
        Type: Prefix information (3)
        Length: 4 (32 bytes)
        Prefix Length: 64
        Flag: 0xc0, On-link flag(L), Autonomous address-configuration flag(A)
        Valid Lifetime: 2592000
        Preferred Lifetime: 604800
        Reserved
        Prefix: 2001:db8:0:1::4
    ICMPv6 Option (Route Information : Medium 2001:db0:fff::/48)
        Type: Route Information (24)
        Length: 3 (24 bytes)
        Prefix Length: 48
        Flag: 0x00, Route Preference: Medium
            ...0 0... = Route Preference: Medium (0)
            000. .000 = Reserved: 0
        Route Lifetime: 604800
        Prefix: 2001:db0:fff::
```
2019-09-17 12:09:59 +02:00
Fabian Henneke
d45ee2f31a udev: Add id program and rule for FIDO security tokens
Add a fido_id program meant to be run for devices in the hidraw
subsystem via an IMPORT directive. The program parses the HID report
descriptor and assigns the ID_SECURITY_TOKEN environment variable if a
declared usage matches the FIDO_CTAPHID_USAGE declared in the FIDO CTAP
specification. This replaces the previous approach of whitelisting all
known security token models manually.

This commit is accompanied by a test suite and a fuzzer target for the
descriptor parsing routine.

Fixes: #11996.
2019-09-07 02:23:58 +09:00
Yu Watanabe
f6c6ff97f5 network: add RoutingPolicyRule.Family= setting
Closes #13233.
2019-08-16 22:02:17 +09:00
Yu Watanabe
e8489008cb network: rename IGMPVersion= -> MulticastIGMPVersion= 2019-07-26 11:00:56 +09:00
Yu Watanabe
4bd04e3dcb network: drop recently added settings from deprecated [DHCP] section 2019-07-25 12:39:33 +09:00
Susant Sahani
afa51e2dfb networkd: bridge add support to set IGMP version 2019-07-25 10:05:06 +09:00
Luca Boccassi
65224c1d0e core: rename ShutdownWatchdogSec to RebootWatchdogSec
This option is only used on reboot, not on other types of shutdown
modes, so it is misleading.
Keep the old name working for backward compatibility, but remove it
from the documentation.
2019-07-23 20:29:03 +01:00
Luca Boccassi
acafd7d8a6 core: add KExecWatchdogSec option
Rather than always enabling the shutdown WD on kexec, which might be
dangerous in case the kernel driver and/or the hardware implementation
does not reset the wd on kexec, add a new timer, disabled by default,
to let users optionally enable the shutdown WD on kexec separately
from the runtime and reboot ones. Advise in the documentation to
also use the runtime WD in conjunction with it.

Fixes: a637d0f9ec ("core: set shutdown watchdog on kexec too")
2019-07-23 20:29:03 +01:00
Yu Watanabe
a24e12f020 network: add DHCPv4.RoutesToDNS= setting 2019-07-19 01:49:39 +09:00
Anita Zhang
31cd5f63ce core: ExecCondition= for services
Closes #10596
2019-07-17 11:35:02 +02:00
Yu Watanabe
b956364db0 network: rename Neighbor.MACAddress= to Neighbor.LinkLayerAddress=
And make it support IPv4 address.

Closes #13015.
2019-07-11 22:22:29 +09:00
Lennart Poettering
7e82b4059b
Merge pull request #13006 from yuwata/network-split-dhcp-12917
networkd: DHCPv6 - separate DHCPv6 options from DHCPv4 options
2019-07-11 10:28:03 +02:00
Yu Watanabe
8c9c703c55 network: add AssignToLoopback= setting to [Tunnel] section
networkd does not manage loopback interface lo. So, previously, we have
no way to assign tunnel devices to lo.
2019-07-11 09:59:06 +09:00
Yu Watanabe
f392c06566
Merge pull request #12863 from 1848/if_xfrm
Added support for xfrm interfaces
2019-07-10 23:04:49 +09:00
1848
98d20a17a9 Added support for xfrm interfaces 2019-07-10 23:02:19 +09:00
Yu Watanabe
e4443f9bfc network: fix memleak
set_put() does not return -EEXIST.

Fixes #12995 and oss-fuzz#15678.
2019-07-10 12:27:48 +02:00
Yu Watanabe
4f7331a85e network: rename [DHCP] section to [DHCPv4]
To keep the backward compatibility broken by the previous commit.
2019-07-10 17:33:09 +09:00
Susant Sahani
caa8ca4286 networkd: DHCPv6 - separate DHCPv6 options from DHCPv4 options
Closes https://github.com/systemd/systemd/issues/12917
2019-07-10 16:59:29 +09:00
Yu Watanabe
44005bfb4e network,udev: add Property= setting in [Match] section
Closes #5665.
2019-07-01 01:24:42 +09:00
Evgeny Vereshchagin
9bd2422ac3 travis: turn on nonnull-attribute on Fuzzit 2019-06-15 23:12:24 +02:00
Zbigniew Jędrzejewski-Szmek
4b381a9ef6
Merge pull request #12753 from jrouleau/fix/hibernate-resume-timeout
hibernate-resume: fix resume device timeout
2019-06-15 17:50:37 +02:00
Susant Sahani
7da377ef16 networkd: add support to keep configuration 2019-06-06 22:50:29 +09:00
Jonathan Rouleau
8b6805a25b hibernate-resume: add resumeflags= kernel option
Adds the resumeflags= kernel command line option to allow setting a
custom device timeout for the resume device (defaults to the same as the
root device).
2019-06-05 18:59:05 -06:00
Yu Watanabe
75eed300a9 network: Allow IFF_VNET_HDR to also be set for tun devices
f5f07dbf06 adds VnetHeader= for tap
devices, but the flag is also used for tun devices.
This adds VnetHeader= setting in [Tun] section.
2019-05-22 17:58:46 +09:00
Susant Sahani
e520ce6440 networkd: Ability to selectively ignore IPv6 prefixes supplied via router advertisement
Closes https://github.com/systemd/systemd/issues/10647
2019-05-19 22:23:06 +09:00
Yu Watanabe
e7b621ee1f
Merge pull request #12586 from ssahani/route-properties
Route properties
2019-05-18 10:31:37 +09:00
Susant Sahani
9b88f20aba networkd: route add MPLS TTL propagate 2019-05-18 10:30:41 +09:00
Susant Sahani
8f02c9b085 networkd: FOU netdev add support to configure peer port 2019-05-18 10:25:36 +09:00
Zbigniew Jędrzejewski-Szmek
be44e09162 shared/varlink: add missing setting of output_buffer_allocated
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14708,
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14735,
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14725,
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14720,
and probably others.
2019-05-17 15:09:32 +02:00
Yu Watanabe
8688c29b5a varlink: initialize Varlink with 0
Closes oss-fuzz#14688.
2019-05-16 18:51:33 +02:00
Yu Watanabe
db439337f9
Merge pull request #12576 from ssahani/fou
networkd: FOU tunnel support Local and Peer tunnel addresses
2019-05-16 05:10:35 +02:00
Susant Sahani
4502a61c8a networkd: FOU tunnel support Local and Peer tunnel addresses 2019-05-16 10:24:48 +09:00
Susant Sahani
69c317a07f networkd: introduce netdev ipvtap
This patch adds netdev ipvtap that is based on the
IP-VLAN network interface, called ipvtap. An ipvtap device can be created
in the same way as an ipvlan device, using 'kind ipvtap', and then accessed
using the tap user space interface.
2019-05-16 09:48:53 +09:00
Yu Watanabe
5d5003ab35 network: add DefaultRouteOnDevice= setting in [Network] section
When enabled, then default route bound to the interface will be created.
This is useful when adding routes on point-to-point interfaces.

Closes #788.
2019-05-15 12:44:30 +09:00
Yu Watanabe
6e114a2475
Merge pull request #12555 from ssahani/route-properties
networkd: route add support to configure fastopen_no_cookie
2019-05-14 09:03:52 +02:00
Susant Sahani
1501b429a9 networkd: DHCP client add support to send RELEASE packet
closes #10820
2019-05-14 09:03:01 +02:00
Susant Sahani
633c725865 networkd: route add support to configure fastopen_no_cookie
This patch adds fastopen_no_cookie option to enable/disable TCP fastopen
without a cookie on a per-route basis.
2019-05-14 08:08:36 +05:30
Susant Sahani
bdb397ed10 networkd: bridge FDB support more NTF_* flags
Add support to configure NTF_ROUTER and NTF_USE
2019-05-14 02:24:51 +02:00
Yu Watanabe
cd43199671
Merge pull request #12520 from ssahani/geneve
networkd: Geneve add DF feature and allow TTL to bechosen by kernel
2019-05-10 19:47:19 +02:00
Susant Sahani
aac350192b networkd: Geneve add support configure IP don't fragment 2019-05-10 22:45:26 +09:00
Yu Watanabe
5af7bc6f4c
Merge pull request #12480 from ssahani/proxy-arp
network: bridge add support to configure proxy ARP/WIFI
2019-05-10 15:30:41 +02:00
Susant Sahani
727b573418 networkd: Add support for blacklisting servers
closes #6260

fuzzer: Add DHCP support for blacklisting servers
2019-05-10 15:29:55 +02:00
Lennart Poettering
d768467563 fuzzer: add varlink fuzzer 2019-05-09 14:14:20 -04:00
Susant Sahani
0fadb2a46f network: add support to configure proxy ARP/WIFI 2019-05-09 15:03:04 +09:00
Susant Sahani
1189c00a3c networkd: VXLAN add support to configure IP Don't fragment.
Allow users to set the IPv4 DF bit in outgoing packets, or to inherit its
value from the IPv4 inner header. If the encapsulated protocol is IPv6 and
DF is configured to be inherited, always set it.
2019-05-09 06:40:33 +02:00
Susant Sahani
1087623bac networkd: Add support to configure proxy ARP and proxy ARP Wifi 2019-05-09 01:44:26 +02:00
Zbigniew Jędrzejewski-Szmek
d1c377da0d
Merge pull request #12489 from ssahani/vxlan
networkd: VXLAN rename Id to VNI
2019-05-08 12:02:54 +02:00
Susant Sahani
61b824c561 networkd: bridge fdb add support to configure VXLAN VNI 2019-05-08 03:43:43 +02:00
Zbigniew Jędrzejewski-Szmek
29e19a6f19 fuzz: fix spelling of MACsec and MACAddress in the corpus 2019-05-08 06:53:07 +05:30
Susant Sahani
4cc0fd7531 networkd: VXLAN add support to configure Generic Protocol Extension
See https://tools.ietf.org/html/draft-ietf-nvo3-vxlan-gpe-07
2019-05-08 06:52:42 +05:30
Zbigniew Jędrzejewski-Szmek
9175aabfb6
Merge pull request #12481 from ssahani/dhcp-max-retry
networkd: Allow DHCP4 client to set the number to attempt to configure/reconfigure
2019-05-07 19:58:40 +02:00
Susant Sahani
6f213e4a34 networkd: VXLAN rename Id to VNI
It makes more sense to call VXLAN ID as

1. the VXLAN Network Identifier (VNI) (or VXLAN Segment ID)
2. test-network: rename VXLAN Id to VNI
3. fuzzer: Add VXLAN VNI directive to fuzzer
2019-05-07 20:52:11 +05:30
Susant Sahani
715cedfbf0 networkd: Allow DHCP4 client to set the number to attempt to reconfigure.
Otherwise current value is 6 and after 6 it will give up.
2019-05-07 17:12:04 +02:00
Yu Watanabe
1c30b174ed network: rename WireGuard.FwMark -> FirewallMark
For the consistency with FirewallMark= in [RoutingPolicyRule] section.
2019-05-04 17:20:23 +02:00
Susant Sahani
c2c2793f39 networkd: Add support to configure destination address for bridge FDB
Closes #5145.

Example conf:
```
[Match]
Name=vxlan1309

[BridgeFDB]
MACAddress=00:00:00:00:00:00
Destination=10.0.0.2

[BridgeFDB]
MACAddress=00:00:00:00:00:00
Destination=10.0.0.4

[BridgeFDB]
MACAddress=00:00:00:00:00:00
Destination=10.0.0.5
```
2019-05-03 06:11:52 +02:00
Jan Klötzke
dc653bf487 service: handle abort stops with dedicated timeout
When shooting down a service with SIGABRT the user might want to have a
much longer stop timeout than on regular stops/shutdowns. Especially in
the face of short stop timeouts the time might not be sufficient to
write huge core dumps before the service is killed.

This commit adds a dedicated (Default)TimeoutAbortSec= timer that is
used when stopping a service via SIGABRT. In all other cases the
existing TimeoutStopSec= is used. The timer value is unset by default
to skip the special handling and use TimeoutStopSec= for state
'stop-watchdog' to keep the old behaviour.

If the service is in state 'stop-watchdog' and the service should be
stopped explicitly we still go to 'stop-sigterm' and re-apply the usual
TimeoutStopSec= timeout.
2019-04-12 17:32:52 +02:00
Yu Watanabe
b0e13c3122 network: add MACsecTransmitAssociation.UseForEncoding= setting 2019-04-12 10:12:42 +09:00
Yu Watanabe
a7b9c52f1f network: add MACsec*Association.Activate= setting 2019-04-12 10:12:42 +09:00
Yu Watanabe
eb4705fb36 network: add MACsec*Association.KeyFile= setting 2019-04-12 10:12:42 +09:00
Susant Sahani
81962db798 network: Introduce MACsec
Media Access Control Security (MACsec) is an 802.1AE IEEE
industry-standard security technology that provides secure
communication for all traffic on Ethernet links.
MACsec provides point-to-point security on Ethernet links between
directly connected nodes and is capable of identifying and preventing
most security threats, including denial of service, intrusion,
man-in-the-middle, masquerading, passive wiretapping, and playback attacks.

Closes #5754
2019-04-12 10:12:41 +09:00
Zbigniew Jędrzejewski-Szmek
f0ae945ecc bus-message: validate signature in gvariant messages
We would accept a message with 40k signature and spend a lot of time iterating
over the nested arrays. Let's just reject it early, as we do for !gvariant
messages.
2019-04-11 14:01:38 +02:00
Yu Watanabe
86a3d44de5 network: fix use-of-uninitialized-value or null dereference
This fixes a bug introduced by 6ef5c881dd.

Fixes oss-fuzz#14157 and oss-fuzz#14158.
2019-04-10 18:18:11 +09:00
Zbigniew Jędrzejewski-Szmek
52efbd8f0e
Merge pull request #12223 from yuwata/network-wireguard-preshared-key-file
network: add PresharedKeyFile= setting and make reading key file failure fatal
2019-04-09 10:52:52 +02:00
Yu Watanabe
a3945c6361 network: add WireGuardPeer.PresharedKeyFile= setting 2019-04-09 15:50:22 +09:00
Yu Watanabe
daa4aca1cb calendarspec: fix possible integer overflow
Fixes oss-fuzz#14108.
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14108
2019-04-08 00:50:07 +09:00
Lennart Poettering
f69567cbe2 core: expose SUID/SGID restriction as new unit setting RestrictSUIDSGID= 2019-04-02 16:56:48 +02:00
Yu Watanabe
4d6cd572a7 fuzz: add testcases for the bug in condition_free_list_type() 2019-03-24 00:35:39 +09:00
Zbigniew Jędrzejewski-Szmek
b2645747b7 nspawn-oci: fix double free
Also rename function to make it clear that it also frees the array
object itself.
2019-03-22 17:39:12 +01:00
Zbigniew Jędrzejewski-Szmek
b1f13b0e75 nspawn-oci: mount source is optional 2019-03-22 12:04:32 +01:00
Zbigniew Jędrzejewski-Szmek
9ddd62cda1 fuzz-nspawn-oci: add fuzzer for the oci bundle loader 2019-03-22 11:09:52 +01:00
Yu Watanabe
c7a67ba5eb fuzz: add testcase for oss-fuzz#13691 2019-03-15 23:54:30 +09:00
Yu Watanabe
5ba40bb2cc fuzz: add a testcase for oss-fuzz#13719 2019-03-15 23:47:41 +09:00
Susant Sahani
3a56e697c8 networkd: Introduce l2tp tunnel
This works allows networkd to configure l2tp tunnel.
See http://man7.org/linux/man-pages/man8/ip-l2tp.8.html
2019-03-14 10:57:41 +09:00
Tobias Jungel
7f15b71460 networkd: Add bridge port capabilities
This PR adds the configuration switches for multicast flooding, neighbor
suppression and learning of a bridge port.
2019-03-13 16:27:22 +01:00
Yu Watanabe
76df77794a wireguard: add PrivateKeyFile= option
Closes #11878.
2019-03-13 12:02:03 +09:00
Davide Cavalca
1485aacb16 meson: scope more git invocations with current_source_dir() 2019-03-12 15:01:47 +01:00
Lennart Poettering
35d3a35e56
Merge pull request #11960 from mrc0mmand/more-fuzzers
fuzz: introduce more fuzzers
2019-03-11 18:04:22 +01:00
Clemens Gruber
c423be28a0 network: introduce TripleSampling= option in CAN section
When enabled, three samples are used to determine the value of a
received bit by majority rule.

This patch adds support for the TripleSampling= option in the [CAN]
section of .network files.
2019-03-11 17:15:47 +01:00
Frantisek Sumsal
ea1cdaf262 fuzz: add a memleak reproducer for fuzz-nspawn-settings 2019-03-11 14:13:09 +01:00
Frantisek Sumsal
b5b499b32c fuzz: add nspawn-settings fuzzer 2019-03-11 14:13:00 +01:00
Frantisek Sumsal
18d51b4509 fuzz: add env-file fuzzer 2019-03-11 14:11:28 +01:00
Zbigniew Jędrzejewski-Szmek
f27abfccd0 fuzz-dns-packet: add test case with lots of labels
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13422
2019-03-04 15:53:37 +01:00
Yu Watanabe
9cb8c55934 network: rename GatewayOnlink= to GatewayOnLink=
But still GatewayOnlink= is supported for backward compatibility.
2019-02-28 10:00:22 +09:00
Zbigniew Jędrzejewski-Szmek
c448459d56 networkd: refuse more than 128 NTP servers
This test case is a bit silly, but it shows that our code is unprepared to
handle so many network servers, with quadratic complexity in various places.
I don't think there are any valid reasons to have hundres of NTP servers
configured, so let's just emit a warning and cut the list short.

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13354
2019-02-27 14:52:33 +01:00
Zbigniew Jędrzejewski-Szmek
83ec459276 networkd: fix memleak when the same NetDev is specified twice
hashmap_put() returns 0 if the (key, value) pair is already present in the
hashmap, and -EEXIST if the key exists, but the value is different.

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13433
2019-02-27 14:31:28 +01:00
Lennart Poettering
f3892edd5e
Merge pull request #11824 from keszybz/fuzzer-fixes
Fuzzer fixes
2019-02-26 19:02:12 +01:00
Lennart Poettering
8c28360a21
Merge pull request #11823 from keszybz/more-fuzz-coverage
More fuzz coverage
2019-02-26 17:21:32 +01:00
Zbigniew Jędrzejewski-Szmek
92e068b465 basic/utf8: do not read past end of string when looking for a multi-byte character
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9341.
2019-02-26 12:37:40 +01:00
Yu Watanabe
10f6188b67 fuzz: add a sample for fuzz-udev-database 2019-02-26 13:28:30 +09:00
Zbigniew Jędrzejewski-Szmek
4c4589227e fuzz-unit-file: add some directives for stuff coverage reports as not covered
Some of those directives appear in the corpus, but without arguments, so maybe
the fuzzing libraries can't trigger the right cases. Let's help them.
2019-02-25 15:46:23 +01:00
Yu Watanabe
eac31d708f fuzz: add directives.link and 99-default.link for fuzz-link-parser
Also adds several reproducers of errors fixed in earlier commits.
2019-02-25 12:40:42 +09:00
Zbigniew Jędrzejewski-Szmek
95b2903bde tests: shorten the fuzz test case
The test was failing in Ubuntu CI with a 30s timeout. It makes
sense to keep the file so exercise the set allocation logic, but
we can make it shorter.
2019-02-21 12:30:13 +01:00
Zbigniew Jędrzejewski-Szmek
5e2a51d588 networkd: use OrderedSets instead of strvs to store lists of domains
We were already using OrderedSets in the manager object, but strvs in the
configuration parsing code. Using sets gives us better scaling when many
domains are used.

In oss-fuzz #13059 the attached reproducer takes approximately 30.5 s to be
parsed. Converting to sets makes this go down to 10s. This is not _vastly_
faster, but using sets seems like a nicer approach anyway. In particular, we
avoid the quadratic de-unification operation after each addition.
2019-02-21 12:04:27 +01:00
Zbigniew Jędrzejewski-Szmek
ea53cfd195 shared/calendarspec: do not allocate a big string on stack
The string can be as long as a logical line in a unit file — so no unlimited,
but quite big. Let's use a normal heap allocation when making a copy.

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13125
2019-02-16 23:31:07 +01:00
Lennart Poettering
84e4b0b893
Merge pull request #11716 from ssahani/drop-autoconf-address
networkd: ipv6ra allow to ignore addresses
2019-02-15 12:17:46 +01:00
Lennart Poettering
19df3047f3
Merge pull request #9262 from ssahani/ignore-carrier-9111
networkd: allow to retain configs even if carrier is lost
2019-02-15 11:35:43 +01:00
Susant Sahani
24433ffa6d Add to fuzzer 2019-02-14 21:10:59 +05:30
Yu Watanabe
be18d18bd8 test: add testcase for oss-fuzz#12980 2019-02-13 04:16:30 +09:00
Susant Sahani
93b4dab57e networkd: Allow to retain configs even if carrier is lost
When there is bad link in the network the carrier goes up/down.
This makes networkd stops all the clients and drop config.
But if the remote router/dhcpserver running a prevention
of DHCP Starvation attack or DHCP Flood attack it does not allow
networkd to take a DHCP lease resulting failure in configuration.
This patch allows to keep the client running and keep the conf
also for this scenario.

Closes #9111
2019-02-06 13:35:11 +01:00
Lennart Poettering
7ece6f5897 networkd: permit DNS "DefaultRoute" configuration in .network files 2018-12-21 12:10:07 +01:00
Susant Sahani
fde60a424e netdev bond: add support to configure tlb_dynamic_lb
Closes https://github.com/systemd/systemd/issues/11135

Add test for bond : tlb_dynamic_lb
2018-12-15 18:15:16 +05:30
Lennart Poettering
8f3fd07ac0
Merge pull request #11105 from keszybz/path-parsing
Some tightening of our path parsing code
2018-12-10 15:50:08 +01:00
Zbigniew Jędrzejewski-Szmek
a5dfc36ce6 fuzz-unit-file: add one more test case
There seems to be no error per se. RequiresMountsFor=%s%s%s..%s%s%s is expanded to
RequiresMountsFor=/bin/zsh/bin/zsh/bin/zsh/bin/zsh/..., which takes a bit of time,
and then we iterate over this a few times, creating a hashmap with a hashmap
for each prefix of the path, each with one item pointing back to the original unit.
Takes about 0.8 s on my machine.
2018-12-10 11:57:26 +01:00
William A. Kennington III
e4a71bf36f networkd: Static neighbor support
When using networkd we currently have no way of ensuring that static
neighbor entries are set when our link comes up. This change adds a new
section to the network definition that allows multiple static neighbors
to be set on a link.
2018-12-09 16:56:37 -08:00
Yu Watanabe
801503d22b
Merge pull request #10988 from ssahani/IFLA_BRPORT_MCAST_TO_UCAST
networkd: bridge add support to configure multicast_to_unicast
2018-12-06 14:32:52 +01:00
Susant Sahani
8b220643b1 networkd: RPDB rule - add support to configure inverted rule.
Closes #10706
2018-12-06 10:42:36 +05:30
Yu Watanabe
253de60634
Merge pull request #11021 from ssahani/isatap
networkd: Add support to configure ISATAP tunnel
2018-12-05 23:13:17 +01:00
Susant Sahani
d3aa8b49e5 networkd: bridge add support to configure multicast_to_unicast
closes #10649
2018-12-03 23:49:46 +05:30
Susant Sahani
918049ad53 networkd: Add support to configure ISATAP tunnel
Let's just reuse the code of sit tunnel to create a ISATAP tunnel.
Matter of turning a flag

Please see https://elixir.bootlin.com/linux/v4.19.6/source/net/ipv6/sit.c#L208
2018-12-03 09:15:24 +05:30
Yu Watanabe
97f9df9e30 network: rename Protocol= in [RoutingPolicyRule] to IPProtocol= 2018-12-02 06:13:47 +01:00
Evgeny Vereshchagin
c90c39ff7b catalog: reject entries where the language is too short early
Closes https://oss-fuzz.com/testcase-detail/5674475278827520
2018-11-29 13:41:40 +09:00
Susant Sahani
926062f083 networkd: add support to configure ip rule port range and protocol.
Please see:

iprule: support for ip_proto, sport and dport match options
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=f686f764682745daf6a93b0a6330ba42a961f858

Closes 10622
2018-11-28 20:06:28 +05:30
Evgeny Vereshchagin
5260482d4c tests: update test/fuzz/fuzz-netdev-parser/directives.netdev
This is a follow-up to 2266864b04.
2018-11-28 05:19:12 +01:00
Evgeny Vereshchagin
2e646cbed8 tests: add a fuzzer for the udev rules parser (#10929) 2018-11-26 18:14:30 +09:00
Evgeny Vereshchagin
a4aa59bae2 tests: add a fuzzer for server_process_native_file 2018-11-23 17:29:59 +01:00
Evgeny Vereshchagin
4928e8adba tests: add a fuzzer for catalog_import_file 2018-11-22 21:02:34 +01:00
Evgeny Vereshchagin
9541f5ff5c tests: add a fuzzer for journald streams 2018-11-20 03:03:32 +01:00
Evgeny Vereshchagin
1dab14aba7 journald: check whether sscanf has changed the value corresponding to %n
It's possible for sscanf to receive strings containing all three fields
and not matching the template at the same time. When this happens the
value of k doesn't change, which basically means that process_audit_string
tries to access memory randomly. Sometimes it works and sometimes it doesn't :-)

See also https://bugzilla.redhat.com/show_bug.cgi?id=1059314.
2018-11-17 11:25:19 +01:00
Evgeny Vereshchagin
090a20cfaf tests: add a fuzzer for process_audit_string 2018-11-16 23:14:31 +01:00
Lennart Poettering
143fadf369 core: remove JoinControllers= configuration setting
This removes the ability to configure which cgroup controllers to mount
together. Instead, we'll now hardcode that "cpu" and "cpuacct" are
mounted together as well as "net_cls" and "net_prio".

The concept of mounting controllers together has no future as it does
not exist to cgroupsv2. Moreover, the current logic is systematically
broken, as revealed by the discussions in #10507. Also, we surveyed Red
Hat customers and couldn't find a single user of the concept (which
isn't particularly surprising, as it is broken...)

This reduced the (already way too complex) cgroup handling for us, since
we now know whenever we make a change to a cgroup for one controller to
which other controllers it applies.
2018-11-16 14:54:13 +01:00
Evgeny Vereshchagin
f7a6b40187 tests: add a reproducer for a heap-buffer-overflow fixed in 937b117137 2018-11-16 08:45:16 +01:00
Evgeny Vereshchagin
1dd485b700 tests: add a reproducer for a memory leak fixed in 30eddcd51b in August 2018-11-16 08:45:16 +01:00
Evgeny Vereshchagin
8857fb9beb tests: add a fuzzer for dev_kmsg_record 2018-11-16 08:44:35 +01:00
Lennart Poettering
8a26dae88f
Merge pull request #10736 from yuwata/coredump-comment
fuzz: fix oss-fuzz#8658
2018-11-12 11:42:16 +01:00
Lennart Poettering
bdc0bcf014
Merge pull request #10731 from yuwata/fix-oss-fuzz-11344
Fixes oss-fuzz#11344
2018-11-12 10:23:23 +01:00
Yu Watanabe
9544a1ceb0 fuzz: add testcase of oss-fuzz#8658 2018-11-12 18:10:24 +09:00
Yu Watanabe
bf877a54c7
Merge pull request #10669 from danderson/networkd-6rd
networkd: add 6rd support for sit netdevs
2018-11-12 15:55:03 +09:00
Yu Watanabe
34d178bbac fuzz: add testcase of oss-fuzz#10734 2018-11-12 02:04:35 +09:00
Yu Watanabe
89c7e7aa97 fuzz: add testcase of already fixed issue 10908 2018-11-12 01:17:45 +09:00
Yu Watanabe
c1b4a2b03a fuzz: add testcase of oss-fuzz#11344 2018-11-12 00:36:48 +09:00
Yu Watanabe
e2e6148619 fuzz: add testcase of oss-fuzz#11345 2018-11-11 12:03:52 +09:00
Yu Watanabe
3ee0942908 fuzz: add testcase for oss-fuzz#11324 2018-11-10 15:53:32 +09:00
David Anderson
6e42bd5504 Add 6rd directive to the netdev fuzzing corpus. 2018-11-09 17:56:33 -08:00
Yu Watanabe
872faf59c0 fuzz: add testcases of recent issues 2018-11-09 11:45:43 +09:00
Yu Watanabe
d571998498 fuzz: add a testcase for oss-fuzz#11285 2018-11-08 12:31:02 +09:00
Yu Watanabe
9f7d3db3ed fuzz: add more testcases of already fixed issue about multiple netdev kind
This adds testcases of oss-fuzz#11286, oss-fuzz#11287, oss-fuzz#11296,
oss-fuzz#11297, and oss-fuzz#11299.

The issue was fixed by 62facba19a.
2018-11-08 12:16:13 +09:00
Yu Watanabe
348784e62a fuzz: add testcases for oss-fuzz#11279 and #11280 2018-11-07 17:24:41 +09:00
Evgeny Vereshchagin
220fa139de tests: add a couple of files containing all the sections and directives
This should help the fuzzers to discover code paths faster.

In case anyone is interested, they were generated with the following script
```
perl -aF'/[\s,]+/' -ne '
if (my ($s, $d) = ($F[0] =~ /^([^\s\.]+)\.([^\s\.]+)$/)) { $d{$s}{$d} = 1; }
END { while (my ($key, $value) = each %d) {
    printf "[%s]\n%s\n", $key, join("\n", keys(%$value))
}}'
```
by passing src/network/networkd-network-gperf.gperf and
src/network/netdev/netdev-gperf.gperf to it.
2018-11-06 19:42:29 +01:00
Evgeny Vereshchagin
cf02fd1b7a tests: replace AdActorSysPrio with AdActorSystemPriority
This is a follow-up to https://github.com/systemd/systemd/pull/10653.
2018-11-06 19:36:40 +01:00
Evgeny Vereshchagin
d0f51aa9cd tests: add a reporoducer for https://github.com/systemd/systemd/issues/10639 2018-11-06 19:01:32 +01:00
Evgeny Vereshchagin
efc1a59af6 tests: add some data that can be fed to fuzz-network-parser 2018-11-06 19:01:32 +01:00
Evgeny Vereshchagin
a633d5b997 tests: add a reproducer for https://github.com/systemd/systemd/issues/10629 2018-11-06 19:01:32 +01:00
Evgeny Vereshchagin
e27aac11f2 networkd: make netdev_load_one "public" and add a fuzzer for it 2018-11-06 19:01:32 +01:00
Evgeny Vereshchagin
28ffcec2cb tests: add an lldp fuzzer
I went through my antique collection of fuzzers the other day
to see which ones I hadn't sent upstream yet. This one
seems to be nice to have and ready to be merged. As far as I can
tell, it hasn't managed to find anything useful yet,
but it's better to be safe than sorry especially when it comes to networking
code :-)
2018-10-29 15:24:16 +00:00
Zbigniew Jędrzejewski-Szmek
05f339267e
Merge pull request #10378 from poettering/json-fuzz-fix
json: a comprehensive fix for oss-fuzz#10908
2018-10-25 16:25:39 +02:00
Yu Watanabe
114fd97811 fuzz: add testcase of oss-fuzz#11019 2018-10-19 06:11:58 +09:00
Lennart Poettering
e413ec4a9d fuzz: add test from oss-fuzz#10908
https://oss-fuzz.com/download?testcase_id=5639441482252288
2018-10-18 16:44:51 +02:00
Anita Zhang
90fc172e19 core: implement per unit journal rate limiting
Add LogRateLimitIntervalSec= and LogRateLimitBurst= options for
services. If provided, these values get passed to the journald
client context, and those values are used in the rate limiting
function in the journal over the the journald.conf values.

Part of #10230
2018-10-18 09:56:20 +02:00
Zbigniew Jędrzejewski-Szmek
9b0ca01903 meson: rename cpp_cmd to cxx_cmd
cpp is a really bad alias for c++ because it's also the name of the
preprocessor. Let's rename the variable.
2018-10-10 11:50:57 +02:00
Zbigniew Jędrzejewski-Szmek
1b2acaa7a6 meson: we cannot call get_compiler('cpp') if we didn't "add" it
Follow-up for f6d783ac3d.
2018-10-09 21:12:00 +02:00
Yu Watanabe
f6d783ac3d meson: use same compilers to build fuzzers 2018-10-09 11:54:10 +02:00
Yu Watanabe
5b054bfc10 test: add a testcase for oss-fuzz#10746 2018-10-03 08:53:42 +09:00
Zbigniew Jędrzejewski-Szmek
902000c198 bus-message: avoid wrap-around when using length read from message
We would read (-1), and then add 1 to it, call message_peek_body(..., 0, ...),
and when trying to make use of the data.

The fuzzer test case is just for one site, but they all look similar.

v2: fix two UINT8_MAX/UINT32_MAX mismatches founds by LGTM
2018-10-02 11:59:08 +02:00
Zbigniew Jędrzejewski-Szmek
d831fb6f2b bus-message: return -EBADMSG not -EINVAL on invalid !gvariant messages 2018-10-02 11:53:20 +02:00
Zbigniew Jędrzejewski-Szmek
edde66ffc2 fuzz-bus-message: add two test cases that pass now
It seems that they got fixed by one of the patches. Let's add them
just in case.
2018-10-02 11:53:20 +02:00
Zbigniew Jędrzejewski-Szmek
73777ddba5 bus-message: fix skipping of array fields in !gvariant messages
We copied part of the string into a buffer that was off by two.
If the element signature had length one, we'd copy 0 bytes and crash when
looking at the "first" byte. Otherwise, we would crash because strncpy would
not terminate the string.
2018-10-02 11:53:20 +02:00
Zbigniew Jędrzejewski-Szmek
f88214cf9d bus-message: fix calculation of offsets table for arrays
This is similar to the grandparent commit 'fix calculation of offsets table',
except that now the change is for array elements. Same story as before: we need
to make sure that the offsets increase enough taking alignment into account.

While at it, rename 'p' to 'previous' to match similar code in other places.
2018-10-02 11:53:20 +02:00
Zbigniew Jędrzejewski-Szmek
12603b84d2 bus-message: fix calculation of offsets table
The offsets specify the ends of variable length data. We would trust the
incoming data, putting the offsets specified in our message
into the offsets tables after doing some superficial verification.
But when actually reading the data we apply alignment, so we would take
the previous offset, align it, making it bigger then current offset, and
then we'd try to read data of negative length.

In the attached example, the message specifies the following offsets:
[1, 4]
but the alignment of those items is
[1, 8]
so we'd calculate the second item as starting at 8 and ending at 4.
2018-10-02 11:53:20 +02:00
Zbigniew Jędrzejewski-Szmek
81b6e63029 bus-message: do not crash on message with a string of zero length
We'd calculate the "real" length of the string as 'item_size - 1', which does
not work out well when item_size == 0.
2018-10-02 11:53:20 +02:00
Zbigniew Jędrzejewski-Szmek
69bd42ca07 bus-message: let's always use -EBADMSG when the message is bad
-EINVAL means the arguments were somehow wrong, so translate the code we get
internally into -EBADMSG when returning.
2018-10-02 11:53:20 +02:00
Zbigniew Jędrzejewski-Szmek
ec6bda56cb bus-message: avoid an infinite loop on empty structures
The alternative would be to treat gvariant and !gvariant messages differently.
But this is a problem because we check signatures is variuos places before we
have an actual message, for example in sd_bus_add_object_vtable(). It seems
better to treat things consistent (i.e. follow the lowest common denominator)
and disallow empty structures everywhere.
2018-10-02 11:53:20 +02:00
Zbigniew Jędrzejewski-Szmek
6d1e0f4fcb sd-bus: unify three code-paths which free struct bus_container
We didn't free one of the fields in two of the places.

$ valgrind --show-leak-kinds=all --leak-check=full \
  build/fuzz-bus-message \
  test/fuzz/fuzz-bus-message/leak-c09c0e2256d43bc5e2d02748c8d8760e7bc25d20
...
==14457== HEAP SUMMARY:
==14457==     in use at exit: 3 bytes in 1 blocks
==14457==   total heap usage: 509 allocs, 508 frees, 51,016 bytes allocated
==14457==
==14457== 3 bytes in 1 blocks are definitely lost in loss record 1 of 1
==14457==    at 0x4C2EBAB: malloc (vg_replace_malloc.c:299)
==14457==    by 0x53AFE79: strndup (in /usr/lib64/libc-2.27.so)
==14457==    by 0x4F52EB8: free_and_strndup (string-util.c:1039)
==14457==    by 0x4F8E1AB: sd_bus_message_peek_type (bus-message.c:4193)
==14457==    by 0x4F76CB5: bus_message_dump (bus-dump.c:144)
==14457==    by 0x108F12: LLVMFuzzerTestOneInput (fuzz-bus-message.c:24)
==14457==    by 0x1090F7: main (fuzz-main.c:34)
==14457==
==14457== LEAK SUMMARY:
==14457==    definitely lost: 3 bytes in 1 blocks
2018-10-02 11:53:20 +02:00
Zbigniew Jędrzejewski-Szmek
7f546026ab Introduce free_and_strndup and use it in bus-message.c
v2: fix error in free_and_strndup()

When the orignal and copied message were the same, but shorter than specified
length l, memory read past the end of the buffer would be performed. A test
case is included: a string that had an embedded NUL ("q\0") is used to replace
"q".

v3: Fix one more bug in free_and_strndup and add tests.

v4: Some style fixed based on review, one more use of free_and_replace, and
make the tests more comprehensive.
2018-10-02 11:42:45 +02:00
Zbigniew Jędrzejewski-Szmek
56b560c263 fuzz-bus-message: add fuzzer for message parsing
As with other fuzzers, SYSTEMD_FUZZ_OUTPUT=1 and SYSTEMD_LOG_LEVEL=debug can be
used for debugging.
2018-10-02 11:09:05 +02:00
Zbigniew Jędrzejewski-Szmek
e6bad67461 meson: treat all fuzz cases as unit tests
318/365 fuzz-bus-message:crash-26bba7182dedc8848939931d9fcefcb7922f2e56:address  OK       0.03 s
319/365 fuzz-bus-message:crash-29ed3c202e0ffade3cad42c8bbeb6cc68a21eb8e:address  OK       0.03 s
320/365 fuzz-bus-message:crash-b88ad9ecf4aacf4a0caca5b5543953265367f084:address  OK       0.03 s
321/365 fuzz-bus-message:crash-c1b37b4729b42c0c05b23cba4eed5d8102498a1e:address  OK       0.03 s
322/365 fuzz-bus-message:crash-d8f3941c74219b4c03532c9b244d5ea539c61af5:address  OK       0.03 s
323/365 fuzz-bus-message:crash-e1b811da5ca494e494b77c6bd8e1c2f2989425c5:address  OK       0.03 s
324/365 fuzz-bus-message:leak-c09c0e2256d43bc5e2d02748c8d8760e7bc25d20:address  OK       0.04 s
325/365 fuzz-bus-message:message1:address       OK       0.03 s
326/365 fuzz-bus-message:timeout-08ee8f6446a4064db064e8e0b3d220147f7d0b5b:address  OK       0.03 s
327/365 fuzz-dhcp-server:discover-existing:address  OK       0.04 s
328/365 fuzz-dhcp-server:discover-new:address   OK       0.03 s
329/365 fuzz-dhcp-server:release:address        OK       0.04 s
330/365 fuzz-dhcp-server:request-existing:address  OK       0.03 s
331/365 fuzz-dhcp-server:request-new:address    OK       0.03 s
332/365 fuzz-dhcp-server:request-reboot:address  OK       0.03 s
333/365 fuzz-dhcp-server:request-renew:address  OK       0.03 s
334/365 fuzz-dns-packet:issue-7888:address      OK       0.03 s
335/365 fuzz-dns-packet:oss-fuzz-5465:address   OK       0.03 s
336/365 fuzz-journal-remote:crash-5a8f03d4c3a46fcded39527084f437e8e4b54b76:address  OK       0.06 s
337/365 fuzz-journal-remote:crash-96dee870ea66d03e89ac321eee28ea63a9b9aa45:address  OK       0.04 s
338/365 fuzz-journal-remote:invalid-ts.txt:address  OK       0.04 s
339/365 fuzz-journal-remote:oss-fuzz-8659:address  OK       0.06 s
340/365 fuzz-journal-remote:oss-fuzz-8686:address  OK       0.04 s
341/365 fuzz-journal-remote:sample.txt:address  OK       0.07 s
342/365 fuzz-unit-file:directives.service:address  OK       0.03 s
343/365 fuzz-unit-file:empty.scope:address      OK       0.04 s
344/365 fuzz-unit-file:machine.slice:address    OK       0.03 s
345/365 fuzz-unit-file:oss-fuzz-6884:address    OK       0.05 s
346/365 fuzz-unit-file:oss-fuzz-6885:address    OK       0.03 s
347/365 fuzz-unit-file:oss-fuzz-6886:address    OK       0.04 s
348/365 fuzz-unit-file:oss-fuzz-6892:address    OK       0.03 s
349/365 fuzz-unit-file:oss-fuzz-6897:address    OK       0.05 s
350/365 fuzz-unit-file:oss-fuzz-6897-evverx:address  OK       0.04 s
351/365 fuzz-unit-file:oss-fuzz-6908:address    OK       0.05 s
352/365 fuzz-unit-file:oss-fuzz-6917:address    OK       0.06 s
353/365 fuzz-unit-file:oss-fuzz-6977:address    OK       0.08 s
354/365 fuzz-unit-file:oss-fuzz-6977-unminimized:address  OK       0.10 s
355/365 fuzz-unit-file:oss-fuzz-7004:address    OK       0.03 s
356/365 fuzz-unit-file:oss-fuzz-8064:address    OK       0.03 s
357/365 fuzz-unit-file:oss-fuzz-8827:address    OK       0.50 s
358/365 fuzz-unit-file:proc-sys-fs-binfmt_misc.automount:address  OK       0.03 s
359/365 fuzz-unit-file:syslog.socket:address    OK       0.03 s
360/365 fuzz-unit-file:systemd-ask-password-console.path:address  OK       0.03 s
361/365 fuzz-unit-file:systemd-machined.service:address  OK       0.03 s
362/365 fuzz-unit-file:systemd-resolved.service:address  OK       0.03 s
363/365 fuzz-unit-file:systemd-tmpfiles-clean.timer:address  OK       0.03 s
364/365 fuzz-unit-file:timers.target:address    OK       0.03 s
365/365 fuzz-unit-file:var-lib-machines.mount:address  OK       0.04 s

This gives us slightly nicer coverage in the normal test run.

When in a git repo, git ls-files is used to get a list of files known to git.
This mirrors what update-man-rules does for man files. Only looking at files
known to git makes it easier to not forget to commit the test file to git,
and also makes bisecting easier if some files are left in repo.

When outside of a git repo, we expect to be unpacked from a tarball, so just
using all files reported by ls is OK.
2018-10-02 09:42:19 +02:00
Zbigniew Jędrzejewski-Szmek
c74a3f973e fuzz: unify the "fuzz-regressions" directory with the main corpus
There isn't really much need to keep them separate. Anything which is a good
corpus entry can be used as a smoke test, and anything which which is a
regression test can just as well be inserted into the corpus.

The only functional difference from this patch (apart from different paths in
output) is that the regression tests are now zipped together with the rest of
the corpus.

$ meson configure build -Dslow-tests=true && ninja -C build test
...
307/325 fuzz-dns-packet:issue-7888:address      OK       0.06 s
308/325 fuzz-dns-packet:oss-fuzz-5465:address   OK       0.04 s
309/325 fuzz-journal-remote:crash-5a8f03d4c3a46fcded39527084f437e8e4b54b76:address  OK       0.07 s
310/325 fuzz-journal-remote:crash-96dee870ea66d03e89ac321eee28ea63a9b9aa45:address  OK       0.05 s
311/325 fuzz-journal-remote:oss-fuzz-8659:address  OK       0.05 s
312/325 fuzz-journal-remote:oss-fuzz-8686:address  OK       0.07 s
313/325 fuzz-unit-file:oss-fuzz-6884:address    OK       0.06 s
314/325 fuzz-unit-file:oss-fuzz-6885:address    OK       0.05 s
315/325 fuzz-unit-file:oss-fuzz-6886:address    OK       0.05 s
316/325 fuzz-unit-file:oss-fuzz-6892:address    OK       0.05 s
317/325 fuzz-unit-file:oss-fuzz-6897:address    OK       0.05 s
318/325 fuzz-unit-file:oss-fuzz-6897-evverx:address  OK       0.06 s
319/325 fuzz-unit-file:oss-fuzz-6908:address    OK       0.07 s
320/325 fuzz-unit-file:oss-fuzz-6917:address    OK       0.07 s
321/325 fuzz-unit-file:oss-fuzz-6977:address    OK       0.13 s
322/325 fuzz-unit-file:oss-fuzz-6977-unminimized:address  OK       0.12 s
323/325 fuzz-unit-file:oss-fuzz-7004:address    OK       0.05 s
324/325 fuzz-unit-file:oss-fuzz-8064:address    OK       0.05 s
325/325 fuzz-unit-file:oss-fuzz-8827:address    OK       0.52 s
2018-10-02 09:41:25 +02:00
Zbigniew Jędrzejewski-Szmek
93b575b266 fuzz: rename "fuzz-corpus" directory to just "fuzz"
Also, all corpus subdirectories are named exactly the same as the fuzzer they
are for. This makes the paths a bit longer, but easier.
2018-10-02 09:41:25 +02:00