1
0
mirror of https://github.com/systemd/systemd.git synced 2025-01-10 05:18:17 +03:00

store the sysctls set by networkd

networkd set several sysctl to set the network configuration. Save their
value so we can check is other processes change them.
This commit is contained in:
Matteo Croce 2024-07-01 21:58:30 +02:00
parent 766bcf302a
commit 64629617b6
5 changed files with 45 additions and 22 deletions

View File

@ -7,6 +7,7 @@
#include "networkd-address.h" #include "networkd-address.h"
#include "networkd-ipv6ll.h" #include "networkd-ipv6ll.h"
#include "networkd-link.h" #include "networkd-link.h"
#include "networkd-manager.h"
#include "networkd-network.h" #include "networkd-network.h"
#include "networkd-util.h" #include "networkd-util.h"
#include "socket-util.h" #include "socket-util.h"
@ -189,6 +190,7 @@ int link_set_ipv6ll_stable_secret(Link *link) {
int r; int r;
assert(link); assert(link);
assert(link->manager);
assert(link->network); assert(link->network);
if (link->network->ipv6ll_address_gen_mode != IPV6_LINK_LOCAL_ADDRESSS_GEN_MODE_STABLE_PRIVACY) if (link->network->ipv6ll_address_gen_mode != IPV6_LINK_LOCAL_ADDRESSS_GEN_MODE_STABLE_PRIVACY)
@ -219,17 +221,18 @@ int link_set_ipv6ll_stable_secret(Link *link) {
} }
return sysctl_write_ip_property(AF_INET6, link->ifname, "stable_secret", return sysctl_write_ip_property(AF_INET6, link->ifname, "stable_secret",
IN6_ADDR_TO_STRING(&a), NULL); IN6_ADDR_TO_STRING(&a), &link->manager->sysctl_shadow);
} }
int link_set_ipv6ll_addrgen_mode(Link *link, IPv6LinkLocalAddressGenMode mode) { int link_set_ipv6ll_addrgen_mode(Link *link, IPv6LinkLocalAddressGenMode mode) {
assert(link); assert(link);
assert(link->manager);
assert(mode >= 0 && mode < _IPV6_LINK_LOCAL_ADDRESS_GEN_MODE_MAX); assert(mode >= 0 && mode < _IPV6_LINK_LOCAL_ADDRESS_GEN_MODE_MAX);
if (mode == link->ipv6ll_address_gen_mode) if (mode == link->ipv6ll_address_gen_mode)
return 0; return 0;
return sysctl_write_ip_property_uint32(AF_INET6, link->ifname, "addr_gen_mode", mode, NULL); return sysctl_write_ip_property_uint32(AF_INET6, link->ifname, "addr_gen_mode", mode, &link->manager->sysctl_shadow);
} }
static const char* const ipv6_link_local_address_gen_mode_table[_IPV6_LINK_LOCAL_ADDRESS_GEN_MODE_MAX] = { static const char* const ipv6_link_local_address_gen_mode_table[_IPV6_LINK_LOCAL_ADDRESS_GEN_MODE_MAX] = {

View File

@ -620,6 +620,8 @@ Manager* manager_free(Manager *m) {
HASHMAP_FOREACH(link, m->links_by_index) HASHMAP_FOREACH(link, m->links_by_index)
(void) link_stop_engines(link, true); (void) link_stop_engines(link, true);
hashmap_free(m->sysctl_shadow);
m->request_queue = ordered_set_free(m->request_queue); m->request_queue = ordered_set_free(m->request_queue);
m->remove_request_queue = ordered_set_free(m->remove_request_queue); m->remove_request_queue = ordered_set_free(m->remove_request_queue);

View File

@ -122,6 +122,7 @@ struct Manager {
/* sysctl */ /* sysctl */
int ip_forwarding[2]; int ip_forwarding[2];
Hashmap *sysctl_shadow;
}; };
int manager_new(Manager **ret, bool test_mode); int manager_new(Manager **ret, bool test_mode);

View File

@ -965,6 +965,7 @@ static int ndisc_router_process_reachable_time(Link *link, sd_ndisc_router *rt)
int r; int r;
assert(link); assert(link);
assert(link->manager);
assert(link->network); assert(link->network);
assert(rt); assert(rt);
@ -986,7 +987,7 @@ static int ndisc_router_process_reachable_time(Link *link, sd_ndisc_router *rt)
} }
/* Set the reachable time for Neighbor Solicitations. */ /* Set the reachable time for Neighbor Solicitations. */
r = sysctl_write_ip_neighbor_property_uint32(AF_INET6, link->ifname, "base_reachable_time_ms", (uint32_t) msec, NULL); r = sysctl_write_ip_neighbor_property_uint32(AF_INET6, link->ifname, "base_reachable_time_ms", (uint32_t) msec, &link->manager->sysctl_shadow);
if (r < 0) if (r < 0)
log_link_warning_errno(link, r, "Failed to apply neighbor reachable time (%"PRIu64"), ignoring: %m", msec); log_link_warning_errno(link, r, "Failed to apply neighbor reachable time (%"PRIu64"), ignoring: %m", msec);
@ -998,6 +999,7 @@ static int ndisc_router_process_retransmission_time(Link *link, sd_ndisc_router
int r; int r;
assert(link); assert(link);
assert(link->manager);
assert(link->network); assert(link->network);
assert(rt); assert(rt);
@ -1019,7 +1021,7 @@ static int ndisc_router_process_retransmission_time(Link *link, sd_ndisc_router
} }
/* Set the retransmission time for Neighbor Solicitations. */ /* Set the retransmission time for Neighbor Solicitations. */
r = sysctl_write_ip_neighbor_property_uint32(AF_INET6, link->ifname, "retrans_time_ms", (uint32_t) msec, NULL); r = sysctl_write_ip_neighbor_property_uint32(AF_INET6, link->ifname, "retrans_time_ms", (uint32_t) msec, &link->manager->sysctl_shadow);
if (r < 0) if (r < 0)
log_link_warning_errno(link, r, "Failed to apply neighbor retransmission time (%"PRIu64"), ignoring: %m", msec); log_link_warning_errno(link, r, "Failed to apply neighbor retransmission time (%"PRIu64"), ignoring: %m", msec);
@ -1031,6 +1033,7 @@ static int ndisc_router_process_hop_limit(Link *link, sd_ndisc_router *rt) {
int r; int r;
assert(link); assert(link);
assert(link->manager);
assert(link->network); assert(link->network);
assert(rt); assert(rt);
@ -1054,7 +1057,7 @@ static int ndisc_router_process_hop_limit(Link *link, sd_ndisc_router *rt) {
if (hop_limit <= 0) if (hop_limit <= 0)
return 0; return 0;
r = sysctl_write_ip_property_uint32(AF_INET6, link->ifname, "hop_limit", (uint32_t) hop_limit, NULL); r = sysctl_write_ip_property_uint32(AF_INET6, link->ifname, "hop_limit", (uint32_t) hop_limit, &link->manager->sysctl_shadow);
if (r < 0) if (r < 0)
log_link_warning_errno(link, r, "Failed to apply hop_limit (%u), ignoring: %m", hop_limit); log_link_warning_errno(link, r, "Failed to apply hop_limit (%u), ignoring: %m", hop_limit);

View File

@ -30,13 +30,13 @@ static void manager_set_ip_forwarding(Manager *manager, int family) {
return; /* keep */ return; /* keep */
/* First, set the default value. */ /* First, set the default value. */
r = sysctl_write_ip_property_boolean(family, "default", "forwarding", t, NULL); r = sysctl_write_ip_property_boolean(family, "default", "forwarding", t, &manager->sysctl_shadow);
if (r < 0) if (r < 0)
log_warning_errno(r, "Failed to %s the default %s forwarding: %m", log_warning_errno(r, "Failed to %s the default %s forwarding: %m",
enable_disable(t), af_to_ipv4_ipv6(family)); enable_disable(t), af_to_ipv4_ipv6(family));
/* Then, set the value to all interfaces. */ /* Then, set the value to all interfaces. */
r = sysctl_write_ip_property_boolean(family, "all", "forwarding", t, NULL); r = sysctl_write_ip_property_boolean(family, "all", "forwarding", t, &manager->sysctl_shadow);
if (r < 0) if (r < 0)
log_warning_errno(r, "Failed to %s %s forwarding for all interfaces: %m", log_warning_errno(r, "Failed to %s %s forwarding for all interfaces: %m",
enable_disable(t), af_to_ipv4_ipv6(family)); enable_disable(t), af_to_ipv4_ipv6(family));
@ -73,6 +73,7 @@ static bool link_is_configured_for_family(Link *link, int family) {
static int link_update_ipv6_sysctl(Link *link) { static int link_update_ipv6_sysctl(Link *link) {
assert(link); assert(link);
assert(link->manager);
if (!link_is_configured_for_family(link, AF_INET6)) if (!link_is_configured_for_family(link, AF_INET6))
return 0; return 0;
@ -80,11 +81,12 @@ static int link_update_ipv6_sysctl(Link *link) {
if (!link_ipv6_enabled(link)) if (!link_ipv6_enabled(link))
return 0; return 0;
return sysctl_write_ip_property_boolean(AF_INET6, link->ifname, "disable_ipv6", false, NULL); return sysctl_write_ip_property_boolean(AF_INET6, link->ifname, "disable_ipv6", false, &link->manager->sysctl_shadow);
} }
static int link_set_proxy_arp(Link *link) { static int link_set_proxy_arp(Link *link) {
assert(link); assert(link);
assert(link->manager);
if (!link_is_configured_for_family(link, AF_INET)) if (!link_is_configured_for_family(link, AF_INET))
return 0; return 0;
@ -92,11 +94,12 @@ static int link_set_proxy_arp(Link *link) {
if (link->network->proxy_arp < 0) if (link->network->proxy_arp < 0)
return 0; return 0;
return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "proxy_arp", link->network->proxy_arp > 0, NULL); return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "proxy_arp", link->network->proxy_arp > 0, &link->manager->sysctl_shadow);
} }
static int link_set_proxy_arp_pvlan(Link *link) { static int link_set_proxy_arp_pvlan(Link *link) {
assert(link); assert(link);
assert(link->manager);
if (!link_is_configured_for_family(link, AF_INET)) if (!link_is_configured_for_family(link, AF_INET))
return 0; return 0;
@ -104,7 +107,7 @@ static int link_set_proxy_arp_pvlan(Link *link) {
if (link->network->proxy_arp_pvlan < 0) if (link->network->proxy_arp_pvlan < 0)
return 0; return 0;
return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "proxy_arp_pvlan", link->network->proxy_arp_pvlan > 0, NULL); return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "proxy_arp_pvlan", link->network->proxy_arp_pvlan > 0, &link->manager->sysctl_shadow);
} }
int link_get_ip_forwarding(Link *link, int family) { int link_get_ip_forwarding(Link *link, int family) {
@ -136,6 +139,7 @@ static int link_set_ip_forwarding_impl(Link *link, int family) {
int r, t; int r, t;
assert(link); assert(link);
assert(link->manager);
assert(IN_SET(family, AF_INET, AF_INET6)); assert(IN_SET(family, AF_INET, AF_INET6));
if (!link_is_configured_for_family(link, family)) if (!link_is_configured_for_family(link, family))
@ -145,7 +149,7 @@ static int link_set_ip_forwarding_impl(Link *link, int family) {
if (t < 0) if (t < 0)
return 0; /* keep */ return 0; /* keep */
r = sysctl_write_ip_property_boolean(family, link->ifname, "forwarding", t, NULL); r = sysctl_write_ip_property_boolean(family, link->ifname, "forwarding", t, &link->manager->sysctl_shadow);
if (r < 0) if (r < 0)
return log_link_warning_errno(link, r, "Failed to %s %s forwarding, ignoring: %m", return log_link_warning_errno(link, r, "Failed to %s %s forwarding, ignoring: %m",
enable_disable(t), af_to_ipv4_ipv6(family)); enable_disable(t), af_to_ipv4_ipv6(family));
@ -214,6 +218,7 @@ static int link_set_ip_forwarding(Link *link, int family) {
static int link_set_ipv4_rp_filter(Link *link) { static int link_set_ipv4_rp_filter(Link *link) {
assert(link); assert(link);
assert(link->manager);
if (!link_is_configured_for_family(link, AF_INET)) if (!link_is_configured_for_family(link, AF_INET))
return 0; return 0;
@ -221,7 +226,7 @@ static int link_set_ipv4_rp_filter(Link *link) {
if (link->network->ipv4_rp_filter < 0) if (link->network->ipv4_rp_filter < 0)
return 0; return 0;
return sysctl_write_ip_property_int(AF_INET, link->ifname, "rp_filter", link->network->ipv4_rp_filter, NULL); return sysctl_write_ip_property_int(AF_INET, link->ifname, "rp_filter", link->network->ipv4_rp_filter, &link->manager->sysctl_shadow);
} }
static int link_set_ipv6_privacy_extensions(Link *link) { static int link_set_ipv6_privacy_extensions(Link *link) {
@ -241,20 +246,22 @@ static int link_set_ipv6_privacy_extensions(Link *link) {
if (val == IPV6_PRIVACY_EXTENSIONS_KERNEL) if (val == IPV6_PRIVACY_EXTENSIONS_KERNEL)
return 0; return 0;
return sysctl_write_ip_property_int(AF_INET6, link->ifname, "use_tempaddr", (int) val, NULL); return sysctl_write_ip_property_int(AF_INET6, link->ifname, "use_tempaddr", (int) val, &link->manager->sysctl_shadow);
} }
static int link_set_ipv6_accept_ra(Link *link) { static int link_set_ipv6_accept_ra(Link *link) {
assert(link); assert(link);
assert(link->manager);
if (!link_is_configured_for_family(link, AF_INET6)) if (!link_is_configured_for_family(link, AF_INET6))
return 0; return 0;
return sysctl_write_ip_property(AF_INET6, link->ifname, "accept_ra", "0", NULL); return sysctl_write_ip_property(AF_INET6, link->ifname, "accept_ra", "0", &link->manager->sysctl_shadow);
} }
static int link_set_ipv6_dad_transmits(Link *link) { static int link_set_ipv6_dad_transmits(Link *link) {
assert(link); assert(link);
assert(link->manager);
if (!link_is_configured_for_family(link, AF_INET6)) if (!link_is_configured_for_family(link, AF_INET6))
return 0; return 0;
@ -262,11 +269,12 @@ static int link_set_ipv6_dad_transmits(Link *link) {
if (link->network->ipv6_dad_transmits < 0) if (link->network->ipv6_dad_transmits < 0)
return 0; return 0;
return sysctl_write_ip_property_int(AF_INET6, link->ifname, "dad_transmits", link->network->ipv6_dad_transmits, NULL); return sysctl_write_ip_property_int(AF_INET6, link->ifname, "dad_transmits", link->network->ipv6_dad_transmits, &link->manager->sysctl_shadow);
} }
static int link_set_ipv6_hop_limit(Link *link) { static int link_set_ipv6_hop_limit(Link *link) {
assert(link); assert(link);
assert(link->manager);
if (!link_is_configured_for_family(link, AF_INET6)) if (!link_is_configured_for_family(link, AF_INET6))
return 0; return 0;
@ -274,13 +282,14 @@ static int link_set_ipv6_hop_limit(Link *link) {
if (link->network->ipv6_hop_limit <= 0) if (link->network->ipv6_hop_limit <= 0)
return 0; return 0;
return sysctl_write_ip_property_int(AF_INET6, link->ifname, "hop_limit", link->network->ipv6_hop_limit, NULL); return sysctl_write_ip_property_int(AF_INET6, link->ifname, "hop_limit", link->network->ipv6_hop_limit, &link->manager->sysctl_shadow);
} }
static int link_set_ipv6_retransmission_time(Link *link) { static int link_set_ipv6_retransmission_time(Link *link) {
usec_t retrans_time_ms; usec_t retrans_time_ms;
assert(link); assert(link);
assert(link->manager);
if (!link_is_configured_for_family(link, AF_INET6)) if (!link_is_configured_for_family(link, AF_INET6))
return 0; return 0;
@ -292,13 +301,14 @@ static int link_set_ipv6_retransmission_time(Link *link) {
if (retrans_time_ms <= 0 || retrans_time_ms > UINT32_MAX) if (retrans_time_ms <= 0 || retrans_time_ms > UINT32_MAX)
return 0; return 0;
return sysctl_write_ip_neighbor_property_uint32(AF_INET6, link->ifname, "retrans_time_ms", retrans_time_ms, NULL); return sysctl_write_ip_neighbor_property_uint32(AF_INET6, link->ifname, "retrans_time_ms", retrans_time_ms, &link->manager->sysctl_shadow);
} }
static int link_set_ipv6_proxy_ndp(Link *link) { static int link_set_ipv6_proxy_ndp(Link *link) {
bool v; bool v;
assert(link); assert(link);
assert(link->manager);
if (!link_is_configured_for_family(link, AF_INET6)) if (!link_is_configured_for_family(link, AF_INET6))
return 0; return 0;
@ -308,13 +318,14 @@ static int link_set_ipv6_proxy_ndp(Link *link) {
else else
v = !set_isempty(link->network->ipv6_proxy_ndp_addresses); v = !set_isempty(link->network->ipv6_proxy_ndp_addresses);
return sysctl_write_ip_property_boolean(AF_INET6, link->ifname, "proxy_ndp", v, NULL); return sysctl_write_ip_property_boolean(AF_INET6, link->ifname, "proxy_ndp", v, &link->manager->sysctl_shadow);
} }
int link_set_ipv6_mtu(Link *link, int log_level) { int link_set_ipv6_mtu(Link *link, int log_level) {
uint32_t mtu = 0; uint32_t mtu = 0;
assert(link); assert(link);
assert(link->manager);
if (!link_is_configured_for_family(link, AF_INET6)) if (!link_is_configured_for_family(link, AF_INET6))
return 0; return 0;
@ -335,11 +346,12 @@ int link_set_ipv6_mtu(Link *link, int log_level) {
mtu = link->mtu; mtu = link->mtu;
} }
return sysctl_write_ip_property_uint32(AF_INET6, link->ifname, "mtu", mtu, NULL); return sysctl_write_ip_property_uint32(AF_INET6, link->ifname, "mtu", mtu, &link->manager->sysctl_shadow);
} }
static int link_set_ipv4_accept_local(Link *link) { static int link_set_ipv4_accept_local(Link *link) {
assert(link); assert(link);
assert(link->manager);
if (!link_is_configured_for_family(link, AF_INET)) if (!link_is_configured_for_family(link, AF_INET))
return 0; return 0;
@ -347,11 +359,12 @@ static int link_set_ipv4_accept_local(Link *link) {
if (link->network->ipv4_accept_local < 0) if (link->network->ipv4_accept_local < 0)
return 0; return 0;
return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "accept_local", link->network->ipv4_accept_local > 0, NULL); return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "accept_local", link->network->ipv4_accept_local > 0, &link->manager->sysctl_shadow);
} }
static int link_set_ipv4_route_localnet(Link *link) { static int link_set_ipv4_route_localnet(Link *link) {
assert(link); assert(link);
assert(link->manager);
if (!link_is_configured_for_family(link, AF_INET)) if (!link_is_configured_for_family(link, AF_INET))
return 0; return 0;
@ -359,11 +372,12 @@ static int link_set_ipv4_route_localnet(Link *link) {
if (link->network->ipv4_route_localnet < 0) if (link->network->ipv4_route_localnet < 0)
return 0; return 0;
return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "route_localnet", link->network->ipv4_route_localnet > 0, NULL); return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "route_localnet", link->network->ipv4_route_localnet > 0, &link->manager->sysctl_shadow);
} }
static int link_set_ipv4_promote_secondaries(Link *link) { static int link_set_ipv4_promote_secondaries(Link *link) {
assert(link); assert(link);
assert(link->manager);
if (!link_is_configured_for_family(link, AF_INET)) if (!link_is_configured_for_family(link, AF_INET))
return 0; return 0;
@ -373,7 +387,7 @@ static int link_set_ipv4_promote_secondaries(Link *link) {
* otherwise. The way systemd-networkd works is that the new IP of a lease is added as a * otherwise. The way systemd-networkd works is that the new IP of a lease is added as a
* secondary IP and when the primary one expires it relies on the kernel to promote the * secondary IP and when the primary one expires it relies on the kernel to promote the
* secondary IP. See also https://github.com/systemd/systemd/issues/7163 */ * secondary IP. See also https://github.com/systemd/systemd/issues/7163 */
return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "promote_secondaries", true, NULL); return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "promote_secondaries", true, &link->manager->sysctl_shadow);
} }
int link_set_sysctl(Link *link) { int link_set_sysctl(Link *link) {