network: make Broadcast= accept boolean value

And disable it for wireguard interfaces by default. Closes #18492.
2025-02-24 17:57:34 +03:00 · 2021-02-19 06:01:34 +09:00 · 2021-02-19 06:01:34 +09:00 · 832583ada8
commit 832583ada8
parent 7f37ecf7e5
3 changed files with 48 additions and 7 deletions
--- a/man/systemd.network.xml
+++ b/man/systemd.network.xml
@ -1044,12 +1044,12 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
        <varlistentry>
          <term><varname>Broadcast=</varname></term>
          <listitem>
-            <para>The broadcast address, which must be in the format
-            described in
+            <para>Takes an IPv4 address or boolean value. The address must be in the format described in
            <citerefentry project='man-pages'><refentrytitle>inet_pton</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
-            This key only applies to IPv4 addresses. If it is not
-            given, it is derived from the <varname>Address=</varname>
-            key.</para>
+            If set to true, then the IPv4 broadcast address will be derived from the
+            <varname>Address=</varname> setting. If set to false, then the broadcast address will not
+            be set. Defaults to true, except for wireguard interfaces, where it default to false.
+            </para>
          </listitem>
        </varlistentry>
        <varlistentry>
--- a/src/network/networkd-address.c
+++ b/src/network/networkd-address.c
@ -57,6 +57,7 @@ int address_new(Address **ret) {
                .scope = RT_SCOPE_UNIVERSE,
                .cinfo.ifa_prefered = CACHE_INFO_INFINITY_LIFE_TIME,
                .cinfo.ifa_valid = CACHE_INFO_INFINITY_LIFE_TIME,
+                .set_broadcast = -1,
                .duplicate_address_detection = ADDRESS_FAMILY_IPV6,
        };

@ -153,6 +154,20 @@ static bool address_may_have_broadcast(const Address *a) {
                a->prefixlen <= 30;
 }

+static bool address_may_set_broadcast(const Address *a, const Link *link) {
+        assert(a);
+        assert(link);
+
+        if (!address_may_have_broadcast(a))
+                return false;
+
+        if (a->set_broadcast >= 0)
+                return a->set_broadcast;
+
+        /* Typical configuration for wireguard does not set broadcast. */
+        return !streq_ptr(link->kind, "wireguard");
+}
+
 static uint32_t address_prefix(const Address *a) {
        assert(a);

@ -887,7 +902,7 @@ int address_configure(
                r = netlink_message_append_in_addr_union(req, IFA_ADDRESS, address->family, &address->in_addr_peer);
                if (r < 0)
                        return log_link_error_errno(link, r, "Could not append IFA_ADDRESS attribute: %m");
-        } else if (address_may_have_broadcast(address)) {
+        } else if (address_may_set_broadcast(address, link)) {
                r = sd_netlink_message_append_in_addr(req, IFA_BROADCAST, &address->broadcast);
                if (r < 0)
                        return log_link_error_errno(link, r, "Could not append IFA_BROADCAST attribute: %m");
@ -1467,6 +1482,25 @@ int config_parse_broadcast(
                return 0;
        }

+        if (isempty(rvalue)) {
+                /* The broadcast address will be calculated based on Address=, and set if the link is
+                 * not a wireguard interface. Here, we do not check or set n->family. */
+                n->broadcast = (struct in_addr) {};
+                n->set_broadcast = -1;
+                TAKE_PTR(n);
+                return 0;
+        }
+
+        r = parse_boolean(rvalue);
+        if (r >= 0) {
+                /* The broadcast address will be calculated based on Address=. Here, we do not check or
+                 * set n->family. */
+                n->broadcast = (struct in_addr) {};
+                n->set_broadcast = r;
+                TAKE_PTR(n);
+                return 0;
+        }
+
        if (n->family == AF_INET6) {
                log_syntax(unit, LOG_WARNING, filename, line, 0,
                           "Broadcast is not valid for IPv6 addresses, ignoring assignment: %s", rvalue);
@ -1479,8 +1513,14 @@ int config_parse_broadcast(
                           "Broadcast is invalid, ignoring assignment: %s", rvalue);
                return 0;
        }
+        if (in4_addr_is_null(&u.in)) {
+                log_syntax(unit, LOG_WARNING, filename, line, 0,
+                           "Broadcast cannot be ANY address, ignoring assignment: %s", rvalue);
+                return 0;
+        }

        n->broadcast = u.in;
+        n->set_broadcast = true;
        n->family = AF_INET;
        TAKE_PTR(n);

@ -1835,7 +1875,7 @@ static int address_section_verify(Address *address) {
        }

        if (address_may_have_broadcast(address)) {
-                if (address->broadcast.s_addr == 0)
+                if (address->broadcast.s_addr == 0 && address->set_broadcast != 0)
                        address->broadcast.s_addr = address->in_addr.in.s_addr | htobe32(0xfffffffflu >> address->prefixlen);
        } else if (address->broadcast.s_addr != 0) {
                log_warning("%s: broadcast address is set for IPv6 address or IPv4 address with prefixlength larger than 30. "
--- a/src/network/networkd-address.h
+++ b/src/network/networkd-address.h
@ -30,6 +30,7 @@ typedef struct Address {
        uint32_t flags;
        char *label;

+        int set_broadcast;
        struct in_addr broadcast;
        struct ifa_cacheinfo cinfo;