shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-01-24 06:04:05 +03:00
Code

Merge pull request #27860 from poettering/loopback-no-prefix-route

Browse Source 
loopback-setup: only create a single loopback route when configuring 'lo'
This commit is contained in:
Lennart Poettering 2023-05-31 14:03:04 +02:00 committed by GitHub
commit cbf21d1432
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 60 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
src/shared/loopback-setup.c
View File

@ -114,9 +114,15 @@ static int add_ipv6_address(sd_netlink *rtnl, struct state *s) {
if (r < 0)
return r;
r = sd_rtnl_message_addr_set_flags(req, IFA_F_PERMANENT);
uint32_t flags = IFA_F_PERMANENT|IFA_F_NOPREFIXROUTE;
r = sd_rtnl_message_addr_set_flags(req, flags & 0xffu); /* rtnetlink wants low 8 bit of flags via regular flags field… */
if (r < 0)
return r;
if ((flags & ~0xffu) != 0) {
r = sd_netlink_message_append_u32(req, IFA_FLAGS, flags); /* …and the rest of the flags via IFA_FLAGS */
if (r < 0)
return r;
}
r = sd_rtnl_message_addr_set_scope(req, RT_SCOPE_HOST);
if (r < 0)
@ -134,22 +140,22 @@ static int add_ipv6_address(sd_netlink *rtnl, struct state *s) {
return 0;
}
static bool check_loopback(sd_netlink *rtnl) {
static int check_loopback(sd_netlink *rtnl) {
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;
unsigned flags;
int r;
r = sd_rtnl_message_new_link(rtnl, &req, RTM_GETLINK, LOOPBACK_IFINDEX);
if (r < 0)
return false;
return r;
r = sd_netlink_call(rtnl, req, USEC_INFINITY, &reply);
if (r < 0)
return false;
return r;
r = sd_rtnl_message_link_get_flags(reply, &flags);
if (r < 0)
return false;
return r;
return flags & IFF_UP;
}
@ -170,9 +176,11 @@ int loopback_setup(void) {
};
int r;
/* Note, we, generally assume callers ignore the return code here (except test cases), hence only log add LOG_WARN level. */
r = sd_netlink_open(&rtnl);
if (r < 0)
return log_error_errno(r, "Failed to open netlink: %m");
return log_warning_errno(r, "Failed to open netlink, ignoring: %m");
/* Note that we add the IP addresses here explicitly even though the kernel does that too implicitly when
* setting up the loopback device. The reason we do this here a second time (and possibly race against the
@ -182,35 +190,42 @@ int loopback_setup(void) {
r = add_ipv4_address(rtnl, &state_4);
if (r < 0)
return log_error_errno(r, "Failed to enqueue IPv4 loopback address add request: %m");
return log_warning_errno(r, "Failed to enqueue IPv4 loopback address add request, ignoring: %m");
r = add_ipv6_address(rtnl, &state_6);
if (r < 0)
return log_error_errno(r, "Failed to enqueue IPv6 loopback address add request: %m");
return log_warning_errno(r, "Failed to enqueue IPv6 loopback address add request, ignoring: %m");
r = start_loopback(rtnl, &state_up);
if (r < 0)
return log_error_errno(r, "Failed to enqueue loopback interface start request: %m");
return log_warning_errno(r, "Failed to enqueue loopback interface start request, ignoring: %m");
while (state_4.n_messages + state_6.n_messages + state_up.n_messages > 0) {
r = sd_netlink_wait(rtnl, LOOPBACK_SETUP_TIMEOUT_USEC);
if (r < 0)
return log_error_errno(r, "Failed to wait for netlink event: %m");
return log_warning_errno(r, "Failed to wait for netlink event, ignoring: %m");
r = sd_netlink_process(rtnl, NULL);
if (r < 0)
return log_warning_errno(r, "Failed to process netlink event: %m");
return log_warning_errno(r, "Failed to process netlink event, ignoring: %m");
}
/* Note that we don't really care whether the addresses could be added or not */
if (state_up.rcode != 0) {
/* If we lack the permissions to configure the loopback device,
* but we find it to be already configured, let's exit cleanly,
* in order to supported unprivileged containers. */
if (ERRNO_IS_PRIVILEGE(state_up.rcode) && check_loopback(rtnl))
return 0;
return log_warning_errno(state_up.rcode, "Failed to configure loopback network device: %m");
/* If we lack the permissions to configure the loopback device, but we find it to be already
* configured, let's exit cleanly, in order to supported unprivileged containers. */
if (ERRNO_IS_PRIVILEGE(state_up.rcode)) {
r = check_loopback(rtnl);
if (r < 0)
log_debug_errno(r, "Failed to check if loopback device might already be up, ignoring: %m");
else if (r > 0) {
log_debug("Configuring loopback failed, but device is already up, suppressing failure.");
return 0;
}
}
return log_warning_errno(state_up.rcode, "Failed to configure loopback network device, ignoring: %m");
}
return 0;

32
src/test/test-loopback.c
View File

@ -1,20 +1,44 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include <sched.h>
#include <stdio.h>
#include <string.h>
#include "errno-util.h"
#include "log.h"
#include "loopback-setup.h"
#include "tests.h"
int main(int argc, char* argv[]) {
TEST_RET(loopback_setup) {
int r;
test_setup_logging(LOG_DEBUG);
if (unshare(CLONE_NEWUSER | CLONE_NEWNET) < 0) {
if (ERRNO_IS_PRIVILEGE(errno) || ERRNO_IS_NOT_SUPPORTED(errno)) {
log_notice("Skipping test, lacking privileges or namespaces not supported");
return EXIT_TEST_SKIP;
}
return log_error_errno(errno, "Failed to create user+network namespace: %m");
}
r = loopback_setup();
if (r < 0)
log_error_errno(r, "loopback: %m");
return log_error_errno(r, "loopback: %m");
return r >= 0 ? EXIT_SUCCESS : EXIT_FAILURE;
log_info("> ipv6 main");
system("ip -6 route show table main");
log_info("> ipv6 local");
system("ip -6 route show table local");
log_info("> ipv4 main");
system("ip -4 route show table main");
log_info("> ipv4 local");
system("ip -4 route show table local");
return EXIT_SUCCESS;
}
static int intro(void) {
log_show_color(true);
return EXIT_SUCCESS;
}
DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);