diff --git a/NEWS b/NEWS index 1d1f08deda7..f9aada81868 100644 --- a/NEWS +++ b/NEWS @@ -37,6 +37,11 @@ CHANGES WITH 255 in spe: Transitions between real systems should be done with "systemctl soft-reboot" instead. + * The ip=off and ip=none kernel command line options interpreted by + systemd-network-generator will now result in IPv6RA + link-local + addressing to be disabled, too. Previously DHCP was turned off, but + IPv6RA and IPv6 link-local addressing was left enabled. + Device Management: * udev will now create symlinks to loopback block devices in the diff --git a/TODO b/TODO index ca2c33c72c0..3d30fb2982f 100644 --- a/TODO +++ b/TODO @@ -144,11 +144,6 @@ Features: root=nvme::::: to boot directly from nvme-oF -* systemd-network-generator: add ip=link-local or so which configures all - network devices, but for ipv4ll/ipv6ll only, i.e. restricted to link-local - addressing. usecase: storage target mode (NVMe-TCP), where it makes sense for - security reasons to limit access to local links. - * add a new systemd-project@.service that is very similar to user@.service but uses DynamicUser=1 and no PAMName= to invoke an unprivileged somewhat light-weight service manager. Use HOME=/var/lib/systemd/projects/%i as home diff --git a/man/systemd-network-generator.service.xml b/man/systemd-network-generator.service.xml index 0eb98a96354..53d559edbf1 100644 --- a/man/systemd-network-generator.service.xml +++ b/man/systemd-network-generator.service.xml @@ -30,7 +30,7 @@ Description systemd-network-generator.service is a system service that translates - ip= and the related settings on the kernel command line (see below) into + ip= and related settings on the kernel command line (see below) into systemd.network5, systemd.netdev5, and systemd.link5 @@ -59,8 +59,15 @@ rd.route= rd.peerdns= - — translated into - systemd.network5 files. + Translated into + systemd.network5 + files. + + In addition to the parameters dracut.cmdline7 + defines the ip= option accepts the special value + link-local. If selected, the network interfaces will be configured for + link-local addressing (IPv4LL, IPv6LL) only, DHCP or IPv6RA will not be enabled. @@ -70,8 +77,9 @@ ifname= net.ifname-policy= - — translated into - systemd.link5 files. + Translated into + systemd.link5 + files. @@ -83,8 +91,9 @@ bridge= bootdev= - — translated into - systemd.netdev5 files. + Translated into + systemd.netdev5 + files. diff --git a/src/network/generator/network-generator.c b/src/network/generator/network-generator.c index f1bcc325914..d9fca213844 100644 --- a/src/network/generator/network-generator.c +++ b/src/network/generator/network-generator.c @@ -17,10 +17,10 @@ /* # .network - ip={dhcp|on|any|dhcp6|auto6|either6|link6} - ip=:{dhcp|on|any|dhcp6|auto6|link6}[:[][:]] - ip=:[]:::::{none|off|dhcp|on|any|dhcp6|auto6|link6|ibft}[:[][:]] - ip=:[]:::::{none|off|dhcp|on|any|dhcp6|auto6|link6|ibft}[:[][:]] + ip={dhcp|on|any|dhcp6|auto6|either6|link6|link-local} + ip=:{dhcp|on|any|dhcp6|auto6|link6|link-local}[:[][:]] + ip=:[]:::::{none|off|dhcp|on|any|dhcp6|auto6|link6|ibft|link-local}[:[][:]] + ip=:[]:::::{none|off|dhcp|on|any|dhcp6|auto6|link6|ibft|link-local}[:[][:]] rd.route=/:[:] nameserver= [nameserver= ...] rd.peerdns=0 @@ -44,35 +44,57 @@ */ static const char * const dracut_dhcp_type_table[_DHCP_TYPE_MAX] = { - [DHCP_TYPE_NONE] = "none", - [DHCP_TYPE_OFF] = "off", - [DHCP_TYPE_ON] = "on", - [DHCP_TYPE_ANY] = "any", - [DHCP_TYPE_DHCP4] = "dhcp", - [DHCP_TYPE_DHCP6] = "dhcp6", - [DHCP_TYPE_AUTO6] = "auto6", - [DHCP_TYPE_EITHER6] = "either6", - [DHCP_TYPE_IBFT] = "ibft", - [DHCP_TYPE_LINK6] = "link6", + [DHCP_TYPE_NONE] = "none", + [DHCP_TYPE_OFF] = "off", + [DHCP_TYPE_ON] = "on", + [DHCP_TYPE_ANY] = "any", + [DHCP_TYPE_DHCP] = "dhcp", + [DHCP_TYPE_DHCP6] = "dhcp6", + [DHCP_TYPE_AUTO6] = "auto6", + [DHCP_TYPE_EITHER6] = "either6", + [DHCP_TYPE_IBFT] = "ibft", + [DHCP_TYPE_LINK6] = "link6", + [DHCP_TYPE_LINK_LOCAL] = "link-local", }; DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING(dracut_dhcp_type, DHCPType); static const char * const networkd_dhcp_type_table[_DHCP_TYPE_MAX] = { - [DHCP_TYPE_NONE] = "no", - [DHCP_TYPE_OFF] = "no", - [DHCP_TYPE_ON] = "yes", - [DHCP_TYPE_ANY] = "yes", - [DHCP_TYPE_DHCP4] = "ipv4", - [DHCP_TYPE_DHCP6] = "ipv6", - [DHCP_TYPE_AUTO6] = "no", /* TODO: enable other setting? */ - [DHCP_TYPE_EITHER6] = "ipv6", /* TODO: enable other setting? */ - [DHCP_TYPE_IBFT] = "no", - [DHCP_TYPE_LINK6] = "no", + [DHCP_TYPE_NONE] = "no", + [DHCP_TYPE_OFF] = "no", + [DHCP_TYPE_ON] = "yes", + [DHCP_TYPE_ANY] = "yes", + [DHCP_TYPE_DHCP] = "ipv4", + [DHCP_TYPE_DHCP6] = "ipv6", + [DHCP_TYPE_AUTO6] = "no", /* TODO: enable other setting? */ + [DHCP_TYPE_EITHER6] = "ipv6", /* TODO: enable other setting? */ + [DHCP_TYPE_IBFT] = "no", + [DHCP_TYPE_LINK6] = "no", + [DHCP_TYPE_LINK_LOCAL] = "no", }; DEFINE_PRIVATE_STRING_TABLE_LOOKUP_TO_STRING(networkd_dhcp_type, DHCPType); +static const char * const networkd_ipv6ra_type_table[_DHCP_TYPE_MAX] = { + [DHCP_TYPE_NONE] = "no", + [DHCP_TYPE_OFF] = "no", + [DHCP_TYPE_LINK6] = "no", + [DHCP_TYPE_LINK_LOCAL] = "no", + /* We omit the other entries, to leave the default in effect */ +}; + +DEFINE_PRIVATE_STRING_TABLE_LOOKUP_TO_STRING(networkd_ipv6ra_type, DHCPType); + +static const char * const networkd_link_local_type_table[_DHCP_TYPE_MAX] = { + [DHCP_TYPE_NONE] = "no", + [DHCP_TYPE_OFF] = "no", + [DHCP_TYPE_LINK6] = "ipv6", + [DHCP_TYPE_LINK_LOCAL] = "yes", + /* We omit the other entries, to leave the default in effect */ +}; + +DEFINE_PRIVATE_STRING_TABLE_LOOKUP_TO_STRING(networkd_link_local_type, DHCPType); + static Address *address_free(Address *address) { if (!address) return NULL; @@ -1131,6 +1153,16 @@ void network_dump(Network *network, FILE *f) { if (dhcp) fprintf(f, "DHCP=%s\n", dhcp); + const char *ll; + ll = networkd_link_local_type_to_string(network->dhcp_type); + if (ll) + fprintf(f, "LinkLocalAddressing=%s\n", ll); + + const char *ra; + ra = networkd_ipv6ra_type_to_string(network->dhcp_type); + if (ra) + fprintf(f, "IPv6AcceptRA=%s\n", ra); + if (!strv_isempty(network->dns)) STRV_FOREACH(dns, network->dns) fprintf(f, "DNS=%s\n", *dns); diff --git a/src/network/generator/network-generator.h b/src/network/generator/network-generator.h index 0e0da2a57af..aa5ca9d6952 100644 --- a/src/network/generator/network-generator.h +++ b/src/network/generator/network-generator.h @@ -10,15 +10,16 @@ typedef enum DHCPType { DHCP_TYPE_NONE, - DHCP_TYPE_OFF, + DHCP_TYPE_OFF, /* Same as DHCP_TYPE_NONE */ DHCP_TYPE_ON, - DHCP_TYPE_ANY, - DHCP_TYPE_DHCP4, + DHCP_TYPE_ANY, /* Same as DHCP_TYPE_ON */ + DHCP_TYPE_DHCP, /* Actually means: DHCPv4 */ DHCP_TYPE_DHCP6, DHCP_TYPE_AUTO6, DHCP_TYPE_EITHER6, DHCP_TYPE_IBFT, DHCP_TYPE_LINK6, + DHCP_TYPE_LINK_LOCAL, _DHCP_TYPE_MAX, _DHCP_TYPE_INVALID = -EINVAL, } DHCPType; diff --git a/test/test-network-generator-conversion/test-02-bridge.expected/90-eth0.network b/test/test-network-generator-conversion/test-02-bridge.expected/90-eth0.network index 8842b57921b..c076804bdcb 100644 --- a/test/test-network-generator-conversion/test-02-bridge.expected/90-eth0.network +++ b/test/test-network-generator-conversion/test-02-bridge.expected/90-eth0.network @@ -7,6 +7,8 @@ Name=eth0 [Network] DHCP=no +LinkLocalAddressing=no +IPv6AcceptRA=no DNS=10.10.10.10 DNS=10.10.10.11 Bridge=bridge99 diff --git a/test/test-network-generator-conversion/test-02-bridge.expected/90-eth1.network b/test/test-network-generator-conversion/test-02-bridge.expected/90-eth1.network index feff4f5ba89..c7dcf7bd284 100644 --- a/test/test-network-generator-conversion/test-02-bridge.expected/90-eth1.network +++ b/test/test-network-generator-conversion/test-02-bridge.expected/90-eth1.network @@ -7,6 +7,8 @@ Name=eth1 [Network] DHCP=no +LinkLocalAddressing=no +IPv6AcceptRA=no DNS=10.10.10.10 DNS=10.10.10.11 Bridge=bridge99 diff --git a/test/test-network-generator-conversion/test-03-issue-14319.expected/90-enp3s0.network b/test/test-network-generator-conversion/test-03-issue-14319.expected/90-enp3s0.network index 28ccfdd9b00..ad04193bed3 100644 --- a/test/test-network-generator-conversion/test-03-issue-14319.expected/90-enp3s0.network +++ b/test/test-network-generator-conversion/test-03-issue-14319.expected/90-enp3s0.network @@ -7,6 +7,8 @@ Name=enp3s0 [Network] DHCP=no +LinkLocalAddressing=no +IPv6AcceptRA=no [DHCP]