1
0
mirror of https://github.com/systemd/systemd.git synced 2025-01-10 05:18:17 +03:00

Merge pull request #11423 from ssahani/issue-9890

networkd: honour LinkLocalAddressing
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2019-02-13 16:37:11 +01:00 committed by GitHub
commit eb80dbd24b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 164 additions and 27 deletions

View File

@ -1763,6 +1763,84 @@ bool link_has_carrier(Link *link) {
return false; return false;
} }
static int link_address_genmode_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) {
int r;
assert(link);
if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER))
return 1;
r = sd_netlink_message_get_errno(m);
if (r < 0)
log_link_warning_errno(link, r, "Could not set address genmode for interface: %m");
return 1;
}
static int link_configure_addrgen_mode(Link *link) {
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL;
uint8_t ipv6ll_mode;
int r;
assert(link);
assert(link->network);
assert(link->manager);
assert(link->manager->rtnl);
log_link_debug(link, "Setting address genmode for link");
r = sd_rtnl_message_new_link(link->manager->rtnl, &req, RTM_SETLINK, link->ifindex);
if (r < 0)
return log_link_error_errno(link, r, "Could not allocate RTM_SETLINK message: %m");
r = sd_netlink_message_open_container(req, IFLA_AF_SPEC);
if (r < 0)
return log_link_error_errno(link, r, "Could not open IFLA_AF_SPEC container: %m");
r = sd_netlink_message_open_container(req, AF_INET6);
if (r < 0)
return log_link_error_errno(link, r, "Could not open AF_INET6 container: %m");
if (!link_ipv6ll_enabled(link))
ipv6ll_mode = IN6_ADDR_GEN_MODE_NONE;
else {
const char *p = NULL;
_cleanup_free_ char *stable_secret = NULL;
p = strjoina("/proc/sys/net/ipv6/conf/", link->ifname, "/stable_secret");
/* The file may not exist. And event if it exists, when stable_secret is unset,
* then reading the file fails and EIO is returned. */
r = read_one_line_file(p, &stable_secret);
if (r < 0)
ipv6ll_mode = IN6_ADDR_GEN_MODE_EUI64;
else
ipv6ll_mode = IN6_ADDR_GEN_MODE_STABLE_PRIVACY;
}
r = sd_netlink_message_append_u8(req, IFLA_INET6_ADDR_GEN_MODE, ipv6ll_mode);
if (r < 0)
return log_link_error_errno(link, r, "Could not append IFLA_INET6_ADDR_GEN_MODE: %m");
r = sd_netlink_message_close_container(req);
if (r < 0)
return log_link_error_errno(link, r, "Could not close AF_INET6 container: %m");
r = sd_netlink_message_close_container(req);
if (r < 0)
return log_link_error_errno(link, r, "Could not close IFLA_AF_SPEC container: %m");
r = netlink_call_async(link->manager->rtnl, NULL, req, link_address_genmode_handler,
link_netlink_destroy_callback, link);
if (r < 0)
return log_link_error_errno(link, r, "Could not send rtnetlink message: %m");
link_ref(link);
return 0;
}
static int link_up_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { static int link_up_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) {
int r; int r;
@ -1781,7 +1859,6 @@ static int link_up_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link)
static int link_up(Link *link) { static int link_up(Link *link) {
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL; _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL;
uint8_t ipv6ll_mode;
int r; int r;
assert(link); assert(link);
@ -1812,34 +1889,16 @@ static int link_up(Link *link) {
return log_link_error_errno(link, r, "Could not set MAC address: %m"); return log_link_error_errno(link, r, "Could not set MAC address: %m");
} }
r = sd_netlink_message_open_container(req, IFLA_AF_SPEC);
if (r < 0)
return log_link_error_errno(link, r, "Could not open IFLA_AF_SPEC container: %m");
if (link_ipv6_enabled(link)) { if (link_ipv6_enabled(link)) {
r = sd_netlink_message_open_container(req, IFLA_AF_SPEC);
if (r < 0)
return log_link_error_errno(link, r, "Could not open IFLA_AF_SPEC container: %m");
/* if the kernel lacks ipv6 support setting IFF_UP fails if any ipv6 options are passed */ /* if the kernel lacks ipv6 support setting IFF_UP fails if any ipv6 options are passed */
r = sd_netlink_message_open_container(req, AF_INET6); r = sd_netlink_message_open_container(req, AF_INET6);
if (r < 0) if (r < 0)
return log_link_error_errno(link, r, "Could not open AF_INET6 container: %m"); return log_link_error_errno(link, r, "Could not open AF_INET6 container: %m");
if (!link_ipv6ll_enabled(link))
ipv6ll_mode = IN6_ADDR_GEN_MODE_NONE;
else {
const char *p = NULL;
_cleanup_free_ char *stable_secret = NULL;
p = strjoina("/proc/sys/net/ipv6/conf/", link->ifname, "/stable_secret");
r = read_one_line_file(p, &stable_secret);
if (r < 0)
ipv6ll_mode = IN6_ADDR_GEN_MODE_EUI64;
else
ipv6ll_mode = IN6_ADDR_GEN_MODE_STABLE_PRIVACY;
}
r = sd_netlink_message_append_u8(req, IFLA_INET6_ADDR_GEN_MODE, ipv6ll_mode);
if (r < 0)
return log_link_error_errno(link, r, "Could not append IFLA_INET6_ADDR_GEN_MODE: %m");
if (!in_addr_is_null(AF_INET6, &link->network->ipv6_token)) { if (!in_addr_is_null(AF_INET6, &link->network->ipv6_token)) {
r = sd_netlink_message_append_in6_addr(req, IFLA_INET6_TOKEN, &link->network->ipv6_token.in6); r = sd_netlink_message_append_in6_addr(req, IFLA_INET6_TOKEN, &link->network->ipv6_token.in6);
if (r < 0) if (r < 0)
@ -1849,11 +1908,11 @@ static int link_up(Link *link) {
r = sd_netlink_message_close_container(req); r = sd_netlink_message_close_container(req);
if (r < 0) if (r < 0)
return log_link_error_errno(link, r, "Could not close AF_INET6 container: %m"); return log_link_error_errno(link, r, "Could not close AF_INET6 container: %m");
}
r = sd_netlink_message_close_container(req); r = sd_netlink_message_close_container(req);
if (r < 0) if (r < 0)
return log_link_error_errno(link, r, "Could not close IFLA_AF_SPEC container: %m"); return log_link_error_errno(link, r, "Could not close IFLA_AF_SPEC container: %m");
}
r = netlink_call_async(link->manager->rtnl, NULL, req, link_up_handler, r = netlink_call_async(link->manager->rtnl, NULL, req, link_up_handler,
link_netlink_destroy_callback, link); link_netlink_destroy_callback, link);
@ -2942,6 +3001,12 @@ static int link_configure(Link *link) {
return r; return r;
} }
if (socket_ipv6_is_supported()) {
r = link_configure_addrgen_mode(link);
if (r < 0)
return r;
}
return link_configure_after_setting_mtu(link); return link_configure_after_setting_mtu(link);
} }

View File

@ -0,0 +1,5 @@
[Match]
Name=dummy98
[Network]
LinkLocalAddressing=no

View File

@ -0,0 +1,5 @@
[Match]
Name=test1
[Network]
LinkLocalAddressing=yes

View File

@ -565,6 +565,8 @@ class NetworkdNetWorkTests(unittest.TestCase, Utilities):
'25-fibrule-port-range.network', '25-fibrule-port-range.network',
'25-ipv6-address-label-section.network', '25-ipv6-address-label-section.network',
'25-neighbor-section.network', '25-neighbor-section.network',
'25-link-local-addressing-no.network',
'25-link-local-addressing-yes.network',
'25-link-section-unmanaged.network', '25-link-section-unmanaged.network',
'25-route-gateway.network', '25-route-gateway.network',
'25-route-gateway-on-link.network', '25-route-gateway-on-link.network',
@ -861,6 +863,66 @@ class NetworkdNetWorkTests(unittest.TestCase, Utilities):
self.assertRegex(output, '192.168.10.1.*00:00:5e:00:02:65.*PERMANENT') self.assertRegex(output, '192.168.10.1.*00:00:5e:00:02:65.*PERMANENT')
self.assertRegex(output, '2004:da8:1::1.*00:00:5e:00:02:66.*PERMANENT') self.assertRegex(output, '2004:da8:1::1.*00:00:5e:00:02:66.*PERMANENT')
def test_link_local_addressing(self):
self.copy_unit_to_networkd_unit_path('25-link-local-addressing-yes.network', '11-dummy.netdev',
'25-link-local-addressing-no.network', '12-dummy.netdev')
self.start_networkd()
self.assertTrue(self.link_exits('test1'))
self.assertTrue(self.link_exits('dummy98'))
time.sleep(10)
output = subprocess.check_output(['ip', 'address', 'show', 'dev', 'test1']).rstrip().decode('utf-8')
print(output)
self.assertRegex(output, 'inet .* scope link')
self.assertRegex(output, 'inet6 .* scope link')
output = subprocess.check_output(['ip', 'address', 'show', 'dev', 'dummy98']).rstrip().decode('utf-8')
print(output)
self.assertNotRegex(output, 'inet6* .* scope link')
output = subprocess.check_output(['networkctl', 'status', 'test1']).rstrip().decode('utf-8')
print(output)
self.assertRegex(output, 'State: degraded \(configured\)')
output = subprocess.check_output(['networkctl', 'status', 'dummy98']).rstrip().decode('utf-8')
print(output)
self.assertRegex(output, 'State: carrier \(configured\)')
'''
Documentation/networking/ip-sysctl.txt
addr_gen_mode - INTEGER
Defines how link-local and autoconf addresses are generated.
0: generate address based on EUI64 (default)
1: do no generate a link-local address, use EUI64 for addresses generated
from autoconf
2: generate stable privacy addresses, using the secret from
stable_secret (RFC7217)
3: generate stable privacy addresses, using a random secret if unset
'''
test1_addr_gen_mode = ''
if os.path.exists(os.path.join(os.path.join(network_sysctl_ipv6_path, 'test1'), 'stable_secret')):
with open(os.path.join(os.path.join(network_sysctl_ipv6_path, 'test1'), 'stable_secret')) as f:
try:
f.readline()
except IOError:
# if stable_secret is unset, then EIO is returned
test1_addr_gen_mode = '0'
else:
test1_addr_gen_mode = '2'
else:
test1_addr_gen_mode = '0'
if os.path.exists(os.path.join(os.path.join(network_sysctl_ipv6_path, 'test1'), 'addr_gen_mode')):
self.assertEqual(self.read_ipv6_sysctl_attr('test1', 'addr_gen_mode'), '0')
if os.path.exists(os.path.join(os.path.join(network_sysctl_ipv6_path, 'dummy98'), 'addr_gen_mode')):
self.assertEqual(self.read_ipv6_sysctl_attr('dummy98', 'addr_gen_mode'), '1')
def test_sysctl(self): def test_sysctl(self):
self.copy_unit_to_networkd_unit_path('25-sysctl.network', '12-dummy.netdev') self.copy_unit_to_networkd_unit_path('25-sysctl.network', '12-dummy.netdev')
self.start_networkd() self.start_networkd()