1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-22 17:35:35 +03:00
Commit Graph

638 Commits

Author SHA1 Message Date
Michal Koutný
edd84b8e4b meson: Copy files with git only in true git repository
When mkosi is run from git-worktree(1), the .git is not a repository
directory but a textfile pointing to the real git dir
(e.g. /home/user/systemd/.git/worktrees/systemd-worktree). This git dir
is not bind mounted into build environment and it fails with:

> fatal: not a git repository: /home/user/systemd/.git/worktrees/systemd-worktree
> test/meson.build:190:16: ERROR: Command `/usr/bin/env -u GIT_WORK_TREE /usr/bin/git --git-dir=/root/src/.git ls-files ':/test/dmidecode-dumps/*.bin'` failed with status 128.

There is already a fallback to use shell globbing instead of ls-files,
use it with git worktrees as well.
2023-03-02 15:04:40 +00:00
Quentin Deslandes
523ea1237a journal: log filtering options support in PID1
Define new unit parameter (LogFilterPatterns) to filter logs processed by
journald.

This option is used to store a regular expression which is carried from
PID1 to systemd-journald through a cgroup xattrs:
`user.journald_log_filter_patterns`.
2022-12-15 09:57:39 +00:00
Yu Watanabe
16a6bc5a7a resolve: dedup entries in /etc/hosts
This improves the performance of parsing the file and reduces memory pressure.

Running 'fuzz-etc-hosts timeout-strv' with valgrind,

Before:
total heap usage: 321,020 allocs, 321,020 frees, 15,820,387,193 bytes allocated
real    0m23.531s
user    0m21.458s
sys     0m1.961s

After:
total heap usage: 112,408 allocs, 112,408 frees, 7,297,480 bytes allocated
real    0m8.664s
user    0m8.545s
sys     0m0.065s

Hopefully fixes oss-fuzz#47708 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47708).
2022-12-13 20:37:48 +09:00
Yu Watanabe
029a7f5a0e fuzz: shorten filename of testcase
Follow-up for 46dc071985 and
76519cecc7.
2022-12-09 05:01:04 +09:00
Yu Watanabe
b9152f2d63 resolve: optimize conversion of TXT fields to json
Fixes oss-fuzz#54080 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54080).

Fixes #25654.
2022-12-09 04:59:49 +09:00
Yu Watanabe
7d34567444 hexdecoct: fix NULL pointer dereferences in hexmem()
Fixes oss-fuzz#54090 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54090).

Fixes #25655.
2022-12-09 04:55:47 +09:00
Yu Watanabe
45655e776f hexdecoct: add missing NULL check
Fixes oss-fuzz#54065 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54065).

Fixes #25650.
2022-12-09 04:54:43 +09:00
Yu Watanabe
76519cecc7 escape: fix wrong octescape of bad character
Fixes a bug introduced by 95052df376.

This also makes octescape() support NULL or zero length string.

Fixes [oss-fuzz#54059](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54059).

Fixes #25643.
2022-12-06 12:18:10 +09:00
Zbigniew Jędrzejewski-Szmek
cda7c31065
Merge pull request #25537 from evverx/fuzz-resource-records
tests: fuzz dns resource records
2022-12-05 13:41:38 +01:00
Yu Watanabe
46dc071985 bootspec: fix null-dereference-read
Fixes [oss-fuzz#53578](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53578).
Fixes #25450.
2022-12-02 14:23:45 +01:00
Evgeny Vereshchagin
49f936cd0a tests: add a file triggering "applying zero offset to null pointer"
```
../src/basic/hexdecoct.c:66:44: runtime error: applying zero offset to null pointer
    #0 0x7f6022650c44 in hexmem /home/vagrant/systemd/build-fuzzers/../src/basic/hexdecoct.c:66:44
    #1 0x577583 in dns_resource_record_to_string /home/vagrant/systemd/build-fuzzers/../src/resolve/resolved-dns-rr.c:1140:21
    #2 0x563669 in LLVMFuzzerTestOneInput /home/vagrant/systemd/build-fuzzers/../src/resolve/fuzz-resource-record.c:25:39
    #3 0x44d2a1 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/vagrant/systemd/out/fuzz-resource-record+0x44d2a1) (BuildId: 88135c111396e9441a475302ccabd2f9a58c7e89)
    #4 0x42d32f in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/vagrant/systemd/out/fuzz-resource-record+0x42d32f) (BuildId: 88135c111396e9441a475302ccabd2f9a58c7e89)
    #5 0x434920 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/vagrant/systemd/out/fuzz-resource-record+0x434920) (BuildId: 88135c111396e9441a475302ccabd2f9a58c7e89)
    #6 0x424006 in main (/home/vagrant/systemd/out/fuzz-resource-record+0x424006) (BuildId: 88135c111396e9441a475302ccabd2f9a58c7e89)
    #7 0x7f602142950f in __libc_start_call_main (/lib64/libc.so.6+0x2950f) (BuildId: 85c438f4ff93e21675ff174371c9c583dca00b2c)
    #8 0x7f60214295c8 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x295c8) (BuildId: 85c438f4ff93e21675ff174371c9c583dca00b2c)
    #9 0x424044 in _start (/home/vagrant/systemd/out/fuzz-resource-record+0x424044) (BuildId: 88135c111396e9441a475302ccabd2f9a58c7e89)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/basic/hexdecoct.c:66:44 in
```
2022-11-26 11:57:22 +00:00
Evgeny Vereshchagin
b6e8a4f2b6 tests: add a file triggering crash in type_bitmap_to_json
It's a follow-up to https://github.com/systemd/systemd/pull/25518
2022-11-25 19:32:04 +00:00
Pasha Vorobyev
d7fe0a6723 MemoryZSwapMax directive to configure new memory.zswap.max cgroup file 2022-11-15 21:15:37 +01:00
Michal Koutný
7e343b530e meson: Generate fuzzer inputs with directives
The lists of directives for fuzzer tests are maintained manually in the
repo. There is a tools/check-directives.sh script that runs during test
phase and reports stale directive lists.
Let's rework the script into a generator so that these directive files
are created on-the-flight and needn't be updated whenever a unit file
directives change. The scripts is rewritten in Python to get rid of gawk
dependency and each generated file is a separate meson target so that
incremental builds refresh what is just necessary (and parallelize
(negligible)).

Note: test/fuzz/fuzz-unit-file/directives-all.slice is kept since there
is not automated way to generate it (it is not covered by the check
script neither).
2022-10-20 14:43:50 +02:00
Michal Koutný
7db5761dda meson: Store fuzz tests in structured way
Put fuzzer tests into dictionary that maps `fuzzer->list of inputs`
instead of the flat list.
This is just refactoring with no intentional .
2022-10-11 09:48:05 +02:00
Zbigniew Jędrzejewski-Szmek
b75bc18887 fuzz: shorten name of fuzz test case
Wide fuzzer case names make meson test output very wide…
2022-10-08 03:24:01 +09:00
Yu Watanabe
69a34a4fd4 fuzz: add a test case for fuzz-bootspec
This adds a testcase for the issue oss-fuzz#50949
(https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50949).
2022-09-03 23:32:54 +09:00
Topi Miettinen
4b3590c324 network: NetLabel integration
New directive `NetLabel=` provides a method for integrating static and dynamic
network configuration into Linux NetLabel subsystem rules, used by Linux
Security Modules (LSMs) for network access control. The label, with suitable
LSM rules, can be used to control connectivity of (for example) a service with
peers in the local network. At least with SELinux, only the ingress can be
controlled but not egress. The benefit of using this setting is that it may be
possible to apply interface independent part of NetLabel configuration at very
early stage of system boot sequence, at the time when the network interfaces
are not available yet, with netlabelctl(8), and the per-interface configuration
with systemd-networkd once the interfaces appear later.  Currently this feature
is only implemented for SELinux.

The option expects a single NetLabel label. The label must conform to lexical
restrictions of LSM labels. When an interface is configured with IP addresses,
the addresses and subnetwork masks will be appended to the NetLabel Fallback
Peer Labeling rules. They will be removed when the interface is
deconfigured. Failures to manage the labels will be ignored.

Example:
```
[DHCPv4]
NetLabel=system_u:object_r:localnet_peer_t:s0
```

With the above rules for interface `eth0`, when the interface is configured with
an IPv4 address of 10.0.0.123/8, `systemd-networkd` performs the equivalent of
`netlabelctl` operation

```
$ sudo netlabelctl unlbl add interface eth0 address:10.0.0.0/8 label:system_u:object_r:localnet_peer_t:s0
```

Result:
```
$ sudo netlabelctl -p unlbl list
...
 interface: eth0
   address: 10.0.0.0/8
    label: "system_u:object_r:localnet_peer_t:s0"
...
```
2022-08-29 14:23:17 +09:00
Yu Watanabe
dc7c21f001 network: introduce TCPCongestionControlAlgorithm=
Closes #24432.
2022-08-26 19:47:23 +09:00
Zbigniew Jędrzejewski-Szmek
4ccde410a3 tree-wide: change --kill-who to --kill-whom
getopt allows non-ambiguous abbreviations, so backwards-compat is maintained, and
people can use --kill-who (or even shorter abbreviations). English is flexible,
so in common speach people would use both forms, even if "whom" is technically
more correct. The advantage of using the longer form in the code is that we
effectively allow both forms, so we stop punishing people who DTGCT¹, but still
allow people to use the spoken form if they prefer.

1. Do the gramatically correct thing
2022-08-26 11:15:44 +09:00
Michal Sekletar
466266c172 rules: import previous SYSTEMD_READY state for suspended DM devices and skip other rules
We can't get any FS meta-data from a suspended device. Hence defer
making any plugged/unplugged decisions, i.e. we just import whatever was
previous state and skip processing all other rules.

Thanks Lennart Poettering <lennart@poettering.net> for suggesting this
solution.
2022-08-19 20:13:47 +01:00
Yu Watanabe
f8b7c17764 network/tuntap: introduce KeepCarrier= setting
Closes #24267.
2022-08-16 21:57:31 +09:00
Lennart Poettering
351f7d5143 fuzz: add ConditionCredential= to fuzz files, and sort their sections 2022-07-15 10:53:45 +02:00
Andre Kalb
34b63c9e45 network: Add support to select an IPv4 link-local start address 2022-07-13 23:57:18 +02:00
Yu Watanabe
917c6bb4b3
Merge pull request #23916 from keszybz/assorted-patches
Assorted patches
2022-07-06 14:15:50 +09:00
Zbigniew Jędrzejewski-Szmek
cec3e9a774 fuzz: rename samples to avoid long test names 2022-07-05 21:49:12 +02:00
nl6720
0e68582323 tree-wide: link to docs.kernel.org for kernel documentation
https://www.kernel.org/ links to https://docs.kernel.org/ for the documentation.
See https://git.kernel.org/pub/scm/docs/kernel/website.git/commit/?id=ebc1c372850f249dd143c6d942e66c88ec610520

These URLs are shorter and nicer looking.
2022-07-04 19:56:53 +02:00
Yu Watanabe
a32badc5a6 Revert "networkd: NetLabel integration"
This reverts PR #23269 and its follow-up commit. Especially,
2299b1cae3 (partially), and
3cf63830ac.

The PR was merged without final approval, and has several issues:
- The NetLabel for static addresses are not assigned, as labels are
  stored in the Address objects managed by Network, instead of Link.
- If NetLabel is specified for a static address, then the address
  section will be invalid and the address will not be configured,
- It should be implemented with Request object,
- There is no test about the feature.
2022-06-22 22:34:26 +09:00
Yu Watanabe
b48ed70c79 Revert NFTSet feature
This reverts PR #22587 and its follow-up commit. More specifically,
2299b1cae3 (partially),
e176f85527,
ceb46a31a0, and
51bb9076ab.

The PR was merged without final approval, and has several issues:
- OSS fuzz reported issues in the conf parser,
- It calls synchrnous netlink call, it should not be especially in PID1,
- The importance of NFTSet for CGroup and DynamicUser may be
  questionable, at least, there was no justification PID1 should support
  it.
- For networkd, it should be implemented with Request object,
- There is no test for the feature.

Fixes #23711.
Fixes #23717.
Fixes #23719.
Fixes #23720.
Fixes #23721.
Fixes #23759.
2022-06-22 22:23:58 +09:00
Topi Miettinen
46c3b1ff88 core: firewall integration with DynamicUserNFTSet=
New directive `DynamicUserNFTSet=` provides a method for integrating
configuration of dynamic users into firewall rules with NFT sets.

Example:
```
table inet filter {
        set u {
                typeof meta skuid
        }

        chain service_output {
                meta skuid != @u drop
                accept
        }
}
```

```
/etc/systemd/system/dunft.service
[Service]
DynamicUser=yes
DynamicUserNFTSet=inet:filter:u
ExecStart=/bin/sleep 1000

[Install]
WantedBy=multi-user.target
```

```
$ sudo nft list set inet filter u
table inet filter {
        set u {
                typeof meta skuid
                elements = { 64864 }
        }
}
$ ps -n --format user,group,pid,command -p `pgrep sleep`
    USER    GROUP     PID COMMAND
   64864    64864   55158 /bin/sleep 1000
```
2022-06-08 16:12:25 +00:00
Topi Miettinen
c0548df0a2 core: firewall integration with ControlGroupNFTSet=
New directive `ControlGroupNFTSet=` provides a method for integrating services
into firewall rules with NFT sets.

Example:

```
table inet filter {
...
        set timesyncd {
                type cgroupsv2
        }

        chain ntp_output {
                socket cgroupv2 != @timesyncd counter drop
                accept
        }
...
}
```

/etc/systemd/system/systemd-timesyncd.service.d/override.conf
```
[Service]
ControlGroupNFTSet=inet:filter:timesyncd
```

```
$ sudo nft list set inet filter timesyncd
table inet filter {
        set timesyncd {
                type cgroupsv2
                elements = { "system.slice/systemd-timesyncd.service" }
        }
}
```
2022-06-08 16:12:25 +00:00
Topi Miettinen
ab51fd9dbd network: firewall integration with NFT sets
New directives `NFTSet=`, `IPv4NFTSet=` and `IPv6NFTSet=` provide a method for
integrating configuration of dynamic networks into firewall rules with NFT
sets.

/etc/systemd/network/eth.network
```
[DHCPv4]
...
NFTSet=netdev:filter:eth_ipv4_address
```

```
table netdev filter {
        set eth_ipv4_address {
                type ipv4_addr
                flags interval
        }
        chain eth_ingress {
                type filter hook ingress device "eth0" priority filter; policy drop;
                ip saddr != @eth_ipv4_address drop
                accept
        }
}
```
```
sudo nft list set netdev filter eth_ipv4_address
table netdev filter {
        set eth_ipv4_address {
                type ipv4_addr
                flags interval
                elements = { 10.0.0.0/24 }
        }
}
```
2022-06-08 16:12:25 +00:00
Topi Miettinen
3cf63830ac networkd: NetLabel integration
New directive `NetLabel=` provides a method for integrating dynamic network
configuration into Linux NetLabel subsystem rules, used by Linux security
modules (LSMs) for network access control. The option expects a whitespace
separated list of NetLabel labels. The labels must conform to lexical
restrictions of LSM labels. When an interface is configured with IP addresses,
the addresses and subnetwork masks will be appended to the NetLabel Fallback
Peer Labeling rules. They will be removed when the interface is
deconfigured. Failures to manage the labels will be ignored.

Example:
```
[DHCP]
NetLabel=system_u:object_r:localnet_peer_t:s0
```

With the above rules for interface `eth0`, when the interface is configured with
an IPv4 address of 10.0.0.0/8, `systemd-networkd` performs the equivalent of
`netlabelctl` operation

```
$ sudo netlabelctl unlbl add interface eth0 address:10.0.0.0/8 label:system_u:object_r:localnet_peer_t:s0
```

Result:
```
$ sudo netlabelctl -p unlbl list
...
 interface: eth0
   address: 10.0.0.0/8
    label: "system_u:object_r:localnet_peer_t:s0"
...
```
2022-06-06 18:24:10 +00:00
Yu Watanabe
98406eda8a network/erspan: support erspan version 0 and 2
This also makes networkd accepts erspan index 0.

Closes #23570.
2022-06-01 04:02:48 +09:00
Yu Watanabe
89b6a3f13e sd-bus: fix buffer overflow
Fixes #23486.
2022-05-28 10:06:14 +02:00
Yu Watanabe
7d3f2499b8
Merge pull request #23464 from bnf/update-wiki-links
tree-wide: replace obsolete wiki links with systemd.io/manpages
2022-05-21 23:48:58 +09:00
Benjamin Franzke
92897d768d tree-wide: replace obsolete wiki links with systemd.io/manpages
All wiki pages that contain a deprecation banner
pointing to systemd.io or manpages are updated to
point to their replacements directly.

Helpful command for identification of available links:
git grep freedesktop.org/wiki | \
    sed "s#.*\(https://www.freedesktop.org/wiki[^ $<'\\\")]*\)\(.*\)#\\1#" | \
    sort | uniq
2022-05-21 14:29:14 +02:00
Zbigniew Jędrzejewski-Szmek
eb164c51ea resolved: use strv_extend_with_size() to avoid slow parsing of /etc/hosts
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43942 is a simple case
where a repeated entry generates a timeout. I didn't import that case, but
generated a simpler one by hand.

$ time build/fuzz-etc-hosts test/fuzz/fuzz-etc-hosts/timeout-many-entries
test/fuzz/fuzz-etc-hosts/timeout-many-entries... ok
build/fuzz-etc-hosts test/fuzz/fuzz-etc-hosts/timeout-many-entries  3.17s (old)
  ↓
build/fuzz-etc-hosts test/fuzz/fuzz-etc-hosts/timeout-many-entries  0.11s (new)

I considered simply disallowing too many aliases. E.g. microsoft appearently
sometimes ignores entries after the ninth [1], and other systems set stringent
limits [2,3], but the recommended way to get around that is to simply use more
lines (as is done in the sample), so this wouldn't change anything.

Even if we cannot put all those names in a reply packet, the resolution from
the alias to the address should work. I think cases where people define lots
and lots of aliases through some programmatic interface is realistic, for
example for a blocklist, and such a file shouldn't bring resolved down to its
knees.

[1] https://superuser.com/questions/932112/is-there-a-maximum-number-of-hostname-aliases-per-line-in-a-windows-hosts-file
[2] https://library.netapp.com/ecmdocs/ECMP1516135/html/GUID-C6F3B6D1-232D-44BB-A76C-3304C19607A3.html
[3] https://www.ibm.com/docs/en/zos/2.1.0?topic=optional-creating-etchosts
2022-05-20 15:18:28 +02:00
Yu Watanabe
72db29beb5 fuzz: drop too large input
The original issue oss-fuzz#10734 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10734)
is that just the file size is too large, and not a issue in functions
tested by the fuzzer. It is not necessary to include the testcase.

Follow-up for c4f883b78e.

Fixes #23390.
2022-05-16 00:25:18 +01:00
Yu Watanabe
97cda6e10f
Merge pull request #23335 from keszybz/fuzz-json-more-coverage
More coverage in fuzz-json
2022-05-11 02:12:57 +09:00
Zbigniew Jędrzejewski-Szmek
99b1145aae shared/json: fix memleak in sort 2022-05-10 17:08:37 +02:00
Zbigniew Jędrzejewski-Szmek
3b6ce05537 shared/json: fix another memleak in normalization 2022-05-10 17:08:37 +02:00
Zbigniew Jędrzejewski-Szmek
8e1e59b9ad shared/calendarspec: fix formatting of entries which collapse to a star
We canonicalize repeats that cover the whole range: "0:0:0/1" → "0:0:*".  But
we'd also do "0:0:0/1,0" → "0:0:*,0", which we then refuse to parse.  Thus,
first go throug the whole chain, and print a '*' and nothing else if any of the
components covers the whole range.
2022-05-10 14:35:57 +02:00
Zbigniew Jędrzejewski-Szmek
3aff2ae9d5 shared/calendarspec: fix printing of second ranges which start with 0
0..3 is not the same as 0..infinity, we need to check both ends of the range.
This logic was added in 3215e35c40, and back then
the field was called .value. .stop was added later and apparently wasn't taken
into account here.
2022-05-10 13:06:32 +02:00
Zbigniew Jędrzejewski-Szmek
8e6e3ac7d1 fuzz-calendarspec: increase coverage by calculating occurences
Coverage data shows that we didn't test calendar_spec_next_usec() and
associated functions at all.

The input samples so far were only used until the first NUL. We take advantage
of that by using the part until the second NUL as the starting timestamp,
retaining backwards compatibility for how the first part is used.
2022-05-10 13:06:32 +02:00
Zbigniew Jędrzejewski-Szmek
262037f0b1 fuzz-calendarspec: add input sample with a list of weekdays and all syntax characters
This should make the fuzzer searches start off a bit better.
2022-05-10 13:06:32 +02:00
Zbigniew Jędrzejewski-Szmek
7e4be6a584 shared/json: fix memory leak on failed normalization
We need to increase the counter immediately after taking the ref,
otherwise we may not unref it properly if we fail before incrementing.
2022-05-10 12:58:49 +02:00
Zbigniew Jędrzejewski-Szmek
d4f72d104f shared/bootspec: add missing terminator to table 2022-05-08 17:58:00 +02:00
Zbigniew Jędrzejewski-Szmek
a89dd095e1 fuzz-bootspec: also add loader autoentries 2022-05-08 17:58:00 +02:00
Zbigniew Jędrzejewski-Szmek
13dcfbd32d fuzz-bootspec: one more test case that was fixed in strv code 2022-05-08 17:58:00 +02:00
Zbigniew Jędrzejewski-Szmek
b6bd2562eb shared/bootspec: avoid crashing on config without a value 2022-05-08 17:58:00 +02:00
Zbigniew Jędrzejewski-Szmek
1409ce6ed2 Add fuzzer for the bootspec parser 2022-05-08 17:58:00 +02:00
Zbigniew Jędrzejewski-Szmek
41d992cf51 fuzz-network-parser: drop ".network" and shorten names
All fuzzer inputs as .network files. Some had the suffix, others didn't.
So drop it everywhere, and also shorten some other names.
2022-05-04 12:57:48 +02:00
Zbigniew Jędrzejewski-Szmek
a5398c774b fuzz: rename test cases for brevity and meaning
Those long indentifiers make test output very wide, and they are ultimately
not very useful for humans to look at. Let's use some short string to identify
the test failure instead.
2022-05-04 11:51:15 +02:00
Yu Watanabe
96d96ec4e7 network: tunnel: handle null address as "any"
Fixes oss-fuzz#44881 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44881).

Fixes #23098.
2022-04-17 09:31:30 +09:00
Eduard Tolosa
bb5824c9ab
Add ConditionCPUFeature to load-fragment-gperf.gperf (#23076)
Fixes #23075
2022-04-14 15:30:03 +09:00
Yu Watanabe
ec4954d934 network: rename netdev kind virtual-wlan -> wlan
The Kind= setting in [Match] section of .network files takes "wlan".
This makes the same setting in .netdev files matches the one in .network
files.
2022-03-28 23:53:12 +09:00
Zbigniew Jędrzejewski-Szmek
8e1fc5d939 fuzz: rename fuzz-dhcp-server-relay-message to fuzz-dhcp-server-relay
We can only relay messages, so we can make the name shorter without
losing informational value. This makes meson test output look better.
2022-03-21 11:43:47 +01:00
Zbigniew Jędrzejewski-Szmek
8e2131bfae fuzz: rename the longest test samples
"meson test" uses a test name generated from the file name and those long names
cause the test log output to exceed terminal width which looks bad. Let's replace
some long names with more-meaningful names that actually say something about
the tests.
2022-03-21 11:42:35 +01:00
Yu Watanabe
6278e42878 network: dhcp: rename NextServer= and Filename= settings
And make the settings configures DHCP option 66 and 67.

Follow-ups for #22615.
Fixes #22661.
2022-03-11 10:14:57 +09:00
Yu Watanabe
369ac19243 network: add NextServer= and Filename= setting to [DHCPServer] section
Closes #4403.
2022-02-25 02:45:47 +09:00
Frantisek Sumsal
80ff956704
Merge pull request #22591 from evverx/no-deps
ci: build systemd without optional dependencies
2022-02-23 09:27:41 +00:00
Evgeny Vereshchagin
fb53316fde meson: pass skip-deps on to the fuzzers as well
they should be tested without optional dependecines as well. CIFuzz
kind of covers that but let's just make sure local builds are fine as
well.
2022-02-22 17:50:14 +00:00
Luca Boccassi
aff3a9e1fa watchdog: add setting to configure pretimeout governor 2022-02-22 17:19:54 +00:00
Curtis Klein
5717062e93 watchdog: Add watchdog pretimeout support
Add support for managing and configuring watchdog pretimeout values if
the watchdog hardware supports it. The ping interval is adjusted to
account for a pretimeout so that it will still ping at half the timeout
interval before a pretimeout event would be triggered. By default the
pretimeout defaults to 0s or disabled.

The RuntimeWatchdogPreSec config option is added to allow the pretimeout
to be specified (similar to RuntimeWatchdogSec). The
RuntimeWatchdogPreUSec dbus property is added to override the pretimeout
value at runtime (similar to RuntimeWatchdogUSec). Setting the
pretimeout to 0s will disable the pretimeout.
2022-02-22 17:19:54 +00:00
Yu Watanabe
65022cd7ab network,udev/net: add Kind= settings in [Match] section
This may be useful for writing .network or .link files matching with
virtual interfaces.

Closes #22541.
2022-02-17 23:10:26 +09:00
Yu Watanabe
cc46d3be68
Merge pull request #22502 from yuwata/udev-net-virtual-wlan-interface
network: add virtual wlan interface support
2022-02-16 23:03:52 +09:00
Yu Watanabe
dedf2d0054 network: add support to create wlan virtual interface
Closes #18977.
2022-02-15 23:24:55 +09:00
Yu Watanabe
7b53d3ead3 fuzz-dhcp6-client: merge with fuzz-dhcp6-client-send 2022-02-14 15:02:33 +09:00
Alvin Šipraga
19ff06b3a4
udev/net: support Match.Firmware= in .link files (#22462)
In cbcdcaaa0e ("Add support for conditions on the machines firmware")
a new Firmware= directive was added for .netdev and .network files.
While it was also documented to work on .link files, in actual fact the
support was missing. Add that one extra line to make it work, and also
update the fuzzer directives.
2022-02-10 16:19:28 +09:00
Santa Wiryaman
97f27f8a16 Add support for isolated parameter
Add the "Isolated" parameter in the *.network file, e.g.,

[Bridge]
Isolated=true|false

When the Isolated parameter is true, traffic coming out of this port
will only be forward to other ports whose Isolated parameter is false.

When Isolated is not specified, the port uses the kernel default
setting (false).

The "Isolated" parameter was introduced in Linux 4.19.
See man bridge(8) for more details.
But even though the kernel and bridge/iproute2 recognize the "Isolated"
parameter, systemd-networkd did not have a way to set it.
2022-02-09 17:37:37 +09:00
Yu Watanabe
18f84f8aba udev/net: support to set MDI-X mode
Closes #22386.
2022-02-08 15:47:46 +00:00
Anita Zhang
d83923bdb7
Merge pull request #22355 from yuwata/network-tunnel-external
network: tunnel: support external mode
2022-02-03 14:20:43 -08:00
Evgeny Vereshchagin
be496d6a9b tests: pass FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION to fuzzers
to let them use reproducible identifiers, which should make it possible
to really use files copied from OSS-Fuzz to reproduce issues on
GHActions and locally. Prompted by https://github.com/systemd/systemd/pull/22365
2022-02-03 08:56:00 +00:00
Evgeny Vereshchagin
697bb76589 tests: fuzz client_send_message
to make sure outgoing packets based on incoming packets are fine.
It's just another follow-up to
https://github.com/systemd/systemd/pull/10200.
Better late than never :-)
2022-02-03 13:43:49 +09:00
Yu Watanabe
1ae308abb5 network: tunnel: support external mode
Closes #22352.
2022-02-03 11:12:01 +09:00
Evgeny Vereshchagin
998ec39b1d tests: add a file triggering a memory leak in dhcp_lease_parse_search_domains 2022-01-29 03:19:53 +00:00
Evgeny Vereshchagin
4158af3651 tests: fuzz client_handle_offer
Turns out that part of systemd isn't covered by any fuzz targets and
that's not ideal considering that it parses data sent remotely. The
fuzzer triggers an infinite loop in lease_parse_routes as soon as it
starts so it seems to be working :-)
```
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 23620602
INFO: Loaded 2 modules   (182073 inline 8-bit counters): 176548 [0x7fdf511fc8d0, 0x7fdf51227a74), 5525 [0x5f6ef0, 0x5f8485),
INFO: Loaded 2 PC tables (182073 PCs): 176548 [0x7fdf51227a78,0x7fdf514d94b8), 5525 [0x5f8488,0x60ddd8),
./build/fuzz-dhcp-client: Running 1 inputs 1 time(s) each.
Running: test/fuzz/fuzz-dhcp-client/timeout-ed34161922c7075c4773f2ada3dee8685d220980
ALARM: working on the last Unit for 31 seconds
       and the timeout value is 30 (use -timeout=N to change)
==80731== ERROR: libFuzzer: timeout after 31 seconds
    #0 0x51b32e in __sanitizer_print_stack_trace (/home/vagrant/systemd/build/fuzz-dhcp-client+0x51b32e)
    #1 0x4689e9 in fuzzer::PrintStackTrace() (/home/vagrant/systemd/build/fuzz-dhcp-client+0x4689e9)
    #2 0x44a0f4 in fuzzer::Fuzzer::StaticAlarmCallback() (/home/vagrant/systemd/build/fuzz-dhcp-client+0x44a0f4)
    #3 0x7fdf4f8b474f  (/lib64/libc.so.6+0x4274f)
    #4 0x465fee in __sanitizer_cov_trace_const_cmp4 (/home/vagrant/systemd/build/fuzz-dhcp-client+0x465fee)
    #5 0x57eee5 in lease_parse_routes /home/vagrant/systemd/build/../src/libsystemd-network/sd-dhcp-lease.c:495:23
    #6 0x57baf3 in dhcp_lease_parse_options /home/vagrant/systemd/build/../src/libsystemd-network/sd-dhcp-lease.c:701:21
    #7 0x572450 in parse_options /home/vagrant/systemd/build/../src/libsystemd-network/dhcp-option.c:348:33
    #8 0x571cea in dhcp_option_parse /home/vagrant/systemd/build/../src/libsystemd-network/dhcp-option.c:381:21
    #9 0x559a01 in client_handle_offer /home/vagrant/systemd/build/../src/libsystemd-network/sd-dhcp-client.c:1543:13
    #10 0x5592bd in LLVMFuzzerTestOneInput /home/vagrant/systemd/build/../src/libsystemd-network/fuzz-dhcp-client.c:78:9
    #11 0x44a379 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/vagrant/systemd/build/fuzz-dhcp-client+0x44a379)
    #12 0x42ae1f in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/vagrant/systemd/build/fuzz-dhcp-client+0x42ae1f)
    #13 0x432ade in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/vagrant/systemd/build/fuzz-dhcp-client+0x432ade)
    #14 0x421f86 in main (/home/vagrant/systemd/build/fuzz-dhcp-client+0x421f86)
    #15 0x7fdf4f89f55f in __libc_start_call_main (/lib64/libc.so.6+0x2d55f)
    #16 0x7fdf4f89f60b in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x2d60b)
    #17 0x421fd4 in _start (/home/vagrant/systemd/build/fuzz-dhcp-client+0x421fd4)

SUMMARY: libFuzzer: timeout
```
2022-01-29 00:59:56 +00:00
Yu Watanabe
71df50a973 sd-dhcp-server: refuse too large packet to send
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44134.
2022-01-28 10:22:53 +00:00
Evgeny Vereshchagin
b28d06e059 tests: fuzz dhcp_server_relay_message
It's a follow-up to https://github.com/systemd/systemd/pull/19384 where
dhcp_server_relay_message was introduced.

This PR was prompted by https://github.com/systemd/systemd/pull/22236#issuecomment-1020113269
for the most part.
2022-01-27 13:49:36 +09:00
Yu Watanabe
0590f1b58c fuzz-dhcp-server: duplicate input data
As `dhcp_server_handle_message()` -> `ensure_sane_request()` may modify
the input data, and that causes error in some fuzzing engine.
2022-01-24 19:37:37 +09:00
Yu Watanabe
a596631808 fuzz: add testcases of heap-buffer-overflow for sd-dhcp-server 2022-01-24 04:52:33 +09:00
Luca Boccassi
a07b992606 core: add ExtensionDirectories= setting
Add a new setting that follows the same principle and implementation
as ExtensionImages, but using directories as sources.
It will be used to implement support for extending portable images
with directories, since portable services can already use a directory
as root.
2022-01-21 22:53:12 +09:00
Yu Watanabe
41ce9d769d udev/net: allow to set number of SR-IOV virtual functions
This adds SR-IOVVirtualFunctions= setting in [Link] section.
2022-01-19 15:00:53 +09:00
Yu Watanabe
bd29dfef8b udev/net: also support [SR-IOV] section in .link files
The same section is already supported by .network files. But such
low-level inteerface setting should be done by udevd, instead of
networkd. Let's also support the same semantics by .link files.

Prompted by https://github.com/systemd/systemd/issues/20474#issuecomment-901901360.
2022-01-19 15:00:49 +09:00
Jan Janssen
3a469802f4 meson: Use echo to list files
No need to invoke ls when we are just interested in file names.
Also, the cd to source root makes the output identical to
"git ls-files" (relative instead of absolute paths).
2022-01-11 14:56:33 +01:00
Jan Janssen
68a06b3cdf meson: Add check argument to remaining run_command() calls 2022-01-11 14:56:30 +01:00
Frantisek Sumsal
7847b54814 test: build fuzzers with --werror if set
to catch issues like systemd/systemd#21996.
2022-01-04 18:49:56 +03:00
Luca Boccassi
47dba9fb09 path unit: add TriggerLimitBurst= and TriggerLimitIntervalSec=
Given there's now a default for these settings, also allow users to configure
them, matching socket units
2021-12-18 23:17:53 +00:00
Jan Janssen
d2a58f0edb meson: Drop meson version compare for fuzz test
We are depending on meson >= 0.53.2 now, so this check can be dropped.
2021-12-12 11:51:03 +09:00
Yu Watanabe
e49bad0179 network: dhcp-pd: add 6rd support
Closes #19152.
2021-12-07 20:33:16 +09:00
Yu Watanabe
a27588d4e7 network: dhcp-pd: rename [DHCPv6PrefixDelegation] -> [DHCPPrefixDelegation]
This just changes the names of settings, variables, functions, files, and so on.
No functionality is changed.

Preparation for supporting 6rd.
2021-12-07 20:30:30 +09:00
Yu Watanabe
2d00239cbe network: dhcp6pd: always use main route table for unreachable route
This mostly reverts e47bcb7d0b.
2021-12-07 18:35:30 +09:00
Yu Watanabe
72e65e6ffd network: add support to configure IPoIB interfaces 2021-12-05 00:18:58 +09:00
Yu Watanabe
b90d0f83b2 network/netdev: add support to create IPoIB subinterface 2021-12-04 15:06:58 +09:00
Luca Boccassi
81513b382b core: add Condition[Memory/CPU/IO]Pressure
By default checks PSI on /proc/pressure, and causes a unit to be skipped
if the threshold is above the given configuration for the avg300
measurement.
Also allow to pass a custom timespan, and a particular slice unit to
check under.

Fixes #20139
2021-12-01 09:53:18 +01:00
Yu Watanabe
e908434458 network: wireguard: automatically configure routes to addresses specified in AllowedIPs=
Closes #14176.
2021-12-01 04:00:11 +09:00
Andrew Stone
7c5cef2211 core/automount: Add ExtraOptions field 2021-11-23 09:44:35 +01:00
Slava Bacherikov
af493fb742 network: Add SuppressInterfaceGroup= into routing policy
This adds SuppressInterfaceGroup= option in the [RoutingPolicyRule] section
which has the same semantics as suppress_ifgroup in `ip rule` command.
2021-11-16 01:54:07 +09:00
Yu Watanabe
e5a7570188
Merge pull request #21226 from yuwata/network-tc-cake
network: add several CAKE settings
2021-11-09 14:18:41 +09:00