Yu Watanabe
75eed300a9
network: Allow IFF_VNET_HDR to also be set for tun devices
...
f5f07dbf06
adds VnetHeader= for tap
devices, but the flag is also used for tun devices.
This adds VnetHeader= setting in [Tun] section.
2019-05-22 17:58:46 +09:00
Susant Sahani
e520ce6440
networkd: Ability to selectively ignore IPv6 prefixes supplied via router advertisement
...
Closes https://github.com/systemd/systemd/issues/10647
2019-05-19 22:23:06 +09:00
Yu Watanabe
e7b621ee1f
Merge pull request #12586 from ssahani/route-properties
...
Route properties
2019-05-18 10:31:37 +09:00
Susant Sahani
9b88f20aba
networkd: route add MPLS TTL propagate
2019-05-18 10:30:41 +09:00
Susant Sahani
8f02c9b085
networkd: FOU netdev add support to configure peer port
2019-05-18 10:25:36 +09:00
Zbigniew Jędrzejewski-Szmek
be44e09162
shared/varlink: add missing setting of output_buffer_allocated
...
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14708 ,
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14735 ,
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14725 ,
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14720 ,
and probably others.
2019-05-17 15:09:32 +02:00
Yu Watanabe
8688c29b5a
varlink: initialize Varlink with 0
...
Closes oss-fuzz#14688.
2019-05-16 18:51:33 +02:00
Yu Watanabe
db439337f9
Merge pull request #12576 from ssahani/fou
...
networkd: FOU tunnel support Local and Peer tunnel addresses
2019-05-16 05:10:35 +02:00
Susant Sahani
4502a61c8a
networkd: FOU tunnel support Local and Peer tunnel addresses
2019-05-16 10:24:48 +09:00
Susant Sahani
69c317a07f
networkd: introduce netdev ipvtap
...
This patch adds netdev ipvtap that is based on the
IP-VLAN network interface, called ipvtap. An ipvtap device can be created
in the same way as an ipvlan device, using 'kind ipvtap', and then accessed
using the tap user space interface.
2019-05-16 09:48:53 +09:00
Yu Watanabe
5d5003ab35
network: add DefaultRouteOnDevice= setting in [Network] section
...
When enabled, then default route bound to the interface will be created.
This is useful when adding routes on point-to-point interfaces.
Closes #788 .
2019-05-15 12:44:30 +09:00
Yu Watanabe
6e114a2475
Merge pull request #12555 from ssahani/route-properties
...
networkd: route add support to configure fastopen_no_cookie
2019-05-14 09:03:52 +02:00
Susant Sahani
1501b429a9
networkd: DHCP client add support to send RELEASE packet
...
closes #10820
2019-05-14 09:03:01 +02:00
Susant Sahani
633c725865
networkd: route add support to configure fastopen_no_cookie
...
This patch adds fastopen_no_cookie option to enable/disable TCP fastopen
without a cookie on a per-route basis.
2019-05-14 08:08:36 +05:30
Susant Sahani
bdb397ed10
networkd: bridge FDB support more NTF_* flags
...
Add support to configure NTF_ROUTER and NTF_USE
2019-05-14 02:24:51 +02:00
Yu Watanabe
cd43199671
Merge pull request #12520 from ssahani/geneve
...
networkd: Geneve add DF feature and allow TTL to bechosen by kernel
2019-05-10 19:47:19 +02:00
Susant Sahani
aac350192b
networkd: Geneve add support configure IP don't fragment
2019-05-10 22:45:26 +09:00
Yu Watanabe
5af7bc6f4c
Merge pull request #12480 from ssahani/proxy-arp
...
network: bridge add support to configure proxy ARP/WIFI
2019-05-10 15:30:41 +02:00
Susant Sahani
727b573418
networkd: Add support for blacklisting servers
...
closes #6260
fuzzer: Add DHCP support for blacklisting servers
2019-05-10 15:29:55 +02:00
Lennart Poettering
d768467563
fuzzer: add varlink fuzzer
2019-05-09 14:14:20 -04:00
Susant Sahani
0fadb2a46f
network: add support to configure proxy ARP/WIFI
2019-05-09 15:03:04 +09:00
Susant Sahani
1189c00a3c
networkd: VXLAN add support to configure IP Don't fragment.
...
Allow users to set the IPv4 DF bit in outgoing packets, or to inherit its
value from the IPv4 inner header. If the encapsulated protocol is IPv6 and
DF is configured to be inherited, always set it.
2019-05-09 06:40:33 +02:00
Susant Sahani
1087623bac
networkd: Add support to configure proxy ARP and proxy ARP Wifi
2019-05-09 01:44:26 +02:00
Zbigniew Jędrzejewski-Szmek
d1c377da0d
Merge pull request #12489 from ssahani/vxlan
...
networkd: VXLAN rename Id to VNI
2019-05-08 12:02:54 +02:00
Susant Sahani
61b824c561
networkd: bridge fdb add support to configure VXLAN VNI
2019-05-08 03:43:43 +02:00
Zbigniew Jędrzejewski-Szmek
29e19a6f19
fuzz: fix spelling of MACsec and MACAddress in the corpus
2019-05-08 06:53:07 +05:30
Susant Sahani
4cc0fd7531
networkd: VXLAN add support to configure Generic Protocol Extension
...
See https://tools.ietf.org/html/draft-ietf-nvo3-vxlan-gpe-07
2019-05-08 06:52:42 +05:30
Zbigniew Jędrzejewski-Szmek
9175aabfb6
Merge pull request #12481 from ssahani/dhcp-max-retry
...
networkd: Allow DHCP4 client to set the number to attempt to configure/reconfigure
2019-05-07 19:58:40 +02:00
Susant Sahani
6f213e4a34
networkd: VXLAN rename Id to VNI
...
It makes more sense to call VXLAN ID as
1. the VXLAN Network Identifier (VNI) (or VXLAN Segment ID)
2. test-network: rename VXLAN Id to VNI
3. fuzzer: Add VXLAN VNI directive to fuzzer
2019-05-07 20:52:11 +05:30
Susant Sahani
715cedfbf0
networkd: Allow DHCP4 client to set the number to attempt to reconfigure.
...
Otherwise current value is 6 and after 6 it will give up.
2019-05-07 17:12:04 +02:00
Yu Watanabe
1c30b174ed
network: rename WireGuard.FwMark -> FirewallMark
...
For the consistency with FirewallMark= in [RoutingPolicyRule] section.
2019-05-04 17:20:23 +02:00
Susant Sahani
c2c2793f39
networkd: Add support to configure destination address for bridge FDB
...
Closes #5145 .
Example conf:
```
[Match]
Name=vxlan1309
[BridgeFDB]
MACAddress=00:00:00:00:00:00
Destination=10.0.0.2
[BridgeFDB]
MACAddress=00:00:00:00:00:00
Destination=10.0.0.4
[BridgeFDB]
MACAddress=00:00:00:00:00:00
Destination=10.0.0.5
```
2019-05-03 06:11:52 +02:00
Jan Klötzke
dc653bf487
service: handle abort stops with dedicated timeout
...
When shooting down a service with SIGABRT the user might want to have a
much longer stop timeout than on regular stops/shutdowns. Especially in
the face of short stop timeouts the time might not be sufficient to
write huge core dumps before the service is killed.
This commit adds a dedicated (Default)TimeoutAbortSec= timer that is
used when stopping a service via SIGABRT. In all other cases the
existing TimeoutStopSec= is used. The timer value is unset by default
to skip the special handling and use TimeoutStopSec= for state
'stop-watchdog' to keep the old behaviour.
If the service is in state 'stop-watchdog' and the service should be
stopped explicitly we still go to 'stop-sigterm' and re-apply the usual
TimeoutStopSec= timeout.
2019-04-12 17:32:52 +02:00
Yu Watanabe
b0e13c3122
network: add MACsecTransmitAssociation.UseForEncoding= setting
2019-04-12 10:12:42 +09:00
Yu Watanabe
a7b9c52f1f
network: add MACsec*Association.Activate= setting
2019-04-12 10:12:42 +09:00
Yu Watanabe
eb4705fb36
network: add MACsec*Association.KeyFile= setting
2019-04-12 10:12:42 +09:00
Susant Sahani
81962db798
network: Introduce MACsec
...
Media Access Control Security (MACsec) is an 802.1AE IEEE
industry-standard security technology that provides secure
communication for all traffic on Ethernet links.
MACsec provides point-to-point security on Ethernet links between
directly connected nodes and is capable of identifying and preventing
most security threats, including denial of service, intrusion,
man-in-the-middle, masquerading, passive wiretapping, and playback attacks.
Closes #5754
2019-04-12 10:12:41 +09:00
Zbigniew Jędrzejewski-Szmek
f0ae945ecc
bus-message: validate signature in gvariant messages
...
We would accept a message with 40k signature and spend a lot of time iterating
over the nested arrays. Let's just reject it early, as we do for !gvariant
messages.
2019-04-11 14:01:38 +02:00
Yu Watanabe
86a3d44de5
network: fix use-of-uninitialized-value or null dereference
...
This fixes a bug introduced by 6ef5c881dd
.
Fixes oss-fuzz#14157 and oss-fuzz#14158.
2019-04-10 18:18:11 +09:00
Zbigniew Jędrzejewski-Szmek
52efbd8f0e
Merge pull request #12223 from yuwata/network-wireguard-preshared-key-file
...
network: add PresharedKeyFile= setting and make reading key file failure fatal
2019-04-09 10:52:52 +02:00
Yu Watanabe
a3945c6361
network: add WireGuardPeer.PresharedKeyFile= setting
2019-04-09 15:50:22 +09:00
Yu Watanabe
daa4aca1cb
calendarspec: fix possible integer overflow
...
Fixes oss-fuzz#14108.
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14108
2019-04-08 00:50:07 +09:00
Lennart Poettering
f69567cbe2
core: expose SUID/SGID restriction as new unit setting RestrictSUIDSGID=
2019-04-02 16:56:48 +02:00
Yu Watanabe
4d6cd572a7
fuzz: add testcases for the bug in condition_free_list_type()
2019-03-24 00:35:39 +09:00
Zbigniew Jędrzejewski-Szmek
b2645747b7
nspawn-oci: fix double free
...
Also rename function to make it clear that it also frees the array
object itself.
2019-03-22 17:39:12 +01:00
Zbigniew Jędrzejewski-Szmek
b1f13b0e75
nspawn-oci: mount source is optional
2019-03-22 12:04:32 +01:00
Zbigniew Jędrzejewski-Szmek
9ddd62cda1
fuzz-nspawn-oci: add fuzzer for the oci bundle loader
2019-03-22 11:09:52 +01:00
Yu Watanabe
c7a67ba5eb
fuzz: add testcase for oss-fuzz#13691
2019-03-15 23:54:30 +09:00
Yu Watanabe
5ba40bb2cc
fuzz: add a testcase for oss-fuzz#13719
2019-03-15 23:47:41 +09:00
Susant Sahani
3a56e697c8
networkd: Introduce l2tp tunnel
...
This works allows networkd to configure l2tp tunnel.
See http://man7.org/linux/man-pages/man8/ip-l2tp.8.html
2019-03-14 10:57:41 +09:00