1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-23 21:35:11 +03:00
Commit Graph

144 Commits

Author SHA1 Message Date
Yu Watanabe
75eed300a9 network: Allow IFF_VNET_HDR to also be set for tun devices
f5f07dbf06 adds VnetHeader= for tap
devices, but the flag is also used for tun devices.
This adds VnetHeader= setting in [Tun] section.
2019-05-22 17:58:46 +09:00
Susant Sahani
e520ce6440 networkd: Ability to selectively ignore IPv6 prefixes supplied via router advertisement
Closes https://github.com/systemd/systemd/issues/10647
2019-05-19 22:23:06 +09:00
Yu Watanabe
e7b621ee1f
Merge pull request #12586 from ssahani/route-properties
Route properties
2019-05-18 10:31:37 +09:00
Susant Sahani
9b88f20aba networkd: route add MPLS TTL propagate 2019-05-18 10:30:41 +09:00
Susant Sahani
8f02c9b085 networkd: FOU netdev add support to configure peer port 2019-05-18 10:25:36 +09:00
Zbigniew Jędrzejewski-Szmek
be44e09162 shared/varlink: add missing setting of output_buffer_allocated
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14708,
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14735,
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14725,
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14720,
and probably others.
2019-05-17 15:09:32 +02:00
Yu Watanabe
8688c29b5a varlink: initialize Varlink with 0
Closes oss-fuzz#14688.
2019-05-16 18:51:33 +02:00
Yu Watanabe
db439337f9
Merge pull request #12576 from ssahani/fou
networkd: FOU tunnel support Local and Peer tunnel addresses
2019-05-16 05:10:35 +02:00
Susant Sahani
4502a61c8a networkd: FOU tunnel support Local and Peer tunnel addresses 2019-05-16 10:24:48 +09:00
Susant Sahani
69c317a07f networkd: introduce netdev ipvtap
This patch adds netdev ipvtap that is based on the
IP-VLAN network interface, called ipvtap. An ipvtap device can be created
in the same way as an ipvlan device, using 'kind ipvtap', and then accessed
using the tap user space interface.
2019-05-16 09:48:53 +09:00
Yu Watanabe
5d5003ab35 network: add DefaultRouteOnDevice= setting in [Network] section
When enabled, then default route bound to the interface will be created.
This is useful when adding routes on point-to-point interfaces.

Closes #788.
2019-05-15 12:44:30 +09:00
Yu Watanabe
6e114a2475
Merge pull request #12555 from ssahani/route-properties
networkd: route add support to configure fastopen_no_cookie
2019-05-14 09:03:52 +02:00
Susant Sahani
1501b429a9 networkd: DHCP client add support to send RELEASE packet
closes #10820
2019-05-14 09:03:01 +02:00
Susant Sahani
633c725865 networkd: route add support to configure fastopen_no_cookie
This patch adds fastopen_no_cookie option to enable/disable TCP fastopen
without a cookie on a per-route basis.
2019-05-14 08:08:36 +05:30
Susant Sahani
bdb397ed10 networkd: bridge FDB support more NTF_* flags
Add support to configure NTF_ROUTER and NTF_USE
2019-05-14 02:24:51 +02:00
Yu Watanabe
cd43199671
Merge pull request #12520 from ssahani/geneve
networkd: Geneve add DF feature and allow TTL to bechosen by kernel
2019-05-10 19:47:19 +02:00
Susant Sahani
aac350192b networkd: Geneve add support configure IP don't fragment 2019-05-10 22:45:26 +09:00
Yu Watanabe
5af7bc6f4c
Merge pull request #12480 from ssahani/proxy-arp
network: bridge add support to configure proxy ARP/WIFI
2019-05-10 15:30:41 +02:00
Susant Sahani
727b573418 networkd: Add support for blacklisting servers
closes #6260

fuzzer: Add DHCP support for blacklisting servers
2019-05-10 15:29:55 +02:00
Lennart Poettering
d768467563 fuzzer: add varlink fuzzer 2019-05-09 14:14:20 -04:00
Susant Sahani
0fadb2a46f network: add support to configure proxy ARP/WIFI 2019-05-09 15:03:04 +09:00
Susant Sahani
1189c00a3c networkd: VXLAN add support to configure IP Don't fragment.
Allow users to set the IPv4 DF bit in outgoing packets, or to inherit its
value from the IPv4 inner header. If the encapsulated protocol is IPv6 and
DF is configured to be inherited, always set it.
2019-05-09 06:40:33 +02:00
Susant Sahani
1087623bac networkd: Add support to configure proxy ARP and proxy ARP Wifi 2019-05-09 01:44:26 +02:00
Zbigniew Jędrzejewski-Szmek
d1c377da0d
Merge pull request #12489 from ssahani/vxlan
networkd: VXLAN rename Id to VNI
2019-05-08 12:02:54 +02:00
Susant Sahani
61b824c561 networkd: bridge fdb add support to configure VXLAN VNI 2019-05-08 03:43:43 +02:00
Zbigniew Jędrzejewski-Szmek
29e19a6f19 fuzz: fix spelling of MACsec and MACAddress in the corpus 2019-05-08 06:53:07 +05:30
Susant Sahani
4cc0fd7531 networkd: VXLAN add support to configure Generic Protocol Extension
See https://tools.ietf.org/html/draft-ietf-nvo3-vxlan-gpe-07
2019-05-08 06:52:42 +05:30
Zbigniew Jędrzejewski-Szmek
9175aabfb6
Merge pull request #12481 from ssahani/dhcp-max-retry
networkd: Allow DHCP4 client to set the number to attempt to configure/reconfigure
2019-05-07 19:58:40 +02:00
Susant Sahani
6f213e4a34 networkd: VXLAN rename Id to VNI
It makes more sense to call VXLAN ID as

1. the VXLAN Network Identifier (VNI) (or VXLAN Segment ID)
2. test-network: rename VXLAN Id to VNI
3. fuzzer: Add VXLAN VNI directive to fuzzer
2019-05-07 20:52:11 +05:30
Susant Sahani
715cedfbf0 networkd: Allow DHCP4 client to set the number to attempt to reconfigure.
Otherwise current value is 6 and after 6 it will give up.
2019-05-07 17:12:04 +02:00
Yu Watanabe
1c30b174ed network: rename WireGuard.FwMark -> FirewallMark
For the consistency with FirewallMark= in [RoutingPolicyRule] section.
2019-05-04 17:20:23 +02:00
Susant Sahani
c2c2793f39 networkd: Add support to configure destination address for bridge FDB
Closes #5145.

Example conf:
```
[Match]
Name=vxlan1309

[BridgeFDB]
MACAddress=00:00:00:00:00:00
Destination=10.0.0.2

[BridgeFDB]
MACAddress=00:00:00:00:00:00
Destination=10.0.0.4

[BridgeFDB]
MACAddress=00:00:00:00:00:00
Destination=10.0.0.5
```
2019-05-03 06:11:52 +02:00
Jan Klötzke
dc653bf487 service: handle abort stops with dedicated timeout
When shooting down a service with SIGABRT the user might want to have a
much longer stop timeout than on regular stops/shutdowns. Especially in
the face of short stop timeouts the time might not be sufficient to
write huge core dumps before the service is killed.

This commit adds a dedicated (Default)TimeoutAbortSec= timer that is
used when stopping a service via SIGABRT. In all other cases the
existing TimeoutStopSec= is used. The timer value is unset by default
to skip the special handling and use TimeoutStopSec= for state
'stop-watchdog' to keep the old behaviour.

If the service is in state 'stop-watchdog' and the service should be
stopped explicitly we still go to 'stop-sigterm' and re-apply the usual
TimeoutStopSec= timeout.
2019-04-12 17:32:52 +02:00
Yu Watanabe
b0e13c3122 network: add MACsecTransmitAssociation.UseForEncoding= setting 2019-04-12 10:12:42 +09:00
Yu Watanabe
a7b9c52f1f network: add MACsec*Association.Activate= setting 2019-04-12 10:12:42 +09:00
Yu Watanabe
eb4705fb36 network: add MACsec*Association.KeyFile= setting 2019-04-12 10:12:42 +09:00
Susant Sahani
81962db798 network: Introduce MACsec
Media Access Control Security (MACsec) is an 802.1AE IEEE
industry-standard security technology that provides secure
communication for all traffic on Ethernet links.
MACsec provides point-to-point security on Ethernet links between
directly connected nodes and is capable of identifying and preventing
most security threats, including denial of service, intrusion,
man-in-the-middle, masquerading, passive wiretapping, and playback attacks.

Closes #5754
2019-04-12 10:12:41 +09:00
Zbigniew Jędrzejewski-Szmek
f0ae945ecc bus-message: validate signature in gvariant messages
We would accept a message with 40k signature and spend a lot of time iterating
over the nested arrays. Let's just reject it early, as we do for !gvariant
messages.
2019-04-11 14:01:38 +02:00
Yu Watanabe
86a3d44de5 network: fix use-of-uninitialized-value or null dereference
This fixes a bug introduced by 6ef5c881dd.

Fixes oss-fuzz#14157 and oss-fuzz#14158.
2019-04-10 18:18:11 +09:00
Zbigniew Jędrzejewski-Szmek
52efbd8f0e
Merge pull request #12223 from yuwata/network-wireguard-preshared-key-file
network: add PresharedKeyFile= setting and make reading key file failure fatal
2019-04-09 10:52:52 +02:00
Yu Watanabe
a3945c6361 network: add WireGuardPeer.PresharedKeyFile= setting 2019-04-09 15:50:22 +09:00
Yu Watanabe
daa4aca1cb calendarspec: fix possible integer overflow
Fixes oss-fuzz#14108.
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14108
2019-04-08 00:50:07 +09:00
Lennart Poettering
f69567cbe2 core: expose SUID/SGID restriction as new unit setting RestrictSUIDSGID= 2019-04-02 16:56:48 +02:00
Yu Watanabe
4d6cd572a7 fuzz: add testcases for the bug in condition_free_list_type() 2019-03-24 00:35:39 +09:00
Zbigniew Jędrzejewski-Szmek
b2645747b7 nspawn-oci: fix double free
Also rename function to make it clear that it also frees the array
object itself.
2019-03-22 17:39:12 +01:00
Zbigniew Jędrzejewski-Szmek
b1f13b0e75 nspawn-oci: mount source is optional 2019-03-22 12:04:32 +01:00
Zbigniew Jędrzejewski-Szmek
9ddd62cda1 fuzz-nspawn-oci: add fuzzer for the oci bundle loader 2019-03-22 11:09:52 +01:00
Yu Watanabe
c7a67ba5eb fuzz: add testcase for oss-fuzz#13691 2019-03-15 23:54:30 +09:00
Yu Watanabe
5ba40bb2cc fuzz: add a testcase for oss-fuzz#13719 2019-03-15 23:47:41 +09:00
Susant Sahani
3a56e697c8 networkd: Introduce l2tp tunnel
This works allows networkd to configure l2tp tunnel.
See http://man7.org/linux/man-pages/man8/ip-l2tp.8.html
2019-03-14 10:57:41 +09:00