1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-29 21:55:36 +03:00
Commit Graph

520 Commits

Author SHA1 Message Date
Yu Watanabe
7b53d3ead3 fuzz-dhcp6-client: merge with fuzz-dhcp6-client-send 2022-02-14 15:02:33 +09:00
Alvin Šipraga
19ff06b3a4
udev/net: support Match.Firmware= in .link files (#22462)
In cbcdcaaa0e ("Add support for conditions on the machines firmware")
a new Firmware= directive was added for .netdev and .network files.
While it was also documented to work on .link files, in actual fact the
support was missing. Add that one extra line to make it work, and also
update the fuzzer directives.
2022-02-10 16:19:28 +09:00
Santa Wiryaman
97f27f8a16 Add support for isolated parameter
Add the "Isolated" parameter in the *.network file, e.g.,

[Bridge]
Isolated=true|false

When the Isolated parameter is true, traffic coming out of this port
will only be forward to other ports whose Isolated parameter is false.

When Isolated is not specified, the port uses the kernel default
setting (false).

The "Isolated" parameter was introduced in Linux 4.19.
See man bridge(8) for more details.
But even though the kernel and bridge/iproute2 recognize the "Isolated"
parameter, systemd-networkd did not have a way to set it.
2022-02-09 17:37:37 +09:00
Yu Watanabe
18f84f8aba udev/net: support to set MDI-X mode
Closes #22386.
2022-02-08 15:47:46 +00:00
Anita Zhang
d83923bdb7
Merge pull request #22355 from yuwata/network-tunnel-external
network: tunnel: support external mode
2022-02-03 14:20:43 -08:00
Evgeny Vereshchagin
be496d6a9b tests: pass FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION to fuzzers
to let them use reproducible identifiers, which should make it possible
to really use files copied from OSS-Fuzz to reproduce issues on
GHActions and locally. Prompted by https://github.com/systemd/systemd/pull/22365
2022-02-03 08:56:00 +00:00
Evgeny Vereshchagin
697bb76589 tests: fuzz client_send_message
to make sure outgoing packets based on incoming packets are fine.
It's just another follow-up to
https://github.com/systemd/systemd/pull/10200.
Better late than never :-)
2022-02-03 13:43:49 +09:00
Yu Watanabe
1ae308abb5 network: tunnel: support external mode
Closes #22352.
2022-02-03 11:12:01 +09:00
Evgeny Vereshchagin
998ec39b1d tests: add a file triggering a memory leak in dhcp_lease_parse_search_domains 2022-01-29 03:19:53 +00:00
Evgeny Vereshchagin
4158af3651 tests: fuzz client_handle_offer
Turns out that part of systemd isn't covered by any fuzz targets and
that's not ideal considering that it parses data sent remotely. The
fuzzer triggers an infinite loop in lease_parse_routes as soon as it
starts so it seems to be working :-)
```
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 23620602
INFO: Loaded 2 modules   (182073 inline 8-bit counters): 176548 [0x7fdf511fc8d0, 0x7fdf51227a74), 5525 [0x5f6ef0, 0x5f8485),
INFO: Loaded 2 PC tables (182073 PCs): 176548 [0x7fdf51227a78,0x7fdf514d94b8), 5525 [0x5f8488,0x60ddd8),
./build/fuzz-dhcp-client: Running 1 inputs 1 time(s) each.
Running: test/fuzz/fuzz-dhcp-client/timeout-ed34161922c7075c4773f2ada3dee8685d220980
ALARM: working on the last Unit for 31 seconds
       and the timeout value is 30 (use -timeout=N to change)
==80731== ERROR: libFuzzer: timeout after 31 seconds
    #0 0x51b32e in __sanitizer_print_stack_trace (/home/vagrant/systemd/build/fuzz-dhcp-client+0x51b32e)
    #1 0x4689e9 in fuzzer::PrintStackTrace() (/home/vagrant/systemd/build/fuzz-dhcp-client+0x4689e9)
    #2 0x44a0f4 in fuzzer::Fuzzer::StaticAlarmCallback() (/home/vagrant/systemd/build/fuzz-dhcp-client+0x44a0f4)
    #3 0x7fdf4f8b474f  (/lib64/libc.so.6+0x4274f)
    #4 0x465fee in __sanitizer_cov_trace_const_cmp4 (/home/vagrant/systemd/build/fuzz-dhcp-client+0x465fee)
    #5 0x57eee5 in lease_parse_routes /home/vagrant/systemd/build/../src/libsystemd-network/sd-dhcp-lease.c:495:23
    #6 0x57baf3 in dhcp_lease_parse_options /home/vagrant/systemd/build/../src/libsystemd-network/sd-dhcp-lease.c:701:21
    #7 0x572450 in parse_options /home/vagrant/systemd/build/../src/libsystemd-network/dhcp-option.c:348:33
    #8 0x571cea in dhcp_option_parse /home/vagrant/systemd/build/../src/libsystemd-network/dhcp-option.c:381:21
    #9 0x559a01 in client_handle_offer /home/vagrant/systemd/build/../src/libsystemd-network/sd-dhcp-client.c:1543:13
    #10 0x5592bd in LLVMFuzzerTestOneInput /home/vagrant/systemd/build/../src/libsystemd-network/fuzz-dhcp-client.c:78:9
    #11 0x44a379 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/vagrant/systemd/build/fuzz-dhcp-client+0x44a379)
    #12 0x42ae1f in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/vagrant/systemd/build/fuzz-dhcp-client+0x42ae1f)
    #13 0x432ade in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/vagrant/systemd/build/fuzz-dhcp-client+0x432ade)
    #14 0x421f86 in main (/home/vagrant/systemd/build/fuzz-dhcp-client+0x421f86)
    #15 0x7fdf4f89f55f in __libc_start_call_main (/lib64/libc.so.6+0x2d55f)
    #16 0x7fdf4f89f60b in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x2d60b)
    #17 0x421fd4 in _start (/home/vagrant/systemd/build/fuzz-dhcp-client+0x421fd4)

SUMMARY: libFuzzer: timeout
```
2022-01-29 00:59:56 +00:00
Yu Watanabe
71df50a973 sd-dhcp-server: refuse too large packet to send
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44134.
2022-01-28 10:22:53 +00:00
Evgeny Vereshchagin
b28d06e059 tests: fuzz dhcp_server_relay_message
It's a follow-up to https://github.com/systemd/systemd/pull/19384 where
dhcp_server_relay_message was introduced.

This PR was prompted by https://github.com/systemd/systemd/pull/22236#issuecomment-1020113269
for the most part.
2022-01-27 13:49:36 +09:00
Yu Watanabe
0590f1b58c fuzz-dhcp-server: duplicate input data
As `dhcp_server_handle_message()` -> `ensure_sane_request()` may modify
the input data, and that causes error in some fuzzing engine.
2022-01-24 19:37:37 +09:00
Yu Watanabe
a596631808 fuzz: add testcases of heap-buffer-overflow for sd-dhcp-server 2022-01-24 04:52:33 +09:00
Luca Boccassi
a07b992606 core: add ExtensionDirectories= setting
Add a new setting that follows the same principle and implementation
as ExtensionImages, but using directories as sources.
It will be used to implement support for extending portable images
with directories, since portable services can already use a directory
as root.
2022-01-21 22:53:12 +09:00
Yu Watanabe
41ce9d769d udev/net: allow to set number of SR-IOV virtual functions
This adds SR-IOVVirtualFunctions= setting in [Link] section.
2022-01-19 15:00:53 +09:00
Yu Watanabe
bd29dfef8b udev/net: also support [SR-IOV] section in .link files
The same section is already supported by .network files. But such
low-level inteerface setting should be done by udevd, instead of
networkd. Let's also support the same semantics by .link files.

Prompted by https://github.com/systemd/systemd/issues/20474#issuecomment-901901360.
2022-01-19 15:00:49 +09:00
Jan Janssen
3a469802f4 meson: Use echo to list files
No need to invoke ls when we are just interested in file names.
Also, the cd to source root makes the output identical to
"git ls-files" (relative instead of absolute paths).
2022-01-11 14:56:33 +01:00
Jan Janssen
68a06b3cdf meson: Add check argument to remaining run_command() calls 2022-01-11 14:56:30 +01:00
Frantisek Sumsal
7847b54814 test: build fuzzers with --werror if set
to catch issues like systemd/systemd#21996.
2022-01-04 18:49:56 +03:00
Luca Boccassi
47dba9fb09 path unit: add TriggerLimitBurst= and TriggerLimitIntervalSec=
Given there's now a default for these settings, also allow users to configure
them, matching socket units
2021-12-18 23:17:53 +00:00
Jan Janssen
d2a58f0edb meson: Drop meson version compare for fuzz test
We are depending on meson >= 0.53.2 now, so this check can be dropped.
2021-12-12 11:51:03 +09:00
Yu Watanabe
e49bad0179 network: dhcp-pd: add 6rd support
Closes #19152.
2021-12-07 20:33:16 +09:00
Yu Watanabe
a27588d4e7 network: dhcp-pd: rename [DHCPv6PrefixDelegation] -> [DHCPPrefixDelegation]
This just changes the names of settings, variables, functions, files, and so on.
No functionality is changed.

Preparation for supporting 6rd.
2021-12-07 20:30:30 +09:00
Yu Watanabe
2d00239cbe network: dhcp6pd: always use main route table for unreachable route
This mostly reverts e47bcb7d0b.
2021-12-07 18:35:30 +09:00
Yu Watanabe
72e65e6ffd network: add support to configure IPoIB interfaces 2021-12-05 00:18:58 +09:00
Yu Watanabe
b90d0f83b2 network/netdev: add support to create IPoIB subinterface 2021-12-04 15:06:58 +09:00
Luca Boccassi
81513b382b core: add Condition[Memory/CPU/IO]Pressure
By default checks PSI on /proc/pressure, and causes a unit to be skipped
if the threshold is above the given configuration for the avg300
measurement.
Also allow to pass a custom timespan, and a particular slice unit to
check under.

Fixes #20139
2021-12-01 09:53:18 +01:00
Yu Watanabe
e908434458 network: wireguard: automatically configure routes to addresses specified in AllowedIPs=
Closes #14176.
2021-12-01 04:00:11 +09:00
Andrew Stone
7c5cef2211 core/automount: Add ExtraOptions field 2021-11-23 09:44:35 +01:00
Slava Bacherikov
af493fb742 network: Add SuppressInterfaceGroup= into routing policy
This adds SuppressInterfaceGroup= option in the [RoutingPolicyRule] section
which has the same semantics as suppress_ifgroup in `ip rule` command.
2021-11-16 01:54:07 +09:00
Yu Watanabe
e5a7570188
Merge pull request #21226 from yuwata/network-tc-cake
network: add several CAKE settings
2021-11-09 14:18:41 +09:00
Yu Watanabe
1c7a81e626 network: tc/cake: introduce UseRawPacketSize= setting 2021-11-09 10:58:44 +09:00
Yu Watanabe
35896db489 network: tc/cake: introduce SplitGSO= setting 2021-11-09 10:58:44 +09:00
Yu Watanabe
d05dce95d8 network: tc/cake: introduce Wash= setting 2021-11-09 10:58:44 +09:00
Yu Watanabe
049b66ccdd network: tc/cake: introduce FirewallMark= setting 2021-11-09 10:58:44 +09:00
Yu Watanabe
fe8e156e7a network: tc/cake: introduce PriorityQueueingProfile= setting 2021-11-09 10:58:44 +09:00
Yu Watanabe
863542e1ce network: tc/cake: introduce MPUBytes= setting 2021-11-09 10:58:44 +09:00
Yu Watanabe
4bff808648 network: tc/cake: introduce NAT= setting 2021-11-09 10:58:44 +09:00
Yu Watanabe
a049cf166c network: tc/cake: introduce FlowIsolationMode= setting 2021-11-09 10:58:44 +09:00
Yu Watanabe
b6eccfda1a network: tc/cake: introduce CompensationMode= setting 2021-11-09 10:58:44 +09:00
Yu Watanabe
025cd94e1c network: tc/cake: introduce AutoRateIngress= setting 2021-11-09 10:58:44 +09:00
Yu Watanabe
610c0db126 network: ndisc: introduce UseGateway= and UseRoutePrefix= settings
Closes #21263.
2021-11-09 08:12:36 +09:00
Zbigniew Jędrzejewski-Szmek
e2de2d28f4
Merge pull request #20813 from unusual-thoughts/exittype_v2
Reintroduce ExitType
2021-11-08 15:06:37 +01:00
Henri Chain
596e447076 Reintroduce ExitType
This introduces `ExitType=main|cgroup` for services.
Similar to how `Type` specifies the launch of a service, `ExitType` is
concerned with how systemd determines that a service exited.

- If set to `main` (the current behavior), the service manager will consider
  the unit stopped when the main process exits.

- The `cgroup` exit type is meant for applications whose forking model is not
  known ahead of time and which might not have a specific main process.
  The service will stay running as long as at least one process in the cgroup
  is running. This is intended for transient or automatically generated
  services, such as graphical applications inside of a desktop environment.

Motivation for this is #16805. The original PR (#18782) was reverted (#20073)
after realizing that the exit status of "the last process in the cgroup" can't
reliably be known (#19385)

This version instead uses the main process exit status if there is one and just
listens to the cgroup empty event otherwise.

The advantages of a service with `ExitType=cgroup` over scopes are:
- Integrated logging / stdout redirection
- Avoids the race / synchronisation issue between launch and scope creation
- More extensive use of drop-ins and thus distro-level configuration:
  by moving from scopes to services we can have drop ins that will affect
  properties that can only be set during service creation,
  like `OOMPolicy` and security-related properties
- It makes systemd-xdg-autostart-generator usable by fixing [1], as obviously
  only services can be used in the generator, not scopes.

[1] https://bugs.kde.org/show_bug.cgi?id=433299
2021-11-08 10:15:23 +01:00
Daan De Meyer
51462135fb exec: Add TTYRows and TTYColumns properties to set TTY dimensions 2021-11-05 21:32:14 +00:00
Yu Watanabe
59aa622013 network: dhcp-server: introduce Router= setting to specify router address
Closes #21202.
2021-11-03 03:15:00 +09:00
Yu Watanabe
dc5cae6c9d network: dhcp6: introduce UplinkInterface= for DHCP6 prefix delegation 2021-10-26 20:43:10 +09:00
Yu Watanabe
0f5ef9b62a network: dhcp6: introduce UseDelegatedPrefix= setting and enable by default
Previously, the prefix delegation is enabled when at least one
downstream interfaces request it. But, when the DHCPv6 client on the
upstream interface is configured, some downstream interfaces may not
exist yet, nor have .network file assigned.

Also, if a system has thousands of interfaces, then the previous logic
introduce O(n^2) search.

This makes the prefix delegation is always enabled, except when it is
explicitly disabled. Hopefully, that should not break anything, as the
DHCPv6 server should ignore the prefix delegation request if the server
do not have any prefix to delegate.
2021-10-26 20:29:08 +09:00
Zbigniew Jędrzejewski-Szmek
1d9a1215e8 gitattributes: introduce and use "generated" attribute
I want to mark some files to be ignored for licensing purposes,
e.g. output from fuzzers and other samples. By using the gitattribute
machinery for this we don't need to design a custom protocol:

$ git check-attr generated test/test-sysusers/unhappy-*
test/test-sysusers/unhappy-1.expected-err: generated: set
test/test-sysusers/unhappy-1.input: generated: unspecified
test/test-sysusers/unhappy-2.expected-err: generated: set
test/test-sysusers/unhappy-2.input: generated: unspecified
test/test-sysusers/unhappy-3.expected-err: generated: set
test/test-sysusers/unhappy-3.input: generated: unspecified
2021-10-18 09:42:55 +02:00