IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
We need to turn on /proc/sys/net/ipv4/ip_forward before the
per-interface forwarding setting is useful, hence let's propagate the
per-interface setting once to the system-wide setting.
Due to the unclear ownership rules of that flag, and the fact that
turning it on also has effects on other sysctl flags we try to minimize
changes to the flag, and only turn it on once. There's no logic to
turning it off again, but this should be fairly unproblematic as the
per-interface setting defaults to off anyway.
This introduces am AddressFamilyBoolean type that works more or less
like a booleaan, but can optionally turn on/off things for ipv4 and ipv6
independently. THis also ports the DHCP field over to it.
This adds two new settings to networkd's .network files:
IPForwarding=yes and IPMasquerade=yes. The former controls the
"forwarding" sysctl setting of the interface, thus controlling whether
IP forwarding shall be enabled on the specific interface. The latter
controls whether a firewall rule shall be installed that exposes traffic
coming from the interface as coming from the local host to all other
interfaces.
This also enables both options by default for container network
interfaces, thus making "systemd-nspawn --network-veth" have network
connectivity out of the box.
Those values are based on a file we read from disk, so we should
verify everything we receive, and make sure everything we print
is sensible.
Also, print fractional seconds for TTL.
Let's stick to generic sections that describe the general technology,
instead of specific per-object sections, unless we really have a reason
to do that otherwise.
When ICMPv6 Other information is received, enable Information request
in DHCPv6. If the DHCPv6 client already exists, only update the client
if there is a transition from Other to Managed state.
This has been requested repeatedly, so let's give it a go. We explicitly do not allow matching
on names that have already been changed (from a previous udev run, or otherwise), and matching
on unpredictable names (ethX) is discouraged (but not currently disallowed).
We also currently allow:
[Match]
Name=veth0
[Link]
Name=my-name0
SomeOtherSetting=true
Which means that the link file will be applied the first time it is invoked, but
not on subsequent invocations, which may be surprising.
This patch add support to specify path cost of the
bridge port to be configured via conf file.
Exampe: conf
file: br.netdev
[NetDev]
Name=br-test
Kind=bridge
file: br.network
[Match]
Name=em1
[Network]
Bridge=br-test
[BridgePort]
Cost=332
bridge link
2: em1 state UP : <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master
br-test state disabled priority 32 cost 332
This is the IP address of the default route on the link, if present. A
description is printed when available (the manufacturer of the gateway NIC based
on its MAC address).
In the future we should prefer LLDP information over MAC info.
If the format string contains %m, clearly errno must have a meaningful
value, so we might as well use log_*_errno to have ERRNO= logged.
Using:
find . -name '*.[ch]' | xargs sed -r -i -e \
's/log_(debug|info|notice|warning|error|emergency)\((".*%m.*")/log_\1_errno(errno, \2/'
Plus some whitespace, linewrap, and indent adjustments.
Using:
find . -name '*.[ch]' | while read f; do perl -i.mmm -e \
'local $/;
local $_=<>;
s/(if\s*\([^\n]+\))\s*{\n(\s*)(log_[a-z_]*_errno\(\s*([->a-zA-Z_]+)\s*,[^;]+);\s*return\s+\g4;\s+}/\1\n\2return \3;/msg;
print;'
$f
done
And a couple of manual whitespace fixups.
As a followup to 086891e5c1 "log: add an "error" parameter to all
low-level logging calls and intrdouce log_error_errno() as log calls
that take error numbers", use sed to convert the simple cases to use
the new macros:
find . -name '*.[ch]' | xargs sed -r -i -e \
's/log_(debug|info|notice|warning|error|emergency)\("(.*)%s"(.*), strerror\(-([a-zA-Z_]+)\)\);/log_\1_errno(-\4, "\2%m"\3);/'
Multi-line log_*() invocations are not covered.
And we also should add log_unit_*_errno().
- Rename log_meta() → log_internal(), to follow naming scheme of most
other log functions that are usually invoked through macros, but never
directly.
- Rename log_info_object() to log_object_info(), simply because the
object should be before any other parameters, to follow OO-style
programming style.
This change has two benefits:
- The format string %m will now resolve to the specified error (or to
errno if the specified error is 0. This allows getting rid of a ton of
strerror() invocations, a function that is not thread-safe.
- The specified error can be passed to the journal in the ERRNO= field.
Now of course, we just need somebody to convert all cases of this:
log_error("Something happened: %s", strerror(-r));
into thus:
log_error_errno(-r, "Something happened: %m");
We got the following error when running systemd on a device with many ports:
"rtnl: kernel receive buffer overrun
Event source 'rtnl-receive-message' returned error, disabling: No buffer space
available"
I think the kernel socket receive buffer queue should be increased. The default
value is taken from:
"/proc/sys/net/core/rmem_default", but we can overwrite it using SO_RCVBUF
socket option.
This is already done in networkd for other sockets.
For example, the bus socket (sd-bus/bus-socket.c) has a receive queue of 8MB.
In our case, the default is 208KB.
Increasing the buffer receive queue for manager socket to 512KB should be enough
to get rid of the above error.
[tomegun: bump the limit even higher to 8M]
For IPv6, the kernel returns EINVAL if a route is added with the
RTA_GATEWAY attribute set to in6addr_any (::). A route without a
gateway is useful in some situations, such as layer 3 tunneling
(sit, gre, etc.).
This patch prevents the RTA_GATEWAY attribute from being added
when route.in_addr is ip6addr_any (::).
Like Infiniband. See RFC 4390 section 2.1 for details on DHCP
and Infiniband; chaddr is zeroed, hlen is set to 0, and htype
is set to ARPHRD_INFINIBAND because IB hardware addresses
are 20 bytes in length.
systemctl would print 'CPUQuotaPerSecUSec=(null)' for no limit. This
does not look right.
Since USEC_INFINITY is one of the valid values, format_timespan()
could return NULL, and we should wrap every use of it in strna() or
similar. But most callers didn't do that, and it seems more robust to
return a string ("infinity") that makes sense most of the time, even
if in some places the result will not be grammatically correct.
sd_bus_message_get_errno can currently return either a number of
different poitive errno values (from bus-error-mapping), or a negative
EINVAL if passed null as parameter.
The check for null parameter was introduced in 40ca29a137
at the same as the function was renamed from bus_message_to_errno and
made public API. Before becoming public the function used to return
only negative values.
It is weird to have a function return both positive and negative errno
and it generally looks like a mistake. The function is guarded by the
--enable-kdbus flags so I wonder if we still have time to fix it up?
It does not have any documentation yet. However, except for a few details
it is just a convenient way to call sd_bus_error_get_errno which is documented
to return only positive errno.
This patch makes it return only positive errno and fixes up the two
calls to the function that tried to cope with both positive and negative
values.
It is redundant to store 'hash' and 'compare' function pointers in
struct Hashmap separately. The functions always comprise a pair.
Store a single pointer to struct hash_ops instead.
systemd keeps hundreds of hashmaps, so this saves a little bit of
memory.
This lets the routing metric for links to be specified per-network,
still defaulting to DHCP_ROUTE_METRIC (1024) if unspecified. Hopefully
this helps with multiple interfaces configured via DHCP.
This makes DHCPv4 and IPv4LL coexist peacefully.
[tomegun: apply to both the dhcp routes, use in_addr_is_null() rather than a
separate variable to indicate when prefsrc should be applied]
As the comment says, the passed in callback must always be invoked, or the underlying link
will hang. This was missed when reworking the code, so add it back in.
We are only guaranteed to stay in ENSLAVING state whilst enslaving by bridges/bonds, not
when adding stacked devices (as then the underlying device can be IFF_UP'ed and configured
in parallel), so drop these asserts.
The interface for creating tuntap devices should be ported to rtnl so it would support the same settings
as other kinds. In the meantime, the best one can do is to drop in a .link file to set the desired options.
This is primarily important for the domains list, as we really should
prefer the locally configured domain over the dhcp supplied ones when we
use it as a search list.
For now this only exposes the domain name (DHCP Option 15), and not
the search string (DHCP Option 119), which will be implemented in
a follow-up patch.
It is useful to color in the admin state both to easily spot failed links, but also to quickly
distinguish between links that are fully configured and in degraded mode (only IPv4LL) or in
degraded mode and still waiting for DHCP.
This is the state when we are waiting for udev to initialize the device, and waiting for
libudev and rtnl to be in sync. In the future we probably will also be waiting for nl80211.
At this point we do not yet have enough information to know whether or not networkd should
be handling the device.
This causes machines without connectivity to hang where they would otherwise fail. Keep it
opt-in for now, but consider whether we sholud just drop it.
In contrast to the DHCP/IPv4LL/ICMP6 APIs sd-network is not a protocol
implementation but a client API for networkd, hence move it into
libsystemd proper.
The networkd should abstract the difference between DHCP supplied and
configured data, and hence the DHCP lease concept should not exposed on
the client side.
Should we want to support arbitrary DHCP fields one day, we can add a
new sd_network_get_link_dhcp_field() call or so.
In the long run this should become a full fledged client to networkd
(but not before networkd learns bus support). For now, just pull
interesting data out of networkd, udev, and rtnl and present it to the
user, in a simple but useful output.
Primarily, this means we get rid of net_parse_inaddr(), and replace it
everywhere with in_addr_from_string() and in_addr_from_string_auto().
These functions do not clobber the callers arguments on failure, which
is more close to our usual coding style.
ENODATA should be returned whenever we have no idea about something. A
missing LLMNR setting can only really happen during upgrades, in whichc
ase we really have no idea, so let's turn this into another ENODATA
case.
getopt is usually good at printing out a nice error message when
commandline options are invalid. It distinguishes between an unknown
option and a known option with a missing arg. It is better to let it
do its job and not use opterr=0 unless we actually want to suppress
messages. So remove opterr=0 in the few places where it wasn't really
useful.
When an error in options is encountered, we should not print a lengthy
help() and overwhelm the user, when we know precisely what is wrong
with the commandline. In addition, since help() prints to stdout, it
should not be used except when requested with -h or --help.
Also, simplify things here and there.
This changes the behavior when both DHCPv4 and IPv4LL are enabled. Before,
we would disable IPv4LL when we got a DHCPv4 lease and enable it if the
lease was lost.
Now we just always set up both, if both are enabled, but the DHCPv4
addresses and routes will always take precedence due to their metric
and scope.
This is necessary for non-ipv4ll hosts to communicate with ipv4ll-only hosts on the same link. Defaults
to being enabled, but can be opted out.
See: <http://avahi.org/wiki/AvahiAutoipd#Routes>
This avoids having to distinguish between IPv4 and IPv6, allowing us
to keep their internal orderings. The consumers now has to turn the
strings into addresses.
All routes added by networkd are currently set RTPROT_BOOT, which according
to the kernel means "Route installed during boot" (rtnetlink.h). But this
is not always the case as networkd changes routing after boot too. Since
the kernel gives more detailed protocols, use them.
With this patch, user-configured static routes now use RTPROT_STATIC (which
they are) and DHCP routes use RTPROT_DHCP. There is no define for IPv4LL
yet, so those are installed as RTPROT_STATIC (though perhaps RTPROT_RA is
better?).
[tomegun: fixup
src/network/networkd-link.c:972:33: error: too few arguments to function 'route_new_dynamic']
Lennart said:
> We have these nice USEC_PER_MSEC-style macro definitions which make it a
> little bit clearer what we are converting here from what into
> what... please use that instead of writing "1000"...
>
> (we stole those from gstreamer btw)
The following bond options are supported by this patch.
MIIMonitorSec:
Specifies the frequency in milli-seconds that MII link
monitoring will occur.
UpDelaySec:
Specifies the delay time in milli-seconds to enable a link
after a link up status has been detected.
DownDelaySec:
Specifies the delay time in milli-seconds to disable a link
after a link failure has been detected.
changes:
1. Added gconf variables.
2. man page
conf:
[NetDev]
Name=bond1
Kind=bond
[Bond]
Mode=802.3ad
TransmitHashPolicy=layer2+3
LacpduTransmitRate=fast
MIIMonitorSec=1s
UpDelaySec=2s
DownDelaySec=8s
cat /proc/net/bonding/bond1
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
Bonding Mode: IEEE 802.3ad Dynamic link aggregation
Transmit Hash Policy: layer2+3 (2)
MII Status: up
MII Polling Interval (ms): 1000
Up Delay (ms): 2000
Down Delay (ms): 8000
802.3ad info
LACP rate: fast
Min links: 0
Aggregator selection policy (ad_select): stable
bond bond1 has no active aggregator
[tomegun: rephrased manpage, dropped bond_ prefix from variables]
LacpduTransmitRate
option specifies the rate in which link partner to transmit
LACPDU packets in 802.3ad mode. Possible values
slow : Request partner to transmit LACPDUs every 30 seconds
fast : Request partner to transmit LACPDUs every 1 second
The default is slow.
chages:
1. Added enum bond_lacp_rate_table
2. gperf LacpduTransmitRate
Test:
conf file:
[NetDev]
Name=bond1
Kind=bond
[Bond]
Mode=802.3ad
LacpduTransmitRate=fast
test:
cat /proc/net/bonding/bond1
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
Bonding Mode: IEEE 802.3ad Dynamic link aggregation
Transmit Hash Policy: layer2+3 (2)
MII Status: up
MII Polling Interval (ms): 0
Up Delay (ms): 0
Down Delay (ms): 0
802.3ad info
LACP rate: fast
Min links: 0
Aggregator selection policy (ad_select): stable
bond bond1 has no active aggregator
[tomegun: renamed from LacpduTransmitRate to LACPTransmitRate, manpage fixes and
dropped bond_ prefix from variables]
This patch adds support the transmit hash policy to use
for slave selection in balance-xor, 802.3ad, and tlb modes
layer2, layer3+4, layer2+3, encap3+4, encap3+4
Added:
1. BondXmitHashPolicy
2. conf param TransmitHashPolicy
Test conf:
[NetDev]
Name=bond1
Kind=bond
[Bond]
Mode=802.3ad
TransmitHashPolicy=layer2+3
test output:
cat /proc/net/bonding/bond1
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
Bonding Mode: IEEE 802.3ad Dynamic link aggregation
Transmit Hash Policy: layer2+3 (2)
MII Status: up
MII Polling Interval (ms): 0
Up Delay (ms): 0
Down Delay (ms): 0
802.3ad info
LACP rate: slow
Min links: 0
Aggregator selection policy (ad_select): stable
bond bond1 has no active aggregator
[tomegun: dropped bond_ prefix from new Bond variable, drop repeated man-page section]
Let's settle on a single type for all address family values, even if
UNIX is very inconsitent on the precise type otherwise. Given that
socket() is the primary entrypoint for the sockets API, and that uses
"int", and "int" is relatively simple and generic, we settle on "int"
for this.
Do not expose link_is_loopback, people should just get this from rtnl directly.
Do not expose NTP servers as IP addresses, these must be strings.
Expose ifindex as int, not unsigned. This is what the kernel (mostly) and glibc uses.
Rather than refetching the link information on ever event, we liston to
rtnl to track them. Much code stolen from resolved.
This will allow us to simplify the sd-network api and don't expose
information available over rtnl.
As long as the number of array entries is relatively small it's nicer to
simply return the number of entries directly, instead of using a size_t*
return parameter for it.
Constructors should return the object they created as first parameter,
except when they are generated as a child/member object of some other
object in which case that should be first.
Special care is needed so that we get an error message if the
file failed to parse, but not when it is missing. To avoid duplicating
the same error check in every caller, add an additional 'warn' boolean
to tell config_parse whether a message should be issued.
This makes things both shorter and more robust wrt. to error reporting.
It appears there is no good way to decide whether or not broadcasts should be enabled,
there is hardware that must have broadcast, and there are networks that only allow
unicast. So we give up and make this configurable.
By default, unicast is used, but if the kernel were to inform us abotu certain
interfaces requiring broadcast, we could change this to opt-in by default in
those cases.
Vendor Class Identifier be used by DHCP clients to identify
their vendor type and configuration. When using this option,
vendors can define their own specific identifier values, such
as to convey a particular hardware or operating system
configuration or other identifying information.
Vendor-specified DHCP options—features that let administrators assign
separate options to clients with similar configuration requirements.
For example, if DHCP-aware clients for example we want to separate
different gateway and option for different set of people
(dev/test/hr/finance) in a org or devices for example web/database
servers or let's say in a embedded device etc and require a different
default gateway or DNS server than the rest of clients.
Now route metric can be configuted via conf file:
example conf:
[Match]
Name=em1
[Route]
Gateway=192.168.1.12
Metric=10
Test:
ip route output
default via 192.168.1.12 dev em1 metric 10
[tomegun: squash TODO update and reword man page a bit]
This patch adds supports networkd to configure bond mode
during creation via persistent conf. Mode can be configured
with conf param 'Mode'. A new section Bond is added to the
conf to support bond mode.
These modes can be configured now.
balance-rr
active-backup
balance-xor
broadcast
802.3ad
balance-tlb
balance-alb
Example conf file: test-bond.conf
[NetDev]
Name=bond1
Kind=bond
[Bond]
Mode=balance-xor
Test case:
1. start networkd service:
12: bond1: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc
noqueue state UNKNOWN mode DEFAULT group default
link/ether 22:89:6c:47:23:d2 brd ff:ff:ff:ff:ff:ff
2. find bond mode:
cat /proc/net/bonding/bond1
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
Bonding Mode: load balancing (xor)
Transmit Hash Policy: layer2 (0)
MII Status: up
MII Polling Interval (ms): 0
Up Delay (ms): 0
Down Delay (ms): 0
Changes:
1. Added file networkd-bond.c
2. Bond mode enum BondMode
3. conf section [Bond]
[tomegun: whitespace]
This patch adds peer address support for
networkd . In the [Address] a new configurable
param is Peer.
[Match]
Name=ipip-tun
[Address]
Address=10.0.0.1/32
Peer=10.0.0.2/32
When doing a NEWADDR, the reply we get back is the NEWADDR itself, rather
than just an empty ack (unlike how NEWLINK works). For this reason, the
process that did the NEWADDR does not get the broadcast message.
We were only listening for broadcast messages, and hence not tracking the
addresses we added ourselves. This went unnoticed as the kernel will usually
send NEWADDR messages from time to time anyway, so things would mostly work,
but in the worst case we would not notice that a routable address was available
and consider ourselves offline.
This patch introduces TUN/TAP device creation support
to networkd.
Example conf to create a tap device:
file: tap.netdev
------------------
[NetDev]
Name=tap-test
Kind=tap
[Tap]
OneQueue=true
MultiQueue=true
PacketInfo=true
User=sus
Group=sus
------------------
Test:
1. output of ip link
tap-test: tap pi one_queue UNKNOWN_FLAGS:900 user 1000 group 1000
id:
uid=1000(sus) gid=10(wheel) groups=10(wheel),1000(sus)
context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Modifications:
Added:
1. file networkd-tuntap.c
3. netdev kind NETDEV_KIND_TUN and NETDEV_KIND_TAP
2. Tun and Tap Sections and config params to parse
conf and gperf conf parameters
[tomegun: tweak the 'kind' checking for received ifindex]
Send hostname (option 12) in DISCOVER and REQUEST messages so the
DHCP server could use it to register with dynamic DNS and such.
To opt-out of this behaviour set SendHostname to false in [DHCP]
section of .network file
[tomegun: rebased, made sure a failing set_hostname is a noop and moved
config from DHCPv4 to DHCP]
We failed to take a ref when waiting for udev synchronization. Fix that and also
make unreffing in callbacks simpler throughout by using _cleanup_ macros.
Fixes <https://bugs.freedesktop.org/show_bug.cgi?id=80556>.
The logic otherwise is that we leave anything preconfigured alone, but in the case of DHCP
we actually need to update it whenever the lease is renewed.
This adds support for DHCP options 33 and 121: Static Route and
Classless Static Route. To enable this feature, set UseRoutes=true
in .network file. Returned routes are added to the routing table.
If there are v4 or v6 specific options we can keep those in separate sections,
but for the common options, we will use only one.
Moreovere only use DHCP=[yes/both|no/none|v4|v6] to enable or disable the clients.
We used to check if e.g. IFLA_BOND_MAX is defined and provide fallback
values in missing.h is it wasn't. But over time, various kernel
versions added IFLA_* defines, so checking for IFLA_BOND_MAX is not
enough if the kernel is new enough to have some of them but too old to
have all. In case we detect that the latest known enum value is
missing, #define most of them.
https://bugs.freedesktop.org/show_bug.cgi?id=80095
