shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-11-02 02:21:44 +03:00
Code
52,787 Commits 4 Branches 390 Tags 560 MiB
bf284aee23
Commit Graph

452 Commits

Author SHA1 Message Date
Luca Boccassi
0389f4fa81 core: add RootHash and RootVerity service parameters 
Allow to explicitly pass root hash (explicitly or as a file) and verity
device/file as unit options. Take precedence over implicit checks.
 2020-06-23 10:50:09 +02:00
Zbigniew Jędrzejewski-Szmek
b17af3e503 bus-message: avoid dereferencing a NULL pointer 
We'd try to map a zero-byte buffer from a NULL pointer, which is undefined behaviour.

src/systemd/src/libsystemd/sd-bus/bus-message.c:3161:60: runtime error: applying zero offset to null pointer
    #0 0x7f6ff064e691 in find_part /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-message.c:3161:60
    #1 0x7f6ff0640788 in message_peek_body /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-message.c:3283:16
    #2 0x7f6ff064e8db in enter_struct_or_dict_entry /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-message.c:3967:21
    #3 0x7f6ff06444ac in bus_message_enter_struct /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-message.c:4009:13
    #4 0x7f6ff0641dde in sd_bus_message_enter_container /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-message.c:4136:21
    #5 0x7f6ff0619874 in sd_bus_message_dump /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-dump.c:178:29
    #6 0x4293d9 in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-bus-message.c:39:9
    #7 0x441986 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:558:15
    #8 0x44121e in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:470:3
    #9 0x443164 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__1::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/libfuzzer/FuzzerLoop.cpp:770:7
    #10 0x4434bc in fuzzer::Fuzzer::Loop(std::__1::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/libfuzzer/FuzzerLoop.cpp:799:3
    #11 0x42d2bc in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:846:6
    #12 0x42978a in main /src/libfuzzer/FuzzerMain.cpp:19:10
    #13 0x7f6fef13c82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #14 0x407808 in _start (out/fuzz-bus-message+0x407808)
 2020-06-22 17:09:49 +02:00
Zbigniew Jędrzejewski-Szmek
804a436582 fuzz-netdev-parser: add test case for earlier version of preceding patches 
AddressSanitizer:DEADLYSIGNAL
=================================================================
==12==ERROR: AddressSanitizer: ABRT on unknown address 0x00000000000c (pc 0x7f0a518b3428 bp 0x7fffa463bfd0 sp 0x7fffa463be68 T0)
SCARINESS: 10 (signal)
    #0 0x7f0a518b3428 in raise (/lib/x86_64-linux-gnu/libc.so.6+0x35428)
    #1 0x7f0a518b5029 in abort (/lib/x86_64-linux-gnu/libc.so.6+0x37029)
    #2 0x7f0a52ca635a in log_assert_failed_realm /work/build/../../src/systemd/src/basic/log.c:819:9
    #3 0x4eea92 in config_parse_wireguard_endpoint /work/build/../../src/systemd/src/network/netdev/wireguard.c:808:9
    #4 0x7f0a52b2f74e in next_assignment /work/build/../../src/systemd/src/shared/conf-parser.c:133:32
    #5 0x7f0a52b2954e in parse_line /work/build/../../src/systemd/src/shared/conf-parser.c:242:16
    #6 0x7f0a52b28911 in config_parse /work/build/../../src/systemd/src/shared/conf-parser.c:377:21
    #7 0x7f0a52b29ec6 in config_parse_many_files /work/build/../../src/systemd/src/shared/conf-parser.c:439:21
    #8 0x7f0a52b2a5a6 in config_parse_many /work/build/../../src/systemd/src/shared/conf-parser.c:507:16
    #9 0x4d8d6c in netdev_load_one /work/build/../../src/systemd/src/network/netdev/netdev.c:732:13
    #10 0x4d3e2b in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/network/fuzz-netdev-parser.c:23:16
    #11 0x6b3266 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:558:15
    #12 0x6af860 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:470:3
    #13 0x6b6970 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__1::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/libfuzzer/FuzzerLoop.cpp:770:7
    #14 0x6b7376 in fuzzer::Fuzzer::Loop(std::__1::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/libfuzzer/FuzzerLoop.cpp:799:3
    #15 0x67573f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:846:6
    #16 0x667097 in main /src/libfuzzer/FuzzerMain.cpp:19:10
    #17 0x7f0a5189e82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #18 0x4295a8 in _start (out/fuzz-netdev-parser+0x4295a8)

DEDUP_TOKEN: raise--abort--log_assert_failed_realm
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: ABRT (/lib/x86_64-linux-gnu/libc.so.6+0x35428) in raise
==12==ABORTING
 2020-06-22 16:32:37 +02:00
Yu Watanabe
d474aa51bf network: tc: introduce Enhanced Transmission Selection (ETS) 
Closes #15264.
 2020-06-19 01:07:45 +09:00
Lennart Poettering
2a71d57f4e network: clean-up DHCP lease server data configuration 
This is an attempt to clean up the POP3/SMTP/LPR/… DHCP lease server
data logic in networkd. This reduces code duplication and fixes a number
of bugs.

This removes any support for collecting POP3/SMPT/LPR servers acquired
via local DHCP client releases since noone uses that, and given how old
these protocols are I doubt this will change. It keeps support for
configuring them for the dhcp server however.

The differences between the DNS/NTP/SIP/POP3/SMTP/LPR configuration
logics are minimized.

This removes the relevant symbols from sd-network.h (which is an
internal API only at this point after all).

This is unfortunately not well test, given the old code for this had
barely any tests. But the new code should not perform worse at least,
and allow us to release, since it corrects some interfaces visible in
the .network configuration format.

Fixes: #15943
 2020-06-18 13:08:18 +09:00
Yu Watanabe
d9eacc1cdd network: tc: add more settings for HTB 
Closes #15213.
 2020-06-17 16:49:46 +09:00
Susant Sahani
120b5c0bbe network: DHCPv6 - Add support to set token on the LAN interface 
This patch adds support to set a token on the LAN interface for
the acquired delegated prefixes for the DHCPv6 to generate address.
 2020-06-17 14:20:48 +09:00
Yu Watanabe
94d76d071e network: introduce IPv4AcceptLocal= setting 
Closes #16090.
 2020-06-08 13:48:17 +09:00
Yu Watanabe
4d7ddaf97b network: tc: introduce [QuickFairQueueingClass] section 2020-06-03 17:25:44 +09:00
Susant Sahani
b12aaee5ab network: tc: introduce Quick Fair Queueing (QFQ) 2020-06-03 14:17:51 +09:00
Yu Watanabe
1bf1bfd958 network: add DHCPv6.RouteMetric= 
Hopefully fixes #15295.
 2020-06-02 15:16:51 +09:00
Yu Watanabe
0e77fc66bc network: fix double free in macsec_receive_channel_free() 
Fixes #15941.
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22547
 2020-06-01 09:39:46 +02:00
Yu Watanabe
f3e4b1e07c
Merge pull request #15884 from ssahani/dhcpv6-vendor 
DHCPv6: Introduce vendor specific
 2020-06-01 12:25:54 +09:00
Evgeny Vereshchagin
fdd156dd99 tests: add a testcase triggering https://github.com/systemd/systemd/issues/15968 
It's just a follow-up to https://github.com/systemd/systemd/pull/15976
 2020-05-31 21:39:37 +02:00
Yu Watanabe
433e14fda7 network: fix memleaks 
Fixes #15951.
 2020-05-29 14:49:40 +02:00
Susant Sahani
b4ccc5de7d network: Inroduce DHCP6- send vendor options 
network: Inroduce DHCP6- send vendor options

```
 0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |      OPTION_VENDOR_OPTS       |           option-len          |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                       enterprise-number                       |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      .                                                               .
      .                       vendor-option-data                      .
      .                                                               .
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
```

```
  0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |          sub-opt-code         |         sub-option-len        |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      .                                                               .
      .                        sub-option-data                        .
      .                                                               .
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                 Figure 31: Vendor-specific Options Format

      sub-opt-code         The code for the sub-option.  A 2-octet
                           field.

      sub-option-len       An unsigned integer giving the length of the
                           sub-option-data field in this sub-option in
                           octets.  A 2-octet field.

      sub-option-data      The data area for the sub-option.  The
                           length, in octets, is specified by
                           sub-option-len.

```
 2020-05-29 13:37:57 +02:00
Susant Sahani
9efa8a3cff network: DHCPv6 Assign delegated prefix to LAN interface 
In DHCPv6-PD environment, where WAN interface requests IPv6 via DHCPv6,
receives the address as well as delegated prefixes, with LAN interfaces
serving those delegated prefixes in their router advertisement messages.
The LAN interfaces on the router themselves do not have
the IPv6 addresses assigned by networkd from the prefix it
serves on that interface. Now this patch enables it.
 2020-05-29 16:20:37 +09:00
Lennart Poettering
a3d19f5d99 core: add new PassPacketInfo= socket unit property 2020-05-27 22:40:38 +02:00
Lennart Poettering
bb2294e454
Merge pull request #15669 from andir/systemd-ipv6-pd-subnet-id 
networkd: subnet id support for ipv6 prefix delegation
 2020-05-27 18:47:26 +02:00
Lennart Poettering
6bce17455e
Merge pull request #15226 from benzea/benzea/xdg-autostart-generator 
xdg-autostart-generator: a generator for XDG autostart files
 2020-05-27 18:41:01 +02:00
Frantisek Sumsal
ffbb0fb9cb meson: support building fuzzers with meson <0.48.0 2020-05-27 12:27:45 +02:00
Benjamin Berg
2ad7597e44 fuzz: Add an XDG desktop file fuzzer 
To test the XDG parser used by the xdg-autostart-generator.

Co-authored-by: Evgeny Vereshchagin <evvers@ya.ru>
 2020-05-27 09:02:10 +02:00
Andreas Rammhold
02e9e34bd9
networkd: Add support for setting a preferred subnet id for IPv6 PD leases 
This allows users to configure a subnet id that should be used instead
of automatically (sequentially) assigned subnets. The previous attempt
had the downside that the subnet id would not be the same between
networkd restarts. In some setups it is desirable to have predictable
subnet ids across restarts of services and systems.

The code for the assignment had to be broken up into two pieces. One of
them is the old (sequential) assignment of prefixes and the other is the
new assignment based on configured subnet ids. The new assignment code
has to be executed first and has to be taken into account when (later
on) allocating the "old" subnets from the same pool.

Instead of having one iteration through the links we are now trying to
allocate a prefix for every link on every delegated prefix, unless they
received an assignment in a previous iteration.
 2020-05-26 12:41:22 +02:00
Evgeny Vereshchagin
e5af586f49 add a test triggering https://github.com/systemd/systemd/issues/15907 2020-05-26 09:01:26 +02:00
Lennart Poettering
1283366a90
Merge pull request #15167 from ssahani/address-gen-mode 
networkctl: Add a range to address genmode
 2020-05-25 17:32:00 +02:00
Topi Miettinen
cc1c85fbc3 login: limit nr_inodes for /run/user/$UID 
Limit number of inodes for tmpfs mounts on /run/user/$UID. Default is
RuntimeDirectorySize= divided by 4096.
 2020-05-24 22:54:17 +02:00
Evgeny Vereshchagin
3c60fb077f
Merge pull request #15886 from mrc0mmand/travis-enable-fuzz-tests 
travis: enable fuzzer regression tests under sanitizers
 2020-05-23 19:21:44 +03:00
Frantisek Sumsal
87666b31f9 meson: pass the optimization level to the fuzzer build 2020-05-23 14:19:25 +02:00
Evgeny Vereshchagin
0d5266541c tests: add a testcase for https://github.com/systemd/systemd/issues/15885 2020-05-22 13:35:00 +02:00
Susant Sahani
a6f1848a23 network: Allow to configure addr_gen_mode 
Defines how link-local and autoconf addresses are generated.

	0: generate address based on EUI64 (default)
	1: do no generate a link-local address, use EUI64 for addresses generated
	   from autoconf
	2: generate stable privacy addresses, using the secret from
	   stable_secret (RFC7217)
	3: generate stable privacy addresses, using a random secret if unset
 2020-05-21 14:41:04 +02:00
Evgeny Vereshchagin
a88dce2bdd
Merge pull request #15865 from evverx/ubsan-to-the-rescue 
build-system: build the fuzz targets with both ASan and UBSan
 2020-05-21 03:17:20 +03:00
Zbigniew Jędrzejewski-Szmek
929d07ddcb
Merge pull request #15274 from ssahani/network-issue-9610 
DHCP4: Allow lease time to be set when missing from offer
 2020-05-20 16:39:41 +02:00
Lennart Poettering
400530c1e2
Merge pull request #15490 from ssahani/dhcpv6-vendor-class 
network: DHCPv6 - Add support to send vendor class information
 2020-05-20 16:18:18 +02:00
Evgeny Vereshchagin
8976715804 build-system: build the fuzz targets with both ASan and UBSan 
Just a follow-up to https://github.com/systemd/systemd/pull/15860
 2020-05-20 16:07:13 +02:00
Zbigniew Jędrzejewski-Szmek
a94d11cc66
Merge pull request #15860 from keszybz/bus-message-empty-fields 
Fix crash on message with empty fields structure
 2020-05-20 15:53:28 +02:00
Zbigniew Jędrzejewski-Szmek
bb94ded693
Merge pull request #15661 from hundeboll/mount-read-write-only 
Mount read write only
 2020-05-20 15:48:04 +02:00
Zbigniew Jędrzejewski-Szmek
e0c17a7d1b bus-message: fix negative offset with ~empty message 
In the linked reproducer, m->fields_size == 0, and we calculate ri == -1, which
of course doesn't end well. Skip the whole calculation if m->fields_size == 0,
and also check that we don't go negative even if it is non-zero.

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19446 and #15583.
 2020-05-20 09:33:54 +02:00
Susant Sahani
ed0d1b2e99 network: DHCPv6 - Add support to send vendor class information 
Frame 1: 177 bytes on wire (1416 bits), 177 bytes captured (1416 bits) on interface veth-peer, id 0
Ethernet II, Src: 1e:04:f8:b8:2f:d4 (1e:04:f8:b8:2f:d4), Dst: IPv6mcast_01:00:02 (33:33:00:01:00:02)
Internet Protocol Version 6, Src: fe80::1c04:f8ff:feb8:2fd4, Dst: ff02::1:2
User Datagram Protocol, Src Port: 546, Dst Port: 547
DHCPv6
    Message type: Solicit (1)
    Transaction ID: 0x5ca46b
    Rapid Commit
    Identity Association for Non-temporary Address
    Fully Qualified Domain Name
    Vendor Class
        Option: Vendor Class (16)
        Length: 23
        Value: 0000ab11000048656c6c6f3a686f773a6172653a796f75
        Enterprise ID: Tom Gundersen (systemd) (43793)
        vendor-class-data: Hello:how:are:you
    Identity Association for Prefix Delegation
    Option Request
    Client Identifier
    Elapsed time
 2020-05-20 07:58:03 +02:00
Susant Sahani
d6463307e0 network: DHCPv4- Allow to set DHCP lease lifetime 2020-05-20 06:32:26 +02:00
Susant Sahani
f37f2a6b8a network: DHCPv6 - Add support to send user class 
Frame 115: 171 bytes on wire (1368 bits), 171 bytes captured (1368 bits) on interface veth-peer, id 0
Ethernet II, Src: 1e:04:f8:b8:2f:d4 (1e:04:f8:b8:2f:d4), Dst: IPv6mcast_01:00:02 (33:33:00:01:00:02)
Internet Protocol Version 6, Src: fe80::1c04:f8ff:feb8:2fd4, Dst: ff02::1:2
User Datagram Protocol, Src Port: 546, Dst Port: 547
DHCPv6
    Message type: Solicit (1)
    Transaction ID: 0x673257
    Rapid Commit
        Option: Rapid Commit (14)
        Length: 0
    Identity Association for Non-temporary Address
        Option: Identity Association for Non-temporary Address (3)
        Length: 12
        Value: d0cc94090000000000000000
        IAID: d0cc9409
        T1: 0
        T2: 0
    Fully Qualified Domain Name
        Option: Fully Qualified Domain Name (39)
        Length: 6
        Value: 01045a657573
        0000 0... = Reserved: 0x00
        .... .0.. = N bit: Server should perform DNS updates
        .... ..0. = O bit: Server has not overridden client's S bit preference
        .... ...1 = S bit: Server should perform forward DNS updates
        Client FQDN: Zeus
    User Class
        Option: User Class (15)
        Length: 17
        Value: 000f68656c6c6f30313233343031323334
    Identity Association for Prefix Delegation
        Option: Identity Association for Prefix Delegation (25)
        Length: 12
        Value: d0cc94090000000000000000
        IAID: d0cc9409
        T1: 0
        T2: 0
    Option Request
        Option: Option Request (6)
        Length: 10
        Value: 001700180038001f000e
        Requested Option code: DNS recursive name server (23)
        Requested Option code: Domain Search List (24)
        Requested Option code: NTP Server (56)
        Requested Option code: Simple Network Time Protocol Server (31)
        Requested Option code: Rapid Commit (14)
    Client Identifier
        Option: Client Identifier (1)
        Length: 14
        Value: 00020000ab11d258482fc7eee651
        DUID: 00020000ab11d258482fc7eee651
        DUID Type: assigned by vendor based on Enterprise number (2)
        Enterprise ID: Tom Gundersen (systemd) (43793)
        Identifier: d258482fc7eee651
    Elapsed time
        Option: Elapsed time (8)
        Length: 2
        Value: 0bd0
        Elapsed time: 30240ms
 2020-05-19 11:48:30 +02:00
Susant Sahani
35f6a5cb44 network: DHCPv6 - Add support set arbitary request options 2020-05-17 11:18:29 +02:00
Frantisek Sumsal
c07f18ffd4 shared: fix integer overflow in calendarspec 
Fixes: oss-fuzz#22208

```
test/fuzz/fuzz-calendarspec/oss-fuzz-22208... ../src/shared/calendarspec.c:666:48: runtime error: signed integer overflow: 2147000000 + 1000000 cannot be represented in type 'int'
    #0 0x7f0b9f6cc56a in prepend_component ../src/shared/calendarspec.c:666
    #1 0x7f0b9f6cd03a in parse_chain ../src/shared/calendarspec.c:718
    #2 0x7f0b9f6cea1c in parse_calendar_time ../src/shared/calendarspec.c:845
    #3 0x7f0b9f6d1397 in calendar_spec_from_string ../src/shared/calendarspec.c:1084
    #4 0x401570 in LLVMFuzzerTestOneInput ../src/fuzz/fuzz-calendarspec.c:17
    #5 0x401ae0 in main ../src/fuzz/fuzz-main.c:39
    #6 0x7f0b9e31b1a2 in __libc_start_main (/lib64/libc.so.6+0x271a2)
    #7 0x40122d in _start (/home/fsumsal/repos/systemd/build/fuzz-calendarspec+0x40122d)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/shared/calendarspec.c:666:48 in
```
 2020-05-15 16:07:29 +02:00
Susant Sahani
89fe653544 network: Add support to group links. 
Link groups are similar to port ranges found in managed switches.
You can add network interfaces to a numbered group and perform operations
on all the interfaces from that group at once.
 2020-05-15 15:27:07 +02:00
Rubens Figueiredo
4df4df5b56 network: allow setting VLAN protocol on bridges 
Signed-off-by: Rubens Figueiredo <rubens.figueiredo@bisdn.de>
 2020-05-14 17:59:57 +02:00
Andrew Doran
e7d5fe17db DHCP client: make SendOption work for DHCPv6 too. 2020-05-11 16:31:08 +02:00
Martin Hundebøll
c600357ba6 mount: add ReadWriteOnly property to fail on read-only mounts 
Systems where a mount point is expected to be read-write needs a way to
fail mount units that fallback as read-only.

Add a property to allow setting the -w option when calling mount(8).
 2020-05-01 13:23:30 +02:00
nabijaczleweli
e81f5fc4e8
link: Allow configuring RX mini and jumbo ring sizes, too 
This now covers all ethtool_ringparam configurables (as of v5.6;
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/include/uapi/linux/ethtool.h?h=v5.6#n488)
 2020-04-29 18:57:13 +02:00
Susant Sahani
d361b3730a network: Add support send and receive LPR servers 2020-04-22 14:49:27 +02:00
Lennart Poettering
f58921bde3
Merge pull request #15332 from keszybz/coredump-filter 
CoredumpFilter=
 2020-04-09 17:15:26 +02:00
Zbigniew Jędrzejewski-Szmek
ad21e542b2 manager: add CoredumpFilter= setting 
Fixes #6685.
 2020-04-09 14:08:48 +02:00
Susant Sahani
e9a8c550c1 LLDP: Add support to transmit MUD URL 2020-04-08 00:20:54 +02:00
Zbigniew Jędrzejewski-Szmek
c51c6f2f57
Merge pull request #15252 from ssahani/dhcpv6-mud 
DHCPv6: Add support to send MUD URL
 2020-04-02 10:23:15 +02:00
Richard Petri
7e025e9cdb network: can: add support for CAN-FD related properties 2020-04-01 20:07:20 +02:00
Susant Sahani
3175a8c21b network: DHCPv6 Add support to send MUD URL 2020-04-01 17:01:12 +02:00
Susant Sahani
7b8d23a9bb network: DHCPv4 - introduce The Manufacturer Usage Description (MUD) 2020-03-30 20:27:48 +02:00
Susant Sahani
f6269fe7bb network: DHCP - add support to emit and receive SMTP server information 2020-03-29 22:59:11 +02:00
Susant Sahani
284e8fd0d7 DHCP: Add support to emit and retrieve POP3 server 2020-03-28 03:34:27 +01:00
David Wood
7354900ddd network: Fix split in SendOption= on client and server 
When specifying `DHCPv4.SendOption=`, it is used by systemd-networkd to
set the value of that option within the DHCP request that is sent out.
This differs to setting `DHCPServer.SendOption=`, which will place all
the options together as suboptions into the vendor-specific information
(code 43) option.

This commit adds two new config options, `DHCPv4.SendVendorOption=` and
`DHCPServer.SendVendorOption=`. These both have the behaviour of the old
`DHCPServer.SendOption=` flag, and set the value of the suboption in the
vendor-specific information option.

The behaviour of `DHCPServer.SendOption=` is then changed to reflect
that of `DHCPv4.SendOption=`. It will set the value of the corresponding
option in the DHCP request.
 2020-03-19 09:08:40 +01:00
Zbigniew Jędrzejewski-Szmek
34bc838f15
Merge pull request #15136 from yuwata/network-dhcp4-use-gateway 
network: add a flag to ignore gateway provided by DHCP server
 2020-03-17 16:51:18 +01:00
Yu Watanabe
74f0fb9095 network: can: add support for listen-only mode 
Closes #15129.
 2020-03-17 00:32:35 +09:00
Yu Watanabe
b453122789 network: add a flag to ignore gateway provided by DHCP server 
Closes #15117.
 2020-03-16 19:34:43 +09:00
Susant Sahani
7f22402007 network: TC - introduce HHF 
Please see https://lwn.net/Articles/577208/
 2020-03-12 15:39:12 +09:00
Susant Sahani
1a95964bfa network: TC - introduce pfifo_fast 
pfifo_fast - three-band first in, first out queue

Please see https://linux.die.net/man/8/tc-pfifo_fast
 2020-03-12 15:38:18 +09:00
Susant Sahani
053a2ddbb2 network: TC - introduce pfifo_head_drop 
This adds the required changes to gain access to
the head drop classfull queuing discipline named
pfifo_head_drop.
 2020-03-12 15:37:17 +09:00
Susant Sahani
c853f594d4 network: TC - introduce BFIFO 
bfifo - Byte limited First In, First Out queue
 2020-03-12 15:35:51 +09:00
Yu Watanabe
ad365c5de7 network: tc: introduce DRR class 2020-03-12 15:35:51 +09:00
Susant Sahani
f5fc04417e network: TC - introduce DRR 
Introduce the Deficit Round Robin Scheduler is a classful queuing discipline as
a more flexible replacement for Stochastic Fairness Queuing.

http://man7.org/linux/man-pages/man8/tc-drr.8.html
 2020-03-12 15:35:51 +09:00
Susant Sahani
bde4ae88c8 network: tc- introduce PIE 
Proportional Integral controller-Enhanced (PIE) is a control
theoretic active queue management scheme. It is based on the
proportional integral controller but aims to control delay.

http://man7.org/linux/man-pages/man8/tc-pie.8.html
 2020-03-12 13:58:35 +09:00
Yu Watanabe
a834cb5247
Merge pull request #15036 from yuwata/can-termination-mod 
network: add CAN Termination tristate option
 2020-03-07 19:11:03 +09:00
Matt Ranostay
52aa38f14a network: add CAN Termination tristate option 2020-03-07 02:00:02 +09:00
Yu Watanabe
bba1f90ff5
Merge pull request #14890 from yuwata/network-tc-next 
network: tc-next
 2020-03-07 01:44:15 +09:00
Yu Watanabe
a34811e4ef udev: support to update flow control parameter 
Closes #14770.
 2020-03-07 01:43:26 +09:00
Yu Watanabe
d739fddeb5 network: add setting to support RA without DHCPv6 client 
Closes #13991.
 2020-03-07 01:39:26 +09:00
Susant Sahani
cd305af1fe network: Allow DHCPv6 client to start without router's managed flag. 2020-03-07 01:38:26 +09:00
Susant Sahani
ad8352f4ff network: tc: introduce cake 
CAKE (Common Applications Kept Enhanced)

Please see http://man7.org/linux/man-pages/man8/tc-cake.8.html
 2020-03-02 15:59:37 +09:00
Susant Sahani
982998b087 network: TC introduce sfb - Stochastic Fair Blue 
Please see https://www.systutorials.com/docs/linux/man/8-tc-sfb/
 2020-03-02 15:48:24 +09:00
Susant Sahani
609e8340bb network: TC introduce GRED, Generic Random Early Detection 
http://tldp.org/en/Traffic-Control-HOWTO/ar01s06.html
 2020-03-02 15:48:24 +09:00
Susant Sahani
a74760653c network: TC introduce PFIFO 2020-03-02 15:48:00 +09:00
Yu Watanabe
19f86a6351 network: tc: support HTB class 2020-03-02 15:46:28 +09:00
Yu Watanabe
b934ac3d6e network: tc: support Hierarchy Token Bucket (HTB) 2020-03-02 15:46:28 +09:00
Susant Sahani
bd6379ec57 network: introduce IPv6 prefix assign 
Expose a boolean flag to automatically add an address from the delegated prefix to the interface
 2020-03-01 00:49:19 +09:00
Susant Sahani
d8b2396d34 network: add support for qdisc handle 2020-02-10 17:48:53 +09:00
Zbigniew Jędrzejewski-Szmek
c3b41d8811
Merge pull request #14805 from yuwata/network-ipv6-token-follow-up 
network: rename eui64 to static
 2020-02-07 17:05:33 +01:00
Yu Watanabe
9b749c11e2 network: tc: support teql 
Closes #14792.
 2020-02-07 17:41:49 +09:00
Yu Watanabe
f0c1ad308d network: fix ABRT 
Fixes #14811 and oss-fuzz#20548.
 2020-02-07 17:18:58 +09:00
Yu Watanabe
2ed5f6d5de network: introduce new [QDisc] section to support Parent=ingress 
Follow-up for 18de0969c5.
 2020-02-07 13:48:54 +09:00
Zbigniew Jędrzejewski-Szmek
ca58d00c68 network: FairQueueTrafficPolicing→FairQueueing 
This never made into a release, so we can change the name with impunity.
Suggested by Davide Pesavento.

I opted to add the "ing" ending. "Fair queuing" is the name of the general
concept and algorithm, and "Fair queue" is mostly used for the implementation
name.
 2020-02-04 17:37:16 +01:00
Zbigniew Jędrzejewski-Szmek
60ed2dcfc7 network: TokenBufferFilter→TokenBucketFilter 
This never made into a release, so we can change the name with impunity.
Noticed by Davide Pesavento.
 2020-02-04 17:28:15 +01:00
Yu Watanabe
18de0969c5 network: split TrafficControlQueueingDiscipline section into small pieces 
Closes #14763.
 2020-02-04 21:45:39 +09:00
Yu Watanabe
bf2334c054 udev: add {Receive,Transmit}ChecksumOffload= settings 
Closes #14661.
 2020-02-03 12:31:31 +09:00
Naïm Favier
53e1ba280f
network: add SuppressPrefixLength option to RoutingPolicyRule (#14736) 
Closes #14724.
 2020-02-03 08:25:48 +09:00
Yu Watanabe
ea471a4695 network: support UID based routing policy 
Closes #14666.
 2020-02-02 22:43:38 +09:00
Yu Watanabe
4bb7cc8287 network, udev: introduce PermanentMACAddress= setting in [Match] section 
Closes #13983.
 2020-01-08 17:54:54 +09:00
Lennart Poettering
dc5737470e
Merge pull request #14194 from yuwata/network-multipath-routing-12541 
network: introduce multipath routing
 2020-01-03 15:38:03 +01:00
Yu Watanabe
b078e52855 network: add more settings for CoDel 2019-12-28 22:25:12 +09:00
Susant Sahani
c695dcf929 network: Add support to configure DHCPv4 route MTU 
This is useful for transitioning systems from small frames to jumbo frames.

Closes #14302
 2019-12-28 21:37:26 +09:00
Susant Sahani
a9a5d632da network: tc introduce codel 
Please see http://man7.org/linux/man-pages/man8/tc-codel.8.html
 2019-12-28 21:35:39 +09:00
Susant Sahani
0f3ff4eae2 network: DHCP4 introduce send decline 2019-12-21 00:26:44 +09:00
Yu Watanabe
de697db05b network: introduce AddPrefixRoute= and deprecate PrefixRoute= 
PrefixRoute= was added by e63be0847c,
but unfortunately, the meaning of PrefixRoute= is inverted; when true
IFA_F_NOPREFIXROUTE flag is added. This introduces AddPrefixRoute=
setting.
 2019-12-18 16:32:31 +01:00
Yu Watanabe
6ff5cc6b7a network: introduce multipath route 
Closes #12541.
 2019-12-18 22:12:57 +09:00
Yu Watanabe
6e5df4036f
Merge pull request #14337 from yuwata/network-tc-fq-more 
network: tc: introduce more FQ settings
 2019-12-17 23:30:10 +09:00
Yu Watanabe
ef1d2c07f9 udev: introduce AlternativeNamesPolicy= setting 2019-12-17 15:44:43 +09:00
Yu Watanabe
a5053a158b udev: support AlternativeName= setting in .link file 2019-12-16 10:52:22 +09:00
Yu Watanabe
e83562e51e network: tc: add more settings for FQ 2019-12-13 23:36:17 +09:00
Yu Watanabe
ac810b75c1 network: tc: support more attributes for FQ-CoDel 2019-12-12 23:36:48 +09:00
Susant Sahani
7234b91596 network tc: inroduce FQ - Fair Queue traffic policing 
Please see http://man7.org/linux/man-pages/man8/tc-fq.8.html
 2019-12-12 17:26:20 +09:00
Susant Sahani
4e5ef14919 network tc: Add support to conkfigure CoDel - Controlled-Delay Active Queue Management algorithm 
```
$ tc qdisc show dev dummy99
qdisc fq_codel 8005: dev dummy99 root refcnt 2 limit 1000p flows 1024 quantum 1514 target 5.0ms interval 100.0ms memory_limit 32Mb ecn
$ network cat dumm99.network
[Match]
Name=dummy99

[TrafficControlQueueingDiscipline]
Parent=root
FairQueuingControlledDelayPacketLimit=1000

```
 2019-12-11 00:06:31 +09:00
Yu Watanabe
dcfc23ae77 network: tc: add more options for TBF 2019-12-10 01:28:38 +09:00
Susant Sahani
9942b71089 network: tc introduce sfq - Stochastic Fairness Queueing 
Stochastic Fairness Queueing is a classless queueing discipline.
SFQ does not shape traffic but only schedules the transmission of packets, based on 'flows'.
The goal is to ensure fairness so that each flow is able to send data in turn,
thus preventing any single flow from drowning out the rest.
 2019-12-04 20:58:17 +09:00
Susant Sahani
ba5841b520 networkd tc: introduce tbf 
See https://linux.die.net/man/8/tc-tbf
 2019-12-04 20:55:48 +09:00
Zbigniew Jędrzejewski-Szmek
83dbb4df99 fuzz-unit-file: add new items to the corpus 2019-11-25 14:02:58 +01:00
Yu Watanabe
d8b736bd0c network: rename SendRawOption= to SendOption= 
As DHCPv4.SendOption= and DHCPServer.SendRawOption= take the same
format.
 2019-11-18 23:35:48 +09:00
Yu Watanabe
c1ed516cde test: add testcase for issue #13938 2019-11-05 10:49:07 +09:00
Susant Sahani
b9c5aa3c65 qdisc: netem add support to duplicate packets. 
using this option the chosen percent of packets is duplicated before
queuing them
 2019-10-31 10:36:28 +01:00
Susant Sahani
564ca98484 networkd: dhcp server Support Vendor specific 43 
Implementes https://tools.ietf.org/html/rfc2132

```
[DHCPServer]
SendRawOption=26:uint32:1400
SendRawOption=23:uint8:10

```
Frame 448: 350 bytes on wire (2800 bits), 350 bytes captured (2800 bits) on interface 0
Linux cooked capture
Internet Protocol Version 4, Src: 192.168.5.1, Dst: 192.168.5.11
User Datagram Protocol, Src Port: 67, Dst Port: 68
Dynamic Host Configuration Protocol (ACK)
    Message type: Boot Reply (2)
    Hardware type: Ethernet (0x01)
    Hardware address length: 6
    Hops: 0
    Transaction ID: 0x71f8de9d
    Seconds elapsed: 0
    Bootp flags: 0x0000 (Unicast)
    Client IP address: 0.0.0.0
    Your (client) IP address: 192.168.5.11
    Next server IP address: 0.0.0.0
    Relay agent IP address: 0.0.0.0
    Client MAC address: 1e:04:f8:b8:2f:d4 (1e:04:f8:b8:2f:d4)
    Client hardware address padding: 00000000000000000000
    Server host name not given
    Boot file name not given
    Magic cookie: DHCP
    Option: (53) DHCP Message Type (ACK)
        Length: 1
        DHCP: ACK (5)
    Option: (51) IP Address Lease Time
        Length: 4
        IP Address Lease Time: (3600s) 1 hour
    Option: (1) Subnet Mask (255.255.255.0)
        Length: 4
        Subnet Mask: 255.255.255.0
    Option: (3) Router
        Length: 4
        Router: 192.168.5.1
    Option: (6) Domain Name Server
        Length: 4
        Domain Name Server: 192.168.5.1
    Option: (42) Network Time Protocol Servers
        Length: 4
        Network Time Protocol Server: 192.168.5.1
    Option: (101) TCode
        Length: 13
        TZ TCode: Europe/Berlin
    Option: (43) Vendor-Specific Information
        Length: 9
        Value: 1701311a0431343030
    Option: (54) DHCP Server Identifier (192.168.5.1)
        Length: 4
        DHCP Server Identifier: 192.168.5.1
    Option: (255) End
        Option End: 255

```
 2019-10-31 09:03:43 +09:00
Zbigniew Jędrzejewski-Szmek
864edb39cf network: rename SendOptions= to SendOption= 
The name with plural made more sense where multiple options could be specified
in one line. After changes in the pull request, this option only accepts one
value, so from users' POV it should be singular.

(The field in the data structure remains plural, because it actually stores
multiple values.)
 2019-10-30 08:56:18 +01:00
Susant Sahani
0f5bd7fe24 network: introduce TrafficControl 
Add network delay to a interface
 2019-10-30 09:33:51 +09:00
Zbigniew Jędrzejewski-Szmek
a5f6f346d3
Merge pull request #13423 from pwithnall/12035-session-time-limits 
Add `RuntimeMaxSec=` support to scope units (time-limited login sessions)
 2019-10-28 14:57:00 +01:00
Philip Withnall
9ed7de605d scope: Support RuntimeMaxSec= directive in scope units 
Just as `RuntimeMaxSec=` is supported for service units, add support for
it to scope units. This will gracefully kill a scope after the timeout
expires from the moment the scope enters the running state.

This could be used for time-limited login sessions, for example.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

Fixes: #12035
 2019-10-28 09:44:31 +01:00
Yu Watanabe
78404d22cc network: support matching based on wifi interfece type 2019-10-25 16:43:18 +09:00
Zbigniew Jędrzejewski-Szmek
510c4bb31f
Merge pull request #13142 from yuwata/network-wifi-ssid-support-nl80211 
network: wifi ssid support with nl80211
 2019-10-23 14:51:23 +02:00
Zbigniew Jędrzejewski-Szmek
c8966bffdd
Merge pull request #13663 from ssahani/dhcp-send-option-data 
network: DHCPv4 client- add support to send arbitary option and data
 2019-10-16 11:31:22 +02:00
Yu Watanabe
277ba8d1ab network: add support matching based on BSSID= 2019-10-15 01:59:56 +09:00
Yu Watanabe
8d968fdd99 network: support matching based on wifi SSID 2019-10-15 01:59:06 +09:00
Susant Sahani
cb29c15605 network: DHCPv4 client: add support to send arbitary option and data 2019-10-15 00:14:02 +09:00
Susant Sahani
c16c780804 network: introduce ip nexthop routing 
Used to manipulate entries in the kernel's nexthop tables.
Example:
```
[NextHop]
Id=3
Gateway=192.168.5.1
```
 2019-10-14 21:32:48 +09:00
Zbigniew Jędrzejewski-Szmek
6e2d361d53
Merge pull request #13696 from keszybz/keep-dhcp-on-restart 
Add a way to differentiate restart from stop and keep dhcp config on restart
 2019-10-03 11:25:12 +02:00
Zbigniew Jędrzejewski-Szmek
a232ebcc2c core: add support for RestartKillSignal= to override signal used for restart jobs 
v2:
- if RestartKillSignal= is not specified, fall back to KillSignal=. This is necessary
  to preserve backwards compatibility (and keep KillSignal= generally useful).
 2019-10-02 14:01:25 +02:00
Susant Sahani
2805536bff network: DHCPv6 client add support for prefix delegation hint 
Add support for prefix hint lenth and prefix hint address
```
Frame 43: 177 bytes on wire (1416 bits), 177 bytes captured (1416 bits) on interface 0
Ethernet II, Src: f6:c1:08:4d:45:f1 (f6:c1:08:4d:45:f1), Dst: IPv6mcast_01:00:02 (33:33:00:01:00:02)
Internet Protocol Version 6, Src: fe80::d250:c82:7f6e:28d6, Dst: ff02::1:2
User Datagram Protocol, Src Port: 546, Dst Port: 547
DHCPv6
    Message type: Solicit (1)
    Transaction ID: 0x5c7902
    Rapid Commit
    Identity Association for Non-temporary Address
    Fully Qualified Domain Name
    Identity Association for Prefix Delegation
        Option: Identity Association for Prefix Delegation (25)
        Length: 41
        Value: 1b97b1690000000000000000001a0019ffffffffffffffff…
        IAID: 1b97b169
        T1: 0
        T2: 0
        IA Prefix
            Option: IA Prefix (26)
            Length: 25
            Value: ffffffffffffffff3c000000000000000000000000000000…
            Preferred lifetime: infinity
            Valid lifetime: infinity
            Prefix length: 60
            Prefix address: ::
    Option Request
    Client Identifier
    Elapsed time
```
 2019-10-01 23:52:40 +09:00
Siddharth Chandrasekara
afe42aef39 dhcp4: make IPServiceType configurable 
IPServiceType set to CS6 (network control) causes problems on some old
network setups that continue to interpret the field as IP TOS.

Make DHCP work on such networks by allowing this field to be set to
CS4 (Realtime) instead, as this maps to IPTOS_LOWDELAY.

Signed-off-by: Siddharth Chandrasekaran <csiddharth@vmware.com>
 2019-09-26 11:39:46 +09:00
Susant Sahani
224ded670f link: Add support to configure NIC ring buffer size 2019-09-24 16:33:35 +02:00
Susant Sahani
299d578f7f network: DHCP server Add support to transmit SIP server 
1. DHCP server trasmit
2. Client parses and saves in leases
Implements http://www.rfc-editor.org/rfc/rfc3361.txt

```
Frame 134: 348 bytes on wire (2784 bits), 348 bytes captured (2784 bits) on interface 0
Ethernet II, Src: 42:65:85:d6:4e:32 (42:65:85:d6:4e:32), Dst: 1e:04:f8:b8:2f:d4 (1e:04:f8:b8:2f:d4)
Internet Protocol Version 4, Src: 192.168.5.1, Dst: 192.168.5.11
User Datagram Protocol, Src Port: 67, Dst Port: 68
Dynamic Host Configuration Protocol (ACK)
    Message type: Boot Reply (2)
    Hardware type: Ethernet (0x01)
    Hardware address length: 6
    Hops: 0
    Transaction ID: 0x7cc87cb4
    Seconds elapsed: 0
    Bootp flags: 0x0000 (Unicast)
    Client IP address: 0.0.0.0
    Your (client) IP address: 192.168.5.11
    Next server IP address: 0.0.0.0
    Relay agent IP address: 0.0.0.0
    Client MAC address: 1e:04:f8:b8:2f:d4 (1e:04:f8:b8:2f:d4)
    Client hardware address padding: 00000000000000000000
    Server host name not given
    Boot file name not given
    Magic cookie: DHCP
    Option: (53) DHCP Message Type (ACK)
        Length: 1
        DHCP: ACK (5)
    Option: (51) IP Address Lease Time
        Length: 4
        IP Address Lease Time: (3600s) 1 hour
    Option: (1) Subnet Mask (255.255.255.0)
        Length: 4
        Subnet Mask: 255.255.255.0
    Option: (3) Router
        Length: 4
        Router: 192.168.5.1
    Option: (6) Domain Name Server
        Length: 4
        Domain Name Server: 192.168.5.1
    Option: (42) Network Time Protocol Servers
        Length: 4
        Network Time Protocol Server: 192.168.1.1
    Option: (120) SIP Servers <=====here
        Length: 9
        SIP Server Encoding: IPv4 Address (1)
        SIP Server Address: 192.168.1.1
        SIP Server Address: 192.168.5.2
    Option: (101) TCode
        Length: 13
        TZ TCode: Europe/Berlin
    Option: (54) DHCP Server Identifier (192.168.5.1)
        Length: 4
        DHCP Server Identifier: 192.168.5.1
    Option: (255) End
        Option End: 255
```

```
cat /run/systemd/netif/state                                                                                                   ✔    3148  16:40:51
OPER_STATE=routable
CARRIER_STATE=carrier
ADDRESS_STATE=routable
DNS=192.168.94.2 192.168.5.1
NTP=192.168.5.1
SIP=192.168.1.1 192.168.5.2

```

aa
 2019-09-20 21:22:23 +09:00
Susant Sahani
5bc945bec4 network dhcp4: Add support send request options in a generic manner 2019-09-20 21:05:48 +09:00
Yu Watanabe
0eb5e6d3f0 dhcp6: use unaligned_read_be32() 
Closes #13591.
 2019-09-20 08:04:15 +00:00
Yu Watanabe
6ffe71d0e2 dhcp6: add missing option length check 
Closes #13578.
 2019-09-17 18:29:20 +00:00
Susant Sahani
203d4df573 network: Add support to advertie ipv6 route 
Implements https://tools.ietf.org/html/rfc4191

cat veth99.network
```
[Match]
Name=veth99

[Network]
DHCP=no
IPv6PrefixDelegation=yes
Address=2001:db8:0:1::1/64

[IPv6Prefix]
Prefix=2001:db8:0:1::4/64

[IPv6RoutePrefix]
Route=2001:db0:fff::/48

```
Wireshark

```
Frame 481: 142 bytes on wire (1136 bits), 142 bytes captured (1136 bits) on interface 0
Ethernet II, Src: 1e:04:f8:b8:2f:d4 (1e:04:f8:b8:2f:d4), Dst: IPv6mcast_01 (33:33:00:00:00:01)
Internet Protocol Version 6, Src: fe80::1c04:f8ff:feb8:2fd4, Dst: ff02::1
Internet Control Message Protocol v6
    Type: Router Advertisement (134)
    Code: 0
    Checksum: 0xec77 [correct]
    [Checksum Status: Good]
    Cur hop limit: 0
    Flags: 0x00, Prf (Default Router Preference): Medium
    Router lifetime (s): 0
    Reachable time (ms): 0
    Retrans timer (ms): 0
    ICMPv6 Option (Source link-layer address : 1e:04:f8:b8:2f:d4)
        Type: Source link-layer address (1)
        Length: 1 (8 bytes)
        Link-layer address: 1e:04:f8:b8:2f:d4 (1e:04:f8:b8:2f:d4)
    ICMPv6 Option (MTU : 1500)
        Type: MTU (5)
        Length: 1 (8 bytes)
        Reserved
        MTU: 1500
    ICMPv6 Option (Prefix information : 2001:db8:0:1::4/64)
        Type: Prefix information (3)
        Length: 4 (32 bytes)
        Prefix Length: 64
        Flag: 0xc0, On-link flag(L), Autonomous address-configuration flag(A)
        Valid Lifetime: 2592000
        Preferred Lifetime: 604800
        Reserved
        Prefix: 2001:db8:0:1::4
    ICMPv6 Option (Route Information : Medium 2001:db0:fff::/48)
        Type: Route Information (24)
        Length: 3 (24 bytes)
        Prefix Length: 48
        Flag: 0x00, Route Preference: Medium
            ...0 0... = Route Preference: Medium (0)
            000. .000 = Reserved: 0
        Route Lifetime: 604800
        Prefix: 2001:db0:fff::
```
 2019-09-17 12:09:59 +02:00
Fabian Henneke
d45ee2f31a udev: Add id program and rule for FIDO security tokens 
Add a fido_id program meant to be run for devices in the hidraw
subsystem via an IMPORT directive. The program parses the HID report
descriptor and assigns the ID_SECURITY_TOKEN environment variable if a
declared usage matches the FIDO_CTAPHID_USAGE declared in the FIDO CTAP
specification. This replaces the previous approach of whitelisting all
known security token models manually.

This commit is accompanied by a test suite and a fuzzer target for the
descriptor parsing routine.

Fixes: #11996.
 2019-09-07 02:23:58 +09:00
Yu Watanabe
f6c6ff97f5 network: add RoutingPolicyRule.Family= setting 
Closes #13233.
 2019-08-16 22:02:17 +09:00
Yu Watanabe
e8489008cb network: rename IGMPVersion= -> MulticastIGMPVersion= 2019-07-26 11:00:56 +09:00
Yu Watanabe
4bd04e3dcb network: drop recently added settings from deprecated [DHCP] section 2019-07-25 12:39:33 +09:00
Susant Sahani
afa51e2dfb networkd: bridge add support to set IGMP version 2019-07-25 10:05:06 +09:00
Luca Boccassi
65224c1d0e core: rename ShutdownWatchdogSec to RebootWatchdogSec 
This option is only used on reboot, not on other types of shutdown
modes, so it is misleading.
Keep the old name working for backward compatibility, but remove it
from the documentation.
 2019-07-23 20:29:03 +01:00
Luca Boccassi
acafd7d8a6 core: add KExecWatchdogSec option 
Rather than always enabling the shutdown WD on kexec, which might be
dangerous in case the kernel driver and/or the hardware implementation
does not reset the wd on kexec, add a new timer, disabled by default,
to let users optionally enable the shutdown WD on kexec separately
from the runtime and reboot ones. Advise in the documentation to
also use the runtime WD in conjunction with it.

Fixes: a637d0f9ec ("core: set shutdown watchdog on kexec too")
 2019-07-23 20:29:03 +01:00
Yu Watanabe
a24e12f020 network: add DHCPv4.RoutesToDNS= setting 2019-07-19 01:49:39 +09:00
Anita Zhang
31cd5f63ce core: ExecCondition= for services 
Closes #10596
 2019-07-17 11:35:02 +02:00
Yu Watanabe
b956364db0 network: rename Neighbor.MACAddress= to Neighbor.LinkLayerAddress= 
And make it support IPv4 address.

Closes #13015.
 2019-07-11 22:22:29 +09:00
Lennart Poettering
7e82b4059b
Merge pull request #13006 from yuwata/network-split-dhcp-12917 
networkd: DHCPv6 - separate DHCPv6 options from DHCPv4 options
 2019-07-11 10:28:03 +02:00
Yu Watanabe
8c9c703c55 network: add AssignToLoopback= setting to [Tunnel] section 
networkd does not manage loopback interface lo. So, previously, we have
no way to assign tunnel devices to lo.
 2019-07-11 09:59:06 +09:00
Yu Watanabe
f392c06566
Merge pull request #12863 from 1848/if_xfrm 
Added support for xfrm interfaces
 2019-07-10 23:04:49 +09:00
1848
98d20a17a9 Added support for xfrm interfaces 2019-07-10 23:02:19 +09:00
Yu Watanabe
e4443f9bfc network: fix memleak 
set_put() does not return -EEXIST.

Fixes #12995 and oss-fuzz#15678.
 2019-07-10 12:27:48 +02:00
Yu Watanabe
4f7331a85e network: rename [DHCP] section to [DHCPv4] 
To keep the backward compatibility broken by the previous commit.
 2019-07-10 17:33:09 +09:00
Susant Sahani
caa8ca4286 networkd: DHCPv6 - separate DHCPv6 options from DHCPv4 options 
Closes https://github.com/systemd/systemd/issues/12917
 2019-07-10 16:59:29 +09:00
Yu Watanabe
44005bfb4e network,udev: add Property= setting in [Match] section 
Closes #5665.
 2019-07-01 01:24:42 +09:00
Evgeny Vereshchagin
9bd2422ac3 travis: turn on nonnull-attribute on Fuzzit 2019-06-15 23:12:24 +02:00
Zbigniew Jędrzejewski-Szmek
4b381a9ef6
Merge pull request #12753 from jrouleau/fix/hibernate-resume-timeout 
hibernate-resume: fix resume device timeout
 2019-06-15 17:50:37 +02:00
Susant Sahani
7da377ef16 networkd: add support to keep configuration 2019-06-06 22:50:29 +09:00
Jonathan Rouleau
8b6805a25b hibernate-resume: add resumeflags= kernel option 
Adds the resumeflags= kernel command line option to allow setting a
custom device timeout for the resume device (defaults to the same as the
root device).
 2019-06-05 18:59:05 -06:00
Yu Watanabe
75eed300a9 network: Allow IFF_VNET_HDR to also be set for tun devices 
f5f07dbf06 adds VnetHeader= for tap
devices, but the flag is also used for tun devices.
This adds VnetHeader= setting in [Tun] section.
 2019-05-22 17:58:46 +09:00
Susant Sahani
e520ce6440 networkd: Ability to selectively ignore IPv6 prefixes supplied via router advertisement 
Closes https://github.com/systemd/systemd/issues/10647
 2019-05-19 22:23:06 +09:00
Yu Watanabe
e7b621ee1f
Merge pull request #12586 from ssahani/route-properties 
Route properties
 2019-05-18 10:31:37 +09:00
Susant Sahani
9b88f20aba networkd: route add MPLS TTL propagate 2019-05-18 10:30:41 +09:00
Susant Sahani
8f02c9b085 networkd: FOU netdev add support to configure peer port 2019-05-18 10:25:36 +09:00
Zbigniew Jędrzejewski-Szmek
be44e09162 shared/varlink: add missing setting of output_buffer_allocated 
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14708,
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14735,
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14725,
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14720,
and probably others.
 2019-05-17 15:09:32 +02:00
Yu Watanabe
8688c29b5a varlink: initialize Varlink with 0 
Closes oss-fuzz#14688.
 2019-05-16 18:51:33 +02:00
Yu Watanabe
db439337f9
Merge pull request #12576 from ssahani/fou 
networkd: FOU tunnel support Local and Peer tunnel addresses
 2019-05-16 05:10:35 +02:00
Susant Sahani
4502a61c8a networkd: FOU tunnel support Local and Peer tunnel addresses 2019-05-16 10:24:48 +09:00
Susant Sahani
69c317a07f networkd: introduce netdev ipvtap 
This patch adds netdev ipvtap that is based on the
IP-VLAN network interface, called ipvtap. An ipvtap device can be created
in the same way as an ipvlan device, using 'kind ipvtap', and then accessed
using the tap user space interface.
 2019-05-16 09:48:53 +09:00
Yu Watanabe
5d5003ab35 network: add DefaultRouteOnDevice= setting in [Network] section 
When enabled, then default route bound to the interface will be created.
This is useful when adding routes on point-to-point interfaces.

Closes #788.
 2019-05-15 12:44:30 +09:00
Yu Watanabe
6e114a2475
Merge pull request #12555 from ssahani/route-properties 
networkd: route add support to configure fastopen_no_cookie
 2019-05-14 09:03:52 +02:00
Susant Sahani
1501b429a9 networkd: DHCP client add support to send RELEASE packet 
closes #10820
 2019-05-14 09:03:01 +02:00
Susant Sahani
633c725865 networkd: route add support to configure fastopen_no_cookie 
This patch adds fastopen_no_cookie option to enable/disable TCP fastopen
without a cookie on a per-route basis.
 2019-05-14 08:08:36 +05:30
Susant Sahani
bdb397ed10 networkd: bridge FDB support more NTF_* flags 
Add support to configure NTF_ROUTER and NTF_USE
 2019-05-14 02:24:51 +02:00
Yu Watanabe
cd43199671
Merge pull request #12520 from ssahani/geneve 
networkd: Geneve add DF feature and allow TTL to bechosen by kernel
 2019-05-10 19:47:19 +02:00
Susant Sahani
aac350192b networkd: Geneve add support configure IP don't fragment 2019-05-10 22:45:26 +09:00
Yu Watanabe
5af7bc6f4c
Merge pull request #12480 from ssahani/proxy-arp 
network: bridge add support to configure proxy ARP/WIFI
 2019-05-10 15:30:41 +02:00
Susant Sahani
727b573418 networkd: Add support for blacklisting servers 
closes #6260

fuzzer: Add DHCP support for blacklisting servers
 2019-05-10 15:29:55 +02:00
Lennart Poettering
d768467563 fuzzer: add varlink fuzzer 2019-05-09 14:14:20 -04:00
Susant Sahani
0fadb2a46f network: add support to configure proxy ARP/WIFI 2019-05-09 15:03:04 +09:00
Susant Sahani
1189c00a3c networkd: VXLAN add support to configure IP Don't fragment. 
Allow users to set the IPv4 DF bit in outgoing packets, or to inherit its
value from the IPv4 inner header. If the encapsulated protocol is IPv6 and
DF is configured to be inherited, always set it.
 2019-05-09 06:40:33 +02:00
Susant Sahani
1087623bac networkd: Add support to configure proxy ARP and proxy ARP Wifi 2019-05-09 01:44:26 +02:00
Zbigniew Jędrzejewski-Szmek
d1c377da0d
Merge pull request #12489 from ssahani/vxlan 
networkd: VXLAN rename Id to VNI
 2019-05-08 12:02:54 +02:00
Susant Sahani
61b824c561 networkd: bridge fdb add support to configure VXLAN VNI 2019-05-08 03:43:43 +02:00
Zbigniew Jędrzejewski-Szmek
29e19a6f19 fuzz: fix spelling of MACsec and MACAddress in the corpus 2019-05-08 06:53:07 +05:30
Susant Sahani
4cc0fd7531 networkd: VXLAN add support to configure Generic Protocol Extension 
See https://tools.ietf.org/html/draft-ietf-nvo3-vxlan-gpe-07
 2019-05-08 06:52:42 +05:30
Zbigniew Jędrzejewski-Szmek
9175aabfb6
Merge pull request #12481 from ssahani/dhcp-max-retry 
networkd: Allow DHCP4 client to set the number to attempt to configure/reconfigure
 2019-05-07 19:58:40 +02:00
Susant Sahani
6f213e4a34 networkd: VXLAN rename Id to VNI 
It makes more sense to call VXLAN ID as

1. the VXLAN Network Identifier (VNI) (or VXLAN Segment ID)
2. test-network: rename VXLAN Id to VNI
3. fuzzer: Add VXLAN VNI directive to fuzzer
 2019-05-07 20:52:11 +05:30
Susant Sahani
715cedfbf0 networkd: Allow DHCP4 client to set the number to attempt to reconfigure. 
Otherwise current value is 6 and after 6 it will give up.
 2019-05-07 17:12:04 +02:00
Yu Watanabe
1c30b174ed network: rename WireGuard.FwMark -> FirewallMark 
For the consistency with FirewallMark= in [RoutingPolicyRule] section.
 2019-05-04 17:20:23 +02:00
Susant Sahani
c2c2793f39 networkd: Add support to configure destination address for bridge FDB 
Closes #5145.

Example conf:
```
[Match]
Name=vxlan1309

[BridgeFDB]
MACAddress=00:00:00:00:00:00
Destination=10.0.0.2

[BridgeFDB]
MACAddress=00:00:00:00:00:00
Destination=10.0.0.4

[BridgeFDB]
MACAddress=00:00:00:00:00:00
Destination=10.0.0.5
```
 2019-05-03 06:11:52 +02:00
Jan Klötzke
dc653bf487 service: handle abort stops with dedicated timeout 
When shooting down a service with SIGABRT the user might want to have a
much longer stop timeout than on regular stops/shutdowns. Especially in
the face of short stop timeouts the time might not be sufficient to
write huge core dumps before the service is killed.

This commit adds a dedicated (Default)TimeoutAbortSec= timer that is
used when stopping a service via SIGABRT. In all other cases the
existing TimeoutStopSec= is used. The timer value is unset by default
to skip the special handling and use TimeoutStopSec= for state
'stop-watchdog' to keep the old behaviour.

If the service is in state 'stop-watchdog' and the service should be
stopped explicitly we still go to 'stop-sigterm' and re-apply the usual
TimeoutStopSec= timeout.
 2019-04-12 17:32:52 +02:00
Yu Watanabe
b0e13c3122 network: add MACsecTransmitAssociation.UseForEncoding= setting 2019-04-12 10:12:42 +09:00
Yu Watanabe
a7b9c52f1f network: add MACsec*Association.Activate= setting 2019-04-12 10:12:42 +09:00
Yu Watanabe
eb4705fb36 network: add MACsec*Association.KeyFile= setting 2019-04-12 10:12:42 +09:00
Susant Sahani
81962db798 network: Introduce MACsec 
Media Access Control Security (MACsec) is an 802.1AE IEEE
industry-standard security technology that provides secure
communication for all traffic on Ethernet links.
MACsec provides point-to-point security on Ethernet links between
directly connected nodes and is capable of identifying and preventing
most security threats, including denial of service, intrusion,
man-in-the-middle, masquerading, passive wiretapping, and playback attacks.

Closes #5754
 2019-04-12 10:12:41 +09:00
Zbigniew Jędrzejewski-Szmek
f0ae945ecc bus-message: validate signature in gvariant messages 
We would accept a message with 40k signature and spend a lot of time iterating
over the nested arrays. Let's just reject it early, as we do for !gvariant
messages.
 2019-04-11 14:01:38 +02:00
Yu Watanabe
86a3d44de5 network: fix use-of-uninitialized-value or null dereference 
This fixes a bug introduced by 6ef5c881dd.

Fixes oss-fuzz#14157 and oss-fuzz#14158.
 2019-04-10 18:18:11 +09:00
Zbigniew Jędrzejewski-Szmek
52efbd8f0e
Merge pull request #12223 from yuwata/network-wireguard-preshared-key-file 
network: add PresharedKeyFile= setting and make reading key file failure fatal
 2019-04-09 10:52:52 +02:00
Yu Watanabe
a3945c6361 network: add WireGuardPeer.PresharedKeyFile= setting 2019-04-09 15:50:22 +09:00
Yu Watanabe
daa4aca1cb calendarspec: fix possible integer overflow 
Fixes oss-fuzz#14108.
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14108
 2019-04-08 00:50:07 +09:00