diff options
| -rw-r--r-- | man/systemd.network.xml | 188 | ||||
| -rw-r--r-- | src/core/scope.c | 7 | ||||
| -rw-r--r-- | src/core/unit.c | 11 | ||||
| -rw-r--r-- | src/network/netdev/tunnel.c | 70 | ||||
| -rw-r--r-- | src/network/networkd-link.c | 5 |
5 files changed, 190 insertions, 91 deletions
diff --git a/man/systemd.network.xml b/man/systemd.network.xml index 0fa68b7623..c7083a4fe6 100644 --- a/man/systemd.network.xml +++ b/man/systemd.network.xml @@ -614,47 +614,57 @@ <varlistentry> <term><varname>Bridge=</varname></term> <listitem> - <para>The name of the bridge to add the link to.</para> + <para>The name of the bridge to add the link to. See + <citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>. + </para> </listitem> </varlistentry> <varlistentry> <term><varname>Bond=</varname></term> <listitem> - <para>The name of the bond to add the link to.</para> + <para>The name of the bond to add the link to. See + <citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>. + </para> </listitem> </varlistentry> <varlistentry> <term><varname>VRF=</varname></term> <listitem> - <para>The name of the VRF to add the link to.</para> + <para>The name of the VRF to add the link to. See + <citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>. + </para> </listitem> </varlistentry> <varlistentry> <term><varname>VLAN=</varname></term> <listitem> - <para>The name of a VLAN to create on the link. This - option may be specified more than once.</para> + <para>The name of a VLAN to create on the link. See + <citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>. + This option may be specified more than once.</para> </listitem> </varlistentry> <varlistentry> <term><varname>MACVLAN=</varname></term> <listitem> - <para>The name of a MACVLAN to create on the link. This - option may be specified more than once.</para> + <para>The name of a MACVLAN to create on the link. See + <citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>. + This option may be specified more than once.</para> </listitem> </varlistentry> <varlistentry> <term><varname>VXLAN=</varname></term> <listitem> - <para>The name of a VXLAN to create on the link. This - option may be specified more than once.</para> + <para>The name of a VXLAN to create on the link. See + <citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>. + This option may be specified more than once.</para> </listitem> </varlistentry> <varlistentry> <term><varname>Tunnel=</varname></term> <listitem> - <para>The name of a Tunnel to create on the link. This - option may be specified more than once.</para> + <para>The name of a Tunnel to create on the link. See + <citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>. + This option may be specified more than once.</para> </listitem> </varlistentry> </variablelist> @@ -1293,53 +1303,75 @@ </refsect1> <refsect1> - <title>Example</title> + <title>Examples</title> <example> - <title>/etc/systemd/network/50-static.network</title> + <title>Static network configuration</title> - <programlisting>[Match] + <programlisting># /etc/systemd/network/50-static.network +[Match] Name=enp2s0 [Network] Address=192.168.0.15/24 Gateway=192.168.0.1</programlisting> + + <para>This brings interface <literal>enp2s0</literal> up with a static address. The + specified gateway will be used for a default route.</para> </example> <example> - <title>/etc/systemd/network/80-dhcp.network</title> + <title>DHCP on ethernet links</title> - <programlisting>[Match] + <programlisting># /etc/systemd/network/80-dhcp.network +[Match] Name=en* [Network] DHCP=yes</programlisting> + + <para>This will enable DHCPv4 and DHCPv6 on all interfaces with names starting with + <literal>en</literal> (i.e. ethernet interfaces).</para> </example> <example> - <title>/etc/systemd/network/25-bridge-static.network</title> + <title>A bridge with two enslaved links</title> - <programlisting>[Match] + <programlisting># /etc/systemd/network/25-bridge-static.network +[Match] Name=bridge0 [Network] Address=192.168.0.15/24 Gateway=192.168.0.1 DNS=192.168.0.1</programlisting> - </example> - - <example> - <title>/etc/systemd/network/25-bridge-slave-interface.network</title> - <programlisting>[Match] + <programlisting># /etc/systemd/network/25-bridge-slave-interface-1.network +[Match] Name=enp2s0 [Network] Bridge=bridge0</programlisting> + + <programlisting># /etc/systemd/network/25-bridge-slave-interface-2.network +[Match] +Name=wlp3s0 + +[Network] +Bridge=bridge0</programlisting> + + <para>This creates a bridge and attaches devices <literal>enp2s0</literal> and + <literal>wlp3s0</literal> to it. The bridge will have the specified static address + and network assigned, and a default route via the specified gateway will be + added. The specified DNS server will be added to the global list of DNS resolvers. + </para> </example> + <example> - <title>/etc/systemd/network/25-bridge-slave-interface-vlan.network</title> + <title></title> - <programlisting>[Match] + <programlisting> +# /etc/systemd/network/20-bridge-slave-interface-vlan.network +[Match] Name=enp2s0 [Network] @@ -1355,66 +1387,106 @@ VLAN=100-200 [BridgeVLAN] EgressUntagged=300-400</programlisting> - </example> - <example> - <title>/etc/systemd/network/25-ipip.network</title> - - <programlisting>[Match] -Name=em1 -[Network] -Tunnel=ipip-tun</programlisting> + <para>This overrides the configuration specified in the previous example for the + interface <literal>enp2s0</literal>, and enables VLAN on that bridge port. VLAN IDs + 1-32, 42, 100-400 will be allowed. Packets tagged with VLAN IDs 42, 300-400 will be + untagged when they leave on this interface. Untagged packets which arrive on this + interface will be assigned VLAN ID 42.</para> </example> <example> - <title>/etc/systemd/network/25-sit.network</title> + <title>Various tunnels</title> - <programlisting>[Match] -Name=em1 + <programlisting>/etc/systemd/network/25-tunnels.network +[Match] +Name=ens1 [Network] -Tunnel=sit-tun</programlisting> +Tunnel=ipip-tun +Tunnel=sit-tun +Tunnel=gre-tun +Tunnel=vti-tun + </programlisting> + + <programlisting>/etc/systemd/network/25-tunnel-ipip.netdev +[NetDev] +Name=ipip-tun +Kind=ipip + </programlisting> + + <programlisting>/etc/systemd/network/25-tunnel-sit.netdev +[NetDev] +Name=sit-tun +Kind=sit + </programlisting> + + <programlisting>/etc/systemd/network/25-tunnel-gre.netdev +[NetDev] +Name=gre-tun +Kind=gre + </programlisting> + + <programlisting>/etc/systemd/network/25-tunnel-vti.netdev +[NetDev] +Name=vti-tun +Kind=vti + </programlisting> + + <para>This will bring interface <literal>ens1</literal> up and create an IPIP tunnel, + a SIT tunnel, a GRE tunnel, and a VTI tunnel using it.</para> </example> <example> - <title>/etc/systemd/network/25-gre.network</title> + <title>A bond device</title> - <programlisting>[Match] -Name=em1 + <programlisting># /etc/systemd/network/30-bond1.network +[Match] +Name=bond1 [Network] -Tunnel=gre-tun</programlisting> - </example> +DHCP=ipv6 +</programlisting> - <example> - <title>/etc/systemd/network/25-vti.network</title> + <programlisting># /etc/systemd/network/30-bond1.netdev +[NetDev] +Name=bond1 +Kind=bond +</programlisting> - <programlisting>[Match] -Name=em1 + <programlisting># /etc/systemd/network/30-bond1-dev1.nework +[Match] +MACAddress=52:54:00:e9:64:41 [Network] -Tunnel=vti-tun</programlisting> - </example> - - <example> - <title>/etc/systemd/network/25-bond.network</title> +Bond=bond1 +</programlisting> - <programlisting>[Match] -Name=bond1 + <programlisting># /etc/systemd/network/30-bond1-dev2.nework +[Match] +MACAddress=52:54:00:e9:64:42 [Network] -DHCP=yes +Bond=bond1 </programlisting> + + <para>This will create a bond device <literal>bond1</literal> and enslave the two + devices with MAC addresses 52:54:00:e9:64:41 and 52:54:00:e9:64:42 to it. IPv6 DHCP + will be used to acquire an address.</para> </example> <example> - <title>/etc/systemd/network/25-vrf.network</title> - <para>Add the bond1 interface to the VRF master interface vrf-test. This will redirect routes generated on this interface to be within the routing table defined during VRF creation. Traffic won't be redirected towards the VRFs routing table unless specific ip-rules are added.</para> - <programlisting>[Match] + <title>Virtual Routing and Forwarding (VRF)</title> + <para>Add the <literal>bond1</literal> interface to the VRF master interface + <literal>vrf1</literal>. This will redirect routes generated on this interface to be + within the routing table defined during VRF creation. Traffic won't be redirected + towards the VRFs routing table unless specific ip-rules are added.</para> + <programlisting># /etc/systemd/network/25-vrf.network +[Match] Name=bond1 [Network] -VRF=vrf-test +VRF=vrf1 </programlisting> </example> diff --git a/src/core/scope.c b/src/core/scope.c index d6e1f8e392..9540fb67d9 100644 --- a/src/core/scope.c +++ b/src/core/scope.c @@ -273,7 +273,9 @@ static void scope_enter_signal(Scope *s, ScopeState state, ScopeResult f) { if (state == SCOPE_STOP_SIGTERM) skip_signal = bus_scope_send_request_stop(s) > 0; - if (!skip_signal) { + if (skip_signal) + r = 1; /* wait */ + else { r = unit_kill_context( UNIT(s), &s->kill_context, @@ -283,8 +285,7 @@ static void scope_enter_signal(Scope *s, ScopeState state, ScopeResult f) { -1, -1, false); if (r < 0) goto fail; - } else - r = 1; + } if (r > 0) { r = scope_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), s->timeout_stop_usec)); diff --git a/src/core/unit.c b/src/core/unit.c index e485c01fc1..ab40135736 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -3755,14 +3755,14 @@ int unit_kill_context( bool main_pid_alien) { bool wait_for_exit = false, send_sighup; - cg_kill_log_func_t log_func; + cg_kill_log_func_t log_func = NULL; int sig, r; assert(u); assert(c); - /* Kill the processes belonging to this unit, in preparation for shutting the unit down. Returns > 0 if we - * killed something worth waiting for, 0 otherwise. */ + /* Kill the processes belonging to this unit, in preparation for shutting the unit down. + * Returns > 0 if we killed something worth waiting for, 0 otherwise. */ if (c->kill_mode == KILL_NONE) return 0; @@ -3774,9 +3774,8 @@ int unit_kill_context( IN_SET(k, KILL_TERMINATE, KILL_TERMINATE_AND_LOG) && sig != SIGHUP; - log_func = - k != KILL_TERMINATE || - IN_SET(sig, SIGKILL, SIGABRT) ? log_kill : NULL; + if (k != KILL_TERMINATE || IN_SET(sig, SIGKILL, SIGABRT)) + log_func = log_kill; if (main_pid > 0) { if (log_func) diff --git a/src/network/netdev/tunnel.c b/src/network/netdev/tunnel.c index b03e770061..c11ac0c539 100644 --- a/src/network/netdev/tunnel.c +++ b/src/network/netdev/tunnel.c @@ -397,16 +397,31 @@ static int netdev_tunnel_verify(NetDev *netdev, const char *filename) { assert(t); - if (t->family != AF_INET && t->family != AF_INET6 && t->family != 0) { - log_warning("Tunnel with invalid address family configured in %s. Ignoring", filename); + if (!IN_SET(t->family, AF_INET, AF_INET6, AF_UNSPEC)) { + log_netdev_error(netdev, + "Tunnel with invalid address family configured in %s. Ignoring", filename); return -EINVAL; } - if (netdev->kind == NETDEV_KIND_IP6TNL) { - if (t->ip6tnl_mode == _NETDEV_IP6_TNL_MODE_INVALID) { - log_warning("IP6 Tunnel without mode configured in %s. Ignoring", filename); - return -EINVAL; - } + if (netdev->kind == NETDEV_KIND_VTI && + (t->family != AF_INET || in_addr_is_null(t->family, &t->local))) { + log_netdev_error(netdev, + "vti tunnel without a local IPv4 address configured in %s. Ignoring", filename); + return -EINVAL; + } + + if (netdev->kind == NETDEV_KIND_VTI6 && + (t->family != AF_INET6 || in_addr_is_null(t->family, &t->local))) { + log_netdev_error(netdev, + "vti6 tunnel without a local IPv4 address configured in %s. Ignoring", filename); + return -EINVAL; + } + + if (netdev->kind == NETDEV_KIND_IP6TNL && + t->ip6tnl_mode == _NETDEV_IP6_TNL_MODE_INVALID) { + log_netdev_error(netdev, + "ip6tnl without mode configured in %s. Ignoring", filename); + return -EINVAL; } return 0; @@ -431,26 +446,40 @@ int config_parse_tunnel_address(const char *unit, assert(rvalue); assert(data); + /* This is used to parse addresses on both local and remote ends of the tunnel. + * Address families must match. + * + * "any" is a special value which means that the address is unspecified. + */ + if (streq(rvalue, "any")) { - t->family = 0; + *addr = IN_ADDR_NULL; + + /* As a special case, if both the local and remote addresses are + * unspecified, also clear the address family. + */ + if (t->family != AF_UNSPEC && + in_addr_is_null(t->family, &t->local) && + in_addr_is_null(t->family, &t->remote)) + t->family = AF_UNSPEC; return 0; - } else { + } - r = in_addr_from_string_auto(rvalue, &f, &buffer); - if (r < 0) { - log_syntax(unit, LOG_ERR, filename, line, r, "Tunnel address is invalid, ignoring assignment: %s", rvalue); - return 0; - } + r = in_addr_from_string_auto(rvalue, &f, &buffer); + if (r < 0) { + log_syntax(unit, LOG_ERR, filename, line, r, + "Tunnel address \"%s\" invalid, ignoring assignment: %m", rvalue); + return 0; + } - if (t->family != AF_UNSPEC && t->family != f) { - log_syntax(unit, LOG_ERR, filename, line, 0, "Tunnel addresses incompatible, ignoring assignment: %s", rvalue); - return 0; - } + if (t->family != AF_UNSPEC && t->family != f) { + log_syntax(unit, LOG_ERR, filename, line, 0, + "Tunnel addresses incompatible, ignoring assignment: %s", rvalue); + return 0; } t->family = f; *addr = buffer; - return 0; } @@ -578,7 +607,6 @@ static void ipip_init(NetDev *n) { assert(t); t->pmtudisc = true; - t->family = AF_UNSPEC; } static void sit_init(NetDev *n) { @@ -588,7 +616,6 @@ static void sit_init(NetDev *n) { assert(t); t->pmtudisc = true; - t->family = AF_UNSPEC; } static void vti_init(NetDev *n) { @@ -619,7 +646,6 @@ static void gre_init(NetDev *n) { assert(t); t->pmtudisc = true; - t->family = AF_UNSPEC; } static void ip6gre_init(NetDev *n) { diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c index dd0e33a1ce..8d6992cee8 100644 --- a/src/network/networkd-link.c +++ b/src/network/networkd-link.c @@ -255,9 +255,10 @@ static int link_enable_ipv6(Link *link) { r = write_string_file(p, one_zero(disabled), WRITE_STRING_FILE_VERIFY_ON_FAILURE); if (r < 0) - log_link_warning_errno(link, r, "Cannot %s IPv6 for interface %s: %m", disabled ? "disable" : "enable", link->ifname); + log_link_warning_errno(link, r, "Cannot %s IPv6 for interface %s: %m", + enable_disable(!disabled), link->ifname); else - log_link_info(link, "IPv6 %sd for interface: %m", enable_disable(!disabled)); + log_link_info(link, "IPv6 successfully %sd", enable_disable(!disabled)); return 0; } |