diff options
| -rw-r--r-- | Makefile.am | 6 | ||||
| -rw-r--r-- | man/systemd-networkd-wait-online.service.xml | 3 | ||||
| -rw-r--r-- | man/systemd.netdev.xml | 9 | ||||
| -rw-r--r-- | src/boot/efi/boot.c | 28 | ||||
| -rw-r--r-- | src/boot/efi/disk.c | 51 | ||||
| -rw-r--r-- | src/boot/efi/disk.h | 21 | ||||
| -rw-r--r-- | src/boot/efi/stub.c | 6 | ||||
| -rw-r--r-- | src/libsystemd/sd-netlink/netlink-message.c | 18 | ||||
| -rw-r--r-- | src/libsystemd/sd-netlink/netlink-types.c | 38 | ||||
| -rw-r--r-- | src/libsystemd/sd-netlink/netlink-types.h | 1 | ||||
| -rw-r--r-- | src/network/networkd-netdev-gperf.gperf | 1 | ||||
| -rw-r--r-- | src/network/networkd-netdev-tunnel.c | 12 | ||||
| -rw-r--r-- | src/network/networkd-netdev-tunnel.h | 5 | ||||
| -rw-r--r-- | src/network/networkd-netdev-vxlan.c | 8 | ||||
| -rw-r--r-- | src/network/networkd-netdev-vxlan.h | 1 | ||||
| -rw-r--r-- | src/network/networkd-wait-online-manager.c | 8 | ||||
| -rw-r--r-- | src/systemd/sd-netlink.h | 1 |
17 files changed, 161 insertions, 56 deletions
diff --git a/Makefile.am b/Makefile.am index e908ca2984..4953d8d782 100644 --- a/Makefile.am +++ b/Makefile.am @@ -2519,13 +2519,15 @@ systemd_boot_headers = \ src/boot/efi/util.h \ src/boot/efi/console.h \ src/boot/efi/graphics.h \ - src/boot/efi/pefile.h + src/boot/efi/pefile.h \ + src/boot/efi/disk.h systemd_boot_sources = \ src/boot/efi/util.c \ src/boot/efi/console.c \ src/boot/efi/graphics.c \ src/boot/efi/pefile.c \ + src/boot/efi/disk.c \ src/boot/efi/boot.c EXTRA_DIST += $(systemd_boot_sources) $(systemd_boot_headers) @@ -2558,6 +2560,7 @@ endif stub_headers = \ src/boot/efi/util.h \ src/boot/efi/pefile.h \ + src/boot/efi/disk.h \ src/boot/efi/graphics.h \ src/boot/efi/splash.h \ src/boot/efi/linux.h @@ -2565,6 +2568,7 @@ stub_headers = \ stub_sources = \ src/boot/efi/util.c \ src/boot/efi/pefile.c \ + src/boot/efi/disk.c \ src/boot/efi/graphics.c \ src/boot/efi/splash.c \ src/boot/efi/linux.c \ diff --git a/man/systemd-networkd-wait-online.service.xml b/man/systemd-networkd-wait-online.service.xml index f53b337daa..bcc5776a8d 100644 --- a/man/systemd-networkd-wait-online.service.xml +++ b/man/systemd-networkd-wait-online.service.xml @@ -80,7 +80,8 @@ several interfaces which will be configured, but a particular one is necessary to access some network resources. This option may be used more than once to wait for multiple network - interfaces.</para></listitem> + interfaces. When used, all other interfaces are ignored. + </para></listitem> </varlistentry> <varlistentry> <term><option>--ignore=</option></term> diff --git a/man/systemd.netdev.xml b/man/systemd.netdev.xml index 92e20bd53f..a78ceb1252 100644 --- a/man/systemd.netdev.xml +++ b/man/systemd.netdev.xml @@ -441,6 +441,15 @@ <para>A boolean. When true receiving zero checksums in VXLAN/IPv6 is turned on.</para> </listitem> </varlistentry> + <varlistentry> + <term><varname>GroupPolicyExtension=</varname></term> + <listitem> + <para>A boolean. When true it enables Group Policy VXLAN extension security label mechanism + across network peers based on VXLAN. For details about the Group Policy VXLAN see the + <ulink url="https://tools.ietf.org/html/draft-smith-vxlan-group-policy"> + VXLAN Group Policy </ulink> document. Defaults to false.</para> + </listitem> + </varlistentry> </variablelist> </refsect1> <refsect1> diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c index e8cd8abd26..dde0c41744 100644 --- a/src/boot/efi/boot.c +++ b/src/boot/efi/boot.c @@ -22,6 +22,7 @@ #include "console.h" #include "graphics.h" #include "pefile.h" +#include "disk.h" #include "linux.h" #ifndef EFI_OS_INDICATIONS_BOOT_TO_FW_UI @@ -1696,11 +1697,11 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { EFI_LOADED_IMAGE *loaded_image; EFI_FILE *root_dir; CHAR16 *loaded_image_path; - EFI_DEVICE_PATH *device_path; EFI_STATUS err; Config config; UINT64 init_usec; BOOLEAN menu = FALSE; + CHAR16 uuid[37]; InitializeLib(image, sys_table); init_usec = time_usec(); @@ -1722,29 +1723,8 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { } /* export the device path this image is started from */ - device_path = DevicePathFromHandle(loaded_image->DeviceHandle); - if (device_path) { - EFI_DEVICE_PATH *path, *paths; - - paths = UnpackDevicePath(device_path); - for (path = paths; !IsDevicePathEnd(path); path = NextDevicePathNode(path)) { - HARDDRIVE_DEVICE_PATH *drive; - CHAR16 uuid[37]; - - if (DevicePathType(path) != MEDIA_DEVICE_PATH) - continue; - if (DevicePathSubType(path) != MEDIA_HARDDRIVE_DP) - continue; - drive = (HARDDRIVE_DEVICE_PATH *)path; - if (drive->SignatureType != SIGNATURE_TYPE_GUID) - continue; - - GuidToString(uuid, (EFI_GUID *)&drive->Signature); - efivar_set(L"LoaderDevicePartUUID", uuid, FALSE); - break; - } - FreePool(paths); - } + if (disk_get_part_uuid(loaded_image->DeviceHandle, uuid) == EFI_SUCCESS) + efivar_set(L"LoaderDevicePartUUID", uuid, FALSE); root_dir = LibOpenRoot(loaded_image->DeviceHandle); if (!root_dir) { diff --git a/src/boot/efi/disk.c b/src/boot/efi/disk.c new file mode 100644 index 0000000000..96063fbc28 --- /dev/null +++ b/src/boot/efi/disk.c @@ -0,0 +1,51 @@ +/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ + +/* + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation; either version 2.1 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * Copyright (C) 2015 Kay Sievers <kay@vrfy.org> + */ + +#include <efi.h> +#include <efilib.h> + +#include "util.h" + +EFI_STATUS disk_get_part_uuid(EFI_HANDLE *handle, CHAR16 uuid[37]) { + EFI_DEVICE_PATH *device_path; + EFI_STATUS r = EFI_NOT_FOUND; + + /* export the device path this image is started from */ + device_path = DevicePathFromHandle(handle); + if (device_path) { + EFI_DEVICE_PATH *path, *paths; + + paths = UnpackDevicePath(device_path); + for (path = paths; !IsDevicePathEnd(path); path = NextDevicePathNode(path)) { + HARDDRIVE_DEVICE_PATH *drive; + + if (DevicePathType(path) != MEDIA_DEVICE_PATH) + continue; + if (DevicePathSubType(path) != MEDIA_HARDDRIVE_DP) + continue; + drive = (HARDDRIVE_DEVICE_PATH *)path; + if (drive->SignatureType != SIGNATURE_TYPE_GUID) + continue; + + GuidToString(uuid, (EFI_GUID *)&drive->Signature); + r = EFI_SUCCESS; + break; + } + FreePool(paths); + } + + return r; +} diff --git a/src/boot/efi/disk.h b/src/boot/efi/disk.h new file mode 100644 index 0000000000..1b25343a00 --- /dev/null +++ b/src/boot/efi/disk.h @@ -0,0 +1,21 @@ +/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ + +/* + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation; either version 2.1 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * Copyright (C) 2015 Kay Sievers <kay@vrfy.org> + */ + +#ifndef __SDBOOT_DISK_H +#define __SDBOOT_DISK_H + +EFI_STATUS disk_get_part_uuid(EFI_HANDLE *handle, CHAR16 uuid[37]); +#endif diff --git a/src/boot/efi/stub.c b/src/boot/efi/stub.c index 0b1bc491ed..0c5ee4e9ff 100644 --- a/src/boot/efi/stub.c +++ b/src/boot/efi/stub.c @@ -18,6 +18,7 @@ #include "util.h" #include "pefile.h" +#include "disk.h" #include "graphics.h" #include "splash.h" #include "linux.h" @@ -46,6 +47,7 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { UINTN szs[ELEMENTSOF(sections)-1] = {}; CHAR8 *cmdline = NULL; UINTN cmdline_len; + CHAR16 uuid[37]; EFI_STATUS err; InitializeLib(image, sys_table); @@ -99,6 +101,10 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { cmdline = line; } + /* export the device path this image is started from */ + if (disk_get_part_uuid(loaded_image->DeviceHandle, uuid) == EFI_SUCCESS) + efivar_set(L"LoaderDevicePartUUID", uuid, FALSE); + if (szs[3] > 0) graphics_splash((UINT8 *)((UINTN)loaded_image->ImageBase + addrs[3]), szs[3], NULL); diff --git a/src/libsystemd/sd-netlink/netlink-message.c b/src/libsystemd/sd-netlink/netlink-message.c index b0ed2f2882..3ba62a6be9 100644 --- a/src/libsystemd/sd-netlink/netlink-message.c +++ b/src/libsystemd/sd-netlink/netlink-message.c @@ -262,6 +262,24 @@ int sd_netlink_message_append_string(sd_netlink_message *m, unsigned short type, return 0; } +int sd_netlink_message_append_flag(sd_netlink_message *m, unsigned short type) { + size_t size; + int r; + + assert_return(m, -EINVAL); + assert_return(!m->sealed, -EPERM); + + r = message_attribute_has_type(m, &size, type, NETLINK_TYPE_FLAG); + if (r < 0) + return r; + + r = add_rtattr(m, type, NULL, 0); + if (r < 0) + return r; + + return 0; +} + int sd_netlink_message_append_u8(sd_netlink_message *m, unsigned short type, uint8_t data) { int r; diff --git a/src/libsystemd/sd-netlink/netlink-types.c b/src/libsystemd/sd-netlink/netlink-types.c index 1e747abb24..2128329191 100644 --- a/src/libsystemd/sd-netlink/netlink-types.c +++ b/src/libsystemd/sd-netlink/netlink-types.c @@ -117,20 +117,30 @@ static const NLType rtnl_link_info_data_vlan_types[IFLA_VLAN_MAX + 1] = { }; static const NLType rtnl_link_info_data_vxlan_types[IFLA_VXLAN_MAX+1] = { - [IFLA_VXLAN_ID] = { .type = NETLINK_TYPE_U32 }, - [IFLA_VXLAN_GROUP] = { .type = NETLINK_TYPE_IN_ADDR }, - [IFLA_VXLAN_LINK] = { .type = NETLINK_TYPE_U32 }, - [IFLA_VXLAN_LOCAL] = { .type = NETLINK_TYPE_U32}, - [IFLA_VXLAN_TTL] = { .type = NETLINK_TYPE_U8 }, - [IFLA_VXLAN_TOS] = { .type = NETLINK_TYPE_U8 }, - [IFLA_VXLAN_LEARNING] = { .type = NETLINK_TYPE_U8 }, - [IFLA_VXLAN_AGEING] = { .type = NETLINK_TYPE_U32 }, - [IFLA_VXLAN_LIMIT] = { .type = NETLINK_TYPE_U32 }, - [IFLA_VXLAN_PORT_RANGE] = { .type = NETLINK_TYPE_U32}, - [IFLA_VXLAN_PROXY] = { .type = NETLINK_TYPE_U8 }, - [IFLA_VXLAN_RSC] = { .type = NETLINK_TYPE_U8 }, - [IFLA_VXLAN_L2MISS] = { .type = NETLINK_TYPE_U8 }, - [IFLA_VXLAN_L3MISS] = { .type = NETLINK_TYPE_U8 }, + [IFLA_VXLAN_ID] = { .type = NETLINK_TYPE_U32 }, + [IFLA_VXLAN_GROUP] = { .type = NETLINK_TYPE_IN_ADDR }, + [IFLA_VXLAN_LINK] = { .type = NETLINK_TYPE_U32 }, + [IFLA_VXLAN_LOCAL] = { .type = NETLINK_TYPE_U32}, + [IFLA_VXLAN_TTL] = { .type = NETLINK_TYPE_U8 }, + [IFLA_VXLAN_TOS] = { .type = NETLINK_TYPE_U8 }, + [IFLA_VXLAN_LEARNING] = { .type = NETLINK_TYPE_U8 }, + [IFLA_VXLAN_AGEING] = { .type = NETLINK_TYPE_U32 }, + [IFLA_VXLAN_LIMIT] = { .type = NETLINK_TYPE_U32 }, + [IFLA_VXLAN_PORT_RANGE] = { .type = NETLINK_TYPE_U32}, + [IFLA_VXLAN_PROXY] = { .type = NETLINK_TYPE_U8 }, + [IFLA_VXLAN_RSC] = { .type = NETLINK_TYPE_U8 }, + [IFLA_VXLAN_L2MISS] = { .type = NETLINK_TYPE_U8 }, + [IFLA_VXLAN_L3MISS] = { .type = NETLINK_TYPE_U8 }, + [IFLA_VXLAN_PORT] = { .type = NETLINK_TYPE_U16 }, + [IFLA_VXLAN_GROUP6] = { .type = NETLINK_TYPE_IN_ADDR }, + [IFLA_VXLAN_LOCAL6] = { .type = NETLINK_TYPE_IN_ADDR }, + [IFLA_VXLAN_UDP_CSUM] = { .type = NETLINK_TYPE_U8 }, + [IFLA_VXLAN_UDP_ZERO_CSUM6_TX] = { .type = NETLINK_TYPE_U8 }, + [IFLA_VXLAN_UDP_ZERO_CSUM6_RX] = { .type = NETLINK_TYPE_U8 }, + [IFLA_VXLAN_REMCSUM_TX] = { .type = NETLINK_TYPE_U8 }, + [IFLA_VXLAN_REMCSUM_RX] = { .type = NETLINK_TYPE_U8 }, + [IFLA_VXLAN_GBP] = { .type = NETLINK_TYPE_FLAG }, + [IFLA_VXLAN_REMCSUM_NOPARTIAL] = { .type = NETLINK_TYPE_FLAG }, }; static const NLType rtnl_bond_arp_target_types[BOND_ARP_TARGETS_MAX + 1] = { diff --git a/src/libsystemd/sd-netlink/netlink-types.h b/src/libsystemd/sd-netlink/netlink-types.h index 758ffad1b7..bf7c641541 100644 --- a/src/libsystemd/sd-netlink/netlink-types.h +++ b/src/libsystemd/sd-netlink/netlink-types.h @@ -28,6 +28,7 @@ enum { NETLINK_TYPE_U32, /* NLA_U32 */ NETLINK_TYPE_U64, /* NLA_U64 */ NETLINK_TYPE_STRING, /* NLA_STRING */ + NETLINK_TYPE_FLAG, /* NLA_FLAG */ NETLINK_TYPE_IN_ADDR, NETLINK_TYPE_ETHER_ADDR, NETLINK_TYPE_CACHE_INFO, diff --git a/src/network/networkd-netdev-gperf.gperf b/src/network/networkd-netdev-gperf.gperf index 7e46293a06..9469160eba 100644 --- a/src/network/networkd-netdev-gperf.gperf +++ b/src/network/networkd-netdev-gperf.gperf @@ -54,6 +54,7 @@ VXLAN.UDPCheckSum, config_parse_bool, 0, VXLAN.UDP6ZeroCheckSumRx, config_parse_bool, 0, offsetof(VxLan, udp6zerocsumrx) VXLAN.UDP6ZeroCheckSumTx, config_parse_bool, 0, offsetof(VxLan, udp6zerocsumtx) VXLAN.FDBAgeingSec, config_parse_sec, 0, offsetof(VxLan, fdb_ageing) +VXLAN.GroupPolicyExtension, config_parse_bool, 0, offsetof(VxLan, group_policy) Tun.OneQueue, config_parse_bool, 0, offsetof(TunTap, one_queue) Tun.MultiQueue, config_parse_bool, 0, offsetof(TunTap, multi_queue) Tun.PacketInfo, config_parse_bool, 0, offsetof(TunTap, packet_info) diff --git a/src/network/networkd-netdev-tunnel.c b/src/network/networkd-netdev-tunnel.c index 7fd9ef584b..265e67b7e3 100644 --- a/src/network/networkd-netdev-tunnel.c +++ b/src/network/networkd-netdev-tunnel.c @@ -404,12 +404,6 @@ int config_parse_tunnel_address(const char *unit, return 0; } -static const char* const ipv6_flowlabel_table[_NETDEV_IPV6_FLOWLABEL_MAX] = { - [NETDEV_IPV6_FLOWLABEL_INHERIT] = "inherit", -}; - -DEFINE_STRING_TABLE_LOOKUP(ipv6_flowlabel, IPv6FlowLabel); - int config_parse_ipv6_flowlabel(const char* unit, const char *filename, unsigned line, @@ -422,7 +416,6 @@ int config_parse_ipv6_flowlabel(const char* unit, void *userdata) { IPv6FlowLabel *ipv6_flowlabel = data; Tunnel *t = userdata; - IPv6FlowLabel s; int k = 0; int r; @@ -431,12 +424,11 @@ int config_parse_ipv6_flowlabel(const char* unit, assert(rvalue); assert(ipv6_flowlabel); - s = ipv6_flowlabel_from_string(rvalue); - if (s != _NETDEV_IPV6_FLOWLABEL_INVALID) { + if (streq(rvalue, "inherit")) { *ipv6_flowlabel = IP6_FLOWINFO_FLOWLABEL; t->flags |= IP6_TNL_F_USE_ORIG_FLOWLABEL; } else { - r = config_parse_unsigned(unit, filename, line, section, section_line, lvalue, ltype, rvalue, &k, userdata); + r = config_parse_int(unit, filename, line, section, section_line, lvalue, ltype, rvalue, &k, userdata); if (r >= 0) { if (k > 0xFFFFF) log_syntax(unit, LOG_ERR, filename, line, k, "Failed to parse IPv6 flowlabel option, ignoring: %s", rvalue); diff --git a/src/network/networkd-netdev-tunnel.h b/src/network/networkd-netdev-tunnel.h index 1fd2b94ae1..e4fa74aef4 100644 --- a/src/network/networkd-netdev-tunnel.h +++ b/src/network/networkd-netdev-tunnel.h @@ -45,6 +45,7 @@ struct Tunnel { uint8_t encap_limit; int family; + int ipv6_flowlabel; unsigned ttl; unsigned tos; @@ -54,7 +55,6 @@ struct Tunnel { union in_addr_union remote; Ip6TnlMode ip6tnl_mode; - IPv6FlowLabel ipv6_flowlabel; bool pmtudisc; bool copy_dscp; @@ -90,9 +90,6 @@ int config_parse_tunnel_address(const char *unit, void *data, void *userdata); -const char *ipv6_flowlabel_to_string(IPv6FlowLabel d) _const_; -IPv6FlowLabel ipv6_flowlabel_from_string(const char *d) _pure_; - int config_parse_ipv6_flowlabel(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, diff --git a/src/network/networkd-netdev-vxlan.c b/src/network/networkd-netdev-vxlan.c index 2a5c5f0baa..2518e2732b 100644 --- a/src/network/networkd-netdev-vxlan.c +++ b/src/network/networkd-netdev-vxlan.c @@ -3,7 +3,7 @@ /*** This file is part of systemd. - Copyright 2014 Susant Sahani <susant@redhat.com> + Copyright 2014 Susant Sahani systemd is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by @@ -101,6 +101,12 @@ static int netdev_vxlan_fill_message_create(NetDev *netdev, Link *link, sd_netli if (r < 0) return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_UDP_ZERO_CSUM6_RX attribute: %m"); + if (v->group_policy) { + r = sd_netlink_message_append_flag(m, IFLA_VXLAN_GBP); + if (r < 0) + return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_GBP attribute: %m"); + } + return r; } diff --git a/src/network/networkd-netdev-vxlan.h b/src/network/networkd-netdev-vxlan.h index e7d1306f13..4ec33946cc 100644 --- a/src/network/networkd-netdev-vxlan.h +++ b/src/network/networkd-netdev-vxlan.h @@ -50,6 +50,7 @@ struct VxLan { bool udpcsum; bool udp6zerocsumtx; bool udp6zerocsumrx; + bool group_policy; }; extern const NetDevVTable vxlan_vtable; diff --git a/src/network/networkd-wait-online-manager.c b/src/network/networkd-wait-online-manager.c index 1fc724f5a4..112d92a568 100644 --- a/src/network/networkd-wait-online-manager.c +++ b/src/network/networkd-wait-online-manager.c @@ -38,9 +38,15 @@ bool manager_ignore_link(Manager *m, Link *link) { assert(m); assert(link); + /* always ignore the loopback interface */ if (link->flags & IFF_LOOPBACK) return true; + /* if interfaces are given on the command line, ignore all others */ + if (m->interfaces && !strv_contains(m->interfaces, link->ifname)) + return true; + + /* ignore interfaces we explicitly are asked to ignore */ STRV_FOREACH(ignore, m->ignore) if (fnmatch(*ignore, link->ifname, 0) == 0) return true; @@ -77,7 +83,7 @@ bool manager_all_configured(Manager *m) { return false; } - if (streq(l->state, "configuring")) { + if (STR_IN_SET(l->state, "configuring", "pending")) { log_debug("link %s is being processed by networkd", l->ifname); return false; diff --git a/src/systemd/sd-netlink.h b/src/systemd/sd-netlink.h index 24a9ed8e77..cb462bf48f 100644 --- a/src/systemd/sd-netlink.h +++ b/src/systemd/sd-netlink.h @@ -69,6 +69,7 @@ int sd_netlink_attach_event(sd_netlink *nl, sd_event *e, int priority); int sd_netlink_detach_event(sd_netlink *nl); int sd_netlink_message_append_string(sd_netlink_message *m, unsigned short type, const char *data); +int sd_netlink_message_append_flag(sd_netlink_message *m, unsigned short type); int sd_netlink_message_append_u8(sd_netlink_message *m, unsigned short type, uint8_t data); int sd_netlink_message_append_u16(sd_netlink_message *m, unsigned short type, uint16_t data); int sd_netlink_message_append_u32(sd_netlink_message *m, unsigned short type, uint32_t data); |