diff options
Diffstat (limited to 'src/grp-network/systemd-networkd')
7 files changed, 466 insertions, 0 deletions
diff --git a/src/grp-network/systemd-networkd/networkd.c b/src/grp-network/systemd-networkd/networkd.c new file mode 100644 index 0000000000..9f5c75ac3d --- /dev/null +++ b/src/grp-network/systemd-networkd/networkd.c @@ -0,0 +1,139 @@ +/*** + This file is part of systemd. + + Copyright 2013 Tom Gundersen <teg@jklm.no> + + systemd is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation; either version 2.1 of the License, or + (at your option) any later version. + + systemd is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with systemd; If not, see <http://www.gnu.org/licenses/>. +***/ + +#include <systemd/sd-daemon.h> + +#include "capability-util.h" +#include "networkd.h" +#include "networkd-conf.h" +#include "signal-util.h" +#include "user-util.h" + +int main(int argc, char *argv[]) { + _cleanup_manager_free_ Manager *m = NULL; + const char *user = "systemd-network"; + uid_t uid; + gid_t gid; + int r; + + log_set_target(LOG_TARGET_AUTO); + log_parse_environment(); + log_open(); + + umask(0022); + + if (argc != 1) { + log_error("This program takes no arguments."); + r = -EINVAL; + goto out; + } + + r = get_user_creds(&user, &uid, &gid, NULL, NULL); + if (r < 0) { + log_error_errno(r, "Cannot resolve user name %s: %m", user); + goto out; + } + + /* Always create the directories people can create inotify + * watches in. */ + r = mkdir_safe_label("/run/systemd/netif", 0755, uid, gid); + if (r < 0) + log_warning_errno(r, "Could not create runtime directory: %m"); + + r = mkdir_safe_label("/run/systemd/netif/links", 0755, uid, gid); + if (r < 0) + log_warning_errno(r, "Could not create runtime directory 'links': %m"); + + r = mkdir_safe_label("/run/systemd/netif/leases", 0755, uid, gid); + if (r < 0) + log_warning_errno(r, "Could not create runtime directory 'leases': %m"); + + r = mkdir_safe_label("/run/systemd/netif/lldp", 0755, uid, gid); + if (r < 0) + log_warning_errno(r, "Could not create runtime directory 'lldp': %m"); + + r = drop_privileges(uid, gid, + (1ULL << CAP_NET_ADMIN) | + (1ULL << CAP_NET_BIND_SERVICE) | + (1ULL << CAP_NET_BROADCAST) | + (1ULL << CAP_NET_RAW)); + if (r < 0) + goto out; + + assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGTERM, SIGINT, -1) >= 0); + + r = manager_new(&m); + if (r < 0) { + log_error_errno(r, "Could not create manager: %m"); + goto out; + } + + r = manager_connect_bus(m); + if (r < 0) { + log_error_errno(r, "Could not connect to bus: %m"); + goto out; + } + + r = manager_parse_config_file(m); + if (r < 0) + log_warning_errno(r, "Failed to parse configuration file: %m"); + + r = manager_load_config(m); + if (r < 0) { + log_error_errno(r, "Could not load configuration files: %m"); + goto out; + } + + r = manager_rtnl_enumerate_links(m); + if (r < 0) { + log_error_errno(r, "Could not enumerate links: %m"); + goto out; + } + + r = manager_rtnl_enumerate_addresses(m); + if (r < 0) { + log_error_errno(r, "Could not enumerate addresses: %m"); + goto out; + } + + r = manager_rtnl_enumerate_routes(m); + if (r < 0) { + log_error_errno(r, "Could not enumerate routes: %m"); + goto out; + } + + log_info("Enumeration completed"); + + sd_notify(false, + "READY=1\n" + "STATUS=Processing requests..."); + + r = manager_run(m); + if (r < 0) { + log_error_errno(r, "Event loop failed: %m"); + goto out; + } + +out: + sd_notify(false, + "STOPPING=1\n" + "STATUS=Shutting down..."); + + return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS; +} diff --git a/src/grp-network/systemd-networkd/networkd.h b/src/grp-network/systemd-networkd/networkd.h new file mode 100644 index 0000000000..b61e03920e --- /dev/null +++ b/src/grp-network/systemd-networkd/networkd.h @@ -0,0 +1,112 @@ +#pragma once + +/*** + This file is part of systemd. + + Copyright 2013 Tom Gundersen <teg@jklm.no> + + systemd is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation; either version 2.1 of the License, or + (at your option) any later version. + + systemd is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with systemd; If not, see <http://www.gnu.org/licenses/>. +***/ + +#include <arpa/inet.h> + +#include <systemd/sd-bus.h> +#include <systemd/sd-event.h> +#include <systemd/sd-netlink.h> +#include "udev.h" + +#include "dhcp-identifier.h" +#include "hashmap.h" +#include "list.h" + +#include "networkd-address-pool.h" +#include "networkd-link.h" +#include "networkd-netdev-bond.h" +#include "networkd-netdev-bridge.h" +#include "networkd-netdev-dummy.h" +#include "networkd-netdev-ipvlan.h" +#include "networkd-netdev-macvlan.h" +#include "networkd-netdev-tunnel.h" +#include "networkd-netdev-tuntap.h" +#include "networkd-netdev-veth.h" +#include "networkd-netdev-vlan.h" +#include "networkd-netdev-vxlan.h" +#include "networkd-network.h" +#include "networkd-util.h" + +extern const char* const network_dirs[]; + +struct Manager { + sd_netlink *rtnl; + sd_event *event; + sd_event_source *bus_retry_event_source; + sd_bus *bus; + sd_bus_slot *prepare_for_sleep_slot; + struct udev *udev; + struct udev_monitor *udev_monitor; + sd_event_source *udev_event_source; + + bool enumerating:1; + bool dirty:1; + + Set *dirty_links; + + char *state_file; + LinkOperationalState operational_state; + + Hashmap *links; + Hashmap *netdevs; + Hashmap *networks_by_name; + LIST_HEAD(Network, networks); + LIST_HEAD(AddressPool, address_pools); + + usec_t network_dirs_ts_usec; + + DUID duid; +}; + +static inline const DUID* link_duid(const Link *link) { + if (link->network->duid.type != _DUID_TYPE_INVALID) + return &link->network->duid; + else + return &link->manager->duid; +} + +extern const sd_bus_vtable manager_vtable[]; + +int manager_new(Manager **ret); +void manager_free(Manager *m); + +int manager_connect_bus(Manager *m); +int manager_run(Manager *m); + +int manager_load_config(Manager *m); +bool manager_should_reload(Manager *m); + +int manager_rtnl_enumerate_links(Manager *m); +int manager_rtnl_enumerate_addresses(Manager *m); +int manager_rtnl_enumerate_routes(Manager *m); + +int manager_rtnl_process_address(sd_netlink *nl, sd_netlink_message *message, void *userdata); +int manager_rtnl_process_route(sd_netlink *nl, sd_netlink_message *message, void *userdata); + +int manager_send_changed(Manager *m, const char *property, ...) _sentinel_; +void manager_dirty(Manager *m); + +int manager_address_pool_acquire(Manager *m, int family, unsigned prefixlen, union in_addr_union *found); + +Link* manager_find_uplink(Manager *m, Link *exclude); + +DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_free); +#define _cleanup_manager_free_ _cleanup_(manager_freep) diff --git a/src/grp-network/systemd-networkd/org.freedesktop.network1.conf b/src/grp-network/systemd-networkd/org.freedesktop.network1.conf new file mode 100644 index 0000000000..52dad33668 --- /dev/null +++ b/src/grp-network/systemd-networkd/org.freedesktop.network1.conf @@ -0,0 +1,42 @@ +<?xml version="1.0"?> <!--*-nxml-*--> +<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" + "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> + +<!-- + This file is part of systemd. + + systemd is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation; either version 2.1 of the License, or + (at your option) any later version. +--> + +<busconfig> + + <policy user="systemd-network"> + <allow own="org.freedesktop.network1"/> + <allow send_destination="org.freedesktop.network1"/> + <allow receive_sender="org.freedesktop.network1"/> + </policy> + + <policy context="default"> + <deny send_destination="org.freedesktop.network1"/> + + <allow send_destination="org.freedesktop.network1" + send_interface="org.freedesktop.DBus.Introspectable"/> + + <allow send_destination="org.freedesktop.network1" + send_interface="org.freedesktop.DBus.Peer"/> + + <allow send_destination="org.freedesktop.network1" + send_interface="org.freedesktop.DBus.Properties" + send_member="Get"/> + + <allow send_destination="org.freedesktop.network1" + send_interface="org.freedesktop.DBus.Properties" + send_member="GetAll"/> + + <allow receive_sender="org.freedesktop.network1"/> + </policy> + +</busconfig> diff --git a/src/grp-network/systemd-networkd/org.freedesktop.network1.service b/src/grp-network/systemd-networkd/org.freedesktop.network1.service new file mode 100644 index 0000000000..bea885fe53 --- /dev/null +++ b/src/grp-network/systemd-networkd/org.freedesktop.network1.service @@ -0,0 +1,12 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[D-BUS Service] +Name=org.freedesktop.network1 +Exec=/bin/false +User=root +SystemdService=dbus-org.freedesktop.network1.service diff --git a/src/grp-network/systemd-networkd/systemd-networkd.service.m4.in b/src/grp-network/systemd-networkd/systemd-networkd.service.m4.in new file mode 100644 index 0000000000..27d4d58962 --- /dev/null +++ b/src/grp-network/systemd-networkd/systemd-networkd.service.m4.in @@ -0,0 +1,37 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Network Service +Documentation=man:systemd-networkd.service(8) +ConditionCapability=CAP_NET_ADMIN +DefaultDependencies=no +# dbus.service can be dropped once on kdbus, and systemd-udevd.service can be +# dropped once tuntap is moved to netlink +After=systemd-udevd.service dbus.service network-pre.target systemd-sysusers.service systemd-sysctl.service +Before=network.target multi-user.target shutdown.target +Conflicts=shutdown.target +Wants=network.target + +# On kdbus systems we pull in the busname explicitly, because it +# carries policy that allows the daemon to acquire its name. +Wants=org.freedesktop.network1.busname +After=org.freedesktop.network1.busname + +[Service] +Type=notify +Restart=on-failure +RestartSec=0 +ExecStart=@rootlibexecdir@/systemd-networkd +CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER +ProtectSystem=full +ProtectHome=yes +WatchdogSec=3min + +[Install] +WantedBy=multi-user.target +Also=systemd-networkd.socket diff --git a/src/grp-network/systemd-networkd/systemd-networkd.service.xml b/src/grp-network/systemd-networkd/systemd-networkd.service.xml new file mode 100644 index 0000000000..0bfe5519bc --- /dev/null +++ b/src/grp-network/systemd-networkd/systemd-networkd.service.xml @@ -0,0 +1,103 @@ +<?xml version='1.0'?> <!--*-nxml-*--> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> + +<!-- + This file is part of systemd. + + Copyright 2013 Tom Gundersen + + systemd is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation; either version 2.1 of the License, or + (at your option) any later version. + + systemd is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with systemd; If not, see <http://www.gnu.org/licenses/>. +--> + +<refentry id="systemd-networkd.service" conditional='ENABLE_NETWORKD'> + + <refentryinfo> + <title>systemd-networkd.service</title> + <productname>systemd</productname> + + <authorgroup> + <author> + <contrib>Developer</contrib> + <firstname>Tom</firstname> + <surname>Gundersen</surname> + <email>teg@jklm.no</email> + </author> + </authorgroup> + </refentryinfo> + + <refmeta> + <refentrytitle>systemd-networkd.service</refentrytitle> + <manvolnum>8</manvolnum> + </refmeta> + + <refnamediv> + <refname>systemd-networkd.service</refname> + <refname>systemd-networkd</refname> + <refpurpose>Network manager</refpurpose> + </refnamediv> + + <refsynopsisdiv> + <para><filename>systemd-networkd.service</filename></para> + <para><filename>/usr/lib/systemd/systemd-networkd</filename></para> + </refsynopsisdiv> + + <refsect1> + <title>Description</title> + + <para><command>systemd-networkd</command> is a system service that + manages networks. It detects and configures network devices as + they appear, as well as creating virtual network devices.</para> + + <para>To configure low-level link settings independently of + networks, see + <citerefentry><refentrytitle>systemd.link</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para> + + <para>Network configurations applied before networkd is started + are not removed, and static configuration applied by networkd is + not removed when networkd exits. Dynamic configuration applied by + networkd may also optionally be left in place on shutdown. This + ensures restarting networkd does not cut the network connection, + and, in particular, that it is safe to transition between the + initrd and the real root, and back.</para> + </refsect1> + + <refsect1><title>Configuration Files</title> + <para>The configuration files are read from the files located in the + system network directory <filename>/usr/lib/systemd/network</filename>, + the volatile runtime network directory + <filename>/run/systemd/network</filename> and the local administration + network directory <filename>/etc/systemd/network</filename>.</para> + + <para>Networks are configured in <filename>.network</filename> + files, see + <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>, + and virtual network devices are configured in + <filename>.netdev</filename> files, see + <citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>. + </para> + </refsect1> + + <refsect1> + <title>See Also</title> + <para> + <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd.link</refentrytitle><manvolnum>5</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd-networkd-wait-online.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> + </para> + </refsect1> + +</refentry> diff --git a/src/grp-network/systemd-networkd/systemd-networkd.socket b/src/grp-network/systemd-networkd/systemd-networkd.socket new file mode 100644 index 0000000000..9e4e9dd338 --- /dev/null +++ b/src/grp-network/systemd-networkd/systemd-networkd.socket @@ -0,0 +1,21 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Network Service Netlink Socket +Documentation=man:systemd-networkd.service(8) man:rtnetlink(7) +ConditionCapability=CAP_NET_ADMIN +DefaultDependencies=no +Before=sockets.target + +[Socket] +ReceiveBuffer=8M +ListenNetlink=route 1361 +PassCredentials=yes + +[Install] +WantedBy=sockets.target |