Age | Commit message (Collapse) | Author |
|
The new implementation will not allow passing the same values more than
once, so clean up first.
|
|
|
|
This adds a DNSSEC= setting to .network files, and makes resolved honour
them.
|
|
|
|
GLIB has recently started to officially support the gcc cleanup
attribute in its public API, hence let's do the same for our APIs.
With this patch we'll define an xyz_unrefp() call for each public
xyz_unref() call, to make it easy to use inside a
__attribute__((cleanup())) expression. Then, all code is ported over to
make use of this.
The new calls are also documented in the man pages, with examples how to
use them (well, I only added docs where the _unref() call itself already
had docs, and the examples, only cover sd_bus_unrefp() and
sd_event_unrefp()).
This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we
tend to call our destructors these days.
Note that this defines no public macro that wraps gcc's attribute and
makes it easier to use. While I think it's our duty in the library to
make our stuff easy to use, I figure it's not our duty to make gcc's own
features easy to use on its own. Most likely, client code which wants to
make use of this should define its own:
#define _cleanup_(function) __attribute__((cleanup(function)))
Or similar, to make the gcc feature easier to use.
Making this logic public has the benefit that we can remove three header
files whose only purpose was to define these functions internally.
See #2008.
|
|
Commit 5e5b137a (networkd: link - drop foreign config when configuring
link) introduced a regression where addresses (including 127.0.0.1) are
removed from loopback device.
Do not handle loopback device when removing foreign configs.
Signed-off-by: Christian Hesse <mail@eworm.de>
|
|
This regressed during the port to extract_first_word in c598ac76
(v228).
CID #1338083
|
|
This reverts commit 23f186494cf041107896fc4bd7fc5b8f921fd79f.
The bug has now been fixed, so we can go back to managing this ourselves.
|
|
|
|
There is still a bug in the userspace version, so temporarily revert this.
This is a work-around for issue #1866.
|
|
This ensures that several DHCPv6 clients can run on separate interfaces
simultaneously.
|
|
The ndisc client may trigger the dhcpv6 client to be started (this is the common case),
so we should allocate the dhcpv6 client whenever we allocate the ndisc one.
|
|
The clients may be triggered to be started repeatedly without being stopped first,
simply swallow the error rather than failing the link.
|
|
When deserializing we can now have an attached network without the various clients yet
having been configured. Hence, don't misused the link->network as a check to determine
if a link is ready to be used, but check the state explicitly.
|
|
As it turns out the kernel does not support per-interface IPv6 packet
forwarding controls (unlike as it does for IPv4), but only supports a
global option (#1597). Also, the current per-interface management of the
setting isn't really useful, as you want it to propagate to at least one
more interface than the one you configure it on. This created much grief
(#1411, #1808).
Hence, let's roll this logic back and simplify this again, so that we
can expose the same behaviour on IPv4 and IPv6 and things start to work
automatically again for most folks: if a network with this setting set
is set up we propagate the setting into the global setting, but this is
strictly one-way: we never reset it again, and we do nothing for network
interfaces where this setting is not enabled.
Fixes: #1808, #1597.
|
|
Move check whether ipv6 is available into link_ipv6_privacy_extensions()
to keep it as internal and early as possible.
Always check if there's a network attached to a link before we apply
sysctls. We do this for most of the sysctl functions already, with this
change we do it for all.
|
|
We really should use %i for ints, and %u for unsigneds, and be careful
what we pick depending on the type we want to print.
|
|
With this change, the idiom:
r = write_string_file(p, buf, 0);
if (r < 0) {
if (verify_one_line_file(p, buf) > 0)
r = 0;
}
gets reduced to:
r = write_string_file(p, buf, WRITE_STRING_FILE_VERIFY_ON_FAILURE);
i.e. when writing the string fails and the new flag
WRITE_STRING_FILE_VERIFY_ON_FAILURE is specified we'll not return a
failure immediately, but check the contents of the file. If it matches
what we wanted to write we suppress the error and exit cleanly.
|
|
This is a change in behavior:
Before we would never remove any state, only add to it, we now drop unwanted
state from any link the moment we start managing it.
Note however, that we still will not remove any foreign state added at runtime,
to avoid any feedback loops. However, we make no guarantees about coexisting
with third-party tools that change the state of the links we manage.
|
|
|
|
This is managed by the kernel, but we should track whether or not we have
a configured IPv6LL address. This fixes two issues:
- we now wait for IPv6LL before considering the link ready
- we now wait for IPv6LL before attempting to do NDisc or DHCPv6
these protocols relies on an LL address being available.
|
|
Router Discovery is a core part of IPv6, which by default is handled by the kernel.
However, the kernel implementation is meant as a fall-back, and to fully support
the protocol a userspace implementation is desired.
The protocol essentially listens for Router Advertisement packets from routers
on the local link and use these to configure the client automatically. The four
main pieces of information are: what kind (if any) of DHCPv6 configuration should
be performed; a default gateway; the prefixes that should be considered to be on
the local link; and the prefixes with which we can preform SLAAC in order to pick
a global IPv6 address.
A lot of additional information is also available, which we do not yet fully
support, but which will eventually allow us to avoid the need for DHCPv6 in the
common case.
Short-term, the reason for wanting this is in userspace was the desire to fully
track all the addresses on links we manage, and that is not possible for addresses
managed by the kernel (as the kernel does not expose to us the fact that it
manages these addresses). Moreover, we would like to support stable privacy
addresses, which will soon be mandated and the legacy MAC-based global addresses
deprecated, to do this well we need to handle the generation in userspace. Lastly,
more long-term we wish to support more RA options than what the kernel exposes.
|
|
The previous behavior:
When DHCPv6 was enabled, router discover was performed first, and then DHCPv6 was
enabled only if the relevant flags were passed in the Router Advertisement message.
Moreover, router discovery was performed even if AcceptRouterAdvertisements=false,
moreover, even if router advertisements were accepted (by the kernel) the flags
indicating that DHCPv6 should be performed were ignored.
New behavior:
If RouterAdvertisements are accepted, and either no routers are found, or an
advertisement is received indicating DHCPv6 should be performed, the DHCPv6
client is started. Moreover, the DHCP option now truly enables the DHCPv6
client regardless of router discovery (though it will probably not be
very useful to get a lease withotu any routes, this seems the more consistent
approach).
The recommended default setting should be to set DHCP=ipv4 and to leave
IPv6AcceptRouterAdvertisements unset.
|
|
This patch adds support to configure IPV6 hop limit.
For example:
/proc/sys/net/ipv6/conf/wlp3s0/hop_limit
|
|
networkd: (de)serialize more state and support expiring routes
|
|
|
|
This should really live in the kernel, but the netlink API currently
does not support it. Until support has been added, expire the route
from userspace.
|
|
|
|
This initializes the clients to try rebinding the preexisting
addresses before doing anything else.
|
|
For now only deserialize some basic state and the applied addresses.
When a link is added, try to deserialize it's state from /run. This
is relevant only when networkd is restarted at runtime.
|
|
|
|
|
|
Freeing a link removes it both from addresses and addresses_foreign,
causing SIGSEGV if one of the sets is freed.
|
|
|
|
|
|
|
|
There are more than enough to deserve their own .c file, hence move them
over.
|
|
Refer to Router Discovery rather than ICMPv6.
|
|
|
|
|
|
Every time the state is written out we may trigger third-party apps, so
let's be a bit more careful about writing this out unnecessarily.
|
|
|
|
We only keep the addresses that we added ourselves in link->addresses, and
introduce a new set link->addresses_foreign to keep addresses of unknown
origin.
Only functional change is that "foreign" addresses no longer prevent a link
from entering "configured" state.
|
|
These functions are almost entirely the same, so avoid duplication.
|
|
We were considering a link configured whilst its IPv6 addresses were still
tentative.
Fixes issue #650.
|
|
Configures Ipv6 Duplicate Address Detection.
10
|
|
networkd/libsystemd-network: collection of trivial patches v2
|
|
With the previous description it wasn't clear that the
kernel default is being described.
Add link to kernel docs.
|
|
Checks that a given address is not tentative nor deprecated.
|
|
No need to expose these functions, but rather call them from address_{add,drop}.
|