[systemd-devel] [PATCH 1/3] sd-rtnl: Always enable IFA_FLAGS
IFA_FLAGS is a discrete value and has no preprocessor #define defined for it. Fix this by always using the value. --- src/libsystemd/sd-rtnl/rtnl-types.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/libsystemd/sd-rtnl/rtnl-types.c b/src/libsystemd/sd-rtnl/rtnl-types.c index bf7278f..5ae4790 100644 --- a/src/libsystemd/sd-rtnl/rtnl-types.c +++ b/src/libsystemd/sd-rtnl/rtnl-types.c @@ -358,9 +358,7 @@ static const NLType rtnl_address_types[IFA_MAX + 1] = { [IFA_ANYCAST], [IFA_MULTICAST], */ -#ifdef IFA_FLAGS [IFA_FLAGS] = { .type = NLA_U32 }, -#endif }; static const NLTypeSystem rtnl_address_type_system = { -- 2.1.4 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH 0/3] Let kernel handle prefix expiry
Hi, This patch set clears up the code related to prefix handling when setting IPv6 addresses from DHCPv6. Instead of explicitely tracking prefixes, instruct the kernel not to create routes based on the IPv6 address and its prefix length. The flag value to use is IFA_F_NOPREFIXROUTE, and as it is longer than the traditional eight bit rtnl flag value, these bigger flag values need to be set with the auxilliary IFA_FLAGS attribute. For completeness, keep on setting the lowermost eight bits in the rtnl flag as before. With this change more code dealing with Router Advertisment prefixes and their disappearance can be removed. I did not do that yet, though, as the code may still be useful in the future - let's see. Please review test, Patrik Patrik Flykt (3): sd-rtnl: Always enable IFA_FLAGS systemd-networkd: Use IFA_F_NOPREFIXROUTE with IPv6 addresses networkd-dhcp6: Do not handle prefix expiry src/libsystemd/sd-rtnl/rtnl-types.c | 2 -- src/network/networkd-address.c | 20 ++-- src/network/networkd-dhcp6.c| 46 - src/network/networkd-link.c | 4 +++- src/network/networkd.h | 2 +- 5 files changed, 26 insertions(+), 48 deletions(-) -- 2.1.4 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH 2/3] systemd-networkd: Use IFA_F_NOPREFIXROUTE with IPv6 addresses
The IFA_F_NOPREFIXROUTE flag prevents the kernel from creating new onlink prefixes when a DHCPv6 IPv6 address with a prefix length is set from user space. IPv6 routing will follow the onlink status from Router Advertisment Prefix Information options or any manually set route, which is the correct thing to do. As this flag has a larger value than what fits into an unsigned char, update the flag attribute to an uint32_t and set it with an IFA_FLAGS attribute when writing netlink messages to the kernel. --- src/network/networkd-address.c | 20 ++-- src/network/networkd-dhcp6.c | 4 +++- src/network/networkd-link.c| 4 +++- src/network/networkd.h | 2 +- 4 files changed, 25 insertions(+), 5 deletions(-) diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c index 255ff77..85acc49 100644 --- a/src/network/networkd-address.c +++ b/src/network/networkd-address.c @@ -209,10 +209,18 @@ int address_update(Address *address, Link *link, if (r 0) return log_error_errno(r, Could not set prefixlen: %m); -r = sd_rtnl_message_addr_set_flags(req, IFA_F_PERMANENT); +address-flags |= IFA_F_PERMANENT; + +r = sd_rtnl_message_addr_set_flags(req, address-flags 0xff); if (r 0) return log_error_errno(r, Could not set flags: %m); +if (address-flags ~0xff) { +r = sd_rtnl_message_append_u32(req, IFA_FLAGS, address-flags); +if (r 0) +return log_error_errno(r, Could not set extended flags: %m); +} + r = sd_rtnl_message_addr_set_scope(req, address-scope); if (r 0) return log_error_errno(r, Could not set scope: %m); @@ -335,10 +343,18 @@ int address_configure(Address *address, Link *link, if (r 0) return log_error_errno(r, Could not set prefixlen: %m); -r = sd_rtnl_message_addr_set_flags(req, IFA_F_PERMANENT); +address-flags |= IFA_F_PERMANENT; + +r = sd_rtnl_message_addr_set_flags(req, (address-flags 0xff)); if (r 0) return log_error_errno(r, Could not set flags: %m); +if (address-flags ~0xff) { +r = sd_rtnl_message_append_u32(req, IFA_FLAGS, address-flags); +if (r 0) +return log_error_errno(r, Could not set extended flags: %m); +} + r = sd_rtnl_message_addr_set_scope(req, address-scope); if (r 0) return log_error_errno(r, Could not set scope: %m); diff --git a/src/network/networkd-dhcp6.c b/src/network/networkd-dhcp6.c index bcfad4c..283a7d6 100644 --- a/src/network/networkd-dhcp6.c +++ b/src/network/networkd-dhcp6.c @@ -65,7 +65,9 @@ static int dhcp6_address_update(Link *link, struct in6_addr *ip6_addr, addr-family = AF_INET6; memcpy(addr-in_addr.in6, ip6_addr, sizeof(*ip6_addr)); -addr-prefixlen = prefixlen; + +addr-flags = IFA_F_NOPREFIXROUTE; +addr-prefixlen = 64; addr-cinfo.ifa_prefered = lifetime_preferred; addr-cinfo.ifa_valid = lifetime_valid; diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c index 842ca1c..437c598 100644 --- a/src/network/networkd-link.c +++ b/src/network/networkd-link.c @@ -1831,6 +1831,7 @@ int link_rtnl_process_address(sd_rtnl *rtnl, sd_rtnl_message *message, void *use Link *link = NULL; uint16_t type; _cleanup_address_free_ Address *address = NULL; +unsigned char flags; Address *existing; char buf[INET6_ADDRSTRLEN], valid_buf[FORMAT_TIMESPAN_MAX]; const char *valid_str = NULL; @@ -1894,11 +1895,12 @@ int link_rtnl_process_address(sd_rtnl *rtnl, sd_rtnl_message *message, void *use return 0; } -r = sd_rtnl_message_addr_get_flags(message, address-flags); +r = sd_rtnl_message_addr_get_flags(message, flags); if (r 0) { log_link_warning(link, rtnl: received address with invalid flags, ignoring); return 0; } +address-flags = flags; switch (address-family) { case AF_INET: diff --git a/src/network/networkd.h b/src/network/networkd.h index 8bdc2be..c26d64e 100644 --- a/src/network/networkd.h +++ b/src/network/networkd.h @@ -173,7 +173,7 @@ struct Address { int family; unsigned char prefixlen; unsigned char scope; -unsigned char flags; +uint32_t flags; char *label; struct in_addr broadcast; -- 2.1.4 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH 3/3] networkd-dhcp6: Do not handle prefix expiry
Expiring prefixes need not be handled anymore as the kernel has been instructed not to create routes for DHCPv6 assigned addresses via the IFA_F_NOPREFIXROUTE flag. --- src/network/networkd-dhcp6.c | 42 +- 1 file changed, 1 insertion(+), 41 deletions(-) diff --git a/src/network/networkd-dhcp6.c b/src/network/networkd-dhcp6.c index 283a7d6..e863f4b 100644 --- a/src/network/networkd-dhcp6.c +++ b/src/network/networkd-dhcp6.c @@ -86,42 +86,6 @@ static int dhcp6_address_update(Link *link, struct in6_addr *ip6_addr, return r; } -static int dhcp6_prefix_expired(Link *link) { -int r; -sd_dhcp6_lease *lease; -struct in6_addr *expired_prefix, ip6_addr; -uint8_t expired_prefixlen; -uint32_t lifetime_preferred, lifetime_valid; - -r = sd_icmp6_ra_get_expired_prefix(link-icmp6_router_discovery, -expired_prefix, expired_prefixlen); -if (r 0) -return r; - -r = sd_dhcp6_client_get_lease(link-dhcp6_client, lease); -if (r 0) -return r; - -sd_dhcp6_lease_reset_address_iter(lease); - -while (sd_dhcp6_lease_get_address(lease, ip6_addr, -lifetime_preferred, -lifetime_valid) = 0) { - -r = sd_icmp6_prefix_match(expired_prefix, expired_prefixlen, -ip6_addr); -if (r = 0) { -r = dhcp6_address_update(link, ip6_addr, 128, -lifetime_preferred, -lifetime_valid); - -return r; -} -} - -return 0; -} - static int dhcp6_lease_address_acquired(sd_dhcp6_client *client, Link *link) { int r; sd_dhcp6_lease *lease; @@ -310,6 +274,7 @@ static void icmp6_router_handler(sd_icmp6_nd *nd, int event, void *userdata) { switch(event) { case ICMP6_EVENT_ROUTER_ADVERTISMENT_NONE: +case ICMP6_EVENT_ROUTER_ADVERTISMENT_PREFIX_EXPIRED: return; case ICMP6_EVENT_ROUTER_ADVERTISMENT_TIMEOUT: @@ -319,11 +284,6 @@ static void icmp6_router_handler(sd_icmp6_nd *nd, int event, void *userdata) { break; -case ICMP6_EVENT_ROUTER_ADVERTISMENT_PREFIX_EXPIRED: -dhcp6_prefix_expired(link); - -break; - default: if (event 0) log_link_warning(link, ICMPv6 error: %s, -- 2.1.4 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [help] How to get systemd systemd-devel mailing list
Hi everybody. After enroll subsribing to systemd-devel, I got systemd-devel Digest mail. But I also want get normal mailing list. How I get mailing list? ex) [systemd-devel] [PATCH 0/3] Let kernel handle prefix expiry https://www.mail-archive.com/systemd-devel@lists.freedesktop.org/msg29496.html ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [help] How to get systemd systemd-devel mailing list
On Wed, Mar 25, 2015 at 5:30 PM, 임창근 asarabi8...@gmail.com wrote: Hi everybody. After enroll subsribing to systemd-devel, I got systemd-devel Digest mail. But I also want get normal mailing list. How I get mailing list? Visit the list options page http://lists.freedesktop.org/mailman/options/systemd-devel, log in with email+password, change Set Digest Mode to Off, click Submit changes. -- Mantas Mikulėnas graw...@gmail.com ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH] python-systemd: fix is_socket_inet to cope with ports
Just a couple of trivial oversights. --- src/python-systemd/_daemon.c | 2 +- src/python-systemd/daemon.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/python-systemd/_daemon.c b/src/python-systemd/_daemon.c index 65cfec7..7c5f1b2 100644 --- a/src/python-systemd/_daemon.c +++ b/src/python-systemd/_daemon.c @@ -225,7 +225,7 @@ static PyObject* is_socket_inet(PyObject *self, PyObject *args) { fd, family, type, listening, port)) return NULL; -if (port 0 || port INT16_MAX) { +if (port 0 || port UINT16_MAX) { set_error(-EINVAL, NULL, port must fit into uint16_t); return NULL; } diff --git a/src/python-systemd/daemon.py b/src/python-systemd/daemon.py index 1c386bb..82011ca 100644 --- a/src/python-systemd/daemon.py +++ b/src/python-systemd/daemon.py @@ -26,7 +26,7 @@ def is_socket(fileobj, family=_AF_UNSPEC, type=0, listening=-1): def is_socket_inet(fileobj, family=_AF_UNSPEC, type=0, listening=-1, port=0): fd = _convert_fileobj(fileobj) -return _is_socket_inet(fd, family, type, listening) +return _is_socket_inet(fd, family, type, listening, port) def is_socket_unix(fileobj, type=0, listening=-1, path=None): fd = _convert_fileobj(fileobj) -- 2.1.0 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH] networkd: fix systemd-networkd-wait-online with multiple NICs
From: mischief misch...@offblast.org when checking interface status, systemd-networkd-wait-online will continue to wait if any interface is still configuring or being processed by udev. this patch allows it to return if any one interface is degraded/routable, as per the manual. --- src/network/networkd-wait-online-manager.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/network/networkd-wait-online-manager.c b/src/network/networkd-wait-online-manager.c index 1c997a5..1ac162a 100644 --- a/src/network/networkd-wait-online-manager.c +++ b/src/network/networkd-wait-online-manager.c @@ -74,13 +74,13 @@ bool manager_all_configured(Manager *m) { if (!l-state) { log_debug(link %s has not yet been processed by udev, l-ifname); -return false; +continue; } if (streq(l-state, configuring)) { log_debug(link %s is being processed by networkd, l-ifname); -return false; +continue; } if (l-operational_state -- 2.0.5 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] SELinux labels on unix sockets
For the sock *file*, i would argue, that indeed the setfscreatecon is not strictly needed, and that the labeling for this can be taken care of by using type transition rules in the security policy as suggested. However for the socket classes associated with the process type, setsockcreatecon is required The socket activation selinux related aspect has two parts: 1. the socket associated with the process (setsockcreatecon()) 2. the actual socket file (setfscreatecon()) The latter (2) can, and should *probably* be removed. The setsockcreatecon() stuff should stay, and the setfscreatecon() stuff should *probably* go. -- 02DFF788 4D30 903A 1CF3 B756 FB48 1514 3148 83A2 02DF F788 http://keys.gnupg.net/pks/lookup?op=vindexsearch=0x314883A202DFF788 Dominick Grift pgpuyk4nWBLag.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] SELinux labels on unix sockets
On Wed, Mar 25, 2015 at 10:31:41PM +0100, Dominick Grift wrote: For the sock *file*, i would argue, that indeed the setfscreatecon is not strictly needed, and that the labeling for this can be taken care of by using type transition rules in the security policy as suggested. However for the socket classes associated with the process type, setsockcreatecon is required The socket activation selinux related aspect has two parts: 1. the socket associated with the process (setsockcreatecon()) 2. the actual socket file (setfscreatecon()) The latter (2) can, and should *probably* be removed. The setsockcreatecon() stuff should stay, and the setfscreatecon() stuff should *probably* go. Actually, come to think about it, it is not that simple and things should probably stay as they are. For multi level security configurations the proper security level must be associated with the sock file, and that cannot be specified with a type transition rule. It should stay the way it currently is. -- 02DFF788 4D30 903A 1CF3 B756 FB48 1514 3148 83A2 02DF F788 http://keys.gnupg.net/pks/lookup?op=vindexsearch=0x314883A202DFF788 Dominick Grift -- 02DFF788 4D30 903A 1CF3 B756 FB48 1514 3148 83A2 02DF F788 http://keys.gnupg.net/pks/lookup?op=vindexsearch=0x314883A202DFF788 Dominick Grift pgpzL_PeTYa_Q.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] systemd-networkd bridge doesn't work until switched to promiscous mode
On 02/11/2015 07:34 PM, Lennart Poettering wrote: On Wed, 11.02.15 17:48, Peter Lemenkov (lemen...@gmail.com) wrote: Hello All! I see that promiscous mode was discussed a few times before but I'm not sure if I found something new or not. I've got the following setup - a physical interface (enp1s0f0), which I wanted to add to the bridge (br0). My setup consists of the following files * br0.netdev: [NetDev] Name=br0 Kind=bridge * br0.network: [Match] Name=br0 [Network] Address=xx.yy.zz.27/27 Gateway=xx.yy.zz.17 * enp1s0f0.network: [Match] Name=enp1s0f0 [Network] Bridge=br0 So this looks pretty simple. Unfortunately it doesn't work. If I start pinging xx.yy.zz.17, then I see (using tcpdump) that the gateway even replies, and this reply was received at physical interface but br0 doesn't recognize it (and consequently ping didn't get a reply back). But if I change the br0 mode with ifconfig br0 promisc it starts receiving data. Is this a known issue? Or maybe I missed something in docs? Sounds like a kernel bug. Normally the bridge logic should turn on promisc mode automatically if this is needed. If this doesn't work this appears to be a kernel bug. That said, Tom might know more. Tom? Any updates on this? Any idea who's really to blame for that? Kernel? systemd-networkd? Seeing exactly the same issue on CentOS 7 here with a really simple bridge setup which looks more or less the same as the one above. It can be worked around temporarily (until the next reboot) using ip link set dev vmbridge promisc on Is there a better/cleaner way to permanently work around it? Couldn't find a way to set something like Promisc=On in a bridge's .netdev Using systemd-219 from https://copr.fedoraproject.org/coprs/lnykryn/systemd/ CentOS 7 runs Kernel 3.10.0-123.el7.x86_64 - Elias signature.asc Description: OpenPGP digital signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel