Compare commits

..

12 Commits

Author SHA1 Message Date
Daan De Meyer 61dbcae179 home: Prompt for auxiliary groups in homectl firstboot 2024-09-17 20:48:36 +02:00
Daan De Meyer 8be0135d40 Move show_menu() to terminal-utl.h 2024-09-17 20:48:21 +02:00
Michael Ferrari 91ea3dcf35 homed: wait for user input during firstboot
This mirrors the behavior of `systemd-firstboot` and allows bootup
messages to settle down before user input is actually processed.

See: https://github.com/systemd/systemd/issues/34448
2024-09-18 03:21:11 +09:00
PavlNekrasov d80a9042ca
Use correct error code in log message in output_waiting_jobs (#34404)
The error code `r` from the read function is being logged, but the error code `rc` from the table data insertion function should be logged instead.
2024-09-17 19:17:21 +09:00
Yu Watanabe a7afe5a3e7
Merge pull request #34443 from yuwata/network-sysctl-monitor-follow-ups
network/sysctl-monitor: several follow-ups and cleanups
2024-09-17 19:15:12 +09:00
Yu Watanabe 4d6ad22f8d network: drop unnecessary BPF related objects from Manager when disabled 2024-09-17 15:00:06 +09:00
Yu Watanabe 099ee34ca1 network/sysctl-monitor: do not allocate sysctl_shadow when eBPF is not supported
When eBPF is disabled, the hashmap will be never used. Let's not
allocate it.
2024-09-17 14:53:29 +09:00
Yu Watanabe a2fbe9f3f9 network/sysctl-monitor: fix use-after-free
Previously, manager_free() did not assign NULL to Manager.sysctl_shadow,
hence sysctl_clear_link_shadows() called by link_free() will causes
use-after-free. To fix the issue, this makes Manager.sysctl_shadow will be
set to NULL after it is freed,

Fixes a bug introduced by 6d9ef22acd.
2024-09-16 15:12:47 +09:00
Yu Watanabe 7c778cecdb network/sysctl: several cleanups for sysctl_add_monitor()
- rename rootcg -> root_cgroup_fd, to emphasize it is a fd,
- drop nested function call, and check error code.
2024-09-16 14:36:54 +09:00
Yu Watanabe 46718d344f bpf-link: introduce bpf_ring_buffer_free() and friends
Then, replace rb_free() in networkd.

Follow-up for 6d9ef22acd.
2024-09-16 14:36:54 +09:00
Yu Watanabe 9295c7ae09 network/sysctl: use wrapped free functions
No functional change, just refactoring.

Follow-up for 6d9ef22acd.
2024-09-16 14:36:54 +09:00
Yu Watanabe 41afafbf2a network/sysctl-monitor: fix sanity check in cut_last()
This also adds basic comment about the return code.

Follow-up for 6d9ef22acd.
2024-09-16 14:36:54 +09:00
14 changed files with 92 additions and 80 deletions

View File

@ -256,18 +256,23 @@ int ask_string(char **ret, const char *text, ...) {
return 0; return 0;
} }
bool press_any_key_to_proceed(void) { bool any_key_to_proceed(void) {
char k = 0; char key = 0;
bool need_nl = true; bool need_nl = true;
/*
* Insert a new line here as well as to when the user inputs, as this is also used during the
* boot up sequence when status messages may be interleaved with the current program output.
* This ensures that the status messages aren't appended on the same line as this message.
*/
puts("-- Press any key to proceed --"); puts("-- Press any key to proceed --");
(void) read_one_char(stdin, &k, USEC_INFINITY, &need_nl); (void) read_one_char(stdin, &key, USEC_INFINITY, &need_nl);
if (need_nl) if (need_nl)
putchar('\n'); putchar('\n');
return k != 'q'; return key != 'q';
} }
int show_menu(char **x, unsigned n_columns, unsigned width, unsigned percentage) { int show_menu(char **x, unsigned n_columns, unsigned width, unsigned percentage) {
@ -308,7 +313,7 @@ int show_menu(char **x, unsigned n_columns, unsigned width, unsigned percentage)
/* on the first screen we reserve 2 extra lines for the title */ /* on the first screen we reserve 2 extra lines for the title */
if (i % break_lines == break_modulo) { if (i % break_lines == break_modulo) {
if (!press_any_key_to_proceed()) if (!any_key_to_proceed())
return 0; return 0;
} }
} }

View File

@ -78,7 +78,7 @@ int chvt(int vt);
int read_one_char(FILE *f, char *ret, usec_t timeout, bool *need_nl); int read_one_char(FILE *f, char *ret, usec_t timeout, bool *need_nl);
int ask_char(char *ret, const char *replies, const char *text, ...) _printf_(3, 4); int ask_char(char *ret, const char *replies, const char *text, ...) _printf_(3, 4);
int ask_string(char **ret, const char *text, ...) _printf_(2, 3); int ask_string(char **ret, const char *text, ...) _printf_(2, 3);
bool press_any_key_to_proceed(void); bool any_key_to_proceed(void);
int show_menu(char **x, unsigned n_columns, unsigned width, unsigned percentage); int show_menu(char **x, unsigned n_columns, unsigned width, unsigned percentage);
int vt_disallocate(const char *name); int vt_disallocate(const char *name);

View File

@ -93,7 +93,6 @@ STATIC_DESTRUCTOR_REGISTER(arg_root_shell, freep);
STATIC_DESTRUCTOR_REGISTER(arg_kernel_cmdline, freep); STATIC_DESTRUCTOR_REGISTER(arg_kernel_cmdline, freep);
STATIC_DESTRUCTOR_REGISTER(arg_image_policy, image_policy_freep); STATIC_DESTRUCTOR_REGISTER(arg_image_policy, image_policy_freep);
static void print_welcome(int rfd) { static void print_welcome(int rfd) {
_cleanup_free_ char *pretty_name = NULL, *os_name = NULL, *ansi_color = NULL; _cleanup_free_ char *pretty_name = NULL, *os_name = NULL, *ansi_color = NULL;
static bool done = false; static bool done = false;
@ -128,7 +127,7 @@ static void print_welcome(int rfd) {
printf("\nPlease configure your system!\n\n"); printf("\nPlease configure your system!\n\n");
press_any_key_to_proceed(); any_key_to_proceed();
done = true; done = true;
} }

View File

@ -2434,6 +2434,8 @@ static int create_interactively(void) {
return 0; return 0;
} }
any_key_to_proceed();
r = acquire_bus(&bus); r = acquire_bus(&bus);
if (r < 0) if (r < 0)
return r; return r;

View File

@ -36,23 +36,22 @@ struct str {
static long cut_last(u32 i, struct str *str) { static long cut_last(u32 i, struct str *str) {
char *s; char *s;
/* Sanity check for the preverifier */
if (i >= str->l)
return 1; /* exit from the loop */
i = str->l - i - 1; i = str->l - i - 1;
s = str->s + i; s = str->s + i;
/* Sanity check for the preverifier */
if (i >= str->l)
return 1;
if (*s == 0) if (*s == 0)
return 0; return 0; /* continue */
if (*s == '\n' || *s == '\r' || *s == ' ' || *s == '\t') { if (*s == '\n' || *s == '\r' || *s == ' ' || *s == '\t') {
*s = 0; *s = 0;
return 0; /* continue */
return 0;
} }
return 1; return 1; /* exit from the loop */
} }
/* Cut off trailing whitespace and newlines */ /* Cut off trailing whitespace and newlines */

View File

@ -221,7 +221,7 @@ int link_set_ipv6ll_stable_secret(Link *link) {
} }
return sysctl_write_ip_property(AF_INET6, link->ifname, "stable_secret", return sysctl_write_ip_property(AF_INET6, link->ifname, "stable_secret",
IN6_ADDR_TO_STRING(&a), &link->manager->sysctl_shadow); IN6_ADDR_TO_STRING(&a), manager_get_sysctl_shadow(link->manager));
} }
int link_set_ipv6ll_addrgen_mode(Link *link, IPv6LinkLocalAddressGenMode mode) { int link_set_ipv6ll_addrgen_mode(Link *link, IPv6LinkLocalAddressGenMode mode) {
@ -232,7 +232,7 @@ int link_set_ipv6ll_addrgen_mode(Link *link, IPv6LinkLocalAddressGenMode mode) {
if (mode == link->ipv6ll_address_gen_mode) if (mode == link->ipv6ll_address_gen_mode)
return 0; return 0;
return sysctl_write_ip_property_uint32(AF_INET6, link->ifname, "addr_gen_mode", mode, &link->manager->sysctl_shadow); return sysctl_write_ip_property_uint32(AF_INET6, link->ifname, "addr_gen_mode", mode, manager_get_sysctl_shadow(link->manager));
} }
static const char* const ipv6_link_local_address_gen_mode_table[_IPV6_LINK_LOCAL_ADDRESS_GEN_MODE_MAX] = { static const char* const ipv6_link_local_address_gen_mode_table[_IPV6_LINK_LOCAL_ADDRESS_GEN_MODE_MAX] = {

View File

@ -604,7 +604,9 @@ int manager_new(Manager **ret, bool test_mode) {
.duid_product_uuid.type = DUID_TYPE_UUID, .duid_product_uuid.type = DUID_TYPE_UUID,
.dhcp_server_persist_leases = true, .dhcp_server_persist_leases = true,
.ip_forwarding = { -1, -1, }, .ip_forwarding = { -1, -1, },
#if HAVE_VMLINUX_H
.cgroup_fd = -EBADF, .cgroup_fd = -EBADF,
#endif
}; };
*ret = TAKE_PTR(m); *ret = TAKE_PTR(m);
@ -624,8 +626,6 @@ Manager* manager_free(Manager *m) {
HASHMAP_FOREACH(link, m->links_by_index) HASHMAP_FOREACH(link, m->links_by_index)
(void) link_stop_engines(link, true); (void) link_stop_engines(link, true);
hashmap_free(m->sysctl_shadow);
m->request_queue = ordered_set_free(m->request_queue); m->request_queue = ordered_set_free(m->request_queue);
m->remove_request_queue = ordered_set_free(m->remove_request_queue); m->remove_request_queue = ordered_set_free(m->remove_request_queue);

View File

@ -122,12 +122,14 @@ struct Manager {
/* sysctl */ /* sysctl */
int ip_forwarding[2]; int ip_forwarding[2];
#if HAVE_VMLINUX_H
Hashmap *sysctl_shadow; Hashmap *sysctl_shadow;
sd_event_source *sysctl_event_source; sd_event_source *sysctl_event_source;
struct ring_buffer *sysctl_buffer; struct ring_buffer *sysctl_buffer;
struct sysctl_monitor_bpf *sysctl_skel; struct sysctl_monitor_bpf *sysctl_skel;
struct bpf_link *sysctl_link; struct bpf_link *sysctl_link;
int cgroup_fd; int cgroup_fd;
#endif
}; };
int manager_new(Manager **ret, bool test_mode); int manager_new(Manager **ret, bool test_mode);
@ -150,4 +152,12 @@ int manager_set_timezone(Manager *m, const char *timezone);
int manager_reload(Manager *m, sd_bus_message *message); int manager_reload(Manager *m, sd_bus_message *message);
static inline Hashmap** manager_get_sysctl_shadow(Manager *manager) {
#if HAVE_VMLINUX_H
return &ASSERT_PTR(manager)->sysctl_shadow;
#else
return NULL;
#endif
}
DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_free); DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_free);

View File

@ -987,7 +987,7 @@ static int ndisc_router_process_reachable_time(Link *link, sd_ndisc_router *rt)
} }
/* Set the reachable time for Neighbor Solicitations. */ /* Set the reachable time for Neighbor Solicitations. */
r = sysctl_write_ip_neighbor_property_uint32(AF_INET6, link->ifname, "base_reachable_time_ms", (uint32_t) msec, &link->manager->sysctl_shadow); r = sysctl_write_ip_neighbor_property_uint32(AF_INET6, link->ifname, "base_reachable_time_ms", (uint32_t) msec, manager_get_sysctl_shadow(link->manager));
if (r < 0) if (r < 0)
log_link_warning_errno(link, r, "Failed to apply neighbor reachable time (%"PRIu64"), ignoring: %m", msec); log_link_warning_errno(link, r, "Failed to apply neighbor reachable time (%"PRIu64"), ignoring: %m", msec);
@ -1021,7 +1021,7 @@ static int ndisc_router_process_retransmission_time(Link *link, sd_ndisc_router
} }
/* Set the retransmission time for Neighbor Solicitations. */ /* Set the retransmission time for Neighbor Solicitations. */
r = sysctl_write_ip_neighbor_property_uint32(AF_INET6, link->ifname, "retrans_time_ms", (uint32_t) msec, &link->manager->sysctl_shadow); r = sysctl_write_ip_neighbor_property_uint32(AF_INET6, link->ifname, "retrans_time_ms", (uint32_t) msec, manager_get_sysctl_shadow(link->manager));
if (r < 0) if (r < 0)
log_link_warning_errno(link, r, "Failed to apply neighbor retransmission time (%"PRIu64"), ignoring: %m", msec); log_link_warning_errno(link, r, "Failed to apply neighbor retransmission time (%"PRIu64"), ignoring: %m", msec);
@ -1057,7 +1057,7 @@ static int ndisc_router_process_hop_limit(Link *link, sd_ndisc_router *rt) {
if (hop_limit <= 0) if (hop_limit <= 0)
return 0; return 0;
r = sysctl_write_ip_property_uint32(AF_INET6, link->ifname, "hop_limit", (uint32_t) hop_limit, &link->manager->sysctl_shadow); r = sysctl_write_ip_property_uint32(AF_INET6, link->ifname, "hop_limit", (uint32_t) hop_limit, manager_get_sysctl_shadow(link->manager));
if (r < 0) if (r < 0)
log_link_warning_errno(link, r, "Failed to apply hop_limit (%u), ignoring: %m", hop_limit); log_link_warning_errno(link, r, "Failed to apply hop_limit (%u), ignoring: %m", hop_limit);

View File

@ -34,13 +34,7 @@ static struct sysctl_monitor_bpf* sysctl_monitor_bpf_free(struct sysctl_monitor_
return NULL; return NULL;
} }
static struct ring_buffer* rb_free(struct ring_buffer *rb) {
sym_ring_buffer__free(rb);
return NULL;
}
DEFINE_TRIVIAL_CLEANUP_FUNC(struct sysctl_monitor_bpf *, sysctl_monitor_bpf_free); DEFINE_TRIVIAL_CLEANUP_FUNC(struct sysctl_monitor_bpf *, sysctl_monitor_bpf_free);
DEFINE_TRIVIAL_CLEANUP_FUNC(struct ring_buffer *, rb_free);
static int sysctl_event_handler(void *ctx, void *data, size_t data_sz) { static int sysctl_event_handler(void *ctx, void *data, size_t data_sz) {
struct sysctl_write_event *we = ASSERT_PTR(data); struct sysctl_write_event *we = ASSERT_PTR(data);
@ -99,10 +93,10 @@ static int on_ringbuf_io(sd_event_source *s, int fd, uint32_t revents, void *use
int sysctl_add_monitor(Manager *manager) { int sysctl_add_monitor(Manager *manager) {
_cleanup_(sysctl_monitor_bpf_freep) struct sysctl_monitor_bpf *obj = NULL; _cleanup_(sysctl_monitor_bpf_freep) struct sysctl_monitor_bpf *obj = NULL;
_cleanup_(bpf_link_freep) struct bpf_link *sysctl_link = NULL; _cleanup_(bpf_link_freep) struct bpf_link *sysctl_link = NULL;
_cleanup_(rb_freep) struct ring_buffer *sysctl_buffer = NULL; _cleanup_(bpf_ring_buffer_freep) struct ring_buffer *sysctl_buffer = NULL;
_cleanup_close_ int cgroup_fd = -EBADF, rootcg = -EBADF; _cleanup_close_ int cgroup_fd = -EBADF, root_cgroup_fd = -EBADF;
_cleanup_free_ char *cgroup = NULL; _cleanup_free_ char *cgroup = NULL;
int idx = 0, r; int idx = 0, r, fd;
assert(manager); assert(manager);
@ -116,9 +110,9 @@ int sysctl_add_monitor(Manager *manager) {
if (r < 0) if (r < 0)
return log_warning_errno(r, "Failed to get cgroup path, ignoring: %m."); return log_warning_errno(r, "Failed to get cgroup path, ignoring: %m.");
rootcg = cg_path_open(SYSTEMD_CGROUP_CONTROLLER, "/"); root_cgroup_fd = cg_path_open(SYSTEMD_CGROUP_CONTROLLER, "/");
if (rootcg < 0) if (root_cgroup_fd < 0)
return log_warning_errno(rootcg, "Failed to open cgroup, ignoring: %m."); return log_warning_errno(root_cgroup_fd, "Failed to open cgroup, ignoring: %m.");
obj = sysctl_monitor_bpf__open_and_load(); obj = sysctl_monitor_bpf__open_and_load();
if (!obj) { if (!obj) {
@ -133,21 +127,27 @@ int sysctl_add_monitor(Manager *manager) {
if (sym_bpf_map_update_elem(sym_bpf_map__fd(obj->maps.cgroup_map), &idx, &cgroup_fd, BPF_ANY)) if (sym_bpf_map_update_elem(sym_bpf_map__fd(obj->maps.cgroup_map), &idx, &cgroup_fd, BPF_ANY))
return log_warning_errno(errno, "Failed to update cgroup map: %m"); return log_warning_errno(errno, "Failed to update cgroup map: %m");
sysctl_link = sym_bpf_program__attach_cgroup(obj->progs.sysctl_monitor, rootcg); sysctl_link = sym_bpf_program__attach_cgroup(obj->progs.sysctl_monitor, root_cgroup_fd);
r = bpf_get_error_translated(sysctl_link); r = bpf_get_error_translated(sysctl_link);
if (r < 0) { if (r < 0) {
log_info_errno(r, "Unable to attach sysctl monitor BPF program to cgroup, ignoring: %m."); log_info_errno(r, "Unable to attach sysctl monitor BPF program to cgroup, ignoring: %m.");
return 0; return 0;
} }
sysctl_buffer = sym_ring_buffer__new( fd = sym_bpf_map__fd(obj->maps.written_sysctls);
sym_bpf_map__fd(obj->maps.written_sysctls), if (fd < 0)
sysctl_event_handler, &manager->sysctl_shadow, NULL); return log_warning_errno(fd, "Failed to get fd of sysctl maps: %m");
sysctl_buffer = sym_ring_buffer__new(fd, sysctl_event_handler, &manager->sysctl_shadow, NULL);
if (!sysctl_buffer) if (!sysctl_buffer)
return log_warning_errno(errno, "Failed to create ring buffer: %m"); return log_warning_errno(errno, "Failed to create ring buffer: %m");
fd = sym_ring_buffer__epoll_fd(sysctl_buffer);
if (fd < 0)
return log_warning_errno(fd, "Failed to get poll fd of ring buffer: %m");
r = sd_event_add_io(manager->event, &manager->sysctl_event_source, r = sd_event_add_io(manager->event, &manager->sysctl_event_source,
sym_ring_buffer__epoll_fd(sysctl_buffer), EPOLLIN, on_ringbuf_io, sysctl_buffer); fd, EPOLLIN, on_ringbuf_io, sysctl_buffer);
if (r < 0) if (r < 0)
return log_warning_errno(r, "Failed to watch sysctl event ringbuffer: %m"); return log_warning_errno(r, "Failed to watch sysctl event ringbuffer: %m");
@ -163,23 +163,11 @@ void sysctl_remove_monitor(Manager *manager) {
assert(manager); assert(manager);
manager->sysctl_event_source = sd_event_source_disable_unref(manager->sysctl_event_source); manager->sysctl_event_source = sd_event_source_disable_unref(manager->sysctl_event_source);
manager->sysctl_buffer = bpf_ring_buffer_free(manager->sysctl_buffer);
if (manager->sysctl_buffer) { manager->sysctl_link = bpf_link_free(manager->sysctl_link);
sym_ring_buffer__free(manager->sysctl_buffer); manager->sysctl_skel = sysctl_monitor_bpf_free(manager->sysctl_skel);
manager->sysctl_buffer = NULL;
}
if (manager->sysctl_link) {
sym_bpf_link__destroy(manager->sysctl_link);
manager->sysctl_link = NULL;
}
if (manager->sysctl_skel) {
sysctl_monitor_bpf__destroy(manager->sysctl_skel);
manager->sysctl_skel = NULL;
}
manager->cgroup_fd = safe_close(manager->cgroup_fd); manager->cgroup_fd = safe_close(manager->cgroup_fd);
manager->sysctl_shadow = hashmap_free(manager->sysctl_shadow);
} }
int sysctl_clear_link_shadows(Link *link) { int sysctl_clear_link_shadows(Link *link) {
@ -222,13 +210,13 @@ static void manager_set_ip_forwarding(Manager *manager, int family) {
return; /* keep */ return; /* keep */
/* First, set the default value. */ /* First, set the default value. */
r = sysctl_write_ip_property_boolean(family, "default", "forwarding", t, &manager->sysctl_shadow); r = sysctl_write_ip_property_boolean(family, "default", "forwarding", t, manager_get_sysctl_shadow(manager));
if (r < 0) if (r < 0)
log_warning_errno(r, "Failed to %s the default %s forwarding: %m", log_warning_errno(r, "Failed to %s the default %s forwarding: %m",
enable_disable(t), af_to_ipv4_ipv6(family)); enable_disable(t), af_to_ipv4_ipv6(family));
/* Then, set the value to all interfaces. */ /* Then, set the value to all interfaces. */
r = sysctl_write_ip_property_boolean(family, "all", "forwarding", t, &manager->sysctl_shadow); r = sysctl_write_ip_property_boolean(family, "all", "forwarding", t, manager_get_sysctl_shadow(manager));
if (r < 0) if (r < 0)
log_warning_errno(r, "Failed to %s %s forwarding for all interfaces: %m", log_warning_errno(r, "Failed to %s %s forwarding for all interfaces: %m",
enable_disable(t), af_to_ipv4_ipv6(family)); enable_disable(t), af_to_ipv4_ipv6(family));
@ -273,7 +261,7 @@ static int link_update_ipv6_sysctl(Link *link) {
if (!link_ipv6_enabled(link)) if (!link_ipv6_enabled(link))
return 0; return 0;
return sysctl_write_ip_property_boolean(AF_INET6, link->ifname, "disable_ipv6", false, &link->manager->sysctl_shadow); return sysctl_write_ip_property_boolean(AF_INET6, link->ifname, "disable_ipv6", false, manager_get_sysctl_shadow(link->manager));
} }
static int link_set_proxy_arp(Link *link) { static int link_set_proxy_arp(Link *link) {
@ -286,7 +274,7 @@ static int link_set_proxy_arp(Link *link) {
if (link->network->proxy_arp < 0) if (link->network->proxy_arp < 0)
return 0; return 0;
return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "proxy_arp", link->network->proxy_arp > 0, &link->manager->sysctl_shadow); return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "proxy_arp", link->network->proxy_arp > 0, manager_get_sysctl_shadow(link->manager));
} }
static int link_set_proxy_arp_pvlan(Link *link) { static int link_set_proxy_arp_pvlan(Link *link) {
@ -299,7 +287,7 @@ static int link_set_proxy_arp_pvlan(Link *link) {
if (link->network->proxy_arp_pvlan < 0) if (link->network->proxy_arp_pvlan < 0)
return 0; return 0;
return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "proxy_arp_pvlan", link->network->proxy_arp_pvlan > 0, &link->manager->sysctl_shadow); return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "proxy_arp_pvlan", link->network->proxy_arp_pvlan > 0, manager_get_sysctl_shadow(link->manager));
} }
int link_get_ip_forwarding(Link *link, int family) { int link_get_ip_forwarding(Link *link, int family) {
@ -341,7 +329,7 @@ static int link_set_ip_forwarding_impl(Link *link, int family) {
if (t < 0) if (t < 0)
return 0; /* keep */ return 0; /* keep */
r = sysctl_write_ip_property_boolean(family, link->ifname, "forwarding", t, &link->manager->sysctl_shadow); r = sysctl_write_ip_property_boolean(family, link->ifname, "forwarding", t, manager_get_sysctl_shadow(link->manager));
if (r < 0) if (r < 0)
return log_link_warning_errno(link, r, "Failed to %s %s forwarding, ignoring: %m", return log_link_warning_errno(link, r, "Failed to %s %s forwarding, ignoring: %m",
enable_disable(t), af_to_ipv4_ipv6(family)); enable_disable(t), af_to_ipv4_ipv6(family));
@ -418,7 +406,7 @@ static int link_set_ipv4_rp_filter(Link *link) {
if (link->network->ipv4_rp_filter < 0) if (link->network->ipv4_rp_filter < 0)
return 0; return 0;
return sysctl_write_ip_property_int(AF_INET, link->ifname, "rp_filter", link->network->ipv4_rp_filter, &link->manager->sysctl_shadow); return sysctl_write_ip_property_int(AF_INET, link->ifname, "rp_filter", link->network->ipv4_rp_filter, manager_get_sysctl_shadow(link->manager));
} }
static int link_set_ipv6_privacy_extensions(Link *link) { static int link_set_ipv6_privacy_extensions(Link *link) {
@ -438,7 +426,7 @@ static int link_set_ipv6_privacy_extensions(Link *link) {
if (val == IPV6_PRIVACY_EXTENSIONS_KERNEL) if (val == IPV6_PRIVACY_EXTENSIONS_KERNEL)
return 0; return 0;
return sysctl_write_ip_property_int(AF_INET6, link->ifname, "use_tempaddr", (int) val, &link->manager->sysctl_shadow); return sysctl_write_ip_property_int(AF_INET6, link->ifname, "use_tempaddr", (int) val, manager_get_sysctl_shadow(link->manager));
} }
static int link_set_ipv6_accept_ra(Link *link) { static int link_set_ipv6_accept_ra(Link *link) {
@ -448,7 +436,7 @@ static int link_set_ipv6_accept_ra(Link *link) {
if (!link_is_configured_for_family(link, AF_INET6)) if (!link_is_configured_for_family(link, AF_INET6))
return 0; return 0;
return sysctl_write_ip_property(AF_INET6, link->ifname, "accept_ra", "0", &link->manager->sysctl_shadow); return sysctl_write_ip_property(AF_INET6, link->ifname, "accept_ra", "0", manager_get_sysctl_shadow(link->manager));
} }
static int link_set_ipv6_dad_transmits(Link *link) { static int link_set_ipv6_dad_transmits(Link *link) {
@ -461,7 +449,7 @@ static int link_set_ipv6_dad_transmits(Link *link) {
if (link->network->ipv6_dad_transmits < 0) if (link->network->ipv6_dad_transmits < 0)
return 0; return 0;
return sysctl_write_ip_property_int(AF_INET6, link->ifname, "dad_transmits", link->network->ipv6_dad_transmits, &link->manager->sysctl_shadow); return sysctl_write_ip_property_int(AF_INET6, link->ifname, "dad_transmits", link->network->ipv6_dad_transmits, manager_get_sysctl_shadow(link->manager));
} }
static int link_set_ipv6_hop_limit(Link *link) { static int link_set_ipv6_hop_limit(Link *link) {
@ -474,7 +462,7 @@ static int link_set_ipv6_hop_limit(Link *link) {
if (link->network->ipv6_hop_limit <= 0) if (link->network->ipv6_hop_limit <= 0)
return 0; return 0;
return sysctl_write_ip_property_int(AF_INET6, link->ifname, "hop_limit", link->network->ipv6_hop_limit, &link->manager->sysctl_shadow); return sysctl_write_ip_property_int(AF_INET6, link->ifname, "hop_limit", link->network->ipv6_hop_limit, manager_get_sysctl_shadow(link->manager));
} }
static int link_set_ipv6_retransmission_time(Link *link) { static int link_set_ipv6_retransmission_time(Link *link) {
@ -493,7 +481,7 @@ static int link_set_ipv6_retransmission_time(Link *link) {
if (retrans_time_ms <= 0 || retrans_time_ms > UINT32_MAX) if (retrans_time_ms <= 0 || retrans_time_ms > UINT32_MAX)
return 0; return 0;
return sysctl_write_ip_neighbor_property_uint32(AF_INET6, link->ifname, "retrans_time_ms", retrans_time_ms, &link->manager->sysctl_shadow); return sysctl_write_ip_neighbor_property_uint32(AF_INET6, link->ifname, "retrans_time_ms", retrans_time_ms, manager_get_sysctl_shadow(link->manager));
} }
static int link_set_ipv6_proxy_ndp(Link *link) { static int link_set_ipv6_proxy_ndp(Link *link) {
@ -510,7 +498,7 @@ static int link_set_ipv6_proxy_ndp(Link *link) {
else else
v = !set_isempty(link->network->ipv6_proxy_ndp_addresses); v = !set_isempty(link->network->ipv6_proxy_ndp_addresses);
return sysctl_write_ip_property_boolean(AF_INET6, link->ifname, "proxy_ndp", v, &link->manager->sysctl_shadow); return sysctl_write_ip_property_boolean(AF_INET6, link->ifname, "proxy_ndp", v, manager_get_sysctl_shadow(link->manager));
} }
int link_set_ipv6_mtu(Link *link, int log_level) { int link_set_ipv6_mtu(Link *link, int log_level) {
@ -538,7 +526,7 @@ int link_set_ipv6_mtu(Link *link, int log_level) {
mtu = link->mtu; mtu = link->mtu;
} }
return sysctl_write_ip_property_uint32(AF_INET6, link->ifname, "mtu", mtu, &link->manager->sysctl_shadow); return sysctl_write_ip_property_uint32(AF_INET6, link->ifname, "mtu", mtu, manager_get_sysctl_shadow(link->manager));
} }
static int link_set_ipv4_accept_local(Link *link) { static int link_set_ipv4_accept_local(Link *link) {
@ -551,7 +539,7 @@ static int link_set_ipv4_accept_local(Link *link) {
if (link->network->ipv4_accept_local < 0) if (link->network->ipv4_accept_local < 0)
return 0; return 0;
return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "accept_local", link->network->ipv4_accept_local > 0, &link->manager->sysctl_shadow); return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "accept_local", link->network->ipv4_accept_local > 0, manager_get_sysctl_shadow(link->manager));
} }
static int link_set_ipv4_route_localnet(Link *link) { static int link_set_ipv4_route_localnet(Link *link) {
@ -564,7 +552,7 @@ static int link_set_ipv4_route_localnet(Link *link) {
if (link->network->ipv4_route_localnet < 0) if (link->network->ipv4_route_localnet < 0)
return 0; return 0;
return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "route_localnet", link->network->ipv4_route_localnet > 0, &link->manager->sysctl_shadow); return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "route_localnet", link->network->ipv4_route_localnet > 0, manager_get_sysctl_shadow(link->manager));
} }
static int link_set_ipv4_promote_secondaries(Link *link) { static int link_set_ipv4_promote_secondaries(Link *link) {
@ -579,7 +567,7 @@ static int link_set_ipv4_promote_secondaries(Link *link) {
* otherwise. The way systemd-networkd works is that the new IP of a lease is added as a * otherwise. The way systemd-networkd works is that the new IP of a lease is added as a
* secondary IP and when the primary one expires it relies on the kernel to promote the * secondary IP and when the primary one expires it relies on the kernel to promote the
* secondary IP. See also https://github.com/systemd/systemd/issues/7163 */ * secondary IP. See also https://github.com/systemd/systemd/issues/7163 */
return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "promote_secondaries", true, &link->manager->sysctl_shadow); return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "promote_secondaries", true, manager_get_sysctl_shadow(link->manager));
} }
int link_set_sysctl(Link *link) { int link_set_sysctl(Link *link) {

View File

@ -6,6 +6,7 @@
#include "sd-daemon.h" #include "sd-daemon.h"
#include "bpf-dlopen.h" #include "bpf-dlopen.h"
#include "bpf-link.h"
#include "build-path.h" #include "build-path.h"
#include "common-signal.h" #include "common-signal.h"
#include "env-util.h" #include "env-util.h"
@ -141,8 +142,7 @@ Manager* manager_free(Manager *m) {
#if HAVE_VMLINUX_H #if HAVE_VMLINUX_H
sd_event_source_disable_unref(m->userns_restrict_bpf_ring_buffer_event_source); sd_event_source_disable_unref(m->userns_restrict_bpf_ring_buffer_event_source);
if (m->userns_restrict_bpf_ring_buffer) bpf_ring_buffer_free(m->userns_restrict_bpf_ring_buffer);
sym_ring_buffer__free(m->userns_restrict_bpf_ring_buffer);
userns_restrict_bpf_free(m->userns_restrict_bpf); userns_restrict_bpf_free(m->userns_restrict_bpf);
#endif #endif

View File

@ -31,7 +31,7 @@ int bpf_serialize_link(FILE *f, FDSet *fds, const char *key, struct bpf_link *li
return serialize_fd(f, fds, key, sym_bpf_link__fd(link)); return serialize_fd(f, fds, key, sym_bpf_link__fd(link));
} }
struct bpf_link *bpf_link_free(struct bpf_link *link) { struct bpf_link* bpf_link_free(struct bpf_link *link) {
/* If libbpf wasn't dlopen()ed, sym_bpf_link__destroy might be unresolved (NULL), so let's not try to /* If libbpf wasn't dlopen()ed, sym_bpf_link__destroy might be unresolved (NULL), so let's not try to
* call it if link is NULL. link might also be a non-null "error pointer", but such a value can only * call it if link is NULL. link might also be a non-null "error pointer", but such a value can only
* originate from a call to libbpf, but that means that libbpf is available, and we can let * originate from a call to libbpf, but that means that libbpf is available, and we can let
@ -41,3 +41,10 @@ struct bpf_link *bpf_link_free(struct bpf_link *link) {
return NULL; return NULL;
} }
struct ring_buffer* bpf_ring_buffer_free(struct ring_buffer *rb) {
if (rb) /* See the comment in bpf_link_free(). */
sym_ring_buffer__free(rb);
return NULL;
}

View File

@ -12,5 +12,8 @@ bool bpf_can_link_program(struct bpf_program *prog);
int bpf_serialize_link(FILE *f, FDSet *fds, const char *key, struct bpf_link *link); int bpf_serialize_link(FILE *f, FDSet *fds, const char *key, struct bpf_link *link);
struct bpf_link *bpf_link_free(struct bpf_link *p); struct bpf_link* bpf_link_free(struct bpf_link *p);
DEFINE_TRIVIAL_CLEANUP_FUNC(struct bpf_link *, bpf_link_free); DEFINE_TRIVIAL_CLEANUP_FUNC(struct bpf_link *, bpf_link_free);
struct ring_buffer* bpf_ring_buffer_free(struct ring_buffer *rb);
DEFINE_TRIVIAL_CLEANUP_FUNC(struct ring_buffer *, bpf_ring_buffer_free);

View File

@ -28,17 +28,16 @@ static int output_waiting_jobs(sd_bus *bus, Table *table, uint32_t id, const cha
while ((r = sd_bus_message_read(reply, "(usssoo)", &other_id, &name, &type, NULL, NULL, NULL)) > 0) { while ((r = sd_bus_message_read(reply, "(usssoo)", &other_id, &name, &type, NULL, NULL, NULL)) > 0) {
_cleanup_free_ char *row = NULL; _cleanup_free_ char *row = NULL;
int rc;
if (asprintf(&row, "%s %u (%s/%s)", prefix, other_id, name, type) < 0) if (asprintf(&row, "%s %u (%s/%s)", prefix, other_id, name, type) < 0)
return log_oom(); return log_oom();
rc = table_add_many(table, r = table_add_many(table,
TABLE_STRING, special_glyph(SPECIAL_GLYPH_TREE_RIGHT), TABLE_STRING, special_glyph(SPECIAL_GLYPH_TREE_RIGHT),
TABLE_STRING, row, TABLE_STRING, row,
TABLE_EMPTY, TABLE_EMPTY,
TABLE_EMPTY); TABLE_EMPTY);
if (rc < 0) if (r < 0)
return table_log_add_error(r); return table_log_add_error(r);
} }