Compare commits
No commits in common. "7745379ea8c1d08ecde9ccd15af1a76cdac91cc5" and "2797d945d2c663120308b439957d8b4faf10707c" have entirely different histories.
7745379ea8
...
2797d945d2
|
|
@ -145,7 +145,7 @@ names for them in UIs.
|
|||
|
||||
## Links
|
||||
|
||||
[Boot Loader Specification](https://systemd.io/BOOT_LOADER_SPECIFICATION)<br>
|
||||
[Boot Loader Specification](https://systemd.io/BOOT_LOADER_INTERFACE)<br>
|
||||
[Discoverable Partitions Specification](https://systemd.io/DISCOVERABLE_PARTITIONS)<br>
|
||||
[systemd-boot(7)](https://www.freedesktop.org/software/systemd/man/systemd-boot.html)<br>
|
||||
[bootctl(1)](https://www.freedesktop.org/software/systemd/man/bootctl.html)<br>
|
||||
|
|
|
|||
|
|
@ -39,8 +39,10 @@ RoutingPolicyRule *routing_policy_rule_free(RoutingPolicyRule *rule) {
|
|||
}
|
||||
|
||||
if (rule->manager) {
|
||||
set_remove(rule->manager->rules, rule);
|
||||
set_remove(rule->manager->rules_foreign, rule);
|
||||
if (set_get(rule->manager->rules, rule) == rule)
|
||||
set_remove(rule->manager->rules, rule);
|
||||
if (set_get(rule->manager->rules_foreign, rule) == rule)
|
||||
set_remove(rule->manager->rules_foreign, rule);
|
||||
}
|
||||
|
||||
network_config_section_free(rule->section);
|
||||
|
|
@ -112,7 +114,7 @@ static int routing_policy_rule_new_static(Network *network, const char *filename
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int routing_policy_rule_copy(RoutingPolicyRule *dest, const RoutingPolicyRule *src) {
|
||||
static int routing_policy_rule_copy(RoutingPolicyRule *dest, RoutingPolicyRule *src) {
|
||||
_cleanup_free_ char *iif = NULL, *oif = NULL;
|
||||
|
||||
assert(dest);
|
||||
|
|
@ -304,7 +306,8 @@ DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
|
|||
routing_policy_rule_compare_func,
|
||||
routing_policy_rule_free);
|
||||
|
||||
static int routing_policy_rule_get(Manager *m, const RoutingPolicyRule *rule, RoutingPolicyRule **ret) {
|
||||
static int routing_policy_rule_get(Manager *m, RoutingPolicyRule *rule, RoutingPolicyRule **ret) {
|
||||
|
||||
RoutingPolicyRule *existing;
|
||||
|
||||
assert(m);
|
||||
|
|
@ -326,12 +329,12 @@ static int routing_policy_rule_get(Manager *m, const RoutingPolicyRule *rule, Ro
|
|||
return -ENOENT;
|
||||
}
|
||||
|
||||
static int routing_policy_rule_add(Manager *m, const RoutingPolicyRule *in, int family, RoutingPolicyRule **ret) {
|
||||
static int routing_policy_rule_add_internal(Manager *m, Set **rules, RoutingPolicyRule *in, int family, RoutingPolicyRule **ret) {
|
||||
_cleanup_(routing_policy_rule_freep) RoutingPolicyRule *rule = NULL;
|
||||
RoutingPolicyRule *existing;
|
||||
int r;
|
||||
|
||||
assert(m);
|
||||
assert(rules);
|
||||
assert(in);
|
||||
assert(IN_SET(family, AF_INET, AF_INET6));
|
||||
assert(in->family == AF_UNSPEC || in->family == family);
|
||||
|
|
@ -340,56 +343,33 @@ static int routing_policy_rule_add(Manager *m, const RoutingPolicyRule *in, int
|
|||
if (r < 0)
|
||||
return r;
|
||||
|
||||
rule->manager = m;
|
||||
|
||||
r = routing_policy_rule_copy(rule, in);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
rule->family = family;
|
||||
|
||||
r = routing_policy_rule_get(m, rule, &existing);
|
||||
if (r == -ENOENT) {
|
||||
/* Rule does not exist, use a new one. */
|
||||
r = set_ensure_put(&m->rules, &routing_policy_rule_hash_ops, rule);
|
||||
if (r < 0)
|
||||
return r;
|
||||
assert(r > 0);
|
||||
|
||||
rule->manager = m;
|
||||
existing = TAKE_PTR(rule);
|
||||
} else if (r == 0) {
|
||||
/* Take over a foreign rule. */
|
||||
r = set_ensure_put(&m->rules, &routing_policy_rule_hash_ops, existing);
|
||||
if (r < 0)
|
||||
return r;
|
||||
assert(r > 0);
|
||||
|
||||
set_remove(m->rules_foreign, existing);
|
||||
} else if (r == 1) {
|
||||
/* Already exists, do nothing. */
|
||||
;
|
||||
} else
|
||||
r = set_ensure_put(rules, &routing_policy_rule_hash_ops, rule);
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r == 0)
|
||||
return -EEXIST;
|
||||
|
||||
if (ret)
|
||||
*ret = existing;
|
||||
*ret = rule;
|
||||
|
||||
TAKE_PTR(rule);
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int routing_policy_rule_consume_foreign(Manager *m, RoutingPolicyRule *rule) {
|
||||
int r;
|
||||
static int routing_policy_rule_add(Manager *m, RoutingPolicyRule *rule, int family, RoutingPolicyRule **ret) {
|
||||
return routing_policy_rule_add_internal(m, &m->rules, rule, family, ret);
|
||||
}
|
||||
|
||||
assert(m);
|
||||
assert(rule);
|
||||
assert(IN_SET(rule->family, AF_INET, AF_INET6));
|
||||
|
||||
r = set_ensure_consume(&m->rules_foreign, &routing_policy_rule_hash_ops, rule);
|
||||
if (r <= 0)
|
||||
return r;
|
||||
|
||||
rule->manager = m;
|
||||
|
||||
return 1;
|
||||
static int routing_policy_rule_add_foreign(Manager *m, RoutingPolicyRule *rule, RoutingPolicyRule **ret) {
|
||||
return routing_policy_rule_add_internal(m, &m->rules_foreign, rule, rule->family, ret);
|
||||
}
|
||||
|
||||
static void log_routing_policy_rule_debug(const RoutingPolicyRule *rule, int family, const char *str, const Link *link) {
|
||||
|
|
@ -412,7 +392,7 @@ static void log_routing_policy_rule_debug(const RoutingPolicyRule *rule, int fam
|
|||
}
|
||||
}
|
||||
|
||||
static int routing_policy_rule_set_netlink_message(const RoutingPolicyRule *rule, sd_netlink_message *m, Link *link) {
|
||||
static int routing_policy_rule_set_netlink_message(RoutingPolicyRule *rule, sd_netlink_message *m, Link *link) {
|
||||
int r;
|
||||
|
||||
assert(rule);
|
||||
|
|
@ -545,7 +525,7 @@ static int routing_policy_rule_remove_handler(sd_netlink *rtnl, sd_netlink_messa
|
|||
return 1;
|
||||
}
|
||||
|
||||
static int routing_policy_rule_remove(const RoutingPolicyRule *rule, Manager *manager) {
|
||||
static int routing_policy_rule_remove(RoutingPolicyRule *rule, Manager *manager) {
|
||||
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
|
||||
int r;
|
||||
|
||||
|
|
@ -603,7 +583,7 @@ static int routing_policy_rule_handler(sd_netlink *rtnl, sd_netlink_message *m,
|
|||
return 1;
|
||||
}
|
||||
|
||||
static int routing_policy_rule_configure_internal(const RoutingPolicyRule *rule, int family, Link *link) {
|
||||
static int routing_policy_rule_configure_internal(RoutingPolicyRule *rule, int family, Link *link) {
|
||||
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
|
||||
int r;
|
||||
|
||||
|
|
@ -639,7 +619,7 @@ static int routing_policy_rule_configure_internal(const RoutingPolicyRule *rule,
|
|||
return 1;
|
||||
}
|
||||
|
||||
static int routing_policy_rule_configure(const RoutingPolicyRule *rule, Link *link) {
|
||||
static int routing_policy_rule_configure(RoutingPolicyRule *rule, Link *link) {
|
||||
int r;
|
||||
|
||||
if (IN_SET(rule->family, AF_INET, AF_INET6))
|
||||
|
|
@ -660,9 +640,8 @@ static int routing_policy_rule_configure(const RoutingPolicyRule *rule, Link *li
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int links_have_routing_policy_rule(const Manager *m, const RoutingPolicyRule *rule, const Link *except) {
|
||||
static bool links_have_routing_policy_rule(const Manager *m, const RoutingPolicyRule *rule, const Link *except) {
|
||||
Link *link;
|
||||
int r;
|
||||
|
||||
assert(m);
|
||||
assert(rule);
|
||||
|
|
@ -677,29 +656,8 @@ static int links_have_routing_policy_rule(const Manager *m, const RoutingPolicyR
|
|||
continue;
|
||||
|
||||
HASHMAP_FOREACH(link_rule, link->network->rules_by_section)
|
||||
if (IN_SET(link_rule->family, AF_INET, AF_INET6)) {
|
||||
if (routing_policy_rule_equal(link_rule, rule))
|
||||
return true;
|
||||
} else {
|
||||
/* The case Family=both. */
|
||||
_cleanup_(routing_policy_rule_freep) RoutingPolicyRule *tmp = NULL;
|
||||
|
||||
r = routing_policy_rule_new(&tmp);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = routing_policy_rule_copy(tmp, link_rule);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
tmp->family = AF_INET;
|
||||
if (routing_policy_rule_equal(tmp, rule))
|
||||
return true;
|
||||
|
||||
tmp->family = AF_INET6;
|
||||
if (routing_policy_rule_equal(tmp, rule))
|
||||
return true;
|
||||
}
|
||||
if (routing_policy_rule_equal(link_rule, rule))
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
|
|
@ -719,12 +677,8 @@ int manager_drop_routing_policy_rules_internal(Manager *m, bool foreign, const L
|
|||
continue;
|
||||
|
||||
/* The rule will be configured later, or already configured by a link. */
|
||||
k = links_have_routing_policy_rule(m, rule, except);
|
||||
if (k != 0) {
|
||||
if (k < 0 && r >= 0)
|
||||
r = k;
|
||||
if (links_have_routing_policy_rule(m, rule, except))
|
||||
continue;
|
||||
}
|
||||
|
||||
k = routing_policy_rule_remove(rule, m);
|
||||
if (k < 0 && r >= 0)
|
||||
|
|
@ -749,6 +703,20 @@ int link_set_routing_policy_rules(Link *link) {
|
|||
link->routing_policy_rules_configured = false;
|
||||
|
||||
HASHMAP_FOREACH(rule, link->network->rules_by_section) {
|
||||
RoutingPolicyRule *existing;
|
||||
|
||||
r = routing_policy_rule_get(link->manager, rule, &existing);
|
||||
if (r > 0)
|
||||
continue;
|
||||
if (r == 0) {
|
||||
r = set_ensure_put(&link->manager->rules, &routing_policy_rule_hash_ops, existing);
|
||||
if (r < 0)
|
||||
return log_link_warning_errno(link, r, "Could not store existing routing policy rule: %m");
|
||||
|
||||
set_remove(link->manager->rules_foreign, existing);
|
||||
continue;
|
||||
}
|
||||
|
||||
r = routing_policy_rule_configure(rule, link);
|
||||
if (r < 0)
|
||||
return log_link_warning_errno(link, r, "Could not set routing policy rule: %m");
|
||||
|
|
@ -979,9 +947,11 @@ int manager_rtnl_process_rule(sd_netlink *rtnl, sd_netlink_message *message, Man
|
|||
log_routing_policy_rule_debug(tmp, tmp->family, "Received remembered", NULL);
|
||||
else {
|
||||
log_routing_policy_rule_debug(tmp, tmp->family, "Remembering foreign", NULL);
|
||||
r = routing_policy_rule_consume_foreign(m, TAKE_PTR(tmp));
|
||||
if (r < 0)
|
||||
r = routing_policy_rule_add_foreign(m, tmp, &rule);
|
||||
if (r < 0) {
|
||||
log_warning_errno(r, "Could not remember foreign rule, ignoring: %m");
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
break;
|
||||
case RTM_DELRULE:
|
||||
|
|
@ -1579,13 +1549,8 @@ static int routing_policy_rule_section_verify(RoutingPolicyRule *rule) {
|
|||
"specified by To= or From=. Ignoring [RoutingPolicyRule] section from line %u.",
|
||||
rule->section->filename, rule->section->line);
|
||||
|
||||
if (rule->family == AF_UNSPEC) {
|
||||
if (IN_SET(rule->address_family, ADDRESS_FAMILY_IPV4, ADDRESS_FAMILY_NO))
|
||||
rule->family = AF_INET;
|
||||
else if (rule->address_family == ADDRESS_FAMILY_IPV6)
|
||||
rule->family = AF_INET6;
|
||||
/* rule->family can be AF_UNSPEC only when Family=both. */
|
||||
}
|
||||
if (rule->family == AF_UNSPEC && rule->address_family == ADDRESS_FAMILY_NO)
|
||||
rule->family = AF_INET;
|
||||
|
||||
/* Currently, [RoutingPolicyRule] does not have a setting to set FRA_L3MDEV flag. Please also
|
||||
* update routing_policy_rule_is_created_by_kernel() when a new setting which sets the flag is
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ OutgoingInterface=test1
|
|||
# iif
|
||||
[RoutingPolicyRule]
|
||||
Table=1011
|
||||
Family=both
|
||||
Family=ipv4
|
||||
Priority=10113
|
||||
IncomingInterface=test1
|
||||
|
||||
|
|
@ -1,33 +0,0 @@
|
|||
[Match]
|
||||
Name=test1
|
||||
|
||||
[Network]
|
||||
IPv6AcceptRA=no
|
||||
|
||||
# fwmark
|
||||
[RoutingPolicyRule]
|
||||
Table=1011
|
||||
Family=ipv4
|
||||
Priority=10111
|
||||
FirewallMark=1011
|
||||
|
||||
# oif
|
||||
[RoutingPolicyRule]
|
||||
Table=1011
|
||||
Family=both
|
||||
Priority=10112
|
||||
OutgoingInterface=test1
|
||||
|
||||
# iif
|
||||
[RoutingPolicyRule]
|
||||
Table=1011
|
||||
Family=ipv4
|
||||
Priority=10113
|
||||
IncomingInterface=test1
|
||||
|
||||
# source
|
||||
[RoutingPolicyRule]
|
||||
Table=1011
|
||||
Family=ipv4
|
||||
Priority=10114
|
||||
From=192.168.8.254
|
||||
|
|
@ -1800,8 +1800,7 @@ class NetworkdNetworkTests(unittest.TestCase, Utilities):
|
|||
'26-link-local-addressing-ipv6.network',
|
||||
'routing-policy-rule-dummy98.network',
|
||||
'routing-policy-rule-test1.network',
|
||||
'routing-policy-rule-reconfigure1.network',
|
||||
'routing-policy-rule-reconfigure2.network',
|
||||
'routing-policy-rule-reconfigure.network',
|
||||
]
|
||||
|
||||
routing_policy_rule_tables = ['7', '8', '9', '1011']
|
||||
|
|
@ -2085,65 +2084,37 @@ class NetworkdNetworkTests(unittest.TestCase, Utilities):
|
|||
stop_networkd(remove_state_files=False)
|
||||
|
||||
def test_routing_policy_rule_reconfigure(self):
|
||||
copy_unit_to_networkd_unit_path('routing-policy-rule-reconfigure2.network', '11-dummy.netdev')
|
||||
copy_unit_to_networkd_unit_path('routing-policy-rule-reconfigure.network', '11-dummy.netdev')
|
||||
start_networkd()
|
||||
self.wait_online(['test1:degraded'])
|
||||
|
||||
output = check_output('ip rule list table 1011')
|
||||
print(output)
|
||||
self.assertIn('10111: from all fwmark 0x3f3 lookup 1011', output)
|
||||
self.assertIn('10112: from all oif test1 lookup 1011', output)
|
||||
self.assertIn('10113: from all iif test1 lookup 1011', output)
|
||||
self.assertIn('10114: from 192.168.8.254 lookup 1011', output)
|
||||
|
||||
output = check_output('ip -6 rule list table 1011')
|
||||
print(output)
|
||||
self.assertIn('10112: from all oif test1 lookup 1011', output)
|
||||
|
||||
copy_unit_to_networkd_unit_path('routing-policy-rule-reconfigure1.network', '11-dummy.netdev')
|
||||
run(*networkctl_cmd, 'reload', env=env)
|
||||
time.sleep(1)
|
||||
self.wait_online(['test1:degraded'])
|
||||
|
||||
output = check_output('ip rule list table 1011')
|
||||
print(output)
|
||||
self.assertIn('10111: from all fwmark 0x3f3 lookup 1011', output)
|
||||
self.assertIn('10112: from all oif test1 lookup 1011', output)
|
||||
self.assertIn('10113: from all iif test1 lookup 1011', output)
|
||||
self.assertIn('10114: from 192.168.8.254 lookup 1011', output)
|
||||
|
||||
output = check_output('ip -6 rule list table 1011')
|
||||
print(output)
|
||||
self.assertNotIn('10112: from all oif test1 lookup 1011', output)
|
||||
self.assertIn('10113: from all iif test1 lookup 1011', output)
|
||||
self.assertRegex(output, '10111: from all fwmark 0x3f3 lookup 1011')
|
||||
self.assertRegex(output, '10112: from all oif test1 lookup 1011')
|
||||
self.assertRegex(output, '10113: from all iif test1 lookup 1011')
|
||||
self.assertRegex(output, '10114: from 192.168.8.254 lookup 1011')
|
||||
|
||||
run('ip rule delete priority 10111')
|
||||
run('ip rule delete priority 10112')
|
||||
run('ip rule delete priority 10113')
|
||||
run('ip rule delete priority 10114')
|
||||
run('ip -6 rule delete priority 10113')
|
||||
run('ip rule delete priority 10115')
|
||||
|
||||
output = check_output('ip rule list table 1011')
|
||||
print(output)
|
||||
self.assertEqual(output, '')
|
||||
|
||||
output = check_output('ip -6 rule list table 1011')
|
||||
print(output)
|
||||
self.assertEqual(output, '')
|
||||
|
||||
run(*networkctl_cmd, 'reconfigure', 'test1', env=env)
|
||||
|
||||
self.wait_online(['test1:degraded'])
|
||||
|
||||
output = check_output('ip rule list table 1011')
|
||||
print(output)
|
||||
self.assertIn('10111: from all fwmark 0x3f3 lookup 1011', output)
|
||||
self.assertIn('10112: from all oif test1 lookup 1011', output)
|
||||
self.assertIn('10113: from all iif test1 lookup 1011', output)
|
||||
self.assertIn('10114: from 192.168.8.254 lookup 1011', output)
|
||||
|
||||
output = check_output('ip -6 rule list table 1011')
|
||||
print(output)
|
||||
self.assertIn('10113: from all iif test1 lookup 1011', output)
|
||||
self.assertRegex(output, '10111: from all fwmark 0x3f3 lookup 1011')
|
||||
self.assertRegex(output, '10112: from all oif test1 lookup 1011')
|
||||
self.assertRegex(output, '10113: from all iif test1 lookup 1011')
|
||||
self.assertRegex(output, '10114: from 192.168.8.254 lookup 1011')
|
||||
|
||||
@expectedFailureIfRoutingPolicyPortRangeIsNotAvailable()
|
||||
def test_routing_policy_rule_port_range(self):
|
||||
|
|
|
|||
Loading…
Reference in New Issue