networkd: reduce the IPv4 DAD timeout to 200ms

The original timeout of 7 seconds is very long for today's networks. Reduce it
to 200ms. Note that this change also affects IPv4 link-local addressing.

.github/workflows/coverage.yml

@@ -25,7 +25,7 @@ jobs:
 
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
-      - uses: systemd/mkosi@dbb4020beee2cdf250f93a425794f1cf8b0fe693
+      - uses: systemd/mkosi@7e4ec15aee6b98300b2ee14265bc647a716a9f8a
 
       # Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
       # immediately, we remove the files in the background. However, we first move them to a different location
@@ -90,6 +90,7 @@ jobs:
           sudo mkosi sandbox -- \
             meson setup \
             --buildtype=debugoptimized \
+            -Dintegration-tests=true \
             build
 
       - name: Build image
@@ -119,8 +120,7 @@ jobs:
             meson test \
             -C build \
             --no-rebuild \
-            --setup=integration \
+            --suite integration-tests \
-            --suite=integration-tests \
             --print-errorlogs \
             --no-stdsplit \
             --num-processes "$(($(nproc) - 1))" \

.github/workflows/mkosi.yml

@@ -120,7 +120,7 @@ jobs:
 
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
-      - uses: systemd/mkosi@dbb4020beee2cdf250f93a425794f1cf8b0fe693
+      - uses: systemd/mkosi@7e4ec15aee6b98300b2ee14265bc647a716a9f8a
 
       # Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
       # immediately, we remove the files in the background. However, we first move them to a different location
@@ -197,6 +197,7 @@ jobs:
           sudo mkosi sandbox -- \
             meson setup \
             --buildtype=debugoptimized \
+            -Dintegration-tests=true \
             -Dbpf-framework=disabled \
             build
 
@@ -232,8 +233,7 @@ jobs:
             meson test \
             -C build \
             --no-rebuild \
-            --setup=integration \
+            --suite integration-tests \
-            --suite=integration-tests \
             --print-errorlogs \
             --no-stdsplit \
             --num-processes "$(($(nproc) - 1))" \

NEWS

@@ -489,10 +489,10 @@ CHANGES WITH 257:
           existing interfaces, and invoke 'networkctl reload' or restart
           systemd-networkd.
 
-        * systemd-networkd now supports configuring the timeout for IPv4
+        * The timeout for IPv4 Duplicate Address Detection can now be
-          Duplicate Address Detection via a new setting
+          configured via a new IPv4DuplicateAddressDetectionTimeout=
-          IPv4DuplicateAddressDetectionTimeout=. The default timeout value has
+          setting. The default timeout value has been changed from 7 seconds to
-          been changed from 7 seconds to 200 milliseconds.
+          200 milliseconds.
 
         systemd-boot, systemd-stub, and related tools:
 

man/systemd.network.xml

@@ -1749,10 +1749,8 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix</programlisting>
         <term><varname>FirewallMark=</varname></term>
         <listitem>
           <para>Specifies the iptables firewall mark value to match (a number in the range
-          0…4294967295). Optionally, the firewall mask (also a number between 0…4294967295) can be
+          1…4294967295). Optionally, the firewall mask (also a number between 1…4294967295) can be
-          suffixed with a slash (<literal>/</literal>), e.g., <literal>7/255</literal>. When the
+          suffixed with a slash (<literal>/</literal>), e.g., <literal>7/255</literal>.</para>
-          mark value is non-zero and no mask is explicitly specified, all bits of the mark are
-          compared. </para>
 
           <xi:include href="version-info.xml" xpointer="v235"/>
         </listitem>

meson.build

@@ -13,12 +13,6 @@ project('systemd', 'c',
         meson_version : '>= 0.62.0',
 )
 
-add_test_setup(
-        'default',
-        exclude_suites : ['integration-tests'],
-        is_default : true,
-)
-
 project_major_version = meson.project_version().split('.')[0].split('~')[0]
 if meson.project_version().contains('.')
         project_minor_version = meson.project_version().split('.')[-1].split('~')[0]
@@ -345,6 +339,7 @@ meson_build_sh = find_program('tools/meson-build.sh')
 want_tests = get_option('tests')
 want_slow_tests = want_tests != 'false' and get_option('slow-tests')
 want_fuzz_tests = want_tests != 'false' and get_option('fuzz-tests')
+want_integration_tests = want_tests != 'false' and get_option('integration-tests')
 install_tests = want_tests != 'false' and get_option('install-tests')
 
 if add_languages('cpp', native : false, required : fuzzer_build)
@@ -2666,6 +2661,10 @@ endif
 #####################################################################
 
 mkosi = find_program('mkosi', required : false)
+if want_integration_tests and not mkosi.found()
+        error('Could not find mkosi which is required to run the integration tests')
+endif
+
 mkosi_depends = public_programs
 
 foreach executable : ['systemd-journal-remote', 'systemd-sbsign', 'systemd-keyutil']

meson_options.txt

@@ -509,7 +509,7 @@ option('install-tests', type : 'boolean', value : false,
        description : 'install test executables')
 option('log-message-verification', type : 'feature', deprecated : { 'true' : 'enabled', 'false' : 'disabled' },
        description : 'do fake printf() calls to verify format strings')
-option('integration-tests', type : 'boolean', value : false, deprecated : true,
+option('integration-tests', type : 'boolean', value : false,
        description : 'run the integration tests')
 
 option('ok-color', type : 'combo',

mkosi/mkosi.conf

@@ -1,7 +1,7 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later
 
 [Config]
-MinimumVersion=commit:dbb4020beee2cdf250f93a425794f1cf8b0fe693
+MinimumVersion=commit:7e4ec15aee6b98300b2ee14265bc647a716a9f8a
 Dependencies=
         exitrd
         initrd
@@ -78,7 +78,8 @@ KernelCommandLine=
         oops=panic
         panic=-1
         softlockup_panic=1
-        panic_on_warn=1
+        # Disabled due to BTRFS issue, waiting for the fix to become available
+        panic_on_warn=0
         psi=1
         mitigations=off
 

mkosi/mkosi.conf.d/arch/mkosi.conf

@@ -4,7 +4,6 @@
 Distribution=arch
 
 [Content]
-PrepareScripts=systemd.prepare
 VolatilePackages=
         systemd
         systemd-libs

mkosi/mkosi.conf.d/centos-fedora/mkosi.conf

@@ -5,7 +5,6 @@ Distribution=|centos
 Distribution=|fedora
 
 [Content]
-PrepareScripts=systemd.prepare
 VolatilePackages=
         systemd
         systemd-boot

mkosi/mkosi.conf.d/debian-ubuntu/mkosi.conf

@@ -5,7 +5,6 @@ Distribution=|debian
 Distribution=|ubuntu
 
 [Content]
-PrepareScripts=systemd.prepare
 VolatilePackages=
         libnss-myhostname
         libnss-mymachines

mkosi/mkosi.conf.d/opensuse/mkosi.conf

@@ -11,7 +11,6 @@ Repositories=non-oss
 SandboxTrees=macros.db_backend:/etc/rpm/macros.db_backend
 
 [Content]
-PrepareScripts=systemd.prepare
 VolatilePackages=
         libsystemd0
         libudev1

mkosi/mkosi.images/exitrd/mkosi.conf.d/arch.conf

@@ -4,7 +4,7 @@
 Distribution=arch
 
 [Content]
-PrepareScripts=%D/mkosi/mkosi.conf.d/arch/systemd.prepare
+PrepareScripts=%D/mkosi/mkosi.conf.d/arch/mkosi.prepare
 VolatilePackages=
         systemd
         systemd-libs

mkosi/mkosi.images/exitrd/mkosi.conf.d/centos-fedora.conf

@@ -5,6 +5,6 @@ Distribution=|centos
 Distribution=|fedora
 
 [Content]
-PrepareScripts=%D/mkosi/mkosi.conf.d/centos-fedora/systemd.prepare
+PrepareScripts=%D/mkosi/mkosi.conf.d/centos-fedora/mkosi.prepare
 VolatilePackages=
         systemd-standalone-shutdown

mkosi/mkosi.images/exitrd/mkosi.conf.d/debian.conf

@@ -4,6 +4,6 @@
 Distribution=debian
 
 [Content]
-PrepareScripts=%D/mkosi/mkosi.conf.d/debian-ubuntu/systemd.prepare
+PrepareScripts=%D/mkosi/mkosi.conf.d/debian-ubuntu/mkosi.prepare
 VolatilePackages=
         systemd-standalone-shutdown

mkosi/mkosi.images/exitrd/mkosi.conf.d/opensuse.conf

@@ -4,7 +4,7 @@
 Distribution=opensuse
 
 [Content]
-PrepareScripts=%D/mkosi/mkosi.conf.d/opensuse/systemd.prepare
+PrepareScripts=%D/mkosi/mkosi.conf.d/opensuse/mkosi.prepare
 Packages=
         diffutils
         grep

mkosi/mkosi.images/exitrd/mkosi.conf.d/ubuntu.conf

@@ -4,7 +4,7 @@
 Distribution=ubuntu
 
 [Content]
-PrepareScripts=%D/mkosi/mkosi.conf.d/debian-ubuntu/systemd.prepare
+PrepareScripts=%D/mkosi/mkosi.conf.d/debian-ubuntu/mkosi.prepare
 VolatilePackages=
         libsystemd-shared
         libsystemd0

mkosi/mkosi.images/initrd/mkosi.conf.d/arch.conf

@@ -4,7 +4,7 @@
 Distribution=arch
 
 [Content]
-PrepareScripts=%D/mkosi/mkosi.conf.d/arch/systemd.prepare
+PrepareScripts=%D/mkosi/mkosi.conf.d/arch/mkosi.prepare
 Packages=
         btrfs-progs
         tpm2-tools

mkosi/mkosi.images/initrd/mkosi.conf.d/centos-fedora.conf

@@ -5,7 +5,7 @@ Distribution=|centos
 Distribution=|fedora
 
 [Content]
-PrepareScripts=%D/mkosi/mkosi.conf.d/centos-fedora/systemd.prepare
+PrepareScripts=%D/mkosi/mkosi.conf.d/centos-fedora/mkosi.prepare
 Packages=
         tpm2-tools
 

mkosi/mkosi.images/initrd/mkosi.conf.d/debian-ubuntu.conf

@@ -5,7 +5,7 @@ Distribution=|debian
 Distribution=|ubuntu
 
 [Content]
-PrepareScripts=%D/mkosi/mkosi.conf.d/debian-ubuntu/systemd.prepare
+PrepareScripts=%D/mkosi/mkosi.conf.d/debian-ubuntu/mkosi.prepare
 Packages=
         btrfs-progs
         tpm2-tools

mkosi/mkosi.images/initrd/mkosi.conf.d/opensuse.conf

@@ -4,7 +4,7 @@
 Distribution=opensuse
 
 [Content]
-PrepareScripts=%D/mkosi/mkosi.conf.d/opensuse/systemd.prepare
+PrepareScripts=%D/mkosi/mkosi.conf.d/opensuse/mkosi.prepare
 Packages=
         btrfs-progs
         kmod

mkosi/mkosi.images/minimal-base/mkosi.conf.d/arch.conf

@@ -4,7 +4,7 @@
 Distribution=arch
 
 [Content]
-PrepareScripts=%D/mkosi/mkosi.conf.d/arch/systemd.prepare
+PrepareScripts=%D/mkosi/mkosi.conf.d/arch/mkosi.prepare
 Packages=
         inetutils
         iproute

mkosi/mkosi.images/minimal-base/mkosi.conf.d/centos-fedora.conf

@@ -5,7 +5,7 @@ Distribution=|centos
 Distribution=|fedora
 
 [Content]
-PrepareScripts=%D/mkosi/mkosi.conf.d/centos-fedora/systemd.prepare
+PrepareScripts=%D/mkosi/mkosi.conf.d/centos-fedora/mkosi.prepare
 Packages=
         hostname
         iproute

mkosi/mkosi.images/minimal-base/mkosi.conf.d/debian-ubuntu.conf

@@ -5,7 +5,7 @@ Distribution=|debian
 Distribution=|ubuntu
 
 [Content]
-PrepareScripts=%D/mkosi/mkosi.conf.d/debian-ubuntu/systemd.prepare
+PrepareScripts=%D/mkosi/mkosi.conf.d/debian-ubuntu/mkosi.prepare
 Packages=
         hostname
         iproute2

mkosi/mkosi.images/minimal-base/mkosi.conf.d/opensuse.conf

@@ -4,7 +4,7 @@
 Distribution=opensuse
 
 [Content]
-PrepareScripts=%D/mkosi/mkosi.conf.d/opensuse/systemd.prepare
+PrepareScripts=%D/mkosi/mkosi.conf.d/opensuse/mkosi.prepare
 Packages=
         diffutils
         grep

src/libsystemd-network/sd-ipv4acd.c

@@ -30,7 +30,7 @@
 #define PROBE_MIN 1U
 #define PROBE_MAX 2U
 #define ANNOUNCE_WAIT 2U
-#define TOTAL_TIME_UNITS 7U
+#define TOTAL_TIMEOUT 7U
 
 /* Intervals from the RFC not adjusted to the time unit */
 #define ANNOUNCE_INTERVAL_USEC (2U * USEC_PER_SEC)
@@ -162,7 +162,7 @@ int sd_ipv4acd_new(sd_ipv4acd **ret) {
         *acd = (sd_ipv4acd) {
                 .n_ref = 1,
                 .state = IPV4ACD_STATE_INIT,
-                .time_unit = TIMEOUT_DEFAULT_USEC / TOTAL_TIME_UNITS,
+                .time_unit = TIMEOUT_DEFAULT_USEC / TOTAL_TIMEOUT,
                 .ifindex = -1,
                 .fd = -EBADF,
         };
@@ -232,9 +232,9 @@ static int ipv4acd_on_timeout(sd_event_source *s, uint64_t usec, void *userdata)
                 acd->defend_window = 0;
 
                 log_ipv4acd(acd,
-                            "Started on address " IPV4_ADDRESS_FMT_STR " with a max timeout of %s",
+                            "Started on address " IPV4_ADDRESS_FMT_STR " with a max timeout of %" PRIu64 "msec",
                             IPV4_ADDRESS_FMT_VAL(acd->address),
-                            FORMAT_TIMESPAN(acd->time_unit * TOTAL_TIME_UNITS, USEC_PER_MSEC));
+                            (acd->time_unit * TOTAL_TIMEOUT + (USEC_PER_MSEC - 1)) / USEC_PER_MSEC);
 
                 ipv4acd_set_state(acd, IPV4ACD_STATE_WAITING_PROBE, true);
 
@@ -471,8 +471,7 @@ int sd_ipv4acd_set_timeout(sd_ipv4acd *acd, uint64_t timeout_usec) {
                 timeout_usec = TIMEOUT_DEFAULT_USEC;
 
         /* Clamp the total duration to a value between 1ms and 1 minute */
-        acd->time_unit = DIV_ROUND_UP(
+        acd->time_unit = CLAMP(timeout_usec, 1U * USEC_PER_MSEC, 60U * USEC_PER_SEC) / TOTAL_TIMEOUT;
-                        CLAMP(timeout_usec, 1U * USEC_PER_MSEC, 1U * USEC_PER_MINUTE), TOTAL_TIME_UNITS);
 
         return 0;
 }

src/libsystemd/sd-netlink/netlink-socket.c

@@ -161,13 +161,12 @@ static int socket_recv_message(int fd, void *buf, size_t buf_size, uint32_t *ret
         assert(fd >= 0);
         assert(peek || (buf && buf_size > 0));
 
-        /* Note: this might return successfully, but with a zero size under some transient conditions, such
-         * as the reception of a non-kernel message. In such a case the passed buffer might or might not be
-         * modified. Caller must treat a zero return as "no message, but also not an error". */
-
         n = recvmsg_safe(fd, &msg, peek ? (MSG_PEEK|MSG_TRUNC) : 0);
-        if (ERRNO_IS_NEG_TRANSIENT(n))
+        if (ERRNO_IS_NEG_TRANSIENT(n)) {
-                goto transient;
+                if (ret_mcast_group)
+                        *ret_mcast_group = 0;
+                return 0;
+        }
         if (n == -ENOBUFS)
                 return log_debug_errno(n, "sd-netlink: kernel receive buffer overrun");
         if (n == -ECHRNG)
@@ -182,16 +181,15 @@ static int socket_recv_message(int fd, void *buf, size_t buf_size, uint32_t *ret
                 log_debug("sd-netlink: ignoring message from PID %"PRIu32, sender.nl.nl_pid);
 
                 if (peek) {
-                        /* Drop the message. Note that we ignore ECHRNG/EXFULL errors here, which
+                        /* drop the message */
-                         * recvmsg_safe() returns in case the payload or cdata is truncated. Given we just
-                         * want to drop the message we also don't care if its payload or cdata was
-                         * truncated. */
                         n = recvmsg_safe(fd, &msg, 0);
-                        if (n < 0 && !IN_SET(n, -ECHRNG, -EXFULL))
+                        if (n < 0)
                                 return (int) n;
                 }
 
-                goto transient;
+                if (ret_mcast_group)
+                        *ret_mcast_group = 0;
+                return 0;
         }
 
         if (ret_mcast_group) {
@@ -205,12 +203,6 @@ static int socket_recv_message(int fd, void *buf, size_t buf_size, uint32_t *ret
         }
 
         return (int) n;
-
-transient:
-        if (ret_mcast_group)
-                *ret_mcast_group = 0;
-
-        return 0;
 }
 
 DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(

src/network/networkd-routing-policy-rule.c

@@ -615,7 +615,7 @@ static int routing_policy_rule_set_netlink_message(const RoutingPolicyRule *rule
         if (r < 0)
                 return r;
 
-        if (rule->fwmark > 0 || rule->fwmask > 0) {
+        if (rule->fwmark > 0) {
                 r = sd_netlink_message_append_u32(m, FRA_FWMARK, rule->fwmark);
                 if (r < 0)
                         return r;
@@ -1315,12 +1315,14 @@ static int parse_fwmark_fwmask(const char *s, uint32_t *ret_fwmark, uint32_t *re
         if (r < 0)
                 return r;
 
+        if (fwmark > 0) {
                 if (slash) {
                         r = safe_atou32(slash + 1, &fwmask);
                         if (r < 0)
                                 return r;
-        } else if (fwmark > 0)
+                } else
                         fwmask = UINT32_MAX;
+        }
 
         *ret_fwmark = fwmark;
         *ret_fwmask = fwmask;

test/integration-tests/README.md

@@ -38,14 +38,14 @@ directory (`OutputDirectory=`) to point to the other directory using `mkosi/mkos
 After the image has been built, the integration tests can be run with:
 
 ```shell
-$ mkosi -f sandbox -- meson test -C build --setup=integration --suite integration-tests --num-processes "$(($(nproc) / 4))"
+$ env SYSTEMD_INTEGRATION_TESTS=1 mkosi -f sandbox -- meson test -C build --suite integration-tests --num-processes "$(($(nproc) / 4))"
 ```
 
 As usual, specific tests can be run in meson by appending the name of the test
 which is usually the name of the directory e.g.
 
 ```shell
-$ mkosi -f sandbox -- meson test -C build --setup=integration -v TEST-01-BASIC
+$ env SYSTEMD_INTEGRATION_TESTS=1 mkosi -f sandbox -- meson test -C build -v TEST-01-BASIC
 ```
 
 See `mkosi -f sandbox -- meson introspect build --tests` for a list of tests.
@@ -55,7 +55,7 @@ To interactively debug a failing integration test, the `--interactive` option
 newer:
 
 ```shell
-$ mkosi -f sandbox -- meson test -C build --setup=integration -i TEST-01-BASIC
+$ env SYSTEMD_INTEGRATION_TESTS=1 mkosi -f sandbox -- meson test -C build -i TEST-01-BASIC
 ```
 
 Due to limitations in meson, the integration tests do not yet depend on the
@@ -64,7 +64,7 @@ running the integration tests. To rebuild the image and rerun a test, the
 following command can be used:
 
 ```shell
-$ mkosi -f sandbox -- meson compile -C build mkosi && mkosi -f sandbox -- meson test -C build --setup=integration -v TEST-01-BASIC
+$ mkosi -f sandbox -- meson compile -C build mkosi && env SYSTEMD_INTEGRATION_TESTS=1 mkosi -f sandbox -- meson test -C build -v TEST-01-BASIC
 ```
 
 The integration tests use the same mkosi configuration that's used when you run
@@ -78,7 +78,7 @@ To iterate on an integration test, let's first get a shell in the integration te
 the following:
 
 ```shell
-$ mkosi -f sandbox -- meson compile -C build mkosi && mkosi -f sandbox -- meson test -C build --setup=shell -i TEST-01-BASIC
+$ mkosi -f sandbox -- meson compile -C build mkosi && env SYSTEMD_INTEGRATION_TESTS=1 TEST_SHELL=1 mkosi -f sandbox -- meson test -C build -i TEST-01-BASIC
 ```
 
 This will get us a shell in the integration test environment after booting the machine without running the
@@ -107,7 +107,7 @@ re-running the test will first install the new packages we just built, make a ne
 the test again. You can keep running the loop of `mkosi -R`, `systemctl soft-reboot` and
 `systemctl start ...` until the changes to the integration test are working.
 
-If you're debugging a failing integration test (running `meson test --interactive`),
+If you're debugging a failing integration test (running `meson test --interactive` without `TEST_SHELL`),
 there's no need to run `systemctl start ...`, running `systemctl soft-reboot` on its own is sufficient to
 rerun the test.
 
@@ -120,6 +120,10 @@ rerun the test.
 `TEST_NO_KVM=1`: Disable qemu KVM auto-detection (may be necessary when you're
 trying to run the *vanilla* qemu and have both qemu and qemu-kvm installed)
 
+`TEST_SHELL=1`: Configure the machine to be more *user-friendly* for
+interactive debugging (e.g. by setting a usable default terminal, suppressing
+the shutdown after the test, etc.).
+
 `TEST_MATCH_SUBTEST=subtest`:  If the test makes use of `run_subtests` use this
 variable to provide a POSIX extended regex to run only subtests matching the
 expression.

test/integration-tests/integration-test-wrapper.py

@@ -361,7 +361,7 @@ def statfs(path: Path) -> str:
 
 def main() -> None:
     parser = argparse.ArgumentParser(description=__doc__)
-    parser.add_argument('--mkosi', default=None)
+    parser.add_argument('--mkosi', required=True)
     parser.add_argument('--meson-source-dir', required=True, type=Path)
     parser.add_argument('--meson-build-dir', required=True, type=Path)
     parser.add_argument('--name', required=True)
@@ -379,12 +379,6 @@ def main() -> None:
     parser.add_argument('mkosi_args', nargs='*')
     args = parser.parse_args()
 
-    if not args.mkosi:
-        args.mkosi = shutil.which('mkosi')
-        if not args.mkosi:
-            print('Could not find mkosi which is required to run the integration tests', file=sys.stderr)
-            sys.exit(1)
-
     # The meson source directory can either be the top-level repository directory or the
     # test/integration-tests/standalone subdirectory in the repository directory. The mkosi configuration
     # will always be a parent directory of one of these directories and at most 4 levels upwards, so don't
@@ -401,6 +395,13 @@ def main() -> None:
         )
         exit(1)
 
+    if not bool(int(os.getenv('SYSTEMD_INTEGRATION_TESTS', '0'))):
+        print(
+            f'SYSTEMD_INTEGRATION_TESTS=1 not found in environment, skipping {args.name}',
+            file=sys.stderr,
+        )
+        exit(77)
+
     if args.slow and not bool(int(os.getenv('SYSTEMD_SLOW_TESTS', '0'))):
         print(
             f'SYSTEMD_SLOW_TESTS=1 not found in environment, skipping {args.name}',

test/integration-tests/meson.build

@@ -1,9 +1,5 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later
 
-# We'd give these more descriptive names but only alphanumeric characters are allowed.
-add_test_setup('integration')
-add_test_setup('shell', env : {'TEST_SHELL' : '1'})
-
 integration_test_wrapper = find_program('integration-test-wrapper.py')
 integration_tests = []
 integration_test_template = {
@@ -133,11 +129,11 @@ foreach integration_test : integration_tests
                 integration_test_args += ['--skip']
         endif
 
-        if mkosi.found()
+        if not mkosi.found()
-                integration_test_args += ['--mkosi', mkosi.full_path()]
+                continue
         endif
 
-        integration_test_args += ['--']
+        integration_test_args += ['--mkosi', mkosi.full_path(), '--']
 
         if integration_test['cmdline'].length() > 0
                 integration_test_args += [
@@ -155,12 +151,19 @@ foreach integration_test : integration_tests
 
         integration_test_args += integration_test['mkosi-args']
 
+        integration_test_env = {}
+
+        if want_integration_tests
+                integration_test_env += {'SYSTEMD_INTEGRATION_TESTS': '1'}
+        endif
+
         # We don't explicitly depend on the "mkosi" target because that means the image is rebuilt on every
         # "ninja -C build". Instead, the mkosi target has to be rebuilt manually before running the
         # integration tests with mkosi.
         test(
                 integration_test['name'],
                 integration_test_wrapper,
+                env : integration_test_env,
                 args : integration_test_args,
                 timeout : integration_test['timeout'],
                 priority : integration_test['priority'],

test/integration-tests/standalone/meson.build

@@ -16,6 +16,7 @@ project('systemd-testsuite',
 
 fs = import('fs')
 mkosi = find_program('mkosi', required : true)
+want_integration_tests = true
 
 # meson refuses .. in subdir() so we use a symlink to trick it into accepting it anyway.
 subdir('integration-tests')

test/test-network/conf/25-routing-policy-rule-test1.network

@@ -48,24 +48,6 @@ From=10.1.0.0/16
 Priority=104
 Table=12
 
-[RoutingPolicyRule]
-IncomingInterface=test1
-FirewallMark=0/1
-Priority=200
-Table=20
-
-[RoutingPolicyRule]
-IncomingInterface=test1
-FirewallMark=7/255
-Priority=201
-Table=21
-
-[RoutingPolicyRule]
-IncomingInterface=test1
-FirewallMark=9999
-Priority=202
-Table=22
-
 # The four routing policy rules below intentionally have the same config
 # excepts for their To= addresses. See issue #35874.
 [RoutingPolicyRule]

test/test-network/systemd-networkd-tests.py

@@ -3890,18 +3890,6 @@ class NetworkdNetworkTests(unittest.TestCase, Utilities):
         print(output)
         self.assertIn('104:	from 10.1.0.0/16 iif test1 lookup 12 nop', output)
 
-        output = check_output('ip rule list iif test1 priority 200')
-        print(output)
-        self.assertIn('200:	from all fwmark 0/0x1 iif test1 lookup 20', output)
-
-        output = check_output('ip rule list iif test1 priority 201')
-        print(output)
-        self.assertIn('201:	from all fwmark 0x7/0xff iif test1 lookup 21', output)
-
-        output = check_output('ip rule list iif test1 priority 202')
-        print(output)
-        self.assertIn('202:	from all fwmark 0x270f iif test1 lookup 22', output)
-
         output = check_output('ip rule list to 192.0.2.0/26')
         print(output)
         self.assertIn('to 192.0.2.0/26 lookup 1001', output)