NEWS: fix two typos

Many syscalls added and all fit nicely into existing groups, hence lets
add them there.

NEWS

@@ -1,5 +1,154 @@
 systemd System and Service Manager
 
+CHANGES WITH 244 in spe:
+
+        * Support for the cpuset cgroups v2 controller has been added.
+          Processes may be restricted to specific CPUs using the new
+          AllowedCPUs= setting, and to specific memory NUMA nodes using the new
+          AllowedMemoryNodes= setting.
+
+        * The signal used in restart jobs (as opposed to e.g. stop jobs) may
+          now be configured using a new RestartKillSignal= settting. This
+          allows units which signals to request termination to implement
+          different behaviour when stopping in preparation for a restart.
+
+        * "systemctl clean" may now be used also for socket, mount, and swap
+          units.
+
+        * systemd will also read configuration options from the EFI variable
+          SystemdOptions. This may be used to configure systemd behaviour when
+          modifying the kernel command line is inconvenient, but configuration
+          on disk is read too late, for example for the options related to
+          cgroup hierarchy setup. 'bootctl system-options' may be used to
+          set the EFI variable.
+
+        * systemd will now disable printk ratelimits in early boot. This should
+          allow us to capture more logs from the early boot phase where normal
+          storage is not available and the kernel ring buffer is used for
+          logging. Configuration on the kernel command line has higher priority
+          and overrides the systemd setting.
+
+          systemd programs which log to /dev/kmsg directly use internal
+          ratelimits to prevent runaway logging. (Normally this is only used
+          during early boot, so in practice this change has very little
+          effect.)
+
+        * The special -.service.d dropin directory may be used to add
+          configuration that affects all services. The "-.service" service name
+          is now disallowed (though hopefully no one would use such a service
+          name. -.mount gives us enough grief.)
+
+        * The RuntimeMaxSec= setting is now supported by scopes, not just
+          .service units. This is particularly useful for PAM sessions which
+          create a scope unit for the user login. systemd.runtime_max_sec=
+          setting may used with the pam_systemd module to limit the duration
+          of the PAM session, for example for time-limited logins.
+
+        * udev now provides a program (fido_id) that identifies FIDO CTAP1
+          ("U2F")/CTAP2 security tokens based on the usage declared in their
+          report and descriptor and outputs suitable environment variables.
+          This replaces the externally maintained whitelists of all known
+          security tokens that were used previously.
+
+        * Automatically generated autosuspend udev rules for whitelisted
+          devices have been imported from the Chromium OS project. This should
+          improve power saving with many more devices.
+
+        * udev gained a new "CONST{key}=value" setting that allows matching
+          against system-wide constants without forking a helper binary.
+          Currently "arch" and "virt" keys are supported.
+
+        * udev now opens CDROMs in non-exclusive mode when querying their
+          capabilities. This should fix issues where other programs trying to
+          use the CDROM cannot gain access to it, but carries a risk of
+          interfering with programs writing to the disk, if they did not open
+          the device in exclusive mode as they should.
+
+        * systemd-networkd does not create a default route for IPv4 link local
+          addressing anymore. The creation of the route was unexpected and was
+          breaking routing in various cases, but people who rely on it being
+          created implicitly will need to adjust. Such a route may be requested
+          with DefaultRouteOnDevice=yes.
+
+          Similarly, systemd-networkd will not assign a link-local IPv6 address
+          when IPv6 link-local routing is not enabled.
+
+        * Receive and transmit buffers may now be configured on links with
+          the new RxBufferSize= and TxBufferSize= settings.
+
+        * systemd-networkd may now advertise additional IPv6 routes. A new
+          [IPv6RoutePrefix] section with Route= and LifetimeSec= options is
+          now supported.
+
+        * systemd-networkd may now configure "next hop" routes using the
+          [NextHop] section and Gateway= and Id= settings.
+
+        * systemd-networkd will now retain DHCP config on restarts by default
+          (but this may be overridden using the KeepConfiguration= setting).
+          The default for SendRelease= has been changed to true.
+
+        * The DHCPv4 client now uses the OPTION_INFORMATION_REFRESH_TIME option
+          received from the server.
+
+          The client will use the received SIP server list if UseSIP=yes is
+          set.
+
+          The client may be configured to request specific options from the
+          server using a new RequestOptions= setting.
+
+          A new IPServiceType= setting has been added to configure the "IP
+          service type" value used by the client.
+
+        * The DHCPv6 client learnt a new PrefixDelegationHint= option to
+          request prefix hints in the DHCPv6 solicitation.
+
+        * systemd-networkd and networkctl may now renew DHCP leases on demand.
+          networkctl has a new 'networkctl renew' verb.
+
+        * systemd-networkd may now reconfigure links on demand. networkctl
+          gained two new verbs: "reload" will reload the configuration, and
+          "reconfigure DEVICE…" will reconfigure one or more devices.
+
+        * .network files may now match on SSID and BSSID of a wireless network,
+          i.e. the access point name and hardware address using the new SSID=
+          and BSSID= options. networkctl will display the current SSID and
+          BSSID for wireless links.
+
+          .network files may also match on the wireless network type using the
+          new WLANInterfaceType= option.
+
+        * systemd-networkd now includes default configuration that enables
+          link-local addressing when connected to an ad-hoc wireless network.
+
+        * The DHCPv4 server may now be configured to emit SIP server list using
+          the new EmitSIP= and SIP= settings.
+
+        * systemd-networkd may configure the Traffic Control queueing
+          disciplines in the kernel using the new
+          [TrafficControlQueueingDiscipline] section and Parent=,
+          NetworkEmulatorDelaySec=, NetworkEmulatorDelayJitterSec=,
+          NetworkEmulatorPacketLimit=, NetworkEmulatorLossRate= settings.
+
+        * systemd-tmpfiles gained a new w+ setting to append to files.
+
+        * systemd-analyze dump will now report when the memory configuration in
+          the kernel does not match what systemd has configured (usually,
+          because some external program has modified the kernel configuration
+          on its own).
+
+        * journalctl --update-catalog now produces deterministic output (making
+          reproducible image builds easier).
+
+        * A new devicetree-overlay setting is now documented in the Boot Loader
+          Specification.
+
+        * The default value of the WatchdogSec= setting used in systemd
+          services (the ones bundled with the project itself) may be set at
+          configuration time using the -Dservice-watchdog= setting. If set to
+          empty, the watchdogs will be disabled.
+
+        * libcryptsetup >= 2.0.1 is now required.
+
 CHANGES WITH 243:
 
         * This release enables unprivileged programs (i.e. requiring neither

README

@@ -155,7 +155,7 @@ REQUIREMENTS:
         libmicrohttpd (optional)
         libpython (optional)
         libidn2 or libidn (optional)
-        gnutls >= 3.1.4 (optional, >= 3.5.3 is required to support DNS-over-TLS with gnutls)
+        gnutls >= 3.1.4 (optional, >= 3.6.0 is required to support DNS-over-TLS with gnutls)
         openssl >= 1.1.0 (optional, required to support DNS-over-TLS with openssl)
         elfutils >= 158 (optional)
         polkit (optional)

man/systemd.network.xml

@@ -1640,12 +1640,16 @@
         </varlistentry>
 
         <varlistentry>
-          <term><varname>SendOptions=</varname></term>
+          <term><varname>SendOption=</varname></term>
           <listitem>
-            <para>Send a raw option with value via DHCPv4 client. Takes a DHCP option and base64 encoded
-            data separated with a colon (option:value). The option ranges [1-254]. This option can be
-            specified multiple times. If an empty string is specified, then all options specified earlier
-            are cleared. Defaults to unset.</para>
+            <para>Send an arbitrary option in the DHCPv4 request. Takes a DHCP option number and an arbitrary
+            data string separated with a colon
+            (<literal><replaceable>option</replaceable>:<replaceable>value</replaceable></literal>). The
+            option number must be an interger in the range 1..254. Special characters in the data string may
+            be escaped using
+            <ulink url="https://en.wikipedia.org/wiki/Escape_sequences_in_C#Table_of_escape_sequences">C-style
+            escapes</ulink>.  This option can be specified multiple times. If an empty string is specified,
+            then all options specified earlier are cleared. Defaults to unset.</para>
           </listitem>
         </varlistentry>
        </variablelist>

meson.build

@@ -1199,7 +1199,7 @@ if dns_over_tls != 'false'
         if dns_over_tls == 'openssl'
                 have_gnutls = false
         else
-                have_gnutls = (conf.get('HAVE_GNUTLS') == 1 and libgnutls.version().version_compare('>= 3.5.3'))
+                have_gnutls = (conf.get('HAVE_GNUTLS') == 1 and libgnutls.version().version_compare('>= 3.6.0'))
                 if dns_over_tls == 'gnutls' and not have_gnutls
                         error('DNS-over-TLS support was requested with gnutls, but dependencies are not available')
                 endif
@@ -2704,7 +2704,7 @@ public_programs += exe
 if conf.get('ENABLE_NETWORKD') == 1
         executable('systemd-networkd',
                    systemd_networkd_sources,
-                   include_directories : includes,
+                   include_directories : network_include_dir,
                    link_with : [libnetworkd_core,
                                 libsystemd_network,
                                 libudev_static,

network/meson.build

@@ -4,6 +4,9 @@ if conf.get('ENABLE_NETWORKD') == 1
         install_data('80-container-host0.network',
                      '80-container-ve.network',
                      '80-container-vz.network',
+                     '80-wifi-adhoc.network',
+                     '80-wifi-ap.network.example',
+                     '80-wifi-station.network.example',
                      install_dir : networkdir)
 
         meson.add_install_script('sh', '-c',

src/analyze/analyze.c

@@ -1713,7 +1713,7 @@ static void kernel_syscalls_remove(Set *s, const SyscallFilterSet *set) {
                 if (syscall[0] == '@')
                         continue;
 
-                (void) set_remove(s, syscall);
+                free(set_remove(s, syscall));
         }
 }
 
@@ -1757,15 +1757,21 @@ static int dump_syscall_filters(int argc, char *argv[], void *userdata) {
                         fflush(stdout);
                         log_notice_errno(k, "# Not showing unlisted system calls, couldn't retrieve kernel system call list: %m");
                 } else if (!set_isempty(kernel)) {
-                        const char *syscall;
-                        Iterator j;
+                        _cleanup_free_ char **l = NULL;
+                        char **syscall;
 
                         printf("\n"
                                "# %sUnlisted System Calls%s (supported by the local kernel, but not included in any of the groups listed above):\n",
                                ansi_highlight(), ansi_normal());
 
-                        SET_FOREACH(syscall, kernel, j)
-                                printf("#   %s\n", syscall);
+                        l = set_get_strv(kernel);
+                        if (!l)
+                                return log_oom();
+
+                        strv_sort(l);
+
+                        STRV_FOREACH(syscall, l)
+                                printf("#   %s\n", *syscall);
                 }
         } else {
                 char **name;

src/basic/string-util.c

@@ -743,7 +743,7 @@ static void advance_offsets(
 }
 
 char *strip_tab_ansi(char **ibuf, size_t *_isz, size_t highlight[2]) {
-        const char *i, *begin = NULL;
+        const char *begin = NULL;
         enum {
                 STATE_OTHER,
                 STATE_ESCAPE,
@@ -751,7 +751,7 @@ char *strip_tab_ansi(char **ibuf, size_t *_isz, size_t highlight[2]) {
                 STATE_CSO,
         } state = STATE_OTHER;
         char *obuf = NULL;
-        size_t osz = 0, isz, shift[2] = {};
+        size_t osz = 0, isz, shift[2] = {}, n_carriage_returns = 0;
         FILE *f;
 
         assert(ibuf);
@@ -762,6 +762,8 @@ char *strip_tab_ansi(char **ibuf, size_t *_isz, size_t highlight[2]) {
          * 1. Replaces TABs by 8 spaces
          * 2. Strips ANSI color sequences (a subset of CSI), i.e. ESC '[' … 'm' sequences
          * 3. Strips ANSI operating system sequences (CSO), i.e. ESC ']' … BEL sequences
+         * 4. Strip trailing \r characters (since they would "move the cursor", but have no
+         *    other effect).
          *
          * Everything else will be left as it is. In particular other ANSI sequences are left as they are, as
          * are any other special characters. Truncated ANSI sequences are left-as is too. This call is
@@ -777,14 +779,24 @@ char *strip_tab_ansi(char **ibuf, size_t *_isz, size_t highlight[2]) {
         if (!f)
                 return NULL;
 
-        for (i = *ibuf; i < *ibuf + isz + 1; i++) {
+        for (const char *i = *ibuf; i < *ibuf + isz + 1; i++) {
 
                 switch (state) {
 
                 case STATE_OTHER:
                         if (i >= *ibuf + isz) /* EOT */
                                 break;
-                        else if (*i == '\x1B')
+
+                        if (*i == '\r') {
+                                n_carriage_returns++;
+                                break;
+                        } else if (*i == '\n')
+                                /* Ignore carriage returns before new line */
+                                n_carriage_returns = 0;
+                        for (; n_carriage_returns > 0; n_carriage_returns--)
+                                fputc('\r', f);
+
+                        if (*i == '\x1B')
                                 state = STATE_ESCAPE;
                         else if (*i == '\t') {
                                 fputs("        ", f);
@@ -795,6 +807,8 @@ char *strip_tab_ansi(char **ibuf, size_t *_isz, size_t highlight[2]) {
                         break;
 
                 case STATE_ESCAPE:
+                        assert(n_carriage_returns == 0);
+
                         if (i >= *ibuf + isz) { /* EOT */
                                 fputc('\x1B', f);
                                 advance_offsets(i - *ibuf, highlight, shift, 1);
@@ -815,6 +829,7 @@ char *strip_tab_ansi(char **ibuf, size_t *_isz, size_t highlight[2]) {
                         break;
 
                 case STATE_CSI:
+                        assert(n_carriage_returns == 0);
 
                         if (i >= *ibuf + isz || /* EOT … */
                             !strchr("01234567890;m", *i)) { /* … or invalid chars in sequence */
@@ -829,6 +844,7 @@ char *strip_tab_ansi(char **ibuf, size_t *_isz, size_t highlight[2]) {
                         break;
 
                 case STATE_CSO:
+                        assert(n_carriage_returns == 0);
 
                         if (i >= *ibuf + isz || /* EOT … */
                             (*i != '\a' && (uint8_t) *i < 32U) || (uint8_t) *i > 126U) { /* … or invalid chars in sequence */
@@ -848,7 +864,6 @@ char *strip_tab_ansi(char **ibuf, size_t *_isz, size_t highlight[2]) {
                 fclose(f);
                 return mfree(obuf);
         }
-
         fclose(f);
 
         free_and_replace(*ibuf, obuf);

src/core/service.c

@@ -1658,21 +1658,28 @@ static int cgroup_good(Service *s) {
         return r == 0;
 }
 
-static bool service_shall_restart(Service *s) {
+static bool service_shall_restart(Service *s, const char **reason) {
         assert(s);
 
         /* Don't restart after manual stops */
-        if (s->forbid_restart)
+        if (s->forbid_restart) {
+                *reason = "manual stop";
                 return false;
+        }
 
         /* Never restart if this is configured as special exception */
-        if (exit_status_set_test(&s->restart_prevent_status, s->main_exec_status.code, s->main_exec_status.status))
+        if (exit_status_set_test(&s->restart_prevent_status, s->main_exec_status.code, s->main_exec_status.status)) {
+                *reason = "prevented by exit status";
                 return false;
+        }
 
         /* Restart if the exit code/status are configured as restart triggers */
-        if (exit_status_set_test(&s->restart_force_status,  s->main_exec_status.code, s->main_exec_status.status))
+        if (exit_status_set_test(&s->restart_force_status,  s->main_exec_status.code, s->main_exec_status.status)) {
+                *reason = "forced by exit status";
                 return true;
+        }
 
+        *reason = "restart setting";
         switch (s->restart) {
 
         case SERVICE_RESTART_NO:
@@ -1739,8 +1746,19 @@ static void service_enter_dead(Service *s, ServiceResult f, bool allow_restart)
                 end_state = SERVICE_FAILED;
         }
 
-        if (allow_restart && service_shall_restart(s))
+        if (!allow_restart)
+                log_unit_debug(UNIT(s), "Service restart not allowed.");
+        else {
+                const char *reason;
+                bool shall_restart;
+
+                shall_restart = service_shall_restart(s, &reason);
+                log_unit_debug(UNIT(s), "Service will %srestart (%s)",
+                                        shall_restart ? "" : "not ",
+                                        reason);
+                if (shall_restart)
                         s->will_auto_restart = true;
+        }
 
         /* Make sure service_release_resources() doesn't destroy our FD store, while we are changing through
          * SERVICE_FAILED/SERVICE_DEAD before entering into SERVICE_AUTO_RESTART. */

src/machine/machine-dbus.c

@@ -62,6 +62,34 @@ static int property_get_netif(
         return sd_bus_message_append_array(reply, 'i', m->netif, m->n_netif * sizeof(int));
 }
 
+int bus_machine_method_unregister(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Machine *m = userdata;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        r = bus_verify_polkit_async(
+                        message,
+                        CAP_KILL,
+                        "org.freedesktop.machine1.manage-machines",
+                        NULL,
+                        false,
+                        UID_INVALID,
+                        &m->manager->polkit_registry,
+                        error);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 1; /* Will call us back */
+
+        r = machine_finalize(m);
+        if (r < 0)
+                return r;
+
+        return sd_bus_reply_method_return(message, NULL);
+}
+
 int bus_machine_method_terminate(sd_bus_message *message, void *userdata, sd_bus_error *error) {
         Machine *m = userdata;
         int r;

src/machine/machine-dbus.h

@@ -11,6 +11,7 @@ char *machine_bus_path(Machine *s);
 int machine_object_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error);
 int machine_node_enumerator(sd_bus *bus, const char *path, void *userdata, char ***nodes, sd_bus_error *error);
 
+int bus_machine_method_unregister(sd_bus_message *message, void *userdata, sd_bus_error *error);
 int bus_machine_method_terminate(sd_bus_message *message, void *userdata, sd_bus_error *error);
 int bus_machine_method_kill(sd_bus_message *message, void *userdata, sd_bus_error *error);
 int bus_machine_method_get_addresses(sd_bus_message *message, void *userdata, sd_bus_error *error);

src/machine/machine.c

@@ -355,6 +355,7 @@ static int machine_start_scope(Machine *m, sd_bus_message *properties, sd_bus_er
                         return log_error_errno(r, "Failed to start machine scope: %s", bus_error_message(error, r));
 
                 m->unit = TAKE_PTR(scope);
+                m->referenced = true;
                 free_and_replace(m->scope_job, job);
         }
 
@@ -422,9 +423,12 @@ static int machine_stop_scope(Machine *m) {
         } else
                 free_and_replace(m->scope_job, job);
 
+        if (m->referenced) {
                 q = manager_unref_unit(m->manager, m->unit, &error);
                 if (q < 0)
                         log_warning_errno(q, "Failed to drop reference to machine scope, ignoring: %s", bus_error_message(&error, r));
+                m->referenced = false;
+        }
 
         return r;
 }
@@ -449,13 +453,16 @@ int machine_stop(Machine *m) {
 int machine_finalize(Machine *m) {
         assert(m);
 
-        if (m->started)
+        if (m->started) {
                 log_struct(LOG_INFO,
                            "MESSAGE_ID=" SD_MESSAGE_MACHINE_STOP_STR,
                            "NAME=%s", m->name,
                            "LEADER="PID_FMT, m->leader,
                            LOG_MESSAGE("Machine %s terminated.", m->name));
 
+                m->stopping = true; /* The machine is supposed to be going away. Don't try to kill it. */
+        }
+
         machine_unlink(m);
         machine_add_to_gc_queue(m);
 

src/machine/machine.h

@@ -54,6 +54,7 @@ struct Machine {
         bool in_gc_queue:1;
         bool started:1;
         bool stopping:1;
+        bool referenced:1;
 
         sd_bus_message *create_message;
 

src/machine/machined-dbus.c

@@ -448,6 +448,10 @@ static int redirect_method_to_machine(sd_bus_message *message, Manager *m, sd_bu
         return method(message, machine, error);
 }
 
+static int method_unregister_machine(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        return redirect_method_to_machine(message, userdata, error, bus_machine_method_unregister);
+}
+
 static int method_terminate_machine(sd_bus_message *message, void *userdata, sd_bus_error *error) {
         return redirect_method_to_machine(message, userdata, error, bus_machine_method_terminate);
 }
@@ -1137,6 +1141,7 @@ const sd_bus_vtable manager_vtable[] = {
         SD_BUS_METHOD("CreateMachineWithNetwork", "sayssusaia(sv)", "o", method_create_machine_with_network, 0),
         SD_BUS_METHOD("RegisterMachine", "sayssus", "o", method_register_machine, 0),
         SD_BUS_METHOD("RegisterMachineWithNetwork", "sayssusai", "o", method_register_machine_with_network, 0),
+        SD_BUS_METHOD("UnregisterMachine", "s", NULL, method_unregister_machine, SD_BUS_VTABLE_UNPRIVILEGED),
         SD_BUS_METHOD("TerminateMachine", "s", NULL, method_terminate_machine, SD_BUS_VTABLE_UNPRIVILEGED),
         SD_BUS_METHOD("KillMachine", "ssi", NULL, method_kill_machine, SD_BUS_VTABLE_UNPRIVILEGED),
         SD_BUS_METHOD("GetMachineAddresses", "s", "a(iay)", method_get_machine_addresses, SD_BUS_VTABLE_UNPRIVILEGED),

src/machine/org.freedesktop.machine1.conf

@@ -76,6 +76,10 @@
                        send_interface="org.freedesktop.machine1.Manager"
                        send_member="OpenMachineShell"/>
 
+                <allow send_destination="org.freedesktop.machine1"
+                       send_interface="org.freedesktop.machine1.Manager"
+                       send_member="UnregisterMachine"/>
+
                 <allow send_destination="org.freedesktop.machine1"
                        send_interface="org.freedesktop.machine1.Manager"
                        send_member="TerminateMachine"/>

src/network/meson.build

@@ -131,7 +131,7 @@ network_generator_sources = files('''
         generator/network-generator.h
 '''.split())
 
-network_include_dir = include_directories('.')
+network_include_dir = [includes, include_directories(['.', 'netdev', 'tc'])]
 
 if conf.get('ENABLE_NETWORKD') == 1
         networkd_gperf_c = custom_target(
@@ -159,7 +159,7 @@ if conf.get('ENABLE_NETWORKD') == 1
                 networkd_gperf_c,
                 networkd_network_gperf_c,
                 netdev_gperf_c,
-                include_directories : includes,
+                include_directories : network_include_dir,
                 link_with : [libshared])
 
         install_data('org.freedesktop.network1.conf',
@@ -187,7 +187,9 @@ if conf.get('ENABLE_NETWORKD') == 1
       libudev_static,
       libsystemd_network,
       libshared],
-     [threads]],
+     [threads],
+     [],
+     network_include_dir],
 
     [['src/network/fuzz-network-parser.c',
       'src/fuzz/fuzz.h'],
@@ -195,7 +197,9 @@ if conf.get('ENABLE_NETWORKD') == 1
       libudev_static,
       libsystemd_network,
       libshared],
-     [threads]]
+     [threads],
+     [],
+     network_include_dir],
     ]
 
         tests += [
@@ -203,20 +207,21 @@ if conf.get('ENABLE_NETWORKD') == 1
      [libnetworkd_core,
       libsystemd_network,
       libudev],
-     []],
+     [], '', '', [], network_include_dir],
 
     [['src/network/test-network.c'],
      [libnetworkd_core,
       libudev_static,
       libsystemd_network,
       libshared],
-     [threads]],
+     [threads],
+     '', '', [], network_include_dir],
 
     [['src/network/test-routing-policy-rule.c'],
      [libnetworkd_core,
       libsystemd_network,
       libudev],
-     []],
+     [], '', '', [], network_include_dir],
 
     [['src/network/test-network-tables.c',
       test_tables_h],
@@ -233,6 +238,6 @@ if conf.get('ENABLE_NETWORKD') == 1
       'src/network/generator/network-generator.c',
       'src/network/generator/network-generator.h'],
      [libshared],
-     []],
+     [], '', '', [], network_include_dir],
   ]
 endif

src/network/netdev/bond.c

@@ -1,7 +1,5 @@
 /* SPDX-License-Identifier: LGPL-2.1+ */
 
-#include "sd-netlink.h"
-
 #include "alloc-util.h"
 #include "bond.h"
 #include "conf-parser.h"

src/network/netdev/bridge.c

@@ -2,9 +2,9 @@
 
 #include <net/if.h>
 
+#include "bridge.h"
 #include "missing.h"
 #include "netlink-util.h"
-#include "netdev/bridge.h"
 #include "network-internal.h"
 #include "networkd-manager.h"
 #include "string-table.h"

src/network/netdev/dummy.c

@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: LGPL-2.1+ */
 
-#include "netdev/dummy.h"
+#include "dummy.h"
 
 const NetDevVTable dummy_vtable = {
         .object_size = sizeof(Dummy),

src/network/netdev/dummy.h

@@ -1,7 +1,7 @@
 /* SPDX-License-Identifier: LGPL-2.1+ */
 #pragma once
 
-#include "netdev/netdev.h"
+#include "netdev.h"
 
 typedef struct Dummy {
         NetDev meta;

src/network/netdev/fou-tunnel.c

@@ -6,14 +6,12 @@
 #include <linux/ip.h>
 
 #include "conf-parser.h"
+#include "fou-tunnel.h"
 #include "ip-protocol-list.h"
 #include "missing.h"
-#include "netdev/fou-tunnel.h"
 #include "netlink-util.h"
-#include "networkd-link.h"
 #include "networkd-manager.h"
 #include "parse-util.h"
-#include "sd-netlink.h"
 #include "string-table.h"
 #include "string-util.h"
 #include "util.h"

src/network/netdev/fou-tunnel.h

@@ -5,7 +5,7 @@
 #include <linux/fou.h>
 
 #include "in-addr-util.h"
-#include "netdev/netdev.h"
+#include "netdev.h"
 
 typedef enum FooOverUDPEncapType {
         NETDEV_FOO_OVER_UDP_ENCAP_UNSPEC = FOU_ENCAP_UNSPEC,

src/network/netdev/geneve.c

@@ -2,19 +2,17 @@
 
 #include <net/if.h>
 
-#include "sd-netlink.h"
-
 #include "alloc-util.h"
 #include "conf-parser.h"
 #include "extract-word.h"
 #include "geneve.h"
+#include "missing.h"
 #include "netlink-util.h"
+#include "networkd-manager.h"
 #include "parse-util.h"
 #include "string-table.h"
 #include "string-util.h"
 #include "strv.h"
-#include "missing.h"
-#include "networkd-manager.h"
 
 #define GENEVE_FLOW_LABEL_MAX_MASK 0xFFFFFU
 #define DEFAULT_GENEVE_DESTINATION_PORT 6081

src/network/netdev/geneve.h

@@ -5,7 +5,6 @@ typedef struct Geneve Geneve;
 
 #include "in-addr-util.h"
 #include "netdev.h"
-#include "networkd-link.h"
 #include "networkd-network.h"
 
 #define GENEVE_VID_MAX (1u << 24) - 1

src/network/netdev/ipvlan.c

@@ -3,7 +3,7 @@
 #include <net/if.h>
 
 #include "conf-parser.h"
-#include "netdev/ipvlan.h"
+#include "ipvlan.h"
 #include "networkd-link.h"
 #include "string-table.h"
 

src/network/netdev/ipvlan.h

@@ -4,7 +4,7 @@
 #include <netinet/in.h>
 #include <linux/if_link.h>
 
-#include "netdev/netdev.h"
+#include "netdev.h"
 
 typedef enum IPVlanMode {
         NETDEV_IPVLAN_MODE_L2 = IPVLAN_MODE_L2,

src/network/netdev/l2tp-tunnel.c

@@ -4,8 +4,6 @@
 #include <linux/l2tp.h>
 #include <linux/genetlink.h>
 
-#include "sd-netlink.h"
-
 #include "conf-parser.h"
 #include "hashmap.h"
 #include "l2tp-tunnel.h"

src/network/netdev/macsec.c

@@ -17,7 +17,6 @@
 #include "networkd-address.h"
 #include "networkd-manager.h"
 #include "path-util.h"
-#include "sd-netlink.h"
 #include "socket-util.h"
 #include "string-table.h"
 #include "string-util.h"

src/network/netdev/macvlan.c

@@ -3,7 +3,7 @@
 #include <net/if.h>
 
 #include "conf-parser.h"
-#include "netdev/macvlan.h"
+#include "macvlan.h"
 #include "string-table.h"
 
 static const char* const macvlan_mode_table[_NETDEV_MACVLAN_MODE_MAX] = {

src/network/netdev/macvlan.h

@@ -3,7 +3,7 @@
 
 typedef struct MacVlan MacVlan;
 
-#include "netdev/netdev.h"
+#include "netdev.h"
 
 typedef enum MacVlanMode {
         NETDEV_MACVLAN_MODE_PRIVATE = MACVLAN_MODE_PRIVATE,

src/network/netdev/netdev-gperf.gperf

@@ -3,27 +3,27 @@
 _Pragma("GCC diagnostic ignored \"-Wimplicit-fallthrough\"")
 #endif
 #include <stddef.h>
+#include "bond.h"
+#include "bridge.h"
 #include "conf-parser.h"
-#include "network-internal.h"
-#include "netdev/bond.h"
-#include "netdev/bridge.h"
-#include "netdev/geneve.h"
-#include "netdev/ipvlan.h"
-#include "netdev/macsec.h"
-#include "netdev/macvlan.h"
-#include "netdev/tunnel.h"
-#include "netdev/tuntap.h"
-#include "netdev/veth.h"
-#include "netdev/vlan.h"
-#include "netdev/vxlan.h"
-#include "netdev/vrf.h"
-#include "netdev/netdev.h"
-#include "netdev/vxcan.h"
-#include "netdev/wireguard.h"
-#include "netdev/fou-tunnel.h"
-#include "netdev/l2tp-tunnel.h"
-#include "netdev/xfrm.h"
+#include "geneve.h"
+#include "ipvlan.h"
+#include "macsec.h"
+#include "macvlan.h"
+#include "tunnel.h"
+#include "tuntap.h"
+#include "veth.h"
 #include "vlan-util.h"
+#include "vlan.h"
+#include "vxlan.h"
+#include "vrf.h"
+#include "netdev.h"
+#include "network-internal.h"
+#include "vxcan.h"
+#include "wireguard.h"
+#include "fou-tunnel.h"
+#include "l2tp-tunnel.h"
+#include "xfrm.h"
 %}
 struct ConfigPerfItem;
 %null_strings

src/network/netdev/netdev.c

@@ -4,41 +4,40 @@
 #include <netinet/in.h>
 
 #include "alloc-util.h"
+#include "bond.h"
+#include "bridge.h"
 #include "conf-files.h"
 #include "conf-parser.h"
+#include "dummy.h"
 #include "fd-util.h"
+#include "fou-tunnel.h"
+#include "geneve.h"
+#include "ipvlan.h"
+#include "l2tp-tunnel.h"
 #include "list.h"
-#include "netdev/bond.h"
-#include "netdev/bridge.h"
-#include "netdev/dummy.h"
-#include "netdev/fou-tunnel.h"
-#include "netdev/geneve.h"
-#include "netdev/ipvlan.h"
-#include "netdev/l2tp-tunnel.h"
-#include "netdev/macsec.h"
-#include "netdev/macvlan.h"
-#include "netdev/netdev.h"
-#include "netdev/netdevsim.h"
-#include "netdev/nlmon.h"
-#include "netdev/tunnel.h"
-#include "netdev/tuntap.h"
-#include "netdev/vcan.h"
-#include "netdev/veth.h"
-#include "netdev/vlan.h"
-#include "netdev/vrf.h"
-#include "netdev/vxcan.h"
-#include "netdev/vxlan.h"
-#include "netdev/wireguard.h"
-#include "netdev/xfrm.h"
+#include "macsec.h"
+#include "macvlan.h"
+#include "netdev.h"
+#include "netdevsim.h"
 #include "netlink-util.h"
 #include "network-internal.h"
-#include "networkd-link.h"
 #include "networkd-manager.h"
+#include "nlmon.h"
 #include "siphash24.h"
 #include "stat-util.h"
 #include "string-table.h"
 #include "string-util.h"
 #include "strv.h"
+#include "tunnel.h"
+#include "tuntap.h"
+#include "vcan.h"
+#include "veth.h"
+#include "vlan.h"
+#include "vrf.h"
+#include "vxcan.h"
+#include "vxlan.h"
+#include "wireguard.h"
+#include "xfrm.h"
 
 const NetDevVTable * const netdev_vtable[_NETDEV_KIND_MAX] = {
         [NETDEV_KIND_BRIDGE] = &bridge_vtable,

src/network/netdev/netdev.h

@@ -5,7 +5,7 @@
 
 #include "conf-parser.h"
 #include "list.h"
-#include "../networkd-link.h"
+#include "networkd-link.h"
 #include "time-util.h"
 
 typedef struct netdev_join_callback netdev_join_callback;

src/network/netdev/netdevsim.c

@@ -1,7 +1,7 @@
 /* SPDX-License-Identifier: LGPL-2.1+ */
 
-#include "netdev/netdevsim.h"
 #include "missing.h"
+#include "netdevsim.h"
 
 const NetDevVTable netdevsim_vtable = {
         .object_size = sizeof(NetDevSim),

src/network/netdev/netdevsim.h

@@ -3,7 +3,7 @@
 
 typedef struct NetDevSim NetDevSim;
 
-#include "netdev/netdev.h"
+#include "netdev.h"
 
 struct NetDevSim {
         NetDev meta;

src/network/netdev/nlmon.c

@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: LGPL-2.1+ */
 
-#include "netdev/nlmon.h"
+#include "nlmon.h"
 
 static int netdev_nlmon_verify(NetDev *netdev, const char *filename) {
         assert(netdev);

src/network/netdev/nlmon.h

@@ -3,7 +3,7 @@
 
 typedef struct NLMon NLMon;
 
-#include "netdev/netdev.h"
+#include "netdev.h"
 
 struct NLMon {
         NetDev meta;

src/network/netdev/tunnel.c

@@ -6,16 +6,13 @@
 #include <linux/if_tunnel.h>
 #include <linux/ip6_tunnel.h>
 
-#include "sd-netlink.h"
-
 #include "conf-parser.h"
 #include "missing.h"
 #include "netlink-util.h"
-#include "networkd-link.h"
-#include "netdev/tunnel.h"
 #include "parse-util.h"
 #include "string-table.h"
 #include "string-util.h"
+#include "tunnel.h"
 #include "util.h"
 
 #define DEFAULT_TNL_HOP_LIMIT   64

src/network/netdev/tunnel.h

@@ -4,8 +4,8 @@
 #include "in-addr-util.h"
 
 #include "conf-parser.h"
-#include "netdev/netdev.h"
-#include "netdev/fou-tunnel.h"
+#include "fou-tunnel.h"
+#include "netdev.h"
 
 typedef enum Ip6TnlMode {
         NETDEV_IP6_TNL_MODE_IP6IP6,

src/network/netdev/tuntap.c

@@ -11,7 +11,7 @@
 
 #include "alloc-util.h"
 #include "fd-util.h"
-#include "netdev/tuntap.h"
+#include "tuntap.h"
 #include "user-util.h"
 
 #define TUN_DEV "/dev/net/tun"

src/network/netdev/tuntap.h

@@ -3,7 +3,7 @@
 
 typedef struct TunTap TunTap;
 
-#include "netdev/netdev.h"
+#include "netdev.h"
 
 struct TunTap {
         NetDev meta;

src/network/netdev/vcan.c

@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: LGPL-2.1+ */
 
-#include "netdev/vcan.h"
+#include "vcan.h"
 
 const NetDevVTable vcan_vtable = {
         .object_size = sizeof(VCan),

src/network/netdev/vcan.h

@@ -6,7 +6,7 @@ typedef struct VCan VCan;
 #include <netinet/in.h>
 #include <linux/can/netlink.h>
 
-#include "netdev/netdev.h"
+#include "netdev.h"
 
 struct VCan {
         NetDev meta;

src/network/netdev/veth.c

@@ -4,9 +4,7 @@
 #include <net/if.h>
 #include <linux/veth.h>
 
-#include "sd-netlink.h"
-
-#include "netdev/veth.h"
+#include "veth.h"
 
 static int netdev_veth_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *m) {
         Veth *v;

src/network/netdev/veth.h

@@ -3,7 +3,7 @@
 
 typedef struct Veth Veth;
 
-#include "netdev/netdev.h"
+#include "netdev.h"
 
 struct Veth {
         NetDev meta;

src/network/netdev/vlan.c

@@ -4,8 +4,8 @@
 #include <net/if.h>
 #include <linux/if_vlan.h>
 
-#include "netdev/vlan.h"
 #include "vlan-util.h"
+#include "vlan.h"
 
 static int netdev_vlan_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *req) {
         struct ifla_vlan_flags flags = {};

src/network/netdev/vlan.h

@@ -3,7 +3,7 @@
 
 typedef struct VLan VLan;
 
-#include "netdev/netdev.h"
+#include "netdev.h"
 
 struct VLan {
         NetDev meta;

src/network/netdev/vrf.c

@@ -2,9 +2,8 @@
 
 #include <net/if.h>
 
-#include "sd-netlink.h"
 #include "missing.h"
-#include "netdev/vrf.h"
+#include "vrf.h"
 
 static int netdev_vrf_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *m) {
         Vrf *v;

src/network/netdev/vrf.h

@@ -3,7 +3,7 @@
 
 typedef struct Vrf Vrf;
 
-#include "netdev/netdev.h"
+#include "netdev.h"
 
 struct Vrf {
         NetDev meta;

src/network/netdev/vxcan.c

@@ -2,7 +2,7 @@
 
 #include <linux/can/vxcan.h>
 
-#include "netdev/vxcan.h"
+#include "vxcan.h"
 
 static int netdev_vxcan_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *m) {
         VxCan *v;

src/network/netdev/vxcan.h

@@ -3,7 +3,7 @@
 
 typedef struct VxCan VxCan;
 
-#include "netdev/netdev.h"
+#include "netdev.h"
 
 struct VxCan {
         NetDev meta;

src/network/netdev/vxlan.c

@@ -2,8 +2,6 @@
 
 #include <net/if.h>
 
-#include "sd-netlink.h"
-
 #include "conf-parser.h"
 #include "alloc-util.h"
 #include "extract-word.h"
@@ -12,9 +10,7 @@
 #include "strv.h"
 #include "parse-util.h"
 #include "missing.h"
-
-#include "networkd-link.h"
-#include "netdev/vxlan.h"
+#include "vxlan.h"
 
 static const char* const df_table[_NETDEV_VXLAN_DF_MAX] = {
         [NETDEV_VXLAN_DF_NO] = "no",

src/network/netdev/vxlan.h

@@ -6,7 +6,7 @@ typedef struct VxLan VxLan;
 #include <linux/if_link.h>
 
 #include "in-addr-util.h"
-#include "netdev/netdev.h"
+#include "netdev.h"
 
 #define VXLAN_VID_MAX (1u << 24) - 1
 #define VXLAN_FLOW_LABEL_MAX_MASK 0xFFFFFU

src/network/netdev/wireguard.c

@@ -15,7 +15,6 @@
 #include "hexdecoct.h"
 #include "memory-util.h"
 #include "netlink-util.h"
-#include "networkd-link.h"
 #include "networkd-manager.h"
 #include "networkd-util.h"
 #include "parse-util.h"

src/network/netdev/xfrm.c

@@ -1,7 +1,7 @@
 /* SPDX-License-Identifier: LGPL-2.1+ */
 
 #include "missing_network.h"
-#include "netdev/xfrm.h"
+#include "xfrm.h"
 
 static int xfrm_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *message) {
         Xfrm *x;

src/network/netdev/xfrm.h

@@ -1,7 +1,7 @@
 /* SPDX-License-Identifier: LGPL-2.1+ */
 #pragma once
 
-#include "netdev/netdev.h"
+#include "netdev.h"
 
 typedef struct Xfrm {
         NetDev meta;

src/network/networkd-dhcp4.c

@@ -6,7 +6,7 @@
 
 #include "alloc-util.h"
 #include "dhcp-client-internal.h"
-#include "hexdecoct.h"
+#include "escape.h"
 #include "hostname-util.h"
 #include "parse-util.h"
 #include "network-internal.h"
@@ -1566,7 +1566,7 @@ int config_parse_dhcp_request_options(
         return 0;
 }
 
-int config_parse_dhcp_send_options(
+int config_parse_dhcp_send_option(
                 const char *unit,
                 const char *filename,
                 unsigned line,
@@ -1579,12 +1579,11 @@ int config_parse_dhcp_send_options(
                 void *userdata) {
 
         _cleanup_(sd_dhcp_option_unrefp) sd_dhcp_option *opt = NULL, *old = NULL;
-        _cleanup_free_ char *word = NULL;
-        _cleanup_free_ void *q = NULL;
+        _cleanup_free_ char *word = NULL, *q = NULL;
         Network *network = data;
         const char *p;
         uint8_t u;
-        size_t sz;
+        ssize_t sz;
         int r;
 
         assert(filename);
@@ -1619,10 +1618,10 @@ int config_parse_dhcp_send_options(
                 return 0;
         }
 
-        r = unbase64mem(p, (size_t) -1, &q, &sz);
-        if (r < 0) {
-                log_syntax(unit, LOG_ERR, filename, line, r,
-                           "Failed to decode base64 data, ignoring assignment: %s", p);
+        sz = cunescape(p, 0, &q);
+        if (sz < 0) {
+                log_syntax(unit, LOG_ERR, filename, line, sz,
+                           "Failed to decode option data, ignoring assignment: %s", p);
                 return 0;
         }
 

src/network/networkd-dhcp4.h

@@ -27,4 +27,4 @@ CONFIG_PARSER_PROTOTYPE(config_parse_dhcp_black_listed_ip_address);
 CONFIG_PARSER_PROTOTYPE(config_parse_dhcp_max_attempts);
 CONFIG_PARSER_PROTOTYPE(config_parse_dhcp_user_class);
 CONFIG_PARSER_PROTOTYPE(config_parse_dhcp_request_options);
-CONFIG_PARSER_PROTOTYPE(config_parse_dhcp_send_options);
+CONFIG_PARSER_PROTOTYPE(config_parse_dhcp_send_option);

src/network/networkd-fdb.c

@@ -7,9 +7,8 @@
 #include <net/if.h>
 
 #include "alloc-util.h"
+#include "bridge.h"
 #include "conf-parser.h"
-#include "netdev/bridge.h"
-#include "netdev/vxlan.h"
 #include "netlink-util.h"
 #include "networkd-fdb.h"
 #include "networkd-manager.h"
@@ -18,6 +17,7 @@
 #include "string-table.h"
 #include "util.h"
 #include "vlan-util.h"
+#include "vxlan.h"
 
 #define STATIC_FDB_ENTRIES_PER_NETWORK_MAX 1024U
 

src/network/networkd-link.c

@@ -6,17 +6,16 @@
 #include <unistd.h>
 
 #include "alloc-util.h"
+#include "bond.h"
+#include "bridge.h"
 #include "bus-util.h"
 #include "dhcp-identifier.h"
 #include "dhcp-lease-internal.h"
 #include "env-file.h"
 #include "fd-util.h"
 #include "fileio.h"
+#include "ipvlan.h"
 #include "missing_network.h"
-#include "netdev/bond.h"
-#include "netdev/bridge.h"
-#include "netdev/ipvlan.h"
-#include "netdev/vrf.h"
 #include "netlink-util.h"
 #include "network-internal.h"
 #include "networkd-can.h"
@@ -34,6 +33,7 @@
 #include "networkd-radv.h"
 #include "networkd-routing-policy-rule.h"
 #include "networkd-wifi.h"
+#include "qdisc.h"
 #include "set.h"
 #include "socket-util.h"
 #include "stdio-util.h"
@@ -43,8 +43,8 @@
 #include "tmpfile-util.h"
 #include "udev-util.h"
 #include "util.h"
-#include "tc/qdisc.h"
 #include "virt.h"
+#include "vrf.h"
 
 uint32_t link_get_vrf_table(Link *link) {
         return link->network->vrf ? VRF(link->network->vrf)->table : RT_TABLE_MAIN;

src/network/networkd-network-gperf.gperf

@@ -4,6 +4,7 @@ _Pragma("GCC diagnostic ignored \"-Wimplicit-fallthrough\"")
 #endif
 #include <stddef.h>
 #include "conf-parser.h"
+#include "netem.h"
 #include "network-internal.h"
 #include "networkd-conf.h"
 #include "networkd-dhcp-common.h"
@@ -12,9 +13,8 @@ _Pragma("GCC diagnostic ignored \"-Wimplicit-fallthrough\"")
 #include "networkd-ipv4ll.h"
 #include "networkd-ndisc.h"
 #include "networkd-network.h"
+#include "qdisc.h"
 #include "vlan-util.h"
-#include "tc/qdisc.h"
-#include "tc/netem.h"
 %}
 struct ConfigPerfItem;
 %null_strings
@@ -175,7 +175,7 @@ DHCPv4.ListenPort,                      config_parse_uint16,
 DHCPv4.SendRelease,                     config_parse_bool,                               0,                             offsetof(Network, dhcp_send_release)
 DHCPv4.BlackList,                       config_parse_dhcp_black_listed_ip_address,       0,                             0
 DHCPv4.IPServiceType,                   config_parse_ip_service_type,                    0,                             offsetof(Network, ip_service_type)
-DHCPv4.SendOptions,                     config_parse_dhcp_send_options,                  0,                             0
+DHCPv4.SendOption,                      config_parse_dhcp_send_option,                  0,                             0
 DHCPv6.UseDNS,                          config_parse_bool,                               0,                             offsetof(Network, dhcp6_use_dns)
 DHCPv6.UseNTP,                          config_parse_bool,                               0,                             offsetof(Network, dhcp6_use_ntp)
 DHCPv6.RapidCommit,                     config_parse_bool,                               0,                             offsetof(Network, rapid_commit)

src/network/networkd-network.h

@@ -6,11 +6,11 @@
 #include "sd-bus.h"
 #include "sd-device.h"
 
+#include "bridge.h"
 #include "condition.h"
 #include "conf-parser.h"
 #include "hashmap.h"
-#include "netdev/bridge.h"
-#include "netdev/netdev.h"
+#include "netdev.h"
 #include "networkd-address-label.h"
 #include "networkd-address.h"
 #include "networkd-brvlan.h"
@@ -27,8 +27,8 @@
 #include "networkd-routing-policy-rule.h"
 #include "networkd-util.h"
 #include "ordered-set.h"
+#include "qdisc.h"
 #include "resolve-util.h"
-#include "tc/qdisc.h"
 
 typedef enum IPv6PrivacyExtensions {
         /* The values map to the kernel's /proc/sys/net/ipv6/conf/xxx/use_tempaddr values */

src/network/tc/netem.h

@@ -5,20 +5,18 @@
 #include "sd-netlink.h"
 
 #include "conf-parser.h"
-#include "macro.h"
-#include "../networkd-link.h"
+#include "networkd-link.h"
 #include "time-util.h"
 
-typedef struct NetworkEmulator NetworkEmulator;
 typedef struct QDiscs QDiscs;
 
-struct NetworkEmulator {
+typedef struct NetworkEmulator {
         usec_t delay;
         usec_t jitter;
 
         uint32_t limit;
         uint32_t loss;
-};
+} NetworkEmulator;
 
 int network_emulator_new(NetworkEmulator **ret);
 int network_emulator_fill_message(Link *link, QDiscs *qdisc, sd_netlink_message *req);

src/network/tc/qdisc.h

@@ -3,13 +3,12 @@
 #pragma once
 
 #include "conf-parser.h"
-#include "macro.h"
 #include "netem.h"
-#include "../networkd-util.h"
+#include "networkd-link.h"
+#include "networkd-network.h"
+#include "networkd-util.h"
 
-typedef struct QDiscs QDiscs;
-
-struct QDiscs {
+typedef struct QDiscs {
         NetworkConfigSection *section;
         Network *network;
 
@@ -23,7 +22,7 @@ struct QDiscs {
         bool has_network_emulator:1;
 
         NetworkEmulator ne;
-};
+} QDiscs;
 
 void qdisc_free(QDiscs *qdisc);
 int qdisc_new_static(Network *network, const char *filename, unsigned section_line, QDiscs **ret);

src/network/test-network-tables.c

@@ -1,17 +1,17 @@
+#include "bond.h"
 #include "dhcp6-internal.h"
 #include "dhcp6-protocol.h"
 #include "ethtool-util.h"
+#include "ipvlan.h"
 #include "lldp-internal.h"
+#include "macvlan.h"
 #include "ndisc-internal.h"
-#include "netdev/bond.h"
-#include "netdev/ipvlan.h"
-#include "netdev/macvlan.h"
-#include "netdev/tunnel.h"
 #include "netlink-internal.h"
 #include "networkd-link.h"
 #include "networkd-network.h"
 #include "networkd-util.h"
 #include "test-tables.h"
+#include "tunnel.h"
 
 int main(int argc, char **argv) {
         test_table(bond_ad_select, NETDEV_BOND_AD_SELECT);

src/nspawn/nspawn-register.c

@@ -209,7 +209,7 @@ int register_machine(
         return 0;
 }
 
-int terminate_machine(
+int unregister_machine(
                 sd_bus *bus,
                 const char *machine_name) {
 
@@ -223,13 +223,13 @@ int terminate_machine(
                         "org.freedesktop.machine1",
                         "/org/freedesktop/machine1",
                         "org.freedesktop.machine1.Manager",
-                        "TerminateMachine",
+                        "UnregisterMachine",
                         &error,
                         NULL,
                         "s",
                         machine_name);
         if (r < 0)
-                log_debug("Failed to terminate machine: %s", bus_error_message(&error, r));
+                log_debug("Failed to unregister machine: %s", bus_error_message(&error, r));
 
         return 0;
 }

src/nspawn/nspawn-register.h

@@ -8,7 +8,7 @@
 #include "nspawn-mount.h"
 
 int register_machine(sd_bus *bus, const char *machine_name, pid_t pid, const char *directory, sd_id128_t uuid, int local_ifindex, const char *slice, CustomMount *mounts, unsigned n_mounts, int kill_signal, char **properties, sd_bus_message *properties_message, bool keep_unit, const char *service);
-int terminate_machine(sd_bus *bus, const char *machine_name);
+int unregister_machine(sd_bus *bus, const char *machine_name);
 
 int allocate_scope(sd_bus *bus, const char *machine_name, pid_t pid, const char *slice, CustomMount *mounts, unsigned n_mounts, int kill_signal, char **properties, sd_bus_message *properties_message);
 int terminate_scope(sd_bus *bus, const char *machine_name);

src/nspawn/nspawn.c

@@ -4618,12 +4618,8 @@ static int run_container(
         }
 
         /* Kill if it is not dead yet anyway */
-        if (bus) {
-                if (arg_register)
-                        terminate_machine(bus, arg_machine);
-                else if (!arg_keep_unit)
+        if (!arg_register && !arg_keep_unit && bus)
                 terminate_scope(bus, arg_machine);
-        }
 
         /* Normally redundant, but better safe than sorry */
         (void) kill(*pid, SIGKILL);
@@ -4631,6 +4627,10 @@ static int run_container(
         r = wait_for_container(*pid, &container_status);
         *pid = 0;
 
+        /* Tell machined that we are gone. */
+        if (bus)
+                (void) unregister_machine(bus, arg_machine);
+
         if (r < 0)
                 /* We failed to wait for the container, or the container exited abnormally. */
                 return r;

src/resolve/resolved-dnstls-gnutls.c

@@ -9,11 +9,7 @@
 #include "resolved-dns-stream.h"
 #include "resolved-dnstls.h"
 
-#if GNUTLS_VERSION_NUMBER >= 0x030600
 #define PRIORTY_STRING "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2"
-#else
-#define PRIORTY_STRING "NORMAL:-VERS-ALL:+VERS-TLS1.2"
-#endif
 DEFINE_TRIVIAL_CLEANUP_FUNC(gnutls_session_t, gnutls_deinit);
 
 static ssize_t dnstls_stream_writev(gnutls_transport_ptr_t p, const giovec_t *iov, int iovcnt) {
@@ -59,8 +55,17 @@ int dnstls_stream_connect_tls(DnsStream *stream, DnsServer *server) {
                 server->dnstls_data.session_data.size = 0;
         }
 
-        if (server->manager->dns_over_tls_mode == DNS_OVER_TLS_YES)
-                gnutls_session_set_verify_cert(gs, NULL, 0);
+        if (server->manager->dns_over_tls_mode == DNS_OVER_TLS_YES) {
+                stream->dnstls_data.validation.type = GNUTLS_DT_IP_ADDRESS;
+                if (server->family == AF_INET) {
+                        stream->dnstls_data.validation.data = (unsigned char*) &server->address.in.s_addr;
+                        stream->dnstls_data.validation.size = 4;
+                } else {
+                        stream->dnstls_data.validation.data = server->address.in6.s6_addr;
+                        stream->dnstls_data.validation.size = 16;
+                }
+                gnutls_session_set_verify_cert2(gs, &stream->dnstls_data.validation, 1, 0);
+        }
 
         gnutls_handshake_set_timeout(gs, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
 

src/resolve/resolved-dnstls-gnutls.h

@@ -18,6 +18,7 @@ struct DnsTlsServerData {
 
 struct DnsTlsStreamData {
         gnutls_session_t session;
+        gnutls_typed_vdata_st validation;
         int handshake;
         bool shutdown;
 };

src/shared/seccomp-util.c

@@ -314,6 +314,9 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                 "io_pgetevents\0"
                 "io_setup\0"
                 "io_submit\0"
+                "io_uring_enter\0"
+                "io_uring_register\0"
+                "io_uring_setup\0"
         },
         [SYSCALL_FILTER_SET_BASIC_IO] = {
                 .name = "@basic-io",
@@ -543,7 +546,13 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                 .help = "Mounting and unmounting of file systems",
                 .value =
                 "chroot\0"
+                "fsconfig\0"
+                "fsmount\0"
+                "fsopen\0"
+                "fspick\0"
                 "mount\0"
+                "move_mount\0"
+                "open_tree\0"
                 "pivot_root\0"
                 "umount\0"
                 "umount2\0"
@@ -622,6 +631,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                 "capset\0"
                 "chroot\0"
                 "fanotify_init\0"
+                "fanotify_mark\0"
                 "nfsservctl\0"
                 "open_by_handle_at\0"
                 "pivot_root\0"
@@ -647,10 +657,12 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                 "arch_prctl\0"
                 "capget\0"      /* Able to query arbitrary processes */
                 "clone\0"
+                "clone3\0"
                 "execveat\0"
                 "fork\0"
                 "getrusage\0"
                 "kill\0"
+                "pidfd_open\0"
                 "pidfd_send_signal\0"
                 "prctl\0"
                 "rt_sigqueueinfo\0"

src/test/test-strip-tab-ansi.c

@@ -34,6 +34,21 @@ int main(int argc, char *argv[]) {
         assert_se(streq(p, "\x1B[waldo"));
         free(p);
 
+        assert_se(p = strdup("\r\rwaldo"));
+        assert_se(strip_tab_ansi(&p, NULL, NULL));
+        assert_se(streq(p, "\r\rwaldo"));
+        free(p);
+
+        assert_se(p = strdup("waldo\r\r"));
+        assert_se(strip_tab_ansi(&p, NULL, NULL));
+        assert_se(streq(p, "waldo"));
+        free(p);
+
+        assert_se(p = strdup("waldo\r\r\n\r\n"));
+        assert_se(strip_tab_ansi(&p, NULL, NULL));
+        assert_se(streq(p, "waldo\n\n"));
+        free(p);
+
         assert_se(terminal_urlify_path("/etc/fstab", "i am a fabulous link", &urlified) >= 0);
         assert_se(p = strjoin("something ", urlified, " something-else"));
         assert_se(q = strdup(p));

src/test/test-utf8.c

@@ -13,6 +13,9 @@ static void test_utf8_is_printable(void) {
         assert_se(utf8_is_printable("\342\204\242", 3));
         assert_se(!utf8_is_printable("\341\204", 2));
         assert_se(utf8_is_printable("ąę", 4));
+        assert_se(!utf8_is_printable("\r", 1));
+        assert_se(utf8_is_printable("\n", 1));
+        assert_se(utf8_is_printable("\t", 1));
 }
 
 static void test_utf8_is_valid(void) {

test/fuzz/fuzz-network-parser/directives.network

@@ -97,7 +97,7 @@ RequestOptions=
 SendRelease=
 MaxAttempts=
 IPServiceType=
-SendOptions=
+SendOption=
 [DHCPv6]
 UseNTP=
 UseDNS=

tools/coverity.sh

@@ -42,11 +42,11 @@ if [ "$AUTH_RES" = "Access denied" ]; then
     echo -e "\033[33;1mCoverity Scan API access denied. Check COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN.\033[0m"
     exit 1
 else
-    AUTH=`echo $AUTH_RES | python -c "import sys, json; print(json.load(sys.stdin)['upload_permitted'])"`
-    if [ "$AUTH" = "True" ]; then
+    AUTH=`echo $AUTH_RES | jq .upload_permitted`
+    if [ "$AUTH" = "true" ]; then
         echo -e "\033[33;1mCoverity Scan analysis authorized per quota.\033[0m"
     else
-        WHEN=`echo $AUTH_RES | python -c "import sys, json; print(json.load(sys.stdin)['next_upload_permitted_at'])"`
+        WHEN=`echo $AUTH_RES | jq .next_upload_permitted_at`
         echo -e "\033[33;1mCoverity Scan analysis NOT authorized until $WHEN.\033[0m"
         exit 1
     fi

travis-ci/managers/fedora.sh

@@ -16,7 +16,7 @@ DOCKER_EXEC="${DOCKER_EXEC:-docker exec -it $CONT_NAME}"
 DOCKER_RUN="${DOCKER_RUN:-docker run}"
 REPO_ROOT="${REPO_ROOT:-$PWD}"
 ADDITIONAL_DEPS=(dnf-plugins-core
-                 python2 iputils
+                 jq iputils
                  hostname libasan
                  python3-pyparsing
                  python3-evdev