Compare commits

..

No commits in common. "b7db8b7b139fa6cfb6516197d5ac8d10360ac57a" and "a346aa7c38dff023a6783eade2900cb75eff1d25" have entirely different histories.

77 changed files with 194 additions and 450 deletions

149
NEWS
View File

@ -1,154 +1,5 @@
systemd System and Service Manager systemd System and Service Manager
CHANGES WITH 244 in spe:
* Support for the cpuset cgroups v2 controller has been added.
Processes may be restricted to specific CPUs using the new
AllowedCPUs= setting, and to specific memory NUMA nodes using the new
AllowedMemoryNodes= setting.
* The signal used in restart jobs (as opposed to e.g. stop jobs) may
now be configured using a new RestartKillSignal= settting. This
allows units which signals to request termination to implement
different behaviour when stopping in preparation for a restart.
* "systemctl clean" may now be used also for socket, mount, and swap
units.
* systemd will also read configuration options from the EFI variable
SystemdOptions. This may be used to configure systemd behaviour when
modifying the kernel command line is inconvenient, but configuration
on disk is read too late, for example for the options related to
cgroup hierarchy setup. 'bootctl system-options' may be used to
set the EFI variable.
* systemd will now disable printk ratelimits in early boot. This should
allow us to capture more logs from the early boot phase where normal
storage is not available and the kernel ring buffer is used for
logging. Configuration on the kernel command line has higher priority
and overrides the systemd setting.
systemd programs which log to /dev/kmsg directly use internal
ratelimits to prevent runaway logging. (Normally this is only used
during early boot, so in practice this change has very little
effect.)
* The special -.service.d dropin directory may be used to add
configuration that affects all services. The "-.service" service name
is now disallowed (though hopefully no one would use such a service
name. -.mount gives us enough grief.)
* The RuntimeMaxSec= setting is now supported by scopes, not just
.service units. This is particularly useful for PAM sessions which
create a scope unit for the user login. systemd.runtime_max_sec=
setting may used with the pam_systemd module to limit the duration
of the PAM session, for example for time-limited logins.
* udev now provides a program (fido_id) that identifies FIDO CTAP1
("U2F")/CTAP2 security tokens based on the usage declared in their
report and descriptor and outputs suitable environment variables.
This replaces the externally maintained whitelists of all known
security tokens that were used previously.
* Automatically generated autosuspend udev rules for whitelisted
devices have been imported from the Chromium OS project. This should
improve power saving with many more devices.
* udev gained a new "CONST{key}=value" setting that allows matching
against system-wide constants without forking a helper binary.
Currently "arch" and "virt" keys are supported.
* udev now opens CDROMs in non-exclusive mode when querying their
capabilities. This should fix issues where other programs trying to
use the CDROM cannot gain access to it, but carries a risk of
interfering with programs writing to the disk, if they did not open
the device in exclusive mode as they should.
* systemd-networkd does not create a default route for IPv4 link local
addressing anymore. The creation of the route was unexpected and was
breaking routing in various cases, but people who rely on it being
created implicitly will need to adjust. Such a route may be requested
with DefaultRouteOnDevice=yes.
Similarly, systemd-networkd will not assign a link-local IPv6 address
when IPv6 link-local routing is not enabled.
* Receive and transmit buffers may now be configured on links with
the new RxBufferSize= and TxBufferSize= settings.
* systemd-networkd may now advertise additional IPv6 routes. A new
[IPv6RoutePrefix] section with Route= and LifetimeSec= options is
now supported.
* systemd-networkd may now configure "next hop" routes using the
[NextHop] section and Gateway= and Id= settings.
* systemd-networkd will now retain DHCP config on restarts by default
(but this may be overridden using the KeepConfiguration= setting).
The default for SendRelease= has been changed to true.
* The DHCPv4 client now uses the OPTION_INFORMATION_REFRESH_TIME option
received from the server.
The client will use the received SIP server list if UseSIP=yes is
set.
The client may be configured to request specific options from the
server using a new RequestOptions= setting.
A new IPServiceType= setting has been added to configure the "IP
service type" value used by the client.
* The DHCPv6 client learnt a new PrefixDelegationHint= option to
request prefix hints in the DHCPv6 solicitation.
* systemd-networkd and networkctl may now renew DHCP leases on demand.
networkctl has a new 'networkctl renew' verb.
* systemd-networkd may now reconfigure links on demand. networkctl
gained two new verbs: "reload" will reload the configuration, and
"reconfigure DEVICE…" will reconfigure one or more devices.
* .network files may now match on SSID and BSSID of a wireless network,
i.e. the access point name and hardware address using the new SSID=
and BSSID= options. networkctl will display the current SSID and
BSSID for wireless links.
.network files may also match on the wireless network type using the
new WLANInterfaceType= option.
* systemd-networkd now includes default configuration that enables
link-local addressing when connected to an ad-hoc wireless network.
* The DHCPv4 server may now be configured to emit SIP server list using
the new EmitSIP= and SIP= settings.
* systemd-networkd may configure the Traffic Control queueing
disciplines in the kernel using the new
[TrafficControlQueueingDiscipline] section and Parent=,
NetworkEmulatorDelaySec=, NetworkEmulatorDelayJitterSec=,
NetworkEmulatorPacketLimit=, NetworkEmulatorLossRate= settings.
* systemd-tmpfiles gained a new w+ setting to append to files.
* systemd-analyze dump will now report when the memory configuration in
the kernel does not match what systemd has configured (usually,
because some external program has modified the kernel configuration
on its own).
* journalctl --update-catalog now produces deterministic output (making
reproducible image builds easier).
* A new devicetree-overlay setting is now documented in the Boot Loader
Specification.
* The default value of the WatchdogSec= setting used in systemd
services (the ones bundled with the project itself) may be set at
configuration time using the -Dservice-watchdog= setting. If set to
empty, the watchdogs will be disabled.
* libcryptsetup >= 2.0.1 is now required.
CHANGES WITH 243: CHANGES WITH 243:
* This release enables unprivileged programs (i.e. requiring neither * This release enables unprivileged programs (i.e. requiring neither

2
README
View File

@ -155,7 +155,7 @@ REQUIREMENTS:
libmicrohttpd (optional) libmicrohttpd (optional)
libpython (optional) libpython (optional)
libidn2 or libidn (optional) libidn2 or libidn (optional)
gnutls >= 3.1.4 (optional, >= 3.6.0 is required to support DNS-over-TLS with gnutls) gnutls >= 3.1.4 (optional, >= 3.5.3 is required to support DNS-over-TLS with gnutls)
openssl >= 1.1.0 (optional, required to support DNS-over-TLS with openssl) openssl >= 1.1.0 (optional, required to support DNS-over-TLS with openssl)
elfutils >= 158 (optional) elfutils >= 158 (optional)
polkit (optional) polkit (optional)

View File

@ -1640,16 +1640,12 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>SendOption=</varname></term> <term><varname>SendOptions=</varname></term>
<listitem> <listitem>
<para>Send an arbitrary option in the DHCPv4 request. Takes a DHCP option number and an arbitrary <para>Send a raw option with value via DHCPv4 client. Takes a DHCP option and base64 encoded
data string separated with a colon data separated with a colon (option:value). The option ranges [1-254]. This option can be
(<literal><replaceable>option</replaceable>:<replaceable>value</replaceable></literal>). The specified multiple times. If an empty string is specified, then all options specified earlier
option number must be an interger in the range 1..254. Special characters in the data string may are cleared. Defaults to unset.</para>
be escaped using
<ulink url="https://en.wikipedia.org/wiki/Escape_sequences_in_C#Table_of_escape_sequences">C-style
escapes</ulink>. This option can be specified multiple times. If an empty string is specified,
then all options specified earlier are cleared. Defaults to unset.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>

View File

@ -1199,7 +1199,7 @@ if dns_over_tls != 'false'
if dns_over_tls == 'openssl' if dns_over_tls == 'openssl'
have_gnutls = false have_gnutls = false
else else
have_gnutls = (conf.get('HAVE_GNUTLS') == 1 and libgnutls.version().version_compare('>= 3.6.0')) have_gnutls = (conf.get('HAVE_GNUTLS') == 1 and libgnutls.version().version_compare('>= 3.5.3'))
if dns_over_tls == 'gnutls' and not have_gnutls if dns_over_tls == 'gnutls' and not have_gnutls
error('DNS-over-TLS support was requested with gnutls, but dependencies are not available') error('DNS-over-TLS support was requested with gnutls, but dependencies are not available')
endif endif
@ -2704,7 +2704,7 @@ public_programs += exe
if conf.get('ENABLE_NETWORKD') == 1 if conf.get('ENABLE_NETWORKD') == 1
executable('systemd-networkd', executable('systemd-networkd',
systemd_networkd_sources, systemd_networkd_sources,
include_directories : network_include_dir, include_directories : includes,
link_with : [libnetworkd_core, link_with : [libnetworkd_core,
libsystemd_network, libsystemd_network,
libudev_static, libudev_static,

View File

@ -4,9 +4,6 @@ if conf.get('ENABLE_NETWORKD') == 1
install_data('80-container-host0.network', install_data('80-container-host0.network',
'80-container-ve.network', '80-container-ve.network',
'80-container-vz.network', '80-container-vz.network',
'80-wifi-adhoc.network',
'80-wifi-ap.network.example',
'80-wifi-station.network.example',
install_dir : networkdir) install_dir : networkdir)
meson.add_install_script('sh', '-c', meson.add_install_script('sh', '-c',

View File

@ -1713,7 +1713,7 @@ static void kernel_syscalls_remove(Set *s, const SyscallFilterSet *set) {
if (syscall[0] == '@') if (syscall[0] == '@')
continue; continue;
free(set_remove(s, syscall)); (void) set_remove(s, syscall);
} }
} }
@ -1757,21 +1757,15 @@ static int dump_syscall_filters(int argc, char *argv[], void *userdata) {
fflush(stdout); fflush(stdout);
log_notice_errno(k, "# Not showing unlisted system calls, couldn't retrieve kernel system call list: %m"); log_notice_errno(k, "# Not showing unlisted system calls, couldn't retrieve kernel system call list: %m");
} else if (!set_isempty(kernel)) { } else if (!set_isempty(kernel)) {
_cleanup_free_ char **l = NULL; const char *syscall;
char **syscall; Iterator j;
printf("\n" printf("\n"
"# %sUnlisted System Calls%s (supported by the local kernel, but not included in any of the groups listed above):\n", "# %sUnlisted System Calls%s (supported by the local kernel, but not included in any of the groups listed above):\n",
ansi_highlight(), ansi_normal()); ansi_highlight(), ansi_normal());
l = set_get_strv(kernel); SET_FOREACH(syscall, kernel, j)
if (!l) printf("# %s\n", syscall);
return log_oom();
strv_sort(l);
STRV_FOREACH(syscall, l)
printf("# %s\n", *syscall);
} }
} else { } else {
char **name; char **name;

View File

@ -743,7 +743,7 @@ static void advance_offsets(
} }
char *strip_tab_ansi(char **ibuf, size_t *_isz, size_t highlight[2]) { char *strip_tab_ansi(char **ibuf, size_t *_isz, size_t highlight[2]) {
const char *begin = NULL; const char *i, *begin = NULL;
enum { enum {
STATE_OTHER, STATE_OTHER,
STATE_ESCAPE, STATE_ESCAPE,
@ -751,7 +751,7 @@ char *strip_tab_ansi(char **ibuf, size_t *_isz, size_t highlight[2]) {
STATE_CSO, STATE_CSO,
} state = STATE_OTHER; } state = STATE_OTHER;
char *obuf = NULL; char *obuf = NULL;
size_t osz = 0, isz, shift[2] = {}, n_carriage_returns = 0; size_t osz = 0, isz, shift[2] = {};
FILE *f; FILE *f;
assert(ibuf); assert(ibuf);
@ -762,8 +762,6 @@ char *strip_tab_ansi(char **ibuf, size_t *_isz, size_t highlight[2]) {
* 1. Replaces TABs by 8 spaces * 1. Replaces TABs by 8 spaces
* 2. Strips ANSI color sequences (a subset of CSI), i.e. ESC '[' 'm' sequences * 2. Strips ANSI color sequences (a subset of CSI), i.e. ESC '[' 'm' sequences
* 3. Strips ANSI operating system sequences (CSO), i.e. ESC ']' BEL sequences * 3. Strips ANSI operating system sequences (CSO), i.e. ESC ']' BEL sequences
* 4. Strip trailing \r characters (since they would "move the cursor", but have no
* other effect).
* *
* Everything else will be left as it is. In particular other ANSI sequences are left as they are, as * Everything else will be left as it is. In particular other ANSI sequences are left as they are, as
* are any other special characters. Truncated ANSI sequences are left-as is too. This call is * are any other special characters. Truncated ANSI sequences are left-as is too. This call is
@ -779,24 +777,14 @@ char *strip_tab_ansi(char **ibuf, size_t *_isz, size_t highlight[2]) {
if (!f) if (!f)
return NULL; return NULL;
for (const char *i = *ibuf; i < *ibuf + isz + 1; i++) { for (i = *ibuf; i < *ibuf + isz + 1; i++) {
switch (state) { switch (state) {
case STATE_OTHER: case STATE_OTHER:
if (i >= *ibuf + isz) /* EOT */ if (i >= *ibuf + isz) /* EOT */
break; break;
else if (*i == '\x1B')
if (*i == '\r') {
n_carriage_returns++;
break;
} else if (*i == '\n')
/* Ignore carriage returns before new line */
n_carriage_returns = 0;
for (; n_carriage_returns > 0; n_carriage_returns--)
fputc('\r', f);
if (*i == '\x1B')
state = STATE_ESCAPE; state = STATE_ESCAPE;
else if (*i == '\t') { else if (*i == '\t') {
fputs(" ", f); fputs(" ", f);
@ -807,8 +795,6 @@ char *strip_tab_ansi(char **ibuf, size_t *_isz, size_t highlight[2]) {
break; break;
case STATE_ESCAPE: case STATE_ESCAPE:
assert(n_carriage_returns == 0);
if (i >= *ibuf + isz) { /* EOT */ if (i >= *ibuf + isz) { /* EOT */
fputc('\x1B', f); fputc('\x1B', f);
advance_offsets(i - *ibuf, highlight, shift, 1); advance_offsets(i - *ibuf, highlight, shift, 1);
@ -829,7 +815,6 @@ char *strip_tab_ansi(char **ibuf, size_t *_isz, size_t highlight[2]) {
break; break;
case STATE_CSI: case STATE_CSI:
assert(n_carriage_returns == 0);
if (i >= *ibuf + isz || /* EOT … */ if (i >= *ibuf + isz || /* EOT … */
!strchr("01234567890;m", *i)) { /* … or invalid chars in sequence */ !strchr("01234567890;m", *i)) { /* … or invalid chars in sequence */
@ -844,7 +829,6 @@ char *strip_tab_ansi(char **ibuf, size_t *_isz, size_t highlight[2]) {
break; break;
case STATE_CSO: case STATE_CSO:
assert(n_carriage_returns == 0);
if (i >= *ibuf + isz || /* EOT … */ if (i >= *ibuf + isz || /* EOT … */
(*i != '\a' && (uint8_t) *i < 32U) || (uint8_t) *i > 126U) { /* … or invalid chars in sequence */ (*i != '\a' && (uint8_t) *i < 32U) || (uint8_t) *i > 126U) { /* … or invalid chars in sequence */
@ -864,6 +848,7 @@ char *strip_tab_ansi(char **ibuf, size_t *_isz, size_t highlight[2]) {
fclose(f); fclose(f);
return mfree(obuf); return mfree(obuf);
} }
fclose(f); fclose(f);
free_and_replace(*ibuf, obuf); free_and_replace(*ibuf, obuf);

View File

@ -1658,28 +1658,21 @@ static int cgroup_good(Service *s) {
return r == 0; return r == 0;
} }
static bool service_shall_restart(Service *s, const char **reason) { static bool service_shall_restart(Service *s) {
assert(s); assert(s);
/* Don't restart after manual stops */ /* Don't restart after manual stops */
if (s->forbid_restart) { if (s->forbid_restart)
*reason = "manual stop";
return false; return false;
}
/* Never restart if this is configured as special exception */ /* Never restart if this is configured as special exception */
if (exit_status_set_test(&s->restart_prevent_status, s->main_exec_status.code, s->main_exec_status.status)) { if (exit_status_set_test(&s->restart_prevent_status, s->main_exec_status.code, s->main_exec_status.status))
*reason = "prevented by exit status";
return false; return false;
}
/* Restart if the exit code/status are configured as restart triggers */ /* Restart if the exit code/status are configured as restart triggers */
if (exit_status_set_test(&s->restart_force_status, s->main_exec_status.code, s->main_exec_status.status)) { if (exit_status_set_test(&s->restart_force_status, s->main_exec_status.code, s->main_exec_status.status))
*reason = "forced by exit status";
return true; return true;
}
*reason = "restart setting";
switch (s->restart) { switch (s->restart) {
case SERVICE_RESTART_NO: case SERVICE_RESTART_NO:
@ -1746,19 +1739,8 @@ static void service_enter_dead(Service *s, ServiceResult f, bool allow_restart)
end_state = SERVICE_FAILED; end_state = SERVICE_FAILED;
} }
if (!allow_restart) if (allow_restart && service_shall_restart(s))
log_unit_debug(UNIT(s), "Service restart not allowed.");
else {
const char *reason;
bool shall_restart;
shall_restart = service_shall_restart(s, &reason);
log_unit_debug(UNIT(s), "Service will %srestart (%s)",
shall_restart ? "" : "not ",
reason);
if (shall_restart)
s->will_auto_restart = true; s->will_auto_restart = true;
}
/* Make sure service_release_resources() doesn't destroy our FD store, while we are changing through /* Make sure service_release_resources() doesn't destroy our FD store, while we are changing through
* SERVICE_FAILED/SERVICE_DEAD before entering into SERVICE_AUTO_RESTART. */ * SERVICE_FAILED/SERVICE_DEAD before entering into SERVICE_AUTO_RESTART. */

View File

@ -62,34 +62,6 @@ static int property_get_netif(
return sd_bus_message_append_array(reply, 'i', m->netif, m->n_netif * sizeof(int)); return sd_bus_message_append_array(reply, 'i', m->netif, m->n_netif * sizeof(int));
} }
int bus_machine_method_unregister(sd_bus_message *message, void *userdata, sd_bus_error *error) {
Machine *m = userdata;
int r;
assert(message);
assert(m);
r = bus_verify_polkit_async(
message,
CAP_KILL,
"org.freedesktop.machine1.manage-machines",
NULL,
false,
UID_INVALID,
&m->manager->polkit_registry,
error);
if (r < 0)
return r;
if (r == 0)
return 1; /* Will call us back */
r = machine_finalize(m);
if (r < 0)
return r;
return sd_bus_reply_method_return(message, NULL);
}
int bus_machine_method_terminate(sd_bus_message *message, void *userdata, sd_bus_error *error) { int bus_machine_method_terminate(sd_bus_message *message, void *userdata, sd_bus_error *error) {
Machine *m = userdata; Machine *m = userdata;
int r; int r;

View File

@ -11,7 +11,6 @@ char *machine_bus_path(Machine *s);
int machine_object_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error); int machine_object_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error);
int machine_node_enumerator(sd_bus *bus, const char *path, void *userdata, char ***nodes, sd_bus_error *error); int machine_node_enumerator(sd_bus *bus, const char *path, void *userdata, char ***nodes, sd_bus_error *error);
int bus_machine_method_unregister(sd_bus_message *message, void *userdata, sd_bus_error *error);
int bus_machine_method_terminate(sd_bus_message *message, void *userdata, sd_bus_error *error); int bus_machine_method_terminate(sd_bus_message *message, void *userdata, sd_bus_error *error);
int bus_machine_method_kill(sd_bus_message *message, void *userdata, sd_bus_error *error); int bus_machine_method_kill(sd_bus_message *message, void *userdata, sd_bus_error *error);
int bus_machine_method_get_addresses(sd_bus_message *message, void *userdata, sd_bus_error *error); int bus_machine_method_get_addresses(sd_bus_message *message, void *userdata, sd_bus_error *error);

View File

@ -355,7 +355,6 @@ static int machine_start_scope(Machine *m, sd_bus_message *properties, sd_bus_er
return log_error_errno(r, "Failed to start machine scope: %s", bus_error_message(error, r)); return log_error_errno(r, "Failed to start machine scope: %s", bus_error_message(error, r));
m->unit = TAKE_PTR(scope); m->unit = TAKE_PTR(scope);
m->referenced = true;
free_and_replace(m->scope_job, job); free_and_replace(m->scope_job, job);
} }
@ -423,12 +422,9 @@ static int machine_stop_scope(Machine *m) {
} else } else
free_and_replace(m->scope_job, job); free_and_replace(m->scope_job, job);
if (m->referenced) {
q = manager_unref_unit(m->manager, m->unit, &error); q = manager_unref_unit(m->manager, m->unit, &error);
if (q < 0) if (q < 0)
log_warning_errno(q, "Failed to drop reference to machine scope, ignoring: %s", bus_error_message(&error, r)); log_warning_errno(q, "Failed to drop reference to machine scope, ignoring: %s", bus_error_message(&error, r));
m->referenced = false;
}
return r; return r;
} }
@ -453,16 +449,13 @@ int machine_stop(Machine *m) {
int machine_finalize(Machine *m) { int machine_finalize(Machine *m) {
assert(m); assert(m);
if (m->started) { if (m->started)
log_struct(LOG_INFO, log_struct(LOG_INFO,
"MESSAGE_ID=" SD_MESSAGE_MACHINE_STOP_STR, "MESSAGE_ID=" SD_MESSAGE_MACHINE_STOP_STR,
"NAME=%s", m->name, "NAME=%s", m->name,
"LEADER="PID_FMT, m->leader, "LEADER="PID_FMT, m->leader,
LOG_MESSAGE("Machine %s terminated.", m->name)); LOG_MESSAGE("Machine %s terminated.", m->name));
m->stopping = true; /* The machine is supposed to be going away. Don't try to kill it. */
}
machine_unlink(m); machine_unlink(m);
machine_add_to_gc_queue(m); machine_add_to_gc_queue(m);

View File

@ -54,7 +54,6 @@ struct Machine {
bool in_gc_queue:1; bool in_gc_queue:1;
bool started:1; bool started:1;
bool stopping:1; bool stopping:1;
bool referenced:1;
sd_bus_message *create_message; sd_bus_message *create_message;

View File

@ -448,10 +448,6 @@ static int redirect_method_to_machine(sd_bus_message *message, Manager *m, sd_bu
return method(message, machine, error); return method(message, machine, error);
} }
static int method_unregister_machine(sd_bus_message *message, void *userdata, sd_bus_error *error) {
return redirect_method_to_machine(message, userdata, error, bus_machine_method_unregister);
}
static int method_terminate_machine(sd_bus_message *message, void *userdata, sd_bus_error *error) { static int method_terminate_machine(sd_bus_message *message, void *userdata, sd_bus_error *error) {
return redirect_method_to_machine(message, userdata, error, bus_machine_method_terminate); return redirect_method_to_machine(message, userdata, error, bus_machine_method_terminate);
} }
@ -1141,7 +1137,6 @@ const sd_bus_vtable manager_vtable[] = {
SD_BUS_METHOD("CreateMachineWithNetwork", "sayssusaia(sv)", "o", method_create_machine_with_network, 0), SD_BUS_METHOD("CreateMachineWithNetwork", "sayssusaia(sv)", "o", method_create_machine_with_network, 0),
SD_BUS_METHOD("RegisterMachine", "sayssus", "o", method_register_machine, 0), SD_BUS_METHOD("RegisterMachine", "sayssus", "o", method_register_machine, 0),
SD_BUS_METHOD("RegisterMachineWithNetwork", "sayssusai", "o", method_register_machine_with_network, 0), SD_BUS_METHOD("RegisterMachineWithNetwork", "sayssusai", "o", method_register_machine_with_network, 0),
SD_BUS_METHOD("UnregisterMachine", "s", NULL, method_unregister_machine, SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_METHOD("TerminateMachine", "s", NULL, method_terminate_machine, SD_BUS_VTABLE_UNPRIVILEGED), SD_BUS_METHOD("TerminateMachine", "s", NULL, method_terminate_machine, SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_METHOD("KillMachine", "ssi", NULL, method_kill_machine, SD_BUS_VTABLE_UNPRIVILEGED), SD_BUS_METHOD("KillMachine", "ssi", NULL, method_kill_machine, SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_METHOD("GetMachineAddresses", "s", "a(iay)", method_get_machine_addresses, SD_BUS_VTABLE_UNPRIVILEGED), SD_BUS_METHOD("GetMachineAddresses", "s", "a(iay)", method_get_machine_addresses, SD_BUS_VTABLE_UNPRIVILEGED),

View File

@ -76,10 +76,6 @@
send_interface="org.freedesktop.machine1.Manager" send_interface="org.freedesktop.machine1.Manager"
send_member="OpenMachineShell"/> send_member="OpenMachineShell"/>
<allow send_destination="org.freedesktop.machine1"
send_interface="org.freedesktop.machine1.Manager"
send_member="UnregisterMachine"/>
<allow send_destination="org.freedesktop.machine1" <allow send_destination="org.freedesktop.machine1"
send_interface="org.freedesktop.machine1.Manager" send_interface="org.freedesktop.machine1.Manager"
send_member="TerminateMachine"/> send_member="TerminateMachine"/>

View File

@ -131,7 +131,7 @@ network_generator_sources = files('''
generator/network-generator.h generator/network-generator.h
'''.split()) '''.split())
network_include_dir = [includes, include_directories(['.', 'netdev', 'tc'])] network_include_dir = include_directories('.')
if conf.get('ENABLE_NETWORKD') == 1 if conf.get('ENABLE_NETWORKD') == 1
networkd_gperf_c = custom_target( networkd_gperf_c = custom_target(
@ -159,7 +159,7 @@ if conf.get('ENABLE_NETWORKD') == 1
networkd_gperf_c, networkd_gperf_c,
networkd_network_gperf_c, networkd_network_gperf_c,
netdev_gperf_c, netdev_gperf_c,
include_directories : network_include_dir, include_directories : includes,
link_with : [libshared]) link_with : [libshared])
install_data('org.freedesktop.network1.conf', install_data('org.freedesktop.network1.conf',
@ -187,9 +187,7 @@ if conf.get('ENABLE_NETWORKD') == 1
libudev_static, libudev_static,
libsystemd_network, libsystemd_network,
libshared], libshared],
[threads], [threads]],
[],
network_include_dir],
[['src/network/fuzz-network-parser.c', [['src/network/fuzz-network-parser.c',
'src/fuzz/fuzz.h'], 'src/fuzz/fuzz.h'],
@ -197,9 +195,7 @@ if conf.get('ENABLE_NETWORKD') == 1
libudev_static, libudev_static,
libsystemd_network, libsystemd_network,
libshared], libshared],
[threads], [threads]]
[],
network_include_dir],
] ]
tests += [ tests += [
@ -207,21 +203,20 @@ if conf.get('ENABLE_NETWORKD') == 1
[libnetworkd_core, [libnetworkd_core,
libsystemd_network, libsystemd_network,
libudev], libudev],
[], '', '', [], network_include_dir], []],
[['src/network/test-network.c'], [['src/network/test-network.c'],
[libnetworkd_core, [libnetworkd_core,
libudev_static, libudev_static,
libsystemd_network, libsystemd_network,
libshared], libshared],
[threads], [threads]],
'', '', [], network_include_dir],
[['src/network/test-routing-policy-rule.c'], [['src/network/test-routing-policy-rule.c'],
[libnetworkd_core, [libnetworkd_core,
libsystemd_network, libsystemd_network,
libudev], libudev],
[], '', '', [], network_include_dir], []],
[['src/network/test-network-tables.c', [['src/network/test-network-tables.c',
test_tables_h], test_tables_h],
@ -238,6 +233,6 @@ if conf.get('ENABLE_NETWORKD') == 1
'src/network/generator/network-generator.c', 'src/network/generator/network-generator.c',
'src/network/generator/network-generator.h'], 'src/network/generator/network-generator.h'],
[libshared], [libshared],
[], '', '', [], network_include_dir], []],
] ]
endif endif

View File

@ -1,5 +1,7 @@
/* SPDX-License-Identifier: LGPL-2.1+ */ /* SPDX-License-Identifier: LGPL-2.1+ */
#include "sd-netlink.h"
#include "alloc-util.h" #include "alloc-util.h"
#include "bond.h" #include "bond.h"
#include "conf-parser.h" #include "conf-parser.h"

View File

@ -2,9 +2,9 @@
#include <net/if.h> #include <net/if.h>
#include "bridge.h"
#include "missing.h" #include "missing.h"
#include "netlink-util.h" #include "netlink-util.h"
#include "netdev/bridge.h"
#include "network-internal.h" #include "network-internal.h"
#include "networkd-manager.h" #include "networkd-manager.h"
#include "string-table.h" #include "string-table.h"

View File

@ -1,6 +1,6 @@
/* SPDX-License-Identifier: LGPL-2.1+ */ /* SPDX-License-Identifier: LGPL-2.1+ */
#include "dummy.h" #include "netdev/dummy.h"
const NetDevVTable dummy_vtable = { const NetDevVTable dummy_vtable = {
.object_size = sizeof(Dummy), .object_size = sizeof(Dummy),

View File

@ -1,7 +1,7 @@
/* SPDX-License-Identifier: LGPL-2.1+ */ /* SPDX-License-Identifier: LGPL-2.1+ */
#pragma once #pragma once
#include "netdev.h" #include "netdev/netdev.h"
typedef struct Dummy { typedef struct Dummy {
NetDev meta; NetDev meta;

View File

@ -6,12 +6,14 @@
#include <linux/ip.h> #include <linux/ip.h>
#include "conf-parser.h" #include "conf-parser.h"
#include "fou-tunnel.h"
#include "ip-protocol-list.h" #include "ip-protocol-list.h"
#include "missing.h" #include "missing.h"
#include "netdev/fou-tunnel.h"
#include "netlink-util.h" #include "netlink-util.h"
#include "networkd-link.h"
#include "networkd-manager.h" #include "networkd-manager.h"
#include "parse-util.h" #include "parse-util.h"
#include "sd-netlink.h"
#include "string-table.h" #include "string-table.h"
#include "string-util.h" #include "string-util.h"
#include "util.h" #include "util.h"

View File

@ -5,7 +5,7 @@
#include <linux/fou.h> #include <linux/fou.h>
#include "in-addr-util.h" #include "in-addr-util.h"
#include "netdev.h" #include "netdev/netdev.h"
typedef enum FooOverUDPEncapType { typedef enum FooOverUDPEncapType {
NETDEV_FOO_OVER_UDP_ENCAP_UNSPEC = FOU_ENCAP_UNSPEC, NETDEV_FOO_OVER_UDP_ENCAP_UNSPEC = FOU_ENCAP_UNSPEC,

View File

@ -2,17 +2,19 @@
#include <net/if.h> #include <net/if.h>
#include "sd-netlink.h"
#include "alloc-util.h" #include "alloc-util.h"
#include "conf-parser.h" #include "conf-parser.h"
#include "extract-word.h" #include "extract-word.h"
#include "geneve.h" #include "geneve.h"
#include "missing.h"
#include "netlink-util.h" #include "netlink-util.h"
#include "networkd-manager.h"
#include "parse-util.h" #include "parse-util.h"
#include "string-table.h" #include "string-table.h"
#include "string-util.h" #include "string-util.h"
#include "strv.h" #include "strv.h"
#include "missing.h"
#include "networkd-manager.h"
#define GENEVE_FLOW_LABEL_MAX_MASK 0xFFFFFU #define GENEVE_FLOW_LABEL_MAX_MASK 0xFFFFFU
#define DEFAULT_GENEVE_DESTINATION_PORT 6081 #define DEFAULT_GENEVE_DESTINATION_PORT 6081

View File

@ -5,6 +5,7 @@ typedef struct Geneve Geneve;
#include "in-addr-util.h" #include "in-addr-util.h"
#include "netdev.h" #include "netdev.h"
#include "networkd-link.h"
#include "networkd-network.h" #include "networkd-network.h"
#define GENEVE_VID_MAX (1u << 24) - 1 #define GENEVE_VID_MAX (1u << 24) - 1

View File

@ -3,7 +3,7 @@
#include <net/if.h> #include <net/if.h>
#include "conf-parser.h" #include "conf-parser.h"
#include "ipvlan.h" #include "netdev/ipvlan.h"
#include "networkd-link.h" #include "networkd-link.h"
#include "string-table.h" #include "string-table.h"

View File

@ -4,7 +4,7 @@
#include <netinet/in.h> #include <netinet/in.h>
#include <linux/if_link.h> #include <linux/if_link.h>
#include "netdev.h" #include "netdev/netdev.h"
typedef enum IPVlanMode { typedef enum IPVlanMode {
NETDEV_IPVLAN_MODE_L2 = IPVLAN_MODE_L2, NETDEV_IPVLAN_MODE_L2 = IPVLAN_MODE_L2,

View File

@ -4,6 +4,8 @@
#include <linux/l2tp.h> #include <linux/l2tp.h>
#include <linux/genetlink.h> #include <linux/genetlink.h>
#include "sd-netlink.h"
#include "conf-parser.h" #include "conf-parser.h"
#include "hashmap.h" #include "hashmap.h"
#include "l2tp-tunnel.h" #include "l2tp-tunnel.h"

View File

@ -17,6 +17,7 @@
#include "networkd-address.h" #include "networkd-address.h"
#include "networkd-manager.h" #include "networkd-manager.h"
#include "path-util.h" #include "path-util.h"
#include "sd-netlink.h"
#include "socket-util.h" #include "socket-util.h"
#include "string-table.h" #include "string-table.h"
#include "string-util.h" #include "string-util.h"

View File

@ -3,7 +3,7 @@
#include <net/if.h> #include <net/if.h>
#include "conf-parser.h" #include "conf-parser.h"
#include "macvlan.h" #include "netdev/macvlan.h"
#include "string-table.h" #include "string-table.h"
static const char* const macvlan_mode_table[_NETDEV_MACVLAN_MODE_MAX] = { static const char* const macvlan_mode_table[_NETDEV_MACVLAN_MODE_MAX] = {

View File

@ -3,7 +3,7 @@
typedef struct MacVlan MacVlan; typedef struct MacVlan MacVlan;
#include "netdev.h" #include "netdev/netdev.h"
typedef enum MacVlanMode { typedef enum MacVlanMode {
NETDEV_MACVLAN_MODE_PRIVATE = MACVLAN_MODE_PRIVATE, NETDEV_MACVLAN_MODE_PRIVATE = MACVLAN_MODE_PRIVATE,

View File

@ -3,27 +3,27 @@
_Pragma("GCC diagnostic ignored \"-Wimplicit-fallthrough\"") _Pragma("GCC diagnostic ignored \"-Wimplicit-fallthrough\"")
#endif #endif
#include <stddef.h> #include <stddef.h>
#include "bond.h"
#include "bridge.h"
#include "conf-parser.h" #include "conf-parser.h"
#include "geneve.h"
#include "ipvlan.h"
#include "macsec.h"
#include "macvlan.h"
#include "tunnel.h"
#include "tuntap.h"
#include "veth.h"
#include "vlan-util.h"
#include "vlan.h"
#include "vxlan.h"
#include "vrf.h"
#include "netdev.h"
#include "network-internal.h" #include "network-internal.h"
#include "vxcan.h" #include "netdev/bond.h"
#include "wireguard.h" #include "netdev/bridge.h"
#include "fou-tunnel.h" #include "netdev/geneve.h"
#include "l2tp-tunnel.h" #include "netdev/ipvlan.h"
#include "xfrm.h" #include "netdev/macsec.h"
#include "netdev/macvlan.h"
#include "netdev/tunnel.h"
#include "netdev/tuntap.h"
#include "netdev/veth.h"
#include "netdev/vlan.h"
#include "netdev/vxlan.h"
#include "netdev/vrf.h"
#include "netdev/netdev.h"
#include "netdev/vxcan.h"
#include "netdev/wireguard.h"
#include "netdev/fou-tunnel.h"
#include "netdev/l2tp-tunnel.h"
#include "netdev/xfrm.h"
#include "vlan-util.h"
%} %}
struct ConfigPerfItem; struct ConfigPerfItem;
%null_strings %null_strings

View File

@ -4,40 +4,41 @@
#include <netinet/in.h> #include <netinet/in.h>
#include "alloc-util.h" #include "alloc-util.h"
#include "bond.h"
#include "bridge.h"
#include "conf-files.h" #include "conf-files.h"
#include "conf-parser.h" #include "conf-parser.h"
#include "dummy.h"
#include "fd-util.h" #include "fd-util.h"
#include "fou-tunnel.h"
#include "geneve.h"
#include "ipvlan.h"
#include "l2tp-tunnel.h"
#include "list.h" #include "list.h"
#include "macsec.h" #include "netdev/bond.h"
#include "macvlan.h" #include "netdev/bridge.h"
#include "netdev.h" #include "netdev/dummy.h"
#include "netdevsim.h" #include "netdev/fou-tunnel.h"
#include "netdev/geneve.h"
#include "netdev/ipvlan.h"
#include "netdev/l2tp-tunnel.h"
#include "netdev/macsec.h"
#include "netdev/macvlan.h"
#include "netdev/netdev.h"
#include "netdev/netdevsim.h"
#include "netdev/nlmon.h"
#include "netdev/tunnel.h"
#include "netdev/tuntap.h"
#include "netdev/vcan.h"
#include "netdev/veth.h"
#include "netdev/vlan.h"
#include "netdev/vrf.h"
#include "netdev/vxcan.h"
#include "netdev/vxlan.h"
#include "netdev/wireguard.h"
#include "netdev/xfrm.h"
#include "netlink-util.h" #include "netlink-util.h"
#include "network-internal.h" #include "network-internal.h"
#include "networkd-link.h"
#include "networkd-manager.h" #include "networkd-manager.h"
#include "nlmon.h"
#include "siphash24.h" #include "siphash24.h"
#include "stat-util.h" #include "stat-util.h"
#include "string-table.h" #include "string-table.h"
#include "string-util.h" #include "string-util.h"
#include "strv.h" #include "strv.h"
#include "tunnel.h"
#include "tuntap.h"
#include "vcan.h"
#include "veth.h"
#include "vlan.h"
#include "vrf.h"
#include "vxcan.h"
#include "vxlan.h"
#include "wireguard.h"
#include "xfrm.h"
const NetDevVTable * const netdev_vtable[_NETDEV_KIND_MAX] = { const NetDevVTable * const netdev_vtable[_NETDEV_KIND_MAX] = {
[NETDEV_KIND_BRIDGE] = &bridge_vtable, [NETDEV_KIND_BRIDGE] = &bridge_vtable,

View File

@ -5,7 +5,7 @@
#include "conf-parser.h" #include "conf-parser.h"
#include "list.h" #include "list.h"
#include "networkd-link.h" #include "../networkd-link.h"
#include "time-util.h" #include "time-util.h"
typedef struct netdev_join_callback netdev_join_callback; typedef struct netdev_join_callback netdev_join_callback;

View File

@ -1,7 +1,7 @@
/* SPDX-License-Identifier: LGPL-2.1+ */ /* SPDX-License-Identifier: LGPL-2.1+ */
#include "netdev/netdevsim.h"
#include "missing.h" #include "missing.h"
#include "netdevsim.h"
const NetDevVTable netdevsim_vtable = { const NetDevVTable netdevsim_vtable = {
.object_size = sizeof(NetDevSim), .object_size = sizeof(NetDevSim),

View File

@ -3,7 +3,7 @@
typedef struct NetDevSim NetDevSim; typedef struct NetDevSim NetDevSim;
#include "netdev.h" #include "netdev/netdev.h"
struct NetDevSim { struct NetDevSim {
NetDev meta; NetDev meta;

View File

@ -1,6 +1,6 @@
/* SPDX-License-Identifier: LGPL-2.1+ */ /* SPDX-License-Identifier: LGPL-2.1+ */
#include "nlmon.h" #include "netdev/nlmon.h"
static int netdev_nlmon_verify(NetDev *netdev, const char *filename) { static int netdev_nlmon_verify(NetDev *netdev, const char *filename) {
assert(netdev); assert(netdev);

View File

@ -3,7 +3,7 @@
typedef struct NLMon NLMon; typedef struct NLMon NLMon;
#include "netdev.h" #include "netdev/netdev.h"
struct NLMon { struct NLMon {
NetDev meta; NetDev meta;

View File

@ -6,13 +6,16 @@
#include <linux/if_tunnel.h> #include <linux/if_tunnel.h>
#include <linux/ip6_tunnel.h> #include <linux/ip6_tunnel.h>
#include "sd-netlink.h"
#include "conf-parser.h" #include "conf-parser.h"
#include "missing.h" #include "missing.h"
#include "netlink-util.h" #include "netlink-util.h"
#include "networkd-link.h"
#include "netdev/tunnel.h"
#include "parse-util.h" #include "parse-util.h"
#include "string-table.h" #include "string-table.h"
#include "string-util.h" #include "string-util.h"
#include "tunnel.h"
#include "util.h" #include "util.h"
#define DEFAULT_TNL_HOP_LIMIT 64 #define DEFAULT_TNL_HOP_LIMIT 64

View File

@ -4,8 +4,8 @@
#include "in-addr-util.h" #include "in-addr-util.h"
#include "conf-parser.h" #include "conf-parser.h"
#include "fou-tunnel.h" #include "netdev/netdev.h"
#include "netdev.h" #include "netdev/fou-tunnel.h"
typedef enum Ip6TnlMode { typedef enum Ip6TnlMode {
NETDEV_IP6_TNL_MODE_IP6IP6, NETDEV_IP6_TNL_MODE_IP6IP6,

View File

@ -11,7 +11,7 @@
#include "alloc-util.h" #include "alloc-util.h"
#include "fd-util.h" #include "fd-util.h"
#include "tuntap.h" #include "netdev/tuntap.h"
#include "user-util.h" #include "user-util.h"
#define TUN_DEV "/dev/net/tun" #define TUN_DEV "/dev/net/tun"

View File

@ -3,7 +3,7 @@
typedef struct TunTap TunTap; typedef struct TunTap TunTap;
#include "netdev.h" #include "netdev/netdev.h"
struct TunTap { struct TunTap {
NetDev meta; NetDev meta;

View File

@ -1,6 +1,6 @@
/* SPDX-License-Identifier: LGPL-2.1+ */ /* SPDX-License-Identifier: LGPL-2.1+ */
#include "vcan.h" #include "netdev/vcan.h"
const NetDevVTable vcan_vtable = { const NetDevVTable vcan_vtable = {
.object_size = sizeof(VCan), .object_size = sizeof(VCan),

View File

@ -6,7 +6,7 @@ typedef struct VCan VCan;
#include <netinet/in.h> #include <netinet/in.h>
#include <linux/can/netlink.h> #include <linux/can/netlink.h>
#include "netdev.h" #include "netdev/netdev.h"
struct VCan { struct VCan {
NetDev meta; NetDev meta;

View File

@ -4,7 +4,9 @@
#include <net/if.h> #include <net/if.h>
#include <linux/veth.h> #include <linux/veth.h>
#include "veth.h" #include "sd-netlink.h"
#include "netdev/veth.h"
static int netdev_veth_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *m) { static int netdev_veth_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *m) {
Veth *v; Veth *v;

View File

@ -3,7 +3,7 @@
typedef struct Veth Veth; typedef struct Veth Veth;
#include "netdev.h" #include "netdev/netdev.h"
struct Veth { struct Veth {
NetDev meta; NetDev meta;

View File

@ -4,8 +4,8 @@
#include <net/if.h> #include <net/if.h>
#include <linux/if_vlan.h> #include <linux/if_vlan.h>
#include "netdev/vlan.h"
#include "vlan-util.h" #include "vlan-util.h"
#include "vlan.h"
static int netdev_vlan_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *req) { static int netdev_vlan_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *req) {
struct ifla_vlan_flags flags = {}; struct ifla_vlan_flags flags = {};

View File

@ -3,7 +3,7 @@
typedef struct VLan VLan; typedef struct VLan VLan;
#include "netdev.h" #include "netdev/netdev.h"
struct VLan { struct VLan {
NetDev meta; NetDev meta;

View File

@ -2,8 +2,9 @@
#include <net/if.h> #include <net/if.h>
#include "sd-netlink.h"
#include "missing.h" #include "missing.h"
#include "vrf.h" #include "netdev/vrf.h"
static int netdev_vrf_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *m) { static int netdev_vrf_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *m) {
Vrf *v; Vrf *v;

View File

@ -3,7 +3,7 @@
typedef struct Vrf Vrf; typedef struct Vrf Vrf;
#include "netdev.h" #include "netdev/netdev.h"
struct Vrf { struct Vrf {
NetDev meta; NetDev meta;

View File

@ -2,7 +2,7 @@
#include <linux/can/vxcan.h> #include <linux/can/vxcan.h>
#include "vxcan.h" #include "netdev/vxcan.h"
static int netdev_vxcan_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *m) { static int netdev_vxcan_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *m) {
VxCan *v; VxCan *v;

View File

@ -3,7 +3,7 @@
typedef struct VxCan VxCan; typedef struct VxCan VxCan;
#include "netdev.h" #include "netdev/netdev.h"
struct VxCan { struct VxCan {
NetDev meta; NetDev meta;

View File

@ -2,6 +2,8 @@
#include <net/if.h> #include <net/if.h>
#include "sd-netlink.h"
#include "conf-parser.h" #include "conf-parser.h"
#include "alloc-util.h" #include "alloc-util.h"
#include "extract-word.h" #include "extract-word.h"
@ -10,7 +12,9 @@
#include "strv.h" #include "strv.h"
#include "parse-util.h" #include "parse-util.h"
#include "missing.h" #include "missing.h"
#include "vxlan.h"
#include "networkd-link.h"
#include "netdev/vxlan.h"
static const char* const df_table[_NETDEV_VXLAN_DF_MAX] = { static const char* const df_table[_NETDEV_VXLAN_DF_MAX] = {
[NETDEV_VXLAN_DF_NO] = "no", [NETDEV_VXLAN_DF_NO] = "no",

View File

@ -6,7 +6,7 @@ typedef struct VxLan VxLan;
#include <linux/if_link.h> #include <linux/if_link.h>
#include "in-addr-util.h" #include "in-addr-util.h"
#include "netdev.h" #include "netdev/netdev.h"
#define VXLAN_VID_MAX (1u << 24) - 1 #define VXLAN_VID_MAX (1u << 24) - 1
#define VXLAN_FLOW_LABEL_MAX_MASK 0xFFFFFU #define VXLAN_FLOW_LABEL_MAX_MASK 0xFFFFFU

View File

@ -15,6 +15,7 @@
#include "hexdecoct.h" #include "hexdecoct.h"
#include "memory-util.h" #include "memory-util.h"
#include "netlink-util.h" #include "netlink-util.h"
#include "networkd-link.h"
#include "networkd-manager.h" #include "networkd-manager.h"
#include "networkd-util.h" #include "networkd-util.h"
#include "parse-util.h" #include "parse-util.h"

View File

@ -1,7 +1,7 @@
/* SPDX-License-Identifier: LGPL-2.1+ */ /* SPDX-License-Identifier: LGPL-2.1+ */
#include "missing_network.h" #include "missing_network.h"
#include "xfrm.h" #include "netdev/xfrm.h"
static int xfrm_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *message) { static int xfrm_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *message) {
Xfrm *x; Xfrm *x;

View File

@ -1,7 +1,7 @@
/* SPDX-License-Identifier: LGPL-2.1+ */ /* SPDX-License-Identifier: LGPL-2.1+ */
#pragma once #pragma once
#include "netdev.h" #include "netdev/netdev.h"
typedef struct Xfrm { typedef struct Xfrm {
NetDev meta; NetDev meta;

View File

@ -6,7 +6,7 @@
#include "alloc-util.h" #include "alloc-util.h"
#include "dhcp-client-internal.h" #include "dhcp-client-internal.h"
#include "escape.h" #include "hexdecoct.h"
#include "hostname-util.h" #include "hostname-util.h"
#include "parse-util.h" #include "parse-util.h"
#include "network-internal.h" #include "network-internal.h"
@ -1566,7 +1566,7 @@ int config_parse_dhcp_request_options(
return 0; return 0;
} }
int config_parse_dhcp_send_option( int config_parse_dhcp_send_options(
const char *unit, const char *unit,
const char *filename, const char *filename,
unsigned line, unsigned line,
@ -1579,11 +1579,12 @@ int config_parse_dhcp_send_option(
void *userdata) { void *userdata) {
_cleanup_(sd_dhcp_option_unrefp) sd_dhcp_option *opt = NULL, *old = NULL; _cleanup_(sd_dhcp_option_unrefp) sd_dhcp_option *opt = NULL, *old = NULL;
_cleanup_free_ char *word = NULL, *q = NULL; _cleanup_free_ char *word = NULL;
_cleanup_free_ void *q = NULL;
Network *network = data; Network *network = data;
const char *p; const char *p;
uint8_t u; uint8_t u;
ssize_t sz; size_t sz;
int r; int r;
assert(filename); assert(filename);
@ -1618,10 +1619,10 @@ int config_parse_dhcp_send_option(
return 0; return 0;
} }
sz = cunescape(p, 0, &q); r = unbase64mem(p, (size_t) -1, &q, &sz);
if (sz < 0) { if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, sz, log_syntax(unit, LOG_ERR, filename, line, r,
"Failed to decode option data, ignoring assignment: %s", p); "Failed to decode base64 data, ignoring assignment: %s", p);
return 0; return 0;
} }

View File

@ -27,4 +27,4 @@ CONFIG_PARSER_PROTOTYPE(config_parse_dhcp_black_listed_ip_address);
CONFIG_PARSER_PROTOTYPE(config_parse_dhcp_max_attempts); CONFIG_PARSER_PROTOTYPE(config_parse_dhcp_max_attempts);
CONFIG_PARSER_PROTOTYPE(config_parse_dhcp_user_class); CONFIG_PARSER_PROTOTYPE(config_parse_dhcp_user_class);
CONFIG_PARSER_PROTOTYPE(config_parse_dhcp_request_options); CONFIG_PARSER_PROTOTYPE(config_parse_dhcp_request_options);
CONFIG_PARSER_PROTOTYPE(config_parse_dhcp_send_option); CONFIG_PARSER_PROTOTYPE(config_parse_dhcp_send_options);

View File

@ -7,8 +7,9 @@
#include <net/if.h> #include <net/if.h>
#include "alloc-util.h" #include "alloc-util.h"
#include "bridge.h"
#include "conf-parser.h" #include "conf-parser.h"
#include "netdev/bridge.h"
#include "netdev/vxlan.h"
#include "netlink-util.h" #include "netlink-util.h"
#include "networkd-fdb.h" #include "networkd-fdb.h"
#include "networkd-manager.h" #include "networkd-manager.h"
@ -17,7 +18,6 @@
#include "string-table.h" #include "string-table.h"
#include "util.h" #include "util.h"
#include "vlan-util.h" #include "vlan-util.h"
#include "vxlan.h"
#define STATIC_FDB_ENTRIES_PER_NETWORK_MAX 1024U #define STATIC_FDB_ENTRIES_PER_NETWORK_MAX 1024U

View File

@ -6,16 +6,17 @@
#include <unistd.h> #include <unistd.h>
#include "alloc-util.h" #include "alloc-util.h"
#include "bond.h"
#include "bridge.h"
#include "bus-util.h" #include "bus-util.h"
#include "dhcp-identifier.h" #include "dhcp-identifier.h"
#include "dhcp-lease-internal.h" #include "dhcp-lease-internal.h"
#include "env-file.h" #include "env-file.h"
#include "fd-util.h" #include "fd-util.h"
#include "fileio.h" #include "fileio.h"
#include "ipvlan.h"
#include "missing_network.h" #include "missing_network.h"
#include "netdev/bond.h"
#include "netdev/bridge.h"
#include "netdev/ipvlan.h"
#include "netdev/vrf.h"
#include "netlink-util.h" #include "netlink-util.h"
#include "network-internal.h" #include "network-internal.h"
#include "networkd-can.h" #include "networkd-can.h"
@ -33,7 +34,6 @@
#include "networkd-radv.h" #include "networkd-radv.h"
#include "networkd-routing-policy-rule.h" #include "networkd-routing-policy-rule.h"
#include "networkd-wifi.h" #include "networkd-wifi.h"
#include "qdisc.h"
#include "set.h" #include "set.h"
#include "socket-util.h" #include "socket-util.h"
#include "stdio-util.h" #include "stdio-util.h"
@ -43,8 +43,8 @@
#include "tmpfile-util.h" #include "tmpfile-util.h"
#include "udev-util.h" #include "udev-util.h"
#include "util.h" #include "util.h"
#include "tc/qdisc.h"
#include "virt.h" #include "virt.h"
#include "vrf.h"
uint32_t link_get_vrf_table(Link *link) { uint32_t link_get_vrf_table(Link *link) {
return link->network->vrf ? VRF(link->network->vrf)->table : RT_TABLE_MAIN; return link->network->vrf ? VRF(link->network->vrf)->table : RT_TABLE_MAIN;

View File

@ -4,7 +4,6 @@ _Pragma("GCC diagnostic ignored \"-Wimplicit-fallthrough\"")
#endif #endif
#include <stddef.h> #include <stddef.h>
#include "conf-parser.h" #include "conf-parser.h"
#include "netem.h"
#include "network-internal.h" #include "network-internal.h"
#include "networkd-conf.h" #include "networkd-conf.h"
#include "networkd-dhcp-common.h" #include "networkd-dhcp-common.h"
@ -13,8 +12,9 @@ _Pragma("GCC diagnostic ignored \"-Wimplicit-fallthrough\"")
#include "networkd-ipv4ll.h" #include "networkd-ipv4ll.h"
#include "networkd-ndisc.h" #include "networkd-ndisc.h"
#include "networkd-network.h" #include "networkd-network.h"
#include "qdisc.h"
#include "vlan-util.h" #include "vlan-util.h"
#include "tc/qdisc.h"
#include "tc/netem.h"
%} %}
struct ConfigPerfItem; struct ConfigPerfItem;
%null_strings %null_strings
@ -175,7 +175,7 @@ DHCPv4.ListenPort, config_parse_uint16,
DHCPv4.SendRelease, config_parse_bool, 0, offsetof(Network, dhcp_send_release) DHCPv4.SendRelease, config_parse_bool, 0, offsetof(Network, dhcp_send_release)
DHCPv4.BlackList, config_parse_dhcp_black_listed_ip_address, 0, 0 DHCPv4.BlackList, config_parse_dhcp_black_listed_ip_address, 0, 0
DHCPv4.IPServiceType, config_parse_ip_service_type, 0, offsetof(Network, ip_service_type) DHCPv4.IPServiceType, config_parse_ip_service_type, 0, offsetof(Network, ip_service_type)
DHCPv4.SendOption, config_parse_dhcp_send_option, 0, 0 DHCPv4.SendOptions, config_parse_dhcp_send_options, 0, 0
DHCPv6.UseDNS, config_parse_bool, 0, offsetof(Network, dhcp6_use_dns) DHCPv6.UseDNS, config_parse_bool, 0, offsetof(Network, dhcp6_use_dns)
DHCPv6.UseNTP, config_parse_bool, 0, offsetof(Network, dhcp6_use_ntp) DHCPv6.UseNTP, config_parse_bool, 0, offsetof(Network, dhcp6_use_ntp)
DHCPv6.RapidCommit, config_parse_bool, 0, offsetof(Network, rapid_commit) DHCPv6.RapidCommit, config_parse_bool, 0, offsetof(Network, rapid_commit)

View File

@ -6,11 +6,11 @@
#include "sd-bus.h" #include "sd-bus.h"
#include "sd-device.h" #include "sd-device.h"
#include "bridge.h"
#include "condition.h" #include "condition.h"
#include "conf-parser.h" #include "conf-parser.h"
#include "hashmap.h" #include "hashmap.h"
#include "netdev.h" #include "netdev/bridge.h"
#include "netdev/netdev.h"
#include "networkd-address-label.h" #include "networkd-address-label.h"
#include "networkd-address.h" #include "networkd-address.h"
#include "networkd-brvlan.h" #include "networkd-brvlan.h"
@ -27,8 +27,8 @@
#include "networkd-routing-policy-rule.h" #include "networkd-routing-policy-rule.h"
#include "networkd-util.h" #include "networkd-util.h"
#include "ordered-set.h" #include "ordered-set.h"
#include "qdisc.h"
#include "resolve-util.h" #include "resolve-util.h"
#include "tc/qdisc.h"
typedef enum IPv6PrivacyExtensions { typedef enum IPv6PrivacyExtensions {
/* The values map to the kernel's /proc/sys/net/ipv6/conf/xxx/use_tempaddr values */ /* The values map to the kernel's /proc/sys/net/ipv6/conf/xxx/use_tempaddr values */

View File

@ -5,18 +5,20 @@
#include "sd-netlink.h" #include "sd-netlink.h"
#include "conf-parser.h" #include "conf-parser.h"
#include "networkd-link.h" #include "macro.h"
#include "../networkd-link.h"
#include "time-util.h" #include "time-util.h"
typedef struct NetworkEmulator NetworkEmulator;
typedef struct QDiscs QDiscs; typedef struct QDiscs QDiscs;
typedef struct NetworkEmulator { struct NetworkEmulator {
usec_t delay; usec_t delay;
usec_t jitter; usec_t jitter;
uint32_t limit; uint32_t limit;
uint32_t loss; uint32_t loss;
} NetworkEmulator; };
int network_emulator_new(NetworkEmulator **ret); int network_emulator_new(NetworkEmulator **ret);
int network_emulator_fill_message(Link *link, QDiscs *qdisc, sd_netlink_message *req); int network_emulator_fill_message(Link *link, QDiscs *qdisc, sd_netlink_message *req);

View File

@ -3,12 +3,13 @@
#pragma once #pragma once
#include "conf-parser.h" #include "conf-parser.h"
#include "macro.h"
#include "netem.h" #include "netem.h"
#include "networkd-link.h" #include "../networkd-util.h"
#include "networkd-network.h"
#include "networkd-util.h"
typedef struct QDiscs { typedef struct QDiscs QDiscs;
struct QDiscs {
NetworkConfigSection *section; NetworkConfigSection *section;
Network *network; Network *network;
@ -22,7 +23,7 @@ typedef struct QDiscs {
bool has_network_emulator:1; bool has_network_emulator:1;
NetworkEmulator ne; NetworkEmulator ne;
} QDiscs; };
void qdisc_free(QDiscs *qdisc); void qdisc_free(QDiscs *qdisc);
int qdisc_new_static(Network *network, const char *filename, unsigned section_line, QDiscs **ret); int qdisc_new_static(Network *network, const char *filename, unsigned section_line, QDiscs **ret);

View File

@ -1,17 +1,17 @@
#include "bond.h"
#include "dhcp6-internal.h" #include "dhcp6-internal.h"
#include "dhcp6-protocol.h" #include "dhcp6-protocol.h"
#include "ethtool-util.h" #include "ethtool-util.h"
#include "ipvlan.h"
#include "lldp-internal.h" #include "lldp-internal.h"
#include "macvlan.h"
#include "ndisc-internal.h" #include "ndisc-internal.h"
#include "netdev/bond.h"
#include "netdev/ipvlan.h"
#include "netdev/macvlan.h"
#include "netdev/tunnel.h"
#include "netlink-internal.h" #include "netlink-internal.h"
#include "networkd-link.h" #include "networkd-link.h"
#include "networkd-network.h" #include "networkd-network.h"
#include "networkd-util.h" #include "networkd-util.h"
#include "test-tables.h" #include "test-tables.h"
#include "tunnel.h"
int main(int argc, char **argv) { int main(int argc, char **argv) {
test_table(bond_ad_select, NETDEV_BOND_AD_SELECT); test_table(bond_ad_select, NETDEV_BOND_AD_SELECT);

View File

@ -209,7 +209,7 @@ int register_machine(
return 0; return 0;
} }
int unregister_machine( int terminate_machine(
sd_bus *bus, sd_bus *bus,
const char *machine_name) { const char *machine_name) {
@ -223,13 +223,13 @@ int unregister_machine(
"org.freedesktop.machine1", "org.freedesktop.machine1",
"/org/freedesktop/machine1", "/org/freedesktop/machine1",
"org.freedesktop.machine1.Manager", "org.freedesktop.machine1.Manager",
"UnregisterMachine", "TerminateMachine",
&error, &error,
NULL, NULL,
"s", "s",
machine_name); machine_name);
if (r < 0) if (r < 0)
log_debug("Failed to unregister machine: %s", bus_error_message(&error, r)); log_debug("Failed to terminate machine: %s", bus_error_message(&error, r));
return 0; return 0;
} }

View File

@ -8,7 +8,7 @@
#include "nspawn-mount.h" #include "nspawn-mount.h"
int register_machine(sd_bus *bus, const char *machine_name, pid_t pid, const char *directory, sd_id128_t uuid, int local_ifindex, const char *slice, CustomMount *mounts, unsigned n_mounts, int kill_signal, char **properties, sd_bus_message *properties_message, bool keep_unit, const char *service); int register_machine(sd_bus *bus, const char *machine_name, pid_t pid, const char *directory, sd_id128_t uuid, int local_ifindex, const char *slice, CustomMount *mounts, unsigned n_mounts, int kill_signal, char **properties, sd_bus_message *properties_message, bool keep_unit, const char *service);
int unregister_machine(sd_bus *bus, const char *machine_name); int terminate_machine(sd_bus *bus, const char *machine_name);
int allocate_scope(sd_bus *bus, const char *machine_name, pid_t pid, const char *slice, CustomMount *mounts, unsigned n_mounts, int kill_signal, char **properties, sd_bus_message *properties_message); int allocate_scope(sd_bus *bus, const char *machine_name, pid_t pid, const char *slice, CustomMount *mounts, unsigned n_mounts, int kill_signal, char **properties, sd_bus_message *properties_message);
int terminate_scope(sd_bus *bus, const char *machine_name); int terminate_scope(sd_bus *bus, const char *machine_name);

View File

@ -4618,8 +4618,12 @@ static int run_container(
} }
/* Kill if it is not dead yet anyway */ /* Kill if it is not dead yet anyway */
if (!arg_register && !arg_keep_unit && bus) if (bus) {
if (arg_register)
terminate_machine(bus, arg_machine);
else if (!arg_keep_unit)
terminate_scope(bus, arg_machine); terminate_scope(bus, arg_machine);
}
/* Normally redundant, but better safe than sorry */ /* Normally redundant, but better safe than sorry */
(void) kill(*pid, SIGKILL); (void) kill(*pid, SIGKILL);
@ -4627,10 +4631,6 @@ static int run_container(
r = wait_for_container(*pid, &container_status); r = wait_for_container(*pid, &container_status);
*pid = 0; *pid = 0;
/* Tell machined that we are gone. */
if (bus)
(void) unregister_machine(bus, arg_machine);
if (r < 0) if (r < 0)
/* We failed to wait for the container, or the container exited abnormally. */ /* We failed to wait for the container, or the container exited abnormally. */
return r; return r;

View File

@ -9,7 +9,11 @@
#include "resolved-dns-stream.h" #include "resolved-dns-stream.h"
#include "resolved-dnstls.h" #include "resolved-dnstls.h"
#if GNUTLS_VERSION_NUMBER >= 0x030600
#define PRIORTY_STRING "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2" #define PRIORTY_STRING "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2"
#else
#define PRIORTY_STRING "NORMAL:-VERS-ALL:+VERS-TLS1.2"
#endif
DEFINE_TRIVIAL_CLEANUP_FUNC(gnutls_session_t, gnutls_deinit); DEFINE_TRIVIAL_CLEANUP_FUNC(gnutls_session_t, gnutls_deinit);
static ssize_t dnstls_stream_writev(gnutls_transport_ptr_t p, const giovec_t *iov, int iovcnt) { static ssize_t dnstls_stream_writev(gnutls_transport_ptr_t p, const giovec_t *iov, int iovcnt) {
@ -55,17 +59,8 @@ int dnstls_stream_connect_tls(DnsStream *stream, DnsServer *server) {
server->dnstls_data.session_data.size = 0; server->dnstls_data.session_data.size = 0;
} }
if (server->manager->dns_over_tls_mode == DNS_OVER_TLS_YES) { if (server->manager->dns_over_tls_mode == DNS_OVER_TLS_YES)
stream->dnstls_data.validation.type = GNUTLS_DT_IP_ADDRESS; gnutls_session_set_verify_cert(gs, NULL, 0);
if (server->family == AF_INET) {
stream->dnstls_data.validation.data = (unsigned char*) &server->address.in.s_addr;
stream->dnstls_data.validation.size = 4;
} else {
stream->dnstls_data.validation.data = server->address.in6.s6_addr;
stream->dnstls_data.validation.size = 16;
}
gnutls_session_set_verify_cert2(gs, &stream->dnstls_data.validation, 1, 0);
}
gnutls_handshake_set_timeout(gs, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT); gnutls_handshake_set_timeout(gs, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);

View File

@ -18,7 +18,6 @@ struct DnsTlsServerData {
struct DnsTlsStreamData { struct DnsTlsStreamData {
gnutls_session_t session; gnutls_session_t session;
gnutls_typed_vdata_st validation;
int handshake; int handshake;
bool shutdown; bool shutdown;
}; };

View File

@ -314,9 +314,6 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
"io_pgetevents\0" "io_pgetevents\0"
"io_setup\0" "io_setup\0"
"io_submit\0" "io_submit\0"
"io_uring_enter\0"
"io_uring_register\0"
"io_uring_setup\0"
}, },
[SYSCALL_FILTER_SET_BASIC_IO] = { [SYSCALL_FILTER_SET_BASIC_IO] = {
.name = "@basic-io", .name = "@basic-io",
@ -546,13 +543,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
.help = "Mounting and unmounting of file systems", .help = "Mounting and unmounting of file systems",
.value = .value =
"chroot\0" "chroot\0"
"fsconfig\0"
"fsmount\0"
"fsopen\0"
"fspick\0"
"mount\0" "mount\0"
"move_mount\0"
"open_tree\0"
"pivot_root\0" "pivot_root\0"
"umount\0" "umount\0"
"umount2\0" "umount2\0"
@ -631,7 +622,6 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
"capset\0" "capset\0"
"chroot\0" "chroot\0"
"fanotify_init\0" "fanotify_init\0"
"fanotify_mark\0"
"nfsservctl\0" "nfsservctl\0"
"open_by_handle_at\0" "open_by_handle_at\0"
"pivot_root\0" "pivot_root\0"
@ -657,12 +647,10 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
"arch_prctl\0" "arch_prctl\0"
"capget\0" /* Able to query arbitrary processes */ "capget\0" /* Able to query arbitrary processes */
"clone\0" "clone\0"
"clone3\0"
"execveat\0" "execveat\0"
"fork\0" "fork\0"
"getrusage\0" "getrusage\0"
"kill\0" "kill\0"
"pidfd_open\0"
"pidfd_send_signal\0" "pidfd_send_signal\0"
"prctl\0" "prctl\0"
"rt_sigqueueinfo\0" "rt_sigqueueinfo\0"

View File

@ -34,21 +34,6 @@ int main(int argc, char *argv[]) {
assert_se(streq(p, "\x1B[waldo")); assert_se(streq(p, "\x1B[waldo"));
free(p); free(p);
assert_se(p = strdup("\r\rwaldo"));
assert_se(strip_tab_ansi(&p, NULL, NULL));
assert_se(streq(p, "\r\rwaldo"));
free(p);
assert_se(p = strdup("waldo\r\r"));
assert_se(strip_tab_ansi(&p, NULL, NULL));
assert_se(streq(p, "waldo"));
free(p);
assert_se(p = strdup("waldo\r\r\n\r\n"));
assert_se(strip_tab_ansi(&p, NULL, NULL));
assert_se(streq(p, "waldo\n\n"));
free(p);
assert_se(terminal_urlify_path("/etc/fstab", "i am a fabulous link", &urlified) >= 0); assert_se(terminal_urlify_path("/etc/fstab", "i am a fabulous link", &urlified) >= 0);
assert_se(p = strjoin("something ", urlified, " something-else")); assert_se(p = strjoin("something ", urlified, " something-else"));
assert_se(q = strdup(p)); assert_se(q = strdup(p));

View File

@ -13,9 +13,6 @@ static void test_utf8_is_printable(void) {
assert_se(utf8_is_printable("\342\204\242", 3)); assert_se(utf8_is_printable("\342\204\242", 3));
assert_se(!utf8_is_printable("\341\204", 2)); assert_se(!utf8_is_printable("\341\204", 2));
assert_se(utf8_is_printable("ąę", 4)); assert_se(utf8_is_printable("ąę", 4));
assert_se(!utf8_is_printable("\r", 1));
assert_se(utf8_is_printable("\n", 1));
assert_se(utf8_is_printable("\t", 1));
} }
static void test_utf8_is_valid(void) { static void test_utf8_is_valid(void) {

View File

@ -97,7 +97,7 @@ RequestOptions=
SendRelease= SendRelease=
MaxAttempts= MaxAttempts=
IPServiceType= IPServiceType=
SendOption= SendOptions=
[DHCPv6] [DHCPv6]
UseNTP= UseNTP=
UseDNS= UseDNS=

View File

@ -42,11 +42,11 @@ if [ "$AUTH_RES" = "Access denied" ]; then
echo -e "\033[33;1mCoverity Scan API access denied. Check COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN.\033[0m" echo -e "\033[33;1mCoverity Scan API access denied. Check COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN.\033[0m"
exit 1 exit 1
else else
AUTH=`echo $AUTH_RES | jq .upload_permitted` AUTH=`echo $AUTH_RES | python -c "import sys, json; print(json.load(sys.stdin)['upload_permitted'])"`
if [ "$AUTH" = "true" ]; then if [ "$AUTH" = "True" ]; then
echo -e "\033[33;1mCoverity Scan analysis authorized per quota.\033[0m" echo -e "\033[33;1mCoverity Scan analysis authorized per quota.\033[0m"
else else
WHEN=`echo $AUTH_RES | jq .next_upload_permitted_at` WHEN=`echo $AUTH_RES | python -c "import sys, json; print(json.load(sys.stdin)['next_upload_permitted_at'])"`
echo -e "\033[33;1mCoverity Scan analysis NOT authorized until $WHEN.\033[0m" echo -e "\033[33;1mCoverity Scan analysis NOT authorized until $WHEN.\033[0m"
exit 1 exit 1
fi fi

View File

@ -16,7 +16,7 @@ DOCKER_EXEC="${DOCKER_EXEC:-docker exec -it $CONT_NAME}"
DOCKER_RUN="${DOCKER_RUN:-docker run}" DOCKER_RUN="${DOCKER_RUN:-docker run}"
REPO_ROOT="${REPO_ROOT:-$PWD}" REPO_ROOT="${REPO_ROOT:-$PWD}"
ADDITIONAL_DEPS=(dnf-plugins-core ADDITIONAL_DEPS=(dnf-plugins-core
jq iputils python2 iputils
hostname libasan hostname libasan
python3-pyparsing python3-pyparsing
python3-evdev python3-evdev