dasharo/systemd
0
0
Fork 0
mirror of https://github.com/Dasharo/systemd.git synced 2026-03-06 15:02:31 -08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #22331 from yuwata/network-xfrm-interface-id

Browse Source 
network: xfrm: refuse zero interface ID
This commit is contained in:
Luca Boccassi
2022-02-01 13:25:38 +00:00
committed by GitHub
parent bab29f2ab7 020483b248
commit 98fd285c28
7 changed files with 38 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
man/systemd.netdev.xml
View File

@@ -1994,7 +1994,7 @@
<term><varname>InterfaceId=</varname></term>
<listitem>
<para>Sets the ID/key of the xfrm interface which needs to be associated with a SA/policy.
Can be decimal or hexadecimal, valid range is 0-0xffffffff, defaults to 0.</para>
Can be decimal or hexadecimal, valid range is 1-0xffffffff. This is mandatory.</para>
</listitem>
</varlistentry>
<varlistentry>

19
src/network/netdev/xfrm.c
View File

@@ -14,6 +14,7 @@ static int xfrm_fill_message_create(NetDev *netdev, Link *link, sd_netlink_messa
x = XFRM(netdev);
assert(x);
assert(link || x->independent);
r = sd_netlink_message_append_u32(message, IFLA_XFRM_LINK, link ? link->ifindex : LOOPBACK_IFINDEX);
@@ -27,10 +28,28 @@ static int xfrm_fill_message_create(NetDev *netdev, Link *link, sd_netlink_messa
return 0;
}
static int xfrm_verify(NetDev *netdev, const char *filename) {
Xfrm *x;
assert(netdev);
assert(filename);
x = XFRM(netdev);
assert(x);
if (x->if_id == 0)
return log_netdev_warning_errno(netdev, SYNTHETIC_ERRNO(EINVAL),
"%s: Xfrm interface ID cannot be zero.", filename);
return 0;
}
const NetDevVTable xfrm_vtable = {
.object_size = sizeof(Xfrm),
.sections = NETDEV_COMMON_SECTIONS "Xfrm\0",
.fill_message_create = xfrm_fill_message_create,
.config_verify = xfrm_verify,
.create_type = NETDEV_CREATE_STACKED,
.iftype = ARPHRD_NONE,
};

1
test/test-network/conf/25-xfrm-independent.netdev
View File

@@ -4,4 +4,5 @@ Kind=xfrm
Name=xfrm99
[Xfrm]
InterfaceId=0x99
Independent=yes

5
test/test-network/conf/25-xfrm.netdev
View File

@@ -1,4 +1,7 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[NetDev]
Kind=xfrm
Name=xfrm99
Name=xfrm98
[Xfrm]
InterfaceId=0x98

2
test/test-network/conf/netdev-link-local-addressing-yes.network
View File

@@ -18,7 +18,7 @@ Name=geneve99
Name=ifb99
Name=ipiptun99
Name=nlmon99
Name=xfrm99
Name=xfrm98 xfrm99
Name=vxlan98
Name=hogehogehogehogehogehoge

2
test/test-network/conf/xfrm.network
View File

@@ -4,4 +4,4 @@ Name=dummy98
[Network]
IPv6AcceptRA=no
Xfrm=xfrm99
Xfrm=xfrm98

20
test/test-network/systemd-networkd-tests.py
View File

@@ -886,6 +886,7 @@ class NetworkctlTests(unittest.TestCase, Utilities):
class NetworkdNetDevTests(unittest.TestCase, Utilities):
links_remove_earlier = [
'xfrm98',
'xfrm99',
]
@@ -1797,20 +1798,21 @@ class NetworkdNetDevTests(unittest.TestCase, Utilities):
@expectedFailureIfModuleIsNotAvailable('xfrm_interface')
def test_xfrm(self):
copy_unit_to_networkd_unit_path('12-dummy.netdev', 'xfrm.network',
'25-xfrm.netdev', 'netdev-link-local-addressing-yes.network')
'25-xfrm.netdev', '25-xfrm-independent.netdev',
'netdev-link-local-addressing-yes.network')
start_networkd()
self.wait_online(['xfrm99:degraded', 'dummy98:degraded'])
self.wait_online(['dummy98:degraded', 'xfrm98:degraded', 'xfrm99:degraded'])
output = check_output('ip link show dev xfrm99')
output = check_output('ip -d link show dev xfrm98')
print(output)
self.assertIn('xfrm98@dummy98:', output)
self.assertIn('xfrm if_id 0x98 ', output)
@expectedFailureIfModuleIsNotAvailable('xfrm_interface')
def test_xfrm_independent(self):
copy_unit_to_networkd_unit_path('25-xfrm-independent.netdev', 'netdev-link-local-addressing-yes.network')
start_networkd()
self.wait_online(['xfrm99:degraded'])
output = check_output('ip -d link show dev xfrm99')
print(output)
self.assertIn('xfrm99@lo:', output)
self.assertIn('xfrm if_id 0x99 ', output)
@expectedFailureIfModuleIsNotAvailable('fou')
def test_fou(self):