From fd11005951920a0cee96f0c56f36d9ff8bc66a41 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Tue, 1 Feb 2022 13:00:51 +0900 Subject: [PATCH 1/2] network: xfrm: refuse zero interface ID Since kernel 5.17-rc1, 5.16.3, and 5.15.17 (more specifically, https://github.com/torvalds/linux/commit/8dce43919566f06e865f7e8949f5c10d8c2493f5) the kernel refuses to create an xfrm interface with zero ID. --- man/systemd.netdev.xml | 2 +- src/network/netdev/xfrm.c | 19 +++++++++++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/man/systemd.netdev.xml b/man/systemd.netdev.xml index 449b23d5ac..ff0bdee51f 100644 --- a/man/systemd.netdev.xml +++ b/man/systemd.netdev.xml @@ -1994,7 +1994,7 @@ InterfaceId= Sets the ID/key of the xfrm interface which needs to be associated with a SA/policy. - Can be decimal or hexadecimal, valid range is 0-0xffffffff, defaults to 0. + Can be decimal or hexadecimal, valid range is 1-0xffffffff. This is mandatory. diff --git a/src/network/netdev/xfrm.c b/src/network/netdev/xfrm.c index 05844b8321..a961d8fef2 100644 --- a/src/network/netdev/xfrm.c +++ b/src/network/netdev/xfrm.c @@ -14,6 +14,7 @@ static int xfrm_fill_message_create(NetDev *netdev, Link *link, sd_netlink_messa x = XFRM(netdev); + assert(x); assert(link || x->independent); r = sd_netlink_message_append_u32(message, IFLA_XFRM_LINK, link ? link->ifindex : LOOPBACK_IFINDEX); @@ -27,10 +28,28 @@ static int xfrm_fill_message_create(NetDev *netdev, Link *link, sd_netlink_messa return 0; } +static int xfrm_verify(NetDev *netdev, const char *filename) { + Xfrm *x; + + assert(netdev); + assert(filename); + + x = XFRM(netdev); + + assert(x); + + if (x->if_id == 0) + return log_netdev_warning_errno(netdev, SYNTHETIC_ERRNO(EINVAL), + "%s: Xfrm interface ID cannot be zero.", filename); + + return 0; +} + const NetDevVTable xfrm_vtable = { .object_size = sizeof(Xfrm), .sections = NETDEV_COMMON_SECTIONS "Xfrm\0", .fill_message_create = xfrm_fill_message_create, + .config_verify = xfrm_verify, .create_type = NETDEV_CREATE_STACKED, .iftype = ARPHRD_NONE, }; From 020483b248b45b15eb93d2ae322d7f211c61e44d Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Tue, 1 Feb 2022 13:26:40 +0900 Subject: [PATCH 2/2] test-network: set xfrm interface ID This also unifies two tests for xfrm, and checks the output of 'ip link' command. Fixes #22329. --- .../conf/25-xfrm-independent.netdev | 1 + test/test-network/conf/25-xfrm.netdev | 5 ++++- .../netdev-link-local-addressing-yes.network | 2 +- test/test-network/conf/xfrm.network | 2 +- test/test-network/systemd-networkd-tests.py | 20 ++++++++++--------- 5 files changed, 18 insertions(+), 12 deletions(-) diff --git a/test/test-network/conf/25-xfrm-independent.netdev b/test/test-network/conf/25-xfrm-independent.netdev index b2378849d1..b54c659d83 100644 --- a/test/test-network/conf/25-xfrm-independent.netdev +++ b/test/test-network/conf/25-xfrm-independent.netdev @@ -4,4 +4,5 @@ Kind=xfrm Name=xfrm99 [Xfrm] +InterfaceId=0x99 Independent=yes diff --git a/test/test-network/conf/25-xfrm.netdev b/test/test-network/conf/25-xfrm.netdev index 353bfb7003..8e1d5c8122 100644 --- a/test/test-network/conf/25-xfrm.netdev +++ b/test/test-network/conf/25-xfrm.netdev @@ -1,4 +1,7 @@ # SPDX-License-Identifier: LGPL-2.1-or-later [NetDev] Kind=xfrm -Name=xfrm99 +Name=xfrm98 + +[Xfrm] +InterfaceId=0x98 diff --git a/test/test-network/conf/netdev-link-local-addressing-yes.network b/test/test-network/conf/netdev-link-local-addressing-yes.network index 0cc9cfa96b..ea1811bbfd 100644 --- a/test/test-network/conf/netdev-link-local-addressing-yes.network +++ b/test/test-network/conf/netdev-link-local-addressing-yes.network @@ -18,7 +18,7 @@ Name=geneve99 Name=ifb99 Name=ipiptun99 Name=nlmon99 -Name=xfrm99 +Name=xfrm98 xfrm99 Name=vxlan98 Name=hogehogehogehogehogehoge diff --git a/test/test-network/conf/xfrm.network b/test/test-network/conf/xfrm.network index c852601733..19f22146f8 100644 --- a/test/test-network/conf/xfrm.network +++ b/test/test-network/conf/xfrm.network @@ -4,4 +4,4 @@ Name=dummy98 [Network] IPv6AcceptRA=no -Xfrm=xfrm99 +Xfrm=xfrm98 diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py index ba16170393..885aaad77a 100755 --- a/test/test-network/systemd-networkd-tests.py +++ b/test/test-network/systemd-networkd-tests.py @@ -886,6 +886,7 @@ class NetworkctlTests(unittest.TestCase, Utilities): class NetworkdNetDevTests(unittest.TestCase, Utilities): links_remove_earlier = [ + 'xfrm98', 'xfrm99', ] @@ -1797,20 +1798,21 @@ class NetworkdNetDevTests(unittest.TestCase, Utilities): @expectedFailureIfModuleIsNotAvailable('xfrm_interface') def test_xfrm(self): copy_unit_to_networkd_unit_path('12-dummy.netdev', 'xfrm.network', - '25-xfrm.netdev', 'netdev-link-local-addressing-yes.network') + '25-xfrm.netdev', '25-xfrm-independent.netdev', + 'netdev-link-local-addressing-yes.network') start_networkd() - self.wait_online(['xfrm99:degraded', 'dummy98:degraded']) + self.wait_online(['dummy98:degraded', 'xfrm98:degraded', 'xfrm99:degraded']) - output = check_output('ip link show dev xfrm99') + output = check_output('ip -d link show dev xfrm98') print(output) + self.assertIn('xfrm98@dummy98:', output) + self.assertIn('xfrm if_id 0x98 ', output) - @expectedFailureIfModuleIsNotAvailable('xfrm_interface') - def test_xfrm_independent(self): - copy_unit_to_networkd_unit_path('25-xfrm-independent.netdev', 'netdev-link-local-addressing-yes.network') - start_networkd() - - self.wait_online(['xfrm99:degraded']) + output = check_output('ip -d link show dev xfrm99') + print(output) + self.assertIn('xfrm99@lo:', output) + self.assertIn('xfrm if_id 0x99 ', output) @expectedFailureIfModuleIsNotAvailable('fou') def test_fou(self):