Commit 282faf45 authored by Dan Streetman's avatar Dan Streetman Committed by Balint Reczey
Browse files

Import Debian changes 237-3ubuntu10.15

systemd (237-3ubuntu10.15) bionic; urgency=medium

  [ Victor Tapia ]
  * d/p/stop-mount-error-propagation.patch:
    keep mount errors local to the failing mount point instead of blocking
    the processing of all mounts (LP: #1755863)
parent 45bfa444
systemd (237-3ubuntu10.14) bionic; urgency=medium
systemd (237-3ubuntu10.15) bionic; urgency=medium
[ Victor Tapia ]
* d/p/stop-mount-error-propagation.patch:
keep mount errors local to the failing mount point instead of blocking
the processing of all mounts (LP: #1755863)
[ Daniel Axtens ]
* Fix an issue where IPv6 routes that specified PreferredSource
would not be added - upstream bug #5882. (LP: #1812760)
- debian/patches/networkd-don-t-remove-ip-address.patch,
debian/patches/networkd-don-t-remove-route.patch: don't clear out all
IP addresses and routes when starting, only ones not in the config.
Required for the remaining patches to fully cover the field.
- debian/patches/Move-link_check_ready-to-later-in-the-file.patch,
debian/patches/Install-routes-after-addresses-are-ready.patch: wait
until addresses are ready (not tentative) before installing routes,
allowing routes with IPv6 source addresses to work.
-- Dan Streetman <ddstreet@canonical.com> Thu, 28 Feb 2019 16:03:40 -0500
systemd (237-3ubuntu10.13) bionic-security; urgency=medium
......
From 74471d996d5a191de7704958f9c9fd7dcc44157b Mon Sep 17 00:00:00 2001
From: Daniel Axtens <dja@axtens.net>
Date: Wed, 5 Dec 2018 21:49:35 +1100
Subject: Install routes after addresses are ready
If an IPv6 route is added with a source address that is still
tentative, the kernel will refuse to install it.
Previously, once we sent the messages to the kernel to add the
addresses, we would immediately proceed to add the routes. The
addresses would usually still be tentative at this point, so
adding static IPv6 routes was broken - see issue #5882.
Now, only begin to configure routes once the addresses are ready,
by restructuring the state machine, and tracking when addresses are
ready, not just added.
Fixes: #5882
Author: Daniel Axtens <daniel.axtens@canonical.com>
Original-Author: Daniel Axtens <dja@axtens.net>
Origin: backport, https://github.com/systemd/systemd/commit/6aa5773bfff0a92d64da70426cae833df6f84daf
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1812760
Last-Update: 2019-01-23
---
src/network/networkd-link.c | 21 +++++++++++++--------
src/network/networkd-link.h | 2 ++
2 files changed, 15 insertions(+), 8 deletions(-)
diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
index 972b92992f68..53c4da18aa7a 100644
--- a/src/network/networkd-link.c
+++ b/src/network/networkd-link.c
@@ -847,6 +847,15 @@ void link_check_ready(Link *link) {
if (!link->network)
return;
+ SET_FOREACH(a, link->addresses, i)
+ if (!address_is_ready(a))
+ return;
+
+ if (!link->addresses_ready) {
+ link->addresses_ready = true;
+ link_enter_set_routes(link);
+ }
+
if (!link->static_routes_configured)
return;
@@ -878,10 +887,6 @@ void link_check_ready(Link *link) {
return;
}
- SET_FOREACH(a, link->addresses, i)
- if (!address_is_ready(a))
- return;
-
if (link->state != LINK_STATE_CONFIGURED)
link_enter_configured(link);
@@ -931,7 +936,7 @@ static int address_handler(sd_netlink *rtnl, sd_netlink_message *m, void *userda
if (link->address_messages == 0) {
log_link_debug(link, "Addresses set");
- link_enter_set_routes(link);
+ link_check_ready(link);
}
return 1;
@@ -1232,9 +1237,9 @@ static int link_enter_set_addresses(Link *link) {
log_link_debug(link, "Offering DHCPv4 leases");
}
- if (link->address_messages == 0)
- link_enter_set_routes(link);
- else
+ if (link->address_messages == 0) {
+ link_check_ready(link);
+ } else
log_link_debug(link, "Setting addresses");
return 0;
diff --git a/src/network/networkd-link.h b/src/network/networkd-link.h
index 8aaaa679ff36..32b4934349b7 100644
--- a/src/network/networkd-link.h
+++ b/src/network/networkd-link.h
@@ -98,6 +98,8 @@ typedef struct Link {
Set *routes;
Set *routes_foreign;
+ bool addresses_ready;
+
sd_dhcp_client *dhcp_client;
sd_dhcp_lease *dhcp_lease;
char *lease_file;
--
2.17.1
From 74b69ca2b89f8cf29262de97c40a8e79056a3779 Mon Sep 17 00:00:00 2001
From: Daniel Axtens <dja@axtens.net>
Date: Wed, 5 Dec 2018 20:39:41 +1100
Subject: Move link_check_ready() to later in the file
We're about to need it to be later in the file for the next commit.
Moving it now means that when we change it in the next commit, it's
not intermingled with the move.
No functional change intended.
Author: Daniel Axtens <daniel.axtens@canonical.com>
Original-Author: Daniel Axtens <dja@axtens.net>
Origin: backport, https://github.com/systemd/systemd/commit/6accfd3139a0ccef9859b742452c04926f52515c
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1812760
Last-Update: 2019-01-23
---
src/network/networkd-link.c | 106 ++++++++++++++++++------------------
1 file changed, 53 insertions(+), 53 deletions(-)
diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
index cae7519efe2c..972b92992f68 100644
--- a/src/network/networkd-link.c
+++ b/src/network/networkd-link.c
@@ -741,59 +741,6 @@ static void link_enter_configured(Link *link) {
link_dirty(link);
}
-void link_check_ready(Link *link) {
- Address *a;
- Iterator i;
-
- assert(link);
-
- if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER))
- return;
-
- if (!link->network)
- return;
-
- if (!link->static_routes_configured)
- return;
-
- if (!link->routing_policy_rules_configured)
- return;
-
- if (link_ipv4ll_enabled(link))
- if (!link->ipv4ll_address ||
- !link->ipv4ll_route)
- return;
-
- if (!link->network->bridge) {
-
- if (link_ipv6ll_enabled(link))
- if (in_addr_is_null(AF_INET6, (const union in_addr_union*) &link->ipv6ll_address) > 0)
- return;
-
- if ((link_dhcp4_enabled(link) && !link_dhcp6_enabled(link) &&
- !link->dhcp4_configured) ||
- (link_dhcp6_enabled(link) && !link_dhcp4_enabled(link) &&
- !link->dhcp6_configured) ||
- (link_dhcp4_enabled(link) && link_dhcp6_enabled(link) &&
- !link->dhcp4_configured && !link->dhcp6_configured))
- return;
-
- bool implicit = false;
- if (link_ipv6_accept_ra_enabled_implicit(link, &implicit) && !link->ndisc_configured)
- if (!implicit)
- return;
- }
-
- SET_FOREACH(a, link->addresses, i)
- if (!address_is_ready(a))
- return;
-
- if (link->state != LINK_STATE_CONFIGURED)
- link_enter_configured(link);
-
- return;
-}
-
static int link_set_routing_policy_rule(Link *link) {
RoutingPolicyRule *rule, *rrule = NULL;
int r;
@@ -888,6 +835,59 @@ static int link_enter_set_routes(Link *link) {
return 0;
}
+void link_check_ready(Link *link) {
+ Address *a;
+ Iterator i;
+
+ assert(link);
+
+ if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER))
+ return;
+
+ if (!link->network)
+ return;
+
+ if (!link->static_routes_configured)
+ return;
+
+ if (!link->routing_policy_rules_configured)
+ return;
+
+ if (link_ipv4ll_enabled(link))
+ if (!link->ipv4ll_address ||
+ !link->ipv4ll_route)
+ return;
+
+ if (!link->network->bridge) {
+
+ if (link_ipv6ll_enabled(link))
+ if (in_addr_is_null(AF_INET6, (const union in_addr_union*) &link->ipv6ll_address) > 0)
+ return;
+
+ if ((link_dhcp4_enabled(link) && !link_dhcp6_enabled(link) &&
+ !link->dhcp4_configured) ||
+ (link_dhcp6_enabled(link) && !link_dhcp4_enabled(link) &&
+ !link->dhcp6_configured) ||
+ (link_dhcp4_enabled(link) && link_dhcp6_enabled(link) &&
+ !link->dhcp4_configured && !link->dhcp6_configured))
+ return;
+
+ bool implicit = false;
+ if (link_ipv6_accept_ra_enabled_implicit(link, &implicit) && !link->ndisc_configured)
+ if (!implicit)
+ return;
+ }
+
+ SET_FOREACH(a, link->addresses, i)
+ if (!address_is_ready(a))
+ return;
+
+ if (link->state != LINK_STATE_CONFIGURED)
+ link_enter_configured(link);
+
+ return;
+}
+
int link_route_remove_handler(sd_netlink *rtnl, sd_netlink_message *m, void *userdata) {
_cleanup_link_unref_ Link *link = userdata;
int r;
--
2.17.1
From dfac6d99809a66bc840682b0171a9b08f073d363 Mon Sep 17 00:00:00 2001
From: Tobias Jungel <tobias.jungel@bisdn.de>
Date: Wed, 31 Oct 2018 13:33:54 +0100
Subject: networkd: don't remove ip address
In case networkd is restarted this prevents a removal of an already existing IP
address that would be configured using networkd. With the proposed changes the
IP address will be kept on the interface without removing. This happens only on
physical hosts or VMs since networkd handles interface configuration slightly
different in containers.
Origin: upstream, https://github.com/systemd/systemd/commit/30226d2718d9c3209ff779465ab62c3fb05b3f22
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1812760
Last-Update: 2019-01-23
---
src/network/networkd-address.c | 6 ++++++
src/network/networkd-link.c | 28 +++++++++++++++++++++++++---
2 files changed, 31 insertions(+), 3 deletions(-)
diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c
index ca5b54bdbf01..ed3ba005e435 100644
--- a/src/network/networkd-address.c
+++ b/src/network/networkd-address.c
@@ -451,6 +451,7 @@ int address_remove(
sd_netlink_message_handler_t callback) {
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL;
+ _cleanup_free_ char *b = NULL;
int r;
assert(address);
@@ -460,6 +461,11 @@ int address_remove(
assert(link->manager);
assert(link->manager->rtnl);
+ if (DEBUG_LOGGING) {
+ if (in_addr_to_string(address->family, &address->in_addr, &b) >= 0)
+ log_link_debug(link, "Removing address %s", b);
+ }
+
r = sd_rtnl_message_new_addr(link->manager->rtnl, &req, RTM_DELADDR,
link->ifindex, address->family);
if (r < 0)
diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
index 30c2745bb562..1639f7ebf19c 100644
--- a/src/network/networkd-link.c
+++ b/src/network/networkd-link.c
@@ -2519,6 +2519,22 @@ static int link_set_ipv6_mtu(Link *link) {
return 0;
}
+static bool link_is_static_address_configured(Link *link, Address *address) {
+ Address *net_address;
+
+ assert(link);
+ assert(address);
+
+ if (!link->network)
+ return false;
+
+ LIST_FOREACH(addresses, net_address, link->network->static_addresses)
+ if (address_equal(net_address, address))
+ return true;
+
+ return false;
+}
+
static int link_drop_foreign_config(Link *link) {
Address *address;
Route *route;
@@ -2530,9 +2546,15 @@ static int link_drop_foreign_config(Link *link) {
if (address->family == AF_INET6 && in_addr_is_link_local(AF_INET6, &address->in_addr) == 1)
continue;
- r = address_remove(address, link, link_address_remove_handler);
- if (r < 0)
- return r;
+ if (link_is_static_address_configured(link, address)) {
+ r = address_add(link, address->family, &address->in_addr, address->prefixlen, NULL);
+ if (r < 0)
+ return log_link_error_errno(link, r, "Failed to add address: %m");
+ } else {
+ r = address_remove(address, link, link_address_remove_handler);
+ if (r < 0)
+ return r;
+ }
}
SET_FOREACH(route, link->routes_foreign, i) {
--
2.17.1
From 51e1e204251bfa3e6c7e53b98039510dfe29b769 Mon Sep 17 00:00:00 2001
From: Tobias Jungel <tobias.jungel@bisdn.de>
Date: Tue, 6 Nov 2018 13:28:12 +0100
Subject: networkd: don't remove route
In case networkd is restarted this prevents a removal of an already existing
route that would be configured using networkd. With the proposed changes the
route will be kept on the interface without removing. This happens only on
physical hosts or VMs since networkd handles interface configuration slightly
different in containers.
Origin: upstream, https://github.com/systemd/systemd/commit/7ecf0c3e1795c08f3089752d7224fe097be4ea8e
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1812760
Last-Update: 2019-01-23
---
src/network/networkd-link.c | 28 +++++++++++++++++++++++++---
src/network/networkd-route.c | 10 ++++++++++
src/network/networkd-route.h | 1 +
3 files changed, 36 insertions(+), 3 deletions(-)
diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
index 1639f7ebf19c..cae7519efe2c 100644
--- a/src/network/networkd-link.c
+++ b/src/network/networkd-link.c
@@ -2535,6 +2535,22 @@ static bool link_is_static_address_configured(Link *link, Address *address) {
return false;
}
+static bool link_is_static_route_configured(Link *link, Route *route) {
+ Route *net_route;
+
+ assert(link);
+ assert(route);
+
+ if (!link->network)
+ return false;
+
+ LIST_FOREACH(routes, net_route, link->network->static_routes)
+ if (route_equal(net_route, route))
+ return true;
+
+ return false;
+}
+
static int link_drop_foreign_config(Link *link) {
Address *address;
Route *route;
@@ -2562,9 +2578,15 @@ static int link_drop_foreign_config(Link *link) {
if (route->protocol == RTPROT_KERNEL)
continue;
- r = route_remove(route, link, link_route_remove_handler);
- if (r < 0)
- return r;
+ if (link_is_static_route_configured(link, route)) {
+ r = route_add(link, route->family, &route->dst, route->dst_prefixlen, route->tos, route->priority, route->table, NULL);
+ if (r < 0)
+ return r;
+ } else {
+ r = route_remove(route, link, link_route_remove_handler);
+ if (r < 0)
+ return r;
+ }
}
return 0;
diff --git a/src/network/networkd-route.c b/src/network/networkd-route.c
index 70dca5219bae..0157979f40e9 100644
--- a/src/network/networkd-route.c
+++ b/src/network/networkd-route.c
@@ -227,6 +227,16 @@ static const struct hash_ops route_hash_ops = {
.compare = route_compare_func
};
+bool route_equal(Route *r1, Route *r2) {
+ if (r1 == r2)
+ return true;
+
+ if (!r1 || !r2)
+ return false;
+
+ return route_compare_func(r1, r2) == 0;
+}
+
int route_get(Link *link,
int family,
const union in_addr_union *dst,
diff --git a/src/network/networkd-route.h b/src/network/networkd-route.h
index 6db9d592ea53..0f54bd98fee8 100644
--- a/src/network/networkd-route.h
+++ b/src/network/networkd-route.h
@@ -69,6 +69,7 @@ int route_get(Link *link, int family, const union in_addr_union *dst, unsigned c
int route_add(Link *link, int family, const union in_addr_union *dst, unsigned char dst_prefixlen, unsigned char tos, uint32_t priority, uint32_t table, Route **ret);
int route_add_foreign(Link *link, int family, const union in_addr_union *dst, unsigned char dst_prefixlen, unsigned char tos, uint32_t priority, uint32_t table, Route **ret);
void route_update(Route *route, const union in_addr_union *src, unsigned char src_prefixlen, const union in_addr_union *gw, const union in_addr_union *prefsrc, unsigned char scope, unsigned char protocol, unsigned char type);
+bool route_equal(Route *r1, Route *r2);
int route_expire_handler(sd_event_source *s, uint64_t usec, void *userdata);
--
2.17.1
......@@ -97,7 +97,3 @@ CVE-2019-6454.patch
sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch
journal-do-not-remove-multiple-spaces-after-identifi.patch
stop-mount-error-propagation.patch
networkd-don-t-remove-ip-address.patch
networkd-don-t-remove-route.patch
Move-link_check_ready-to-later-in-the-file.patch
Install-routes-after-addresses-are-ready.patch
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment