[thirdparty/systemd.git] / src / shared / loopback-setup.c

/* SPDX-License-Identifier: LGPL-2.1-or-later */

#include <net/if.h>
#include <stdlib.h>

#include "sd-netlink.h"

#include "loopback-setup.h"
#include "missing_network.h"
#include "netlink-util.h"
#include "time-util.h"

#define LOOPBACK_SETUP_TIMEOUT_USEC (5 * USEC_PER_SEC)

struct state {
        unsigned n_messages;
        int rcode;
        const char *error_message;
        const char *success_message;
        const char *eexist_message;
};

static int generic_handler(sd_netlink *rtnl, sd_netlink_message *m, void *userdata) {
        struct state *s = ASSERT_PTR(userdata);
        int r;

        assert(s->n_messages > 0);
        s->n_messages--;

        errno = 0;

        r = sd_netlink_message_get_errno(m);
        if (r == -EEXIST && s->eexist_message)
                log_debug_errno(r, "%s", s->eexist_message);
        else if (r < 0)
                log_debug_errno(r, "%s: %m", s->error_message);
        else
                log_debug("%s", s->success_message);

        s->rcode = r;
        return 0;
}

static int start_loopback(sd_netlink *rtnl, struct state *s) {
        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL;
        int r;

        assert(rtnl);
        assert(s);

        r = sd_rtnl_message_new_link(rtnl, &req, RTM_SETLINK, LOOPBACK_IFINDEX);
        if (r < 0)
                return r;

        r = sd_rtnl_message_link_set_flags(req, IFF_UP, IFF_UP);
        if (r < 0)
                return r;

        r = sd_netlink_call_async(rtnl, NULL, req, generic_handler, NULL, s, LOOPBACK_SETUP_TIMEOUT_USEC, "systemd-start-loopback");
        if (r < 0)
                return r;

        s->n_messages ++;
        return 0;
}

static int add_ipv4_address(sd_netlink *rtnl, struct state *s) {
        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL;
        int r;

        assert(rtnl);
        assert(s);

        r = sd_rtnl_message_new_addr(rtnl, &req, RTM_NEWADDR, LOOPBACK_IFINDEX, AF_INET);
        if (r < 0)
                return r;

        r = sd_rtnl_message_addr_set_prefixlen(req, 8);
        if (r < 0)
                return r;

        r = sd_rtnl_message_addr_set_flags(req, IFA_F_PERMANENT);
        if (r < 0)
                return r;

        r = sd_rtnl_message_addr_set_scope(req, RT_SCOPE_HOST);
        if (r < 0)
                return r;

        r = sd_netlink_message_append_in_addr(req, IFA_LOCAL, &(struct in_addr) { .s_addr = htobe32(INADDR_LOOPBACK) } );
        if (r < 0)
                return r;

        r = sd_netlink_call_async(rtnl, NULL, req, generic_handler, NULL, s, USEC_INFINITY, "systemd-loopback-ipv4");
        if (r < 0)
                return r;

        s->n_messages ++;
        return 0;
}

static int add_ipv6_address(sd_netlink *rtnl, struct state *s) {
        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL;
        int r;

        assert(rtnl);
        assert(s);

        r = sd_rtnl_message_new_addr(rtnl, &req, RTM_NEWADDR, LOOPBACK_IFINDEX, AF_INET6);
        if (r < 0)
                return r;

        r = sd_rtnl_message_addr_set_prefixlen(req, 128);
        if (r < 0)
                return r;

        r = sd_rtnl_message_addr_set_flags(req, IFA_F_PERMANENT);
        if (r < 0)
                return r;

        r = sd_rtnl_message_addr_set_scope(req, RT_SCOPE_HOST);
        if (r < 0)
                return r;

        r = sd_netlink_message_append_in6_addr(req, IFA_LOCAL, &in6addr_loopback);
        if (r < 0)
                return r;

        r = sd_netlink_call_async(rtnl, NULL, req, generic_handler, NULL, s, USEC_INFINITY, "systemd-loopback-ipv6");
        if (r < 0)
                return r;

        s->n_messages ++;
        return 0;
}

static bool check_loopback(sd_netlink *rtnl) {
        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;
        unsigned flags;
        int r;

        r = sd_rtnl_message_new_link(rtnl, &req, RTM_GETLINK, LOOPBACK_IFINDEX);
        if (r < 0)
                return false;

        r = sd_netlink_call(rtnl, req, USEC_INFINITY, &reply);
        if (r < 0)
                return false;

        r = sd_rtnl_message_link_get_flags(reply, &flags);
        if (r < 0)
                return false;

        return flags & IFF_UP;
}

int loopback_setup(void) {
        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
        struct state state_4 = {
                .error_message = "Failed to add address 127.0.0.1 to loopback interface",
                .success_message = "Successfully added address 127.0.0.1 to loopback interface",
                .eexist_message = "127.0.0.1 has already been added to loopback interface",
        }, state_6 = {
                .error_message = "Failed to add address ::1 to loopback interface",
                .success_message = "Successfully added address ::1 to loopback interface",
                .eexist_message = "::1 has already been added to loopback interface",
        }, state_up = {
                .error_message = "Failed to bring loopback interface up",
                .success_message = "Successfully brought loopback interface up",
        };
        int r;

        r = sd_netlink_open(&rtnl);
        if (r < 0)
                return log_error_errno(r, "Failed to open netlink: %m");

        /* Note that we add the IP addresses here explicitly even though the kernel does that too implicitly when
         * setting up the loopback device. The reason we do this here a second time (and possibly race against the
         * kernel) is that we want to synchronously wait until the IP addresses are set up correctly, see
         *
         * https://github.com/systemd/systemd/issues/5641 */

        r = add_ipv4_address(rtnl, &state_4);
        if (r < 0)
                return log_error_errno(r, "Failed to enqueue IPv4 loopback address add request: %m");

        r = add_ipv6_address(rtnl, &state_6);
        if (r < 0)
                return log_error_errno(r, "Failed to enqueue IPv6 loopback address add request: %m");

        r = start_loopback(rtnl, &state_up);
        if (r < 0)
                return log_error_errno(r, "Failed to enqueue loopback interface start request: %m");

        while (state_4.n_messages + state_6.n_messages + state_up.n_messages > 0) {
                r = sd_netlink_wait(rtnl, LOOPBACK_SETUP_TIMEOUT_USEC);
                if (r < 0)
                        return log_error_errno(r, "Failed to wait for netlink event: %m");

                r = sd_netlink_process(rtnl, NULL);
                if (r < 0)
                        return log_warning_errno(r, "Failed to process netlink event: %m");
        }

        /* Note that we don't really care whether the addresses could be added or not */
        if (state_up.rcode != 0) {
                /* If we lack the permissions to configure the loopback device,
                 * but we find it to be already configured, let's exit cleanly,
                 * in order to supported unprivileged containers. */
                if (ERRNO_IS_PRIVILEGE(state_up.rcode) && check_loopback(rtnl))
                        return 0;

                return log_warning_errno(state_up.rcode, "Failed to configure loopback network device: %m");
        }

        return 0;
}
Commit	Line	Data
db9ecf05	1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
af5bc85d	2
af5bc85d	3	#include <net/if.h>
af5bc85d	4	#include <stdlib.h>
af5bc85d	5
1c4baffc	6	#include "sd-netlink.h"
07630cea	7
9ca903cc	8	#include "loopback-setup.h"
f5947a5e	9	#include "missing_network.h"
07630cea	10	#include "netlink-util.h"
ca78ad1d	11	#include "time-util.h"
5a723174	12
2d2a815c ZJS	13	#define LOOPBACK_SETUP_TIMEOUT_USEC (5 * USEC_PER_SEC)
2d2a815c ZJS	14
fb893927 LP	15	struct state {
	16	unsigned n_messages;
	17	int rcode;
77d0776c YW	18	const char *error_message;
77d0776c YW	19	const char *success_message;
5662811e	20	const char *eexist_message;
fb893927 LP	21	};
fb893927 LP	22
c23218ae	23	static int generic_handler(sd_netlink rtnl, sd_netlink_message m, void *userdata) {
99534007	24	struct state *s = ASSERT_PTR(userdata);
77d0776c	25	int r;
fb893927	26
fb893927 LP	27	assert(s->n_messages > 0);
	28	s->n_messages--;
	29
	30	errno = 0;
fb893927	31
77d0776c	32	r = sd_netlink_message_get_errno(m);
5662811e LP	33	if (r == -EEXIST && s->eexist_message)
	34	log_debug_errno(r, "%s", s->eexist_message);
	35	else if (r < 0)
77d0776c YW	36	log_debug_errno(r, "%s: %m", s->error_message);
	37	else
	38	log_debug("%s", s->success_message);
fb893927	39
77d0776c	40	s->rcode = r;
fb893927 LP	41	return 0;
	42	}
	43
	44	static int start_loopback(sd_netlink rtnl, struct state s) {
4afd3348	45	_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL;
81eca919	46	int r;
af5bc85d	47
fb893927 LP	48	assert(rtnl);
	49	assert(s);
	50
f3fc4815	51	r = sd_rtnl_message_new_link(rtnl, &req, RTM_SETLINK, LOOPBACK_IFINDEX);
fc25d7f8 TG	52	if (r < 0)
	53	return r;
	54
5d4795f3	55	r = sd_rtnl_message_link_set_flags(req, IFF_UP, IFF_UP);
81eca919 TG	56	if (r < 0)
81eca919 TG	57	return r;
af5bc85d	58
8190a388	59	r = sd_netlink_call_async(rtnl, NULL, req, generic_handler, NULL, s, LOOPBACK_SETUP_TIMEOUT_USEC, "systemd-start-loopback");
fb893927 LP	60	if (r < 0)
	61	return r;
	62
	63	s->n_messages ++;
	64	return 0;
	65	}
	66
fb893927 LP	67	static int add_ipv4_address(sd_netlink rtnl, struct state s) {
	68	_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL;
	69	int r;
	70
	71	assert(rtnl);
	72	assert(s);
	73
	74	r = sd_rtnl_message_new_addr(rtnl, &req, RTM_NEWADDR, LOOPBACK_IFINDEX, AF_INET);
	75	if (r < 0)
	76	return r;
	77
	78	r = sd_rtnl_message_addr_set_prefixlen(req, 8);
	79	if (r < 0)
	80	return r;
	81
	82	r = sd_rtnl_message_addr_set_flags(req, IFA_F_PERMANENT);
	83	if (r < 0)
	84	return r;
	85
	86	r = sd_rtnl_message_addr_set_scope(req, RT_SCOPE_HOST);
	87	if (r < 0)
	88	return r;
	89
	90	r = sd_netlink_message_append_in_addr(req, IFA_LOCAL, &(struct in_addr) { .s_addr = htobe32(INADDR_LOOPBACK) } );
	91	if (r < 0)
	92	return r;
	93
8190a388	94	r = sd_netlink_call_async(rtnl, NULL, req, generic_handler, NULL, s, USEC_INFINITY, "systemd-loopback-ipv4");
fb893927 LP	95	if (r < 0)
	96	return r;
	97
	98	s->n_messages ++;
	99	return 0;
	100	}
	101
	102	static int add_ipv6_address(sd_netlink rtnl, struct state s) {
	103	_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL;
	104	int r;
	105
	106	assert(rtnl);
	107	assert(s);
	108
	109	r = sd_rtnl_message_new_addr(rtnl, &req, RTM_NEWADDR, LOOPBACK_IFINDEX, AF_INET6);
	110	if (r < 0)
	111	return r;
	112
	113	r = sd_rtnl_message_addr_set_prefixlen(req, 128);
	114	if (r < 0)
	115	return r;
	116
	117	r = sd_rtnl_message_addr_set_flags(req, IFA_F_PERMANENT);
	118	if (r < 0)
	119	return r;
	120
	121	r = sd_rtnl_message_addr_set_scope(req, RT_SCOPE_HOST);
	122	if (r < 0)
	123	return r;
	124
	125	r = sd_netlink_message_append_in6_addr(req, IFA_LOCAL, &in6addr_loopback);
81eca919 TG	126	if (r < 0)
81eca919 TG	127	return r;
af5bc85d	128
8190a388	129	r = sd_netlink_call_async(rtnl, NULL, req, generic_handler, NULL, s, USEC_INFINITY, "systemd-loopback-ipv6");
fb893927 LP	130	if (r < 0)
	131	return r;
	132
	133	s->n_messages ++;
af5bc85d LP	134	return 0;
	135	}
	136
1c4baffc	137	static bool check_loopback(sd_netlink *rtnl) {
4afd3348	138	_cleanup_(sd_netlink_message_unrefp) sd_netlink_message req = NULL, reply = NULL;
e95e909d	139	unsigned flags;
e62d8c39	140	int r;
e95e909d TG	141
	142	r = sd_rtnl_message_new_link(rtnl, &req, RTM_GETLINK, LOOPBACK_IFINDEX);
	143	if (r < 0)
2f0af4e1	144	return false;
e95e909d	145
fb893927	146	r = sd_netlink_call(rtnl, req, USEC_INFINITY, &reply);
e95e909d	147	if (r < 0)
2f0af4e1	148	return false;
e95e909d TG	149
	150	r = sd_rtnl_message_link_get_flags(reply, &flags);
	151	if (r < 0)
2f0af4e1	152	return false;
e95e909d TG	153
e95e909d TG	154	return flags & IFF_UP;
2c3ff76e LP	155	}
2c3ff76e LP	156
af5bc85d	157	int loopback_setup(void) {
4afd3348	158	_cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
77d0776c YW	159	struct state state_4 = {
	160	.error_message = "Failed to add address 127.0.0.1 to loopback interface",
	161	.success_message = "Successfully added address 127.0.0.1 to loopback interface",
5662811e	162	.eexist_message = "127.0.0.1 has already been added to loopback interface",
77d0776c YW	163	}, state_6 = {
	164	.error_message = "Failed to add address ::1 to loopback interface",
	165	.success_message = "Successfully added address ::1 to loopback interface",
5662811e	166	.eexist_message = "::1 has already been added to loopback interface",
77d0776c YW	167	}, state_up = {
	168	.error_message = "Failed to bring loopback interface up",
	169	.success_message = "Successfully brought loopback interface up",
	170	};
f3fc4815	171	int r;
0a0dc69b	172
1c4baffc	173	r = sd_netlink_open(&rtnl);
2c3ff76e	174	if (r < 0)
fb893927 LP	175	return log_error_errno(r, "Failed to open netlink: %m");
	176
	177	/* Note that we add the IP addresses here explicitly even though the kernel does that too implicitly when
	178	* setting up the loopback device. The reason we do this here a second time (and possibly race against the
	179	* kernel) is that we want to synchronously wait until the IP addresses are set up correctly, see
	180	*
	181	* https://github.com/systemd/systemd/issues/5641 */
	182
c23218ae	183	r = add_ipv4_address(rtnl, &state_4);
fb893927	184	if (r < 0)
3561eafa	185	return log_error_errno(r, "Failed to enqueue IPv4 loopback address add request: %m");
fb893927	186
c23218ae	187	r = add_ipv6_address(rtnl, &state_6);
fb893927	188	if (r < 0)
c23218ae	189	return log_error_errno(r, "Failed to enqueue IPv6 loopback address add request: %m");
fb893927	190
c23218ae	191	r = start_loopback(rtnl, &state_up);
fb893927	192	if (r < 0)
3561eafa	193	return log_error_errno(r, "Failed to enqueue loopback interface start request: %m");
fb893927	194
c23218ae	195	while (state_4.n_messages + state_6.n_messages + state_up.n_messages > 0) {
2d2a815c	196	r = sd_netlink_wait(rtnl, LOOPBACK_SETUP_TIMEOUT_USEC);
fb893927 LP	197	if (r < 0)
	198	return log_error_errno(r, "Failed to wait for netlink event: %m");
	199
	200	r = sd_netlink_process(rtnl, NULL);
	201	if (r < 0)
	202	return log_warning_errno(r, "Failed to process netlink event: %m");
	203	}
af5bc85d	204
c23218ae ZJS	205	/* Note that we don't really care whether the addresses could be added or not */
	206	if (state_up.rcode != 0) {
	207	/* If we lack the permissions to configure the loopback device,
	208	* but we find it to be already configured, let's exit cleanly,
	209	* in order to supported unprivileged containers. */
b3d6f706	210	if (ERRNO_IS_PRIVILEGE(state_up.rcode) && check_loopback(rtnl))
8f084002	211	return 0;
af5bc85d	212
9d72a3cf	213	return log_warning_errno(state_up.rcode, "Failed to configure loopback network device: %m");
8f084002	214	}
2c3ff76e	215
e62d8c39	216	return 0;
af5bc85d	217	}