]>
Commit | Line | Data |
---|---|---|
db9ecf05 | 1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
af5bc85d | 2 | |
af5bc85d | 3 | #include <net/if.h> |
af5bc85d | 4 | #include <stdlib.h> |
af5bc85d | 5 | |
1c4baffc | 6 | #include "sd-netlink.h" |
07630cea | 7 | |
9ca903cc | 8 | #include "loopback-setup.h" |
f5947a5e | 9 | #include "missing_network.h" |
07630cea | 10 | #include "netlink-util.h" |
ca78ad1d | 11 | #include "time-util.h" |
5a723174 | 12 | |
2d2a815c ZJS |
13 | #define LOOPBACK_SETUP_TIMEOUT_USEC (5 * USEC_PER_SEC) |
14 | ||
fb893927 LP |
15 | struct state { |
16 | unsigned n_messages; | |
17 | int rcode; | |
77d0776c YW |
18 | const char *error_message; |
19 | const char *success_message; | |
5662811e | 20 | const char *eexist_message; |
fb893927 LP |
21 | }; |
22 | ||
c23218ae | 23 | static int generic_handler(sd_netlink *rtnl, sd_netlink_message *m, void *userdata) { |
99534007 | 24 | struct state *s = ASSERT_PTR(userdata); |
77d0776c | 25 | int r; |
fb893927 | 26 | |
fb893927 LP |
27 | assert(s->n_messages > 0); |
28 | s->n_messages--; | |
29 | ||
30 | errno = 0; | |
fb893927 | 31 | |
77d0776c | 32 | r = sd_netlink_message_get_errno(m); |
5662811e LP |
33 | if (r == -EEXIST && s->eexist_message) |
34 | log_debug_errno(r, "%s", s->eexist_message); | |
35 | else if (r < 0) | |
77d0776c YW |
36 | log_debug_errno(r, "%s: %m", s->error_message); |
37 | else | |
38 | log_debug("%s", s->success_message); | |
fb893927 | 39 | |
77d0776c | 40 | s->rcode = r; |
fb893927 LP |
41 | return 0; |
42 | } | |
43 | ||
44 | static int start_loopback(sd_netlink *rtnl, struct state *s) { | |
4afd3348 | 45 | _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL; |
81eca919 | 46 | int r; |
af5bc85d | 47 | |
fb893927 LP |
48 | assert(rtnl); |
49 | assert(s); | |
50 | ||
f3fc4815 | 51 | r = sd_rtnl_message_new_link(rtnl, &req, RTM_SETLINK, LOOPBACK_IFINDEX); |
fc25d7f8 TG |
52 | if (r < 0) |
53 | return r; | |
54 | ||
5d4795f3 | 55 | r = sd_rtnl_message_link_set_flags(req, IFF_UP, IFF_UP); |
81eca919 TG |
56 | if (r < 0) |
57 | return r; | |
af5bc85d | 58 | |
8190a388 | 59 | r = sd_netlink_call_async(rtnl, NULL, req, generic_handler, NULL, s, LOOPBACK_SETUP_TIMEOUT_USEC, "systemd-start-loopback"); |
fb893927 LP |
60 | if (r < 0) |
61 | return r; | |
62 | ||
63 | s->n_messages ++; | |
64 | return 0; | |
65 | } | |
66 | ||
fb893927 LP |
67 | static int add_ipv4_address(sd_netlink *rtnl, struct state *s) { |
68 | _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL; | |
69 | int r; | |
70 | ||
71 | assert(rtnl); | |
72 | assert(s); | |
73 | ||
74 | r = sd_rtnl_message_new_addr(rtnl, &req, RTM_NEWADDR, LOOPBACK_IFINDEX, AF_INET); | |
75 | if (r < 0) | |
76 | return r; | |
77 | ||
78 | r = sd_rtnl_message_addr_set_prefixlen(req, 8); | |
79 | if (r < 0) | |
80 | return r; | |
81 | ||
82 | r = sd_rtnl_message_addr_set_flags(req, IFA_F_PERMANENT); | |
83 | if (r < 0) | |
84 | return r; | |
85 | ||
86 | r = sd_rtnl_message_addr_set_scope(req, RT_SCOPE_HOST); | |
87 | if (r < 0) | |
88 | return r; | |
89 | ||
90 | r = sd_netlink_message_append_in_addr(req, IFA_LOCAL, &(struct in_addr) { .s_addr = htobe32(INADDR_LOOPBACK) } ); | |
91 | if (r < 0) | |
92 | return r; | |
93 | ||
8190a388 | 94 | r = sd_netlink_call_async(rtnl, NULL, req, generic_handler, NULL, s, USEC_INFINITY, "systemd-loopback-ipv4"); |
fb893927 LP |
95 | if (r < 0) |
96 | return r; | |
97 | ||
98 | s->n_messages ++; | |
99 | return 0; | |
100 | } | |
101 | ||
102 | static int add_ipv6_address(sd_netlink *rtnl, struct state *s) { | |
103 | _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL; | |
104 | int r; | |
105 | ||
106 | assert(rtnl); | |
107 | assert(s); | |
108 | ||
109 | r = sd_rtnl_message_new_addr(rtnl, &req, RTM_NEWADDR, LOOPBACK_IFINDEX, AF_INET6); | |
110 | if (r < 0) | |
111 | return r; | |
112 | ||
113 | r = sd_rtnl_message_addr_set_prefixlen(req, 128); | |
114 | if (r < 0) | |
115 | return r; | |
116 | ||
117 | r = sd_rtnl_message_addr_set_flags(req, IFA_F_PERMANENT); | |
118 | if (r < 0) | |
119 | return r; | |
120 | ||
121 | r = sd_rtnl_message_addr_set_scope(req, RT_SCOPE_HOST); | |
122 | if (r < 0) | |
123 | return r; | |
124 | ||
125 | r = sd_netlink_message_append_in6_addr(req, IFA_LOCAL, &in6addr_loopback); | |
81eca919 TG |
126 | if (r < 0) |
127 | return r; | |
af5bc85d | 128 | |
8190a388 | 129 | r = sd_netlink_call_async(rtnl, NULL, req, generic_handler, NULL, s, USEC_INFINITY, "systemd-loopback-ipv6"); |
fb893927 LP |
130 | if (r < 0) |
131 | return r; | |
132 | ||
133 | s->n_messages ++; | |
af5bc85d LP |
134 | return 0; |
135 | } | |
136 | ||
1c4baffc | 137 | static bool check_loopback(sd_netlink *rtnl) { |
4afd3348 | 138 | _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL; |
e95e909d | 139 | unsigned flags; |
e62d8c39 | 140 | int r; |
e95e909d TG |
141 | |
142 | r = sd_rtnl_message_new_link(rtnl, &req, RTM_GETLINK, LOOPBACK_IFINDEX); | |
143 | if (r < 0) | |
2f0af4e1 | 144 | return false; |
e95e909d | 145 | |
fb893927 | 146 | r = sd_netlink_call(rtnl, req, USEC_INFINITY, &reply); |
e95e909d | 147 | if (r < 0) |
2f0af4e1 | 148 | return false; |
e95e909d TG |
149 | |
150 | r = sd_rtnl_message_link_get_flags(reply, &flags); | |
151 | if (r < 0) | |
2f0af4e1 | 152 | return false; |
e95e909d TG |
153 | |
154 | return flags & IFF_UP; | |
2c3ff76e LP |
155 | } |
156 | ||
af5bc85d | 157 | int loopback_setup(void) { |
4afd3348 | 158 | _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL; |
77d0776c YW |
159 | struct state state_4 = { |
160 | .error_message = "Failed to add address 127.0.0.1 to loopback interface", | |
161 | .success_message = "Successfully added address 127.0.0.1 to loopback interface", | |
5662811e | 162 | .eexist_message = "127.0.0.1 has already been added to loopback interface", |
77d0776c YW |
163 | }, state_6 = { |
164 | .error_message = "Failed to add address ::1 to loopback interface", | |
165 | .success_message = "Successfully added address ::1 to loopback interface", | |
5662811e | 166 | .eexist_message = "::1 has already been added to loopback interface", |
77d0776c YW |
167 | }, state_up = { |
168 | .error_message = "Failed to bring loopback interface up", | |
169 | .success_message = "Successfully brought loopback interface up", | |
170 | }; | |
f3fc4815 | 171 | int r; |
0a0dc69b | 172 | |
1c4baffc | 173 | r = sd_netlink_open(&rtnl); |
2c3ff76e | 174 | if (r < 0) |
fb893927 LP |
175 | return log_error_errno(r, "Failed to open netlink: %m"); |
176 | ||
177 | /* Note that we add the IP addresses here explicitly even though the kernel does that too implicitly when | |
178 | * setting up the loopback device. The reason we do this here a second time (and possibly race against the | |
179 | * kernel) is that we want to synchronously wait until the IP addresses are set up correctly, see | |
180 | * | |
181 | * https://github.com/systemd/systemd/issues/5641 */ | |
182 | ||
c23218ae | 183 | r = add_ipv4_address(rtnl, &state_4); |
fb893927 | 184 | if (r < 0) |
3561eafa | 185 | return log_error_errno(r, "Failed to enqueue IPv4 loopback address add request: %m"); |
fb893927 | 186 | |
c23218ae | 187 | r = add_ipv6_address(rtnl, &state_6); |
fb893927 | 188 | if (r < 0) |
c23218ae | 189 | return log_error_errno(r, "Failed to enqueue IPv6 loopback address add request: %m"); |
fb893927 | 190 | |
c23218ae | 191 | r = start_loopback(rtnl, &state_up); |
fb893927 | 192 | if (r < 0) |
3561eafa | 193 | return log_error_errno(r, "Failed to enqueue loopback interface start request: %m"); |
fb893927 | 194 | |
c23218ae | 195 | while (state_4.n_messages + state_6.n_messages + state_up.n_messages > 0) { |
2d2a815c | 196 | r = sd_netlink_wait(rtnl, LOOPBACK_SETUP_TIMEOUT_USEC); |
fb893927 LP |
197 | if (r < 0) |
198 | return log_error_errno(r, "Failed to wait for netlink event: %m"); | |
199 | ||
200 | r = sd_netlink_process(rtnl, NULL); | |
201 | if (r < 0) | |
202 | return log_warning_errno(r, "Failed to process netlink event: %m"); | |
203 | } | |
af5bc85d | 204 | |
c23218ae ZJS |
205 | /* Note that we don't really care whether the addresses could be added or not */ |
206 | if (state_up.rcode != 0) { | |
207 | /* If we lack the permissions to configure the loopback device, | |
208 | * but we find it to be already configured, let's exit cleanly, | |
209 | * in order to supported unprivileged containers. */ | |
b3d6f706 | 210 | if (ERRNO_IS_PRIVILEGE(state_up.rcode) && check_loopback(rtnl)) |
8f084002 | 211 | return 0; |
af5bc85d | 212 | |
9d72a3cf | 213 | return log_warning_errno(state_up.rcode, "Failed to configure loopback network device: %m"); |
8f084002 | 214 | } |
2c3ff76e | 215 | |
e62d8c39 | 216 | return 0; |
af5bc85d | 217 | } |