src/core/loopback-setup.c

   1 /* SPDX-License-Identifier: LGPL-2.1+ */
   2
   3 #include <net/if.h>
   4 #include <stdlib.h>
   5
   6 #include "sd-netlink.h"
   7
   8 #include "loopback-setup.h"
   9 #include "missing.h"
  10 #include "netlink-util.h"
  11 #include "time-util.h"
  12
  13 #define LOOPBACK_SETUP_TIMEOUT_USEC (5 * USEC_PER_SEC)
  14
  15 struct state {
  16         unsigned n_messages;
  17         int rcode;
  18         const char *error_message;
  19         const char *success_message;
  20 };
  21
  22 static int generic_handler(sd_netlink *rtnl, sd_netlink_message *m, void *userdata) {
  23         struct state *s = userdata;
  24         int r;
  25
  26         assert(s);
  27         assert(s->n_messages > 0);
  28         s->n_messages--;
  29
  30         errno = 0;
  31
  32         r = sd_netlink_message_get_errno(m);
  33         if (r < 0)
  34                 log_debug_errno(r, "%s: %m", s->error_message);
  35         else
  36                 log_debug("%s", s->success_message);
  37
  38         s->rcode = r;
  39         return 0;
  40 }
  41
  42 static int start_loopback(sd_netlink *rtnl, struct state *s) {
  43         _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL;
  44         int r;
  45
  46         assert(rtnl);
  47         assert(s);
  48
  49         r = sd_rtnl_message_new_link(rtnl, &req, RTM_SETLINK, LOOPBACK_IFINDEX);
  50         if (r < 0)
  51                 return r;
  52
  53         r = sd_rtnl_message_link_set_flags(req, IFF_UP, IFF_UP);
  54         if (r < 0)
  55                 return r;
  56
  57         r = sd_netlink_call_async(rtnl, NULL, req, generic_handler, NULL, s, LOOPBACK_SETUP_TIMEOUT_USEC, "systemd-start-loopback");
  58         if (r < 0)
  59                 return r;
  60
  61         s->n_messages ++;
  62         return 0;
  63 }
  64
  65 static int add_ipv4_address(sd_netlink *rtnl, struct state *s) {
  66         _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL;
  67         int r;
  68
  69         assert(rtnl);
  70         assert(s);
  71
  72         r = sd_rtnl_message_new_addr(rtnl, &req, RTM_NEWADDR, LOOPBACK_IFINDEX, AF_INET);
  73         if (r < 0)
  74                 return r;
  75
  76         r = sd_rtnl_message_addr_set_prefixlen(req, 8);
  77         if (r < 0)
  78                 return r;
  79
  80         r = sd_rtnl_message_addr_set_flags(req, IFA_F_PERMANENT);
  81         if (r < 0)
  82                 return r;
  83
  84         r = sd_rtnl_message_addr_set_scope(req, RT_SCOPE_HOST);
  85         if (r < 0)
  86                 return r;
  87
  88         r = sd_netlink_message_append_in_addr(req, IFA_LOCAL, &(struct in_addr) { .s_addr = htobe32(INADDR_LOOPBACK) } );
  89         if (r < 0)
  90                 return r;
  91
  92         r = sd_netlink_call_async(rtnl, NULL, req, generic_handler, NULL, s, USEC_INFINITY, "systemd-loopback-ipv4");
  93         if (r < 0)
  94                 return r;
  95
  96         s->n_messages ++;
  97         return 0;
  98 }
  99
 100 static int add_ipv6_address(sd_netlink *rtnl, struct state *s) {
 101         _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL;
 102         int r;
 103
 104         assert(rtnl);
 105         assert(s);
 106
 107         r = sd_rtnl_message_new_addr(rtnl, &req, RTM_NEWADDR, LOOPBACK_IFINDEX, AF_INET6);
 108         if (r < 0)
 109                 return r;
 110
 111         r = sd_rtnl_message_addr_set_prefixlen(req, 128);
 112         if (r < 0)
 113                 return r;
 114
 115         r = sd_rtnl_message_addr_set_flags(req, IFA_F_PERMANENT);
 116         if (r < 0)
 117                 return r;
 118
 119         r = sd_rtnl_message_addr_set_scope(req, RT_SCOPE_HOST);
 120         if (r < 0)
 121                 return r;
 122
 123         r = sd_netlink_message_append_in6_addr(req, IFA_LOCAL, &in6addr_loopback);
 124         if (r < 0)
 125                 return r;
 126
 127         r = sd_netlink_call_async(rtnl, NULL, req, generic_handler, NULL, s, USEC_INFINITY, "systemd-loopback-ipv6");
 128         if (r < 0)
 129                 return r;
 130
 131         s->n_messages ++;
 132         return 0;
 133 }
 134
 135 static bool check_loopback(sd_netlink *rtnl) {
 136         _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;
 137         unsigned flags;
 138         int r;
 139
 140         r = sd_rtnl_message_new_link(rtnl, &req, RTM_GETLINK, LOOPBACK_IFINDEX);
 141         if (r < 0)
 142                 return false;
 143
 144         r = sd_netlink_call(rtnl, req, USEC_INFINITY, &reply);
 145         if (r < 0)
 146                 return false;
 147
 148         r = sd_rtnl_message_link_get_flags(reply, &flags);
 149         if (r < 0)
 150                 return false;
 151
 152         return flags & IFF_UP;
 153 }
 154
 155 int loopback_setup(void) {
 156         _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
 157         struct state state_4 = {
 158                 .error_message = "Failed to add address 127.0.0.1 to loopback interface",
 159                 .success_message = "Successfully added address 127.0.0.1 to loopback interface",
 160         }, state_6 = {
 161                 .error_message = "Failed to add address ::1 to loopback interface",
 162                 .success_message = "Successfully added address ::1 to loopback interface",
 163         }, state_up = {
 164                 .error_message = "Failed to bring loopback interface up",
 165                 .success_message = "Successfully brought loopback interface up",
 166         };
 167         int r;
 168
 169         r = sd_netlink_open(&rtnl);
 170         if (r < 0)
 171                 return log_error_errno(r, "Failed to open netlink: %m");
 172
 173         /* Note that we add the IP addresses here explicitly even though the kernel does that too implicitly when
 174          * setting up the loopback device. The reason we do this here a second time (and possibly race against the
 175          * kernel) is that we want to synchronously wait until the IP addresses are set up correctly, see
 176          *
 177          * https://github.com/systemd/systemd/issues/5641 */
 178
 179         r = add_ipv4_address(rtnl, &state_4);
 180         if (r < 0)
 181                 return log_error_errno(r, "Failed to enqueue IPv4 loopback address add request: %m");
 182
 183         r = add_ipv6_address(rtnl, &state_6);
 184         if (r < 0)
 185                 return log_error_errno(r, "Failed to enqueue IPv6 loopback address add request: %m");
 186
 187         r = start_loopback(rtnl, &state_up);
 188         if (r < 0)
 189                 return log_error_errno(r, "Failed to enqueue loopback interface start request: %m");
 190
 191         while (state_4.n_messages + state_6.n_messages + state_up.n_messages > 0) {
 192                 r = sd_netlink_wait(rtnl, LOOPBACK_SETUP_TIMEOUT_USEC);
 193                 if (r < 0)
 194                         return log_error_errno(r, "Failed to wait for netlink event: %m");
 195
 196                 r = sd_netlink_process(rtnl, NULL);
 197                 if (r < 0)
 198                         return log_warning_errno(r, "Failed to process netlink event: %m");
 199         }
 200
 201         /* Note that we don't really care whether the addresses could be added or not */
 202         if (state_up.rcode != 0) {
 203                 /* If we lack the permissions to configure the loopback device,
 204                  * but we find it to be already configured, let's exit cleanly,
 205                  * in order to supported unprivileged containers. */
 206                 if (state_up.rcode == -EPERM && check_loopback(rtnl))
 207                         return 0;
 208
 209                 return log_warning_errno(state_up.rcode, "Failed to configure loopback device: %m");
 210         }
 211
 212         return 0;
 213 }