Patrik Flykt [Mon, 9 Dec 2013 21:43:29 +0000 (23:43 +0200)]
dhcp: Process DHCP Ack/Nak message
Process a DHCP Ack/Nak in much the same way as an DHCP Offer. Factor
out header verification and process options sent. Add notification
functionality with discrete values for the outcome of the DHCP Ack/
Nak processing.
Patrik Flykt [Mon, 9 Dec 2013 21:43:28 +0000 (23:43 +0200)]
dhcp: Add maximum message size option
Add maximum message size option to keep some DHCP server implementations
from sending too big messages. See ConnMan commit 0c5c862749c05193cf4c513628328c6db02b5222.
Patrik Flykt [Mon, 9 Dec 2013 21:43:27 +0000 (23:43 +0200)]
dhcp: Send DHCP Request to acquire an IP address
Create and send a DHCP Request message reusing already existing parts
of the code. This causes factoring out IP and UDP header creation and
moving next timeout calculation to be done every time in the timer
callback function independent of DHCP state. Also add an exponential
part to the timer calculation, bail out if there are errors while
resending the DHCP message for the sixth or more times.
Patrik Flykt [Mon, 9 Dec 2013 21:43:26 +0000 (23:43 +0200)]
dhcp: Handle received DHCP Offer message
Create a function for handling the full IP, UDP and DHCP packet
and tie it to the main loop. Verify IP and UDP headers and checksum.
Creat a new lease structure with using the values supplied in the
DHCP message. Free the lease structure when client is stopped.
Split out socket handling into a creation and a sending part. As a
result modify the test code.
Patrik Flykt [Mon, 9 Dec 2013 21:43:25 +0000 (23:43 +0200)]
dhcp: Add timeout and main loop support
Require a main loop to be set when creating a DHCP client. Set up
a timer to resend DHCP Discover messages and add a 0-2 second
delay to the timeout value. Move to state Selecting after successful
sending of a Discover message.
"Certain DHCP servers, such as that implemented in Mac OS X
(< 10.7) for its "Internet Sharing" feature, refuse to issue
a DHCP lease to clients that have not set a non-zero value
in their DISCOVER or REQUEST packets."
Patrik Flykt [Mon, 9 Dec 2013 21:43:21 +0000 (23:43 +0200)]
dhcp: Add test for discover DHCP packet creation
Set a fake MAC address and emulate raw packet sending. When the buffer
containing the Discover message is received, check selected IP and
UDP headers and compute IP header and UDP message checksums. Also
send the DHCP message for option parsing and expect a successful
outcome.
Patrik Flykt [Mon, 9 Dec 2013 21:43:19 +0000 (23:43 +0200)]
dhcp: Add DHCP discover sending
On starting the client, use the supplied interface mac address and create
a transaction id. Puzzle together an IP/UDP/DHCP Discover message, compute
checksums and send it out as a raw packet.
Create an additional function that constructs default options common to
all DHCP messages.
Patrik Flykt [Mon, 9 Dec 2013 21:43:18 +0000 (23:43 +0200)]
dhcp: Add function for sending a raw packet
Open a packet socket, create a link level header, send packet and
close socket. Adding it to a separate file makes testing of the
DHCP sending much easier, as the test program can supply any socket
to the DHCP client code.
Patrik Flykt [Mon, 9 Dec 2013 21:43:15 +0000 (23:43 +0200)]
dhcp: Add option append tests
Add checks for invalid lengths and parameters when using the option
appending function. Add also checks for adding options, see to it
that the resulting array is identical to the array of options added.
Patrik Flykt [Mon, 9 Dec 2013 21:43:14 +0000 (23:43 +0200)]
dhcp: Add tests for DHCP options, file and sname fields
Add a structure describing the DHCP file, sname and trailing options
fields. Create a messge holding these fields and call the internal
option parsing function.
In the test callback function verify that only regular options are
passed and figure out which part of the DHCP message is the one that
is being processed. As the test program knows the full contents of
the test options in the test structure, skip all non-regular fields
and verify that the option provided to the callback indeed is the
one expected. Check also if non-regular option fields are to be
ignored in the end of the option field as the callback is not called
again and the final check when the whole message has been processed
needs to be successful.
Add a boolean flag for pretty-printing, anticipate there will be a
nice option to toggle it in the future.
Patrik Flykt [Mon, 9 Dec 2013 21:43:11 +0000 (23:43 +0200)]
dhcp: Add option appending and parsing
Add functions to append and parse DHCP options. Not all options
are passed to the callback function, the ones not exposed are
pad, end, message type and overload. If indicated by the overload
option, file and sname fields will be examined for more options.
The option functions are internal to DHCP, add a new header files
for interal function prototypes.
Patrik Flykt [Mon, 9 Dec 2013 21:43:08 +0000 (23:43 +0200)]
dhcp: Add DHCP client initialization
Provide functionality for initializing a DHCP client struct, setting
interface index, last used address and additional options to request.
On initialization the most useful options are added by default.
nspawn: complain and continue if machine has same id
If --link-journal=host or --link-journal=guest is used, this totally
cannot work and we exit with an error. If however --link-journal=auto
or --link-journal=no is used, just display a warning.
Having the same machine id can happen if booting from the same
filesystem as the host. Since other things mostly function correctly,
let's allow that.
journal: add ability to browse journals of running OS containers
This adds the new library call sd_journal_open_container() and a new
"-M" switch to journalctl. Particular care is taken that journalctl's
"-b" switch resolves to the current boot ID of the container, not the
host.
event: hook up sd-event with the service watchdog logic
Adds a new call sd_event_set_watchdog() that can be used to hook up the
event loop with the watchdog supervision logic of systemd. If enabled
and $WATCHDOG_USEC is set the event loop will ping the invoking systemd
daemon right after coming back from epoll_wait() but not more often than
$WATCHDOG_USEC/4. The epoll_wait() will sleep no longer than
$WATCHDOG_USEC/4*3, to make sure the service manager is called in time.
This means that setting WatchdogSec= in a .service file and calling
sd_event_set_watchdog() in your daemon is enough to hook it up with the
watchdog logic.
event: when handling SIGCHLD of a child process only reap after dispatching event source
That way the even source callback is run with the zombie process still
around so that it can access /proc/$PID/ and similar, and so that it can
be sure that the PID has not been reused yet.
> after a bit debuging i found the problem:
> slim appears to leak an fd into all of its children:
> stat /proc/14004/fd/3 (14004 is the pid a random process in my session)
> File: '/proc/14004/fd/3' -> '/var/log/slim.log'
systemd-activate should be robust against the shell (or anything else) leaking
descriptors. Now everything except stdin/stdout/stderr and received sockets
will be closed.
Luke Shumaker [Sat, 23 Nov 2013 09:57:43 +0000 (04:57 -0500)]
ptyfwd: Don't set the output prop of stdin, nor the input props of stdout.
It was calling cfmakeraw(3) on the properties for STDIN_FILENO; cfmakeraw
sets both input and output properties. If (and only if) stdin and stdout
are the same device is this correct. Otherwise, we must change only the
input properties of stdin, and only the output properties of stdout.
David Herrmann [Mon, 2 Dec 2013 22:26:55 +0000 (23:26 +0100)]
core: fix Unit.SetProperties argument parsing
SetProperties has signature "ba(sv)", but the bus_unit_set_properties()
helper already does a enter_container('a', "sv") so we have to skip it in
bus_unit_method_set_properties().
The static analyzer scan-build had a few issues with analysing
parts of systemd.
gpt-auto-generator.c:
scan-build could not find blkid.h. Whether it should be blkid.h or
blkid/blkid.h seems to depend on the version used. We already use
blkid/blkid.h in udev-builtin-blkid.c so it seems safe to use that
here too.
Makefile.am:
Moved some -D's from CFLAGS to CPPFLAGS. I also simplified them a
bit and got rid of a left over DBUS_CFLAGS.
test-cgroup-mask.c/test-sched-prio.c
A variable was added to store the replaced TEST_DIR. When wrapped
in an assert_se TEST_DIR was not replaced in the logged error.
While not an issue introduced in this patch we might as well fix
it up while we are here.
bus: when we _unref() a NULL pointer, don't use assert_return()
We support unreffing NULL pointers just fine and we shouldn't pay the
_unlikely_() price for it, not get a debug message if we do, hence let's
not use assert_return() here.
Most of these checks are not programming errors, but happen during
normal runtime. For example bus_kernel_pop_memfd() is called all the
time on non-kdbus systems and is supposed to quickly fail if kdbus is
not available. However, assert_return() makes this failure
expensive, and hence has no place here. With the most recent change to
assert_return() it will even log a debug message, which should never
happen here.
bus: introduce new SD_BUS_VTABLE_HIDDEN flag for vtable members
When this flag is set then its member will not be shown in the
introspection data. Also, properties with this flag set will not be
included in GetAll() responses.
bus: introduce "trusted" bus concept and encode access control in object vtables
Introduces a new concept of "trusted" vs. "untrusted" busses. For the
latter libsystemd-bus will automatically do per-method access control,
for the former all access is automatically granted. Per-method access
control is encoded in the vtables: by default all methods are only
accessible to privileged clients. If the SD_BUS_VTABLE_UNPRIVILEGED flag
is set for a method it is accessible to unprivileged clients too. By
default whether a client is privileged is determined via checking for
its CAP_SYS_ADMIN capability, but this can be altered via the
SD_BUS_VTABLE_CAPABILITY() macro that can be ORed into the flags field
of the method.
Writable properties are also subject to SD_BUS_VTABLE_UNPRIVILEGED and
SD_BUS_VTABLE_CAPABILITY() for controlling write access to them. Note
however that read access is unrestricted, as PropertiesChanged messages
might send out the values anyway as an unrestricted broadcast.
By default the system bus is set to "untrusted" and the user bus is
"trusted" since per-method access control on the latter is unnecessary.
On dbus1 busses we check the UID of the caller rather than the
configured capability since the capability cannot be determined without
race. On kdbus the capability is checked if possible from the attached
meta-data of a message and otherwise queried from the sending peer.
This also decorates the vtables of the various daemons we ship with
these flags.
Ronny Chevalier [Sat, 7 Dec 2013 23:01:53 +0000 (00:01 +0100)]
test: rework run_qemu
It tries to find a suitable QEMU binary and will use KVM if present.
We can now configure QEMU from outside with 4 variables :
- $QEMU_BIN : path to QEMU's binary
- $KERNEL_APPEND : arguments appended to kernel cmdline
- $KERNEL_BIN : path to a kernel
Default /boot/vmlinuz-$KERNEL_VER
- $INITRD : path to an initramfs
Default /boot/initramfs-${KERNEL_VER}.img
- $QEMU_SMP : number of CPU simulated by QEMU.
Default 1
(from Alexander Graf's script: http://www.spinics.net/lists/kvm/msg72389.html)
Dan McGee [Sun, 8 Dec 2013 19:27:05 +0000 (13:27 -0600)]
Ensure unit is journaled for short-lived or oneshot processes
In the time it takes to process incoming log messages, the process we
are logging details for may exit. This means the cgroup data is no
longer available from '/proc'. Unfortunately, the way the code was
structured before, we never log _SYSTEMD_UNIT if we don't have this
cgroup information.
Add an else if case that allows the passed in unit_id to be logged even
if we couldn't capture cgroup information. This ensures a command like
`journalctl -u run-XXX` will return all log messages from a oneshot
process.
Adam Williamson [Tue, 10 Dec 2013 05:58:34 +0000 (21:58 -0800)]
drop several entries from kbd-model-map whose kbd layouts do not exist
kbd-model-map was generated from system-config-keyboard's keyboard_models.py.
Several of the kbd layouts referred in that file do not exist and, so far as I
can tell, never did. I believe these entries existed simply to provide the xkb
configuration information for those layouts, and there never were matching kbd
entries; the kbd names were entirely notional, to satisfy the need for some
entry or other in that field.
For systemd, the only function of kbd-model-map is to 'match' kbd and xkb
configurations, so it does not make any sense to maintain entries for cases
where only one or the other exists in this context.