]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
af5bc85d | 2 | |
af5bc85d | 3 | #include <net/if.h> |
af5bc85d | 4 | #include <stdlib.h> |
af5bc85d | 5 | |
1c4baffc | 6 | #include "sd-netlink.h" |
07630cea | 7 | |
9ca903cc | 8 | #include "loopback-setup.h" |
07630cea LP |
9 | #include "missing.h" |
10 | #include "netlink-util.h" | |
5a723174 | 11 | |
2d2a815c ZJS |
12 | #define LOOPBACK_SETUP_TIMEOUT_USEC (5 * USEC_PER_SEC) |
13 | ||
fb893927 LP |
14 | struct state { |
15 | unsigned n_messages; | |
16 | int rcode; | |
77d0776c YW |
17 | const char *error_message; |
18 | const char *success_message; | |
fb893927 LP |
19 | }; |
20 | ||
c23218ae | 21 | static int generic_handler(sd_netlink *rtnl, sd_netlink_message *m, void *userdata) { |
fb893927 | 22 | struct state *s = userdata; |
77d0776c | 23 | int r; |
fb893927 LP |
24 | |
25 | assert(s); | |
26 | assert(s->n_messages > 0); | |
27 | s->n_messages--; | |
28 | ||
29 | errno = 0; | |
fb893927 | 30 | |
77d0776c YW |
31 | r = sd_netlink_message_get_errno(m); |
32 | if (r < 0) | |
33 | log_debug_errno(r, "%s: %m", s->error_message); | |
34 | else | |
35 | log_debug("%s", s->success_message); | |
fb893927 | 36 | |
77d0776c | 37 | s->rcode = r; |
fb893927 LP |
38 | return 0; |
39 | } | |
40 | ||
41 | static int start_loopback(sd_netlink *rtnl, struct state *s) { | |
4afd3348 | 42 | _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL; |
81eca919 | 43 | int r; |
af5bc85d | 44 | |
fb893927 LP |
45 | assert(rtnl); |
46 | assert(s); | |
47 | ||
f3fc4815 | 48 | r = sd_rtnl_message_new_link(rtnl, &req, RTM_SETLINK, LOOPBACK_IFINDEX); |
fc25d7f8 TG |
49 | if (r < 0) |
50 | return r; | |
51 | ||
5d4795f3 | 52 | r = sd_rtnl_message_link_set_flags(req, IFF_UP, IFF_UP); |
81eca919 TG |
53 | if (r < 0) |
54 | return r; | |
af5bc85d | 55 | |
8190a388 | 56 | r = sd_netlink_call_async(rtnl, NULL, req, generic_handler, NULL, s, LOOPBACK_SETUP_TIMEOUT_USEC, "systemd-start-loopback"); |
fb893927 LP |
57 | if (r < 0) |
58 | return r; | |
59 | ||
60 | s->n_messages ++; | |
61 | return 0; | |
62 | } | |
63 | ||
fb893927 LP |
64 | static int add_ipv4_address(sd_netlink *rtnl, struct state *s) { |
65 | _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL; | |
66 | int r; | |
67 | ||
68 | assert(rtnl); | |
69 | assert(s); | |
70 | ||
71 | r = sd_rtnl_message_new_addr(rtnl, &req, RTM_NEWADDR, LOOPBACK_IFINDEX, AF_INET); | |
72 | if (r < 0) | |
73 | return r; | |
74 | ||
75 | r = sd_rtnl_message_addr_set_prefixlen(req, 8); | |
76 | if (r < 0) | |
77 | return r; | |
78 | ||
79 | r = sd_rtnl_message_addr_set_flags(req, IFA_F_PERMANENT); | |
80 | if (r < 0) | |
81 | return r; | |
82 | ||
83 | r = sd_rtnl_message_addr_set_scope(req, RT_SCOPE_HOST); | |
84 | if (r < 0) | |
85 | return r; | |
86 | ||
87 | r = sd_netlink_message_append_in_addr(req, IFA_LOCAL, &(struct in_addr) { .s_addr = htobe32(INADDR_LOOPBACK) } ); | |
88 | if (r < 0) | |
89 | return r; | |
90 | ||
8190a388 | 91 | r = sd_netlink_call_async(rtnl, NULL, req, generic_handler, NULL, s, USEC_INFINITY, "systemd-loopback-ipv4"); |
fb893927 LP |
92 | if (r < 0) |
93 | return r; | |
94 | ||
95 | s->n_messages ++; | |
96 | return 0; | |
97 | } | |
98 | ||
99 | static int add_ipv6_address(sd_netlink *rtnl, struct state *s) { | |
100 | _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL; | |
101 | int r; | |
102 | ||
103 | assert(rtnl); | |
104 | assert(s); | |
105 | ||
106 | r = sd_rtnl_message_new_addr(rtnl, &req, RTM_NEWADDR, LOOPBACK_IFINDEX, AF_INET6); | |
107 | if (r < 0) | |
108 | return r; | |
109 | ||
110 | r = sd_rtnl_message_addr_set_prefixlen(req, 128); | |
111 | if (r < 0) | |
112 | return r; | |
113 | ||
114 | r = sd_rtnl_message_addr_set_flags(req, IFA_F_PERMANENT); | |
115 | if (r < 0) | |
116 | return r; | |
117 | ||
118 | r = sd_rtnl_message_addr_set_scope(req, RT_SCOPE_HOST); | |
119 | if (r < 0) | |
120 | return r; | |
121 | ||
122 | r = sd_netlink_message_append_in6_addr(req, IFA_LOCAL, &in6addr_loopback); | |
81eca919 TG |
123 | if (r < 0) |
124 | return r; | |
af5bc85d | 125 | |
8190a388 | 126 | r = sd_netlink_call_async(rtnl, NULL, req, generic_handler, NULL, s, USEC_INFINITY, "systemd-loopback-ipv6"); |
fb893927 LP |
127 | if (r < 0) |
128 | return r; | |
129 | ||
130 | s->n_messages ++; | |
af5bc85d LP |
131 | return 0; |
132 | } | |
133 | ||
1c4baffc | 134 | static bool check_loopback(sd_netlink *rtnl) { |
4afd3348 | 135 | _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL; |
e95e909d | 136 | unsigned flags; |
e62d8c39 | 137 | int r; |
e95e909d TG |
138 | |
139 | r = sd_rtnl_message_new_link(rtnl, &req, RTM_GETLINK, LOOPBACK_IFINDEX); | |
140 | if (r < 0) | |
2f0af4e1 | 141 | return false; |
e95e909d | 142 | |
fb893927 | 143 | r = sd_netlink_call(rtnl, req, USEC_INFINITY, &reply); |
e95e909d | 144 | if (r < 0) |
2f0af4e1 | 145 | return false; |
e95e909d TG |
146 | |
147 | r = sd_rtnl_message_link_get_flags(reply, &flags); | |
148 | if (r < 0) | |
2f0af4e1 | 149 | return false; |
e95e909d TG |
150 | |
151 | return flags & IFF_UP; | |
2c3ff76e LP |
152 | } |
153 | ||
af5bc85d | 154 | int loopback_setup(void) { |
4afd3348 | 155 | _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL; |
77d0776c YW |
156 | struct state state_4 = { |
157 | .error_message = "Failed to add address 127.0.0.1 to loopback interface", | |
158 | .success_message = "Successfully added address 127.0.0.1 to loopback interface", | |
159 | }, state_6 = { | |
160 | .error_message = "Failed to add address ::1 to loopback interface", | |
161 | .success_message = "Successfully added address ::1 to loopback interface", | |
162 | }, state_up = { | |
163 | .error_message = "Failed to bring loopback interface up", | |
164 | .success_message = "Successfully brought loopback interface up", | |
165 | }; | |
f3fc4815 | 166 | int r; |
0a0dc69b | 167 | |
1c4baffc | 168 | r = sd_netlink_open(&rtnl); |
2c3ff76e | 169 | if (r < 0) |
fb893927 LP |
170 | return log_error_errno(r, "Failed to open netlink: %m"); |
171 | ||
172 | /* Note that we add the IP addresses here explicitly even though the kernel does that too implicitly when | |
173 | * setting up the loopback device. The reason we do this here a second time (and possibly race against the | |
174 | * kernel) is that we want to synchronously wait until the IP addresses are set up correctly, see | |
175 | * | |
176 | * https://github.com/systemd/systemd/issues/5641 */ | |
177 | ||
c23218ae | 178 | r = add_ipv4_address(rtnl, &state_4); |
fb893927 | 179 | if (r < 0) |
3561eafa | 180 | return log_error_errno(r, "Failed to enqueue IPv4 loopback address add request: %m"); |
fb893927 | 181 | |
c23218ae | 182 | r = add_ipv6_address(rtnl, &state_6); |
fb893927 | 183 | if (r < 0) |
c23218ae | 184 | return log_error_errno(r, "Failed to enqueue IPv6 loopback address add request: %m"); |
fb893927 | 185 | |
c23218ae | 186 | r = start_loopback(rtnl, &state_up); |
fb893927 | 187 | if (r < 0) |
3561eafa | 188 | return log_error_errno(r, "Failed to enqueue loopback interface start request: %m"); |
fb893927 | 189 | |
c23218ae | 190 | while (state_4.n_messages + state_6.n_messages + state_up.n_messages > 0) { |
2d2a815c | 191 | r = sd_netlink_wait(rtnl, LOOPBACK_SETUP_TIMEOUT_USEC); |
fb893927 LP |
192 | if (r < 0) |
193 | return log_error_errno(r, "Failed to wait for netlink event: %m"); | |
194 | ||
195 | r = sd_netlink_process(rtnl, NULL); | |
196 | if (r < 0) | |
197 | return log_warning_errno(r, "Failed to process netlink event: %m"); | |
198 | } | |
af5bc85d | 199 | |
c23218ae ZJS |
200 | /* Note that we don't really care whether the addresses could be added or not */ |
201 | if (state_up.rcode != 0) { | |
202 | /* If we lack the permissions to configure the loopback device, | |
203 | * but we find it to be already configured, let's exit cleanly, | |
204 | * in order to supported unprivileged containers. */ | |
205 | if (state_up.rcode == -EPERM && check_loopback(rtnl)) | |
8f084002 | 206 | return 0; |
af5bc85d | 207 | |
c23218ae | 208 | return log_warning_errno(state_up.rcode, "Failed to configure loopback device: %m"); |
8f084002 | 209 | } |
2c3ff76e | 210 | |
e62d8c39 | 211 | return 0; |
af5bc85d | 212 | } |