src/core/loopback-setup.c

   1 /* SPDX-License-Identifier: LGPL-2.1+ */
   2
   3 #include <net/if.h>
   4 #include <stdlib.h>
   5
   6 #include "sd-netlink.h"
   7
   8 #include "loopback-setup.h"
   9 #include "missing.h"
  10 #include "netlink-util.h"
  11
  12 #define LOOPBACK_SETUP_TIMEOUT_USEC (5 * USEC_PER_SEC)
  13
  14 struct state {
  15         unsigned n_messages;
  16         int rcode;
  17         const char *error_message;
  18         const char *success_message;
  19 };
  20
  21 static int generic_handler(sd_netlink *rtnl, sd_netlink_message *m, void *userdata) {
  22         struct state *s = userdata;
  23         int r;
  24
  25         assert(s);
  26         assert(s->n_messages > 0);
  27         s->n_messages--;
  28
  29         errno = 0;
  30
  31         r = sd_netlink_message_get_errno(m);
  32         if (r < 0)
  33                 log_debug_errno(r, "%s: %m", s->error_message);
  34         else
  35                 log_debug("%s", s->success_message);
  36
  37         s->rcode = r;
  38         return 0;
  39 }
  40
  41 static int start_loopback(sd_netlink *rtnl, struct state *s) {
  42         _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL;
  43         int r;
  44
  45         assert(rtnl);
  46         assert(s);
  47
  48         r = sd_rtnl_message_new_link(rtnl, &req, RTM_SETLINK, LOOPBACK_IFINDEX);
  49         if (r < 0)
  50                 return r;
  51
  52         r = sd_rtnl_message_link_set_flags(req, IFF_UP, IFF_UP);
  53         if (r < 0)
  54                 return r;
  55
  56         r = sd_netlink_call_async(rtnl, NULL, req, generic_handler, NULL, s, LOOPBACK_SETUP_TIMEOUT_USEC, "systemd-start-loopback");
  57         if (r < 0)
  58                 return r;
  59
  60         s->n_messages ++;
  61         return 0;
  62 }
  63
  64 static int add_ipv4_address(sd_netlink *rtnl, struct state *s) {
  65         _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL;
  66         int r;
  67
  68         assert(rtnl);
  69         assert(s);
  70
  71         r = sd_rtnl_message_new_addr(rtnl, &req, RTM_NEWADDR, LOOPBACK_IFINDEX, AF_INET);
  72         if (r < 0)
  73                 return r;
  74
  75         r = sd_rtnl_message_addr_set_prefixlen(req, 8);
  76         if (r < 0)
  77                 return r;
  78
  79         r = sd_rtnl_message_addr_set_flags(req, IFA_F_PERMANENT);
  80         if (r < 0)
  81                 return r;
  82
  83         r = sd_rtnl_message_addr_set_scope(req, RT_SCOPE_HOST);
  84         if (r < 0)
  85                 return r;
  86
  87         r = sd_netlink_message_append_in_addr(req, IFA_LOCAL, &(struct in_addr) { .s_addr = htobe32(INADDR_LOOPBACK) } );
  88         if (r < 0)
  89                 return r;
  90
  91         r = sd_netlink_call_async(rtnl, NULL, req, generic_handler, NULL, s, USEC_INFINITY, "systemd-loopback-ipv4");
  92         if (r < 0)
  93                 return r;
  94
  95         s->n_messages ++;
  96         return 0;
  97 }
  98
  99 static int add_ipv6_address(sd_netlink *rtnl, struct state *s) {
 100         _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL;
 101         int r;
 102
 103         assert(rtnl);
 104         assert(s);
 105
 106         r = sd_rtnl_message_new_addr(rtnl, &req, RTM_NEWADDR, LOOPBACK_IFINDEX, AF_INET6);
 107         if (r < 0)
 108                 return r;
 109
 110         r = sd_rtnl_message_addr_set_prefixlen(req, 128);
 111         if (r < 0)
 112                 return r;
 113
 114         r = sd_rtnl_message_addr_set_flags(req, IFA_F_PERMANENT);
 115         if (r < 0)
 116                 return r;
 117
 118         r = sd_rtnl_message_addr_set_scope(req, RT_SCOPE_HOST);
 119         if (r < 0)
 120                 return r;
 121
 122         r = sd_netlink_message_append_in6_addr(req, IFA_LOCAL, &in6addr_loopback);
 123         if (r < 0)
 124                 return r;
 125
 126         r = sd_netlink_call_async(rtnl, NULL, req, generic_handler, NULL, s, USEC_INFINITY, "systemd-loopback-ipv6");
 127         if (r < 0)
 128                 return r;
 129
 130         s->n_messages ++;
 131         return 0;
 132 }
 133
 134 static bool check_loopback(sd_netlink *rtnl) {
 135         _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;
 136         unsigned flags;
 137         int r;
 138
 139         r = sd_rtnl_message_new_link(rtnl, &req, RTM_GETLINK, LOOPBACK_IFINDEX);
 140         if (r < 0)
 141                 return false;
 142
 143         r = sd_netlink_call(rtnl, req, USEC_INFINITY, &reply);
 144         if (r < 0)
 145                 return false;
 146
 147         r = sd_rtnl_message_link_get_flags(reply, &flags);
 148         if (r < 0)
 149                 return false;
 150
 151         return flags & IFF_UP;
 152 }
 153
 154 int loopback_setup(void) {
 155         _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
 156         struct state state_4 = {
 157                 .error_message = "Failed to add address 127.0.0.1 to loopback interface",
 158                 .success_message = "Successfully added address 127.0.0.1 to loopback interface",
 159         }, state_6 = {
 160                 .error_message = "Failed to add address ::1 to loopback interface",
 161                 .success_message = "Successfully added address ::1 to loopback interface",
 162         }, state_up = {
 163                 .error_message = "Failed to bring loopback interface up",
 164                 .success_message = "Successfully brought loopback interface up",
 165         };
 166         int r;
 167
 168         r = sd_netlink_open(&rtnl);
 169         if (r < 0)
 170                 return log_error_errno(r, "Failed to open netlink: %m");
 171
 172         /* Note that we add the IP addresses here explicitly even though the kernel does that too implicitly when
 173          * setting up the loopback device. The reason we do this here a second time (and possibly race against the
 174          * kernel) is that we want to synchronously wait until the IP addresses are set up correctly, see
 175          *
 176          * https://github.com/systemd/systemd/issues/5641 */
 177
 178         r = add_ipv4_address(rtnl, &state_4);
 179         if (r < 0)
 180                 return log_error_errno(r, "Failed to enqueue IPv4 loopback address add request: %m");
 181
 182         r = add_ipv6_address(rtnl, &state_6);
 183         if (r < 0)
 184                 return log_error_errno(r, "Failed to enqueue IPv6 loopback address add request: %m");
 185
 186         r = start_loopback(rtnl, &state_up);
 187         if (r < 0)
 188                 return log_error_errno(r, "Failed to enqueue loopback interface start request: %m");
 189
 190         while (state_4.n_messages + state_6.n_messages + state_up.n_messages > 0) {
 191                 r = sd_netlink_wait(rtnl, LOOPBACK_SETUP_TIMEOUT_USEC);
 192                 if (r < 0)
 193                         return log_error_errno(r, "Failed to wait for netlink event: %m");
 194
 195                 r = sd_netlink_process(rtnl, NULL);
 196                 if (r < 0)
 197                         return log_warning_errno(r, "Failed to process netlink event: %m");
 198         }
 199
 200         /* Note that we don't really care whether the addresses could be added or not */
 201         if (state_up.rcode != 0) {
 202                 /* If we lack the permissions to configure the loopback device,
 203                  * but we find it to be already configured, let's exit cleanly,
 204                  * in order to supported unprivileged containers. */
 205                 if (state_up.rcode == -EPERM && check_loopback(rtnl))
 206                         return 0;
 207
 208                 return log_warning_errno(state_up.rcode, "Failed to configure loopback device: %m");
 209         }
 210
 211         return 0;
 212 }