sd-lldp-tx: do not expose machine ID by default

Previously, systemd-networkd sent machine ID as chassis ID.
Let's use application specific machine ID.

This is a kind of backward compat breaking. Hence, this also introduces
the support of $SD_LLDP_SEND_MACHINE_ID environment variable.

Closes #37613.

diff --git a/NEWS b/NEWS
index 54c7cdb487678c1c29fe6f607041c6170254e351..dd6f21dc33419f43572b5854708704391810b733 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -101,6 +101,13 @@ CHANGES WITH 258 in spe:
           IPv4DuplicateAddressDetectionTimeoutSec=. The default timeout value
           has been changed from 7 seconds to 200 milliseconds.
 
+        * systemd-networkd previously emitted the machine ID as chassis ID
+          through LLDP protocol, but now emits a deterministic ID,
+          cryptographically derived from the machine ID as chassis ID. If you
+          want to use the previous behavior, please set
+          SYSTEMD_LLDP_SEND_MACHINE_ID=1 environment variable to
+          systemd-networkd.
+
         * Support for the !! command line prefix on ExecStart= lines (and
           related) has been removed, and if specified will be ignored. The
           concept was supposed to provide compatibility with kernels that

diff --git a/docs/ENVIRONMENT.md b/docs/ENVIRONMENT.md
index c2ea147738066864b488a21e118a58b613f1b677..87fb67502a8bffd470bd6c1ccddf7c0cddc6ed84 100644 (file)
--- a/docs/ENVIRONMENT.md
+++ b/docs/ENVIRONMENT.md
@@ -688,6 +688,9 @@ SYSTEMD_HOME_DEBUG_SUFFIX=foo \
   work, ProtectSystem=strict in systemd-networkd.service needs to be downgraded
   or disabled.
 
+* `$SYSTEMD_LLDP_SEND_MACHINE_ID` - takes a boolean, If true, systemd-networkd
+  sends machine ID as chassis ID through LLDP protocol.
+
 `systemd-storagetm`:
 
 * `$SYSTEMD_NVME_MODEL`, `$SYSTEMD_NVME_FIRMWARE`, `$SYSTEMD_NVME_SERIAL`,

diff --git a/src/libsystemd-network/sd-lldp-tx.c b/src/libsystemd-network/sd-lldp-tx.c
index 9e93a77cd1da1d32b5d7f9102863d9aa6b139dfc..3f73d881d4dfd57d3c6665018e1f7d692d6eafe0 100644 (file)
--- a/src/libsystemd-network/sd-lldp-tx.c
+++ b/src/libsystemd-network/sd-lldp-tx.c
@@ -5,6 +5,7 @@
 #include "sd-lldp-tx.h"
 
 #include "alloc-util.h"
+#include "env-util.h"
 #include "ether-addr-util.h"
 #include "fd-util.h"
 #include "hostname-setup.h"
@@ -17,6 +18,8 @@
 #include "unaligned.h"
 #include "web-util.h"
 
+#define LLDP_APP_ID SD_ID128_MAKE(07,3a,43,bf,54,de,40,8d,8e,c4,96,ed,fd,94,72,dc)
+
 /* The LLDP spec calls this "txFastInit", see 9.2.5.19 */
 #define LLDP_FAST_TX_INIT 4U
 
@@ -325,6 +328,22 @@ static int packet_append_string(
         return packet_append_prefixed_string(packet, packet_size, offset, type, 0, NULL, str);
 }
 
+static int lldp_tx_get_machine_id(sd_id128_t *ret) {
+        int r;
+
+        assert(ret);
+
+        /* Unfortunately we previously exposed machine ID. If the environment variable is set, then
+         * use the machine ID as is. Otherwise, use application specific one. */
+        r = secure_getenv_bool("SYSTEMD_LLDP_SEND_MACHINE_ID");
+        if (r < 0 && r != -ENXIO)
+                log_debug_errno(r, "Failed to parse $SYSTEMD_LLDP_SEND_MACHINE_ID, ignoring: %m");
+        if (r > 0)
+                return sd_id128_get_machine(ret);
+
+        return sd_id128_get_machine_app_specific(LLDP_APP_ID, ret);
+}
+
 static int lldp_tx_create_packet(sd_lldp_tx *lldp_tx, size_t *ret_packet_size, uint8_t **ret_packet) {
         _cleanup_free_ char *hostname = NULL, *pretty_hostname = NULL;
         _cleanup_free_ uint8_t *packet = NULL;
@@ -343,7 +362,7 @@ static int lldp_tx_create_packet(sd_lldp_tx *lldp_tx, size_t *ret_packet_size, u
         if (r < 0)
                 return r;
 
-        r = sd_id128_get_machine(&machine_id);
+        r = lldp_tx_get_machine_id(&machine_id);
         if (r < 0)
                 return r;