From: Yu Watanabe Date: Sat, 14 Jun 2025 19:03:26 +0000 (+0900) Subject: sd-lldp-tx: do not expose machine ID by default X-Git-Tag: v258-rc1~296^2~7 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=27546b769c6f1896a3fbbd3453a3eb65693e23ae;p=thirdparty%2Fsystemd.git sd-lldp-tx: do not expose machine ID by default Previously, systemd-networkd sent machine ID as chassis ID. Let's use application specific machine ID. This is a kind of backward compat breaking. Hence, this also introduces the support of $SD_LLDP_SEND_MACHINE_ID environment variable. Closes #37613. --- diff --git a/NEWS b/NEWS index 54c7cdb4876..dd6f21dc334 100644 --- a/NEWS +++ b/NEWS @@ -101,6 +101,13 @@ CHANGES WITH 258 in spe: IPv4DuplicateAddressDetectionTimeoutSec=. The default timeout value has been changed from 7 seconds to 200 milliseconds. + * systemd-networkd previously emitted the machine ID as chassis ID + through LLDP protocol, but now emits a deterministic ID, + cryptographically derived from the machine ID as chassis ID. If you + want to use the previous behavior, please set + SYSTEMD_LLDP_SEND_MACHINE_ID=1 environment variable to + systemd-networkd. + * Support for the !! command line prefix on ExecStart= lines (and related) has been removed, and if specified will be ignored. The concept was supposed to provide compatibility with kernels that diff --git a/docs/ENVIRONMENT.md b/docs/ENVIRONMENT.md index c2ea1477380..87fb67502a8 100644 --- a/docs/ENVIRONMENT.md +++ b/docs/ENVIRONMENT.md @@ -688,6 +688,9 @@ SYSTEMD_HOME_DEBUG_SUFFIX=foo \ work, ProtectSystem=strict in systemd-networkd.service needs to be downgraded or disabled. +* `$SYSTEMD_LLDP_SEND_MACHINE_ID` - takes a boolean, If true, systemd-networkd + sends machine ID as chassis ID through LLDP protocol. + `systemd-storagetm`: * `$SYSTEMD_NVME_MODEL`, `$SYSTEMD_NVME_FIRMWARE`, `$SYSTEMD_NVME_SERIAL`, diff --git a/src/libsystemd-network/sd-lldp-tx.c b/src/libsystemd-network/sd-lldp-tx.c index 9e93a77cd1d..3f73d881d4d 100644 --- a/src/libsystemd-network/sd-lldp-tx.c +++ b/src/libsystemd-network/sd-lldp-tx.c @@ -5,6 +5,7 @@ #include "sd-lldp-tx.h" #include "alloc-util.h" +#include "env-util.h" #include "ether-addr-util.h" #include "fd-util.h" #include "hostname-setup.h" @@ -17,6 +18,8 @@ #include "unaligned.h" #include "web-util.h" +#define LLDP_APP_ID SD_ID128_MAKE(07,3a,43,bf,54,de,40,8d,8e,c4,96,ed,fd,94,72,dc) + /* The LLDP spec calls this "txFastInit", see 9.2.5.19 */ #define LLDP_FAST_TX_INIT 4U @@ -325,6 +328,22 @@ static int packet_append_string( return packet_append_prefixed_string(packet, packet_size, offset, type, 0, NULL, str); } +static int lldp_tx_get_machine_id(sd_id128_t *ret) { + int r; + + assert(ret); + + /* Unfortunately we previously exposed machine ID. If the environment variable is set, then + * use the machine ID as is. Otherwise, use application specific one. */ + r = secure_getenv_bool("SYSTEMD_LLDP_SEND_MACHINE_ID"); + if (r < 0 && r != -ENXIO) + log_debug_errno(r, "Failed to parse $SYSTEMD_LLDP_SEND_MACHINE_ID, ignoring: %m"); + if (r > 0) + return sd_id128_get_machine(ret); + + return sd_id128_get_machine_app_specific(LLDP_APP_ID, ret); +} + static int lldp_tx_create_packet(sd_lldp_tx *lldp_tx, size_t *ret_packet_size, uint8_t **ret_packet) { _cleanup_free_ char *hostname = NULL, *pretty_hostname = NULL; _cleanup_free_ uint8_t *packet = NULL; @@ -343,7 +362,7 @@ static int lldp_tx_create_packet(sd_lldp_tx *lldp_tx, size_t *ret_packet_size, u if (r < 0) return r; - r = sd_id128_get_machine(&machine_id); + r = lldp_tx_get_machine_id(&machine_id); if (r < 0) return r;