From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Tue, 1 Feb 2022 04:00:51 +0000 (+0900)
Subject: network: xfrm: refuse zero interface ID
X-Git-Tag: v251-rc1~394^2~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=fd11005951920a0cee96f0c56f36d9ff8bc66a41;p=thirdparty%2Fsystemd.git

network: xfrm: refuse zero interface ID

Since kernel 5.17-rc1, 5.16.3, and 5.15.17 (more specifically,
https://github.com/torvalds/linux/commit/8dce43919566f06e865f7e8949f5c10d8c2493f5)
the kernel refuses to create an xfrm interface with zero ID.
---

diff --git a/man/systemd.netdev.xml b/man/systemd.netdev.xml
index 449b23d5ac3..ff0bdee51fb 100644
--- a/man/systemd.netdev.xml
+++ b/man/systemd.netdev.xml
@@ -1994,7 +1994,7 @@
         <term><varname>InterfaceId=</varname></term>
         <listitem>
           <para>Sets the ID/key of the xfrm interface which needs to be associated with a SA/policy.
-          Can be decimal or hexadecimal, valid range is 0-0xffffffff, defaults to 0.</para>
+          Can be decimal or hexadecimal, valid range is 1-0xffffffff. This is mandatory.</para>
         </listitem>
       </varlistentry>
       <varlistentry>
diff --git a/src/network/netdev/xfrm.c b/src/network/netdev/xfrm.c
index 05844b83210..a961d8fef24 100644
--- a/src/network/netdev/xfrm.c
+++ b/src/network/netdev/xfrm.c
@@ -14,6 +14,7 @@ static int xfrm_fill_message_create(NetDev *netdev, Link *link, sd_netlink_messa
 
         x = XFRM(netdev);
 
+        assert(x);
         assert(link || x->independent);
 
         r = sd_netlink_message_append_u32(message, IFLA_XFRM_LINK, link ? link->ifindex : LOOPBACK_IFINDEX);
@@ -27,10 +28,28 @@ static int xfrm_fill_message_create(NetDev *netdev, Link *link, sd_netlink_messa
         return 0;
 }
 
+static int xfrm_verify(NetDev *netdev, const char *filename) {
+        Xfrm *x;
+
+        assert(netdev);
+        assert(filename);
+
+        x = XFRM(netdev);
+
+        assert(x);
+
+        if (x->if_id == 0)
+                return log_netdev_warning_errno(netdev, SYNTHETIC_ERRNO(EINVAL),
+                                                "%s: Xfrm interface ID cannot be zero.", filename);
+
+        return 0;
+}
+
 const NetDevVTable xfrm_vtable = {
         .object_size = sizeof(Xfrm),
         .sections = NETDEV_COMMON_SECTIONS "Xfrm\0",
         .fill_message_create = xfrm_fill_message_create,
+        .config_verify = xfrm_verify,
         .create_type = NETDEV_CREATE_STACKED,
         .iftype = ARPHRD_NONE,
 };