From: Yu Watanabe Date: Wed, 22 Jun 2022 13:28:46 +0000 (+0900) Subject: Revert "networkd: NetLabel integration" X-Git-Tag: v252-rc1~783^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F23774%2Fhead;p=thirdparty%2Fsystemd.git Revert "networkd: NetLabel integration" This reverts PR #23269 and its follow-up commit. Especially, 2299b1cae32c1fb8911da0ce26efced68032f4f8 (partially), and 3cf63830acdef9d8afdc9ef1cf25aa7e85a5e4d5. The PR was merged without final approval, and has several issues: - The NetLabel for static addresses are not assigned, as labels are stored in the Address objects managed by Network, instead of Link. - If NetLabel is specified for a static address, then the address section will be invalid and the address will not be configured, - It should be implemented with Request object, - There is no test about the feature. --- diff --git a/man/systemd.network.xml b/man/systemd.network.xml index da19d98c462..c2ce1b1d694 100644 --- a/man/systemd.network.xml +++ b/man/systemd.network.xml @@ -1109,38 +1109,6 @@ Table=1234 Defaults to no. - - - NetLabel=label - - - This setting provides a method for integrating dynamic network configuration into Linux - NetLabel subsystem rules, used by Linux security modules (LSMs) for network access control. The - option expects a whitespace separated list of NetLabel labels. The labels must conform to lexical - restrictions of LSM labels. When an interface is configured with IP addresses, the addresses and - subnetwork masks will be appended to the NetLabel Fallback Peer Labeling rules. They will be - removed when the interface is deconfigured. Failures to manage the labels will be ignored. - - Warning: Once labeling is enabled for network traffic, a lot of LSM access control points in - Linux networking stack go from dormant to active. It is easy for someone not familiar with the LSM - per-packet access controls to get into a situation where for example remote connectivity is - broken. Also note that additional configuration with netlabelctl8 - is needed. - - Example: - [Address] -NetLabel=system_u:object_r:localnet_peer_t:s0 - - With the example rules applying for interface eth0, when the interface is - configured with an IPv4 address of 10.0.0.0/8, systemd-networkd performs the - equivalent of netlabelctl operation - - netlabelctl unlbl add interface eth0 address:10.0.0.0/8 label:system_u:object_r:localnet_peer_t:s0 - - and the reverse operation when the IPv4 address is deconfigured. - - @@ -2082,13 +2050,6 @@ NetLabel=system_u:object_r:localnet_peer_t:s0 RFC 5227. Defaults to false. - - - NetLabel= - - As in [Address] section. - - @@ -2202,7 +2163,6 @@ NetLabel=system_u:object_r:localnet_peer_t:s0 UseNTP= UseHostname= UseDomains= - NetLabel= As in the [DHCPv4] section. @@ -2304,13 +2264,6 @@ NetLabel=system_u:object_r:localnet_peer_t:s0 - - - NetLabel= - - As in [Address] section. - - @@ -2568,13 +2521,6 @@ Token=prefixstable:2002:da8:1:: specified. Defaults to true. - - - NetLabel= - - As in [Address] section. - - diff --git a/src/basic/in-addr-util.c b/src/basic/in-addr-util.c index 53b310d391e..6f8ffaf2596 100644 --- a/src/basic/in-addr-util.c +++ b/src/basic/in-addr-util.c @@ -585,45 +585,6 @@ struct in_addr* in4_addr_prefixlen_to_netmask(struct in_addr *addr, unsigned cha return addr; } -struct in6_addr* in6_addr_prefixlen_to_netmask(struct in6_addr *addr, unsigned char prefixlen) { - assert(addr); - assert(prefixlen <= 128); - - for (unsigned int i = 0; i < 16; i++) { - uint8_t mask; - - if (prefixlen >= 8) { - mask = 0xFF; - prefixlen -= 8; - } else if (prefixlen > 0) { - mask = 0xFF << (8 - prefixlen); - prefixlen = 0; - } else { - assert(prefixlen == 0); - mask = 0; - } - - addr->s6_addr[i] = mask; - } - - return addr; -} - -int in_addr_prefixlen_to_netmask(int family, union in_addr_union *addr, unsigned char prefixlen) { - assert(addr); - - switch (family) { - case AF_INET: - in4_addr_prefixlen_to_netmask(&addr->in, prefixlen); - return 0; - case AF_INET6: - in6_addr_prefixlen_to_netmask(&addr->in6, prefixlen); - return 0; - default: - return -EAFNOSUPPORT; - } -} - int in4_addr_default_prefixlen(const struct in_addr *addr, unsigned char *prefixlen) { uint8_t msb_octet = *(uint8_t*) addr; diff --git a/src/basic/in-addr-util.h b/src/basic/in-addr-util.h index 1710069b64a..c1e7ef965da 100644 --- a/src/basic/in-addr-util.h +++ b/src/basic/in-addr-util.h @@ -137,8 +137,6 @@ int in_addr_from_string_auto(const char *s, int *ret_family, union in_addr_union unsigned char in4_addr_netmask_to_prefixlen(const struct in_addr *addr); struct in_addr* in4_addr_prefixlen_to_netmask(struct in_addr *addr, unsigned char prefixlen); -struct in6_addr* in6_addr_prefixlen_to_netmask(struct in6_addr *addr, unsigned char prefixlen); -int in_addr_prefixlen_to_netmask(int family, union in_addr_union *addr, unsigned char prefixlen); int in4_addr_default_prefixlen(const struct in_addr *addr, unsigned char *prefixlen); int in4_addr_default_subnet_mask(const struct in_addr *addr, struct in_addr *mask); int in4_addr_mask(struct in_addr *addr, unsigned char prefixlen); diff --git a/src/basic/missing_network.h b/src/basic/missing_network.h index 776c7c83757..6e71b26afd0 100644 --- a/src/basic/missing_network.h +++ b/src/basic/missing_network.h @@ -49,35 +49,3 @@ #ifndef IEEE80211_MAX_SSID_LEN #define IEEE80211_MAX_SSID_LEN 32 #endif - -/* Not exposed but defined in include/net/netlabel.h */ -#ifndef NETLBL_NLTYPE_UNLABELED_NAME -#define NETLBL_NLTYPE_UNLABELED_NAME "NLBL_UNLBL" -#endif - -/* Not exposed but defined in net/netlabel/netlabel_unlabeled.h */ -enum { - NLBL_UNLABEL_C_UNSPEC, - NLBL_UNLABEL_C_ACCEPT, - NLBL_UNLABEL_C_LIST, - NLBL_UNLABEL_C_STATICADD, - NLBL_UNLABEL_C_STATICREMOVE, - NLBL_UNLABEL_C_STATICLIST, - NLBL_UNLABEL_C_STATICADDDEF, - NLBL_UNLABEL_C_STATICREMOVEDEF, - NLBL_UNLABEL_C_STATICLISTDEF, - __NLBL_UNLABEL_C_MAX, -}; - -/* Not exposed but defined in net/netlabel/netlabel_unlabeled.h */ -enum { - NLBL_UNLABEL_A_UNSPEC, - NLBL_UNLABEL_A_ACPTFLG, - NLBL_UNLABEL_A_IPV6ADDR, - NLBL_UNLABEL_A_IPV6MASK, - NLBL_UNLABEL_A_IPV4ADDR, - NLBL_UNLABEL_A_IPV4MASK, - NLBL_UNLABEL_A_IFACE, - NLBL_UNLABEL_A_SECCTX, - __NLBL_UNLABEL_A_MAX, -}; diff --git a/src/libsystemd/sd-netlink/netlink-types-genl.c b/src/libsystemd/sd-netlink/netlink-types-genl.c index 149b4479e3f..bdd5700c6e2 100644 --- a/src/libsystemd/sd-netlink/netlink-types-genl.c +++ b/src/libsystemd/sd-netlink/netlink-types-genl.c @@ -221,26 +221,15 @@ static const NLType genl_wireguard_types[] = { [WGDEVICE_A_PEERS] = { .type = NETLINK_TYPE_NESTED, .type_system = &genl_wireguard_peer_type_system }, }; -/***************** genl NetLabel type systems *****************/ -static const NLType genl_netlabel_types[] = { - [NLBL_UNLABEL_A_IPV4ADDR] = { .type = NETLINK_TYPE_IN_ADDR, .size = sizeof(struct in_addr) }, - [NLBL_UNLABEL_A_IPV4MASK] = { .type = NETLINK_TYPE_IN_ADDR, .size = sizeof(struct in_addr) }, - [NLBL_UNLABEL_A_IPV6ADDR] = { .type = NETLINK_TYPE_IN_ADDR, .size = sizeof(struct in6_addr) }, - [NLBL_UNLABEL_A_IPV6MASK] = { .type = NETLINK_TYPE_IN_ADDR, .size = sizeof(struct in6_addr) }, - [NLBL_UNLABEL_A_IFACE] = { .type = NETLINK_TYPE_STRING, .size = IFNAMSIZ-1 }, - [NLBL_UNLABEL_A_SECCTX] = { .type = NETLINK_TYPE_STRING }, -}; - /***************** genl families *****************/ static const NLTypeSystemUnionElement genl_type_systems[] = { - { .name = CTRL_GENL_NAME, .type_system = TYPE_SYSTEM_FROM_TYPE(genl_ctrl), }, - { .name = BATADV_NL_NAME, .type_system = TYPE_SYSTEM_FROM_TYPE(genl_batadv), }, - { .name = FOU_GENL_NAME, .type_system = TYPE_SYSTEM_FROM_TYPE(genl_fou), }, - { .name = L2TP_GENL_NAME, .type_system = TYPE_SYSTEM_FROM_TYPE(genl_l2tp), }, - { .name = MACSEC_GENL_NAME, .type_system = TYPE_SYSTEM_FROM_TYPE(genl_macsec), }, - { .name = NL80211_GENL_NAME, .type_system = TYPE_SYSTEM_FROM_TYPE(genl_nl80211), }, - { .name = WG_GENL_NAME, .type_system = TYPE_SYSTEM_FROM_TYPE(genl_wireguard), }, - { .name = NETLBL_NLTYPE_UNLABELED_NAME, .type_system = TYPE_SYSTEM_FROM_TYPE(genl_netlabel), }, + { .name = CTRL_GENL_NAME, .type_system = TYPE_SYSTEM_FROM_TYPE(genl_ctrl), }, + { .name = BATADV_NL_NAME, .type_system = TYPE_SYSTEM_FROM_TYPE(genl_batadv), }, + { .name = FOU_GENL_NAME, .type_system = TYPE_SYSTEM_FROM_TYPE(genl_fou), }, + { .name = L2TP_GENL_NAME, .type_system = TYPE_SYSTEM_FROM_TYPE(genl_l2tp), }, + { .name = MACSEC_GENL_NAME, .type_system = TYPE_SYSTEM_FROM_TYPE(genl_macsec), }, + { .name = NL80211_GENL_NAME, .type_system = TYPE_SYSTEM_FROM_TYPE(genl_nl80211), }, + { .name = WG_GENL_NAME, .type_system = TYPE_SYSTEM_FROM_TYPE(genl_wireguard), }, }; /* This is the root type system union, so match_attribute is not necessary. */ diff --git a/src/libsystemd/sd-netlink/test-netlink.c b/src/libsystemd/sd-netlink/test-netlink.c index 97085b84a77..fbc3ef06094 100644 --- a/src/libsystemd/sd-netlink/test-netlink.c +++ b/src/libsystemd/sd-netlink/test-netlink.c @@ -657,8 +657,6 @@ static void test_genl(void) { (void) sd_genl_message_new(genl, MACSEC_GENL_NAME, 0, &m); m = sd_netlink_message_unref(m); (void) sd_genl_message_new(genl, NL80211_GENL_NAME, 0, &m); - m = sd_netlink_message_unref(m); - (void) sd_genl_message_new(genl, NETLBL_NLTYPE_UNLABELED_NAME, 0, &m); for (;;) { r = sd_event_run(event, 500 * USEC_PER_MSEC); diff --git a/src/network/meson.build b/src/network/meson.build index e4def6bc51e..2315b56a333 100644 --- a/src/network/meson.build +++ b/src/network/meson.build @@ -115,8 +115,6 @@ sources = files( 'networkd-ndisc.h', 'networkd-neighbor.c', 'networkd-neighbor.h', - 'networkd-netlabel.c', - 'networkd-netlabel.h', 'networkd-network-bus.c', 'networkd-network-bus.h', 'networkd-network.c', diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c index 2bedbe4275e..8e8d5f77816 100644 --- a/src/network/networkd-address.c +++ b/src/network/networkd-address.c @@ -12,7 +12,6 @@ #include "networkd-dhcp-server.h" #include "networkd-ipv4acd.h" #include "networkd-manager.h" -#include "networkd-netlabel.h" #include "networkd-network.h" #include "networkd-queue.h" #include "networkd-route-util.h" @@ -138,7 +137,6 @@ Address *address_free(Address *address) { config_section_free(address->section); free(address->label); - set_free(address->netlabels); return mfree(address); } @@ -494,8 +492,6 @@ static int address_update(Address *address) { if (r < 0) return log_link_warning_errno(link, r, "Could not enable IP masquerading: %m"); - address_add_netlabel(address); - if (address_is_ready(address) && address->callback) { r = address->callback(address); if (r < 0) @@ -522,8 +518,6 @@ static int address_drop(Address *address) { if (r < 0) log_link_warning_errno(link, r, "Failed to disable IP masquerading, ignoring: %m"); - address_del_netlabel(address); - if (address->state == 0) address_free(address); @@ -1943,41 +1937,6 @@ int config_parse_duplicate_address_detection( return 0; } -int config_parse_address_netlabel( - const char *unit, - const char *filename, - unsigned line, - const char *section, - unsigned section_line, - const char *lvalue, - int ltype, - const char *rvalue, - void *data, - void *userdata) { - - Network *network = userdata; - _cleanup_(address_free_or_set_invalidp) Address *n = NULL; - int r; - - assert(filename); - assert(section); - assert(lvalue); - assert(rvalue); - assert(data); - assert(network); - - r = address_new_static(network, filename, section_line, &n); - if (r == -ENOMEM) - return log_oom(); - if (r < 0) { - log_syntax(unit, LOG_WARNING, filename, line, r, - "Failed to allocate new address, ignoring assignment: %m"); - return 0; - } - - return config_parse_netlabel(unit, filename, line, section, section_line, lvalue, ltype, rvalue, &n->netlabels, network); -} - static int address_section_verify(Address *address) { if (section_is_invalid(address->section)) return -EINVAL; diff --git a/src/network/networkd-address.h b/src/network/networkd-address.h index e5770155fa3..0237c1cb98c 100644 --- a/src/network/networkd-address.h +++ b/src/network/networkd-address.h @@ -61,9 +61,6 @@ struct Address { /* Called when address become ready */ address_ready_callback_t callback; - - /* NetLabel */ - Set *netlabels; }; const char* format_lifetime(char *buf, size_t l, usec_t lifetime_usec) _warn_unused_result_; @@ -138,4 +135,3 @@ CONFIG_PARSER_PROTOTYPE(config_parse_address_flags); CONFIG_PARSER_PROTOTYPE(config_parse_address_scope); CONFIG_PARSER_PROTOTYPE(config_parse_address_route_metric); CONFIG_PARSER_PROTOTYPE(config_parse_duplicate_address_detection); -CONFIG_PARSER_PROTOTYPE(config_parse_address_netlabel); diff --git a/src/network/networkd-netlabel.c b/src/network/networkd-netlabel.c deleted file mode 100644 index 5df41ea470d..00000000000 --- a/src/network/networkd-netlabel.c +++ /dev/null @@ -1,191 +0,0 @@ -/* SPDX-License-Identifier: LGPL-2.1-or-later */ - -#include "netlink-util.h" -#include "networkd-address.h" -#include "networkd-link.h" -#include "networkd-manager.h" -#include "networkd-netlabel.h" -#include "networkd-network.h" - -static int netlabel_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { - int r; - - assert_se(rtnl); - assert_se(m); - assert_se(link); - - r = sd_netlink_message_get_errno(m); - if (r < 0) { - log_link_message_warning_errno(link, m, r, "NetLabel operation failed, ignoring"); - return 1; - } - - log_link_debug(link, "NetLabel operation successful"); - - return 1; -} - -static int netlabel_command(uint16_t command, const char *label, const Address *address) { - _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL; - int r; - - assert(address); - assert(address->link); - assert(address->link->manager); - assert(address->link->manager->genl); - assert(address->link->network); - assert(IN_SET(address->family, AF_INET, AF_INET6)); - - r = sd_genl_message_new(address->link->manager->genl, NETLBL_NLTYPE_UNLABELED_NAME, command, &m); - if (r < 0) - return r; - - r = sd_netlink_message_append_string(m, NLBL_UNLABEL_A_IFACE, address->link->ifname); - if (r < 0) - return r; - - if (command == NLBL_UNLABEL_C_STATICADD) { - assert(label); - r = sd_netlink_message_append_string(m, NLBL_UNLABEL_A_SECCTX, label); - if (r < 0) - return r; - } - - union in_addr_union netmask; - - r = in_addr_prefixlen_to_netmask(address->family, &netmask, address->prefixlen); - if (r < 0) - return r; - - if (address->family == AF_INET) { - r = sd_netlink_message_append_in_addr(m, NLBL_UNLABEL_A_IPV4ADDR, &address->in_addr.in); - if (r < 0) - return r; - - r = sd_netlink_message_append_in_addr(m, NLBL_UNLABEL_A_IPV4MASK, &netmask.in); - } else if (address->family == AF_INET6) { - r = sd_netlink_message_append_in6_addr(m, NLBL_UNLABEL_A_IPV6ADDR, &address->in_addr.in6); - if (r < 0) - return r; - - r = sd_netlink_message_append_in6_addr(m, NLBL_UNLABEL_A_IPV6MASK, &netmask.in6); - } - if (r < 0) - return r; - - r = netlink_call_async(address->link->manager->genl, NULL, m, netlabel_handler, link_netlink_destroy_callback, - address->link); - if (r < 0) - return r; - - link_ref(address->link); - return 0; -} - -static void address_add_netlabel_set(const Address *address, Set *labels) { - const char *label; - int r; - - SET_FOREACH(label, labels) { - r = netlabel_command(NLBL_UNLABEL_C_STATICADD, label, address); - if (r < 0) - log_link_warning_errno(address->link, r, "Adding NetLabel %s for IP address %s failed, ignoring", - label, - IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen)); - else - log_link_debug(address->link, "Adding NetLabel %s for IP address %s", label, - IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen)); - } -} - -void address_add_netlabel(const Address *address) { - assert(address); - assert(address->link); - - if (!address->link->network || !IN_SET(address->family, AF_INET, AF_INET6)) - return; - - switch (address->source) { - case NETWORK_CONFIG_SOURCE_DHCP4: - return address_add_netlabel_set(address, address->link->network->dhcp_netlabels); - case NETWORK_CONFIG_SOURCE_DHCP6: - return address_add_netlabel_set(address, address->link->network->dhcp6_netlabels); - case NETWORK_CONFIG_SOURCE_DHCP_PD: - return address_add_netlabel_set(address, address->link->network->dhcp_pd_netlabels); - case NETWORK_CONFIG_SOURCE_NDISC: - return address_add_netlabel_set(address, address->link->network->ndisc_netlabels); - case NETWORK_CONFIG_SOURCE_STATIC: - return address_add_netlabel_set(address, address->netlabels); - default: - return; - } -} - -void address_del_netlabel(const Address *address) { - int r; - - assert(address); - assert(address->link); - - if (!address->link->network || !IN_SET(address->family, AF_INET, AF_INET6)) - return; - - r = netlabel_command(NLBL_UNLABEL_C_STATICREMOVE, NULL, address); - if (r < 0) - log_link_warning_errno(address->link, r, "Deleting NetLabels for IP address %s failed, ignoring", - IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen)); - else - log_link_debug(address->link, "Deleting NetLabels for IP address %s", - IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen)); -} - -int config_parse_netlabel( - const char *unit, - const char *filename, - unsigned line, - const char *section, - unsigned section_line, - const char *lvalue, - int ltype, - const char *rvalue, - void *data, - void *userdata) { - int r; - Set **set = data; - - assert(filename); - assert(lvalue); - assert(rvalue); - assert(set); - - if (isempty(rvalue)) { - *set = set_free(*set); - return 0; - } - - for (const char *p = rvalue;;) { - _cleanup_free_ char *w = NULL; - - r = extract_first_word(&p, &w, NULL, 0); - if (r == -ENOMEM) - return log_oom(); - if (r < 0) { - log_syntax(unit, LOG_WARNING, filename, line, r, - "Failed to extract NetLabel label, ignoring: %s", rvalue); - return 0; - } - if (r == 0) - return 0; - - /* Label semantics depend on LSM but let's do basic checks */ - if (!string_is_safe(w)) { - log_syntax(unit, LOG_WARNING, filename, line, 0, - "Bad NetLabel label, ignoring: %s", w); - continue; - } - - r = set_ensure_consume(set, &string_hash_ops_free, TAKE_PTR(w)); - if (r < 0) - return log_oom(); - } -} diff --git a/src/network/networkd-netlabel.h b/src/network/networkd-netlabel.h deleted file mode 100644 index 92f614fc73a..00000000000 --- a/src/network/networkd-netlabel.h +++ /dev/null @@ -1,7 +0,0 @@ -/* SPDX-License-Identifier: LGPL-2.1-or-later */ -#pragma once - -void address_add_netlabel(const Address *address); -void address_del_netlabel(const Address *address); - -CONFIG_PARSER_PROTOTYPE(config_parse_netlabel); diff --git a/src/network/networkd-network-gperf.gperf b/src/network/networkd-network-gperf.gperf index ef5cec1b52d..ceaaa6a0f7c 100644 --- a/src/network/networkd-network-gperf.gperf +++ b/src/network/networkd-network-gperf.gperf @@ -25,7 +25,6 @@ _Pragma("GCC diagnostic ignored \"-Wimplicit-fallthrough\"") #include "networkd-ipv6ll.h" #include "networkd-lldp-tx.h" #include "networkd-ndisc.h" -#include "networkd-netlabel.h" #include "networkd-network.h" #include "networkd-neighbor.h" #include "networkd-nexthop.h" @@ -157,7 +156,6 @@ Address.AutoJoin, config_parse_address_flags, Address.DuplicateAddressDetection, config_parse_duplicate_address_detection, 0, 0 Address.Scope, config_parse_address_scope, 0, 0 Address.RouteMetric, config_parse_address_route_metric, 0, 0 -Address.NetLabel, config_parse_address_netlabel, 0, 0 IPv6AddressLabel.Prefix, config_parse_address_label_prefix, 0, 0 IPv6AddressLabel.Label, config_parse_address_label, 0, 0 Neighbor.Address, config_parse_neighbor_address, 0, 0 @@ -245,7 +243,6 @@ DHCPv4.SendVendorOption, config_parse_dhcp_send_option, DHCPv4.RouteMTUBytes, config_parse_mtu, AF_INET, offsetof(Network, dhcp_route_mtu) DHCPv4.FallbackLeaseLifetimeSec, config_parse_dhcp_fallback_lease_lifetime, 0, 0 DHCPv4.Use6RD, config_parse_bool, 0, offsetof(Network, dhcp_use_6rd) -DHCPv4.NetLabel, config_parse_netlabel, 0, offsetof(Network, dhcp_netlabels) DHCPv6.UseAddress, config_parse_bool, 0, offsetof(Network, dhcp6_use_address) DHCPv6.UseDelegatedPrefix, config_parse_bool, 0, offsetof(Network, dhcp6_use_pd_prefix) DHCPv6.UseDNS, config_parse_dhcp_use_dns, AF_INET6, 0 @@ -263,7 +260,6 @@ DHCPv6.SendOption, config_parse_dhcp_send_option, DHCPv6.IAID, config_parse_iaid, AF_INET6, 0 DHCPv6.DUIDType, config_parse_duid_type, 0, offsetof(Network, dhcp6_duid) DHCPv6.DUIDRawData, config_parse_duid_rawdata, 0, offsetof(Network, dhcp6_duid) -DHCPv6.NetLabel, config_parse_netlabel, 0, offsetof(Network, dhcp6_netlabels) IPv6AcceptRA.UseGateway, config_parse_bool, 0, offsetof(Network, ipv6_accept_ra_use_gateway) IPv6AcceptRA.UseRoutePrefix, config_parse_bool, 0, offsetof(Network, ipv6_accept_ra_use_route_prefix) IPv6AcceptRA.UseAutonomousPrefix, config_parse_bool, 0, offsetof(Network, ipv6_accept_ra_use_autonomous_prefix) @@ -281,7 +277,6 @@ IPv6AcceptRA.PrefixDenyList, config_parse_in_addr_prefixes, IPv6AcceptRA.RouteAllowList, config_parse_in_addr_prefixes, AF_INET6, offsetof(Network, ndisc_allow_listed_route_prefix) IPv6AcceptRA.RouteDenyList, config_parse_in_addr_prefixes, AF_INET6, offsetof(Network, ndisc_deny_listed_route_prefix) IPv6AcceptRA.Token, config_parse_address_generation_type, 0, offsetof(Network, ndisc_tokens) -IPv6AcceptRA.NetLabel, config_parse_netlabel, 0, offsetof(Network, ndisc_netlabels) DHCPServer.ServerAddress, config_parse_dhcp_server_address, 0, 0 DHCPServer.UplinkInterface, config_parse_uplink, 0, 0 DHCPServer.RelayTarget, config_parse_in_addr_non_null, AF_INET, offsetof(Network, dhcp_server_relay_target) @@ -348,7 +343,6 @@ DHCPPrefixDelegation.Assign, config_parse_bool, DHCPPrefixDelegation.ManageTemporaryAddress, config_parse_bool, 0, offsetof(Network, dhcp_pd_manage_temporary_address) DHCPPrefixDelegation.Token, config_parse_address_generation_type, 0, offsetof(Network, dhcp_pd_tokens) DHCPPrefixDelegation.RouteMetric, config_parse_uint32, 0, offsetof(Network, dhcp_pd_route_metric) -DHCPPrefixDelegation.NetLabel, config_parse_netlabel, 0, offsetof(Network, dhcp_pd_netlabels) IPv6SendRA.RouterLifetimeSec, config_parse_router_lifetime, 0, offsetof(Network, router_lifetime_usec) IPv6SendRA.Managed, config_parse_bool, 0, offsetof(Network, router_managed) IPv6SendRA.OtherInformation, config_parse_bool, 0, offsetof(Network, router_other_information) diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c index a6660d72b94..39ea4eddd08 100644 --- a/src/network/networkd-network.c +++ b/src/network/networkd-network.c @@ -688,8 +688,6 @@ static Network *network_free(Network *network) { free(network->dhcp6_mudurl); strv_free(network->dhcp6_user_class); strv_free(network->dhcp6_vendor_class); - set_free(network->dhcp_netlabels); - set_free(network->dhcp6_netlabels); strv_free(network->ntp); for (unsigned i = 0; i < network->n_dns; i++) @@ -756,8 +754,6 @@ static Network *network_free(Network *network) { ordered_hashmap_free(network->dhcp6_client_send_vendor_options); set_free(network->dhcp_pd_tokens); set_free(network->ndisc_tokens); - set_free(network->dhcp_pd_netlabels); - set_free(network->ndisc_netlabels); return mfree(network); } diff --git a/src/network/networkd-network.h b/src/network/networkd-network.h index 96cd316e019..98e6159040e 100644 --- a/src/network/networkd-network.h +++ b/src/network/networkd-network.h @@ -155,7 +155,6 @@ struct Network { Set *dhcp_request_options; OrderedHashmap *dhcp_client_send_options; OrderedHashmap *dhcp_client_send_vendor_options; - Set *dhcp_netlabels; /* DHCPv6 Client support */ bool dhcp6_use_address; @@ -180,7 +179,6 @@ struct Network { OrderedHashmap *dhcp6_client_send_options; OrderedHashmap *dhcp6_client_send_vendor_options; Set *dhcp6_request_options; - Set *dhcp6_netlabels; /* DHCP Server Support */ bool dhcp_server; @@ -237,7 +235,6 @@ struct Network { Set *dhcp_pd_tokens; int dhcp_pd_uplink_index; char *dhcp_pd_uplink_name; - Set *dhcp_pd_netlabels; /* Bridge Support */ int use_bpdu; @@ -322,7 +319,6 @@ struct Network { Set *ndisc_deny_listed_route_prefix; Set *ndisc_allow_listed_route_prefix; Set *ndisc_tokens; - Set *ndisc_netlabels; /* LLDP support */ LLDPMode lldp_mode; /* LLDP reception */ diff --git a/src/test/test-in-addr-util.c b/src/test/test-in-addr-util.c index 623e9f831ed..f5dcad65d54 100644 --- a/src/test/test-in-addr-util.c +++ b/src/test/test-in-addr-util.c @@ -364,35 +364,4 @@ TEST(in_addr_to_string) { test_in_addr_to_string_one(AF_INET6, "fe80::"); } -TEST(in_addr_prefixlen_to_netmask) { - union in_addr_union addr; - static const char *const ipv4_netmasks[] = { - "0.0.0.0", "128.0.0.0", "192.0.0.0", "224.0.0.0", "240.0.0.0", - "248.0.0.0", "252.0.0.0", "254.0.0.0", "255.0.0.0", - "255.128.0.0", "255.192.0.0", "255.224.0.0", "255.240.0.0", - "255.248.0.0", "255.252.0.0", "255.254.0.0", "255.255.0.0", - "255.255.128.0", "255.255.192.0", "255.255.224.0", "255.255.240.0", - "255.255.248.0", "255.255.252.0", "255.255.254.0", "255.255.255.0", - "255.255.255.128", "255.255.255.192", "255.255.255.224", "255.255.255.240", - "255.255.255.248", "255.255.255.252", "255.255.255.254", "255.255.255.255", - }; - - for (unsigned char prefixlen = 0; prefixlen <= 32; prefixlen++) { - _cleanup_free_ char *r = NULL; - - assert_se(in_addr_prefixlen_to_netmask(AF_INET, &addr, prefixlen) >= 0); - assert_se(in_addr_to_string(AF_INET, &addr, &r) >= 0); - printf("test_in_addr_prefixlen_to_netmask: %s == %s\n", ipv4_netmasks[prefixlen], r); - assert_se(streq(ipv4_netmasks[prefixlen], r)); - } - - for (unsigned char prefixlen = 0; prefixlen <= 128; prefixlen++) { - _cleanup_free_ char *r = NULL; - - assert_se(in_addr_prefixlen_to_netmask(AF_INET6, &addr, prefixlen) >= 0); - assert_se(in_addr_to_string(AF_INET6, &addr, &r) >= 0); - printf("test_in_addr_prefixlen_to_netmask: %s\n", r); - } -} - DEFINE_TEST_MAIN(LOG_DEBUG); diff --git a/test/fuzz/fuzz-network-parser/directives b/test/fuzz/fuzz-network-parser/directives index 0b850cdfcf0..276f3c93076 100644 --- a/test/fuzz/fuzz-network-parser/directives +++ b/test/fuzz/fuzz-network-parser/directives @@ -131,7 +131,6 @@ MUDURL= RouteMTUBytes= FallbackLeaseLifetimeSec= Use6RD= -NetLabel= [DHCPv6] UseAddress= UseDelegatedPrefix= @@ -153,7 +152,6 @@ RouteMetric= IAID= DUIDType= DUIDRawData= -NetLabel= [DHCPv6PrefixDelegation] SubnetId= Announce= @@ -161,7 +159,6 @@ Assign= ManageTemporaryAddress= Token= RouteMetric= -NetLabel= [DHCPPrefixDelegation] UplinkInterface= SubnetId= @@ -170,7 +167,6 @@ Assign= ManageTemporaryAddress= Token= RouteMetric= -NetLabel= [Route] Destination= Protocol= @@ -347,7 +343,6 @@ EmitDomains= Managed= OtherInformation= UplinkInterface= -NetLabel= [IPv6PrefixDelegation] RouterPreference= DNSLifetimeSec=