tree-wide: remove Emacs lines from all files This should be handled fine now by .dir-locals.el, so need to carry that stuff in every file.

tree-wide: sort includes in *.h This is a continuation of the previous include sort patch, which only sorted for .c files.

networkd: route - track routes

networkd: manager/link - only serialize once per event-loop iteration Every time the state is written out we may trigger third-party apps, so let's be a bit more careful about writing this out unnecessarily.

networkd: address - process in manager.c rather than link.c

networkd: propagate DNS/NTP server from uplink to dhcp server When handing out DHCP leases, try to propagate DNS/NTP server information from "uplink". The "uplink" is automatically determined as the network interface with the highest priority default route on it.

networkd: split up networkd.h into per-object header files No functional changes, just moving definitions into separate header files.

networkd: make DHCP lease timeouts configurable

dhcp,network: implement RFC 4833 (DHCP Timezone option) This one is simply to add: encode the tzdata timezone in the DHCP options and optionally make use of it.

sd-network: make LLMNR specific config parser generic Rename the enum, the lookup functions and the parser for LLMNRSupport so the type can be reused for mDNS.

networkd: rename RootBlock to AllowPortToBeRoot Justification is similar to BPDUGuard rename. "Positive" values are easier. This is a rather uncommon option, so using a slightly longer name should not be a problem, and may in fact may make it easier to guess what the option does without reading the documentation.

networkd: rename BPDUGuard to UseBPDU Rename to follow the follow the style of other options. In general "positive" options are preferred to "negative" ones, because they are easier to describe and easier for humans to parse (c.f. the shortening on the man page entry).

networkd: add bridge link properties new bridge properties br.network [Match] Name=enp0s25 [Network] Bridge=br-test [Bridge] Cost=332 BPDUGuard = true HairPin = true FastLeave = true RootBlock = true UnicastFlood = true

networkd: move config_parse_tunnel_address move config_parse_tunnel_address from networkd.h to tunnel specific file networkd-netdev-tunnel.h

networkd: move config_parse_vxlan_group_address move config_parse_vxlan_group_address from networkd.h to networkd-netdev-vxlan.h

networkd: DHCP override hostname This patch enhances the DHCP client to send the hostname reference http://lists.freedesktop.org/archives/systemd-devel/2014-July/021550.html Tested with Example conf: [Match] Name=eth1 [Network] DHCP=v4 [DHCP] SendHostname=true Hostname=test

networkd: various fixes for the IPv6 privacy extensions support - Make sure that the IPv6PrivacyExtensions=yes results in prefer-temporary, not prefer-public. - Introduce special enum value "kernel" to leave setting unset, similar how we have it for the IP forwarding settings. - Bring the enum values in sync with the the strings we parse for them, to the level this makes sense (specifically, rename "disabled" to "no", and "prefer-temporary" to "yes"). - Make sure we really set the value to to "no" by default, the way it is already documented in the man page. - Fix whitespace error. - Make sure link_ipv6_privacy_extensions() actually returns the correct enum type, rather than implicitly casting it to "bool". - properly size formatting buffer for ipv6 sysctl value - Don't complain if /proc/sys isn't writable - Document that the enum follows the kernel's own values (0 = off, 1 = prefer-public, 2 = prefer-temporary) - Drop redundant negating of error code passed to log_syntax() - Manpage fixes This fixes a number of issues from PR #417

treewide: fix typos

networkd: Add support for ipv6 privacy extension This patch add support for ipv6 privacy extensions. The variable /proc/sys/net/ipv6/conf/<if>/use_tempaddr can be changed via the boolean IPv6PrivacyExtensions=[yes/no/prefer-temporary] When true enables privacy extensions, but prefer public addresses over temporary addresses. prefer-temporary prefers temporary adresses over public addresses. Defaults to false. [Match] Name=enp0s25 [Network] IPv6PrivacyExtensions=prefer-temporary

sd-netlink: rename from sd-rtnl

networkd: create "kernel" setting for IPForwarding In 5a8bcb674f71a20e95df55319b34c556638378ce, IPForwarding was introduced to set forwarding flags on interfaces in .network files. networkd sets forwarding options regardless of the previous setting, even if it was set by e.g. sysctl. This commit creates a new option for IPForwarding, "kernel", that preserves the sysctl settings rather than always setting them. See https://bugs.freedesktop.org/show_bug.cgi?id=89509 for the initial bug report.

Revert "networkd: create "kernel" setting for IPForwarding"

networkd: create "kernel" setting for IPForwarding In 5a8bcb674f71a20e95df55319b34c556638378ce, IPForwarding was introduced to set forwarding flags on interfaces in .network files. networkd sets forwarding options regardless of the previous setting, even if it was set by e.g. sysctl. This commit creates a new option for IPForwarding, "kernel", that preserves the sysctl settings rather than always setting them. See https://bugs.freedesktop.org/show_bug.cgi?id=89509 for the initial bug report.

networkd: improve how networkd logs things This makes adds a couple of fixes: - Introduces log_netdev_error_errno() and friends, which takes an error number, and matches what log_link_error_errno() and friends do. - Replaces a lof ot strerror() usage with log_netdev_error_errno(), log_link_error_errno() and log_erro_errno() - Uppercases the first character of many log messages, after all this is supposed to be english language - Drops manual negating of error codes before passing them to log functions, the log functions all do that internally anyway. Some other minor fixes. Behaviour should not change really.

systemd-networkd: Use IFA_F_NOPREFIXROUTE with IPv6 addresses The IFA_F_NOPREFIXROUTE flag prevents the kernel from creating new onlink prefixes when a DHCPv6 IPv6 address with a prefix length is set from user space. IPv6 routing will follow the onlink status from Router Advertisment Prefix Information options or any manually set route, which is the correct thing to do. As this flag has a larger value than what fits into an unsigned char, update the flag attribute to an uint32_t and set it with an IFA_FLAGS attribute when writing netlink messages to the kernel.

networkd: Make DHCP client ID creation configurable

networkd: add support for Uplink Failure Detection Introduce BindCarrier= to indicate the set of links that determine if the current link should be brought UP or DOWN. [tomegun: add a bit to commit message]

networkd: network - rename ipv6token parser Too generic name.

networkd: fdb - fix const warning

net: support globbing and disjunction in Match logic Match{Name,OrginalName,Type,Driver,Path} can now take a space-separated glob of matches.

networkd: fdb - refactor a bit Pass around Link objcets rather than FdbEntry objects. The link objects have an up-to-date ifname we can use for logging. match_name sholud _never_ be used for anything except matching. Firstly, it may be unset (usually is), and secondly it may not be up-to-date.

networkd: support route scopes For now we only support the hardcoded values RT_SCOPE_{UNIVERSE,LOCAL,HOST}, and not numerical values or values from /etc/iproute2/rt_scopes. This addresses https://bugs.freedesktop.org/show_bug.cgi?id=88508.

networkd: add support for IPv6 tokens This allows the admin to set the host-specific part of IPv6 addresses, but still receive the prefix via SLAAC. .network file snippet: [Network] IPv6Token=::12 gives: $ ip token token ::12 dev eth0 This closes https://bugs.freedesktop.org/show_bug.cgi?id=81177.

networkd: generalize IPv4LL to LinkLocal This allows both IPv4 and IPv6 link-local addresses to be enabled or disabled. By default we still enable IPv6LL and disable IPv4LL. The old config option is kept for backwards compatibility, but removed from the documentation.

networkd: add basic org.freedesktop.network1.Network interface

networkd: add network_get_by_name

networkd: move the connection to the bus out of manager_new (again) This would otherwise make the tests fail as we cannot grab the bus name.

networkd: exit on idle We will be woken up on rtnl or dbus activity, so let's just quit if some time has passed and that is the only thing that can happen. Note that we will always stay around if we expect network activity (e.g. DHCP is enabled), as we are not restarted on that.

networkd: add basic dbus API Only the very basics, more to come. For now: $ busctl tree org.freedesktop.network1 └─/org/freedesktop/network1 └─/org/freedesktop/network1/link ├─/org/freedesktop/network1/link/1 ├─/org/freedesktop/network1/link/2 ├─/org/freedesktop/network1/link/3 ├─/org/freedesktop/network1/link/4 ├─/org/freedesktop/network1/link/5 ├─/org/freedesktop/network1/link/6 ├─/org/freedesktop/network1/link/7 ├─/org/freedesktop/network1/link/8 └─/org/freedesktop/network1/link/9 $ busctl introspect org.freedesktop.network1 /org/freedesktop/network1 NAME TYPE SIGNATURE RESULT/VALUE FLAGS org.freedesktop.network1.Manager interface - - - .OperationalState property s "carrier" emits-change $ busctl introspect org.freedesktop.network1 /org/freedesktop/network1/link/1 NAME TYPE SIGNATURE RESULT/VALUE FLAGS org.freedesktop.network1.Link interface - - - .AdministrativeState property s "unmanaged" emits-change .OperationalState property s "carrier" emits-change

networkd: don't warn about missing links unnecessarily If we get a NEWLINK + NEWADDR between enumerating the links and enumerating the addresses, we would get a warning that the link corresponding to the address does not exist. This is a false warning as both the NEWLINK and NEWADDR would be processed after enumerating completed, so drop it.

networkd: refactor socket activation a bit

networkd: handle suspend events

networkd: make IP forwarding for IPv4 and IPv6 individually configurable

networkd: rename misnamed boolean

networkd: introduce an AddressFamilyBoolean enum type This introduces am AddressFamilyBoolean type that works more or less like a booleaan, but can optionally turn on/off things for ipv4 and ipv6 independently. THis also ports the DHCP field over to it.

networkd: add minimal IP forwarding and masquerading support to .network files This adds two new settings to networkd's .network files: IPForwarding=yes and IPMasquerade=yes. The former controls the "forwarding" sysctl setting of the interface, thus controlling whether IP forwarding shall be enabled on the specific interface. The latter controls whether a firewall rule shall be installed that exposes traffic coming from the interface as coming from the local host to all other interfaces. This also enables both options by default for container network interfaces, thus making "systemd-nspawn --network-veth" have network connectivity out of the box.

networkd: integrate LLDP This patch integrates LLDP with networkd. Example conf: file : lldp.network [Match] Name=em1 [Network] LLDP=yes

networkd: add FDB support

networkd: manager - enumerate addresses globally, rather than per-link The kernel always returns all addresses, rather than only for the given link, so let's only enumerate once.

networkd: add basic [Link] settings to .network files This allows the default link settings (set in .link files) to be overridden per Network. Only MTU and MACAddress is supported for now.

networkd: add support for source routing

networkd: Add bridge port path cost This patch add support to specify path cost of the bridge port to be configured via conf file. Exampe: conf file: br.netdev [NetDev] Name=br-test Kind=bridge file: br.network [Match] Name=em1 [Network] Bridge=br-test [BridgePort] Cost=332 bridge link 2: em1 state UP : <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br-test state disabled priority 32 cost 332

networkd: support vxlan parameters V3: fix copy paste error V4: Make manual and config more readable Add vxlan paramertes to config.

networkd: remove duplicate macro definitions

log: rearrange log function naming - Rename log_meta() → log_internal(), to follow naming scheme of most other log functions that are usually invoked through macros, but never directly. - Rename log_info_object() to log_object_info(), simply because the object should be before any other parameters, to follow OO-style programming style.

log: add an "error" parameter to all low-level logging calls and intrdouce log_error_errno() as log calls that take error numbers This change has two benefits: - The format string %m will now resolve to the specified error (or to errno if the specified error is 0. This allows getting rid of a ton of strerror() invocations, a function that is not thread-safe. - The specified error can be passed to the journal in the ERRNO= field. Now of course, we just need somebody to convert all cases of this: log_error("Something happened: %s", strerror(-r)); into thus: log_error_errno(-r, "Something happened: %m");

shared: rename condition-util.[ch] to condition.[ch] Now that we only have one file with condition implementations around, we can drop the -util suffix and simplify things a bit.

networkd: remove vestigial event sources 187fe1db took advantage of floating events, but didn't remove pointers it made superfluous.

networkd: allow specification of DHCP route metric This lets the routing metric for links to be specified per-network, still defaulting to DHCP_ROUTE_METRIC (1024) if unspecified. Hopefully this helps with multiple interfaces configured via DHCP.

networkd: add preferred source to dhcp4 gateway route This makes DHCPv4 and IPv4LL coexist peacefully. [tomegun: apply to both the dhcp routes, use in_addr_is_null() rather than a separate variable to indicate when prefsrc should be applied]

networkd: don't consider deprecated or tentative addresses when determining operstate https://bugs.freedesktop.org/show_bug.cgi?id=81287

sd-network: add support for wildcard domains

networkd: add support for Domains= to .network files This allows the search/routing domanis to be specified per link/network and be passed on to resolved.

networkd: rename UseDomainName to UseDomains This option will also apply to the search domains, so make it plural.

networkd: split out networkd-link.h

networkd: add and expose per-link LLMNR config option

networkd: track the MTU of each link And inform the DHCPv4 clients about it.

networkd: route/address - use trivial hash functions

networkd: unify handling of stacked netdevs

networkd: store ifindex as int

networkd: ipv4ll - default to setting up ipv4ll routes This is necessary for non-ipv4ll hosts to communicate with ipv4ll-only hosts on the same link. Defaults to being enabled, but can be opted out. See: <http://avahi.org/wiki/AvahiAutoipd#Routes>

networkd: merge DNS and NTP entries when exporting In the state files, do not distinguish where the various entries came from (static or DHCP), but include them all in the same list.

networkd: set route protocol All routes added by networkd are currently set RTPROT_BOOT, which according to the kernel means "Route installed during boot" (rtnetlink.h). But this is not always the case as networkd changes routing after boot too. Since the kernel gives more detailed protocols, use them. With this patch, user-configured static routes now use RTPROT_STATIC (which they are) and DHCP routes use RTPROT_DHCP. There is no define for IPv4LL yet, so those are installed as RTPROT_STATIC (though perhaps RTPROT_RA is better?). [tomegun: fixup src/network/networkd-link.c:972:33: error: too few arguments to function 'route_new_dynamic']

change type for address family to "int" Let's settle on a single type for all address family values, even if UNIX is very inconsitent on the precise type otherwise. Given that socket() is the primary entrypoint for the sockets API, and that uses "int", and "int" is relatively simple and generic, we settle on "int" for this.

sd-dhcp-client: make request broadcasts opt-in It appears there is no good way to decide whether or not broadcasts should be enabled, there is hardware that must have broadcast, and there are networks that only allow unicast. So we give up and make this configurable. By default, unicast is used, but if the kernel were to inform us abotu certain interfaces requiring broadcast, we could change this to opt-in by default in those cases.

networkd: netdev - introduce vtable for netdev kinds Split each netdev kind into its own .h/.c.

networkd: netdev - split out bridge creation

networkd: netdev - rename 'enslave' to 'join' Enslave only really makes sense when referring to bridges and bonds, so try to be a bit more neutral.

networkd: dhcp add vendor class indentifier option 60 Vendor Class Identifier be used by DHCP clients to identify their vendor type and configuration. When using this option, vendors can define their own specific identifier values, such as to convey a particular hardware or operating system configuration or other identifying information. Vendor-specified DHCP options—features that let administrators assign separate options to clients with similar configuration requirements. For example, if DHCP-aware clients for example we want to separate different gateway and option for different set of people (dev/test/hr/finance) in a org or devices for example web/database servers or let's say in a embedded device etc and require a different default gateway or DNS server than the rest of clients.

networkd: make metric of routes configurable Now route metric can be configuted via conf file: example conf: [Match] Name=em1 [Route] Gateway=192.168.1.12 Metric=10 Test: ip route output default via 192.168.1.12 dev em1 metric 10 [tomegun: squash TODO update and reword man page a bit]

networkd: always prefer dhcp routes over ipv4ll routes

shared: split out in_addr related calls from socket-util.[ch] into its private in-addr-util.[ch] These are enough calls for a new file, and they are sufficiently different from the sockaddr-related calls, hence let's split this out.

networkd: add support for mode This patch adds supports networkd to configure bond mode during creation via persistent conf. Mode can be configured with conf param 'Mode'. A new section Bond is added to the conf to support bond mode. These modes can be configured now. balance-rr active-backup balance-xor broadcast 802.3ad balance-tlb balance-alb Example conf file: test-bond.conf [NetDev] Name=bond1 Kind=bond [Bond] Mode=balance-xor Test case: 1. start networkd service: 12: bond1: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT group default link/ether 22:89:6c:47:23:d2 brd ff:ff:ff:ff:ff:ff 2. find bond mode: cat /proc/net/bonding/bond1 Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011) Bonding Mode: load balancing (xor) Transmit Hash Policy: layer2 (0) MII Status: up MII Polling Interval (ms): 0 Up Delay (ms): 0 Down Delay (ms): 0 Changes: 1. Added file networkd-bond.c 2. Bond mode enum BondMode 3. conf section [Bond] [tomegun: whitespace]

networkd: add support for peer address This patch adds peer address support for networkd . In the [Address] a new configurable param is Peer. [Match] Name=ipip-tun [Address] Address=10.0.0.1/32 Peer=10.0.0.2/32

networkd: tunnels - make tunnel address parsing generic It had a bug in the typing, fix that and also make it save the address family so we can print proper error messages.

networkd: Introduce tun/tap device This patch introduces TUN/TAP device creation support to networkd. Example conf to create a tap device: file: tap.netdev ------------------ [NetDev] Name=tap-test Kind=tap [Tap] OneQueue=true MultiQueue=true PacketInfo=true User=sus Group=sus ------------------ Test: 1. output of ip link tap-test: tap pi one_queue UNKNOWN_FLAGS:900 user 1000 group 1000 id: uid=1000(sus) gid=10(wheel) groups=10(wheel),1000(sus) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 Modifications: Added: 1. file networkd-tuntap.c 3. netdev kind NETDEV_KIND_TUN and NETDEV_KIND_TAP 2. Tun and Tap Sections and config params to parse conf and gperf conf parameters [tomegun: tweak the 'kind' checking for received ifindex]

networkd: split out vlan and macvlan handling

networkd: netdev - add dummy support

networkd: send hostname to dhcp server Send hostname (option 12) in DISCOVER and REQUEST messages so the DHCP server could use it to register with dynamic DNS and such. To opt-out of this behaviour set SendHostname to false in [DHCP] section of .network file [tomegun: rebased, made sure a failing set_hostname is a noop and moved config from DHCPv4 to DHCP]

networkd: tunnel - ensure that enslave callback is always invoked The Link statemachine relies on this, as it would otherwise wait forever. Hook up the tunnels in the same way as the other NetDev's.

Add support for DHCP static route options This adds support for DHCP options 33 and 121: Static Route and Classless Static Route. To enable this feature, set UseRoutes=true in .network file. Returned routes are added to the routing table.

networkd: merge DHCPv4 and DHCPv6 config If there are v4 or v6 specific options we can keep those in separate sections, but for the common options, we will use only one. Moreovere only use DHCP=[yes/both|no/none|v4|v6] to enable or disable the clients.

networkd: Add initial DHCPv6 support Enable DHCPv6 support by creating a DHCPv6 boolean in the Network section. Add necessary DHCPv6 structures and initial function calls.

networkd: add address pool support When an address is configured to be all zeroes, networkd will now automatically find a locally unused network of the right size from a list of pre-configured pools. Currently those pools are 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 and fc00::/7, i.e. the network ranges for private networks. They are compiled in, but should be configurable eventually. This allows applying the same configuration to a large number of interfaces with each time a different IP range block, and management of these IP ranges is fully automatic. When allocating an address range from the pool it is made sure the range is not used otherwise.

socket-util: introduce in_addr_union similar to sockaddr_union and make use of it everywhere

networkd: introduce vxlan This patch enables netwokd to create vxlan Changes: Added: 1. File networkd networkd-vxlan.c 2. to netdev bool learning struct in_addr group uint64_t vxlanid; 3. VXLAN subsection and config parameters

networkd: rename netdev variables Rename the netdev variables. Remove tunnel_ so that it can be reused .

networkd: netdev - allow setting MACAddress in .netdev files It may sometimes be necessary to specify the MAC address of a netdev. Let us set the correct one from the get-go, rather than having the kernel generate a random one, and then change it after.

networkd: link - left-align debug messages Still add some whitespace betwen ifname and the message to get the messages aligned (as I find it easier to spot specific messages this way).

networkd: add dhcp server support When enabled in [Network] it will set up a dhcp server on the interface, listening on one of its statically configured IPv4 addresses and with a fixed size pool of leases determined from it. Example: [Match] Name=ve-arch-tree [Network] Address=192.168.12.5/24 DHCPServer=yes [Route] Gateway=192.168.12.5 Destination=192.168.12.0/24 In this case we will configure ve-arch-tree with the address 192.168.12.5 and hand out addresses in the range 192.168.12.6 - 192.168.12.38. In the future, we should (as suggested by Lennart) introduce a syntax to pick the server address automatically.

networkd: drop CAP_SYS_MODULE Rely on modules being built-in or autoloaded on-demand. As networkd is a network facing service, we want to limits its capabilities, as much as possible. Also, we may not have CAP_SYS_MODULE in a container, and we want networkd to work the same there. Module autoloading does not always work, but should be fixed by the kernel patch f98f89a0104454f35a: 'net: tunnels - enable module autoloading', which is currently in net-next and which people may consider backporting if they want tunneling support without compiling in the modules. Early adopters may also use a module-load.d snippet and order systemd-modules-load.service before networkd to force the module loading of tunneling modules. This sholud fix the various build issues people have reported.

networkd: introduce vti tunnel This patch enables vti tunnel support. example conf: file : vti.netdev [NetDev] Name=vti-tun Kind=vti MTUBytes=1480 [Tunnel] Local=X.X.X.X Remote=X.X.X.X file: vti.network [Match] Name=em1 [Network] Tunnel=vti-tun TODO: Add more attributes for vti tunnel IFLA_VTI_IKEY IFLA_VTI_OKEY

networkd: sit-tunnel add support for pmtudisc This patch adds path of mtu discovery for sit tunnel. To enable/disable DiscoverPathMTU is introduced. Example configuration file: sit.netdev [NetDev] Name=sit-tun Kind=sit MTUBytes=1480 [Tunnel] DiscoverPathMTU=1 Local=X.X.X.X Remote=X.X.X.X By default pmtudisc is turned on , if DiscoverPathMTU is missing from the config. To turn it off DiscoverPathMTU=0 needs to be set.

networkd: introduce veth device support This patch adds veth device support to networkd. Example conf: File: veth.netdev [NetDev] Name=veth-test Kind=veth [Peer] Name=veth-peer

networkd/sd-network: extend operational states Expose states 'degraded' or 'routable' if a link has a site/link-local or a routable address, respectively.

networkd/sd-network: expose statically configured NTP servers

resolved: add daemon to manage resolv.conf Also remove the equivalent functionality from networkd.

networkd: keep list of active addresses

networkd: IP address equality

networkd: manager - read fallback DNS servers from config file We will still use the compiled-in defaults if no DNS entry exists in the config file.

networkd: network - store DNS servers in List rather than Set This way we preserve the order of preference.

networkd: hardcode a set of default dns servers Similarly to NTP servers, this can be set at compile-time.

networkd: rename Address and Route list fields

networkd: logging - align messages

networkd: rename NetDev variable for consistency with Link

networkd: manager - don't leak kmod context Also, keep the kmod_new internal to networkd-manager.c

networkd: introduce ipip tunnel This patch enables basic ipip tunnel support. It works with kernel module ipip example conf: file: ipip.netdev [NetDev] Name=ipip-tun Kind=ipip MTUBytes=1480 [Tunnel] Local=192.168.223.238 Remote=192.169.224.239 TTL=64 file: ipip.network [Match] Name=em1 [Network] Tunnel=ipip-tun [tomegun: - drop unused variable - take ref when enslaving]

networkd: get preexiting addresses when a link is added

networkd: link - introduce LINGER state and link_drop() We need the LINGER state in case we still have references to the link after it has been dropped.

networkd: netdev - introduce LINGER state and netdev_drop() We need the LINGER state in case we still have references to the netdev after it has been dropped.

networkd: network - merge all netdev parsing into one function

networkd: introduce refcounting for Links and NetDevs

networkd: link - clean up state files Also keep the path to the lease file around rather than regenarating it all the time.

sd-network: expose global operational state

networkd: link - support IFLA_OPERSTATE This properly detects the state of the link based on both the link flags and the operstate. Moreover, always log state-changes even if we are not yet managing the link.

networkd: link - add explicit unmanaged state

networkd: tie links to rtnl rather than udev This essentially swaps the roles of rtnl and udev in networkd. After this change libudev is only used for waiting for udev to initialize devices and to get udev-specific information needed for some [Match] attributes. This in particular simplifies the code in containers where udev is not really useful, but also simplifies things and reduces round-trips in the non-container case.

networkd: smooth transition from ipv4ll to dhcp address Currently when both ipv4ll and dhcp are enabled, ipv4ll address (if one has been claimed) is removed when dhcp address is aquired. This is not the best thing to do since there might be clients unaware of the removal trying to communicate. This patch provides a smooth transition between ipv4ll and dhcp. If ipv4ll address was claimed [1] before dhcp, address is marked as deprecated. Deprecated address is still a valid address and packets can be received on it but address cannot be selected as a source address. If dhcp lease cannot be extended, then ipv4ll address is marked as valid again. [1] If there is no collision, claiming IPv4LL takes between 4 to 7 seconds.

networkd: netdev - verify that newlink messages has the expected kind We match 'newlink' messages with expected netdev's based on their names. Now also make sure that the receieved link has the expected kind.

sd-ipv4ll/networkd: generate predictable addresses Increase the chance of using the same link local address between reboots. The pseudo random sequence of addresses we attempt is now seeded with data that is very likely to stay the same between reboots, but at the same time be unique to the specific machine/nic. First we try to use the ID_NET_NAME_* data from the udev db combined with the machin-id, which is guaranteed to be unique and persistent, if available. If that is not possible (e.g., in containers where we don't have access to the udev db) we fallback to using the MAC address of the interface, which is guaranteed to be unique, and likely to be persistent. [tomegun: three minor changes: - don't expose HASH_KEY in the siphash24 header - get rid of some compile-warnings (and some casts at the same time), by using uint8_t[8] rather than uint64_t in the api - added commit message]

networkd: allow more than one static DNS server

network: link - simplify code a bit and remove some debug logging

sd-network: IPv4 link-local support [v2] Implements IPv4LL with respect to RFC 3927 (http://tools.ietf.org/rfc/rfc3927.txt) and integrates it with networkd. Majority of the IPv4LL state machine is taken from avahi (http://avahi.org/) project's autoip. IPv4LL can be enabled by IPv4LL=yes under [Network] section of .network file. IPv4LL works independent of DHCP but if DHCP lease is aquired, then LL address will be dropped. [tomegun: removed a trailing newline and a compiler warning]

sd-network: add new library This is similar to sd-login, but exposes the state of networkd rather than logind. Include it in libsystemd-dhcp and rename it to libsystemd-network.

networkd: add basic support for MACVLANs

networkd: handle SIGINT and SIGTERM

.network/.netdev/.link: allow to match on architecture

networkd: netdev - allow filtering on kernel cmdline, host and virt

network/link: Match - filter on kernel cmdline, host and virt

networkd: refactor link_add() :( Don't set set **ret when returning r < 0, as matching on the errno may easily give false positives in the future leading to null pointer dereference. Reported-by: David Herrmann <dh.herrmann@gmail.com>

sd-rtnl: always include linux/rtnetlink.h

networkd: VLAN - allow multiple vlans to be created on a link Also limit the range of vlan ids. Other implementations and documentation use the ranges {0,1}-{4094,4095}, but we use the one accepted by the kernel: 0-4094. Reported-by: Oleksii Shevchuk <alxchk@gmail.com>

networkd: netdev - rename Netdev to NetDev Both in the configuration file format and everywhere else in the code.

sd-dhcp-client: split sd_dhcp_lease from sd_dhcp_client This allows us users of the library to keep copies of old leases. This is used by networkd to know what addresses to drop (if any) when the lease expires. In the future this may be used by DNAv4 and sd-dhcp-server.

networkd: netdev - reduce chance of race when receiving netdev's ifindex When creating a new link, the kernel will not inform us about the new ifindex in its ack. We have to listen for newly created devices and deduce the new ifindex by matching on the ifname. We used to do this by waiting for a new device from libudev, but that is asking for trouble, as udev will happily rename the device before handing it to us. Listen on rtnl instead, the chance of the name being changed before reaching us is much smaller (if not nil). Kernel patch in the works to make this unneccessary.

networkd: address - add support for broadcast

net-util: verify the address family Error out if the address family is already set to something incompatible with the address being parsed.

networkd: dhcpv4 - add notion of 'CriticalConnection' These connections are never torn down, even when the DHCP specifications say that they should be. This is useful/necessary when the rootfs (or another critical fs) is mounted over this network connection, and dataloss would result if the connection is lost. This option defaults to off, but our initrd generator (TBD) will enable it when applicable.

networkd: add basic VLAN support

networkd: add basic bonding support Refactor bridging support to be generic netdev support and extend it to cover bonding as well.

sd-dhcp-client/networkd: add domainname support

sd-dhcp-client/networkd: add transient hostname support

sd-dhcp-client/networkd: add interface MTU support

networkd: DHCPv4 - allow opting out of using DNS servers Setting UseDNS=no will ignore any received DNS servers.

networkd: generate resolv.conf This adds support to generate a basic resolv.conf in /run/systemd/network. This file will not take any effect unless a symlink is created from /etc/resolv.conf. Nameservers received over DHCP takes precedence over statically configured ones. Note: /etc/resolv.conf is severely limited, so in the future we will likely rather provide a much more powerfull nss plugin (or something to that effect), but this should allow current users to function without any loss of functionality.

networkd: bridge - remove redundant state We will not insist on getting the reply from rtnl that the bridge was created before considering the bridge ready, as we will be notified about that via udev. We will listen for the rtnl response however, in case the creation of the bridge failed.

network: use GNU-ism to simplify macros Thanks David!

networkd: print the received DHCPv4 address and gateway It seems that networkd stores in_addr.s_addr contents in reverse order (little-endian, not network order). This is a bit confusing, but sd_rtnl evidently likes this order.

networkd: use structured logging for links and bridges

No need to canonicalize fixed paths

networkd: refuse to use .network files with missing Address/Gateway key These keys are mandatory in [Address]/[Route] sections. Otherwise, we hit an assert: ens3: setting addresses Assertion 'address->family == 2 || address->family == 10' failed at /build/amd64-generic/tmp/portage/sys-apps/systemd-9999-r1/work/systemd-9999/src/network/networkd-address.c:137, function address_configure(). Aborting. Reported-by: Alex Polvi <alex.polvi@coreos.com> At the same time make sure Route's Destination and Gateway uses the same address family.

networkd: print the ifindex of added links This debug information may be useful when comapring to dropped rtnetlink messages.

networkd: add DHCPv4 support This adds basic DHCPv4 support. Link-sense is enabled unconditionally, but the plan is to make that configurable. I tested this in a VM with lots of NICs and over wifi in the various coffee shops I found this Christmas, but more testing would definitely be appreciated.

networkd: distinguish between static and dynamic addresses/routes Static addresses/routes are associated with a network. Dynamic addresses/routes are associtade with links (as the corresponding network may be shared by several links).

network: add support for dropping address

networkd: link - remove useless states Rework the state-machine a bit.

networkd: rename link_update_flags to link_update We are likely to track more than the flags in the future.

networkd: add link-sense and simplify state-machine a bit This listens to rtnetlink for changes to IFF_UP and IFF_LOWER_UP (link sense). The latter is simply logged at the moment, but will be useful once we add dhcp support.

networkd: add bridge support A bridge is specified in a .netdev file with a section [Bridge] and at least the entry Name=. A link may be joined to a bridge if the .network applied to it has a Bridge= entry giving the name of the bridge in its [Network] section. We eagerly create all bridges on startup, and links are added to bridges as soon as they both appear.

networkd: minor fixes In particular, store the ifname, though we should only use it carefully, as it is not guaranteed to be stable. Using it for logging is fine though.

networkd: add support for [Address] sections This will allow specifying more options per address than the simple Address= entry in the [Network] section. Preliminary support for the same functionality for [Route] sections are added, but not yet hooked up, as more testing is needed.

conf-parser: distinguish between multiple sections with the same name Pass on the line on which a section was decleared to the parsers, so they can distinguish between multiple sections (if they chose to). Currently no parsers take advantage of this, but a follow-up patch will do that to distinguish [Address] Address=192.168.0.1/24 Label=one [Address] Address=192.168.0.2/24 Label=two from [Address] Address=192.168.0.1/24 Label=one Address=192.168.0.2/24 Label=two

networkd: make sure Links and Networks are freed

networkd: make all calls async

networkd: store netmask and mac address explicitly

networkd: add a basic network daemon This daemon listens for and configures network devices tagged with 'systemd-networkd'. By default, no devices are tagged so this daemon can safely run in parallel with existing network daemons/scripts. Networks are configured in /etc/systemd/network/*.network. The first .network file that matches a given link is applied. The matching logic is similar to the one for .link files, but additionally supports matching on interface name. The mid-term aim is to provide an alternative to ad-hoc scripts currently used in initrd's and for wired setups that don't change much (e.g., as seen on servers/and some embedded systems). Currently, static addresses and a gateway can be configured. Example .network file: [Match] Name=wlp2s0 [Network] Description=My Network Gateway=192.168.1.1 Address=192.168.1.23/24 Address=fe80::9aee:94ff:fe3f:c618/64