morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-14 00:14:32 +09:00
Code Issues Packages Projects Releases Wiki Activity

Several assorted cleanups (#37888)

Browse Source
This commit is contained in:
Yu Watanabe
2025-06-20 00:58:48 +09:00
committed by GitHub
parent dbfe2faa48 68650ed391
commit 1b675afdbd
9 changed files with 44 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/basic/meson.build
View File

@@ -52,7 +52,6 @@ basic_sources = files(
'initrd-util.c',
'inotify-util.c',
'io-util.c',
'ioprio-util.c',
'iovec-util.c',
'iovec-wrapper.c',
'label.c',

10
src/basic/missing_network.h
View File

@@ -3,11 +3,6 @@
#include <netinet/in.h> /* IWYU pragma: export */
/* linux/in.h or netinet/in.h (since glibc-2.32) */
#ifndef IPPROTO_MPTCP
#define IPPROTO_MPTCP 262
#endif
/* Not exposed but defined at include/net/ip.h */
#ifndef IPV4_MIN_MTU
#define IPV4_MIN_MTU 68
@@ -22,11 +17,6 @@
#define LOOPBACK_IFINDEX 1
#endif
/* Not exposed yet. Similar values are defined in net/ethernet.h */
#ifndef ETHERTYPE_LLDP
#define ETHERTYPE_LLDP 0x88cc
#endif
/* Not exposed but defined in linux/netdevice.h */
#ifndef MAX_PHYS_ITEM_ID_LEN
#define MAX_PHYS_ITEM_ID_LEN 32

3
src/libsystemd-network/lldp-neighbor.c
View File

@@ -10,7 +10,6 @@
#include "lldp-neighbor.h"
#include "lldp-rx-internal.h"
#include "memory-util.h"
#include "missing_network.h"
#include "prioq.h"
#include "siphash24.h"
#include "unaligned.h"
@@ -181,7 +180,7 @@ int lldp_neighbor_parse(sd_lldp_neighbor *n) {
memcpy(&h, LLDP_NEIGHBOR_RAW(n), sizeof(h));
if (h.ether_type != htobe16(ETHERTYPE_LLDP))
if (h.ether_type != htobe16(ETH_P_LLDP))
return log_lldp_rx_errno(n->lldp_rx, SYNTHETIC_ERRNO(EBADMSG),
"Received packet with wrong type, ignoring.");

5
src/libsystemd-network/lldp-network.c
View File

@@ -4,7 +4,6 @@
#include "fd-util.h"
#include "lldp-network.h"
#include "missing_network.h"
#include "socket-util.h"
int lldp_network_bind_raw_socket(int ifindex) {
@@ -18,7 +17,7 @@ int lldp_network_bind_raw_socket(int ifindex) {
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, 0x000e, 1, 0), /* A != 00:0e */
BPF_STMT(BPF_RET + BPF_K, 0), /* drop packet */
BPF_STMT(BPF_LD + BPF_H + BPF_ABS, offsetof(struct ethhdr, h_proto)), /* A <- protocol */
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, ETHERTYPE_LLDP, 1, 0), /* A != ETHERTYPE_LLDP */
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, ETH_P_LLDP, 1, 0), /* A != ETH_P_LLDP */
BPF_STMT(BPF_RET + BPF_K, 0), /* drop packet */
BPF_STMT(BPF_RET + BPF_K, UINT32_MAX), /* accept packet */
};
@@ -41,7 +40,7 @@ int lldp_network_bind_raw_socket(int ifindex) {
assert(ifindex > 0);
fd = socket(AF_PACKET, SOCK_RAW|SOCK_CLOEXEC|SOCK_NONBLOCK,
htobe16(ETHERTYPE_LLDP));
htobe16(ETH_P_LLDP));
if (fd < 0)
return -errno;

4
src/libsystemd-network/sd-lldp-tx.c
View File

@@ -391,7 +391,7 @@ static int lldp_tx_create_packet(sd_lldp_tx *lldp_tx, size_t *ret_packet_size, u
return -ENOMEM;
header = (struct ether_header*) packet;
header->ether_type = htobe16(ETHERTYPE_LLDP);
header->ether_type = htobe16(ETH_P_LLDP);
memcpy(header->ether_dhost, lldp_multicast_addr + lldp_tx->mode, ETH_ALEN);
memcpy(header->ether_shost, &lldp_tx->hwaddr, ETH_ALEN);
@@ -502,7 +502,7 @@ static int lldp_tx_send_packet(sd_lldp_tx *lldp_tx, size_t packet_size, const ui
sa = (union sockaddr_union) {
.ll.sll_family = AF_PACKET,
.ll.sll_protocol = htobe16(ETHERTYPE_LLDP),
.ll.sll_protocol = htobe16(ETH_P_LLDP),
.ll.sll_ifindex = lldp_tx->ifindex,
.ll.sll_halen = ETH_ALEN,
};

0
src/basic/ioprio-util.c → src/shared/ioprio-util.c
View File

0
src/basic/ioprio-util.h → src/shared/ioprio-util.h
View File

1
src/shared/meson.build
View File

@@ -97,6 +97,7 @@ shared_sources = files(
'install-file.c',
'install-printf.c',
'install.c',
'ioprio-util.c',
'ip-protocol-list.c',
'ipvlan-util.c',
'journal-file-util.c',

88
src/test/test-bpf-firewall.c
View File

@@ -32,8 +32,6 @@ int main(int argc, char *argv[]) {
char log_buf[65535];
struct rlimit rl;
int r;
union bpf_attr attr;
const char *test_prog = "/sys/fs/bpf/test-dropper";
test_setup_logging(LOG_DEBUG);
@@ -63,25 +61,15 @@ int main(int argc, char *argv[]) {
_cleanup_free_ char *unit_dir = NULL;
ASSERT_OK(get_testdata_dir("units", &unit_dir));
ASSERT_OK(setenv_unit_path(unit_dir));
assert_se(runtime_dir = setup_fake_runtime_dir());
ASSERT_NOT_NULL(runtime_dir = setup_fake_runtime_dir());
r = bpf_program_new(BPF_PROG_TYPE_CGROUP_SKB, "sd_trivial", &p);
ASSERT_EQ(r, 0);
r = bpf_program_add_instructions(p, exit_insn, ELEMENTSOF(exit_insn));
ASSERT_EQ(r, 0);
r = bpf_program_load_kernel(p, log_buf, ELEMENTSOF(log_buf));
ASSERT_OK(r);
zero(attr);
attr.pathname = PTR_TO_UINT64(test_prog);
attr.bpf_fd = p->kernel_fd;
attr.file_flags = 0;
ASSERT_OK(bpf_program_new(BPF_PROG_TYPE_CGROUP_SKB, "sd_trivial", &p));
ASSERT_OK(bpf_program_add_instructions(p, exit_insn, ELEMENTSOF(exit_insn)));
ASSERT_OK(bpf_program_load_kernel(p, log_buf, ELEMENTSOF(log_buf)));
const char *test_prog = "/sys/fs/bpf/test-dropper";
(void) unlink(test_prog);
ASSERT_OK(bpf(BPF_OBJ_PIN, &attr, sizeof(attr)));
ASSERT_OK(bpf_program_pin(p->kernel_fd, test_prog));
p = bpf_program_free(p);
@@ -90,9 +78,9 @@ int main(int argc, char *argv[]) {
ASSERT_OK(manager_new(RUNTIME_SCOPE_USER, MANAGER_TEST_RUN_BASIC, &m));
ASSERT_OK(manager_startup(m, NULL, NULL, NULL));
assert_se(u = unit_new(m, sizeof(Service)));
ASSERT_NOT_NULL(u = unit_new(m, sizeof(Service)));
ASSERT_EQ(unit_add_name(u, "foo.service"), 0);
assert_se(cc = unit_get_cgroup_context(u));
ASSERT_NOT_NULL(cc = unit_get_cgroup_context(u));
u->perpetual = true;
cc->ip_accounting = true;
@@ -104,39 +92,39 @@ int main(int argc, char *argv[]) {
ASSERT_EQ(config_parse_in_addr_prefixes(u->id, "filename", 1, "Service", 1, "IPAddressDeny", 0, "127.0.0.1/25", &cc->ip_address_deny, NULL), 0);
ASSERT_EQ(config_parse_in_addr_prefixes(u->id, "filename", 1, "Service", 1, "IPAddressDeny", 0, "127.0.0.4", &cc->ip_address_deny, NULL), 0);
assert_se(set_size(cc->ip_address_allow) == 2);
assert_se(set_size(cc->ip_address_deny) == 4);
ASSERT_EQ(set_size(cc->ip_address_allow), 2u);
ASSERT_EQ(set_size(cc->ip_address_deny), 4u);
/* The deny list is defined redundantly, let's ensure it will be properly reduced */
ASSERT_OK(in_addr_prefixes_reduce(cc->ip_address_allow));
ASSERT_OK(in_addr_prefixes_reduce(cc->ip_address_deny));
assert_se(set_size(cc->ip_address_allow) == 2);
assert_se(set_size(cc->ip_address_deny) == 2);
ASSERT_EQ(set_size(cc->ip_address_allow), 2u);
ASSERT_EQ(set_size(cc->ip_address_deny), 2u);
assert_se(set_contains(cc->ip_address_allow, &(struct in_addr_prefix) {
ASSERT_TRUE(set_contains(cc->ip_address_allow, &(struct in_addr_prefix) {
.family = AF_INET,
.address.in.s_addr = htobe32((UINT32_C(10) << 24) | (UINT32_C(1) << 8)),
.prefixlen = 24 }));
assert_se(set_contains(cc->ip_address_allow, &(struct in_addr_prefix) {
ASSERT_TRUE(set_contains(cc->ip_address_allow, &(struct in_addr_prefix) {
.family = AF_INET,
.address.in.s_addr = htobe32(0x7f000002),
.prefixlen = 32 }));
assert_se(set_contains(cc->ip_address_deny, &(struct in_addr_prefix) {
ASSERT_TRUE(set_contains(cc->ip_address_deny, &(struct in_addr_prefix) {
.family = AF_INET,
.address.in.s_addr = htobe32(0x7f000000),
.prefixlen = 25 }));
assert_se(set_contains(cc->ip_address_deny, &(struct in_addr_prefix) {
ASSERT_TRUE(set_contains(cc->ip_address_deny, &(struct in_addr_prefix) {
.family = AF_INET,
.address.in.s_addr = htobe32((UINT32_C(10) << 24) | (UINT32_C(3) << 8)),
.prefixlen = 24 }));
assert_se(config_parse_exec(u->id, "filename", 1, "Service", 1, "ExecStart", SERVICE_EXEC_START, "/bin/ping -c 1 127.0.0.2 -W 5", SERVICE(u)->exec_command, u) == 0);
assert_se(config_parse_exec(u->id, "filename", 1, "Service", 1, "ExecStart", SERVICE_EXEC_START, "/bin/ping -c 1 127.0.0.3 -W 5", SERVICE(u)->exec_command, u) == 0);
ASSERT_OK(config_parse_exec(u->id, "filename", 1, "Service", 1, "ExecStart", SERVICE_EXEC_START, "/bin/ping -c 1 127.0.0.2 -W 5", SERVICE(u)->exec_command, u));
ASSERT_OK(config_parse_exec(u->id, "filename", 1, "Service", 1, "ExecStart", SERVICE_EXEC_START, "/bin/ping -c 1 127.0.0.3 -W 5", SERVICE(u)->exec_command, u));
assert_se(SERVICE(u)->exec_command[SERVICE_EXEC_START]);
assert_se(SERVICE(u)->exec_command[SERVICE_EXEC_START]->command_next);
assert_se(!SERVICE(u)->exec_command[SERVICE_EXEC_START]->command_next->command_next);
ASSERT_NOT_NULL(SERVICE(u)->exec_command[SERVICE_EXEC_START]);
ASSERT_NOT_NULL(SERVICE(u)->exec_command[SERVICE_EXEC_START]->command_next);
ASSERT_NULL(SERVICE(u)->exec_command[SERVICE_EXEC_START]->command_next->command_next);
SERVICE(u)->type = SERVICE_ONESHOT;
u->load_state = UNIT_LOADED;
@@ -146,11 +134,11 @@ int main(int argc, char *argv[]) {
r = bpf_firewall_compile(u);
if (IN_SET(r, -ENOTTY, -ENOSYS, -EPERM))
return log_tests_skipped("Kernel doesn't support the necessary bpf bits (masked out via seccomp?)");
assert_se(r >= 0);
ASSERT_OK(r);
CGroupRuntime *crt = ASSERT_PTR(unit_get_cgroup_runtime(u));
assert_se(crt->ip_bpf_ingress);
assert_se(crt->ip_bpf_egress);
ASSERT_NOT_NULL(crt->ip_bpf_ingress);
ASSERT_NOT_NULL(crt->ip_bpf_egress);
r = bpf_program_load_kernel(crt->ip_bpf_ingress, log_buf, ELEMENTSOF(log_buf));
@@ -174,24 +162,24 @@ int main(int argc, char *argv[]) {
ASSERT_OK(unit_start(u, NULL));
while (!IN_SET(SERVICE(u)->state, SERVICE_DEAD, SERVICE_FAILED))
assert_se(sd_event_run(m->event, UINT64_MAX) >= 0);
ASSERT_OK(sd_event_run(m->event, UINT64_MAX));
assert_se(SERVICE(u)->exec_command[SERVICE_EXEC_START]->exec_status.code == CLD_EXITED &&
SERVICE(u)->exec_command[SERVICE_EXEC_START]->exec_status.status == EXIT_SUCCESS);
ASSERT_EQ(SERVICE(u)->exec_command[SERVICE_EXEC_START]->exec_status.code, CLD_EXITED);
ASSERT_EQ(SERVICE(u)->exec_command[SERVICE_EXEC_START]->exec_status.status, EXIT_SUCCESS);
assert_se(SERVICE(u)->exec_command[SERVICE_EXEC_START]->command_next->exec_status.code != CLD_EXITED ||
SERVICE(u)->exec_command[SERVICE_EXEC_START]->command_next->exec_status.status != EXIT_SUCCESS);
ASSERT_TRUE(SERVICE(u)->exec_command[SERVICE_EXEC_START]->command_next->exec_status.code != CLD_EXITED ||
SERVICE(u)->exec_command[SERVICE_EXEC_START]->command_next->exec_status.status != EXIT_SUCCESS);
/* testing custom filter */
assert_se(u = unit_new(m, sizeof(Service)));
assert_se(unit_add_name(u, "custom-filter.service") == 0);
assert_se(cc = unit_get_cgroup_context(u));
ASSERT_NOT_NULL(u = unit_new(m, sizeof(Service)));
ASSERT_OK(unit_add_name(u, "custom-filter.service"));
ASSERT_NOT_NULL(cc = unit_get_cgroup_context(u));
u->perpetual = true;
cc->ip_accounting = true;
assert_se(config_parse_ip_filter_bpf_progs(u->id, "filename", 1, "Service", 1, "IPIngressFilterPath", 0, test_prog, &cc->ip_filters_ingress, u) == 0);
assert_se(config_parse_exec(u->id, "filename", 1, "Service", 1, "ExecStart", SERVICE_EXEC_START, "-/bin/ping -c 1 127.0.0.1 -W 5", SERVICE(u)->exec_command, u) == 0);
ASSERT_OK(config_parse_ip_filter_bpf_progs(u->id, "filename", 1, "Service", 1, "IPIngressFilterPath", 0, test_prog, &cc->ip_filters_ingress, u));
ASSERT_OK(config_parse_exec(u->id, "filename", 1, "Service", 1, "ExecStart", SERVICE_EXEC_START, "-/bin/ping -c 1 127.0.0.1 -W 5", SERVICE(u)->exec_command, u));
SERVICE(u)->type = SERVICE_ONESHOT;
u->load_state = UNIT_LOADED;
@@ -200,13 +188,13 @@ int main(int argc, char *argv[]) {
ASSERT_OK(unit_start(u, NULL));
while (!IN_SET(SERVICE(u)->state, SERVICE_DEAD, SERVICE_FAILED))
assert_se(sd_event_run(m->event, UINT64_MAX) >= 0);
ASSERT_OK(sd_event_run(m->event, UINT64_MAX));
assert_se(SERVICE(u)->exec_command[SERVICE_EXEC_START]->exec_status.code != CLD_EXITED ||
SERVICE(u)->exec_command[SERVICE_EXEC_START]->exec_status.status != EXIT_SUCCESS);
ASSERT_TRUE(SERVICE(u)->exec_command[SERVICE_EXEC_START]->exec_status.code != CLD_EXITED ||
SERVICE(u)->exec_command[SERVICE_EXEC_START]->exec_status.status != EXIT_SUCCESS);
(void) unlink(test_prog);
assert_se(SERVICE(u)->state == SERVICE_DEAD);
ASSERT_EQ(SERVICE(u)->state, SERVICE_DEAD);
return 0;
}