diff --git a/src/basic/meson.build b/src/basic/meson.build index 052b145104..8e914d5e10 100644 --- a/src/basic/meson.build +++ b/src/basic/meson.build @@ -52,7 +52,6 @@ basic_sources = files( 'initrd-util.c', 'inotify-util.c', 'io-util.c', - 'ioprio-util.c', 'iovec-util.c', 'iovec-wrapper.c', 'label.c', diff --git a/src/basic/missing_network.h b/src/basic/missing_network.h index c5600d9fc6..450c64bff0 100644 --- a/src/basic/missing_network.h +++ b/src/basic/missing_network.h @@ -3,11 +3,6 @@ #include /* IWYU pragma: export */ -/* linux/in.h or netinet/in.h (since glibc-2.32) */ -#ifndef IPPROTO_MPTCP -#define IPPROTO_MPTCP 262 -#endif - /* Not exposed but defined at include/net/ip.h */ #ifndef IPV4_MIN_MTU #define IPV4_MIN_MTU 68 @@ -22,11 +17,6 @@ #define LOOPBACK_IFINDEX 1 #endif -/* Not exposed yet. Similar values are defined in net/ethernet.h */ -#ifndef ETHERTYPE_LLDP -#define ETHERTYPE_LLDP 0x88cc -#endif - /* Not exposed but defined in linux/netdevice.h */ #ifndef MAX_PHYS_ITEM_ID_LEN #define MAX_PHYS_ITEM_ID_LEN 32 diff --git a/src/libsystemd-network/lldp-neighbor.c b/src/libsystemd-network/lldp-neighbor.c index e35df5e145..727e8feb33 100644 --- a/src/libsystemd-network/lldp-neighbor.c +++ b/src/libsystemd-network/lldp-neighbor.c @@ -10,7 +10,6 @@ #include "lldp-neighbor.h" #include "lldp-rx-internal.h" #include "memory-util.h" -#include "missing_network.h" #include "prioq.h" #include "siphash24.h" #include "unaligned.h" @@ -181,7 +180,7 @@ int lldp_neighbor_parse(sd_lldp_neighbor *n) { memcpy(&h, LLDP_NEIGHBOR_RAW(n), sizeof(h)); - if (h.ether_type != htobe16(ETHERTYPE_LLDP)) + if (h.ether_type != htobe16(ETH_P_LLDP)) return log_lldp_rx_errno(n->lldp_rx, SYNTHETIC_ERRNO(EBADMSG), "Received packet with wrong type, ignoring."); diff --git a/src/libsystemd-network/lldp-network.c b/src/libsystemd-network/lldp-network.c index 38e5ddb691..53dd50c606 100644 --- a/src/libsystemd-network/lldp-network.c +++ b/src/libsystemd-network/lldp-network.c @@ -4,7 +4,6 @@ #include "fd-util.h" #include "lldp-network.h" -#include "missing_network.h" #include "socket-util.h" int lldp_network_bind_raw_socket(int ifindex) { @@ -18,7 +17,7 @@ int lldp_network_bind_raw_socket(int ifindex) { BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, 0x000e, 1, 0), /* A != 00:0e */ BPF_STMT(BPF_RET + BPF_K, 0), /* drop packet */ BPF_STMT(BPF_LD + BPF_H + BPF_ABS, offsetof(struct ethhdr, h_proto)), /* A <- protocol */ - BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, ETHERTYPE_LLDP, 1, 0), /* A != ETHERTYPE_LLDP */ + BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, ETH_P_LLDP, 1, 0), /* A != ETH_P_LLDP */ BPF_STMT(BPF_RET + BPF_K, 0), /* drop packet */ BPF_STMT(BPF_RET + BPF_K, UINT32_MAX), /* accept packet */ }; @@ -41,7 +40,7 @@ int lldp_network_bind_raw_socket(int ifindex) { assert(ifindex > 0); fd = socket(AF_PACKET, SOCK_RAW|SOCK_CLOEXEC|SOCK_NONBLOCK, - htobe16(ETHERTYPE_LLDP)); + htobe16(ETH_P_LLDP)); if (fd < 0) return -errno; diff --git a/src/libsystemd-network/sd-lldp-tx.c b/src/libsystemd-network/sd-lldp-tx.c index 9b86558eba..b836081d93 100644 --- a/src/libsystemd-network/sd-lldp-tx.c +++ b/src/libsystemd-network/sd-lldp-tx.c @@ -391,7 +391,7 @@ static int lldp_tx_create_packet(sd_lldp_tx *lldp_tx, size_t *ret_packet_size, u return -ENOMEM; header = (struct ether_header*) packet; - header->ether_type = htobe16(ETHERTYPE_LLDP); + header->ether_type = htobe16(ETH_P_LLDP); memcpy(header->ether_dhost, lldp_multicast_addr + lldp_tx->mode, ETH_ALEN); memcpy(header->ether_shost, &lldp_tx->hwaddr, ETH_ALEN); @@ -502,7 +502,7 @@ static int lldp_tx_send_packet(sd_lldp_tx *lldp_tx, size_t packet_size, const ui sa = (union sockaddr_union) { .ll.sll_family = AF_PACKET, - .ll.sll_protocol = htobe16(ETHERTYPE_LLDP), + .ll.sll_protocol = htobe16(ETH_P_LLDP), .ll.sll_ifindex = lldp_tx->ifindex, .ll.sll_halen = ETH_ALEN, }; diff --git a/src/basic/ioprio-util.c b/src/shared/ioprio-util.c similarity index 100% rename from src/basic/ioprio-util.c rename to src/shared/ioprio-util.c diff --git a/src/basic/ioprio-util.h b/src/shared/ioprio-util.h similarity index 100% rename from src/basic/ioprio-util.h rename to src/shared/ioprio-util.h diff --git a/src/shared/meson.build b/src/shared/meson.build index 38dd3b498d..2336e6a7df 100644 --- a/src/shared/meson.build +++ b/src/shared/meson.build @@ -97,6 +97,7 @@ shared_sources = files( 'install-file.c', 'install-printf.c', 'install.c', + 'ioprio-util.c', 'ip-protocol-list.c', 'ipvlan-util.c', 'journal-file-util.c', diff --git a/src/test/test-bpf-firewall.c b/src/test/test-bpf-firewall.c index 737934ca87..6c82e3d296 100644 --- a/src/test/test-bpf-firewall.c +++ b/src/test/test-bpf-firewall.c @@ -32,8 +32,6 @@ int main(int argc, char *argv[]) { char log_buf[65535]; struct rlimit rl; int r; - union bpf_attr attr; - const char *test_prog = "/sys/fs/bpf/test-dropper"; test_setup_logging(LOG_DEBUG); @@ -63,25 +61,15 @@ int main(int argc, char *argv[]) { _cleanup_free_ char *unit_dir = NULL; ASSERT_OK(get_testdata_dir("units", &unit_dir)); ASSERT_OK(setenv_unit_path(unit_dir)); - assert_se(runtime_dir = setup_fake_runtime_dir()); + ASSERT_NOT_NULL(runtime_dir = setup_fake_runtime_dir()); - r = bpf_program_new(BPF_PROG_TYPE_CGROUP_SKB, "sd_trivial", &p); - ASSERT_EQ(r, 0); - - r = bpf_program_add_instructions(p, exit_insn, ELEMENTSOF(exit_insn)); - ASSERT_EQ(r, 0); - - r = bpf_program_load_kernel(p, log_buf, ELEMENTSOF(log_buf)); - ASSERT_OK(r); - - zero(attr); - attr.pathname = PTR_TO_UINT64(test_prog); - attr.bpf_fd = p->kernel_fd; - attr.file_flags = 0; + ASSERT_OK(bpf_program_new(BPF_PROG_TYPE_CGROUP_SKB, "sd_trivial", &p)); + ASSERT_OK(bpf_program_add_instructions(p, exit_insn, ELEMENTSOF(exit_insn))); + ASSERT_OK(bpf_program_load_kernel(p, log_buf, ELEMENTSOF(log_buf))); + const char *test_prog = "/sys/fs/bpf/test-dropper"; (void) unlink(test_prog); - - ASSERT_OK(bpf(BPF_OBJ_PIN, &attr, sizeof(attr))); + ASSERT_OK(bpf_program_pin(p->kernel_fd, test_prog)); p = bpf_program_free(p); @@ -90,9 +78,9 @@ int main(int argc, char *argv[]) { ASSERT_OK(manager_new(RUNTIME_SCOPE_USER, MANAGER_TEST_RUN_BASIC, &m)); ASSERT_OK(manager_startup(m, NULL, NULL, NULL)); - assert_se(u = unit_new(m, sizeof(Service))); + ASSERT_NOT_NULL(u = unit_new(m, sizeof(Service))); ASSERT_EQ(unit_add_name(u, "foo.service"), 0); - assert_se(cc = unit_get_cgroup_context(u)); + ASSERT_NOT_NULL(cc = unit_get_cgroup_context(u)); u->perpetual = true; cc->ip_accounting = true; @@ -104,39 +92,39 @@ int main(int argc, char *argv[]) { ASSERT_EQ(config_parse_in_addr_prefixes(u->id, "filename", 1, "Service", 1, "IPAddressDeny", 0, "127.0.0.1/25", &cc->ip_address_deny, NULL), 0); ASSERT_EQ(config_parse_in_addr_prefixes(u->id, "filename", 1, "Service", 1, "IPAddressDeny", 0, "127.0.0.4", &cc->ip_address_deny, NULL), 0); - assert_se(set_size(cc->ip_address_allow) == 2); - assert_se(set_size(cc->ip_address_deny) == 4); + ASSERT_EQ(set_size(cc->ip_address_allow), 2u); + ASSERT_EQ(set_size(cc->ip_address_deny), 4u); /* The deny list is defined redundantly, let's ensure it will be properly reduced */ ASSERT_OK(in_addr_prefixes_reduce(cc->ip_address_allow)); ASSERT_OK(in_addr_prefixes_reduce(cc->ip_address_deny)); - assert_se(set_size(cc->ip_address_allow) == 2); - assert_se(set_size(cc->ip_address_deny) == 2); + ASSERT_EQ(set_size(cc->ip_address_allow), 2u); + ASSERT_EQ(set_size(cc->ip_address_deny), 2u); - assert_se(set_contains(cc->ip_address_allow, &(struct in_addr_prefix) { + ASSERT_TRUE(set_contains(cc->ip_address_allow, &(struct in_addr_prefix) { .family = AF_INET, .address.in.s_addr = htobe32((UINT32_C(10) << 24) | (UINT32_C(1) << 8)), .prefixlen = 24 })); - assert_se(set_contains(cc->ip_address_allow, &(struct in_addr_prefix) { + ASSERT_TRUE(set_contains(cc->ip_address_allow, &(struct in_addr_prefix) { .family = AF_INET, .address.in.s_addr = htobe32(0x7f000002), .prefixlen = 32 })); - assert_se(set_contains(cc->ip_address_deny, &(struct in_addr_prefix) { + ASSERT_TRUE(set_contains(cc->ip_address_deny, &(struct in_addr_prefix) { .family = AF_INET, .address.in.s_addr = htobe32(0x7f000000), .prefixlen = 25 })); - assert_se(set_contains(cc->ip_address_deny, &(struct in_addr_prefix) { + ASSERT_TRUE(set_contains(cc->ip_address_deny, &(struct in_addr_prefix) { .family = AF_INET, .address.in.s_addr = htobe32((UINT32_C(10) << 24) | (UINT32_C(3) << 8)), .prefixlen = 24 })); - assert_se(config_parse_exec(u->id, "filename", 1, "Service", 1, "ExecStart", SERVICE_EXEC_START, "/bin/ping -c 1 127.0.0.2 -W 5", SERVICE(u)->exec_command, u) == 0); - assert_se(config_parse_exec(u->id, "filename", 1, "Service", 1, "ExecStart", SERVICE_EXEC_START, "/bin/ping -c 1 127.0.0.3 -W 5", SERVICE(u)->exec_command, u) == 0); + ASSERT_OK(config_parse_exec(u->id, "filename", 1, "Service", 1, "ExecStart", SERVICE_EXEC_START, "/bin/ping -c 1 127.0.0.2 -W 5", SERVICE(u)->exec_command, u)); + ASSERT_OK(config_parse_exec(u->id, "filename", 1, "Service", 1, "ExecStart", SERVICE_EXEC_START, "/bin/ping -c 1 127.0.0.3 -W 5", SERVICE(u)->exec_command, u)); - assert_se(SERVICE(u)->exec_command[SERVICE_EXEC_START]); - assert_se(SERVICE(u)->exec_command[SERVICE_EXEC_START]->command_next); - assert_se(!SERVICE(u)->exec_command[SERVICE_EXEC_START]->command_next->command_next); + ASSERT_NOT_NULL(SERVICE(u)->exec_command[SERVICE_EXEC_START]); + ASSERT_NOT_NULL(SERVICE(u)->exec_command[SERVICE_EXEC_START]->command_next); + ASSERT_NULL(SERVICE(u)->exec_command[SERVICE_EXEC_START]->command_next->command_next); SERVICE(u)->type = SERVICE_ONESHOT; u->load_state = UNIT_LOADED; @@ -146,11 +134,11 @@ int main(int argc, char *argv[]) { r = bpf_firewall_compile(u); if (IN_SET(r, -ENOTTY, -ENOSYS, -EPERM)) return log_tests_skipped("Kernel doesn't support the necessary bpf bits (masked out via seccomp?)"); - assert_se(r >= 0); + ASSERT_OK(r); CGroupRuntime *crt = ASSERT_PTR(unit_get_cgroup_runtime(u)); - assert_se(crt->ip_bpf_ingress); - assert_se(crt->ip_bpf_egress); + ASSERT_NOT_NULL(crt->ip_bpf_ingress); + ASSERT_NOT_NULL(crt->ip_bpf_egress); r = bpf_program_load_kernel(crt->ip_bpf_ingress, log_buf, ELEMENTSOF(log_buf)); @@ -174,24 +162,24 @@ int main(int argc, char *argv[]) { ASSERT_OK(unit_start(u, NULL)); while (!IN_SET(SERVICE(u)->state, SERVICE_DEAD, SERVICE_FAILED)) - assert_se(sd_event_run(m->event, UINT64_MAX) >= 0); + ASSERT_OK(sd_event_run(m->event, UINT64_MAX)); - assert_se(SERVICE(u)->exec_command[SERVICE_EXEC_START]->exec_status.code == CLD_EXITED && - SERVICE(u)->exec_command[SERVICE_EXEC_START]->exec_status.status == EXIT_SUCCESS); + ASSERT_EQ(SERVICE(u)->exec_command[SERVICE_EXEC_START]->exec_status.code, CLD_EXITED); + ASSERT_EQ(SERVICE(u)->exec_command[SERVICE_EXEC_START]->exec_status.status, EXIT_SUCCESS); - assert_se(SERVICE(u)->exec_command[SERVICE_EXEC_START]->command_next->exec_status.code != CLD_EXITED || - SERVICE(u)->exec_command[SERVICE_EXEC_START]->command_next->exec_status.status != EXIT_SUCCESS); + ASSERT_TRUE(SERVICE(u)->exec_command[SERVICE_EXEC_START]->command_next->exec_status.code != CLD_EXITED || + SERVICE(u)->exec_command[SERVICE_EXEC_START]->command_next->exec_status.status != EXIT_SUCCESS); /* testing custom filter */ - assert_se(u = unit_new(m, sizeof(Service))); - assert_se(unit_add_name(u, "custom-filter.service") == 0); - assert_se(cc = unit_get_cgroup_context(u)); + ASSERT_NOT_NULL(u = unit_new(m, sizeof(Service))); + ASSERT_OK(unit_add_name(u, "custom-filter.service")); + ASSERT_NOT_NULL(cc = unit_get_cgroup_context(u)); u->perpetual = true; cc->ip_accounting = true; - assert_se(config_parse_ip_filter_bpf_progs(u->id, "filename", 1, "Service", 1, "IPIngressFilterPath", 0, test_prog, &cc->ip_filters_ingress, u) == 0); - assert_se(config_parse_exec(u->id, "filename", 1, "Service", 1, "ExecStart", SERVICE_EXEC_START, "-/bin/ping -c 1 127.0.0.1 -W 5", SERVICE(u)->exec_command, u) == 0); + ASSERT_OK(config_parse_ip_filter_bpf_progs(u->id, "filename", 1, "Service", 1, "IPIngressFilterPath", 0, test_prog, &cc->ip_filters_ingress, u)); + ASSERT_OK(config_parse_exec(u->id, "filename", 1, "Service", 1, "ExecStart", SERVICE_EXEC_START, "-/bin/ping -c 1 127.0.0.1 -W 5", SERVICE(u)->exec_command, u)); SERVICE(u)->type = SERVICE_ONESHOT; u->load_state = UNIT_LOADED; @@ -200,13 +188,13 @@ int main(int argc, char *argv[]) { ASSERT_OK(unit_start(u, NULL)); while (!IN_SET(SERVICE(u)->state, SERVICE_DEAD, SERVICE_FAILED)) - assert_se(sd_event_run(m->event, UINT64_MAX) >= 0); + ASSERT_OK(sd_event_run(m->event, UINT64_MAX)); - assert_se(SERVICE(u)->exec_command[SERVICE_EXEC_START]->exec_status.code != CLD_EXITED || - SERVICE(u)->exec_command[SERVICE_EXEC_START]->exec_status.status != EXIT_SUCCESS); + ASSERT_TRUE(SERVICE(u)->exec_command[SERVICE_EXEC_START]->exec_status.code != CLD_EXITED || + SERVICE(u)->exec_command[SERVICE_EXEC_START]->exec_status.status != EXIT_SUCCESS); (void) unlink(test_prog); - assert_se(SERVICE(u)->state == SERVICE_DEAD); + ASSERT_EQ(SERVICE(u)->state, SERVICE_DEAD); return 0; }