sd-lldp-tx: do not expose machine ID by default

Previously, systemd-networkd sent machine ID as chassis ID. Let's use application specific machine ID. This is a kind of backward compat breaking. Hence, this also introduces the support of $SD_LLDP_SEND_MACHINE_ID environment variable. Closes #37613.
2026-04-14 00:14:32 +09:00 · 2025-06-15 04:03:26 +09:00
parent 4fe348cfdf
commit 27546b769c
3 changed files with 30 additions and 1 deletions
--- a/7
+++ b/7
@@ -101,6 +101,13 @@ CHANGES WITH 258 in spe:
          IPv4DuplicateAddressDetectionTimeoutSec=. The default timeout value
          has been changed from 7 seconds to 200 milliseconds.

+        * systemd-networkd previously emitted the machine ID as chassis ID
+          through LLDP protocol, but now emits a deterministic ID,
+          cryptographically derived from the machine ID as chassis ID. If you
+          want to use the previous behavior, please set
+          SYSTEMD_LLDP_SEND_MACHINE_ID=1 environment variable to
+          systemd-networkd.
+
        * Support for the !! command line prefix on ExecStart= lines (and
          related) has been removed, and if specified will be ignored. The
          concept was supposed to provide compatibility with kernels that
--- a/docs/ENVIRONMENT.md
+++ b/docs/ENVIRONMENT.md
@@ -688,6 +688,9 @@ SYSTEMD_HOME_DEBUG_SUFFIX=foo \
  work, ProtectSystem=strict in systemd-networkd.service needs to be downgraded
  or disabled.

+* `$SYSTEMD_LLDP_SEND_MACHINE_ID` - takes a boolean, If true, systemd-networkd
+  sends machine ID as chassis ID through LLDP protocol.
+
 `systemd-storagetm`:

 * `$SYSTEMD_NVME_MODEL`, `$SYSTEMD_NVME_FIRMWARE`, `$SYSTEMD_NVME_SERIAL`,
--- a/src/libsystemd-network/sd-lldp-tx.c
+++ b/src/libsystemd-network/sd-lldp-tx.c
@@ -5,6 +5,7 @@
 #include "sd-lldp-tx.h"

 #include "alloc-util.h"
+#include "env-util.h"
 #include "ether-addr-util.h"
 #include "fd-util.h"
 #include "hostname-setup.h"
@@ -17,6 +18,8 @@
 #include "unaligned.h"
 #include "web-util.h"

+#define LLDP_APP_ID SD_ID128_MAKE(07,3a,43,bf,54,de,40,8d,8e,c4,96,ed,fd,94,72,dc)
+
 /* The LLDP spec calls this "txFastInit", see 9.2.5.19 */
 #define LLDP_FAST_TX_INIT 4U

@@ -325,6 +328,22 @@ static int packet_append_string(
        return packet_append_prefixed_string(packet, packet_size, offset, type, 0, NULL, str);
 }

+static int lldp_tx_get_machine_id(sd_id128_t *ret) {
+        int r;
+
+        assert(ret);
+
+        /* Unfortunately we previously exposed machine ID. If the environment variable is set, then
+         * use the machine ID as is. Otherwise, use application specific one. */
+        r = secure_getenv_bool("SYSTEMD_LLDP_SEND_MACHINE_ID");
+        if (r < 0 && r != -ENXIO)
+                log_debug_errno(r, "Failed to parse $SYSTEMD_LLDP_SEND_MACHINE_ID, ignoring: %m");
+        if (r > 0)
+                return sd_id128_get_machine(ret);
+
+        return sd_id128_get_machine_app_specific(LLDP_APP_ID, ret);
+}
+
 static int lldp_tx_create_packet(sd_lldp_tx *lldp_tx, size_t *ret_packet_size, uint8_t **ret_packet) {
        _cleanup_free_ char *hostname = NULL, *pretty_hostname = NULL;
        _cleanup_free_ uint8_t *packet = NULL;
@@ -343,7 +362,7 @@ static int lldp_tx_create_packet(sd_lldp_tx *lldp_tx, size_t *ret_packet_size, u
        if (r < 0)
                return r;

-        r = sd_id128_get_machine(&machine_id);
+        r = lldp_tx_get_machine_id(&machine_id);
        if (r < 0)
                return r;