Line data Source code
1 : /* SPDX-License-Identifier: LGPL-2.1+ */
2 :
3 : #include <net/if.h>
4 : #include <stdlib.h>
5 :
6 : #include "sd-netlink.h"
7 :
8 : #include "loopback-setup.h"
9 : #include "missing.h"
10 : #include "netlink-util.h"
11 : #include "time-util.h"
12 :
13 : #define LOOPBACK_SETUP_TIMEOUT_USEC (5 * USEC_PER_SEC)
14 :
15 : struct state {
16 : unsigned n_messages;
17 : int rcode;
18 : const char *error_message;
19 : const char *success_message;
20 : };
21 :
22 3 : static int generic_handler(sd_netlink *rtnl, sd_netlink_message *m, void *userdata) {
23 3 : struct state *s = userdata;
24 : int r;
25 :
26 3 : assert(s);
27 3 : assert(s->n_messages > 0);
28 3 : s->n_messages--;
29 :
30 3 : errno = 0;
31 :
32 3 : r = sd_netlink_message_get_errno(m);
33 3 : if (r < 0)
34 3 : log_debug_errno(r, "%s: %m", s->error_message);
35 : else
36 0 : log_debug("%s", s->success_message);
37 :
38 3 : s->rcode = r;
39 3 : return 0;
40 : }
41 :
42 1 : static int start_loopback(sd_netlink *rtnl, struct state *s) {
43 1 : _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL;
44 : int r;
45 :
46 1 : assert(rtnl);
47 1 : assert(s);
48 :
49 1 : r = sd_rtnl_message_new_link(rtnl, &req, RTM_SETLINK, LOOPBACK_IFINDEX);
50 1 : if (r < 0)
51 0 : return r;
52 :
53 1 : r = sd_rtnl_message_link_set_flags(req, IFF_UP, IFF_UP);
54 1 : if (r < 0)
55 0 : return r;
56 :
57 1 : r = sd_netlink_call_async(rtnl, NULL, req, generic_handler, NULL, s, LOOPBACK_SETUP_TIMEOUT_USEC, "systemd-start-loopback");
58 1 : if (r < 0)
59 0 : return r;
60 :
61 1 : s->n_messages ++;
62 1 : return 0;
63 : }
64 :
65 1 : static int add_ipv4_address(sd_netlink *rtnl, struct state *s) {
66 1 : _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL;
67 : int r;
68 :
69 1 : assert(rtnl);
70 1 : assert(s);
71 :
72 1 : r = sd_rtnl_message_new_addr(rtnl, &req, RTM_NEWADDR, LOOPBACK_IFINDEX, AF_INET);
73 1 : if (r < 0)
74 0 : return r;
75 :
76 1 : r = sd_rtnl_message_addr_set_prefixlen(req, 8);
77 1 : if (r < 0)
78 0 : return r;
79 :
80 1 : r = sd_rtnl_message_addr_set_flags(req, IFA_F_PERMANENT);
81 1 : if (r < 0)
82 0 : return r;
83 :
84 1 : r = sd_rtnl_message_addr_set_scope(req, RT_SCOPE_HOST);
85 1 : if (r < 0)
86 0 : return r;
87 :
88 1 : r = sd_netlink_message_append_in_addr(req, IFA_LOCAL, &(struct in_addr) { .s_addr = htobe32(INADDR_LOOPBACK) } );
89 1 : if (r < 0)
90 0 : return r;
91 :
92 1 : r = sd_netlink_call_async(rtnl, NULL, req, generic_handler, NULL, s, USEC_INFINITY, "systemd-loopback-ipv4");
93 1 : if (r < 0)
94 0 : return r;
95 :
96 1 : s->n_messages ++;
97 1 : return 0;
98 : }
99 :
100 1 : static int add_ipv6_address(sd_netlink *rtnl, struct state *s) {
101 1 : _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL;
102 : int r;
103 :
104 1 : assert(rtnl);
105 1 : assert(s);
106 :
107 1 : r = sd_rtnl_message_new_addr(rtnl, &req, RTM_NEWADDR, LOOPBACK_IFINDEX, AF_INET6);
108 1 : if (r < 0)
109 0 : return r;
110 :
111 1 : r = sd_rtnl_message_addr_set_prefixlen(req, 128);
112 1 : if (r < 0)
113 0 : return r;
114 :
115 1 : r = sd_rtnl_message_addr_set_flags(req, IFA_F_PERMANENT);
116 1 : if (r < 0)
117 0 : return r;
118 :
119 1 : r = sd_rtnl_message_addr_set_scope(req, RT_SCOPE_HOST);
120 1 : if (r < 0)
121 0 : return r;
122 :
123 1 : r = sd_netlink_message_append_in6_addr(req, IFA_LOCAL, &in6addr_loopback);
124 1 : if (r < 0)
125 0 : return r;
126 :
127 1 : r = sd_netlink_call_async(rtnl, NULL, req, generic_handler, NULL, s, USEC_INFINITY, "systemd-loopback-ipv6");
128 1 : if (r < 0)
129 0 : return r;
130 :
131 1 : s->n_messages ++;
132 1 : return 0;
133 : }
134 :
135 1 : static bool check_loopback(sd_netlink *rtnl) {
136 1 : _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;
137 : unsigned flags;
138 : int r;
139 :
140 1 : r = sd_rtnl_message_new_link(rtnl, &req, RTM_GETLINK, LOOPBACK_IFINDEX);
141 1 : if (r < 0)
142 0 : return false;
143 :
144 1 : r = sd_netlink_call(rtnl, req, USEC_INFINITY, &reply);
145 1 : if (r < 0)
146 0 : return false;
147 :
148 1 : r = sd_rtnl_message_link_get_flags(reply, &flags);
149 1 : if (r < 0)
150 0 : return false;
151 :
152 1 : return flags & IFF_UP;
153 : }
154 :
155 1 : int loopback_setup(void) {
156 1 : _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
157 1 : struct state state_4 = {
158 : .error_message = "Failed to add address 127.0.0.1 to loopback interface",
159 : .success_message = "Successfully added address 127.0.0.1 to loopback interface",
160 1 : }, state_6 = {
161 : .error_message = "Failed to add address ::1 to loopback interface",
162 : .success_message = "Successfully added address ::1 to loopback interface",
163 1 : }, state_up = {
164 : .error_message = "Failed to bring loopback interface up",
165 : .success_message = "Successfully brought loopback interface up",
166 : };
167 : int r;
168 :
169 1 : r = sd_netlink_open(&rtnl);
170 1 : if (r < 0)
171 0 : return log_error_errno(r, "Failed to open netlink: %m");
172 :
173 : /* Note that we add the IP addresses here explicitly even though the kernel does that too implicitly when
174 : * setting up the loopback device. The reason we do this here a second time (and possibly race against the
175 : * kernel) is that we want to synchronously wait until the IP addresses are set up correctly, see
176 : *
177 : * https://github.com/systemd/systemd/issues/5641 */
178 :
179 1 : r = add_ipv4_address(rtnl, &state_4);
180 1 : if (r < 0)
181 0 : return log_error_errno(r, "Failed to enqueue IPv4 loopback address add request: %m");
182 :
183 1 : r = add_ipv6_address(rtnl, &state_6);
184 1 : if (r < 0)
185 0 : return log_error_errno(r, "Failed to enqueue IPv6 loopback address add request: %m");
186 :
187 1 : r = start_loopback(rtnl, &state_up);
188 1 : if (r < 0)
189 0 : return log_error_errno(r, "Failed to enqueue loopback interface start request: %m");
190 :
191 4 : while (state_4.n_messages + state_6.n_messages + state_up.n_messages > 0) {
192 3 : r = sd_netlink_wait(rtnl, LOOPBACK_SETUP_TIMEOUT_USEC);
193 3 : if (r < 0)
194 0 : return log_error_errno(r, "Failed to wait for netlink event: %m");
195 :
196 3 : r = sd_netlink_process(rtnl, NULL);
197 3 : if (r < 0)
198 0 : return log_warning_errno(r, "Failed to process netlink event: %m");
199 : }
200 :
201 : /* Note that we don't really care whether the addresses could be added or not */
202 1 : if (state_up.rcode != 0) {
203 : /* If we lack the permissions to configure the loopback device,
204 : * but we find it to be already configured, let's exit cleanly,
205 : * in order to supported unprivileged containers. */
206 1 : if (state_up.rcode == -EPERM && check_loopback(rtnl))
207 1 : return 0;
208 :
209 0 : return log_warning_errno(state_up.rcode, "Failed to configure loopback device: %m");
210 : }
211 :
212 0 : return 0;
213 : }
|
