1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <net/if.h>
4 #include <stdlib.h>
5
6 #include "sd-netlink.h"
7
8 #include "loopback-setup.h"
9 #include "missing_network.h"
10 #include "netlink-util.h"
11 #include "time-util.h"
12
13 #define LOOPBACK_SETUP_TIMEOUT_USEC (5 * USEC_PER_SEC)
14
15 struct state {
16 unsigned n_messages;
17 int rcode;
18 const char *error_message;
19 const char *success_message;
20 const char *eexist_message;
21 };
22
generic_handler(sd_netlink * rtnl,sd_netlink_message * m,void * userdata)23 static int generic_handler(sd_netlink *rtnl, sd_netlink_message *m, void *userdata) {
24 struct state *s = userdata;
25 int r;
26
27 assert(s);
28 assert(s->n_messages > 0);
29 s->n_messages--;
30
31 errno = 0;
32
33 r = sd_netlink_message_get_errno(m);
34 if (r == -EEXIST && s->eexist_message)
35 log_debug_errno(r, "%s", s->eexist_message);
36 else if (r < 0)
37 log_debug_errno(r, "%s: %m", s->error_message);
38 else
39 log_debug("%s", s->success_message);
40
41 s->rcode = r;
42 return 0;
43 }
44
start_loopback(sd_netlink * rtnl,struct state * s)45 static int start_loopback(sd_netlink *rtnl, struct state *s) {
46 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL;
47 int r;
48
49 assert(rtnl);
50 assert(s);
51
52 r = sd_rtnl_message_new_link(rtnl, &req, RTM_SETLINK, LOOPBACK_IFINDEX);
53 if (r < 0)
54 return r;
55
56 r = sd_rtnl_message_link_set_flags(req, IFF_UP, IFF_UP);
57 if (r < 0)
58 return r;
59
60 r = sd_netlink_call_async(rtnl, NULL, req, generic_handler, NULL, s, LOOPBACK_SETUP_TIMEOUT_USEC, "systemd-start-loopback");
61 if (r < 0)
62 return r;
63
64 s->n_messages ++;
65 return 0;
66 }
67
add_ipv4_address(sd_netlink * rtnl,struct state * s)68 static int add_ipv4_address(sd_netlink *rtnl, struct state *s) {
69 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL;
70 int r;
71
72 assert(rtnl);
73 assert(s);
74
75 r = sd_rtnl_message_new_addr(rtnl, &req, RTM_NEWADDR, LOOPBACK_IFINDEX, AF_INET);
76 if (r < 0)
77 return r;
78
79 r = sd_rtnl_message_addr_set_prefixlen(req, 8);
80 if (r < 0)
81 return r;
82
83 r = sd_rtnl_message_addr_set_flags(req, IFA_F_PERMANENT);
84 if (r < 0)
85 return r;
86
87 r = sd_rtnl_message_addr_set_scope(req, RT_SCOPE_HOST);
88 if (r < 0)
89 return r;
90
91 r = sd_netlink_message_append_in_addr(req, IFA_LOCAL, &(struct in_addr) { .s_addr = htobe32(INADDR_LOOPBACK) } );
92 if (r < 0)
93 return r;
94
95 r = sd_netlink_call_async(rtnl, NULL, req, generic_handler, NULL, s, USEC_INFINITY, "systemd-loopback-ipv4");
96 if (r < 0)
97 return r;
98
99 s->n_messages ++;
100 return 0;
101 }
102
add_ipv6_address(sd_netlink * rtnl,struct state * s)103 static int add_ipv6_address(sd_netlink *rtnl, struct state *s) {
104 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL;
105 int r;
106
107 assert(rtnl);
108 assert(s);
109
110 r = sd_rtnl_message_new_addr(rtnl, &req, RTM_NEWADDR, LOOPBACK_IFINDEX, AF_INET6);
111 if (r < 0)
112 return r;
113
114 r = sd_rtnl_message_addr_set_prefixlen(req, 128);
115 if (r < 0)
116 return r;
117
118 r = sd_rtnl_message_addr_set_flags(req, IFA_F_PERMANENT);
119 if (r < 0)
120 return r;
121
122 r = sd_rtnl_message_addr_set_scope(req, RT_SCOPE_HOST);
123 if (r < 0)
124 return r;
125
126 r = sd_netlink_message_append_in6_addr(req, IFA_LOCAL, &in6addr_loopback);
127 if (r < 0)
128 return r;
129
130 r = sd_netlink_call_async(rtnl, NULL, req, generic_handler, NULL, s, USEC_INFINITY, "systemd-loopback-ipv6");
131 if (r < 0)
132 return r;
133
134 s->n_messages ++;
135 return 0;
136 }
137
check_loopback(sd_netlink * rtnl)138 static bool check_loopback(sd_netlink *rtnl) {
139 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;
140 unsigned flags;
141 int r;
142
143 r = sd_rtnl_message_new_link(rtnl, &req, RTM_GETLINK, LOOPBACK_IFINDEX);
144 if (r < 0)
145 return false;
146
147 r = sd_netlink_call(rtnl, req, USEC_INFINITY, &reply);
148 if (r < 0)
149 return false;
150
151 r = sd_rtnl_message_link_get_flags(reply, &flags);
152 if (r < 0)
153 return false;
154
155 return flags & IFF_UP;
156 }
157
loopback_setup(void)158 int loopback_setup(void) {
159 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
160 struct state state_4 = {
161 .error_message = "Failed to add address 127.0.0.1 to loopback interface",
162 .success_message = "Successfully added address 127.0.0.1 to loopback interface",
163 .eexist_message = "127.0.0.1 has already been added to loopback interface",
164 }, state_6 = {
165 .error_message = "Failed to add address ::1 to loopback interface",
166 .success_message = "Successfully added address ::1 to loopback interface",
167 .eexist_message = "::1 has already been added to loopback interface",
168 }, state_up = {
169 .error_message = "Failed to bring loopback interface up",
170 .success_message = "Successfully brought loopback interface up",
171 };
172 int r;
173
174 r = sd_netlink_open(&rtnl);
175 if (r < 0)
176 return log_error_errno(r, "Failed to open netlink: %m");
177
178 /* Note that we add the IP addresses here explicitly even though the kernel does that too implicitly when
179 * setting up the loopback device. The reason we do this here a second time (and possibly race against the
180 * kernel) is that we want to synchronously wait until the IP addresses are set up correctly, see
181 *
182 * https://github.com/systemd/systemd/issues/5641 */
183
184 r = add_ipv4_address(rtnl, &state_4);
185 if (r < 0)
186 return log_error_errno(r, "Failed to enqueue IPv4 loopback address add request: %m");
187
188 r = add_ipv6_address(rtnl, &state_6);
189 if (r < 0)
190 return log_error_errno(r, "Failed to enqueue IPv6 loopback address add request: %m");
191
192 r = start_loopback(rtnl, &state_up);
193 if (r < 0)
194 return log_error_errno(r, "Failed to enqueue loopback interface start request: %m");
195
196 while (state_4.n_messages + state_6.n_messages + state_up.n_messages > 0) {
197 r = sd_netlink_wait(rtnl, LOOPBACK_SETUP_TIMEOUT_USEC);
198 if (r < 0)
199 return log_error_errno(r, "Failed to wait for netlink event: %m");
200
201 r = sd_netlink_process(rtnl, NULL);
202 if (r < 0)
203 return log_warning_errno(r, "Failed to process netlink event: %m");
204 }
205
206 /* Note that we don't really care whether the addresses could be added or not */
207 if (state_up.rcode != 0) {
208 /* If we lack the permissions to configure the loopback device,
209 * but we find it to be already configured, let's exit cleanly,
210 * in order to supported unprivileged containers. */
211 if (state_up.rcode == -EPERM && check_loopback(rtnl))
212 return 0;
213
214 return log_warning_errno(state_up.rcode, "Failed to configure loopback device: %m");
215 }
216
217 return 0;
218 }
219