Age | Commit message (Collapse) | Author | Files | Lines |
|
network interfaces
This changes the default .network files we ship for nspawn containers to set
EmitLLDP=customer-bridge in order to allow propagation of the LLDP packets
across bridges. This is useful so that "networkctl status" shows all peers
connected to a virtual container network, collecting this data via LLDP. This
is safe since the default configuration for these interfaces does not bridge
these links to external interfaces, but relies on IP routing for this.
|
|
--network-zone=
This way, they "just work", similar to --network-veth behaves, as long as
networkd is enabled and running on all involved nodes.
|
|
Containers are relatively trusted and the veth tunnels are small networks,
hence let's turn on LLDP both ways for them.
|
|
If we have the data, emit it by default.
|
|
Let's turn on DHCP timezone passing from the host to a container, so
that the timezone is always in sync.
|
|
'LinkLocal' was renamed to 'LinkLocalAddressing' in:
commit 56fd6bf795926409b087bce406ea851ad89f9fe8
Author: Tom Gundersen <teg@jklm.no>
Date: Sat Feb 14 00:32:26 2015 +0100
networkd: .network - rename LinkLocal to LinkLocalAddressing
..but apparently the network files were not updated. Fix this.
|
|
This allows both IPv4 and IPv6 link-local addresses to be enabled or disabled. By default
we still enable IPv6LL and disable IPv4LL. The old config option is kept for backwards
compatibility, but removed from the documentation.
|
|
|
|
This introduces am AddressFamilyBoolean type that works more or less
like a booleaan, but can optionally turn on/off things for ipv4 and ipv6
independently. THis also ports the DHCP field over to it.
|
|
Should hopefully make it clear that this is not some magic value, just the default we picked.
Suggested by Jan Engelhardt.
|
|
This adds two new settings to networkd's .network files:
IPForwarding=yes and IPMasquerade=yes. The former controls the
"forwarding" sysctl setting of the interface, thus controlling whether
IP forwarding shall be enabled on the specific interface. The latter
controls whether a firewall rule shall be installed that exposes traffic
coming from the interface as coming from the local host to all other
interfaces.
This also enables both options by default for container network
interfaces, thus making "systemd-nspawn --network-veth" have network
connectivity out of the box.
|
|
Newer kernels export meta-information about the origin of an ifname. Respect this
from the ifname rename logic. We do not rename any interfaces that was originally
named by userspace, nor once which have already been renamed from userspace.
Moreover, we optionally do not (the default) rename interfaces which the kernel
claims to have named in a predictable way.
|
|
If there are v4 or v6 specific options we can keep those in separate sections,
but for the common options, we will use only one.
Moreovere only use DHCP=[yes/both|no/none|v4|v6] to enable or disable the clients.
|
|
|
|
|
|
|
|
IPv4LL on them
|
|
Now that we have a graceful handover from IPv4LL to DHCP, there is no longer any reason to leave this off by default.
|
|
When starting systemd-nspawn with --network-veth, we create a veth device called
host0 in the guest. Pick up on this and start a dhcp client on it. We will also
pick up host0 netdevs created by other containers should they chose to use the
same name.
|
|
|
|
This is private configuraiton, so let's not pollute the namespace (and hence make Debian happy :) ).
|