diff options
| author | Daniel Mack <github@zonque.org> | 2015-07-06 14:22:23 -0400 |
|---|---|---|
| committer | Daniel Mack <github@zonque.org> | 2015-07-06 14:22:23 -0400 |
| commit | f767522a65a03b164f30d6b9f089000ce5bcb730 (patch) | |
| tree | 535c9095676bafc970b607ece17577a89c9e1bd7 | |
| parent | 5541c88977e63215e74b7517fb33cb27e5a04f17 (diff) | |
| parent | 15dee3f07c646fd345b0aa30c6566071b3365db7 (diff) | |
Merge pull request #495 from poettering/forwarding-fix
networkd: be more defensive when writing to ipv4/ipv6 forwarding sett…
| -rw-r--r-- | src/basic/fileio.c | 11 | ||||
| -rw-r--r-- | src/basic/fileio.h | 2 | ||||
| -rw-r--r-- | src/network/networkd-link.c | 32 |
3 files changed, 39 insertions, 6 deletions
diff --git a/src/basic/fileio.c b/src/basic/fileio.c index ff6b1a7ed7..00fb6f8b5c 100644 --- a/src/basic/fileio.c +++ b/src/basic/fileio.c @@ -134,6 +134,17 @@ int read_one_line_file(const char *fn, char **line) { return 0; } +int verify_one_line_file(const char *fn, const char *line) { + _cleanup_free_ char *value = NULL; + int r; + + r = read_one_line_file(fn, &value); + if (r < 0) + return r; + + return streq(value, line); +} + int read_full_stream(FILE *f, char **contents, size_t *size) { size_t n, l; _cleanup_free_ char *buf = NULL; diff --git a/src/basic/fileio.h b/src/basic/fileio.h index 5ae51c1e28..91d4a0d2d5 100644 --- a/src/basic/fileio.h +++ b/src/basic/fileio.h @@ -34,6 +34,8 @@ int read_one_line_file(const char *fn, char **line); int read_full_file(const char *fn, char **contents, size_t *size); int read_full_stream(FILE *f, char **contents, size_t *size); +int verify_one_line_file(const char *fn, const char *line); + int parse_env_file(const char *fname, const char *separator, ...) _sentinel_; int load_env_file(FILE *f, const char *fname, const char *separator, char ***l); int load_env_file_pairs(FILE *f, const char *fname, const char *separator, char ***l); diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c index f67a19e50b..eb07e12773 100644 --- a/src/network/networkd-link.c +++ b/src/network/networkd-link.c @@ -1486,35 +1486,55 @@ static int link_enter_join_netdev(Link *link) { } static int link_set_ipv4_forward(Link *link) { - const char *p = NULL; + const char *p = NULL, *v; int r; + if (link->flags & IFF_LOOPBACK) + return 0; + if (link->network->ip_forward == _ADDRESS_FAMILY_BOOLEAN_INVALID) return 0; p = strjoina("/proc/sys/net/ipv4/conf/", link->ifname, "/forwarding"); - r = write_string_file_no_create(p, one_zero(link_ipv4_forward_enabled(link))); - if (r < 0) + v = one_zero(link_ipv4_forward_enabled(link)); + + r = write_string_file_no_create(p, v); + if (r < 0) { + /* If the right value is set anyway, don't complain */ + if (verify_one_line_file(p, v) > 0) + return 0; + log_link_warning_errno(link, r, "Cannot configure IPv4 forwarding for interface %s: %m", link->ifname); + } return 0; } static int link_set_ipv6_forward(Link *link) { - const char *p = NULL; + const char *p = NULL, *v = NULL; int r; /* Make this a NOP if IPv6 is not available */ if (!socket_ipv6_is_supported()) return 0; + if (link->flags & IFF_LOOPBACK) + return 0; + if (link->network->ip_forward == _ADDRESS_FAMILY_BOOLEAN_INVALID) return 0; p = strjoina("/proc/sys/net/ipv6/conf/", link->ifname, "/forwarding"); - r = write_string_file_no_create(p, one_zero(link_ipv6_forward_enabled(link))); - if (r < 0) + v = one_zero(link_ipv6_forward_enabled(link)); + + r = write_string_file_no_create(p, v); + if (r < 0) { + /* If the right value is set anyway, don't complain */ + if (verify_one_line_file(p, v) > 0) + return 0; + log_link_warning_errno(link, r, "Cannot configure IPv6 forwarding for interface: %m"); + } return 0; } |