diff options
author | Lennart Poettering <lennart@poettering.net> | 2015-07-06 13:38:47 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2015-07-06 13:41:51 +0200 |
commit | 15dee3f07c646fd345b0aa30c6566071b3365db7 (patch) | |
tree | df46683e0b92a473722be313f4ab77f0fb00332e /src/network/networkd-link.c | |
parent | 1361205099406d2a19d64547448638a6b665af81 (diff) |
networkd: be more defensive when writing to ipv4/ipv6 forwarding settings
1) never bother with setting the flag for loopback devices
2) if we fail to write the flag due to EROFS (which is likely to happen
in containers where /proc/sys is read-only) or any other error, check
if the flag already has the right value. If so, don't complain.
Closes #469
Diffstat (limited to 'src/network/networkd-link.c')
-rw-r--r-- | src/network/networkd-link.c | 32 |
1 files changed, 26 insertions, 6 deletions
diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c index f67a19e50b..eb07e12773 100644 --- a/src/network/networkd-link.c +++ b/src/network/networkd-link.c @@ -1486,35 +1486,55 @@ static int link_enter_join_netdev(Link *link) { } static int link_set_ipv4_forward(Link *link) { - const char *p = NULL; + const char *p = NULL, *v; int r; + if (link->flags & IFF_LOOPBACK) + return 0; + if (link->network->ip_forward == _ADDRESS_FAMILY_BOOLEAN_INVALID) return 0; p = strjoina("/proc/sys/net/ipv4/conf/", link->ifname, "/forwarding"); - r = write_string_file_no_create(p, one_zero(link_ipv4_forward_enabled(link))); - if (r < 0) + v = one_zero(link_ipv4_forward_enabled(link)); + + r = write_string_file_no_create(p, v); + if (r < 0) { + /* If the right value is set anyway, don't complain */ + if (verify_one_line_file(p, v) > 0) + return 0; + log_link_warning_errno(link, r, "Cannot configure IPv4 forwarding for interface %s: %m", link->ifname); + } return 0; } static int link_set_ipv6_forward(Link *link) { - const char *p = NULL; + const char *p = NULL, *v = NULL; int r; /* Make this a NOP if IPv6 is not available */ if (!socket_ipv6_is_supported()) return 0; + if (link->flags & IFF_LOOPBACK) + return 0; + if (link->network->ip_forward == _ADDRESS_FAMILY_BOOLEAN_INVALID) return 0; p = strjoina("/proc/sys/net/ipv6/conf/", link->ifname, "/forwarding"); - r = write_string_file_no_create(p, one_zero(link_ipv6_forward_enabled(link))); - if (r < 0) + v = one_zero(link_ipv6_forward_enabled(link)); + + r = write_string_file_no_create(p, v); + if (r < 0) { + /* If the right value is set anyway, don't complain */ + if (verify_one_line_file(p, v) > 0) + return 0; + log_link_warning_errno(link, r, "Cannot configure IPv6 forwarding for interface: %m"); + } return 0; } |