summaryrefslogtreecommitdiff
path: root/src/network
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2015-01-13 20:50:46 +0100
committerLennart Poettering <lennart@poettering.net>2015-01-13 20:55:13 +0100
commit43c6d5abacaebf813845934ec8d5e5ee3c431854 (patch)
treeac0e44a65ea82b254c6ce2e311583ecfea798c62 /src/network
parentcd1ddd542136c49831fa34de49321153dcc291e2 (diff)
networkd: propagate IPFoward= per-interface setting also to /proc/sys/net/ipv4/ip_forward
We need to turn on /proc/sys/net/ipv4/ip_forward before the per-interface forwarding setting is useful, hence let's propagate the per-interface setting once to the system-wide setting. Due to the unclear ownership rules of that flag, and the fact that turning it on also has effects on other sysctl flags we try to minimize changes to the flag, and only turn it on once. There's no logic to turning it off again, but this should be fairly unproblematic as the per-interface setting defaults to off anyway.
Diffstat (limited to 'src/network')
-rw-r--r--src/network/networkd-link.c30
1 files changed, 28 insertions, 2 deletions
diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
index e4800a10de..bc363f95b0 100644
--- a/src/network/networkd-link.c
+++ b/src/network/networkd-link.c
@@ -1237,12 +1237,38 @@ static int link_enter_join_netdev(Link *link) {
static int link_set_ipv4_forward(Link *link) {
const char *p = NULL;
+ bool b;
int r;
+ b = link_ipv4_forward_enabled(link);
+
p = strappenda("/proc/sys/net/ipv4/conf/", link->ifname, "/forwarding");
- r = write_string_file_no_create(p, one_zero(link_ipv4_forward_enabled(link)));
+ r = write_string_file_no_create(p, one_zero(b));
if (r < 0)
- log_link_warning_errno(link, r, "Cannot configure IPv4 forwarding for interface: %m");
+ log_link_warning_errno(link, r, "Cannot configure IPv4 forwarding for interface %s: %m", link->ifname);
+
+ if (b) {
+ _cleanup_free_ char *buf = NULL;
+
+ /* If IP forwarding is turned on for this interface,
+ * then propagate this to the global setting. Given
+ * that turning this on has side-effects on other
+ * fields, we'll try to avoid doing this unless
+ * necessary, hence check the previous value
+ * first. Note that we never turn this option off
+ * again, since all interfaces we manage do not do
+ * forwarding anyway by default, and ownership rules
+ * of this control are so unclear. */
+
+ r = read_one_line_file("/proc/sys/net/ipv4/ip_forward", &buf);
+ if (r < 0)
+ log_link_warning_errno(link, r, "Cannot read /proc/sys/net/ipv4/ip_forward: %m");
+ else if (!streq(buf, "1")) {
+ r = write_string_file_no_create("/proc/sys/net/ipv4/ip_forward", "1");
+ if (r < 0)
+ log_link_warning_errno(link, r, "Cannot write /proc/sys/net/ipv4/ip_forward: %m");
+ }
+ }
return 0;
}