diff options
| author | Lennart Poettering <lennart@poettering.net> | 2015-01-13 13:47:08 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2015-01-13 13:55:15 +0100 |
| commit | 5a8bcb674f71a20e95df55319b34c556638378ce (patch) | |
| tree | db1de9b03cb9bf4c017a0f620cf9d310c9de6098 /src/shared/in-addr-util.c | |
| parent | 76917807eb50ccde58901e8bec7ed3d408d1cc22 (diff) | |
networkd: add minimal IP forwarding and masquerading support to .network files
This adds two new settings to networkd's .network files:
IPForwarding=yes and IPMasquerade=yes. The former controls the
"forwarding" sysctl setting of the interface, thus controlling whether
IP forwarding shall be enabled on the specific interface. The latter
controls whether a firewall rule shall be installed that exposes traffic
coming from the interface as coming from the local host to all other
interfaces.
This also enables both options by default for container network
interfaces, thus making "systemd-nspawn --network-veth" have network
connectivity out of the box.
Diffstat (limited to 'src/shared/in-addr-util.c')
| -rw-r--r-- | src/shared/in-addr-util.c | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/src/shared/in-addr-util.c b/src/shared/in-addr-util.c index b02e7516ca..d88864b598 100644 --- a/src/shared/in-addr-util.c +++ b/src/shared/in-addr-util.c @@ -300,3 +300,39 @@ int in_addr_default_subnet_mask(const struct in_addr *addr, struct in_addr *mask in_addr_prefixlen_to_netmask(mask, prefixlen); return 0; } + +int in_addr_mask(int family, union in_addr_union *addr, unsigned char prefixlen) { + assert(addr); + + if (family == AF_INET) { + struct in_addr mask; + + if (!in_addr_prefixlen_to_netmask(&mask, prefixlen)) + return -EINVAL; + + addr->in.s_addr &= mask.s_addr; + return 0; + } + + if (family == AF_INET6) { + unsigned i; + + for (i = 0; i < 16; i++) { + uint8_t mask; + + if (prefixlen >= 8) { + mask = 0xFF; + prefixlen -= 8; + } else { + mask = 0xFF << (8 - prefixlen); + prefixlen = 0; + } + + addr->in6.s6_addr[i] &= mask; + } + + return 0; + } + + return -EAFNOSUPPORT; +} |