From a70ec7f19f3375c9eeda9f9a2f4181ca008239fc Mon Sep 17 00:00:00 2001 From: Nick Owens Date: Fri, 1 May 2015 11:48:08 -0700 Subject: networkd: create "kernel" setting for IPForwarding In 5a8bcb674f71a20e95df55319b34c556638378ce, IPForwarding was introduced to set forwarding flags on interfaces in .network files. networkd sets forwarding options regardless of the previous setting, even if it was set by e.g. sysctl. This commit creates a new option for IPForwarding, "kernel", that preserves the sysctl settings rather than always setting them. See https://bugs.freedesktop.org/show_bug.cgi?id=89509 for the initial bug report. --- src/network/networkd-link.c | 6 ++++++ src/network/networkd-manager.c | 4 ++++ src/network/networkd.h | 1 + 3 files changed, 11 insertions(+) diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c index f039a2d687..b30fd7ae89 100644 --- a/src/network/networkd-link.c +++ b/src/network/networkd-link.c @@ -1481,6 +1481,9 @@ static int link_set_ipv4_forward(Link *link) { const char *p = NULL; int r; + if (link->network->ip_forward == ADDRESS_FAMILY_KERNEL) + return 0; + p = strjoina("/proc/sys/net/ipv4/conf/", link->ifname, "/forwarding"); r = write_string_file_no_create(p, one_zero(link_ipv4_forward_enabled(link))); if (r < 0) @@ -1497,6 +1500,9 @@ static int link_set_ipv6_forward(Link *link) { if (!socket_ipv6_is_supported()) return 0; + if (link->network->ip_forward == ADDRESS_FAMILY_KERNEL) + return 0; + p = strjoina("/proc/sys/net/ipv6/conf/", link->ifname, "/forwarding"); r = write_string_file_no_create(p, one_zero(link_ipv6_forward_enabled(link))); if (r < 0) diff --git a/src/network/networkd-manager.c b/src/network/networkd-manager.c index db737ad484..2cc53df4b1 100644 --- a/src/network/networkd-manager.c +++ b/src/network/networkd-manager.c @@ -853,6 +853,8 @@ const char *address_family_boolean_to_string(AddressFamilyBoolean b) { return "ipv4"; if (b == ADDRESS_FAMILY_IPV6) return "ipv6"; + if (b == ADDRESS_FAMILY_KERNEL) + return "kernel"; return NULL; } @@ -872,6 +874,8 @@ AddressFamilyBoolean address_family_boolean_from_string(const char *s) { return ADDRESS_FAMILY_IPV4; if (streq(s, "ipv6")) return ADDRESS_FAMILY_IPV6; + if (streq(s, "kernel")) + return ADDRESS_FAMILY_KERNEL; return _ADDRESS_FAMILY_BOOLEAN_INVALID; } diff --git a/src/network/networkd.h b/src/network/networkd.h index 4b13d4aed1..49afeffe81 100644 --- a/src/network/networkd.h +++ b/src/network/networkd.h @@ -60,6 +60,7 @@ typedef enum AddressFamilyBoolean { ADDRESS_FAMILY_IPV4 = 1, ADDRESS_FAMILY_IPV6 = 2, ADDRESS_FAMILY_YES = 3, + ADDRESS_FAMILY_KERNEL = 4, _ADDRESS_FAMILY_BOOLEAN_MAX, _ADDRESS_FAMILY_BOOLEAN_INVALID = -1, } AddressFamilyBoolean; -- cgit v1.2.3-54-g00ecf From 3ed7e9c735219456a9b6561f9ece617fec1a7aa1 Mon Sep 17 00:00:00 2001 From: Nick Owens Date: Tue, 2 Jun 2015 15:42:21 -0700 Subject: man: document IPForward=kernel option --- man/systemd.network.xml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/man/systemd.network.xml b/man/systemd.network.xml index bd061c270a..54fef4c9c4 100644 --- a/man/systemd.network.xml +++ b/man/systemd.network.xml @@ -366,7 +366,8 @@ the routing table. Takes either a boolean argument, or the values ipv4 or ipv6, which only enables IP forwarding for the specified address - family. This controls the + family, or kernel, which preserves existing sysctl settings. + This controls the net.ipv4.conf.<interface>.forwarding and net.ipv6.conf.<interface>.forwarding @@ -375,8 +376,8 @@ for details about sysctl options). Defaults to no. - Note: unless this option is turned on, no IP - forwarding is done on this interface, even if this is + Note: unless this option is turned on, or set to kernel, + no IP forwarding is done on this interface, even if this is globally turned on in the kernel, with the net.ipv4.ip_forward and net.ipv4.ip_forward sysctl -- cgit v1.2.3-54-g00ecf