From 15dee3f07c646fd345b0aa30c6566071b3365db7 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 6 Jul 2015 13:38:47 +0200
Subject: networkd: be more defensive when writing to ipv4/ipv6 forwarding
 settings

1) never bother with setting the flag for loopback devices

2) if we fail to write the flag due to EROFS (which is likely to happen
   in containers where /proc/sys is read-only) or any other error, check
   if the flag already has the right value. If so, don't complain.

Closes #469
---
 src/network/networkd-link.c | 32 ++++++++++++++++++++++++++------
 1 file changed, 26 insertions(+), 6 deletions(-)

(limited to 'src/network/networkd-link.c')

diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
index f67a19e50b..eb07e12773 100644
--- a/src/network/networkd-link.c
+++ b/src/network/networkd-link.c
@@ -1486,35 +1486,55 @@ static int link_enter_join_netdev(Link *link) {
 }
 
 static int link_set_ipv4_forward(Link *link) {
-        const char *p = NULL;
+        const char *p = NULL, *v;
         int r;
 
+        if (link->flags & IFF_LOOPBACK)
+                return 0;
+
         if (link->network->ip_forward == _ADDRESS_FAMILY_BOOLEAN_INVALID)
                 return 0;
 
         p = strjoina("/proc/sys/net/ipv4/conf/", link->ifname, "/forwarding");
-        r = write_string_file_no_create(p, one_zero(link_ipv4_forward_enabled(link)));
-        if (r < 0)
+        v = one_zero(link_ipv4_forward_enabled(link));
+
+        r = write_string_file_no_create(p, v);
+        if (r < 0) {
+                /* If the right value is set anyway, don't complain */
+                if (verify_one_line_file(p, v) > 0)
+                        return 0;
+
                 log_link_warning_errno(link, r, "Cannot configure IPv4 forwarding for interface %s: %m", link->ifname);
+        }
 
         return 0;
 }
 
 static int link_set_ipv6_forward(Link *link) {
-        const char *p = NULL;
+        const char *p = NULL, *v = NULL;
         int r;
 
         /* Make this a NOP if IPv6 is not available */
         if (!socket_ipv6_is_supported())
                 return 0;
 
+        if (link->flags & IFF_LOOPBACK)
+                return 0;
+
         if (link->network->ip_forward == _ADDRESS_FAMILY_BOOLEAN_INVALID)
                 return 0;
 
         p = strjoina("/proc/sys/net/ipv6/conf/", link->ifname, "/forwarding");
-        r = write_string_file_no_create(p, one_zero(link_ipv6_forward_enabled(link)));
-        if (r < 0)
+        v = one_zero(link_ipv6_forward_enabled(link));
+
+        r = write_string_file_no_create(p, v);
+        if (r < 0) {
+                /* If the right value is set anyway, don't complain */
+                if (verify_one_line_file(p, v) > 0)
+                        return 0;
+
                 log_link_warning_errno(link, r, "Cannot configure IPv6 forwarding for interface: %m");
+        }
 
         return 0;
 }
-- 
cgit v1.2.3-54-g00ecf