1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-24 21:34:08 +03:00

Merge pull request #41 from mischief/ipforwarding

networkd: create "kernel" setting for IPForwarding
This commit is contained in:
Tom Gundersen 2015-06-03 01:02:51 +02:00
commit cfe907ab6e
4 changed files with 15 additions and 3 deletions

View File

@ -366,7 +366,8 @@
the routing table. Takes either a boolean argument, or the the routing table. Takes either a boolean argument, or the
values <literal>ipv4</literal> or <literal>ipv6</literal>, values <literal>ipv4</literal> or <literal>ipv6</literal>,
which only enables IP forwarding for the specified address which only enables IP forwarding for the specified address
family. This controls the family, or <literal>kernel</literal>, which preserves existing sysctl settings.
This controls the
<filename>net.ipv4.conf.&lt;interface&gt;.forwarding</filename> <filename>net.ipv4.conf.&lt;interface&gt;.forwarding</filename>
and and
<filename>net.ipv6.conf.&lt;interface&gt;.forwarding</filename> <filename>net.ipv6.conf.&lt;interface&gt;.forwarding</filename>
@ -375,8 +376,8 @@
for details about sysctl options). Defaults to for details about sysctl options). Defaults to
<literal>no</literal>.</para> <literal>no</literal>.</para>
<para>Note: unless this option is turned on, no IP <para>Note: unless this option is turned on, or set to <literal>kernel</literal>,
forwarding is done on this interface, even if this is no IP forwarding is done on this interface, even if this is
globally turned on in the kernel, with the globally turned on in the kernel, with the
<filename>net.ipv4.ip_forward</filename> and <filename>net.ipv4.ip_forward</filename> and
<filename>net.ipv4.ip_forward</filename> sysctl <filename>net.ipv4.ip_forward</filename> sysctl

View File

@ -1481,6 +1481,9 @@ static int link_set_ipv4_forward(Link *link) {
const char *p = NULL; const char *p = NULL;
int r; int r;
if (link->network->ip_forward == ADDRESS_FAMILY_KERNEL)
return 0;
p = strjoina("/proc/sys/net/ipv4/conf/", link->ifname, "/forwarding"); p = strjoina("/proc/sys/net/ipv4/conf/", link->ifname, "/forwarding");
r = write_string_file_no_create(p, one_zero(link_ipv4_forward_enabled(link))); r = write_string_file_no_create(p, one_zero(link_ipv4_forward_enabled(link)));
if (r < 0) if (r < 0)
@ -1497,6 +1500,9 @@ static int link_set_ipv6_forward(Link *link) {
if (!socket_ipv6_is_supported()) if (!socket_ipv6_is_supported())
return 0; return 0;
if (link->network->ip_forward == ADDRESS_FAMILY_KERNEL)
return 0;
p = strjoina("/proc/sys/net/ipv6/conf/", link->ifname, "/forwarding"); p = strjoina("/proc/sys/net/ipv6/conf/", link->ifname, "/forwarding");
r = write_string_file_no_create(p, one_zero(link_ipv6_forward_enabled(link))); r = write_string_file_no_create(p, one_zero(link_ipv6_forward_enabled(link)));
if (r < 0) if (r < 0)

View File

@ -853,6 +853,8 @@ const char *address_family_boolean_to_string(AddressFamilyBoolean b) {
return "ipv4"; return "ipv4";
if (b == ADDRESS_FAMILY_IPV6) if (b == ADDRESS_FAMILY_IPV6)
return "ipv6"; return "ipv6";
if (b == ADDRESS_FAMILY_KERNEL)
return "kernel";
return NULL; return NULL;
} }
@ -872,6 +874,8 @@ AddressFamilyBoolean address_family_boolean_from_string(const char *s) {
return ADDRESS_FAMILY_IPV4; return ADDRESS_FAMILY_IPV4;
if (streq(s, "ipv6")) if (streq(s, "ipv6"))
return ADDRESS_FAMILY_IPV6; return ADDRESS_FAMILY_IPV6;
if (streq(s, "kernel"))
return ADDRESS_FAMILY_KERNEL;
return _ADDRESS_FAMILY_BOOLEAN_INVALID; return _ADDRESS_FAMILY_BOOLEAN_INVALID;
} }

View File

@ -60,6 +60,7 @@ typedef enum AddressFamilyBoolean {
ADDRESS_FAMILY_IPV4 = 1, ADDRESS_FAMILY_IPV4 = 1,
ADDRESS_FAMILY_IPV6 = 2, ADDRESS_FAMILY_IPV6 = 2,
ADDRESS_FAMILY_YES = 3, ADDRESS_FAMILY_YES = 3,
ADDRESS_FAMILY_KERNEL = 4,
_ADDRESS_FAMILY_BOOLEAN_MAX, _ADDRESS_FAMILY_BOOLEAN_MAX,
_ADDRESS_FAMILY_BOOLEAN_INVALID = -1, _ADDRESS_FAMILY_BOOLEAN_INVALID = -1,
} AddressFamilyBoolean; } AddressFamilyBoolean;