Merge pull request #495 from poettering/forwarding-fix

networkd: be more defensive when writing to ipv4/ipv6 forwarding sett…
2025-01-06 13:17:44 +03:00 · 2015-07-06 14:22:23 -04:00 · 2015-07-06 14:22:23 -04:00 · f767522a65
commit f767522a65
parent 5541c88977 15dee3f07c
3 changed files with 39 additions and 6 deletions
--- a/src/basic/fileio.c
+++ b/src/basic/fileio.c
@ -134,6 +134,17 @@ int read_one_line_file(const char *fn, char **line) {
        return 0;
 }

+int verify_one_line_file(const char *fn, const char *line) {
+        _cleanup_free_ char *value = NULL;
+        int r;
+
+        r = read_one_line_file(fn, &value);
+        if (r < 0)
+                return r;
+
+        return streq(value, line);
+}
+
 int read_full_stream(FILE *f, char **contents, size_t *size) {
        size_t n, l;
        _cleanup_free_ char *buf = NULL;
--- a/src/basic/fileio.h
+++ b/src/basic/fileio.h
@ -34,6 +34,8 @@ int read_one_line_file(const char *fn, char **line);
 int read_full_file(const char *fn, char **contents, size_t *size);
 int read_full_stream(FILE *f, char **contents, size_t *size);

+int verify_one_line_file(const char *fn, const char *line);
+
 int parse_env_file(const char *fname, const char *separator, ...) _sentinel_;
 int load_env_file(FILE *f, const char *fname, const char *separator, char ***l);
 int load_env_file_pairs(FILE *f, const char *fname, const char *separator, char ***l);
--- a/src/network/networkd-link.c
+++ b/src/network/networkd-link.c
@ -1486,35 +1486,55 @@ static int link_enter_join_netdev(Link *link) {
 }

 static int link_set_ipv4_forward(Link *link) {
-        const char *p = NULL;
+        const char *p = NULL, *v;
        int r;

+        if (link->flags & IFF_LOOPBACK)
+                return 0;
+
        if (link->network->ip_forward == _ADDRESS_FAMILY_BOOLEAN_INVALID)
                return 0;

        p = strjoina("/proc/sys/net/ipv4/conf/", link->ifname, "/forwarding");
-        r = write_string_file_no_create(p, one_zero(link_ipv4_forward_enabled(link)));
-        if (r < 0)
+        v = one_zero(link_ipv4_forward_enabled(link));
+
+        r = write_string_file_no_create(p, v);
+        if (r < 0) {
+                /* If the right value is set anyway, don't complain */
+                if (verify_one_line_file(p, v) > 0)
+                        return 0;
+
                log_link_warning_errno(link, r, "Cannot configure IPv4 forwarding for interface %s: %m", link->ifname);
+        }

        return 0;
 }

 static int link_set_ipv6_forward(Link *link) {
-        const char *p = NULL;
+        const char *p = NULL, *v = NULL;
        int r;

        /* Make this a NOP if IPv6 is not available */
        if (!socket_ipv6_is_supported())
                return 0;

+        if (link->flags & IFF_LOOPBACK)
+                return 0;
+
        if (link->network->ip_forward == _ADDRESS_FAMILY_BOOLEAN_INVALID)
                return 0;

        p = strjoina("/proc/sys/net/ipv6/conf/", link->ifname, "/forwarding");
-        r = write_string_file_no_create(p, one_zero(link_ipv6_forward_enabled(link)));
-        if (r < 0)
+        v = one_zero(link_ipv6_forward_enabled(link));
+
+        r = write_string_file_no_create(p, v);
+        if (r < 0) {
+                /* If the right value is set anyway, don't complain */
+                if (verify_one_line_file(p, v) > 0)
+                        return 0;
+
                log_link_warning_errno(link, r, "Cannot configure IPv6 forwarding for interface: %m");
+        }

        return 0;
 }