1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-25 01:34:28 +03:00

Merge pull request #16092 from yuwata/network-accept-local-16090

network: introduce IPv4AcceptLocal= setting
This commit is contained in:
Lennart Poettering 2020-06-08 18:15:03 +02:00 committed by GitHub
commit b1481b2092
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 34 additions and 0 deletions

View File

@ -672,6 +672,13 @@
When unset, the kernel's default will be used.
</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>IPv4AcceptLocal=</varname></term>
<listitem><para>Takes a boolean. Accept packets with local source addresses. In combination
with suitable routing, this can be used to direct packets between two local interfaces over
the wire and have them accepted properly. When unset, the kernel's default will be used.
</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>IPv4ProxyARP=</varname></term>
<listitem><para>Takes a boolean. Configures proxy ARP for IPv4. Proxy ARP is the technique in which one host,

View File

@ -2532,6 +2532,22 @@ static int link_set_ipv6_mtu(Link *link) {
return 0;
}
static int link_set_ipv4_accept_local(Link *link) {
int r;
if (link->flags & IFF_LOOPBACK)
return 0;
if (link->network->ipv4_accept_local < 0)
return 0;
r = sysctl_write_ip_property_boolean(AF_INET, link->ifname, "accept_local", link->network->ipv4_accept_local);
if (r < 0)
log_link_warning_errno(link, r, "Cannot set IPv4 accept_local flag for interface: %m");
return 0;
}
static bool link_is_static_address_configured(Link *link, Address *address) {
Address *net_address;
@ -2871,6 +2887,10 @@ static int link_configure(Link *link) {
if (r < 0)
return r;
r = link_set_ipv4_accept_local(link);
if (r < 0)
return r;
r = link_set_flags(link);
if (r < 0)
return r;

View File

@ -96,6 +96,7 @@ Network.IPv6DuplicateAddressDetection, config_parse_int,
Network.IPv6HopLimit, config_parse_int, 0, offsetof(Network, ipv6_hop_limit)
Network.IPv6ProxyNDP, config_parse_tristate, 0, offsetof(Network, ipv6_proxy_ndp)
Network.IPv6MTUBytes, config_parse_mtu, AF_INET6, offsetof(Network, ipv6_mtu)
Network.IPv4AcceptLocal, config_parse_tristate, 0, offsetof(Network, ipv4_accept_local)
Network.ActiveSlave, config_parse_bool, 0, offsetof(Network, active_slave)
Network.PrimarySlave, config_parse_bool, 0, offsetof(Network, primary_slave)
Network.IPv4ProxyARP, config_parse_tristate, 0, offsetof(Network, proxy_arp)

View File

@ -450,6 +450,8 @@ int network_load_one(Manager *manager, OrderedHashmap **networks, const char *fi
/* If LinkLocalAddressing= is not set, then set to ADDRESS_FAMILY_IPV6 later. */
.link_local = _ADDRESS_FAMILY_INVALID,
.ipv4_accept_local = -1,
.ipv6_privacy_extensions = IPV6_PRIVACY_EXTENSIONS_NO,
.ipv6_accept_ra = -1,
.ipv6_dad_transmits = -1,

View File

@ -237,6 +237,7 @@ struct Network {
AddressFamily ip_forward;
bool ip_masquerade;
int ipv4_accept_local;
int ipv6_accept_ra;
int ipv6_dad_transmits;

View File

@ -153,6 +153,7 @@ Address=
IPv6ProxyNDPAddress=
IPv6AcceptRA=
IPv6AcceptRouterAdvertisements=
IPv4AcceptLocal=
DNSSECNegativeTrustAnchors=
MACVTAP=
IPv6PrivacyExtensions=

View File

@ -9,3 +9,4 @@ IPv6HopLimit=5
IPv4ProxyARP=true
IPv6ProxyNDP=true
IPv6AcceptRA=no
IPv4AcceptLocal=yes

View File

@ -2203,6 +2203,7 @@ class NetworkdNetworkTests(unittest.TestCase, Utilities):
self.assertEqual(read_ipv6_sysctl_attr('dummy98', 'proxy_ndp'), '1')
self.assertEqual(read_ipv4_sysctl_attr('dummy98', 'forwarding'),'1')
self.assertEqual(read_ipv4_sysctl_attr('dummy98', 'proxy_arp'), '1')
self.assertEqual(read_ipv4_sysctl_attr('dummy98', 'accept_local'), '1')
def test_sysctl_disable_ipv6(self):
copy_unit_to_networkd_unit_path('25-sysctl-disable-ipv6.network', '12-dummy.netdev')