network: Add "route_localnet" sysctl support

2025-02-24 17:57:34 +03:00 · 2021-02-18 09:55:13 +01:00 · 2021-02-18 09:55:13 +01:00 · d75bf6cfe2
commit d75bf6cfe2
parent d97a35e228
6 changed files with 26 additions and 0 deletions
--- a/man/systemd.network.xml
+++ b/man/systemd.network.xml
@ -809,6 +809,12 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
          the wire and have them accepted properly. When unset, the kernel's default will be used.
          </para></listitem>
        </varlistentry>
+        <varlistentry>
+          <term><varname>IPv4RouteLocalnet=</varname></term>
+          <listitem><para>Takes a boolean. When true, the kernel does not consider loopback addresses as martian source or destination
+          while routing. This enables the use of 127.0.0.0/8 for local routing purposes. When unset, the kernel's default will be used.
+          </para></listitem>
+        </varlistentry>
        <varlistentry>
          <term><varname>IPv4ProxyARP=</varname></term>
          <listitem><para>Takes a boolean. Configures proxy ARP for IPv4. Proxy ARP is the technique in which one host,
--- a/src/network/networkd-network-gperf.gperf
+++ b/src/network/networkd-network-gperf.gperf
@ -120,6 +120,7 @@ Network.IPv6HopLimit,                        config_parse_int,
 Network.IPv6ProxyNDP,                        config_parse_tristate,                                    0,                             offsetof(Network, ipv6_proxy_ndp)
 Network.IPv6MTUBytes,                        config_parse_mtu,                                         AF_INET6,                      offsetof(Network, ipv6_mtu)
 Network.IPv4AcceptLocal,                     config_parse_tristate,                                    0,                             offsetof(Network, ipv4_accept_local)
+Network.IPv4RouteLocalnet,                   config_parse_tristate,                                    0,                             offsetof(Network, ipv4_route_localnet)
 Network.ActiveSlave,                         config_parse_bool,                                        0,                             offsetof(Network, active_slave)
 Network.PrimarySlave,                        config_parse_bool,                                        0,                             offsetof(Network, primary_slave)
 Network.IPv4ProxyARP,                        config_parse_tristate,                                    0,                             offsetof(Network, proxy_arp)
--- a/src/network/networkd-network.c
+++ b/src/network/networkd-network.c
@ -422,6 +422,7 @@ int network_load_one(Manager *manager, OrderedHashmap **networks, const char *fi
                .ipv6ll_address_gen_mode = _IPV6_LINK_LOCAL_ADDRESS_GEN_MODE_INVALID,

                .ipv4_accept_local = -1,
+                .ipv4_route_localnet = -1,
                .ipv6_privacy_extensions = IPV6_PRIVACY_EXTENSIONS_NO,
                .ipv6_accept_ra = -1,
                .ipv6_dad_transmits = -1,
--- a/src/network/networkd-network.h
+++ b/src/network/networkd-network.h
@ -253,6 +253,7 @@ struct Network {
        /* sysctl settings */
        AddressFamily ip_forward;
        int ipv4_accept_local;
+        int ipv4_route_localnet;
        int ipv6_dad_transmits;
        int ipv6_hop_limit;
        int proxy_arp;
--- a/src/network/networkd-sysctl.c
+++ b/src/network/networkd-sysctl.c
@ -173,6 +173,18 @@ static int link_set_ipv4_accept_local(Link *link) {
        return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "accept_local", link->network->ipv4_accept_local > 0);
 }

+static int link_set_ipv4_route_localnet(Link *link) {
+        assert(link);
+
+        if (link->flags & IFF_LOOPBACK)
+                return 0;
+
+        if (link->network->ipv4_route_localnet < 0)
+                return 0;
+
+        return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "route_localnet", link->network->ipv4_route_localnet > 0);
+}
+
 int link_set_sysctl(Link *link) {
        int r;

@ -216,6 +228,10 @@ int link_set_sysctl(Link *link) {
        if (r < 0)
                log_link_warning_errno(link, r, "Cannot set IPv4 accept_local flag for interface, ignoring: %m");

+        r = link_set_ipv4_route_localnet(link);
+        if (r < 0)
+                log_link_warning_errno(link, r, "Cannot set IPv4 route_localnet flag for interface, ignoring: %m");
+
        /* If promote_secondaries is not set, DHCP will work only as long as the IP address does not
         * changes between leases. The kernel will remove all secondary IP addresses of an interface
         * otherwise. The way systemd-networkd works is that the new IP of a lease is added as a
--- a/test/fuzz/fuzz-network-parser/directives.network
+++ b/test/fuzz/fuzz-network-parser/directives.network
@ -178,6 +178,7 @@ IPv6ProxyNDPAddress=
 IPv6AcceptRA=
 IPv6AcceptRouterAdvertisements=
 IPv4AcceptLocal=
+IPv4RouteLocalnet=
 DNSSECNegativeTrustAnchors=
 MACVTAP=
 IPv6PrivacyExtensions=