</varlistentry>
<varlistentry>
<term><varname>IPMasquerade=</varname></term>
- <listitem><para>Configures IP masquerading for the network
- interface. If enabled, packets forwarded from the network
- interface will be appear as coming from the local host.
- Takes one of <literal>ipv4</literal>, <literal>ipv6</literal>,
- <literal>both</literal>, <literal>no</literal>.
- The setting <literal>yes</literal> is the same as <literal>ipv4</literal> and not as
- <literal>both</literal>!
- Defaults to <literal>no</literal>.
- If enabled, this automatically sets <varname>IPForward</varname> to one of
- <literal>ipv4</literal>, <literal>ipv6</literal> or <literal>both</literal>.
- </para></listitem>
+ <listitem><para>Configures IP masquerading for the network interface. If enabled, packets
+ forwarded from the network interface will be appear as coming from the local host. Takes one
+ of <literal>ipv4</literal>, <literal>ipv6</literal>, <literal>both</literal>, or
+ <literal>no</literal>. Defaults to <literal>no</literal>. If enabled, this automatically sets
+ <varname>IPForward=</varname> to one of <literal>ipv4</literal>, <literal>ipv6</literal> or
+ <literal>yes</literal>.</para>
+ <para>Note. Any positive boolean values such as <literal>yes</literal> or
+ <literal>true</literal> are now deprecated. Please use one of the values in the above.</para>
+ </listitem>
</varlistentry>
<varlistentry>
<term><varname>IPv6PrivacyExtensions=</varname></term>
})
static inline void freep(void *p) {
- free(*(void**) p);
+ *(void**)p = mfree(*(void**) p);
}
#define _cleanup_free_ _cleanup_(freep)
if (address->scope >= RT_SCOPE_LINK)
return 0;
- if (address->family == AF_INET &&
- address->ip_masquerade_done == add)
- return 0;
-
- if (address->family == AF_INET6 &&
- address->ipv6_masquerade_done == add)
+ if (address->ip_masquerade_done == add)
return 0;
masked = address->in_addr;
if (r < 0)
return r;
- if (address->family == AF_INET)
- address->ip_masquerade_done = add;
- else if (address->family == AF_INET6)
- address->ipv6_masquerade_done = add;
+ address->ip_masquerade_done = add;
return 0;
}
bool scope_set:1;
bool ip_masquerade_done:1;
- bool ipv6_masquerade_done:1;
AddressFamily duplicate_address_detection;
/* Called when address become ready */
Network.DNSSECNegativeTrustAnchors, config_parse_dnssec_negative_trust_anchors, 0, 0
Network.NTP, config_parse_ntp, 0, offsetof(Network, ntp)
Network.IPForward, config_parse_address_family_with_kernel, 0, offsetof(Network, ip_forward)
-Network.IPMasquerade, config_parse_address_family_compat, 0, offsetof(Network, ip_masquerade)
+Network.IPMasquerade, config_parse_ip_masquerade, 0, offsetof(Network, ip_masquerade)
Network.IPv6PrivacyExtensions, config_parse_ipv6_privacy_extensions, 0, offsetof(Network, ipv6_privacy_extensions)
Network.IPv6AcceptRA, config_parse_tristate, 0, offsetof(Network, ipv6_accept_ra)
Network.IPv6AcceptRouterAdvertisements, config_parse_tristate, 0, offsetof(Network, ipv6_accept_ra)
[ADDRESS_FAMILY_IPV6] = "v6",
};
+static const char* const ip_masquerade_address_family_table[_ADDRESS_FAMILY_MAX] = {
+ [ADDRESS_FAMILY_NO] = "no",
+ [ADDRESS_FAMILY_YES] = "both",
+ [ADDRESS_FAMILY_IPV4] = "ipv4",
+ [ADDRESS_FAMILY_IPV6] = "ipv6",
+};
+
static const char* const dhcp_lease_server_type_table[_SD_DHCP_LEASE_SERVER_TYPE_MAX] = {
[SD_DHCP_LEASE_DNS] = "DNS servers",
[SD_DHCP_LEASE_NTP] = "NTP servers",
DEFINE_CONFIG_PARSE_ENUM(config_parse_link_local_address_family, link_local_address_family,
AddressFamily, "Failed to parse option");
DEFINE_STRING_TABLE_LOOKUP_FROM_STRING(dhcp_deprecated_address_family, AddressFamily);
+DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING(ip_masquerade_address_family, AddressFamily);
DEFINE_STRING_TABLE_LOOKUP(dhcp_lease_server_type, sd_dhcp_lease_server_type_t);
-static AddressFamily address_family_compat_from_string(const char *s) {
- if (streq_ptr(s, "yes")) /* compat name */
- return ADDRESS_FAMILY_IPV4;
- if (streq_ptr(s, "both"))
- return ADDRESS_FAMILY_YES;
- return address_family_from_string(s);
-}
-DEFINE_CONFIG_PARSE_ENUM(config_parse_address_family_compat, address_family_compat,
- AddressFamily, "Failed to parse option");
-
int config_parse_address_family_with_kernel(
const char* unit,
const char *filename,
return 0;
}
+int config_parse_ip_masquerade(
+ const char *unit,
+ const char *filename,
+ unsigned line,
+ const char *section,
+ unsigned section_line,
+ const char *lvalue,
+ int ltype,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ AddressFamily a, *ret = data;
+ int r;
+
+ if (isempty(rvalue)) {
+ *ret = ADDRESS_FAMILY_NO;
+ return 0;
+ }
+
+ r = parse_boolean(rvalue);
+ if (r >= 0) {
+ if (r)
+ log_syntax(unit, LOG_WARNING, filename, line, 0,
+ "IPMasquerade=%s is deprecated, and it is handled as \"ipv4\" instead of \"both\". "
+ "Please use \"ipv4\" or \"both\".",
+ rvalue);
+
+ *ret = r ? ADDRESS_FAMILY_IPV4 : ADDRESS_FAMILY_NO;
+ return 0;
+ }
+
+ a = ip_masquerade_address_family_from_string(rvalue);
+ if (a < 0) {
+ log_syntax(unit, LOG_WARNING, filename, line, a,
+ "Failed to parse IPMasquerade= setting, ignoring assignment: %s", rvalue);
+ return 0;
+ }
+
+ *ret = a;
+ return 0;
+}
+
/* Router lifetime can be set with netlink interface since kernel >= 4.5
* so for the supported kernel we don't need to expire routes in userspace */
int kernel_route_expiration_supported(void) {
CONFIG_PARSER_PROTOTYPE(config_parse_link_local_address_family);
CONFIG_PARSER_PROTOTYPE(config_parse_address_family_with_kernel);
-CONFIG_PARSER_PROTOTYPE(config_parse_address_family_compat);
+CONFIG_PARSER_PROTOTYPE(config_parse_ip_masquerade);
const char *address_family_to_string(AddressFamily b) _const_;
AddressFamily address_family_from_string(const char *s) _pure_;
return r;
}
- /* Remember this RR, so that we potentically can merge it's ->key object with the
+ /* Remember this RR, so that we can potentially merge its ->key object with the
* next RR. Note that we only do this if we actually decided to keep the RR around.
*/
dns_resource_record_unref(previous);