From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 11 Apr 2021 12:33:51 +0000 (+0900)
Subject: network: introduce ManageForeignRoutingPolicyRules= boolean setting in networkd.conf
X-Git-Tag: v249-rc1~419^2~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d94dfe7053d49fa62c4bfc07b7f3fc2227c10aff;p=thirdparty%2Fsystemd.git

network: introduce ManageForeignRoutingPolicyRules= boolean setting in networkd.conf

The commit 0b81225e5791f660506f7db0ab88078cf296b771 makes that networkd
remove all foreign rules except those with "proto kernel".

But, in some situation, people may want to manage routing policy rules
with other tools, e.g. 'ip' command. To support such the situation,
this introduce ManageForeignRoutingPolicyRules= boolean setting.

Closes #19106.
---

diff --git a/man/networkd.conf.xml b/man/networkd.conf.xml
index dcce2095edd..23422c6c945 100644
--- a/man/networkd.conf.xml
+++ b/man/networkd.conf.xml
@@ -62,6 +62,15 @@
         If <varname>SpeedMeter=no</varname>, the value is ignored. Defaults to 10sec.</para></listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term><varname>ManageForeignRoutingPolicyRules=</varname></term>
+        <listitem><para>A boolean. When true, <command>systemd-networkd</command> will remove rules
+        that are not configured in .network files (except for rules with protocol
+        <literal>kernel</literal>). When false, it will not remove any foreign rules, keeping them even
+        if they are not configured in a .network file. Defaults to yes.
+        </para></listitem>
+      </varlistentry>
+
       <varlistentry>
         <term><varname>ManageForeignRoutes=</varname></term>
         <listitem><para>A boolean. When true, <command>systemd-networkd</command> will store any routes
diff --git a/src/network/networkd-gperf.gperf b/src/network/networkd-gperf.gperf
index b2a2f55790f..74d509896a3 100644
--- a/src/network/networkd-gperf.gperf
+++ b/src/network/networkd-gperf.gperf
@@ -20,9 +20,10 @@ struct ConfigPerfItem;
 %struct-type
 %includes
 %%
-Network.SpeedMeter,            config_parse_bool,                      0,          offsetof(Manager, use_speed_meter)
-Network.SpeedMeterIntervalSec, config_parse_sec,                       0,          offsetof(Manager, speed_meter_interval_usec)
-Network.ManageForeignRoutes,   config_parse_bool,                      0,          offsetof(Manager, manage_foreign_routes)
-Network.RouteTable,            config_parse_route_table_names,         0,          0
-DHCP.DUIDType,                 config_parse_duid_type,                 0,          offsetof(Manager, duid)
-DHCP.DUIDRawData,              config_parse_duid_rawdata,              0,          offsetof(Manager, duid)
+Network.SpeedMeter,                      config_parse_bool,                      0,          offsetof(Manager, use_speed_meter)
+Network.SpeedMeterIntervalSec,           config_parse_sec,                       0,          offsetof(Manager, speed_meter_interval_usec)
+Network.ManageForeignRoutingPolicyRules, config_parse_bool,                      0,          offsetof(Manager, manage_foreign_rules)
+Network.ManageForeignRoutes,             config_parse_bool,                      0,          offsetof(Manager, manage_foreign_routes)
+Network.RouteTable,                      config_parse_route_table_names,         0,          0
+DHCP.DUIDType,                           config_parse_duid_type,                 0,          offsetof(Manager, duid)
+DHCP.DUIDRawData,                        config_parse_duid_rawdata,              0,          offsetof(Manager, duid)
diff --git a/src/network/networkd-manager.c b/src/network/networkd-manager.c
index a8db2cc44bb..20957ecd894 100644
--- a/src/network/networkd-manager.c
+++ b/src/network/networkd-manager.c
@@ -380,6 +380,7 @@ int manager_new(Manager **ret) {
         *m = (Manager) {
                 .speed_meter_interval_usec = SPEED_METER_DEFAULT_TIME_INTERVAL,
                 .manage_foreign_routes = true,
+                .manage_foreign_rules = true,
                 .ethtool_fd = -1,
         };
 
@@ -655,6 +656,9 @@ static int manager_enumerate_rules(Manager *m) {
         assert(m);
         assert(m->rtnl);
 
+        if (!m->manage_foreign_rules)
+                return 0;
+
         r = sd_rtnl_message_new_routing_policy_rule(m->rtnl, &req, RTM_GETRULE, 0);
         if (r < 0)
                 return r;
diff --git a/src/network/networkd-manager.h b/src/network/networkd-manager.h
index 7f630fccc7f..0fae7a5c2ef 100644
--- a/src/network/networkd-manager.h
+++ b/src/network/networkd-manager.h
@@ -32,6 +32,7 @@ struct Manager {
         bool dirty;
         bool restarting;
         bool manage_foreign_routes;
+        bool manage_foreign_rules;
 
         Set *dirty_links;
 
diff --git a/src/network/networkd-routing-policy-rule.c b/src/network/networkd-routing-policy-rule.c
index a7fddfd58fc..03bdd4e640f 100644
--- a/src/network/networkd-routing-policy-rule.c
+++ b/src/network/networkd-routing-policy-rule.c
@@ -977,6 +977,8 @@ int manager_rtnl_process_rule(sd_netlink *rtnl, sd_netlink_message *message, Man
         case RTM_NEWRULE:
                 if (rule)
                         log_routing_policy_rule_debug(tmp, tmp->family, "Received remembered", NULL, m);
+                else if (!m->manage_foreign_routes)
+                        log_routing_policy_rule_debug(tmp, tmp->family, "Ignoring received foreign", NULL, m);
                 else {
                         log_routing_policy_rule_debug(tmp, tmp->family, "Remembering foreign", NULL, m);
                         r = routing_policy_rule_consume_foreign(m, TAKE_PTR(tmp));
diff --git a/src/network/networkd.conf b/src/network/networkd.conf
index 0eac3273146..4e4e8b8d070 100644
--- a/src/network/networkd.conf
+++ b/src/network/networkd.conf
@@ -15,6 +15,7 @@
 [Network]
 #SpeedMeter=no
 #SpeedMeterIntervalSec=10sec
+#ManageForeignRoutingPolicyRules=yes
 #ManageForeignRoutes=yes
 #RouteTable=