network: introduce ManageForeignRoutingPolicyRules= boolean setting in networkd.conf

The commit 0b81225e5791f660506f7db0ab88078cf296b771 makes that networkd
remove all foreign rules except those with "proto kernel".

But, in some situation, people may want to manage routing policy rules
with other tools, e.g. 'ip' command. To support such the situation,
this introduce ManageForeignRoutingPolicyRules= boolean setting.

Closes #19106.

diff --git a/man/networkd.conf.xml b/man/networkd.conf.xml
index dcce2095edd2fb5e377852b263bdba84c7c02567..23422c6c9455ee07d58421871c44953432250ac0 100644 (file)
--- a/man/networkd.conf.xml
+++ b/man/networkd.conf.xml
@@ -62,6 +62,15 @@
         If <varname>SpeedMeter=no</varname>, the value is ignored. Defaults to 10sec.</para></listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term><varname>ManageForeignRoutingPolicyRules=</varname></term>
+        <listitem><para>A boolean. When true, <command>systemd-networkd</command> will remove rules
+        that are not configured in .network files (except for rules with protocol
+        <literal>kernel</literal>). When false, it will not remove any foreign rules, keeping them even
+        if they are not configured in a .network file. Defaults to yes.
+        </para></listitem>
+      </varlistentry>
+
       <varlistentry>
         <term><varname>ManageForeignRoutes=</varname></term>
         <listitem><para>A boolean. When true, <command>systemd-networkd</command> will store any routes

diff --git a/src/network/networkd-gperf.gperf b/src/network/networkd-gperf.gperf
index b2a2f55790f53ad3f1c05c1066050ca4317b4412..74d509896a3d87120aa7f73f44941da93ad3f25f 100644 (file)
--- a/src/network/networkd-gperf.gperf
+++ b/src/network/networkd-gperf.gperf
@@ -20,9 +20,10 @@ struct ConfigPerfItem;
 %struct-type
 %includes
 %%
-Network.SpeedMeter,            config_parse_bool,                      0,          offsetof(Manager, use_speed_meter)
-Network.SpeedMeterIntervalSec, config_parse_sec,                       0,          offsetof(Manager, speed_meter_interval_usec)
-Network.ManageForeignRoutes,   config_parse_bool,                      0,          offsetof(Manager, manage_foreign_routes)
-Network.RouteTable,            config_parse_route_table_names,         0,          0
-DHCP.DUIDType,                 config_parse_duid_type,                 0,          offsetof(Manager, duid)
-DHCP.DUIDRawData,              config_parse_duid_rawdata,              0,          offsetof(Manager, duid)
+Network.SpeedMeter,                      config_parse_bool,                      0,          offsetof(Manager, use_speed_meter)
+Network.SpeedMeterIntervalSec,           config_parse_sec,                       0,          offsetof(Manager, speed_meter_interval_usec)
+Network.ManageForeignRoutingPolicyRules, config_parse_bool,                      0,          offsetof(Manager, manage_foreign_rules)
+Network.ManageForeignRoutes,             config_parse_bool,                      0,          offsetof(Manager, manage_foreign_routes)
+Network.RouteTable,                      config_parse_route_table_names,         0,          0
+DHCP.DUIDType,                           config_parse_duid_type,                 0,          offsetof(Manager, duid)
+DHCP.DUIDRawData,                        config_parse_duid_rawdata,              0,          offsetof(Manager, duid)

diff --git a/src/network/networkd-manager.c b/src/network/networkd-manager.c
index a8db2cc44bb437458cab93c52670b39d1891c6ac..20957ecd894c9e8f24dc4e97cb53e14eaf8a044f 100644 (file)
--- a/src/network/networkd-manager.c
+++ b/src/network/networkd-manager.c
@@ -380,6 +380,7 @@ int manager_new(Manager **ret) {
         *m = (Manager) {
                 .speed_meter_interval_usec = SPEED_METER_DEFAULT_TIME_INTERVAL,
                 .manage_foreign_routes = true,
+                .manage_foreign_rules = true,
                 .ethtool_fd = -1,
         };
 
@@ -655,6 +656,9 @@ static int manager_enumerate_rules(Manager *m) {
         assert(m);
         assert(m->rtnl);
 
+        if (!m->manage_foreign_rules)
+                return 0;
+
         r = sd_rtnl_message_new_routing_policy_rule(m->rtnl, &req, RTM_GETRULE, 0);
         if (r < 0)
                 return r;

diff --git a/src/network/networkd-manager.h b/src/network/networkd-manager.h
index 7f630fccc7fbdad51544dd1d248f099dd345234f..0fae7a5c2ef8195ed58e7fafc8da29d6fa75f877 100644 (file)
--- a/src/network/networkd-manager.h
+++ b/src/network/networkd-manager.h
@@ -32,6 +32,7 @@ struct Manager {
         bool dirty;
         bool restarting;
         bool manage_foreign_routes;
+        bool manage_foreign_rules;
 
         Set *dirty_links;
 

diff --git a/src/network/networkd-routing-policy-rule.c b/src/network/networkd-routing-policy-rule.c
index a7fddfd58fc9246371f5c0846e734feb36495585..03bdd4e640fd02a72b0bab8dc0b80f2a7f872011 100644 (file)
--- a/src/network/networkd-routing-policy-rule.c
+++ b/src/network/networkd-routing-policy-rule.c
@@ -977,6 +977,8 @@ int manager_rtnl_process_rule(sd_netlink *rtnl, sd_netlink_message *message, Man
         case RTM_NEWRULE:
                 if (rule)
                         log_routing_policy_rule_debug(tmp, tmp->family, "Received remembered", NULL, m);
+                else if (!m->manage_foreign_routes)
+                        log_routing_policy_rule_debug(tmp, tmp->family, "Ignoring received foreign", NULL, m);
                 else {
                         log_routing_policy_rule_debug(tmp, tmp->family, "Remembering foreign", NULL, m);
                         r = routing_policy_rule_consume_foreign(m, TAKE_PTR(tmp));

diff --git a/src/network/networkd.conf b/src/network/networkd.conf
index 0eac32731460ef6eedfe93297c7512bcafc1568b..4e4e8b8d07049dbe8ea02bb0234092eb97721ea2 100644 (file)
--- a/src/network/networkd.conf
+++ b/src/network/networkd.conf
@@ -15,6 +15,7 @@
 [Network]
 #SpeedMeter=no
 #SpeedMeterIntervalSec=10sec
+#ManageForeignRoutingPolicyRules=yes
 #ManageForeignRoutes=yes
 #RouteTable=