From: Tom Yan Date: Mon, 16 Aug 2021 10:00:42 +0000 (+0800) Subject: network: allow users to forbid passthru MACVLAN from putting its link into promiscuou... X-Git-Tag: v250-rc1~828 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=17a6a4ae2e7104a1105a0cef0ba049799f3ef6bc;p=thirdparty%2Fsystemd.git network: allow users to forbid passthru MACVLAN from putting its link into promiscuous mode While we haven't implemented a key for users to set MACVLAN/MACVTAP flags, we can at least allow them to make use of the Promiscuous= key of the corresponding link to set the nopromisc flag. --- diff --git a/src/network/netdev/macvlan.c b/src/network/netdev/macvlan.c index 46b08261482..9d037c2f368 100644 --- a/src/network/netdev/macvlan.c +++ b/src/network/netdev/macvlan.c @@ -5,6 +5,7 @@ #include "conf-parser.h" #include "macvlan.h" #include "macvlan-util.h" +#include "networkd-network.h" #include "parse-util.h" DEFINE_CONFIG_PARSE_ENUM(config_parse_macvlan_mode, macvlan_mode, MacVlanMode, "Failed to parse macvlan mode"); @@ -16,6 +17,7 @@ static int netdev_macvlan_fill_message_create(NetDev *netdev, Link *link, sd_net assert(netdev); assert(link); assert(netdev->ifname); + assert(link->network); if (netdev->kind == NETDEV_KIND_MACVLAN) m = MACVLAN(netdev); @@ -52,6 +54,13 @@ static int netdev_macvlan_fill_message_create(NetDev *netdev, Link *link, sd_net return log_netdev_error_errno(netdev, r, "Could not append IFLA_MACVLAN_MODE attribute: %m"); } + /* set the nopromisc flag if Promiscuous= of the link is explicitly set to false */ + if (m->mode == NETDEV_MACVLAN_MODE_PASSTHRU && link->network->promiscuous == 0) { + r = sd_netlink_message_append_u16(req, IFLA_MACVLAN_FLAGS, MACVLAN_FLAG_NOPROMISC); + if (r < 0) + return log_netdev_error_errno(netdev, r, "Could not append IFLA_MACVLAN_FLAGS attribute: %m"); + } + if (m->bc_queue_length != UINT32_MAX) { r = sd_netlink_message_append_u32(req, IFLA_MACVLAN_BC_QUEUE_LEN, m->bc_queue_length); if (r < 0)