From: Susant Sahani <ssahani@vmware.com>
Date: Thu, 18 Feb 2021 08:55:13 +0000 (+0100)
Subject: network: Add "route_localnet" sysctl support
X-Git-Tag: v248-rc1~64
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d75bf6cfe23b1cf05ede7c61e638e6d999e8cf85;p=thirdparty%2Fsystemd.git

network: Add "route_localnet" sysctl support
---

diff --git a/man/systemd.network.xml b/man/systemd.network.xml
index 1d9b8d4dd52..dbf074b8d92 100644
--- a/man/systemd.network.xml
+++ b/man/systemd.network.xml
@@ -809,6 +809,12 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
           the wire and have them accepted properly. When unset, the kernel's default will be used.
           </para></listitem>
         </varlistentry>
+        <varlistentry>
+          <term><varname>IPv4RouteLocalnet=</varname></term>
+          <listitem><para>Takes a boolean. When true, the kernel does not consider loopback addresses as martian source or destination
+          while routing. This enables the use of 127.0.0.0/8 for local routing purposes. When unset, the kernel's default will be used.
+          </para></listitem>
+        </varlistentry>
         <varlistentry>
           <term><varname>IPv4ProxyARP=</varname></term>
           <listitem><para>Takes a boolean. Configures proxy ARP for IPv4. Proxy ARP is the technique in which one host,
diff --git a/src/network/networkd-network-gperf.gperf b/src/network/networkd-network-gperf.gperf
index f7dd21b73d4..348c27d4e1b 100644
--- a/src/network/networkd-network-gperf.gperf
+++ b/src/network/networkd-network-gperf.gperf
@@ -120,6 +120,7 @@ Network.IPv6HopLimit,                        config_parse_int,
 Network.IPv6ProxyNDP,                        config_parse_tristate,                                    0,                             offsetof(Network, ipv6_proxy_ndp)
 Network.IPv6MTUBytes,                        config_parse_mtu,                                         AF_INET6,                      offsetof(Network, ipv6_mtu)
 Network.IPv4AcceptLocal,                     config_parse_tristate,                                    0,                             offsetof(Network, ipv4_accept_local)
+Network.IPv4RouteLocalnet,                   config_parse_tristate,                                    0,                             offsetof(Network, ipv4_route_localnet)
 Network.ActiveSlave,                         config_parse_bool,                                        0,                             offsetof(Network, active_slave)
 Network.PrimarySlave,                        config_parse_bool,                                        0,                             offsetof(Network, primary_slave)
 Network.IPv4ProxyARP,                        config_parse_tristate,                                    0,                             offsetof(Network, proxy_arp)
diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c
index eebbe19527b..352a57325a1 100644
--- a/src/network/networkd-network.c
+++ b/src/network/networkd-network.c
@@ -422,6 +422,7 @@ int network_load_one(Manager *manager, OrderedHashmap **networks, const char *fi
                 .ipv6ll_address_gen_mode = _IPV6_LINK_LOCAL_ADDRESS_GEN_MODE_INVALID,
 
                 .ipv4_accept_local = -1,
+                .ipv4_route_localnet = -1,
                 .ipv6_privacy_extensions = IPV6_PRIVACY_EXTENSIONS_NO,
                 .ipv6_accept_ra = -1,
                 .ipv6_dad_transmits = -1,
diff --git a/src/network/networkd-network.h b/src/network/networkd-network.h
index 4a3d126b7ba..fc3d5a8a7f9 100644
--- a/src/network/networkd-network.h
+++ b/src/network/networkd-network.h
@@ -253,6 +253,7 @@ struct Network {
         /* sysctl settings */
         AddressFamily ip_forward;
         int ipv4_accept_local;
+        int ipv4_route_localnet;
         int ipv6_dad_transmits;
         int ipv6_hop_limit;
         int proxy_arp;
diff --git a/src/network/networkd-sysctl.c b/src/network/networkd-sysctl.c
index 377fdac7223..11681286e01 100644
--- a/src/network/networkd-sysctl.c
+++ b/src/network/networkd-sysctl.c
@@ -173,6 +173,18 @@ static int link_set_ipv4_accept_local(Link *link) {
         return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "accept_local", link->network->ipv4_accept_local > 0);
 }
 
+static int link_set_ipv4_route_localnet(Link *link) {
+        assert(link);
+
+        if (link->flags & IFF_LOOPBACK)
+                return 0;
+
+        if (link->network->ipv4_route_localnet < 0)
+                return 0;
+
+        return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "route_localnet", link->network->ipv4_route_localnet > 0);
+}
+
 int link_set_sysctl(Link *link) {
         int r;
 
@@ -216,6 +228,10 @@ int link_set_sysctl(Link *link) {
         if (r < 0)
                 log_link_warning_errno(link, r, "Cannot set IPv4 accept_local flag for interface, ignoring: %m");
 
+        r = link_set_ipv4_route_localnet(link);
+        if (r < 0)
+                log_link_warning_errno(link, r, "Cannot set IPv4 route_localnet flag for interface, ignoring: %m");
+
         /* If promote_secondaries is not set, DHCP will work only as long as the IP address does not
          * changes between leases. The kernel will remove all secondary IP addresses of an interface
          * otherwise. The way systemd-networkd works is that the new IP of a lease is added as a
diff --git a/test/fuzz/fuzz-network-parser/directives.network b/test/fuzz/fuzz-network-parser/directives.network
index 6039e747958..c8fb0565a45 100644
--- a/test/fuzz/fuzz-network-parser/directives.network
+++ b/test/fuzz/fuzz-network-parser/directives.network
@@ -178,6 +178,7 @@ IPv6ProxyNDPAddress=
 IPv6AcceptRA=
 IPv6AcceptRouterAdvertisements=
 IPv4AcceptLocal=
+IPv4RouteLocalnet=
 DNSSECNegativeTrustAnchors=
 MACVTAP=
 IPv6PrivacyExtensions=