#include <limits.h>
#include <arpa/inet.h>
-#include <netinet/ether.h>
#include <netinet/in.h>
+#include <netinet/ether.h>
#include <linux/rtnetlink.h>
#include <linux/neighbour.h>
system_set_dev_sysctl("/proc/sys/net/ipv6/conf/%s/disable_ipv6", dev->ifname, val);
}
+static void system_set_ip6segmentrouting(struct device *dev, const char *val)
+{
+ system_set_dev_sysctl("/proc/sys/net/ipv6/conf/%s/seg6_enabled", dev->ifname, val);
+}
+
static void system_set_rpfilter(struct device *dev, const char *val)
{
system_set_dev_sysctl("/proc/sys/net/ipv4/conf/%s/rp_filter", dev->ifname, val);
system_set_dev_sysctl("/proc/sys/net/ipv6/conf/%s/dad_transmits", dev->ifname, val);
}
+static void system_set_sendredirects(struct device *dev, const char *val)
+{
+ system_set_dev_sysctl("/proc/sys/net/ipv4/conf/%s/send_redirects", dev->ifname, val);
+}
+
+static void system_set_drop_v4_unicast_in_l2_multicast(struct device *dev, const char *val)
+{
+ system_set_dev_sysctl("/proc/sys/net/ipv4/conf/%s/drop_unicast_in_l2_multicast", dev->ifname, val);
+}
+
+static void system_set_drop_v6_unicast_in_l2_multicast(struct device *dev, const char *val)
+{
+ system_set_dev_sysctl("/proc/sys/net/ipv6/conf/%s/drop_unicast_in_l2_multicast", dev->ifname, val);
+}
+
+static void system_set_drop_gratuitous_arp(struct device *dev, const char *val)
+{
+ system_set_dev_sysctl("/proc/sys/net/ipv4/conf/%s/drop_gratuitous_arp", dev->ifname, val);
+}
+
+static void system_set_drop_unsolicited_na(struct device *dev, const char *val)
+{
+ system_set_dev_sysctl("/proc/sys/net/ipv6/conf/%s/drop_unsolicited_na", dev->ifname, val);
+}
+
+static void system_set_arp_accept(struct device *dev, const char *val)
+{
+ system_set_dev_sysctl("/proc/sys/net/ipv4/conf/%s/arp_accept", dev->ifname, val);
+}
+
static void system_bridge_set_multicast_to_unicast(struct device *dev, const char *val)
{
system_set_dev_sysctl("/sys/class/net/%s/brport/multicast_to_unicast", dev->ifname, val);
system_set_dev_sysctl("/sys/class/net/%s/brport/unicast_flood", dev->ifname, val);
}
-static void system_set_sendredirects(struct device *dev, const char *val)
-{
- system_set_dev_sysctl("/proc/sys/net/ipv4/conf/%s/send_redirects", dev->ifname, val);
-}
-
static void system_bridge_set_vlan_filtering(struct device *dev, const char *val)
{
system_set_dev_sysctl("/sys/devices/virtual/net/%s/bridge/vlan_filtering", dev->ifname, val);
dev->ifname, buf, buf_sz);
}
+static int system_get_ip6segmentrouting(struct device *dev, char *buf, const size_t buf_sz)
+{
+ return system_get_dev_sysctl("/proc/sys/net/ipv6/conf/%s/seg6_enabled",
+ dev->ifname, buf, buf_sz);
+}
+
static int system_get_rpfilter(struct device *dev, char *buf, const size_t buf_sz)
{
return system_get_dev_sysctl("/proc/sys/net/ipv4/conf/%s/rp_filter",
dev->ifname, buf, buf_sz);
}
+
+static int system_get_drop_v4_unicast_in_l2_multicast(struct device *dev, char *buf, const size_t buf_sz)
+{
+ return system_get_dev_sysctl("/proc/sys/net/ipv4/conf/%s/drop_unicast_in_l2_multicast",
+ dev->ifname, buf, buf_sz);
+}
+
+static int system_get_drop_v6_unicast_in_l2_multicast(struct device *dev, char *buf, const size_t buf_sz)
+{
+ return system_get_dev_sysctl("/proc/sys/net/ipv6/conf/%s/drop_unicast_in_l2_multicast",
+ dev->ifname, buf, buf_sz);
+}
+
+static int system_get_drop_gratuitous_arp(struct device *dev, char *buf, const size_t buf_sz)
+{
+ return system_get_dev_sysctl("/proc/sys/net/ipv4/conf/%s/drop_gratuitous_arp",
+ dev->ifname, buf, buf_sz);
+}
+
+static int system_get_drop_unsolicited_na(struct device *dev, char *buf, const size_t buf_sz)
+{
+ return system_get_dev_sysctl("/proc/sys/net/ipv6/conf/%s/drop_unsolicited_na",
+ dev->ifname, buf, buf_sz);
+}
+
+static int system_get_arp_accept(struct device *dev, char *buf, const size_t buf_sz)
+{
+ return system_get_dev_sysctl("/proc/sys/net/ipv4/conf/%s/arp_accept",
+ dev->ifname, buf, buf_sz);
+}
+
/* Evaluate netlink messages */
static int cb_rtnl_event(struct nl_msg *msg, void *arg)
{
s->flags |= DEV_OPT_IPV6;
}
+ if (!system_get_ip6segmentrouting(dev, buf, sizeof(buf))) {
+ s->ip6segmentrouting = strtoul(buf, NULL, 0);
+ s->flags |= DEV_OPT_IP6SEGMENTROUTING;
+ }
+
if (ioctl(sock_ioctl, SIOCGIFFLAGS, &ifr) == 0) {
s->promisc = ifr.ifr_flags & IFF_PROMISC;
s->flags |= DEV_OPT_PROMISC;
s->sendredirects = strtoul(buf, NULL, 0);
s->flags |= DEV_OPT_SENDREDIRECTS;
}
+
+ if (!system_get_drop_v4_unicast_in_l2_multicast(dev, buf, sizeof(buf))) {
+ s->drop_v4_unicast_in_l2_multicast = strtoul(buf, NULL, 0);
+ s->flags |= DEV_OPT_DROP_V4_UNICAST_IN_L2_MULTICAST;
+ }
+
+ if (!system_get_drop_v6_unicast_in_l2_multicast(dev, buf, sizeof(buf))) {
+ s->drop_v6_unicast_in_l2_multicast = strtoul(buf, NULL, 0);
+ s->flags |= DEV_OPT_DROP_V6_UNICAST_IN_L2_MULTICAST;
+ }
+
+ if (!system_get_drop_gratuitous_arp(dev, buf, sizeof(buf))) {
+ s->drop_gratuitous_arp = strtoul(buf, NULL, 0);
+ s->flags |= DEV_OPT_DROP_GRATUITOUS_ARP;
+ }
+
+ if (!system_get_drop_unsolicited_na(dev, buf, sizeof(buf))) {
+ s->drop_unsolicited_na = strtoul(buf, NULL, 0);
+ s->flags |= DEV_OPT_DROP_UNSOLICITED_NA;
+ }
+
+ if (!system_get_arp_accept(dev, buf, sizeof(buf))) {
+ s->arp_accept = strtoul(buf, NULL, 0);
+ s->flags |= DEV_OPT_ARP_ACCEPT;
+ }
}
void
struct ifreq ifr;
char buf[12];
+ apply_mask &= s->flags;
+
memset(&ifr, 0, sizeof(ifr));
strncpy(ifr.ifr_name, dev->ifname, sizeof(ifr.ifr_name) - 1);
- if (s->flags & DEV_OPT_MTU & apply_mask) {
+ if (apply_mask & DEV_OPT_MTU) {
ifr.ifr_mtu = s->mtu;
if (ioctl(sock_ioctl, SIOCSIFMTU, &ifr) < 0)
s->flags &= ~DEV_OPT_MTU;
}
- if (s->flags & DEV_OPT_MTU6 & apply_mask) {
+ if (apply_mask & DEV_OPT_MTU6) {
system_update_ipv6_mtu(dev, s->mtu6);
}
- if (s->flags & DEV_OPT_TXQUEUELEN & apply_mask) {
+ if (apply_mask & DEV_OPT_TXQUEUELEN) {
ifr.ifr_qlen = s->txqueuelen;
if (ioctl(sock_ioctl, SIOCSIFTXQLEN, &ifr) < 0)
s->flags &= ~DEV_OPT_TXQUEUELEN;
}
- if ((s->flags & DEV_OPT_MACADDR & apply_mask) && !dev->external) {
+ if ((apply_mask & (DEV_OPT_MACADDR | DEV_OPT_DEFAULT_MACADDR)) && !dev->external) {
ifr.ifr_hwaddr.sa_family = ARPHRD_ETHER;
memcpy(&ifr.ifr_hwaddr.sa_data, s->macaddr, sizeof(s->macaddr));
if (ioctl(sock_ioctl, SIOCSIFHWADDR, &ifr) < 0)
s->flags &= ~DEV_OPT_MACADDR;
}
- if (s->flags & DEV_OPT_IPV6 & apply_mask)
+ if (apply_mask & DEV_OPT_IPV6)
system_set_disable_ipv6(dev, s->ipv6 ? "0" : "1");
- if (s->flags & DEV_OPT_PROMISC & apply_mask) {
+ if (s->flags & DEV_OPT_IP6SEGMENTROUTING & apply_mask) {
+ struct device dummy = {
+ .ifname = "all",
+ };
+ bool ip6segmentrouting = device_check_ip6segmentrouting();
+
+ system_set_ip6segmentrouting(dev, s->ip6segmentrouting ? "1" : "0");
+ system_set_ip6segmentrouting(&dummy, ip6segmentrouting ? "1" : "0");
+ }
+ if (apply_mask & DEV_OPT_PROMISC) {
if (system_if_flags(dev->ifname, s->promisc ? IFF_PROMISC : 0,
!s->promisc ? IFF_PROMISC : 0) < 0)
s->flags &= ~DEV_OPT_PROMISC;
}
- if (s->flags & DEV_OPT_RPFILTER & apply_mask) {
+ if (apply_mask & DEV_OPT_RPFILTER) {
snprintf(buf, sizeof(buf), "%u", s->rpfilter);
system_set_rpfilter(dev, buf);
}
- if (s->flags & DEV_OPT_ACCEPTLOCAL & apply_mask)
+ if (apply_mask & DEV_OPT_ACCEPTLOCAL)
system_set_acceptlocal(dev, s->acceptlocal ? "1" : "0");
- if (s->flags & DEV_OPT_IGMPVERSION & apply_mask) {
+ if (apply_mask & DEV_OPT_IGMPVERSION) {
snprintf(buf, sizeof(buf), "%u", s->igmpversion);
system_set_igmpversion(dev, buf);
}
- if (s->flags & DEV_OPT_MLDVERSION & apply_mask) {
+ if (apply_mask & DEV_OPT_MLDVERSION) {
snprintf(buf, sizeof(buf), "%u", s->mldversion);
system_set_mldversion(dev, buf);
}
- if (s->flags & DEV_OPT_NEIGHREACHABLETIME & apply_mask) {
+ if (apply_mask & DEV_OPT_NEIGHREACHABLETIME) {
snprintf(buf, sizeof(buf), "%u", s->neigh4reachabletime);
system_set_neigh4reachabletime(dev, buf);
snprintf(buf, sizeof(buf), "%u", s->neigh6reachabletime);
system_set_neigh6reachabletime(dev, buf);
}
- if (s->flags & DEV_OPT_NEIGHLOCKTIME & apply_mask) {
+ if (apply_mask & DEV_OPT_NEIGHLOCKTIME) {
snprintf(buf, sizeof(buf), "%d", s->neigh4locktime);
system_set_neigh4locktime(dev, buf);
}
- if (s->flags & DEV_OPT_NEIGHGCSTALETIME & apply_mask) {
+ if (apply_mask & DEV_OPT_NEIGHGCSTALETIME) {
snprintf(buf, sizeof(buf), "%u", s->neigh4gcstaletime);
system_set_neigh4gcstaletime(dev, buf);
snprintf(buf, sizeof(buf), "%u", s->neigh6gcstaletime);
system_set_neigh6gcstaletime(dev, buf);
}
- if (s->flags & DEV_OPT_DADTRANSMITS & apply_mask) {
+ if (apply_mask & DEV_OPT_DADTRANSMITS) {
snprintf(buf, sizeof(buf), "%u", s->dadtransmits);
system_set_dadtransmits(dev, buf);
}
- if (s->flags & DEV_OPT_MULTICAST & apply_mask) {
+ if (apply_mask & DEV_OPT_MULTICAST) {
if (system_if_flags(dev->ifname, s->multicast ? IFF_MULTICAST : 0,
!s->multicast ? IFF_MULTICAST : 0) < 0)
s->flags &= ~DEV_OPT_MULTICAST;
}
- if (s->flags & DEV_OPT_SENDREDIRECTS & apply_mask)
+ if (apply_mask & DEV_OPT_SENDREDIRECTS)
system_set_sendredirects(dev, s->sendredirects ? "1" : "0");
+ if (apply_mask & DEV_OPT_DROP_V4_UNICAST_IN_L2_MULTICAST)
+ system_set_drop_v4_unicast_in_l2_multicast(dev, s->drop_v4_unicast_in_l2_multicast ? "1" : "0");
+ if (apply_mask & DEV_OPT_DROP_V6_UNICAST_IN_L2_MULTICAST)
+ system_set_drop_v6_unicast_in_l2_multicast(dev, s->drop_v6_unicast_in_l2_multicast ? "1" : "0");
+ if (apply_mask & DEV_OPT_DROP_GRATUITOUS_ARP)
+ system_set_drop_gratuitous_arp(dev, s->drop_gratuitous_arp ? "1" : "0");
+ if (apply_mask & DEV_OPT_DROP_UNSOLICITED_NA)
+ system_set_drop_unsolicited_na(dev, s->drop_unsolicited_na ? "1" : "0");
+ if (apply_mask & DEV_OPT_ARP_ACCEPT)
+ system_set_arp_accept(dev, s->arp_accept ? "1" : "0");
}
int system_if_up(struct device *dev)
{
- system_if_get_settings(dev, &dev->orig_settings);
- /* Only keep orig settings based on what needs to be set */
- dev->orig_settings.valid_flags = dev->orig_settings.flags;
- dev->orig_settings.flags &= dev->settings.flags;
- system_if_apply_settings(dev, &dev->settings, dev->settings.flags);
return system_if_flags(dev->ifname, IFF_UP, 0);
}
int system_if_down(struct device *dev)
{
- int ret = system_if_flags(dev->ifname, 0, IFF_UP);
- system_if_apply_settings(dev, &dev->orig_settings, dev->orig_settings.flags);
- return ret;
+ return system_if_flags(dev->ifname, 0, IFF_UP);
}
struct if_check_data {