summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--NEWS6
-rw-r--r--man/systemd.network.xml15
-rw-r--r--src/network/networkd-network-gperf.gperf1
-rw-r--r--src/network/networkd-network.c1
-rw-r--r--src/network/networkd-network.h1
-rw-r--r--src/network/networkd-sysctl.c16
-rw-r--r--test/fuzz/fuzz-network-parser/sysctl1
-rw-r--r--test/fuzz/fuzz-unit-file/directives-all.service1
-rw-r--r--test/test-network/conf/25-sysctl.network1
-rwxr-xr-xtest/test-network/systemd-networkd-tests.py1
10 files changed, 44 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index b1e7779b60..e9783cb1f8 100644
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,12 @@ CHANGES WITH 256 in spe:
section, then all assigned VLAN IDs on the interface that are not
configured in the .network file are removed.
+ Network Management:
+
+ * systemd-networkd's proxy support gained a new option to configure
+ a private VLAN variant of the proxy ARP supported by the kernel
+ under the name IPv4ProxyARPPrivateVLAN=.
+
CHANGES WITH 255:
Announcements of Future Feature Removals and Incompatible Changes:
diff --git a/man/systemd.network.xml b/man/systemd.network.xml
index 09aa8c4826..ea558c4b4e 100644
--- a/man/systemd.network.xml
+++ b/man/systemd.network.xml
@@ -929,6 +929,21 @@ Table=1234</programlisting></para>
</varlistentry>
<varlistentry>
+ <term><varname>IPv4ProxyARPPrivateVLAN=</varname></term>
+ <listitem>
+ <para>Takes a boolean. Configures proxy ARP private VLAN for IPv4, also known as VLAN aggregation,
+ private VLAN, source-port filtering, port-isolation, or MAC-forced forwarding.</para>
+
+ <para>This variant of the ARP proxy technique will allow the ARP proxy to reply back to the same
+ interface.</para>
+
+ <para>See <ulink url="https://tools.ietf.org/html/rfc3069">RFC 3069</ulink>. When unset,
+ the kernel's default will be used.</para>
+ <xi:include href="version-info.xml" xpointer="v256"/>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><varname>IPv6ProxyNDP=</varname></term>
<listitem>
<para>Takes a boolean. Configures proxy NDP for IPv6. Proxy NDP (Neighbor Discovery Protocol)
diff --git a/src/network/networkd-network-gperf.gperf b/src/network/networkd-network-gperf.gperf
index 24b0f24aec..c3f0e64160 100644
--- a/src/network/networkd-network-gperf.gperf
+++ b/src/network/networkd-network-gperf.gperf
@@ -138,6 +138,7 @@ Network.IPv4RouteLocalnet, config_parse_tristate,
Network.ActiveSlave, config_parse_bool, 0, offsetof(Network, active_slave)
Network.PrimarySlave, config_parse_bool, 0, offsetof(Network, primary_slave)
Network.IPv4ProxyARP, config_parse_tristate, 0, offsetof(Network, proxy_arp)
+Network.IPv4ProxyARPPrivateVLAN, config_parse_tristate, 0, offsetof(Network, proxy_arp_pvlan)
Network.ProxyARP, config_parse_tristate, 0, offsetof(Network, proxy_arp)
Network.IPv6ProxyNDPAddress, config_parse_ipv6_proxy_ndp_address, 0, 0
Network.IPv4ReversePathFilter, config_parse_ip_reverse_path_filter, 0, offsetof(Network, ipv4_rp_filter)
diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c
index dcfdfd1b52..a2b3580ced 100644
--- a/src/network/networkd-network.c
+++ b/src/network/networkd-network.c
@@ -473,6 +473,7 @@ int network_load_one(Manager *manager, OrderedHashmap **networks, const char *fi
.ipv6_dad_transmits = -1,
.ipv6_proxy_ndp = -1,
.proxy_arp = -1,
+ .proxy_arp_pvlan = -1,
.ipv4_rp_filter = _IP_REVERSE_PATH_FILTER_INVALID,
.ipv6_accept_ra = -1,
diff --git a/src/network/networkd-network.h b/src/network/networkd-network.h
index fc0065147a..1d7a7da798 100644
--- a/src/network/networkd-network.h
+++ b/src/network/networkd-network.h
@@ -325,6 +325,7 @@ struct Network {
int ipv6_dad_transmits;
uint8_t ipv6_hop_limit;
int proxy_arp;
+ int proxy_arp_pvlan;
uint32_t ipv6_mtu;
IPv6PrivacyExtensions ipv6_privacy_extensions;
IPReversePathFilter ipv4_rp_filter;
diff --git a/src/network/networkd-sysctl.c b/src/network/networkd-sysctl.c
index 2b226b2e2a..9d188c022e 100644
--- a/src/network/networkd-sysctl.c
+++ b/src/network/networkd-sysctl.c
@@ -58,6 +58,18 @@ static int link_set_proxy_arp(Link *link) {
return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "proxy_arp", link->network->proxy_arp > 0);
}
+static int link_set_proxy_arp_pvlan(Link *link) {
+ assert(link);
+
+ if (!link_is_configured_for_family(link, AF_INET))
+ return 0;
+
+ if (link->network->proxy_arp_pvlan < 0)
+ return 0;
+
+ return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "proxy_arp_pvlan", link->network->proxy_arp_pvlan > 0);
+}
+
static bool link_ip_forward_enabled(Link *link, int family) {
assert(link);
assert(IN_SET(family, AF_INET, AF_INET6));
@@ -257,6 +269,10 @@ int link_set_sysctl(Link *link) {
if (r < 0)
log_link_warning_errno(link, r, "Cannot configure proxy ARP for interface, ignoring: %m");
+ r = link_set_proxy_arp_pvlan(link);
+ if (r < 0)
+ log_link_warning_errno(link, r, "Cannot configure proxy ARP private VLAN for interface, ignoring: %m");
+
r = link_set_ipv4_forward(link);
if (r < 0)
log_link_warning_errno(link, r, "Cannot turn on IPv4 packet forwarding, ignoring: %m");
diff --git a/test/fuzz/fuzz-network-parser/sysctl b/test/fuzz/fuzz-network-parser/sysctl
index 2452fb7e85..01b45a2b5d 100644
--- a/test/fuzz/fuzz-network-parser/sysctl
+++ b/test/fuzz/fuzz-network-parser/sysctl
@@ -7,4 +7,5 @@ IPv6PrivacyExtensions=true
IPv6DuplicateAddressDetection=3
IPv6HopLimit=5
IPv4ProxyARP=true
+IPv4ProxyARPPrivateVLAN=true
IPv6ProxyNDP=true
diff --git a/test/fuzz/fuzz-unit-file/directives-all.service b/test/fuzz/fuzz-unit-file/directives-all.service
index d5877f930c..93307c0bbd 100644
--- a/test/fuzz/fuzz-unit-file/directives-all.service
+++ b/test/fuzz/fuzz-unit-file/directives-all.service
@@ -472,6 +472,7 @@ IPForward=
IPMasquerade=
IPv4LLRoute=
IPv4ProxyARP=
+IPv4ProxyARPPrivateVLAN=
IPv6AcceptRA=
IPv6DuplicateAddressDetection=
IPv6FlowLabel=
diff --git a/test/test-network/conf/25-sysctl.network b/test/test-network/conf/25-sysctl.network
index a71ffb2e53..ff1ded4ef0 100644
--- a/test/test-network/conf/25-sysctl.network
+++ b/test/test-network/conf/25-sysctl.network
@@ -7,6 +7,7 @@ IPForward=yes
IPv6DuplicateAddressDetection=3
IPv6HopLimit=5
IPv4ProxyARP=yes
+IPv4ProxyARPPrivateVLAN=yes
IPv6ProxyNDP=yes
IPv6AcceptRA=no
IPv4AcceptLocal=yes
diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py
index 6af6e6dc10..eefd7192a7 100755
--- a/test/test-network/systemd-networkd-tests.py
+++ b/test/test-network/systemd-networkd-tests.py
@@ -3592,6 +3592,7 @@ class NetworkdNetworkTests(unittest.TestCase, Utilities):
self.check_ipv6_sysctl_attr('dummy98', 'proxy_ndp', '1')
self.check_ipv4_sysctl_attr('dummy98', 'forwarding', '1')
self.check_ipv4_sysctl_attr('dummy98', 'proxy_arp', '1')
+ self.check_ipv4_sysctl_attr('dummy98', 'proxy_arp_pvlan', '1')
self.check_ipv4_sysctl_attr('dummy98', 'accept_local', '1')
self.check_ipv4_sysctl_attr('dummy98', 'rp_filter', '0')
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-03 08:13:47 +0100