From 0d8b7fd3aab990cd568ff484fef944e496a77521 Mon Sep 17 00:00:00 2001 From: Maxim Devaev Date: Tue, 3 Jun 2025 21:01:58 +0300 Subject: [PATCH] otgnet: apply net.ipv4.ip_forward=1 on forwarding --- PKGBUILD | 2 +- kvmd/apps/__init__.py | 1 + kvmd/apps/otgnet/__init__.py | 5 +++++ kvmd/apps/otgnet/netctl.py | 10 ++++++++++ 4 files changed, 17 insertions(+), 1 deletion(-) diff --git a/PKGBUILD b/PKGBUILD index 12f74925..b6b88142 100644 --- a/PKGBUILD +++ b/PKGBUILD @@ -123,7 +123,7 @@ depends=( # fsck for /boot dosfstools - # pgrep for kvmd-udev-restart-pass + # pgrep for kvmd-udev-restart-pass, sysctl for kvmd-otgnet procps-ng # Misc diff --git a/kvmd/apps/__init__.py b/kvmd/apps/__init__.py index 404abb92..75f5607e 100644 --- a/kvmd/apps/__init__.py +++ b/kvmd/apps/__init__.py @@ -687,6 +687,7 @@ def _get_config_scheme() -> dict: "commands": { "ip_cmd": Option(["/usr/bin/ip"], type=valid_command), "iptables_cmd": Option(["/usr/sbin/iptables", "--wait=5"], type=valid_command), + "sysctl_cmd": Option(["/usr/sbin/sysctl"], type=valid_command), "pre_start_cmd": Option(["/bin/true", "pre-start"], type=valid_command), "pre_start_cmd_remove": Option([], type=valid_options), diff --git a/kvmd/apps/otgnet/__init__.py b/kvmd/apps/otgnet/__init__.py index d335a4a7..81e797a6 100644 --- a/kvmd/apps/otgnet/__init__.py +++ b/kvmd/apps/otgnet/__init__.py @@ -45,6 +45,7 @@ from .netctl import IptablesAllowIcmpCtl from .netctl import IptablesAllowPortCtl from .netctl import IptablesForwardOut from .netctl import IptablesForwardIn +from .netctl import SysctlIpv4ForwardCtl from .netctl import CustomCtl @@ -65,6 +66,7 @@ class _Service: # pylint: disable=too-many-instance-attributes def __init__(self, config: Section) -> None: self.__ip_cmd: list[str] = config.otgnet.commands.ip_cmd self.__iptables_cmd: list[str] = config.otgnet.commands.iptables_cmd + self.__sysctl_cmd: list[str] = config.otgnet.commands.sysctl_cmd self.__iface_net: str = config.otgnet.iface.net @@ -116,6 +118,7 @@ class _Service: # pylint: disable=too-many-instance-attributes *([IptablesForwardIn(self.__iptables_cmd, netcfg.iface)] if self.__forward_iface else []), IptablesDropAllCtl(self.__iptables_cmd, netcfg.iface), IfaceAddIpCtl(self.__ip_cmd, netcfg.iface, f"{netcfg.iface_ip}/{netcfg.net_prefix}"), + *([SysctlIpv4ForwardCtl(self.__sysctl_cmd)] if self.__forward_iface else []), CustomCtl(self.__post_start_cmd, self.__pre_stop_cmd, placeholders), ] if direct: @@ -131,6 +134,8 @@ class _Service: # pylint: disable=too-many-instance-attributes async def __run_ctl(self, ctl: BaseCtl, direct: bool) -> bool: logger = get_logger() cmd = ctl.get_command(direct) + if not cmd: + return True logger.info("CMD: %s", tools.cmdfmt(cmd)) try: return (not (await aioproc.log_process(cmd, logger)).returncode) diff --git a/kvmd/apps/otgnet/netctl.py b/kvmd/apps/otgnet/netctl.py index 13de1f00..127dc5ee 100644 --- a/kvmd/apps/otgnet/netctl.py +++ b/kvmd/apps/otgnet/netctl.py @@ -121,6 +121,16 @@ class IptablesForwardIn(BaseCtl): ] +class SysctlIpv4ForwardCtl(BaseCtl): + def __init__(self, base_cmd: list[str]) -> None: + self.__base_cmd = base_cmd + + def get_command(self, direct: bool) -> list[str]: + if direct: + return [*self.__base_cmd, "net.ipv4.ip_forward=1"] + return [] # Don't revert the command because some services can require it too + + class CustomCtl(BaseCtl): def __init__( self,