otgnet: apply net.ipv4.ip_forward=1 on forwarding

2025-12-12 01:00:29 +08:00 · 2025-06-03 21:01:58 +03:00 · 2025-06-03 21:01:58 +03:00 · 0d8b7fd3aa
commit 0d8b7fd3aa
parent 91312dd4be
4 changed files with 17 additions and 1 deletions
--- a/2
+++ b/2
@ -123,7 +123,7 @@ depends=(
 	# fsck for /boot
 	dosfstools

-	# pgrep for kvmd-udev-restart-pass
+	# pgrep for kvmd-udev-restart-pass, sysctl for kvmd-otgnet
 	procps-ng

 	# Misc
--- a/kvmd/apps/init.py
+++ b/kvmd/apps/init.py
@ -687,6 +687,7 @@ def _get_config_scheme() -> dict:
            "commands": {
                "ip_cmd":       Option(["/usr/bin/ip"],  type=valid_command),
                "iptables_cmd": Option(["/usr/sbin/iptables", "--wait=5"], type=valid_command),
+                "sysctl_cmd":   Option(["/usr/sbin/sysctl"], type=valid_command),

                "pre_start_cmd":        Option(["/bin/true", "pre-start"], type=valid_command),
                "pre_start_cmd_remove": Option([], type=valid_options),
--- a/kvmd/apps/otgnet/init.py
+++ b/kvmd/apps/otgnet/init.py
@ -45,6 +45,7 @@ from .netctl import IptablesAllowIcmpCtl
 from .netctl import IptablesAllowPortCtl
 from .netctl import IptablesForwardOut
 from .netctl import IptablesForwardIn
+from .netctl import SysctlIpv4ForwardCtl
 from .netctl import CustomCtl


@ -65,6 +66,7 @@ class _Service:  # pylint: disable=too-many-instance-attributes
    def __init__(self, config: Section) -> None:
        self.__ip_cmd: list[str] = config.otgnet.commands.ip_cmd
        self.__iptables_cmd: list[str] = config.otgnet.commands.iptables_cmd
+        self.__sysctl_cmd: list[str] = config.otgnet.commands.sysctl_cmd

        self.__iface_net: str = config.otgnet.iface.net

@ -116,6 +118,7 @@ class _Service:  # pylint: disable=too-many-instance-attributes
            *([IptablesForwardIn(self.__iptables_cmd, netcfg.iface)] if self.__forward_iface else []),
            IptablesDropAllCtl(self.__iptables_cmd, netcfg.iface),
            IfaceAddIpCtl(self.__ip_cmd, netcfg.iface, f"{netcfg.iface_ip}/{netcfg.net_prefix}"),
+            *([SysctlIpv4ForwardCtl(self.__sysctl_cmd)] if self.__forward_iface else []),
            CustomCtl(self.__post_start_cmd, self.__pre_stop_cmd, placeholders),
        ]
        if direct:
@ -131,6 +134,8 @@ class _Service:  # pylint: disable=too-many-instance-attributes
    async def __run_ctl(self, ctl: BaseCtl, direct: bool) -> bool:
        logger = get_logger()
        cmd = ctl.get_command(direct)
+        if not cmd:
+            return True
        logger.info("CMD: %s", tools.cmdfmt(cmd))
        try:
            return (not (await aioproc.log_process(cmd, logger)).returncode)
--- a/kvmd/apps/otgnet/netctl.py
+++ b/kvmd/apps/otgnet/netctl.py
@ -121,6 +121,16 @@ class IptablesForwardIn(BaseCtl):
        ]


+class SysctlIpv4ForwardCtl(BaseCtl):
+    def __init__(self, base_cmd: list[str]) -> None:
+        self.__base_cmd = base_cmd
+
+    def get_command(self, direct: bool) -> list[str]:
+        if direct:
+            return [*self.__base_cmd, "net.ipv4.ip_forward=1"]
+        return []  # Don't revert the command because some services can require it too
+
+
 class CustomCtl(BaseCtl):
    def __init__(
        self,