network: Allow to configure interface promiscuous mode

6 files changed, 21 insertions, 4 deletions

diff --git a/man/systemd.network.xml b/man/systemd.network.xml
index 27263c34eb..e5647f7dae 100644
--- a/man/systemd.network.xml
+++ b/man/systemd.network.xml
@@ -171,20 +171,27 @@
           <para> For example, disabling ARP is useful when creating multiple MACVLAN or VLAN virtual
           interfaces atop a single lower-level physical interface, which will then only serve as a
           link/"bridge" device aggregating traffic to the same physical link and not participate in
-          the network otherwise.</para>
+          the network otherwise. Defaults to unset.</para>
         </listitem>
       </varlistentry>
       <varlistentry>
         <term><varname>Multicast=</varname></term>
         <listitem>
-          <para>Takes a boolean. If set to true, the multicast flag on the device is enabled.</para>
+          <para>Takes a boolean. If set to true, the multicast flag on the device is enabled. Defaults to unset.</para>
         </listitem>
       </varlistentry>
       <varlistentry>
         <term><varname>AllMulticast=</varname></term>
         <listitem>
           <para>Takes a boolean. If set to true, the driver retrieves all multicast packets from the network.
-          This happens when multicast routing is enabled.</para>
+          This happens when multicast routing is enabled. Defaults to unset.</para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term><varname>Promiscuous=</varname></term>
+        <listitem>
+          <para>Takes a boolean. If set to true, promiscuous mode of the interface is enabled.
+          Defaults to unset.</para>
         </listitem>
       </varlistentry>
       <varlistentry>
diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
index b7047c06d1..7675f266e5 100644
--- a/src/network/networkd-link.c
+++ b/src/network/networkd-link.c
@@ -1108,7 +1108,8 @@ static int link_set_flags(Link *link) {
         if (!link->network)
                 return 0;
 
-        if (link->network->arp < 0 && link->network->multicast < 0 && link->network->allmulticast < 0)
+        if (link->network->arp < 0 && link->network->multicast < 0 && link->network->allmulticast < 0 &&
+            link->network->promiscuous < 0)
                 return 0;
 
         r = sd_rtnl_message_new_link(link->manager->rtnl, &req, RTM_SETLINK, link->ifindex);
@@ -1130,6 +1131,11 @@ static int link_set_flags(Link *link) {
                 SET_FLAG(ifi_flags, IFF_ALLMULTI, link->network->allmulticast);
         }
 
+        if (link->network->promiscuous >= 0) {
+                ifi_change |= IFF_PROMISC;
+                SET_FLAG(ifi_flags, IFF_PROMISC, link->network->promiscuous);
+        }
+
         r = sd_rtnl_message_link_set_flags(req, ifi_flags, ifi_change);
         if (r < 0)
                 return log_link_error_errno(link, r, "Could not set link flags: %m");
diff --git a/src/network/networkd-network-gperf.gperf b/src/network/networkd-network-gperf.gperf
index 619c6a8c59..be7c076c61 100644
--- a/src/network/networkd-network-gperf.gperf
+++ b/src/network/networkd-network-gperf.gperf
@@ -62,6 +62,7 @@ Link.Group,                                  config_parse_uint32,
 Link.ARP,                                    config_parse_tristate,                                    0,                             offsetof(Network, arp)
 Link.Multicast,                              config_parse_tristate,                                    0,                             offsetof(Network, multicast)
 Link.AllMulticast,                           config_parse_tristate,                                    0,                             offsetof(Network, allmulticast)
+Link.Promiscuous,                            config_parse_tristate,                                    0,                             offsetof(Network, promiscuous)
 Link.Unmanaged,                              config_parse_bool,                                        0,                             offsetof(Network, unmanaged)
 Link.RequiredForOnline,                      config_parse_required_for_online,                         0,                             0
 SR-IOV.VirtualFunction,                      config_parse_sr_iov_uint32,                               0,                             0
diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c
index 73c3788e27..a5440a83c7 100644
--- a/src/network/networkd-network.c
+++ b/src/network/networkd-network.c
@@ -321,6 +321,7 @@ int network_load_one(Manager *manager, OrderedHashmap **networks, const char *fi
                 .arp = -1,
                 .multicast = -1,
                 .allmulticast = -1,
+                .promiscuous = -1,
 
                 .configure_without_carrier = false,
                 .ignore_carrier_loss = -1,
diff --git a/src/network/networkd-network.h b/src/network/networkd-network.h
index 17e7d432c9..a23de93126 100644
--- a/src/network/networkd-network.h
+++ b/src/network/networkd-network.h
@@ -87,6 +87,7 @@ struct Network {
         int arp;
         int multicast;
         int allmulticast;
+        int promiscuous;
         bool unmanaged;
         bool required_for_online; /* Is this network required to be considered online? */
         LinkOperationalStateRange required_operstate_for_online;
diff --git a/test/fuzz/fuzz-network-parser/directives.network b/test/fuzz/fuzz-network-parser/directives.network
index cb0c3205a0..611d5bb7f7 100644
--- a/test/fuzz/fuzz-network-parser/directives.network
+++ b/test/fuzz/fuzz-network-parser/directives.network
@@ -38,6 +38,7 @@ MTUBytes=
 Multicast=
 MACAddress=
 Group=
+Promiscuous=
 [SR-IOV]
 VirtualFunction=
 MACSpoofCheck=