colin/NetworkManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

all: rework configuring route table support by adding "route-table" setting

Browse Source 
We added "ipv4.route-table-sync" and "ipv6.route-table-sync" to not change
behavior for users that configured policy routing outside of NetworkManager,
for example, via a dispatcher script. Users had to explicitly opt-in
for NetworkManager to fully manage all routing tables.

These settings were awkward. Replace them with new settings "ipv4.route-table"
and "ipv6.route-table". Note that this commit breaks API/ABI on the unstable
development branch by removing recently added API.

As before, a connection will have no route-table set by default. This
has the meaning that policy-routing is not enabled and only the main table
will be fully synced. Once the user sets a table, we recognize that and
NetworkManager manages all routing tables.

The new route-table setting has other important uses: analog to
"ipv4.route-metric", it is the default that applies to all routes.
Currently it only works for static routes, not DHCP, SLAAC,
default-route, etc. That will be implemented later.

For static routes, each route still can explicitly set a table, and
overwrite the per-connection setting in "ipv4.route-table" and
"ipv6.route-table".
This commit is contained in:
Thomas Haller
2017-09-28 08:40:41 +02:00
parent 17ca5c4c0c
commit cc1ee1d286
22 changed files with 275 additions and 180 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
clients/common/nm-meta-setting-desc.c
View File

@@ -5353,11 +5353,18 @@ static const NMMetaPropertyInfo *const property_infos_IP4_CONFIG[] = {
PROPERTY_INFO (NM_SETTING_IP_CONFIG_ROUTE_METRIC, DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_ROUTE_METRIC,
.property_type = &_pt_gobject_int,
),
PROPERTY_INFO (NM_SETTING_IP_CONFIG_ROUTE_TABLE_SYNC, DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_ROUTE_TABLE_SYNC,
.property_type = &_pt_gobject_enum,
.property_typ_data = DEFINE_PROPERTY_TYP_DATA (
PROPERTY_TYP_DATA_SUBTYPE (gobject_enum,
.get_gtype = nm_ip_route_table_sync_mode_get_type,
PROPERTY_INFO (NM_SETTING_IP_CONFIG_ROUTE_TABLE, DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_ROUTE_TABLE,
.property_type = &_pt_gobject_int,
.property_typ_data = DEFINE_PROPERTY_TYP_DATA_SUBTYPE (gobject_int,
.value_infos = INT_VALUE_INFOS (
{
.value = 0,
.nick = "unspec",
},
{
.value = 254,
.nick = "main",
}
),
),
),
@@ -5384,7 +5391,6 @@ static const NMMetaPropertyInfo *const property_infos_IP4_CONFIG[] = {
}
),
),
),
PROPERTY_INFO (NM_SETTING_IP_CONFIG_DHCP_SEND_HOSTNAME, DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DHCP_SEND_HOSTNAME,
.property_type = &_pt_gobject_bool,
@@ -5510,11 +5516,18 @@ static const NMMetaPropertyInfo *const property_infos_IP6_CONFIG[] = {
PROPERTY_INFO (NM_SETTING_IP_CONFIG_ROUTE_METRIC, DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_ROUTE_METRIC,
.property_type = &_pt_gobject_int,
),
PROPERTY_INFO (NM_SETTING_IP_CONFIG_ROUTE_TABLE_SYNC, DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_ROUTE_TABLE_SYNC,
.property_type = &_pt_gobject_enum,
.property_typ_data = DEFINE_PROPERTY_TYP_DATA (
PROPERTY_TYP_DATA_SUBTYPE (gobject_enum,
.get_gtype = nm_ip_route_table_sync_mode_get_type,
PROPERTY_INFO (NM_SETTING_IP_CONFIG_ROUTE_TABLE, DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_ROUTE_TABLE,
.property_type = &_pt_gobject_int,
.property_typ_data = DEFINE_PROPERTY_TYP_DATA_SUBTYPE (gobject_int,
.value_infos = INT_VALUE_INFOS (
{
.value = 0,
.nick = "unspec",
},
{
.value = 254,
.nick = "main",
}
),
),
),

4
clients/common/settings-docs.c.in
View File

@@ -224,7 +224,7 @@
#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_NAME N_("The setting's name, which uniquely identifies the setting within the connection. Each setting type has a name unique to that type, for example \"ppp\" or \"wireless\" or \"wired\".")
#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_NEVER_DEFAULT N_("If TRUE, this connection will never be the default connection for this IP type, meaning it will never be assigned the default route by NetworkManager.")
#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_ROUTE_METRIC N_("The default metric for routes that don't explicitly specify a metric. The default value -1 means that the metric is chosen automatically based on the device type. The metric applies to dynamic routes, manual (static) routes that don't have an explicit metric setting, address prefix routes, and the default route. Note that for IPv6, the kernel accepts zero (0) but coerces it to 1024 (user default). Hence, setting this property to zero effectively mean setting it to 1024. For IPv4, zero is a regular value for the metric.")
#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_ROUTE_TABLE_SYNC N_("The mode how to sync the routes per table. In general, when NetworkManager manages a device it will remove extraneous routes from the routing tables. The sync parameter specifies which tables are synced this way. That means, from which routing table NetworkManager will remove those unexpected, extraneous routes. A value of 1 (none) means that no route tables will not be synced and no routes are removed by NetworkManager. 2 (main) means that only the main table will be synced. 3 (full) will sync all the route tables, except the local table. A value of zero is the default value and allows to be overwritten via global configuration. In absence of global configuration, the default value is 2 (main).")
#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_ROUTE_TABLE N_("Enable policy routing (source routing) and set the routing table used when adding routes. This currently only affects static routes (ipv4.routes and ipv6.routes). However, each static route can individually overwrite the table setting by explicitly specifying a non-zero routing table. If the table setting is left at zero, it is eligible to be overwritten via global configuration. If the property is zero even after applying the global configuration value, policy routing is disabled for the address family of this connection. Policy routing disabled means that NetworkManager will add all routes to the main table (except static routes that explicitly configure a different table). Additionally, NetworkManager will not delete any extraneous routes from tables except the main table. This is to preserve backward compatibility for users who manage routing tables outside of NetworkManager.")
#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_ROUTES N_("Array of IP routes.")
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_ADDR_GEN_MODE N_("Configure method for creating the address for use with RFC4862 IPv6 Stateless Address Autoconfiguration. The permitted values are: \"eui64\", or \"stable-privacy\". If the property is set to \"eui64\", the addresses will be generated using the interface tokens derived from hardware address. This makes the host part of the address to stay constant, making it possible to track host's presence when it changes networks. The address changes when the interface hardware is replaced. The value of \"stable-privacy\" enables use of cryptographically secure hash of a secret host-specific key along with the connection's stable-id and the network address as specified by RFC7217. This makes it impossible to use the address track host's presence, and makes the address stable when the network interface hardware is replaced. On D-Bus, the absence of an addr-gen-mode setting equals enabling \"stable-privacy\". For keyfile plugin, the absence of the setting on disk means \"eui64\" so that the property doesn't change on upgrade from older versions. Note that this setting is distinct from the Privacy Extensions as configured by \"ip6-privacy\" property and it does not affect the temporary addresses configured with this option.")
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_ADDRESSES N_("Array of IP addresses.")
@@ -245,7 +245,7 @@
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_NAME N_("The setting's name, which uniquely identifies the setting within the connection. Each setting type has a name unique to that type, for example \"ppp\" or \"wireless\" or \"wired\".")
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_NEVER_DEFAULT N_("If TRUE, this connection will never be the default connection for this IP type, meaning it will never be assigned the default route by NetworkManager.")
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_ROUTE_METRIC N_("The default metric for routes that don't explicitly specify a metric. The default value -1 means that the metric is chosen automatically based on the device type. The metric applies to dynamic routes, manual (static) routes that don't have an explicit metric setting, address prefix routes, and the default route. Note that for IPv6, the kernel accepts zero (0) but coerces it to 1024 (user default). Hence, setting this property to zero effectively mean setting it to 1024. For IPv4, zero is a regular value for the metric.")
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_ROUTE_TABLE_SYNC N_("The mode how to sync the routes per table. In general, when NetworkManager manages a device it will remove extraneous routes from the routing tables. The sync parameter specifies which tables are synced this way. That means, from which routing table NetworkManager will remove those unexpected, extraneous routes. A value of 1 (none) means that no route tables will not be synced and no routes are removed by NetworkManager. 2 (main) means that only the main table will be synced. 3 (full) will sync all the route tables, except the local table. A value of zero is the default value and allows to be overwritten via global configuration. In absence of global configuration, the default value is 2 (main).")
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_ROUTE_TABLE N_("Enable policy routing (source routing) and set the routing table used when adding routes. This currently only affects static routes (ipv4.routes and ipv6.routes). However, each static route can individually overwrite the table setting by explicitly specifying a non-zero routing table. If the table setting is left at zero, it is eligible to be overwritten via global configuration. If the property is zero even after applying the global configuration value, policy routing is disabled for the address family of this connection. Policy routing disabled means that NetworkManager will add all routes to the main table (except static routes that explicitly configure a different table). Additionally, NetworkManager will not delete any extraneous routes from tables except the main table. This is to preserve backward compatibility for users who manage routing tables outside of NetworkManager.")
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_ROUTES N_("Array of IP routes.")
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_TOKEN N_("Configure the token for draft-chown-6man-tokenised-ipv6-identifiers-02 IPv6 tokenized interface identifiers. Useful with eui64 addr-gen-mode.")
#define DESCRIBE_DOC_NM_SETTING_MACSEC_ENCRYPT N_("Whether the transmitted traffic must be encrypted.")

21
libnm-core/nm-dbus-interface.h
View File

@@ -856,27 +856,6 @@ typedef enum { /*< skip >*/
NM_ROLLBACK_RESULT_ERR_FAILED = 3,
} NMRollbackResult;
/**
* NMIPRouteTableSyncMode:
* @NM_IP_ROUTE_TABLE_SYNC_MODE_DEFAULT: the default value, meaning the value
* is subject to global configuration default.
* @NM_IP_ROUTE_TABLE_SYNC_MODE_NONE: no route table is synced. This means,
* NetworkManager will only add routes for a particular interface to the
* routing tables, but not delete any routes.
* @NM_IP_ROUTE_TABLE_SYNC_MODE_MAIN: only the main table is synced. For all
* other tables, NM won't delete any extra routes.
* @NM_IP_ROUTE_TABLE_SYNC_MODE_FULL: NM will sync all tables, except the
* local table (255).
*
* Since: 1.10
*/
typedef enum {
NM_IP_ROUTE_TABLE_SYNC_MODE_DEFAULT = 0,
NM_IP_ROUTE_TABLE_SYNC_MODE_NONE = 1,
NM_IP_ROUTE_TABLE_SYNC_MODE_MAIN = 2,
NM_IP_ROUTE_TABLE_SYNC_MODE_FULL = 3,
} NMIPRouteTableSyncMode;
/**
* NMActivationStateFlags:
* @NM_ACTIVATION_STATE_FLAG_NONE: an alias for numeric zero, no flags set.

90
libnm-core/nm-setting-ip-config.c
View File

@@ -1378,6 +1378,7 @@ typedef struct {
GPtrArray *addresses; /* array of NMIPAddress */
GPtrArray *routes; /* array of NMIPRoute */
gint64 route_metric;
guint32 route_table;
char *gateway;
gboolean ignore_auto_routes;
gboolean ignore_auto_dns;
@@ -1387,7 +1388,6 @@ typedef struct {
gboolean may_fail;
gint dad_timeout;
gint dhcp_timeout;
int route_table_sync;
} NMSettingIPConfigPrivate;
enum {
@@ -1401,6 +1401,7 @@ enum {
PROP_GATEWAY,
PROP_ROUTES,
PROP_ROUTE_METRIC,
PROP_ROUTE_TABLE,
PROP_IGNORE_AUTO_ROUTES,
PROP_IGNORE_AUTO_DNS,
PROP_DHCP_HOSTNAME,
@@ -1409,7 +1410,6 @@ enum {
PROP_MAY_FAIL,
PROP_DAD_TIMEOUT,
PROP_DHCP_TIMEOUT,
PROP_ROUTE_TABLE_SYNC,
LAST_PROP
};
@@ -2270,22 +2270,22 @@ nm_setting_ip_config_get_route_metric (NMSettingIPConfig *setting)
}
/**
* nm_setting_ip_config_get_route_table_sync:
* nm_setting_ip_config_get_route_table:
* @setting: the #NMSettingIPConfig
*
* Returns the value contained in the #NMSettingIPConfig:route-table-sync
* Returns the value contained in the #NMSettingIPConfig:route-table
* property.
*
* Returns: the configured route-table-sync mode.
* Returns: the configured route-table.
*
* Since: 1.10
**/
NMIPRouteTableSyncMode
nm_setting_ip_config_get_route_table_sync (NMSettingIPConfig *setting)
guint32
nm_setting_ip_config_get_route_table (NMSettingIPConfig *setting)
{
g_return_val_if_fail (NM_IS_SETTING_IP_CONFIG (setting), 0);
return NM_SETTING_IP_CONFIG_GET_PRIVATE (setting)->route_table_sync;
return NM_SETTING_IP_CONFIG_GET_PRIVATE (setting)->route_table;
}
/**
@@ -2550,17 +2550,6 @@ verify (NMSetting *setting, NMConnection *connection, GError **error)
}
}
if ( priv->route_table_sync < NM_IP_ROUTE_TABLE_SYNC_MODE_DEFAULT
|| priv->route_table_sync > NM_IP_ROUTE_TABLE_SYNC_MODE_FULL) {
g_set_error (error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
_("invalid route table sync value %d"),
priv->route_table_sync);
g_prefix_error (error, "%s.%s: ", nm_setting_get_name (setting), NM_SETTING_IP_CONFIG_ROUTE_TABLE_SYNC);
return FALSE;
}
/* Validate routes */
for (i = 0; i < priv->routes->len; i++) {
NMIPRoute *route = (NMIPRoute *) priv->routes->pdata[i];
@@ -2739,6 +2728,9 @@ set_property (GObject *object, guint prop_id,
case PROP_ROUTE_METRIC:
priv->route_metric = g_value_get_int64 (value);
break;
case PROP_ROUTE_TABLE:
priv->route_table = g_value_get_uint (value);
break;
case PROP_IGNORE_AUTO_ROUTES:
priv->ignore_auto_routes = g_value_get_boolean (value);
break;
@@ -2764,9 +2756,6 @@ set_property (GObject *object, guint prop_id,
case PROP_DHCP_TIMEOUT:
priv->dhcp_timeout = g_value_get_int (value);
break;
case PROP_ROUTE_TABLE_SYNC:
priv->route_table_sync = g_value_get_int (value);
break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break;
@@ -2812,6 +2801,9 @@ get_property (GObject *object, guint prop_id,
case PROP_ROUTE_METRIC:
g_value_set_int64 (value, priv->route_metric);
break;
case PROP_ROUTE_TABLE:
g_value_set_uint (value, priv->route_table);
break;
case PROP_IGNORE_AUTO_ROUTES:
g_value_set_boolean (value, nm_setting_ip_config_get_ignore_auto_routes (setting));
break;
@@ -2836,9 +2828,6 @@ get_property (GObject *object, guint prop_id,
case PROP_DHCP_TIMEOUT:
g_value_set_int (value, nm_setting_ip_config_get_dhcp_timeout (setting));
break;
case PROP_ROUTE_TABLE_SYNC:
g_value_set_int (value, priv->route_table_sync);
break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break;
@@ -3063,6 +3052,34 @@ nm_setting_ip_config_class_init (NMSettingIPConfigClass *setting_class)
G_PARAM_CONSTRUCT |
G_PARAM_STATIC_STRINGS));
/**
* NMSettingIPConfig:route-table:
*
* Enable policy routing (source routing) and set the routing table used when adding routes.
*
* This currently only affects static routes (ipv4.routes and ipv6.routes). However,
* each static route can individually overwrite the table setting by explicitly
* specifying a non-zero routing table.
*
* If the table setting is left at zero, it is eligible to be overwritten via global
* configuration. If the property is zero even after applying the global configuration
* value, policy routing is disabled for the address family of this connection.
*
* Policy routing disabled means that NetworkManager will add all routes to the main
* table (except static routes that explicitly configure a different table). Additionally,
* NetworkManager will not delete any extraneous routes from tables except the main table.
* This is to preserve backward compatibility for users who manage routing tables outside
* of NetworkManager.
*
* Since: 1.10
**/
g_object_class_install_property
(object_class, PROP_ROUTE_TABLE,
g_param_spec_uint (NM_SETTING_IP_CONFIG_ROUTE_TABLE, "", "",
0, G_MAXUINT32, 0,
G_PARAM_READWRITE |
NM_SETTING_PARAM_FUZZY_IGNORE |
G_PARAM_STATIC_STRINGS));
/**
* NMSettingIPConfig:ignore-auto-routes:
*
@@ -3194,27 +3211,4 @@ nm_setting_ip_config_class_init (NMSettingIPConfigClass *setting_class)
G_PARAM_READWRITE |
NM_SETTING_PARAM_FUZZY_IGNORE |
G_PARAM_STATIC_STRINGS));
/**
* NMSettingIPConfig:route-table-sync:
*
* The mode how to sync the routes per table. In general, when NetworkManager manages
* a device it will remove extraneous routes from the routing tables. The
* sync parameter specifies which tables are synced this way. That means, from
* which routing table NetworkManager will remove those unexpected, extraneous routes.
* A value of 1 (none) means that no route tables will not be synced and no routes
* are removed by NetworkManager. 2 (main) means that only the main table will be synced.
* 3 (full) will sync all the route tables, except the local table. A value of zero is
* the default value and allows to be overwritten via global configuration. In absence of
* global configuration, the default value is 2 (main).
*
* Since: 1.10
**/
g_object_class_install_property
(object_class, PROP_ROUTE_TABLE_SYNC,
g_param_spec_int (NM_SETTING_IP_CONFIG_ROUTE_TABLE_SYNC, "", "",
G_MININT32, G_MAXINT32, NM_IP_ROUTE_TABLE_SYNC_MODE_DEFAULT,
G_PARAM_READWRITE |
NM_SETTING_PARAM_FUZZY_IGNORE |
G_PARAM_STATIC_STRINGS));
}

8
libnm-core/nm-setting-ip-config.h
View File

@@ -175,6 +175,7 @@ gboolean nm_ip_route_attribute_validate (const char *name,
#define NM_SETTING_IP_CONFIG_GATEWAY "gateway"
#define NM_SETTING_IP_CONFIG_ROUTES "routes"
#define NM_SETTING_IP_CONFIG_ROUTE_METRIC "route-metric"
#define NM_SETTING_IP_CONFIG_ROUTE_TABLE "route-table"
#define NM_SETTING_IP_CONFIG_IGNORE_AUTO_ROUTES "ignore-auto-routes"
#define NM_SETTING_IP_CONFIG_IGNORE_AUTO_DNS "ignore-auto-dns"
#define NM_SETTING_IP_CONFIG_DHCP_HOSTNAME "dhcp-hostname"
@@ -183,7 +184,6 @@ gboolean nm_ip_route_attribute_validate (const char *name,
#define NM_SETTING_IP_CONFIG_MAY_FAIL "may-fail"
#define NM_SETTING_IP_CONFIG_DAD_TIMEOUT "dad-timeout"
#define NM_SETTING_IP_CONFIG_DHCP_TIMEOUT "dhcp-timeout"
#define NM_SETTING_IP_CONFIG_ROUTE_TABLE_SYNC "route-table-sync"
#define NM_SETTING_DNS_OPTION_DEBUG "debug"
#define NM_SETTING_DNS_OPTION_NDOTS "ndots"
@@ -284,6 +284,9 @@ void nm_setting_ip_config_clear_routes (NMSettingIPConfig
gint64 nm_setting_ip_config_get_route_metric (NMSettingIPConfig *setting);
NM_AVAILABLE_IN_1_10
guint32 nm_setting_ip_config_get_route_table (NMSettingIPConfig *setting);
gboolean nm_setting_ip_config_get_ignore_auto_routes (NMSettingIPConfig *setting);
gboolean nm_setting_ip_config_get_ignore_auto_dns (NMSettingIPConfig *setting);
@@ -297,9 +300,6 @@ gint nm_setting_ip_config_get_dad_timeout (NMSettingIPConfig
NM_AVAILABLE_IN_1_2
gint nm_setting_ip_config_get_dhcp_timeout (NMSettingIPConfig *setting);
NM_AVAILABLE_IN_1_10
NMIPRouteTableSyncMode nm_setting_ip_config_get_route_table_sync (NMSettingIPConfig *setting);
G_END_DECLS
#endif /* NM_SETTING_IP_CONFIG_H */

7
libnm-core/nm-setting-ip4-config.c
View File

@@ -681,11 +681,10 @@ nm_setting_ip4_config_class_init (NMSettingIP4ConfigClass *ip4_class)
*/
/* ---ifcfg-rh---
* property: route-table-sync
* variable: IPV4_ROUTE_TABLE_SYNC(+)
* property: route-table
* variable: IPV4_ROUTE_TABLE(+)
* default: 0
* description: IPV4_ROUTE_TABLE_SYNC controls how NetworkManager removes extraneous
* routes from the routing tables.
* description: IPV4_ROUTE_TABLE enables policy-routing and sets the default routing table.
* ---end---
*/

7
libnm-core/nm-setting-ip6-config.c
View File

@@ -653,11 +653,10 @@ nm_setting_ip6_config_class_init (NMSettingIP6ConfigClass *ip6_class)
*/
/* ---ifcfg-rh---
* property: route-table-sync
* variable: IPV6_ROUTE_TABLE_SYNC(+)
* property: route-table
* variable: IPV6_ROUTE_TABLE(+)
* default: 0
* description: IPV6_ROUTE_TABLE_SYNC controls how NetworkManager removes extraneous
* routes from the routing tables.
* description: IPV6_ROUTE_TABLE enables policy-routing and sets the default routing table.
* ---end---
*/

2
libnm-core/tests/test-general.c
View File

@@ -2479,7 +2479,7 @@ test_connection_diff_a_only (void)
{ NM_SETTING_IP_CONFIG_GATEWAY, NM_SETTING_DIFF_RESULT_IN_A },
{ NM_SETTING_IP_CONFIG_ROUTES, NM_SETTING_DIFF_RESULT_IN_A },
{ NM_SETTING_IP_CONFIG_ROUTE_METRIC, NM_SETTING_DIFF_RESULT_IN_A },
{ NM_SETTING_IP_CONFIG_ROUTE_TABLE_SYNC, NM_SETTING_DIFF_RESULT_IN_A },
{ NM_SETTING_IP_CONFIG_ROUTE_TABLE, NM_SETTING_DIFF_RESULT_IN_A },
{ NM_SETTING_IP_CONFIG_IGNORE_AUTO_ROUTES, NM_SETTING_DIFF_RESULT_IN_A },
{ NM_SETTING_IP_CONFIG_IGNORE_AUTO_DNS, NM_SETTING_DIFF_RESULT_IN_A },
{ NM_SETTING_IP4_CONFIG_DHCP_CLIENT_ID, NM_SETTING_DIFF_RESULT_IN_A },

3
libnm/libnm.ver
View File

@@ -1188,9 +1188,8 @@ global:
nm_device_dummy_get_hw_address;
nm_device_ppp_get_type;
nm_ip_route_equal_full;
nm_ip_route_table_sync_mode_get_type;
nm_setting_bridge_get_group_forward_mask;
nm_setting_ip_config_get_route_table_sync;
nm_setting_ip_config_get_route_table;
nm_setting_pppoe_get_parent;
nm_setting_wireless_security_get_pmf;
nm_setting_wireless_security_get_wps_method;

14
man/NetworkManager.conf.xml
View File

@@ -684,8 +684,11 @@ ipv6.ip6-privacy=0
<term><varname>ipv4.route-metric</varname></term>
</varlistentry>
<varlistentry>
<term><varname>ipv4.route-table-sync</varname></term>
<listitem><para>If left unspecified, the default value is 2 (main).</para></listitem>
<term><varname>ipv4.route-table</varname></term>
<listitem><para>If left unspecified, routes are only added to the main table. Note that this
is different from explicitly selecting the main table 254, because of how NetworkManager
removes extraneous routes from the tables.
</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>ipv6.dhcp-timeout</varname></term>
@@ -702,8 +705,11 @@ ipv6.ip6-privacy=0
<term><varname>ipv6.route-metric</varname></term>
</varlistentry>
<varlistentry>
<term><varname>ipv6.route-table-sync</varname></term>
<listitem><para>If left unspecified, the default value is 2 (main).</para></listitem>
<term><varname>ipv6.route-table</varname></term>
<listitem><para>If left unspecified, routes are only added to the main table. Note that this
is different from explicitly selecting the main table 254, because of how NetworkManager
removes extraneous routes from the tables.
</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>vpn.timeout</varname></term>

110
src/devices/nm-device.c
View File

@@ -34,6 +34,7 @@
#include <arpa/inet.h>
#include <fcntl.h>
#include <linux/if_addr.h>
#include <linux/rtnetlink.h>
#include "nm-utils/nm-dedup-multi.h"
@@ -317,6 +318,9 @@ typedef struct _NMDevicePrivate {
guint32 mtu_initial;
guint32 ip6_mtu_initial;
guint32 v4_route_table;
guint32 v6_route_table;
/* when carrier goes away, we give a grace period of CARRIER_WAIT_TIME_MS
* until taking action.
*
@@ -337,6 +341,9 @@ typedef struct _NMDevicePrivate {
NMDeviceSysIfaceState sys_iface_state:2;
bool v4_route_table_initalized:1;
bool v6_route_table_initalized:1;
/* Generic DHCP stuff */
char * dhcp_anycast_address;
@@ -1724,15 +1731,28 @@ out:
return nm_utils_ip_route_metric_normalize (addr_family, route_metric);
}
static NMIPRouteTableSyncMode
get_route_table_sync (NMDevice *self, int addr_family)
guint32
nm_device_get_route_table (NMDevice *self,
int addr_family,
gboolean fallback_main)
{
NMDevicePrivate *priv = NM_DEVICE_GET_PRIVATE (self);
NMConnection *connection;
NMSettingIPConfig *s_ip;
NMIPRouteTableSyncMode route_table_sync = NM_IP_ROUTE_TABLE_SYNC_MODE_DEFAULT;
guint32 route_table = 0;
nm_assert_addr_family (addr_family);
/* the route table setting affects how we sync routes. We shall
* not change it while the device is active, hence, cache it. */
if (addr_family == AF_INET) {
if (priv->v4_route_table_initalized)
return priv->v4_route_table ?: (fallback_main ? RT_TABLE_MAIN : 0);
} else {
if (priv->v6_route_table_initalized)
return priv->v6_route_table ?: (fallback_main ? RT_TABLE_MAIN : 0);
}
connection = nm_device_get_applied_connection (self);
if (connection) {
if (addr_family == AF_INET)
@@ -1741,27 +1761,38 @@ get_route_table_sync (NMDevice *self, int addr_family)
s_ip = nm_connection_get_setting_ip6_config (connection);
if (s_ip)
route_table_sync = nm_setting_ip_config_get_route_table_sync (s_ip);
route_table = nm_setting_ip_config_get_route_table (s_ip);
/* we only lookup the global default if we also have an applied
* connection. Otherwise, the connection is not active, and the
* connection default doesn't matter. */
if (route_table == 0) {
gs_free char *value = NULL;
value = nm_config_data_get_connection_default (NM_CONFIG_GET_DATA,
addr_family == AF_INET
? "ipv4.route-table"
: "ipv6.route-table",
self);
route_table = _nm_utils_ascii_str_to_int64 (value, 10, 0, G_MAXUINT32, 0);
}
}
if (route_table_sync == NM_IP_ROUTE_TABLE_SYNC_MODE_DEFAULT) {
gs_free char *value = NULL;
value = nm_config_data_get_connection_default (NM_CONFIG_GET_DATA,
addr_family == AF_INET
? "ipv4.route-table-sync"
: "ipv6.route-table-sync",
self);
route_table_sync = _nm_utils_ascii_str_to_int64 (value, 10,
NM_IP_ROUTE_TABLE_SYNC_MODE_NONE,
NM_IP_ROUTE_TABLE_SYNC_MODE_FULL,
NM_IP_ROUTE_TABLE_SYNC_MODE_DEFAULT);
if (route_table_sync == NM_IP_ROUTE_TABLE_SYNC_MODE_DEFAULT)
route_table_sync = NM_IP_ROUTE_TABLE_SYNC_MODE_MAIN;
if (addr_family == AF_INET) {
priv->v4_route_table_initalized = TRUE;
priv->v4_route_table = route_table;
} else {
priv->v6_route_table_initalized = TRUE;
priv->v6_route_table = route_table;
}
return route_table_sync;
_LOGT (LOGD_DEVICE,
"ipv%c.route-table = %u%s",
addr_family == AF_INET ? '4' : '6',
(guint) (route_table ?: RT_TABLE_MAIN),
route_table ? "" : " (policy routing not enabled)");
return route_table ?: (fallback_main ? RT_TABLE_MAIN : 0);
}
const NMPObject *
@@ -5661,6 +5692,7 @@ ensure_con_ip4_config (NMDevice *self)
priv->con_ip4_config = _ip4_config_new (self);
nm_ip4_config_merge_setting (priv->con_ip4_config,
nm_connection_get_setting_ip4_config (connection),
nm_device_get_route_table (self, AF_INET, TRUE),
nm_device_get_route_metric (self, AF_INET));
if (nm_device_sys_iface_state_is_external_or_assume (self)) {
@@ -5686,6 +5718,7 @@ ensure_con_ip6_config (NMDevice *self)
priv->con_ip6_config = _ip6_config_new (self);
nm_ip6_config_merge_setting (priv->con_ip6_config,
nm_connection_get_setting_ip6_config (connection),
nm_device_get_route_table (self, AF_INET6, TRUE),
nm_device_get_route_metric (self, AF_INET6));
if (nm_device_sys_iface_state_is_external_or_assume (self)) {
@@ -6007,6 +6040,7 @@ dhcp4_state_changed (NMDhcpClient *client,
manual = _ip4_config_new (self);
nm_ip4_config_merge_setting (manual,
nm_connection_get_setting_ip4_config (connection),
nm_device_get_route_table (self, AF_INET, TRUE),
nm_device_get_route_metric (self, AF_INET));
configs = g_new0 (NMIP4Config *, 3);
@@ -6377,6 +6411,7 @@ act_stage3_ip4_config_start (NMDevice *self,
config = _ip4_config_new (self);
nm_ip4_config_merge_setting (config,
nm_connection_get_setting_ip4_config (connection),
nm_device_get_route_table (self, AF_INET, TRUE),
nm_device_get_route_metric (self, AF_INET));
configs = g_new0 (NMIP4Config *, 2);
@@ -9084,6 +9119,7 @@ nm_device_reactivate_ip4_config (NMDevice *self,
priv->con_ip4_config = _ip4_config_new (self);
nm_ip4_config_merge_setting (priv->con_ip4_config,
s_ip4_new,
nm_device_get_route_table (self, AF_INET, TRUE),
nm_device_get_route_metric (self, AF_INET));
if (!force_restart) {
@@ -9126,6 +9162,7 @@ nm_device_reactivate_ip6_config (NMDevice *self,
priv->con_ip6_config = _ip6_config_new (self);
nm_ip6_config_merge_setting (priv->con_ip6_config,
s_ip6_new,
nm_device_get_route_table (self, AF_INET6, TRUE),
nm_device_get_route_metric (self, AF_INET6));
if (!force_restart) {
@@ -9206,7 +9243,27 @@ can_reapply_change (NMDevice *self, const char *setting_name,
NM_SETTING_IP4_CONFIG_SETTING_NAME,
NM_SETTING_IP6_CONFIG_SETTING_NAME,
NM_SETTING_PROXY_SETTING_NAME)) {
/* accept all */
if (g_hash_table_contains (diffs, NM_SETTING_IP_CONFIG_ROUTE_TABLE)) {
/* changing the route-table setting is complicated, because it affects
* how we sync the routes. Don't support changing it without full
* re-activation.
*
* The problem is really that changing the setting also affects the sync
* mode. So, switching from NM_IP_ROUTE_TABLE_SYNC_MODE_MAIN to
* NM_IP_ROUTE_TABLE_SYNC_MODE_FULL would somehow require us to get rid
* of additional routes, but we don't know which routes were added by NM
* and which should be removed.
*
* Note how nm_device_get_route_table() caches the value for the duration of the
* activation. */
g_set_error (error,
NM_DEVICE_ERROR,
NM_DEVICE_ERROR_INCOMPATIBLE_CONNECTION,
"Can't reapply changes to '%s.%s' setting",
setting_name,
NM_SETTING_IP_CONFIG_ROUTE_TABLE);
return FALSE;
}
return TRUE;
} else {
g_set_error (error,
@@ -10064,7 +10121,9 @@ nm_device_set_ip4_config (NMDevice *self,
_commit_mtu (self, new_config);
success = nm_ip4_config_commit (new_config,
nm_device_get_platform (self),
get_route_table_sync (self, AF_INET));
nm_device_get_route_table (self, AF_INET, FALSE)
? NM_IP_ROUTE_TABLE_SYNC_MODE_FULL
: NM_IP_ROUTE_TABLE_SYNC_MODE_MAIN);
nm_platform_ip4_dev_route_blacklist_set (nm_device_get_platform (self),
nm_ip4_config_get_ifindex (new_config),
ip4_dev_route_blacklist);
@@ -10237,7 +10296,9 @@ nm_device_set_ip6_config (NMDevice *self,
success = nm_ip6_config_commit (new_config,
nm_device_get_platform (self),
get_route_table_sync (self, AF_INET6),
nm_device_get_route_table (self, AF_INET6, FALSE)
? NM_IP_ROUTE_TABLE_SYNC_MODE_FULL
: NM_IP_ROUTE_TABLE_SYNC_MODE_MAIN,
&temporary_not_available);
if (!_rt6_temporary_not_available_set (self, temporary_not_available))
@@ -12332,6 +12393,9 @@ _cleanup_generic_post (NMDevice *self, CleanupType cleanup_type)
priv->v4_commit_first_time = TRUE;
priv->v6_commit_first_time = TRUE;
priv->v4_route_table_initalized = FALSE;
priv->v6_route_table_initalized = FALSE;
priv->linklocal6_dad_counter = 0;
/* Clean up IP configs; this does not actually deconfigure the

1
src/devices/nm-device.h
View File

@@ -447,6 +447,7 @@ NMDeviceType nm_device_get_device_type (NMDevice *dev);
NMLinkType nm_device_get_link_type (NMDevice *dev);
NMMetered nm_device_get_metered (NMDevice *dev);
guint32 nm_device_get_route_table (NMDevice *self, int addr_family, gboolean fallback_main);
guint32 nm_device_get_route_metric (NMDevice *dev, int addr_family);
const char * nm_device_get_hw_address (NMDevice *dev);

2
src/nm-core-utils.h
View File

@@ -31,8 +31,6 @@
#define NM_PLATFORM_LIFETIME_PERMANENT G_MAXUINT32
#define NM_IP_ROUTE_TABLE_SYNC_MODE_ALL ((NMIPRouteTableSyncMode) -1)
#define NM_DEFINE_SINGLETON_INSTANCE(TYPE) \
static TYPE *singleton_instance

29
src/nm-ip4-config.c
View File

@@ -26,6 +26,7 @@
#include <string.h>
#include <arpa/inet.h>
#include <resolv.h>
#include <linux/rtnetlink.h>
#include "nm-utils/nm-dedup-multi.h"
@@ -674,7 +675,7 @@ nm_ip4_config_capture (NMDedupMultiIndex *multi_idx, NMPlatform *platform, int i
void
nm_ip4_config_add_device_routes (NMIP4Config *self,
guint32 default_route_metric,
guint32 route_metric,
GPtrArray **out_ip4_dev_route_blacklist)
{
const NMIP4ConfigPrivate *priv;
@@ -720,7 +721,7 @@ nm_ip4_config_add_device_routes (NMIP4Config *self,
route->network = network;
route->plen = addr->plen;
route->pref_src = addr->address;
route->metric = default_route_metric;
route->metric = route_metric;
route->scope_inv = nm_platform_route_scope_inv (NM_RT_SCOPE_LINK);
nm_platform_ip_route_normalize (AF_INET, (NMPlatformIPRoute *) route);
@@ -733,7 +734,7 @@ nm_ip4_config_add_device_routes (NMIP4Config *self,
_add_route (self, nmp_object_ref (r), NULL, NULL);
if ( out_ip4_dev_route_blacklist
&& default_route_metric != NM_PLATFORM_ROUTE_METRIC_IP4_DEVICE_ROUTE) {
&& route_metric != NM_PLATFORM_ROUTE_METRIC_IP4_DEVICE_ROUTE) {
nm_auto_nmpobj NMPObject *r_dev = NULL;
r_dev = nmp_object_clone (r, FALSE);
@@ -800,9 +801,12 @@ nm_ip4_config_commit (const NMIP4Config *self,
}
static void
merge_route_attributes (NMIPRoute *s_route, NMPlatformIP4Route *r)
merge_route_attributes (NMIPRoute *s_route,
NMPlatformIP4Route *r,
guint32 route_table)
{
GVariant *variant;
guint32 u32;
in_addr_t addr;
#define GET_ATTR(name, field, variant_type, type) \
@@ -810,9 +814,11 @@ merge_route_attributes (NMIPRoute *s_route, NMPlatformIP4Route *r)
if (variant && g_variant_is_of_type (variant, G_VARIANT_TYPE_ ## variant_type)) \
r->field = g_variant_get_ ## type (variant);
r->table_coerced = 254 /* RT_TABLE_MAIN */;
GET_ATTR (NM_IP_ROUTE_ATTRIBUTE_TABLE, table_coerced, UINT32, uint32);
r->table_coerced = nm_platform_route_table_coerce (r->table_coerced);
variant = nm_ip_route_get_attribute (s_route, NM_IP_ROUTE_ATTRIBUTE_TABLE);
u32 = variant && g_variant_is_of_type (variant, G_VARIANT_TYPE_UINT32)
? g_variant_get_uint32 (variant)
: 0;
r->table_coerced = nm_platform_route_table_coerce (u32 ?: (route_table ?: RT_TABLE_MAIN));
GET_ATTR (NM_IP_ROUTE_ATTRIBUTE_TOS, tos, BYTE, byte);
GET_ATTR (NM_IP_ROUTE_ATTRIBUTE_WINDOW, window, UINT32, uint32);
@@ -836,7 +842,10 @@ merge_route_attributes (NMIPRoute *s_route, NMPlatformIP4Route *r)
}
void
nm_ip4_config_merge_setting (NMIP4Config *self, NMSettingIPConfig *setting, guint32 default_route_metric)
nm_ip4_config_merge_setting (NMIP4Config *self,
NMSettingIPConfig *setting,
guint32 route_table,
guint32 route_metric)
{
NMIP4ConfigPrivate *priv;
guint naddresses, nroutes, nnameservers, nsearches;
@@ -915,14 +924,14 @@ nm_ip4_config_merge_setting (NMIP4Config *self, NMSettingIPConfig *setting, guin
nm_ip_route_get_next_hop_binary (s_route, &route.gateway);
if (nm_ip_route_get_metric (s_route) == -1)
route.metric = default_route_metric;
route.metric = route_metric;
else
route.metric = nm_ip_route_get_metric (s_route);
route.rt_source = NM_IP_CONFIG_SOURCE_USER;
route.network = nm_utils_ip4_address_clear_host_address (route.network, route.plen);
merge_route_attributes (s_route, &route);
merge_route_attributes (s_route, &route, route_table);
_add_route (self, NULL, &route, NULL);
}

7
src/nm-ip4-config.h
View File

@@ -152,14 +152,17 @@ NMDedupMultiIndex *nm_ip4_config_get_multi_idx (const NMIP4Config *self);
NMIP4Config *nm_ip4_config_capture (NMDedupMultiIndex *multi_idx, NMPlatform *platform, int ifindex, gboolean capture_resolv_conf);
void nm_ip4_config_add_device_routes (NMIP4Config *self,
guint32 default_route_metric,
guint32 route_metric,
GPtrArray **out_ip4_dev_route_blacklist);
gboolean nm_ip4_config_commit (const NMIP4Config *self,
NMPlatform *platform,
NMIPRouteTableSyncMode route_table_sync);
void nm_ip4_config_merge_setting (NMIP4Config *self, NMSettingIPConfig *setting, guint32 default_route_metric);
void nm_ip4_config_merge_setting (NMIP4Config *self,
NMSettingIPConfig *setting,
guint32 route_table,
guint32 route_metric);
NMSetting *nm_ip4_config_create_setting (const NMIP4Config *self);

27
src/nm-ip6-config.c
View File

@@ -26,6 +26,7 @@
#include <string.h>
#include <arpa/inet.h>
#include <resolv.h>
#include <linux/rtnetlink.h>
#include "nm-utils/nm-dedup-multi.h"
@@ -469,7 +470,7 @@ nm_ip6_config_capture (NMDedupMultiIndex *multi_idx, NMPlatform *platform, int i
void
nm_ip6_config_add_device_routes (NMIP6Config *self,
guint32 default_route_metric)
guint32 route_metric)
{
const NMIP6ConfigPrivate *priv;
const NMPlatformIP6Address *addr;
@@ -512,7 +513,7 @@ nm_ip6_config_add_device_routes (NMIP6Config *self,
route->ifindex = ifindex;
route->rt_source = NM_IP_CONFIG_SOURCE_KERNEL;
route->metric = default_route_metric;
route->metric = route_metric;
if (has_peer) {
if (routes_i == 0)
@@ -580,9 +581,12 @@ nm_ip6_config_commit (const NMIP6Config *self,
}
static void
merge_route_attributes (NMIPRoute *s_route, NMPlatformIP6Route *r)
merge_route_attributes (NMIPRoute *s_route,
NMPlatformIP6Route *r,
guint32 route_table)
{
GVariant *variant;
guint32 u32;
struct in6_addr addr;
#define GET_ATTR(name, field, variant_type, type) \
@@ -590,9 +594,11 @@ merge_route_attributes (NMIPRoute *s_route, NMPlatformIP6Route *r)
if (variant && g_variant_is_of_type (variant, G_VARIANT_TYPE_ ## variant_type)) \
r->field = g_variant_get_ ## type (variant);
r->table_coerced = 254 /* RT_TABLE_MAIN */;
GET_ATTR (NM_IP_ROUTE_ATTRIBUTE_TABLE, table_coerced, UINT32, uint32);
r->table_coerced = nm_platform_route_table_coerce (r->table_coerced);
variant = nm_ip_route_get_attribute (s_route, NM_IP_ROUTE_ATTRIBUTE_TABLE);
u32 = variant && g_variant_is_of_type (variant, G_VARIANT_TYPE_UINT32)
? g_variant_get_uint32 (variant)
: 0;
r->table_coerced = nm_platform_route_table_coerce (u32 ?: (route_table ?: RT_TABLE_MAIN));
GET_ATTR (NM_IP_ROUTE_ATTRIBUTE_WINDOW, window, UINT32, uint32);
GET_ATTR (NM_IP_ROUTE_ATTRIBUTE_CWND, cwnd, UINT32, uint32);
@@ -634,7 +640,10 @@ merge_route_attributes (NMIPRoute *s_route, NMPlatformIP6Route *r)
}
void
nm_ip6_config_merge_setting (NMIP6Config *self, NMSettingIPConfig *setting, guint32 default_route_metric)
nm_ip6_config_merge_setting (NMIP6Config *self,
NMSettingIPConfig *setting,
guint32 route_table,
guint32 route_metric)
{
NMIP6ConfigPrivate *priv;
guint naddresses, nroutes, nnameservers, nsearches;
@@ -709,14 +718,14 @@ nm_ip6_config_merge_setting (NMIP6Config *self, NMSettingIPConfig *setting, guin
nm_ip_route_get_next_hop_binary (s_route, &route.gateway);
if (nm_ip_route_get_metric (s_route) == -1)
route.metric = default_route_metric;
route.metric = route_metric;
else
route.metric = nm_ip_route_get_metric (s_route);
route.rt_source = NM_IP_CONFIG_SOURCE_USER;
nm_utils_ip6_address_clear_host_address (&route.network, &route.network, route.plen);
merge_route_attributes (s_route, &route);
merge_route_attributes (s_route, &route, route_table);
_add_route (self, NULL, &route, NULL);
}

7
src/nm-ip6-config.h
View File

@@ -109,13 +109,16 @@ NMIP6Config *nm_ip6_config_capture (struct _NMDedupMultiIndex *multi_idx, NMPlat
gboolean capture_resolv_conf, NMSettingIP6ConfigPrivacy use_temporary);
void nm_ip6_config_add_device_routes (NMIP6Config *self,
guint32 default_route_metric);
guint32 route_metric);
gboolean nm_ip6_config_commit (const NMIP6Config *self,
NMPlatform *platform,
NMIPRouteTableSyncMode route_table_sync,
GPtrArray **out_temporary_not_available);
void nm_ip6_config_merge_setting (NMIP6Config *self, NMSettingIPConfig *setting, guint32 default_route_metric);
void nm_ip6_config_merge_setting (NMIP6Config *self,
NMSettingIPConfig *setting,
guint32 route_table,
guint32 route_metric);
NMSetting *nm_ip6_config_create_setting (const NMIP6Config *self);

17
src/nm-types.h
View File

@@ -197,6 +197,23 @@ typedef enum {
NM_IP_CONFIG_MERGE_NO_DNS = (1LL << 1),
} NMIPConfigMergeFlags;
/**
* NMIPRouteTableSyncMode:
* @NM_IP_ROUTE_TABLE_SYNC_MODE_MAIN: only the main table is synced. For all
* other tables, NM won't delete any extra routes.
* @NM_IP_ROUTE_TABLE_SYNC_MODE_FULL: NM will sync all tables, except the
* local table (255).
* @NM_IP_ROUTE_TABLE_SYNC_MODE_ALL: NM will sync all tables, including the
* local table (255).
*/
typedef enum {
NM_IP_ROUTE_TABLE_SYNC_MODE_MAIN = 1,
NM_IP_ROUTE_TABLE_SYNC_MODE_FULL = 2,
NM_IP_ROUTE_TABLE_SYNC_MODE_ALL = 3,
} NMIPRouteTableSyncMode;
/* settings */
typedef struct _NMAgentManager NMAgentManager;
typedef struct _NMSecretAgent NMSecretAgent;

8
src/platform/nm-platform.c
View File

@@ -3602,14 +3602,10 @@ nm_platform_ip_route_get_prune_list (NMPlatform *self,
nm_assert (NM_IS_PLATFORM (self));
nm_assert (NM_IN_SET (addr_family, AF_INET, AF_INET6));
nm_assert (NM_IN_SET (route_table_sync, NM_IP_ROUTE_TABLE_SYNC_MODE_NONE,
NM_IP_ROUTE_TABLE_SYNC_MODE_MAIN,
nm_assert (NM_IN_SET (route_table_sync, NM_IP_ROUTE_TABLE_SYNC_MODE_MAIN,
NM_IP_ROUTE_TABLE_SYNC_MODE_FULL,
NM_IP_ROUTE_TABLE_SYNC_MODE_ALL));
if (route_table_sync == NM_IP_ROUTE_TABLE_SYNC_MODE_NONE)
return NULL;
nmp_lookup_init_addrroute (&lookup,
addr_family == AF_INET
? NMP_OBJECT_TYPE_IP4_ROUTE
@@ -3626,7 +3622,7 @@ nm_platform_ip_route_get_prune_list (NMPlatform *self,
const NMPObject *obj = c_list_entry (iter, NMDedupMultiEntry, lst_entries)->obj;
if (route_table_sync == NM_IP_ROUTE_TABLE_SYNC_MODE_FULL) {
if (nm_platform_route_table_uncoerce (NMP_OBJECT_CAST_IP_ROUTE (obj)->table_coerced, TRUE) == (RT_TABLE_LOCAL))
if (nm_platform_route_table_uncoerce (NMP_OBJECT_CAST_IP_ROUTE (obj)->table_coerced, TRUE) == RT_TABLE_LOCAL)
continue;
} else if (route_table_sync == NM_IP_ROUTE_TABLE_SYNC_MODE_MAIN) {
if (!nm_platform_route_table_is_main (NMP_OBJECT_CAST_IP_ROUTE (obj)->table_coerced))

8
src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
View File

@@ -1285,8 +1285,8 @@ make_ip4_setting (shvarFile *ifcfg,
NM_SETTING_IP_CONFIG_MAY_FAIL, !svGetValueBoolean (ifcfg, "IPV4_FAILURE_FATAL", FALSE),
NM_SETTING_IP_CONFIG_ROUTE_METRIC, svGetValueInt64 (ifcfg, "IPV4_ROUTE_METRIC", 10,
-1, G_MAXUINT32, -1),
NM_SETTING_IP_CONFIG_ROUTE_TABLE_SYNC, (int) svGetValueInt64 (ifcfg, "IPV4_ROUTE_TABLE_SYNC", 10,
G_MININT32, G_MAXINT32, NM_IP_ROUTE_TABLE_SYNC_MODE_DEFAULT),
NM_SETTING_IP_CONFIG_ROUTE_TABLE, (guint) svGetValueInt64 (ifcfg, "IPV4_ROUTE_TABLE", 10,
0, G_MAXUINT32, 0),
NULL);
if (strcmp (method, NM_SETTING_IP4_CONFIG_METHOD_DISABLED) == 0)
@@ -1717,8 +1717,8 @@ make_ip6_setting (shvarFile *ifcfg,
NM_SETTING_IP_CONFIG_MAY_FAIL, !svGetValueBoolean (ifcfg, "IPV6_FAILURE_FATAL", FALSE),
NM_SETTING_IP_CONFIG_ROUTE_METRIC, svGetValueInt64 (ifcfg, "IPV6_ROUTE_METRIC", 10,
-1, G_MAXUINT32, -1),
NM_SETTING_IP_CONFIG_ROUTE_TABLE_SYNC, (int) svGetValueInt64 (ifcfg, "IPV6_ROUTE_TABLE_SYNC", 10,
G_MININT32, G_MAXINT32, NM_IP_ROUTE_TABLE_SYNC_MODE_DEFAULT),
NM_SETTING_IP_CONFIG_ROUTE_TABLE, (guint) svGetValueInt64 (ifcfg, "IPV6_ROUTE_TABLE", 10,
0, G_MAXUINT32, 0),
NM_SETTING_IP6_CONFIG_IP6_PRIVACY, ip6_privacy_val,
NULL);

20
src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
View File

@@ -2023,7 +2023,7 @@ write_ip4_setting (NMConnection *connection, shvarFile *ifcfg, GError **error)
gint j;
guint i, num, n;
gint64 route_metric;
NMIPRouteTableSyncMode route_table_sync;
NMIPRouteTableSyncMode route_table;
gint priority;
int timeout;
GString *searches;
@@ -2218,11 +2218,11 @@ write_ip4_setting (NMConnection *connection, shvarFile *ifcfg, GError **error)
svSetValueStr (ifcfg, "IPV4_ROUTE_METRIC", tmp);
g_free (tmp);
route_table_sync = nm_setting_ip_config_get_route_table_sync (s_ip4);
route_table = nm_setting_ip_config_get_route_table (s_ip4);
svSetValueInt64_cond (ifcfg,
"IPV4_ROUTE_TABLE_SYNC",
route_table_sync != NM_IP_ROUTE_TABLE_SYNC_MODE_DEFAULT,
route_table_sync);
"IPV4_ROUTE_TABLE",
route_table != 0,
route_table);
/* Static routes - route-<name> file */
route_path = utils_get_route_path (svFileGetName (ifcfg));
@@ -2491,7 +2491,7 @@ write_ip6_setting (NMConnection *connection, shvarFile *ifcfg, GError **error)
NMIPAddress *addr;
const char *dns;
gint64 route_metric;
NMIPRouteTableSyncMode route_table_sync;
NMIPRouteTableSyncMode route_table;
GString *ip_str1, *ip_str2, *ip_ptr;
char *route6_path;
NMSettingIP6ConfigAddrGenMode addr_gen_mode;
@@ -2624,11 +2624,11 @@ write_ip6_setting (NMConnection *connection, shvarFile *ifcfg, GError **error)
svSetValueStr (ifcfg, "IPV6_ROUTE_METRIC", tmp);
g_free (tmp);
route_table_sync = nm_setting_ip_config_get_route_table_sync (s_ip6);
route_table = nm_setting_ip_config_get_route_table (s_ip6);
svSetValueInt64_cond (ifcfg,
"IPV6_ROUTE_TABLE_SYNC",
route_table_sync != NM_IP_ROUTE_TABLE_SYNC_MODE_DEFAULT,
route_table_sync);
"IPV6_ROUTE_TABLE",
route_table != 0,
route_table);
/* IPv6 Privacy Extensions */
svUnsetValue (ifcfg, "IPV6_PRIVACY");

28
src/vpn/nm-vpn-connection.c
View File

@@ -31,6 +31,7 @@
#include <stdlib.h>
#include <unistd.h>
#include <syslog.h>
#include <linux/rtnetlink.h>
#include "nm-proxy-config.h"
#include "nm-ip4-config.h"
@@ -186,7 +187,7 @@ static void get_secrets (NMVpnConnection *self,
SecretsReq secrets_idx,
const char **hints);
static NMIPRouteTableSyncMode get_route_table_sync (NMVpnConnection *self, int addr_family);
static guint32 get_route_table (NMVpnConnection *self, int addr_family, gboolean fallback_main);
static void plugin_interactive_secrets_required (NMVpnConnection *self,
const char *message,
@@ -1152,7 +1153,9 @@ nm_vpn_connection_apply_config (NMVpnConnection *self)
nm_assert (priv->ip_ifindex == nm_ip4_config_get_ifindex (priv->ip4_config));
if (!nm_ip4_config_commit (priv->ip4_config,
nm_netns_get_platform (priv->netns),
get_route_table_sync (self, AF_INET)))
get_route_table (self, AF_INET, FALSE)
? NM_IP_ROUTE_TABLE_SYNC_MODE_FULL
: NM_IP_ROUTE_TABLE_SYNC_MODE_MAIN))
return FALSE;
nm_platform_ip4_dev_route_blacklist_set (nm_netns_get_platform (priv->netns),
priv->ip_ifindex,
@@ -1163,7 +1166,9 @@ nm_vpn_connection_apply_config (NMVpnConnection *self)
nm_assert (priv->ip_ifindex == nm_ip6_config_get_ifindex (priv->ip6_config));
if (!nm_ip6_config_commit (priv->ip6_config,
nm_netns_get_platform (priv->netns),
get_route_table_sync (self, AF_INET6),
get_route_table (self, AF_INET6, FALSE)
? NM_IP_ROUTE_TABLE_SYNC_MODE_FULL
: NM_IP_ROUTE_TABLE_SYNC_MODE_MAIN,
NULL))
return FALSE;
}
@@ -1435,12 +1440,14 @@ nm_vpn_connection_get_ip6_route_metric (NMVpnConnection *self)
return (route_metric >= 0) ? route_metric : NM_VPN_ROUTE_METRIC_DEFAULT;
}
static NMIPRouteTableSyncMode
get_route_table_sync (NMVpnConnection *self, int addr_family)
static guint32
get_route_table (NMVpnConnection *self,
int addr_family,
gboolean fallback_main)
{
NMConnection *connection;
NMSettingIPConfig *s_ip;
NMIPRouteTableSyncMode route_table_sync = NM_IP_ROUTE_TABLE_SYNC_MODE_DEFAULT;
guint32 route_table = 0;
nm_assert (NM_IN_SET (addr_family, AF_INET, AF_INET6));
@@ -1452,13 +1459,10 @@ get_route_table_sync (NMVpnConnection *self, int addr_family)
s_ip = nm_connection_get_setting_ip6_config (connection);
if (s_ip)
route_table_sync = nm_setting_ip_config_get_route_table_sync (s_ip);
route_table = nm_setting_ip_config_get_route_table (s_ip);
}
if (route_table_sync == NM_IP_ROUTE_TABLE_SYNC_MODE_DEFAULT)
route_table_sync = NM_IP_ROUTE_TABLE_SYNC_MODE_MAIN;
return route_table_sync;
return route_table ?: (fallback_main ? RT_TABLE_MAIN : 0);
}
static void
@@ -1622,6 +1626,7 @@ nm_vpn_connection_ip4_config_get (NMVpnConnection *self, GVariant *dict)
/* Merge in user overrides from the NMConnection's IPv4 setting */
nm_ip4_config_merge_setting (config,
nm_connection_get_setting_ip4_config (_get_applied_connection (self)),
get_route_table (self, AF_INET, TRUE),
route_metric);
if (!nm_ip4_config_get_never_default (config)) {
@@ -1802,6 +1807,7 @@ next:
/* Merge in user overrides from the NMConnection's IPv6 setting */
nm_ip6_config_merge_setting (config,
nm_connection_get_setting_ip6_config (_get_applied_connection (self)),
get_route_table (self, AF_INET6, TRUE),
route_metric);
if (!nm_ip6_config_get_never_default (config)) {