fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-02-05 14:40:33 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

ipv6: disable kernel handling of RAs (accept_ra)

Browse source 
With accept_ra set to 1, kernel sends its own router solicitation
messages and parses the advertisements. This duplicates what NM
already does in userspace and has unwanted consequences like [1] and
[2].

The only reason why accept_ra was re-enabled in the past was to apply
RA parameters like ReachableTime and RetransTimer [3]; but now NM
supports them and so accept_ra can be turned off again.

Also, note that previously the option was set in
addrconf6_start_with_link_ready(), and so this was done only when the
method was 'auto'. Instead, now we clear it for all methods except
'ignore'.

[1] https://mail.gnome.org/archives/networkmanager-list/2019-June/msg00027.html
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1734470
[3] https://bugzilla.redhat.com/show_bug.cgi?id=1068673
This commit is contained in:
Beniamino Galvani 2019-08-23 11:40:33 +02:00
parent 5f0c6f8d3b
commit 5a534529e2
2 changed files with 4 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
src/devices/nm-device.c
View file

@ -9731,24 +9731,11 @@ addrconf6_start_with_link_ready (NMDevice *self)
if (!ip_config_merge_and_apply (self, AF_INET6, TRUE))
_LOGW (LOGD_IP6, "failed to apply manual IPv6 configuration");
/* FIXME: These sysctls would probably be better set by the lndp ndisc itself. */
switch (nm_ndisc_get_node_type (priv->ndisc)) {
case NM_NDISC_NODE_TYPE_HOST:
/* Accepting prefixes from discovered routers. */
nm_device_sysctl_ip_conf_set (self, AF_INET6, "accept_ra", "1");
nm_device_sysctl_ip_conf_set (self, AF_INET6, "accept_ra_defrtr", "0");
nm_device_sysctl_ip_conf_set (self, AF_INET6, "accept_ra_pinfo", "0");
nm_device_sysctl_ip_conf_set (self, AF_INET6, "accept_ra_rtr_pref", "0");
break;
case NM_NDISC_NODE_TYPE_ROUTER:
/* We're the router. */
if (nm_ndisc_get_node_type (priv->ndisc) == NM_NDISC_NODE_TYPE_ROUTER) {
nm_device_sysctl_ip_conf_set (self, AF_INET6, "forwarding", "1");
nm_device_activate_schedule_ip_config_result (self, AF_INET6, NULL);
priv->needs_ip6_subnet = TRUE;
g_signal_emit (self, signals[IP6_SUBNET_NEEDED], 0);
break;
default:
g_assert_not_reached ();
}
priv->ndisc_changed_id = g_signal_connect (priv->ndisc,
@ -9859,9 +9846,6 @@ save_ip6_properties (NMDevice *self)
{
static const char *const ip6_properties_to_save[] = {
"accept_ra",
"accept_ra_defrtr",
"accept_ra_pinfo",
"accept_ra_rtr_pref",
"forwarding",
"disable_ipv6",
"hop_limit",
@ -10186,6 +10170,7 @@ act_stage3_ip_config_start (NMDevice *self,
set_nm_ipv6ll (self, TRUE);
/* Re-enable IPv6 on the interface */
nm_device_sysctl_ip_conf_set (self, AF_INET6, "accept_ra", "0");
set_disable_ipv6 (self, "0");
/* Synchronize external IPv6 configuration with kernel, since
@ -14801,7 +14786,6 @@ nm_device_cleanup (NMDevice *self, NMDeviceStateReason reason, CleanupType clean
/* Turn off kernel IPv6 */
if (cleanup_type == CLEANUP_TYPE_DECONFIGURE) {
set_disable_ipv6 (self, "1");
nm_device_sysctl_ip_conf_set (self, AF_INET6, "accept_ra", "0");
nm_device_sysctl_ip_conf_set (self, AF_INET6, "use_tempaddr", "0");
}
@ -15092,9 +15076,7 @@ ip6_managed_setup (NMDevice *self)
{
set_nm_ipv6ll (self, TRUE);
set_disable_ipv6 (self, "1");
nm_device_sysctl_ip_conf_set (self, AF_INET6, "accept_ra_defrtr", "0");
nm_device_sysctl_ip_conf_set (self, AF_INET6, "accept_ra_pinfo", "0");
nm_device_sysctl_ip_conf_set (self, AF_INET6, "accept_ra_rtr_pref", "0");
nm_device_sysctl_ip_conf_set (self, AF_INET6, "accept_ra", "0");
nm_device_sysctl_ip_conf_set (self, AF_INET6, "use_tempaddr", "0");
nm_device_sysctl_ip_conf_set (self, AF_INET6, "forwarding", "0");
}

5
src/nm-iface-helper.c
View file

@ -569,10 +569,7 @@ main (int argc, char *argv[])
if (iid)
nm_ndisc_set_iid (ndisc, *iid);
nm_platform_sysctl_ip_conf_set (NM_PLATFORM_GET, AF_INET6, global_opt.ifname, "accept_ra", "1");
nm_platform_sysctl_ip_conf_set (NM_PLATFORM_GET, AF_INET6, global_opt.ifname, "accept_ra_defrtr", "0");
nm_platform_sysctl_ip_conf_set (NM_PLATFORM_GET, AF_INET6, global_opt.ifname, "accept_ra_pinfo", "0");
nm_platform_sysctl_ip_conf_set (NM_PLATFORM_GET, AF_INET6, global_opt.ifname, "accept_ra_rtr_pref", "0");
nm_platform_sysctl_ip_conf_set (NM_PLATFORM_GET, AF_INET6, global_opt.ifname, "accept_ra", "0");
g_signal_connect (NM_PLATFORM_GET,
NM_PLATFORM_SIGNAL_IP6_ADDRESS_CHANGED,