From 961cdf97adff256fd549e9fabf8bded3e0800dab Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Thu, 13 Dec 2018 13:52:44 +0100 Subject: [PATCH] device: disable rp_filter handling Don't let NetworkManager change rp_filter sysctl [1]. By default, various distributions set rp_filter rather strict. That works badly, in common cases where the user connects multiple interfaces to the same IP network (for example, using Wi-Fi and ethernet in your home network). It also confuses connectivity checking. For that reason, NetworkManager would loosen the rp_filter setting. However, that was not configurable and users who really wanted a strict setting could not prevent NetworkManager from doing it ([2], [3], [4]). Hence it was decided, that a better solution is for NetworkManager not to do anything about rp_filter. Instead, distibutions should not enable it strictly (or at least, only for certain setups where it makes sense -- if it ever makes sense) ([5], [6]); Disble this behavior for the moment. In the future, the code will be removed entirely. [1] https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt [2] https://bugzilla.redhat.com/show_bug.cgi?id=1492472 [4] https://bugzilla.redhat.com/show_bug.cgi?id=1593194 [3] https://bugzilla.redhat.com/show_bug.cgi?id=1651097 [5] https://bugzilla.redhat.com/show_bug.cgi?id=1653824 [6] https://github.com/systemd/systemd/pull/10971 Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1651097 (cherry picked from commit b1082aa9a711deb96652e5b2fcaefcf399d127b8) --- src/devices/nm-device.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c index feb4cc8143..71e0273011 100644 --- a/src/devices/nm-device.c +++ b/src/devices/nm-device.c @@ -11962,7 +11962,7 @@ nm_device_set_ip_config (NMDevice *self, priv->needs_ip6_subnet = FALSE; } - if (IS_IPv4) { + if (IS_IPv4 && FALSE /* rp_filter handling is disabled */) { if (!nm_device_sys_iface_state_is_external_or_assume (self)) ip4_rp_filter_update (self); } @@ -12860,7 +12860,7 @@ queued_ip_config_change (NMDevice *self, int addr_family) set_unmanaged_external_down (self, TRUE); - if (IS_IPv4) { + if (IS_IPv4 && FALSE /* rp_filter handling is disabled */) { if (!nm_device_sys_iface_state_is_external_or_assume (self)) { priv->v4_has_shadowed_routes = _v4_has_shadowed_routes_detect (self);; ip4_rp_filter_update (self);