From 983b430075f1da5ca47ee7bdc5863eb0218a9bd1 Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Fri, 8 Feb 2019 16:19:50 +0100 Subject: [PATCH] device: print warning when rp_filter is set to strict with connectivity checking --- src/devices/nm-device.c | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c index fcdc75d754..bff35ddd43 100644 --- a/src/devices/nm-device.c +++ b/src/devices/nm-device.c @@ -397,6 +397,8 @@ typedef struct _NMDevicePrivate { bool ndisc_started:1; bool device_link_changed_down:1; + bool concheck_rp_filter_checked:1; + /* Generic DHCP stuff */ char * dhcp_anycast_address; @@ -3042,6 +3044,7 @@ concheck_start (NMDevice *self, static guint64 seq_counter = 0; NMDevicePrivate *priv; NMDeviceConnectivityHandle *handle; + const char *ifname; g_return_val_if_fail (NM_IS_DEVICE (self), NULL); @@ -3064,6 +3067,39 @@ concheck_start (NMDevice *self, (long long unsigned) handle->seq, is_periodic ? ", periodic-check" : ""); + if ( addr_family == AF_INET + && !priv->concheck_rp_filter_checked) { + + if ((ifname = nm_device_get_ip_iface_from_platform (self))) { + int val, val_all; + + val = nm_platform_sysctl_ip_conf_get_int_checked (nm_device_get_platform (self), + AF_INET, + ifname, + "rp_filter", + 10, 0, 2, 3); + if (val < 2) { + val_all = nm_platform_sysctl_ip_conf_get_int_checked (nm_device_get_platform (self), + AF_INET, + "all", + "rp_filter", + 10, 0, 2, val); + if (val_all > val) { + val = val_all; + ifname = "all"; + } + } + + if (val == 1) { + _LOGW (LOGD_CONCHECK, "connectivity: \"/proc/sys/net/ipv4/conf/%s/rp_filter\" is set to \"1\". " + "This might break connectivity checking for IPv4 on this device", ifname); + } + } + + /* we only check once per device. It's a warning after all. */ + priv->concheck_rp_filter_checked = TRUE; + } + handle->c_handle = nm_connectivity_check_start (concheck_get_mgr (self), handle->addr_family, nm_device_get_ip_ifindex (self),