fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-05-01 11:28:02 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

connectivity: merge branch 'th/connectivity-rp-filter'

Browse source
This commit is contained in:
Thomas Haller 2019-02-08 17:28:58 +01:00
commit aacb3c4f5b
4 changed files with 54 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
contrib/fedora/rpm/20-connectivity-fedora.conf
View file

@ -1,3 +1,8 @@
# Enable connectivity checking for NetworkManager.
# See `man NetworkManager.conf`.
#
# Note that connectivity checking works badly with rp_filter set to
# strict. Check "/proc/sys/net/ipv4/conf/*/rp_filter".
[connectivity]
uri=http://fedoraproject.org/static/hotspot.txt
response=OK

5
contrib/fedora/rpm/20-connectivity-redhat.conf
View file

@ -1,3 +1,8 @@
# Enable connectivity checking for NetworkManager.
# See `man NetworkManager.conf`.
#
# Note that connectivity checking works badly with rp_filter set to
# strict. Check "/proc/sys/net/ipv4/conf/*/rp_filter".
[connectivity]
uri=http://static.redhat.com/test/rhel-networkmanager.txt
response=OK

8
man/NetworkManager.conf.xml
View file

@ -1056,10 +1056,12 @@ managed=1
<refsect1>
<title><literal>connectivity</literal> section</title>
<para>This section controls NetworkManager's optional connectivity
checking functionality. This allows NetworkManager to detect
whether or not the system can actually access the internet or
whether it is behind a captive portal.</para>
<para>Connectivity checking serves two purposes. For one, it exposes
a connectivity state on D-Bus, which other applications may use. For example,
Gnome's portal helper uses this as signal to show a captive portal login
@ -1070,6 +1072,12 @@ managed=1
when being connected to WWAN and to a Wi-Fi network which is behind a captive
portal, WWAN still gets preferred until login.</para>
<para>Note that your distribution might set <literal>/proc/sys/net/ipv4/conf/*/rp_filter</literal> to
strict filtering. That works badly with per-device connectivity checking,
which uses SO_BINDDEVICE to send requests on all devices. A strict rp_filter
setting will reject any response and the connectivity check on all but the
best route will fail.</para>
<para>
<variablelist>
<varlistentry>

36
src/devices/nm-device.c
View file

@ -397,6 +397,8 @@ typedef struct _NMDevicePrivate {
bool ndisc_started:1;
bool device_link_changed_down:1;
bool concheck_rp_filter_checked:1;
/* Generic DHCP stuff */
char * dhcp_anycast_address;
@ -3042,6 +3044,7 @@ concheck_start (NMDevice *self,
static guint64 seq_counter = 0;
NMDevicePrivate *priv;
NMDeviceConnectivityHandle *handle;
const char *ifname;
g_return_val_if_fail (NM_IS_DEVICE (self), NULL);
@ -3064,6 +3067,39 @@ concheck_start (NMDevice *self,
(long long unsigned) handle->seq,
is_periodic ? ", periodic-check" : "");
if ( addr_family == AF_INET
&& !priv->concheck_rp_filter_checked) {
if ((ifname = nm_device_get_ip_iface_from_platform (self))) {
int val, val_all;
val = nm_platform_sysctl_ip_conf_get_int_checked (nm_device_get_platform (self),
AF_INET,
ifname,
"rp_filter",
10, 0, 2, 3);
if (val < 2) {
val_all = nm_platform_sysctl_ip_conf_get_int_checked (nm_device_get_platform (self),
AF_INET,
"all",
"rp_filter",
10, 0, 2, val);
if (val_all > val) {
val = val_all;
ifname = "all";
}
}
if (val == 1) {
_LOGW (LOGD_CONCHECK, "connectivity: \"/proc/sys/net/ipv4/conf/%s/rp_filter\" is set to \"1\". "
"This might break connectivity checking for IPv4 on this device", ifname);
}
}
/* we only check once per device. It's a warning after all. */
priv->concheck_rp_filter_checked = TRUE;
}
handle->c_handle = nm_connectivity_check_start (concheck_get_mgr (self),
handle->addr_family,
nm_device_get_ip_ifindex (self),