mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git
synced 2026-02-27 08:10:37 +01:00
platform: require extended IFA_FLAGS support in kernel
We use extended IFA_FLAGS for IFA_F_MANAGETEMPADDR (IPv6) and IFA_F_NOPREFIXROUTE (IPv4 and IPv6). These flags for IPv4 were added to kernel 3.14, 30 March, 2014. The flag for IPv4 was added to kernel 4.4, 11 January 2016. Even latest RHEL-7 kernels have backport for IFA_F_NOPREFIXROUTE for IPv4 (rh#1221311). Drop this. The backward compatibility code paths are likely broken anyway, and add considerable complexity.
This commit is contained in:
Thomas Haller
parent
b2b50eba1b
commit
eb1c266280
5 changed files with 15 additions and 69 deletions
|
|
@ -10829,34 +10829,28 @@ ndisc_config_changed(NMNDisc *ndisc, const NMNDiscData *rdata, guint changed_int
|
|||
applied_config_init_new(&priv->ac_ip6_config, self, AF_INET6);
|
||||
|
||||
if (changed & NM_NDISC_CONFIG_ADDRESSES) {
|
||||
guint8 plen;
|
||||
guint32 ifa_flags;
|
||||
|
||||
/* Check, whether kernel is recent enough to help user space handling RA.
|
||||
* If it's not supported, we have no ipv6-privacy and must add autoconf
|
||||
* addresses as /128. The reason for the /128 is to prevent the kernel
|
||||
* from adding a prefix route for this address. */
|
||||
ifa_flags = 0;
|
||||
if (nm_platform_kernel_support_get(NM_PLATFORM_KERNEL_SUPPORT_TYPE_EXTENDED_IFA_FLAGS)) {
|
||||
ifa_flags |= IFA_F_NOPREFIXROUTE;
|
||||
if (NM_IN_SET(priv->ndisc_use_tempaddr,
|
||||
NM_SETTING_IP6_CONFIG_PRIVACY_PREFER_TEMP_ADDR,
|
||||
NM_SETTING_IP6_CONFIG_PRIVACY_PREFER_PUBLIC_ADDR))
|
||||
ifa_flags |= IFA_F_MANAGETEMPADDR;
|
||||
plen = 64;
|
||||
} else
|
||||
plen = 128;
|
||||
ifa_flags = IFA_F_NOPREFIXROUTE;
|
||||
if (NM_IN_SET(priv->ndisc_use_tempaddr,
|
||||
NM_SETTING_IP6_CONFIG_PRIVACY_PREFER_TEMP_ADDR,
|
||||
NM_SETTING_IP6_CONFIG_PRIVACY_PREFER_PUBLIC_ADDR))
|
||||
ifa_flags |= IFA_F_MANAGETEMPADDR;
|
||||
|
||||
nm_ip6_config_reset_addresses_ndisc((NMIP6Config *) priv->ac_ip6_config.orig,
|
||||
rdata->addresses,
|
||||
rdata->addresses_n,
|
||||
plen,
|
||||
64,
|
||||
ifa_flags);
|
||||
if (priv->ac_ip6_config.current) {
|
||||
nm_ip6_config_reset_addresses_ndisc((NMIP6Config *) priv->ac_ip6_config.current,
|
||||
rdata->addresses,
|
||||
rdata->addresses_n,
|
||||
plen,
|
||||
64,
|
||||
ifa_flags);
|
||||
}
|
||||
}
|
||||
|
|
@ -11095,15 +11089,6 @@ addrconf6_start(NMDevice *self, NMSettingIP6ConfigPrivacy use_tempaddr)
|
|||
|
||||
priv->ndisc_use_tempaddr = use_tempaddr;
|
||||
|
||||
if (NM_IN_SET(use_tempaddr,
|
||||
NM_SETTING_IP6_CONFIG_PRIVACY_PREFER_TEMP_ADDR,
|
||||
NM_SETTING_IP6_CONFIG_PRIVACY_PREFER_PUBLIC_ADDR)
|
||||
&& !nm_platform_kernel_support_get(NM_PLATFORM_KERNEL_SUPPORT_TYPE_EXTENDED_IFA_FLAGS)) {
|
||||
_LOGW(LOGD_IP6,
|
||||
"The kernel does not support extended IFA_FLAGS needed by NM for "
|
||||
"IPv6 private addresses. This feature is not available");
|
||||
}
|
||||
|
||||
/* ensure link local is ready... */
|
||||
if (!linklocal6_start(self)) {
|
||||
/* wait for the LL address to show up */
|
||||
|
|
|
|||
|
|
@ -181,28 +181,22 @@ ndisc_config_changed(NMNDisc * ndisc,
|
|||
}
|
||||
|
||||
if (changed & NM_NDISC_CONFIG_ADDRESSES) {
|
||||
guint8 plen;
|
||||
guint32 ifa_flags;
|
||||
|
||||
/* Check, whether kernel is recent enough to help user space handling RA.
|
||||
* If it's not supported, we have no ipv6-privacy and must add autoconf
|
||||
* addresses as /128. The reason for the /128 is to prevent the kernel
|
||||
* from adding a prefix route for this address. */
|
||||
ifa_flags = 0;
|
||||
if (nm_platform_kernel_support_get(NM_PLATFORM_KERNEL_SUPPORT_TYPE_EXTENDED_IFA_FLAGS)) {
|
||||
ifa_flags |= IFA_F_NOPREFIXROUTE;
|
||||
if (NM_IN_SET(global_opt.tempaddr,
|
||||
NM_SETTING_IP6_CONFIG_PRIVACY_PREFER_TEMP_ADDR,
|
||||
NM_SETTING_IP6_CONFIG_PRIVACY_PREFER_PUBLIC_ADDR))
|
||||
ifa_flags |= IFA_F_MANAGETEMPADDR;
|
||||
plen = 64;
|
||||
} else
|
||||
plen = 128;
|
||||
ifa_flags = IFA_F_NOPREFIXROUTE;
|
||||
if (NM_IN_SET(global_opt.tempaddr,
|
||||
NM_SETTING_IP6_CONFIG_PRIVACY_PREFER_TEMP_ADDR,
|
||||
NM_SETTING_IP6_CONFIG_PRIVACY_PREFER_PUBLIC_ADDR))
|
||||
ifa_flags |= IFA_F_MANAGETEMPADDR;
|
||||
|
||||
nm_ip6_config_reset_addresses_ndisc(ndisc_config,
|
||||
rdata->addresses,
|
||||
rdata->addresses_n,
|
||||
plen,
|
||||
64,
|
||||
ifa_flags);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -6915,27 +6915,6 @@ event_valid_msg(NMPlatform *platform, struct nl_msg *msg, gboolean handle_events
|
|||
|
||||
msghdr = nlmsg_hdr(msg);
|
||||
|
||||
if (!_nm_platform_kernel_support_detected(NM_PLATFORM_KERNEL_SUPPORT_TYPE_EXTENDED_IFA_FLAGS)
|
||||
&& msghdr->nlmsg_type == RTM_NEWADDR) {
|
||||
/* IFA_FLAGS is set for IPv4 and IPv6 addresses. It was added first to IPv6,
|
||||
* but if we encounter an IPv4 address with IFA_FLAGS, we surely have support. */
|
||||
if (nlmsg_valid_hdr(msghdr, sizeof(struct ifaddrmsg))
|
||||
&& NM_IN_SET(((struct ifaddrmsg *) nlmsg_data(msghdr))->ifa_family,
|
||||
AF_INET,
|
||||
AF_INET6)) {
|
||||
/* see if the nl_msg contains the IFA_FLAGS attribute. If it does,
|
||||
* we assume, that the kernel supports extended flags, IFA_F_MANAGETEMPADDR
|
||||
* and IFA_F_NOPREFIXROUTE for IPv6. They were added together in kernel 3.14,
|
||||
* dated 30 March, 2014.
|
||||
*
|
||||
* For IPv4, IFA_F_NOPREFIXROUTE was added later, but there is no easy
|
||||
* way to detect kernel support. */
|
||||
_nm_platform_kernel_support_init(
|
||||
NM_PLATFORM_KERNEL_SUPPORT_TYPE_EXTENDED_IFA_FLAGS,
|
||||
!!nlmsg_find_attr(msghdr, sizeof(struct ifaddrmsg), IFA_FLAGS) ? 1 : -1);
|
||||
}
|
||||
}
|
||||
|
||||
if (!handle_events)
|
||||
return;
|
||||
|
||||
|
|
|
|||
|
|
@ -300,12 +300,6 @@ static const struct {
|
|||
const char *name;
|
||||
const char *desc;
|
||||
} _nm_platform_kernel_support_info[_NM_PLATFORM_KERNEL_SUPPORT_NUM] = {
|
||||
[NM_PLATFORM_KERNEL_SUPPORT_TYPE_EXTENDED_IFA_FLAGS] =
|
||||
{
|
||||
.compile_time_default = TRUE,
|
||||
.name = "EXTENDED_IFA_FLAGS",
|
||||
.desc = "IPv6 temporary addresses support",
|
||||
},
|
||||
[NM_PLATFORM_KERNEL_SUPPORT_TYPE_RTA_PREF] =
|
||||
{
|
||||
.compile_time_default = (RTA_MAX >= 20 /* RTA_PREF */),
|
||||
|
|
@ -3914,7 +3908,6 @@ nm_platform_ip_address_sync(NMPlatform *self,
|
|||
gs_unref_hashtable GHashTable *known_addresses_idx = NULL;
|
||||
GPtrArray * plat_addresses;
|
||||
GHashTable * known_subnets = NULL;
|
||||
guint32 ifa_flags;
|
||||
guint i_plat;
|
||||
guint i_know;
|
||||
guint i;
|
||||
|
|
@ -4141,10 +4134,6 @@ next_plat:;
|
|||
if (IS_IPv4)
|
||||
ip4_addr_subnets_destroy_index(known_subnets, known_addresses);
|
||||
|
||||
ifa_flags = nm_platform_kernel_support_get(NM_PLATFORM_KERNEL_SUPPORT_TYPE_EXTENDED_IFA_FLAGS)
|
||||
? IFA_F_NOPREFIXROUTE
|
||||
: 0;
|
||||
|
||||
/* Add missing addresses. New addresses are added by kernel with top
|
||||
* priority.
|
||||
*/
|
||||
|
|
@ -4179,7 +4168,7 @@ next_plat:;
|
|||
nm_platform_ip4_broadcast_address_from_addr(&known_address->a4),
|
||||
lifetime,
|
||||
preferred,
|
||||
ifa_flags,
|
||||
IFA_F_NOPREFIXROUTE,
|
||||
known_address->a4.label)) {
|
||||
/* ignore error, for unclear reasons. */
|
||||
}
|
||||
|
|
@ -4191,7 +4180,7 @@ next_plat:;
|
|||
known_address->a6.peer_address,
|
||||
lifetime,
|
||||
preferred,
|
||||
ifa_flags | known_address->a6.n_ifa_flags))
|
||||
IFA_F_NOPREFIXROUTE | known_address->a6.n_ifa_flags))
|
||||
return FALSE;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1015,7 +1015,6 @@ typedef void (*NMPlatformAsyncCallback)(GError *error, gpointer user_data);
|
|||
/*****************************************************************************/
|
||||
|
||||
typedef enum {
|
||||
NM_PLATFORM_KERNEL_SUPPORT_TYPE_EXTENDED_IFA_FLAGS,
|
||||
NM_PLATFORM_KERNEL_SUPPORT_TYPE_RTA_PREF,
|
||||
NM_PLATFORM_KERNEL_SUPPORT_TYPE_FRA_L3MDEV,
|
||||
NM_PLATFORM_KERNEL_SUPPORT_TYPE_FRA_UID_RANGE,
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue