From eb1c2662802d3f4ed2d0e484e488f620dadf71da Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Tue, 24 Aug 2021 15:38:12 +0200 Subject: [PATCH] platform: require extended IFA_FLAGS support in kernel We use extended IFA_FLAGS for IFA_F_MANAGETEMPADDR (IPv6) and IFA_F_NOPREFIXROUTE (IPv4 and IPv6). These flags for IPv4 were added to kernel 3.14, 30 March, 2014. The flag for IPv4 was added to kernel 4.4, 11 January 2016. Even latest RHEL-7 kernels have backport for IFA_F_NOPREFIXROUTE for IPv4 (rh#1221311). Drop this. The backward compatibility code paths are likely broken anyway, and add considerable complexity. --- src/core/devices/nm-device.c | 29 +++++++------------------- src/core/nm-iface-helper.c | 18 ++++++---------- src/libnm-platform/nm-linux-platform.c | 21 ------------------- src/libnm-platform/nm-platform.c | 15 ++----------- src/libnm-platform/nm-platform.h | 1 - 5 files changed, 15 insertions(+), 69 deletions(-) diff --git a/src/core/devices/nm-device.c b/src/core/devices/nm-device.c index 778b748df6..9b013a0db6 100644 --- a/src/core/devices/nm-device.c +++ b/src/core/devices/nm-device.c @@ -10829,34 +10829,28 @@ ndisc_config_changed(NMNDisc *ndisc, const NMNDiscData *rdata, guint changed_int applied_config_init_new(&priv->ac_ip6_config, self, AF_INET6); if (changed & NM_NDISC_CONFIG_ADDRESSES) { - guint8 plen; guint32 ifa_flags; /* Check, whether kernel is recent enough to help user space handling RA. * If it's not supported, we have no ipv6-privacy and must add autoconf * addresses as /128. The reason for the /128 is to prevent the kernel * from adding a prefix route for this address. */ - ifa_flags = 0; - if (nm_platform_kernel_support_get(NM_PLATFORM_KERNEL_SUPPORT_TYPE_EXTENDED_IFA_FLAGS)) { - ifa_flags |= IFA_F_NOPREFIXROUTE; - if (NM_IN_SET(priv->ndisc_use_tempaddr, - NM_SETTING_IP6_CONFIG_PRIVACY_PREFER_TEMP_ADDR, - NM_SETTING_IP6_CONFIG_PRIVACY_PREFER_PUBLIC_ADDR)) - ifa_flags |= IFA_F_MANAGETEMPADDR; - plen = 64; - } else - plen = 128; + ifa_flags = IFA_F_NOPREFIXROUTE; + if (NM_IN_SET(priv->ndisc_use_tempaddr, + NM_SETTING_IP6_CONFIG_PRIVACY_PREFER_TEMP_ADDR, + NM_SETTING_IP6_CONFIG_PRIVACY_PREFER_PUBLIC_ADDR)) + ifa_flags |= IFA_F_MANAGETEMPADDR; nm_ip6_config_reset_addresses_ndisc((NMIP6Config *) priv->ac_ip6_config.orig, rdata->addresses, rdata->addresses_n, - plen, + 64, ifa_flags); if (priv->ac_ip6_config.current) { nm_ip6_config_reset_addresses_ndisc((NMIP6Config *) priv->ac_ip6_config.current, rdata->addresses, rdata->addresses_n, - plen, + 64, ifa_flags); } } @@ -11095,15 +11089,6 @@ addrconf6_start(NMDevice *self, NMSettingIP6ConfigPrivacy use_tempaddr) priv->ndisc_use_tempaddr = use_tempaddr; - if (NM_IN_SET(use_tempaddr, - NM_SETTING_IP6_CONFIG_PRIVACY_PREFER_TEMP_ADDR, - NM_SETTING_IP6_CONFIG_PRIVACY_PREFER_PUBLIC_ADDR) - && !nm_platform_kernel_support_get(NM_PLATFORM_KERNEL_SUPPORT_TYPE_EXTENDED_IFA_FLAGS)) { - _LOGW(LOGD_IP6, - "The kernel does not support extended IFA_FLAGS needed by NM for " - "IPv6 private addresses. This feature is not available"); - } - /* ensure link local is ready... */ if (!linklocal6_start(self)) { /* wait for the LL address to show up */ diff --git a/src/core/nm-iface-helper.c b/src/core/nm-iface-helper.c index 84f885b162..616abf71f6 100644 --- a/src/core/nm-iface-helper.c +++ b/src/core/nm-iface-helper.c @@ -181,28 +181,22 @@ ndisc_config_changed(NMNDisc * ndisc, } if (changed & NM_NDISC_CONFIG_ADDRESSES) { - guint8 plen; guint32 ifa_flags; /* Check, whether kernel is recent enough to help user space handling RA. * If it's not supported, we have no ipv6-privacy and must add autoconf * addresses as /128. The reason for the /128 is to prevent the kernel * from adding a prefix route for this address. */ - ifa_flags = 0; - if (nm_platform_kernel_support_get(NM_PLATFORM_KERNEL_SUPPORT_TYPE_EXTENDED_IFA_FLAGS)) { - ifa_flags |= IFA_F_NOPREFIXROUTE; - if (NM_IN_SET(global_opt.tempaddr, - NM_SETTING_IP6_CONFIG_PRIVACY_PREFER_TEMP_ADDR, - NM_SETTING_IP6_CONFIG_PRIVACY_PREFER_PUBLIC_ADDR)) - ifa_flags |= IFA_F_MANAGETEMPADDR; - plen = 64; - } else - plen = 128; + ifa_flags = IFA_F_NOPREFIXROUTE; + if (NM_IN_SET(global_opt.tempaddr, + NM_SETTING_IP6_CONFIG_PRIVACY_PREFER_TEMP_ADDR, + NM_SETTING_IP6_CONFIG_PRIVACY_PREFER_PUBLIC_ADDR)) + ifa_flags |= IFA_F_MANAGETEMPADDR; nm_ip6_config_reset_addresses_ndisc(ndisc_config, rdata->addresses, rdata->addresses_n, - plen, + 64, ifa_flags); } diff --git a/src/libnm-platform/nm-linux-platform.c b/src/libnm-platform/nm-linux-platform.c index f22e2fdb5e..e84ce1ed58 100644 --- a/src/libnm-platform/nm-linux-platform.c +++ b/src/libnm-platform/nm-linux-platform.c @@ -6915,27 +6915,6 @@ event_valid_msg(NMPlatform *platform, struct nl_msg *msg, gboolean handle_events msghdr = nlmsg_hdr(msg); - if (!_nm_platform_kernel_support_detected(NM_PLATFORM_KERNEL_SUPPORT_TYPE_EXTENDED_IFA_FLAGS) - && msghdr->nlmsg_type == RTM_NEWADDR) { - /* IFA_FLAGS is set for IPv4 and IPv6 addresses. It was added first to IPv6, - * but if we encounter an IPv4 address with IFA_FLAGS, we surely have support. */ - if (nlmsg_valid_hdr(msghdr, sizeof(struct ifaddrmsg)) - && NM_IN_SET(((struct ifaddrmsg *) nlmsg_data(msghdr))->ifa_family, - AF_INET, - AF_INET6)) { - /* see if the nl_msg contains the IFA_FLAGS attribute. If it does, - * we assume, that the kernel supports extended flags, IFA_F_MANAGETEMPADDR - * and IFA_F_NOPREFIXROUTE for IPv6. They were added together in kernel 3.14, - * dated 30 March, 2014. - * - * For IPv4, IFA_F_NOPREFIXROUTE was added later, but there is no easy - * way to detect kernel support. */ - _nm_platform_kernel_support_init( - NM_PLATFORM_KERNEL_SUPPORT_TYPE_EXTENDED_IFA_FLAGS, - !!nlmsg_find_attr(msghdr, sizeof(struct ifaddrmsg), IFA_FLAGS) ? 1 : -1); - } - } - if (!handle_events) return; diff --git a/src/libnm-platform/nm-platform.c b/src/libnm-platform/nm-platform.c index 531052bdb3..79f8f93ee3 100644 --- a/src/libnm-platform/nm-platform.c +++ b/src/libnm-platform/nm-platform.c @@ -300,12 +300,6 @@ static const struct { const char *name; const char *desc; } _nm_platform_kernel_support_info[_NM_PLATFORM_KERNEL_SUPPORT_NUM] = { - [NM_PLATFORM_KERNEL_SUPPORT_TYPE_EXTENDED_IFA_FLAGS] = - { - .compile_time_default = TRUE, - .name = "EXTENDED_IFA_FLAGS", - .desc = "IPv6 temporary addresses support", - }, [NM_PLATFORM_KERNEL_SUPPORT_TYPE_RTA_PREF] = { .compile_time_default = (RTA_MAX >= 20 /* RTA_PREF */), @@ -3914,7 +3908,6 @@ nm_platform_ip_address_sync(NMPlatform *self, gs_unref_hashtable GHashTable *known_addresses_idx = NULL; GPtrArray * plat_addresses; GHashTable * known_subnets = NULL; - guint32 ifa_flags; guint i_plat; guint i_know; guint i; @@ -4141,10 +4134,6 @@ next_plat:; if (IS_IPv4) ip4_addr_subnets_destroy_index(known_subnets, known_addresses); - ifa_flags = nm_platform_kernel_support_get(NM_PLATFORM_KERNEL_SUPPORT_TYPE_EXTENDED_IFA_FLAGS) - ? IFA_F_NOPREFIXROUTE - : 0; - /* Add missing addresses. New addresses are added by kernel with top * priority. */ @@ -4179,7 +4168,7 @@ next_plat:; nm_platform_ip4_broadcast_address_from_addr(&known_address->a4), lifetime, preferred, - ifa_flags, + IFA_F_NOPREFIXROUTE, known_address->a4.label)) { /* ignore error, for unclear reasons. */ } @@ -4191,7 +4180,7 @@ next_plat:; known_address->a6.peer_address, lifetime, preferred, - ifa_flags | known_address->a6.n_ifa_flags)) + IFA_F_NOPREFIXROUTE | known_address->a6.n_ifa_flags)) return FALSE; } } diff --git a/src/libnm-platform/nm-platform.h b/src/libnm-platform/nm-platform.h index ee914d00ce..3b02312b09 100644 --- a/src/libnm-platform/nm-platform.h +++ b/src/libnm-platform/nm-platform.h @@ -1015,7 +1015,6 @@ typedef void (*NMPlatformAsyncCallback)(GError *error, gpointer user_data); /*****************************************************************************/ typedef enum { - NM_PLATFORM_KERNEL_SUPPORT_TYPE_EXTENDED_IFA_FLAGS, NM_PLATFORM_KERNEL_SUPPORT_TYPE_RTA_PREF, NM_PLATFORM_KERNEL_SUPPORT_TYPE_FRA_L3MDEV, NM_PLATFORM_KERNEL_SUPPORT_TYPE_FRA_UID_RANGE,