diff --git a/src/core/devices/nm-device.c b/src/core/devices/nm-device.c index 21ba692855..b9254516bd 100644 --- a/src/core/devices/nm-device.c +++ b/src/core/devices/nm-device.c @@ -792,7 +792,6 @@ typedef struct _NMDevicePrivate { char *prop_ip_iface; /* IP interface D-Bus property */ GList *ping_operations; GSource *ping_timeout; - bool refresh_forwarding_done : 1; } NMDevicePrivate; G_DEFINE_ABSTRACT_TYPE(NMDevice, nm_device, NM_TYPE_DBUS_OBJECT) @@ -2166,8 +2165,8 @@ _prop_get_ipvx_dhcp_send_hostname(NMDevice *self, int addr_family) return send_hostname_v2; } -NMSettingIPConfigForwarding -nm_device_get_ipv4_forwarding(NMDevice *self) +static NMSettingIPConfigForwarding +_prop_get_ipv4_forwarding(NMDevice *self) { NMSettingIPConfig *s_ip; NMSettingIPConfigForwarding forwarding; @@ -3814,7 +3813,7 @@ nm_device_assume_state_reset(NMDevice *self) /*****************************************************************************/ -char * +static char * nm_device_sysctl_ip_conf_get(NMDevice *self, int addr_family, const char *property) { const char *ifname; @@ -6681,7 +6680,7 @@ concheck_update_state(NMDevice *self, } } -const char * +static const char * nm_device_get_effective_ip_config_method(NMDevice *self, int addr_family) { NMDeviceClass *klass; @@ -13199,7 +13198,7 @@ activate_stage3_ip_config_for_addr_family(NMDevice *self, int addr_family) goto out_devip; if (IS_IPv4) { - NMSettingIPConfigForwarding ipv4_forwarding = nm_device_get_ipv4_forwarding(self); + NMSettingIPConfigForwarding ipv4_forwarding = _prop_get_ipv4_forwarding(self); if (NM_IN_SET(ipv4_forwarding, NM_SETTING_IP_CONFIG_FORWARDING_NO, @@ -13639,6 +13638,19 @@ _dev_ipshared4_init(NMDevice *self) break; } + if (nm_platform_sysctl_get_int32(nm_device_get_platform(self), + NMP_SYSCTL_PATHID_ABSOLUTE("/proc/sys/net/ipv4/ip_forward"), + -1) + == 1) { + /* nothing to do. */ + } else if (!nm_platform_sysctl_set(nm_device_get_platform(self), + NMP_SYSCTL_PATHID_ABSOLUTE("/proc/sys/net/ipv4/ip_forward"), + "1")) { + errsv = errno; + _LOGW_ipshared(AF_INET, "error enabling IPv4 forwarding: %s", nm_strerror_native(errsv)); + return FALSE; + } + if (nm_platform_sysctl_get_int32(nm_device_get_platform(self), NMP_SYSCTL_PATHID_ABSOLUTE("/proc/sys/net/ipv4/ip_dynaddr"), -1) @@ -17013,8 +17025,6 @@ _cleanup_generic_post(NMDevice *self, NMDeviceStateReason reason, CleanupType cl priv->v4_route_table_all_sync_before = FALSE; priv->v6_route_table_all_sync_before = FALSE; - priv->refresh_forwarding_done = FALSE; - priv->mtu_force_set_done = FALSE; priv->needs_ip6_subnet = FALSE; @@ -17060,7 +17070,6 @@ nm_device_cleanup(NMDevice *self, NMDeviceStateReason reason, CleanupType cleanu NMDevicePrivate *priv; NMDeviceClass *klass = NM_DEVICE_GET_CLASS(self); int ifindex; - gint32 default_forwarding_v4; g_return_if_fail(NM_IS_DEVICE(self)); @@ -17083,17 +17092,6 @@ nm_device_cleanup(NMDevice *self, NMDeviceStateReason reason, CleanupType cleanu nm_device_sysctl_ip_conf_set(self, AF_INET6, "use_tempaddr", "0"); } - /* Restoring the device's forwarding to the sysctl default is necessary because - * `refresh_forwarding()` only updates forwarding on activated devices. */ - default_forwarding_v4 = nm_platform_sysctl_get_int32( - nm_device_get_platform(self), - NMP_SYSCTL_PATHID_ABSOLUTE("/proc/sys/net/ipv4/conf/default/forwarding"), - 0); - nm_device_sysctl_ip_conf_set(self, - AF_INET, - "forwarding", - default_forwarding_v4 == 1 ? "1" : "0"); - /* Call device type-specific deactivation */ if (klass->deactivate) klass->deactivate(self); @@ -19047,19 +19045,6 @@ nm_device_get_hostname_from_dns_lookup(NMDevice *self, int addr_family, gboolean return nm_assert_unreachable_val(NULL); } -gboolean -nm_device_get_refresh_forwarding_done(NMDevice *self) -{ - return NM_DEVICE_GET_PRIVATE(self)->refresh_forwarding_done; -} - -void -nm_device_set_refresh_forwarding_done(NMDevice *self, gboolean is_refresh_forwarding_done) -{ - NMDevicePrivate *priv = NM_DEVICE_GET_PRIVATE(self); - priv->refresh_forwarding_done = is_refresh_forwarding_done; -} - /*****************************************************************************/ static const char * diff --git a/src/core/devices/nm-device.h b/src/core/devices/nm-device.h index 820951ea6a..8632944a2d 100644 --- a/src/core/devices/nm-device.h +++ b/src/core/devices/nm-device.h @@ -853,14 +853,4 @@ void nm_routing_rules_sync(NMConnection *applied_connection, NMDevice *self, NMNetns *netns); -NMSettingIPConfigForwarding nm_device_get_ipv4_forwarding(NMDevice *self); - -const char *nm_device_get_effective_ip_config_method(NMDevice *self, int addr_family); - -char *nm_device_sysctl_ip_conf_get(NMDevice *self, int addr_family, const char *property); - -gboolean nm_device_get_refresh_forwarding_done(NMDevice *self); - -void nm_device_set_refresh_forwarding_done(NMDevice *self, gboolean is_refresh_forwarding_done); - #endif /* __NETWORKMANAGER_DEVICE_H__ */ diff --git a/src/core/nm-policy.c b/src/core/nm-policy.c index 3893620811..f7be1a9f87 100644 --- a/src/core/nm-policy.c +++ b/src/core/nm-policy.c @@ -18,7 +18,6 @@ #include "NetworkManagerUtils.h" #include "devices/nm-device.h" #include "devices/nm-device-factory.h" -#include "devices/nm-device-private.h" #include "dns/nm-dns-manager.h" #include "nm-act-request.h" #include "nm-auth-utils.h" @@ -98,6 +97,7 @@ typedef struct { bool updating_dns : 1; GArray *ip6_prefix_delegations; /* pool of ip6 prefixes delegated to all devices */ + } NMPolicyPrivate; struct _NMPolicy { @@ -2083,65 +2083,6 @@ unblock_autoconnect_for_ports_for_sett_conn(NMPolicy *self, NMSettingsConnection unblock_autoconnect_for_ports(self, controller_device, controller_uuid_settings, NULL); } -static void -refresh_forwarding(NMPolicy *self, NMDevice *device, gboolean is_activated_shared_device) -{ - NMActiveConnection *ac; - NMDevice *tmp_device; - NMPolicyPrivate *priv = NM_POLICY_GET_PRIVATE(self); - const CList *tmp_lst; - gboolean any_shared_active = false; - gint32 default_forwarding_v4; - const char *new_value = NULL; - - /* FIXME: This implementation is still inefficient because refresh_forwarding() - * is called every time a device goes up or down, requiring a full scan of all - * active connections to determine if any shared connection is active. */ - nm_manager_for_each_active_connection (priv->manager, ac, tmp_lst) { - NMSettingIPConfig *s_ip; - NMDevice *to_device = nm_active_connection_get_device(ac); - - if (to_device) { - s_ip = nm_device_get_applied_setting(to_device, NM_TYPE_SETTING_IP4_CONFIG); - if (s_ip) { - if (nm_streq0(nm_device_get_effective_ip_config_method(to_device, AF_INET), - NM_SETTING_IP4_CONFIG_METHOD_SHARED)) { - any_shared_active = true; - break; - } - } - } - } - - default_forwarding_v4 = nm_platform_sysctl_get_int32( - NM_PLATFORM_GET, - NMP_SYSCTL_PATHID_ABSOLUTE("/proc/sys/net/ipv4/conf/default/forwarding"), - 0); - - new_value = any_shared_active ? "1" : (default_forwarding_v4 ? "1" : "0"); - - nm_manager_for_each_device (priv->manager, tmp_device, tmp_lst) { - NMDeviceState state; - NMSettingIPConfigForwarding ipv4_forwarding; - - state = nm_device_get_state(tmp_device); - if (state != NM_DEVICE_STATE_ACTIVATED) - continue; - - ipv4_forwarding = nm_device_get_ipv4_forwarding(tmp_device); - - if (ipv4_forwarding == NM_SETTING_IP_CONFIG_FORWARDING_AUTO - || (device == tmp_device && is_activated_shared_device)) { - gs_free char *sysctl_value = NULL; - - sysctl_value = nm_device_sysctl_ip_conf_get(tmp_device, AF_INET, "forwarding"); - - if (!nm_streq0(sysctl_value, new_value)) - nm_device_sysctl_ip_conf_set(tmp_device, AF_INET, "forwarding", new_value); - } - } -} - static void activate_port_or_children_connections(NMPolicy *self, NMDevice *device, @@ -2286,9 +2227,8 @@ device_state_changed(NMDevice *device, NMPolicyPrivate *priv = user_data; NMPolicy *self = _PRIV_TO_SELF(priv); NMActiveConnection *ac; - NMSettingsConnection *sett_conn = nm_device_get_settings_connection(device); - NMSettingConnection *s_con = NULL; - gboolean is_activated_shared_device = FALSE; + NMSettingsConnection *sett_conn = nm_device_get_settings_connection(device); + NMSettingConnection *s_con = NULL; switch (nm_device_state_reason_check(reason)) { case NM_DEVICE_STATE_REASON_GSM_SIM_PIN_REQUIRED: @@ -2404,10 +2344,6 @@ device_state_changed(NMDevice *device, } } } - if (!nm_device_get_refresh_forwarding_done(device)) { - refresh_forwarding(self, device, FALSE); - nm_device_set_refresh_forwarding_done(device, TRUE); - } break; case NM_DEVICE_STATE_ACTIVATED: if (nm_device_get_device_type(device) == NM_DEVICE_TYPE_OVS_INTERFACE) { @@ -2443,20 +2379,11 @@ device_state_changed(NMDevice *device, update_system_hostname(self, "routing and dns", TRUE); nm_dns_manager_end_updates(priv->dns_manager, __func__); - is_activated_shared_device = - nm_streq0(nm_device_get_effective_ip_config_method(device, AF_INET), - NM_SETTING_IP4_CONFIG_METHOD_SHARED); - refresh_forwarding(self, device, is_activated_shared_device); - nm_device_set_refresh_forwarding_done(device, FALSE); break; case NM_DEVICE_STATE_UNMANAGED: case NM_DEVICE_STATE_UNAVAILABLE: if (old_state > NM_DEVICE_STATE_DISCONNECTED) update_routing_and_dns(self, FALSE, device); - if (!nm_device_get_refresh_forwarding_done(device)) { - refresh_forwarding(self, device, FALSE); - nm_device_set_refresh_forwarding_done(device, TRUE); - } break; case NM_DEVICE_STATE_DEACTIVATING: if (sett_conn) { @@ -2492,10 +2419,6 @@ device_state_changed(NMDevice *device, } } ip6_remove_device_prefix_delegations(self, device); - if (!nm_device_get_refresh_forwarding_done(device)) { - refresh_forwarding(self, device, FALSE); - nm_device_set_refresh_forwarding_done(device, TRUE); - } break; case NM_DEVICE_STATE_DISCONNECTED: g_signal_handlers_disconnect_by_func(device, device_dns_lookup_done, self); @@ -2512,10 +2435,6 @@ device_state_changed(NMDevice *device, /* Device is now available for auto-activation */ nm_policy_device_recheck_auto_activate_schedule(self, device); - if (!nm_device_get_refresh_forwarding_done(device)) { - refresh_forwarding(self, device, FALSE); - nm_device_set_refresh_forwarding_done(device, TRUE); - } break; case NM_DEVICE_STATE_PREPARE: @@ -2531,10 +2450,6 @@ device_state_changed(NMDevice *device, g_object_weak_unref(G_OBJECT(ac), pending_ac_gone, self); g_object_unref(self); } - if (!nm_device_get_refresh_forwarding_done(device)) { - refresh_forwarding(self, device, FALSE); - nm_device_set_refresh_forwarding_done(device, TRUE); - } break; case NM_DEVICE_STATE_IP_CONFIG: /* We must have secrets if we got here. */ @@ -2545,10 +2460,6 @@ device_state_changed(NMDevice *device, sett_conn, NM_SETTINGS_AUTOCONNECT_BLOCKED_REASON_FAILED, FALSE); - if (!nm_device_get_refresh_forwarding_done(device)) { - refresh_forwarding(self, device, FALSE); - nm_device_set_refresh_forwarding_done(device, TRUE); - } break; case NM_DEVICE_STATE_SECONDARIES: if (sett_conn)