fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2025-12-20 09:20:04 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Revert "policy: refresh IPv4 forwarding after connection activation and disconnection"

Browse source 
This reverts commit 2ad5fbf025.

It is actually a partial revert. The changes to documentation don't need
to be reverted.

Fixes: 2ad5fbf025 ('policy: refresh IPv4 forwarding after connection activation and disconnection')
This commit is contained in:
Íñigo Huguet 2025-04-30 12:21:23 +02:00 committed by Íñigo Huguet
parent b4e8edbc8a
commit f2a2e49d07
3 changed files with 21 additions and 135 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

51
src/core/devices/nm-device.c
View file

@ -792,7 +792,6 @@ typedef struct _NMDevicePrivate {
char *prop_ip_iface; /* IP interface D-Bus property */ char *prop_ip_iface; /* IP interface D-Bus property */
GList *ping_operations; GList *ping_operations;
GSource *ping_timeout; GSource *ping_timeout;
bool refresh_forwarding_done : 1;
} NMDevicePrivate; } NMDevicePrivate;
G_DEFINE_ABSTRACT_TYPE(NMDevice, nm_device, NM_TYPE_DBUS_OBJECT) G_DEFINE_ABSTRACT_TYPE(NMDevice, nm_device, NM_TYPE_DBUS_OBJECT)
@ -2166,8 +2165,8 @@ _prop_get_ipvx_dhcp_send_hostname(NMDevice *self, int addr_family)
return send_hostname_v2; return send_hostname_v2;
} }
NMSettingIPConfigForwarding static NMSettingIPConfigForwarding
nm_device_get_ipv4_forwarding(NMDevice *self) _prop_get_ipv4_forwarding(NMDevice *self)
{ {
NMSettingIPConfig *s_ip; NMSettingIPConfig *s_ip;
NMSettingIPConfigForwarding forwarding; NMSettingIPConfigForwarding forwarding;
@ -3814,7 +3813,7 @@ nm_device_assume_state_reset(NMDevice *self)
/*****************************************************************************/ /*****************************************************************************/
char * static char *
nm_device_sysctl_ip_conf_get(NMDevice *self, int addr_family, const char *property) nm_device_sysctl_ip_conf_get(NMDevice *self, int addr_family, const char *property)
{ {
const char *ifname; const char *ifname;
@ -6681,7 +6680,7 @@ concheck_update_state(NMDevice *self,
} }
} }
const char * static const char *
nm_device_get_effective_ip_config_method(NMDevice *self, int addr_family) nm_device_get_effective_ip_config_method(NMDevice *self, int addr_family)
{ {
NMDeviceClass *klass; NMDeviceClass *klass;
@ -13199,7 +13198,7 @@ activate_stage3_ip_config_for_addr_family(NMDevice *self, int addr_family)
goto out_devip; goto out_devip;
if (IS_IPv4) { if (IS_IPv4) {
NMSettingIPConfigForwarding ipv4_forwarding = nm_device_get_ipv4_forwarding(self); NMSettingIPConfigForwarding ipv4_forwarding = _prop_get_ipv4_forwarding(self);
if (NM_IN_SET(ipv4_forwarding, if (NM_IN_SET(ipv4_forwarding,
NM_SETTING_IP_CONFIG_FORWARDING_NO, NM_SETTING_IP_CONFIG_FORWARDING_NO,
@ -13639,6 +13638,19 @@ _dev_ipshared4_init(NMDevice *self)
break; break;
} }
if (nm_platform_sysctl_get_int32(nm_device_get_platform(self),
NMP_SYSCTL_PATHID_ABSOLUTE("/proc/sys/net/ipv4/ip_forward"),
-1)
== 1) {
/* nothing to do. */
} else if (!nm_platform_sysctl_set(nm_device_get_platform(self),
NMP_SYSCTL_PATHID_ABSOLUTE("/proc/sys/net/ipv4/ip_forward"),
"1")) {
errsv = errno;
_LOGW_ipshared(AF_INET, "error enabling IPv4 forwarding: %s", nm_strerror_native(errsv));
return FALSE;
}
if (nm_platform_sysctl_get_int32(nm_device_get_platform(self), if (nm_platform_sysctl_get_int32(nm_device_get_platform(self),
NMP_SYSCTL_PATHID_ABSOLUTE("/proc/sys/net/ipv4/ip_dynaddr"), NMP_SYSCTL_PATHID_ABSOLUTE("/proc/sys/net/ipv4/ip_dynaddr"),
-1) -1)
@ -17013,8 +17025,6 @@ _cleanup_generic_post(NMDevice *self, NMDeviceStateReason reason, CleanupType cl
priv->v4_route_table_all_sync_before = FALSE; priv->v4_route_table_all_sync_before = FALSE;
priv->v6_route_table_all_sync_before = FALSE; priv->v6_route_table_all_sync_before = FALSE;
priv->refresh_forwarding_done = FALSE;
priv->mtu_force_set_done = FALSE; priv->mtu_force_set_done = FALSE;
priv->needs_ip6_subnet = FALSE; priv->needs_ip6_subnet = FALSE;
@ -17060,7 +17070,6 @@ nm_device_cleanup(NMDevice *self, NMDeviceStateReason reason, CleanupType cleanu
NMDevicePrivate *priv; NMDevicePrivate *priv;
NMDeviceClass *klass = NM_DEVICE_GET_CLASS(self); NMDeviceClass *klass = NM_DEVICE_GET_CLASS(self);
int ifindex; int ifindex;
gint32 default_forwarding_v4;
g_return_if_fail(NM_IS_DEVICE(self)); g_return_if_fail(NM_IS_DEVICE(self));
@ -17083,17 +17092,6 @@ nm_device_cleanup(NMDevice *self, NMDeviceStateReason reason, CleanupType cleanu
nm_device_sysctl_ip_conf_set(self, AF_INET6, "use_tempaddr", "0"); nm_device_sysctl_ip_conf_set(self, AF_INET6, "use_tempaddr", "0");
} }
/* Restoring the device's forwarding to the sysctl default is necessary because
* `refresh_forwarding()` only updates forwarding on activated devices. */
default_forwarding_v4 = nm_platform_sysctl_get_int32(
nm_device_get_platform(self),
NMP_SYSCTL_PATHID_ABSOLUTE("/proc/sys/net/ipv4/conf/default/forwarding"),
0);
nm_device_sysctl_ip_conf_set(self,
AF_INET,
"forwarding",
default_forwarding_v4 == 1 ? "1" : "0");
/* Call device type-specific deactivation */ /* Call device type-specific deactivation */
if (klass->deactivate) if (klass->deactivate)
klass->deactivate(self); klass->deactivate(self);
@ -19047,19 +19045,6 @@ nm_device_get_hostname_from_dns_lookup(NMDevice *self, int addr_family, gboolean
return nm_assert_unreachable_val(NULL); return nm_assert_unreachable_val(NULL);
} }
gboolean
nm_device_get_refresh_forwarding_done(NMDevice *self)
{
return NM_DEVICE_GET_PRIVATE(self)->refresh_forwarding_done;
}
void
nm_device_set_refresh_forwarding_done(NMDevice *self, gboolean is_refresh_forwarding_done)
{
NMDevicePrivate *priv = NM_DEVICE_GET_PRIVATE(self);
priv->refresh_forwarding_done = is_refresh_forwarding_done;
}
/*****************************************************************************/ /*****************************************************************************/
static const char * static const char *

10
src/core/devices/nm-device.h
View file

@ -853,14 +853,4 @@ void nm_routing_rules_sync(NMConnection *applied_connection,
NMDevice *self, NMDevice *self,
NMNetns *netns); NMNetns *netns);
NMSettingIPConfigForwarding nm_device_get_ipv4_forwarding(NMDevice *self);
const char *nm_device_get_effective_ip_config_method(NMDevice *self, int addr_family);
char *nm_device_sysctl_ip_conf_get(NMDevice *self, int addr_family, const char *property);
gboolean nm_device_get_refresh_forwarding_done(NMDevice *self);
void nm_device_set_refresh_forwarding_done(NMDevice *self, gboolean is_refresh_forwarding_done);
#endif /* __NETWORKMANAGER_DEVICE_H__ */ #endif /* __NETWORKMANAGER_DEVICE_H__ */

91
src/core/nm-policy.c
View file

@ -18,7 +18,6 @@
#include "NetworkManagerUtils.h" #include "NetworkManagerUtils.h"
#include "devices/nm-device.h" #include "devices/nm-device.h"
#include "devices/nm-device-factory.h" #include "devices/nm-device-factory.h"
#include "devices/nm-device-private.h"
#include "dns/nm-dns-manager.h" #include "dns/nm-dns-manager.h"
#include "nm-act-request.h" #include "nm-act-request.h"
#include "nm-auth-utils.h" #include "nm-auth-utils.h"
@ -98,6 +97,7 @@ typedef struct {
bool updating_dns : 1; bool updating_dns : 1;
GArray *ip6_prefix_delegations; /* pool of ip6 prefixes delegated to all devices */ GArray *ip6_prefix_delegations; /* pool of ip6 prefixes delegated to all devices */
} NMPolicyPrivate; } NMPolicyPrivate;
struct _NMPolicy { struct _NMPolicy {
@ -2083,65 +2083,6 @@ unblock_autoconnect_for_ports_for_sett_conn(NMPolicy *self, NMSettingsConnection
unblock_autoconnect_for_ports(self, controller_device, controller_uuid_settings, NULL); unblock_autoconnect_for_ports(self, controller_device, controller_uuid_settings, NULL);
} }
static void
refresh_forwarding(NMPolicy *self, NMDevice *device, gboolean is_activated_shared_device)
{
NMActiveConnection *ac;
NMDevice *tmp_device;
NMPolicyPrivate *priv = NM_POLICY_GET_PRIVATE(self);
const CList *tmp_lst;
gboolean any_shared_active = false;
gint32 default_forwarding_v4;
const char *new_value = NULL;
/* FIXME: This implementation is still inefficient because refresh_forwarding()
* is called every time a device goes up or down, requiring a full scan of all
* active connections to determine if any shared connection is active. */
nm_manager_for_each_active_connection (priv->manager, ac, tmp_lst) {
NMSettingIPConfig *s_ip;
NMDevice *to_device = nm_active_connection_get_device(ac);
if (to_device) {
s_ip = nm_device_get_applied_setting(to_device, NM_TYPE_SETTING_IP4_CONFIG);
if (s_ip) {
if (nm_streq0(nm_device_get_effective_ip_config_method(to_device, AF_INET),
NM_SETTING_IP4_CONFIG_METHOD_SHARED)) {
any_shared_active = true;
break;
}
}
}
}
default_forwarding_v4 = nm_platform_sysctl_get_int32(
NM_PLATFORM_GET,
NMP_SYSCTL_PATHID_ABSOLUTE("/proc/sys/net/ipv4/conf/default/forwarding"),
0);
new_value = any_shared_active ? "1" : (default_forwarding_v4 ? "1" : "0");
nm_manager_for_each_device (priv->manager, tmp_device, tmp_lst) {
NMDeviceState state;
NMSettingIPConfigForwarding ipv4_forwarding;
state = nm_device_get_state(tmp_device);
if (state != NM_DEVICE_STATE_ACTIVATED)
continue;
ipv4_forwarding = nm_device_get_ipv4_forwarding(tmp_device);
if (ipv4_forwarding == NM_SETTING_IP_CONFIG_FORWARDING_AUTO
|| (device == tmp_device && is_activated_shared_device)) {
gs_free char *sysctl_value = NULL;
sysctl_value = nm_device_sysctl_ip_conf_get(tmp_device, AF_INET, "forwarding");
if (!nm_streq0(sysctl_value, new_value))
nm_device_sysctl_ip_conf_set(tmp_device, AF_INET, "forwarding", new_value);
}
}
}
static void static void
activate_port_or_children_connections(NMPolicy *self, activate_port_or_children_connections(NMPolicy *self,
NMDevice *device, NMDevice *device,
@ -2288,7 +2229,6 @@ device_state_changed(NMDevice *device,
NMActiveConnection *ac; NMActiveConnection *ac;
NMSettingsConnection *sett_conn = nm_device_get_settings_connection(device); NMSettingsConnection *sett_conn = nm_device_get_settings_connection(device);
NMSettingConnection *s_con = NULL; NMSettingConnection *s_con = NULL;
gboolean is_activated_shared_device = FALSE;
switch (nm_device_state_reason_check(reason)) { switch (nm_device_state_reason_check(reason)) {
case NM_DEVICE_STATE_REASON_GSM_SIM_PIN_REQUIRED: case NM_DEVICE_STATE_REASON_GSM_SIM_PIN_REQUIRED:
@ -2404,10 +2344,6 @@ device_state_changed(NMDevice *device,
} }
} }
} }
if (!nm_device_get_refresh_forwarding_done(device)) {
refresh_forwarding(self, device, FALSE);
nm_device_set_refresh_forwarding_done(device, TRUE);
}
break; break;
case NM_DEVICE_STATE_ACTIVATED: case NM_DEVICE_STATE_ACTIVATED:
if (nm_device_get_device_type(device) == NM_DEVICE_TYPE_OVS_INTERFACE) { if (nm_device_get_device_type(device) == NM_DEVICE_TYPE_OVS_INTERFACE) {
@ -2443,20 +2379,11 @@ device_state_changed(NMDevice *device,
update_system_hostname(self, "routing and dns", TRUE); update_system_hostname(self, "routing and dns", TRUE);
nm_dns_manager_end_updates(priv->dns_manager, __func__); nm_dns_manager_end_updates(priv->dns_manager, __func__);
is_activated_shared_device =
nm_streq0(nm_device_get_effective_ip_config_method(device, AF_INET),
NM_SETTING_IP4_CONFIG_METHOD_SHARED);
refresh_forwarding(self, device, is_activated_shared_device);
nm_device_set_refresh_forwarding_done(device, FALSE);
break; break;
case NM_DEVICE_STATE_UNMANAGED: case NM_DEVICE_STATE_UNMANAGED:
case NM_DEVICE_STATE_UNAVAILABLE: case NM_DEVICE_STATE_UNAVAILABLE:
if (old_state > NM_DEVICE_STATE_DISCONNECTED) if (old_state > NM_DEVICE_STATE_DISCONNECTED)
update_routing_and_dns(self, FALSE, device); update_routing_and_dns(self, FALSE, device);
if (!nm_device_get_refresh_forwarding_done(device)) {
refresh_forwarding(self, device, FALSE);
nm_device_set_refresh_forwarding_done(device, TRUE);
}
break; break;
case NM_DEVICE_STATE_DEACTIVATING: case NM_DEVICE_STATE_DEACTIVATING:
if (sett_conn) { if (sett_conn) {
@ -2492,10 +2419,6 @@ device_state_changed(NMDevice *device,
} }
} }
ip6_remove_device_prefix_delegations(self, device); ip6_remove_device_prefix_delegations(self, device);
if (!nm_device_get_refresh_forwarding_done(device)) {
refresh_forwarding(self, device, FALSE);
nm_device_set_refresh_forwarding_done(device, TRUE);
}
break; break;
case NM_DEVICE_STATE_DISCONNECTED: case NM_DEVICE_STATE_DISCONNECTED:
g_signal_handlers_disconnect_by_func(device, device_dns_lookup_done, self); g_signal_handlers_disconnect_by_func(device, device_dns_lookup_done, self);
@ -2512,10 +2435,6 @@ device_state_changed(NMDevice *device,
/* Device is now available for auto-activation */ /* Device is now available for auto-activation */
nm_policy_device_recheck_auto_activate_schedule(self, device); nm_policy_device_recheck_auto_activate_schedule(self, device);
if (!nm_device_get_refresh_forwarding_done(device)) {
refresh_forwarding(self, device, FALSE);
nm_device_set_refresh_forwarding_done(device, TRUE);
}
break; break;
case NM_DEVICE_STATE_PREPARE: case NM_DEVICE_STATE_PREPARE:
@ -2531,10 +2450,6 @@ device_state_changed(NMDevice *device,
g_object_weak_unref(G_OBJECT(ac), pending_ac_gone, self); g_object_weak_unref(G_OBJECT(ac), pending_ac_gone, self);
g_object_unref(self); g_object_unref(self);
} }
if (!nm_device_get_refresh_forwarding_done(device)) {
refresh_forwarding(self, device, FALSE);
nm_device_set_refresh_forwarding_done(device, TRUE);
}
break; break;
case NM_DEVICE_STATE_IP_CONFIG: case NM_DEVICE_STATE_IP_CONFIG:
/* We must have secrets if we got here. */ /* We must have secrets if we got here. */
@ -2545,10 +2460,6 @@ device_state_changed(NMDevice *device,
sett_conn, sett_conn,
NM_SETTINGS_AUTOCONNECT_BLOCKED_REASON_FAILED, NM_SETTINGS_AUTOCONNECT_BLOCKED_REASON_FAILED,
FALSE); FALSE);
if (!nm_device_get_refresh_forwarding_done(device)) {
refresh_forwarding(self, device, FALSE);
nm_device_set_refresh_forwarding_done(device, TRUE);
}
break; break;
case NM_DEVICE_STATE_SECONDARIES: case NM_DEVICE_STATE_SECONDARIES:
if (sett_conn) if (sett_conn)