check_timestamps() was mixing up absolute and relative timestamps,
which meant that IPv6 expiration checks more-or-less stopped happening
after a while, allowing expired IPv6 routes, etc, to remain applied.
The IPv6 spec say that when performing SLAAC, you should sent at most
3 RSes, at least 4 seconds apart. We were previously continuing to
send RSes forever if we didn't get back a response. Fix that.
(Since the fix involves making nm-lndp-rdisc use NMPlatform, it was
necessary to rewrite the rdisc test program a bit, to not try to
include <net/if.h>, which is incompatible with <linux/if.h>.)
NetworkManager uses the sysctl value 'max_addresses' as the kernel does.
There is however a difference in what addresses are taken into account.
The kernel counts all addresses on the interface (including temporary,
private addresses and user configured ones).
NM instead only limits the number of public autoconf addresses to
'max_addresses'. This is because it is difficult for NM to count all
addresses (which can come from different sources) and it is not
necessarily a more logical behavior. Only be aware, that NM uses
the same config value as the kernel, but counts differently.
Especially, the kernel might reach the limit earlier then NM in the
presence of temporary addresses or addresses not from SLAAC.
Note, that the kernel uses 'max_addresses' only to limit public, autoconf
addresses. So this limit does not affect NM adding as many addresses as
it wants.
Signed-off-by: Thomas Haller <thaller@redhat.com>
If the command line or NetworkManager.conf mentions a non-existent
domain, just print a warning and ignore it. That way if you switch to
using an older NM that doesn't have that domain, it will still work.
A lifetime of 0 means that the domain or server should no longer
be used, so if we get an RA with a zero-lifetime DNS server or
domain that we haven't seen before, don't bother adding it to the
list.
DNS servers and domains that are already known and become zero
lifetime in the next RA are already correctly handled by
clean_dns_servers() and clean_domains().
The DNS server and domain timestamps and lifetimes weren't updated
when a new RA was received. When half the lifetime for either of
them had passed, clean_dns_servers() and clean_domains() request a
Router Solicitation to ensure the DNS information does not expire.
This obviously results in a new Router Advertisement, but since the
timestamps don't get updated, clean_dns_servers() and clean_domains()
simply request another solicitation because 'now' is still greater
than half the old lifetime. This casues another solicit request,
which causes another RA, which... etc.
https://bugzilla.redhat.com/show_bug.cgi?id=1044757https://bugzilla.gnome.org/show_bug.cgi?id=720760
Some RA implementations (like radvd) dump whatever the user configures
onto the wire, accepting a prefix of "2001:db8:1:0::1/64" without
masking the host bits off.
This causes NetworkManager to send that route down to the kernel, which
*does* mask the host bits off. This causes a mismatch between the
route NetworkManager expects the kernel to create, and what the kernel
actually created, when searching for the kernel object in the platform's
refresh_object() function:
cache = choose_cache (platform, object);
cached_object = nl_cache_search (choose_cache (platform, object), object);
kernel_object = get_kernel_object (priv->nlh, object);
kernel_object is NULL since 'object' (a route which came from the RA
prefix) is not the same as the object the kernel actually did create.
Ensure we match kernel behavior by fixing up prefixes for dumb router
advertisement services.
ndp_open() can fail, do not assume it cannot.
When 'ipv6.disable=1' kernel parameter is used, the whole IPv6 stack is
disabled and the attempt to create PF_INET6 socket fails.
https://bugzilla.redhat.com/show_bug.cgi?id=1012151
The nm-rdisc subsystem, just as the nm-platform subsystem is separately
testable and it proved convenient to be able to build the test programs
by just typing 'make' in the rdisc/platform directory where the source
code for those modules resides.
src/rdisc doesn't need a makefile just to point to the tests,
we can do that more easily from src/Makefile.am like we do for
all the other tests subdirs.
Abstract class, fake implementation and a manual testing tool for
NetworkManager's internal IPv6 router discovery module. When a real
implementation is ready, it will replace nm-ip6-manager and will be used
by nm-device.
