diff options
| author | Beniamino Galvani <bgalvani@redhat.com> | 2019-08-23 11:40:33 +0200 |
|---|---|---|
| committer | Beniamino Galvani <bgalvani@redhat.com> | 2019-08-27 11:40:42 +0200 |
| commit | c937d6be7ad6a12006563574e69be5d2204b3956 (patch) | |
| tree | e03d838001a6975e9541fcc166cee28e9d4d36be | |
| parent | 239f4408dd4f2726531224977514ddd29b61c09c (diff) | |
| download | NetworkManager-bg/ipv6-accept-ra-rh1734470.tar.gz | |
ipv6: disable kernel handling of RAs (accept_ra)bg/ipv6-accept-ra-rh1734470
With accept_ra set to 1, kernel sends its own router solicitation
messages and parses the advertisements. This duplicates what NM
already does in userspace and has unwanted consequences like [1] and
[2].
The only reason why accept_ra was re-enabled in the past was to apply
RA parameters like ReachableTime and RetransTimer [3]; but now NM
supports them and so accept_ra can be turned off again.
Also, note that previously the option was set in
addrconf6_start_with_link_ready(), and so this was done only when the
method was 'auto'. Instead, now we clear it for all methods except
'ignore'.
[1] https://mail.gnome.org/archives/networkmanager-list/2019-June/msg00027.html
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1734470
[3] https://bugzilla.redhat.com/show_bug.cgi?id=1068673
| -rw-r--r-- | src/devices/nm-device.c | 24 | ||||
| -rw-r--r-- | src/nm-iface-helper.c | 5 |
2 files changed, 4 insertions, 25 deletions
diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c index 7c441d1d75..4efb272489 100644 --- a/src/devices/nm-device.c +++ b/src/devices/nm-device.c @@ -9664,24 +9664,11 @@ addrconf6_start_with_link_ready (NMDevice *self) if (!ip_config_merge_and_apply (self, AF_INET6, TRUE)) _LOGW (LOGD_IP6, "failed to apply manual IPv6 configuration"); - /* FIXME: These sysctls would probably be better set by the lndp ndisc itself. */ - switch (nm_ndisc_get_node_type (priv->ndisc)) { - case NM_NDISC_NODE_TYPE_HOST: - /* Accepting prefixes from discovered routers. */ - nm_device_sysctl_ip_conf_set (self, AF_INET6, "accept_ra", "1"); - nm_device_sysctl_ip_conf_set (self, AF_INET6, "accept_ra_defrtr", "0"); - nm_device_sysctl_ip_conf_set (self, AF_INET6, "accept_ra_pinfo", "0"); - nm_device_sysctl_ip_conf_set (self, AF_INET6, "accept_ra_rtr_pref", "0"); - break; - case NM_NDISC_NODE_TYPE_ROUTER: - /* We're the router. */ + if (nm_ndisc_get_node_type (priv->ndisc) == NM_NDISC_NODE_TYPE_ROUTER) { nm_device_sysctl_ip_conf_set (self, AF_INET6, "forwarding", "1"); nm_device_activate_schedule_ip_config_result (self, AF_INET6, NULL); priv->needs_ip6_subnet = TRUE; g_signal_emit (self, signals[IP6_SUBNET_NEEDED], 0); - break; - default: - g_assert_not_reached (); } priv->ndisc_changed_id = g_signal_connect (priv->ndisc, @@ -9792,9 +9779,6 @@ save_ip6_properties (NMDevice *self) { static const char *const ip6_properties_to_save[] = { "accept_ra", - "accept_ra_defrtr", - "accept_ra_pinfo", - "accept_ra_rtr_pref", "forwarding", "disable_ipv6", "hop_limit", @@ -10119,6 +10103,7 @@ act_stage3_ip_config_start (NMDevice *self, set_nm_ipv6ll (self, TRUE); /* Re-enable IPv6 on the interface */ + nm_device_sysctl_ip_conf_set (self, AF_INET6, "accept_ra", "0"); set_disable_ipv6 (self, "0"); /* Synchronize external IPv6 configuration with kernel, since @@ -14736,7 +14721,6 @@ nm_device_cleanup (NMDevice *self, NMDeviceStateReason reason, CleanupType clean /* Turn off kernel IPv6 */ if (cleanup_type == CLEANUP_TYPE_DECONFIGURE) { set_disable_ipv6 (self, "1"); - nm_device_sysctl_ip_conf_set (self, AF_INET6, "accept_ra", "0"); nm_device_sysctl_ip_conf_set (self, AF_INET6, "use_tempaddr", "0"); } @@ -15027,9 +15011,7 @@ ip6_managed_setup (NMDevice *self) { set_nm_ipv6ll (self, TRUE); set_disable_ipv6 (self, "1"); - nm_device_sysctl_ip_conf_set (self, AF_INET6, "accept_ra_defrtr", "0"); - nm_device_sysctl_ip_conf_set (self, AF_INET6, "accept_ra_pinfo", "0"); - nm_device_sysctl_ip_conf_set (self, AF_INET6, "accept_ra_rtr_pref", "0"); + nm_device_sysctl_ip_conf_set (self, AF_INET6, "accept_ra", "0"); nm_device_sysctl_ip_conf_set (self, AF_INET6, "use_tempaddr", "0"); nm_device_sysctl_ip_conf_set (self, AF_INET6, "forwarding", "0"); } diff --git a/src/nm-iface-helper.c b/src/nm-iface-helper.c index f93f3470d5..7dd0db9c76 100644 --- a/src/nm-iface-helper.c +++ b/src/nm-iface-helper.c @@ -569,10 +569,7 @@ main (int argc, char *argv[]) if (iid) nm_ndisc_set_iid (ndisc, *iid); - nm_platform_sysctl_ip_conf_set (NM_PLATFORM_GET, AF_INET6, global_opt.ifname, "accept_ra", "1"); - nm_platform_sysctl_ip_conf_set (NM_PLATFORM_GET, AF_INET6, global_opt.ifname, "accept_ra_defrtr", "0"); - nm_platform_sysctl_ip_conf_set (NM_PLATFORM_GET, AF_INET6, global_opt.ifname, "accept_ra_pinfo", "0"); - nm_platform_sysctl_ip_conf_set (NM_PLATFORM_GET, AF_INET6, global_opt.ifname, "accept_ra_rtr_pref", "0"); + nm_platform_sysctl_ip_conf_set (NM_PLATFORM_GET, AF_INET6, global_opt.ifname, "accept_ra", "0"); g_signal_connect (NM_PLATFORM_GET, NM_PLATFORM_SIGNAL_IP6_ADDRESS_CHANGED, |