diff options
| author | Lubomir Rintel <lkundrak@v3.sk> | 2019-06-14 15:51:44 +0200 |
|---|---|---|
| committer | Lubomir Rintel <lkundrak@v3.sk> | 2019-06-14 16:05:19 +0200 |
| commit | ca57b96498187cddb51ba1605e31fb05996e6b10 (patch) | |
| tree | 4e0a24a9e239eecaf9abab62d03e4e3d13f4ed68 | |
| parent | 97c672665d79e4ad22c04f9ac277711673ad4456 (diff) | |
| download | NetworkManager-lr/redhat-connectivity.tar.gz | |
contrib/rpm: disable rp_filter in config-connectivity-redhatlr/redhat-connectivity
RHEL ships with a rp_filter and can't change that for historic reasons.
That's unfortunate, because it breaks the connectivity checking. Let's
override it if the connectivity checking package is installed.
| -rw-r--r-- | contrib/fedora/rpm/70-nm-connectivity.conf | 15 | ||||
| -rw-r--r-- | contrib/fedora/rpm/NetworkManager.spec | 5 | ||||
| -rwxr-xr-x | contrib/fedora/rpm/build.sh | 4 |
3 files changed, 24 insertions, 0 deletions
diff --git a/contrib/fedora/rpm/70-nm-connectivity.conf b/contrib/fedora/rpm/70-nm-connectivity.conf new file mode 100644 index 0000000000..0e4b0e274a --- /dev/null +++ b/contrib/fedora/rpm/70-nm-connectivity.conf @@ -0,0 +1,15 @@ +# The Strict mode of RFC3704 Reverse Path filtering breaks some pretty +# common and reasonable use cases. +# +# Notably, it makes it impossible for NetworkManager to do connectivity +# check on a newly arriving default route (it starts with a higher metric +# and is bumped lower if there's connectivity). +# +# Kernel's default is 0 (no filter), systemd configures a Loose filter since +# commit 230450d4e4f1 ('sysctl.d: switch net.ipv4.conf.all.rp_filter from 1 +# to 2'). However, RHEL systemd package happens to default to Strict mode +# for historic reasons. Let's override it if we're doing connectivity +# checking. + +# Source route verification +net.ipv4.conf.all.rp_filter = 0 diff --git a/contrib/fedora/rpm/NetworkManager.spec b/contrib/fedora/rpm/NetworkManager.spec index c3551fd710..5fd1aea329 100644 --- a/contrib/fedora/rpm/NetworkManager.spec +++ b/contrib/fedora/rpm/NetworkManager.spec @@ -25,6 +25,7 @@ %global obsoletes_ppp_plugin 1:1.5.3 %global systemd_dir %{_prefix}/lib/systemd/system +%global sysctl_dir %{_prefix}/lib/sysctl.d %global nmlibdir %{_prefix}/lib/%{name} %global nmplugindir %{_libdir}/%{name}/%{version}-%{release} @@ -142,6 +143,7 @@ Source1: NetworkManager.conf Source2: 00-server.conf Source4: 20-connectivity-fedora.conf Source5: 20-connectivity-redhat.conf +Source6: 70-nm-connectivity.conf #Patch1: 0001-some.patch @@ -728,6 +730,8 @@ cp %{SOURCE4} %{buildroot}%{nmlibdir}/conf.d/ %if %{with connectivity_redhat} cp %{SOURCE5} %{buildroot}%{nmlibdir}/conf.d/ +mkdir -p %{buildroot}%{_sysctldir} +cp %{SOURCE6} %{buildroot}%{_sysctldir} %endif cp examples/dispatcher/10-ifcfg-rh-routes.sh %{buildroot}%{_sysconfdir}/%{name}/dispatcher.d/ @@ -955,6 +959,7 @@ fi %dir %{nmlibdir} %dir %{nmlibdir}/conf.d %{nmlibdir}/conf.d/20-connectivity-redhat.conf +%{_sysctldir}/70-nm-connectivity.conf %endif diff --git a/contrib/fedora/rpm/build.sh b/contrib/fedora/rpm/build.sh index 017aab9c30..f2c4cda18d 100755 --- a/contrib/fedora/rpm/build.sh +++ b/contrib/fedora/rpm/build.sh @@ -20,6 +20,7 @@ # SOURCE_CONFIG_SERVER= # SOURCE_CONFIG_CONNECTIVITY_FEDORA= # SOURCE_CONFIG_CONNECTIVITY_REDHAT= +# SOURCE_SYSCTL_RP_FILTER_REDHAT= die() { echo "$*" >&2 @@ -123,6 +124,7 @@ SOURCE_NETWORKMANAGER_CONF="$(abs_path "$SOURCE_NETWORKMANAGER_CONF" "$SCRIPTDIR SOURCE_CONFIG_SERVER="$(abs_path "$SOURCE_CONFIG_SERVER" "$SCRIPTDIR/00-server.conf")" || die "invalid \$SOURCE_CONFIG_SERVER argument" SOURCE_CONFIG_CONNECTIVITY_FEDORA="$(abs_path "$SOURCE_CONFIG_CONNECTIVITY_FEDORA" "$SCRIPTDIR/20-connectivity-fedora.conf")" || die "invalid \$SOURCE_CONFIG_CONNECTIVITY_FEDORA argument" SOURCE_CONFIG_CONNECTIVITY_REDHAT="$(abs_path "$SOURCE_CONFIG_CONNECTIVITY_REDHAT" "$SCRIPTDIR/20-connectivity-redhat.conf")" || die "invalid \$SOURCE_CONFIG_CONNECTIVITY_REDHAT argument" +SOURCE_SYSCTL_RP_FILTER_REDHAT="$(abs_path "$SOURCE_SYSCTL_RP_FILTER_REDHAT" "$SCRIPTDIR/70-nm-connectivity.conf")" || die "invalid \$SOURCE_SYSCTL_RP_FILTER_REDHAT argument" TEMP="$(mktemp -d "$SCRIPTDIR/NetworkManager.$DATE.XXXXXX")" TEMPBASE="$(basename "$TEMP")" @@ -146,6 +148,7 @@ LOG "SOURCE_NETWORKMANAGER_CONF=$SOURCE_NETWORKMANAGER_CONF" LOG "SOURCE_CONFIG_SERVER=$SOURCE_CONFIG_SERVER" LOG "SOURCE_CONFIG_CONNECTIVITY_FEDORA=$SOURCE_CONFIG_CONNECTIVITY_FEDORA" LOG "SOURCE_CONFIG_CONNECTIVITY_REDHAT=$SOURCE_CONFIG_CONNECTIVITY_REDHAT" +LOG "SOURCE_SYSCTL_RP_FILTER_REDHAT=$SOURCE_SYSCTL_RP_FILTER_REDHAT" LOG "BUILDTYPE=$BUILDTYPE" LOG "NM_RPMBUILD_ARGS=$NM_RPMBUILD_ARGS" LOG "" @@ -166,6 +169,7 @@ cp "$SOURCE_NETWORKMANAGER_CONF" "$TEMP/SOURCES/NetworkManager.conf" || die "Cou cp "$SOURCE_CONFIG_SERVER" "$TEMP/SOURCES/00-server.conf" || die "Could not copy source $SOURCE_CONFIG_SERVER to $TEMP/SOURCES" cp "$SOURCE_CONFIG_CONNECTIVITY_FEDORA" "$TEMP/SOURCES/20-connectivity-fedora.conf" || die "Could not copy source $SOURCE_CONFIG_CONNECTIVITY_FEDORA to $TEMP/SOURCES" cp "$SOURCE_CONFIG_CONNECTIVITY_REDHAT" "$TEMP/SOURCES/20-connectivity-redhat.conf" || die "Could not copy source $SOURCE_CONFIG_CONNECTIVITY_REDHAT to $TEMP/SOURCES" +cp "$SOURCE_SYSCTL_RP_FILTER_REDHAT" "$TEMP/SOURCES/70-nm-connectivity.conf" || die "Could not copy source $SOURCE_SYSCTL_RP_FILTER_REDHAT to $TEMP/SOURCES" write_changelog |