diff options
author | Thomas Haller <thaller@redhat.com> | 2023-05-02 14:41:05 +0200 |
---|---|---|
committer | Thomas Haller <thaller@redhat.com> | 2023-05-09 10:21:25 +0200 |
commit | 4c48301594591a92a123b68fa8f9e1c129ce65ae (patch) | |
tree | 78ace71bb228e5dbaf6bae9bf259c8c8648a06b2 | |
parent | 89edca462839e00c14a5aa0a4dde02986077ba31 (diff) | |
download | NetworkManager-4c48301594591a92a123b68fa8f9e1c129ce65ae.tar.gz |
device: don't reset "net.ipv6.conf.$IFACE.forwarding"
According to systemd, IPv6 forwarding is special anyway, and they only
enable forwarding for "net.ipv6.conf.all.forwarding" ([1]).
Since commit 46e63e03af58 ('device: announce the managed IPv6
configuration with ipv6.method=shared') we support "ipv6.method=shared"
and enable forwarding for IPv6, on the interface. Whether that makes
sense is questionable, given [1] and the claim that setting it
per-interface is not useful.
Anyway, since that change we always reset the "forwarding" sysctl to
zero, when we don't enable shared mode. That is not right, because the
user didn't explicitly ask for that (and there is no configuration
option like systemd-networkd's "IPForward=" setting to control that).
What we instead should do, not touch/reset the sysctl, unless we really
want to.
No longer set "forwarding" to zero by default. And only restore the
previous value (_dev_sysctl_save_ip6_properties()) if we actually
changed the value to "1".
[1] https://github.com/systemd/systemd/blob/b8fba0cded2c3e14fe8c0b52aae3ecf2c9fa718e/src/network/networkd-sysctl.c#L79
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/923
Fixes: 46e63e03af58 ('device: announce the managed IPv6 configuration with ipv6.method=shared')
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1616
-rw-r--r-- | src/core/devices/nm-device.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/src/core/devices/nm-device.c b/src/core/devices/nm-device.c index ed840044c5..6639492ee5 100644 --- a/src/core/devices/nm-device.c +++ b/src/core/devices/nm-device.c @@ -11860,7 +11860,18 @@ _dev_ipac6_start(NMDevice *self) } if (nm_ndisc_get_node_type(priv->ipac6_data.ndisc) == NM_NDISC_NODE_TYPE_ROUTER) { - nm_device_sysctl_ip_conf_set(self, AF_INET6, "forwarding", "1"); + gs_free char *sysctl_value = NULL; + + sysctl_value = nm_device_sysctl_ip_conf_get(self, AF_INET6, "forwarding"); + if (!nm_streq0(sysctl_value, "1")) { + if (sysctl_value) { + g_hash_table_insert(priv->ip6_saved_properties, + "forwarding", + g_steal_pointer(&sysctl_value)); + } + nm_device_sysctl_ip_conf_set(self, AF_INET6, "forwarding", "1"); + } + priv->needs_ip6_subnet = TRUE; g_signal_emit(self, signals[IP6_SUBNET_NEEDED], 0); } @@ -11918,7 +11929,6 @@ _dev_sysctl_save_ip6_properties(NMDevice *self) { static const char *const ip6_properties_to_save[] = { "accept_ra", - "forwarding", "disable_ipv6", "hop_limit", "use_tempaddr", @@ -15838,7 +15848,6 @@ ip6_managed_setup(NMDevice *self) _dev_sysctl_set_disable_ipv6(self, FALSE); nm_device_sysctl_ip_conf_set(self, AF_INET6, "accept_ra", "0"); nm_device_sysctl_ip_conf_set(self, AF_INET6, "use_tempaddr", "0"); - nm_device_sysctl_ip_conf_set(self, AF_INET6, "forwarding", "0"); } static void |