diff options
| author | Thomas Haller <thaller@redhat.com> | 2023-05-02 14:41:05 +0200 |
|---|---|---|
| committer | Thomas Haller <thaller@redhat.com> | 2023-06-12 10:44:40 +0200 |
| commit | d008eb154e7d438471803d7b7090b8e8db0eb2c5 (patch) | |
| tree | 8ad24d023e888da15bb59a18e9b8134323dae722 | |
| parent | 9e92709ca8473f354059d706f4f21aaa814e152b (diff) | |
device: don't reset "net.ipv6.conf.$IFACE.forwarding"
According to systemd, IPv6 forwarding is special anyway, and they only
enable forwarding for "net.ipv6.conf.all.forwarding" ([1]).
Since commit 46e63e03af58 ('device: announce the managed IPv6
configuration with ipv6.method=shared') we support "ipv6.method=shared"
and enable forwarding for IPv6, on the interface. Whether that makes
sense is questionable, given [1] and the claim that setting it
per-interface is not useful.
Anyway, since that change we always reset the "forwarding" sysctl to
zero, when we don't enable shared mode. That is not right, because the
user didn't explicitly ask for that (and there is no configuration
option like systemd-networkd's "IPForward=" setting to control that).
What we instead should do, not touch/reset the sysctl, unless we really
want to.
No longer set "forwarding" to zero by default. And only restore the
previous value (_dev_sysctl_save_ip6_properties()) if we actually
changed the value to "1".
[1] https://github.com/systemd/systemd/blob/b8fba0cded2c3e14fe8c0b52aae3ecf2c9fa718e/src/network/networkd-sysctl.c#L79
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/923
Fixes: 46e63e03af58 ('device: announce the managed IPv6 configuration with ipv6.method=shared')
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1616
(cherry picked from commit 4c48301594591a92a123b68fa8f9e1c129ce65ae)
(cherry picked from commit f578051b4005dc0ac5af93ed118ee309426a14c4)
| -rw-r--r-- | src/core/devices/nm-device.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/src/core/devices/nm-device.c b/src/core/devices/nm-device.c index 780cc4c5fe..7357d699e4 100644 --- a/src/core/devices/nm-device.c +++ b/src/core/devices/nm-device.c @@ -11646,7 +11646,18 @@ _dev_ipac6_start(NMDevice *self) } if (nm_ndisc_get_node_type(priv->ipac6_data.ndisc) == NM_NDISC_NODE_TYPE_ROUTER) { - nm_device_sysctl_ip_conf_set(self, AF_INET6, "forwarding", "1"); + gs_free char *sysctl_value = NULL; + + sysctl_value = nm_device_sysctl_ip_conf_get(self, AF_INET6, "forwarding"); + if (!nm_streq0(sysctl_value, "1")) { + if (sysctl_value) { + g_hash_table_insert(priv->ip6_saved_properties, + "forwarding", + g_steal_pointer(&sysctl_value)); + } + nm_device_sysctl_ip_conf_set(self, AF_INET6, "forwarding", "1"); + } + priv->needs_ip6_subnet = TRUE; g_signal_emit(self, signals[IP6_SUBNET_NEEDED], 0); } @@ -11704,7 +11715,6 @@ _dev_sysctl_save_ip6_properties(NMDevice *self) { static const char *const ip6_properties_to_save[] = { "accept_ra", - "forwarding", "disable_ipv6", "hop_limit", "use_tempaddr", @@ -15580,7 +15590,6 @@ ip6_managed_setup(NMDevice *self) _dev_sysctl_set_disable_ipv6(self, FALSE); nm_device_sysctl_ip_conf_set(self, AF_INET6, "accept_ra", "0"); nm_device_sysctl_ip_conf_set(self, AF_INET6, "use_tempaddr", "0"); - nm_device_sysctl_ip_conf_set(self, AF_INET6, "forwarding", "0"); } static void |