diff options
| author | Yuki Inoguchi <inoguchi.yuki@fujitsu.com> | 2023-10-10 17:50:37 +0900 |
|---|---|---|
| committer | Íñigo Huguet <ihuguet@redhat.com> | 2024-02-09 15:47:57 +0100 |
| commit | f407868ee25c06f9a41c72ecd54e83dd4317b4fe (patch) | |
| tree | 8dd1d3c459a81909d18a3ca89dd7713a58623678 | |
| parent | 37bd70034f7f43becf2cc64468143c5ea2666762 (diff) | |
device: disable IPv6 in NetworkManager when disabled in kernel
When IPv6 is disabled in kernel but ipv6.method is set to auto, NetworkManager repeatedly attempts
IPv6 configuration internally, resulting in unnecessary warning messages being output infinitely.
platform-linux: do-add-ip6-address[2: fe80::5054:ff:fe7c:4293]: failure 95 (Operation not supported)
ipv6ll[e898db403d9b5099,ifindex=2]: changed: no IPv6 link local address to retry after Duplicate Address Detection failures (back off)
platform-linux: do-add-ip6-address[2: fe80::5054:ff:fe7c:4293]: failure 95 (Operation not supported)
ipv6ll[e898db403d9b5099,ifindex=2]: changed: no IPv6 link local address to retry after Duplicate Address Detection failures (back off)
platform-linux: do-add-ip6-address[2: fe80::5054:ff:fe7c:4293]: failure 95 (Operation not supported)
ipv6ll[e898db403d9b5099,ifindex=2]: changed: no IPv6 link local address to retry after Duplicate Address Detection failures (back off)
To prevent this issue, let's disable IPv6 in NetworkManager when it is disabled in the kernel.
In order to do it in activate_stage3_ip_config() only once during activation,
the firewall initialization needed to be moved earlier. Otherwise, the IPv6 disablement could occur
twice during activation because activate_stage3_ip_config() is also executed from subsequent of fw_change_zone().
(cherry picked from commit 50a6386c3ba6ae9b0501e56bd78fd141636770a7)
(cherry picked from commit 4a9cf4c1dd972de11a2d7c6b0dd8328b2dc24f69)
(cherry picked from commit ffef5a47489ee65122a0c532fffdc77707d68231)
Solved some conflicts due to missing 61e1027cc783 ('device: preserve the DHCP lease during reapply')
| -rw-r--r-- | src/core/devices/nm-device.c | 63 |
1 files changed, 33 insertions, 30 deletions
diff --git a/src/core/devices/nm-device.c b/src/core/devices/nm-device.c index ab6df72adf..9b3507f4c1 100644 --- a/src/core/devices/nm-device.c +++ b/src/core/devices/nm-device.c @@ -11556,16 +11556,8 @@ _dev_ipac6_start(NMDevice *self) NMUtilsIPv6IfaceId iid; gboolean is_token; - if (priv->ipac6_data.state == NM_DEVICE_IP_STATE_NONE) { - if (!g_file_test("/proc/sys/net/ipv6", G_FILE_TEST_IS_DIR)) { - _LOGI_ipac6("addrconf6: kernel does not support IPv6"); - _dev_ipac6_set_state(self, NM_DEVICE_IP_STATE_FAILED); - _dev_ip_state_check_async(self, AF_INET6); - return; - } - + if (priv->ipac6_data.state == NM_DEVICE_IP_STATE_NONE) _dev_ipac6_set_state(self, NM_DEVICE_IP_STATE_PENDING); - } if (NM_IN_SET(priv->ipll_data_6.state, NM_DEVICE_IP_STATE_NONE, NM_DEVICE_IP_STATE_PENDING)) { _dev_ipac6_grace_period_start(self, 30, TRUE); @@ -12102,15 +12094,6 @@ activate_stage3_ip_config(NMDevice *self) ifindex = nm_device_get_ip_ifindex(self); - if (priv->ip_data_4.do_reapply) { - _LOGD_ip(AF_INET, "reapply..."); - _cleanup_ip_pre(self, AF_INET, CLEANUP_TYPE_DECONFIGURE, TRUE); - } - if (priv->ip_data_6.do_reapply) { - _LOGD_ip(AF_INET6, "reapply..."); - _cleanup_ip_pre(self, AF_INET6, CLEANUP_TYPE_DECONFIGURE, TRUE); - } - /* Add the interface to the specified firewall zone */ switch (priv->fw_state) { case FIREWALL_STATE_UNMANAGED: @@ -12135,6 +12118,38 @@ activate_stage3_ip_config(NMDevice *self) } nm_assert(ifindex <= 0 || priv->fw_state == FIREWALL_STATE_INITIALIZED); + ipv4_method = nm_device_get_effective_ip_config_method(self, AF_INET); + if (nm_streq(ipv4_method, NM_SETTING_IP4_CONFIG_METHOD_AUTO)) { + /* "auto" usually means DHCPv4 or autoconf6, but it doesn't have to be. Subclasses + * can overwrite it. For example, you cannot run DHCPv4 on PPP/WireGuard links. */ + ipv4_method = klass->get_ip_method_auto(self, AF_INET); + } + + ipv6_method = nm_device_get_effective_ip_config_method(self, AF_INET6); + if (!g_file_test("/proc/sys/net/ipv6", G_FILE_TEST_IS_DIR)) { + _NMLOG_ip((nm_device_sys_iface_state_is_external(self) + || NM_IN_STRSET(ipv6_method, + NM_SETTING_IP6_CONFIG_METHOD_AUTO, + NM_SETTING_IP6_CONFIG_METHOD_DISABLED, + NM_SETTING_IP6_CONFIG_METHOD_IGNORE)) + ? LOGL_DEBUG + : LOGL_WARN, + AF_INET6, + "IPv6 not supported by kernel resulting in \"ipv6.method=disabled\""); + ipv6_method = NM_SETTING_IP6_CONFIG_METHOD_DISABLED; + } else if (nm_streq(ipv6_method, NM_SETTING_IP6_CONFIG_METHOD_AUTO)) { + ipv6_method = klass->get_ip_method_auto(self, AF_INET6); + } + + if (priv->ip_data_4.do_reapply) { + _LOGD_ip(AF_INET, "reapply..."); + _cleanup_ip_pre(self, AF_INET, CLEANUP_TYPE_DECONFIGURE, TRUE); + } + if (priv->ip_data_6.do_reapply) { + _LOGD_ip(AF_INET6, "reapply..."); + _cleanup_ip_pre(self, AF_INET6, CLEANUP_TYPE_DECONFIGURE, TRUE); + } + if (priv->state < NM_DEVICE_STATE_IP_CONFIG) { _dev_ip_state_req_timeout_schedule(self, AF_INET); _dev_ip_state_req_timeout_schedule(self, AF_INET6); @@ -12160,18 +12175,6 @@ activate_stage3_ip_config(NMDevice *self) * let's do it! */ _commit_mtu(self); - ipv4_method = nm_device_get_effective_ip_config_method(self, AF_INET); - if (nm_streq(ipv4_method, NM_SETTING_IP4_CONFIG_METHOD_AUTO)) { - /* "auto" usually means DHCPv4 or autoconf6, but it doesn't have to be. Subclasses - * can overwrite it. For example, you cannot run DHCPv4 on PPP/WireGuard links. */ - ipv4_method = klass->get_ip_method_auto(self, AF_INET); - } - - ipv6_method = nm_device_get_effective_ip_config_method(self, AF_INET6); - if (nm_streq(ipv6_method, NM_SETTING_IP6_CONFIG_METHOD_AUTO)) { - ipv6_method = klass->get_ip_method_auto(self, AF_INET6); - } - if (!nm_device_sys_iface_state_is_external(self) && (!klass->ready_for_ip_config || klass->ready_for_ip_config(self, TRUE))) { if (priv->ipmanual_data.state_6 == NM_DEVICE_IP_STATE_NONE |