diff options
author | Lubomir Rintel <lkundrak@v3.sk> | 2019-06-14 15:51:44 +0200 |
---|---|---|
committer | Lubomir Rintel <lkundrak@v3.sk> | 2019-07-15 20:16:31 +0200 |
commit | 07fdc1828d825597cbd6f3b93e9e6a68dd4aef58 (patch) | |
tree | c199c8ebff3bf28fa0fc02aef49f0aaac3fc12c5 /contrib | |
parent | 9ae8a794574a7ebe50d87998668015718b106dd6 (diff) |
contrib/rpm: disable rp_filter in config-connectivity-redhat
RHEL ships with a rp_filter and can't change that for historic reasons.
That's unfortunate, because it breaks the connectivity checking. Let's
override it if the connectivity checking package is installed.
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/merge_requests/185
Diffstat (limited to 'contrib')
-rw-r--r-- | contrib/fedora/rpm/70-nm-connectivity.conf | 15 | ||||
-rw-r--r-- | contrib/fedora/rpm/NetworkManager.spec | 5 | ||||
-rwxr-xr-x | contrib/fedora/rpm/build.sh | 4 |
3 files changed, 24 insertions, 0 deletions
diff --git a/contrib/fedora/rpm/70-nm-connectivity.conf b/contrib/fedora/rpm/70-nm-connectivity.conf new file mode 100644 index 0000000000..0e4b0e274a --- /dev/null +++ b/contrib/fedora/rpm/70-nm-connectivity.conf @@ -0,0 +1,15 @@ +# The Strict mode of RFC3704 Reverse Path filtering breaks some pretty +# common and reasonable use cases. +# +# Notably, it makes it impossible for NetworkManager to do connectivity +# check on a newly arriving default route (it starts with a higher metric +# and is bumped lower if there's connectivity). +# +# Kernel's default is 0 (no filter), systemd configures a Loose filter since +# commit 230450d4e4f1 ('sysctl.d: switch net.ipv4.conf.all.rp_filter from 1 +# to 2'). However, RHEL systemd package happens to default to Strict mode +# for historic reasons. Let's override it if we're doing connectivity +# checking. + +# Source route verification +net.ipv4.conf.all.rp_filter = 0 diff --git a/contrib/fedora/rpm/NetworkManager.spec b/contrib/fedora/rpm/NetworkManager.spec index b775f1dfa9..6f57d57468 100644 --- a/contrib/fedora/rpm/NetworkManager.spec +++ b/contrib/fedora/rpm/NetworkManager.spec @@ -25,6 +25,7 @@ %global obsoletes_ppp_plugin 1:1.5.3 %global systemd_dir %{_prefix}/lib/systemd/system +%global sysctl_dir %{_prefix}/lib/sysctl.d %global nmlibdir %{_prefix}/lib/%{name} %global nmplugindir %{_libdir}/%{name}/%{version}-%{release} @@ -136,6 +137,7 @@ Source1: NetworkManager.conf Source2: 00-server.conf Source4: 20-connectivity-fedora.conf Source5: 20-connectivity-redhat.conf +Source6: 70-nm-connectivity.conf #Patch1: 0001-some.patch @@ -716,6 +718,8 @@ cp %{SOURCE4} %{buildroot}%{nmlibdir}/conf.d/ %if %{with connectivity_redhat} cp %{SOURCE5} %{buildroot}%{nmlibdir}/conf.d/ +mkdir -p %{buildroot}%{_sysctldir} +cp %{SOURCE6} %{buildroot}%{_sysctldir} %endif cp examples/dispatcher/10-ifcfg-rh-routes.sh %{buildroot}%{_sysconfdir}/%{name}/dispatcher.d/ @@ -943,6 +947,7 @@ fi %dir %{nmlibdir} %dir %{nmlibdir}/conf.d %{nmlibdir}/conf.d/20-connectivity-redhat.conf +%{_sysctldir}/70-nm-connectivity.conf %endif diff --git a/contrib/fedora/rpm/build.sh b/contrib/fedora/rpm/build.sh index 017aab9c30..f2c4cda18d 100755 --- a/contrib/fedora/rpm/build.sh +++ b/contrib/fedora/rpm/build.sh @@ -20,6 +20,7 @@ # SOURCE_CONFIG_SERVER= # SOURCE_CONFIG_CONNECTIVITY_FEDORA= # SOURCE_CONFIG_CONNECTIVITY_REDHAT= +# SOURCE_SYSCTL_RP_FILTER_REDHAT= die() { echo "$*" >&2 @@ -123,6 +124,7 @@ SOURCE_NETWORKMANAGER_CONF="$(abs_path "$SOURCE_NETWORKMANAGER_CONF" "$SCRIPTDIR SOURCE_CONFIG_SERVER="$(abs_path "$SOURCE_CONFIG_SERVER" "$SCRIPTDIR/00-server.conf")" || die "invalid \$SOURCE_CONFIG_SERVER argument" SOURCE_CONFIG_CONNECTIVITY_FEDORA="$(abs_path "$SOURCE_CONFIG_CONNECTIVITY_FEDORA" "$SCRIPTDIR/20-connectivity-fedora.conf")" || die "invalid \$SOURCE_CONFIG_CONNECTIVITY_FEDORA argument" SOURCE_CONFIG_CONNECTIVITY_REDHAT="$(abs_path "$SOURCE_CONFIG_CONNECTIVITY_REDHAT" "$SCRIPTDIR/20-connectivity-redhat.conf")" || die "invalid \$SOURCE_CONFIG_CONNECTIVITY_REDHAT argument" +SOURCE_SYSCTL_RP_FILTER_REDHAT="$(abs_path "$SOURCE_SYSCTL_RP_FILTER_REDHAT" "$SCRIPTDIR/70-nm-connectivity.conf")" || die "invalid \$SOURCE_SYSCTL_RP_FILTER_REDHAT argument" TEMP="$(mktemp -d "$SCRIPTDIR/NetworkManager.$DATE.XXXXXX")" TEMPBASE="$(basename "$TEMP")" @@ -146,6 +148,7 @@ LOG "SOURCE_NETWORKMANAGER_CONF=$SOURCE_NETWORKMANAGER_CONF" LOG "SOURCE_CONFIG_SERVER=$SOURCE_CONFIG_SERVER" LOG "SOURCE_CONFIG_CONNECTIVITY_FEDORA=$SOURCE_CONFIG_CONNECTIVITY_FEDORA" LOG "SOURCE_CONFIG_CONNECTIVITY_REDHAT=$SOURCE_CONFIG_CONNECTIVITY_REDHAT" +LOG "SOURCE_SYSCTL_RP_FILTER_REDHAT=$SOURCE_SYSCTL_RP_FILTER_REDHAT" LOG "BUILDTYPE=$BUILDTYPE" LOG "NM_RPMBUILD_ARGS=$NM_RPMBUILD_ARGS" LOG "" @@ -166,6 +169,7 @@ cp "$SOURCE_NETWORKMANAGER_CONF" "$TEMP/SOURCES/NetworkManager.conf" || die "Cou cp "$SOURCE_CONFIG_SERVER" "$TEMP/SOURCES/00-server.conf" || die "Could not copy source $SOURCE_CONFIG_SERVER to $TEMP/SOURCES" cp "$SOURCE_CONFIG_CONNECTIVITY_FEDORA" "$TEMP/SOURCES/20-connectivity-fedora.conf" || die "Could not copy source $SOURCE_CONFIG_CONNECTIVITY_FEDORA to $TEMP/SOURCES" cp "$SOURCE_CONFIG_CONNECTIVITY_REDHAT" "$TEMP/SOURCES/20-connectivity-redhat.conf" || die "Could not copy source $SOURCE_CONFIG_CONNECTIVITY_REDHAT to $TEMP/SOURCES" +cp "$SOURCE_SYSCTL_RP_FILTER_REDHAT" "$TEMP/SOURCES/70-nm-connectivity.conf" || die "Could not copy source $SOURCE_SYSCTL_RP_FILTER_REDHAT to $TEMP/SOURCES" write_changelog |