NetworkManager/SOURCES/1014-device-disable-IPv6-in-NetworkManager-when-disabled-rhel-10450.patch

131 lines
6.3 KiB
Diff
Raw Normal View History

From f240f3d6d901b78fd50b945f08aa4f9d39625c4e Mon Sep 17 00:00:00 2001
From: Yuki Inoguchi <inoguchi.yuki@fujitsu.com>
Date: Tue, 10 Oct 2023 17:50:37 +0900
Subject: [PATCH] device: disable IPv6 in NetworkManager when disabled in
kernel
When IPv6 is disabled in kernel but ipv6.method is set to auto, NetworkManager repeatedly attempts
IPv6 configuration internally, resulting in unnecessary warning messages being output infinitely.
platform-linux: do-add-ip6-address[2: fe80::5054:ff:fe7c:4293]: failure 95 (Operation not supported)
ipv6ll[e898db403d9b5099,ifindex=2]: changed: no IPv6 link local address to retry after Duplicate Address Detection failures (back off)
platform-linux: do-add-ip6-address[2: fe80::5054:ff:fe7c:4293]: failure 95 (Operation not supported)
ipv6ll[e898db403d9b5099,ifindex=2]: changed: no IPv6 link local address to retry after Duplicate Address Detection failures (back off)
platform-linux: do-add-ip6-address[2: fe80::5054:ff:fe7c:4293]: failure 95 (Operation not supported)
ipv6ll[e898db403d9b5099,ifindex=2]: changed: no IPv6 link local address to retry after Duplicate Address Detection failures (back off)
To prevent this issue, let's disable IPv6 in NetworkManager when it is disabled in the kernel.
In order to do it in activate_stage3_ip_config() only once during activation,
the firewall initialization needed to be moved earlier. Otherwise, the IPv6 disablement could occur
twice during activation because activate_stage3_ip_config() is also executed from subsequent of fw_change_zone().
(cherry picked from commit 50a6386c3ba6ae9b0501e56bd78fd141636770a7)
(cherry picked from commit 4a9cf4c1dd972de11a2d7c6b0dd8328b2dc24f69)
(cherry picked from commit ffef5a47489ee65122a0c532fffdc77707d68231)
Solved some conflicts due to missing 61e1027cc783 ('device: preserve the DHCP lease during reapply')
(cherry picked from commit f407868ee25c06f9a41c72ecd54e83dd4317b4fe)
---
src/core/devices/nm-device.c | 63 +++++++++++++++++++-----------------
1 file changed, 33 insertions(+), 30 deletions(-)
diff --git a/src/core/devices/nm-device.c b/src/core/devices/nm-device.c
index 5748d80393..e54942440f 100644
--- a/src/core/devices/nm-device.c
+++ b/src/core/devices/nm-device.c
@@ -11556,16 +11556,8 @@ _dev_ipac6_start(NMDevice *self)
NMUtilsIPv6IfaceId iid;
gboolean is_token;
- if (priv->ipac6_data.state == NM_DEVICE_IP_STATE_NONE) {
- if (!g_file_test("/proc/sys/net/ipv6", G_FILE_TEST_IS_DIR)) {
- _LOGI_ipac6("addrconf6: kernel does not support IPv6");
- _dev_ipac6_set_state(self, NM_DEVICE_IP_STATE_FAILED);
- _dev_ip_state_check_async(self, AF_INET6);
- return;
- }
-
+ if (priv->ipac6_data.state == NM_DEVICE_IP_STATE_NONE)
_dev_ipac6_set_state(self, NM_DEVICE_IP_STATE_PENDING);
- }
if (NM_IN_SET(priv->ipll_data_6.state, NM_DEVICE_IP_STATE_NONE, NM_DEVICE_IP_STATE_PENDING)) {
_dev_ipac6_grace_period_start(self, 30, TRUE);
@@ -12092,15 +12084,6 @@ activate_stage3_ip_config(NMDevice *self)
ifindex = nm_device_get_ip_ifindex(self);
- if (priv->ip_data_4.do_reapply) {
- _LOGD_ip(AF_INET, "reapply...");
- _cleanup_ip_pre(self, AF_INET, CLEANUP_TYPE_DECONFIGURE, TRUE);
- }
- if (priv->ip_data_6.do_reapply) {
- _LOGD_ip(AF_INET6, "reapply...");
- _cleanup_ip_pre(self, AF_INET6, CLEANUP_TYPE_DECONFIGURE, TRUE);
- }
-
/* Add the interface to the specified firewall zone */
switch (priv->fw_state) {
case FIREWALL_STATE_UNMANAGED:
@@ -12125,6 +12108,38 @@ activate_stage3_ip_config(NMDevice *self)
}
nm_assert(ifindex <= 0 || priv->fw_state == FIREWALL_STATE_INITIALIZED);
+ ipv4_method = nm_device_get_effective_ip_config_method(self, AF_INET);
+ if (nm_streq(ipv4_method, NM_SETTING_IP4_CONFIG_METHOD_AUTO)) {
+ /* "auto" usually means DHCPv4 or autoconf6, but it doesn't have to be. Subclasses
+ * can overwrite it. For example, you cannot run DHCPv4 on PPP/WireGuard links. */
+ ipv4_method = klass->get_ip_method_auto(self, AF_INET);
+ }
+
+ ipv6_method = nm_device_get_effective_ip_config_method(self, AF_INET6);
+ if (!g_file_test("/proc/sys/net/ipv6", G_FILE_TEST_IS_DIR)) {
+ _NMLOG_ip((nm_device_sys_iface_state_is_external(self)
+ || NM_IN_STRSET(ipv6_method,
+ NM_SETTING_IP6_CONFIG_METHOD_AUTO,
+ NM_SETTING_IP6_CONFIG_METHOD_DISABLED,
+ NM_SETTING_IP6_CONFIG_METHOD_IGNORE))
+ ? LOGL_DEBUG
+ : LOGL_WARN,
+ AF_INET6,
+ "IPv6 not supported by kernel resulting in \"ipv6.method=disabled\"");
+ ipv6_method = NM_SETTING_IP6_CONFIG_METHOD_DISABLED;
+ } else if (nm_streq(ipv6_method, NM_SETTING_IP6_CONFIG_METHOD_AUTO)) {
+ ipv6_method = klass->get_ip_method_auto(self, AF_INET6);
+ }
+
+ if (priv->ip_data_4.do_reapply) {
+ _LOGD_ip(AF_INET, "reapply...");
+ _cleanup_ip_pre(self, AF_INET, CLEANUP_TYPE_DECONFIGURE, TRUE);
+ }
+ if (priv->ip_data_6.do_reapply) {
+ _LOGD_ip(AF_INET6, "reapply...");
+ _cleanup_ip_pre(self, AF_INET6, CLEANUP_TYPE_DECONFIGURE, TRUE);
+ }
+
if (priv->state < NM_DEVICE_STATE_IP_CONFIG) {
_dev_ip_state_req_timeout_schedule(self, AF_INET);
_dev_ip_state_req_timeout_schedule(self, AF_INET6);
@@ -12150,18 +12165,6 @@ activate_stage3_ip_config(NMDevice *self)
* let's do it! */
_commit_mtu(self);
- ipv4_method = nm_device_get_effective_ip_config_method(self, AF_INET);
- if (nm_streq(ipv4_method, NM_SETTING_IP4_CONFIG_METHOD_AUTO)) {
- /* "auto" usually means DHCPv4 or autoconf6, but it doesn't have to be. Subclasses
- * can overwrite it. For example, you cannot run DHCPv4 on PPP/WireGuard links. */
- ipv4_method = klass->get_ip_method_auto(self, AF_INET);
- }
-
- ipv6_method = nm_device_get_effective_ip_config_method(self, AF_INET6);
- if (nm_streq(ipv6_method, NM_SETTING_IP6_CONFIG_METHOD_AUTO)) {
- ipv6_method = klass->get_ip_method_auto(self, AF_INET6);
- }
-
if (!nm_device_sys_iface_state_is_external(self)
&& (!klass->ready_for_ip_config || klass->ready_for_ip_config(self, TRUE))) {
if (priv->ipmanual_data.state_6 == NM_DEVICE_IP_STATE_NONE
--
2.43.0