system/NetworkManager
system/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager synced 2024-07-21 10:14:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

all: add new "ipv[46].replace-local-rule" setting

Browse source 
This setting allows the user to remove the local route rule that is
autogenerated for both IPv4 and IPv6. By default, NetworkManager won't
touch the local route rule.
This commit is contained in:
Fernando Fernandez Mancera 2023-02-20 12:05:04 +01:00
parent 79611e4fcc
commit d2ca44ffc6
18 changed files with 1056 additions and 666 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
src/core/devices/nm-device.c
View file

@ -9658,6 +9658,18 @@ _routing_rules_sync(NMDevice *self, NMTernary set_mode)
user_tag_1,
NMP_GLOBAL_TRACKER_EXTERN_WEAKLY_TRACKED_USER_TAG);
}
if (nm_setting_ip_config_get_replace_local_rule(s_ip) == NM_TERNARY_TRUE) {
/* The user specified that the local rule should be replaced.
* In order to do that, we track the local rule with negative
* priority. */
nmp_global_tracker_track_local_rule(
global_tracker,
addr_family,
-5,
user_tag_1,
NMP_GLOBAL_TRACKER_EXTERN_WEAKLY_TRACKED_USER_TAG);
}
}
if (klass->get_extra_rules) {

4
src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
View file

@ -1944,6 +1944,8 @@ make_ip4_setting(shvarFile *ifcfg,
ipv4_link_local,
NM_SETTING_IP_CONFIG_AUTO_ROUTE_EXT_GW,
svGetValueTernary(ifcfg, "IPV4_AUTO_ROUTE_EXT_GW"),
NM_SETTING_IP_CONFIG_REPLACE_LOCAL_RULE,
svGetValueTernary(ifcfg, "IPV4_REPLACE_LOCAL_RULE"),
NULL);
if (nm_streq(method, NM_SETTING_IP4_CONFIG_METHOD_DISABLED))
@ -2459,6 +2461,8 @@ make_ip6_setting(shvarFile *ifcfg, shvarFile *network_ifcfg, gboolean routes_rea
ip6_privacy_val,
NM_SETTING_IP_CONFIG_AUTO_ROUTE_EXT_GW,
svGetValueTernary(ifcfg, "IPV6_AUTO_ROUTE_EXT_GW"),
NM_SETTING_IP_CONFIG_REPLACE_LOCAL_RULE,
svGetValueTernary(ifcfg, "IPV6_REPLACE_LOCAL_RULE"),
NULL);
/* Don't bother to read IP, DNS and routes when IPv6 is disabled */

2
src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.c
View file

@ -962,6 +962,7 @@ const NMSIfcfgKeyTypeInfo nms_ifcfg_well_known_keys[] = {
_KEY_TYPE("IPV4_DNS_PRIORITY", NMS_IFCFG_KEY_TYPE_IS_PLAIN),
_KEY_TYPE("IPV4_FAILURE_FATAL", NMS_IFCFG_KEY_TYPE_IS_PLAIN),
_KEY_TYPE("IPV4_LINK_LOCAL", NMS_IFCFG_KEY_TYPE_IS_PLAIN),
_KEY_TYPE("IPV4_REPLACE_LOCAL_RULE", NMS_IFCFG_KEY_TYPE_IS_PLAIN),
_KEY_TYPE("IPV4_REQUIRED_TIMEOUT", NMS_IFCFG_KEY_TYPE_IS_PLAIN),
_KEY_TYPE("IPV4_ROUTE_METRIC", NMS_IFCFG_KEY_TYPE_IS_PLAIN),
_KEY_TYPE("IPV4_ROUTE_TABLE", NMS_IFCFG_KEY_TYPE_IS_PLAIN),
@ -986,6 +987,7 @@ const NMSIfcfgKeyTypeInfo nms_ifcfg_well_known_keys[] = {
_KEY_TYPE("IPV6_PRIVACY", NMS_IFCFG_KEY_TYPE_IS_PLAIN),
_KEY_TYPE("IPV6_PRIVACY_PREFER_PUBLIC_IP", NMS_IFCFG_KEY_TYPE_IS_PLAIN),
_KEY_TYPE("IPV6_RA_TIMEOUT", NMS_IFCFG_KEY_TYPE_IS_PLAIN),
_KEY_TYPE("IPV6_REPLACE_LOCAL_RULE", NMS_IFCFG_KEY_TYPE_IS_PLAIN),
_KEY_TYPE("IPV6_REQUIRED_TIMEOUT", NMS_IFCFG_KEY_TYPE_IS_PLAIN),
_KEY_TYPE("IPV6_RES_OPTIONS", NMS_IFCFG_KEY_TYPE_IS_PLAIN),
_KEY_TYPE("IPV6_ROUTE_METRIC", NMS_IFCFG_KEY_TYPE_IS_PLAIN),

2
src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.h
View file

@ -33,7 +33,7 @@ typedef struct {
NMSIfcfgKeyTypeFlags key_flags;
} NMSIfcfgKeyTypeInfo;
extern const NMSIfcfgKeyTypeInfo nms_ifcfg_well_known_keys[259];
extern const NMSIfcfgKeyTypeInfo nms_ifcfg_well_known_keys[261];
const NMSIfcfgKeyTypeInfo *nms_ifcfg_well_known_key_find_info(const char *key, gssize *out_idx);

8
src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
View file

@ -2941,6 +2941,10 @@ write_ip4_setting(NMConnection *connection,
svSetValueTernary(ifcfg,
"IPV4_AUTO_ROUTE_EXT_GW",
nm_setting_ip_config_get_auto_route_ext_gw(s_ip4));
svSetValueTernary(ifcfg,
"IPV4_REPLACE_LOCAL_RULE",
nm_setting_ip_config_get_replace_local_rule(s_ip4));
}
static void
@ -3205,6 +3209,10 @@ write_ip6_setting(NMConnection *connection, shvarFile *ifcfg, GString **out_rout
svSetValueTernary(ifcfg,
"IPV6_AUTO_ROUTE_EXT_GW",
nm_setting_ip_config_get_auto_route_ext_gw(s_ip6));
svSetValueTernary(ifcfg,
"IPV6_REPLACE_LOCAL_RULE",
nm_setting_ip_config_get_replace_local_rule(s_ip6));
}
static void

1
src/libnm-client-impl/libnm.ver
View file

@ -1923,6 +1923,7 @@ global:
libnm_1_44_0 {
global:
nm_active_connection_get_controller;
nm_setting_ip_config_get_replace_local_rule;
nm_setting_gsm_get_initial_eps_apn;
nm_setting_gsm_get_initial_eps_config;
} libnm_1_42_0;

8
src/libnm-core-impl/gen-metadata-nm-settings-libnm-core.xml.in
View file

@ -1582,6 +1582,10 @@
dbus-type="b"
gprop-type="gboolean"
/>
<property name="replace-local-rule"
dbus-type="i"
gprop-type="NMTernary"
/>
<property name="required-timeout"
dbus-type="i"
gprop-type="gint"
@ -1713,6 +1717,10 @@
dbus-type="i"
gprop-type="gint"
/>
<property name="replace-local-rule"
dbus-type="i"
gprop-type="NMTernary"
/>
<property name="required-timeout"
dbus-type="i"
gprop-type="gint"

42
src/libnm-core-impl/nm-setting-ip-config.c
View file

@ -3999,7 +3999,8 @@ NM_GOBJECT_PROPERTIES_DEFINE(NMSettingIPConfig,
PROP_REQUIRED_TIMEOUT,
PROP_DHCP_IAID,
PROP_DHCP_REJECT_SERVERS,
PROP_AUTO_ROUTE_EXT_GW, );
PROP_AUTO_ROUTE_EXT_GW,
PROP_REPLACE_LOCAL_RULE, );
G_DEFINE_ABSTRACT_TYPE(NMSettingIPConfig, nm_setting_ip_config, NM_TYPE_SETTING)
@ -5445,6 +5446,22 @@ nm_setting_ip_config_get_auto_route_ext_gw(NMSettingIPConfig *setting)
return NM_SETTING_IP_CONFIG_GET_PRIVATE(setting)->auto_route_ext_gw;
}
/**
* nm_setting_ip_config_get_replace_local_rule:
* @setting: the #NMSettingIPConfig
*
* Returns: the #NMSettingIPConfig:replace-local-rule property of the setting
*
* Since: 1.44
**/
NMTernary
nm_setting_ip_config_get_replace_local_rule(NMSettingIPConfig *setting)
{
g_return_val_if_fail(NM_IS_SETTING_IP_CONFIG(setting), NM_TERNARY_DEFAULT);
return NM_SETTING_IP_CONFIG_GET_PRIVATE(setting)->replace_local_rule;
}
static gboolean
verify_label(const char *label)
{
@ -6105,6 +6122,13 @@ _nm_sett_info_property_override_create_array_ip_config(int addr_family)
.direct_offset =
NM_STRUCT_OFFSET_ENSURE_TYPE(int, NMSettingIPConfigPrivate, auto_route_ext_gw));
_nm_properties_override_gobj(
properties_override,
obj_properties[PROP_REPLACE_LOCAL_RULE],
&nm_sett_info_propert_type_direct_enum,
.direct_offset =
NM_STRUCT_OFFSET_ENSURE_TYPE(int, NMSettingIPConfigPrivate, replace_local_rule));
return properties_override;
}
@ -6807,5 +6831,21 @@ nm_setting_ip_config_class_init(NMSettingIPConfigClass *klass)
NM_TERNARY_DEFAULT,
G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS);
/**
* NMSettingIPConfig:replace-local-rule:
*
* Connections will default to keep the autogenerated priority 0 local rule
* unless this setting is set to %TRUE.
*
* Since: 1.44
*/
obj_properties[PROP_REPLACE_LOCAL_RULE] =
g_param_spec_enum(NM_SETTING_IP_CONFIG_REPLACE_LOCAL_RULE,
"",
"",
NM_TYPE_TERNARY,
NM_TERNARY_DEFAULT,
G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS);
g_object_class_install_properties(object_class, _PROPERTY_ENUMS_LAST, obj_properties);
}

9
src/libnm-core-impl/nm-setting-ip4-config.c
View file

@ -808,6 +808,15 @@ nm_setting_ip4_config_class_init(NMSettingIP4ConfigClass *klass)
* ---end---
*/
/* ---ifcfg-rh---
* property: replace-local-rule
* variable: IPV4_REPLACE_LOCAL_RULE(+)
* default: no
* description: Connections will default to keep the autogenerated priority
* 0 local rule unless this setting is set to %TRUE.
* ---end---
*/
/**
* NMSettingIP4Config:dhcp-client-id:
*

9
src/libnm-core-impl/nm-setting-ip6-config.c
View file

@ -752,6 +752,15 @@ nm_setting_ip6_config_class_init(NMSettingIP6ConfigClass *klass)
* ---end---
*/
/* ---ifcfg-rh---
* property: replace-local-rule
* variable: IPV6_REPLACE_LOCAL_RULE(+)
* default: no
* description: Connections will default to keep the autogenerated priority
* 0 local rule unless this setting is set to %TRUE.
* ---end---
*/
/**
* NMSettingIP6Config:ip6-privacy:
*

1
src/libnm-core-impl/nm-setting-private.h
View file

@ -198,6 +198,7 @@ typedef struct {
char *dhcp_iaid;
gint64 route_metric;
int auto_route_ext_gw;
int replace_local_rule;
gint32 required_timeout;
gint32 dad_timeout;
gint32 dhcp_timeout;

1
src/libnm-core-impl/tests/test-general.c
View file

@ -4014,6 +4014,7 @@ test_connection_diff_a_only(void)
{NM_SETTING_IP_CONFIG_DHCP_REJECT_SERVERS, NM_SETTING_DIFF_RESULT_IN_A},
{NM_SETTING_IP4_CONFIG_LINK_LOCAL, NM_SETTING_DIFF_RESULT_IN_A},
{NM_SETTING_IP_CONFIG_AUTO_ROUTE_EXT_GW, NM_SETTING_DIFF_RESULT_IN_A},
{NM_SETTING_IP_CONFIG_REPLACE_LOCAL_RULE, NM_SETTING_DIFF_RESULT_IN_A},
{NULL, NM_SETTING_DIFF_RESULT_UNKNOWN},
}},
};

3
src/libnm-core-public/nm-setting-ip-config.h
View file

@ -340,6 +340,7 @@ char *nm_ip_routing_rule_to_string(const NMIPRoutingRule *self,
#define NM_SETTING_IP_CONFIG_DHCP_IAID "dhcp-iaid"
#define NM_SETTING_IP_CONFIG_DHCP_REJECT_SERVERS "dhcp-reject-servers"
#define NM_SETTING_IP_CONFIG_AUTO_ROUTE_EXT_GW "auto-route-ext-gw"
#define NM_SETTING_IP_CONFIG_REPLACE_LOCAL_RULE "replace-local-rule"
/* these are not real GObject properties. */
#define NM_SETTING_IP_CONFIG_ROUTING_RULES "routing-rules"
@ -499,6 +500,8 @@ NM_AVAILABLE_IN_1_28
void nm_setting_ip_config_clear_dhcp_reject_servers(NMSettingIPConfig *setting);
NM_AVAILABLE_IN_1_42
NMTernary nm_setting_ip_config_get_auto_route_ext_gw(NMSettingIPConfig *setting);
NM_AVAILABLE_IN_1_44
NMTernary nm_setting_ip_config_get_replace_local_rule(NMSettingIPConfig *setting);
G_END_DECLS

6
src/libnmc-setting/nm-meta-setting-desc.c
View file

@ -6294,6 +6294,9 @@ static const NMMetaPropertyInfo *const property_infos_IP4_CONFIG[] = {
PROPERTY_INFO (NM_SETTING_IP_CONFIG_AUTO_ROUTE_EXT_GW, DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_AUTO_ROUTE_EXT_GW,
.property_type = &_pt_gobject_ternary,
),
PROPERTY_INFO (NM_SETTING_IP_CONFIG_REPLACE_LOCAL_RULE, DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_REPLACE_LOCAL_RULE,
.property_type = &_pt_gobject_ternary,
),
NULL
};
@ -6545,6 +6548,9 @@ static const NMMetaPropertyInfo *const property_infos_IP6_CONFIG[] = {
PROPERTY_INFO_WITH_DESC (NM_SETTING_IP6_CONFIG_TOKEN,
.property_type = &_pt_gobject_string,
),
PROPERTY_INFO (NM_SETTING_IP_CONFIG_REPLACE_LOCAL_RULE, DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_REPLACE_LOCAL_RULE,
.property_type = &_pt_gobject_ternary,
),
NULL
};

2
src/libnmc-setting/settings-docs.h.in
View file

@ -181,6 +181,7 @@
#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_MAY_FAIL N_("If TRUE, allow overall network configuration to proceed even if the configuration specified by this property times out. Note that at least one IP configuration must succeed or overall network configuration will still fail. For example, in IPv6-only networks, setting this property to TRUE on the NMSettingIP4Config allows the overall network configuration to succeed if IPv4 configuration fails but IPv6 configuration completes successfully.")
#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_METHOD N_("IP configuration method. NMSettingIP4Config and NMSettingIP6Config both support \"disabled\", \"auto\", \"manual\", and \"link-local\". See the subclass-specific documentation for other values. In general, for the \"auto\" method, properties such as \"dns\" and \"routes\" specify information that is added on to the information returned from automatic configuration. The \"ignore-auto-routes\" and \"ignore-auto-dns\" properties modify this behavior. For methods that imply no upstream network, such as \"shared\" or \"link-local\", these properties must be empty. For IPv4 method \"shared\", the IP subnet can be configured by adding one manual IPv4 address or otherwise 10.42.x.0/24 is chosen. Note that the shared method must be configured on the interface which shares the internet to a subnet, not on the uplink which is shared.")
#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_NEVER_DEFAULT N_("If TRUE, this connection will never be the default connection for this IP type, meaning it will never be assigned the default route by NetworkManager.")
#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_REPLACE_LOCAL_RULE N_("Connections will default to keep the autogenerated priority 0 local rule unless this setting is set to TRUE.")
#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_REQUIRED_TIMEOUT N_("The minimum time interval in milliseconds for which dynamic IP configuration should be tried before the connection succeeds. This property is useful for example if both IPv4 and IPv6 are enabled and are allowed to fail. Normally the connection succeeds as soon as one of the two address families completes; by setting a required timeout for e.g. IPv4, one can ensure that even if IP6 succeeds earlier than IPv4, NetworkManager waits some time for IPv4 before the connection becomes active. Note that if \"may-fail\" is FALSE for the same address family, this property has no effect as NetworkManager needs to wait for the full DHCP timeout. A zero value means that no required timeout is present, -1 means the default value (either configuration ipvx.required-timeout override or zero).")
#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_ROUTE_METRIC N_("The default metric for routes that don't explicitly specify a metric. The default value -1 means that the metric is chosen automatically based on the device type. The metric applies to dynamic routes, manual (static) routes that don't have an explicit metric setting, address prefix routes, and the default route. Note that for IPv6, the kernel accepts zero (0) but coerces it to 1024 (user default). Hence, setting this property to zero effectively mean setting it to 1024. For IPv4, zero is a regular value for the metric.")
#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_ROUTE_TABLE N_("Enable policy routing (source routing) and set the routing table used when adding routes. This affects all routes, including device-routes, IPv4LL, DHCP, SLAAC, default-routes and static routes. But note that static routes can individually overwrite the setting by explicitly specifying a non-zero routing table. If the table setting is left at zero, it is eligible to be overwritten via global configuration. If the property is zero even after applying the global configuration value, policy routing is disabled for the address family of this connection. Policy routing disabled means that NetworkManager will add all routes to the main table (except static routes that explicitly configure a different table). Additionally, NetworkManager will not delete any extraneous routes from tables except the main table. This is to preserve backward compatibility for users who manage routing tables outside of NetworkManager.")
@ -210,6 +211,7 @@
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_MTU N_("Maximum transmission unit size, in bytes. If zero (the default), the MTU is set automatically from router advertisements or is left equal to the link-layer MTU. If greater than the link-layer MTU, or greater than zero but less than the minimum IPv6 MTU of 1280, this value has no effect.")
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_NEVER_DEFAULT N_("If TRUE, this connection will never be the default connection for this IP type, meaning it will never be assigned the default route by NetworkManager.")
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_RA_TIMEOUT N_("A timeout for waiting Router Advertisements in seconds. If zero (the default), a globally configured default is used. If still unspecified, the timeout depends on the sysctl settings of the device. Set to 2147483647 (MAXINT32) for infinity.")
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_REPLACE_LOCAL_RULE N_("Connections will default to keep the autogenerated priority 0 local rule unless this setting is set to TRUE.")
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_REQUIRED_TIMEOUT N_("The minimum time interval in milliseconds for which dynamic IP configuration should be tried before the connection succeeds. This property is useful for example if both IPv4 and IPv6 are enabled and are allowed to fail. Normally the connection succeeds as soon as one of the two address families completes; by setting a required timeout for e.g. IPv4, one can ensure that even if IP6 succeeds earlier than IPv4, NetworkManager waits some time for IPv4 before the connection becomes active. Note that if \"may-fail\" is FALSE for the same address family, this property has no effect as NetworkManager needs to wait for the full DHCP timeout. A zero value means that no required timeout is present, -1 means the default value (either configuration ipvx.required-timeout override or zero).")
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_ROUTE_METRIC N_("The default metric for routes that don't explicitly specify a metric. The default value -1 means that the metric is chosen automatically based on the device type. The metric applies to dynamic routes, manual (static) routes that don't have an explicit metric setting, address prefix routes, and the default route. Note that for IPv6, the kernel accepts zero (0) but coerces it to 1024 (user default). Hence, setting this property to zero effectively mean setting it to 1024. For IPv4, zero is a regular value for the metric.")
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_ROUTE_TABLE N_("Enable policy routing (source routing) and set the routing table used when adding routes. This affects all routes, including device-routes, IPv4LL, DHCP, SLAAC, default-routes and static routes. But note that static routes can individually overwrite the setting by explicitly specifying a non-zero routing table. If the table setting is left at zero, it is eligible to be overwritten via global configuration. If the property is zero even after applying the global configuration value, policy routing is disabled for the address family of this connection. Policy routing disabled means that NetworkManager will add all routes to the main table (except static routes that explicitly configure a different table). Additionally, NetworkManager will not delete any extraneous routes from tables except the main table. This is to preserve backward compatibility for users who manage routing tables outside of NetworkManager.")

4
src/nmcli/gen-metadata-nm-settings-nmcli.xml.in
View file

@ -712,6 +712,8 @@
description="Array of servers from which DHCP offers must be rejected. This property is useful to avoid getting a lease from misconfigured or rogue servers. For DHCPv4, each element must be an IPv4 address, optionally followed by a slash and a prefix length (e.g. &quot;192.168.122.0/24&quot;). This property is currently not implemented for DHCPv6." />
<property name="auto-route-ext-gw"
description="VPN connections will default to add the route automatically unless this setting is set to FALSE. For other connection types, adding such an automatic route is currently not supported and setting this to TRUE has no effect." />
<property name="replace-local-rule"
description="Connections will default to keep the autogenerated priority 0 local rule unless this setting is set to TRUE." />
</setting>
<setting name="ipv6" >
<property name="method"
@ -771,6 +773,8 @@
description="VPN connections will default to add the route automatically unless this setting is set to FALSE. For other connection types, adding such an automatic route is currently not supported and setting this to TRUE has no effect." />
<property name="token"
description="Configure the token for draft-chown-6man-tokenised-ipv6-identifiers-02 IPv6 tokenized interface identifiers. Useful with eui64 addr-gen-mode." />
<property name="replace-local-rule"
description="Connections will default to keep the autogenerated priority 0 local rule unless this setting is set to TRUE." />
</setting>
<setting name="loopback" >
<property name="mtu"

708
src/tests/client/test-client.check-on-disk/test_003.expected
View file

File diff suppressed because it is too large Load diff

900
src/tests/client/test-client.check-on-disk/test_004.expected
View file

File diff suppressed because it is too large Load diff