mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager
synced 2024-10-15 04:24:32 +00:00
dac12a8d61
Add support for IPv6 multipath routes, by treating them as single-hop routes. Otherwise, we can easily end up with an inconsistent platform cache. Background: ----------- Routes are hard. We have NMPlatform which is a cache of netlink objects. That means, we have a hash table and we cache objects based on some identity (nmp_object_id_equal()). So those objects must have some immutable, indistinguishable properties that determine whether an object is the same or a different one. For routes and routing rules, this identifying property is basically a subset of the attributes (but not all!). That makes it very hard, because tomorrow kernel could add an attribute that becomes part of the identity, and NetworkManager wouldn't recognize it, resulting in cache inconsistency by wrongly thinking two different routes are one and the same. Anyway. The other point is that we rely on netlink events to maintain the cache. So when we receive a RTM_NEWROUTE we add the object to the cache, and delete it upon RTM_DELROUTE. When you do `ip route replace`, kernel might replace a (different!) route, but only send one RTM_NEWROUTE message. We handle that by somehow finding the route that was replaced/deleted. It's ugly. Did I say, that routes are hard? Also, for IPv4 routes, multipath attributes are just a part of the routes identity. That is, you add two different routes that only differ by their multipath list, and then kernel does as you would expect. NetworkManager does not support IPv4 multihop routes and just ignores them. Also, a multipath route can have next hops on different interfaces, which goes against our current assumption, that an NMPlatformIP4Route has an interface (or no interface, in case of blackhole routes). That makes it hard to meaningfully support IPv4 routes. But we probably don't have to, because we can just pretend that such routes don't exist and our cache stays consistent (at least, until somebody calls `ip route replace` *sigh*). Not so for IPv6. When you add (`ip route append`) an IPv6 route that is identical to an existing route -- except their multipath attribute -- then it behaves as if the existing route was modified and the result is the merged route with more next-hops. Note that in this case kernel will only send a RTM_NEWROUTE message with the full multipath list. If we would treat the multipath list as part of the route's identity, this would be as if kernel deleted one routes and created a different one (the merged one), but only sending one notification. That's a bit similar to what happens during `ip route replace`, but it would be nightmare to find out which route was thereby replaced. Likewise, when you delete a route, then kernel will "subtract" the next-hop and sent a RTM_DELROUTE notification only about the next-hop that was deleted. To handle that, you would have to find the full multihop route, and replace it with the remainder after the subtraction. NetworkManager so far ignored IPv6 routes with more than one next-hop, this means you can start with one single-hop route (that NetworkManger sees and has in the platform cache). Then you create a similar route (only differing by the next-hop). Kernel will merge the routes, but not notify NetworkManager that the single-hop route is not longer a single-hop route. This can easily cause a cache inconsistency and subtle bugs. For IPv6 we MUST handle multihop routes. Kernels behavior makes little sense, if you expect that routes have an immutable identity and want to get notifications about addition/removal. We can however make sense by it by pretending that all IPv6 routes are single-hop! With only the twist that a single RTM_NEWROUTE notification might notify about multiple routes at the same time. This is what the patch does. The Patch --------- Now one RTM_NEWROUTE message can contain multiple IPv6 routes (NMPObject). That would mean that nmp_object_new_from_nl() needs to return a list of objects. But it's not implemented that way. Instead, we still call nmp_object_new_from_nl(), and the parsing code can indicate that there is something more, indicating the caller to call nmp_object_new_from_nl() again in a loop to fetch more objects. In practice, I think all RTM_DELROUTE messages for IPv6 routes are single-hop. Still, we implement it to handle also multi-hop messages the same way. Note that we just parse the netlink message again from scratch. The alternative would be to parse the first object once, and then clone the object and only update the next-hop. That would be more efficient, but probably harder to understand/implement. https://bugzilla.redhat.com/show_bug.cgi?id=1837254#c20 |
||
|---|---|---|
| .gitlab-ci | ||
| contrib | ||
| data | ||
| docs | ||
| examples | ||
| introspection | ||
| m4 | ||
| man | ||
| po | ||
| src | ||
| tools | ||
| vapi | ||
| .clang-format | ||
| .dir-locals.el | ||
| .git-blame-ignore-revs | ||
| .gitignore | ||
| .gitlab-ci.yml | ||
| .lgtm.yml | ||
| .mailmap | ||
| .triage-policies.yml | ||
| AUTHORS | ||
| autogen.sh | ||
| ChangeLog | ||
| config-extra.h.meson | ||
| config-extra.h.mk | ||
| config.h.meson | ||
| configure.ac | ||
| CONTRIBUTING.md | ||
| COPYING | ||
| COPYING.GFDL | ||
| COPYING.LGPL | ||
| linker-script-binary.ver | ||
| linker-script-devices.ver | ||
| linker-script-settings.ver | ||
| lsan.suppressions | ||
| MAINTAINERS | ||
| MAINTAINERS.md | ||
| Makefile.am | ||
| Makefile.examples | ||
| Makefile.glib | ||
| Makefile.vapigen | ||
| meson.build | ||
| meson_options.txt | ||
| NEWS | ||
| README | ||
| RELICENSE.md | ||
| TODO | ||
| valgrind.suppressions | ||
****************** NetworkManager core daemon has moved to gitlab.freedesktop.org! git clone https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git ****************** Networking that Just Works -------------------------- NetworkManager attempts to keep an active network connection available at all times. The point of NetworkManager is to make networking configuration and setup as painless and automatic as possible. NetworkManager is intended to replace default route, replace other routes, set IP addresses, and in general configure networking as NM sees fit (with the possibility of manual override as necessary). In effect, the goal of NetworkManager is to make networking Just Work with a minimum of user hassle, but still allow customization and a high level of manual network control. If you have special needs, we'd like to hear about them, but understand that NetworkManager is not intended for every use-case. NetworkManager will attempt to keep every network device in the system up and active, as long as the device is available for use (has a cable plugged in, the killswitch isn't turned on, etc). Network connections can be set to 'autoconnect', meaning that NetworkManager will make that connection active whenever it and the hardware is available. "Settings services" store lists of user- or administrator-defined "connections", which contain all the settings and parameters required to connect to a specific network. NetworkManager will _never_ activate a connection that is not in this list, or that the user has not directed NetworkManager to connect to. How it works: The NetworkManager daemon runs as a privileged service (since it must access and control hardware), but provides a D-Bus interface on the system bus to allow for fine-grained control of networking. NetworkManager does not store connections or settings, it is only the mechanism by which those connections are selected and activated. To store pre-defined network connections, two separate services, the "system settings service" and the "user settings service" store connection information and provide these to NetworkManager, also via D-Bus. Each settings service can determine how and where it persistently stores the connection information; for example, the GNOME applet stores its configuration in GConf, and the system settings service stores its config in distro-specific formats, or in a distro- agnostic format, depending on user/administrator preference. A variety of other system services are used by NetworkManager to provide network functionality: wpa_supplicant for wireless connections and 802.1x wired connections, pppd for PPP and mobile broadband connections, DHCP clients for dynamic IP addressing, dnsmasq for proxy nameserver and DHCP server functionality for internet connection sharing, and avahi-autoipd for IPv4 link-local addresses. Most communication with these daemons occurs, again, via D-Bus. Why doesn't my network Just Work? Driver problems are the #1 cause of why NetworkManager sometimes fails to connect to wireless networks. Often, the driver simply doesn't behave in a consistent manner, or is just plain buggy. NetworkManager supports _only_ those drivers that are shipped with the upstream Linux kernel, because only those drivers can be easily fixed and debugged. ndiswrapper, vendor binary drivers, or other out-of-tree drivers may or may not work well with NetworkManager, precisely because they have not been vetted and improved by the open-source community, and because problems in these drivers usually cannot be fixed. Sometimes, command-line tools like 'iwconfig' will work, but NetworkManager will fail. This is again often due to buggy drivers, because these drivers simply aren't expecting the dynamic requests that NetworkManager and wpa_supplicant make. Driver bugs should be filed in the bug tracker of the distribution being run, since often distributions customize their kernel and drivers. Sometimes, it really is NetworkManager's fault. If you think that's the case, please file a bug at: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/issues Attaching NetworkManager debug logs from the journal (or wherever your distribution directs syslog's 'daemon' facility output, as /var/log/messages or /var/log/daemon.log) is often very helpful, and (if you can get) a working wpa_supplicant config file helps enormously. See the logging section of file contrib/fedora/rpm/NetworkManager.conf for how to enable debug logging in NetworkManager.