Hello community,
here is the log from the commit of package NetworkManager for openSUSE:Factory
checked in at 2018-05-08 13:31:39
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/NetworkManager (Old)
and /work/SRC/openSUSE:Factory/.NetworkManager.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "NetworkManager"
Tue May 8 13:31:39 2018 rev:183 rq:603931 version:1.10.6
Changes:
--------
--- /work/SRC/openSUSE:Factory/NetworkManager/NetworkManager.changes
2018-03-26 12:39:02.849355602 +0200
+++ /work/SRC/openSUSE:Factory/.NetworkManager.new/NetworkManager.changes
2018-05-08 13:31:40.761809237 +0200
@@ -1,0 +2,6 @@
+Fri May 4 06:56:55 UTC 2018 - sck...@suse.com
+
+- Add NM-look-at-all-rp-filter-value.patch: look at 'all' rp_filter
+ value too to determine actual value (bsc#1084336, bgo#794689).
+
+-------------------------------------------------------------------
New:
----
NM-look-at-all-rp-filter-value.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ NetworkManager.spec ++++++
--- /var/tmp/diff_new_pack.AtCcI8/_old 2018-05-08 13:31:42.217756707 +0200
+++ /var/tmp/diff_new_pack.AtCcI8/_new 2018-05-08 13:31:42.225756418 +0200
@@ -43,6 +43,8 @@
Patch3: networkmanager-obs-net.patch
# PATCH-FIX-OPENSUSE nm-dont-overwrite-resolv-conf.patch bsc#1021665,
bsc#960153 sck...@suse.com -- NetworkManager spawns netconfig to update DNS
settings, and terminates netconfig after 1s. But 1s isn't quite long enough for
netconfig to complete the task. Adjust it to 0 seconds(don't send SIGKILL) to
avoid NM overwriting /etc/resolv.conf.
Patch4: nm-dont-overwrite-resolv-conf.patch
+# PATCH-FIX-UPSTREAM NM-look-at-all-rp-filter-value.patch bsc#1084336
bgo#794689 sck...@suse.com -- device: look at 'all' rp_filter value too to
determine actual value
+Patch5: NM-look-at-all-rp-filter-value.patch
BuildRequires: dnsmasq
BuildRequires: fdupes
BuildRequires: intltool
@@ -230,6 +232,7 @@
%patch2 -p1
%patch3 -p1
%patch4 -p1
+%patch5 -p1
%build
NOCONFIGURE=1 ./autogen.sh
++++++ NM-look-at-all-rp-filter-value.patch ++++++
>From 150cf44d501c82810e7033b7a8278713919d1d89 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalv...@redhat.com>
Date: Tue, 10 Apr 2018 16:22:00 +0200
Subject: [PATCH] device: look at 'all' rp_filter value too to determine actual
value
Currently we overwrite the interface rp_filter value with 2 ("loose")
only when it is 1 ("strict") because when it is 0 ("no validation") it
is already more permissive.
So, if the value for the interface is 0 and
net/ipv4/conf/all/rp_filter is 1 (like it happens by default on Fedora
28), we don't overwrite it; since kernel considers the maximum between
{all,$dev}/rp_filter, the effective value remains 'strict'.
We should instead combine the two {all,$dev}/rp_filter, and if it's 1
overwrite the value with 2.
https://bugzilla.redhat.com/show_bug.cgi?id=1565529
---
src/devices/nm-device.c | 33 +++++++++++++++++++++++++--------
1 file changed, 25 insertions(+), 8 deletions(-)
diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c
index 9b9584ce7..d20563598 100644
--- a/src/devices/nm-device.c
+++ b/src/devices/nm-device.c
@@ -1052,19 +1052,36 @@ nm_device_ipv4_sysctl_set (NMDevice *self, const char
*property, const char *val
}
static guint32
-nm_device_ipv4_sysctl_get_uint32 (NMDevice *self, const char *property,
guint32 fallback)
+nm_device_ipv4_sysctl_get_effective_uint32 (NMDevice *self, const char
*property, guint32 fallback)
{
char buf[NM_UTILS_SYSCTL_IP_CONF_PATH_BUFSIZE];
+ gint64 v, v_all;
if (!nm_device_get_ip_ifindex (self))
return fallback;
- return nm_platform_sysctl_get_int_checked (nm_device_get_platform
(self),
- NMP_SYSCTL_PATHID_ABSOLUTE
(nm_utils_sysctl_ip_conf_path (AF_INET, buf, nm_device_get_ip_iface (self),
property)),
- 10,
- 0,
- G_MAXUINT32,
- fallback);
+ v = nm_platform_sysctl_get_int_checked (nm_device_get_platform (self),
+ NMP_SYSCTL_PATHID_ABSOLUTE
(nm_utils_sysctl_ip_conf_path (AF_INET,
+
buf,
+
nm_device_get_ip_iface (self),
+
property)),
+ 10,
+ 0,
+ G_MAXUINT32,
+ -1);
+
+ v_all = nm_platform_sysctl_get_int_checked (nm_device_get_platform
(self),
+ NMP_SYSCTL_PATHID_ABSOLUTE
(nm_utils_sysctl_ip_conf_path (AF_INET,
+
buf,
+
"all",
+
property)),
+ 10,
+ 0,
+ G_MAXUINT32,
+ -1);
+
+ v = NM_MAX (v, v_all);
+ return v > -1 ? (guint32) v : fallback;
}
gboolean
@@ -3527,7 +3544,7 @@ ip4_rp_filter_update (NMDevice *self)
if ( priv->v4_has_shadowed_routes
|| nm_device_get_best_default_route (self, AF_INET)) {
- if (nm_device_ipv4_sysctl_get_uint32 (self, "rp_filter", 0) !=
1) {
+ if (nm_device_ipv4_sysctl_get_effective_uint32 (self,
"rp_filter", 0) != 1) {
/* Don't touch the rp_filter if it's not strict. */
return;
}
--
2.17.0
