Hello community, here is the log from the commit of package NetworkManager for openSUSE:Factory checked in at 2018-05-08 13:31:39 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/NetworkManager (Old) and /work/SRC/openSUSE:Factory/.NetworkManager.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "NetworkManager" Tue May 8 13:31:39 2018 rev:183 rq:603931 version:1.10.6 Changes: -------- --- /work/SRC/openSUSE:Factory/NetworkManager/NetworkManager.changes 2018-03-26 12:39:02.849355602 +0200 +++ /work/SRC/openSUSE:Factory/.NetworkManager.new/NetworkManager.changes 2018-05-08 13:31:40.761809237 +0200 @@ -1,0 +2,6 @@ +Fri May 4 06:56:55 UTC 2018 - sck...@suse.com + +- Add NM-look-at-all-rp-filter-value.patch: look at 'all' rp_filter + value too to determine actual value (bsc#1084336, bgo#794689). + +------------------------------------------------------------------- New: ---- NM-look-at-all-rp-filter-value.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ NetworkManager.spec ++++++ --- /var/tmp/diff_new_pack.AtCcI8/_old 2018-05-08 13:31:42.217756707 +0200 +++ /var/tmp/diff_new_pack.AtCcI8/_new 2018-05-08 13:31:42.225756418 +0200 @@ -43,6 +43,8 @@ Patch3: networkmanager-obs-net.patch # PATCH-FIX-OPENSUSE nm-dont-overwrite-resolv-conf.patch bsc#1021665, bsc#960153 sck...@suse.com -- NetworkManager spawns netconfig to update DNS settings, and terminates netconfig after 1s. But 1s isn't quite long enough for netconfig to complete the task. Adjust it to 0 seconds(don't send SIGKILL) to avoid NM overwriting /etc/resolv.conf. Patch4: nm-dont-overwrite-resolv-conf.patch +# PATCH-FIX-UPSTREAM NM-look-at-all-rp-filter-value.patch bsc#1084336 bgo#794689 sck...@suse.com -- device: look at 'all' rp_filter value too to determine actual value +Patch5: NM-look-at-all-rp-filter-value.patch BuildRequires: dnsmasq BuildRequires: fdupes BuildRequires: intltool @@ -230,6 +232,7 @@ %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 %build NOCONFIGURE=1 ./autogen.sh ++++++ NM-look-at-all-rp-filter-value.patch ++++++ >From 150cf44d501c82810e7033b7a8278713919d1d89 Mon Sep 17 00:00:00 2001 From: Beniamino Galvani <bgalv...@redhat.com> Date: Tue, 10 Apr 2018 16:22:00 +0200 Subject: [PATCH] device: look at 'all' rp_filter value too to determine actual value Currently we overwrite the interface rp_filter value with 2 ("loose") only when it is 1 ("strict") because when it is 0 ("no validation") it is already more permissive. So, if the value for the interface is 0 and net/ipv4/conf/all/rp_filter is 1 (like it happens by default on Fedora 28), we don't overwrite it; since kernel considers the maximum between {all,$dev}/rp_filter, the effective value remains 'strict'. We should instead combine the two {all,$dev}/rp_filter, and if it's 1 overwrite the value with 2. https://bugzilla.redhat.com/show_bug.cgi?id=1565529 --- src/devices/nm-device.c | 33 +++++++++++++++++++++++++-------- 1 file changed, 25 insertions(+), 8 deletions(-) diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c index 9b9584ce7..d20563598 100644 --- a/src/devices/nm-device.c +++ b/src/devices/nm-device.c @@ -1052,19 +1052,36 @@ nm_device_ipv4_sysctl_set (NMDevice *self, const char *property, const char *val } static guint32 -nm_device_ipv4_sysctl_get_uint32 (NMDevice *self, const char *property, guint32 fallback) +nm_device_ipv4_sysctl_get_effective_uint32 (NMDevice *self, const char *property, guint32 fallback) { char buf[NM_UTILS_SYSCTL_IP_CONF_PATH_BUFSIZE]; + gint64 v, v_all; if (!nm_device_get_ip_ifindex (self)) return fallback; - return nm_platform_sysctl_get_int_checked (nm_device_get_platform (self), - NMP_SYSCTL_PATHID_ABSOLUTE (nm_utils_sysctl_ip_conf_path (AF_INET, buf, nm_device_get_ip_iface (self), property)), - 10, - 0, - G_MAXUINT32, - fallback); + v = nm_platform_sysctl_get_int_checked (nm_device_get_platform (self), + NMP_SYSCTL_PATHID_ABSOLUTE (nm_utils_sysctl_ip_conf_path (AF_INET, + buf, + nm_device_get_ip_iface (self), + property)), + 10, + 0, + G_MAXUINT32, + -1); + + v_all = nm_platform_sysctl_get_int_checked (nm_device_get_platform (self), + NMP_SYSCTL_PATHID_ABSOLUTE (nm_utils_sysctl_ip_conf_path (AF_INET, + buf, + "all", + property)), + 10, + 0, + G_MAXUINT32, + -1); + + v = NM_MAX (v, v_all); + return v > -1 ? (guint32) v : fallback; } gboolean @@ -3527,7 +3544,7 @@ ip4_rp_filter_update (NMDevice *self) if ( priv->v4_has_shadowed_routes || nm_device_get_best_default_route (self, AF_INET)) { - if (nm_device_ipv4_sysctl_get_uint32 (self, "rp_filter", 0) != 1) { + if (nm_device_ipv4_sysctl_get_effective_uint32 (self, "rp_filter", 0) != 1) { /* Don't touch the rp_filter if it's not strict. */ return; } -- 2.17.0