From patchwork Wed Aug 12 00:14:49 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ian Wienand X-Patchwork-Id: 247624 Delivered-To: patch@linaro.org Received: by 2002:a92:cc90:0:0:0:0:0 with SMTP id x16csp1064954ilo; Tue, 11 Aug 2020 17:15:29 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwuKTBRWt4ybedv6xTlLdLFSPltakHUi1BZgULDgCoHGvlK0CF8o7aUz/BcIVd/opYh0ond X-Received: by 2002:a17:906:3e4f:: with SMTP id t15mr30461995eji.368.1597191329577; Tue, 11 Aug 2020 17:15:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1597191329; cv=none; d=google.com; s=arc-20160816; b=WzoVtQnZrL7vMOunQ2ZBQNIVoIQ+HjOWtKMJwCwGXzrSPRs7KwK0cEMiSz5bU3/YLb HUSuuX4uZaXeQMWyVDR9tMM4YltuWX32ekeqXW9vqnYvJbARHxN/fHnl7EGX3Ab5HMAb t/5AIoKeHtClaJYvDCvr6qjxq0txjo3nqvCX4Kc7GQSlTqeg+mNTWrneYRTgcmO6BQAg U3BNl0zIP/SXytbgQnRhTWMAeWtrSVZ0YNSLJJ6d6LrUDLRxFeWHB3oHgn+khEhJW3xQ z78TxEpp9jI5sh1zKF45GZO0bznMBhk61UZLl7VhpI1D30oCJ6b6YriZE3YyXNV/yqm1 bZrg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:errors-to:sender:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:cc :mime-version:message-id:date:subject:to:from:delivered-to :dkim-signature; bh=yHp3huLSwrdEQEvmN9b/8rls6VXxK2maZVFrpat+PiQ=; b=Ne8fnvSp8E4A09z70AYAs+2DHY9Zxkolw0z5AOw6wUpP9a7HVIeZqtUv5lABrm1bPX beefE2uP2Jw+CND2wWLBXe9Bc2rRXKgGBCHFc3DRFVCxOkBQHMPh7W+kblxVhJqF1ZA2 fT69yPtQqncsXjBnnmFKe3V6tALZDJGvp3+G0hufeR2v17S+5MThAqRetbK4F3+OE/O6 H3nepBcPd0wY0idssiHhdbr90FLhegCkgI+ksR1LK5ZcRiqwUWzJ7+Dieh/aa/pRr6G9 u4e8FuTynfF/iyxY7OeJZcinPuIreaS8A9l1/3YlCqJZLMaBE6XISGfOjPN6wNqnXFv1 sv5A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=QCvGHkyY; spf=pass (google.com: domain of libvir-list-bounces@redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com. [207.211.31.120]) by mx.google.com with ESMTPS id z25si99875eje.701.2020.08.11.17.15.29 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 11 Aug 2020 17:15:29 -0700 (PDT) Received-SPF: pass (google.com: domain of libvir-list-bounces@redhat.com designates 207.211.31.120 as permitted sender) client-ip=207.211.31.120; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=QCvGHkyY; spf=pass (google.com: domain of libvir-list-bounces@redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1597191328; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=yHp3huLSwrdEQEvmN9b/8rls6VXxK2maZVFrpat+PiQ=; b=QCvGHkyYxEmwP9AIxYku7Khh84SvG5SHbHcrboverU1tmMjmpeF12FkBqFro3SYrpagdYu X/t/O4bGbrVxT6kwLrpg0WsfH36t6mH+oPAZdmaX5KTPktcf1qWP/VeN8hQwkS2+xZX9B5 GM52O8bFzm43EJ7/pAe/0qts6U4vp7Q= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-469-6mAsnwmtPMuirRyQioPAOg-1; Tue, 11 Aug 2020 20:15:26 -0400 X-MC-Unique: 6mAsnwmtPMuirRyQioPAOg-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 99DB01005504; Wed, 12 Aug 2020 00:15:19 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 43D681A927; Wed, 12 Aug 2020 00:15:17 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id A4E9E180954D; Wed, 12 Aug 2020 00:15:12 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 07C0FATh022310 for ; Tue, 11 Aug 2020 20:15:10 -0400 Received: by smtp.corp.redhat.com (Postfix) id AE82F215671F; Wed, 12 Aug 2020 00:15:10 +0000 (UTC) Delivered-To: libvir-list@redhat.com Received: from mimecast-mx02.redhat.com (mimecast05.extmail.prod.ext.rdu2.redhat.com [10.11.55.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id AA845215670A for ; Wed, 12 Aug 2020 00:15:08 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 110F9805C21 for ; Wed, 12 Aug 2020 00:15:08 +0000 (UTC) Received: from mail-pg1-f199.google.com (mail-pg1-f199.google.com [209.85.215.199]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-303-O3qllmZBMhShV7yD4RZYQA-1; Tue, 11 Aug 2020 20:15:06 -0400 X-MC-Unique: O3qllmZBMhShV7yD4RZYQA-1 Received: by mail-pg1-f199.google.com with SMTP id d7so283139pgg.13 for ; Tue, 11 Aug 2020 17:15:05 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=yHp3huLSwrdEQEvmN9b/8rls6VXxK2maZVFrpat+PiQ=; b=b0DMUWSFS07f9lf92GhNYhRq9ZVeE97v8Ybe+ZfFc3k72SGIWtNhK6DyMUiDEuw5VM CHh18CGF/UKWE/SrQLz1ATP4Q5eTp6AuaZNWmxBp0UnS7Hl++B+AWl/zHV39l/nLp9nH U2uhUPVyhylG3sC2C2pzHT2+Rbx8OuGJB26mA1Ma+Lg4HDAQ+dEIEC2R8WJhyJFdn+hM 4t5Msvny/lBgzSkMxnnwZ72h3xH21mbaam8ucqP1f2ZoDwt+sabPaZuMPNZ/kANfhGqu xrjbNv09mM0ccaMHSca6fdGyU70VL5V8BsLIRrE/LB8r2Xp4Et8yZxAQZ649+YfTz8x4 l/kg== X-Gm-Message-State: AOAM531RXROgYawofufaW0g3TlbtQNUPPm8MNczxfG+f+2MMSbRyiwSA MiDkLVoNQoEbKHl8iLNEcBAJ5WravPxjBiC0+RFSc6yNlPUOJOyUMdUL/zHgxMXwB9tPWPWLMEO ldaBQmaw6h8jVFzj+UJw= X-Received: by 2002:a63:451:: with SMTP id 78mr2783192pge.183.1597191304885; Tue, 11 Aug 2020 17:15:04 -0700 (PDT) X-Received: by 2002:a63:451:: with SMTP id 78mr2783173pge.183.1597191304557; Tue, 11 Aug 2020 17:15:04 -0700 (PDT) Received: from fedora19.redhat.com (2001-44b8-4132-5a00-6257-85de-119b-110b.static.ipv6.internode.on.net. [2001:44b8:4132:5a00:6257:85de:119b:110b]) by smtp.gmail.com with ESMTPSA id a6sm144376pje.8.2020.08.11.17.15.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 11 Aug 2020 17:15:04 -0700 (PDT) From: Ian Wienand To: libvir-list@redhat.com Subject: [PATCH] network: allow accept_ra == 0 when enabling ipv6 forwarding Date: Wed, 12 Aug 2020 10:14:49 +1000 Message-Id: <20200812001449.28401-1-iwienand@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-loop: libvir-list@redhat.com Cc: Ian Wienand X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com The checks modified here were added with 00d28a78b5d1f6eaf79f06ac59e31c568af9da37 to avoid losing routes on hosts. However, tools such as systemd-networking and NetworkManager manage RA's in userspace and thus IPv6 may be up and working on an interface even with accept_ra == 0. This modifies the check to only error if an interface's accept_ra is already set to "1"; as noted inline this seems to when it is likely that enabling forwarding may change the RA acceptance behaviour of the interface. I have noticed this because I am using the IPv6 NAT features enabled with 927acaedec7effbe67a154d8bfa0e67f7d08e6c7. I am using this on my laptop which switches between wired and wireless connections; both of which are configured in an unremarkable way by Fedora's NetworkManager and get configured for IPv6 via SLAAC and whatever NetworkManager magic it does. With this I can define and start a libvirt network with and and it seems to "just work" for guests. Signed-off-by: Ian Wienand --- src/util/virnetdevip.c | 41 +++++++++++++++++++++++++++-------------- 1 file changed, 27 insertions(+), 14 deletions(-) -- 2.26.2 diff --git a/src/util/virnetdevip.c b/src/util/virnetdevip.c index 409f062c5c..de27cacfc9 100644 --- a/src/util/virnetdevip.c +++ b/src/util/virnetdevip.c @@ -496,7 +496,7 @@ virNetDevIPGetAcceptRA(const char *ifname) } struct virNetDevIPCheckIPv6ForwardingData { - bool hasRARoutes; + bool hasKernelRARoutes; /* Devices with conflicting accept_ra */ char **devices; @@ -552,15 +552,26 @@ virNetDevIPCheckIPv6ForwardingCallback(struct nlmsghdr *resp, if (!ifname) return -1; - accept_ra = virNetDevIPGetAcceptRA(ifname); - VIR_DEBUG("Checking route for device %s (%d), accept_ra: %d", ifname, ifindex, accept_ra); - if (accept_ra != 2 && virNetDevIPCheckIPv6ForwardingAddIF(data, &ifname) < 0) + accept_ra = virNetDevIPGetAcceptRA(ifname); + /* 0 = do no accept RA + * 1 = accept if forwarding disabled + * 2 = ovveride and accept RA when forwarding enabled + * + * When RA is managed by userspace (systemd-networkd or + * NetworkManager) accept_ra is unset and we don't need to + * worry about it. If it is 1, enabling forwarding might + * change the behaviour so the user needs to be warned. + */ + if (accept_ra == 0) + return 0; + + if (accept_ra == 1 && virNetDevIPCheckIPv6ForwardingAddIF(data, &ifname) < 0) return -1; - data->hasRARoutes = true; + data->hasKernelRARoutes = true; return 0; } @@ -590,11 +601,13 @@ virNetDevIPCheckIPv6ForwardingCallback(struct nlmsghdr *resp, VIR_DEBUG("Checking multipath route nexthop device %s (%d), accept_ra: %d", ifname, nh->rtnh_ifindex, accept_ra); - if (accept_ra != 2 && virNetDevIPCheckIPv6ForwardingAddIF(data, &ifname) < 0) - return -1; + if (accept_ra == 1) { + if (virNetDevIPCheckIPv6ForwardingAddIF(data, &ifname) < 0) + return -1; + data->hasKernelRARoutes = true; + } VIR_FREE(ifname); - data->hasRARoutes = true; len -= NLMSG_ALIGN(nh->rtnh_len); VIR_WARNINGS_NO_CAST_ALIGN @@ -613,7 +626,7 @@ virNetDevIPCheckIPv6Forwarding(void) struct rtgenmsg genmsg; size_t i; struct virNetDevIPCheckIPv6ForwardingData data = { - .hasRARoutes = false, + .hasKernelRARoutes = false, .devices = NULL, .ndevices = 0 }; @@ -644,11 +657,11 @@ virNetDevIPCheckIPv6Forwarding(void) goto cleanup; } - valid = !data.hasRARoutes || data.ndevices == 0; + valid = !data.hasKernelRARoutes || data.ndevices == 0; /* Check the global accept_ra if at least one isn't set on a per-device basis */ - if (!valid && data.hasRARoutes) { + if (!valid && data.hasKernelRARoutes) { int accept_ra = virNetDevIPGetAcceptRA(NULL); valid = accept_ra == 2; VIR_DEBUG("Checked global accept_ra: %d", accept_ra); @@ -663,9 +676,9 @@ virNetDevIPCheckIPv6Forwarding(void) } virReportError(VIR_ERR_INTERNAL_ERROR, - _("Check the host setup: enabling IPv6 forwarding with " - "RA routes without accept_ra set to 2 is likely to cause " - "routes loss. Interfaces to look at: %s"), + _("Check the host setup: interface has accept_ra set to 1 " + "and enabling forwarding without accept_ra set to 2 is " + "likely to cause routes loss. Interfaces to look at: %s"), virBufferCurrentContent(&buf)); }