From 57ad76074670d4859e808a6aabd69fd6e58514c5 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 22 Aug 2019 13:26:54 +0200 Subject: [PATCH] network: drop all checks of ipv6_disabled sysctl *We* control the sysctl setting. If the user configured IPv6, then we apply the settings, and just make sure that at some point during the configuration the sysctl is disabled (i.e. ipv6 enabled) if we have IPv6 configured. Replaces #13283. --- src/network/networkd-address.c | 5 --- src/network/networkd-fdb.c | 5 --- src/network/networkd-link.c | 44 +++------------------ src/network/networkd-link.h | 3 -- src/network/networkd-route.c | 5 --- src/network/networkd-routing-policy-rule.c | 5 --- test/test-network/systemd-networkd-tests.py | 5 ++- 7 files changed, 8 insertions(+), 64 deletions(-) diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c index 885cda3a035..4fe55710391 100644 --- a/src/network/networkd-address.c +++ b/src/network/networkd-address.c @@ -568,11 +568,6 @@ int address_configure( assert(link->manager->rtnl); assert(callback); - if (address->family == AF_INET6 && link_sysctl_ipv6_enabled(link) == 0) { - log_link_warning(link, "An IPv6 address is requested, but IPv6 is disabled by sysctl, ignoring."); - return 0; - } - /* If this is a new address, then refuse adding more than the limit */ if (address_get(link, address->family, &address->in_addr, address->prefixlen, NULL) <= 0 && set_size(link->addresses) >= ADDRESSES_PER_LINK_MAX) diff --git a/src/network/networkd-fdb.c b/src/network/networkd-fdb.c index 7ffbd0a66e3..1f688d6716f 100644 --- a/src/network/networkd-fdb.c +++ b/src/network/networkd-fdb.c @@ -123,11 +123,6 @@ int fdb_entry_configure(Link *link, FdbEntry *fdb_entry) { assert(link->manager); assert(fdb_entry); - if (fdb_entry->family == AF_INET6 && link_sysctl_ipv6_enabled(link) == 0) { - log_link_warning(link, "An IPv6 fdb entry is requested, but IPv6 is disabled by sysctl, ignoring."); - return 0; - } - /* create new RTM message */ r = sd_rtnl_message_new_neigh(link->manager->rtnl, &req, RTM_NEWNEIGH, link->ifindex, PF_BRIDGE); if (r < 0) diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c index eca65c4fecf..f9e74e0f5bf 100644 --- a/src/network/networkd-link.c +++ b/src/network/networkd-link.c @@ -69,27 +69,6 @@ DUID* link_get_duid(Link *link) { return &link->manager->duid; } -int link_sysctl_ipv6_enabled(Link *link) { - _cleanup_free_ char *value = NULL; - int r; - - assert(link); - assert(link->ifname); - - if (link->sysctl_ipv6_enabled >= 0) - return link->sysctl_ipv6_enabled; - - const char *ifname = link->ifname; /* work around bogus gcc warning */ - r = sysctl_read_ip_property(AF_INET6, ifname, "disable_ipv6", &value); - if (r < 0) - return log_link_warning_errno(link, r, - "Failed to read net.ipv6.conf.%s.disable_ipv6 sysctl property: %m", - ifname); - - link->sysctl_ipv6_enabled = value[0] == '0'; - return link->sysctl_ipv6_enabled; -} - static bool link_dhcp6_enabled(Link *link) { assert(link); @@ -108,9 +87,6 @@ static bool link_dhcp6_enabled(Link *link) { if (link->iftype == ARPHRD_CAN) return false; - if (link_sysctl_ipv6_enabled(link) == 0) - return false; - return link->network->dhcp & ADDRESS_FAMILY_IPV6; } @@ -199,9 +175,6 @@ static bool link_ipv6ll_enabled(Link *link) { if (link->network->bond) return false; - if (link_sysctl_ipv6_enabled(link) == 0) - return false; - return link->network->link_local & ADDRESS_FAMILY_IPV6; } @@ -214,9 +187,6 @@ static bool link_ipv6_enabled(Link *link) { if (link->network->bond) return false; - if (link_sysctl_ipv6_enabled(link) == 0) - return false; - if (link->iftype == ARPHRD_CAN) return false; @@ -263,9 +233,6 @@ static bool link_ipv6_forward_enabled(Link *link) { if (link->network->ip_forward == _ADDRESS_FAMILY_INVALID) return false; - if (link_sysctl_ipv6_enabled(link) == 0) - return false; - return link->network->ip_forward & ADDRESS_FAMILY_IPV6; } @@ -329,7 +296,7 @@ static IPv6PrivacyExtensions link_ipv6_privacy_extensions(Link *link) { return link->network->ipv6_privacy_extensions; } -static int link_enable_ipv6(Link *link) { +static int link_update_ipv6_sysctl(Link *link) { bool enabled; int r; @@ -340,9 +307,9 @@ static int link_enable_ipv6(Link *link) { if (enabled) { r = sysctl_write_ip_property_boolean(AF_INET6, link->ifname, "disable_ipv6", false); if (r < 0) - log_link_warning_errno(link, r, "Cannot enable IPv6: %m"); - else - log_link_info(link, "IPv6 successfully enabled"); + return log_link_warning_errno(link, r, "Cannot enable IPv6: %m"); + + log_link_info(link, "IPv6 successfully enabled"); } return 0; @@ -615,7 +582,6 @@ static int link_new(Manager *manager, sd_netlink_message *message, Link **ret) { .state = LINK_STATE_PENDING, .ifindex = ifindex, .iftype = iftype, - .sysctl_ipv6_enabled = -1, .n_dns = (unsigned) -1, .dns_default_route = -1, @@ -2553,7 +2519,7 @@ static int link_configure(Link *link) { /* If IPv6 configured that is static IPv6 address and IPv6LL autoconfiguration is enabled * for this interface, then enable IPv6 */ - (void) link_enable_ipv6(link); + (void) link_update_ipv6_sysctl(link); r = link_set_proxy_arp(link); if (r < 0) diff --git a/src/network/networkd-link.h b/src/network/networkd-link.h index d077dfe7729..3eff6fbc62e 100644 --- a/src/network/networkd-link.h +++ b/src/network/networkd-link.h @@ -133,7 +133,6 @@ typedef struct Link { struct rtnl_link_stats64 stats_old, stats_new; bool stats_updated; - int sysctl_ipv6_enabled; /* All kinds of DNS configuration */ struct in_addr_data *dns; @@ -200,8 +199,6 @@ uint32_t link_get_dhcp_route_table(Link *link); uint32_t link_get_ipv6_accept_ra_route_table(Link *link); int link_request_set_routes(Link *link); -int link_sysctl_ipv6_enabled(Link *link); - #define ADDRESS_FMT_VAL(address) \ be32toh((address).s_addr) >> 24, \ (be32toh((address).s_addr) >> 16) & 0xFFu, \ diff --git a/src/network/networkd-route.c b/src/network/networkd-route.c index 8a16e9111ff..19055f4e48e 100644 --- a/src/network/networkd-route.c +++ b/src/network/networkd-route.c @@ -636,11 +636,6 @@ int route_configure( assert(IN_SET(route->family, AF_INET, AF_INET6)); assert(callback); - if (route->family == AF_INET6 && link_sysctl_ipv6_enabled(link) == 0) { - log_link_warning(link, "An IPv6 route is requested, but IPv6 is disabled by sysctl, ignoring."); - return 0; - } - if (route_get(link, route->family, &route->dst, route->dst_prefixlen, &route->gw, route->tos, route->priority, route->table, NULL) <= 0 && set_size(link->routes) >= routes_max()) return log_link_error_errno(link, SYNTHETIC_ERRNO(E2BIG), diff --git a/src/network/networkd-routing-policy-rule.c b/src/network/networkd-routing-policy-rule.c index 5edc2444a70..f032169aebf 100644 --- a/src/network/networkd-routing-policy-rule.c +++ b/src/network/networkd-routing-policy-rule.c @@ -453,11 +453,6 @@ int routing_policy_rule_configure(RoutingPolicyRule *rule, Link *link, link_netl assert(link->manager); assert(link->manager->rtnl); - if (rule->family == AF_INET6 && link_sysctl_ipv6_enabled(link) == 0) { - log_link_warning(link, "An IPv6 routing policy rule is requested, but IPv6 is disabled by sysctl, ignoring."); - return 0; - } - r = sd_rtnl_message_new_routing_policy_rule(link->manager->rtnl, &m, RTM_NEWRULE, rule->family); if (r < 0) return log_error_errno(r, "Could not allocate RTM_NEWRULE message: %m"); diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py index 8d123658a17..374d9cdefd3 100755 --- a/test/test-network/systemd-networkd-tests.py +++ b/test/test-network/systemd-networkd-tests.py @@ -1842,13 +1842,14 @@ class NetworkdNetworkTests(unittest.TestCase, Utilities): self.assertRegex(output, 'inet 10.2.3.4/16 brd 10.2.255.255 scope global dummy98') output = check_output('ip -6 address show dummy98') print(output) - self.assertEqual(output, '') + self.assertRegex(output, 'inet6 2607:5300:203:3906::/64 scope global') + self.assertRegex(output, 'inet6 .* scope link') output = check_output('ip -4 route show dev dummy98') print(output) self.assertEqual(output, '10.2.0.0/16 proto kernel scope link src 10.2.3.4') output = check_output('ip -6 route show dev dummy98') print(output) - self.assertEqual(output, '') + self.assertRegex(output, 'default via 2607:5300:203:39ff:ff:ff:ff:ff proto static') check_output('ip link del dummy98') -- 2.39.2