RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1173087 - accept_ra is not set when activating a static connection
Summary: accept_ra is not set when activating a static connection
Keywords:
Status: CLOSED WORKSFORME
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: NetworkManager
Version: 7.1
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: ---
Assignee: Lubomir Rintel
QA Contact: Desktop QE
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-12-11 12:40 UTC by Vladimir Benes
Modified: 2015-08-18 14:55 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-08-18 14:55:19 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
device: Disable kernel RA handling before configuring v6 addresses (1.65 KB, text/plain)
2014-12-15 12:43 UTC, Lubomir Rintel 		no flags Details
device: don't change IPv6 sysctls if there's an assumed connection (989 bytes, text/plain)
2014-12-15 13:15 UTC, Lubomir Rintel 		no flags Details
[PATCH] device: avoid toggling disable_ipv6 unless activating a connection that needs it (6.41 KB, text/plain)
2015-01-15 18:32 UTC, Lubomir Rintel 		no flags Details
Show Obsolete (2) View All

Description Vladimir Benes 2014-12-11 12:40:12 UTC 
Description of problem:
when IPv6 manual (dead:beaf::1 address) connection activated for the first time there is still IPv6 obtained via RAs.  /proc/sys/net/ipv6/conf/eth10/accept_ra is set to 1. 

Second activation helps here because as Thomas said if you deactivate the first connection, NM does set accept_ra=0... hence, reactivating a second time, does not show the bug, because accept_ra was already 0

Version-Release number of selected component (if applicable):
NetworkManager-0.9.11.0-8.git20141125.f32075d2.el7.x86_64

How reproducible:
always

Steps to Reproduce:
     * Add connection type "ethernet" named "ethie" for device "eth10"
     * Open editor for connection "ethie"
     * Submit "set ipv6.addresses dead:beaf::1" in editor
     * Submit "yes" in editor
     * Save in editor
     * Quit editor
     * Bring "up" connection "ethie"
     Then "inet6 dead:beaf" is visible with command "ip a s eth10"
     Then "inet6 2620" is not visible with command "ip a s eth10"
      ^^^ this fails

Actual results:
2620 address is still there from router

Expected results:
no router obtained address

Additional info:
Comment 1 Lubomir Rintel 2014-12-15 12:43:19 UTC 
Created attachment 968938 [details]
device: Disable kernel RA handling before configuring v6 addresses
Comment 2 Thomas Haller 2014-12-15 12:51:12 UTC 
(In reply to Lubomir Rintel from comment #1)
> Created attachment 968938 [details]
> device: Disable kernel RA handling before configuring v6 addresses

I think this needs a

  if (nm_device_uses_assumed_connection (self)) {
  }


otherwise, LGTM
Comment 3 Lubomir Rintel 2014-12-15 13:15:24 UTC 
Created attachment 968976 [details]
device: don't change IPv6 sysctls if there's an assumed connection
Comment 4 Dan Winship 2014-12-15 15:45:37 UTC 
We can't filter out all nm_device_ipv6_sysctl_set() calls for assumed connections; if the user deactivates an NM-owned assumed connection, then we need to reset the sysctls back to their default values.
Comment 5 Thomas Haller 2014-12-15 16:15:25 UTC 
(In reply to Dan Winship from comment #4)
> We can't filter out all nm_device_ipv6_sysctl_set() calls for assumed
> connections; if the user deactivates an NM-owned assumed connection, then we
> need to reset the sysctls back to their default values.

gboolean
nm_device_ipv6_sysctl_set (NMDevice *self,
                           const char *property,
                           const char *value
                           gboolean skip_assumed)

?
Comment 6 Lubomir Rintel 2014-12-15 16:43:54 UTC 
(In reply to Thomas Haller from comment #5)
> (In reply to Dan Winship from comment #4)
> > We can't filter out all nm_device_ipv6_sysctl_set() calls for assumed
> > connections; if the user deactivates an NM-owned assumed connection, then we
> > need to reset the sysctls back to their default values.
> 
> gboolean
> nm_device_ipv6_sysctl_set (NMDevice *self,
>                            const char *property,
>                            const char *value
>                            gboolean skip_assumed)
> 
> ?

I'm not too sure. I think we'd need to pass skip_assumed through restore_ip6_properties() and set_disable_ipv6() and it might be less confusing to just add the conditionals wherever they are missing?


Pushed to lr/sysctls-rh1173087, but didn't give it much testing yet.
Comment 7 Thomas Haller 2014-12-15 17:04:00 UTC 
(In reply to Lubomir Rintel from comment #6)
> (In reply to Thomas Haller from comment #5)
> > (In reply to Dan Winship from comment #4)
> > > We can't filter out all nm_device_ipv6_sysctl_set() calls for assumed
> > > connections; if the user deactivates an NM-owned assumed connection, then we
> > > need to reset the sysctls back to their default values.
> > 
> > gboolean
> > nm_device_ipv6_sysctl_set (NMDevice *self,
> >                            const char *property,
> >                            const char *value
> >                            gboolean skip_assumed)
> > 
> > ?
> 
> I'm not too sure. I think we'd need to pass skip_assumed through
> restore_ip6_properties() and set_disable_ipv6() and it might be less
> confusing to just add the conditionals wherever they are missing?
> 
> 
> Pushed to lr/sysctls-rh1173087, but didn't give it much testing yet.

Indeed, restore_ip6_properties() etc. would need that parameter too.

I makes it more explicit that these functions touch the interface. And when using them you have to think for a second which behavior you want.


I like how it could enhance logging by saying:
  "At this point NM would set /sys/value=XYZ, but skip it for assumed connection. (Bonus output:) current actual value is /sys/value=ZYX"
Comment 8 Lubomir Rintel 2014-12-16 10:42:55 UTC 
Okay.

Pushed updated lr/sysctls-rh1173087, please have a look.
Comment 9 Thomas Haller 2014-12-16 13:13:36 UTC 
(In reply to Lubomir Rintel from comment #8)
> Okay.
> 
> Pushed updated lr/sysctls-rh1173087, please have a look.

The branch is based on nm-1-0 branch. It should be based on master.


Otherwise LGTM. I like the @skip_assumed parameter as is.
Comment 10 Dan Winship 2014-12-16 20:24:56 UTC 
Well, it would definitely be a lot simpler to just leave nm_device_ipv6_sysctl_set() as is, and just add a check in restore_ip6_properties().

> I makes it more explicit that these functions touch the interface. And when
> using them you have to think for a second which behavior you want.

I think the name makes it pretty clear that it touches the interface. And you have to think about this *everywhere*...
Comment 11 Dan Williams 2014-12-16 21:54:50 UTC 
All current uses of set_nm_ipv6ll(TRUE) and set_disable_ipv6("1") are already protected by assumed checks, so this branch is a NOP for those two right?

It also stops touching disable_ipv6 for ipv6.method=IGNORE, which is valid.

It also stops touching stuff in nm_device_cleanup(), which I think is a NOP because we no longer deactivate assumed connections at all, so all the cases that would call nm_device_cleanup() are no longer hit for assumed connections?

What it will do now is two things:

1) stop setting sysctls for IPv6 RA processing for assumed connections; wouldn't this cause NetworkManager and the kernel to fight for RA processing?  eg, if an assumed connection has accept_ra*=1, then NM will no longer stop kernel RA processing, but will still start userspace RA handling.  The kernel and NM will be listening for the same RAs and trying to do the same thing now, right?

2) stop clearing sysctls when the user explicitly does 'nmcli con down <assumed connection>'; which is also the case if you do "nmcli con up foobar; systemctl restart NetworkManager; nmcli con down foobar".  I think this should get changed so that NM always clears them out?  Since we dont' deactivate assumed connections anymore, the only way NM woudl clean up an assumed connection would be through explicit D-Bus requests to deactivate the connection or disconnect the device, in which case we would expect NM to clean up the stuff.
Comment 13 Dan Williams 2015-01-14 02:16:10 UTC 
Actually, I think git master may already have the correct beahvior here?  AIUI the original bug report was that for 'manual' IPv6 configurations, accept_ra could still be left enabled.

From what I can see, nm_device_cleanup() will get called when the device moves to UNAVAILABLE state, which sets accept_ra=0.  Also, ip6_managed_setup() gets called at the same place, which sets the extra accept_ra_* sysctls to the right values.

Lubomir, does that look right to you, does this bug need any further work?  Could you re-test with NM from current RHEL7.1 and see if you can reproduce the issue still?
Comment 14 Lubomir Rintel 2015-01-15 18:32:53 UTC 
Created attachment 980581 [details]
[PATCH] device: avoid toggling disable_ipv6 unless activating a  connection that needs it

I believe that the last remaining case where our sysctl handling was not correct was that we were toggling disable_ipv6 for ipv6.method=ignore connection.

I tried to address that with the patch I'm attaching, though I'm really not too sure whether it's correct. I tried to explain what was I intending to do in the commit message. I'm a bit worried that I got too confused about the existing code and the bits that I'm removing actually weren't as useless as I thought.
Comment 16 Dan Williams 2015-01-17 00:55:32 UTC 
I think the changes to _set_state_full() for UNAVAILABLE mode will result in interfaces that might stay in UNAVAILABLE for a long time, but are NM managed (like wifi interfaces where the supplicant might not be running or ethernet interfaces without a carrier) will get kernel IPv6 LL addresses now?  Removing the ip6_managed_setup (self); call (which turns on user IPv6LL) will leave them with kernel LL until they move to DISCONNECTED.

Also for the DISCONNECTED case, I think that will change sysctls for assumed connections where we don't want to touch stuff?
Comment 19 Lubomir Rintel 2015-08-18 14:55:19 UTC 
I'm closing this.

The original issue reported here is long fixed and there doesn't seem to be any more outstanding issue. We do still toggle disable_ipv6 for activation of method=ignore connections which wipes ipv6 configuration, but it's because when a device has ipv6 configuration the activation downs the assumed connection first. And that sounds sort of expected.
Note You need to log in before you can comment on or make changes to this bug.