Bug 1244483 - 1.0.4-1 regression: Deletes IPv4 default route from unrelated/unmanaged interface
Summary: 1.0.4-1 regression: Deletes IPv4 default route from unrelated/unmanaged inter...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: NetworkManager
Version: 22
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
Assignee: Lubomir Rintel
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-07-19 06:40 UTC by Tore Anderson
Modified: 2015-10-04 22:52 UTC (History)
4 users (show)

Fixed In Version: NetworkManager-1.0.6-6.fc22
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1245648 (view as bug list)
Environment:
Last Closed: 2015-10-04 22:52:41 UTC


Attachments (Terms of Use)
NM + clatd systemd journal (interleaved) (103.56 KB, text/x-vhdl)
2015-07-19 06:40 UTC, Tore Anderson
no flags Details
Log from "ip monitor | ts" during connection activation (5.08 KB, text/plain)
2015-07-19 06:41 UTC, Tore Anderson
no flags Details
[PATCH] fix managing default-route for generated-assumed devices (4.22 KB, patch)
2015-07-22 09:15 UTC, Thomas Haller
no flags Details | Diff

Description Tore Anderson 2015-07-19 06:40:23 UTC
Created attachment 1053574 [details]
NM + clatd systemd journal (interleaved)

Description of problem:

After connecting to an IPv6-only WWAN with NAT64, clatd (https://github.com/toreanderson/clatd) is started out of /etc/NetworkManager/dispatcher.d in order to enable a local 464XLAT CLAT (RFC6877). This creates a new TUN interface to which an IPv4 default route is added. After upgrading to 1.0.4-1, NetworkManager have started automatically removing this IPv4 default route, which breaks clatd and thus IPv4 Internet connectivity. This does *not* happen with 1.0.2-1.

Version-Release number of selected component (if applicable):

1.0.4-2.fc22.x86_64

How reproducible:

100%

Steps to Reproduce:
1. Install clatd (git clone https://github.com/toreanderson/clatd && sudo make -C clatd install installdeps)
2. Connect to an IPv6-only network that provides NAT64/DNS64 service (e.g., T-Mobile USA). If you do not have access to such a network, but do have access to IPv6, a public DNS64/NAT64 instance (such as http://www.trex.fi/2011/dns64.html or http://go6lab.si/current-ipv6-tests/nat64dns64-public-test/) could be used instead. This is done by disabling IPv4 in the connection profile, and setting "dns64-server=2001:67c:2b0::4" (for trex.fi's instance) in /etc/clatd.conf before connecting.
3. After connecting, check IPv4 routing on the "clat" interface (ip -4 route list dev clat)

Actual results:

No output from command in #3, there is no IPv4 route pointing to the clat interface.

Expected results:

Output such as "default  scope link  metric 2048  mtu 1260", indicating there is a default IPv4 route pointing to the clat interface.

Additional info:

Observing the connection activation with "journalctl -u NetworkManager -u clatd -f" shows that the clatd does add the default route:

juli 19 08:17:47 envy.fud.no clatd[4180]: Adding IPv4 default route via the CLAT
juli 19 08:17:47 envy.fud.no clatd[4180]: cfgstr(cmd-ip)
juli 19 08:17:47 envy.fud.no clatd[4180]: cmd(ip -4 route add default dev clat metric 2048 mtu 1260)

"ip monitor | ts" shows that route is successfully added, too:

juli 19 08:17:47 default dev clat  scope link  metric 2048  mtu 1260

However, moments later is is removed:

juli 19 08:17:47 Deleted default dev clat  scope link  metric 2048  mtu 1260

The journal shows that NM is the culprit here:

juli 19 08:17:47 envy.fud.no NetworkManager[862]: <debug> [1437286667.139020] [platform/nm-platform.c:2248] nm_platform_ip4_route_delete(): platform: route: deleting IPv4 route 0.0.0.0/0, metric=2048, ifindex 9 dev clat

I am attaching the full log files the above lines are quoted from.

Comment 1 Tore Anderson 2015-07-19 06:41:02 UTC
Created attachment 1053575 [details]
Log from "ip monitor | ts" during connection activation

Comment 2 Tore Anderson 2015-07-19 09:18:34 UTC
Result from git bisect:

c38ff0b083f0ce3811ac0fa506f62739ed02c425 is the first bad commit
commit c38ff0b083f0ce3811ac0fa506f62739ed02c425
Author: Thomas Haller <thaller@redhat.com>
Date:   Wed May 27 11:52:39 2015 +0200

    default-route: also configure default-routes for assumed connections
    
    Previously for assumed connections we would never configure a default route.
    That has serious problems for example in the following two scenarios:
    
      - the default-route might have a limited lifetime from a previous
        SLAAC/accept_ra setting. In this case, once we assume the connection
        we must also ensure that we extend the lifetime of the default
        route.
      - the gateway could be received via DHCP/RA and it might change.
        If we ignore default-routes for assumed connection we miss that
        change.
    
    The problem is that the notion of "assumed connection" wrongly combines
    two conflicting goals (related bug bgo#746440):
      a) have an external device that is entirely unmanged by NM.
      b) do a seamless takeover of a previously managed connection at start,
         but still fully manage.
    
    This patch changes the handling of default-routes towards meaning b).
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1224291
    (cherry picked from commit d51975ed921a5876b76e081b8f3df4e2ca1f1ca9)

:040000 040000 35e87ad35fb2ed14b03e897b598d121c68270b69 9b713a036dacd880bba85a0d46201475064bdbaf M      src

Comment 3 Thomas Haller 2015-07-22 09:15:00 UTC
Created attachment 1054711 [details]
[PATCH] fix managing default-route for generated-assumed devices

Comment 6 Fedora Update System 2015-07-23 07:01:15 UTC
network-manager-applet-1.0.4-2.fc22, NetworkManager-1.0.4-2.fc22 has been submitted as an update for Fedora 22.
https://admin.fedoraproject.org/updates/FEDORA-2015-10143/NetworkManager-1.0.4-2.fc22,network-manager-applet-1.0.4-2.fc22

Comment 7 Fedora Update System 2015-07-29 01:58:33 UTC
Package network-manager-applet-1.0.4-2.fc22, NetworkManager-1.0.4-2.fc22:
* should fix your issue,
* was pushed to the Fedora 22 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing network-manager-applet-1.0.4-2.fc22 NetworkManager-1.0.4-2.fc22'
as soon as you are able to, then reboot.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2015-10143/NetworkManager-1.0.4-2.fc22,network-manager-applet-1.0.4-2.fc22
then log in and leave karma (feedback).

Comment 8 Fedora Update System 2015-08-15 02:19:06 UTC
Package network-manager-applet-1.0.4-2.fc22, NetworkManager-1.0.6-0.1.20150813git7e2caa2.fc22:
* should fix your issue,
* was pushed to the Fedora 22 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing network-manager-applet-1.0.4-2.fc22 NetworkManager-1.0.6-0.1.20150813git7e2caa2.fc22'
as soon as you are able to, then reboot.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2015-10143/NetworkManager-1.0.6-0.1.20150813git7e2caa2.fc22,network-manager-applet-1.0.4-2.fc22
then log in and leave karma (feedback).

Comment 9 Fedora Update System 2015-08-19 08:08:16 UTC
Package network-manager-applet-1.0.4-2.fc22, NetworkManager-1.0.6-0.2.20150813git7e2caa2.fc22:
* should fix your issue,
* was pushed to the Fedora 22 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing network-manager-applet-1.0.4-2.fc22 NetworkManager-1.0.6-0.2.20150813git7e2caa2.fc22'
as soon as you are able to, then reboot.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2015-10143/NetworkManager-1.0.6-0.2.20150813git7e2caa2.fc22,network-manager-applet-1.0.4-2.fc22
then log in and leave karma (feedback).

Comment 10 Fedora Update System 2015-08-22 02:52:13 UTC
NetworkManager-1.0.6-0.2.20150813git7e2caa2.fc22, network-manager-applet-1.0.4-2.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update NetworkManager network-manager-applet'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-10143

Comment 11 Fedora Update System 2015-08-23 01:49:22 UTC
NetworkManager-1.0.6-0.2.20150813git7e2caa2.fc22, network-manager-applet-1.0.4-2.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update network-manager-applet NetworkManager'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-10143

Comment 12 Fedora Update System 2015-09-02 16:21:58 UTC
NetworkManager-1.0.6-2.fc22, NetworkManager-openswan-1.0.6-2.fc22, NetworkManager-openvpn-1.0.6-3.fc22, NetworkManager-vpnc-1.0.6-3.fc22, network-manager-applet-1.0.6-2.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update network-manager-applet NetworkManager-openvpn NetworkManager-vpnc NetworkManager NetworkManager-openswan'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-10143

Comment 13 Fedora Update System 2015-09-08 11:15:08 UTC
NetworkManager-1.0.6-3.fc22 NetworkManager-openswan-1.0.6-2.fc22 NetworkManager-openvpn-1.0.6-3.fc22 NetworkManager-vpnc-1.0.6-3.fc22 network-manager-applet-1.0.6-2.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-10143

Comment 14 Fedora Update System 2015-09-08 21:26:40 UTC
NetworkManager-1.0.6-4.fc22, NetworkManager-openswan-1.0.6-2.fc22, NetworkManager-openvpn-1.0.6-3.fc22, NetworkManager-vpnc-1.0.6-3.fc22, network-manager-applet-1.0.6-2.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update network-manager-applet NetworkManager NetworkManager-openvpn NetworkManager-openswan NetworkManager-vpnc'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-10143

Comment 15 Fedora Update System 2015-09-28 21:00:47 UTC
NetworkManager-1.0.6-6.fc22 NetworkManager-openswan-1.0.6-2.fc22 NetworkManager-openvpn-1.0.6-3.fc22 NetworkManager-vpnc-1.0.6-3.fc22 network-manager-applet-1.0.6-2.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-10143

Comment 16 Fedora Update System 2015-10-02 03:49:24 UTC
NetworkManager-1.0.6-6.fc22, NetworkManager-openswan-1.0.6-2.fc22, NetworkManager-openvpn-1.0.6-3.fc22, NetworkManager-vpnc-1.0.6-3.fc22, network-manager-applet-1.0.6-2.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
$ su -c 'dnf --enablerepo=updates-testing update NetworkManager-openswan network-manager-applet NetworkManager NetworkManager-openvpn NetworkManager-vpnc'
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-10143

Comment 17 Fedora Update System 2015-10-04 22:52:10 UTC
NetworkManager-1.0.6-6.fc22, NetworkManager-openswan-1.0.6-2.fc22, NetworkManager-openvpn-1.0.6-3.fc22, NetworkManager-vpnc-1.0.6-3.fc22, network-manager-applet-1.0.6-2.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.