Created attachment 1053574 [details] NM + clatd systemd journal (interleaved) Description of problem: After connecting to an IPv6-only WWAN with NAT64, clatd (https://github.com/toreanderson/clatd) is started out of /etc/NetworkManager/dispatcher.d in order to enable a local 464XLAT CLAT (RFC6877). This creates a new TUN interface to which an IPv4 default route is added. After upgrading to 1.0.4-1, NetworkManager have started automatically removing this IPv4 default route, which breaks clatd and thus IPv4 Internet connectivity. This does *not* happen with 1.0.2-1. Version-Release number of selected component (if applicable): 1.0.4-2.fc22.x86_64 How reproducible: 100% Steps to Reproduce: 1. Install clatd (git clone https://github.com/toreanderson/clatd && sudo make -C clatd install installdeps) 2. Connect to an IPv6-only network that provides NAT64/DNS64 service (e.g., T-Mobile USA). If you do not have access to such a network, but do have access to IPv6, a public DNS64/NAT64 instance (such as http://www.trex.fi/2011/dns64.html or http://go6lab.si/current-ipv6-tests/nat64dns64-public-test/) could be used instead. This is done by disabling IPv4 in the connection profile, and setting "dns64-server=2001:67c:2b0::4" (for trex.fi's instance) in /etc/clatd.conf before connecting. 3. After connecting, check IPv4 routing on the "clat" interface (ip -4 route list dev clat) Actual results: No output from command in #3, there is no IPv4 route pointing to the clat interface. Expected results: Output such as "default scope link metric 2048 mtu 1260", indicating there is a default IPv4 route pointing to the clat interface. Additional info: Observing the connection activation with "journalctl -u NetworkManager -u clatd -f" shows that the clatd does add the default route: juli 19 08:17:47 envy.fud.no clatd[4180]: Adding IPv4 default route via the CLAT juli 19 08:17:47 envy.fud.no clatd[4180]: cfgstr(cmd-ip) juli 19 08:17:47 envy.fud.no clatd[4180]: cmd(ip -4 route add default dev clat metric 2048 mtu 1260) "ip monitor | ts" shows that route is successfully added, too: juli 19 08:17:47 default dev clat scope link metric 2048 mtu 1260 However, moments later is is removed: juli 19 08:17:47 Deleted default dev clat scope link metric 2048 mtu 1260 The journal shows that NM is the culprit here: juli 19 08:17:47 envy.fud.no NetworkManager[862]: <debug> [1437286667.139020] [platform/nm-platform.c:2248] nm_platform_ip4_route_delete(): platform: route: deleting IPv4 route 0.0.0.0/0, metric=2048, ifindex 9 dev clat I am attaching the full log files the above lines are quoted from.
Created attachment 1053575 [details] Log from "ip monitor | ts" during connection activation
Result from git bisect: c38ff0b083f0ce3811ac0fa506f62739ed02c425 is the first bad commit commit c38ff0b083f0ce3811ac0fa506f62739ed02c425 Author: Thomas Haller <thaller> Date: Wed May 27 11:52:39 2015 +0200 default-route: also configure default-routes for assumed connections Previously for assumed connections we would never configure a default route. That has serious problems for example in the following two scenarios: - the default-route might have a limited lifetime from a previous SLAAC/accept_ra setting. In this case, once we assume the connection we must also ensure that we extend the lifetime of the default route. - the gateway could be received via DHCP/RA and it might change. If we ignore default-routes for assumed connection we miss that change. The problem is that the notion of "assumed connection" wrongly combines two conflicting goals (related bug bgo#746440): a) have an external device that is entirely unmanged by NM. b) do a seamless takeover of a previously managed connection at start, but still fully manage. This patch changes the handling of default-routes towards meaning b). https://bugzilla.redhat.com/show_bug.cgi?id=1224291 (cherry picked from commit d51975ed921a5876b76e081b8f3df4e2ca1f1ca9) :040000 040000 35e87ad35fb2ed14b03e897b598d121c68270b69 9b713a036dacd880bba85a0d46201475064bdbaf M src
Created attachment 1054711 [details] [PATCH] fix managing default-route for generated-assumed devices
Uh, Thomas; seems like you've just fixed something different than I to address the issue: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=lr/fixes&id=d12016c7f7bef5536a2460068e6e927cf708722d http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=lr/fixes&id=d4566d00da11e63bac56e0bb41a5f0f96903def3 Here's my scratch build: http://koji.fedoraproject.org/koji/taskinfo?taskID=10434551 I'll review your change shortly.
Fixed: master: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=e6a8a08a5713d72a4457c45fe9136e40c0460473 nm-1-0: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=82ddd94793199f8c7c80498d38b3ebffefc62b05 This contains modified patches from comment 3 and comment 4. I also backported commit http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=9588c4633a07147875d933556212716779e32a36 to nm-1-0. I think this is a related issue, and we should include that for F22 as well.
network-manager-applet-1.0.4-2.fc22, NetworkManager-1.0.4-2.fc22 has been submitted as an update for Fedora 22. https://admin.fedoraproject.org/updates/FEDORA-2015-10143/NetworkManager-1.0.4-2.fc22,network-manager-applet-1.0.4-2.fc22
Package network-manager-applet-1.0.4-2.fc22, NetworkManager-1.0.4-2.fc22: * should fix your issue, * was pushed to the Fedora 22 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing network-manager-applet-1.0.4-2.fc22 NetworkManager-1.0.4-2.fc22' as soon as you are able to, then reboot. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-10143/NetworkManager-1.0.4-2.fc22,network-manager-applet-1.0.4-2.fc22 then log in and leave karma (feedback).
Package network-manager-applet-1.0.4-2.fc22, NetworkManager-1.0.6-0.1.20150813git7e2caa2.fc22: * should fix your issue, * was pushed to the Fedora 22 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing network-manager-applet-1.0.4-2.fc22 NetworkManager-1.0.6-0.1.20150813git7e2caa2.fc22' as soon as you are able to, then reboot. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-10143/NetworkManager-1.0.6-0.1.20150813git7e2caa2.fc22,network-manager-applet-1.0.4-2.fc22 then log in and leave karma (feedback).
Package network-manager-applet-1.0.4-2.fc22, NetworkManager-1.0.6-0.2.20150813git7e2caa2.fc22: * should fix your issue, * was pushed to the Fedora 22 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing network-manager-applet-1.0.4-2.fc22 NetworkManager-1.0.6-0.2.20150813git7e2caa2.fc22' as soon as you are able to, then reboot. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-10143/NetworkManager-1.0.6-0.2.20150813git7e2caa2.fc22,network-manager-applet-1.0.4-2.fc22 then log in and leave karma (feedback).
NetworkManager-1.0.6-0.2.20150813git7e2caa2.fc22, network-manager-applet-1.0.4-2.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update NetworkManager network-manager-applet'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-10143
NetworkManager-1.0.6-0.2.20150813git7e2caa2.fc22, network-manager-applet-1.0.4-2.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update network-manager-applet NetworkManager'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-10143
NetworkManager-1.0.6-2.fc22, NetworkManager-openswan-1.0.6-2.fc22, NetworkManager-openvpn-1.0.6-3.fc22, NetworkManager-vpnc-1.0.6-3.fc22, network-manager-applet-1.0.6-2.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update network-manager-applet NetworkManager-openvpn NetworkManager-vpnc NetworkManager NetworkManager-openswan'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-10143
NetworkManager-1.0.6-3.fc22 NetworkManager-openswan-1.0.6-2.fc22 NetworkManager-openvpn-1.0.6-3.fc22 NetworkManager-vpnc-1.0.6-3.fc22 network-manager-applet-1.0.6-2.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-10143
NetworkManager-1.0.6-4.fc22, NetworkManager-openswan-1.0.6-2.fc22, NetworkManager-openvpn-1.0.6-3.fc22, NetworkManager-vpnc-1.0.6-3.fc22, network-manager-applet-1.0.6-2.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update network-manager-applet NetworkManager NetworkManager-openvpn NetworkManager-openswan NetworkManager-vpnc'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-10143
NetworkManager-1.0.6-6.fc22 NetworkManager-openswan-1.0.6-2.fc22 NetworkManager-openvpn-1.0.6-3.fc22 NetworkManager-vpnc-1.0.6-3.fc22 network-manager-applet-1.0.6-2.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-10143
NetworkManager-1.0.6-6.fc22, NetworkManager-openswan-1.0.6-2.fc22, NetworkManager-openvpn-1.0.6-3.fc22, NetworkManager-vpnc-1.0.6-3.fc22, network-manager-applet-1.0.6-2.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update NetworkManager-openswan network-manager-applet NetworkManager NetworkManager-openvpn NetworkManager-vpnc' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-10143
NetworkManager-1.0.6-6.fc22, NetworkManager-openswan-1.0.6-2.fc22, NetworkManager-openvpn-1.0.6-3.fc22, NetworkManager-vpnc-1.0.6-3.fc22, network-manager-applet-1.0.6-2.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.