Hide Forgot
NM got support to configure the routing table (policy routing). However, that is only half the feature, because one must also configure the routing rules. See details here: https://bugzilla.redhat.com/show_bug.cgi?id=1589419#c3
fixed upstream: https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=768001473279d2ce70599ee1838eb0d594b51223
I still see duplicates in ip rule table after executing simple test: @ipv4_routing_rules_manipulation Scenario: NM - ipv4 - routing rules manipulation * Add a new connection of type "ethernet" and options "ifname eth3 con-name con_ipv4 autoconnect no" * Bring "up" connection "con_ipv4" * Modify connection "con_ipv4" changing options "ipv4.routing-rules 'priority 5 table 6, priority 6 from 192.168.6.7/32 table 7'" * Bring "up" connection "con_ipv4" When "activated" is visible with command "nmcli -g GENERAL.STATE con show con_ipv4" in "20" seconds # * Reboot # When "activated" is visible with command "nmcli -g GENERAL.STATE con show con_ipv4" in "20" seconds When "5:\s+from all lookup 6\s+6:\s+from 192.168.6.7 lookup 7" is visible with command "ip rule" * Bring "down" connection "con_ipv4" Then "5:\s+from all lookup 6\s+6:\s+from 192.168.6.7 lookup 7" is not visible with command "ip rule" And "3" is visible with command "ip rule |wc -l" [root@wsfd-netdev34-vm-1 NetworkManager-ci]# ip rule 0: from all lookup local 0: from all lookup local 0: from all lookup local 32766: from all lookup main 32766: from all lookup main 32766: from all lookup main 32767: from all lookup default 32767: from all lookup default 32767: from all lookup default
in recent test runs, the @ipv4_routing_rules_manipulation seems to pass consistently. Why is that? Do you have a pointer to logs showing the failure?
should be fixed by https://gitlab.freedesktop.org/NetworkManager/NetworkManager/merge_requests/115
(In reply to Thomas Haller from comment #10) > should be fixed by > https://gitlab.freedesktop.org/NetworkManager/NetworkManager/merge_requests/115 fixed upstream
Working well now.
(In reply to Vladimir Benes from comment #16) > > like in comment #8 > > > > > nmcli con add type ethernet ifname eth3 con-name con_ipv4 autoconnect no > > ipv4.routing-rules 'priority 5 table 6, priority 6 from 192.168.6.7/32 table > > 7' > > Thanks, but what I'm missing is how to add multiple rules. Would these be added with a single update to ipv4.routing-rules? If so, should it be comma- > delimited, or how should multiple rules be expressed? The example already shows 2 rules, and yes, they are separated by comma. Hopefully, it should work just like you would expect: nmcli connection modify "$PROFILE" ipv4.routing-rules 'priority 5 table 6, priority 6 from 192.168.6.7/32 table 7' nmcli connection modify "$PROFILE" +ipv4.routing-rules 'priority 7 table 6, priority 8 table 8' nmcli connection modify "$PROFILE" -ipv4.routing-rules 'priority 7 table 6, priority 6 from 192.168.6.7/32 table 7' or even nmcli connection modify "$PROFILE" ipv4.routing-rules 'priority 7 table 6' +ipv4.routing-rules 'priority 8 table 8' (note that before NetworkManager 1.16, the "-" modifier did not accept a list of values. So, on older versions nmcli connection modify "$PROFILE" -ipv4.addresses "192.168.7.6/24,192.168.8.6/24" would fail) (and as always, changes to a profile only take effect after (re-)activating the profile).
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:2302