-
Notifications
You must be signed in to change notification settings - Fork 195
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
parse-nm: Handle missing gateway in keyfile routes, keep dns-search fallback #238
Conversation
Codecov Report
@@ Coverage Diff @@
## main #238 +/- ##
==========================================
- Coverage 99.06% 99.06% -0.01%
==========================================
Files 57 57
Lines 9706 9702 -4
==========================================
- Hits 9615 9611 -4
Misses 91 91
Continue to review full report at Codecov.
|
Just to be clear, this solves 2 separate issues, right? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, although I'm not sure how I could easily test those changes :)
Yes, two small keyfile incompatibilities that sneaked into the 0.103 release. Thank you for the review! I will do some extra testing by compiling a netplan v0.103+this commit and running the NetworkManager snap (incl. netplan/keyfile patches) test suite against it, which showed the failures before. |
src/parse-nm.c
Outdated
else { | ||
/* NM assumes a "default" route if this is not defined in the keyfile. | ||
* See nm-settings-ip-config.c -> nm_ip_route_set_next_hop()/canonicalize_ip(). */ | ||
route->via = g_strdup("default"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As mentioned in a private chat, I have doubts regarding this. The concept of "default" to designate a gateway doesn't make sense to me, and we suspect this is actually used to specify local routes
Approval superseded by doutes regarding the default via thing.
3f0312b
to
dbb82c8
Compare
…allback NM assumes a route to use the unspecified address as the gateway (via = "0.0.0.0"/"::") if none is specified in the keyfile. E.g. the route is only valid on the local network: "ip route add NETWORK dev DEVICE [metric METRIC]" netplan cannot differentiate between ipv4.dns-search and ipv6.dns-search so keep it in the passthrough/fallback list as an override.
Co-authored-by: Simon Chopin <[email protected]>
dbb82c8
to
747e02a
Compare
@schopin-pro Thank you for the review and discussion around this. WIth my latest changes it now passes the NetworkManager unit tests (using the patched keyfile-netplan plugin): https://paste.ubuntu.com/p/5jDnTDCmdF/ I've updated the commit and PR description with the explanation, and also added some comment inside the code. May I ask for another sanity check on this? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This version makes more sense, but I'm not liking the new code much. Using an invalid unicast IP to signal that there are no gateway will cause trouble at some point, and isn't consistent with the rest of the code, and I'm thinking we should update the scope
field if we know we're dealing with a local route.
ACK, fair point! But you're absolutely right that this implementation detail of NM should not leak into the netplan YAML schema by specifying an invalid "via" field. But rather we want to keep that local to the NM generator backend. So I've added another commit that reworks the scope logic of the NM backend (and relevant unit- & integration tests) accordingly, to accept all values ("global"/"link"/"host") and write the keyfile accordingly (proper gateway/via field or unspecified address if scope = "link" or "host"), tricking NM to do the right thing. It still passes NM's test suite and also passes the newly added
|
NetworkManager automatically detects a route's scope, depending on destination IP ("to") and gateway ("via"). If no gateway is specified (e.g. the unspecified address "0.0.0.0"/"::" in keyfile) it will assume a "link"/"host" scope, otherwise it will assume a "global" scope.
c82c0b5
to
03878f1
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reading the NM code and comments, I think we can get rid of the whole undefined address part, using a simple empty string instead. I'm not entirely sure '0.0.0.0' would work as intended, but the code clearly supports having an empty string.
src/nm.c
Outdated
g_debug("%s: Overriding 'via: %s' as NetworkManager does not support " | ||
"setting a route's scope directly, but will auto-detect them.", | ||
def->id, get_unspecified_address(cur_route->family)); | ||
via = get_unspecified_address(cur_route->family); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's not what I read there https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/main/src/libnm-core-impl/nm-keyfile.c#L506
Wouldn't we want
via = get_unspecified_address(cur_route->family); | |
via = ""; |
instead ?
Also avoid the deprecated trailing comma notation at the same time.
Alright. Using the unspecified address does work as intended and is used in some (legacy) NM keyfiles. But you're right that using the empty string is the cleaner and currently suggested approach. BUT: we also need to make sure that we do not end up with a trailing comma (e.g. So in my most recent commit I've reworked the keyfile generation logic in netplan's integration tests and NM's unit-tests still pass. |
Description
NM assumes a
scope: link
route if the gateway is empty or unspecified (i.e. "0.0.0.0"/"::") in keyfile.E.g. the route is only valid on the local network:
ip route add NETWORK dev DEVICE [metric METRIC]
see https://github.com/NetworkManager/NetworkManager/blob/main/src/libnm-core-impl/nm-keyfile.c#L520
netplan cannot differentiate between
ipv4.dns-search
andipv6.dns-search
so keep it in the passthrough/fallback list as an override.Checklist
make check
successfully.make check-coverage
).