1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-31 07:51:21 +03:00

Merge pull request #20202 from yuwata/network-fix-manage-foreign-routes-no

network: fix ManageForeignRoutes=no
This commit is contained in:
Luca Boccassi 2021-07-12 19:11:37 +01:00 committed by GitHub
commit b1f8d02557
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 65 additions and 1 deletions

View File

@ -746,6 +746,26 @@ static bool route_address_is_reachable(const Route *route, int family, const uni
FAMILY_ADDRESS_SIZE(family) * 8) > 0; FAMILY_ADDRESS_SIZE(family) * 8) > 0;
} }
static bool prefix_route_address_is_reachable(const Address *a, int family, const union in_addr_union *address) {
assert(a);
assert(IN_SET(family, AF_INET, AF_INET6));
assert(address);
if (a->family != family)
return false;
if (FLAGS_SET(a->flags, IFA_F_NOPREFIXROUTE))
return false;
if (in_addr_is_set(a->family, &a->in_addr_peer))
return false;
return in_addr_prefix_intersect(
family,
&a->in_addr,
a->prefixlen,
address,
FAMILY_ADDRESS_SIZE(family) * 8) > 0;
}
bool manager_address_is_reachable(Manager *manager, int family, const union in_addr_union *address) { bool manager_address_is_reachable(Manager *manager, int family, const union in_addr_union *address) {
Link *link; Link *link;
@ -764,6 +784,20 @@ bool manager_address_is_reachable(Manager *manager, int family, const union in_a
return true; return true;
} }
/* If we do not manage foreign routes, then there may exist a prefix route we do not know,
* which was created on configuring an address. Hence, also check the addresses. */
if (!manager->manage_foreign_routes)
HASHMAP_FOREACH(link, manager->links_by_index) {
Address *a;
SET_FOREACH(a, link->addresses)
if (prefix_route_address_is_reachable(a, family, address))
return true;
SET_FOREACH(a, link->addresses_foreign)
if (prefix_route_address_is_reachable(a, family, address))
return true;
}
return false; return false;
} }

View File

@ -0,0 +1,2 @@
[Network]
ManageForeignRoutes=no

View File

@ -16,6 +16,7 @@ from shutil import copytree
network_unit_file_path='/run/systemd/network' network_unit_file_path='/run/systemd/network'
networkd_runtime_directory='/run/systemd/netif' networkd_runtime_directory='/run/systemd/netif'
networkd_conf_dropin_path='/run/systemd/networkd.conf.d'
networkd_ci_path='/run/networkd-ci' networkd_ci_path='/run/networkd-ci'
network_sysctl_ipv6_path='/proc/sys/net/ipv6/conf' network_sysctl_ipv6_path='/proc/sys/net/ipv6/conf'
network_sysctl_ipv4_path='/proc/sys/net/ipv4/conf' network_sysctl_ipv4_path='/proc/sys/net/ipv4/conf'
@ -263,6 +264,7 @@ def setUpModule():
global running_units global running_units
os.makedirs(network_unit_file_path, exist_ok=True) os.makedirs(network_unit_file_path, exist_ok=True)
os.makedirs(networkd_conf_dropin_path, exist_ok=True)
os.makedirs(networkd_ci_path, exist_ok=True) os.makedirs(networkd_ci_path, exist_ok=True)
shutil.rmtree(networkd_ci_path) shutil.rmtree(networkd_ci_path)
@ -460,6 +462,17 @@ def remove_unit_from_networkd_path(units):
if (os.path.exists(os.path.join(network_unit_file_path, unit + '.d'))): if (os.path.exists(os.path.join(network_unit_file_path, unit + '.d'))):
shutil.rmtree(os.path.join(network_unit_file_path, unit + '.d')) shutil.rmtree(os.path.join(network_unit_file_path, unit + '.d'))
def copy_networkd_conf_dropin(*dropins):
"""Copy networkd.conf dropin files into the testbed."""
for dropin in dropins:
shutil.copy(os.path.join(networkd_ci_path, dropin), networkd_conf_dropin_path)
def remove_networkd_conf_dropin(dropins):
"""Remove previously copied networkd.conf dropin files from the testbed."""
for dropin in dropins:
if (os.path.exists(os.path.join(networkd_conf_dropin_path, dropin))):
os.remove(os.path.join(networkd_conf_dropin_path, dropin))
def start_dnsmasq(additional_options='', ipv4_range='192.168.5.10,192.168.5.200', ipv6_range='2600::10,2600::20', lease_time='1h'): def start_dnsmasq(additional_options='', ipv4_range='192.168.5.10,192.168.5.200', ipv6_range='2600::10,2600::20', lease_time='1h'):
dnsmasq_command = f'dnsmasq -8 /var/run/networkd-ci/test-dnsmasq-log-file --log-queries=extra --log-dhcp --pid-file=/var/run/networkd-ci/test-test-dnsmasq.pid --conf-file=/dev/null --interface=veth-peer --enable-ra --dhcp-range={ipv6_range},{lease_time} --dhcp-range={ipv4_range},{lease_time} -R --dhcp-leasefile=/var/run/networkd-ci/lease --dhcp-option=26,1492 --dhcp-option=option:router,192.168.5.1 --port=0 ' + additional_options dnsmasq_command = f'dnsmasq -8 /var/run/networkd-ci/test-dnsmasq-log-file --log-queries=extra --log-dhcp --pid-file=/var/run/networkd-ci/test-test-dnsmasq.pid --conf-file=/dev/null --interface=veth-peer --enable-ra --dhcp-range={ipv6_range},{lease_time} --dhcp-range={ipv4_range},{lease_time} -R --dhcp-leasefile=/var/run/networkd-ci/lease --dhcp-option=26,1492 --dhcp-option=option:router,192.168.5.1 --port=0 ' + additional_options
check_output(dnsmasq_command) check_output(dnsmasq_command)
@ -1858,6 +1871,10 @@ class NetworkdNetworkTests(unittest.TestCase, Utilities):
'routing-policy-rule-reconfigure2.network', 'routing-policy-rule-reconfigure2.network',
] ]
networkd_conf_dropins = [
'networkd-manage-foreign-routes-no.conf',
]
routing_policy_rule_tables = ['7', '8', '9', '10', '1011'] routing_policy_rule_tables = ['7', '8', '9', '10', '1011']
routes = [['blackhole', '202.54.1.2'], ['unreachable', '202.54.1.3'], ['prohibit', '202.54.1.4']] routes = [['blackhole', '202.54.1.2'], ['unreachable', '202.54.1.3'], ['prohibit', '202.54.1.4']]
@ -1875,6 +1892,7 @@ class NetworkdNetworkTests(unittest.TestCase, Utilities):
remove_routes(self.routes) remove_routes(self.routes)
remove_links(self.links) remove_links(self.links)
remove_unit_from_networkd_path(self.units) remove_unit_from_networkd_path(self.units)
remove_networkd_conf_dropin(self.networkd_conf_dropins)
stop_networkd(show_logs=True) stop_networkd(show_logs=True)
call('ip netns del ns99', stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL) call('ip netns del ns99', stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
@ -2253,7 +2271,10 @@ class NetworkdNetworkTests(unittest.TestCase, Utilities):
self.assertRegex(output, 'lookup 7') self.assertRegex(output, 'lookup 7')
self.assertRegex(output, 'uidrange 100-200') self.assertRegex(output, 'uidrange 100-200')
def test_route_static(self): def _test_route_static(self, manage_foreign_routes):
if not manage_foreign_routes:
copy_networkd_conf_dropin('networkd-manage-foreign-routes-no.conf')
copy_unit_to_networkd_unit_path('25-route-static.network', '12-dummy.netdev') copy_unit_to_networkd_unit_path('25-route-static.network', '12-dummy.netdev')
start_networkd() start_networkd()
self.wait_online(['dummy98:routable']) self.wait_online(['dummy98:routable'])
@ -2459,6 +2480,13 @@ class NetworkdNetworkTests(unittest.TestCase, Utilities):
print(output) print(output)
self.assertEqual(output, '') self.assertEqual(output, '')
self.tearDown()
def test_route_static(self):
for manage_foreign_routes in [True, False]:
with self.subTest(manage_foreign_routes=manage_foreign_routes):
self._test_route_static(manage_foreign_routes)
@expectedFailureIfRTA_VIAIsNotSupported() @expectedFailureIfRTA_VIAIsNotSupported()
def test_route_via_ipv6(self): def test_route_via_ipv6(self):
copy_unit_to_networkd_unit_path('25-route-via-ipv6.network', '12-dummy.netdev') copy_unit_to_networkd_unit_path('25-route-via-ipv6.network', '12-dummy.netdev')