Fix NetworkManager loop when 0.0.0.0/1 is added (rh #1203924)
https://bugzilla.redhat.com/show_bug.cgi?id=1203904
This commit is contained in:
parent
c1cbb3d3cf
commit
631d934213
@ -79,6 +79,7 @@ Source3: 20-connectivity-fedora.conf
|
|||||||
# Not upstream.
|
# Not upstream.
|
||||||
Patch0: 0000-explain-dns1-dns2.patch
|
Patch0: 0000-explain-dns1-dns2.patch
|
||||||
Patch1: 0001-connectivity-disable-HTTP-keepalive-for-connectivity.patch
|
Patch1: 0001-connectivity-disable-HTTP-keepalive-for-connectivity.patch
|
||||||
|
Patch2: rh1203904-NM-loop-fix.patch
|
||||||
|
|
||||||
# Cherry-picks from upstream:
|
# Cherry-picks from upstream:
|
||||||
# http://cgit.freedesktop.org/NetworkManager/NetworkManager/log/?h=nm-0-9-10
|
# http://cgit.freedesktop.org/NetworkManager/NetworkManager/log/?h=nm-0-9-10
|
||||||
@ -322,6 +323,7 @@ by nm-connection-editor and nm-applet in a non-graphical environment.
|
|||||||
|
|
||||||
%patch0 -p1 -b .explain-dns1-dns2.orig
|
%patch0 -p1 -b .explain-dns1-dns2.orig
|
||||||
%patch1 -p1 -b .0001-connectivity-disable-HTTP-keepalive-for-connectivity.orig
|
%patch1 -p1 -b .0001-connectivity-disable-HTTP-keepalive-for-connectivity.orig
|
||||||
|
%patch2 -p1 -b .rh1203904-NM-loop-fix.orig
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
|
||||||
@ -593,6 +595,9 @@ fi
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Mar 20 2015 Jiří Klimeš <jklimes@redhat.com> - 1:0.9.10.2-3
|
||||||
|
- Fix NetworkManager loop when 0.0.0.0/1 is added (rh #1203924)
|
||||||
|
|
||||||
* Tue Mar 17 2015 Stef Walter <stefw@redhat.com> - 1:0.9.10.2-3
|
* Tue Mar 17 2015 Stef Walter <stefw@redhat.com> - 1:0.9.10.2-3
|
||||||
- Fix dbus-glib dependency
|
- Fix dbus-glib dependency
|
||||||
|
|
||||||
|
113
rh1203904-NM-loop-fix.patch
Normal file
113
rh1203904-NM-loop-fix.patch
Normal file
@ -0,0 +1,113 @@
|
|||||||
|
From 5a09a1205cea2c5d223f97f5d91a2e46d91c55ce Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Ji=C5=99=C3=AD=20Klime=C5=A1?= <jklimes@redhat.com>
|
||||||
|
Date: Fri, 20 Mar 2015 14:02:19 +0100
|
||||||
|
Subject: [PATCH] libnm-util: allow 0.0.0.0/1 route in verify() (rh #1203904)
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
OpenVPN uses a trick to override default route by adding these two routes:
|
||||||
|
0.0.0.0/1 and 128.0.0.0/1.
|
||||||
|
We should allow this and only refuse real default route (i.e. prefix == 0).
|
||||||
|
|
||||||
|
Also verify IPv6 addresses and routes.
|
||||||
|
|
||||||
|
See:
|
||||||
|
man openvpn (search for def1)
|
||||||
|
https://community.openvpn.net/openvpn/wiki/IgnoreRedirectGateway
|
||||||
|
|
||||||
|
https://bugzilla.redhat.com/show_bug.cgi?id=1203904
|
||||||
|
|
||||||
|
(cherry picked from commit ba35c63db60aa652528e492aa483c971b9217f1e)
|
||||||
|
Signed-off-by: Jiří Klimeš <jklimes@redhat.com>
|
||||||
|
---
|
||||||
|
libnm-util/nm-setting-ip4-config.c | 10 ---------
|
||||||
|
libnm-util/nm-setting-ip6-config.c | 44 ++++++++++++++++++++++++++++++++++++++
|
||||||
|
2 files changed, 44 insertions(+), 10 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/libnm-util/nm-setting-ip4-config.c b/libnm-util/nm-setting-ip4-config.c
|
||||||
|
index 26ce4e5..c967f62 100644
|
||||||
|
--- a/libnm-util/nm-setting-ip4-config.c
|
||||||
|
+++ b/libnm-util/nm-setting-ip4-config.c
|
||||||
|
@@ -1018,16 +1018,6 @@ verify (NMSetting *setting, GSList *all_settings, GError **error)
|
||||||
|
NMIP4Route *route = (NMIP4Route *) iter->data;
|
||||||
|
guint32 prefix = nm_ip4_route_get_prefix (route);
|
||||||
|
|
||||||
|
- if (!nm_ip4_route_get_dest (route)) {
|
||||||
|
- g_set_error (error,
|
||||||
|
- NM_SETTING_IP4_CONFIG_ERROR,
|
||||||
|
- NM_SETTING_IP4_CONFIG_ERROR_INVALID_PROPERTY,
|
||||||
|
- _("%d. route is invalid"),
|
||||||
|
- i+1);
|
||||||
|
- g_prefix_error (error, "%s.%s: ", NM_SETTING_IP4_CONFIG_SETTING_NAME, NM_SETTING_IP4_CONFIG_ROUTES);
|
||||||
|
- return FALSE;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
if (!prefix || prefix > 32) {
|
||||||
|
g_set_error (error,
|
||||||
|
NM_SETTING_IP4_CONFIG_ERROR,
|
||||||
|
diff --git a/libnm-util/nm-setting-ip6-config.c b/libnm-util/nm-setting-ip6-config.c
|
||||||
|
index 78be723..fb35932 100644
|
||||||
|
--- a/libnm-util/nm-setting-ip6-config.c
|
||||||
|
+++ b/libnm-util/nm-setting-ip6-config.c
|
||||||
|
@@ -804,6 +804,8 @@ static gboolean
|
||||||
|
verify (NMSetting *setting, GSList *all_settings, GError **error)
|
||||||
|
{
|
||||||
|
NMSettingIP6ConfigPrivate *priv = NM_SETTING_IP6_CONFIG_GET_PRIVATE (setting);
|
||||||
|
+ GSList *iter;
|
||||||
|
+ int i;
|
||||||
|
|
||||||
|
if (!priv->method) {
|
||||||
|
g_set_error_literal (error,
|
||||||
|
@@ -878,6 +880,48 @@ verify (NMSetting *setting, GSList *all_settings, GError **error)
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ /* Validate addresses */
|
||||||
|
+ for (iter = priv->addresses, i = 0; iter; iter = g_slist_next (iter), i++) {
|
||||||
|
+ NMIP6Address *addr = (NMIP6Address *) iter->data;
|
||||||
|
+ guint32 prefix = nm_ip6_address_get_prefix (addr);
|
||||||
|
+
|
||||||
|
+ if (IN6_IS_ADDR_UNSPECIFIED (nm_ip6_address_get_address (addr))) {
|
||||||
|
+ g_set_error (error,
|
||||||
|
+ NM_SETTING_IP6_CONFIG_ERROR,
|
||||||
|
+ NM_SETTING_IP6_CONFIG_ERROR_INVALID_PROPERTY,
|
||||||
|
+ _("%d. IPv6 address is invalid"),
|
||||||
|
+ i+1);
|
||||||
|
+ g_prefix_error (error, "%s.%s: ", NM_SETTING_IP6_CONFIG_SETTING_NAME, NM_SETTING_IP6_CONFIG_ADDRESSES);
|
||||||
|
+ return FALSE;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (!prefix || prefix > 128) {
|
||||||
|
+ g_set_error (error,
|
||||||
|
+ NM_SETTING_IP6_CONFIG_ERROR,
|
||||||
|
+ NM_SETTING_IP6_CONFIG_ERROR_INVALID_PROPERTY,
|
||||||
|
+ _("%d. IPv6 address has invalid prefix"),
|
||||||
|
+ i+1);
|
||||||
|
+ g_prefix_error (error, "%s.%s: ", NM_SETTING_IP6_CONFIG_SETTING_NAME, NM_SETTING_IP6_CONFIG_ADDRESSES);
|
||||||
|
+ return FALSE;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /* Validate routes */
|
||||||
|
+ for (iter = priv->routes, i = 0; iter; iter = g_slist_next (iter), i++) {
|
||||||
|
+ NMIP6Route *route = (NMIP6Route *) iter->data;
|
||||||
|
+ guint32 prefix = nm_ip6_route_get_prefix (route);
|
||||||
|
+
|
||||||
|
+ if (!prefix || prefix > 128) {
|
||||||
|
+ g_set_error (error,
|
||||||
|
+ NM_SETTING_IP6_CONFIG_ERROR,
|
||||||
|
+ NM_SETTING_IP6_CONFIG_ERROR_INVALID_PROPERTY,
|
||||||
|
+ _("%d. route has invalid prefix"),
|
||||||
|
+ i+1);
|
||||||
|
+ g_prefix_error (error, "%s.%s: ", NM_SETTING_IP6_CONFIG_SETTING_NAME, NM_SETTING_IP6_CONFIG_ROUTES);
|
||||||
|
+ return FALSE;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.1.0
|
||||||
|
|
Loading…
Reference in New Issue
Block a user