parse-nm: Handle missing gateway in keyfile routes, keep dns-search fallback#238
parse-nm: Handle missing gateway in keyfile routes, keep dns-search fallback#238schopin-pro merged 4 commits intomainfrom
Conversation
Codecov Report
@@ Coverage Diff @@
## main #238 +/- ##
==========================================
- Coverage 99.06% 99.06% -0.01%
==========================================
Files 57 57
Lines 9706 9702 -4
==========================================
- Hits 9615 9611 -4
Misses 91 91
Continue to review full report at Codecov.
|
|
Just to be clear, this solves 2 separate issues, right? |
schopin-pro
left a comment
schopin-pro
left a comment
There was a problem hiding this comment.
LGTM, although I'm not sure how I could easily test those changes :)
Yes, two small keyfile incompatibilities that sneaked into the 0.103 release. Thank you for the review! I will do some extra testing by compiling a netplan v0.103+this commit and running the NetworkManager snap (incl. netplan/keyfile patches) test suite against it, which showed the failures before. |
src/parse-nm.c
Outdated
| else { | ||
| /* NM assumes a "default" route if this is not defined in the keyfile. | ||
| * See nm-settings-ip-config.c -> nm_ip_route_set_next_hop()/canonicalize_ip(). */ | ||
| route->via = g_strdup("default"); |
There was a problem hiding this comment.
As mentioned in a private chat, I have doubts regarding this. The concept of "default" to designate a gateway doesn't make sense to me, and we suspect this is actually used to specify local routes
schopin-pro
dismissed
their stale review
Approval superseded by doutes regarding the default via thing.
slyon
force-pushed
the
slyon/keyfile-0103-compat
branch
from
3f0312b to
dbb82c8
Compare
slyon
changed the title
…allback NM assumes a route to use the unspecified address as the gateway (via = "0.0.0.0"/"::") if none is specified in the keyfile. E.g. the route is only valid on the local network: "ip route add NETWORK dev DEVICE [metric METRIC]" netplan cannot differentiate between ipv4.dns-search and ipv6.dns-search so keep it in the passthrough/fallback list as an override.
Co-authored-by: Simon Chopin <simon.chopin@canonical.com>
slyon
force-pushed
the
slyon/keyfile-0103-compat
branch
from
dbb82c8 to
747e02a
Compare
|
@schopin-pro Thank you for the review and discussion around this. WIth my latest changes it now passes the NetworkManager unit tests (using the patched keyfile-netplan plugin): https://paste.ubuntu.com/p/5jDnTDCmdF/ I've updated the commit and PR description with the explanation, and also added some comment inside the code. May I ask for another sanity check on this? |
schopin-pro
left a comment
schopin-pro
left a comment
There was a problem hiding this comment.
This version makes more sense, but I'm not liking the new code much. Using an invalid unicast IP to signal that there are no gateway will cause trouble at some point, and isn't consistent with the rest of the code, and I'm thinking we should update the scope field if we know we're dealing with a local route.
|
ACK, fair point! But you're absolutely right that this implementation detail of NM should not leak into the netplan YAML schema by specifying an invalid "via" field. But rather we want to keep that local to the NM generator backend. So I've added another commit that reworks the scope logic of the NM backend (and relevant unit- & integration tests) accordingly, to accept all values ("global"/"link"/"host") and write the keyfile accordingly (proper gateway/via field or unspecified address if scope = "link" or "host"), tricking NM to do the right thing. It still passes NM's test suite and also passes the newly added |
NetworkManager automatically detects a route's scope, depending on
destination IP ("to") and gateway ("via"). If no gateway is specified
(e.g. the unspecified address "0.0.0.0"/"::" in keyfile) it will assume
a "link"/"host" scope, otherwise it will assume a "global" scope.
slyon
force-pushed
the
slyon/keyfile-0103-compat
branch
from
c82c0b5 to
03878f1
Compare
schopin-pro
left a comment
schopin-pro
left a comment
There was a problem hiding this comment.
Reading the NM code and comments, I think we can get rid of the whole undefined address part, using a simple empty string instead. I'm not entirely sure '0.0.0.0' would work as intended, but the code clearly supports having an empty string.
src/nm.c
Outdated
| g_debug("%s: Overriding 'via: %s' as NetworkManager does not support " | ||
| "setting a route's scope directly, but will auto-detect them.", | ||
| def->id, get_unspecified_address(cur_route->family)); | ||
| via = get_unspecified_address(cur_route->family); |
There was a problem hiding this comment.
That's not what I read there https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/main/src/libnm-core-impl/nm-keyfile.c#L506
Wouldn't we want
| via = get_unspecified_address(cur_route->family); | |
| via = ""; |
instead ?
Also avoid the deprecated trailing comma notation at the same time.
|
Alright. Using the unspecified address does work as intended and is used in some (legacy) NM keyfiles. But you're right that using the empty string is the cleaner and currently suggested approach. BUT: we also need to make sure that we do not end up with a trailing comma (e.g. So in my most recent commit I've reworked the keyfile generation logic in netplan's integration tests and NM's unit-tests still pass. |
3 participants
Description
NM assumes a
scope: linkroute if the gateway is empty or unspecified (i.e. "0.0.0.0"/"::") in keyfile.E.g. the route is only valid on the local network:
ip route add NETWORK dev DEVICE [metric METRIC]see https://github.com/NetworkManager/NetworkManager/blob/main/src/libnm-core-impl/nm-keyfile.c#L520
netplan cannot differentiate between
ipv4.dns-searchandipv6.dns-searchso keep it in the passthrough/fallback list as an override.Checklist
make checksuccessfully.make check-coverage).