Re: NM does not completely handle default route

[Gene Czarcinski <gene czarc net>]

On Sunday 11 October 2009 14:44:25 Robert Vogelgesang wrote:
> Hello,
> 
> On Sat, Oct 10, 2009 at 05:56:36PM -0400, Gene Czarcinski wrote:
> > On Saturday 10 October 2009 17:32:42 Gene Czarcinski wrote:
> > > OK, this is a followup to a lot of my previous email about NM handling
> > > the default route when a system has multiple NICs.
> > >
> > > I have closed out my BZ report for Fedora 11 as WONTFIX --
> > > https://bugzilla.redhat.com/show_bug.cgi?id=523875 -- and have opened a
> > > new report against rawhide --
> > >  https://bugzilla.redhat.com/show_bug.cgi?id=528281
> > >
> > > I do not expect that this problem will be fixed in time for F12 GA but
> > > hope that it can be fixed post GA.
> > >
> > > I have been poking around the NM source code mainly with grep and
> > > gedit.  I believe it is possible/practical to fix things with any big
> > > re-write (which I believe is neither practical or desirable). [sure is
> > > a lot of code]  I mainly looked at how GATEWAYDEV=, GATEWAY=, and
> > > ONBOOT= (and their ~/.gconf/system/networking/ counterparts) where
> > > handled.
> > >
> > > Some characteristics/constraints --
> > >
> > > 1.  Having a system with one or more NICs and no default route is a
> > > valid configuration and should (must?) be supported by NM.
> 
> I think we should say MUST in this case.
> 
> > > 2. Regardless of having a default route or not, some connections should
> > >  never be the default route (the intent, I believe, of the current
> > >  implementation).
> 
> Agreed.
> 
> > > 3.  Having GATEWAYDEV=xxx in /etc/sysconfig/network will cause all NICs
> > >  other than xxx to be marked as "never-default".  This is and should
> > >  continue to be supported.
> 
> No.  As you noted in your bug #528281, system-config-network removes this
> option, and I agree with that behaviour.  IMHO, GATEWAYDEV=xxx is an
> old-time kludge, coming from times long ago where the networking init
> scripts actually needed this option as a hint to get the default route
> right.  The networking init scripts are now in a much better shape, and
> we shouldn't commit ourselves to support this option forever.
> 
> GATEWAYDEV=xxx is not sufficient if you have three or more interfaces,
> and only one of them should never get the default route.
> 
> > > 4. Only if a NIC is marked as NOT for all users can I mark it for
> > >  "connection only" (never-default).  This needs to be fixed.  I should
> > > be able to mark a NIC which is available to all users (an ifcfg-xxx
> > > system configuration in /etc/sysconfig/network-scripts/) as a
> > > "connection only" (never-default) NIC.
> 
> Agreed.
> 
> > > 5.  I should be able to mark a NIC as the default route device.  I
> > > think this is needed for completeness but am not sure it is really
> > > required.
> 
> This would be overkill.  Either you specify your gateway in the config
> file, or get it from DHCP.  If you have neither, you're lost, and such an
> option wouldn't help in this case.
> 
> > > 6.  If two or more NICs with static IPs are configured with different
> > >  default route, I do not care ... this is a mis-configuration.
> 
> This is a special case, but a valid configuration.  Sure, you can have
> only one default route at a given time, but if you want to switch between
> two or more uplinks, or two different environments that don't support
> DHCP, such a setup can make your life more comfortable.
> 
> We just need clear semantics; "the most recently started interface
> wins" would be fine, I guess.
> 
> > > 7.  The problem is not really with NICs that have static IPs but with
> > > those that use dhcp where each dhcp server supplies a default route.
> 
> Agreed.
> 
> > Oops ... I sent this partial message instead of saving the draft.  To
> > continue ...
> >
> > 8. system-config-network currently has a problem with GATEWAYDEV=xxx
> > being in the /etc/sysconfig/network file and will delete it if you use
> > s-c-n to change the NIC system configuration files.  Any solution needs
> > to avoid this problem.
> 
> As noted above, we don't actually need GATEWAYDEV=xxx, we need a way
> to prevent some interfaces/connections from getting the default route,
> and we only need this for connections that get their routes from DHCP
> or some other peer, e. g. some VPN protocols.
> 
> What I specifically don't like about GATEWAYDEV=xxx is that it only allows
> one single interface to get the default route.
> 
> > ---------------------------------------------
> > What I propose is also something Dan mentioned ... add a new
> > option/parameter to the ifcfg-xxx file.  I tried adding "FOOBARBS=yes" to
> > the file and this is left alone by system-config-network and ignored by
> > NM.
> >
> > So, I propose adding a new option/parameter such as "DEFAULTGW=yes|no" to
> > the system configuration file.
> 
> I think, a better name for this option would be "ALLOWDEFAULTROUTE=yes|no",
> because this would clearly document what it really means, and it would be
> obvious that you can set this option to "yes" for more than just one
> interface/connection.
> 
> > Upon loading the file (in ifcfg-rh/reader.c), if DEFAULTGW=no is
> > specified, then mark that connection as "never-default".
> >
> > When saving the file (applying updates), if the connection is
> > "never-default", then set DEFAULTGW=no.
> >
> > A small problem occurs when I am changing a connection definition for
> > "never- default" to allowing it for default.  For now, I propose that a
> > connection which is NOT "never-default" (that is, never-default is false
> > in ~/.gconf/...), then we should set DEFAULTGW=? for now.
> 
> And how is that any better than setting it to "yes" straight away?
> Don't introduce too many special cases, please.
> 
> > As an initial attempt at a fix, I think this may be "good enough".  Yes,
> > having DEFAULTGW=yes have some meaning may be useful but ... ???.  As
> > described, I think this will only involve ifcfg-rh/reader.c and
> > ifcfg-rh/writer.c.
> >
> > The patch to implement this should be fairly simple and I am going to
> > give it a try.
> >
> >
> > Before I go too far on this ... any comments??
> 
> Please, don't name the new option "DEFAULTGW"; this would be confusing
> for any experienced networking guy, because it is too similar to an
> obvious name for an option that would actually specify the IP address
> of the default gateway.  This name confuses yourself, because you are
> not sure what DEFAULTGW=yes should mean.
> 
> This would be clearer if you think in terms of "ALLOWDEFAULTROUTE=yes",
> because this would not imply that this interface/connection _must_ get
> the default route, but is allowed to get it.

See the attached patch in another email.  My choice of parameter/option is 
NM_NEVER_DEFAULT= for devices/NICs/connections that should never be the 
default route.

Upon thinking on it, declaring an interface to be the default route is simply 
too complicated and convoluted with respect to the code.  My proposed solution 
follows the KISS idea.

I did not delete the GATEWAYDEV= code in reader.c but, with this patch, I 
believe that code should be deleted as unnecessary.

My use of GATEWAYDEV= dates back a lot of years.  At the time, I had a system 
with two interfaces.  One (to a local network) which was NOT to be a default 
route and used a static IP.  The other interface used dhcp but I had no idea 
what the dhcp server would be returning and I needed to make that interface be 
the default route.  Since I had no idea what IP address would be assigned by 
that dhcp server and since it could change over time, the use of GATEWAYDEV= 
made some sense.

The code/logic change to use NM_ALLOWDEFAULT= rather than what I used 
(NM_NEVER_DEFAULT_=) should be minor if that is preferred.

To some extent, I was trying to use logic similar to that used for the 
"private" (no all users) setting in ~/.gconf/system/networking/ where the 
parameter is only set to true if never-default is true.

Gene