Help with Ubuntu Touch update to NM 1.2

From: Tony Espy <espy canonical com>
To: "networkmanager-list gnome org" <networkmanager-list gnome org>
Subject: Help with Ubuntu Touch update to NM 1.2
Date: Tue, 10 May 2016 20:49:49 -0400

After we recently landed NM 1.1.93 to Ubuntu 16.04 desktop, I startedworking on back-porting it to Vivid/15.04 for use by Ubuntu Touch whichis still currently pinned to a 0.9.10 version of NM.


Very little needed to be changed to get it running.

One thing to note is that most of the devices running Touch are on olderkernels ( mako is the oldest at 3.4, some are 3.10 ), so all output themessage:

18:19:56 <warn> device (wlan0): The kernel does not support extendedIFA_FLAGS needed by NM for IPv6 private addresses. This feature is notavailable

During testing, we ran into problems with OpenVPN that seem to berelated to the re-factored netlink logic in NMLinuxPlatform and theolder kernels we're running.

We see two failures, the first occurs when the VPN connection triggersan IPv6 address add. As the VPN specifies a unique Internal Address andInternal Point to Point address (or peer address), the latter is used byNM to build the IFA_ADDRESS attribute appended to the NEWADDR message.The kernel rejects this with EINVAL.

Running 0.9.10x, the address is added, it just doesn't include the peeraddress, and uses address for the IFA_ADDRESS attribute.

We also see quite a few of the same types of add IPv6 address failureshappening on a periodic basis with no VPN involved, which are probablytriggerd by lease renewals.

I was able to patch 1.1.93 to mimic the 0.9.10 behavior ( ie. never usepeer_address for IFA_ADDRESS ) and the errors in syslog disapper. Thatsaid, I'm not 100% the IPv6 configuration was ever *working* properly,however with this path our syslog isn't flooded with errors.

The second failure is adding an IPv4 address that already exists. Theold code base had explicit handling for this case ( EEXISTS ) and wouldtreat the operation as SUCCESS. When I added extra logic to handleEEXISTS in do_add_addroute ( in nm-linux-platform.c ), the IPv4 erroralso disappeared, and I found that the VPN was now properly configured.

On some of our newer devices, this IPv4 error doesn't occur, however theworkaround appears to be a no-op on these devices.

At minimum, the second problem is a blocker for our next update. Wecould probably live without the peer_address change, however as stated,it results in failures being logged.

I've attached a sanitized syslog which shows the errors in question whena VPN is started.


Any help is much appreciated.

Regards,
/tony

Attachment: mako-rc-434-nm-vpn.out
Description: Text document

Follow-Ups:
- Re: Help with Ubuntu Touch update to NM 1.2
  - From: Thomas Haller

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]