Skip to content

[th/static-default-route]

Thomas Haller requested to merge th/static-default-route into master

Quote commit message:

all: allow configuring default-routes as manual, static routes
    
    Up until now, a default-route (with prefix length zero) could not
    be configured directly. The user could only set ipv4.gateway,
    ipv4.never-default, ipv4.route-metric and ipv4.route-table to influence
    the setting of the default-route (respectively for IPv6).
    
    That is a problematic limitation. For one, whether a route has prefix
    length zero or non-zero does not make a fundamental difference. Also,
    it makes it impossible to configure all the routing attributes that one can
    configure otherwise for static routes. For example, the default-route could
    not be configured as "onlink", could not have a special MTU, nor could it be
    placed in a dedicated routing table.
    
    Fix that by lifting the restriction. Note that "ipv4.never-default" does
    not apply to /0 manual routes. Likewise, the previous manners of
    configuring default-routes ("ipv4.gateway") don't conflict with manual
    default-routes.
    
    Server-side this all the pieces are already in place to accept a default-route
    as static routes. This was done by earlier commits like 5c299454b49b
    ('core: rework tracking of gateway/default-route in ip-config').
    
    A long time ago, NMIPRoute would assert that the prefix length is
    positive. That was relaxed by commit a2e93f2de4ac ('libnm: allow zero
    prefix length for NMIPRoute'), already before 1.0.0. Using libnm from
    before 1.0.0 would result in assertion failures.
    
    Note that the default-route-metric-penalty based on connectivity
    checking applies to all /0 routes, even these static routes. Be they
    added due to DHCP, "ipv4.gateway", "ipv4.routes" or "wireguard.peer-routes".
    I wonder whether doing that unconditionally is desirable, and maybe
    there should be a way to opt-out/opt-in for the entire profile or even
    per-routes.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1714438

Also, it makes it possible to configure default-routes for WireGuard in a separate routing-table, which is relevant to manually configure the policy-routing-based solution akin to wireguard.ip4-auto-default-route's automatism.

Please consider especially what about the default-route-metric-penalty.

Merge request reports