Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

linux: add policy routing config flag #81415

Merged
merged 1 commit into from Mar 1, 2020
Merged

linux: add policy routing config flag #81415

merged 1 commit into from Mar 1, 2020

Conversation

picnoir
Copy link
Member

@picnoir picnoir commented Feb 29, 2020
edited

Motivation for this change

Continuation of #81405 (comment)

CONFIG_IP_MULTIPLE_TABLES is part of the default x86 kernel config but
absent from the Aarch64 one. Adding this flag on the aarch64 config to
align it with the x86.

I did not use any option guard here: it seem like this flag is supported since Linux 2.5.45 https://cateee.net/lkddb/web-lkddb/IP_MULTIPLE_TABLES.html

Disclaimer: I do not have access to a aarch64 machine to try this out + I don't really know what I'm doing.

CC @samueldr

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

Fixes #61602

@picnoir picnoir force-pushed the nin-routing-policy-aarch-kernel branch from 25d3a44 to cf3cbff Compare February 29, 2020 23:11
@picnoir
Copy link
Member Author

picnoir commented Feb 29, 2020

Note: successfully calling ip rule on a aarch64 machine would prove this fix is correctly working.

@picnoir picnoir force-pushed the nin-routing-policy-aarch-kernel branch from cf3cbff to c98d1ec Compare March 1, 2020 09:18
@picnoir picnoir changed the title linux: add policy routing config flag for aarch64 linux: add policy routing config flag Mar 1, 2020
@samueldr
Copy link
Member

samueldr commented Mar 1, 2020

Currently testing #81405 with this PR. It doesn't work... Though:

depends on: CONFIG_IP_ADVANCED_ROUTER

[samueldr@aarch64:~]$ zgrep 'IP_ADVANCED_ROUTER' /proc/config.gz 
# CONFIG_IP_ADVANCED_ROUTER is not set

I'm waiting on a new build+test with that set.

@picnoir
Copy link
Member Author

picnoir commented Mar 1, 2020

Damned, missed that dependency.

Thanks for running the tests!

@picnoir picnoir force-pushed the nin-routing-policy-aarch-kernel branch from c98d1ec to 1e27857 Compare March 1, 2020 19:25
@picnoir
linux: add policy routing config flag for aarch64
6896b1c 
CONFIG_IP_MULTIPLE_TABLES is part of the default x86 kernel config but
absent from the Aarch64 one. Adding explicitely this flag together
with its dependency IP_ADVANCED_ROUTER.

Both of these config flags are needed to use the routing policy
facilities.
@picnoir picnoir force-pushed the nin-routing-policy-aarch-kernel branch from 1e27857 to 6896b1c Compare March 1, 2020 19:27
samueldr
samueldr approved these changes Mar 1, 2020
View reviewed changes
Copy link
Member

@samueldr samueldr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With IP_ADVANCED_ROUTER = yes the test passes.

@picnoir
Copy link
Member Author

picnoir commented Mar 1, 2020 via email

@flokli flokli merged commit 0a8af28 into NixOS:master Mar 1, 2020
@flokli
Copy link
Contributor

flokli commented Mar 1, 2020

Thanks!

@picnoir picnoir deleted the nin-routing-policy-aarch-kernel branch March 2, 2020 07:20
@nixos-discourse
Copy link

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/ip-rule-address-family-not-supported-by-protocol/3166/3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@samueldr samueldr samueldr approved these changes

Assignees
No one assigned
Labels
10.rebuild-darwin: 0 10.rebuild-linux: 501+ 10.rebuild-linux: 1001-2500
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

ip rule not working on ARM64, sslh.transparent broken
4 participants
@picnoir @samueldr @flokli @nixos-discourse