diff options
| author | Doro Rose <doroerose@gmail.com> | 2020-05-24 21:19:50 +0200 |
|---|---|---|
| committer | Doro Rose <doroerose@gmail.com> | 2020-05-26 00:53:10 +0200 |
| commit | 5d3a72f68394aa82bfd22db8a2ca28ea6c102bdd (patch) | |
| tree | 93e734466b1f0ab25ec3ea14be476a85dbd0274b /nixos/modules/tasks/network-interfaces.nix | |
| parent | 32b8ed738096bafb4cdb7f70347a0f63f9f40151 (diff) | |
| download | nixpkgs-5d3a72f68394aa82bfd22db8a2ca28ea6c102bdd.tar nixpkgs-5d3a72f68394aa82bfd22db8a2ca28ea6c102bdd.tar.gz nixpkgs-5d3a72f68394aa82bfd22db8a2ca28ea6c102bdd.tar.bz2 nixpkgs-5d3a72f68394aa82bfd22db8a2ca28ea6c102bdd.tar.lz nixpkgs-5d3a72f68394aa82bfd22db8a2ca28ea6c102bdd.tar.xz nixpkgs-5d3a72f68394aa82bfd22db8a2ca28ea6c102bdd.tar.zst nixpkgs-5d3a72f68394aa82bfd22db8a2ca28ea6c102bdd.zip | |
networking-interfaces.nix: remove broken NDP bits from proxyARP
The `networking.interfaces.<name?>.proxyARP` option previously mentioned it would also enable IPv6 forwarding and `proxy_ndp`. However, the `proxy_ndp` option was never actually set (the non-existing `net.ipv6.conf.proxy_arp` sysctl was set instead). In addition `proxy_ndp` also needs individual entries for each ip to proxy for. Proxy ARP and Proxy NDP are two different concepts, and enabling the latter should be a conscious decision. This commit removes the broken NDP support, and disables explicitly enabling IPv6 forwarding (which is the default in most cases anyways) Fixes #62339.
Diffstat (limited to 'nixos/modules/tasks/network-interfaces.nix')
| -rw-r--r-- | nixos/modules/tasks/network-interfaces.nix | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index 44677d417ea..3258e7e61a3 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -283,7 +283,7 @@ let default = false; type = types.bool; description = '' - Turn on proxy_arp for this device (and proxy_ndp for ipv6). + Turn on proxy_arp for this device. This is mainly useful for creating pseudo-bridges between a real interface and a virtual network such as VPN or a virtual machine for interfaces that don't support real bridging (most wlan interfaces). @@ -1055,11 +1055,11 @@ in optionalString hasBonds "options bonding max_bonds=0"; boot.kernel.sysctl = { + "net.ipv4.conf.all.forwarding" = mkDefault (any (i: i.proxyARP) interfaces); "net.ipv6.conf.all.disable_ipv6" = mkDefault (!cfg.enableIPv6); "net.ipv6.conf.default.disable_ipv6" = mkDefault (!cfg.enableIPv6); - "net.ipv6.conf.all.forwarding" = mkDefault (any (i: i.proxyARP) interfaces); } // listToAttrs (flip concatMap (filter (i: i.proxyARP) interfaces) - (i: forEach [ "4" "6" ] (v: nameValuePair "net.ipv${v}.conf.${replaceChars ["."] ["/"] i.name}.proxy_arp" true))) + (i: [(nameValuePair "net.ipv4.conf.${replaceChars ["."] ["/"] i.name}.proxy_arp" true)])) // listToAttrs (forEach interfaces (i: let opt = i.tempAddress; |