From 8938eede285fbd2f4e58da0663921d980f9a3f7d Mon Sep 17 00:00:00 2001 From: Uli Baum Date: Sat, 1 Sep 2018 20:07:11 +0200 Subject: [PATCH 1/2] dhcpcd: 6.11.5 -> 7.0.8 --- pkgs/tools/networking/dhcpcd/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/networking/dhcpcd/default.nix b/pkgs/tools/networking/dhcpcd/default.nix index 93529fe4ce53..1fe29b8b96ff 100644 --- a/pkgs/tools/networking/dhcpcd/default.nix +++ b/pkgs/tools/networking/dhcpcd/default.nix @@ -3,11 +3,11 @@ stdenv.mkDerivation rec { # when updating this to >=7, check, see previous reverts: # nix-build -A nixos.tests.networking.scripted.macvlan.x86_64-linux nixos/release-combined.nix - name = "dhcpcd-6.11.5"; + name = "dhcpcd-7.0.8"; src = fetchurl { url = "mirror://roy/dhcpcd/${name}.tar.xz"; - sha256 = "17nnhxmbdcc7k2mh6sgvxisqcqbic5540xbig363ds97gvf795kg"; + sha256 = "1df95lv3cbs3dk718a2vyvzmv7qhpgcxzagb27ylmav96f48x5ln"; }; nativeBuildInputs = [ pkgconfig ]; From 13c3986b7a7da4f29005349674b334b6b914a371 Mon Sep 17 00:00:00 2001 From: Uli Baum Date: Sun, 2 Sep 2018 12:13:06 +0200 Subject: [PATCH 2/2] nixos/tests/networking.*.macvlan: disable reverse path check Generated reverse path filtering rules for the macvlan interface seem to be incorrect, causing the test to fail - sometimes or always, depending on the dhcpcd version used. - Disable reverse path checking temporarily to avoid blocking the channel - Print more diagnostic information for debugging --- nixos/tests/networking.nix | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/nixos/tests/networking.nix b/nixos/tests/networking.nix index ff088ad2621b..02bd4bd98079 100644 --- a/nixos/tests/networking.nix +++ b/nixos/tests/networking.nix @@ -11,6 +11,7 @@ let let vlanIfs = range 1 (length config.virtualisation.vlans); in { + environment.systemPackages = [ pkgs.iptables ]; # to debug firewall rules virtualisation.vlans = [ 1 2 3 ]; boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = true; networking = { @@ -320,9 +321,14 @@ let name = "MACVLAN"; nodes.router = router; nodes.client = { pkgs, ... }: with pkgs.lib; { + environment.systemPackages = [ pkgs.iptables ]; # to debug firewall rules virtualisation.vlans = [ 1 ]; networking = { useNetworkd = networkd; + firewall.logReversePathDrops = true; # to debug firewall rules + # reverse path filtering rules for the macvlan interface seem + # to be incorrect, causing the test to fail. Disable temporarily. + firewall.checkReversePath = false; firewall.allowPing = true; useDHCP = true; macvlans.macvlan.interface = "eth1"; @@ -341,9 +347,16 @@ let $client->waitUntilSucceeds("ip addr show dev eth1 | grep -q '192.168.1'"); $client->waitUntilSucceeds("ip addr show dev macvlan | grep -q '192.168.1'"); - # Print diagnosting information + # Print lots of diagnostic information + $router->log('**********************************************'); $router->succeed("ip addr >&2"); + $router->succeed("ip route >&2"); + $router->execute("iptables-save >&2"); + $client->log('=============================================='); $client->succeed("ip addr >&2"); + $client->succeed("ip route >&2"); + $client->execute("iptables-save >&2"); + $client->log('##############################################'); # Test macvlan creates routable ips $client->waitUntilSucceeds("ping -c 1 192.168.1.1");