commit 5bd13c8d593a74ad168057efe94dd2b3aeeffe14 Author: Miroslav Lichvar Date: Mon Feb 7 13:27:25 2022 +0100 examples: support DHCPv6 NTP servers in NM dispatcher script Latest NetworkManager code provides NTP servers from the DHCPv6 NTP option (RFC 5908) in the DHCP6_DHCP6_NTP_SERVERS variable to dispatcher scripts. Check for invalid characters (which can come from the FQDN suboption) and include the servers in the interface-specific sources file. diff --git a/examples/chrony.nm-dispatcher.dhcp b/examples/chrony.nm-dispatcher.dhcp index 6ea4c370..4454f037 100644 --- a/examples/chrony.nm-dispatcher.dhcp +++ b/examples/chrony.nm-dispatcher.dhcp @@ -1,8 +1,7 @@ #!/bin/sh # This is a NetworkManager dispatcher script for chronyd to update -# its NTP sources passed from DHCP options. Note that this script is -# specific to NetworkManager-dispatcher due to use of the -# DHCP4_NTP_SERVERS environment variable. +# its NTP sources with servers from DHCP options passed by NetworkManager +# in the DHCP4_NTP_SERVERS and DHCP6_DHCP6_NTP_SERVERS environment variables. export LC_ALL=C @@ -10,17 +9,19 @@ interface=$1 action=$2 chronyc=/usr/bin/chronyc -default_server_options=iburst +server_options=iburst server_dir=/var/run/chrony-dhcp dhcp_server_file=$server_dir/$interface.sources -# DHCP4_NTP_SERVERS is passed from DHCP options by NetworkManager. -nm_dhcp_servers=$DHCP4_NTP_SERVERS +dhcp_ntp_servers="$DHCP4_NTP_SERVERS $DHCP6_DHCP6_NTP_SERVERS" add_servers_from_dhcp() { rm -f "$dhcp_server_file" - for server in $nm_dhcp_servers; do - echo "server $server $default_server_options" >> "$dhcp_server_file" + for server in $dhcp_ntp_servers; do + # Check for invalid characters (from the DHCPv6 NTP FQDN suboption) + printf '%s\n' "$server" | grep -E -q '^[-A-Za-z0-9:.]{1,255}$' || continue + + printf 'server %s %s\n' "$server" "$server_options" >> "$dhcp_server_file" done $chronyc reload sources > /dev/null 2>&1 || : } @@ -34,10 +35,11 @@ clear_servers_from_dhcp() { mkdir -p $server_dir -if [ "$action" = "up" ] || [ "$action" = "dhcp4-change" ]; then - add_servers_from_dhcp -elif [ "$action" = "down" ]; then - clear_servers_from_dhcp -fi +case "$action" in + up|dhcp4-change|dhcp6-change) + add_servers_from_dhcp;; + down) + clear_servers_from_dhcp;; +esac exit 0 commit e55f174bd3a7ae82fb24afd43443d0b55d5536cf Author: Miroslav Lichvar Date: Mon Feb 7 13:27:48 2022 +0100 examples: handle more actions in NM dispatcher script Run the chronyc onoffline command also when the connectivity-change and dhcp6-change actions are reported by the NetworkManager dispatcher. The latter should not be necessary, but there currently doesn't seem to be any action for IPv6 becoming routable after duplicate address detection, so at least in networks using DHCPv6, IPv6 NTP servers should not be stuck in the offline state from a previously reported action. diff --git a/examples/chrony.nm-dispatcher.onoffline b/examples/chrony.nm-dispatcher.onoffline index 34cfa0db..01e6fdb1 100644 --- a/examples/chrony.nm-dispatcher.onoffline +++ b/examples/chrony.nm-dispatcher.onoffline @@ -7,8 +7,18 @@ export LC_ALL=C chronyc=/usr/bin/chronyc -# For NetworkManager consider only up/down events -[ $# -ge 2 ] && [ "$2" != "up" ] && [ "$2" != "down" ] && exit 0 +# For NetworkManager consider only selected events +if [ $# -ge 2 ]; then + case "$2" in + up|down|connectivity-change) + ;; + dhcp6-change) + # No other action is reported for routable IPv6 + ;; + *) + exit 0;; + esac +fi # Note: for networkd-dispatcher routable.d ~= on and off.d ~= off commit fca8966adaaf8376536af86ba2afe02501463588 Author: Miroslav Lichvar Date: Wed Mar 23 15:17:03 2022 +0100 examples: replace grep command in NM dispatcher script Some grep implementations detect binary data and return success without matching whole line. This might be an issue for the DHCPv6 NTP FQDN check. The GNU grep in the C locale seems to check only for the NUL character, which cannot be passed in an environment variable, but other implementations might behave differently and there doesn't seem to be a portable way to force matching the whole line. Instead of the grep command, check for invalid characters by comparing the length of the input passed through "tr -d -c". diff --git a/examples/chrony.nm-dispatcher.dhcp b/examples/chrony.nm-dispatcher.dhcp index 4454f037..547ce83f 100644 --- a/examples/chrony.nm-dispatcher.dhcp +++ b/examples/chrony.nm-dispatcher.dhcp @@ -19,7 +19,11 @@ add_servers_from_dhcp() { rm -f "$dhcp_server_file" for server in $dhcp_ntp_servers; do # Check for invalid characters (from the DHCPv6 NTP FQDN suboption) - printf '%s\n' "$server" | grep -E -q '^[-A-Za-z0-9:.]{1,255}$' || continue + len1=$(printf '%s' "$server" | wc -c) + len2=$(printf '%s' "$server" | tr -d -c 'A-Za-z0-9:.-' | wc -c) + if [ "$len1" -ne "$len2" ] || [ "$len2" -lt 1 ] || [ "$len2" -gt 255 ]; then + continue + fi printf 'server %s %s\n' "$server" "$server_options" >> "$dhcp_server_file" done From: Robert Fairley Date: Wed, 17 Jun 2020 10:14:19 -0400 Subject: [PATCH] examples/nm-dispatcher.dhcp: use sysconfig Use the PEERNTP and NTPSERVERARGS environment variables from /etc/sysconfig/network{-scripts}. Co-Authored-By: Christian Glombek diff --git a/examples/chrony.nm-dispatcher.dhcp b/examples/chrony.nm-dispatcher.dhcp index 6ea4c37..a6ad35a 100644 --- a/examples/chrony.nm-dispatcher.dhcp +++ b/examples/chrony.nm-dispatcher.dhcp @@ -8,15 +8,23 @@ export LC_ALL=C interface=$1 action=$2 +[ -f /etc/sysconfig/network ] && . /etc/sysconfig/network +[ -f /etc/sysconfig/network-scripts/ifcfg-"${interface}" ] && \ + . /etc/sysconfig/network-scripts/ifcfg-"${interface}" + chronyc=/usr/bin/chronyc -server_options=iburst -server_dir=/var/run/chrony-dhcp +server_options=${NTPSERVERARGS:-iburst} +server_dir=/run/chrony-dhcp dhcp_server_file=$server_dir/$interface.sources dhcp_ntp_servers="$DHCP4_NTP_SERVERS $DHCP6_DHCP6_NTP_SERVERS" add_servers_from_dhcp() { rm -f "$dhcp_server_file" + + # Don't add NTP servers if PEERNTP=no specified; return early. + [ "$PEERNTP" = "no" ] && return + for server in $dhcp_ntp_servers; do # Check for invalid characters (from the DHCPv6 NTP FQDN suboption) len1=$(printf '%s' "$server" | wc -c)