postmarketos-base: add sysctl config to disable rp_filter on ipv4 (MR 2943)

MMS support (via mmsd-tng) involves sending/receiving network requests/responses over the wwan interface. If it's ipv4-only and the device is connected to some other ipv4 network on another iface (like wifi), this can cause the rp_filter to reject responses on wwan iface because it incorrectly thinks they are martian packets. This does theoretically disable some "security" feature in the kernel, but it's worth noting that: 1) rp_filter isn't implemented at all in the kernel for ipv6 2) other distros (mobian, pureos at least) are also disabling rp_filter 3) this seems to be a relatively common problem with folks using mms on pmOS, since many carriers' data networks are ipv4-only also see: https://gitlab.com/kop316/mmsd/-/merge_requests/55/diffs?commit_id=b22c253fb939ff1eb949ea4e628706e6a28c851a [ci:skip-build] already built successfully in CI
2022-02-14 16:01:57 -08:00 · 2022-02-14 16:01:57 -08:00 · caec14561d
commit caec14561d
parent 3c9dc84b72
2 changed files with 8 additions and 1 deletions
--- a/main/postmarketos-base/APKBUILD
+++ b/main/postmarketos-base/APKBUILD
@ -1,5 +1,5 @@
 pkgname=postmarketos-base
-pkgver=17
+pkgver=18
 pkgrel=0
 pkgdesc="Meta package for minimal postmarketOS base"
 url="https://postmarketos.org"
@ -41,6 +41,7 @@ _source644="
 	etc/issue
 	etc/motd
 	etc/os-release
+	etc/sysctl.d/disable-rp-filter.conf
 	lib/udev/rules.d/20-tm2-touchkey-leds.rules
 	lib/udev/rules.d/50-firmware.rules
 	lib/udev/rules.d/95-rt5033-battery-refresh.rules
@ -109,6 +110,7 @@ e4576c58c35f80bedddb1e89e186f37d31a186d3e9eb046581b8c5d7b7d435e18924539e851d3e67
 45bd0742a64a9d3c4a88e152b97edcf3fa1edca28884f9ea69e7c4c365f1e41ef9056dbe204545de7d4b2ba92e1e5872b2a929c2dcc1dd468e627cc3f090b8e6  rootfs-etc-issue
 01403df3b5a2be0dd70387a3c32cf24a77bc097679fbefca585082a0970b7d756723c33687be3809351b5e31c85947db84861118bfeced8f5f865fe2452555ec  rootfs-etc-motd
 093c201f0c7aa203df447f2a8c27e5834520a7016ce2934ddc35fb037d2ec9acf0f7df7c06e07ad24ba7b4d94ef21fe7ff848c58bd62277eeeb08659fbddf1e9  rootfs-etc-os-release
+b70ee1b39b5f33c9a3e6bf4259158519691c82c8cefb700d4df49eb749a2cce208082e00d4905b9eea2c4f75b6da62f73931931c92157b4132adb35dcf0e0a6f  rootfs-etc-sysctl.d-disable-rp-filter.conf
 de4d8f258cb2ce654be15abe0188caa6ca9cc163fd45350f2025e7e9d043878e3f1202ef9033b1b15d7e18c4b40c3b19db387ee050a3baf03c4bd4293f4721e3  rootfs-lib-udev-rules.d-20-tm2-touchkey-leds.rules
 0b098828080055d3646ea54891cb0e1b578cbc30f5e16f7284f2814c08192f18079a38fb686d192715ae6a3d2cd6625d9e3cf99f234a6f0d94088bb0cb2ce43d  rootfs-lib-udev-rules.d-50-firmware.rules
 766aace60f7aea2515e03aec9f6d3215fcabcd81a235acb7b79bac1ae44e75c3087c541370fe1565a05a78f70a071fe20380b91e23e1fb48390b9df19354d008  rootfs-lib-udev-rules.d-95-rt5033-battery-refresh.rules
--- a/main/postmarketos-base/rootfs-etc-sysctl.d-disable-rp-filter.conf
+++ b/main/postmarketos-base/rootfs-etc-sysctl.d-disable-rp-filter.conf
@ -0,0 +1,5 @@
+# Resolves issues with some services (e.g. MMS) that can expect return traffic
+# on the non-default route/iface.
+
+net.ipv4.conf.default.rp_filter=0
+net.ipv4.conf.all.rp_filter=0