| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
VPN secrets with name having prefix 'x-vpn-challenge' are considered
as temporary secrets and never stored.
|
| |
|
|
|
|
|
| |
platform-linux: event-notification: NEWROUTE, seq 5: fd02::2/128 via fd01::1 dev 17 metric 0 mss 0 rt-src rt-unspec src ::/0 cloned mtu 1400
NetworkManager:ERROR:src/platform/nmp-object.h:614:ASSERT_nmp_cache_ops: assertion failed: (obj_old || obj_new)
Fixes: 9440eefb6dc4939752bf049d1669a0a4d37213c2
|
| |
|
|
|
|
|
|
| |
Since commit 22edeb5b691b ("core: track addresses for
NMIP4Config/NMIP6Config via NMDedupMultiIndex"), addresses can be
added to a IP config only after the ifindex has been set.
Fixes: 22edeb5b691befd796c534cf71901b32f0b7945b
|
| |
|
|
| |
Fixes: 22edeb5b691befd796c534cf71901b32f0b7945b
|
| |
|
|
|
|
|
| |
If the subnet index was built without the @full_index flag, secondary
addresses are not present in the hash table.
Fixes: 5fcca9ba3e37152b9fbe645a8436cacbcf846dc5
|
| |
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=1358615
|
| |
|
|
| |
Fixes: 5fcca9ba3e37152b9fbe645a8436cacbcf846dc5
|
| |
|
|
|
|
|
|
|
|
|
| |
Software devices don't have a permanent hardware address and thus it
doesn't make sense to enforce the 'fake' (generated) permanent one
when cloned-mac-address=permanent. Also, setting the fake permanent
address on bond devices, prevents them from inheriting the first slave
hardware address, so let's just skip the setting of MAC when
cloned-mac-address=permanent and there is no real permanent address.
https://bugzilla.redhat.com/show_bug.cgi?id=1472965
|
| |
|
|
|
|
|
| |
Flags DELETE_NEW_CONNECTIONS and DISCONNECT_NEW_DEVICES were added in
1.6, document that.
https://bugzilla.redhat.com/show_bug.cgi?id=1474039
|
| |
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=1457939
|
| |
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=1468358
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Travis used by default Ubuntu 12.04 which is now EOL. Hence, the default
changed.
Eventually, we may want to upgrade the tests to run on Ubuntu 14.04.5
LTS (Trusty Tahr). But for that we need to adjust the travis test
script.
For now, explicitly select precise.
https://blog.travis-ci.com/2017-07-11-trusty-as-default-linux-is-coming?utm_source=web&utm_medium=banner&&utm_campaign=trusty-default
|
| |
|
|
| |
Fixes: 51e1215c85fc410d9a68b64eef3c981ec67ae3d9
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The settings "bridge.mac-address" and "ethernet.cloned-mac-address" have an
overlapping meaning. If the former is unset, fallback to the latter.
Effectively, "bridge.mac-address" is deprecated in favor of
"ethernet.cloned-mac-address", which is more powerful as it supports
various modes like "stable". However, if a connection specifies
"bridge.mac-address", it is used when creating the bridge interface,
while "ethernet.cloned-mac-address" is used shortly after, during
activation.
|
| |
|
|
|
| |
Don't log both in NMPlatform and NMLinuxPlatform.
Also, log all provided arguments.
|
| |
|
|
| |
There is only one caller at the moment, and he passes TRUE anyway.
|
| |
|
|
| |
Fixes: 22edeb5b691befd796c534cf71901b32f0b7945b
|
| |
|
|
|
|
| |
Fixes: 22edeb5b691befd796c534cf71901b32f0b7945b
Fixes: 935411e5c03dcb62d5b2a85e67bf3220c75d0f5e
Fixes: cfd1851c0067773211524c2b648330b6ee7a066c
|
| |
|
|
|
|
|
| |
This bug has no consequences, as the only caller already initialized
the output variable to NULL.
Fixes: f0d40525dfb079820e5dce48360ef6a9a540064a
|
| |
|
|
| |
Fixes: 9440eefb6dc4939752bf049d1669a0a4d37213c2
|
| |
|
|
|
|
| |
Signed-off-by: Richard Fontana <rfontana@redhat.com>
https://mail.gnome.org/archives/networkmanager-list/2017-July/msg00034.html
|
| |\
| |
| |
| | |
https://bugzilla.gnome.org/show_bug.cgi?id=785004
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Kernel requires that the host part of a route (based on network/plen)
is zero. Routes with non-zero host part don't really exist.
In settings (NMIPRoute), we don't enforce that. Hence we must ensure
that we don't let such invalid routes into NMIP4Config/NMIP6Config.
Also at other places where we obtain routes from untrusted sources,
we must sanitize them first.
Also add an assertion to catch such bugs.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
For convenience, to clear the address inplace, allow to leave @src NULL,
instead of requiring to set @src to @dst.
The only problem is, if you make use of this extended behavior and later backport
the use to an older branch, ensure that you cherry-pick this commit too.
That is easy to miss, but you are testing the backport, right?
|
| | |
| |
| |
| |
| | |
Let next and head pointers point to the CList value, instead of
NMDedupMultiEntry.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Contrary to addresses, routes have no ID. When deleting a route,
you cannot just specify certain properties like network/plen,metric.
Well, actually you can specify only certain properties, but then kernel
will treat unspecified properties as wildcard and delete the first matching
route. That is not something we want, because we need to be in control which
exact route shall be deleted.
Also, rtm_tos *must* match. Even if we like the wildcard behavior,
we would need to pass TOS to nm_platform_ip4_route_delete() to be
able to delete routes with non-zero TOS. So, while certain properties
may be omitted, some must not. See how test_ip4_route_options() was
broken.
For NetworkManager it only makes ever sense to call delete on a route,
if the route is already fully known. Which means, we only delete routes
that we have already in the platform cache (otherwise, how would we know
that there is something to delete). Because of that, no longer have separate
IPv4 and IPv6 functions. Instead, have nm_platform_ip_route_delete() which
accepts a full NMPObject from the platform cache.
The code in core doesn't jet make use of this new functionality. It will
in the future.
At least, it fixes deleting routes with differing TOS.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The return value for the delete methods checks whether the object
is actually deleted. That is questionable behavior, because if the netlink
request succeeds, there is little point in checking with the platform cache.
As it is, it is racy.
Anyway, the previous value was totally wrong.
But it also uncovers another platform bug, which currently breaks
route tests. Will be fixed next.
|
| | |
| |
| |
| |
| |
| |
| | |
To reuse array of NMPObject instances instead of creating
a GArray clone.
Also get rid of the nm_platform_ipx_address_get_all() functions.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Reasons:
- it adds an O(1) lookup index for accessing NMIPxConfig's addresses.
Hence, operations like merge/intersect have now runtime O(n) instead
of O(n^2).
Arguably, we expect low numbers of addresses in general. For low
numbers, the O(n^2) doesn't matter and quite likely in those cases
the previous implementation was just fine -- maybe even faster.
But the simple case works fine either way. It's important to scale
well in the exceptional case.
- the tracked objects can be shared between the various NMPI4Config,
NMIP6Config instances with NMPlatform and everybody else.
- the NMPObject can be treated generically, meaning it enables code to
handle both IPv4 and IPv6, or addresses and routes. See for example
_nm_ip_config_add_obj().
- I want core to evolve to somewhere where we don't keep copies of
NMPlatformIP4Address, et al. instances. Instead they shall all be
shared. I hope this will reduce memory consumption (although tracking a
reference consumes some memory too). Also, it shortcuts nmp_object_equal()
when comparing the same object. Calling nmp_object_equal() on the
identical objects would be a common case after the hash function
pre-evaluates equality.
|
| | |
| |
| |
| |
| | |
The @config name is inconsistent. We name the self argument
commonly @self.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add a stable, recursive merge sort for CList.
This could be improved by doing an iterative implementation.
The recursive implementation's stack depth is not an issue,
as it is bound by O(ln(n)). But an iterative implementation
would safe the overhead of O(n*log(n)) function calls and be
potentially faster.
|
| |/
|
|
|
|
| |
The timeout was wrongly set to a huge number, and would never hit.
This leaked some data, that we could instead clean up. It's not
serious however.
|
| |
|
|
|
|
|
|
|
|
|
| |
Previously, the --quick option only mattered when creating
the source tarball, to run `make dist` instead of the slower
`make distcheck`.
Extend its meaning to also skip unit tests while building the RPM.
You still can enable them with
$ ./contrib/fedora/rpm/build_clean.sh -Q -w test
|
| |
|
|
|
|
| |
The package no longer exists.
Fixes: 03586743f09c8c70b43025bce47d5b064bf8999f
|
| |
|
|
|
|
|
| |
NetworkManager-wifi and NetworkManager-glib-devel should require
NetworkManager, not provide it.
https://bugzilla.redhat.com/show_bug.cgi?id=1454505
|
| |
|
|
| |
Fixes: 9d43869e473b47542520c807dace93a6f9520964
|
| |
|
|
|
|
|
|
|
|
|
| |
The @relevant_changes output value must match the result of
!nm_ipX_config_equal(), so route metric and gateway must be taken into
account too.
Fixes: 935411e5c03dcb62d5b2a85e67bf3220c75d0f5e
Fixes: cfd1851c0067773211524c2b648330b6ee7a066c
https://bugzilla.redhat.com/show_bug.cgi?id=1471244
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The DNS manager drops from the search list domains that are public
suffixes to prevent a possible domain hijack when using two-labels
hostnames [1].
This is a problem now that every single-label domain can be a TLD
since this means that such domains can't be used in the search list.
While it's useful to apply such restriction to the domain
automatically derived from the system hostname, it seems wrong to drop
domains specified by users in the configuration or provided by DHCP.
This commit keeps the public-suffix check only for the
hostname-derived domain
[1] https://bugzilla.redhat.com/show_bug.cgi?id=812394
https://bugzilla.redhat.com/show_bug.cgi?id=1404350
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
to "network-online.target.wants"
If we install "NetworkManager-wait-online.service" in the
"network-online.target.wants" directory, network-online.target always
pulls in NetworkManager-wait-online.service. As it was, it could only
be disabled by masking the service.
Instead, we should enable NetworkManager-wait-online.sevice via
systemd's preset. That is already done for Fedora 26 and newer.
Note that NetworkManager-wait-online.sevice already has Install.WantedBy.
This way, the dependency is created automatically when enabling the service.
https://bugzilla.redhat.com/show_bug.cgi?id=1455704
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As far as NetworkManager is concerned, the "connection.id" (also called
"con-name" in nmcli) is a pretty name and does not need to be unique.
UI components usually show the "connection.id" instead of the
"connection.uuid" identifier. It is hence likely, that the user
would not intentionally re-use the same name for multiple connection
profiles.
Print a warning to stderr when the user adds such a connection.
This only affects `nmcli connection add` and `nmcli connection import`,
but not `nmcli connection clone` and not interactive edit mode.
https://bugzilla.redhat.com/show_bug.cgi?id=1460796
|
| | |
|
| |
|
|
| |
Fixes: 667c50f5d920e91d798d51c61e63e3ce87e277d3
|
| |
|
|
|
|
|
|
|
|
| |
NMDedupMultiIndex
And get rid of the unused obj_full_equality_allows_different_class.
It's hard to grasp how to implement different object types that can compare
despite having different klasses. The idea was, that stack allocated
objects (used as lookup needles), are some small lightweight objects,
that still compare equal to the full instance. But it's unused. Drop it.
|
| |
|
|
|
|
| |
Don't overwrite @h.
Fixes: f9202c2ac120152f047845f859bac22759e634f3
|
| |
|
|
|
|
| |
and NMIP6Config.
Fixes: 935411e5c03dcb62d5b2a85e67bf3220c75d0f5e
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In commit d405cfd9089f9552969e6a3e1a1c4550fc3c1695, parsing "interface"
statement is introduced. But it leads to uncommplete parsing of the
"request" entry, if one of the lines in "request" entry is prefixed with
word "interface". For example, the default configuration of openSUSE
distribution:
request subnet-mask, broadcast-address, routers,
rfc3442-classless-static-routes,
interface-mtu, host-name, domain-name, domain-search,
domain-name-servers, nis-domain, nis-servers,
nds-context, nds-servers, nds-tree-name,
netbios-name-servers, netbios-dd-server,
netbios-node-type, netbios-scope, ntp-servers;
Fixes: d405cfd9089f9552969e6a3e1a1c4550fc3c1695
https://bugzilla.opensuse.org/show_bug.cgi?id=1047004
https://mail.gnome.org/archives/networkmanager-list/2017-July/msg00015.html
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Currently nmcli considers the state of the device associated to a
connection to determine the success of an activation; for VPNs the
device is the parent interface on which the VPN is established.
This means that VPNs on bond/bridge/team interfaces are reported as
connected immediately because of the special handling of master
devices state in check_activated().
The parent device state is not meaningful for VPNs, so don't track it.
|
| |
|
|
| |
https://bugzilla.gnome.org/show_bug.cgi?id=784529
|
