summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* ovs: block auto activation of ovs-interfaces until ovsdb is readybg/rh1955101Beniamino Galvani2021-05-191-0/+10
| | | | Otherwise the device tries to activate too early and fails.
* manager: fix active_connection_find()Beniamino Galvani2021-05-191-0/+12
| | | | | | | | | | | | | | | | | | | | | | Commit 33b9fa3a3caf ("manager: Keep volatile/external connections while referenced by async_op_lst") changed active_connection_find() to also return active connections that are not yet activating but are waiting authorization. This has side effect for other callers of the function. In particular, _get_activatable_connections_filter() should exclude only ACs that are really active, not those waiting for authorization. Otherwise, in ensure_master_active_connection() all the ACs waiting authorization are missed and we might fail to find the right master AC. Add an argument to active_connection_find to select whether include ACs waiting authorization. Fixes: 33b9fa3a3caf ('manager: Keep volatile/external connections while referenced by async_op_lst') https://bugzilla.redhat.com/show_bug.cgi?id=1955101
* po: update Occitan (oc) translationMejans2021-05-191-6792/+7236
| | | | https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/861
* dhcp: map "static" DHCP state for dhcpcd to boundThomas Haller2021-05-191-1/+2
| | | | | | | | | | | | | | | | | | A user might configure /etc/dhcpcd.conf to contain static fallback addresses. In that case, the dhcpcd plugin reports the state as "static". Let's treat that the same way as bound. Note that this is not an officially supported or endorsed way of configuring fallback addresses in NetworkManager. Rather, when using DHCP plugins, the user can hack the system and make unsupported modifications in /etc/dhcpcd.conf or /etc/dhcp. This change only makes it a bit easier to do it. See-also: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/579#note_922758 https://bugzilla.gnome.org/show_bug.cgi?id=768362 Based-on-patch-by: gordonb3 <gordon@bosvangennip.nl>
* Revert "Rewrite `./tools/generate-docs-nm-property-infos.py` with XML library"Thomas Haller2021-05-181-36/+38
| | | | | | | This breaks build on RHEL7, probably due to an older python version. Revert for now. This reverts commit a83fb33840baba6da0e75eb5489a63bf3ea39d0d.
* core: merge branch 'th/l3cfg-18'Thomas Haller2021-05-1824-156/+305
|\ | | | | | | https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/854
| * core: add nm_l3_config_data_iter_ip_{address,route}_for_each() helpersThomas Haller2021-05-182-1/+12
| |
| * l3cfg: add more getters to NML3ConfigDataThomas Haller2021-05-183-3/+98
| |
| * glib-aux: add nm_ip_addr_from_packed_array() helperThomas Haller2021-05-181-0/+8
| |
| * core: remove unused best_ip_config_[46] field in NMDnsManagerThomas Haller2021-05-181-25/+0
| |
| * l3cfg: fix nm_l3_config_data_new_clone() to make exact copyThomas Haller2021-05-182-25/+69
| | | | | | | | | | | | We use the merge function to initialize the cloned instance. Previously, merge did not always copy all properties, so the cloned instance might not have been identical. Fix that.
| * core: return instance from nm_dhcp_lease_ref()/nm_dhcp_lease_unref() for ↵Thomas Haller2021-05-181-2/+4
| | | | | | | | convenience
| * core: make IS_IPv4 variable an "int" typeThomas Haller2021-05-181-10/+10
| | | | | | | | | | | | | | gboolean is a typedef for int, so there is no difference in behavior. However, we use IS_IPv4 as index into arrays of length two. Making it "int" seems more approriate. Also, this is what all the other (similar) code does.
| * device: refactor dhcp-anycast-address handling for OLPC mesh deviceThomas Haller2021-05-184-26/+31
| | | | | | | | | | | | | | | | | | | | | | | | dhcp-anycast-address is only set by OLPC mesh device. It's ugly to have this in form of a nm_device_set_dhcp_anycast_address() method, because that means to cache the address in NMDevice. Meaning, we have more state in NMDevice, where it's not clear where it comes from. Instead, whenever we need to DHCP anycast address, as the subclass to provide it (if any). This way, it gets extracted from the currently applied connection at the moment when it is needed. Beyond that, the setting is not duplicated/cached in NMDevice anymore.
| * libnm: comment "olpc-mesh.dhcp-anycast-address" only working with dhclientThomas Haller2021-05-183-2/+4
| |
| * dhcp: refactor DHCP anycast_address to be property of NMDhcpClientThomas Haller2021-05-1810-62/+69
|/ | | | | | | | | | | | | Instead of passing the setting on during ip4_start()/ip6_start(), make it a property of NMDhcpClient. This property is currently only set by OLPC devices, and is only implemented by NMDhcpDhclient. As such, it also does not need to change or get reset. Hence, and immutable, construct-only property is clearer, because we don't have to pass parameters to ip[46]_start(). Arguably, the parameter is still there, but being immutable and always set, make it easier to reason about it.
* ethtool: merge branch 'th/ethtool-autoneg-consistency'Thomas Haller2021-05-182-6/+45
|\ | | | | | | https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/857
| * core: explicitly disable ethtool.pause-autoneg when setting pause-rx/pause-txThomas Haller2021-05-171-6/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Kernel will coerce values like ethtool -A eth0 autoneg on rx off to have autonet still on. Also, if autoneg on the interface is enabled, then `ethtool -A eth0 tx off` has no effect. In NetworkManager, the user cannot configure "autoneg on" together with any rx/tx settings. That would render the profile invalid. However, we also need to take care that a profile nmcli connection add ... ethtool.pause-autoneg ignore ethtool.pause-tx off really means off. That means, we must coerce an unspecified autoneg setting to "off".
| * libnm: reject setting ethtool.pause-autoneg while setting pause-rx/pause-txThomas Haller2021-05-171-0/+23
|/ | | | | | Setting pause-rx/pause-tx to an explicit value, implies that the user does not want to enable autoneg. Reject that as invalid value in the connection profile.
* build: merge branch 'liangwen12year:wl/xml'Thomas Haller2021-05-171-41/+38
|\ | | | | | | https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/842
| * Rewrite `./tools/generate-docs-nm-property-infos.py` with XML libraryWen Liang2021-05-171-38/+36
| | | | | | | | | | | | | | Instead of writing XML text word by word, it is less error prone to write with XML library. Signed-off-by: Wen Liang <liangwen12year@gmail.com>
| * Remove unnecessary escaping for single quoteWen Liang2021-05-171-1/+0
| | | | | | | | | | | | | | When writing XML text with XML library, single quote will not be escaped. So remove the escaping for single quote in current tool. Signed-off-by: Wen Liang <liangwen12year@gmail.com>
| * Add paired `property` tag to `nm-property-infos-*.xml`Wen Liang2021-05-171-1/+1
| | | | | | | | | | | | | | | | In order to make the generated XML file format consistent before and after using XML library, replace self-closing `property` tag with paired `property` tag. Signed-off-by: Wen Liang <liangwen12year@gmail.com>
| * Remove line breaks in attribute value of `nm-property-infos-*.xml`Wen Liang2021-05-171-2/+2
|/ | | | | | | Since line breaks are not needed for XML's attribute tag, remove the unnecessary line breaks. Signed-off-by: Wen Liang <liangwen12year@gmail.com>
* device: commit MTU during stage2bg/rh1890234Beniamino Galvani2021-05-171-0/+2
| | | | | | | | | | | | | | | | | | | | | | Currently we commit the MTU to the device when updating the IP configuration, or when a port device is added to the controller. This means that for a connection with DHCP, the MTU is set only after DHCP has completed. In particular, if DHCP doesn't complete and the connection has an infinite timeout, the MTU is never set. _commit_mtu() tracks different sources for the MTU of a device, and each source has a different priority. Among these sources there are the parent link (for VLANs), a dynamic IP configuration (DHCP, PPP) and the connection profile. A MTU from the connection always has the highest priority and overrides other sources. Therefore, if the connection specifies an MTU it can be applied at stage2, even before configuring IP addressing. https://bugzilla.redhat.com/show_bug.cgi?id=1890234 https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/859
* core: merge branch 'bg/assume'Beniamino Galvani2021-05-143-21/+27
|\ | | | | | | https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/852
| * core: don't reset assume state too earlybg/assumeBeniamino Galvani2021-05-142-3/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the device is still unmanaged by platform-init (which means that udev didn't emit the event for the interface) when the device gets realized, we currently clear the assume state. Later, when the device becomes managed, NM is not able to properly assume the device using the UUID. This situation arises, for example, when NM already configured the device in initrd; after NM is restarted in the real root, udev events can be delayed causing this race condition. Among all unamanaged flags, platform-init is the only one that can be delayed externally. We should not clear the assume state if the device has only platform-init in the unmanaged flags.
| * managed: remove unneeded call to nm_device_assume_state_reset()Beniamino Galvani2021-05-141-1/+0
| | | | | | | | | | | | _set_state_full() in NMDevice already calls nm_device_assume_state_reset() when the device reaches state > DISCONNECTED.
| * device: add NM_UNMANAGED_ALLBeniamino Galvani2021-05-141-17/+18
|/
* firewall: for now always default firewall-backend to "itables"Thomas Haller2021-05-141-6/+3
| | | | | | | ntables backend is not yet well tested. Don't flip the default yet but for now always use iptables. Once nftables is shown to work well, revert this patch.
* firewall: merge branch 'th/firewall-nft'Thomas Haller2021-05-1414-57/+664
|\ | | | | | | https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/847
| * firewall: add special firewall-backend "none"Thomas Haller2021-05-143-6/+30
| |
| * firewall: implement masquerading for shared mode with nftablesThomas Haller2021-05-141-11/+339
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add support for nftables, as a second backend beside iptables (firewalld still missing). Like iptables, choose to call the `nft` tool. The alternative would be to use libnftables or talk netlink. It's ugly to blocking wait for a process to complete. We already do that for iptables, but we better should not because we should not treat other processes as trusted and not allow untrusted code to block NetworkManager. Fixing that would require a central manager that serializes all requests. Especially with firewalld support, this will be interesting again, because we don't want to synchronously talk D-Bus either. For now, `nft` is still called synchronously. However, the internal implementation uses an asynchronous function. That currently serves no purpose except supporting a timeout. Otherwise, the only reason why this is asynchronous is that I implemented this first, and I think in the future we want this code to be non-blocking. So, instead of dropping the asynchronous code, I wrap it in a synchronous function for now. The configured nft table is: table inet nm-shared-eth0 { chain nat_postrouting { type nat hook postrouting priority srcnat; policy accept; ip saddr 192.168.42.0/24 ip daddr != 192.168.42.0/24 masquerade } chain filter_forward { type filter hook forward priority filter; policy accept; ip daddr 192.168.42.0/24 oifname "eth0" ct state { established, related } accept ip saddr 192.168.42.0/24 iifname "eth0" accept iifname "eth0" oifname "eth0" accept iifname "eth0" reject oifname "eth0" reject } }
| * firewall: make firewall-backend configurable via "NetworkManager.conf"Thomas Haller2021-05-149-8/+168
| | | | | | | | | | "iptables" and "nftables" will be supported. Currently, the code is unused and only "iptables" is supported.
| * firewall: refactor is_comment argument to _share_iptables_get_name()Thomas Haller2021-05-141-6/+6
| | | | | | | | | | | | The new name makes it more generic, because the limitation exists for iptables chains. Everything else (iptables comments, nftables tables) has no such length limit.
| * glib-aux: add nm_auto_pop_and_unref_gmaincontext cleanup macroThomas Haller2021-05-141-0/+12
| |
| * glib-aux: add nm_g_subprocess_terminate_in_background() helperThomas Haller2021-05-142-0/+75
| |
| * glib-aux: add NM_STRV_EMPTY() helperThomas Haller2021-05-141-0/+1
| | | | | | | | | | | | NM_PTRARRAY_EMPTY(char*) gives a "char *const*" pointer, which is often not useful where a strv array is needed. Add a helper macro.
| * glib-aux: add nm_g_error_free() helperThomas Haller2021-05-141-0/+7
| |
| * core/format: drop /*<flags>*/ comment from enums that lead to bad formattingThomas Haller2021-05-141-41/+41
|/ | | | | | | | Our clang-format style doesn't work well with these gtk-doc tags. For NetworkManager core, we don't use glib-mkenums. Thus, these comments serve no purpose. Drop them for better formatting.
* core: merge branch 'th/dbus-drop-legacy-properties-changed'Thomas Haller2021-05-1489-1204/+506
|\ | | | | | | https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/853
| * tools: remove deprecated PropertiesChanged signal in ↵Thomas Haller2021-05-141-96/+17
| | | | | | | | "test-networkmanager-service.py"
| * core: drop deprecated PropertiesChanged D-Bus signal (API BREAK)Thomas Haller2021-05-1487-1100/+477
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | D-Bus 1.3.1 (2010) introduced the standard "PropertiesChanged" signal on "org.freedesktop.DBus.Properties". NetworkManager is old, and predates this API. From that time, it still had it's own PropertiesChanged signal that are emitted together with the standard ones. NetworkManager supports the standard PropertiesChanged signal since it switched to gdbus library in version 1.2.0 (2016). These own signals are deprecated for a long time already ([1], 2016), and are hopefully not used by anybody anymore. libnm-glib was using them and relied on them, but that library is gone. libnm does not use them and neither does plasma-nm. Hopefully no users are left that are affected by this API break. [1] https://gitlab.freedesktop.org/NetworkManager/NetworkManager/commits/6fb917178aa19c61e909957f5146aa4565e0cb2f
| * core: use define DBUS_INTERFACE_PROPERTIES instead of string literalThomas Haller2021-05-141-1/+1
| |
| * examples: avoid deprecated PropertiesChanged signal in "create-bond.py" exampleThomas Haller2021-05-141-7/+11
|/
* dhcpcd: merge branch 'th/dhcpcd-kill-em-all'Thomas Haller2021-05-142-20/+27
|\ | | | | | | | | | | https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/726 https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/856
| * dhcpcd: fix killing all processesThomas Haller2021-05-141-20/+22
| | | | | | | | | | | | | | | | | | | | With kill(), the PID -1 means to send a signal to all processes. nm_dhcp_client_get_pid() can return -1, if no PID is set. This must be handled. https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/726 Fixes: a2abd15fe001 ('DHCP: Support dhcpcd-9.x')
| * dhcp: assert that pid_t is signed for NMDhcpClientThomas Haller2021-05-141-0/+5
|/ | | | | | | | | | | | | Probably pid_t is always signed, because kill() documents that negative values have a special meaning (technically, C would automatically cast negative signed values to an unsigned pid_t type too). Anyway, NMDhcpClient at several places uses -1 as special value for "no pid". At the same time, it checks for valid PIDs with "pid > 1". That only works if pid_t is signed. Add a static assertion for that.
* dhcp: nettools: support option 249 (Microsoft Classless Static Route)bg/dhcp-nettools-option249Beniamino Galvani2021-05-141-11/+14
| | | | | | | | | | | | | | | | | | From [1]: The length and the data format for the Microsoft Classless Static Route Option are exactly the same as those specified for the Classless Static Route Option in [RFC3442]; the only difference is that Option Code 249 should be used instead of or in addition to Option Code 121. Use routes from option 249 when option 121 is not present, as already done by the dhclient backend. [1] https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dhcpe/f9c19c79-1c7f-4746-b555-0c0fc523f3f9 https://bugzilla.redhat.com/show_bug.cgi?id=1959461 https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/851
* cli: merge branch 'th/cli-ethtool-ternary'Thomas Haller2021-05-143-17/+39
|\ | | | | | | https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/849
View Lorry Controller Status