| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The IPv4 Strict Reverse Path Forwarding filter (RFC 3704) drops legitimate
traffic when the same route is present on multiple interfaces, which is a
pretty common scenario for IPv4 hosts. In particular, if the traffic is
routable via multiple interfaces it drops traffic incoming via the device that
has lower metric on the route to the originating network.
Among other things, this disrupts existing connection when the user connected
to the Internet via Wi-Fi activates a Wired Ethernet connection that also has a
default route. Also, the Strict filter (and Reverse Path filters in general)
provide practically no value to hosts that have a default route.
The solution this patch uses is to detect scenarios where Strict filter is
known to interfere and switch to a saner RP filter on the affected links.
Routes to the same network on multiple interfaces is a good indication the RP
filter would drop the legitimate traffice from the link with a lower metric.
This includes the default routes.
In such cases, we switch to the Loose Reverse Path Forwarding. This addresses
the problems the multihomed hosts face, at the cost of disabling filtering
altogether when a default route is present. A Feasible Path Reverse Path
Forwarding would address the main problems with the Strict filter, but it's
not implemented by the Linux kernel.
|
| |
|
|
|
|
| |
The devices will use this to reconsider their RP filtering decisions.
|
|
|
|
|
| |
If a route is shadowed by another route to the same network it's a good
indication we're multihoming and want to disable the Strict RP filtering.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NM always asks pppd to run IPV6CP which will complete if the modem supports
IPv6. If the user doesn't want IPv6 then NM just ignores the result. But
if the host has disabled IPv6, then pppd will fail to complete the connection
because pppd tries to assign the Link-Local address to the pppX interface,
and if IPv6 is disabled that fails and terminates the PPP session.
So only request IPV6CP when the user wants IPv6 on the connection; if they
have disabled IPv6 on their host then they can simply set ipv6.method=ignore.
https://mail.gnome.org/archives/networkmanager-list/2017-March/msg00047.html
|
|\
| |
| |
| | |
https://bugzilla.gnome.org/show_bug.cgi?id=752642
|
| |
| |
| |
| |
| |
| |
| | |
[lkundrak@v3.sk: removed libsoup altogether, implemented TODOs and fixed
the poll condition handling]
Co-authored-by: Lubomir Rintel <lkundrak@v3.sk>
|
| | |
|
|/
|
|
|
| |
...instead of via libsoup. This makes it possible to do gTLD suffix checking
even if we're building without libsoup support.
|
|
|
|
|
|
|
| |
Users are probably more familiar with iproute2 route option names than
kernel ones.
Fixes: 54e58eb96bbfcd26d31ddba2e98ff2c59335a02a
|
|\
| |
| |
| | |
https://bugzilla.gnome.org/show_bug.cgi?id=779788
|
| | |
|
| | |
|
| |
| |
| |
| | |
30 should be enough for anybody.
|
| |
| |
| |
| | |
It can be overwritten when other arguments are evaluated.
|
|/
|
|
|
|
|
| |
For nl80211, we don't care about the interface name and only use it
when formatting error messages. For wext, an up-to-date interface name
should be obtained every time to minimize the chance of race
conditions when the interface is renamed.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
state_changed_proxy() updates the value of @state and must also emit
the notify signal for it.
Without this, when the PropertiesChanged signal carrying the change of
'state' arrives after StateChanged, we notice that the value of @state
doesn't change and don't emit the notify, causing a loss of the state
change event.
Fixes: 40ffb962bec3700e447254d4a1cc93f21b8a25dd
https://bugzilla.redhat.com/show_bug.cgi?id=1433883
|
| |
|
|
|
|
| |
https://bugzilla.gnome.org/show_bug.cgi?id=780277
|
|
|
|
| |
https://bugzilla.gnome.org/show_bug.cgi?id=780201
|
| |
|
|
|
|
|
|
|
|
| |
When remove_device() is called on an already unrealized device, we
should release it from master if necessary and clear its IP
configurations to avoid leaks.
https://bugzilla.redhat.com/show_bug.cgi?id=1433303
|
|
|
|
|
| |
Otherwise merely including a header would trigger a deprecation warhing.
The signal slot is not really used anyway.
|
|
|
|
| |
Fixes: f7b1b2820245aff26da0c2c946b55752e91112e5
|
|
|
|
|
|
| |
Python 3 has no "cmp" argument to sorted().
Fixes: b0da972f5fa51608cca5837af9fe7094818204f8
|
|
|
|
|
|
|
|
| |
Changing the MAC address of devices is known to fail with
certain drivers. Add a device-spec to allow disabling it
for for such devices.
Related: https://bugzilla.gnome.org/show_bug.cgi?id=777523
|
|
|
|
|
|
| |
https://bugzilla.gnome.org/show_bug.cgi?id=780199
[thaller@redhat.com: reworded commit message]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NMActiveConnectionStateReason
NMVpnConnectionStateReason is no longer used and replaced by
NMActiveConnectionStateReason. However, the old enums should
stay in place as they were:
Otherwise:
#define NMVpnConnectionStateReason NMActiveConnectionStateReason
causes compiler warnings:
NMVpnConnectionStateReason x;
x = NM_VPN_CONNECTION_STATE_REASON_UNKNOWN; // -Wenum-conversion
if (x == NM_VPN_CONNECTION_STATE_REASON_NO_SECRETS) { } // -Wenum-compare
Similarly, a user who didn't upgrade shall continue to get the
old GType for NM_TYPE_VPN_CONNECTION_STATE_REASON.
In practice, old users will have no issues using the old enum
the places where it worked before.
The only use of the deprecated enum is in vpn_state_changed()
signal slot of NMVpnConnection. This makes the signal slot
itself deprecated. However, NMVpnConnection is an NMObject and commonly
created within libnm itself, not by the user. It is very unlikely that
a user of libnm subclassed NMVpnConnection and makes use of the
vpn_state_changed() signal slot. So, deprecate it without replacement.
Fixes: a91369f80d44d1fc748fc3a9f5d9ef0fb566c77c
|
| |
|
|
|
|
| |
Fixes: 40ffb962bec3700e447254d4a1cc93f21b8a25dd
|
|\
| |
| |
| | |
https://bugzilla.gnome.org/show_bug.cgi?id=779627
|
| | |
|
| |
| |
| |
| |
| | |
It's now the same as NMActiveConnectionStateReason. Keep a compatibility
typedef and enum.
|
| |
| |
| |
| |
| |
| | |
It's utterly useless: the textual version of the reason if logged only if
the plugin fails; but the plugin failure already logs the plugin state
change reason which is directly translated to the connection one.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Track both device and active connections at the same time and decide
whether activation finished (either successfully or not) in a single
place, check_activated().
This makes the already too complex code path a bit more straightforward
and also makes it possible to be more reasonable about the diagnostics.
Now that the active connection signals the reason, we include it; but if
the failure is due to the device disconnection while we're activating,
include a device reason instead, since it's often more useful. Like:
Before:
Error: Connection activation failed.
Without considering the device:
Error: Connection activation failed: the base network connection was interrupted
After:
Error: Connection activation failed: The Wi-Fi network could not be found
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Note that the reason tracking starts as soon as the object exists (which
is immediately after GDBusObject is created), not when the asynchronous
NMObject initialization finishes. That is so that we the reason changes
in between are not lost.
The vpn-connection should probably be doing the same.
|
| |
| |
| |
| |
| |
| |
| |
| | |
It includes a reason code that makes it possible for the clients to be
more reasonable about error messages.
The reason code is essentially copied from the VPN, plus three more
reasons that were useful for non-VPN connections.
|
| |
| |
| |
| |
| | |
Makes it slightly more readable, useful when we copy it to
NMActiveConnectionStateReason.
|
|/ |
|
|\
| |
| |
| | |
https://bugzilla.gnome.org/show_bug.cgi?id=779934
|
| | |
|
| |
| |
| |
| |
| | |
This splits the manual into parts and groups the D-Bus interfaces into chapters
by the object class. It looks considerably better.
|
| | |
|
| |
| |
| |
| |
| | |
Turn the it into a chapter with refentries to better fit the structure
of the table of contects. Also, include the properties in the index.
|
| | |
|
| | |
|
| |
| |
| |
| | |
I guess the daemon and its configuration first makes most sense.
|
| | |
|
| | |
|