| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In constructed(), NMDevice starts watching the D-Bus name owner or
monitoring the unix socket, and so it is always aware if teamd is
running. When it is, NMDevice connects to it and initializes
priv->tdc.
It is not useful to try to connect to teamd in update_connection()
because warnings will be generated by NM and by libteam if teamd is
not running. As explained above the connection is always initialized
when teamd is available, and so we can just check priv->tdc.
Fixes: ab586236e36b ('core: implement update_connection() for Team')
https://bugzilla.redhat.com/show_bug.cgi?id=2182029
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1631
(cherry picked from commit 93430627c245a0b33b873edca329fa716ccfb7d6)
|
| |
|
|
|
|
|
|
| |
This ABI was backported all the way to 1.42.8 and 1.40.20 and to rhel-8.9.
Move the ABI to a separate symbol version, which we have in all those
versions.
(cherry picked from commit bc0818fe1339bfd25b1b30cd7e86772cc8bee9c5)
|
| |
|
|
| |
(cherry picked from commit 9b8220c9fa6c26257fe809171355b29219efe26a)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently if the IPv6 link-local address is removed after it passed
DAD, NetworkManager tries to generate a new link-local address. If
this fails, which is always the case for EUI64, ipv6ll is considered
as failed and the connection can go down (depending on may-fail).
This is particularly bad for virtual interfaces because if somebody
removes the link-local address, the activation can fail and destroy
the interface, breaking all services that require it. Also, it's a
change in behavior introduced in 1.36.0.
It seems that a better approach here is to re-add the address that was
removed externally.
[bgalvani@redhat.com: since the branch is missing commit 7ca95cee15b3
('platform: always reconfigure IP routes even if removed externally'),
we need to set flag NM_L3CFG_CONFIG_FLAGS_FORCE_ONCE when committing
the address, otherwise it's not re-added]
Fixes: aa070fb82190 ('core: add NML3IPv6LL helper')
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1622
(cherry picked from commit 53ba9f4701f30b12637df2c7215a0b7da845b34c)
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Add per port priority support for bond active port re-selection during
failover. A higher number means a higher priority in selection. The
primary port still has the highest priority. This option is only
compatible with active-backup, balance-tlb and balance-alb modes.
(cherry picked from commit 2f0571f1930ff2c11de4f48b4433ca5fe6c897a0)
|
| | | |
|
| | |
| |
| |
| | |
(cherry picked from commit e200b162914d3bda4c03a19652124330a99bb3ae)
|
| | |
| |
| |
| |
| |
| |
| |
| | |
sysfs is deprecated and kernel will not add new bond port options to
sysfs. Netlink is a stable API and therefore is the right method to
communicate with kernel in order to set the link options.
(cherry picked from commit bb435674b56e876084d4c31138ea95cb3174759f)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
There are many functions to replace properties of a link
(link_set_address, link_set_mtu, link_set_name, link_change,
etc.). Eventually, they will be replaced by a function that does
everything and removes all the code duplication.
That function will be named link_change(); rename the current
link_change() to link_change_extra().
(cherry picked from commit babe2bacd3e23e03d5066b82ac0bb57c60b9db6f)
|
| |/
|
|
|
|
| |
The correct variable for queue-id in ifcfg is BOND_PORT_QUEUE_ID.
(cherry picked from commit 762cd06ffa4ff56b096128c26c931843429dc8c5)
|
| |
|
|
|
|
|
|
|
|
|
| |
A workaround for a nftables issue ([1]). I don't know why that matters.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2177667
Fixes: e9268e392418 ('firewall: add mlag firewall utils for multi chassis link aggregation (MLAG) for bonding-slb')
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1614
(cherry picked from commit d3b54963622f242db1ebeda21dedd9558b484355)
|
| |
|
|
|
| |
Fixes: e6a33c04ebe1 ('all: make "ipv6.addr-gen-mode" configurable by global default')
(cherry picked from commit 48a3682a75bed6e65836341d1a13be5ed3f77939)
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Older versions of iproute2 don't support the "enclimit" argument. Work
around that from the unit tests.
Fixes: 1505ca3626b2 ('platform/tests: ip6gre & ip6gretap test cases (ip6 tunnel flags)')
(cherry picked from commit 640c82710f9b4d0569594ffb970350f437905bda)
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Fixes: e1648d0665a0 ('core: commit l3cd asynchronously on DHCP bound event')
Co-authored-by: Thomas Haller <thaller@redhat.com>
https://bugzilla.redhat.com/show_bug.cgi?id=2179537
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1609
(cherry picked from commit cab80c5129b293a9459d72bd4339f56a62b85eba)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When the unmanaged state is queued, we must ensure that the current
activation doesn't overwrite the queue stated with a new one. This can
happen for example if a dispatcher script or a firewall call
terminate, or if the next activation stage is dispatched.
Fixes-test: @preserve_master_and_ip_settings
https://bugzilla.redhat.com/show_bug.cgi?id=2178269
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1599
(cherry picked from commit 89a8f51235b7cc9c39c2aea8ff717da4e051f8e6)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the client was waiting for IPv6 DAD to complete and the lease was
updated or lost, `wait_ipv6_dad` needs to be cleared; otherwise, at
the next platform change the client will try to evaluate the DAD state
with a different or no lease. In particular if there is no lease the
client will try to decline it because there are no valid addresses,
leading to an assertion failure:
../src/core/dhcp/nm-dhcp-client.c:997:_dhcp_client_decline: assertion failed: (l3cd)
Backtrace:
__GI_raise ()
__GI_abort ()
g_assertion_message ()
g_assertion_message_expr ()
_dhcp_client_decline (self=0x1af13b0, l3cd=0x0, error_message=0x8e25e1 "DAD failed", error=0x7ffec2c45cb0) at ../src/core/dhcp/nm-dhcp-client.c:997
l3_cfg_notify_cb (l3cfg=0x1bc47f0, notify_data=0x7ffec2c46c60, self=0x1af13b0) at ../src/core/dhcp/nm-dhcp-client.c:1190
g_closure_invoke ()
g_signal_emit_valist ()
g_signal_emit ()
_nm_l3cfg_emit_signal_notify () at ../src/core/nm-l3cfg.c:629
_nm_l3cfg_notify_platform_change_on_idle () at ../src/core/nm-l3cfg.c:1390
_platform_signal_on_idle_cb () at ../src/core/nm-netns.c:411
g_idle_dispatch ()
Fixes: 393bc628ff69 ('dhcp: wait DAD completion for DHCPv6 addresses')
https://bugzilla.redhat.com/show_bug.cgi?id=2179890
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1594
(cherry picked from commit 24461954d0063f1017caa850b8aafe660c564d10)
|
| |
|
|
|
| |
Fixes: df1d214b2ea7 ('clients: polkit-agent: implement polkit agent without using libpolkit')
(cherry picked from commit 20bd6b68036b9696d39c96cb0c1600c42d8d4255)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
F_SETFL will reset the flags. That is wrong, as we only want to add
O_NONBLOCK flag and leaving the other flags alone. Usually, we would
need to call F_GETFL first.
Note that on Linux, F_SETFL can only set certain flags, so the
O_RDWR|O_CLOEXEC flags were unaffected by this. That means, most likely
there are no other flags that our use of F_SETFL would wrongly clear.
Still, it's ugly, because it's not obvious whether there might be other
flags.
Avoid that altogether, by setting the flag already during open().
Fixes: 67e092abcbde ('core: better handling of rfkill for WiMAX and WiFi (bgo #629589) (rh #599002)')
(cherry picked from commit 62a85fa84560dc296796c3a63f698f8c15794b99)
|
| |
|
|
|
| |
Fixes: d65702803cb0 ('core: print stderr from nm-daemon-helper')
(cherry picked from commit d1f7e439c6103f3e635beb221718eb09241c6fdb)
|
| |
|
|
|
| |
Fixes: 6ac21ba916b3 ('core: add infrastructure for spawning a helper process')
(cherry picked from commit fd123315e548cb4879bf4b3820d8a9d91d06674e)
|
| |
|
|
|
|
|
|
| |
A "minor" release can still be the latest release. It depends
on which minor release you do. The script isn't smart enough
to understand the difference, so make the hint a bit clearer.
(cherry picked from commit 3c548dd08150d5f3d2c23f5f9a6d0da429732f04)
|
| |
|
|
| |
(cherry picked from commit b88700bd4bfb1f338b43add2f9e0b1b86edda1a4)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
_invalid_option_write_handler()
src/libnm-core-impl/tests/test-keyfile.c: In function '_invalid_option_write_handler':
src/libnm-core-impl/tests/test-keyfile.c:917:9: error: 'message' may be used uninitialized [-Werror=maybe-uninitialized]
917 | g_assert(message && strstr(message, "ethtool.bogus"));
| ^
src/libnm-core-impl/tests/test-keyfile.c:905:29: note: 'message' was declared here
905 | const char *message;
| ^
lto1: all warnings being treated as errors
(cherry picked from commit 8d6349156b08be3b0fbebae99529fdb5222caac1)
|
| |\
| |
| |
| |
| |
| |
| |
| | |
'peat-psuwit:for-upstream/combined-context-mms-proxy-route'
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1584
(cherry picked from commit 9ed802b0c289ec785efb23e76272e61466242d8b)
|
| | |
| |
| |
| | |
(cherry picked from commit bb226d4ed1e9d5737e370d93e505a81bbfff6911)
|
| |/
|
|
|
|
|
|
|
|
| |
The property name under `Settings` dict is just `Proxy`, unlike the one
outside which is `MessageProxy`. See [1].
[1] https://kernel.googlesource.com/pub/scm/network/ofono/ofono/+/refs/heads/master/doc/connman-api.txt#253
Fixes: a6e81af87f18 ('wwan: add support for using oFono as a modem manager')
(cherry picked from commit 264fed47782863ca85841fcf737845decbb9c54c)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
"wifi.seen-bssids" looks like a regular property, but it is not. Unlike
almost all other properties, it does not contain user configuration,
rather it gets filled by the daemon.
The values are thus stored in "/var/lib/NetworkManager/seen-bssids"
file, and the daemon maintains the values separately from the profile.
Only before exporting the profile on D-Bus, the value gets merged (see
NM_SETTINGS_CONNECTION_GET_PRIVATE(self)->>getsettings_cached and
nm_connection_to_dbus_full().
Hence, looking at nm_setting_wireless_get_num_seen_bssids() is not
working. Fix that.
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1253
Fixes: 0f3203338c85 ('wifi: roam aggressively if we on a multi-AP network')
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1577
(cherry picked from commit 07c6f933d1b4ba20be43bb5f5d6f977572411750)
|
| |
|
|
|
|
|
|
| |
Users can set `no-aaaa` DNS option to suppress AAAA queries made by the
stub resolver, including AAAA lookups triggered by NSS-based interfaces
such as getaddrinfo. Only DNS lookups are affected.
(cherry picked from commit 9d4bbf78f0b3a80eec9115663bd9db2c6460b369)
|
| |\
| |
| |
| |
| |
| | |
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1578
(cherry picked from commit afd1a7b9a6284c61073881e6a0a9fbaa6b409b1f)
|
| | |
| |
| |
| |
| |
| |
| |
| | |
The password currently generated has ~48 bits of entropy; increase the
length from 8 to 12 to get ~70 bits. While at it, exclude characters
that look similar and might be entered wrongly by users.
(cherry picked from commit 231128d28d818da2273b99071c1212922222ca82)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Since commit f18bf17deaa5 ('wifi: cleanup
ensure_hotspot_frequency()'), NetworkManager automatically selects a
stable channel for AP connections that don't specify a fixed one. The
advantage of this approach is that NM can select a channel that works
well in the current regulatory domain.
However, nmcli still sets fixed channels 1 for 2.4GHz and 7 for 5GHz
when using the "device wifi hotspot". In particular, channel 7 on 5GHz
seems a bad choice because according to [1] it is not usable anywhere
in the world.
It seems difficult to select channel that works everywhere in the 5GHz
band, so it's better to not set a channel in the profile and let NM
find a usable one. For consistency, do the same also for the 2.4GHz
band even if the default choice (channel 1) should always work; by
letting NM choose a channel, different hotspot created with nmcli have
the chance of using different bands and not interfere with each other.
[1] https://en.wikipedia.org/wiki/List_of_WLAN_channels
(cherry picked from commit e446d2b632e3fe1dbf3bc500c950b41c0e5f73f2)
|
| | |
| |
| |
| |
| |
| |
| | |
The generated password was all non-alphanumeric characters.
Fixes: 6e96d7173168 ('all: use nm_random_*() instead of g_random_*()')
(cherry picked from commit ac2fb0e93d1a7c9c41eba5c77e7e62a9eb07691b)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If the automatically selected channel for an AP is set as NO-IR in the
current regulatory domain, the hotspot connection will fail to
start. NO-IR means that any mechanisms that initiate radiation are not
permitted on this channel, this includes sending probe requests or
modes of operation that require beaconing such as AP. Skip channels
with the NO-IR flag.
(cherry picked from commit 1399aa925d1c0575886b71ec5b80561d35242e9a)
|
| |/
|
|
|
|
|
|
|
|
|
|
|
| |
Store attributes of wifi channels so that in a later commit we can
make better decisions when selecting a channel for hotspot.
Don't skip completely disabled frequencies so that the index of
frequencies doesn't change and get_mesh_channel() and
set_mesh_channel() get a reliable result. This was changed by mistake
in 5abb1133868f ('wifi: ignore disabled frequencies '); however
probably nobody is still using OLPC mesh networking at this point.
(cherry picked from commit df285b154e5b3f399c5ab8e3613adfcee2142150)
|
| |
|
|
|
|
| |
"nm-random-utils.c"
(cherry picked from commit da3c9e470edd0281c9772bf1990cb3422829cd2f)
|
| |\
| |
| |
| |
| |
| | |
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1517
(cherry picked from commit e013074c8983c8481ee1878be9cb68b63658cfce)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
g_random_*() is based on GRand, which is not a CSPRNG. Instead, rely on
kernel to give us good random numbers, which is what nm_random_*() does.
Note that nm_random_*() calls getrandom() (or reads /dev/urandom), which
most likely is slower than GRand. It doesn't matter for our uses though.
It is cumbersome to review all uses of g_rand_*() whether their usage of
a non-cryptographically secure generator is appropriate. Instead, just
always use an appropriate function, thereby avoiding this question. Even
glib documentation refers to reading "/dev/urandom" as alternative. Which
is what nm_random_*() does. These days, it seems unnecessary to not use
the best random generator available, unless it's not fast enough or you
need a stable/seedable stream of random numbers.
In particular in nmcli, we used g_random_int_range() to generate
passwords. That is not appropriate. Sure, it's *only* for the hotspot,
but still.
(cherry picked from commit 6e96d7173168e2231cf576bc9f2aeb1f13529bca)
|
| |/
|
|
| |
(cherry picked from commit fb1d2da97927c2415773901a2548010e78575db8)
|
| |
|
|
|
|
|
|
|
|
| |
NM_CMP_SELF(a, b) returns immediately if the objects are the same.
Fixes: cb29244552af ('core: support compare flags in nm_l3_config_data_cmp_full()')
Fixes-test: @dracut_NM_iSCSI_ibft_table
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1583
(cherry picked from commit 0a02995175e06e62924705393121a1c5efc3822d)
|
| |
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=2179718
Fixes: 8b7e12c2d631 ('cloud-setup/ec2: start with requesting a IMDSv2 token')
Fixes: cd74d7500278 ('cloud-setup: make nm_http_client_req() accept a method argument')
(cherry picked from commit f07da04cd9f16ac9e90d3d57d970ac935ad87b4d)
|
| |\
| |
| |
| |
| |
| | |
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1565
(cherry picked from commit 82a9a493af4c14c8cd28d57d555ee0b5d02c8821)
|
| | |
| |
| |
| | |
(cherry picked from commit 1505ca3626b2d0846d0089b8ce4eae221b3e3c44)
|
| | |
| |
| |
| | |
(cherry picked from commit 7c54d26ad6adac090c788298089be19f460a8638)
|
| |/
|
|
| |
(cherry picked from commit a239317a6b760940658dae3d4bb027032fc0c70b)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The present version of the EC2 metadata API (IMDSv2) requires a header
with a token to be present in all requests. The token is essentially a
cookie that's not actually a cookie that's obtained with a PUT call that
doesn't put anything. Apparently it's too easy to trick someone into
calling a GET method.
EC2 now supports IMDSv2 everywhere with IMDSv1 being optional, so let's
just use IMDSv2 unconditionally. Also, the presence of a token API can
be used to detect the AWS EC2 cloud.
https://bugzilla.redhat.com/show_bug.cgi?id=2151986
(cherry picked from commit 8b7e12c2d631c47292258c29429cd565715ea186)
|
| |
|
|
|
|
|
|
|
| |
Clarify that detect() needs to succeed before get_config().
I thought it's sort of common sense, but it's better to be explicit as
we're going to rely on that.
(cherry picked from commit 088bfd817ab5eb8aa0fb9cffe52fa3f456030ecc)
|
