| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
I find it simpler to follow the pattern of checking conditions and
"erroring out", by going to the next entry. The entire loop already
behaves like that.
|
|
|
|
|
|
|
|
|
| |
Kernel would reject adding a route with a destination host part not
all zero. NetworkManager generally coerces such routes and there
are assertions in place to ensure that.
We forgot to ensure that for certain IPv6 routes from VPN plugins.
This can cause an assertion failure and wrong behavior.
|
|
|
|
|
| |
Add a python example using GObject introspection that shows how to
scan for Wi-Fi P2P peers and connect to one of them.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
env -i starts with an empty environment, which is undesired when the build
environment needs certain environment variables to function.
One such example is a custom PYTHONPATH, which gets dropped by env -i and
results in the nm-settings-docs.xml generator not finding the gi Python module.
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/478
|
|
|
|
|
|
|
|
|
|
|
|
| |
nm_sd_http_url_is_valid_https() is rather clunky, but it is
this way, because we must not disagree with systemd code
about what makes a valid URL.
RFC 8520 says "MUD URLs MUST use the "https" scheme".
See-also: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/463#note_476190
Fixes: cedcea5ee812 ('libnm: fix verification of connection:mud-url property')
|
|\
| |
| |
| | |
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/476
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
While we request a scan, we are not yet actually scanning. That means, the supplicant's
"scanning" property will only change to TRUE a while after we initiate the scan. It may
even never happen.
We thus need to handle that the request is currently pending and react when the
request completes.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
NetworkManager will reject scan requests, if it is currently scanning.
That is very wrong. Even if NetworkManager wants to ratelimit scan
requests or not scan at critical moments, it should never reject a
request, but remember and start scanning as soon as it can.
That should be fixed.
But regardless, also nmcli can do better.
If you issue
$ nmcli device wifi list --rescan yes
once, it works as expected.
If you issue it again right after, the scan request of nmcli will be
rejected. But nmcli cannot just merely complete and print the result.
Instead, it will wait in the hope that a scan result will be present
soon. But if the request was simply rejected, then the result will
never come, and nmcli hangs for the 15 seconds timeout.
Instead, repeatedly re-trigger scan requests, in the hope that as soon
as possible we will be ready.
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add nm_utils_invoke_on_timeout() beside nm_utils_invoke_on_idle().
They are fundamentally similar, except one schedules an idle handler
and the other a timeout.
Also, use the current g_main_context_get_thread_default() as context
instead of the singleton instance. That is a change in behavior, but
the only caller of nm_utils_invoke_on_idle() is the daemon, which
doesn't use different main contexts. Anyway, to avoid anybody being
tripped up by this also change the order of arguments. It anyway
seems nicer to first pass the cancellable, and the callback and user
data as last arguments. It's more in line with glib's asynchronous
methods.
Also, in the unlikely case that the cancellable is already cancelled
from the start, always schedule an idle action to complete fast.
|
| |
|
|\
| |
| |
| | |
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/463
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For one, the setters sd_dhcp_client_set_mud_url() and sd_dhcp6_client_set_request_mud_url()
assert that the value honors these settings. So, we must never pass such values to the
function. Also, before calling n_dhcp4_client_probe_config_append_option()
the code doesn't check whether the URL is short enough. That would be
a bug (unless we ensure that the property is valid from the beginning).
In general, it is necessary to strictly validate the parameter.
Also, returning NM_SETTING_VERIFY_NORMALIZABLE_ERROR for a property that does
not get normalized is a bug.
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The comment isn't right. The fixed array size is in the header file,
because other parts of the code need to know how many elements are in
the array. The alternative would be a define for the size, but that
is only redundant information. Also, even with a define the user who
adds an entry needs to adjust the code in the header. Explicitly stating
the array size in the header makes it almost impossible to accidentally
choosing the wrong size, because the compiler (and unit tests) ensure
the consistency.
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
We have this as a GObject property, so that it can be set at construct
time (to be never modified afterwards). We don't need a readable
GObject property, because there is a getter function that should be
used instead.
|
| |
| |
| |
| |
| |
| |
| |
| | |
- avoid g_assert(). Either we want to gracefully assert (g_return_*()) or we
want to use assertions that are disabled in production builds (nm_assert());
- rename variable s_connection to s_con. This is how variables for this
purpose are commonly called.
|
| |
| |
| |
| |
| | |
n-dhcp4 error codes can also be some positive numbers. Those shall not
be converted to errno. Instead, print the error code directly.
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| | |
See-also: https://github.com/systemd/systemd/pull/15586
|
|/
|
|
|
|
|
|
|
|
|
| |
[thaller@redhat.com: rewritten commit message]
https://tools.ietf.org/html/rfc8520
https://blog.apnic.net/2019/05/14/protecting-the-internet-of-things-with-mud/
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/402
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/463
|
|
|
|
|
|
|
|
|
|
|
| |
Commit b2a0738765d3 ('man: improve manual page for nm-online') removed
the explanation of how may-fail can be used to wait for a specific
address family during boot. I found that part useful. Add it again,
adapting it to the new behavior introduced by 1e5206414af8 ('device:
don't delay startup complete for pending-actions "autoconf", "dhcp4"
and "dhcp6"').
https://bugzilla.redhat.com/show_bug.cgi?id=1825666
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since commit c1907a218a6b ('libnm-core: remove gateway when
never-default=yes in NMSettingIPConfig'), the gateway gets normalized
away when the profile has never-default set.
That means,
$ nmcli connection modify "$PROFILE" ipv4.never-default yes ipv4.gateway 192.168.77.1
does not set the gateway. Likewise, if your profile has already never-default
enabled,
$ nmcli connection modify "$PROFILE" ipv4.gateway 192.168.77.1
will have no effect. That is confusing and undesirable.
Note that we don't adjust the GObject property setter for "gateway" to clear
never-default. I feel, setting one property in libnm should preferably
not unset another (there are exceptions to the rule, like for team
properties). However, for nmcli it's clear in which order properties
are set, so this change is right for the client tool.
https://bugzilla.redhat.com/show_bug.cgi?id=1785039
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/475
|
|\
| |
| |
| | |
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/474
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The profile's "ipv4.gateway" and "ipv6.gateway" has only one real
purpose: to define the next hop of a static default route.
Usually, when specifying a gateway in this way, the default route from
other addressing methods (like DHCPv4 or IPv6 autoconf) gets ignored.
If you have a WireGuard peer with "AllowedIPs=0.0.0.0/0" and
"wireguard.peer-routes" enabled, NetworkManager would automatically add
a route to the peer. Previously, if the user also set a gateway, that
route was suppressed.
That doesn't feel right. Note that configuring a gateway on a WireGuard
profile is likely to be wrong to begin with. At least, unless you take
otherwise care to avoid routing loops. If you take care, setting a
gateway may work, but it would feel clearer to instead just add an
explicit /0 manual route instead.
Also, note that usually you don't need a gateway anyway. WireGuard is a
Layer 3 (IP) tunnel, where the next hop is alway just the other side of
the tunnel. The next hop has little effect on the routes that you
configure on a WireGuard interface. What however matters is whether a
default route is present or not.
Also, an explicit gateway probably works badly with "ipv[46].ip4-auto-default-route",
because in that case the automatism should add a /0 peer-route route in a
separate routing table. The explicit gateway interferes with that too.
Nonetheless, without this patch it's not obvious why the /0 peer
route gets suppressed when a gateway is set. Don't allow for that, and
always add the peer-route.
Probably the profile's gateway setting is still wrong and causes the
profile not to work. But at least, you see all routes configured, and
it's clearer where the (wrong) default route to the gateway comes from.
|
| |
| |
| |
| |
| |
| |
| | |
"ipv[46].never-default" is enabled
Enabling both peer-routes and never-default conflicts with having
AllowedIPs set to a default route. Let never-default win.
|
|/
|
|
|
|
|
| |
This will be useful to set future options on the NMIPConfig.
Yes, the code duplication of NMIP[46]Config is horrible. Needs
to be unified in the future.
|
|
|
|
|
|
|
| |
nmp_object_id_cmp()
Pointers cannot in general be compared directly. Cast to an int first
to avoid the undefined behavior.
|
| |
|
|
|
|
|
|
| |
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/417
Fixes: 4154d9618c90 ('bluetooth: refactor BlueZ handling and let NMBluezManager cache ObjectManager data')
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=1823164
Fixes: b83f07916a54 ('supplicant: large rework of wpa_supplicant handling')
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
owner appears
We shall emit a changed signal when PolicyKit changes. That implies also
emitting the signal when PolicyKit starts. Watch the name owner for
that.
Note that I don't manage to actually receive the "Changed" signal from
PolicyKit. That seems to be due to wrong D-Bus configuration which
prevents the "Changed" signal from PolicyKit to reach NetworkManager.
That is independent from this patch.
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/469
|
|
|
|
| |
Fixes: 5e47fb630ba9 ('dns: add trust-ad DNS option only if all contributing settings agree')
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Connecting to the unix socket can fail with EAGAIN if there are too
many pending connections and the server can't accept them in time
before reaching backlog capacity. Ideally the server should increase
the backlog length, but GLib doesn't provide a way to change it for a
GDBus server. Retry for up to 5 seconds in case of failure.
https://bugzilla.redhat.com/show_bug.cgi?id=1821594
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/471
|
|
|
|
|
|
|
|
| |
Fix the following error when invoking the Connect() p2p method:
call-p2p-connect: failed with Method “fi.w1.wpa_supplicant1.Interface.P2PDevice.Connect” returned type “(s)”, but expected “()”
Fixes: b83f07916a54 ('supplicant: large rework of wpa_supplicant handling')
|
|
|
|
|
| |
Avoid unnecessary string copies. Most option don't have a delimiter
and numerical argument, and there is no need to clone the string.
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=1825285
|
| |
|
| |
|