| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
| |
That is also what autotools does. Keep the behvior in sync.
Also, "contrib/scripts/nm-ci-run.sh" does not explicitly enable
nm-cloud-setup, so we ended up not building it in test. This
solves that, by enabling it by default.
|
|
|
|
|
| |
We check once conditionally for enable_concheck, and once for
with_nm_cloud_setup. Don't do it twice.
|
| |
|
|
|
|
|
|
|
| |
container
The bind mount interferes with running certain CI tests that want to
change /etc/hosts.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently if the IPv6 link-local address is removed after it passed
DAD, NetworkManager tries to generate a new link-local address. If
this fails, which is always the case for EUI64, ipv6ll is considered
as failed and the connection can go down (depending on may-fail).
This is particularly bad for virtual interfaces because if somebody
removes the link-local address, the activation can fail and destroy
the interface, breaking all services that require it. Also, it's a
change in behavior introduced in 1.36.0.
It seems that a better approach here is to re-add the address that was
removed externally.
Fixes: aa070fb82190 ('core: add NML3IPv6LL helper')
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1622
|
|\
| |
| |
| |
| | |
https://bugzilla.redhat.com/show_bug.cgi?id=2193422
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1624
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When managing the interface after wake/reenable, the reason determines
whether the device will be sys-iface-state=managed or external.
Commit 5a9a7623c5a4 ('core: set STATE_REASON_CONNECTION_ASSUMED when
waking up') changed the reason from 'now-managed' to
'connection-assumed'; the effect was that devices that were fully
managed before sleeping become external after a wake up. For example:
$ nmcli connection add type ethernet ifname enp1s0
Connection 'ethernet-enp1s0' (47fcd81e-bf00-4c02-b25b-354894f5657e) successfully added.
$ nmcli device | grep enp1s0
enp1s0 ethernet connected ethernet-enp1s0
$ nmcli networking off
$ nmcli device | grep enp1s0
enp1s0 ethernet unmanaged --
$ nmcli networking on
$ nmcli device | grep enp1s0
enp1s0 ethernet unavailable --
Set the correct reason during wake up so that the previous state is
restored.
Fixes: 5a9a7623c5a4 ('core: set STATE_REASON_CONNECTION_ASSUMED when waking up')
https://bugzilla.redhat.com/show_bug.cgi?id=2193422
|
|/ |
|
|\
| |
| |
| | |
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1630
|
| |
| |
| |
| |
| |
| | |
nm_vpn_openconnect_authenticate_helper()
Fixes: 97f2a368f154 ('libnmc-base: add supported options for OpenConnect CLI authentication')
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- use G_N_ELEMENTS() macro instead of having separate defines. The separate
defines mean that when we check g_return_val_if_fail(oc_argc <= OC_ARGS_MAX, FALSE)
that we must double check that OC_ARGS_MAX is really the size of the array
that we want to check.
- replace g_return_val_if_fail() with nm_assert(). In this case, it should be
very clear by review that the buffer is indeed large enough and the assertion
holds. Use nm_assert().
- use unsigned integer for the loop variables. While int theoretically
might exploit undefined behavior of signed overflow, we should instead
use unsigned at places where it's appropriate (for example, those
variables are compared against G_N_ELEMENTS() which gives a size_t type.
- declare auto variables on separate lines.
- make the global variable oc_property_args static and const. The const
means the linker will put it into read-only memory, so we would get
a crash on accidental modification.
|
|/
|
|
|
| |
No explicit unref/free. Resources should be owned by somebody, like an
auto variable with a cleanup attribute.
|
|\
| |
| |
| | |
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1606
|
| |
| |
| |
| | |
Not used for testing, but still might be useful for development.
|
| |
| |
| |
| | |
Not used for testing, but still might be useful for development.
|
| |
| |
| |
| | |
Not used for testing, but still might be useful for development.
|
| | |
|
| |
| |
| |
| |
| | |
A different host can be specified with (undocumented, private)
NM_CLOUD_SETUP_GCP_HOST environment variable.
|
| | |
|
| |
| |
| |
| |
| | |
A different host can be specified with (undocumented, private)
NM_CLOUD_SETUP_AZURE_HOST environment variable.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Don't rely on resources provided by mock metadata server by default,
create the from within the test instead.
This allows for more flexibility, but the locality of the test fixture
relative to the tests makes the test more legible.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reworks the cloud metadata mock server in a significant way.
Most importantly this makes it possible for the client to add and
modify the resources for later retrieval using the PUT method.
This allows the test to create the fixture for itself.
The default set of resources is still provided, so that the too remains
useful as a development aid. If that is not desirable, the --empty
parameter might be passed to cause the server to start with no
resources.
|
| |
| |
| |
| | |
We're going to reuse the setup for tests of other cloud providers.
|
| |
| |
| |
| |
| | |
We rely on the predictable but random MAC addresses. Hardcode them
instead -- the mock service also hardcodes them.
|
| |
| |
| |
| | |
The pass_fds file descriptor is *after* the dup2. Always 3.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
"tools/test-cloud-meta-mock.py""
This changed the fd passing protocol making it not compatible with
systemd-socket-activate(1).
This reverts commit 342ee618c75b350cf5cccf49f2bade85c5dfa3ea.
|
| |
| |
| |
| | |
Otherwise, the following tests will fail too.
|
| |
| |
| |
| |
| |
| | |
When a pexpect check fails, we want to see the full content of the
buffer, so we can better see where it went wrong. Increase the context
that is printed in the error message.
|
| |
| |
| |
| |
| |
| |
| | |
The routes in iproutes were leaked (and ownership stolen
in _nmc_mangle_connection(), leaving dangling pointers).
Fix that by using a GPtrArray instead.
|
|/
|
|
|
| |
For some reason, nm_ip_route_ref() does not return the referenced instance,
making it cumbersome to use. Add a helper.
|
|\
| |
| |
| | |
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1625
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
With old versions of openconnect we need to extract the port# from the
initial URL and then append it to the hostname we eventually get back.
Using strrchr(gw, ':') isn't going to work right with IPv6 literals,
ad we should also be dropping any path element.
So switch to using an int for the port instead of a string, and import a
cut-down variant of openconnect's internal_parse_url() which does
*largely* the same thing with strrchr() but is saved by using the 'end'
value returned from strtol() and insisting that the port is the very
end of the host part of the URL.
|
| |
| |
| |
| |
| |
| | |
Rather than letting openconnect run, and whine that there's no gateway,
and making the user scroll up past the openconnect usage information,
give them an explicit error.
|
| |
| |
| |
| |
| |
| | |
While we're at it, kill the separate openconnect_authenticate() function
since it barely does anything any more and it wants visibility to both
's_vpn' and 'success' variables in the caller.
|
| |
| |
| |
| |
| |
| |
| | |
Pull a bunch of stuff into nm_vpn_openconnect_authenticate_helper() that
both callers were doing for themselves, and make its API a bit simpler.
It's given the NMSettingVpn and the GPtrArray of secrets, and it simply
succeeds or fails.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Ideally, we wouldn't have this hard-coded in NetworkManager itself; we
would invoke a tool to do it for us, like the GUI auth-dialog, which
can live in the NetworkManager-openconnect repository and be kept up
to date as new options are added.
To start with though, let's bring it into sync. We don't add new options
that often, and this will cover the majority of use cases.
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since OpenConnect 8.20, 'openconnect --authenticate' will return the
full gateway URL, including the hostname and the path. This allows
servers behind SNI-based proxies to work. To ensure we end up at the
same IP address even behind round-robin DNS, there is a separate
--resolve argument.
Update nmcli/nmtui to use this, as NetworkManager-openconnect does.
Shift some of the logic into the nm_vpn_openconnect_authenticate_helper()
function instead of duplicating it in the callers.
Also, pass the correct protocol in rather than only supporting Cisco
AnyConnect.
|
|
|
|
| |
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1626
|
|\
| |
| |
| | |
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1623
|
| |
| |
| |
| |
| | |
If only to hit some of the code paths in our test, and to have valgrind
check (some of) the code paths.
|
| |
| |
| |
| |
| | |
Counters are convenient for debugging, but have a performance overhead.
Configure them only when debug logging in NetworkManager is enabled.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
g_assert_cmpmem() exists, but it does not print the actual buffer
content on test failure. It is useful to see what actually failed in
the test output.
Also, nmtst_assert_cmpmem() prints a backslash escaped output, that you
can unescape in the terminal with `echo -e`. You can also directly copy
and paste the output to C source code.
|
|/
|
|
|
|
|
|
| |
double quotes
This is useful when printing a string for debugging. Then we can
printf("v=\"%s\"", utf8safe_escaped_text), which can be safely unescaped
with `echo -e`.
|
|
|
|
|
|
|
|
|
|
| |
Using dlopen() requires us to link with libdl (at least with
some libc). That is cumbersome and was not done by all users of
libnm-glib-aux, thereby causing a linker error.
The code path is only used via nm_assert(). Use GModule instead.
Fixes: a23af8f76469 ('glib-aux: avoid using inet_aton()')
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to systemd, IPv6 forwarding is special anyway, and they only
enable forwarding for "net.ipv6.conf.all.forwarding" ([1]).
Since commit 46e63e03af58 ('device: announce the managed IPv6
configuration with ipv6.method=shared') we support "ipv6.method=shared"
and enable forwarding for IPv6, on the interface. Whether that makes
sense is questionable, given [1] and the claim that setting it
per-interface is not useful.
Anyway, since that change we always reset the "forwarding" sysctl to
zero, when we don't enable shared mode. That is not right, because the
user didn't explicitly ask for that (and there is no configuration
option like systemd-networkd's "IPForward=" setting to control that).
What we instead should do, not touch/reset the sysctl, unless we really
want to.
No longer set "forwarding" to zero by default. And only restore the
previous value (_dev_sysctl_save_ip6_properties()) if we actually
changed the value to "1".
[1] https://github.com/systemd/systemd/blob/b8fba0cded2c3e14fe8c0b52aae3ecf2c9fa718e/src/network/networkd-sysctl.c#L79
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/923
Fixes: 46e63e03af58 ('device: announce the managed IPv6 configuration with ipv6.method=shared')
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1616
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These stages were not properly implemented and don't seem to work.
Drop them.
Note that we do want that our cached containers get collected eventually.
As these are just caches for performance reasons, that could be done with
little downsides (we can just regenerate the containers when we need them).
However, that's not done by our gitlab-ci stages. Instead, it should
be done on a project level. It's not clear whether that is actually done,
but if there is a need (because of the resources that this wastes), then
we should do that (on freedesktop.org's gitlab instance).
|
|\
| |
| |
| | |
git subtree pull --prefix src/n-dhcp4 git@github.com:nettools/n-dhcp4.git master --squash
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
b2a382ac4500 test: use inet_pton() instead of inet_aton() in test tool
45df6a37a710 meson: no longer pass -Wl,--no-undefined explicitly
bb9bcdee5754 n-dhcp4-client: make n_dhcp4_client_set_log_level public
git-subtree-dir: src/n-dhcp4
git-subtree-split: b2a382ac4500dee1abfb7cd5acaa3678e47e9662
|