fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-01-05 11:30:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

dns: merge branch 'Molytho:main'

Browse source 
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/712
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/818

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/993
This commit is contained in:
Thomas Haller 2021-10-17 10:29:15 +02:00
commit 9f1dc1cf94
No known key found for this signature in database
GPG key ID: 29C2366E4DFC5728
20 changed files with 989 additions and 602 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
man/NetworkManager.conf.xml
View file

@ -800,6 +800,10 @@ ipv6.ip6-privacy=0
<term><varname>connection.mdns</varname></term>
<listitem><para>If unspecified, the ultimate default values depends on the DNS plugin. With systemd-resolved the default currently is "no" (0) and for all other plugins also "no" (0).</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>connection.dns-over-tls</varname></term>
<listitem><para>If unspecified, the ultimate default values depends on the DNS plugin. With systemd-resolved the default currently is global setting and for all other plugins "no" (0).</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>connection.stable-id</varname></term>
</varlistentry>

30
src/core/devices/nm-device.c
View file

@ -1198,6 +1198,29 @@ _prop_get_connection_llmnr(NMDevice *self)
NM_SETTING_CONNECTION_LLMNR_DEFAULT);
}
static NMSettingConnectionDnsOverTls
_prop_get_connection_dns_over_tls(NMDevice *self)
{
NMConnection * connection;
NMSettingConnectionDnsOverTls dns_over_tls = NM_SETTING_CONNECTION_DNS_OVER_TLS_DEFAULT;
g_return_val_if_fail(NM_IS_DEVICE(self), NM_SETTING_CONNECTION_DNS_OVER_TLS_DEFAULT);
connection = nm_device_get_applied_connection(self);
if (connection)
dns_over_tls = nm_setting_connection_get_dns_over_tls(
nm_connection_get_setting_connection(connection));
if (dns_over_tls != NM_SETTING_CONNECTION_DNS_OVER_TLS_DEFAULT)
return dns_over_tls;
return nm_config_data_get_connection_default_int64(NM_CONFIG_GET_DATA,
NM_CON_DEFAULT("connection.dns-over-tls"),
self,
NM_SETTING_CONNECTION_DNS_OVER_TLS_NO,
NM_SETTING_CONNECTION_DNS_OVER_TLS_YES,
NM_SETTING_CONNECTION_DNS_OVER_TLS_DEFAULT);
}
static guint32
_prop_get_ipvx_route_table(NMDevice *self, int addr_family)
{
@ -8996,6 +9019,7 @@ ensure_con_ip_config(NMDevice *self, int addr_family)
nm_connection_get_setting_ip4_config(connection),
_prop_get_connection_mdns(self),
_prop_get_connection_llmnr(self),
_prop_get_connection_dns_over_tls(self),
nm_device_get_route_table(self, addr_family),
nm_device_get_route_metric(self, addr_family));
} else {
@ -9500,6 +9524,7 @@ dhcp4_notify(NMDhcpClient *client, const NMDhcpClientNotifyData *notify_data, NM
nm_connection_get_setting_ip4_config(connection),
NM_SETTING_CONNECTION_MDNS_DEFAULT,
NM_SETTING_CONNECTION_LLMNR_DEFAULT,
NM_SETTING_CONNECTION_DNS_OVER_TLS_DEFAULT,
nm_device_get_route_table(self, AF_INET),
nm_device_get_route_metric(self, AF_INET));
@ -11314,6 +11339,7 @@ act_stage3_ip_config_start(NMDevice * self,
nm_connection_get_setting_ip4_config(connection),
NM_SETTING_CONNECTION_MDNS_DEFAULT,
NM_SETTING_CONNECTION_LLMNR_DEFAULT,
NM_SETTING_CONNECTION_DNS_OVER_TLS_DEFAULT,
nm_device_get_route_table(self, AF_INET),
nm_device_get_route_metric(self, AF_INET));
configs = g_new0(NMIP4Config *, 2);
@ -12500,6 +12526,7 @@ nm_device_reactivate_ip_config(NMDevice * self,
s_ip_new,
_prop_get_connection_mdns(self),
_prop_get_connection_llmnr(self),
_prop_get_connection_dns_over_tls(self),
nm_device_get_route_table(self, AF_INET),
nm_device_get_route_metric(self, AF_INET));
} else {
@ -12633,7 +12660,8 @@ can_reapply_change(NMDevice * self,
NM_SETTING_CONNECTION_METERED,
NM_SETTING_CONNECTION_LLDP,
NM_SETTING_CONNECTION_MDNS,
NM_SETTING_CONNECTION_LLMNR);
NM_SETTING_CONNECTION_LLMNR,
NM_SETTING_CONNECTION_DNS_OVER_TLS);
}
if (NM_IN_STRSET(setting_name,

80
src/core/dns/nm-dns-systemd-resolved.c
View file

@ -36,6 +36,7 @@
/* define a variable, so that we can compare the operation with pointer equality. */
static const char *const DBUS_OP_SET_LINK_DEFAULT_ROUTE = "SetLinkDefaultRoute";
static const char *const DBUS_OP_SET_LINK_DNS_OVER_TLS = "SetLinkDNSOverTLS";
/*****************************************************************************/
@ -86,7 +87,12 @@ typedef struct {
bool try_start_blocked : 1;
bool dbus_initied : 1;
bool send_updates_waiting : 1;
NMTernary has_link_default_route : 3;
/* These two variables ensure that the log is not spammed with
* API (not) supported messages.
* They can be removed when no distro uses systemd-resolved < v240 anymore
*/
NMTernary has_link_default_route : 3;
NMTernary has_link_dns_over_tls : 3;
} NMDnsSystemdResolvedPrivate;
struct _NMDnsSystemdResolved {
@ -201,16 +207,26 @@ call_done(GObject *source, GAsyncResult *r, gpointer user_data)
priv->has_link_default_route = NM_TERNARY_TRUE;
_LOGD("systemd-resolved support for SetLinkDefaultRoute(): API supported");
}
if (request_item->operation == DBUS_OP_SET_LINK_DNS_OVER_TLS
&& priv->has_link_dns_over_tls == NM_TERNARY_DEFAULT) {
priv->has_link_dns_over_tls = NM_TERNARY_TRUE;
_LOGD("systemd-resolved support for SetLinkDNSOverTLS(): API supported");
}
priv->send_updates_warn_ratelimited = FALSE;
return;
}
if (request_item->operation == DBUS_OP_SET_LINK_DEFAULT_ROUTE
&& nm_g_error_matches(error, G_DBUS_ERROR, G_DBUS_ERROR_UNKNOWN_METHOD)) {
if (priv->has_link_default_route == NM_TERNARY_DEFAULT) {
if (nm_g_error_matches(error, G_DBUS_ERROR, G_DBUS_ERROR_UNKNOWN_METHOD)) {
if (priv->has_link_default_route == NM_TERNARY_DEFAULT
&& request_item->operation == DBUS_OP_SET_LINK_DEFAULT_ROUTE) {
priv->has_link_default_route = NM_TERNARY_FALSE;
_LOGD("systemd-resolved support for SetLinkDefaultRoute(): API not supported");
}
if (priv->has_link_dns_over_tls == NM_TERNARY_DEFAULT
&& request_item->operation == DBUS_OP_SET_LINK_DNS_OVER_TLS) {
priv->has_link_dns_over_tls = NM_TERNARY_FALSE;
_LOGD("systemd-resolved support for SetLinkDNSOverTLS(): API not supported");
}
return;
}
@ -286,14 +302,15 @@ free_pending_updates(NMDnsSystemdResolved *self)
static gboolean
prepare_one_interface(NMDnsSystemdResolved *self, InterfaceConfig *ic)
{
GVariantBuilder dns;
GVariantBuilder domains;
NMCListElem * elem;
NMSettingConnectionMdns mdns = NM_SETTING_CONNECTION_MDNS_DEFAULT;
NMSettingConnectionLlmnr llmnr = NM_SETTING_CONNECTION_LLMNR_DEFAULT;
const char * mdns_arg = NULL, *llmnr_arg = NULL;
gboolean has_config = FALSE;
gboolean has_default_route = FALSE;
GVariantBuilder dns;
GVariantBuilder domains;
NMCListElem * elem;
NMSettingConnectionMdns mdns = NM_SETTING_CONNECTION_MDNS_DEFAULT;
NMSettingConnectionLlmnr llmnr = NM_SETTING_CONNECTION_LLMNR_DEFAULT;
NMSettingConnectionDnsOverTls dns_over_tls = NM_SETTING_CONNECTION_DNS_OVER_TLS_DEFAULT;
const char * mdns_arg = NULL, *llmnr_arg = NULL, *dns_over_tls_arg = NULL;
gboolean has_config = FALSE;
gboolean has_default_route = FALSE;
g_variant_builder_init(&dns, G_VARIANT_TYPE("(ia(iay))"));
g_variant_builder_add(&dns, "i", ic->ifindex);
@ -315,6 +332,8 @@ prepare_one_interface(NMDnsSystemdResolved *self, InterfaceConfig *ic)
if (NM_IS_IP4_CONFIG(ip_config)) {
mdns = NM_MAX(mdns, nm_ip4_config_mdns_get(NM_IP4_CONFIG(ip_config)));
llmnr = NM_MAX(llmnr, nm_ip4_config_llmnr_get(NM_IP4_CONFIG(ip_config)));
dns_over_tls =
NM_MAX(dns_over_tls, nm_ip4_config_dns_over_tls_get(NM_IP4_CONFIG(ip_config)));
}
}
@ -353,7 +372,24 @@ prepare_one_interface(NMDnsSystemdResolved *self, InterfaceConfig *ic)
}
nm_assert(llmnr_arg);
if (!nm_str_is_empty(mdns_arg) || !nm_str_is_empty(llmnr_arg))
switch (dns_over_tls) {
case NM_SETTING_CONNECTION_DNS_OVER_TLS_NO:
dns_over_tls_arg = "no";
break;
case NM_SETTING_CONNECTION_DNS_OVER_TLS_OPPORTUNISTIC:
dns_over_tls_arg = "opportunistic";
break;
case NM_SETTING_CONNECTION_DNS_OVER_TLS_YES:
dns_over_tls_arg = "yes";
break;
case NM_SETTING_CONNECTION_DNS_OVER_TLS_DEFAULT:
dns_over_tls_arg = "";
break;
}
nm_assert(dns_over_tls_arg);
if (!nm_str_is_empty(mdns_arg) || !nm_str_is_empty(llmnr_arg)
|| !nm_str_is_empty(dns_over_tls_arg))
has_config = TRUE;
_request_item_append(self, "SetLinkDomains", ic->ifindex, g_variant_builder_end(&domains));
@ -370,6 +406,10 @@ prepare_one_interface(NMDnsSystemdResolved *self, InterfaceConfig *ic)
ic->ifindex,
g_variant_new("(is)", ic->ifindex, llmnr_arg ?: ""));
_request_item_append(self, "SetLinkDNS", ic->ifindex, g_variant_builder_end(&dns));
_request_item_append(self,
DBUS_OP_SET_LINK_DNS_OVER_TLS,
ic->ifindex,
g_variant_new("(is)", ic->ifindex, dns_over_tls_arg ?: ""));
return has_config;
}
@ -468,10 +508,13 @@ send_updates(NMDnsSystemdResolved *self)
c_list_for_each_entry (request_item, &priv->request_queue_lst_head, request_queue_lst) {
gs_free char *ss = NULL;
if (request_item->operation == DBUS_OP_SET_LINK_DEFAULT_ROUTE
&& priv->has_link_default_route == NM_TERNARY_FALSE) {
if ((request_item->operation == DBUS_OP_SET_LINK_DEFAULT_ROUTE
&& priv->has_link_default_route == NM_TERNARY_FALSE)
|| (request_item->operation == DBUS_OP_SET_LINK_DNS_OVER_TLS
&& priv->has_link_dns_over_tls == NM_TERNARY_FALSE)) {
/* The "SetLinkDefaultRoute" API is only supported since v240.
* We detected that it is not supported, and skip the call. There
* The "SetLinkDNSOverTLS" API is only supported since v239.
* We detected whether they are supported, and skip the calls. There
* is no special workaround, because in this case we rely on systemd-resolved
* to do the right thing automatically. */
continue;
@ -601,8 +644,10 @@ name_owner_changed(NMDnsSystemdResolved *self, const char *owner)
if (owner) {
priv->try_start_blocked = FALSE;
priv->send_updates_waiting = TRUE;
} else
} else {
priv->has_link_default_route = NM_TERNARY_DEFAULT;
priv->has_link_dns_over_tls = NM_TERNARY_DEFAULT;
}
send_updates(self);
}
@ -918,6 +963,7 @@ nm_dns_systemd_resolved_init(NMDnsSystemdResolved *self)
NMDnsSystemdResolvedPrivate *priv = NM_DNS_SYSTEMD_RESOLVED_GET_PRIVATE(self);
priv->has_link_default_route = NM_TERNARY_DEFAULT;
priv->has_link_dns_over_tls = NM_TERNARY_DEFAULT;
c_list_init(&priv->request_queue_lst_head);
c_list_init(&priv->handle_lst_head);

104
src/core/nm-ip4-config.c
View file

@ -287,27 +287,28 @@ NM_GOBJECT_PROPERTIES_DEFINE(NMIP4Config,
PROP_DNS_PRIORITY, );
typedef struct {
bool metered : 1;
bool never_default : 1;
guint32 mtu;
int ifindex;
NMIPConfigSource mtu_source;
int dns_priority;
NMSettingConnectionMdns mdns;
NMSettingConnectionLlmnr llmnr;
GArray * nameservers;
GPtrArray * domains;
GPtrArray * searches;
GPtrArray * dns_options;
GArray * nis;
char * nis_domain;
GArray * wins;
GVariant * address_data_variant;
GVariant * addresses_variant;
GVariant * route_data_variant;
GVariant * routes_variant;
NMDedupMultiIndex * multi_idx;
const NMPObject * best_default_route;
bool metered : 1;
bool never_default : 1;
guint32 mtu;
int ifindex;
NMIPConfigSource mtu_source;
int dns_priority;
NMSettingConnectionMdns mdns;
NMSettingConnectionLlmnr llmnr;
NMSettingConnectionDnsOverTls dns_over_tls;
GArray * nameservers;
GPtrArray * domains;
GPtrArray * searches;
GPtrArray * dns_options;
GArray * nis;
char * nis_domain;
GArray * wins;
GVariant * address_data_variant;
GVariant * addresses_variant;
GVariant * route_data_variant;
GVariant * routes_variant;
NMDedupMultiIndex * multi_idx;
const NMPObject * best_default_route;
union {
NMIPConfigDedupMultiIdxType idx_ip4_addresses_;
NMDedupMultiIdxType idx_ip4_addresses;
@ -747,12 +748,13 @@ nm_ip4_config_commit(const NMIP4Config * self,
}
void
nm_ip4_config_merge_setting(NMIP4Config * self,
NMSettingIPConfig * setting,
NMSettingConnectionMdns mdns,
NMSettingConnectionLlmnr llmnr,
guint32 route_table,
guint32 route_metric)
nm_ip4_config_merge_setting(NMIP4Config * self,
NMSettingIPConfig * setting,
NMSettingConnectionMdns mdns,
NMSettingConnectionLlmnr llmnr,
NMSettingConnectionDnsOverTls dns_over_tls,
guint32 route_table,
guint32 route_metric)
{
guint naddresses, nroutes, nnameservers, nsearches;
int i, priority;
@ -868,6 +870,7 @@ nm_ip4_config_merge_setting(NMIP4Config * self,
nm_ip4_config_mdns_set(self, mdns);
nm_ip4_config_llmnr_set(self, llmnr);
nm_ip4_config_dns_over_tls_set(self, dns_over_tls);
nm_ip4_config_set_never_default(self, nm_setting_ip_config_get_never_default(setting));
@ -1112,6 +1115,10 @@ nm_ip4_config_merge(NMIP4Config * dst,
/* LLMNR */
nm_ip4_config_llmnr_set(dst,
NM_MAX(nm_ip4_config_llmnr_get(src), nm_ip4_config_llmnr_get(dst)));
/* dns_over_tls */
nm_ip4_config_dns_over_tls_set(
dst,
NM_MAX(nm_ip4_config_dns_over_tls_get(src), nm_ip4_config_dns_over_tls_get(dst)));
g_object_thaw_notify(G_OBJECT(dst));
}
@ -1357,6 +1364,10 @@ nm_ip4_config_subtract(NMIP4Config * dst,
if (nm_ip4_config_llmnr_get(src) == nm_ip4_config_llmnr_get(dst))
nm_ip4_config_llmnr_set(dst, NM_SETTING_CONNECTION_LLMNR_DEFAULT);
/* dns_over_tls */
if (nm_ip4_config_dns_over_tls_get(src) == nm_ip4_config_dns_over_tls_get(dst))
nm_ip4_config_dns_over_tls_set(dst, NM_SETTING_CONNECTION_DNS_OVER_TLS_DEFAULT);
g_object_thaw_notify(G_OBJECT(dst));
}
@ -1466,6 +1477,7 @@ skip_routes:
/* ignore WINS */
/* ignore mdns */
/* ignore LLMNR */
/* ignore dns_over_tls */
if (update_dst)
g_object_thaw_notify(G_OBJECT(dst));
@ -1777,6 +1789,11 @@ nm_ip4_config_replace(NMIP4Config *dst, const NMIP4Config *src, gboolean *releva
has_relevant_changes = TRUE;
}
if (src_priv->dns_over_tls != dst_priv->dns_over_tls) {
dst_priv->dns_over_tls = src_priv->dns_over_tls;
has_relevant_changes = TRUE;
}
/* DNS priority */
if (src_priv->dns_priority != dst_priv->dns_priority) {
nm_ip4_config_set_dns_priority(dst, src_priv->dns_priority);
@ -2521,6 +2538,18 @@ nm_ip4_config_llmnr_set(NMIP4Config *self, NMSettingConnectionLlmnr llmnr)
NM_IP4_CONFIG_GET_PRIVATE(self)->llmnr = llmnr;
}
NMSettingConnectionDnsOverTls
nm_ip4_config_dns_over_tls_get(const NMIP4Config *self)
{
return NM_IP4_CONFIG_GET_PRIVATE(self)->dns_over_tls;
}
void
nm_ip4_config_dns_over_tls_set(NMIP4Config *self, NMSettingConnectionDnsOverTls dns_over_tls)
{
NM_IP4_CONFIG_GET_PRIVATE(self)->dns_over_tls = dns_over_tls;
}
/*****************************************************************************/
NMIPConfigFlags
@ -2901,6 +2930,10 @@ nm_ip4_config_hash(const NMIP4Config *self, GChecksum *sum, gboolean dns_only)
if (val != NM_SETTING_CONNECTION_LLMNR_DEFAULT)
g_checksum_update(sum, (const guint8 *) &val, sizeof(val));
val = nm_ip4_config_dns_over_tls_get(self);
if (val != NM_SETTING_CONNECTION_DNS_OVER_TLS_DEFAULT)
g_checksum_update(sum, (const guint8 *) &val, sizeof(val));
/* FIXME(ip-config-checksum): the DNS priority should be considered relevant
* and added into the checksum as well, but this can't be done right now
* because in the DNS manager we rely on the fact that an empty
@ -3095,14 +3128,15 @@ nm_ip4_config_init(NMIP4Config *self)
nm_ip_config_dedup_multi_idx_type_init((NMIPConfigDedupMultiIdxType *) &priv->idx_ip4_routes,
NMP_OBJECT_TYPE_IP4_ROUTE);
priv->mdns = NM_SETTING_CONNECTION_MDNS_DEFAULT;
priv->llmnr = NM_SETTING_CONNECTION_LLMNR_DEFAULT;
priv->nameservers = g_array_new(FALSE, FALSE, sizeof(guint32));
priv->domains = g_ptr_array_new_with_free_func(g_free);
priv->searches = g_ptr_array_new_with_free_func(g_free);
priv->dns_options = g_ptr_array_new_with_free_func(g_free);
priv->nis = g_array_new(FALSE, TRUE, sizeof(guint32));
priv->wins = g_array_new(FALSE, TRUE, sizeof(guint32));
priv->mdns = NM_SETTING_CONNECTION_MDNS_DEFAULT;
priv->llmnr = NM_SETTING_CONNECTION_LLMNR_DEFAULT;
priv->dns_over_tls = NM_SETTING_CONNECTION_DNS_OVER_TLS_DEFAULT;
priv->nameservers = g_array_new(FALSE, FALSE, sizeof(guint32));
priv->domains = g_ptr_array_new_with_free_func(g_free);
priv->searches = g_ptr_array_new_with_free_func(g_free);
priv->dns_options = g_ptr_array_new_with_free_func(g_free);
priv->nis = g_array_new(FALSE, TRUE, sizeof(guint32));
priv->wins = g_array_new(FALSE, TRUE, sizeof(guint32));
}
NMIP4Config *

15
src/core/nm-ip4-config.h
View file

@ -124,12 +124,13 @@ gboolean nm_ip4_config_commit(const NMIP4Config * self,
NMPlatform * platform,
NMIPRouteTableSyncMode route_table_sync);
void nm_ip4_config_merge_setting(NMIP4Config * self,
NMSettingIPConfig * setting,
NMSettingConnectionMdns mdns,
NMSettingConnectionLlmnr llmnr,
guint32 route_table,
guint32 route_metric);
void nm_ip4_config_merge_setting(NMIP4Config * self,
NMSettingIPConfig * setting,
NMSettingConnectionMdns mdns,
NMSettingConnectionLlmnr llmnr,
NMSettingConnectionDnsOverTls dns_over_tls,
guint32 route_table,
guint32 route_metric);
NMSetting *nm_ip4_config_create_setting(const NMIP4Config *self);
void nm_ip4_config_merge(NMIP4Config * dst,
@ -161,6 +162,8 @@ NMSettingConnectionMdns nm_ip4_config_mdns_get(const NMIP4Config *self);
void nm_ip4_config_mdns_set(NMIP4Config *self, NMSettingConnectionMdns mdns);
NMSettingConnectionLlmnr nm_ip4_config_llmnr_get(const NMIP4Config *self);
void nm_ip4_config_llmnr_set(NMIP4Config *self, NMSettingConnectionLlmnr llmnr);
NMSettingConnectionDnsOverTls nm_ip4_config_dns_over_tls_get(const NMIP4Config *self);
void nm_ip4_config_dns_over_tls_set(NMIP4Config *self, NMSettingConnectionDnsOverTls dns_over_tls);
void nm_ip4_config_set_config_flags(NMIP4Config *self, NMIPConfigFlags flags, NMIPConfigFlags mask);
NMIPConfigFlags nm_ip4_config_get_config_flags(const NMIP4Config *self);

9
src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
View file

@ -634,6 +634,15 @@ make_connection_setting(const char *file,
PARSE_WARNING("invalid LLMNR setting");
g_object_set(s_con, NM_SETTING_CONNECTION_LLMNR, i_val, NULL);
i_val = NM_SETTING_CONNECTION_DNS_OVER_TLS_DEFAULT;
if (!svGetValueEnum(ifcfg,
"DNS_OVER_TLS",
nm_setting_connection_dns_over_tls_get_type(),
&i_val,
NULL))
PARSE_WARNING("invalid DNS_OVER_TLS setting");
g_object_set(s_con, NM_SETTING_CONNECTION_DNS_OVER_TLS, i_val, NULL);
return NM_SETTING(s_con);
}

1
src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.c
View file

@ -892,6 +892,7 @@ const NMSIfcfgKeyTypeInfo nms_ifcfg_well_known_keys[] = {
_KEY_TYPE("DHCPv6_DUID", NMS_IFCFG_KEY_TYPE_IS_PLAIN),
_KEY_TYPE("DHCPv6_IAID", NMS_IFCFG_KEY_TYPE_IS_PLAIN),
_KEY_TYPE("DNS", NMS_IFCFG_KEY_TYPE_IS_NUMBERED),
_KEY_TYPE("DNS_OVER_TLS", NMS_IFCFG_KEY_TYPE_IS_PLAIN),
_KEY_TYPE("DOMAIN", NMS_IFCFG_KEY_TYPE_IS_PLAIN),
_KEY_TYPE("ESSID", NMS_IFCFG_KEY_TYPE_IS_PLAIN),
_KEY_TYPE("ETHTOOL_OPTS", NMS_IFCFG_KEY_TYPE_IS_PLAIN),

2
src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.h
View file

@ -33,7 +33,7 @@ typedef struct {
NMSIfcfgKeyTypeFlags key_flags;
} NMSIfcfgKeyTypeInfo;
extern const NMSIfcfgKeyTypeInfo nms_ifcfg_well_known_keys[252];
extern const NMSIfcfgKeyTypeInfo nms_ifcfg_well_known_keys[253];
const NMSIfcfgKeyTypeInfo *nms_ifcfg_well_known_key_find_info(const char *key, gssize *out_idx);

9
src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
View file

@ -2087,6 +2087,7 @@ write_connection_setting(NMSettingConnection *s_con, shvarFile *ifcfg)
gint32 vint32;
NMSettingConnectionMdns mdns;
NMSettingConnectionLlmnr llmnr;
NMSettingConnectionDnsOverTls dns_over_tls;
guint32 vuint32;
const char * tmp, *mud_url;
@ -2270,6 +2271,14 @@ write_connection_setting(NMSettingConnection *s_con, shvarFile *ifcfg)
if (llmnr != NM_SETTING_CONNECTION_LLMNR_DEFAULT) {
svSetValueEnum(ifcfg, "LLMNR", nm_setting_connection_llmnr_get_type(), llmnr);
}
dns_over_tls = nm_setting_connection_get_dns_over_tls(s_con);
if (dns_over_tls != NM_SETTING_CONNECTION_DNS_OVER_TLS_DEFAULT) {
svSetValueEnum(ifcfg,
"DNS_OVER_TLS",
nm_setting_connection_dns_over_tls_get_type(),
dns_over_tls);
}
}
static char *

1
src/core/vpn/nm-vpn-connection.c
View file

@ -1659,6 +1659,7 @@ nm_vpn_connection_ip4_config_get(NMVpnConnection *self, GVariant *dict)
s_ip,
nm_setting_connection_get_mdns(s_con),
nm_setting_connection_get_llmnr(s_con),
nm_setting_connection_get_dns_over_tls(s_con),
route_table,
route_metric);

2
src/libnm-client-impl/libnm.ver
View file

@ -1813,4 +1813,6 @@ global:
nm_setting_bond_port_get_queue_id;
nm_setting_bond_port_get_type;
nm_setting_bond_port_new;
nm_setting_connection_get_dns_over_tls;
nm_setting_connection_dns_over_tls_get_type;
} libnm_1_32_4;

75
src/libnm-core-impl/nm-setting-connection.c
View file

@ -64,6 +64,7 @@ NM_GOBJECT_PROPERTIES_DEFINE(NMSettingConnection,
PROP_LLDP,
PROP_MDNS,
PROP_LLMNR,
PROP_DNS_OVER_TLS,
PROP_STABLE_ID,
PROP_AUTH_RETRIES,
PROP_WAIT_DEVICE_TIMEOUT,
@ -88,6 +89,7 @@ typedef struct {
gint32 auth_retries;
gint32 mdns;
gint32 llmnr;
gint32 dns_over_tls;
gint32 wait_device_timeout;
gint32 lldp;
guint32 gateway_ping_timeout;
@ -977,6 +979,23 @@ nm_setting_connection_get_llmnr(NMSettingConnection *setting)
return NM_SETTING_CONNECTION_GET_PRIVATE(setting)->llmnr;
}
/**
* nm_setting_connection_get_dns_over_tls:
* @setting: the #NMSettingConnection
*
* Returns: the #NMSettingConnection:dns-over-tls property of the setting.
*
* Since: 1.34
**/
NMSettingConnectionDnsOverTls
nm_setting_connection_get_dns_over_tls(NMSettingConnection *setting)
{
g_return_val_if_fail(NM_IS_SETTING_CONNECTION(setting),
NM_SETTING_CONNECTION_DNS_OVER_TLS_DEFAULT);
return NM_SETTING_CONNECTION_GET_PRIVATE(setting)->dns_over_tls;
}
static void
_set_error_missing_base_setting(GError **error, const char *type)
{
@ -1316,6 +1335,20 @@ after_interface_name:
return FALSE;
}
if (priv->dns_over_tls < (int) NM_SETTING_CONNECTION_DNS_OVER_TLS_DEFAULT
|| priv->dns_over_tls > (int) NM_SETTING_CONNECTION_DNS_OVER_TLS_YES) {
g_set_error(error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
_("value %d is not valid"),
priv->dns_over_tls);
g_prefix_error(error,
"%s.%s: ",
NM_SETTING_CONNECTION_SETTING_NAME,
NM_SETTING_CONNECTION_DNS_OVER_TLS);
return FALSE;
}
if (!NM_IN_SET(priv->multi_connect,
(int) NM_CONNECTION_MULTI_CONNECT_DEFAULT,
(int) NM_CONNECTION_MULTI_CONNECT_SINGLE,
@ -1668,6 +1701,9 @@ get_property(GObject *object, guint prop_id, GValue *value, GParamSpec *pspec)
case PROP_LLMNR:
g_value_set_int(value, priv->llmnr);
break;
case PROP_DNS_OVER_TLS:
g_value_set_int(value, priv->dns_over_tls);
break;
case PROP_WAIT_DEVICE_TIMEOUT:
g_value_set_int(value, priv->wait_device_timeout);
break;
@ -1780,6 +1816,9 @@ set_property(GObject *object, guint prop_id, const GValue *value, GParamSpec *ps
case PROP_LLMNR:
priv->llmnr = g_value_get_int(value);
break;
case PROP_DNS_OVER_TLS:
priv->dns_over_tls = g_value_get_int(value);
break;
case PROP_WAIT_DEVICE_TIMEOUT:
priv->wait_device_timeout = g_value_get_int(value);
break;
@ -2540,6 +2579,42 @@ nm_setting_connection_class_init(NMSettingConnectionClass *klass)
NMSettingConnectionPrivate,
llmnr);
/**
* NMSettingConnection:dns-over-tls:
*
* Whether DNSOverTls (dns-over-tls) is enabled for the connection.
* DNSOverTls is a technology which uses TLS to encrypt dns traffic.
*
* The permitted values are: "yes" (2) use DNSOverTls and disabled fallback,
* "opportunistic" (1) use DNSOverTls but allow fallback to unencrypted resolution,
* "no" (0) don't ever use DNSOverTls.
* If unspecified "default" depends on the plugin used. Systemd-resolved
* uses global setting.
*
* This feature requires a plugin which supports DNSOverTls. Otherwise, the
* setting has no effect. One such plugin is dns-systemd-resolved.
*
* Since: 1.34
**/
/* ---ifcfg-rh---
* property: dns-over-tls
* variable: DNS_OVER_TLS(+)
* values: yes,no,opportunistic
* default: missing variable means global default
* description: Whether or not DNSOverTls is enabled for the connection
* ---end---
*/
_nm_setting_property_define_direct_int32(properties_override,
obj_properties,
NM_SETTING_CONNECTION_DNS_OVER_TLS,
PROP_DNS_OVER_TLS,
G_MININT32,
G_MAXINT32,
NM_SETTING_CONNECTION_DNS_OVER_TLS_DEFAULT,
NM_SETTING_PARAM_NONE,
NMSettingConnectionPrivate,
dns_over_tls);
/**
* NMSettingConnection:wait-device-timeout:
*

1
src/libnm-core-impl/tests/test-general.c
View file

@ -3820,6 +3820,7 @@ test_connection_diff_a_only(void)
{NM_SETTING_CONNECTION_AUTH_RETRIES, NM_SETTING_DIFF_RESULT_IN_A},
{NM_SETTING_CONNECTION_MDNS, NM_SETTING_DIFF_RESULT_IN_A},
{NM_SETTING_CONNECTION_LLMNR, NM_SETTING_DIFF_RESULT_IN_A},
{NM_SETTING_CONNECTION_DNS_OVER_TLS, NM_SETTING_DIFF_RESULT_IN_A},
{NM_SETTING_CONNECTION_MUD_URL, NM_SETTING_DIFF_RESULT_IN_A},
{NM_SETTING_CONNECTION_WAIT_DEVICE_TIMEOUT, NM_SETTING_DIFF_RESULT_IN_A},
{NULL, NM_SETTING_DIFF_RESULT_UNKNOWN}}},

21
src/libnm-core-public/nm-setting-connection.h
View file

@ -56,6 +56,7 @@ G_BEGIN_DECLS
#define NM_SETTING_CONNECTION_AUTH_RETRIES "auth-retries"
#define NM_SETTING_CONNECTION_MDNS "mdns"
#define NM_SETTING_CONNECTION_LLMNR "llmnr"
#define NM_SETTING_CONNECTION_DNS_OVER_TLS "dns-over-tls"
#define NM_SETTING_CONNECTION_WAIT_DEVICE_TIMEOUT "wait-device-timeout"
#define NM_SETTING_CONNECTION_MUD_URL "mud-url"
@ -127,6 +128,24 @@ typedef enum {
NM_SETTING_CONNECTION_LLMNR_YES = 2,
} NMSettingConnectionLlmnr;
/**
* NMSettingConnectionDnsOverTls:
* @NM_SETTING_CONNECTION_DNS_OVER_TLS_DEFAULT: default value
* @NM_SETTING_CONNECTION_DNS_OVER_TLS_NO: disable DNSOverTls
* @NM_SETTING_CONNECTION_DNS_OVER_TLS_OPPORTUNISTIC: enable opportunistic mode
* @NM_SETTING_CONNECTION_DNS_OVER_TLS_YES: enable strict mode
*
* #NMSettingConnectionDnsOverTls values indicate whether DNSOverTls should be enabled.
*
* Since: 1.34
*/
typedef enum {
NM_SETTING_CONNECTION_DNS_OVER_TLS_DEFAULT = -1,
NM_SETTING_CONNECTION_DNS_OVER_TLS_NO = 0,
NM_SETTING_CONNECTION_DNS_OVER_TLS_OPPORTUNISTIC = 1,
NM_SETTING_CONNECTION_DNS_OVER_TLS_YES = 2,
} NMSettingConnectionDnsOverTls;
typedef struct _NMSettingConnectionClass NMSettingConnectionClass;
GType nm_setting_connection_get_type(void);
@ -193,6 +212,8 @@ NM_AVAILABLE_IN_1_12
NMSettingConnectionMdns nm_setting_connection_get_mdns(NMSettingConnection *setting);
NM_AVAILABLE_IN_1_14
NMSettingConnectionLlmnr nm_setting_connection_get_llmnr(NMSettingConnection *setting);
NM_AVAILABLE_IN_1_34
NMSettingConnectionDnsOverTls nm_setting_connection_get_dns_over_tls(NMSettingConnection *setting);
NM_AVAILABLE_IN_1_20
gint32 nm_setting_connection_get_wait_device_timeout(NMSettingConnection *setting);

8
src/libnmc-setting/nm-meta-setting-desc.c
View file

@ -5473,6 +5473,14 @@ static const NMMetaPropertyInfo *const property_infos_CONNECTION[] = {
),
),
),
PROPERTY_INFO_WITH_DESC (NM_SETTING_CONNECTION_DNS_OVER_TLS,
.property_type = &_pt_gobject_enum,
.property_typ_data = DEFINE_PROPERTY_TYP_DATA (
PROPERTY_TYP_DATA_SUBTYPE (gobject_enum,
.get_gtype = nm_setting_connection_dns_over_tls_get_type,
),
),
),
PROPERTY_INFO_WITH_DESC (NM_SETTING_CONNECTION_MUD_URL,
.property_type = &_pt_gobject_string,
.hide_if_default = TRUE,

1
src/libnmc-setting/settings-docs.h.in
View file

@ -156,6 +156,7 @@
#define DESCRIBE_DOC_NM_SETTING_CONNECTION_AUTOCONNECT_PRIORITY N_("The autoconnect priority in range -999 to 999. If the connection is set to autoconnect, connections with higher priority will be preferred. The higher number means higher priority. Defaults to 0. Note that this property only matters if there are more than one candidate profile to select for autoconnect. In case of equal priority, the profile used most recently is chosen.")
#define DESCRIBE_DOC_NM_SETTING_CONNECTION_AUTOCONNECT_RETRIES N_("The number of times a connection should be tried when autoactivating before giving up. Zero means forever, -1 means the global default (4 times if not overridden). Setting this to 1 means to try activation only once before blocking autoconnect. Note that after a timeout, NetworkManager will try to autoconnect again.")
#define DESCRIBE_DOC_NM_SETTING_CONNECTION_AUTOCONNECT_SLAVES N_("Whether or not slaves of this connection should be automatically brought up when NetworkManager activates this connection. This only has a real effect for master connections. The properties \"autoconnect\", \"autoconnect-priority\" and \"autoconnect-retries\" are unrelated to this setting. The permitted values are: 0: leave slave connections untouched, 1: activate all the slave connections with this connection, -1: default. If -1 (default) is set, global connection.autoconnect-slaves is read to determine the real value. If it is default as well, this fallbacks to 0.")
#define DESCRIBE_DOC_NM_SETTING_CONNECTION_DNS_OVER_TLS N_("Whether DNSOverTls (dns-over-tls) is enabled for the connection. DNSOverTls is a technology which uses TLS to encrypt dns traffic. The permitted values are: \"yes\" (2) use DNSOverTls and disabled fallback, \"opportunistic\" (1) use DNSOverTls but allow fallback to unencrypted resolution, \"no\" (0) don't ever use DNSOverTls. If unspecified \"default\" depends on the plugin used. Systemd-resolved uses global setting. This feature requires a plugin which supports DNSOverTls. Otherwise, the setting has no effect. One such plugin is dns-systemd-resolved.")
#define DESCRIBE_DOC_NM_SETTING_CONNECTION_GATEWAY_PING_TIMEOUT N_("If greater than zero, delay success of IP addressing until either the timeout is reached, or an IP gateway replies to a ping.")
#define DESCRIBE_DOC_NM_SETTING_CONNECTION_ID N_("A human readable unique identifier for the connection, like \"Work Wi-Fi\" or \"T-Mobile 3G\".")
#define DESCRIBE_DOC_NM_SETTING_CONNECTION_INTERFACE_NAME N_("The name of the network interface this connection is bound to. If not set, then the connection can be attached to any interface of the appropriate type (subject to restrictions imposed by other settings). For software devices this specifies the name of the created device. For connection types where interface names cannot easily be made persistent (e.g. mobile broadband or USB Ethernet), this property should not be used. Setting this property restricts the interfaces a connection can be used with, and if interface names change or are reordered the connection may be applied to the wrong interface.")

2
src/nmcli/generate-docs-nm-settings-nmcli.xml.in
View file

@ -417,6 +417,8 @@
description="Whether mDNS is enabled for the connection. The permitted values are: &quot;yes&quot; (2) register hostname and resolving for the connection, &quot;no&quot; (0) disable mDNS for the interface, &quot;resolve&quot; (1) do not register hostname but allow resolving of mDNS host names and &quot;default&quot; (-1) to allow lookup of a global default in NetworkManager.conf. If unspecified, &quot;default&quot; ultimately depends on the DNS plugin (which for systemd-resolved currently means &quot;no&quot;). This feature requires a plugin which supports mDNS. Otherwise, the setting has no effect. One such plugin is dns-systemd-resolved." />
<property name="llmnr"
description="Whether Link-Local Multicast Name Resolution (LLMNR) is enabled for the connection. LLMNR is a protocol based on the Domain Name System (DNS) packet format that allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local link. The permitted values are: &quot;yes&quot; (2) register hostname and resolving for the connection, &quot;no&quot; (0) disable LLMNR for the interface, &quot;resolve&quot; (1) do not register hostname but allow resolving of LLMNR host names If unspecified, &quot;default&quot; ultimately depends on the DNS plugin (which for systemd-resolved currently means &quot;yes&quot;). This feature requires a plugin which supports LLMNR. Otherwise, the setting has no effect. One such plugin is dns-systemd-resolved." />
<property name="dns-over-tls"
description="Whether DNSOverTls (dns-over-tls) is enabled for the connection. DNSOverTls is a technology which uses TLS to encrypt dns traffic. The permitted values are: &quot;yes&quot; (2) use DNSOverTls and disabled fallback, &quot;opportunistic&quot; (1) use DNSOverTls but allow fallback to unencrypted resolution, &quot;no&quot; (0) don&apos;t ever use DNSOverTls. If unspecified &quot;default&quot; depends on the plugin used. Systemd-resolved uses global setting. This feature requires a plugin which supports DNSOverTls. Otherwise, the setting has no effect. One such plugin is dns-systemd-resolved." />
<property name="mud-url"
description="If configured, set to a Manufacturer Usage Description (MUD) URL that points to manufacturer-recommended network policies for IoT devices. It is transmitted as a DHCPv4 or DHCPv6 option. The value must be a valid URL starting with &quot;https://&quot;. The special value &quot;none&quot; is allowed to indicate that no MUD URL is used. If the per-profile value is unspecified (the default), a global connection default gets consulted. If still unspecified, the ultimate default is &quot;none&quot;." />
<property name="wait-device-timeout"

10
src/tests/client/test-client.check-on-disk/test_002.expected
View file

@ -502,12 +502,12 @@ NAME UUID TYPE DEVICE
con-1 5fcfd6d7-1e63-3332-8826-a7eda103792d ethernet --
<<<
size: 1266
size: 1319
location: src/tests/client/test-client.py:test_002()/23
cmd: $NMCLI c s con-1
lang: C
returncode: 0
stdout: 1138 bytes
stdout: 1191 bytes
>>>
connection.id: con-1
connection.uuid: 5fcfd6d7-1e63-3332-8826-a7eda103792d
@ -532,15 +532,16 @@ connection.metered: unknown
connection.lldp: default
connection.mdns: -1 (default)
connection.llmnr: -1 (default)
connection.dns-over-tls: -1 (default)
connection.wait-device-timeout: -1
<<<
size: 1278
size: 1331
location: src/tests/client/test-client.py:test_002()/24
cmd: $NMCLI c s con-1
lang: pl_PL.UTF-8
returncode: 0
stdout: 1140 bytes
stdout: 1193 bytes
>>>
connection.id: con-1
connection.uuid: 5fcfd6d7-1e63-3332-8826-a7eda103792d
@ -565,6 +566,7 @@ connection.metered: nieznane
connection.lldp: default
connection.mdns: -1 (default)
connection.llmnr: -1 (default)
connection.dns-over-tls: -1 (default)
connection.wait-device-timeout: -1
<<<

538
src/tests/client/test-client.check-on-disk/test_003.expected
View file

File diff suppressed because it is too large Load diff

678
src/tests/client/test-client.check-on-disk/test_004.expected
View file

File diff suppressed because it is too large Load diff