From d0f275e7f51cf8b7a78f56cc547a0c0ee270b387 Mon Sep 17 00:00:00 2001 From: Beniamino Galvani Date: Wed, 13 May 2020 10:09:43 +0200 Subject: [PATCH 1/2] libnm-core: add _nm_ip_tunnel_mode_is_layer2() (cherry picked from commit 48c93b3bba928b594a5e5dec6b51382fcff97701) (cherry picked from commit 5d2f2a65493401e4d793890a22ebe7731d2f88f9) --- libnm-core/nm-core-internal.h | 5 +++++ libnm-core/nm-setting-ip-tunnel.c | 12 +++++++++--- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/libnm-core/nm-core-internal.h b/libnm-core/nm-core-internal.h index b7222df20a..2bb18c6fd8 100644 --- a/libnm-core/nm-core-internal.h +++ b/libnm-core/nm-core-internal.h @@ -901,4 +901,9 @@ gboolean _nmtst_variant_attribute_spec_assert_sorted (const NMVariantAttributeSp const NMVariantAttributeSpec *_nm_variant_attribute_spec_find_binary_search (const NMVariantAttributeSpec *const*array, gsize len, const char *name); + +/*****************************************************************************/ + +gboolean _nm_ip_tunnel_mode_is_layer2 (NMIPTunnelMode mode); + #endif diff --git a/libnm-core/nm-setting-ip-tunnel.c b/libnm-core/nm-setting-ip-tunnel.c index ae1df194fe..3ff531dbb6 100644 --- a/libnm-core/nm-setting-ip-tunnel.c +++ b/libnm-core/nm-setting-ip-tunnel.c @@ -291,6 +291,14 @@ nm_setting_ip_tunnel_get_flags (NMSettingIPTunnel *setting) /*****************************************************************************/ +gboolean +_nm_ip_tunnel_mode_is_layer2 (NMIPTunnelMode mode) +{ + return NM_IN_SET (mode, + NM_IP_TUNNEL_MODE_GRETAP, + NM_IP_TUNNEL_MODE_IP6GRETAP); +} + static gboolean verify (NMSetting *setting, NMConnection *connection, GError **error) { @@ -444,9 +452,7 @@ verify (NMSetting *setting, NMConnection *connection, GError **error) } if ( nm_connection_get_setting_wired (connection) - && !NM_IN_SET (priv->mode, - NM_IP_TUNNEL_MODE_GRETAP, - NM_IP_TUNNEL_MODE_IP6GRETAP)) { + && !_nm_ip_tunnel_mode_is_layer2 (priv->mode)) { g_set_error (error, NM_CONNECTION_ERROR, NM_CONNECTION_ERROR_INVALID_PROPERTY, From d69d92c658eb0ca21f789c131b73dd2508570653 Mon Sep 17 00:00:00 2001 From: Beniamino Galvani Date: Wed, 13 May 2020 10:10:13 +0200 Subject: [PATCH 2/2] ip-tunnel: set cloned-mac-address only for layer2 tunnel devices For ip-tunnel modes that encapsulate layer2 packets (gretap and ip6gretap) we allow the presence of an ethernet setting in the connection and honor the cloned-mac-address specified in it. For all other modes, the ethernet setting is removed during normalization, but a value different from 'preserve' could be set via global default. The kernel doesn't allow setting a MAC for layer3 devices, don't do it. (cherry picked from commit 0494a84878e696baccbf3b1d16089b92cb7c7835) (cherry picked from commit 78ed14166c04006aaa0e15a2930066ff212f088b) --- src/devices/nm-device-ip-tunnel.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/src/devices/nm-device-ip-tunnel.c b/src/devices/nm-device-ip-tunnel.c index 0becb5e568..6b4a8ea980 100644 --- a/src/devices/nm-device-ip-tunnel.c +++ b/src/devices/nm-device-ip-tunnel.c @@ -890,6 +890,23 @@ can_reapply_change (NMDevice *device, error); } +static NMActStageReturn +act_stage1_prepare (NMDevice *device, NMDeviceStateReason *out_failure_reason) +{ + NMDeviceIPTunnel *self = NM_DEVICE_IP_TUNNEL (device); + NMDeviceIPTunnelPrivate *priv = NM_DEVICE_IP_TUNNEL_GET_PRIVATE (self); + + if ( _nm_ip_tunnel_mode_is_layer2 (priv->mode) + && !nm_device_hw_addr_set_cloned (device, + nm_device_get_applied_connection (device), + FALSE)) { + *out_failure_reason = NM_DEVICE_STATE_REASON_CONFIG_FAILED; + return NM_ACT_STAGE_RETURN_FAILURE; + } + + return NM_ACT_STAGE_RETURN_SUCCESS; +} + /*****************************************************************************/ static void @@ -1039,7 +1056,8 @@ nm_device_ip_tunnel_class_init (NMDeviceIPTunnelClass *klass) NM_LINK_TYPE_IPIP, NM_LINK_TYPE_SIT); - device_class->act_stage1_prepare_set_hwaddr_ethernet = TRUE; + + device_class->act_stage1_prepare = act_stage1_prepare; device_class->link_changed = link_changed; device_class->can_reapply_change = can_reapply_change; device_class->complete_connection = complete_connection;