This was causing test_nml_dbus_meta() unit test to fail and also it was
affecting the notification when the object changed.
Fixes: 5426bdf4a1 ('HSR: add support to HSR/PRP interface')
This patch add support to IPVLAN interface. IPVLAN is a driver for a
virtual network device that can be used in container environment to
access the host network. IPVLAN exposes a single MAC address to the
external network regardless the number of IPVLAN device created inside
the host network. This means that a user can have multiple IPVLAN
devices in multiple containers and the corresponding switch reads a
single MAC address. IPVLAN driver is useful when the local switch
imposes constraints on the total number of MAC addresses that it can
manage.
The setting was missing from the script. The patch is adding it and also
regenerates the docs.
Fixes: 5426bdf4a1 ('HSR: add support to HSR/PRP interface')
The HSR DBus metadata was defined properly but not exported on the libnm
library properly. This was causing that clients were not showing the HSR
devices.
Fixes: 5426bdf4a1 ('HSR: add support to HSR/PRP interface')
The "StartLimitIntervalSec" and "StartLimitBurst" directives should be
in the [Unit] section instead of the [Service] one.
Fixes: 927cff9f17 ('cloud-setup: allow bigger restart bursts')
When using the netdev datapath, we wait for the link to appear in
different steps:
1. initially, in act_stage3_ip_config() connects to platform's
"link-changed" signal to detect when the TUN interface appears;
2. when the interface appears, _netdev_tun_link_cb() schedules
_set_ip_ifindex_tun() in a idle handler;
3. _set_ip_ifindex_tun() checks if the link is ready (e.g. if the MAC
address is correct) and in that case it reschedules stage3, which
will move forward with the activation;
4. if the link is not ready in _set_ip_ifindex_tun(), the function
connects again to platform's "link-changed" signal to react to link
changes;
5. after the link changes and it is ready, _netdev_tun_link_cb()
reschedules stage3, which moves forward with the activation;
With the current implementation it is possible that after step 2, if
act_stage3_ip_config() runs because it was already scheduled, it
registers again to the "link-changed" event; then when
_set_ip_ifindex_tun() is invoked it will hit assertion:
nm_assert(!priv->wait_link.tun_link_signal_id);
Fix this by preventing that the signal gets registered again after
step 2.
Fixes-test: @ovs_datapath_type_netdev_with_cloned_mac
Fixes: acf485196c ('ovs-interface: wait that the cloned MAC changes instead of setting it')
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2024
The string array returned by nm_l3_config_data_get_searches() is not
NULL-terminated; we need to pass the exact length to
nm_utils_buf_utf8safe_escape_strv() instead of letting the function
scan for the NULL terminator.
Fix the following error reported by valgrind:
Conditional jump or move depends on uninitialised value(s)
at 0x4B287DB: g_strv_length (gstrfuncs.c:2948)
by 0x6EBDBE: nm_utils_buf_utf8safe_escape_strv (nm-shared-utils.c:3047)
by 0x59A3F1: get_property_ip (nm-ip-config.c:198)
by 0x4A6E150: UnknownInlinedFun (gobject.c:2140)
by 0x4A6E150: g_object_get_property (gobject.c:3454)
by 0x56FB1A: nm_dbus_utils_get_property (nm-dbus-utils.c:95)
by 0x44B343: _obj_get_property (nm-dbus-manager.c:880)
by 0x44DC4F: _nm_dbus_manager_obj_notify (nm-dbus-manager.c:1201)
by 0x56EE77: dispatch_properties_changed (nm-dbus-object.c:253)
by 0x4A5BF1E: g_object_notify_queue_thaw.lto_priv.0 (gobject.c:755)
by 0x5997BD: _handle_l3cd_changed (nm-ip-config.c:837)
by 0x59A129: _l3cfg_notify_cb (nm-ip-config.c:147)
by 0x4A5B649: g_closure_invoke (gclosure.c:834)
Fixes: 522a7d6baf ('nm-ip-config: escape searches when exposing to dbus')
Previously, when a connection was configured with search domains
that contained non-ASCII characters, GLib would try to parse the
search name as UTF-8, and an assertion would fail (which meant
that if NM was running with fatal assertions, it would crash).
Expose the search domains only as an escaped string to avoid this.
Previously, the "edit" or "delete" buttons were clickable even
if there were no available connections, which was not expected
and caused an assertion to fail when clicked. This is because
the connections list could contain connections that were later
filtered out and not displayed in the final list, but the check
did not take this into account.
Make it so that the buttons are clickable only if we *actually*
have any available connections to edit or delete.
Fixes: 3bda3fb60c ('nmtui: initial import of nmtui')
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1991
When a connection with ipv4.method=auto (DHCP) is configured with
ipv4.link-local=enable we were leaving the link-local address forever,
but this is not correct according to RFC3927[1] which says:
a host SHOULD NOT have both an operable routable address and an IPv4
Link-Local address configured on the same interface.
This adds a new mode that is more compliant, which only sets an IPv4
link-local address if no other address is set (through either DHCP lease
or ivp4.addresses setting)
Closes#1562
Link: https://github.com/systemd/systemd/issues/13316
Link: https://datatracker.ietf.org/doc/html/rfc3927#section-1.9 [1]
Add a new l3cfg DatFlag to specify that a given l3cd has a
non-link-local IPv4 set.
This will be used to enable or disable IPv4LL automatically in fallback
mode.
Move the static _ip4_address_is_link_local() check to a new global
nm_platform_ip4_address_is_link_local() helper so we can check if
an IPv4 is link local in other files
When lease is lost we would keep the DHCP state to READY, but we are
trying to get a new lease at this point so it is closer to PENDING.
Note this does not change how the device is displayed in `nmcli device`,
a connection with an expired lease is still displayed as `connected`.
When handling event TIMEOUT, "acd_data->probing_timeout_msec" needs to
be always initialized before jumping to "handle_start_probing:";
otherwise, an assertion failure is triggered at:
static void
_l3_acd_data_timeout_schedule_probing_restart(AcdData *acd_data, gint64 now_msec)
{
...
nm_assert(acd_data->probing_timeout_msec > 0);
Even if the ACD data is already in state PROBE, that doesn't mean that
the timeout is already initialized because the PROBE state can also be
reached from a INSTANCE_RESET event; and depending on the previous
state "acd_data->probing_timeout_msec" could be uninitialized.
Fixes-test: @iptunnel_restart
Fixes: b8f9d7b5dd ('l3cfg: rework ACD handling in NML3Cfg to support handling conflicts')
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2023
The code handling options with supposes, that options
are split by `=`, which is not the case. This fixes the following:
```
nmcli -f ipv4.ad\t\t
nmcli -f ipv4.ad=ipv4.addresses
nmcli --field ipv4.ad\t\t
nmcli --field ipv4.ad=ipv4.addresses
```
Using options with values separated with `=` remains broken,
but this change doesn't affect it:
```
nmcli --field=ipv4.ad\t\t
nmcli --field=ipv4.ad
```
Also, `man` and `usage` uses `--color auto|yes|no`,
not `--color=auto|yes|no`. So, this fix should be sufficient.
Bug report:
https://bugzilla.redhat.com/show_bug.cgi?id=2115827
Managed type = managed is a bit unclear, because all managed types are
for devices that are managed, but with different levels. Managed type =
managed could be interpreted as other types are unmanaged. Change it to
managed type = full.
The primary address is that placed at position 0 of all the IP Addresses
of the interface. Sometimes we put it in a different position in the
ipv4s array because we insert them in the order we receive, but it might
happen that the HTTP responses comes back in wrong order.
In order to solve this, we pass the index of the IPv4 address to the
callback and the address is added in the right position directly.
Co-authored-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
On daemon startup, we may end up enqueueing many nm-cloud-setup.service
restarts in very a short time. That is perfectly fine, just bump the
thresholds so that systemd doesn't get in the way too quickly.
100 requests in 1 seconds seem like a fair choice -- little bit on the
conservative side, yet still giving the service manager some room to
interfere on a chance things really go awry.
https://issues.redhat.com/browse/RHEL-49694
Don't enforce IP cleanup when devices are in deactivating state, to
make sure that network connection is still available for pre-down
dispatcher phase.
Fixes ac4e63ddda ('ip: support dhcp-send-release in NMSettingIpConfig')
https://bugzilla.suse.com/show_bug.cgi?id=1228154
Attempt to tab-complete a property from a setting which does not exist
results in an assertion failure:
nmcli > set lala.lala<TAB>
(process:597363): nm-CRITICAL **: 16:30:21.642: nm_meta_setting_info_editor_find_by_name: assertion 'setting_name' failed
Thread 1 "nmcli" received signal SIGTRAP, Trace/breakpoint trap.
0x00007ffff780dc28 in g_logv () from /lib64/libglib-2.0.so.0
(gdb) bt
#0 0x00007ffff780dc28 in g_logv () at /lib64/libglib-2.0.so.0
#1 0x00007ffff780dea3 in g_log () at /lib64/libglib-2.0.so.0
#2 0x000000000044a2c2 in nm_meta_setting_info_editor_find_by_name (setting_name=<optimized out>, use_alias=use_alias@entry=0)
at src/libnmc-setting/nm-meta-setting-access.c:35
#3 0x000000000042eb07 in get_setting_and_property (prompt=<optimized out>, line=<optimized out>, setting_out=0x7fffffffcf10, property_out=0x7fffffffcf18)
at src/nmcli/connections.c:6639
#4 0x000000000042ec38 in get_allowed_property_values (out_to_free=out_to_free@entry=0x7fffffffcf50) at src/nmcli/connections.c:6711
#5 0x000000000042ed8c in should_complete_property_values (prompt=prompt@entry=0x5befb0 "nmcli 802-1x.pac-file> ", line=line@entry=0x0, multi=multi@entry=0x7fffffffcfe4)
at src/nmcli/connections.c:6735
#6 0x000000000042f5d8 in nmcli_editor_tab_completion (text=0x5bef90 "lala", start=<optimized out>, end=13) at src/nmcli/connections.c:6899
#7 0x00007ffff776dcdc in gen_completion_matches () at /lib64/libreadline.so.8
...
Do not proceed resolving the setting name if it does not pass
check_valid_name().
In case the user selects a setting/property with "goto" command, and
then attempts to tab-complete a setting/property pair, the original sett
and prop strings are overriden without freeing:
nmcli > goto 802-1x.pac-file
nmcli 802-1x.pac-file> set 802-1.lal<TAB>
Fixes: 79bc271685 ('cli: TAB-completion for enum-style property values (rh #1034126)')
Currently if the system hostname can't be determined, NetworkManager
only retries when something changes: a new address is added, the DHCP
lease changes, etc.
However, it might happen that the current failure in looking up the
hostname is caused by an external factor, like a temporary outage of
the DNS server.
Add a mechanism to retry the resolution with an increasing timeout.
https://issues.redhat.com/browse/RHEL-17972
If the socket's RX buffer is full it's probably because other
process is doing lot of changes very quickly, faster than we
can process them. Let's give the writer a small time to finish:
1. Avoid contending the kernel's RTNL lock, so we don't make
the whole situation even worse and it can finish earlier.
2. Avoid having to resync again and again due to trying to
resync while the writer is still doing quick changes, so
we are unable to catch up yet.
This won't help if this situation takes a long time or is
continuous, but that's unlikely to happen, and if it does,
it's the writer's fault for starving the whole system.
There is no need to progresively increase the backoff time
for the same reason: if this situation takes lot of time,
it's the writer's fault. It's neither a good idea because the whole NM
process will end being sleeping long times, not doing anything at all,
without being able to react when the Netlink messages burst stops.
Add a function to compare two arrays of NMPlatformBridgeVlan. It will
be used in the next commit to compare the VLANs from platform to the
ones we want to set.
To compare in a performant way, the vlans need to be normalized (no
duplicated VLANS, ranges into their minimal expression...). Add the
function nmp_utils_bridge_vlan_normalize.
Co-authored-by: Íñigo Huguet <ihuguet@redhat.com>
For now, always reapply the VLANs unconditionally, even if they didn't
change in kernel.
To set again the VLANs on the port we need to clear all the existing
one before. However, this deletes also the VLAN for the default-pvid
on the bridge. Therefore, we need some additional logic to inject the
default-pvid in the list of VLANs.
Co-authored-by: Íñigo Huguet <ihuguet@redhat.com>
Currently, nm_platform_link_set_bridge_vlans() accepts an array of
pointers to vlan objects; to avoid multiple allocations,
setting_vlans_to_platform() creates the array by piggybacking the
actual data after the pointers array.
In the next commits, the array will need to be manipulated and
extended, which is difficult with the current structure. Instead, pass
separately an array of objects and its size.
During nm_lldp_neighbor_parse(), the NMLldpNeighbor is not yet added to
the NMLldpRX instance. Consequently, n->lldp_rx is NULL.
Note how we use lldp_x for logging, because we need it for the context
for which interface the logging statement is.
Thus, those debug logging statements will follow a NULL pointer and lead
to a crash.
Fixes: 630de288d2 ('lldp: add libnm-lldp as fork of systemd's sd_lldp_rx')
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1550
As part of the conscious language effort we must provide an alternative
option to configure autoconnect-ports system-wide on NetworkManager
configuration file.
The in_buffer is initialized with a NULL buffer. If we never receive and
data, the buffer might still be NULL.
Maybe it actually can never happen, but it's not clear that this is
always the case. To be sure, ensure we don't return a NULL buffer on
success.
As part of the conscious language efforts we are not writing offensive
terms into keyfiles anymore. This won't break users upgrading as we
still read such values if they are present into the keyfile.
For existing profiles, NetworkManager will remove the offensive terms
when editing the keyfile.
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2009
In case the platform fails dumping a specific route protocol, retry
multiple times. If all attempts fail, emit a warning and proceed as
there is nothing more to do.
