If the interface who's IP configuration is being captured has the default
route, then read DNS servers from resolv.conf into the NMIP[4|6]Config.
This allows NetworkManager to repopulate resolv.conf if anything changes.
For example, if the system does not define a persistent hostname, then
when a device which has generated a connection activates, a hostname
lookup will be performed. The results of that lookup may change resolv.conf,
and thus NetworkManager must rewrite resolv.conf. Without capturing
DNS information at startup when generating connections, an empty
resolv.conf would be written.
The router has no idea what the local configuration or user preferences are,
so sending routes with a prefix length of 0 is at best misinformed and at
worst breaks things. The kernel also ignores plen=0 routes in its in-kernel
RA processing code in net/ipv6/ndisc.c.
https://bugzilla.redhat.com/show_bug.cgi?id=1029213
When activating a team slave and 'teamd' binary is not installed, the
priv->state of master device will be NM_DEVICE_STATE_FAILED, which is greater
than NM_DEVICE_STATE_ACTIVATED.
<info> Activation (nm-team) Stage 1 of 5 (Device Prepare) started...
<warn> Activation (nm-team) to start teamd: not found
<info> (nm-team): device state change: prepare -> failed (reason 'none') [40 120 0]
...
<debug> master_state_cb(): (0x81d6968): master ActiveConnection [0x91d69d0] 'team0' failed
<info> (eth1): device state change: config -> failed (reason 'dependency-failed') [50 120 50]
...
<debug> slave_state_changed(): (nm-team): slave eth1 state change 50 (config) -> 120 (failed)
--- ASSERTION ---
Set accept_ra and use_tempaddr to "0" when managing a device (and
restore them to their original values after unmanaging it) to ensure
that calling nm_device_bring_up() on a managed device won't ever cause
kernel IPv6 autoconf to happen. Remove some other redundant accept_ra
setting.
Fix up the deconfigure case of dispose() to clear the device's IP6
config as well as its IP4 config.
https://bugzilla.gnome.org/show_bug.cgi?id=700414
update_accept_ra_path() and update_ip6_privacy_save() were freeing
their path variables if they failed to read the existing values, but
if this ever actually happened it would cause problems later since
other code assumed that the variables were always set. Use
"priv->ip6_accept_ra_save = -1", etc, instead to indicate that the
value couldn't be read (and so shouldn't be restored later).
Merge the accept_ra and use_tempaddr code save/restore code together,
since they're always called together.
Fix the accept_ra-restoring code to correctly handle an original value
of "2".
Call update_ip6_properties_paths() from nm_device_set_ip_iface()
rather than act_stage3_ip6_config_start(), since set_ip_iface() is
when the paths actually change. Also, split the default-value-saving
code out into a separate function, since we only care about doing that
at construct time; if the IP6 property paths change later (because
iface != ip_iface), then we don't need to save and restore the values
on the ip_iface, since the interface will go away when we're done with
it.
https://bugzilla.gnome.org/show_bug.cgi?id=700414
Rename ip6_privacy_tempaddr_path and ip6_privacy_tempaddr_save to
ip6_use_tempaddr_*, to match the sysctls, for consistency with the
accept_ra variables.
We used to call nm_device_deactivate() when moving a device from
UNMANAGED to UNAVAILABLE (unless we were assuming the existing
connection), but this got lost when default-unmanaged was added. Fix
it to do this again, so the device will be in a known-clean state when
it is activated.
It is useful to bind the loopack connection to the loopback interface,
and it also allows activating it.
$ nmcli con up lo
Else "Error: no device found for connection 'lo'" is returned, because
connection_compatible() in libnm-glib/nm-device-generic.c wants the
connection to have an interface-name set.
These are (most likely) only warnings and not severe bugs.
Some of these changes are mostly made to get a clean run of
Coverity without any warnings.
Error found by running Coverity scan
https://bugzilla.redhat.com/show_bug.cgi?id=1025894
Co-Authored-By: Jiří Klimeš <jklimes@redhat.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
wifi_utils_get_qual returns -1 on error. Keeping it in an unsigned
variable is a bug.
Error found by running Coverity
https://bugzilla.redhat.com/show_bug.cgi?id=1025894
Signed-off-by: Thomas Haller <thaller@redhat.com>
Assumed connections shouldn't require touching the device, and the
device should was already set IFF_UP during stage2 (which is
skipped for assumed connections). Instead, what the code was really
trying to do, was to ensure tha the IP interface the device was
going to use was up.
The only cases where the IP interface might *not* be up after stage2
is where the IP interface is different than the device's interface,
like for Bluetooth, ADSL, WWAN, and PPPoE. Move the call to
nm_platform_link_set_up() into nm_device_set_ip_iface() which all
those device types will call.
Thus, only the device types that really need to up their IP interface
will do so, but other devices (including when activating assumed
connections) that don't need to do this, won't do it.
If the device has no IP configuration, is not a slave, and is not
a master, there's no point in generating a connection for it and
assuming that connection.
Fixes a problem where tun devices created by vpnc would be activated
with an empty assumed connection before NetworkManager could assign
the VPN IP config to it, and since IPv6 link-local timed out, the tun
device would be deactivated and VPN would be useless.
Assumed slave connections need to be added to their master devices,
which didn't used to happen because the devices activating assumed
connections jumped directly to stage3, bypassing all the master/slave
handling stuff.
Instead, make all assumed connections go through all activation stages,
but make sure that things which touch the device don't get done for
assumed connections. This requires moving the master/slave code out
of the override-able class methods because we need to call the
master/slave code for assumed connections, but we don't want to call
the override-able class activation methods.
If the device has a valid generated connection, it's already applied
and the device is already "activated" outside NM, so let activation
happen inside NM regardless of whether the device is available or not
according to NM.
teamd_cleanup() might get called multiple times, and since the rest
of the function is safe against multi-calls, make priv->tdc safe
against being called again too.
rh #1025371 reports a crash in handle_ip_config_timeout() because
nm_device_wifi_get_activation_ap() did not return any access point.
The handling of the AP in nm-device-wifi.c should be reworked and soon
will be fixed. For now, play it safe, and try to cope with any cases
where nm_device_wifi_get_activation_ap() might return NULL.
Later, this patch should be reverted and handling of the AP properly
cleaned up.
https://bugzilla.redhat.com/show_bug.cgi?id=1025371
Signed-off-by: Thomas Haller <thaller@redhat.com>
With the methods 'auto' and 'link-local' we check now, that the device
has a usable IPv6 LL address configured (after DAD, no longer tentative).
We wait for up to 5 seconds, for a suitable LL address to appear.
Currently, if the address does not get ready, we don't create one and
IPv6 configuration fails.
This is relevant for the methods 'link-local' and 'auto'. In the latter
case, because we cannot send router solitations without link local
address.
https://bugzilla.gnome.org/show_bug.cgi?id=707155
Signed-off-by: Thomas Haller <thaller@redhat.com>
In act_stage3_ip6_config_start, for IPv6 mode link-local, we check
if there is already an IPv6 address configured. If yes, we are
already done.
For now, as current workaround, if the LL does not exist, we
NM_ACT_STAGE_RETURN_STOP.
Later, we will POSTPONE and wait a timeout until we see a LL address
that is no longer TENTATIVE. The same should be done for method auto,
so that the device is usable to send router solitations (bgo#707155).
https://bugzilla.gnome.org/show_bug.cgi?id=707155https://bugzilla.gnome.org/show_bug.cgi?id=706618
Signed-off-by: Thomas Haller <thaller@redhat.com>
Master devices depend on their slaves/ports for carrier status, so the
carrier can't factor into whether a connection is available on that
device or not. If it did, then no connections could be activated
because the device doesn't have a carrier until slaves are attached.
Previously, ignore-carrier devices were always in the unavailable state
until they were activated. This required some complicated code to keep
track of whether the device was available or not based on what connections
existed, whether those connections were static-IP, and whether the device
was ignore-carrier. Various bits of the code used nm_device_can_activate()
for two different purposes: (1) to determine if the device was available
on an L2 basis, which nm_device_can_activate() wasn't well-suited to, and
(2) whether a specific connection could be activated at a given time
based on ignore-carrier and whether the connection was static IP or not.
Remove that complexity and confusion by making ignore-carrier devices
always move to DISCONNECTED state, and simply refuse to activate
connections that require connectivity, but allow connections that don't
require connectivity. Also, when the device has no carrier, don't
add connections that require connectivity to the AvailableConnections
device property.
Use the new kernel physical_port_id interface property to recognize
when two devices are just virtual devices sharing the same physical
port, and refuse to bond/team multiple slaves on the same port.
If nm_device_enslave_slave() failed, the slave would log that it was
waiting for the master to activate (even if the master was already
active). Fix it to log an error and fail its activation instead.
When ActiveConnections take over authentication, it may mean that the
master active connection is still handling authentication when the
slave starts to activate. Thus the master device may still be in
DISCONNECTED state and not ready to enslave the slave.
We need to track the master active connection, since it may require authentication
or other operations to complete before the device actually starts activating.
