The setting's verify() function already checks that the s390 options
are not empty and no longer than 200. Asserting for that is a major
annoyance, because callers need to reimplement that check.
The "from" part is like a key for the egress/ingress priority map.
Extend nm_setting_vlan_remove_priority_str_by_value() to accept only the
"from" part when finding and deleting value. This allows for:
$ nmcli connection modify "$PROFILE" -vlan.ingress-priority-map '4:'
$ nmcli connection modify "$PROFILE" -vlan.ingress-priority-map '4:*'
to fuzzy match the value to remove.
The same code is used by nmcli. Obviously, clients also need to
parse string representations.
That begs the question whether this should be public API of libnm.
Maybe, but don't decide that now, just reuse the code internally via
"shared/nm-libnm-core-utils.h".
We have code in "shared/nm-utils" which are general purpose
helpers, independent of "libnm", "libnm-core", "clients" and "src".
We have shared code like "shared/nm-ethtool-utils.h" and
"shared/nm-meta-setting.h", which is statically linked, shared
code that contains libnm related helpers. But these helpers already
have a specific use (e.g. they are related to ethtool or NMSetting
metadata).
Add a general purpose helper that:
- depends (and extends) libnm-core
- contains unrelated helpers
- can be shared (meaning it will be statically linked).
- this code can be used by any library user of "libnm.so"
(nmcli, nm-applet) and by "libnm-core" itself. Thus, "src/"
and "libnm/" may also use this code indirectly, via "libnm-core/".
- avoid the memory allocations by not using g_strsplit().
- add a helper function priority_map_parse_str(). This will
be used later, to avoid allocating a NMVlanQosMapping
result, when we don't need it on the heap.
- for the priority mappings, the "from" part is the key and must
be unique. As such, it would make sense to say
$ nmcli connection modify "$PROFILE" -vlan.ingress-priority-map '1:*'
or
$ nmcli connection modify "$PROFILE" -vlan.ingress-priority-map '1:'
to delete any mapping for that priority, regardless of the "to" part.
Add an option to leave the "to" part unspecified. This will be used
later.
- use nm_auto_decref_json for "json_value" to indicate ownership
transfer.
- don't reuse variable json_element and json_link to construct
watchers list. It's confusing. In general, use different variables
for different purposes.
_nm_utils_team_config_get() determines the type based on the JSON content.
Hence, the caller must validate that the returned GValue is of the expected
type, or it will trigger an assertion/crash.
Use nm_auto*, it's almost always harder to get wrong, because
ownership (and lifetime management of a variable, and what it points
to) is more clearly expressed.
This removes libnm-glib, libnm-glib-vpn, and libnm-util for good.
The it has been replaced with libnm since NetworkManager 1.0, disabled
by default since 1.12 and no up-to-date distributions ship it for years
now.
Removing the libraries allows us to:
* Remove the horrible hacks that were in place to deal with accidental use
of both the new and old library in a single process.
* Relief the translators of maintenance burden of similar yet different
strings.
* Get rid of known bad code without chances of ever getting fixed
(libnm-glib/nm-object.c and libnm-glib/nm-object-cache.c)
* Generally lower the footprint of the releases and our workspace
If there are some really really legacy users; they can just build
libnm-glib and friends from the NetworkManager-1.16 distribution. The
D-Bus API is stable and old libnm-glib will keep working forever.
https://github.com/NetworkManager/NetworkManager/pull/308
The device type was set to the GType rather than a new value in the
NMDeviceType enum.
Add the corresponding enum entry, fix the device type and set the
routing priority to the same value as generic devices.
A NetworkManager client requires an API to validate and decode
a base64 secret -- like it is used by WireGuard. If we don't have
this as part of the API, it's inconvenient. Expose it.
Rename it from _nm_utils_wireguard_decode_key(), to give it a more
general name.
Also, rename _nm_utils_wireguard_normalize_key() to
nm_utils_base64secret_normalize(). But this one we keep as internal
API. The user will care more about validating and decoding the base64
key. To convert the key back to base64, we don't need a public API in
libnm.
This is another ABI change since 1.16-rc1.
According to documentation, this returns a boolean indicating whether
the value is valid. Previously, it was indicating whether the instance
was modified.
Together with the @accept_invalid argument, both behaviors make some
sense. Change it, because that is also how the other setters behave.
This is an API break since 1.16-rc1.
The functions like _nm_utils_wireguard_decode_key() are internal API
and not accessible to a libnm user. Maybe this should be public API,
but for now it is not.
That makes it cumbersome for a client to validate the setting. The client
could only reimplement the validation (bad) or go ahead and set invalid
value.
When setting an invalid value, the user can afterwards detect it via
nm_wireguard_peer_is_valid(), but at that point, it's not clear which
exact property is invalid.
First I wanted to keep the API conservative and not promissing too much.
For example, not promising to do any validation when setting the key.
However, libnm indeed validates the key at the time of setting it
instead of doing lazy validation later. This makes sense, so we can
keep this promise and just expose the validation result to the caller.
Another downside of this is that the API just got more complicated.
But it not provides a validation API, that we previously did not have.
- For PSK, an all-zero PSK means to don't do symmetric encryption. As such,
at first it seems a bit odd when the user sets
- preshared-key-flags != "4 (not-required)"
- preshared-key = AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
Here the user indicates that a PSK is required, but then provides an
all-zero PSK that effectively disables it. Still, we should not reject
such a configuration. This has the benefit that it allos the user for
being prompted for a PSK, only to disable it by entering the all-zero key.
- For the private-key (and consequently the public-key), "public-key-flags=4"
is rejected by libnm. A private key is always required for NetworkManager to
configure the link. However, let's not care for all-zero keys either. If the user
configures that, we just set that key. It's a valid setting as far as WireGuard
(the kernel module) is concerned, so we shouldn't reject it.
The defaults for test timeouts in meson is 30 seconds. That is not long
enough when running
$ NMTST_USE_VALGRIND=1 ninja -C build test
Note that meson supports --timeout-multiplier, and automatically
increases the timeout when running under valgrind. However, meson
does not understand that we are running tests under valgrind via
NMTST_USE_VALGRIND=1 environment variable.
Timeouts are really not expected to be reached and are a mean of last
resort. Hence, increasing the timeout to a large value is likely to
have no effect or to fix test failures where the timeout was too rigid.
It's unlikely that the test indeed hangs and the increase of timeout
causes a unnecessary increase of waittime before aborting.
libnm exposes simplified variants of hexstr2bin in its public API. I
think that was a mistake, because libnm should provide NetworkManager
specific utils. It should not provide such string functions.
However, nmcli used to need this, so it was added to libnm.
The better approach is to add it to our internally shared static
library, so that all interested components can make use of it.
For now only add the core settings, no peers' data.
To support peers and the allowed-ips of the peers is more complicated
and will be done later. It's more complicated because these are nested
lists (allowed-ips) inside a list (peers). That is quite unusual and to
conveniently support that in D-Bus API, in keyfile format, in libnm,
and nmcli, is a effort.
Also, it's further complicated by the fact that each peer has a secret (the
preshared-key). Thus we probably need secret flags for each peer, which
is a novelty as well (until now we require a fixed set of secrets per
profile that is well known).
This is a protocol specific extension to Wi-Fi frames which need to be
set in certain conditions. The P2P device will use this to update the
corresponding wpa_supplicant property.
NMSockAddrEndpoint is an immutable structure that contains the endpoint
string of a service. It also includes the (naive) parsing of the host and
port/service parts.
This will be used for the endpoint of WireGuard's peers. But since endpoints
are not something specific to WireGuard, give it a general name (and
purpose) independent from WireGuard.
Essentially, this structure takes a string in a manner that libnm
understands, and uses it for node and service arguments for
getaddrinfo().
NMSockAddrEndpoint allows to have endpoints that are not parsable into
a host and port part. That is useful because our settings need to be
able to hold invalid values. That is for forward compatibility (server
sends a new endpoint format) and for better error handling (have
invalid settings that can be constructed without loss, but fail later
during the NMSetting:verify() step).
Yes, C has a preprocessor and nm_streq() currently is a macro.
Still, macros should very much behave like regular functions.
For example, no unexpected side-effects aside what a regular function
would have, evaluating all arguments exactly once, or no side-effects
w.r.t. the order in which arguments are evaluated.
In some cases, we deviate from that for good reasons. For example
NM_IN_SET() may not evaluate all arguments. _LOGD() may not evaluate
any arguments, and NM_UTILS_LOOKUP_STR_DEFINE() is not a function-like
macro at all.
Still, that is not the case here. We avoid to misuse macros to write
code that does not look like C.
Using strtol() correctly proves to be hard.
Usually, we want to also check that the end pointer is points to the end
of the string. Othewise, we silently accept trailing garbage.
