The change to per-domain log levels means that when setting just the
level, we need to re-set the log level for each domain (since it's the
"logging" bit array that actually determines what gets logged).
nm_logging_setup() was dealing correctly with domains=NULL, but not
domains="" (which is what happens when it is invoked with only a level
via D-Bus), so doing "nmcli gen log level DEBUG" would change the
"default" log level, but leave all of the domains still at their
previous level:
danw@laptop:NetworkManager> nmcli g log
LEVEL DOMAINS
INFO PLATFORM,RFKILL,ETHER,WIFI,BT,MB,DHCP4,DHCP6,PPP,IP4,IP6...
danw@laptop:NetworkManager> nmcli g log level DEBUG
danw@laptop:NetworkManager> nmcli g log
LEVEL DOMAINS
DEBUG PLATFORM:INFO,RFKILL:INFO,ETHER:INFO,WIFI:INFO,BT:INFO...
The sysctl values in the kernel (for those values for which
nm_platform_sysctl_get_uint() is currently used) are defined as s32.
Change nm_platform_sysctl_get_uint() to nm_platform_sysctl_get_int32()
and ensure, that a matching integer type is used thoroughly.
Signed-off-by: Thomas Haller <thaller@redhat.com>
Some ISP's provide leases from central servers that are on different
subnets that the address offered. If the host does not configure the
interface as the default route, the dhcp server may not be reachable
via unicast, and a host specific route is needed.
https://bugzilla.gnome.org/show_bug.cgi?id=721767https://bugzilla.redhat.com/show_bug.cgi?id=983325
Signed-off-by: Thomas Haller <thaller@redhat.com>
Follow RFC 3442 to set network prefix based on address class.
However, still uses host routing if the target address is not a
network address (ie host part not zero).
https://bugzilla.gnome.org/show_bug.cgi?id=721771
Signed-off-by: Thomas Haller <thaller@redhat.com>
Similar to "core: respect connection user permissions for activation/deactivation",
if a master connection is being activated because a slave connection requested
it, ensure that the user requesting the master connection is allowed to
activate it.
This appears to be a bug since the original 0.9.0 release when
connection permissions were implemented.
If all the following are true:
- the user is local (as determined by systemd or ConsoleKit)
- the user has been given the NETWORK_CONTROL PolicyKit permission
- the user is not listed in the connection's permissions
- the user knows the D-Bus object path of a connection which they
have no permissions for
then that user may activate/deactivate connections that are not
visible to that user as determined by the connection permissions.
Fix that by ensuring that these operations check whether the user
has permission.
These operations are *not* affected, and have always checked user
permissions before allowing the operation:
- modifying any connection details
- requesting any secrets or passwords for the connection
- deleting the connection
When receiving an IPv4/IPv6 address from the kernel, platform set the
timestamp to an invalid value before. The address timestamp must be set
to *now*, because the lifetime and preferred arguments are counting from
now.
Signed-off-by: Thomas Haller <thaller@redhat.com>
update_system_hostname() was bailing out if (there is no IP4 config or
the IP4 config has no addresses) AND (there is no IP6 config or the
IP6 config has no addresses), but it would then hit an assertion and
crash if there was a valid IP6 config along with an IP4 config with no
addresses. Fix that and get rid of some redundancy.
Sort of pointed out by Coverity.
Now UPDATED_BY_USER signal gets emitted immediately after the connection
is updated, rather then only after it is successfully saved.
This means, that the signal will be emitted earlier then before (right
after changing the connection, but before it gets commited).
Furthermore, the signal will also be emitted for connections that
get changed but are not to be saved.
Currently, the only subscriber to this signal is NMSettings
(default_wired_connection_updated_by_user_cb), which should be fine with
this change of semantics (even better).
https://bugzilla.redhat.com/show_bug.cgi?id=1040528
Signed-off-by: Thomas Haller <thaller@redhat.com>
- use a more efficient implementation for prefix_to_netmask
- fix netmask_to_prefix to behave consistently in case of
invalid netmask
- remove unused duplicated functions from NetworkManagerUtils.c
- add test functions
Based-on-patch-by: Pavel Šimerda <psimerda@redhat.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
Related: https://bugzilla.gnome.org/show_bug.cgi?id=721771
For now, ignore them, as libnl does not support IPv6 PtP addresses
and returns an error. In the future perhaps we'll want to add a host
route for the peer instead of using the point-to-point address.
Move DHCP_SEND_HOSTNAME parsing out of the check for DHCP_HOSTNAME so that
users can disable NM sending the system hostname to the DHCP server when
DHCP_HOSTNAME is not defined.
NMAgentManager was supposed to be trying multiple secret agents on any
error except UserCanceled, but due to a botched last-minute rewrite,
it was actually doing the reverse.
nm_logging_level_to_string() returned a const string, but
nm_logging_domains_to_string() returned a malloced one, which was
getting leaked in impl_manager_get_logging(). Fix this by making them
both malloced, and freeing as needed.
If the command line or NetworkManager.conf mentions a non-existent
domain, just print a warning and ignore it. That way if you switch to
using an older NM that doesn't have that domain, it will still work.
If the hostname is "foo.example.com" then we want to add
"search example.com" to resolv.conf, but if it's just "example.com",
we don't want to add "search com" (rh #812394).
So if NetworkManager is being built with recent libsoup, use
soup_tld_domain_is_public_suffix() to double-check the domain before
adding it. (If it is not being built with libsoup, or is being built
with too old a version, we just skip that test, keeping the old
behavior.)
NMPolicy only updates the NMDnsManager's hostname when it changes,
which previously did not include at startup. Meaning if your hostname
never changed, NMDnsManager would never learn it (and so would never
add an appropriate "search" line to resolv.conf). Fix that.
If NM is not explicitly managing resolv.conf (either due to the "dns"
NetworkManager.conf setting, or because resolv.conf is immutable),
then don't try to parse nameservers out of it when capturing a
connection, since there's no reason to believe that the name servers
there are related to any particular connection.
If /etc/resolv.conf has the immutable flag set, then behave as though
"dns=none" was specified (rather than repeatedly trying and failing to
update it).
Add a property indicating whether NMDnsManager is ignoring
resolv.conf, managing it by explicitly putting nameservers into it, or
managing it by proxying to another service (eg, dnsmasq) with
"nameserver 127.0.0.1".
NM bounces devices on suspend/resume, since some buggy drivers require
it. However, there's no need to take down virtual devices. (In
particular, we don't want to take down libvirt's virbr0, since it
won't get automatically brought back up afterward.)
A lifetime of 0 means that the domain or server should no longer
be used, so if we get an RA with a zero-lifetime DNS server or
domain that we haven't seen before, don't bother adding it to the
list.
DNS servers and domains that are already known and become zero
lifetime in the next RA are already correctly handled by
clean_dns_servers() and clean_domains().
The DNS server and domain timestamps and lifetimes weren't updated
when a new RA was received. When half the lifetime for either of
them had passed, clean_dns_servers() and clean_domains() request a
Router Solicitation to ensure the DNS information does not expire.
This obviously results in a new Router Advertisement, but since the
timestamps don't get updated, clean_dns_servers() and clean_domains()
simply request another solicitation because 'now' is still greater
than half the old lifetime. This casues another solicit request,
which causes another RA, which... etc.
https://bugzilla.redhat.com/show_bug.cgi?id=1044757https://bugzilla.gnome.org/show_bug.cgi?id=720760
Add IP and DHCP config properties to the D-Bus ActiveConnection
objects.
For device connections, this is redundant with the properties already
on the Device object, but for VPN connections, this information was
not previously available.
