Until we handle bridges non-destructively, only manage bridges
created by NM. When quitting write out a file listing all
bridges created by NM and a timestamp, and when starting read
that file and if the timestamp is within 30 minutes, manage
any bridge that was listed in that file. This scheme, while
not foolproof (eg, if NM crashes), should ensure that NM can
recognize bridges it created if it's restarted. The file
is stored in /run or /var/run, which is cleaned each restart,
ensuring that the state does not persist across reboots.
If an automatic or user-initiated activation request for
a bridge NM does not manage is received, that request is
denied. Only if the bridge interface does not yet exist, or
was present in the managed bridges file, will an
NMDeviceBridge be created and activation be possible.
Provides functions to create and delete bridging devices and
to attach/detach slaves from bridging devices.
It currently relies on the ioctl() kernel interface. The long
term goal is to use the netlink interface for this.
Until we remove libnl-1.x and libnl-2.x support, it should be
possible to choose the libnl version at build time. This is
mostly important for testing legacy libnl support but it also
helps distributions that ship other tools built agains them.
(https://bugs.gentoo.org/show_bug.cgi?id=441750)
Trying to ARP with no other machines in the broadcast domain
is pretty pointless, and in many cases doesn't work (ZTE MF691
/T-Mobile Rocket 2), so turn it off.
The ctype macros (eg, isalnum(), tolower()) are locale-dependent. Use
glib's ASCII-only versions instead.
Also, replace isascii() with g_ascii_isprint(), since isascii()
accepts control characters, which isn't what the code wanted in any of
the places where it was using it.
replace_default_ip6_route() was mistakenly requiring gw to be
non-NULL, which meant it could only set the route via a gateway, not
via a device (thus breaking IPv6-over-openconnect)
If the interface already exists, the compat code would fail. Fix that
and clean up the function. Also double-check that an existing VLAN
interface that has the name we expect also has the master and VLAN
ID we expect.
libnl2 and earlier do not implement rtnl_link_get_kernel() and
thus we need compat code to determine whether an interface is
a bond or a VLAN. Previously, the VLAN code would simply assert
and cause NM to exit when running with libnl2 or earlier because
the interface type could not be determined.
Add new API to allow passing both IPv4 and IPv6 configuration
information from VPN plugins to the backend.
Now instead of a single Ip4Config, a plugin has Config, Ip4Config, and
Ip6Config. "Config" contains information which is neither IPv4 nor
IPv6 specific, and also indicates which of Ip4Config and Ip6Config are
present. Ip4Config now only contains the IPv4-specific bits of
configuration.
There is backward compatibility in both directions: if the daemon is
new and the VPN plugin is old, then NM will notice that the plugin
emitted the Ip4Config signal without having emitted the Config signal
first, and so will assume that it is IPv4-only, and that the generic
bits of configuration have been included with the Ip4Config. If the
daemon is old and the plugin is new, then NMVPNPlugin will copy the
values from the generic config into the IPv4 config as well. (In fact,
NMVPNPlugin *always* does this, because it's harmless, and it's easier
than actually checking the daemon version.)
Currently the VPN is still configured all-at-once, after both IPv4 and
IPv6 information has been received, but the APIs allow for the
possibility of configuring them one at a time in the future.
Even if a VPN is only tunneling IPv4, you might still be connected to
the tunnel endpoint via IPv6. Allow
NM_VPN_PLUGIN_IP4_CONFIG_EXT_GATEWAY to be either an IPv4 or an IPv6
address, and set up an appropriate static route either way.
Kernel ifindexes are always greater than zero (see dev_new_index()
in net/core/dev.c). Also don't bother warning about ifindex
lookup failures for devices we know aren't kernel network interfaces.
When copying device names into ioctl structs, we know that the device
names are of valid length, so we were using strcpy(). But you can't
prove that they're short enough just looking at the local code, so
some code analysis tools warn about a potential buffer overflow.. So
use g_strlcpy() instead.
The kernel wants there to be a default route over every RA-ed IPv6
interface, and it gets confused and annoyed if we remove that default
route and replace it with our own (causing it to effectively drop all
further RAs on the floor, which is particularly bad if some of the
information in the earlier RA had an expiration time).
So, rather than replacing the kernel's default route(s), just add an
additional one of our own, with a lower (ie, higher priority) metric.
https://bugzilla.redhat.com/show_bug.cgi?id=785772
Reset all known bond options to their default values, not just the
ones that NMSettingBond allows overriding. Also, remove any bond
slaves that were already attached to the bond before we managed it.
Only update bond parameters that need to be updated. In particular,
setting either arp_interval or miimon to 0 has the side effect of also
setting the other one to 0, so don't do that if it's already 0.
Fix the handling of arp_ip_target; the sysfs arp_ip_target node does
not work the same way as the ifcfg BONDING_OPTS line (which is what
the code was assuming before).
libnl3 wants a destination address when setting a route, so just hand
it '::' with a address len of 0 so we don't get -NLE_MISSING_ATTR
when trying to set the IPv6 default route.
Otherwise if another connection was subsequently activated on a
bond interface, and didn't specify all options, ones set for the
previous connection could stay set for the new connection.
If we want to support vlan without libnl3,
then we can use ioctl.
Changelog:
V2: fix identation and comments.
Signed-off-by: Weiping Pan <wpan@redhat.com>
Make sure we don't already have an NMDevice for this interface
before creating it, and also when creating the interface, make
a new NMDevice for it immediately to prevent a race between
telling the kernel to create the interface via netlink, and when
udev later tells us about it. In between there we could be
triggered to try creating the interface again.
First make it build on libnl1/2. Second, the VLAN
virtual interface name might not always be given in the
NMConnection (if the master is a UUID and thus the name
is determined automatically) so just take the interface
name instead. And make sure we verify it's a VLAN
interface before deleting it.
Lastly, construct the VLAN interface name if it's not
given in the NMConnection. This means we need to know
the master interface name when creating the connection,
which we always will since you can't create the VLAN
interface without it's master being present. That also
means we need to return the name to the caller so it
can be used to create the NMDevice for the VLAN interface
after we've created it in the kernel.
We make use of libnl (>=3.2.1) to create/delete kernel vlan device,
and it can set vlan id, vlan flags and ingress/egress priority mapping.
V3:
1 nm_netlink_iface_to_index() should use slave name
V2:
1 use existing nm_netlink_iface_to_index()
Signed-off-by: Weiping Pan <wpan@redhat.com>
Removes all bonding options properties and adds a "options" dict to hold
them all. Accessible via accessor functions. ifcfg interface is
unchanged.
Signed-off-by: Thomas Graf <tgraf@redhat.com>
Add two helper functions, one for IPv4 and one for IPv6, to ensure
that the core code benefits from compiler type checking when adding
routes. Previously nm_netlink_route_add() took a void* which meant
we messed up adding IPv6 routes sometimes due to confusion over
what was supposed to be passed to it. Also fixes what appears to
be a C&P error with add_ip6_route_to_gateway().
Reported by Tomáš Trnka <tomastrnka@gmx.com>
If the route already exists and the kernel tells us that, we
don't need to do anything. We certainly don't need to warn
about it in the logs.
There was a typo in the IPv6 default route replace function that
ignored a returned error, and thus we didn't suppress the NLE_EXIST
error like we wanted to. Do the same for the IPv4 default route
while we're at it.
Adds a new function nm_system_apply_bonding_config() which applies
the parameters specified in the NMSettingBond object via sysfs.
Calls that function after creating/updating the bonding master
device.
If a parameter is not specified in the ifcfg the parameter will be
re-initialized to the default value. This may overwrite changes
which have been done manually via sysfs but it is the only reliable
way of setting up the bond.
Supported parameters for now:
- mode (default: balance-rr)
- miimon (default: 100)
- updelay (default: 0)
- downdelay (default: 0)
- arp_interval (default: 0)
- arp_ip_target (default: none)
Thomas Graf <tgraf@redhat.com>
Kills the strdup() and avoids having the caller free the memory. Also renames
the function to nm_system_get_iface_type() since "link" is not a common term
in NM.
Signed-off-by: Thomas Graf <tgraf@redhat.com>
Code is written generic enough to allow easy addition of further master/slave
relationships such as bridging relations.
Signed-off-by: Thomas Graf <tgraf@redhat.com>
(whitespace cleanups and libnl compat by dcbw)
A bonding device is like a virtual ethernet device. We therefore reuse
nm-device-ethernet and add some special handling to detect bonding
connections.
Changes v2:
- Fixed memory leak
Signed-off-by: Thomas Graf <tgraf@redhat.com>
Creates virtual kernel devices as needed. Since the manager is
initialized after the connections have been loaded no
CONNECTIONS_ADDED notification is received for connections parsed
at startup.
Therefore walks the loaded connections looking for bonding
connections.
Connections added on the fly are handled via the notifications.
Connection renaming and deleting is not supported yet.
Signed-off-by: Thomas Graf <tgraf@redhat.com>
NM already includes <linux/if.h> in some places, f.e. nm-netlink-monitor and
we can't mix usage of the two. Stick to using <linux/if.h> as it provides
additional flag definitions such as operational link state and link mode.
Signed-off-by: Thomas Graf <tgraf@redhat.com>
