NetworkManager set wpa_supplicant's fragment_size option to 1300. But if MTU
was lower, wpa_supplicant failed with "l2_packet_send - sendto: Message too
long" due to fragmentation of EAP-TLS or EAP-PEAP packets.
Actually, MTU has to be 14 bytes bigger than the "fragment_size" parameter.
Ideally, wpa_supplicant would take MTU in the account and adjust the
fragmentation limit accordingly. See discussion in
http://lists.shmoo.com/pipermail/hostap/2015-August/033546.htmlhttps://bugzilla.gnome.org/show_bug.cgi?id=755145
This downgrades the following warning down to debug-level.
<warn> Could not get scan request result: GDBus.Error:fi.w1.wpa_supplicant1.Interface.ScanError: Scan request rejected
It seems this ~error~ happens regularly, so warning about it is overly
alarming.
Port remaining bits to gdbus and remove stray dbus-glib references
Drop the dbus-glib version check from configure, since nothing depends
on new dbus-glib any more.
Move nm-dbus-glib-types.h and nm-gvaluearray-compat.h from include/ to
libnm-util/ since they are now only used by libnm-util and libnm-glib.
This internal header file should be included by our internal source
code files and header files. It includes in one place other headers
that constitute to a minimal set of required headers. Most notably
this is <glib.h> and our "nm-glib.h" header.
Note that public header files and example source code cannot include
this file as "nm-default.h" is internal only.
Rather than randomly including one or more of <glib.h>,
<glib-object.h>, and <gio/gio.h> everywhere (and forgetting to include
"nm-glib-compat.h" most of the time), rename nm-glib-compat.h to
nm-glib.h, include <gio/gio.h> from there, and then change all .c
files in NM to include "nm-glib.h" rather than including the glib
headers directly.
(Public headers files still have to include the real glib headers,
since nm-glib.h isn't installed...)
Also, remove glib includes from header files that are already
including a base object header file (which must itself already include
the glib headers).
Add a file containing the defines like DBUS_INTERFACE_DBUS from
dbus-shared.h, and use it from the gdbus-using files.
Also, convert a bunch of other places that were previously hardcoding
the string values to use the defines instead, and fix the ifcfg-rh
plugin to properly namespace its own D-Bus-related defines.
NetworkManager uses wpa_supplicant, which in turn calls OpenSSL for verifying
certificates. wpa_supplicant calls
SSL_CTX_load_verify_locations(ctx, CAfile, CApath)
using its ca_cert and ca_path options as CAfile and CApath parameters.
We have a configure time option with_system_ca_path to override ca_path.
However, it doesn't work when a system (like Fedora) only uses bundled PEM
certificates instead of a directory with hashed certificates ([1], [2]).
So this commit allows setting --with_system_ca_path to a file name (the
trusted certificate bundle). Then the name is used to populate wpa_supplicant's
ca_cert instead of ca_path.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1053882
[2] https://www.happyassassin.net/2015/01/12/a-note-about-ssltls-trusted-certificate-stores-and-platforms/https://bugzilla.redhat.com/show_bug.cgi?id=1236548
g_dbus_proxy_get_cached_property_names() function can return NULL.
Program received signal SIGSEGV, Segmentation fault.
on_bss_proxy_acquired (proxy=0x7fffe4003880 [GDBusProxy], result=0x895490, user_data=<optimized out>) at supplicant-manager/nm-supplicant-interface.c:159
159 while (*iter) {
(gdb) bt
#0 0x000000000048fac7 in on_bss_proxy_acquired (proxy=0x7fffe4003880 [GDBusProxy], result=0x895490, user_data=<optimized out>)
at supplicant-manager/nm-supplicant-interface.c:159
#1 0x0000003bf84728b7 in g_simple_async_result_complete (simple=0x895490 [GSimpleAsyncResult]) at gsimpleasyncresult.c:763
#2 0x0000003bf8472919 in complete_in_idle_cb (data=<optimized out>) at gsimpleasyncresult.c:775
#3 0x0000003bf5c497fb in g_main_context_dispatch (context=0x7d6420) at gmain.c:3111
#4 0x0000003bf5c497fb in g_main_context_dispatch (context=context@entry=0x7d6420) at gmain.c:3710
#5 0x0000003bf5c49b98 in g_main_context_iterate (context=0x7d6420, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3781
#6 0x0000003bf5c49ec2 in g_main_loop_run (loop=0x7d64e0) at gmain.c:3975
#7 0x00000000004349d6 in main (argc=1, argv=0x7fffffffe598) at main.c:486
Instead of tricky logic to merge APs and age them, just tell the
supplicant what our aging parameters are, and rely on it to handle
removal from the list. Notable behavioral changes are:
* APs will now be removed when they haven't been seen for two
consecutive scans in which they would have been included. This
means that when the scan interval is short, out-of-range APs will
be removed much more quickly than the previous 360 seconds.
* APs now live at most 250 seconds (twice our longest scan interval)
instead of the previous 360 seconds.
* The problem with wpa_supplicant < 2.3 not notifying that a BSS has
been seen in the scan if none of its properties actually changed is
now avoided, because an AP is only removed when the supplicant removes it
In general these changes should make the scan list more responsive, at
the cost of slightly more instability in the list due to the unreliability
of WiFi scanning. But it also removes a layer of complexity and
abstraction from NetworkManager, pushing the scan results list closer
to that which the hardware reports.
A few places in the NMSupplicantInterface API and in NMDeviceWifi's
use of it were still using "GHashTable *properties" where they should
have been using "GVariant *properties". (This didn't cause any actual
problems because nothing was looking at those arguments.)
(Also fix a comment typo.)
libnm-core treated the UNKNOWN WEP key type as KEY. Relax that
and try to guess the correct type based on the key.
This is for example important if you have a valid connection with
wep-key-type=0 (unknown)
If you request passwords for such a connection, the user cannot
enter them in password format -- but there is no UI indication
that the password must be KEY.
The supplicant interface's proxy may outlive the interface object
itself, so we must ensure that all signal handlers are disconnected.
Fixes a crash on suspend/resume.
Fixes: 59c8192b22
The Interface held a reference to the manager to listen for the 'available'
signal. Instead of that, let's make the child unaware of the master to
keep the inheritance cleaner.
config.h should be included from every .c file, and it should be
included before any other include. Fix that.
(As a side effect of how I did this, this also changes us to
consistently use "config.h" rather than <config.h>. To the extent that
it matters [which is not much], quotes are more correct anyway, since
we're talking about a file in our own build tree, not a system
include.)
Make the type return GBytes since most in-tree users want that.
Allow the function to accept many more formats as valid hex, including
bytes delimited by ':' and a leading '0x'.
Split a base NMSettingIPConfig class out of NMSettingIP4Config and
NMSettingIP6Config, and update things accordingly.
Further simplifications of now-redundant IPv4-vs-IPv6 code are
possible, and should happen in the future.
Add nm-core-types.h, typedefing all of the GObject types in
libnm-core; this is needed so that nm-setting.h can reference
NMConnection in addition to nm-connection.h referencing NMSetting.
Removing the cross-includes from the various headers causes lots of
fallout elsewhere. (In particular, nm-utils.h used to include
nm-connection.h, which included every setting header, so any file that
included nm-utils.h automatically got most of the rest of libnm-core
without needing to pay attention to specifics.) Fix this up by
including nm-core-internal.h from those files that are now missing
includes.
Calling dbus_g_proxy_begin_call() on a closed DBUS connection will
return NULL. All the call sites of nm_call_store_add() don't check
for NULL and therefore might hit an assertion.
This can easily reproduced by stopping the DBUS daemon.
Backtrace:
#0 0x000000381d0504e9 in g_logv (log_domain=0x59cd8b "NetworkManager", log_level=G_LOG_LEVEL_CRITICAL, format=<optimized out>, args=args@entry=0x7fff42cce5c0) at gmessages.c:989
#1 0x000000381d05063f in g_log (log_domain=<optimized out>, log_level=<optimized out>, format=<optimized out>) at gmessages.c:1025
#2 0x00000000004b64e9 in nm_call_store_add (store=0x7f8e1c003d20, proxy=0x219c0d0, call=0x0) at supplicant-manager/nm-call-store.c:47
#3 0x00000000004b0b7b in interface_add (self=0x20e2500, is_wireless=1) at supplicant-manager/nm-supplicant-interface.c:907
#4 0x00000000004b0865 in nm_supplicant_interface_new (smgr=0x216c870, ifname=0x211e840 "wlp3s0", is_wireless=1, fast_supported=1, ap_support=AP_SUPPORT_YES, start_now=1) at supplicant-manager/nm-supplicant-interface.c:1355
#5 0x00000000004b47da in nm_supplicant_manager_iface_get (self=0x216c870, ifname=0x211e840 "wlp3s0", is_wireless=1) at supplicant-manager/nm-supplicant-manager.c:91
#6 0x00007f8e250f8b3f in supplicant_interface_acquire (self=0x218a350) at nm-device-wifi.c:253
#7 0x00007f8e250fc22e in supplicant_iface_state_cb (iface=0x20e2290, new_state=13, old_state=9, disconnect_reason=0, user_data=0x218a350) at nm-device-wifi.c:2274
#8 0x000000381dc05d8c in ffi_call_unix64 () at ../src/x86/unix64.S:76
#9 0x000000381dc056bc in ffi_call (cif=cif@entry=0x7fff42cced00, fn=0x7f8e250fbb20 <supplicant_iface_state_cb>, rvalue=0x7fff42ccec30, avalue=avalue@entry=0x7fff42ccebb0) at ../src/x86/ffi64.c:522
#10 0x000000381e010f35 in g_cclosure_marshal_generic_va (closure=0x20fd2b0, return_value=0x0, instance=0x20e2290, args_list=<optimized out>, marshal_data=0x0, n_params=3, param_types=0x2189ee0) at gclosure.c:1550
#11 0x000000381e0104c7 in _g_closure_invoke_va (closure=closure@entry=0x20fd2b0, return_value=return_value@entry=0x0, instance=instance@entry=0x20e2290, args=args@entry=0x7fff42ccef40, n_params=3, param_types=0x2189ee0)
at gclosure.c:840
#12 0x000000381e029749 in g_signal_emit_valist (instance=0x20e2290, signal_id=<optimized out>, detail=0, var_args=var_args@entry=0x7fff42ccef40) at gsignal.c:3238
#13 0x000000381e02a3af in g_signal_emit (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>) at gsignal.c:3386
#14 0x00000000004b0e4b in set_state (self=0x20e2290, new_state=13) at supplicant-manager/nm-supplicant-interface.c:344
Signed-off-by: Thomas Haller <thaller@redhat.com>
The supplicant has a custom parsing function for freq_list which
handles the list as a string. Having NM marshal the option
as TYPE_BYTES causes the supplicant to interpret the values that
NM passes (which are in ASCII) as a byte-array and thus the
supplicant gets a bogus frequency list. Instead, NM should
marshal freq_list as a simple string (using TYPE_KEYWORD without
value checking).
https://bugzilla.gnome.org/show_bug.cgi?id=737795
Change all DBUS_TYPE_G_UCHAR_ARRAY properties to G_TYPE_BYTES, and
update corresponding APIs. Notably, this means they are now refcounted
rather than being copied.
Update the rest of NM for the changes. The daemon still converts SSIDs
to GByteArrays internally, because changing it to use GBytes has lots
of trickle-down effects. It can possibly be changed later.
Make all mac-address properties (including NMSettingBluetooth:bdaddr,
NMSettingOlpcMesh:dhcp-anycast-addr, and NMSettingWireless:bssid) be
strings, using _nm_setting_class_transform_property() to handle
translating to/from binary form when dealing with D-Bus.
Update everything accordingly for the change, and also add a test for
transformed setting properties to test-general.
This wpa_supplicant option is not named "private_key_passwd2". Looks
like this regressed in e5ed391f28.
Signed-off-by: Geoffrey Thomas <gthomas@mokafive.com>
Commit fb6cde50 changed from setBlobs in the old wpa_supplicant D-Bus
interface, which returned an integer status code, to AddBlob in the new
one, which doesn't, but didn't account for that change. That caused
error messages of the form "Couldn't set network certificates: Too few
arguments in reply." on valid connection requests.
Signed-off-by: Geoffrey Thomas <gthomas@mokafive.com>
The fact that NMRemoteConnection has to be an NMConnection and
therefore can't be an NMObject means that it needs to reimplement bits
of NMObject functionality (and likewise NMObject needs some special
magic to deal with it). Likewise, we will need a daemon-side
equivalent of NMObject as part of the gdbus port, and we would want
NMSettingsConnection to be able to inherit from this as well.
Solve this problem by making NMConnection into an interface, and
having NMRemoteConnection and NMSettingsConnection implement it. (We
use some hacks to keep the GHashTable of NMSettings objects inside
nm-connection.c rather than having to be implemented by the
implementations.)
Since NMConnection is no longer an instantiable type, this adds
NMSimpleConnection to replace the various non-D-Bus-based uses of
NMConnection throughout the code. nm_connection_new() becomes
nm_simple_connection_new(), nm_connection_new_from_hash() becomes
nm_simple_connection_new_from_hash(), and nm_connection_duplicate()
becomes nm_simple_connection_new_clone().
