If things happen just right, where a bond is the first device to use
IPv6 and thus has the only reference to the NMIP6Manager, and the
RTM_NEWROUTE event comes in and triggers manager_request_ip6_info()
but then the device is removed by 'rmmod bonding', the call to
manager_request_ip6_info() could be dangling after the IP6Manager
has been disposed. Fix that.
Although having different parts of NM in different subdirectories
keeps the source tree neat, it has made the build messy, particularly
because of cross-dependencies between the subdirs.
Reorganize to build all of the pieces of the NetworkManager binary
from src/Makefile, and only use recursive make for test programs,
helper binaries, and plugins.
As part of this, get rid of all the per-directory convenience
libraries, and switch to building a single top-level
libNetworkManager.la, containing everything except main.c, which all
of the test programs can then link against.
'device' is freed by nm_ip6_manager_cancel_addrconf(). Plus if
addrconf fails, the DHCP options should be ignored anyway.
==23089== Thread 1:
==23089== Invalid read of size 4
==23089== at 0x4861E0: finish_addrconf (nm-ip6-manager.c:444)
==23089== by 0x39B904F7EA: g_timeout_dispatch (gmain.c:3882)
==23089== by 0x39B904EC54: g_main_context_dispatch (gmain.c:2539)
==23089== by 0x39B904EF87: g_main_context_iterate.isra.23 (gmain.c:3146)
==23089== by 0x39B904F381: g_main_loop_run (gmain.c:3340)
==23089== by 0x426188: main (main.c:614)
==23089== Address 0xcdb791c is 60 bytes inside a block of size 152 free'd
==23089== at 0x4A07786: free (vg_replace_malloc.c:446)
==23089== by 0x39B905499E: g_free (gmem.c:252)
==23089== by 0x39B90692FE: g_slice_free1 (gslice.c:1111)
==23089== by 0x39B903EC49: g_hash_table_remove_internal (ghash.c:1274)
==23089== by 0x4861DC: finish_addrconf (nm-ip6-manager.c:443)
==23089== by 0x39B904F7EA: g_timeout_dispatch (gmain.c:3882)
==23089== by 0x39B904EC54: g_main_context_dispatch (gmain.c:2539)
==23089== by 0x39B904EF87: g_main_context_iterate.isra.23 (gmain.c:3146)
==23089== by 0x39B904F381: g_main_loop_run (gmain.c:3340)
==23089== by 0x426188: main (main.c:614)
device_sync_from_netlink() and nm_netlink_request_ip6_info() are now
delayed, so that they are called only once for a series of events. This
makes the IPv6 processing and especially debug messages more sane.
NL_AUTO_PROVIDE is not a valid flag for this call and it's coincidental
with ROUTE_CACHE_CONTENT, which is certainly not what we want.
NETLINK_ROUTE is a netlink family, not an address family. It is
coincidental with AF_UNSPEC which is what we actually want.
Stop logging the whole list of addresses as we already have new and lost
addresses logged. Stop putting 'state' and 'ra_flags' in almost every
message since changes of those are already logged. Log target state
change.
GObject creation cannot normally fail, except for types that implement
GInitable and take a GError in their _new() method. Some NM types
override constructor() and return NULL in some cases, but these
generally only happen in the case of programmer error (eg, failing to
set a mandatory property), and so crashing is reasonable (and most
likely inevitable anyway).
So, remove all NULL checks after calls to g_object_new() and its
myriad wrappers.
https://bugzilla.gnome.org/show_bug.cgi?id=693678
g_malloc(), etc, never return NULL, by API contract. Likewise, by
extension, no other glib function ever returns NULL due to lack of
memory. So remove lots of unnecessary checks (the vast majority of
which would have immediately crashed had they ever run anyway, since
g_set_error(), g_warning(), and nm_log_*() all need to allocate
memory).
https://bugzilla.gnome.org/show_bug.cgi?id=693678
This function gets used for both /proc/sys (ie, sysctl) and for
sysfs attributes. There are two issues with it:
1) most sysctl values don't care about a trailing LF, but some
sysfs attributes (infiniband) do; so we always have to add the
trailing LF. Just move that into the function to ensure that
callers don't forget to add it.
2) neither sysfs or sysctl support partial writes, while the
existing function did partial writes. Practically, both the
write handlers for sysfs and sysctl should always handle all
the data, but if they don't, partial writes are wrong. So
instead, try three times to write all the data.
This functionality is (mostly) obsoleted by the newer
GLIB_VERSION_MIN_REQUIRED and GLIB_VERSION_MAX_ALLOWED defines. With
this, your build doesn't all of a sudden blow up if we deprecate
something in GLib - you have to explicitly opt-in to the newer
version.
G_DISABLE_DEPRECATED does still apply for macros and things that can't
take __attribute__((deprecated)), but it's not really worth the pain
and cargo culting around just for that.
The kernel periodically adds routes for specific operations, including
when pinging any host. These are temporary routes and aren't part of
the interface's permanent routing configuration, so we should ignore
them.
WiMAX failed distcheck if the iwmxsdk devel files were installed but
--enable-wimax=no was used, since the distcheck configure bits found
the iwmxsdk headers, defaulted WiMAX support to 'on', and then proceeded
to use the generated headers from the top srcdir, where of course
wimax was turned off (due to --enable-wimax=no). Instead, everything
should use the headers from the builddir, which reflects the options
that 'make distcheck' actually selects.
At the same time, re-order various includes everywhere to ensure that
the builddir paths come before the srcdir paths to prevent this from
happening in the future.
Move ra_flags modifications to a dedicated function that
logs the change (if any). Also improve device_set_state()
so that both functions return TRUE if the value actually
changes.
This commit includes Dan Winship's implementation of IPv6
router solicitation. It also uses it as a last resort
for RDNSS and DNSSL lifetime expiry. While using RS to prevent
lifetime expiry may be deprecated and removed in the future,
the RS implementation is useful in other places too.
It can be also viewed as a last resort if commit e1cfdd5 gets
reverted/modified or if it does not work under some weird
circumstances.
It also includes improvements by cyphermox and me.
RFC 6106 says, section 5.1 says:
In order to provide fixed hosts
with stable DNS service and allow mobile hosts to
prefer local RDNSSes to remote RDNSSes, the value of
Lifetime SHOULD be bounded as
MaxRtrAdvInterval <= Lifetime <= 2*MaxRtrAdvInterval
I have reported and repeatedly confirmed that values in this interval
trigger frequent RDNSS expiration on unreliable links such as 802.11
wifi. Wireless links *do* have packet loss and actually have a *much*
worse multicast packet loss than unicast. And regular router
advertisements are sent as multicast packets (in multicast frames).
In case of RDNSS expiration, NetworkManager tears down the whole
connection. That of course affects IPv4 networking as well as IPv6.
In a typical wireless network with radvd serving RDNSS it leads to
dropping network connection every ~10 minutes.
This commit improves the previous hack in 0b8ee13 by enforcing a minimum
lifetime of two hours (7200 seconds), which is four times the maximum
allowed value for MaxRtrAdvInterval (see below). We could use
AdvDefaultLifetime instead (as suggested by tore_ on IRC) but it doesn't
seem to be accessible through netlink.
RFC 4861 Neighbor Discovery for IP version 6 (IPv6):
MaxRtrAdvInterval
The maximum time allowed between sending
unsolicited multicast Router Advertisements from
the interface, in seconds. MUST be no less than 4
seconds and no greater than 1800 seconds.
This solution is not recommended by any RFC (and is in fact against
RFC 6106) but it's the easiest hack to fix the problem until IETF
takes action.
My original posting to IETF can be found here:
http://www.ietf.org/mail-archive/web/ipv6/current/msg15816.html
Bug #676317 describes the following error:
NetworkManager[30151]: <error> [1337348764.559121] [nm-system.c:1121]
nm_system_replace_default_ip6_route(): (eth1): failed to set IPv6 default
route: -7
The above error is caused by NetworkManager assuming default gateways
belong to addresses but failing to setup default gateways for addresses
learned through DHCPv6.
This commit doesn't fix the fundamental issue but can be viewed as an ugly
workaround that gets IPv6 connection up and running. It doesn't fix
the fundamental flaw of binding gateways to IP addresses. They are
configured separately in IPv6 and NM should use lifetimes and allow
default gateway reconfiguration.
libnl1 doesn't check the first argument and crashes on NULL.
I got NULL gateway out of rtnl_route_get_gateway() for link local and
multicast routes (fe80::/64, ff00::/8).
There is are global caches of IPv6 addresses and routes. Only
managed devices are synchronized later. We *may* move
to per-device caches in the future but for now we should
keep the caches up to date.
Introduce logging of individual address and route changes. Rename
process_addr() and process_route() to process_address_change() and
process_route_change() so that it is clear that we react to both
addition and deletion.
Every state change should go through device_set_state(). This
static function provides state change logging. Function
state_to_string is moved up so that we can use it.
Split nm_ip6_device_sync_from_netlink into multiple functions.
It will now call the smaller functions and may disappear entirely
in the future.
To share state between these (and possible future) functions,
move local variables found_linklocal, found_other and dhcp_opts
to NMIP6Device as has_linklocal and has_nonlinklocal and dhcp_opts.
The kernel appears to always add a default route pointing to the router
that sent the RA, regardless of the contents of the RA:
ndisc_router_discovery() calls rt6_add_dflt_router() which calls
ip6_route_add() which calls __ip6_ins_rt() which calls fib6_add() which
calls fib6_add_rt2node(), which calls inet6_rt_notify(RTM_NEWROUTE, rt,
info)
So skip listening for RTM_NEWPREFIX and just rely on NEWROUTE instead.
The config_changed lost its meaning because RTM_NEWPREFIX was the only
case where it was FALSE.
- changes nm_utils_get_proc_sys_net_value() to allow all values, not just 0,1
- adds nm_utils_get_proc_sys_net_value_with_bounds() for limiting valid values
Rather than generating enum classes by hand (and complaining in each
file that "this should really be standard"), use glib-mkenums.
Unfortunately, we need a very new version of glib-mkenums in order to
deal with NM's naming conventions and to fix a few other bugs, so just
import that into the source tree temporarily.
Also, to simplify the use of glib-mkenums, import Makefile.glib from
https://bugzilla.gnome.org/654395.
To avoid having to run glib-mkenums for every subdirectory of src/,
add a new "generated" directory, and put the generated enums files
there.
Finally, use Makefile.glib for marshallers too, and generate separate
ones for libnm-glib and NetworkManager.
The RDNSS and DNSSL failure cases wouldn't clear out the idle
handler of a previous success (if that success hadn't fired yet);
it seems pointless to signal success and then immediately fail.
Second, it would cause a dangling GSource if the device was
removed or NM quit at the right time.
This patch makes NM set the "accept_ra" sysctl to 1 rather than 2. This
causes the kernel to process RAs even if it configured to forward IPv6
traffic on the interface in question.
IPv6 forwarding would likely be enabled on a host running virtualised
operating systems with virtualised network adapters, for example. This
should not prevent NM from successfully activating IPv6 on a
NM-controlled interface configured with IPv6 mode Auto.
Verifies that provided message consists of at least the link message
header. nlmsg_parse() does this so it needs to be called prior to
accessing the message contents.
