In theory, NM_VPN_PLUGIN_ERROR should have names under
org.freedesktop.NetworkManager.VPN.Plugin, but for historical reasons,
it's actually org.freedesktop.NetworkManager.VPN.Error.
(cherry picked from commit 773f047eef)
teamd can recover interface state on its own, so if it died unexpectedly
we don't need to fail the device. Also, if for some reason a teamd is
already up and running when activating the interface, we can ask for
its configuration and if it has the same configuration we are about to
use, just talk to the existing copy instead of killing it.
Since f85513b (device: do not touch sysctls after the device was removed) the
device is not unconfigured/cleaned up when it's removed. When we're quitting
the device is not actually removed, we're just unmanaging it -- let's just
use a different reason so that the cleanup runs.
Fixes: f85513b8e4
(cherry picked from commit 0f71335d52)
Fixes the following warnings in nm-dns-manager.c with NETCONFIG_PATH set:
dns-manager/nm-dns-manager.c: In function 'dispatch_netconfig':
dns-manager/nm-dns-manager.c:313:2: warning: implicit declaration of function 'waitpid' [-Wimplicit-function-declaration]
ret = waitpid (pid, NULL, 0);
^
dns-manager/nm-dns-manager.c:271:14: warning: unused variable 'tmp' [-Wunused-variable]
char *str, *tmp;
^
dns-manager/nm-dns-manager.c:329:13: warning: 'ret' may be used uninitialized in this function [-Wmaybe-uninitialized]
return ret > 0;
^
Fixes the following error in nm-dns-manager.c with NETCONFIG_PATH set:
dns-manager/nm-dns-manager.c:320:4: error: too many arguments to function 'g_set_error_literal'
g_set_error_literal (error,
If we detect a LL address and this not decide to readd it, don't stop at
ip-config; progress to ip-check.
Fixes: 396dc2b3b4
(cherry picked from commit dc1928a0d0)
If the child dies, or something kills the child externally, refresh
DNS which should respawn the child, similar to what we do with
wpa_supplicant, teamd, etc.
https://bugzilla.gnome.org/show_bug.cgi?id=728342
NM was killing the dnsmasq local caching nameserver process and immediately
starting a new one, and new process couldn't bind to 127.0.0.1 because the
old one hadn't quit yet. Thus the new process quit, and the user was
left with no split DNS at all.
While this does introduce more synchronous waiting into the connection
process, it's not that much time and NM will kill dnsmasq if it hasn't
quit after 1 second. The longer-term fix is to use dnsmasq's D-Bus
interface to update DNS without respawning it.
https://bugzilla.gnome.org/show_bug.cgi?id=728342https://bugzilla.redhat.com/show_bug.cgi?id=1161232
Some devices (s390 and ipvlan) use the same MAC address for
different interfaces, but dev_id differentiates them. So we
must use dev_id to avoid IID conflicts.
https://bugzilla.redhat.com/show_bug.cgi?id=1101809
Some device types (s390 OSA and ipvlan) can use the same link-layer address
for multiple virtual interfaces, and the kernel used the dev_id property
to differentiate these devices when constructing the IID. NM should do
this too to prevent IID clashes.
https://bugzilla.redhat.com/show_bug.cgi?id=1101809
The sort order of nm_setting_enumerate_values() affects the
order in which keyfile writer serializes the properties.
Have a defined, stable sort order by sorting the properties
by name (with prefering id,uuid,type for NMSettingConnection).
(cherry picked from commit 58f08c8c9c)
nm_connection_for_each_setting_value() is used by keyfile writer to iterate
over the settings and write the keyfile entires. The order there is important
as g_key_file_to_data() prints the groups in the order they were created.
To have a stable order and to have the [connection] entry first, sort the
settings.
(cherry picked from commit e50fbe466b)
libnm-core treated the UNKNOWN WEP key type as KEY. Relax that
and try to guess the correct type based on the key.
This is for example important if you have a valid connection with
wep-key-type=0 (unknown)
If you request passwords for such a connection, the user cannot
enter them in password format -- but there is no UI indication
that the password must be KEY.
(cherry picked from commit 628f47285d)
We must never fail verification of a connection based on a password
because the password is re-requested during activation.
Otherwise, if the user enters an invalid password for a (previously)
valid connection, the connection becomes invalid. NetworkManager does
not expect or handle that requesting password can make a connection
invalid.
Invalid passwords should be treated as wrong passwords. Only a UI
(such as nm-connection-editor or nmcli) should validate passwords
against a certain scheme.
Note that there is need_secrets() which on the contrary must check for
valid passwords.
Error scenario:
Connect to a WEP Wi-Fi, via `nmcli device wifi connect SSID`. The
generated connection has wep-key-type=0 (UNKNOWN) and wep-key-flags=0.
When trying to connect, NM will ask for secrets and set the wep-key0
field. After that, verification can fail (e.g. if the password is longer
then 64 chars).
(cherry picked from commit dbbedce21f)
Some refactoring of the main() functions for NetworkManager and
nm-iface-helper. Most notably, start the D-Bus service earlier so
that NetworkManager starts faster.
https://bugzilla.gnome.org/show_bug.cgi?id=746254
(cherry picked from commit 6ce7b7df96)
systemd considers the startup time of NetworkManager until the D-Bus
service is claimed. By doing that earlier, this time is significantly
reduced.
This has the advantage, that services that are ordered to start
after NetworkManager can start earlier. Most notably, 'network.target'
orders itself After=NetworkManager.service and many services are ordered
After=network.target.
$ systemd-analyze blame | grep NetworkManager.service
(cherry picked from commit 21562052ec)
Conflicts:
src/main.c
Create the rundir earlier and before setting up nm-logging.
nm_main_utils_ensure_rundir() errors out with fprintf(stderr)
and does not need nm-logging.
(cherry picked from commit 49cfe64874)
With this change, `NetworkManager --help` and `NetworkManager --version`
work for non-root user.
(cherry picked from commit 95786a4e4e)
Conflicts:
src/main-utils.c
src/main-utils.h
g_type_init() is independent of all NetworkManager
functionality. Just get it done early on.
(cherry picked from commit 0587dbe96c)
Conflicts:
src/nm-iface-helper.c
And rename the function to nm_main_utils_ensure_not_running_pidfile()
to match the other _ensure_ functions that exit(1).
Also no longer pass @name to nm_main_utils_ensure_not_running_pidfile()
and use g_get_prgname() instead.
nm_main_utils_ensure_not_running_pidfile() checks that the running
process has the same program name, so this changes behavior if the
user renamed the binary. Before, we would check whether the running
process is named 'NetworkManager' ('nm-iface-helper'). Now we check
whether the process has the same name as the current process.
This means, that if you rename the binary to 'NetworkManager2' we
would now only detect a conflicting 'NetworkManager2'. Before we would
only detect conflicting 'NetworkManager' binaries.
(cherry picked from commit 12ad2c7fe7)
Move call to nm_main_utils_early_setup() to a separate function.
Also move the @options array away from the main function, saving
a few bytes on the stack.
Now only do_early_setup() modifies the @global_opt structure.
(cherry picked from commit 5775df9a6d)
(cherry picked from commit 8e58fc7425)
Conflicts:
src/main.c
src/nm-iface-helper.c
Move the variables to a static struct so that we can factor
out some of the initialization code.
Also it's nice to have all options placed together in one struct so
that is is obvious which static variables are part of the command line
options, and which have other use.
(cherry picked from commit 1fc5aba42a)
Conflicts:
src/nm-iface-helper.c
Configuration commit is an unsafe thing to do for assumed connections,
it can remove an externally added address we don't know about yet.
The device already has a link-local address; for an assumed connection
it's the reason we assumed the method=link-local in the first place.
(cherry picked from commit 396dc2b3b4)
