The test names are useful, for example to run only specific tests via
./test-keyfile -p "/keyfile/test_read_valid_wired_connection "
The trailing space in the test name however is unexpected. Remove it.
In our usage of glib logging, every g_critical()/g_return*()/g_warning()
is considered a bug. They must not occur in a regular program run,
so that we can run NetworkManager with G_DEBUG=fatal-warnings.
On the other hand, all nm_log() statements (even with severity <error>)
are valid conditions that can occur at runtime.
As a consequence, when nm-logging uses glib as backend, we must not use
G_LOG_LEVEL_WARNING level. Otherwise
$ /usr/sbin/NetworkManager --debug --g-fatal-warnings
will dump core on the message
"<warn> glib-version: cannot handle SIGUSR1 and SIGUSR2 signals. Consider upgrading glib to 2.36.0 or newer"
Thereby, downgrade the glib level for "<info>" to G_LOG_LEVEL_INFO.
Duplicated const specifiers are allowed by C99 and can easily
happen in macros. Also, systemd's interal code will use them.
Disable this warning, it doesn't seem useful.
During startup, when a link is detected (enp0s25 in the example below)
we try to create also virtual devices (ipip1) on it through
system_create_virtual_device(), however this realizes only devices for
connections which can autoactivate.
To support the assumption of child devices with autoconnect=no, we
should take in consideration in retry_connections_for_parent_device()
only connections for which the link does not exist, and let existing
links be handled by platform_link_added(), which also realizes them.
Reproducer:
$ nmcli c add type ip-tunnel ifname ipip1 con-name ipip1+ autoconnect no \
mode ipip remote 172.25.16.1 dev enp0s25 ip4 1.2.3.4/31
$ nmcli c up ipip1+
$ systemctl restart NetworkManager
Result:
* before: ipip1+ is not assumed, ipip1 is not present in 'nmcli d' output
* after: ipip1+ is assumed, ipip1 detected
str_if_set() was added to replace the non-standard gcc extension "?:".
However, "?:" is supported by clang as well and we already use it at
several places.
Also, str_if_set() did not follow our naming scheme and renaming to
nm_str_if_set() would be ugly. So just drop it.
We must export some symbols from NetworkManager binary so that
the device plugins can function. However, many symbols are truly
private and must not be exposed.
Especially, our internal clone of the systemd ABI must be hidden
to avoid resolution conflicts when loading any external systemd
libraries.
When a VPN connection is active and the parent device becomes
unmanaged (due to device removal or system entering sleep), all
configurations are removed from the interface and the device is taken
down. After that, the VPN is disconnected and tries to remove the old
VPN configuration from device, causing the following assertion to
fail:
_replace_vpn_config_in_list: assertion '!old' failed
Remove the assertion as @old can be missing for valid reasons.
Add a new NMPNetns class. This allows creation, deletion and
switching of network namespaces. The API only offers push/pop
operations to switch the namespace. This way the API enforces
the user to always restore the previous namespace.
A NMPlatform instance not only uses the netlink socket, but also
sysfs, udev, ethtool, mii. Still, a NMPlatform instance lives
entirely inside one namespace and is not spanning multiple namespaces.
To properly support network namespaces, the platform instance must
switch the namespace as necessary, transparent to the caller.
Udev is only supported in the main namespace.
For now, network namespaces are not actually used and are disabled
via the NM_PLATFORM_NETNS_SUPPORT argument.
https://bugzilla.gnome.org/show_bug.cgi?id=762408
Inside container, where we don't use udev we don't receive
any events from udev client. Thus the client only returns
devices when iterating it initially, but no events for newly
added devices that appear later.
Thus, inside containers we don't want to create a udev client
at all.
Most functions defined in "nm-platform-utils.h" perform a lookup
of link properties, for example via ethtool or sysfs. Those functions
depend on the system configuration, such as the current network namespace.
Move the simple helper functions away to "nm-core-internal.h", so that
all remaining functions from "nm-platform-utils.h" are really related to
somthing that interacts with the system/kernel.
Coverity complains rightly about "strncpy (dst, ifname, IFNAMSIZ)"
because it might leave @dst non-NULL-terminated, in case @ifname
is too long (which already would be a bug in the first place).
Replace the strcpy() uses by a new helper nm_utils_ifname_cpy()
that asserts against valid arguments.
IFNAMSIZ is 16 but strncpy doesn't ensure a NUL terminated string in
this case. Coverity rightly complains about it. Use g_strlcpy() instead.
Note that no valid ifname should be 16 characters long in the first
place.
Since 87a3df2e57 ("device: remove default-unmanaged and refactor
unmanaged flags") the device must properly report the IS_SOFTWARE
capability in order to be potentially activated.
When an ifcfg file doesn't specify the TYPE, ifup will
look for a script "ifup-${DEVICETYPE}", where DEVICETYPE
is determined as
[ -z "$DEVICETYPE" ] && DEVICETYPE=$(echo ${DEVICE} | sed "s/[0-9]*$//")
Avoid handling such files by checking that no such ifup script exists.
If a ifcfg file has no TYPE=sit, we would detect it as ethernet,
although the presence of IPV6TUNNELIPV4 indicates that it of type
"sit". Ignore such connections.
In commit 6dc35e66d4 ("settings: add hostnamed support") we started
to use systemd-hostnamed for setting the system static hostname
(i.e. the one written to /etc/hostname), but nm-policy.c still called
sethostname() to set the transient (dynamic) hostname when this needs
to be changed, for example after a reverse lookup of our dynamic IP
address.
Thus, when using systemd the hostname change failed because process'
capabilities are restricted and sethostname() requires CAP_SYS_ADMIN.
We should set also the transient hostname through hostnamed when this
is available.
https://bugzilla.redhat.com/show_bug.cgi?id=1308974
GError codes are only unique per domain, so logging the code without
also indicating the domain is not helpful. And anyway, if the error
messages are not distinctive enough to tell the whole story then we
should fix the error messages.
Based-on-patch-by: Dan Winship <danw@gnome.org>
Use g_error_matches() where we're testing error codes. In particular,
use it rather than looking at only ->code and not also ->domain, which
is just wrong.
[thaller@redhat.com: rebase and modify original patch]
Functions that take a GError** MUST fill it in on error. There is no
need to check whether error is NULL if the function it was passed to
had a failing return value.
Likewise, a proper GError must have a non-NULL message, so there's no
need to double-check that either.
Based-on-patch-by: Dan Winship <danw@gnome.org>
