Having leaks in the tests, breaks running the test under valgrind. There
must be no leaks.
Fixes: c056cb9306 ('initrd: parse 'rd.net.dhcp.vendor-class' kernel cmdline arg')
(cherry picked from commit bff23d15d4)
When a virtual device fails, its state goes to FAIL and then
DISCONNECTED. In DISCONNECTED we call schedule_activate_check() to
schedule an auto-activation if needed. We also schudule the deletion
of the link through delete_on_deactivate_check_and_schedule(). The
auto-activation attempt fails because the link deletion unmanages the
device; as a result, the device doesn't try to auto-activate again.
To fix this:
- don't allow the device to auto-activate if the device deletion is
pending;
- check again if the device can be auto-activated after its deletion.
https://bugzilla.redhat.com/show_bug.cgi?id=1818697https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/613
(cherry picked from commit e404585e60)
Avoids a compiler warning:
../src/devices/nm-device.c:16079:26: error: cast to smaller integer type 'NMDeviceStateReason' from 'gpointer' (aka 'void *') [-Werror,-Wvoid-pointer-to-enum-cast]
deactivate_ready (self, (NMDeviceStateReason) reason);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fixes: 121c58f0c4 ('core: set number of SR-IOV VFs asynchronously')
(cherry picked from commit 918ebd600a)
We use a linker version script "NetworkManager.ver", to hide
symbols from NetworkManager that are not used. That is important
due to our habit of using internal helper libraries that we link
statically everywhere, without handpicking the symbols we actually
need. We want the tooling to get rid of unnecessary symbols.
However, NetworkManager loads shared libraries for settings and device
plugins. These libraries require symbols from the NetworkManager binary,
but which one depends on build options. Hence, we also generate
"NetworkManager.ver" by the "tools/create-exports-NetworkManager.sh"
script.
For that the script uses "nm" to find symbols that are undefined in the
plugin libraries but defined in NetworkManager. With autotools the
script looked at "./src/.libs/libNetworkManager.a" to find the present
symbols. Note that for meson that already didn't work, and we build
instead an intermediate NetworkManager binary first (with all symbols
exposed). With LTO, "nm" doesn't find all symbols in
"./src/.libs/libNetworkManager.a", and consequently they are not
exported and dropped/hidden.
This also causes unit tests to fail with LTO, because our test script
"tools/check-exports.sh" catches such bugs.
Fix that by also with autotools generate a complete "NetworkManager-all-sym"
binary that is used to generate "NetworkManager.ver", before rebuilding
"NetworkManager" again.
(cherry picked from commit c92a3ca5c2)
The matchfilecon API is deprecated for a very long time. Since selinux 3.1
the functions are also marked as deprecated in the header, which causes
compiler warnings and build failures.
Update the code to use selabel API instead.
(cherry picked from commit 173533c3b2)
Seems with LTO the compiler can sometimes think that thes variables are
uninitialized. Usually those code paths are only after an assertion was
hit (g_return*()), but we still need to workaround the warning.
(cherry picked from commit 70971d1141)
Currently, we would not mark non-unicast routes with their type, so they
would wrongly appear as unicast routes in the D-Bus API.
That is wrong. For now, just hide them.
Fixes: 5d0d13f570 ('platform: add support for local routes')
(cherry picked from commit 5035687a7b)
Imagine we wait for a device, the device appears and starts activating.
That might take a while (during which it has a pending action). In the
meantime, the "connection.wait-device-timeout" timeout expires.
Now we want to log a warning about profiles that don't have their
device upon timeout. However, that the device is still busy at that
point is irrelevant. Skip logging a message about those profiles.
Fixes: 3df662f534 ('settings: rework wait-device-timeout handling and consider device compatibility')
(cherry picked from commit d9568ca3ee)
Since commit 3df662f534 ('settings: rework wait-device-timeout
handling and consider device compatibility'), "connection.wait-device-timeout"
works with profiles in general and doesn't require an interface-name
set.
Remove that restriction and let initrd generator create profiles that
always wait.
(cherry picked from commit 52af5e901e)
The network-legacy dracut module waits for all ethernet devices if the
command line contains rd.neednet=1. It also waits for the device
specified by 'bootdev='.
Do the same.
https://bugzilla.redhat.com/show_bug.cgi?id=1853348
(cherry picked from commit f114e16fdd)
A profile can configure "connection.wait-device-timeout" to indicate
that startup complete is blocked until a suitable device around.
This is useful for NetworkManager-wait-online and initrd mode.
Previously, we looked at NMPlatform whether a link with matching
interface-name was present. That is wrong because it cannot handle
profiles that rely on "ethernet.mac-address" setting or other "match"
settings. Also, the mere presence of the link does not yet mean
that the NMDevice was created and ready. In fact, there is a race here:
NMPlatform indicates that the device is ready (unblocking NMSettings),
but there is no corresponding NMDevice yet which keeps NetworkManager
busy to block startup complete.
Rework this. Now, only check whether there is a compatible device for
the profile.
Since we wait for compatible devices, it works now not only for the
interface name. Note that we do some optimizations so that we don't have
to re-evaluate all profiles (w.r.t. all devices) whenever something on the
device changes: we only care about this when all devices finally become
ready.
Also, we no longer start the timeout for "connection.wait-device-timeout"
when the profile appears. Instead, there is one system-wide start time
(NMSettingsPrivate.startup_complete_start_timestamp_msec). That simplifies
code and makes sense: we start waiting when NetworkManager is starting, not
when the profile gets added. Also, we wait for all profiles to become
ready together.
(cherry picked from commit 3df662f534)
NMSettings needs access to the list of all devices, which is tracked
by NMManager. Of course, this ties NMSettings and NMManager closer
together. Note that NMManager already owns a reference to NMSettings,
so they are in fact related.
The alternatives of just letting NMSettings reference NMManager (and
vice versa) would be more complicated, and likely not help to simplify
the code (on the contrary).
(cherry picked from commit d27a6055b9)
Reapply now handles all the options supported by kernel and NM, meaning
that some options are simply not allowed to be set while keeping the
bond up, one of those options is the mode for instance.
https://bugzilla.redhat.com/show_bug.cgi?id=1847814
(cherry picked from commit 746dc119a6)
can_reapply_change() would wrongly return true for
unsupported reapply values because it used 'nm_setting_bond_get_option_default()'
that is ill-named because it returns the overriden option other than
its default value.
https://bugzilla.redhat.com/show_bug.cgi?id=1847814
Fixes: 9bd07336ef ('bond: bond options logic rework')
(cherry picked from commit 04d6ca1fb8)
There isn't any 'host-name' option for DHCPv6. Read instead the
'fqdn-fqdn' option that carries the FQDN assigned by the server to the
client.
(cherry picked from commit 1f74ea52f5)
The dhclient backend already exports all the option passed by
dhclient, including the FDQN. Export it also for the systemd backend.
(cherry picked from commit 1621a6ddb1)
Parse option 39 (Client Fully Qualified Domain Name, RFC 4704) from the DHCP
reply, which specifies the FQDN assigned by the server to the client.
c43eea9f2e
In this case, GetAll failed with "Timeout was reached". We still
create a dummy BSS info, because we kept track of the object to
start with. That way, we don't simply want to ignore the failure,
because NMDeviceWifi might track this NMWifiAP already, and we may
need an update (even if we failed to fetch the requested information).
However, that later leads to a crash, because NMDeviceWifi expect the BSSID
present then.
Avoid that, by don't processing such APs.
#0 g_logv (log_domain=0x7f2ac10a60a9 "NetworkManager", log_level=G_LOG_LEVEL_CRITICAL, format=<optimized out>, args=<optimized out>) at ../glib/gmessages.c:1377
#1 0x00007f2acf152233 in g_log
(log_domain=log_domain@entry=0x7f2ac10a60a9 "NetworkManager", log_level=log_level@entry=G_LOG_LEVEL_CRITICAL, format=format@entry=0x7f2acf1a46ff "%s: assertion '%s' failed")
at ../glib/gmessages.c:1415
#2 0x00007f2acf152a2d in g_return_if_fail_warning
(log_domain=log_domain@entry=0x7f2ac10a60a9 "NetworkManager", pretty_function=pretty_function@entry=0x7f2ac10a9e70 <__func__.50> "try_fill_ssid_for_hidden_ap", expression=expression@entry=0x7f2ac10a86d0 "bssid") at ../glib/gmessages.c:2771
#3 0x00007f2ac108a402 in try_fill_ssid_for_hidden_ap (ap=0x5569978b61c0 [NMWifiAP], self=0x55699786ea00 [NMDeviceWifi]) at src/devices/wifi/nm-device-wifi.c:1883
#4 supplicant_iface_bss_changed_cb (iface=0x556997777260 [NMSupplicantInterface], bss_info=0x7f2ab4028f00, is_present=1, self=0x55699786ea00 [NMDeviceWifi])
at src/devices/wifi/nm-device-wifi.c:1946
#5 0x00007f2ace246af0 in ffi_call_unix64 () at ../src/x86/unix64.S:76
#6 0x00007f2ace2462ab in ffi_call (cif=cif@entry=0x7ffd9c107c90, fn=fn@entry=0x7f2ac1089e80 <supplicant_iface_bss_changed_cb>, rvalue=<optimized out>, avalue=avalue@entry=0x7ffd9c107ba0)
at ../src/x86/ffi64.c:525
#7 0x00007f2acf23e87a in g_cclosure_marshal_generic_va
(closure=<optimized out>, return_value=<optimized out>, instance=<optimized out>, args_list=<optimized out>, marshal_data=<optimized out>, n_params=<optimized out>, param_types=<optimized out>) at ../gobject/gclosure.c:1614
#8 0x00007f2acf23dae6 in _g_closure_invoke_va
(closure=closure@entry=0x5569978a0cc0, return_value=return_value@entry=0x0, instance=instance@entry=0x556997777260, args=args@entry=0x7ffd9c107f00, n_params=2, param_types=0x55699775b990) at ../gobject/gclosure.c:873
#9 0x00007f2acf2566e9 in g_signal_emit_valist (instance=0x556997777260, signal_id=<optimized out>, detail=0, var_args=var_args@entry=0x7ffd9c107f00) at ../gobject/gsignal.c:3407
#10 0x00007f2acf256c63 in g_signal_emit (instance=instance@entry=0x556997777260, signal_id=<optimized out>, detail=detail@entry=0) at ../gobject/gsignal.c:3554
#11 0x00005569972ece61 in _bss_info_changed_emit (self=self@entry=0x556997777260 [NMSupplicantInterface], bss_info=bss_info@entry=0x7f2ab4028f00, is_present=is_present@entry=1)
at src/supplicant/nm-supplicant-interface.c:555
#12 0x00005569972ed3a0 in _bss_info_properties_changed (self=0x556997777260 [NMSupplicantInterface], bss_info=0x7f2ab4028f00, properties=<optimized out>, initial=<optimized out>)
at src/supplicant/nm-supplicant-interface.c:758
#13 0x00005569972f756b in _bss_info_get_all_cb (result=0x0, error=<optimized out>, user_data=0x7f2ab4028f00) at src/supplicant/nm-supplicant-interface.c:784
#14 0x0000556997217bc1 in _nm_dbus_connection_call_default_cb (source=0x5569977480c0 [GDBusConnection], res=<optimized out>, user_data=user_data@entry=0x556997855d50)
at shared/nm-glib-aux/nm-dbus-aux.c:74
#15 0x00007f2acf339e4a in g_task_return_now (task=task@entry=0x7f2ab4003f00 [GTask]) at ../gio/gtask.c:1214
#16 0x00007f2acf33aa3d in g_task_return (task=0x7f2ab4003f00 [GTask], type=<optimized out>) at ../gio/gtask.c:1283
#17 0x00007f2acf33b4fe in g_task_return (type=G_TASK_RETURN_ERROR, task=<optimized out>) at ../gio/gtask.c:1861
#18 g_task_return_error (task=<optimized out>, error=<optimized out>) at ../gio/gtask.c:1867
#19 0x0000556997893f40 in ()
#20 0x3a85d39adfae7f00 in ()
#21 0x00007f2ab4003cc0 in ()
#22 0x00007f2acf396460 in g_dbus_connection_call_done () at ../gio/gdbusconnection.c:2059
#23 0x00007f2ab4003f00 in ()
#24 0x0000000000000086 in ()
#25 0x0000000000000018 in ()
#26 0x00007f2acf339e4a in g_task_return_now (task=0x7f2ab4003f00 [GTask], task@entry=0x7f2ab4003cc0 [GTask]) at ../gio/gtask.c:1214
#27 0x00007f2acf33aa3d in g_task_return (task=0x7f2ab4003cc0 [GTask], type=<optimized out>) at ../gio/gtask.c:1283
#28 0x00007f2acf33b4fe in g_task_return (type=G_TASK_RETURN_ERROR, task=<optimized out>) at ../gio/gtask.c:1861
#29 g_task_return_error (task=<optimized out>, error=<optimized out>) at ../gio/gtask.c:1867
#30 0x0000003000000028 in ()
#31 0x00007ffd9c108290 in ()
Fixes: b83f07916a ('supplicant: large rework of wpa_supplicant handling')
(cherry picked from commit 4d878d7012)
The systemd DHCPv6 client requires a hardware address only to
determine the IAID; NM always overrides the IAID with its own and
therefore the hwaddr is not used.
Removing such requirement allows DHCPv6 to run over PPP, which is
useful with DHCPv6-PD to get a prefix from the ISP.
To test this, I set up a server with pppoe-server, radvd and the Wide
DHCPv6 server providing an address and a prefix. On the client, NM was
able to obtain a prefix using both dhcp=dhclient and dhcp=systemd.
Note that if there is no hardware address and you specify
ipv6.dhcp-duid=ll or ipv6.dhcp-iaid=mac, a warning will be emitted and
NM will use a random DUID/IAID.
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/478
(cherry picked from commit 76a6a30577)
If IPv6 is disabled, changing the IPv6 MTU fails and NM complains with
a warning. Since this error is expected and doesn't do any harm,
downgrade the logging level to DEBUG.
Since IPv6 kernel support can be built as a module, we have to check
the existence of /proc/sys/net/ipv6 every time. Instead of checking it
and then setting the MTU (adding one /proc access for everyone), just try
to set the MTU; in case of failure, determine the reason for the error.
https://bugzilla.redhat.com/show_bug.cgi?id=1840989https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/585
(cherry picked from commit 9c09dcedaf)
A connection that fails due to dependency-failed is not able to
reconnect until the master connection activates again; when this
happens, the master clears the blocked reason for all its slaves in
activate_slave_connections() and tries to reconnect them. For this to
work, the slave should be marked as blocked when it fails with
dependency-failed.
(cherry picked from commit 725fed01cf)
If the device state change (to disconnected or unmanaged) triggered by
a sleep event happens after the wake, the devices becomes wrongly
unmanaged and it's necessary to manually manage it again, or restart
NM.
During the wake event we should disconnect the device_sleep_cb()
callback for all devices because we don't want to react to state
changes anymore; in particular we don't need to detect when the device
becomes disconnected to unmanage it.
(cherry picked from commit fe2d93980b)
When NM fails to connect to teamd during an activation, it sets the
device state to FAILED. Eventually the device will become DISCONNECTED
and will call the ->deactivate() method that will perform the cleanup
of timers, teamd process and teamdctl instance.
However, in this way, when the device is DISCONNECTED timers are still
armed and can be triggered in the wrong state. Instead, perform the
cleanup immediately on failure.
https://bugzilla.redhat.com/show_bug.cgi?id=1856723
(cherry picked from commit 26e97fcd0d)
When using VRF devices we must pre-generate dependent local
routes in the VRF's table otherwise they will be incorrectly added
to the local table instead.
https://bugzilla.redhat.com/show_bug.cgi?id=1857133
Fixes: a199cd2a7d ('core: add dependent local routes configured by kernel')
(cherry picked from commit d342af1925)
Kernel will reject setting "active_slave", if the interface is not enslaved or not
up. We already handle that by setting the option whenever we enslave an interface.
However, we also must not set it initially, otherwise we get an ugly error log message:
NetworkManager[939]: <debug> [1594709143.7459] platform-linux: sysctl: setting net:/sys/class/net/bond99/bonding/active_slave to eth1 (current value is )
NetworkManager[939]: <error> [1594709143.7459] platform-linux: sysctl: failed to set bonding/active_slave to eth1: (22) Invalid argument
NetworkManager[939]: <warn> [1594709143.7460] device (bond99): failed to set bonding attribute active_slave to eth1
...
kernel: bond99: (slave eth1): Device is not bonding slave
kernel: bond99: option active_slave: invalid value (eth1)
See-also: https://bugzilla.redhat.com/show_bug.cgi?id=1856640https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/577
(cherry picked from commit f0a39b517e)
- the arp_ip_target option in the settings might not have normalized
IP addresses or duplicates. If there would be duplicates, setting
them twice would fail with EINVAL. Hence, first normalize them
and make them unique.
- if what we want to set is identical to what is already set, don't
do anything.
(cherry picked from commit 6a923a5d57)
Keep priv->sriov.pending set during the callback set so that it
becomes possible to insert a new operation from the callback itself.
(cherry picked from commit 74ccda8a71)
When dispose() is called, there can't be any pending operation because
they keep a reference to the device. Instead, there can be a a queued
operation not yet executed. Destroy it.
(cherry picked from commit 6fcb077a98)
The file doesn't exist for all interfaces that support SR-IOV. In
particular, netdevsim devices support SR-IOV but don't expose the
file.
(cherry picked from commit 63a932b851)
When a 'ip=auto6' option is passed to kernel, the old dracut network
module only sets accept_ra in kernel and wait for the address to
appear. Instead, with a 'ip=dhcp6' option it starts 'dhclient -6',
leaving accept_ra to the initial value (that is already 1). So
'ip=dhcp6' in practice does kernel IPv6 autoconf and DHCPv6 at the
same time, without honoring the 'Managed' flag of the router
advertisement.
It seems that the only reason to have distinct 'auto6' and 'dhcp6'
options was that network module did not support starting DHCPv6 only
when necessary based on the M flag of the RA; so the user had to
specify if DHCPv6 was needed or not.
Given that 1) NM is smarter and can start DHCPv6 only when needed by
RA; 2) DHCPv6 alone only gets a /128 address without a prefix route
and so it's not useful; then it makes sense to generate a connection
with 'ipv6.method=auto' for both 'ip=auto6' and 'ip=dhcp6'.
https://bugzilla.redhat.com/show_bug.cgi?id=1854323https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/571
(cherry picked from commit ca3d0a8f06)
Pre-generate routes in the local table that are configured
by kernel when an ip-address is assigned to an interface.
This helps NM taking into account routes that are not to be deleted
when a connection is reapplied (or deactivated) on an interface instead of only
ignoring (when pruning) IPv6 routes having metric 0 and routes belonging
to the local table having 'kernel' as proto.
https://bugzilla.redhat.com/show_bug.cgi?id=1821787
(cherry picked from commit 3e5fc04df3)
@routes are the list of routes we want to configure. This contains
routes from DHCP and manual routes in the profile. It also contains
externally present routes, including the metric=0 routes in the local
table.
Trying to add an IPv6 route with metric zero adds instead a route with
metric 1024.
Usually, we wouldn't do that, because that route was present externally,
so it possibly is still present (in the platform cache) during sync and
we skip the addition. However, there is a race where the external route
might just disappear and we'd add a route with metric 1024.
Avoid that.
(cherry picked from commit a83622f7d0)
NM will now sync all tables when a connection has specified
at least 1 local route in 'ipv[4|6].routes' to correctly
reconcile local routes when reapplying connections on a device.
If the connection has no local routes only the main table will be
taken into account preserving the previous NM's behaviour.
https://bugzilla.redhat.com/show_bug.cgi?id=1821787
(cherry picked from commit c5496f7372)
Pre-generate the device multicast route in the local table that are configured
by kernel when an ipv6-address is assigned to an interface.
This helps NM taking into account routes that are not to be deleted
when a connection is reapplied on an interface.
https://bugzilla.redhat.com/show_bug.cgi?id=1821787
(cherry picked from commit cd89026c5f)
