Preventing the activation of unavailable devices for all device types is
too aggresive and leads to race conditions, e.g when a non-virtual bond
port gets a carrier, preventing the device to be a good candidate for
the connection.
Instead, enforce this check only on OVS interfaces as NetworkManager
just makes sure that ovsdb->ready is set to TRUE.
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2139
Fixes: 774badb151 ('core: prevent the activation of unavailable devices')
(cherry picked from commit a1c05d2ce6)
(cherry picked from commit b8ef2a551e)
(cherry picked from commit 8b39a79621)
When calling activate_port_or_children_connections() we are unblocking
the ports and children but we are not resetting the number of retries if
it is an internal activation.
This is wrong as even if it's an internal activation the number of
retries should be reset. It won't interferfe with other blocking reasons
like USER_REQUESTED or MISSING_SECRETS.
(cherry picked from commit 7acc66699a)
(cherry picked from commit 2daeef668d)
(cherry picked from commit 52ed8567e2)
When autoconnecting ports of a controller, we look for all candidate
(device,connection) tuples through the following call trace:
-> autoconnect_ports()
-> find_ports()
-> nm_manager_get_best_device_for_connection()
-> nm_device_check_connection_available()
-> _nm_device_check_connection_available()
The last function checks that a specific device is available to be
activated with the given connection. For virtual devices, it only
checks that the device is compatible with the connection based on the
device type and characteristics, without considering any live network
information.
For OVS interfaces, this doesn't work as expected. During startup, NM
performs a cleanup of the ovsdb to remove entries that were previously
added by NM. When the cleanup is terminated, NMOvsdb sets the "ready"
flag and is ready to start the activation of new OVS interfaces. With
the current mechanism, it is possible that a OVS-interface connection
gets activated via the autoconnect-ports mechanism without checking
the "ready" flag.
Fix that by also checking that the device is available for activation.
(cherry picked from commit 774badb151)
(cherry picked from commit f459c7fecc)
Rename "unavailable_devices" to "exclude_devices", as the
"unavailable" term has a specific, different meaning in NetworkManager
(i.e. the device is in the UNAVAILABLE state). Also, use
nm_g_hash_table_contains() when needed.
(cherry picked from commit 6c1eb99d32)
(cherry picked from commit da866c4cda)
Old branches tend to be formatted with a different versions of
clang-format, so when patches are backported, they introduce some
differences in formatting, making the check-tree job to fail.
These changes in formatting are normally small, and we don't pay much
attention to them, causing that the pipelines are always red, increasing
the work required to check if there are important failures or not.
Make check-tree optional for branches other than main. This way,
failures will be shown as a "warning", and if a pipeline only shows a
warning we don't need to inspect it.
(cherry picked from commit 9e47c9bc6a)
(cherry picked from commit b497ce4372)
Previously, NM create direct route to gateway to main(254) route table
regardless `ipvx.route-table` value.
Fixed by setting `NMPlatformIP4Route.table_any` to `TRUE`.
Resolves: https://issues.redhat.com/browse/RHEL-69901
Signed-off-by: Gris Ge <fge@redhat.com>
(cherry picked from commit 6d06286f1d)
(cherry picked from commit 29f23d3519)
ci-templates only supported alpine:latest, but support for any other
version has been introduced. Use it so our Alpine pipelines stop
failing.
(cherry picked from commit 9354fabaa8)
(cherry picked from commit 2035048449)
Add chains and rules to steer the IGMP reports to the primary member
port. This rules are adapted from the script provided by Eric Garver.
https://gitlab.com/egarver/virtual-networking/-/blob/master/mlag.sh
Fixes: e9268e3924 ('firewall: add mlag firewall utils for multi chassis link aggregation (MLAG) for bonding-slb')
(cherry picked from commit c691dd7ecf)
(cherry picked from commit b9a733d00b)
RFC 4191 section-3.1 says:
When processing a Router Advertisement, a type C host first updates a
::/0 route based on the Router Lifetime and Default Router Preference
in the Router Advertisement message header. [...] The Router Preference
and Lifetime values in a ::/0 Route Information Option override the
preference and lifetime values in the Router Advertisement header.
Fix the RA parsing so that the parameters from a default route option
are applied to the gateway.
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1666https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2072
Fixes: c3a4656a68 ('rdisc: libndp implementation')
(cherry picked from commit 6c18fda519)
(cherry picked from commit d775c3d256)
The tracking of variable "has_intern" in intern_config_read() is
wrong: we set it when adding any entry to the keyfile, but then we
remove the global DNS section without updating the variable.
The effect is that the function might return an empty keyfile instead
of NULL.
Fix this by moving the check on global DNS above.
Fixes: 55c204b9a3 ('core: add support for reading global DNS configuration from keyfile')
(cherry picked from commit 07113dde30)
(cherry picked from commit 0a1b642a2d)
We always sync routes in the main table, but routes in tables other
than main are only pruned if were added by NM, by default. Get the list
of routes to prune from other tables using obj_state->os_nm_configured,
as this tracks what routes were effectively added by NM.
The list should be the same that the one obtained from l3cfg_old. It
could be different if we commited the l3cfg with an NMIPRouteTableSyncMode
of NM_IP_ROUTE_TABLE_SYNC_MODE_MAIN, thus not deleting some routes at
commit time. However, since the previous commit, we never do it.
What all this shows is that starting to use different NMIPRouteTableSyncModes
is probably a bad idea: it will be a source of bugs of routes not being
always synced as users expect, and the use case for them is still to be
known.
(cherry picked from commit c06d130c38)
(cherry picked from commit f59a26b1b1)
By default, on reapply we were only syncing the main routes table. This
causes that routes added by NM to other tables are not removed on
reapply. This was done to preserve routes added externally, but routes
added by NM itself should be removed.
Add a new route table syncing mode "main + NM routes". This mode
maintains the normal behaviour of syncing completely the main table,
and for other tables removes only routes that were added by us, leaving
the rest untouched. Use this mode by default, as this is what a user
would expect on reapply.
Note: this might not work if NM is restarted between the profile being
modified and the reapply, because NM forgets what routes were added by
itself because of the restart. This is a rare corner case, though.
Use the D-Bus property "VersionInfo" to expose a capability flag
indicating that this bug is fixed. It is the first capability that we
expose in this way. However, it is convenient to do it this way as it's
something that clients like nmstate needs to know, so they can decide
whether a conn down is needed or not. It is not enough to decide that by
version number because it might be fixed via a downstream patch in distros
like RHEL.
https://issues.redhat.com/browse/RHEL-67324https://issues.redhat.com/browse/RHEL-66262
Fixes: e9c17fcc9b ('l3cfg: default to 'main' route table sync mode')
(cherry picked from commit e330eb9c4a)
(cherry picked from commit 7f6e84b26e)
The difference between FULL and ALL was not obvious without reading the
documentation. Moreover, a new mode is going to be introduced so the
confusion could grow. Rename to a more explicit name.
(cherry picked from commit e1840ad5fb)
(cherry picked from commit 9682c81ea6)
Remove the `+ 31u` that was making that it would search for bit 1 at
array's element 1, instead of element 0. Fixed comparison >len that
shoudl be >=len. Fix a few typos.
Fixes: bc6098d441 ('libnm: add internal nmc_client_has_{version_info_v,version_info_capability,capability}() helper')
(cherry picked from commit 5a65170b49)
(cherry picked from commit a53349fa9c)
When a bond in balance-slb is created, the ports are enabled or disabled
based on carrier and link state. If the link/carrier goes down, the port
becomes disabled and we must make sure the MAC tables of the switches
are updated properly so the traffic is redirected.
In order to solve this, we send a GARP or RARP broadcast packet on the
bond. This fix cover 3 different balance-slb scenarios.
Scenario 1: The bond in balance-slb mode has IPv4 address configured and
some ports connected. Here the bond is acting like active-backup as the
packets will always have as source MAC the address of the bond
interface. When a port goes down, NetworkManager will send a GARP
broadcast announcing the address configured on the bond with the MAC
address configured on the port.
Scenario 2: The bond in balance-slb mode is connected to a bridge and has
some ports connected. The bridge has IPv4 configured. When a port goes
down, NetworkManager will send a GARP broadcast announcing the address
configured on the bridge with the MAC address configured on the port.
Scenario 3: The bond in balance-slb mode is connected to a bridge and
has some ports connected. The bridge does not have IP configuration and
therefore everything is L2. When a port goes down, NetworkManager will
query the FDB table and filter the entries by the ones belonging to the
bridge and the bond ifindexes. Then, it will send a RARP broadcast
announcing every learned MAC address from FDB.
Fixes: e9268e3924 ('firewall: add mlag firewall utils for multi chassis link aggregation (MLAG) for bonding-slb')
(cherry picked from commit 3f2f922dd9)
(cherry picked from commit e9e1768c37)
The function introduced queries the FDB table via netlink socket. It
accepts a list of ifindexes to filter out the FDB content not related to
it. It returns an array of MAC addresses.
To cltarify this function is unusually exposed directly on
nm-linux-platform.h as we don't want this be part of the whole
NMPlatform object or cache. This, is an exception to the rule to
simplify the integration of this functionality on NetworkManager.
In addition, it also doesn't use the async mechanism that is widely used
on netlink communication across nm-linux-platform. Again, the reason is
to simplify its use, as async communication won't provide a benefit to
the use cases we have planned for this, i.e balance-slb RARP announcing.
(cherry picked from commit 00f47efcb2)
(cherry picked from commit 8af7493627)
Add a hash generation helper for NMEtherAddr struct. This can be used
for HashTables containing pointers to NMEtherAddr structs.
(cherry picked from commit a63eec924c)
(cherry picked from commit 6371802087)
This function would be useful when performing operations related to the
IPv4 addresses configured on the l3cfg. E.g this function will be used
for getting the IPv4 to announce on a GARP on bonding-slb when one of
the ports failover.
(cherry picked from commit 69f3493670)
(cherry picked from commit bfe2047acc)
The regex for "Fixes" also matches with "Ignore-Fixes", so the commit is
added twice and then removed only once by the "Ignore-Fixes". It still
remains once in the list of commits to backport, making that
"Ignore-Fixes" does not work. Fix it.
Now we are using scheduled pipelines for various purposes like
regenerating the container images and triage the issues and MRs. That
means that the last pipeline ran for main might not be the pipeline with
the jobs building and testing the code.
Use `source=push` to retrieve only pipelines that are not scheduled.
