Example:
before:
$ nmcli c add type gsm con-nameX aaa ifname fsd
Error: 'ifname' argument is required.
now:
$ nmcli c add type gsm con-nameX aaa ifname fsd
Error: mandatory 'ifname' not seen before 'con-nameX'.
It does more than intended; apart from denying messages to that particular
interface it also denies all messages non-qualified with an interface globally.
From the dbus-daemon manual:
Be careful with send_interface/receive_interface, because the
interface field in messages is optional. In particular, do NOT
specify <deny send_interface="org.foo.Bar"/>! This will cause
no-interface messages to be blocked for all services, which is almost
certainly not what you intended. Always use rules of the form: <deny
send_interface="org.foo.Bar" send_destination="org.foo.Service"/>
We can just safely remove those rules, since we're sufficiently protected
by the send_destination matches and method calls are disallowed by default
anyway.
We changed the default value of MSettingVlan:flags from 0 to
1 (NM_VLAN_FLAG_REORDER_HEADERS). That means, that old libnm
clients will not serialize 0 (their default).
This change broke the D-Bus API. The D-Bus API allows to omit a value
when meaning the default value. That means, we cannot change the
default value (in the D-Bus API!) without breaking previous assumptions.
A newer libnm version should treat a missing flags argument as the
old default value and thus preserve the original default value (in the
D-Bus API).
This has the downside that for the future we will continue to treat a missing
value as the old default value (0), and in order to get the new default
value (1), the client must explicitly set the flags.
We also must restore the original default value in libnm-glib.
libnm-glib does not support _nm_setting_class_override_property()
and thus it must keep thinking that the default value for the GObject
property continues to be 0. Otherwise, it would not serialize a 1, which
a new libnm would now interpret as 0.
https://bugzilla.redhat.com/show_bug.cgi?id=1250225
Fixes: 687b651598
We changed the default value for the NMSettingVlan:flags from 0 to
1 (NM_VLAN_FLAG_REORDER_HEADERS). That means, we will no longer serialize
a value of 1 over D-Bus.
This breaks older libnm clients, which treat a missing flags property as
the old default (0).
-- old clients here means: clients that still use an older version of libnm
or clients that don't use libnm, but depend on the previous default value
in the D-Bus API.
Enforce to always serialize the flags properties. This workaround has almost
no downsides except that for new clients we serialize more then absolutely
necessary.
But it ensures that old clients still receive the proper value.
https://bugzilla.redhat.com/show_bug.cgi?id=1250225
Fixes: 687b651598
For an explicit user-request, we relax some checks when searching for a suitable
device; such as requiring-carrier.
Without this patch, a connection-up while the device has no carrier yet,
would fail right away with "No suitable device found for this connection."
https://bugzilla.redhat.com/show_bug.cgi?id=1079353
Fixes: 0bfe635119
GLib introspection requires all types returned by public functions to
be GObjects, basic types or boxed types in order to correctly manage
resources. NMLldpNeighbor was a plain struct and GI complained with:
Warning: NM: nm_lldp_neighbor_new: return value: Invalid non-constant return of bare structure or union; register as boxed type or (skip)
To fix this define NMLldpNeighbor as a boxed type.
Fixes: d3d2b49400
Initscripts do:
oldifs=$IFS;
IFS=';';
[ -n "${ETHTOOL_DELAY}" ] && /bin/usleep ${ETHTOOL_DELAY}
for opts in $ETHTOOL_OPTS ; do
IFS=$oldifs;
if [[ "${opts}" =~ [[:space:]]*- ]]; then
/sbin/ethtool $opts
else
/sbin/ethtool -s ${REALDEVICE} $opts
fi
IFS=';';
done
IFS=$oldifs;
thus, we want to split on ';', otherwise we parse
"wol d;something else"
wrong.
Also, g_strsplit_set() returns multiple empty tokens. So
we must skip over empty tokens in case of "wol d".
The @use_password was wrong, because we would warn if sopass is specified
before wol:
"sopass AA:BB:CC:DD:EE:FF wol g"
More resilently handle wrong configurations:
"wol pu wol m" => gives m.
"wol pu wol" => should give NONE and warn (instead of "pu").
Also accept tab as separator.
Add a new 'ignore' option to NMSettingWired.wake-on-lan which disables
management of wake-on-lan by NetworkManager (i.e. the pre-existing
option will not be touched). Also, change the default behavior to be
'ignore' instead of 'disabled'.
https://bugzilla.gnome.org/show_bug.cgi?id=755182
When a VLAN connection was added with command:
nmcli c add type vlan ifname v10 id 10 dev 00:11:22:33:44:55
nmcli tried to assign a byte-array value to the ethernet.mac-address
string property, resulting in a invalid connection which failed to
verify. Fix this and set the value as plain string.
Also do a major cleanup of the tests:
- Have utility functions in "test-common.h" with a new prefix "nmtstp_".
The prefix indicates that these are test functions for platform.
- Add functions to add/remove IP addresses that either use external
iproute2 command or platform function itself. These commands also
assert whether the command had the expected result.
- Randomize, whether we use the external command for adding
ip-addresses. Both approaches should yield the same result
for linux-platform.
I did this now for address-tests, but effectively this doubled
all our previous tests to use both internal and external ways
to configure the address.
- Enable all address tests for fake-platform. They now
automatically don't call external iproute2 but fallback
to fake-platform implementation. This adds more coverage
to the fake-platform, which we want to behave identical
to linux-platform.
- Setup a clean test device before every address-test.
Kernel allows to add the same IPv4 address that only differs by
peer-address (IFL_ADDRESS):
$ ip link add dummy type dummy
$ ip address add 1.1.1.1 peer 1.1.1.3/24 dev dummy
$ ip address add 1.1.1.1 peer 1.1.1.4/24 dev dummy
RTNETLINK answers: File exists
$ ip address add 1.1.1.1 peer 1.1.2.3/24 dev dummy
$ ip address show dev dummy
2: dummy@NONE: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default
link/ether 52:58:a7:1e:e8:93 brd ff:ff:ff:ff:ff:ff
inet 1.1.1.1 peer 1.1.1.3/24 scope global dummy
valid_lft forever preferred_lft forever
inet 1.1.1.1 peer 1.1.2.3/24 scope global dummy
valid_lft forever preferred_lft forever
We must also consider peer-address, otherwise platform will treat
two different addresses as one and the same.
https://bugzilla.gnome.org/show_bug.cgi?id=756356
Also change the semantic of nm_ip6_config_address_exists()
to ignore the prefix length. It seems more correct this way,
but as there are no users of the function it doesn't actually
matter.
Kernel treats IPv4 addresses with different netmask/prefix-length as
different addresses.
It is wrong to merge them together in nm_ip4_config_add_address().
For IPv6 addresses that is not the case and you cannot configure
two IPv6 addresses that only differ by plen (on the same interface).
The peer-address seems less important then the prefix-length.
Also, nm_platform_ip4_address_delete() has the peer-address
argument as last.
Soon ip4_address_get() also receives a peer-address argument,
so get the order right first.
A separate instance of the support plugin is spawned for each connection with
a different bus name. The bus name is passed via --bus-name <name> argument.
Plugins that support the feature indicate it with
support-multiple-connections=true key in the [VPN Connection] section.
The bus name is currently generated by adding a .<connection.uuid> to the VPN
service name. It's guarranteed unique, but if it proves to be too long or ugly
it can easily be replaced with something more meaningful (such as the same number
as is used for connection's DBus name).
NMVpnService has been removed and folded into NMVpnConnection. A
NMVpnConnection will spawn a service plugin instance whenever it is activated
and notices the bus name it needs is not provided.
The NMVpnManager no longer needs to keep track of the connections in use apart
for compatibility purposes with plugins that don't support the feature.
