Add a parameter to the 'link_add()' virtual function so that
the MTU will be configured (via netlink) by the kernel when
creating the link.
https://bugzilla.redhat.com/show_bug.cgi?id=1778590
Signed-off-by: Antonio Cardace <acardace@redhat.com>
(cherry picked from commit ba2ee46254)
For hidden networks, we usually don't have an SSID. We try to match
and fill the SSID based on the profiles that we have:
<debug> [1603798852.9918] device[6b383dca267b6878] (wlp2s0): matched hidden AP AA:BB:CC:DD:EE:FF => "SSID"
However, we should not clear that value again on the next update:
<trace> [1603798856.5724] sup-iface[66c1a0883a262394,0,wlp2s0]: BSS /fi/w1/wpa_supplicant1/Interfaces/0/BSSs/3 updated
<debug> [1603798856.5726] device[6b383dca267b6878] (wlp2s0): wifi-ap: updated AA:BB:CC:DD:EE:FF (none)
Once we have a SSID, we can only update it to a better value,
but not clear it.
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/438
Fixes: b83f07916a ('supplicant: large rework of wpa_supplicant handling')
(cherry picked from commit eb36380335)
On Fedora 33 when compiling NetworkManager it is failing with the
following error:
```
ERROR: files left in build directory after distclean:
./docs/libnm/libnm.actions
make[1]: *** [Makefile:18427: distcleancheck] Error 1
make[1]: Leaving directory '/builddir/nm-build/NetworkManager/NetworkManager-1.27.90/_build/sub'
make: *** [Makefile:18356: distcheck] Error 1
Error make distcheck
```
Adding the file to the DISTCLEANFILES will enforce the removal of this
file.
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/659
(cherry picked from commit 9a935e516e)
This results in the args of 'nm_utils_user_data_unpack'
containing random data potentially also from the
previous stack-frame which is really really bad.
Signed-off-by: Antonio Cardace <acardace@redhat.com>
Fixes: b50702775f ('device: implement auth-request as async operation nm_manager_device_auth_request()')
(cherry picked from commit b6a18e0593)
We sometimes store pointers to `CRBTree` in `CRBNode*` variables, so we
must make sure CRBTree has matching alignment guarantees. We already
check for that with static-assertions.
This commit aligns CRBTree with CRBNode for 2-byte aligned machines.
While at it, add a short comment explaining what the unions are for.
Signed-off-by: David Rheinsberg <david.rheinsberg@gmail.com>
c795b7657f
(cherry picked from commit 1250fcc2b1)
On m68k, 32bit integer are aligned to only 2 bytes. This breaks
assumptions and a static assertion of c-rbtree.
Explicitly require that the first field is aligned to at least 4 bytes.
This fixes the build and ensures that all valid pointers to a CRBTree have
the lowest two bits unset (so they can be used for storing 2 additional flags).
Use a union instead of aligning __parent_and_flags itself. That is
because alignas() cannot lower the natural alignment, so if we would
want to align __parent_and_flags, we could only do
alignas(sizeof(unsigned long) > 4 ? sizeof(unsigned long) : 4)
That would not be correct if "long" is 8 bytes long but had a natural
alignment of only 4. The union allows us to specify an alignment
of at least 4, but otherwise follow natural alignment.
10d973a9e6
(cherry picked from commit 143130066b)
Change the default DNS priority of VPNs to -50, to avoid leaking
queries out of full-tunnel VPNs.
This is a change in behavior. In particular:
- when using dns=default (i.e. no split-dns) before this patch both
VPN and the local name server were added (in this order) to
resolv.conf; the result was that depending on resolv.conf options
and resolver implementation, the name servers were tried in a
certain manner which does not prevent DNS leaks.
With this change, only the VPN name server is added to resolv.conf.
- When using a split-dns plugin (systemd-resolved or dnsmasq), before
this patch the full-tunnel VPN would get all queries except those
ending in a local domain, that would instead be directed to the
local server.
After this patch, the VPN gets all queries.
To revert to the old behavior, set the DNS priority to 50 in the
connection profile.
(cherry picked from commit af13081bec)
If a VPN has never-default=no but doesn't get a default route (this
can happen for example when the server pushes routes with
openconnect), and there are no search domains, then the name servers
pushed by the server would be unused. It is preferable in this case to
use the VPN DNS server for all queries.
https://bugzilla.redhat.com/show_bug.cgi?id=1863041
(cherry picked from commit cefd5ee322)
With "connection.multi-connect", a profile can be activated multiple
times on a device with `nmcli connection show`. Also, a profile may be
in the process of deactivating on one device, while activating on
another one. So, in general it's possible that `nmcli connection show`
lists the same profile on multiple lines (reflecting their multiple
activation states).
If the user requests no fields that are part of the activation state,
then the active connections are ignored. For example with `nmcli
-f UUID,NAME connection show`. In that case, each profile is listed only
once.
On the other hand, with `nmcli -g UUID,NAME,DEVICE connection show` the
user again requested also to see the activation state, and a profile can
appear multiple times.
To handle that, we need to consider which fields were requested.
There was a bug where the "ACTIVE" field was not treated as part of the
activation state. That results in `nmcli -f UUID,NAME,ACTIVE connection
show` always returning "no". Fix that.
Fixes: a1b25a47b0 ('cli: rework printing of `nmcli connection` for multiple active connections')
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/547https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/642
(cherry picked from commit 4eb3b5b9dd)
There are some Debian-supported architectures where `max_align_t` is
only aligned to 4-bytes. This is unfortunate and breaks our assumptions.
While glibc-malloc still guarantees 8 / 16 bytes alignment, this is not
necessarily guaranteed by the C standard (and alternative allocators
will deviate (see jemalloc, for instance)).
Fortunately, we only need 2 flags, so a 4-byte alignment is more than
enough.
Reported-by: Thomas Haller
Signed-off-by: David Rheinsberg <david.rheinsberg@gmail.com>
https://github.com/c-util/c-rbtree/pull/4
(cherry picked from commit 1554936e33)
GDBusObjectManagerClient's interface-added and interface-removed signals
are not emitted when the new interfaces are added to a completely new
object or the removal results in the object disappearing. In other
words one interface is never reported both through interface-added and
object-added (or -removed) signals. This kind of makes sense but isn't
documented explicitly so interface-added seemed to correspond to DBus
InterfacesAdded signals which it doesn't.
We need to watch for both kinds of signals and although most things
work without us receiving the signals at all, it causes some race
conditions. For example on hotplug, devices wouldn't transition to
"disconnected" if a device was discovered by NMManager before it
appeared on IWD's dbus interface because that scenario relied on the
dbus signal.
(cherry picked from commit 1c1f4a3b40)
The automatic scanning every 20 seconds while connected has been
annoying users because of the extra connection latency, drop it. The
UIs are supposed to be requesting scans whenever an AP list update is
needed (?).
(cherry picked from commit c2c68ce169)
Fix a crash on device unplugging caused by keeping our signal handlers
for GDBusProxies connected after a call to dispose(). Do this by
replacing most cleanup steps by a nm_device_iwd_set_dbus_object(self, NULL)
call which is more meticulous.
(cherry picked from commit d2b0c5af63)
Despite `set -e`, the shell script does not fail if the command in the
here document fails. This can happen if binutils' "nm" fails.
NM=/bin/false "./tools/create-exports-NetworkManager.sh" --called-from-build "."
(cherry picked from commit 7fe76f54e3)
Building against older libc/kernel headers can fail, because our glue
code for systemd has issues. Fix them by forward declaring "struct
statx" and by disabling parts of "socket-util.c".
(cherry picked from commit b7e08f685d)
The documentation of g_alloca()/alloca() isn't clear about what
happens when asking for zero bytes. Make it clear, by always returning
NULL.
Also, add a static assertion that @alloca_maxlen is a well-defined
positive integer.
As one of the arguments in unsigned, the calculation is performed as
unsigned integers. That can actually lead to the wrong result. Fix it by
casting to the right (signed) types.
