Commit graph

41 commits

Author SHA1 Message Date
Thomas Haller
dc0ac73780
platform: add is-external flag to NMPlatformIPRoute
We will need to track whether a route is externally added or not.
We maybe could use rt_source for that, but instead add a boolean flag.
2021-07-21 09:54:58 +02:00
Thomas Haller
4e109bacab
clang-format: use "IndentPPDirectives:None" instead of "BeforeHash"
Subjectively, I think this looks better.
2021-07-09 08:49:06 +02:00
Thomas Haller
b433c21ae4
platform: fix releasing thead-local stack of NMPNetns instances
Fixes: 12df49f8ab ('platform: make NMPNetns thread-safe')
2021-07-05 14:51:27 +02:00
Beniamino Galvani
ff84a4736d libnm-platform: add NM_PLATFORM_MATCH_WITH_ADDRSTATE_DEPRECATED
Add a new flag to match deprecated addresses. An address is deprecated
when its preferred lifetime has expired but its valid lifetime has
not.

Address deprecation is one of the criteria for source address
selection in IPv6. For IPv4 the deprecation doesn't have any
real effect.

Note that this commit changes the behavior of
nm_ip_config_get_first_address(WITH_ADDRSTATE_NORMAL), since now
deprecated addresses are not returned. However this should not impact
existing callers since they either:

 - request a IPv6 (WITH_ADDRTYPE_LINKLOCAL | WITH_ADDRSTATE_NORMAL)
   address; IPv6 link-local addresses are supposed to have infinite
   lifetimes;

 or

 - request a IPv6 (WITH_ADDRTYPE_NORMAL | WITH_ADDRSTATE__ANY)
   address.
2021-06-21 10:08:27 +02:00
Beniamino Galvani
376c7f8315 libnm-platform: add nm_platform_ip_address_match()
Replace nm_platform_ip6_address_match() with a version generic for
IPv4 and IPv6.
2021-06-21 10:08:27 +02:00
Thomas Haller
025a3a60b4
platform: avoid wrong coverity warning in nmp_utils_sysctl_open_netdir()
The warning is wrong, because we already assert for the string length a few
lines earlier.

  Error: STRING_OVERFLOW (CWE-120): [#def595]
  NetworkManager-1.31.90/src/libnm-platform/nm-platform-utils.c:1896: fixed_size_dest: You might overrun the 16-character fixed-size string "ifname_buf_last_try" by copying "ifname" without checking the length.
  # 1894|           if (nm_streq(ifname, ifname_buf_last_try))
  # 1895|               return -1;
  # 1896|->         strcpy(ifname_buf_last_try, ifname);
  # 1897|
  # 1898|           fd_dir = open(sysdir, O_DIRECTORY | O_CLOEXEC);

(cherry picked from commit c87433ebd2)
2021-06-11 22:44:31 +02:00
Thomas Haller
5740ed67cb
platform/netlink: don't reallocate ancillary data for recvmsg() on truncation
Coverity thinks there is a problem here:

    Error: TAINTED_SCALAR (CWE-20): [#def233]
    NetworkManager-1.31.5/src/libnm-platform/nm-netlink.c:1437: tainted_argument: Calling function "recvmsg" taints argument "msg".
    NetworkManager-1.31.5/src/libnm-platform/nm-netlink.c:1458: tainted_data: Passing tainted expression "msg.msg_controllen" to "g_realloc", which uses it as an allocation size.
    NetworkManager-1.31.5/src/libnm-platform/nm-netlink.c:1458: remediation: Ensure that tainted values are properly sanitized, by checking that their values are within a permissible range.
    # 1456|
    # 1457|           msg.msg_controllen *= 2;
    # 1458|->         msg.msg_control = g_realloc(msg.msg_control, msg.msg_controllen);
    # 1459|           goto retry;
    # 1460|       }

but the problem is not the tainted data. The problem is how should
we handle MSG_CTRUNC? If we reach MSG_CTRUNC we already lost a message.
Retrying to receive the next message is not going to fix that and is
wrong.

Also, there really is no reason why any truncation should happen. The only
ancillary data that should be present is the sender information, and for
that our buffer is supposed to be large enough.

So, simply ignore truncation. It shouldn't happen, if it happened we
cannot recover from it (aside failing an assertion), and all we really
care are the retrieved credentials. If truncation happened, we might
not have retrieved the credentials, but then that is for the caller
to handle (by rejecting the message as untrusted).

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/872
2021-06-01 09:37:36 +02:00
Thomas Haller
0fb4ba5bef
trivial: fix coding style issue 2021-05-27 09:56:18 +02:00
Thomas Haller
f903d3b7b8
platform: drop unnecessary check in _vlan_xgress_qos_mappings_cpy()
For one, "src_n_map" must always be greater than zero at this point.
lgtm.com warns about that, and the point of this patch is to avoid
that warning.

Still, the check really isn't needed, also because nm_memdup() explicitly
handles buffers sizes of zero.
2021-05-27 09:04:59 +02:00
Gris Ge
652ddca04c
ethtool: Introducing PAUSE support
Introducing ethtool PAUSE support with:

 * ethtool.pause-autoneg on/off
 * ethtool.pause-rx on/off
 * ethtool.pause-tx on/off

Limitations:
 * When `ethtool.pause-autoneg` is set to true, the `ethtool.pause-rx`
   and `ethtool.pause-tx` will be ignored. We don't have warning for
   this yet.

Unit test case included.

Signed-off-by: Gris Ge <fge@redhat.com>

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/829
2021-05-12 18:04:46 +02:00
Thomas Haller
21321ac736
clang-format: reformat code with clang 12
The format depends on the version of the tool. Now that Fedora 34 is
released, update to clang 12 (clang-tools-extra-12.0.0-0.3.rc1.fc34.x86_64).
2021-05-04 13:56:26 +02:00
Thomas Haller
caea7514cb
platform: cleanup ethtool calls in "nm-platform-utils.c"
- consistently check for success/failure of _ethtool_call_handle()
  with "< 0" / ">= 0".

- drop unnecessary memset(). In the past, I argued to add this because
  there were obscure cases with valgrind where this made a difference.
  As it's not clear when/how that is necessary, drop it again.
  Also, we want to prefer explicit struct initialization over memset(),
  so if memset() would be necessary, those places would be problematic
  as well.

- inline unnecessary helper functions. They had only one caller and
  only make the code more verbose.

- use _ethtool_call_once() instead of _ethtool_call_handle() at places
  where we use the handle only once. The handle and _ethtool_call_handle()
  are useful to cache and reuse the file descriptor and the interface
  name. If we only make one call with the handle, we can use
  _ethtool_call_once() instead.

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/830
2021-05-03 13:57:07 +02:00
Thomas Haller
48a3cebce5
core: use _nm_utils_ascii_str_to_bool() to parse boolean udev properties
Previously, we used nm_udev_utils_property_as_boolean(), which was
taken from g_udev_device_get_property_as_boolean(). That function
accepts "1" and "true" (with ASCII case insensitive).

When we parse a flag, there is no need to reject "no", "yes" or
"on"/"off" as invalid (and thus return FALSE). We have a boolean
parse method _nm_utils_ascii_str_to_bool(), which parses everything
that nm_udev_utils_property_as_boolean() accepts, and more.

Be liberal in what we accept, so use our general parse function.
2021-04-28 13:10:13 +02:00
Thomas Haller
3762e8f0c5
platform: add nmp_object_link_udev_device_get_property_value() helper 2021-04-28 13:10:13 +02:00
Thomas Haller
47fa919720
platform: expose nm_platform_link_get_udev_property() function 2021-04-28 13:10:13 +02:00
Fernando Fernandez Mancera
1dfe536386 platform: introduce nm_platform_link_change_flags()
Having two functions like link_set_x() and link_set_nox() it is not a
good idea. This patch is introducing nm_platform_link_change_flags().

This allow flag modification directly, so the developer does not need to
define the virtual functions all the time everywhere.

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
2021-04-22 18:57:30 +00:00
Thomas Haller
9eac9c846c
platform: fix using static buffer for logging in link_change_flags()
No need to make code intentionally not thread-safe.
2021-04-21 08:10:36 +02:00
Beniamino Galvani
4a81fe13ae platform: ethtool: support new GLINKSETTINGS kernel API
Use the new GLINKSETTINGS/SLINKSETTINGS ethtool API [1] when
available. Using the old API, we can only enable the first 31 modes in
the advertising bitmask, and so interfaces can't negotiate higher
modes.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f1ac7a700d039c61d8d8b99f28d605d489a60cf

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/686
2021-04-16 18:47:17 +02:00
Thomas Haller
557644f5e0
core: don't add dependent local route for addresses
When adding an IPv4 address, kernel automatically adds a local route.
This is done by fib_add_ifaddr(). Note that if the address is
IFA_F_SECONDARY, then the "src" is the primary address. That means, with

  nmcli connection add con-name t type ethernet ifname t autoconnect no \
     ipv4.method manual ipv6.method disabled \
     ipv4.addresses '192.168.77.10/24, 192.168.77.11/24'

we get two routes:

  "local 192.168.77.10 dev t table local proto kernel scope host src 192.168.77.10"
  "local 192.168.77.11 dev t table local proto kernel scope host src 192.168.77.10"

Our code would only generate instead:

  "local 192.168.77.10 dev t table local proto kernel scope host src 192.168.77.10"
  "local 192.168.77.11 dev t table local proto kernel scope host src 192.168.77.11"

Afterwards, this artificial route will be leaked:

    #!/bin/bash

    set -vx

    nmcli connection delete t || :
    ip link delete t || :

    ip link add name t type veth peer t-veth

    nmcli connection add con-name t type ethernet ifname t autoconnect no ipv4.method manual ipv4.addresses '192.168.77.10/24, 192.168.77.11/24' ipv6.method disabled

    nmcli connection up t

    ip route show table all dev t | grep --color '^\|192.168.77.11'

    sleep 1

    nmcli device modify t -ipv4.addresses 192.168.77.11/24

    ip route show table all dev t | grep --color '^\|192.168.77.11'

    ip route show table all dev t | grep -q 192.168.77.11 && echo "the local route 192.168.77.11 is still there, because NM adds a local route with wrong pref-src"

It will also be leaked because in the example above ipv4.route-table is
unset, so we are not in full route sync mode and the local table is not
synced.

This was introduced by commit 3e5fc04df3 ('core: add dependent local
routes configured by kernel'), but it's unclear to me why we really need
this. Drop it again and effectively revert commit 3e5fc04df3 ('core:
add dependent local routes configured by kernel').

I think this "solution" is still bad. We need to improve our route sync
approach with L3Cfg rework. For now, it's probably good enough.

https://bugzilla.redhat.com/show_bug.cgi?id=1907661
2021-03-23 22:30:32 +01:00
Thomas Haller
fe1bf4c907
core: minor cleanup in nm_platform_ip_route_get_prune_list() 2021-03-23 17:56:47 +01:00
Thomas Haller
e226b5eb82
core: add NM_IP_ROUTE_TABLE_SYNC_MODE_ALL_PRUNE mode
When we deactivate a device, we flush all IP addresses and
routes. Thus, have yet another sync mode for that. It will sync more
than "ALL".
2021-03-23 17:56:46 +01:00
Thomas Haller
945612cc5d
all: use nm_net_aux_rtnl_rtntype_{n2a,a2n}() helpers 2021-03-23 14:19:38 +01:00
Thomas Haller
3c0ae1b5da
platform: make global logging cache for NMPlatform's sysctl values thread-safe
We have a cache for sysctl values, so that we can log changes and
previous values.

When resetting the log level, we prune that cache, which is done by
_nm_logging_clear_platform_logging_cache(). That function is called
by nm_logging_setup(), which is guaranteed to only happen on the main
thread.

NMPlatform in general is not thread safe (meaning, that the same NMPlatform
instance cannot be used by multiple threads at the same time). There is however
a reasonable aim that you could use different NMPlatform instances on their
own threads.

That currently doesn't work, mainly due to nm-logging which always must
be done from the main thread -- unless we would set NM_THREAD_SAFE_ON_MAIN_THREAD
in all of NMPlatform (which would be too expensive for something we
don't actually need). That means also the sysctl getter must only be
called on the main thread an all was good already.

Still, we could have NMPlatform usable from multiple thread by setting
NM_THREAD_SAFE_ON_MAIN_THREAD. As we are almost there to have the code
thread-safe, make accessing the sysctl value cache thread-safe (even if
we currently don't actually access it from multiple thread).
2021-03-08 22:29:01 +01:00
Thomas Haller
8dbfbce9f6
platform: add NM_LINUX_PLATFORM_FROM_PRIVATE() helper function 2021-03-08 22:29:01 +01:00
Thomas Haller
604b1d0331
platform: move more platform code to src/libnm-platform/ 2021-03-05 11:27:16 +01:00
Thomas Haller
3b6e57961d
platform: move "platform/{wifi,wpan}/" to "src/libnm-platform/" 2021-03-05 11:27:15 +01:00
Thomas Haller
901a7ecbdd
core: move NMPObjectType to "libnm-platform/nmp-base.h" 2021-03-05 11:27:15 +01:00
Thomas Haller
9113a672cf
platform: move nm_utils_modprobe() to libnm-platform 2021-03-05 11:27:15 +01:00
Thomas Haller
7b18e15481
platform: move nm_utils_lifetime_*() to libnm-platform 2021-03-05 11:27:15 +01:00
Thomas Haller
690105c616
platform: move nm_utils_new_{vlan,infiniband}_name() to libnm-platform 2021-03-05 11:27:15 +01:00
Thomas Haller
2d9a9d0ded
core: move NM_PLATFORM_LIFETIME_PERMANENT to libnm-platform/nmp-base.h 2021-03-05 11:27:15 +01:00
Thomas Haller
452ba8408c
build/meson: cleanup tests 2021-02-28 18:56:08 +01:00
Thomas Haller
bb4a10719c
build/meson: cleanup dependencies for libnm-platform 2021-02-28 10:42:04 +01:00
Thomas Haller
a9540fb927
build/meson: drop libnm_log_core_dep dependency 2021-02-28 10:42:04 +01:00
Thomas Haller
309dccf5f9
build/meson: cleanup libnm-glib-aux dependencies
Avoid dependencies but explicitly link the static library where it is
used.

This also fixes that we linked libnm-log-core into
libnm-settings-plugin-ifcfg-rh.so, which duplicated the symbols
while it should used them from NetworkManager.
2021-02-28 10:42:04 +01:00
Thomas Haller
7b48d6bd31
build: remove shared/ directory 2021-02-24 12:49:13 +01:00
Thomas Haller
b53c50e778
shared: move "nm-test-utils.h" to "src/libnm-glib-aux/"
"nm-test-utils.h" is a header-only, helper library for our unit tests.
It was somewhat unmotivated in "shared/nm-utils", because all tests use
it, but it was not part of a "module".

Move it to "src/libnm-glib-aux/". It fits there very well. They both
have (only) a dependency on glib.
2021-02-24 12:48:33 +01:00
Thomas Haller
a8c34b9dcf
build: move "shared/nm-std-aux" to "src/libnm-std-aux" 2021-02-24 12:48:24 +01:00
Thomas Haller
9dc84b32b0
build: move "shared/nm-{glib-aux,log-null,log-core}" to "src/libnm-{glib-aux,log-null,log-core}" 2021-02-24 12:48:20 +01:00
Thomas Haller
4d12a6ac3d
build: move "shared/nm-{base,udev-aux}" to "src/libnm-{base,udev-aux}" 2021-02-24 12:48:19 +01:00
Thomas Haller
2439374457
build: move "shared/nm-platform" to "src/libnm-platform" 2021-02-24 12:48:17 +01:00