When adding a link, set both NLM_F_CREATE and NLM_F_EXCL
flags.
`ip route add` and systemd-networkd sets NLM_F_EXCL too.
(cherry picked from commit 4bb76fb4c3)
Consider:
unshare -n
ip link add d0 type dummy
ip link add d1 type dummy
ip link set d0 up
ip link set d1 up
ip addr add 192.168.100.5/24 dev d0
ip addr add 192.168.101.5/24 dev d1
ip route add 192.168.200.0/24 via 192.168.100.1
ip monitor &
ip route change 192.168.200.0/24 via 192.168.101.1
#prints 192.168.200.0/24 via 192.168.101.1 dev d1
ip route show
#192.168.100.0/24 dev d0 proto kernel scope link src 192.168.100.5
#192.168.101.0/24 dev d1 proto kernel scope link src 192.168.101.5
#192.168.200.0/24 via 192.168.101.1 dev d1
Note that `ip route change` replaced the exising route. "Replaced" in this
case means: the previous route on device "d0" got removed and a new route
on "d1" was added. However, kernel only sent one RTM_NEWROUTE event, no
RTM_DELROUTE that notifies about this change.
We need to workaround that by re-synching the routes when we receive a
RTM_NEWROUTE notification.
(cherry picked from commit f8b2cadfc1)
We aim to keep the platform cache up-to-date only via the netlink
events. However, due to kernel shortcomings we often have to resync
by re-requesting the data, which especially for routes and addresses
means a full dump (as you cannot request only specific route/address
information).
Thus it makes sense to avoid expensive dumps whenever we can.
We schedule dumps via "delayed-actions" and that is already smart
so that muliple schedulings are combined. However, before requesting
a new dump, we clear the flag that indicates that a dump is scheduled.
Thus, while processing the result of of a dump, we would re-schedule
anew which can be necessary in some cases.
In certain cases, we don't require a full resync, when we are in the
middle of processing a dump, because that one dump will provide us
with the full picture. Thus, we can avoid scheduling a new dump if
- we already scheduled a delayed action
- we are in the middle or processing a dump.
This can now be checked via delayed_action_refresh_all_in_progress().
(cherry picked from commit ff8c82e7e1)
Instead of returning only TRUE/FALSE, return the number of signals
that were received while waiting. This make the API cleared, because
previously I always had to check anew whether wait-for-signal returns
TRUE or FALSE on timeout.
Also, add nmtstp_assert_wait_for_signal() and nmtstp_assert_wait_for_signal_until()
macros.
(cherry picked from commit af55476bf1)
This allows tests to use these functions on a different platform instance
then on the singleton. The change makes the argument list longer, which is
unfortunate. On the other hand, it makes those functions more useful
in general.
You can't have it all.
Also, they now follow the pattern of most functions in NM where the type
is a singleton: you always pass the singleton to the function, although
in the usual case there is only one singleton instance. This allows to
use the function also on the non-singleton instance.
(cherry picked from commit c4151ebb5b)
On netlink layer, this field is uint8_t/uchar.
A larger (signed) plen makes no sense. Adjust the signatures
to have only guint8.
(cherry picked from commit 44768f0311)
On netlink layer, this field is uint8_t/uchar.
A larger (signed) plen makes no sense. Adjust the signatures
to have only guint8.
(cherry picked from commit 14ee5dd2f8)
NMPCacheId is a union with fields for all known NMPCacheIdTypes.
Up to now, we always cloned the entire union, computed the hash
over all (possibly unset) fields and used memcmp() unanimously.
That was ok, because NMPCacheId was 16 bytes in total and cache-id
types that consumed less bytes didn't have a large overhead.
Next, we will add a new cache id type which increases the size of
NMPCacheId to 24 bytes. So, while possibly only a fraction of the
instances is that large, they would all have to pay that price.
Change that to consider and clone only those parts of the id
that are actually used.
(cherry picked from commit b1e3deaf2f)
As we get more NMPCacheIdType values, it's better to have for
each type a pre-declared list of supported types, instead of
iterating over all types and letting _nmp_object_init_cache_id()
figure out that the cache-id-type is unsupported on that object.
(cherry picked from commit fe78ae0b6a)
For internal compilation we want to be able to use deprecated
API without warnings.
Define the version min/max macros to effectively disable deprecation
warnings.
However, don't do it via CFLAGS option in the makefiles, instead hack it
to "nm-default.h". After all, *every* source file that is for internal
compilation needs to include this header as first.
The link_stats structure grew between 4.5 and 4.6 and this would cause
the messages to me ignored when compiling with 4.6 headers and running
on 4.5.
https://bugzilla.gnome.org/show_bug.cgi?id=764332
The root-test "/general/netns/bind-to-path" mounts a tmpfs
over /var/run for the duration of the test and unmounts it at
the end.
Due to a bug, we first mount the tmpfs, then switch to another
namespace, and finally unmount /var/run on that other namespace.
That means, when you run the tests as root, it will bork /run
on your system.
Fixes: 46f5c07643
We used to pad the lifetime since the beginning (commit
f121995fad).
However, there is not race involved, since our platform cache
is in sync with the messages from kernel (which didn't used to
be the case).
Also, when receiving a RA with a zero preferred time, we must
not extend the address lifetime by 5 seconds, but instead deprecate
the address immediately.
https://bugzilla.gnome.org/show_bug.cgi?id=763513
Previously, the push/pop API to switch between namespaces would always
switch both the net and mount namespace together.
There are situations, where we want to only switch one namespace.
For example, the function nmp_netns_bind_to_path() introduced next
only wants to switch the net namespace to get /proc/self/ns/net,
but must not switch the mount namespace as it bind-mounds in the
namespace of the caller.
Make the test helper independent from the platform singleton instance.
That way, we can also use them for other platform instances (e.g. in a
different namespace).
GError is not used, the error branch would always result in NULL dereference.
Also, check for the result being zero for clarity -- it's the only allowed
success indication.
CID 75365 (#3 of 3): Explicit null dereferenced (FORWARD_NULL)
12. var_deref_op: Dereferencing null pointer error.
str_if_set() was added to replace the non-standard gcc extension "?:".
However, "?:" is supported by clang as well and we already use it at
several places.
Also, str_if_set() did not follow our naming scheme and renaming to
nm_str_if_set() would be ugly. So just drop it.
Add a new NMPNetns class. This allows creation, deletion and
switching of network namespaces. The API only offers push/pop
operations to switch the namespace. This way the API enforces
the user to always restore the previous namespace.
A NMPlatform instance not only uses the netlink socket, but also
sysfs, udev, ethtool, mii. Still, a NMPlatform instance lives
entirely inside one namespace and is not spanning multiple namespaces.
To properly support network namespaces, the platform instance must
switch the namespace as necessary, transparent to the caller.
Udev is only supported in the main namespace.
For now, network namespaces are not actually used and are disabled
via the NM_PLATFORM_NETNS_SUPPORT argument.
https://bugzilla.gnome.org/show_bug.cgi?id=762408
Inside container, where we don't use udev we don't receive
any events from udev client. Thus the client only returns
devices when iterating it initially, but no events for newly
added devices that appear later.
Thus, inside containers we don't want to create a udev client
at all.
Most functions defined in "nm-platform-utils.h" perform a lookup
of link properties, for example via ethtool or sysfs. Those functions
depend on the system configuration, such as the current network namespace.
Move the simple helper functions away to "nm-core-internal.h", so that
all remaining functions from "nm-platform-utils.h" are really related to
somthing that interacts with the system/kernel.
Coverity complains rightly about "strncpy (dst, ifname, IFNAMSIZ)"
because it might leave @dst non-NULL-terminated, in case @ifname
is too long (which already would be a bug in the first place).
Replace the strcpy() uses by a new helper nm_utils_ifname_cpy()
that asserts against valid arguments.
IFNAMSIZ is 16 but strncpy doesn't ensure a NUL terminated string in
this case. Coverity rightly complains about it. Use g_strlcpy() instead.
Note that no valid ifname should be 16 characters long in the first
place.
