We already have NMPLookup to express a set of objects that can be looked
up via the multi-index.
Change the behavior of nmp_cache_dirty_set_all(), not to accept an
object-type. Instead, make it generally useful and accept a lookup
instance that is used to filter the elements that should be set as
dirty.
for-each macros can be nice to use. However, such macros are potentially
error prone, as they abstract C control statements and scoping blocks.
I find it ugly to expand the macro to:
for (...)
if (...)
Instead, move the additional "if" check inside the loop's condition
expression, so that the macro only expands to one "for(;;)" statement.
It does not matter too much, but the code optimizes for deletion events.
In that case, we don't require parsing the full netlink message.
Instead, it's enough to parse only the ID part so that we can find the
object in the cache that is to be removed removed.
Fix that for qdisc/tfilter objects.
I think the code before was correct. At the very least because
we only run the while-loop at most once because multipath routes
are not supported.
However, it seems odd that the while loop checks for
"tlen >= rtnh->rtnh_len"
but later we do
"tlen -= RTNH_ALIGN (rtnh->rtnh_len)"
Well, arguably, tlen itself is aligned to 4 bytes (as kernel sends
the netlink message that way). So, it was indeed fine.
Still, confusing. Try to check more explicitly for the buffer sizes.
nla_data_as() has a static assertion that casting to the pointer is
valid (regarding the alignment of the structure). It also contains
an nm_assert() that the data is in fact large enough.
It's safer, hence prefer it a some places where it makes sense.
- nlmsg_append_struct() determines the size based on the argument.
It avoids typing, but more importantly: it avoids typing redundant
information (which we might get wrong).
- also, declare the structs as const, where possible.
nla_get_u64() was unlike all other nla_get_u*() implementations, in that it
would allow for a missing/invalid nla argument, and return 0.
Don't do this. For one, don't behave different than other getters.
Also, there really is no space to report errors. Hence, the caller must
make sure that the attribute is present and suitable -- like for other
nla_get_*() functions.
None of the callers relied on being able to pass NULL attribute.
Also, inline the function and use unaligned_read_ne64(). That is our
preferred way for reading unaligned data, not memcpy().
These are only nm_assert(), meaning on non-DEBUG builds they
are not enabled.
Callers are supposed to first check that the netlink attribute
is suitable. Hence, we just assert.
The policy for strings must indicate a minlen of at least 1.
Everything else is a bug, because the policy contains invalid
data -- and is determined at compile-time.
- use size_t arguments for the memory sizes. While sizes from netlink
API currently are int typed and inherrently limited, use the more
appropriate data type.
- rename the arguments. The "count" is really the size of the
destination buffer.
- return how many bytes we wanted to write (like g_strlcpy()).
That makes more sense than how many bytes we actually wrote
because previously, we could not detect truncation.
Anyway, none of the callers cared about the return-value either
way.
- let nla_strlcpy() return how many bytes we would like to have
copied. That way, the caller could detect string truncation.
In practice, no caller cared about that.
- the code before would also fill the entire buffer with zeros first,
like strncpy(). We still do that. However, only copy the bytes up
to the first NUL byte. The previous version would have copied
"a\0b\0" (with srclen 4) as "a\0b". Strip all bytes after the
first NUL character from src. That seems more correct here.
- accept nla argument as %NULL.
- drop explicit MAX sizes like
static const struct nla_policy policy[IFLA_INET6_MAX+1] = {
The compiler will deduce that.
It saves redundant information (which is possibly wrong). Also,
the max define might be larger than we actually need it, so we
just waste a few bytes of static memory and do unnecesary steps
during validation.
Also, the compiler will catch bugs, if the array size of policy/tb
is too short for what we access later (-Warray-bounds).
- avoid redundant size specifiers like:
static const struct nla_policy policy[IFLA_INET6_MAX+1] = {
...
struct nlattr *tb[IFLA_INET6_MAX+1];
...
err = nla_parse_nested (tb, IFLA_INET6_MAX, attr, policy);
- use the nla_parse*_arr() macros that determine the maxtype
based on the argument types.
- move declaration of "static const struct nla_policy policy" variable
to the beginning, before auto variables.
- drop unneeded temporay error variables.
The common idiom is to stack allocate the tb array. Hence,
the maxtype is redundant. Add macros that autodetect the
maxtype based on the C type infomation.
Also, there is a static assertion that the size of the policy
(if provided) matches.
In practice, we don't fail to create the nlmsg, because in glib
malloc() cannot fail and we always create large enough buffers.
Anyway, handle the error correctly, and reduce the in-progress
counter again.
Previously, Wi-Fi scans uses polkit action
"org.freedesktop.NetworkManager.network-control". This is introduced
in commit 5e3e19d0. But in a system with restrict polkit rules, for
example "org.freedesktop.NetworkManager.network-control" was set as
auth_admin. When you open the network panel of GNOME Control Center, a
polkit dialog will keep showing up asking for admin password, as GNOME
Control Center scans the Wi-Fi list every 15 seconds.
Fix that by adding a new polkit action
"org.freedesktop.NetworkManager.wifi.scan" so that distributions can
add specific rule to allow Wi-Fi scans.
[thaller@redhat.com: fix macro in "shared/nm-common-macros.h"]
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/merge_requests/68
G_VARIANT_BUILDER_INIT() was only added in glib 2.50, hence we cannot use
it.
Maybe nm-glib.h should provide a compat macro, but the macro relies
on the magic number GVSB_MAGIC_PARTIAL, which is private to glib.
It's not clear that we can savely provide such a compat implementation
for older glib variants.
Fixes: 642f15f2f6
This API allows setting the global WFDIEs property of wpa_supplicant.
Ideally it would be better if this property was per-device, but this is
a limitation of wpa_supplicant.
While this can be considered a property of the P2P device, the API will
require setting it through the settings when activating a connection. As
such, having a (read only) property on the device is not very useful, so
remove it again.
- use gs_free instead of explicit free().
- use nm_streq*() instead of strcmp().
- move deletion of existing file after we successfully wrote
the new file.
- add parameter existing_path_readonly, to avoid to overwrite or
delete the existing path (if it exists). This is still mostly unused,
but will be necessary when we have read-only directories.
Next, we will update g_steal_pointer() to cast the return type
to the type of the argument. Hence, this automatic conversion
from setting (sub) classes to NMSetting no longer works.
Add an explict cast.
- regarding the DHCP options, we should not suppress them. If the lease
contains such bogus(?) addresses, we still want to expose them on
D-Bus without modification.
- regrading using the DNS server, ignore localhost addresses like done for
systemd-networkd ([1], [2]).
Until recently, the DHCP library would internally suppress such
addresses ([3]). That is no longer the case, and we should handle
them specially.
[1] https://github.com/systemd/systemd/issues/4524
[2] d9ec2e632d
[3] 334d5682ae
Imported from systemd:
inet_ntop() is not documented to be thread-safe, so it should not
be used in the DHCP library. Arguably, glibc uses a thread local
buffer, so indeed there is no problem with a suitable libc. Anyway,
just avoid it.
189255d2b5
Imported from systemd:
The DHCP client should not pre-filter addresses beyond what RFC
requires. If a client's user (like networkd) wishes to skip/filter
certain addresses, it's their responsibility.
The point of this is that the DHCP library does not hide/abstract
information that might be relevant for certain users. For example,
NetworkManager exposes DHCP options in its API. When doing that, the
options should be close to the actual lease.
This is related to commit d9ec2e632df4905201facf76d6a205edc952116a
(dhcp4: filter bogus DNS/NTP server addresses silently).
072320eab0
Imported from systemd:
The Router DHCP option may contain a list of one or more
routers ([1]). Extend the API of sd_dhcp_lease to return a
list instead of only the first.
Note that networkd still only uses the first router (if present).
Aside from extending the internal API of the DHCP client, there
is almost no change in behavior. The only visible difference in
behavior is that the "ROUTER" variable in the lease file is now a
list of addresses.
Note how RFC 2132 does not define certain IP addresses as invalid for the
router option. Still, previously sd_dhcp_lease_get_router() would never
return a "0.0.0.0" address. In fact, the previous API could not
differenciate whether no router option was present, whether it
was invalid, or whether its first router was "0.0.0.0". No longer let
the DHCP client library impose additional restrictions that are not
part of RFC. Instead, the caller should handle this. The patch does
that, and networkd only consideres the first router entry if it is not
"0.0.0.0".
[1] https://tools.ietf.org/html/rfc2132#section-3.5
This also required adjusting "src/dhcp/nm-dhcp-systemd.c" due to the
changed internal API.
f8862395e8
