When calling update_default_route(), NMDefaultRouteManager will look at the
source, and determine whether it has a default route or not. For example
for device sources, this means calling nm_device_get_ip4_default_route().
If the source indicates that it has no default route, the effect of
calling update_default_route() is the same as calling
remove_default_route() (hence, remove() can be replaced by update()).
If the source however still indicates a default route, the behavior
would be different. This case would be an undesired inconsistancy,
because source and NMDefaultRouteManager would disagree of whether
the source has a default route.
Source must always properly indicate whether it has a default route
or not, hence this situation does not arise.
Hence it is always better to call update().
Signed-off-by: Thomas Haller <thaller@redhat.com>
The case of having a metric MAXUINT32 is special, because in face of
multiple default routes with the same metric, NMDefaultRouteManager
cannot reduce the effective metric (because there is no lower priority
value).
This case works already correct, just when adding such a default route,
ensure that we add it to the *first* entry.
Signed-off-by: Thomas Haller <thaller@redhat.com>
NetworkManager[31624]: <warn> VPN service 'openvpn': could not launch the VPN service. error: (8) Failed to execute child process "/usr/local/libexec/nm-openvpn-service" (No such file or directory).
**
NetworkManager:ERROR:nm-manager.c:3094:_activation_auth_done: assertion failed: (error)
An sd_dhcp_lease will always have an associated address, netmask, and
lifetime, so we don't have to check for errors when fetching them.
(The systemd code will fill in a default netmask if the server didn't
provide one; nm-dhcp-systemd's code to do that itself was redundant
and unused.)
Also, log the expiration time and NTP servers, for consistency with
everything else.
If asked to read a file that doesn't exist, sd_dhcp_lease_load()
returns 0 (success) without setting the out lease argument. So we need
to check both the return status and the lease before proceeding.
Not invoking a callback when cancelling the operation is counter
intuitive.
Note that NMPolicy refs the device, cancelling the call would leave
the reference hanging. That was not an issue because the call was
never cancelled. But still the behavior of NMFirewallManager is
unexpected.
Signed-off-by: Thomas Haller <thaller@redhat.com>
The directory firewall-manager/ only contained one source and one
header file. Move them to the parent src/ directory.
Signed-off-by: Thomas Haller <thaller@redhat.com>
NMIP4Config/NMIP6Config have their own NMIPRoute->D-Bus conversion
code since the code in libnm-core is gdbus-specific. But they were
doing it wrong, resulting in clients seeing a next hop of 0.0.0.0/::
for all routes.
Left over from a previous version of the iface helper patches and was
never removed when NM_IFACE_HELPER was removed. Since NM_IFACE_HELPER
wasn't defined, this code was already always compiled.
The kernel does not terminate an ongoing IPv6LL address process when
the IPv6LL address generation mode is set to 'none' (indicating that
userspace wishes to handle IPv6LL). Next, NetworkManager does not
expose IPv6 addresses internally until they have completed DAD. This
means that the kernel may still be performing DAD for an IPv6LL
address when NetworkManager turns userspace IPv6LL on, and when
DAD is complete NetworkManager will finally pay attention to the
address. If the device is in the DISCONNECTED state, NetworkManager
will then generate and assume an IPv6LL-only connection on the device.
Unfortunately, that behavior happens if the following is true:
1) IPv6LL addressing takes a while (eg, dad_transmits is high or
the kernel takes a while for some reason)
2) the activated connection fails quickly (dhclient fails or some
other fatal error terminates the activation attempt)
3) the activated connection has ipv6.method=ignore
In this case, when the device was brought up and ipv6.method=ignore,
NetworkManager re-enabled kernel IPv6LL and reset the IPv6 sysctl
properties. The kernel then generated an IPv6LL address and began
DAD. dhclient failed quickly, and NM deactivated the device. NM
then turned off kernel IPv6LL when deactivating the device, but the
kernel does not terminate the ongoing DAD. Some time after the device
entered the DISCONNECTED state, the kernel finished DAD and that
allowed NetworkManager to internally see the address, which caused
NetworkManager to emit the 'recheck-assume' signal. This
generated a new IPv6LL-only connection which was then assumed.
Bouncing 'disable_ipv6' when re-enabling userspace IPv6LL during
device deactivation flushes the tentative kernel IPv6LL address,
thus preventing the address from being announced after userspace
IPv6LL is re-enabled. The other alternative is to expose
tentative addresses (eg those still doing DAD) in NMPlatform so
they would be flushed when the device deactivates, but that is a
larger & riskier set of changes.
Reproducer:
- ifconfig eth0 down
- prepare a DHCPv4 connection with ipv6.method=ignore
- set /proc/sys/net/ipv6/conf/all/dad_transmits to "15"
- ensure that DHCPv4 will fail (replace dhclient with a script
that exits after 2 seconds or something)
- run NetworkManager
- activate the DHCP connection and watch it immediately fail
- wait for the kernel to announce the IPv6LL address after DAD finishes
- watch NM "assume" the new IPv6LL connection
https://bugzilla.gnome.org/show_bug.cgi?id=740096
For ipv6.method=dhcp NM was not waiting for an IPv6LL address, which
caused the DHCP client to exit early because it had no local address
to bind to.
https://bugzilla.gnome.org/show_bug.cgi?id=740147
The upstream kernel added module aliases for nl80211 in commit
fb4e156886ce6e8309e912d8b370d192330d19d3, so querying nl80211
now auto-loads the module. Previously NM was doing this to
determine whether an ethernet-like device was a Wi-Fi device
that supported nl80211, but this leads to the nl80211 loading
on platforms that will never have or use Wi-Fi.
Since every nl80211-capable device will already have
DEVTYPE=wlan set (from /sys/class/net/wlan0/uevent), we can use
that as an indicator that the ethernet-like device is WiFi
instead of asking nl80211.
https://bugzilla.gnome.org/show_bug.cgi?id=740131
config.h should be included from every .c file, and it should be
included before any other include. Fix that.
(As a side effect of how I did this, this also changes us to
consistently use "config.h" rather than <config.h>. To the extent that
it matters [which is not much], quotes are more correct anyway, since
we're talking about a file in our own build tree, not a system
include.)
It is conditionally compiled depending on presence of bluez-libs.
Results in undefined symbols:
NetworkManager[19346]: <warn> (/libnm-device-plugin-bluetooth.so): failed to
load plugin: /usr/lib64/NetworkManager/libnm-device-plugin-bluetooth.so:
undefined symbol: nm_bluez5_dun_cleanup
The DRM now affects DNS too, since it determines the "best" IPv4
and IPv6 configs based on it's idea of the default route. The
Policy is also still updating DNS from a state-change handler for
VPN connections.
This led to a situation where the Policy would remove the VPN's
IP config from the DNS manager in vpn_connection_deactivated() and
call update_ip4_dns(), whereupon get_best_ip4_config() returned
the just-removed VPN IPv4 config as "best" because the VPN connection
hadn't yet told the DefaultRouteManager to remove it.
Which meant VPN nameservers stuck around in resolv.conf for a long
time after the VPN was disconnected.
Fixes: a39a3ae4cd
Things explode on i386 when marshalling a 32-bit value when a 64-bit one is
expected:
Program received signal SIGSEGV, Segmentation fault.
__memset_sse2 () at ../sysdeps/i386/i686/multiarch/memset-sse2.S:242
242 movdqu %xmm0, (%edx)
Missing separate debuginfos, use: debuginfo-install nss-mdns-0.10-15.fc21.i686
(gdb) bt
#0 0xffffffff in __memset_sse2 () at ../sysdeps/i386/i686/multiarch/memset-sse2.S:242
#1 0xffffffff in g_hash_table_remove_all_nodes (__len=<optimized out>, __ch=0, __dest=<optimized out>)
at /usr/include/bits/string3.h:84
#2 0xffffffff in g_hash_table_remove_all_nodes (hash_table=hash_table@entry=0x82ee250<error reading variable: Cannot access memory at address 0x8dbaacd6>, notify=notify@entry=1) at ghash.c:481
#3 0xffffffff in g_hash_table_unref (hash_table=0x82ee250<error reading variable: Cannot access memory at address 0x8dbaacd6>) at ghash.c:1042
#4 0xffffffff in _g_type_boxed_free (type=136861824, value=0x82ee250) at gtype.c:4262
#5 0xffffffff in boxed_proxy_value_free (value=0xbfffe8ec) at gboxed.c:209
#6 0xffffffff in g_value_unset (value=value@entry=0xbfffe8ec) at gvalue.c:272
#7 0xffffffff in g_signal_emit_valist (instance=instance@entry=0x82492b8, signal_id=signal_id@entry=125, detail=detail@entry=0, var_args=<optimized out>, var_args@entry=0xbfffea4c "\030\342.\bL#") at gsignal.c:3338
#8 0xffffffff in g_signal_emit (instance=0x82492b8, signal_id=125, detail=0) at gsignal.c:3365
#9 0x0809c05d in handle_event (proxy=0xb5d012e8 [DBusGProxy], options=0x82eb640 = {...}, user_data=0x82492b8)
at dhcp-manager/nm-dhcp-listener.c:146
#10 0xffffffff in g_cclosure_marshal_VOID__BOXED (closure=0x82bf270, return_value=0x0, n_param_values=2, param_values=0x82c60c0, invocation_hint=0xbfffec68, marshal_data=0x0) at gmarshal.c:1120
#11 0xffffffff in marshal_dbus_message_to_g_marshaller () at /lib/libdbus-glib-1.so.2
#15 0xffffffff in <emit signal received:org-freedesktop-nm_dhcp_client-Event on instance 0xb5d012e8 [DBusGProxy]> (instance=0xb5d012e8, signal_id=19, detail=915) at gsignal.c:3365
#12 0xffffffff in g_closure_invoke (closure=0x82bf270, return_value=return_value@entry=0x0, n_param_values=n_param_values@entry=3, param_values=param_values@entry=0xbfffecc0, invocation_hint=invocation_hint@entry=0xbfffec68) at gclosure.c:768
#13 0xffffffff in signal_emit_unlocked_R (node=node@entry=0x8263660, detail=detail@entry=915, instance=0xb5d012e8, emission_return=emission_return@entry=0x0, instance_and_params=0xbfffecc0) at gsignal.c:3553
#14 0xffffffff in g_signal_emit_valist (instance=instance@entry=0xb5d012e8, signal_id=signal_id@entry=19, detail=detail@entry=915, var_args=0xbfffee34 "\340\370.\b\004",
var_args@entry=0xbfffee2c "\340\370.\b\300\303/\b\340\370.\b\004") at gsignal.c:3309
#16 0xffffffff in dbus_g_proxy_manager_filter () at /lib/libdbus-glib-1.so.2
#17 0xffffffff in dbus_connection_dispatch () at /lib/libdbus-1.so.3
#18 0xffffffff in message_queue_dispatch () at /lib/libdbus-glib-1.so.2
#19 0xffffffff in g_main_context_dispatch (context=0x8246720) at gmain.c:3111
#20 0xffffffff in g_main_context_dispatch (context=context@entry=0x8246720) at gmain.c:3710
#21 0xffffffff in g_main_context_iterate (context=0x8246720, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3781
#22 0xffffffff in g_main_loop_run (loop=0x8246798) at gmain.c:3975
#23 0x08070c09 in main (argc=1, argv=0xbffff2b4) at main.c:479
(gdb)
PIDs use native word width, a gint seems more suitable than gint32 or gint64.
https://bugzilla.gnome.org/show_bug.cgi?id=739861
When quitting, the Manager asks each device to spawn the interface helper,
which persists and manages dynamic address on the interface after NetworkManager
is gone. If the dynamic address cannot be maintaned, the helper quits and
the interface's address may be removed when their lifetime runs out.
To keep the helper as simple as possible, NetworkManager passes most of the
configuration on the command-line, including some properties of the device's
current state, which are necessary for the helper to maintain DHCP leases
or IPv6 SLAAC addresses.
Cloud setups often have a never-changing setup and since every cycle counts,
they don't really want a management process running in the background after
network setup is complete. Since it's likely a VM, it's not like links
are going to go up/down very often.
Add a new "configure-quit=true/false" config option which, when set to true,
will quit NetworkManager after startup and initial configuration is complete.
