deviceid_to_index returns -1 when the deviceid was not found.
Assiging it to an unsigned variable is wrong and would result
in printing an error message when trying to remove the non existing
index.
Signed-off-by: Thomas Haller <thaller@redhat.com>
A fake AP should be the current access point. The code in act_stage1_prepare
violated this invariant for a short time by emitting signals before
setting current_ap. Reorder statements, so that
- fake AP gets created and added to ap_list
- fake AP gets set as current_ap (suppressing notify signals)
- emit ACCESS_POINT_ADDED signal
- thaw notify::NM_DEVICE_WIFI_ACTIVE_ACCESS_POINT signal
When performing a series of actions that emit several signals, it is
often difficult to emit them in an order, so that listeners get a
consistent view. With this change, listeners will get ACCESS_POINT_ADDED
signal, and the current ap already being set to the fake_ap. Next they
get notify::NM_DEVICE_WIFI_ACTIVE_ACCESS_POINT. There is no perfect
solution, but this way it makes slightly more sense.
Signed-off-by: Thomas Haller <thaller@redhat.com>
This fixes automatic activation after changes in
commit ff7e47a418.
When a connection is deactivated impl_manager_deactivate_connection() is called
and the device goes to NM_DEVICE_STATE_DISCONNECTED. nm_device_state_changed()
then issues "state-changed" signal. The signal is connected to by various
listeners. The most interesting ones for this case are NMPolicy and
NMActiveConnection.
The problem is that NMPolicy's device_state_changed() is processed first and
thus in schedule_activate_check() we still have the old active connection
present (in ACTIVATED state).
This commit fixes the issue by connecting to "state-changed" signal using
g_signal_connect_after() in NMPolicy. This ensures NMPolicy's state-changed
handler is called after active connections are processed.
https://bugzilla.redhat.com/show_bug.cgi?id=1033187
The NMActiveConnection class tracks the full activation request, and internal
activation requests go through the same process as external ones, including
some authentication. Sometimes that means activation is scheduled, control
returns to the mainloop, and then the activation proceeds from an idle
handler.
Unfortunately, that means that adding a pending "activation" action from
nm-device.c doesn't always work, since there is a short window between when
the activation is started in nm-manager.c (in nm_manager_activate_connection())
and when the device actually changes state. Inside that window, the pending
actions may drop to zero, and startup will be declared complete before the
device actually starts activating.
Instead, ensure that the pending action is added when the internal activation
is actually started (eg, when NMActiveConnection receives the NMDevice object).
Carrier state is only valid if the network interface is IFF_UP, because drivers
are not required to do carrier detection if the device is not up. Thus, if NM
is the first process to set the interface IFF_UP, there may be a short delay
while the driver performs carrier detection. NetworkManager must suppress
"startup complete" during this delay to ensure that the carrier state is known
before making startup property decisions.
Previously, when NetworkManager set the interface IFF_UP, the interface would
not have a carrier for a few seconds until the driver's carrier detection was
done. Since the interface had no carrier, NetworkManager could not begin
connection activation on the interface, and the interface would not suppress
the "startup complete" transition. Thus, NetworkManager would declare that
startup was complete prematurely and anything depending on startup network
connectivity would fail as no interfaces were active.
https://bugzilla.redhat.com/show_bug.cgi?id=1034921https://bugzilla.redhat.com/show_bug.cgi?id=1030583
This lets us do two things:
1) ensure that pending actions are unique and not doubly added/removed
2) we can (eventually) print out the pending action list for debugging
However, since we cannot have two pending actions with the same name at
the same time, we need to change the queued device state actions to
include the state name. But that makes debugging even more descriptive
so it's a bonus.
Simplify check in nm_ap_set_ssid(). Note that previously there was
no bug here in case of self assignment, this just makes it more
explicit.
Signed-off-by: Thomas Haller <thaller@redhat.com>
We should use ap_scan=1 *except* for AP/IBSS/AdHoc, where ap_scan=2 is
required. ap_scan for "infra" mode is all historical and was for old,
crappy, and proprietary drivers that we should really stop hacking stuff
for. Those drivers did not support probe-scanning for hidden APs and
thus the supplicant just had to send all the config to the driver and
hope things worked.
All relevant and non-crappy drivers these days support at least one SSID
probe and thus is_broadcast affecting ap_scan should no longer be
something we support. If you have an old, crappy
WEXT/proprietary/staging driver, and you use hidden APs, you're doing it
wrong.
So, in short, we must keep the ap_scan=2 logic for AP+AdHoc, but we can
remove the is_broadcast and has_scan_capa_ssid arguments and the code
where they change ap_scan.
https://bugzilla.redhat.com/show_bug.cgi?id=1025371#c18
Signed-off-by: Thomas Haller <thaller@redhat.com>
rh #1025371 reports a crash in handle_ip_config_timeout() because
nm_device_wifi_get_activation_ap() did not return any access point
(line nm-device-wifi.c:3105).
In order to fix this, the whole handling of get_activation_ap vs.
current_ap was reworked and cleaned up.
This also fixes a memory leak in line nm-device-wifi.c:2111.
Also rename the functions get_active_ap (to find_active_ap) and
set_active_ap (to set_current_ap), because these two functions were not
getter/setter for an 'active_ap' property (as would be expected from the
previous name).
Also ensure, that a fake AP is never in the list of valid APs without
also being the current_ap. Whenever we reset a fake current_ap, the AP
gets removed.
https://bugzilla.redhat.com/show_bug.cgi?id=1025371
Signed-off-by: Thomas Haller <thaller@redhat.com>
This reverts commit 788eed99de.
Revert the previous workaround for the crash before cleanup the handling
of AP in nm-device-wifi.c
Signed-off-by: Thomas Haller <thaller@redhat.com>
It is an extension compared to initscripts (not in sysconfig.txt). But it is
necessary for preserving dhcp-send-hostname. Missing DHCP_SEND_HOSTNAME is
treated as "yes", which matches dhcp-send-hostname default value being TRUE.
https://bugzilla.redhat.com/show_bug.cgi?id=1001529
Workaround a serious issue, that a connection that failed to activate
might retry to autoconnect indefinitly.
In NMPolicy, device_state_changed() decrements the retry count for
autoconnect. But immediatly it calls nm_connection_clear_secrets(),
which in turn triggers an NM_SETTINGS_SIGNAL_CONNECTION_UPDATED signal.
The problem is, that connection_updated() resets the try count again to
the default, and thus, the counter was effictivly not decremented.
For now, do not reset the retry count in connection_updated(). This
works arount the issue, but means, that when a user changes the
connection, it is not immediatly retried to autoconnect (as the intent
originally was). This will be fixed later.
https://bugzilla.redhat.com/show_bug.cgi?id=1040528
Signed-off-by: Thomas Haller <thaller@redhat.com>
Attempting an immediate reconnect if the peer terminates the connection
sometimes results in the peer not being ready to negotiate a new
connection, while a short delay allows the peer to correctly tear
down the old connection and get listen for a new one. Introduce
a short delay when activating a PPPoE connection if a PPPoE
connection was recently deactivated.
https://bugzilla.redhat.com/show_bug.cgi?id=1023503https://bugzilla.redhat.com/show_bug.cgi?id=602265
Rebased to master by jklimes.
Keyfile plugin writer had a bug, when writing IP6 routes with gateway
"::". Instead of writing "net/plen,,metric" it wrote "net/plen,metric".
- fix this bug and add test cases. Also, add a workaround to reader, to
accept such wrongly written IP6 routes as valid.
- change the writer for IP4 addresses, IP4 routes and IP6 routes to
omit the gateway and the metric, if it is 0.0.0.0/::/0, respectively.
Also change the reader, to accept such empty gateway as valid.
It only omits the gateway, if the metric is not 0, this means it would
write:
route1=1.2.3.4/24,0.0.0.0,1
instead of
route1=1.2.3.4/24,,1
Both representations are now supported by the reader, but older plugin
versions could only read the former (thus, we keep writing that
version).
With a metric of zero, it would instead write:
route1=1.2.3.4/24
- some refactoring and code cleanup. Fix a memory leak.
https://bugzilla.gnome.org/show_bug.cgi?id=719851
Signed-off-by: Thomas Haller <thaller@redhat.com>
ip6_addr_to_string did assume, that inet_ntop might write a scope id to
the result. But it does not (and cannot, because struct in6_addr does
not have any interface identifer).
Simplify and rework the function.
Also fix a memory leak.
https://bugzilla.gnome.org/show_bug.cgi?id=711684
Signed-off-by: Thomas Haller <thaller@redhat.com>
When a gateway is not in the prefix of any of the interface's IP addresses,
NetworkManager adds a static host route to the gateway through the
interface to ensure the gateway can be reached. That route will not
be part of the persistent connection (since it was added automatically)
but would normally be picked up by connection generation. This would
cause the generated connection not to match with the persistent
connection, because the persistent connection does not have the host
route. Ignore the gateway host route when capturing the interface's
existing IP configuration.
When generating a connection, if the device has no non-link-local IPv6
address, then it's unclear whether (a) the connection was link-local
originally, or (b) the connection was 'auto' but IPv6 failed or timed
out.
In this case, if there is a persistent connection that is 'auto' but
the generated connection is 'link-local', the persistent connection
should be used.
Add a more-testable framework for doing the connection matching to
handle this.
INFERRABLE means the opposite of CANDIDATE; a property which NetworkManager
can read ("infer") from the system or the kernel when generating
connections. CANDIDATE isn't a great name and thus dies.
platform/nm-linux-platform.c: In function 'build_rtnl_addr':
platform/nm-linux-platform.c:116:15: error: 'bcaddr' may be used uninitialized in this function [-Werror=maybe-uninitialized]
nl_addr_put (*object);
^
platform/nm-linux-platform.c:2264:32: note: 'bcaddr' was declared here
auto_nl_addr struct nl_addr *bcaddr;
^
We can only create virtual interfaces when the connection has autoconnect
property *and* the device was not manually disconnected before.
Without this commit NetworkManager would auto-activate all virtual connections
when a change was done (e.g. new virtual connection was addded).
When a device is initialized to be managed, it will transition through states
unmanaged -> unavailable -> disconnected. We don't want to remove software
devices during this initial transition to disconnected, because it prevents
auto-activation.
Test case:
$ nmcli con add type vlan ifname myvlan dev eth0 id 123
NM should immediately create myvlan interface and automatically activate it.
https://bugzilla.redhat.com/show_bug.cgi?id=1035814
When an activation request requires secrets, if there is a secret
agent in the process that made the request, then prefer that to all
other secret agents.
Rather than explicitly passing around a UID and a flag saying whether
or not it's relevant.
(This also fixes a bug where the wrong UID was being recorded in
nm-settings-connection.c::auth_start(), which caused problems such as
agent-owned secrets not getting saved because of a perceived UID
mismatch.)
Slaves have no IP configuration and should not have any IP settings.
This fixes connection comparison between generated slave connections
and persistent slave connections, as persistent slave connections won't
have any IP configuration.
This reverts commit 9a019f1fb5.
Generic connections should be bound to their interface names in a more generic
way instead of in nm-device.c. The Generic device itself should set the
attributes it needs when generating the connection, like other device types do.
This will be done in a following commit.
If the connection describes a bridge/bond/team/etc slave, where the
slave setting (like NMSettingBridgePort or NMSettingTeamPort) has all
default values, the setting does not get written out because the
plugin does not write default values. But then when reading the
connection back in, we need to add that all-default slave type setting
since it's required for a valid connection.
Zero values are actually valid values for various bridge options
and should be written out. Otherwise, when reading the property
back in, it gets assigned the default value which is often not
zero, causing the wrong value to be set in the connection.
Only properties with default values should not be written out.
In the migration to NMPlatform, support for ptp/peer addresses was
accidentally dropped. This broke OpenVPN configurations using 'p2p'
topology, which send a different peer address than the local address
for tunX, plus the server may also push routes that use the peer
address as the next hop. NetworkManager was unable to add these
routes, because the kernel had no idea how to talk to the peer,
because the peer's address was not assigned to any interface or
reachable over any routes.
Partly based on a patch from Dan Williams.
