If linklocal6_start() finds that the device already has an IPv6
link-local address and returns NM_ACT_STAGE_RETURN_FINISH, we don't
need to fill @out_config with an empty configuration. A non-NULL
@out_config is required only for ret = NM_ACT_STAGE_RETURN_SUCCESS.
Fixes: 396dc2b3b4
(cherry picked from commit 54d10f0ec1)
Seems that team changed to now also raise two change signals.
Relax the assertion that broke tests on Fedora 22.
(cherry picked from commit 1c2883c940)
During merge_and_apply(), we merge several NMIPxConfig into a new
@composite. For 'ignore-auto-routes' and 'ignore-auto-dns', we want to
prevent certain routes/dns-settings to be merged.
But it is wrong to reject settings from all partial configs.
For example, especially ext_ipx_config and vpn_ipx_config contain
routes that we still must merge and preserve.
This was recently changed by 79630c11e5
and previously by ab6548c621. But it was
wrong for a long time already.
Also note, that nm_ip4_config_merge() now also ignores NIS, WINS, and
dns-options.
https://bugzilla.gnome.org/show_bug.cgi?id=752546
Fixes: 79630c11e5
(cherry picked from commit 43e6f6a178)
The new flags are not yet used, so there is no change in functionality.
The flags NM_IP_CONFIG_MERGE_NO_ROUTES and NM_IP_CONFIG_MERGE_NO_DNS go
together with the 'ignore-auto-routes' and 'ignore-auto-dns' setting.
Note that for IPv4, NM_IP_CONFIG_MERGE_NO_DNS also ignores NIS, WINS, and dns-options.
This is different from current other places that handle 'ignore-auto-dns'
and only care about nameservers, domains, and searches.
(cherry picked from commit f7a8962dd4)
The MTU of 0 means default, not zero-length packets:
<warn> (wlp3s0): Lowering IPv6 MTU (1472) to match device MTU (0)
<warn> (wlp3s0): IPv6 MTU (0) smaller than 1280, adjusting
<warn> (wlp3s0): Raising device MTU (0) to match IPv6 MTU (1280)
<error> [1437068831.306733] [platform/nm-linux-platform.c:2440] sysctl_set(): platform-linux: sysctl: failed to set '/proc/sys/net/ipv6/conf/wlp3s0/mtu' to '1472': (22) Invalid argument
Reported-by: Jan Alexander Steffens <jan.steffens@gmail.com>
https://bugzilla.gnome.org/show_bug.cgi?id=752508
(cherry picked from commit a92d8b0c67)
Try to set the MTU of the parent Ethernet interface to match the
requested PPP MTU and MRU. This allows the negotiation of a PPP MTU
and MRU greater than 1492.
(cherry picked from commit 1d3eff45d2)
Commit d51975e changed, that we treat assumed and non-assumed
connections the same with respect to the default route. This is
certainly wrong, if we have an nm-generated-assumed connection
at hand. In this case, NM just generated a connection based on what
was configured on the system. Looking at that result and re-enforcing
the default-route is wrong.
We want to manage the default-route for assumed, persistent connections.
If the connection was assumed and generated, we do not.
This commit reverts d51975ed for nm-generated-assumed connection and
restores the previous behavior.
https://bugzilla.redhat.com/show_bug.cgi?id=1244483
Fixes: d51975ed92
(cherry picked from commit bebeff69e8)
Rename "default_route.v4_configure_first_time" to "v4_commit_first_time".
For one, the name "commit" matches better to the @commit variable in ip4_config_merge_and_apply()
and ip6_config_merge_and_apply(). Then, we don't need this information
only for default-routes, so move the variable out of the @default_route
struct.
(cherry picked from commit ad03cdbc73)
When generating a connection to assume it, also record the route-metric.
Do that by looking at the metric of the (best) default-route.
This is especially important since d51975ed92.
Now NM would also manage the default-route for assumed connections.
So the generated assumed connection would have a route metric based on
the device type, which might differ from the external configuration.
This caused NM to replace the externally configured default-route.
https://bugzilla.gnome.org/show_bug.cgi?id=750405
(cherry picked from commit bc75cd53a8)
This introduces a global metered property which makes easier for
clients to obtain the metered status of the current primary
connection.
(cherry picked from commit 04d5804dd5)
Change type of return value and 'def' argument of svTrueValue() to
gint to make clear that it can be something different from TRUE and
FALSE.
(cherry picked from commit 862fd91df0)
The metered property of a NMDevice that reaches the activated state is
copied from the active connection and if its value is 'unknown' some
heuristics are used to guess the actual value.
When the connection is torn down the metered property is reset to
'unknown'.
(cherry picked from commit a86255a043)
Some versions of Android's DHCP server send option 43 (Vendor specific
information) with value "ANDROID_METERED" in Wi-Fi hotspot mode.
Mark the NMIP4Config as metered when such option is received.
(cherry picked from commit 1e39b2320d)
This adds support for DHCP option 43 (Vendor Specific Information) to
the internal DHCP client. The option carries an opaque object of n
octets, interpreted by vendor-specific code on the clients and
servers.
(cherry picked from commit 3c2f4a17f9)
Some DHCP servers send specific options to give a hint that clients
should avoid unneeded data usage.
Add a metered flag to NMIP4Config to keep track of this information.
(cherry picked from commit 68db65b727)
This makes wifi preferred to wwan (the modem and bluetooth device types
to be specific) by default, so that users that care about being
connected at all times can keep both enabled with auto-connect. As wifi
is usually unmetered and often faster than wwan, it makes sense to
prefer it. This is also how pretty much every smart-phone in the world
behaves, so it aligns better with user expectations too.
https://bugzilla.gnome.org/show_bug.cgi?id=744754
(cherry picked from commit 3efb6740fc)
In most cases, when syncing routes, we should only remove routes
that were configured by us previously. Otherwise, there is a race
that we can remove routes added externally.
Now, when applying IP configuration for a device, only do a full-sync
at the first time when we activate the device. Later on, only remove
routes that were added by us.
(cherry picked from commit 8b015826e6)
Add an argument @full_sync to the sync method of NMRouteManager.
@full_sync was what we did up to now, meaning, we removed every
route on the interface that was no on our internal list of known
routes.
Now with !@full_sync, only remove routes that were tracked previously.
This means, we will only remove routes that were added by us previously.
Don't make use of the new option yet. So there is no change of behavior
yet.
(cherry picked from commit 65f2090cc2)
Coverity detected that it was always-true:
src/platform/nm-linux-platform.c:4035: dead_error_line: Execution cannot reach the expression "preferred != 0U" inside this statement: "if (lifetime != 0U || lifet...".
(cherry picked from commit da612acc6a)
It is wrong to only consider internal_gateway of the VPN connection.
Instead, we must first set the gateway of NMIP4Config and then overwrite
it with the connection settings.
(cherry picked from commit 691ebbdc43)
For non-tunnel based VPNs (openswan, libreswan), we must
clear the gateway setting. The default route is managed
by NMDefaultRouteManager, and we must not overwrite the
gateway of the parent device.
This fixes a bug if the VPN connection specifies a gateway, it
would have overwritten the gateway of the underlying device.
(cherry picked from commit 1465c1d326)
The gateway property of NMIP4Config/IP6Config determines the next hop
for the default route. That is different from the @external_gw property
of the VPN which is the address of the world-reachable VPN gateway.
It is wrong to set the gateway of the VPN's IP config to the external gateway.
This causes ip4_config_merge_and_apply() to overwrite the gateway of the
underlying device.
Instead, NMDefaultRouteManger gets the gateway directly from the VPN
connection by quering nm_vpn_connection_get_ip4_internal_gateway().
(cherry picked from commit 5cd1316100)
When a VPN has no default route, it is wrong to enforce the absence
of a default route on that device. Instead, if there is no default
route, NMDefaultRouteManager should just forget about the route.
This is especially important, because for VPN types like openswan
there is no distinct tunnel interface. Instead, it shares the ifindex
with the parent-device.
Note that devices usually only enforce their default-route for a short
time and afterwards switch to non-synced. If that happens and there
is a VPN that enforces the absense of the default route on that device,
we end up deleting the default route.
(cherry picked from commit 16d0850c37)
We currently don't manage a veth inside a container despite we should because
it's an externally configured software interface and thus waits for IFF_UP.
Given veths are prevented from being managed outside of a container by an udev
rule anyway it's safe to lift the external IFF_UP requirement for them.
(cherry picked from commit bcc79cc0eb)
NetworkManager uses wpa_supplicant, which in turn calls OpenSSL for verifying
certificates. wpa_supplicant calls
SSL_CTX_load_verify_locations(ctx, CAfile, CApath)
using its ca_cert and ca_path options as CAfile and CApath parameters.
We have a configure time option with_system_ca_path to override ca_path.
However, it doesn't work when a system (like Fedora) only uses bundled PEM
certificates instead of a directory with hashed certificates ([1], [2]).
So this commit allows setting --with_system_ca_path to a file name (the
trusted certificate bundle). Then the name is used to populate wpa_supplicant's
ca_cert instead of ca_path.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1053882
[2] https://www.happyassassin.net/2015/01/12/a-note-about-ssltls-trusted-certificate-stores-and-platforms/https://bugzilla.redhat.com/show_bug.cgi?id=1236548
(cherry picked from commit 640eb8f284)
