Commit graph

30216 commits

Author SHA1 Message Date
Thomas Haller
e042011be4 dhcp/trivial: add comment about nm_dhcp_utils_merge_new_dhcp6_lease()
(cherry picked from commit 70cbf3dc1e)
2022-06-29 15:29:51 +02:00
Thomas Haller
f82c6d06e5 dhcp: move code in "nm-dhcp-client.c"
So that it makes more sense, related parts are closer together.

(cherry picked from commit 8d121b17b5)
2022-06-29 15:29:33 +02:00
Thomas Haller
01bcde8ab0 glib-aux: add nm_g_bytes_ref() helper
g_bytes_ref() does not accept NULL. But doing so can be convenient,
add a helper for that.

Note that g_bytes_unref() does accept NULL, so there is no corresponding
helper.

(cherry picked from commit 222f404928)
2022-06-29 15:26:18 +02:00
Thomas Haller
fa4fcf6142 dhcp: minor code cleanups in "nm-dhcp-client.c"
(cherry picked from commit 1093e66776)
2022-06-29 15:25:59 +02:00
Thomas Haller
3f1b53c851 dhcp: use GSource for watching child process instead of numeric source id
(cherry picked from commit c8542a5d50)
2022-06-29 15:25:46 +02:00
Thomas Haller
ea7ad68ed2 dhcp: cleanup reason_to_state() in "nm-dhcp-client.c"
- use NM_IN_STRSET_ASCII_CASE().
- don't use else block after we return.
- don't accept the "iface" argument just for logging. The caller
  can do the logging, if they wish.

(cherry picked from commit 9b9c07530c)
2022-06-29 15:25:06 +02:00
Beniamino Galvani
09b0014a01 platform: fix routing rule test failure
Since kernel 5.18 there is a stricter validation [1][2] on the tos
field of routing rules, that must not include ECN bits.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f55fbb6afb8d701e3185e31e73f5ea9503a66744
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a410a0cf98854a698a519bfbeb604145da384c0e

Fixes the following failure:

  >>> src/core/platform/tests/test-route-linux
  >>> ...
  # NetworkManager-MESSAGE: <warn>  [1656321515.6604] platform-linux: do-add-rule: failure 22 (Invalid argument - Invalid dsfield (tos): ECN bits must be 0)
  >>> failing... errno=-22, rule=[routing-rule,0x13d6e80,1,+alive,+visible; [6] 0: from all tos 0xff fwmark 0x4/0 suppress_prefixlen -459579276 action-214 protocol 255]
  >>> existing rule: * [routing-rule,0x13d71e0,2,+alive,+visible; [6] 0: from all sport 65534 lookup 10009 suppress_prefixlen 0 none]
  >>> existing rule:   [routing-rule,0x13d7280,2,+alive,+visible; [4] 0: from all fwmark 0/0x9a7e9992 ipproto 255 suppress_prefixlen 0 realms 0x00000008 none protocol 71]
  >>> existing rule:   [routing-rule,0x13d7320,2,+alive,+visible; [6] 598928157: from all suppress_prefixlen 0 none]
  >>> existing rule:   [routing-rule,0x13d73c0,2,+alive,+visible; [4] 0: from 192.192.5.200/8 lookup 254 suppress_prefixlen 0 none protocol 9]
  >>> existing rule:   [routing-rule,0x13d7460,2,+alive,+visible; [4] 0: from all ipproto 3 suppress_prefixlen 0 realms 0xffffffff none protocol 5]
  >>> existing rule:   [routing-rule,0x13d7500,2,+alive,+visible; [4] 0: from all fwmark 0x1/0 lookup 254 suppress_prefixlen 0 action-124 protocol 4]
  >>> existing rule:   [routing-rule,0x13d75a0,2,+alive,+visible; [4] 0: from all suppress_prefixlen 0 action-109]
  0:      from all fwmark 0/0x9a7e9992 ipproto ipproto-255 realms 8 none proto 71
  0:      from 192.192.5.200/8 lookup main suppress_prefixlength 0 none proto ra
  0:      from all ipproto ggp realms 65535/65535 none proto 5
  0:      from all fwmark 0x1/0 lookup main suppress_prefixlength 0 124 proto static
  0:      from all 109
  0:      from all sport 65534 lookup 10009 suppress_prefixlength 0 none
  598928157:      from all none
  Bail out! nm:ERROR:../src/core/platform/tests/test-route.c:1787:test_rule: assertion failed (r == 0): (-22 == 0)

Fixes: 5ae2431b0f ('platform/tests: add tests for handling policy routing rules')
(cherry picked from commit bf9a2babb4)
2022-06-27 13:33:30 +02:00
Beniamino Galvani
4baec297f4 core: avoid stale entries in the DNS manager for non-virtual devices
_dev_l3_register_l3cds() schedules a commit, but if the device has
commit type NONE, that doesn't emit a l3cd-changed. Do it manually,
to ensure that entries are removed from the DNS manager.

Related: b86388bef3 ('core: avoid stale entries in the DNS manager')
Fixes: 58287cbcc0 ('core: rework IP configuration in NetworkManager using layer 3 configuration')

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/995
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1268
(cherry picked from commit f8885d0724)
2022-06-24 13:34:42 +02:00
Beniamino Galvani
7368f322f8 device: stop ac6 grace time when ip6ll is ready in shared mode
The IPv6 shared mode starts IPv6 autoconf to send router
advertisements. IPv6 autoconf schedules a 30-second timeout waiting
for a link-local address to appear. When the link-local address
appears, we need to cancel the timeout.

Fixes: 58287cbcc0 ('core: rework IP configuration in NetworkManager using layer 3 configuration')

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1030
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1266
(cherry picked from commit a216739e09)
2022-06-22 18:07:44 +02:00
Thomas Haller
abfff502cc wifi: merge branch 'owe-fixes'
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1259

(cherry picked from commit bffb753515)
2022-06-20 16:49:05 +02:00
David Bauer
52bc3542a6 nmcli: distinguish OWE-TM from OWE BSS
Distinguish a OWE-TM enabled BSS (which itself is unencrypted) from the
OWE BSS actually employing encryption.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 02e35f5b20)
2022-06-20 16:49:05 +02:00
David Bauer
9f0c1bfb96 libnm: fix compatibility of OWE-TM with unsecure profiles
A unsecure profile can be used with a OWE-TM network, in which case it
uses the non-OWE BSS.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 21a19383c8)
2022-06-20 16:49:05 +02:00
David Bauer
10a7ff5e55 supplicant/config: supplicant: prevent OWE downgrade
Prevent downgrade of Enhanced Open / OWE connection profiles
to unencrypted connections by forcing wpa_supplicant to use OWE.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 482885e6e9)
2022-06-20 16:49:05 +02:00
Beniamino Galvani
58fa224581 release: bump version to 1.38.3 (development) 2022-06-16 13:53:20 +02:00
Beniamino Galvani
abfd2d6ea7 release: bump version to 1.38.2 2022-06-16 13:53:20 +02:00
Beniamino Galvani
3fe8d61101 NEWS: update 2022-06-16 13:36:22 +02:00
Thomas Haller
a9b0b269a6
l3cfg: fix comparing "has-dns-priority" flag in nm_l3_config_data_cmp_full()
Fixes: cb29244552 ('core: support compare flags in nm_l3_config_data_cmp_full()')
(cherry picked from commit 8e86cfb8ab)
2022-06-16 12:34:59 +02:00
Thomas Haller
f58ef8058e
wifi: fix crash in NMDeviceWifi.check_connection_compatible() checking WEP capability
https://bugzilla.redhat.com/show_bug.cgi?id=2092782

Fixes: feee84aac4 ('wifi: mark WEP connections incompatible if supplicant lacks capability')
(cherry picked from commit fe7bdaa7e4)
2022-06-16 12:34:56 +02:00
Ana Cabral
77b48a906e
rpm: move ifcfg scripts directory to the NetworkManager package
NetworkManager does not support by default legacy ifcfg configuration
files anymore, this support is now provided in a separate package
(https://fedoramagazine.org/converting-networkmanager-from-ifcfg-to-keyfiles/).

ifcfg directory (/etc/sysconfig/network-scripts/) should always be present,
regardless of NetworkManager support for network scripts. This change makes the
directory always present, not only when the recently splitted ifcfg subpackage
is installed, and also make it persistent after the package removal.

Fixes: 50a6627fd7 ('rpm: split ifcfg-rh settings plugin into a separate package')
(cherry picked from commit 0415d904cb)
2022-06-16 12:34:51 +02:00
Beniamino Galvani
05e8c5511b merge: branch 'bg/ppp-race-rh2085382'
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1240
https://bugzilla.redhat.com/show_bug.cgi?id=2085382

(cherry picked from commit d98d72c061)
2022-06-14 12:32:59 +02:00
Beniamino Galvani
e95b44bacb ppp: don't remove addresses from interface while IPCP/IPV6CP is running
pppd also tries to configure addresses by itself through some
ioctls. If we remove between those calls an address that was added,
pppd fails and quits.

To avoid this race condition, don't remove addresses while IPCP and
IPV6CP are running. Once pppd sends an IP configuration, it has
finished configuring the interface and we can proceed normally.

https://bugzilla.redhat.com/show_bug.cgi?id=2085382
(cherry picked from commit b41b11d613)
2022-06-14 12:32:59 +02:00
Beniamino Galvani
59ef1b4c78 core: add nm_l3cfg_block_obj_pruning()
Add a function prevent the removal of addresses and routes from the
interface for a given address family.

(cherry picked from commit e8275d7139)
2022-06-14 12:32:59 +02:00
Beniamino Galvani
1c158a5f37 device: ensure DHCP is restarted every time the link goes up
Currently we call nm_device_update_dynamic_ip_setup() in
carrier_changed() every time the carrier goes up again and the device
is activating, to kick a restart of DHCP.

Since we process link events in a idle handler, it can happen that the
handler is called only once for different events; in particular
device_link_changed() might be called once for a link-down/link-up
sequence.

carrier_changed() is "level-triggered" - it cares only about the
current carrier state. nm_device_update_dynamic_ip_setup() should
instead be "edge-triggered" - invoked every time the link goes from
down to up. We have a mechanism for that in device_link_changed(), use
it.

Fixes-test: @ipv4_spurious_leftover_route

https://bugzilla.redhat.com/show_bug.cgi?id=2079406
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1250
(cherry picked from commit d6429d3ddb)
2022-06-11 18:29:55 +02:00
Beniamino Galvani
0c89c3a7bd ppp: merge branch 'ppp-ip6-dns'
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1254

(cherry picked from commit 31d7131126)
2022-06-09 16:28:18 +02:00
Dominique Martinet
423e5e5011 ppp-manager: ip6: set interface mtu based on ppp config
impl_ppp_manager_set_ip4_config always has been setting interface mtu
based on ppp configuration: do the same for ip6 in case it matters.

(cherry picked from commit 4d7b494eb3)
2022-06-09 16:28:18 +02:00
Dominique Martinet
d04eba0c40 ppp-manager: ip6: fix dns not being used
ipv6 DNS received on ppp interface were being ignored because their
priority was not set.
Fix this by using default priority in impl_ppp_manager_set_ip6_config(),
as was done for ip4_config in b2e559fab2 ("core: initialize l3cd
dns-priority for ppp and wwan")

Fixes: 58287cbcc0 ('core: rework IP configuration in NetworkManager using layer 3 configuration')

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1022
(cherry picked from commit 6991333bc0)
2022-06-09 16:28:18 +02:00
Beniamino Galvani
83ee0f0779 device: fix memory leak
l3cd instances must be removed from the old l3cfg before calling
_cleanup_ip_pre(). Otherwise, _cleanup_ip_pre() unregisters them from
the device, and later _dev_l3_register_l3cds(self, l3cfg_old, FALSE,
FALSE) does nothing because the device doesn't have any l3cd.

Previously the l3cds would linger in the l3cfg, keeping a reference to
it and causing a memory leak; the leak was not detected by valgrind
because the l3cfg was still referenced by the NMNetns.

Fixes: 58287cbcc0 ('core: rework IP configuration in NetworkManager using layer 3 configuration')
Fixes-test: @stable_mem_consumption2

https://bugzilla.redhat.com/show_bug.cgi?id=2083453

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1252
(cherry picked from commit f69a1cc874)
2022-06-09 09:39:26 +02:00
Thomas Haller
1143edcff6
platform: avoid struct alignment issue for NMPlatformIP4Address
On m68k we get a static assertion, that NMPlatformIP4Address.address
is not at the same offset as NMPlatformIPAddress.address_ptr.

On most architectures, the bitfields fits in a gap between the fields,
but not on m68k, where integers are 2-byte aligned.

(cherry picked from commit 0634dfd510)
2022-05-19 16:14:36 +02:00
Thomas Haller
d1d91a91f4
glib-aux/tests: fix and extend static assertions for NMIPAddr alignment
On m68k, integers are 2-byte aligned. Hence the assertion was wrong.

What we really want to check, is that NMIPAddr has not a smaller
alignment than in_addr_t and similar.

While at it, also assert the alignment for NMEtherAddr.

(cherry picked from commit 835554a4db)
2022-05-19 16:14:35 +02:00
Thomas Haller
6169ad5930
glib-aux: fix static assertion for alignment of NMIPAddr for m68k
On m68k, 32-bit integers are 2-byte aligned, causing the assertion to fail.
Relax the check, it's good enough still.

(cherry picked from commit 705e776776)
2022-05-19 15:09:21 +02:00
Thomas Haller
0020e1a940
platform,core: merge branch 'th/platform-struct-packing'
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1217

(cherry picked from commit 265a4a07bd)
2022-05-19 11:43:31 +02:00
Thomas Haller
5167525684
platform: reorder fields in __NMPlatformIPRoute_COMMON for tight packing
(cherry picked from commit fd4ddd8d40)
2022-05-19 11:42:24 +02:00
Thomas Haller
34e53b52dc
platform: use flexible array members for "NMPlatformIPAddress.address_ptr"/"NMPlatformIPRoute.network_ptr"
Try to workaround a coverity warning:

 30. NetworkManager-1.39.3/src/core/vpn/nm-vpn-connection.c:2000:
     overrun-buffer-val: Overrunning array "address.ax.address_ptr" of 1
     bytes by passing it to a function which accesses it at byte offset 3.

(cherry picked from commit a34bad8b52)
2022-05-19 11:42:22 +02:00
David Rheinsberg
a83c884fb6
c-rbtree: fix alignment assertion on m64k
We want to assert that our alignment-guarantees do not exceed the
guarantees of the system-linker or system-allocator on the target
platform. Hence, we check against max_align_t. This is a lower bound,
but not the exact check we actually want. And as it turns out, on m64k
it is too low. Add a static check against 4-byte alignment for m64k as
a workaround.

Reported-by: Michael Biebl
Signed-off-by: David Rheinsberg <david.rheinsberg@gmail.com>

https://github.com/c-util/c-rbtree/issues/9
eb778d3969
(cherry picked from commit 78831d127f)
2022-05-18 12:01:11 +02:00
Thomas Haller
cd817cdf45
systemd: drop "nm-sd-utils-core.h" and nm_sd_utils_id128_get_machine()
This was only for unit testing, to check whether our reader
for "/etc/machine-id" agrees with systemd's.

That unit test was anyway flawed, because it actually accesses
the machine-id on the test system.

Anyway. Drop this. Most likely our parser is good enough, and
if we get a bug report with a defect, we can unit test against
that.

(cherry picked from commit 747d7dcfe3)
2022-05-18 08:47:19 +02:00
Beniamino Galvani
1dbcc1c441 device: don't require a hardware address for DHCPv6
DHCPv4 requires a hardware address, while DHCPv6 does not.

Anyway, the DHCP manager already checks that an address is available
when needed, so drop the check here.

Fixes: 58287cbcc0 ('core: rework IP configuration in NetworkManager using layer 3 configuration')

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1228
(cherry picked from commit 9bc7278da3)
2022-05-17 18:17:05 +02:00
Thomas Haller
3246577366
contrib/rpm: reorder variable in spec file and set rpm_version
On recent Fedora and RHEL we no longer have differing "rpm_version"
and "real_version". So usually "rpm_version" is just the same as
"real_version".

Update the template spec file to reflect that. For the "build_clean.sh"
script, we anyway always set them both to "__VERSION__".

(cherry picked from commit 6bada7fb9e)
2022-05-13 11:28:06 +02:00
Thomas Haller
3a1e1df43c
release: bump version to 1.38.1 (development) 2022-05-13 11:13:35 +02:00
Thomas Haller
5704730a6c
release: bump version to 1.38.0 2022-05-13 11:13:34 +02:00
Thomas Haller
3c1e2afaa9
NEWS: update 2022-05-13 11:12:41 +02:00
Thomas Haller
921dadf158
libnm: merge branch 'th/libnm-infiniband-fixes'
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1223

(cherry picked from commit 3a69aa50b8)
2022-05-12 15:56:56 +02:00
Thomas Haller
3bfde56239
libnm: reject infiniband.p-key set to 0, 0x8000
Kernel does not allow this ([1], [2]).

Usually tightening the verification is a break of API. But in this case,
no user had a working configuration that is breaking. At worst, they
had a broken profile that no longer loads.

We also filter those from _infiniband_add_add_or_delete(), since [3].

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/infiniband/ulp/ipoib/ipoib_main.c?id=f443e374ae131c168a065ea1748feac6b2e76613#n2394
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/infiniband/ulp/ipoib/ipoib_vlan.c?id=f443e374ae131c168a065ea1748feac6b2e76613#n116
[3] eab817d34a

(cherry picked from commit 7012b9001a)
2022-05-12 15:56:56 +02:00
Thomas Haller
d476851ee7
libnm: fix crash validating infiniband profiles for interface-name
A virtual infiniband profile (with p-key>=0) can also contain a
"connection.interface-name". But it is required to match the
f"{parent}.{p-key}" format.

However, such a profile can also set "mac_address" instead of "parent".
In that case, the validation code was crashing.

  nmcli connection add type infiniband \
     infiniband.p-key 6 \
     infiniband.mac-address 52:54:00:86:f4:eb:aa:aa:aa:aa:52:54:00:86:f4:eb:aa:aa:aa:aa \
     connection.interface-name aaaa

The crash was introduced by commit 99d898cf1f ('libnm: rework caching
of virtual-iface-name for infiniband setting'). Previously, it would not
have crashed, because we just called

  g_strdup_printf("%s.%04x", priv->parent, priv->p_key)

with a NULL string. It would still not have validated the connection
and passing NULL as string to printf is wrong. But in practice, it
would have worked mostly fine for users.

Fixes: 99d898cf1f ('libnm: rework caching of virtual-iface-name for infiniband setting')
(cherry picked from commit fd5945b408)
2022-05-12 15:56:55 +02:00
Lubomir Rintel
c2b9762422 nmcli/devices: fix sorting of APs
Sort WEP access points as intended -- down, not up.

Fixes: 550e3bbdd8 ('cli: device: color WEP APs differently in "wifi list"')

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1224
(cherry picked from commit 3d82380e4d)
2022-05-12 14:38:04 +02:00
Lubomir Rintel
adb1d43f66 nmcli/devices: check connection created with "wifi connect"
We want to warn the user if they're connecting to an insecure network:

  $ nmcli d wifi
  IN-USE  BSSID              SSID             MODE   CHAN  RATE       SIGNAL  BARS  SECURITY
          BA:00:6A:3C:C2:09  Secured Network  Infra  2     54 Mbit/s  100     ▂▄▆█  WPA3
          FA:7C:46:CC:9F:BE  Ye Olde Wlan     Infra  1     54 Mbit/s  100     ▂▄▆█  WEP
  $ nmcli d wifi connect 'Ye Olde Wlan'
  Warning: WEP encryption is known to be insecure.
  ...

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1224
(cherry picked from commit bf9a11f7c7)
2022-05-12 14:38:03 +02:00
Lubomir Rintel
fbb952fcb4 nmcli/connections: export nmc_connection_check_deprecated()
It's going to be useful with "nmcli dev wifi connect" that also creates
a connection that should be checked.

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1224
(cherry picked from commit 2dbbea3f10)
2022-05-12 14:38:02 +02:00
Thomas Haller
fb5f2f25bc
dhcp: merge branch 'th/dhcpv6-otherconf-ignore-addr'
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1220

(cherry picked from commit 19a96f64ed)
2022-05-11 19:09:04 +02:00
Thomas Haller
476e007d04
dhcp: fix ignoring addresses with DHCPv6 otherconf (O flag)
With O flag (otherconf mode), don't add the IPv6 addresses to the
collected lease.

An alternative would be to add it initially, but ignore it when
merging the configuration in NML3Cfg. The idea of that would be that if
the mode switches from otherconf to managed, that we already have the
address. However, depending on the mode we made a different DHCPv6
request. That means, if the mode changes we anyway cannot just use the
previous lease, because it might not contain all the information. So
it seems better to ignore the address early.

Fixes: 58287cbcc0 ('core: rework IP configuration in NetworkManager using layer 3 configuration')

https://bugzilla.redhat.com/show_bug.cgi?id=2083968
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/953

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1220
(cherry picked from commit 2875ad7e50)
2022-05-11 19:09:02 +02:00
Thomas Haller
29e90e4722
dhcp: fix setting "-S" flag for dhclient info-only requests
Fixes: 58287cbcc0 ('core: rework IP configuration in NetworkManager using layer 3 configuration')
(cherry picked from commit 41df480fdd)
2022-05-11 19:09:02 +02:00
Thomas Haller
6ad3694fc5
dhcp: always explicitly set request/information-request flags for internal DHCPv6 client
It seems clearer to explicitly set this always, and not rely on the
defaults.

(cherry picked from commit bacd3e1482)
2022-05-11 19:09:02 +02:00