Don't necessarily fail the entire connection if a duplicate IPv4
address is detected, but instead look at the may-fail property and at
the outcome of IPv6.
https://bugzilla.redhat.com/show_bug.cgi?id=1508001
(cherry picked from commit 14ad1d0cd1)
Don't include unrealized devices in checkpoint because, as the name
says, they are not real.
While at it, remove nm_manager_get_device_paths() as it is no longer
used.
(cherry picked from commit 974f21eca3)
The order of elements in array properties was inverted when
reconstructing the array. Keep the original order from D-Bus.
(cherry picked from commit c90118ff60)
This was added by commit 979b8920b4
(core: move virtual device autoconnect tracking bits out of NMManager)
to avoid autoconnecting software devices repeatedly. That was done,
because disconnecting a software device would delete the NMDevice
instance, and there is no property on a device to prevent autoconnect.
In the meantime, we only unrealize software devices and don't delete
them entirely. Also, the autoconnect-blocked flags of the device are
preserved when the device unrealized.
It was anyway odd, that deactivating one software-device would block
autoconnection for all matching connections.
(cherry picked from commit 146fbfab33)
- split NM_DEVICE_AUTOCONNECT_BLOCKED_INTERN in two parts:
"wrong-pin" and "manual-disconnect". Setting/unsetting them
should be tracked differently, as their reason differs.
- no longer initialize/clear the autoconnect-blocked reasons
during realize/unrealize of the device. Instead, initialize
it once when the object gets created (nm_device_init()), and
keep the settings beyond unrealize/realize cycles. This only
matters for software devices, as regular devices get deleted
after unrealizing once. But for software devices it is essential,
because we don't want to forget the autoconnect settings of
the device instance.
- drop verbose logging about blocking autoconnect due to failed
pin. We already log changes to autoconnect-blocked flags with
TRACE level. An additional message about this particular issue
seems not necessary at INFO level.
- in NMManager's do_sleep_wake(), no longer block autoconnect
for devices during sleep. We already unmanage the device, which
is a far more effective measure to prevent activation. We should
not also block autoconnect.
(cherry picked from commit 3c2b9485a7)
The flags allow for more then two reasons. Currently the only reasons
for allowing or disallowing autoconnect are "user" and "intern".
It's a bit odd, that NMDeviceAutoconnectBlockedFlags has a negative
meaning. So
nm_device_set_autoconnect_intern (device, FALSE);
gets replaced by
nm_device_set_autoconnect_blocked_set (device, NM_DEVICE_AUTOCONNECT_BLOCKED_INTERN);
and so on.
However, it's chosen this way, because autoconnect shall be allowed,
unless any blocked-reason is set. That is, to check whether autoconnect
is allowed, we do
if (!nm_device_get_autoconnect_blocked (device, NM_DEVICE_AUTOCONNECT_BLOCKED_ALL))
The alternative check would be
if (nm_device_get_autoconnect_allowed (device, NM_DEVICE_AUTOCONNECT_ALLOWED_ALL) == NM_DEVICE_AUTOCONNECT_ALLOWED_ALL)
which seems odd too.
So, add the inverse flags to block autoconnect.
Beside refactoring and inverting the meaning of the autoconnect
settings, there is no change in behavior.
(cherry picked from commit 5279ab5be6)
nm_device_can_auto_connect() only has one caller, auto_activate_device()
in NMPolicy.
That caller already checks whether the connection has autoconnect
enabled, so drop the duplicate check.
This saves some duplication, but it also makes some sense:
NMSettingsConnection has a complex blocking of autoconnect,
so just looking at connection.autoconnect is not enough in
any case to determine whether the connection should autoconnect.
We move thus more handling of autoconnect to NMPolicy, where
it belongs.
(cherry picked from commit 6fff832fe3)
OLPC devices cannot autoconnect, according to can_auto_connect().
We should instead reject any attempt to autoconnect earlier, via
get_autoconnect_allowed().
(cherry picked from commit 7074b88a6a)
Derived classes should not modify or overwrite this essential behavior
of can_auto_connect(). It doesn't belong to the virtual function.
(cherry picked from commit 715aebe08a)
Currently the ifcfg-rh plugin doesn't explicitly store the connection
type for team slaves and is only able to read back ethernet and vlan
connections.
Leave this unchanged for ethernet and vlan slaves, but store the TYPE
variable for other connection types (Wi-Fi and Infiniband) so that we
can properly determine their type when the connection is read.
(cherry picked from commit 29a576496e)
Insert the new gateway at the end when it has the least preference.
Fixes the following runtime error:
src/ndisc/nm-ndisc.c:204:_ASSERT_data_gateways: assertion failed:
(_preference_to_priority (item_prev->preference) >=
_preference_to_priority (item->preference))
Change the activation procedure for connections that require secrets
in the following way:
- nmcli creates a secret-agent and leaves it disabled so that
incoming requests are queued
- nmcli calls ActivateConnection()
- when the method returns success, the secret-agent gets enabled and
all queued requests are processed
When the user activates a connection which is already auto-activating,
NM will deactivate the current active-connection and will call
CancelGetSecrets() for it before the new ActivateConnection()
returns. In this way, when the secret-agent is enabled by nmcli, we
have the guarantee that there aren't any queued requests for
the deactivating connections.
https://bugzilla.redhat.com/show_bug.cgi?id=1438476
`systemctl start network-online.target` should suffice to start
"NetworkManager.service".
That would work because
- "network-online.target" has "Wants=NetworkManager-wait-online.service"
- "NetworkManager-wait-online.service" has "Require=NetworkManager.service".
But previously, "NetworkManager-wait-online.service" would just
fail with missing dependency.
See also https://github.com/systemd/systemd/pull/6065 which does the
same for networkd's wait-online serice, and see rh#1452866 for a
use-case.
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1452866
Don't compile ovs support when the RPM is built --without=ovs, to fix
the following error:
error: Installed (but unpackaged) file(s) found:
/usr/lib/systemd/system/NetworkManager.service.d/NetworkManager-ovs.conf
/usr/lib64/NetworkManager/libnm-device-plugin-ovs.so
/usr/share/man/man7/nm-openvswitch.7.gz
Fixes: 830a5a14cb
The number of authentication retires is useful also for passwords aside
802-1x settings. For example, src/devices/wifi/nm-device-wifi.c also has
a retry counter and uses a hard-coded value of 3.
Move the setting, so that it can be used in general. Although it is still
not implemented for other settings.
This is an API and ABI break.
Some cleanup of handling autoconnect behavior.
The introduction of NMSetting8021x:auth-retries property,
changes behavior in that password retries are no longer
controlled by NMSettingConnection:autoconnect-retries property.
https://bugzilla.redhat.com/show_bug.cgi?id=1401515
Only NMPolicy should be concerned with handling autoconnect, and
blocking it.
Move the code. Note that there is a slight possible change in
behavior, as the order of when the connection is blocked changes,
based on the different times when the device changed signal gets
executed. But that shouldn't be a problem.
Since commit 4a6fd0e83e (device: honor the
connection.autoconnect-retries for 802.1X) and the related bug bgo#723084,
we reuse the autoconnect-retries setting to control the retry count
for requesting passwords.
I think that is wrong. These are two different settings, we should not
reuse the autoconnect retry counter while the device is still active.
For example, the user might wish to set autoconnect-retries to infinity
(zero). In that case, we would retry indefinitly to request a password.
That could be problematic, if there is a different issue with the
connection, that makes it appear tha the password is wrong.
A full re-activation might succeed, but we would never stop retrying
to authenticate. Instead, we should have two different settings for
retrying to authenticate and to autoconnect.
This is a change in behavior compared to 1.8.
It has almost no callers, and it is a bit of a strange API. Let's
not cache the last accessed value inside NMConfigData. Instead, free
it right after use. It was not reused anyway, it only hangs around
as convenience for the caller.
