If the device has a valid generated connection, it's already applied
and the device is already "activated" outside NM, so let activation
happen inside NM regardless of whether the device is available or not
according to NM.
In the case of autoconnect VLANs or IB partitions, if the parent interface
hasn't been detected yet at startup, then the get_virtual_interface_name()
won't be able to find the parent yet. That's normal, and when the parent
is found, system_create_virtual_device() will be run again and the parent
will be found, and the autoconnect VLAN/IB partition will be created.
But we shouldn't warn that the parent can't be found when that might be
a normal occurance.
Only NMSettingsConnections can be activated on device, and
get_connection() wasn't doing that. So the generated connection
must be added to NMSettings. That also triggers the
ConnectionProvider's 'connection-added' signal with the happy
result of adding the new connection to the device's
AvailableConnections list.
Acked-by: Dan Williams <dcbw@redhat.com>
Previously, ignore-carrier devices were always in the unavailable state
until they were activated. This required some complicated code to keep
track of whether the device was available or not based on what connections
existed, whether those connections were static-IP, and whether the device
was ignore-carrier. Various bits of the code used nm_device_can_activate()
for two different purposes: (1) to determine if the device was available
on an L2 basis, which nm_device_can_activate() wasn't well-suited to, and
(2) whether a specific connection could be activated at a given time
based on ignore-carrier and whether the connection was static IP or not.
Remove that complexity and confusion by making ignore-carrier devices
always move to DISCONNECTED state, and simply refuse to activate
connections that require connectivity, but allow connections that don't
require connectivity. Also, when the device has no carrier, don't
add connections that require connectivity to the AvailableConnections
device property.
When settings are NULL or empty in impl_manager_add_and_activate_connection(),
the connection is created and completed by nm_utils_complete_generic() or
nm_device_complete_connection().
Also, do not assert in nm_connection_is_type(). Returning FALSE there is
sufficient.
Related commit a878cd8145
When called with a connection path, activates that connection.
When called without a connection path, picks the best available
connection to activate for that device.
Doesn't work with VPN connections because they don't have devices.
Besides killing PendingActivation, this patch decouples ActiveConnection
creation from actually activating that connection. This allows the
ActiveConnection to complete authorization asynchronously. This will
also be used in the future for handling the DEACTIVATING state of devices
(for "pre-down" functionality).
We need to track the master active connection, since it may require authentication
or other operations to complete before the device actually starts activating.
We want to create the object earlier now, and figuring out the master is
a lot of code that we don't want to run before creating the object. The
master still must be set before exporting the object over D-Bus though,
as before.
Eventually the manager will create both NMActRequest and
NMVPNConnection subclasses directly, instead of leaving
NMVPNConnection creation to the VPN manager.
This also ensures that VPN connections get their user_requested
attribute set correctly, which wasn't happening before in the
case of secondary VPN connections.
When we eventually do authorization in the ActiveConnection itself,
we want to make sure the AC doesn't get exported until everything
is authorized. Thus let the manager handle exporting the objects
since it knows when the AC will be authorized or not.
Do less authentication in the PA and make the DBusGMethodInvocation
opaque to the PA. This pushes the responsibility for replying to
the D-Bus method call closer to the D-Bus method handler instead
of stuffing it all into the PA. This does mean we need to get
the D-Bus sender name and the sender UID and pass that into the
pending_activation_new(), but we'll clean that up in a bit.
Move the connection completion code out of the PendingActivation
object and into the D-Bus method handler for AddAndActivate. This is
part of simplifying PendingActivation so we can fold its functionality
into NMActiveConnection and use the AC objects to track all activation
requests from start to finish.
This also requires a bit of reorganization since the PA used to handle
some of the request validation but that now needs to be handled by
each DBus method itself.
Previously the PA tracked the connection path, but that's really
quite unecessary, we might as well just track the actual connection
object itself. This allows us to only validate the path once, instead
of three times like the code did before. This does require a boolean
"add_and_activate" variable though, because the PA handles the DBus
method return and it needs to know whether the request came from
ActivateConnection or AddAndActivateConnection, which was previously
handled by checking pending->connection, which only AddAndActivate set.
When an interface is manually disconnected NM remembers that, and prevents
automatic activation of the device.
However, software devices are removed when they are disconnected, and thus
the state of the device is lost. We need to track autoconnect outside the
device - hash table of interface names not allowed to activate automatically.
Without that the device would be auto-activated again and again, even if
explicitly disconnected.
Test case:
$ nmcli con add type bond ifname bb con-name bb-con
$ nmcli con add type bond-slave ifname em1 con-name b1-con master bb
$ nmcli dev disconnect bb
https://bugzilla.redhat.com/show_bug.cgi?id=1005913
When freeing one of the collections such as GArray, GPtrArray, GSList,
etc. it is common that the items inside the connections must be
freed/unrefed too.
The previous code often iterated over the collection first with
e.g. g_ptr_array_foreach and passing e.g. g_free as GFunc argument.
For one, this has the problem, that g_free has a different signature
GDestroyNotify then the expected GFunc. Moreover, this can be
simplified either by setting a clear function
(g_ptr_array_set_clear_func) or by passing the destroy function to the
free function (g_slist_free_full).
Signed-off-by: Thomas Haller <thaller@redhat.com>
NMBluezManager is now a proxy and only delegates to either
NMBluez4Manager or NMBluez5Manager. It detects the running BlueZ
version at runtime, and once it decides for one version, it cannot be
changed anymore as long NetworkManager is running.
This means, when switching from BlueZ4 to BlueZ5 or vice versa you have
to restart NetworkManager. This should be acceptable, because it is
not a common use case (most systems won't have both versions installed
anyway) and it greatly simplifies implementation.
Also note that NMBluez4Manager and NMBluez5Manager do not implement a
common interface. NMBluezManager delegates to the correct manager.
Having them share an common interface or base class would not simplify
the code, because NMBluezManager not only delegates, but it also acts as
a proxy until it is decided which BlueZ version is running. So, this
proxy-like behaviour would still be needed. The alternative would be to
merge the functionality of all three NMBluez*Manager classes into one.
This also removes the --enable-bluez4 configure switch, because both
versions are now always enabled.
https://bugzilla.gnome.org/show_bug.cgi?id=709412
Signed-off-by: Thomas Haller <thaller@redhat.com>
If the WiMAX plugin isn't installed, or the WiMAX device isn't
recognized, NetworkManager shouldn't treat the interface as
regular ethernet since the device requires specific setup to
be ready for IP configuration, which of course NetworkManager
can't do because the WiMAX plugin isn't loaded. Ignore them
instead.
Modify BlueZ 5 device to have the same behaviour as BlueZ 4, i.e. a
pre-configured connection must exist for the device to show up in
NetworkManager's device list.
Signed-off-by: Thomas Haller <thaller@redhat.com>
At this moment we only support one of BlueZ 4 and 5,
which has to be defined at build time.
Patch rewritten by Thomas Haller <thaller@redhat.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
Since 2688ae4950, bridge device creation
fails with "(br0): cannot use existing bridge for 'Bridge'" warning.
Signed-off-by: Thomas Haller <thaller@redhat.com>
Currently, ethernet-based VLANs can specify the hardware address of
the parent device (and, in theory, the cloned hardware address and MTU
of the VLAN device) by using an NMSettingWired in addition to the
NMSettingVlan.
The theory was that non-ethernet-based VLANs, when we eventually
supported them, would likewise use the setting type corresponding to
their parent device. However, this turns out to be both complicated
(the settings plugins and connection editor would have a
hard-to-impossible time figuring out which setting type to use in some
cases) and incorrect (for most L2 settings [eg, BSSID, bond mode,
etc], the VLAN can't have its own values separate from the parent
device).
What we should have done was just have :mac-address,
:cloned-mac-address, and :mtu properties on NMSettingVlan. However, at
this point, for backward-compatibility, we will just stick with using
a combination of NMSettingVlan and NMSettingWired, but we will use
NMSettingWired regardless of the underlying hardware type.
Rather than having NMManager know how to parse various settings to
create each kind of software device, add a _new_for_connection()
constructor to each of them and let them call NMPlatform to create the
device correctly themselves.
Rather than setting the VLAN maps when the device is created, set them
at activation time, which is more in line with how other device types
work.
Like the old code, this doesn't attempt to reset any existing
ingress/egress mappings on the device.
Add a flag to indicate that the device is owned by NM.
This is interesting for software/virtual devices, that were created by
NM and should be deleted when the interface gets deactivated.
This flag is not implemented as a glib property.
Maybe this flag can be consolidated with the managed flag. For now it is
unclear how to do it, so add this flag. It should be easy later to
replace it again.
https://bugzilla.gnome.org/show_bug.cgi?id=695705https://bugzilla.redhat.com/show_bug.cgi?id=953300
Signed-off-by: Thomas Haller <thaller@redhat.com>
The manager has already disposed of the ActiveConnections by the time
the Policy is disposed, but the manager wasn't clearing the
active_connections list, so the Policy got a stale list of freed
objects. Next, the manager wasn't always emitting ACTIVE_CONNECTION_REMOVED
when disposing of ActiveConnections, which the Policy listens to
for cleanup. This lead to warnings on shutdown when the Policy
attempted to clean up for already disposed objects
Fix all this by ensuring the Manager signals when removing
ActiveConnections, which the Policy then uses to clean up
it's stuff, and ensuring the manager properly cleans up its
ActiveConnection list.
Add properties to track the "primary" connection (ie, the active
connection with either the default route, or the route to the VPN with
the default route), and the active connection that is currently
activating, and likely to become the :primary-connection when it
completes.
https://bugzilla.gnome.org/show_bug.cgi?id=704841
NM_STATE_CONNECTED_SITE doesn't distinguish between "behind a captive
portal" and "limited network connectivity" (ie, connected to a router
that has lost its upstream connection). Add a new NMManager
:connectivity property to provide this information.
Also add a CheckConnectivity method, which can be used to force NM to
re-check the connectivity state, which could be called by a client
after it completed a portal login, or fixed a network problem.
The connectivity-checking code would generally result in
NMManager:state going CONNECTING -> CONNECTED_GLOBAL -> CONNECTED_SITE
in the case where the connectivity check failed. The brief incorrect
CONNECTED_GLOBAL is bad, because clients might see it and do the wrong
thing.
Instead, when we are ready to switch from CONNECTING to CONNECTED_*,
do a connectivity check first, and switch to either CONNECTED_SITE or
CONNECTED_GLOBAL based on the result of that.
Build and use NMConnectivity regardless of build options; if you build
without libsoup, NMConnectivity will just always report that you have
full connectivity (like it does when you build with libsoup but don't
enable connectivity checking).
This backwards compatible patch adds the possibility to use new
nm_device_generate_connection() API via update_connection() virtual
method implementations in NMDevice subclasses.
Compatibility is achieved by first trying to use the older API and
match_l2_config() virtual method and only then moving on to
update_connection().
The nm_device_generate_connection() calls update_connection() to create
type-specific NMSetting instances and verifies the connection before
returning it. To avoid tinkering with NMSettingConnection in
update_connection() we use a class attribute called connection_type
which is used by nm_device_generate_connection() itself.
Known issues:
* nm_device_generate_connection() method doesn't implement DHCP lease
configuration matching. We shouldn't actually need it but if a use case
for that will come out, we can fix it later.
* nm_device_generate_connection() doesn't fill in the slave-specific
options.
* update_connection() is not implemented and connection_type is not set
in the subclasses. This will be fixed in individual patches.
* NMSetting's compare_property() implementations in combination with
NM_SETTING_COMPARE_FLAG_CANDIDATE are not yet fully ready thus rendering
false negatives in some cases. Same as above.
Acked-by: Dan Winship <danw@gnome.org>
Acked-by: Thomas Haller <thaller@redhat.com>
