release: bump version to 1.52.2

The function strerror_r returns an int per POSIX spec, but GNU version
returns char *. Using it fails the compilation in Alpine, so use
_nm_strerror_r instead that handles both cases.

Fixes: 41e28b900f ('daemon-helper: add read-file-as-user')
(cherry picked from commit 599cc1ed1d)
(cherry picked from commit ea759ccf3a)
(cherry picked from commit c8384fd528)

.gitignore

@@ -81,11 +81,9 @@ test-*.trs
 /data/org.freedesktop.NetworkManager.service
 /data/server.conf
 /data/org.freedesktop.NetworkManager.policy
+/data/org.freedesktop.NetworkManager.policy.in
 /data/nm-sudo.service
 /data/nm-priv-helper.service
-/data/NetworkManager-config-initrd.service
-/data/NetworkManager-initrd.service
-/data/NetworkManager-wait-online-initrd.service
 
 /docs/api/version.xml
 /docs/api/settings-spec.html

.gitlab-ci.yml

@@ -60,11 +60,11 @@ variables:
   #
   # This is done by running `ci-fairy generate-template` and possibly bumping
   # ".default_tag".
-  ALPINE_TAG:  'tag-0c3a6f855fb8'
-  CENTOS_TAG:  'tag-c1c23df75dda'
-  DEBIAN_TAG:  'tag-d4bf5db9e214'
-  FEDORA_TAG:  'tag-c1c23df75dda'
-  UBUNTU_TAG:  'tag-d4bf5db9e214'
+  ALPINE_TAG:  'tag-672dcdb2e2bf'
+  CENTOS_TAG:  'tag-d7d348d344cf'
+  DEBIAN_TAG:  'tag-217545cfdeb1'
+  FEDORA_TAG:  'tag-d7d348d344cf'
+  UBUNTU_TAG:  'tag-217545cfdeb1'
 
   ALPINE_EXEC: 'bash .gitlab-ci/alpine-install.sh'
   CENTOS_EXEC: 'bash .gitlab-ci/fedora-install.sh'
@@ -114,55 +114,13 @@ tier1:fedora:42@prep:
   rules:
     - if: $CI_PIPELINE_SOURCE != 'schedule' || $SCHEDULED_PIPELINE_NAME == "weekly"
 
-tier2:fedora:rawhide@prep:
-  extends:
-    - .fdo.container-build@fedora
-  stage: prep
-  variables:
-    GIT_STRATEGY: none
-    FDO_DISTRIBUTION_VERSION: 'rawhide'
-    FDO_DISTRIBUTION_TAG: $FEDORA_TAG
-    FDO_DISTRIBUTION_EXEC: $FEDORA_EXEC
-  rules:
-    - if: $CI_PIPELINE_SOURCE != 'schedule'
-      when: manual
-      allow_failure: true
-
-tier2:centos:stream10@prep:
-  extends:
-    - .fdo.container-build@centos
-  stage: prep
-  variables:
-    GIT_STRATEGY: none
-    FDO_DISTRIBUTION_VERSION: 'stream10'
-    FDO_DISTRIBUTION_TAG: $CENTOS_TAG
-    FDO_DISTRIBUTION_EXEC: $CENTOS_EXEC
-  rules:
-    - if: $CI_PIPELINE_SOURCE != 'schedule'
-      when: manual
-      allow_failure: true
-
-tier2:centos:stream9@prep:
-  extends:
-    - .fdo.container-build@centos
-  stage: prep
-  variables:
-    GIT_STRATEGY: none
-    FDO_DISTRIBUTION_VERSION: 'stream9'
-    FDO_DISTRIBUTION_TAG: $CENTOS_TAG
-    FDO_DISTRIBUTION_EXEC: $CENTOS_EXEC
-  rules:
-    - if: $CI_PIPELINE_SOURCE != 'schedule'
-      when: manual
-      allow_failure: true
-
-tier2:ubuntu:devel@prep:
+tier2:ubuntu:25.04@prep:
   extends:
     - .fdo.container-build@ubuntu
   stage: prep
   variables:
     GIT_STRATEGY: none
-    FDO_DISTRIBUTION_VERSION: 'devel'
+    FDO_DISTRIBUTION_VERSION: '25.04'
     FDO_DISTRIBUTION_TAG: $UBUNTU_TAG
     FDO_DISTRIBUTION_EXEC: $UBUNTU_EXEC
   rules:
@@ -170,13 +128,13 @@ tier2:ubuntu:devel@prep:
       when: manual
       allow_failure: true
 
-tier2:debian:testing@prep:
+tier2:debian:13@prep:
   extends:
     - .fdo.container-build@debian
   stage: prep
   variables:
     GIT_STRATEGY: none
-    FDO_DISTRIBUTION_VERSION: 'testing'
+    FDO_DISTRIBUTION_VERSION: '13'
     FDO_DISTRIBUTION_TAG: $DEBIAN_TAG
     FDO_DISTRIBUTION_EXEC: $DEBIAN_EXEC
   rules:
@@ -184,27 +142,13 @@ tier2:debian:testing@prep:
       when: manual
       allow_failure: true
 
-tier2:debian:sid@prep:
-  extends:
-    - .fdo.container-build@debian
-  stage: prep
-  variables:
-    GIT_STRATEGY: none
-    FDO_DISTRIBUTION_VERSION: 'sid'
-    FDO_DISTRIBUTION_TAG: $DEBIAN_TAG
-    FDO_DISTRIBUTION_EXEC: $DEBIAN_EXEC
-  rules:
-    - if: $CI_PIPELINE_SOURCE != 'schedule'
-      when: manual
-      allow_failure: true
-
-tier2:alpine:edge@prep:
+tier2:alpine:3.22@prep:
   extends:
     - .fdo.container-build@alpine
   stage: prep
   variables:
     GIT_STRATEGY: none
-    FDO_DISTRIBUTION_VERSION: 'edge'
+    FDO_DISTRIBUTION_VERSION: '3.22'
     FDO_DISTRIBUTION_TAG: $ALPINE_TAG
     FDO_DISTRIBUTION_EXEC: $ALPINE_EXEC
   rules:
@@ -212,20 +156,6 @@ tier2:alpine:edge@prep:
       when: manual
       allow_failure: true
 
-tier3:fedora:43@prep:
-  extends:
-    - .fdo.container-build@fedora
-  stage: prep
-  variables:
-    GIT_STRATEGY: none
-    FDO_DISTRIBUTION_VERSION: '43'
-    FDO_DISTRIBUTION_TAG: $FEDORA_TAG
-    FDO_DISTRIBUTION_EXEC: $FEDORA_EXEC
-  rules:
-    - if: $CI_PIPELINE_SOURCE != 'schedule'
-      when: manual
-      allow_failure: true
-
 tier3:fedora:41@prep:
   extends:
     - .fdo.container-build@fedora
@@ -240,20 +170,6 @@ tier3:fedora:41@prep:
       when: manual
       allow_failure: true
 
-tier3:ubuntu:25.04@prep:
-  extends:
-    - .fdo.container-build@ubuntu
-  stage: prep
-  variables:
-    GIT_STRATEGY: none
-    FDO_DISTRIBUTION_VERSION: '25.04'
-    FDO_DISTRIBUTION_TAG: $UBUNTU_TAG
-    FDO_DISTRIBUTION_EXEC: $UBUNTU_EXEC
-  rules:
-    - if: $CI_PIPELINE_SOURCE != 'schedule'
-      when: manual
-      allow_failure: true
-
 tier3:ubuntu:24.04@prep:
   extends:
     - .fdo.container-build@ubuntu
@@ -282,20 +198,6 @@ tier3:ubuntu:22.04@prep:
       when: manual
       allow_failure: true
 
-tier3:debian:13@prep:
-  extends:
-    - .fdo.container-build@debian
-  stage: prep
-  variables:
-    GIT_STRATEGY: none
-    FDO_DISTRIBUTION_VERSION: '13'
-    FDO_DISTRIBUTION_TAG: $DEBIAN_TAG
-    FDO_DISTRIBUTION_EXEC: $DEBIAN_EXEC
-  rules:
-    - if: $CI_PIPELINE_SOURCE != 'schedule'
-      when: manual
-      allow_failure: true
-
 tier3:debian:12@prep:
   extends:
     - .fdo.container-build@debian
@@ -310,20 +212,6 @@ tier3:debian:12@prep:
       when: manual
       allow_failure: true
 
-tier3:alpine:3.22@prep:
-  extends:
-    - .fdo.container-build@alpine
-  stage: prep
-  variables:
-    GIT_STRATEGY: none
-    FDO_DISTRIBUTION_VERSION: '3.22'
-    FDO_DISTRIBUTION_TAG: $ALPINE_TAG
-    FDO_DISTRIBUTION_EXEC: $ALPINE_EXEC
-  rules:
-    - if: $CI_PIPELINE_SOURCE != 'schedule'
-      when: manual
-      allow_failure: true
-
 tier3:alpine:3.21@prep:
   extends:
     - .fdo.container-build@alpine
@@ -366,6 +254,34 @@ tier3:alpine:3.19@prep:
       when: manual
       allow_failure: true
 
+tier3:centos:stream10@prep:
+  extends:
+    - .fdo.container-build@centos
+  stage: prep
+  variables:
+    GIT_STRATEGY: none
+    FDO_DISTRIBUTION_VERSION: 'stream10'
+    FDO_DISTRIBUTION_TAG: $CENTOS_TAG
+    FDO_DISTRIBUTION_EXEC: $CENTOS_EXEC
+  rules:
+    - if: $CI_PIPELINE_SOURCE != 'schedule'
+      when: manual
+      allow_failure: true
+
+tier3:centos:stream9@prep:
+  extends:
+    - .fdo.container-build@centos
+  stage: prep
+  variables:
+    GIT_STRATEGY: none
+    FDO_DISTRIBUTION_VERSION: 'stream9'
+    FDO_DISTRIBUTION_TAG: $CENTOS_TAG
+    FDO_DISTRIBUTION_EXEC: $CENTOS_EXEC
+  rules:
+    - if: $CI_PIPELINE_SOURCE != 'schedule'
+      when: manual
+      allow_failure: true
+
 #################################################################
 #                                                               #
 # tierN stage                                                   #
@@ -405,115 +321,45 @@ t_fedora:42:
   rules:
     - if: $CI_PIPELINE_SOURCE != 'schedule'
 
-t_fedora:rawhide:
-  extends:
-    - .build@template
-    - .fdo.distribution-image@fedora
-    - .nm_artifacts_debug
-  stage: tier2
-  variables:
-    FDO_DISTRIBUTION_VERSION: 'rawhide'
-    FDO_DISTRIBUTION_TAG: $FEDORA_TAG
-  needs:
-    - "tier2:fedora:rawhide@prep"
-  rules:
-    - if: $CI_PIPELINE_SOURCE != 'schedule'
-
-t_centos:stream10:
-  extends:
-    - .build@template
-    - .fdo.distribution-image@centos
-    - .nm_artifacts_debug
-  stage: tier2
-  variables:
-    FDO_DISTRIBUTION_VERSION: 'stream10'
-    FDO_DISTRIBUTION_TAG: $CENTOS_TAG
-  needs:
-    - "tier2:centos:stream10@prep"
-  rules:
-    - if: $CI_PIPELINE_SOURCE != 'schedule'
-
-t_centos:stream9:
-  extends:
-    - .build@template
-    - .fdo.distribution-image@centos
-    - .nm_artifacts_debug
-  stage: tier2
-  variables:
-    FDO_DISTRIBUTION_VERSION: 'stream9'
-    FDO_DISTRIBUTION_TAG: $CENTOS_TAG
-  needs:
-    - "tier2:centos:stream9@prep"
-  rules:
-    - if: $CI_PIPELINE_SOURCE != 'schedule'
-
-t_ubuntu:devel:
+t_ubuntu:25.04:
   extends:
     - .build@template
     - .fdo.distribution-image@ubuntu
     - .nm_artifacts_debug
   stage: tier2
   variables:
-    FDO_DISTRIBUTION_VERSION: 'devel'
+    FDO_DISTRIBUTION_VERSION: '25.04'
     FDO_DISTRIBUTION_TAG: $UBUNTU_TAG
   needs:
-    - "tier2:ubuntu:devel@prep"
+    - "tier2:ubuntu:25.04@prep"
   rules:
     - if: $CI_PIPELINE_SOURCE != 'schedule'
 
-t_debian:testing:
+t_debian:13:
   extends:
     - .build@template
     - .fdo.distribution-image@debian
     - .nm_artifacts_debug
   stage: tier2
   variables:
-    FDO_DISTRIBUTION_VERSION: 'testing'
+    FDO_DISTRIBUTION_VERSION: '13'
     FDO_DISTRIBUTION_TAG: $DEBIAN_TAG
   needs:
-    - "tier2:debian:testing@prep"
+    - "tier2:debian:13@prep"
   rules:
     - if: $CI_PIPELINE_SOURCE != 'schedule'
 
-t_debian:sid:
-  extends:
-    - .build@template
-    - .fdo.distribution-image@debian
-    - .nm_artifacts_debug
-  stage: tier2
-  variables:
-    FDO_DISTRIBUTION_VERSION: 'sid'
-    FDO_DISTRIBUTION_TAG: $DEBIAN_TAG
-  needs:
-    - "tier2:debian:sid@prep"
-  rules:
-    - if: $CI_PIPELINE_SOURCE != 'schedule'
-
-t_alpine:edge:
+t_alpine:3.22:
   extends:
     - .build@template
     - .fdo.distribution-image@alpine
     - .nm_artifacts_debug
   stage: tier2
   variables:
-    FDO_DISTRIBUTION_VERSION: 'edge'
+    FDO_DISTRIBUTION_VERSION: '3.22'
     FDO_DISTRIBUTION_TAG: $ALPINE_TAG
   needs:
-    - "tier2:alpine:edge@prep"
-  rules:
-    - if: $CI_PIPELINE_SOURCE != 'schedule'
-
-t_fedora:43:
-  extends:
-    - .build@template
-    - .fdo.distribution-image@fedora
-    - .nm_artifacts_debug
-  stage: tier3
-  variables:
-    FDO_DISTRIBUTION_VERSION: '43'
-    FDO_DISTRIBUTION_TAG: $FEDORA_TAG
-  needs:
-    - "tier3:fedora:43@prep"
+    - "tier2:alpine:3.22@prep"
   rules:
     - if: $CI_PIPELINE_SOURCE != 'schedule'
 
@@ -531,20 +377,6 @@ t_fedora:41:
   rules:
     - if: $CI_PIPELINE_SOURCE != 'schedule'
 
-t_ubuntu:25.04:
-  extends:
-    - .build@template
-    - .fdo.distribution-image@ubuntu
-    - .nm_artifacts_debug
-  stage: tier3
-  variables:
-    FDO_DISTRIBUTION_VERSION: '25.04'
-    FDO_DISTRIBUTION_TAG: $UBUNTU_TAG
-  needs:
-    - "tier3:ubuntu:25.04@prep"
-  rules:
-    - if: $CI_PIPELINE_SOURCE != 'schedule'
-
 t_ubuntu:24.04:
   extends:
     - .build@template
@@ -573,20 +405,6 @@ t_ubuntu:22.04:
   rules:
     - if: $CI_PIPELINE_SOURCE != 'schedule'
 
-t_debian:13:
-  extends:
-    - .build@template
-    - .fdo.distribution-image@debian
-    - .nm_artifacts_debug
-  stage: tier3
-  variables:
-    FDO_DISTRIBUTION_VERSION: '13'
-    FDO_DISTRIBUTION_TAG: $DEBIAN_TAG
-  needs:
-    - "tier3:debian:13@prep"
-  rules:
-    - if: $CI_PIPELINE_SOURCE != 'schedule'
-
 t_debian:12:
   extends:
     - .build@template
@@ -601,20 +419,6 @@ t_debian:12:
   rules:
     - if: $CI_PIPELINE_SOURCE != 'schedule'
 
-t_alpine:3.22:
-  extends:
-    - .build@template
-    - .fdo.distribution-image@alpine
-    - .nm_artifacts_debug
-  stage: tier3
-  variables:
-    FDO_DISTRIBUTION_VERSION: '3.22'
-    FDO_DISTRIBUTION_TAG: $ALPINE_TAG
-  needs:
-    - "tier3:alpine:3.22@prep"
-  rules:
-    - if: $CI_PIPELINE_SOURCE != 'schedule'
-
 t_alpine:3.21:
   extends:
     - .build@template
@@ -657,6 +461,34 @@ t_alpine:3.19:
   rules:
     - if: $CI_PIPELINE_SOURCE != 'schedule'
 
+t_centos:stream10:
+  extends:
+    - .build@template
+    - .fdo.distribution-image@centos
+    - .nm_artifacts_debug
+  stage: tier3
+  variables:
+    FDO_DISTRIBUTION_VERSION: 'stream10'
+    FDO_DISTRIBUTION_TAG: $CENTOS_TAG
+  needs:
+    - "tier3:centos:stream10@prep"
+  rules:
+    - if: $CI_PIPELINE_SOURCE != 'schedule'
+
+t_centos:stream9:
+  extends:
+    - .build@template
+    - .fdo.distribution-image@centos
+    - .nm_artifacts_debug
+  stage: tier3
+  variables:
+    FDO_DISTRIBUTION_VERSION: 'stream9'
+    FDO_DISTRIBUTION_TAG: $CENTOS_TAG
+  needs:
+    - "tier3:centos:stream9@prep"
+  rules:
+    - if: $CI_PIPELINE_SOURCE != 'schedule'
+
 #################################################################
 #                                                               #
 # specific jobs                                                 #
@@ -713,7 +545,7 @@ pages:
   rules:
     - if: $CI_PIPELINE_SOURCE == 'schedule'
       when: never
-    - if: $CI_PIPELINE_SOURCE == 'push' && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+    - if: $CI_MERGE_REQUEST_SOURCE_BRANCH_NAME == 'main'
   dependencies:
     - "t_fedora:42: [meson+gcc+docs+valgrind]"
   needs:

.gitlab-ci/ci.template

@@ -240,7 +240,7 @@ pages:
   rules:
     - if: $CI_PIPELINE_SOURCE == 'schedule'
       when: never
-    - if: $CI_PIPELINE_SOURCE == 'push' && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+    - if: $CI_MERGE_REQUEST_SOURCE_BRANCH_NAME == 'main'
   dependencies:
     - "t_{{default_distro.name}}:{{default_distro.versions[0]}}: [meson+gcc+docs+valgrind]"
   needs:

.gitlab-ci/config.yml

@@ -27,51 +27,42 @@ distributions:
 
   # TIER 2: distribution versions that will or might use the current NM version.
   # Run when doing a release.
-  - name: fedora
-    tier: 2
-    versions:
-      - 'rawhide'
-  - name: centos
-    tier: 2
-    versions:
-      - 'stream10'
-      - 'stream9'
   - name: ubuntu
     tier: 2
     versions:
-      - 'devel'
+      - '25.04'
   - name: debian
     tier: 2
     versions:
-      - 'testing'
-      - 'sid'
+      - '13'
   - name: alpine
     tier: 2
     versions:
-      - 'edge'
+      - '3.22'
 
   # TIER 3: distribution versions not in EOL but don't use the current NM version.
   # Run when doing a release, but a failure won't be blocking for the release.
   - name: fedora
     tier: 3
     versions:
-      - '43'
       - '41'
   - name: ubuntu
     tier: 3
     versions:
-      - '25.04'
       - '24.04'
       - '22.04'
   - name: debian
     tier: 3
     versions:
-      - '13'
       - '12'
   - name: alpine
     tier: 3
     versions:
-      - '3.22'
       - '3.21'
       - '3.20'
       - '3.19'
+  - name: centos
+    tier: 3
+    versions:
+      - 'stream10'
+      - 'stream9'

.gitlab-ci/distros-info.yml

@@ -8,24 +8,18 @@ fedora:
 - version: rawhide
   support: yes
   nm: main
-- version: 43
-  support: 2026-12-02
-  nm: 1.54
-- version: 42
-  support: 2026-05-13
-  nm: 1.52
-  tier1-default: yes
 - version: 41
   support: 2025-11-19
   nm: 1.50
+  tier1-default: yes
+- version: 40
+  support: 2025-05-13
+  nm: 1.46
 
 # CentOS Stream
 centos:
-- version: stream10
-  support: 2030-12-31 # exact date unknown, only the year
-  nm: main
 - version: stream9
-  support: 2027-12-31 # exact date unknown, only the year
+  support: 2027-05-31
   nm: main
 
 # RHEL:
@@ -37,43 +31,33 @@ centos:
 #   support: 6 months
 # Releases and support info: https://access.redhat.com/support/policy/updates/errata
 rhel:
-# Not released yet
-- version: 10.1
+- version: 9.6  # not released yet
   support: yes
-  nm: 1.54
-- version: 9.7  # not released yet
+  nm: main
+- version: 9.5
   support: yes
-  nm: 1.54
-# Full support or EUS support:
-- version: 10.0
-  support: 2027-05-31
-  extended-support: 2029-05-31
-  nm: 1.52
-- version: 9.6
-  support: 2027-05-31
-  extended-support: 2029-05-31
-  nm: 1.52
+  nm: 1.48
 - version: 9.4
   support: 2026-04-30
   extended-support: 2028-04-30
   nm: 1.46
-- version: 8.10  # last RHEL 8 release, maintenaince support only
-  support: 2029-05-31
-  extended-support: no
-  nm: 1.40
-# SAP / Enhaced EUS only:
 - version: 9.2
   support: 2025-05-31
   extended-support: 2027-05-31
   nm: 1.42
-- version: 9.0
-  support: 2024-05-31
-  extended-support: 2026-05-31
-  nm: 1.36
+- version: 8.10  # last RHEL 8 release, maintenaince support only
+  support: 2029-05-31
+  extended-support: no
+  nm: 1.40
 - version: 8.8
   support: 2025-05-31
   extended-support: 2027-05-31
   nm: 1.40
+# SAP / Enhaced EUS only:
+- version: 9.0
+  support: 2024-05-31
+  extended-support: 2026-05-31
+  nm: 1.36
 - version: 8.6
   support: 2024-05-31
   extended-support: 2026-05-31
@@ -93,10 +77,10 @@ ubuntu:
 - version: devel
   support: yes
   nm: main
-- version: 25.04
-  name: plucky
-  support: 2026-01-15
-  nm: 1.52
+- version: 24.10
+  name: oracular
+  support: 2025-07-10
+  nm: 1.48
 - version: 24.04
   name: noble
   support: 2029-05-31
@@ -107,6 +91,11 @@ ubuntu:
   support: 2027-06-01
   extended-support: 2032-04-21
   nm: 1.36
+- version: 20.04
+  name: focal
+  support: 2025-05-29
+  extended-support: 2030-04-23
+  nm: 1.22
 
 # Debian:
 #   cadence: every 2 years
@@ -121,11 +110,6 @@ debian:
 - version: sid
   support: yes
   nm: main
-- version: 13
-  name: trixie
-  support: 2028-08-09
-  extended-support: 2030-06-30
-  nm: 1.52
 - version: 12
   name: bookworm
   support: 2026-06-11
@@ -147,9 +131,6 @@ alpine:
 - version: edge
   support: yes
   nm: main
-- version: 3.22
-  support: 2027-05-01
-  nm: 1.52
 - version: 3.21
   support: 2026-11-01
   nm: 1.50
@@ -159,3 +140,6 @@ alpine:
 - version: 3.19
   support: 2025-11-01
   nm: 1.44
+- version: 3.18
+  support: 2025-05-09
+  nm: 1.42

.gitlab-ci/run-test.sh

@@ -155,7 +155,12 @@ test_subtree() {
     do_clean
     pushd ./src/$d
 
-    CC="$cc" CFLAGS="-Werror -Wall" meson build
+    ARGS=()
+    if [ "$d" = n-acd ]; then
+        ARGS+=('-Debpf=false')
+    fi
+
+    CC="$cc" CFLAGS="-Werror -Wall" meson build "${ARGS[@]}"
     ninja -v -C build test
 
     popd

MAINTAINERS.md

@@ -252,25 +252,17 @@ Versioning scheme (version numbers are called MAJOR.MINOR.MICRO):
   versioning scheme than the main NM project despite there are no development
   versions here.
 
-Before starting:
-- You need to have the maintainer role in the project.
-- The GPG key used to sign the release must be added to your GNOME's Gitlab
-  profile and uploaded to a keyserver.
-- All details: https://handbook.gnome.org/maintainers/making-a-release.html
-
 When doing a release, follow this process:
 1. Ensure that `NEWS` file is up to date.
-2. Increment the version in `meson.build` or `configure.ac`.
-3. Commit and push to the `main` branch.
-4. Check that the Gitlab's pipeline finishes without errors.
-5. Tag the commit with a signed tag. Example: `git tag -s 1.2.8 -m 'Release 1.2.8'`.
-6. Push the tag. Example: `git push origin 1.2.8`.  
-   WARN: this is what starts the automatic CI release. As GNOME doesn't allow
-   to delete tags, any error detected after this will force a new version bump.
-7. Check that the Gitlab's pipeline finishes without errors. If that happens,
-   the release is done and available both in the Gitlab's releases section and
-   https://download.gnome.org/sources/*
-8. Announce the release on the mailing list.
+2. Increment the version in `meson.build`, commit and tag the commit. Example:
+   `git tag -s 1.2.8 -m 'Tag 1.2.8'`.
+3. Ensure that you are on the right commit and create the tarball:
+   `git clean -fdx && meson setup build && cd build && meson dist`
+4. Upload the tarball: `scp ./*-*.tar.xz "$user@master.gnome.org:"`
+5. Login to `master.gnome.org` and run `ftpadmin install`.  
+   Ensure the new tarballs show up at https://download.gnome.org/sources/
+   (happens after a short delay)
+6. Announce the release on the mailing list.
 
 Notes:
 - You need access to master.gnome.org, see [here](https://handbook.gnome.org/infrastructure/accounts.html).

NEWS

@@ -1,92 +1,27 @@
-=============================================
-NetworkManager-1.58
-Overview of changes since NetworkManager-1.56
-=============================================
+===============================================
+NetworkManager-1.52.2
+Overview of changes since NetworkManager-1.52.1
+===============================================
 
-This is a snapshot of NetworkManager development. The API is
-subject to change and not guaranteed to be compatible with
-the later release.
-USE AT YOUR OWN RISK.  NOT RECOMMENDED FOR PRODUCTION USE!
-
-* Restrict the connectivity check to use the DNS servers defined on the
-  same link. If the link has no DNS servers, the connectivity check will
-  use any servers available in the system.
-* Install the systemd units in the initramfs using a systemd generator.
-* A new "check-connectivity" configuration option is available to disable the
-  connectivity check for selected interfaces.
-* Remove the modify_system build option that allowed setting up the
-  polkit permissions to allow non-admin users to create system-wide
-  connection. That configuration is discouraged because it can be used
-  to bypass filesystem permissions.
+* Support reapplying the "sriov.vfs" property as long as
+  "sriov.total-vfs" is not changed.
 * For private connections (the ones that specify a user in the
   "connection.permissions" property), verify that the user can access
   the 802.1X certificates and keys set in the connection.
 * Introduce a libnm function that can be used by VPN plugins to check
   user permissions on certificate and keys.
-* The support for Wireless Extensions is deprecated and will be
-  removed in a future release. Wireless Extensions are now disabled by
-  default.
 
 =============================================
-NetworkManager-1.56
-Overview of changes since NetworkManager-1.54
-=============================================
-
-* nmcli now supports viewing and managing WireGuard peers.
-* Support reapplying the "sriov.vfs" property as long as
-  "sriov.total-vfs" is not changed.
-* Support reapplying "bond-port.vlans".
-* Accept hostnames longer than 64 characters from DNS lookup.
-* Make that global-dns configuration overwrites DNS searches and
-  options from connections, instead of merging all together.
-* Add support for a new rd.net.dhcp.client-id option in
-  nm-initrd-generator.
-* Add gsm device-uid setting to restrict the devices the connection applies to.
-* Support configuring the HSR protocol version via the
-  "hsr.protocol-version" property.
-* Fix a bug that makes broadband connections auto-connect getting 
-  blocked if the connection tries to reconnect when modem status is 
-  "disconnecting" / "disconnected".
-* Treat modem connection not having an operator code available
-  as a recoverable error.
-* Add support for configuring systemd-resolved's DNSSEC option
-  per-connection via the "connection.dnssec" connection property.
-* Support configuring the HSR interlink port via the
-  "hsr.interlink" property.
-* Fix some connection properties not being applied to vpn connections
-  (connection.mdns, connection.llmnr, connection.dns-over-tls,
-   connection.mptcp-flags, ipv6.ip6-privacy)
-* Update n-acd to always compile with eBPF enabled, as support
-  for eBPF is now detected at run time.
-* Add new MPTCP 'laminar' endpoint type, and set it by default alongside
-  the 'subflow' one.
-
-=============================================
-NetworkManager-1.54
+NetworkManager-1.52.1
 Overview of changes since NetworkManager-1.52
 =============================================
 
-* Add support for configuring per-device IPv4 forwarding via the
-  "ipv4.forwarding" connection property.
-* Add a new "prefix-delegation" setting containing a "subnet-id"
-  property that specifies the subnet to choose on the downstream
-  interface when using IPv6 prefix delegation.
-* Support OCI baremetal in nm-cloud-setup
+* Fail early if we cannot get current FEC
+  (Forward Error Correction) value.
+* Allow reapplying ovs-bridge and ovs-port properties.
 * When activating a WireGuard connection to an IPv6 endpoint, now
   NetworkManager creates firewall rules to ensure that the incoming
   packets are not dropped by kernel reverse path filtering.
-* Add support for configuring the loopback interface in nmtui.
-* Most of the properties of ovs-bridge and ovs-port connections can
-  now be reapplied at runtime without bringing the connection down.
-* Add a new "sriov.preserve-on-down" property that controls whether
-  NetworkManager preserves the SR-IOV parameters set on the device
-  when the connection is deactivated, or whether it resets them to
-  their default value.
-* Introduce a new "ovs-dpdk.lsc-interrupt" property to configure the
-  Link State Change (LSC) detection mode for OVS DPDK interfaces.
-* The initrd-generator now can parse the NVMe Boot Firmware Table
-  (NBFT) to configure networking during early boot.
-* Add systemd services to provide networking in the initrd.
 
 =============================================
 NetworkManager-1.52
@@ -281,7 +216,7 @@ Overview of changes since NetworkManager-1.42
   lead to unexpected behaviors in case of multiconnect profiles.
 * Set VLAN filtering options on bridge via netlink instead of sysfs.
 * nm-cloud-setup now supports IMDSv2 on Amazon EC2.
-* nmtui now supports enabling/disabling Wi-Fi and WWAN radios.
+* nmtui now allows to enable or disable Wi-Fi and WWAN radios.
 * Honor ignore-carrier=no for bond/bridge/team devices.
 * Add version mismatch warning when running nmcli commands.
 
@@ -446,7 +381,7 @@ Overview of changes since NetworkManager-1.38
 * NetworkManager reads the kernel command line "/proc/cmdline" for several
   purposes, including "nm.debug" for enabling debugging and the
   "match.kernel-command-line" setting in the profile. NetworkManager now
-  first looks now for "/run/NetworkManager/proc-cmdline", which allows one to
+  first looks now for "/run/NetworkManager/proc-cmdline", which allows to
   overwrite the command line.
 * Improve the reapply of non-bridge properties.
 * Honor adding a Bluetooth NAP connection with all available methods.
@@ -519,7 +454,7 @@ Overview of changes since NetworkManager-1.36
 * Workaround libcurl blocking NetworkManager while resolving DNS names.
 * nmcli: indicate missing Wi-Fi hardware when showing rfkill setting.
 * nmcli: add connection migrate command to move a profile to a specified
-  settings plugin. This allows one to convert profiles in the deprecated ifcfg-rh
+  settings plugin. This allows to convert profiles in the deprecated ifcfg-rh
   format to keyfile.
 * Set "src" attribute for routes from DHCPv4 to the leased address. This
   helps with source address selection.
@@ -651,7 +586,7 @@ and 1.32.12 are also present in NetworkManager-1.34:
 * core: fix adding stale local routes when address changes.
 * initrd: tag generated profiles with origin in user data.
 * core: introduce "allowed-connections" option to disallow
-  profiles on a device. This allows one to filter out profiles
+  profiles on a device. This allows to filter out profiles
   that originate from initrd.
 * core: introduce "keep-configuration" device option to forcefully
   activate a profile on start.
@@ -712,7 +647,7 @@ Overview of changes since NetworkManager-1.30
   'nm-daemon-helper' binary is spawned to perform the lookup using
   the 'dns' NSS module.
 * dhcp: honor "ID_NET_DHCP_BROADCAST" udev attribute to set the broadcast flag.
-  This allows one to configure devices in udev for which DHCPOFFER messages are to be
+  This allows to configure devices in udev for which DHCPOFFER messages are to be
   broadcast.
 * firewall: add nftables firewall backend for configuring IPv4 NAT with shared
   mode. Now two backends are supported, "iptables" and "nftables". The default
@@ -972,16 +907,16 @@ This is a new stable release of NetworkManager.  Notable changes include:
   in allowed-ips.
 * Rework implementation of settings plugins and how profiles are presisted
   to disk. This is a large internal refactoring of the settings plugins that
-  allows one to migrate a connection profile between plugins.
+  allows to migrate a connection profile between plugins.
 * In-memory profiles are now only handled by keyfile plugin and will also be
-  persisted to /run directory. This allows one to restart NetworkManager without
+  persisted to /run directory. This allows to restart NetworkManager without
   loosing these profiles and it provides a file-system based API for creating
   in-memory profiles.
 * Keyfile plugin now supports a read-only directory of profiles under directory
   "/usr/lib/NetworkManager/system-connections". Such profiles still can be modified
   and deleted via D-Bus, which results in writing profiles to /etc or /run that
   shadow the read-only files.
-* Add new D-Bus method AddConnection2() that allows one to block autoconnect of
+* Add new D-Bus method AddConnection2() that allows to block autoconnect of
   the profile at the moment when creating the profile. Also add support for
   this API to libnm.
 * Add flag "no-reapply" to Update2() D-Bus method. Normally, when a connection

README.md

@@ -112,14 +112,6 @@ contrib/fedora/rpm/NetworkManager.conf for how to enable debug logging
 in NetworkManager.
 
 
-Requirements
-------------
-
-NetworkManager requires:
-
-- Linux kernel >= 5.6 for some ethtool options (pause, eee, ring)
-
-
 Documentation
 -------------
 

config.h.meson

@@ -239,15 +239,6 @@
 /* Whether we build with OVS plugin */
 #mesondefine WITH_OPENVSWITCH
 
-/* Whether we build with team support */
-#mesondefine WITH_TEAMDCTL
-
-/* Whether we build with Wi-Fi support */
-#mesondefine WITH_WIFI
-
-/* Whether we build with WWAN support */
-#mesondefine WITH_WWAN
-
 /* Define if you have PPP support */
 #mesondefine WITH_PPP
 
@@ -289,8 +280,3 @@
 /* Define to 1 if you have history support from -lreadline. */
 #mesondefine HAVE_READLINE_HISTORY
 
-/* Define if NBFT support is enabled */
-#mesondefine WITH_NBFT
-
-/* Define to 1 if dlvsym() is available */
-#mesondefine HAVE_DLVSYM

contrib/alpine/REQUIRED_PACKAGES

@@ -25,11 +25,11 @@ apk add \
     'jansson-dev' \
     'libgudev-dev' \
     'libndp-dev' \
-    'libnvme-dev' \
     'libnl3-dev' \
     'libpsl-dev' \
     'libsoup-dev' \
     'libteam-dev' \
+    'libtool' \
     'linux-headers' \
     'meson' \
     'mobile-broadband-provider-info' \

contrib/debian/REQUIRED_PACKAGES

@@ -56,12 +56,12 @@ install \
     libndp-dev \
     libnewt-dev \
     libnss3-dev \
-    libnvme-dev \
     libpolkit-gobject-1-dev \
     libpsl-dev \
     libreadline-dev \
     libsystemd-dev \
     libteam-dev \
+    libtool \
     libudev-dev \
     locales \
     meson \

contrib/fedora/REQUIRED_PACKAGES

@@ -66,8 +66,8 @@ install \
     jq \
     libcurl-devel \
     libndp-devel \
-    libnvme-devel \
     libselinux-devel \
+    libtool \
     libuuid-devel \
     meson \
     mobile-broadband-provider-info-devel \

contrib/fedora/rpm/NetworkManager.spec

@@ -14,7 +14,6 @@
 
 %global epoch_version 1
 %global real_version __VERSION__
-%global git_tag_version __GIT_TAG_VERSION__
 %global rpm_version %{real_version}
 %global release_version __RELEASE_VERSION__
 %global snapshot __SNAPSHOT__
@@ -107,11 +106,6 @@
 %else
 %bcond_without iwd
 %endif
-%if 0%{?fedora} <= 43 || 0%{?rhel} <= 10
-%bcond_without polkit_noauth_group
-%else
-%bcond_with polkit_noauth_group
-%endif
 
 ###############################################################################
 
@@ -159,6 +153,17 @@
 %bcond_with ifcfg_migrate
 %endif
 
+%if 0%{?fedora}
+# Although eBPF would be available on Fedora's kernel, it seems
+# we often get SELinux denials (rh#1651654). But even aside them,
+# bpf(BPF_MAP_CREATE, ...) randomly fails with EPERM. That might
+# be related to `ulimit -l`. Anyway, this is not usable at the
+# moment.
+%global ebpf_enabled "no"
+%else
+%global ebpf_enabled "no"
+%endif
+
 # Fedora 33 enables LTO by default by setting CFLAGS="-flto -ffat-lto-objects".
 # However, we also require "-flto -flto-partition=none", so disable Fedora's
 # default and use our configure option --with-lto instead.
@@ -175,7 +180,7 @@ Group: System Environment/Base
 License: GPL-2.0-or-later AND LGPL-2.1-or-later
 URL: https://networkmanager.dev/
 
-#Source: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/releases/%{git_tag_version}/downloads/%{name}-%{real_version}.tar.xz
+#Source: https://download.gnome.org/sources/NetworkManager/%{real_version_major}/%{name}-%{real_version}.tar.xz
 Source: __SOURCE1__
 Source1: NetworkManager.conf
 Source2: 00-server.conf
@@ -248,6 +253,7 @@ Conflicts: NetworkManager-dispatcher-routing-rules <= 1:1.47.5-3
 %endif
 
 BuildRequires: gcc
+BuildRequires: libtool
 BuildRequires: pkgconfig
 BuildRequires: meson
 BuildRequires: gettext-devel >= 0.19.8
@@ -301,7 +307,6 @@ BuildRequires: libubsan
 BuildRequires: firewalld-filesystem
 BuildRequires: iproute
 BuildRequires: iproute-tc
-BuildRequires: libnvme-devel >= 1.5
 
 Provides: %{name}-dispatcher%{?_isa} = %{epoch}:%{version}-%{release}
 
@@ -621,10 +626,14 @@ Preferably use nmcli instead.
 %endif
 %if %{with wifi}
 	-Dwifi=true \
+%if 0%{?fedora}
+	-Dwext=true \
+%else
+	-Dwext=false \
+%endif
 %else
 	-Dwifi=false \
 %endif
-	-Dwext=false \
 %if %{with iwd}
 	-Diwd=true \
 %else
@@ -666,20 +675,22 @@ Preferably use nmcli instead.
 	-Dselinux=true \
 	-Dpolkit=true  \
 	-Dconfig_auth_polkit_default=true \
-%if %{with polkit_noauth_group}
-	-Dpolkit_noauth_group=wheel \
-%endif
+	-Dmodify_system=true \
 	-Dconcheck=true \
 %if 0%{?fedora}
 	-Dlibpsl=true \
 %else
 	-Dlibpsl=false \
+%endif
+%if %{ebpf_enabled} != "yes"
+	-Debpf=false \
+%else
+	-Debpf=true \
 %endif
 	-Dsession_tracking=systemd \
 	-Dsuspend_resume=systemd \
 	-Dsystemdsystemunitdir=%{_unitdir} \
-	-Dsystemdsystemgeneratordir=%{_systemdgeneratordir} \
-	-Dsystem_ca_path=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem \
+	-Dsystem_ca_path=/etc/pki/tls/cert.pem \
 	-Ddbus_conf_dir=%{dbus_sys_dir} \
 	-Dtests=yes \
 	-Dvalgrind=no \
@@ -750,12 +761,6 @@ rm -f %{buildroot}%{_libdir}/*.la
 rm -f %{buildroot}%{_libdir}/pppd/%{ppp_version}/*.la
 rm -f %{buildroot}%{nmplugindir}/*.la
 
-# Don't use the *-initrd.service files yet, wait dracut to support them
-rm -f %{buildroot}%{_systemdgeneratordir}/nm-initrd-generator.sh
-rm -f %{buildroot}%{_unitdir}/NetworkManager-config-initrd.service
-rm -f %{buildroot}%{_unitdir}/NetworkManager-initrd.service
-rm -f %{buildroot}%{_unitdir}/NetworkManager-wait-online-initrd.service
-
 # Ensure the documentation timestamps are constant to avoid multilib conflicts
 find %{buildroot}%{_datadir}/gtk-doc -exec touch --reference meson.build '{}' \+
 
@@ -917,9 +922,6 @@ fi
 %{_datadir}/dbus-1/system-services/org.freedesktop.nm_dispatcher.service
 %{_datadir}/dbus-1/system-services/org.freedesktop.nm_priv_helper.service
 %{_datadir}/polkit-1/actions/*.policy
-%if %{with polkit_noauth_group}
-%{_datadir}/polkit-1/rules.d/org.freedesktop.NetworkManager.rules
-%endif
 %{_prefix}/lib/udev/rules.d/*.rules
 %{_prefix}/lib/firewalld/zones/nm-shared.xml
 # systemd stuff

contrib/fedora/rpm/build.sh

@@ -12,7 +12,6 @@ set -o pipefail
 #   RELEASE_VERSION=
 #   SNAPSHOT=
 #   VERSION=
-#   GIT_TAG_VERSION=
 #   COMMIT_FULL=
 #   COMMIT=
 #   USERNAME=
@@ -113,7 +112,6 @@ UUID=`uuidgen`
 RELEASE_VERSION="${RELEASE_VERSION:-$(git rev-list HEAD | wc -l)}"
 SNAPSHOT="${SNAPSHOT:-%{nil\}}"
 VERSION="${VERSION:-$(get_version || die "Could not read $VERSION")}"
-GIT_TAG_VERSION="${GIT_TAG_VERSION:-$VERSION}"
 COMMIT_FULL="${COMMIT_FULL:-$(git rev-parse --verify HEAD || die "Error reading HEAD revision")}"
 COMMIT="${COMMIT:-$(printf '%s' "$COMMIT_FULL" | sed 's/^\(.\{10\}\).*/\1/' || die "Error reading HEAD revision")}"
 BCOND_DEFAULT_DEBUG="${BCOND_DEFAULT_DEBUG:-0}"
@@ -157,7 +155,6 @@ if [[ "$SOURCE_FROM_GIT" == "1" ]]; then
 fi
 
 LOG "VERSION=$VERSION"
-LOG "GIT_TAG_VERSION=$GIT_TAG_VERSION"
 LOG "RELEASE_VERSION=$RELEASE_VERSION"
 LOG "SNAPSHOT=$SNAPSHOT"
 LOG "COMMIT_FULL=$COMMIT_FULL"
@@ -210,7 +207,6 @@ cp "$SOURCE_README_IFCFG_MIGRATED" "$TEMP/SOURCES/readme-ifcfg-rh-migrated.txt"
 write_changelog
 
 sed -e "s/__VERSION__/$VERSION/g" \
-    -e "s/__GIT_TAG_VERSION__/$GIT_TAG_VERSION/g" \
     -e "s/__RELEASE_VERSION__/$RELEASE_VERSION/g" \
     -e "s/__SNAPSHOT__/$SNAPSHOT/g" \
     -e "s/__COMMIT__/$COMMIT/g" \

contrib/fedora/rpm/build_clean.sh

@@ -143,7 +143,7 @@ while [[ $# -gt 0 ]]; do
             ;;
         --no-auto-with-test)
             # by default, the script adds "-w test" (unless the command line contains
-            # "-w test" or "-W test"). This flag suppresses that automatism.
+            # "-w test" or "-W test"). This flags allows to suppress that automatism.
             # It's really only useful to test the spec file's internal default for the
             # "test" option. Otherwise, you can always just explicitly select "-w test"
             # or "-W test".

contrib/fedora/rpm/configure-for-system.sh

@@ -155,6 +155,7 @@ P_CRYPTO="${CRYPTO-}"
 P_DBUS_SYS_DIR="${DBUS_SYS_DIR-}"
 P_DHCP_DEFAULT="${DHCP_DEFAULT-}"
 P_DNS_RC_MANAGER_DEFAULT="${DNS_RC_MANAGER_DEFAULT-}"
+P_EBPF_ENABLED="${EBPF_ENABLED-no}"
 P_FIREWALLD_ZONE="${FIREWALLD_ZONE-}"
 P_IWD="${IWD-}"
 P_LOGGING_BACKEND_DEFAULT="${LOGGING_BACKEND_DEFAULT-}"
@@ -173,7 +174,6 @@ P_WIFI="${WIFI-1}"
 P_WWAN="${WWAN-1}"
 P_TEAM="${TEAM-1}"
 P_BLUETOOTH="${BLUETOOTH-1}"
-P_IFCFG_RH="${IFCFG_RH-0}"
 P_NMTUI="${NMTUI-1}"
 P_NM_CLOUD_SETUP="${NM_CLOUD_SETUP-1}"
 P_OVS="${OVS-1}"
@@ -203,7 +203,7 @@ if [ -z "$P_FEDORA" -a -z "$P_RHEL" ] ; then
         P_FEDORA="$x"
         P_RHEL=0
     else
-        x="$(grep -q 'ID="rhel"' /etc/os-release && sed -n 's/^VERSION_ID="*\([0-9]*\).*/\1/p' /etc/os-release)"
+        x="$(grep -q "ID=fedora" /etc/os-release && sed -n 's/VERSION_ID=//p' /etc/os-release)"
         if test "$x" -gt 0 ; then
             P_FEDORA=0
             P_RHEL="$x"
@@ -294,14 +294,6 @@ if [ -z "$P_MODEM_MANAGER_1" ] ; then
     fi
 fi
 
-if [ -z "$TEAM" ] && [ "${P_RHEL-0}" -ge 10 ] ; then
-    P_TEAM=0
-fi
-
-if [ -z "$IFCFG_RH" ] && [ -n "$P_RHEL" ] && [ "$P_RHEL" -le 9 ] ; then
-    P_IFCFG_RH=1
-fi
-
 if bool "$P_DEBUG" ; then
     P_CFLAGS="-g -Og -fexceptions${P_CFLAGS:+ }$P_CFLAGS"
 else
@@ -387,7 +379,7 @@ meson setup\
     -Db_lto="$(bool_true "$P_LTO")" \
     -Dlibaudit=yes-disabled-by-default \
     -Dmodem_manager="$(bool_true "$P_MODEM_MANAGER_1")" \
-    $(args_enable "$P_WIFI"                    -Dwifi=true  -Dwext=false) \
+    $(args_enable "$P_WIFI"                    -Dwifi=true  -Dwext="$(bool_true "$P_FEDORA")") \
     $(args_enable "$(bool_not_true "$P_WIFI")" -Dwifi=false                                  ) \
     -Diwd="$(bool_true "$P_IWD")" \
     -Dbluez5_dun="$(bool_true "$P_BLUETOOTH")" \
@@ -401,17 +393,18 @@ meson setup\
     -Dselinux=true \
     -Dpolkit=true  \
     -Dconfig_auth_polkit_default=true \
+    -Dmodify_system=true \
     -Dconcheck=true \
     -Dlibpsl="$(bool_true "$P_FEDORA")" \
+    -Debpf="$(bool_true "$P_EBPF_ENABLED")" \
     -Dsession_tracking=systemd \
     -Dsuspend_resume=systemd \
     -Dsystemdsystemunitdir=/usr/lib/systemd/system \
-    -Dsystemdsystemgeneratordir=/usr/lib/systemd/system-generators \
     -Dsystem_ca_path=/etc/pki/tls/cert.pem \
     -Ddbus_conf_dir="$P_DBUS_SYS_DIR" \
     -Dtests=yes \
     -Dvalgrind=no \
-    -Difcfg_rh="$(bool_true "$P_IFCFG_RH")" \
+    -Difcfg_rh=true \
     -Difupdown=false \
     $(args_enable "$P_PPP"                    -Dppp=true  -Dpppd="$D_SBINDIR/pppd" -Dpppd_plugin_dir="$D_LIBDIR/pppd/$P_PPP_VERSION") \
     $(args_enable "$(bool_not_true "$P_PPP")" -Dppp=false                                                                           ) \

contrib/fedora/utils/makerepo.sh

@@ -265,11 +265,9 @@ detect_dirname() {
             # At some point FEDPKG changed the behavior of "prep" command
             # now it generates the directory with "-build" suffix and the
             # real directory inside. We just move it out.
-            if [ -d "$D-build" ]; then
-                rm -rf "$D"
-                mv "$D-build/$D" .
-                rm -rf "$D-build"
-            fi
+            rm -rf $D
+            mv $D-build/$D .
+            rm -rf $D-build
             [[ -d "$D" ]] && DIRS=("${DIRS[@]}" "$D")
         done
     done

contrib/scripts/nm-ci-run.sh

@@ -54,15 +54,10 @@ _WITH_WERROR=1
 _WITH_LIBTEAM="true"
 _WITH_DOCS="true"
 _WITH_SYSTEMD_LOGIND="true"
-_WITH_NBFT="true"
 if [ $IS_ALPINE = 1 ]; then
     _WITH_SYSTEMD_LOGIND="false"
 fi
 
-if ! pkgconf 'libnvme >= 1.5'; then
-    _WITH_NBFT="false"
-fi
-
 if [ -z "${NMTST_SEED_RAND+x}" ]; then
     NMTST_SEED_RAND="$SRANDOM"
     if [ -z "$NMTST_SEED_RAND" ]; then
@@ -169,18 +164,18 @@ meson setup build \
     -D ld_gc=false \
     -D session_tracking=no \
     -D systemdsystemunitdir=no \
-    -D systemdsystemgeneratordir=no \
     -D systemd_journal=false \
     -D selinux=false \
     -D libaudit=no \
     -D libpsl=false \
     -D vapi=false \
     -D introspection=$_WITH_DOCS \
-    -D man=$_WITH_DOCS \
     -D qt=false \
     -D crypto=$_WITH_CRYPTO \
     -D docs=$_WITH_DOCS \
     \
+    -D ebpf=false \
+    \
     -D iwd=true \
     -D ofono=true \
     -D teamdctl=$_WITH_LIBTEAM \
@@ -194,8 +189,6 @@ meson setup build \
     -D ifcfg_rh=false \
     -D ifupdown=true \
     \
-    -D nbft=$_WITH_NBFT \
-    \
     #end
 
 export NM_TEST_CLIENT_CHECK_L10N=1

data/NetworkManager-config-initrd.service.in

@@ -1,24 +0,0 @@
-[Unit]
-Description=NetworkManager Configuration (initrd)
-AssertPathExists=/etc/initrd-release
-DefaultDependencies=no
-Wants=systemd-journald.socket
-After=systemd-journald.socket
-Before=systemd-udevd.service systemd-udev-trigger.service
-
-[Service]
-Type=oneshot
-ExecStartPre=/bin/sh -c "rm -f /run/NetworkManager/system-connections/*"
-ExecStart=/bin/sh -c "@libexecdir@/nm-initrd-generator -- $(cat /proc/cmdline)"
-ExecStartPost=/bin/sh -c ' \
-    for i in /{usr/lib,run,etc}/NetworkManager/system-connections/*; do \
-        [ -f "$i" ] || continue; \
-        mkdir -p /run/NetworkManager/initrd; \
-        : > /run/NetworkManager/initrd/neednet; \
-        break; \
-    done; \
-    if [ -s /run/NetworkManager/initrd/hostname ]; then \
-        cat /run/NetworkManager/initrd/hostname > /proc/sys/kernel/hostname; \
-    fi \
-'
-RemainAfterExit=yes

data/NetworkManager-initrd.service.in

@@ -1,24 +0,0 @@
-[Unit]
-Description=NetworkManager (initrd)
-AssertPathExists=/etc/initrd-release
-DefaultDependencies=no
-Wants=systemd-udev-trigger.service network.target
-After=systemd-udev-trigger.service network-pre.target dbus.service NetworkManager-config-initrd.service
-Before=network.target
-BindsTo=dbus.service
-ConditionPathExists=/run/NetworkManager/initrd/neednet
-ConditionPathExistsGlob=|/usr/lib/NetworkManager/system-connections/*
-ConditionPathExistsGlob=|/run/NetworkManager/system-connections/*
-ConditionPathExistsGlob=|/etc/NetworkManager/system-connections/*
-
-[Service]
-Type=dbus
-BusName=org.freedesktop.NetworkManager
-ExecReload=/usr/bin/busctl call org.freedesktop.NetworkManager /org/freedesktop/NetworkManager org.freedesktop.NetworkManager Reload u 0
-ExecStart=@sbindir@/NetworkManager
-# NM doesn't want systemd to kill its children for it
-KillMode=process
-Environment=NM_CONFIG_ENABLE_TAG=initrd
-Restart=on-failure
-ProtectSystem=true
-ProtectHome=read-only

data/NetworkManager-wait-online-initrd.service.in

@@ -1,23 +0,0 @@
-[Unit]
-Description=NetworkManager Wait Online (initrd)
-AssertPathExists=/etc/initrd-release
-DefaultDependencies=no
-Requires=NetworkManager-initrd.service
-After=NetworkManager-initrd.service
-Before=network-online.target
-ConditionPathExists=/run/NetworkManager/initrd/neednet
-
-[Service]
-# `nm-online -s` waits until the point when NetworkManager logs
-# "startup complete". That is when startup actions are settled and
-# devices and profiles reached a conclusive activated or deactivated
-# state. It depends on which profiles are configured to autoconnect and
-# also depends on profile settings like ipv4.may-fail/ipv6.may-fail,
-# which affect when a profile is considered fully activated.
-# Check NetworkManager logs to find out why wait-online takes a certain
-# time.
-
-Type=oneshot
-ExecStart=@bindir@/nm-online -s -q
-RemainAfterExit=yes
-Environment=NM_ONLINE_TIMEOUT=3600

data/NetworkManager.service.in

@@ -19,7 +19,7 @@ KillMode=process
 # With a huge number of interfaces, starting can take a long time.
 TimeoutStartSec=600
 
-CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_BPF CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL CAP_SYS_CHROOT
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL CAP_SYS_CHROOT
 
 ProtectSystem=true
 ProtectHome=read-only

data/meson.build

@@ -13,9 +13,6 @@ if install_systemdunitdir
     'NetworkManager.service',
     'nm-priv-helper.service',
     'NetworkManager-wait-online.service',
-    'NetworkManager-config-initrd.service',
-    'NetworkManager-initrd.service',
-    'NetworkManager-wait-online-initrd.service',
   ]
 
   foreach service: services
@@ -55,22 +52,21 @@ if install_udevdir
 endif
 
 if enable_polkit
+  policy = 'org.freedesktop.NetworkManager.policy'
+
+  policy_in = configure_file(
+    input: policy + '.in.in',
+    output: '@BASENAME@',
+    configuration: data_conf,
+  )
+
   i18n.merge_file(
-    input: 'org.freedesktop.NetworkManager.policy.in',
+    input: policy_in,
     output: '@BASENAME@',
     po_dir: po_dir,
     install: true,
-    install_dir: polkit_policydir,
+    install_dir: polkit_gobject_policydir,
   )
-
-  if polkit_noauth_group != ''
-    configure_file(
-      input: 'org.freedesktop.NetworkManager.rules.in',
-      output: '@BASENAME@',
-      install_dir: polkit_rulesdir,
-      configuration: {'NM_POLKIT_NOAUTH_GROUP': polkit_noauth_group},
-    )
-  endif
 endif
 
 if enable_firewalld_zone

data/nm-priv-helper.service.in

@@ -2,8 +2,8 @@
 Description=NetworkManager Privileged Helper
 
 #
-# nm-priv-helper exists for privilege separation. It allows NetworkManager
-# to run without certain capabilities, and ask nm-priv-helper
+# nm-priv-helper exists for privilege separation. It allows to run
+# NetworkManager without certain capabilities, and ask nm-priv-helper
 # for special operations where more privileges are required.
 #
 

data/org.freedesktop.NetworkManager.policy.in.in

@@ -117,8 +117,8 @@
     <message>System policy prevents modification of network settings for all users</message>
     <defaults>
       <allow_any>auth_admin_keep</allow_any>
-      <allow_inactive>auth_admin_keep</allow_inactive>
-      <allow_active>auth_admin_keep</allow_active>
+      <allow_inactive>@NM_MODIFY_SYSTEM_POLICY@</allow_inactive>
+      <allow_active>@NM_MODIFY_SYSTEM_POLICY@</allow_active>
     </defaults>
   </action>
 

data/org.freedesktop.NetworkManager.rules.in

@@ -1,17 +0,0 @@
-// NetworkManager authorizations/policy for the @NM_POLKIT_NOAUTH_GROUP@ group.
-//
-// DO NOT EDIT THIS FILE, it will be overwritten on update.
-//
-// Allow users in the @NM_POLKIT_NOAUTH_GROUP@ group to create system-wide connections without being
-// prompted for a password if they are in a local console.
-// This is optional and is only recommended to maintain backwards compatibility
-// in systems where it was already working in this way. It is discouraged
-// otherwise.
-
-polkit.addRule(function(action, subject) {
-    if (action.id == "org.freedesktop.NetworkManager.settings.modify.system" &&
-        subject.isInGroup("@NM_POLKIT_NOAUTH_GROUP@") &&
-        subject.local) {
-        return polkit.Result.YES;
-    }
-});

docs/api/meson.build

@@ -1,8 +1,6 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later
 
 if enable_introspection
-  xsltproc = find_program('xsltproc')
-
   settings = 'settings-spec'
   output = settings + '.xml'
 

docs/libnm/libnm-docs.xml

@@ -341,7 +341,6 @@ print ("NetworkManager version " + client.get_version())]]></programlisting></in
     <xi:include href="xml/nm-setting-ovs-port.xml"/>
     <xi:include href="xml/nm-setting-ppp.xml"/>
     <xi:include href="xml/nm-setting-pppoe.xml"/>
-    <xi:include href="xml/nm-setting-prefix-delegation.xml"/>
     <xi:include href="xml/nm-setting-proxy.xml"/>
     <xi:include href="xml/nm-setting-serial.xml"/>
     <xi:include href="xml/nm-setting-sriov.xml"/>

examples/C/glib/monitor-nm-state-gdbus.c

@@ -23,8 +23,8 @@ static const char *
 nm_state_to_string(NMState state)
 {
     switch (state) {
-    case NM_STATE_DISABLED:
-        return "network off";
+    case NM_STATE_ASLEEP:
+        return "asleep";
     case NM_STATE_CONNECTING:
         return "connecting";
     case NM_STATE_CONNECTED_LOCAL:

examples/python/gi/gmaincontext.py

@@ -188,7 +188,7 @@ def create_nmc(dbus_connection):
     # which has an overhead.
     #
     # Also, split the GObject creation and the init_async() call in two.
-    # That allows one to pass construct-only parameters, in particular like
+    # That allows to pass construct-only parameters, in particular like
     # the instance_flags.
 
     # Create a separate context for the NMClient. The NMClient is strongly

examples/python/gi/secret-agent.py

@@ -1,92 +0,0 @@
-#!/usr/bin/env python
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-import gi
-
-gi.require_version("NM", "1.0")
-from gi.repository import GLib, NM, Gio
-
-# This example shows how to implement a very simple secret agent for
-# NetworkManager. The secret agent registers to the NM daemon and can
-# provide missing secrets like Wi-Fi or VPN passwords. Set environment
-# variable "LIBNM_CLIENT_DEBUG=trace" to enable libnm verbose logging.
-
-
-class SecretAgent(NM.SecretAgentOld):
-    def __init__(self):
-        super().__init__(identifier="MySecretAgent")
-        super().init()
-
-    def do_get_secrets(
-        self,
-        connection,
-        connection_path,
-        setting_name,
-        hints,
-        flags,
-        callback,
-        callback_data,
-    ):
-        print(
-            "get_secrets for '{}', interface '{}', setting '{}'".format(
-                connection.get_id(), connection.get_interface_name(), setting_name
-            )
-        )
-
-        # Implement here the logic to retrieve the secrets.
-        # As an example, we return a hardcoded Wi-Fi PSK.
-        if (
-            connection.get_connection_type() == "802-11-wireless"
-            and setting_name == "802-11-wireless-security"
-        ):
-            s_wifi = connection.get_setting_wireless()
-            ssid = NM.utils_ssid_to_utf8(s_wifi.get_ssid().get_data())
-
-            if ssid == "home":
-                secrets = GLib.Variant(
-                    "a{sa{sv}}",
-                    {
-                        "802-11-wireless-security": {
-                            "psk": GLib.Variant("s", "abcd1234")
-                        }
-                    },
-                )
-                print("Sending secrets {}".format(secrets))
-                callback(self, connection, secrets, None)
-                return
-
-        # We don't have the secret, NM will ask to another agent or fail
-        callback(
-            self,
-            connection,
-            None,
-            GLib.GError.new_literal(
-                NM.SecretAgentError.quark(),
-                "No secrets found",
-                NM.SecretAgentError.NOSECRETS,
-            ),
-        )
-
-    def do_cancel_get_secrets(self, connection_path, connection_name):
-        pass
-
-    def do_save_secrets(self, connection, connection_path, callback, callback_data):
-        # Implement this if you want to store "agent-owned" secrets
-        callback(self, connection, None)
-
-    def do_delete_secrets(self, connection, connection_path, callback, callback_data):
-        # Implement this if you want to store "agent-owned" secrets
-        callback(self, connection, None)
-
-
-def main():
-    agent = SecretAgent()
-    loop = GLib.MainLoop()
-    try:
-        loop.run()
-    except KeyboardInterrupt:
-        print("Exiting Secret Agent...")
-
-
-if __name__ == "__main__":
-    main()

introspection/org.freedesktop.NetworkManager.Device.xml

@@ -321,7 +321,7 @@
     <!--
         Reapply:
         @connection: The optional connection settings that will be reapplied on the device. If empty, the currently active settings-connection will be used. The connection cannot arbitrarily differ from the current applied-connection otherwise the call will fail. Only certain changes are supported, like adding or removing IP addresses.
-        @version_id: If non-zero, the current version id of the applied-connection must match. The current version id can be retrieved via GetAppliedConnection. This optional argument allows one to catch concurrent modifications between the GetAppliedConnection call and Reapply.
+        @version_id: If non-zero, the current version id of the applied-connection must match. The current version id can be retrieved via GetAppliedConnection. This optional argument allows to catch concurrent modifications between the GetAppliedConnection call and Reapply.
         @flags: Flags which would modify the behavior of the Reapply call. Invalid flags are rejected.
 
         Attempts to update the configuration of a device without deactivating it.
@@ -337,7 +337,7 @@
         settings-connection, or call Reapply. The Reapply call allows you to
         directly update the applied-connection and reconfigure the device. Reapply
         can also be useful if the currently applied-connection is equal to the
-        connection that is about to be reapplied. This allows one to reconfigure the
+        connection that is about to be reapplied. This allows to reconfigure the
         device and revert external changes like removing or adding an IP address
         (which NetworkManager doesn't revert automatically because it is assumed
         that the user made these changes intentionally outside of NetworkManager).

man/NetworkManager.conf.xml

@@ -83,11 +83,6 @@
     note that your distribution or other packages may drop configuration snippets for NetworkManager, such
     that they are part of the factory default.
     </para>
-    <para>
-    The options that are indicated as boolean can be set to one of these values:
-    <literal>yes</literal>, <literal>true</literal>, <literal>on</literal>, <literal>1</literal>,
-    <literal>no</literal>, <literal>false</literal>, <literal>off</literal>, <literal>0</literal>.
-    </para>
 
   </refsect1>
 
@@ -276,7 +271,8 @@ no-auto-default=*
             Set the management mode of the hostname. This parameter will
             affect only the transient hostname. If a valid static hostname is set,
             NetworkManager will skip the update of the hostname despite the value of
-            this option. A hostname empty or equal to '(none)' is considered invalid.
+            this option. An hostname empty or equal to 'localhost', 'localhost6',
+            'localhost.localdomain' or 'localhost6.localdomain' is considered invalid.
           </para>
           <para><literal>default</literal>: NetworkManager will update the
           hostname with the one provided via DHCP or reverse DNS lookup of the
@@ -900,15 +896,11 @@ ipv6.ip6-privacy=0
         </varlistentry>
         <varlistentry>
           <term><varname>connection.mptcp-flags</varname></term>
-          <listitem><para>If unspecified, the fallback is 0x122 (<literal>"enabled,subflow,laminar"</literal>). Note that if sysctl <literal>/proc/sys/net/mptcp/enabled</literal> is disabled, NetworkManager will still not configure endpoints.</para></listitem>
+          <listitem><para>If unspecified, the fallback is 0x22 (<literal>"enabled,subflow"</literal>). Note that if sysctl <literal>/proc/sys/net/mptcp/enabled</literal> is disabled, NetworkManager will still not configure endpoints.</para></listitem>
         </varlistentry>
         <varlistentry>
           <term><varname>connection.dns-over-tls</varname></term>
-          <listitem><para>If unspecified, the ultimate default values depends on the DNS plugin. With systemd-resolved the default currently is its global setting and for all other plugins "no" (0).</para></listitem>
-        </varlistentry>
-        <varlistentry>
-          <term><varname>connection.dnssec</varname></term>
-          <listitem><para>If unspecified, the ultimate default values depends on the DNS plugin. With systemd-resolved the default currently is its global setting and for all other plugins "no" (0).</para></listitem>
+          <listitem><para>If unspecified, the ultimate default values depends on the DNS plugin. With systemd-resolved the default currently is global setting and for all other plugins "no" (0).</para></listitem>
         </varlistentry>
         <varlistentry>
           <term><varname>connection.stable-id</varname></term>
@@ -950,10 +942,6 @@ ipv6.ip6-privacy=0
           <term><varname>ip-tunnel.mtu</varname></term>
           <listitem><para>If configured explicitly to 0, the MTU is not reconfigured during device activation unless it is required due to IPv6 constraints. If left unspecified, a DHCP/IPv6 SLAAC provided value is used or a default of 1500.</para></listitem>
         </varlistentry>
-        <varlistentry>
-          <term><varname>ipv4.forwarding</varname></term>
-          <listitem><para>Whether to configure IPv4 sysctl interface-specific forwarding. When enabled, the interface will act as a router to forward the IPv4 packet from one interface to another. If left unspecified, "auto" is used, so NetworkManager sets the IPv4 forwarding if any shared connection is active, or it will use the kernel default value otherwise. The "ipv4.forwarding" property is ignored when "ipv4.method" is set to "shared", because forwarding is always enabled in this case. The accepted values are: 0: disabled, 1: enabled, 2: auto, 3: ignored (leave the forwarding unchanged).</para></listitem>
-        </varlistentry>
         <varlistentry>
           <term><varname>ipv4.routed-dns</varname></term>
         </varlistentry>
@@ -1102,12 +1090,6 @@ ipv6.ip6-privacy=0
           <term><varname>sriov.autoprobe-drivers</varname></term>
           <listitem><para>If left unspecified, drivers are autoprobed when the SR-IOV VF gets created.</para></listitem>
         </varlistentry>
-        <varlistentry>
-          <term><varname>sriov.preserve-on-down</varname></term>
-          <listitem><para>Set to 0 or 1 to select whether the SR-IOV parameters are
-          preserved when the connection is deactivated. If left unspecified, default
-          to 0 (parameters are not preserved). </para></listitem>
-        </varlistentry>
         <varlistentry>
           <term><varname>vpn.timeout</varname></term>
           <listitem><para>If left unspecified, default value of 60 seconds is used.</para></listitem>
@@ -1254,13 +1236,12 @@ managed=1
           <term><varname>managed</varname></term>
           <listitem>
             <para>
-              A boolean value specifying whether the device is
-              managed or not. A device can be marked as managed via
-              udev rules (ENV{NM_UNMANAGED}), or via setting plugins
-              (keyfile.unmanaged-devices).  This is yet another
-              way. Note that this configuration can be overruled at
-              runtime via D-Bus. Also, it has higher priority than
-              udev rules.
+              Whether the device is managed or not. A device can be
+              marked as managed via udev rules (ENV{NM_UNMANAGED}),
+              or via setting plugins (keyfile.unmanaged-devices).
+              This is yet another way. Note that this configuration
+              can be overruled at runtime via D-Bus. Also, it has
+              higher priority then udev rules.
             </para>
           </listitem>
         </varlistentry>
@@ -1329,27 +1310,9 @@ managed=1
             </para>
           </listitem>
         </varlistentry>
-        <varlistentry id="check-connectivity">
-          <term><varname>check-connectivity</varname></term>
-          <listitem>
-            <para>
-              A boolean value specifying whether NetworkManager will perform a connectivity check
-              for this device. Defaults to <literal>yes</literal>.
-            </para>
-            <para>
-              This setting does nothing if the connectivity check has been
-              disabled globally using the
-              <literal>connectivity.enabled</literal> setting.
-            </para>
-          </listitem>
-        </varlistentry>
         <varlistentry id="keep-configuration">
-          <term><varname>keep-configuration</varname></term>
+         <term><varname>keep-configuration</varname></term>
           <listitem>
-            <para>
-              A boolean value indicating whether the existing device
-              configuration is kept at startup.
-            </para>
             <para>
               On startup, NetworkManager tries to not interfere with
               interfaces that are already configured. It does so by
@@ -1412,7 +1375,7 @@ managed=1
               scanning. This defaults to <literal>yes</literal> in which case
               a random, locally-administered MAC address will be used.
               The setting <literal>wifi.scan-generate-mac-address-mask</literal>
-              can be used to influence the generated MAC address to use certain vendor
+              allows to influence the generated MAC address to use certain vendor
               OUIs.
               If disabled, the MAC address during scanning is left unchanged to
               whatever is configured.
@@ -1436,7 +1399,7 @@ managed=1
           <listitem>
             <para>
               Like the per-connection settings <literal>ethernet.generate-mac-address-mask</literal>
-              and <literal>wifi.generate-mac-address-mask</literal>, this can be used to configure the
+              and <literal>wifi.generate-mac-address-mask</literal>, this allows to configure the
               generated MAC addresses during scanning. See <citerefentry><refentrytitle>nm-settings-nmcli</refentrytitle><manvolnum>5</manvolnum></citerefentry>
               for details.
             </para>
@@ -1446,16 +1409,16 @@ managed=1
           <term><varname>wifi.iwd.autoconnect</varname></term>
           <listitem>
             <para>
-              A boolean value. If <literal>wifi.backend</literal> is <literal>iwd</literal>,
-              setting this to <literal>false</literal> forces IWD's autoconnect mechanism to be
-              disabled for this device and connections will only be initiated by NetworkManager
-              whether commanded by a client or automatically.  Leaving it <literal>true</literal>
-              (default) stops NetworkManager from automatically initiating connections and allows
-              IWD to use its network ranking and scanning logic to decide the best networks to
-              autoconnect to next.  Connections' <literal>autoconnect-priority</literal>,
-              <literal>autoconnect-retries</literal> settings will be ignored.  Other settings like
-              <literal>permissions</literal> or <literal>multi-connect</literal> may interfere with
-              IWD connection attempts.
+              If <literal>wifi.backend</literal> is <literal>iwd</literal>, setting this to
+              <literal>false</literal> forces IWD's autoconnect mechanism to be disabled for
+              this device and connections will only be initiated by NetworkManager whether
+              commanded by a client or automatically.  Leaving it <literal>true</literal> (default)
+              stops NetworkManager from automatically initiating connections and allows
+              IWD to use its network ranking and scanning logic to decide the best networks
+              to autoconnect to next.  Connections' <literal>autoconnect-priority</literal>,
+              <literal>autoconnect-retries</literal> settings will be ignored.  Other settings
+              like <literal>permissions</literal> or <literal>multi-connect</literal> may interfere
+              with IWD connection attempts.
             </para>
           </listitem>
         </varlistentry>
@@ -1514,7 +1477,7 @@ managed=1
       <variablelist>
         <varlistentry>
           <term><varname>enabled</varname></term>
-          <listitem><para>A boolean indicating whether connectivity check is enabled.
+          <listitem><para>Whether connectivity check is enabled.
           Note that to enable connectivity check, a valid uri must
           also be configured. The value defaults to true, but since
           the uri is unset by default, connectivity check may be disabled.
@@ -1568,12 +1531,8 @@ managed=1
 
   <refsect1>
     <title><literal>global-dns</literal> section</title>
-    <para>This section specifies DNS settings that are applied globally. They
-    override the equivalent options defined in individual connections, making
-    them to be ignored. If a [global-dns-domain-*] section is defined, but this
-    section isn't, an empty [global-dns] section is assumed, thus overwriting
-    connection specific configurations too.
-    </para>
+    <para>This section specifies DNS settings that are applied
+    globally, in addition to connection-specific ones.</para>
     <para>
       <variablelist>
         <varlistentry>
@@ -1622,7 +1581,7 @@ managed=1
   <refsect1>
     <title><literal>global-dns-domain</literal> sections</title>
     <para>Sections with a name starting with the "global-dns-domain-"
-    prefix allow one to define global DNS configuration for specific
+    prefix allow to define global DNS configuration for specific
     domains.  The part of section name after "global-dns-domain-"
     specifies the domain name a section applies to (for example, a
     section could be named "global-dns-domain-foobar.com").  More
@@ -1633,10 +1592,6 @@ managed=1
     default domain "*". When the global DNS domains are valid, the
     name servers and domains defined globally override the ones from
     active connections.
-
-    If any global DNS domain is defined but a [global-dns] section isn't,
-    an empty [global-dns] section is assumed, thus overwriting its
-    connection specific configurations too.
     </para>
     <para>
       <variablelist>

man/meson.build

@@ -1,5 +1,29 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later
 
+common_ent_file = configure_file(
+  input: 'common.ent.in',
+  output: '@BASENAME@',
+  configuration: data_conf,
+)
+
+xsltproc_options = [
+  xsltproc,
+  '--output', '@OUTPUT@',
+  '--path', meson.current_build_dir(),
+  '--xinclude',
+  '--nonet',
+  '--stringparam', 'man.output.quietly', '1',
+  '--stringparam', 'funcsynopsis.style', 'ansi',
+  '--stringparam', 'man.th.extra1.suppress', '1',
+  '--stringparam', 'man.authors.section.enabled', '0',
+  '--stringparam', 'man.copyright.section.enabled', '0',
+  '--stringparam', 'man.th.title.max.length', '30',
+]
+
+docbook_xls = 'http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl'
+
+mans_xmls = []
+
 mans = [
   ['NetworkManager', '8'],
   ['NetworkManager-dispatcher', '8'],
@@ -20,74 +44,24 @@ if enable_nm_cloud_setup
   mans += [['nm-cloud-setup', '8']]
 endif
 
-introspection_mans = [
-  ['nm-settings-keyfile', '5'],
-  ['nm-settings-dbus',    '5'],
-  ['nm-settings-nmcli',   '5'],
-]
+foreach man: mans
+  input = man[0] + '.xml'
+  content_files += join_paths(meson.current_source_dir(), input)
 
-if enable_ifcfg_rh
-  introspection_mans += [['nm-settings-ifcfg-rh', '5']]
-endif
+  output = '@0@.@1@'.format(man[0], man[1])
 
-built_mans = []
-foreach man: mans + introspection_mans
-  name = man[0] + '.' + man[1]
-  if not fs.exists(name)
-    built_mans = []
-    break
-  endif
-
-  built_mans += name
+  custom_target(
+    output,
+    input: input,
+    output: output,
+    command: xsltproc_options + [docbook_xls, '@INPUT@'],
+    depend_files: common_ent_file,
+    install: true,
+    install_dir: join_paths(nm_mandir, 'man' + man[1]),
+  )
 endforeach
 
-if enable_introspection or enable_docs
-  common_ent_file = configure_file(
-    input: 'common.ent.in',
-    output: '@BASENAME@',
-    configuration: data_conf,
-  )
-endif
-
-if enable_introspection and (enable_man or enable_docs)
-  xsltproc_options = [
-    find_program('xsltproc'),
-    '--output', '@OUTPUT@',
-    '--path', meson.current_build_dir(),
-    '--xinclude',
-    '--nonet',
-    '--stringparam', 'man.output.quietly', '1',
-    '--stringparam', 'funcsynopsis.style', 'ansi',
-    '--stringparam', 'man.th.extra1.suppress', '1',
-    '--stringparam', 'man.authors.section.enabled', '0',
-    '--stringparam', 'man.copyright.section.enabled', '0',
-    '--stringparam', 'man.th.title.max.length', '30',
-  ]
-
-  docbook_xls = 'http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl'
-
-  mans_xmls = []
-
-  foreach man: mans
-    input = man[0] + '.xml'
-    content_files += join_paths(meson.current_source_dir(), input)
-
-    output = '@0@.@1@'.format(man[0], man[1])
-
-    # not needed if only html requested
-    if enable_man
-      custom_target(
-        output,
-        input: input,
-        output: output,
-        command: xsltproc_options + [docbook_xls, '@INPUT@'],
-        depend_files: common_ent_file,
-        install: true,
-        install_dir: join_paths(nm_mandir, 'man' + man[1]),
-      )
-    endif
-  endforeach
-
+if enable_introspection
   merge_cmd = files(source_root / 'tools' / 'generate-docs-nm-settings-docs-merge.py')
 
   name = 'dbus'
@@ -150,23 +124,13 @@ if enable_introspection and (enable_man or enable_docs)
 
     output = '@0@.@1@'.format(man[0], man[1])
 
-    # not needed if only html requested
-    if enable_man
-      custom_target(
-        output,
-        input: input,
-        output: output,
-        command: xsltproc_options + [docbook_xls, '@INPUT@'],
-        install: true,
-        install_dir: join_paths(nm_mandir, 'man' + man[1]),
-      )
-    endif
+    custom_target(
+      output,
+      input: input,
+      output: output,
+      command: xsltproc_options + [docbook_xls, '@INPUT@'],
+      install: true,
+      install_dir: join_paths(nm_mandir, 'man' + man[1]),
+    )
   endforeach
-# not needed if only html requested
-elif enable_man
-  if built_mans.length() > 0
-    install_man(built_mans)
-  else
-    error('Building manpages requires xsltproc and -Dintrospection=true, and no prebuilt manpages were found. Try building from a release tarball or using -Dman=false.')
-  endif
 endif

man/nm-cloud-setup.xml

@@ -115,9 +115,9 @@
       <title>nm-cloud-setup.service systemd unit</title>
       <para>Usually <command>/usr/libexec/nm-cloud-setup</command> is not run directly,
       but only by <command>systemctl restart nm-cloud-setup.service</command>. This
-      ensures that the tool only runs once at any time.
-      The unit is also used by the nm-cloud-setup systemd timer and allows
-      enabling/disabling the service via systemd.</para>
+      ensures that the tool only runs once at any time. It also allows to integrate
+      with the nm-cloud-setup systemd timer,
+      and to enable/disable the service via systemd.</para>
 
       <para>As you need to set environment variable to configure nm-cloud-setup binary,
       you can do so via systemd override files. Try <command>systemctl edit nm-cloud-setup.service</command>.</para>

man/nm-initrd-generator.xml

@@ -154,7 +154,6 @@
             <member><option>net.ifnames</option></member>
             <member><option>rd.peerdns</option></member>
             <member><option>rd.iscsi.ibft</option></member>
-            <member><option>rd.nvmf.nonbft</option></member>
             <member><option>rd.bootif</option></member>
             <member><option>rd.neednet</option></member>
             <member><option>rd.ethtool</option></member>
@@ -162,7 +161,6 @@
             <member><option>rd.net.dns-backend</option></member>
             <member><option>rd.net.dns-resolve-mode</option></member>
             <member><option>rd.net.timeout.dhcp</option></member>
-            <member><option>rd.net.dhcp.client-id</option></member>
             <member><option>rd.net.dhcp.retry</option></member>
             <member><option>rd.net.dhcp.vendor-class</option></member>
             <member><option>rd.net.dhcp.dscp</option></member>
@@ -269,23 +267,6 @@
         </para>
       </listitem>
 
-      <listitem>
-        <para>NetworkManager supports the
-        <option>rd.net.dhcp.client-id</option>=<replaceable>interface</replaceable>:<replaceable>client-id</replaceable>
-        kernel command line option to set a specific DHCPv4 client identifier
-        for the given interface. The client-id can be specified either as a
-        sequence of bytes in hexadecimal format separated by dashes, or as the
-        character '@' followed by a non-empty string. When using the second
-        format, NetworkManager prepends a zero byte to the given string,
-        according to section 9.14 of RFC 2132. See the "ipv4.dhcp-client-id"
-        section of <link
-        linkend='nm-settings-nmcli'><citerefentry><refentrytitle>nm-settings-nmcli</refentrytitle><manvolnum>5</manvolnum></citerefentry></link>
-        for more details. Examples:
-        <literal>rd.net.dhcp.client-id=eth0:01-52-54-00-45-87-42</literal>,
-        <literal>rd.net.dhcp.client-id=enp1s0:@example.com</literal>.
-        </para>
-      </listitem>
-
     </itemizedlist>
   </refsect1>
 
@@ -296,7 +277,6 @@
 
   <refsect1 id='see_also'><title>See Also</title>
     <para><link linkend='dracut.cmdline'><citerefentry><refentrytitle>dracut.cmdline</refentrytitle><manvolnum>7</manvolnum></citerefentry></link>,
-    <link linkend='NetworkManager'><citerefentry><refentrytitle>NetworkManager</refentrytitle><manvolnum>8</manvolnum></citerefentry></link>,
-    <link linkend='nm-settings-nmcli'><citerefentry><refentrytitle>nm-settings-nmcli</refentrytitle><manvolnum>5</manvolnum></citerefentry></link>.</para>
+    <link linkend='NetworkManager'><citerefentry><refentrytitle>NetworkManager</refentrytitle><manvolnum>8</manvolnum></citerefentry></link>.</para>
   </refsect1>
 </refentry>

man/nmcli.xml

@@ -1066,16 +1066,15 @@
             <listitem><para><literal>dummy</literal></para></listitem>
             <listitem><para><literal>generic</literal></para></listitem>
             <listitem><para><literal>gsm</literal></para></listitem>
-            <listitem><para><literal>hsr</literal></para></listitem>
             <listitem><para><literal>infiniband</literal></para></listitem>
             <listitem><para><literal>ip-tunnel</literal></para></listitem>
-            <listitem><para><literal>ipvlan</literal></para></listitem>
-            <listitem><para><literal>loopback</literal></para></listitem>
             <listitem><para><literal>macsec</literal></para></listitem>
             <listitem><para><literal>macvlan</literal></para></listitem>
             <listitem><para><literal>olpc-mesh</literal></para></listitem>
             <listitem><para><literal>ovs-bridge</literal></para></listitem>
+            <listitem><para><literal>ovs-dpdk</literal></para></listitem>
             <listitem><para><literal>ovs-interface</literal></para></listitem>
+            <listitem><para><literal>ovs-patch</literal></para></listitem>
             <listitem><para><literal>ovs-port</literal></para></listitem>
             <listitem><para><literal>pppoe</literal></para></listitem>
             <listitem><para><literal>team</literal></para></listitem>

meson.build

@@ -5,14 +5,14 @@ project(
 # NOTE: When incrementing version also add corresponding
 #       NM_VERSION_x_y_z macros in
 #       "src/libnm-core-public/nm-version-macros.h.in"
-  version: '1.57.1',
+  version: '1.52.2',
   license: 'GPL2+',
   default_options: [
     'buildtype=debugoptimized',
     'c_std=gnu11',
     'warning_level=2' # value "2" will add "-Wall" and "-Wextra" to the compiler flags
   ],
-  meson_version: '>= 0.53.0',
+  meson_version: '>= 0.51.0',
 )
 
 nm_name = meson.project_name()
@@ -77,7 +77,6 @@ libnm_version = '@0@.@1@.@2@'.format(current - age, age, revision)
 
 libnm_pkgincludedir = join_paths(nm_includedir, libnm_name)
 
-fs = import('fs')
 gnome = import('gnome')
 i18n = import('i18n')
 pkg = import('pkgconfig')
@@ -90,6 +89,7 @@ po_dir = source_root / 'po'
 top_inc = include_directories('.')
 
 perl = find_program('perl')
+xsltproc = find_program('xsltproc')
 
 check_exports = find_program(join_paths(source_root, 'tools', 'check-exports.sh'))
 
@@ -137,9 +137,6 @@ config_h.set10('HAVE_DECL_REALLOCARRAY', cc.has_function('reallocarray', prefix:
 config_h.set10('HAVE_DECL_EXPLICIT_BZERO', cc.has_function('explicit_bzero', prefix: '#include <string.h>'))
 config_h.set10('HAVE_DECL_MEMFD_CREATE', cc.has_function('memfd_create', prefix: '#include <sys/mman.h>'))
 
-config_h.set10('HAVE_DLVSYM', cc.has_function('dlvsym', prefix: '''#define _GNU_SOURCE
-                                                                   #include <dlfcn.h>'''))
-
 # types
 config_h.set('SIZEOF_PID_T', cc.sizeof('pid_t', prefix : '#include <sys/types.h>'))
 config_h.set('SIZEOF_UID_T', cc.sizeof('uid_t', prefix : '#include <sys/types.h>'))
@@ -176,13 +173,13 @@ endif
 
 enable_lto = get_option('b_lto')
 if enable_lto
-  cc_version = cc.version()
-  if cc.get_id() == 'clang'
-    if cc_version <= '18.0.0'
-      error('Clang version should be greater than 18.0.0, got : ' + cc_version)
+  if  cc.get_id() == 'clang'
+    clang_version = cc.version()
+    if clang_version <= '18.0.0'
+      error('Clang version should be greater then 18.0.0 got : ' + clang_version)
     endif
-  elif cc_version < '12.0'
-    # GCC < 12 breaks libnm symbol versioning with LTO, use workarounds
+  else
+    # Meson already adds '-flto'
     lto_flag = '-flto-partition=none'
     assert(cc.has_argument(lto_flag), '-flto-partition=none not supported. Disable link-time optimization with -Db_lto=false.')
     common_flags += lto_flag
@@ -327,17 +324,12 @@ config_h.set10('WITH_CONFIG_PLUGIN_IFUPDOWN', enable_ifupdown)
 config_h.set_quoted('NM_DIST_VERSION', dist_version)
 
 enable_wifi = get_option('wifi')
-config_h.set10('WITH_WIFI', enable_wifi)
 
 enable_iwd = get_option('iwd')
 assert((not enable_iwd) or enable_wifi, 'Enabling iwd support requires Wi-Fi support as well')
 config_h.set10('WITH_IWD', enable_iwd)
 
-wext = get_option('wext')
-if wext == 'true'
-  error('Wireless Extensions support is deprecated and will be removed in the future. Use -Dwext=force to keep using it')
-endif
-enable_wext = (wext == 'force')
+enable_wext = get_option('wext')
 config_h.set10('HAVE_WEXT', enable_wext)
 
 # Checks for libdl - on certain platforms its part of libc
@@ -387,14 +379,6 @@ if install_systemdunitdir and systemd_systemdsystemunitdir == ''
   systemd_systemdsystemunitdir = systemd_dep.get_variable(pkgconfig: 'systemdsystemunitdir', pkgconfig_define: ['rootprefix', nm_prefix])
 endif
 
-systemd_systemdsystemgeneratordir = get_option('systemdsystemgeneratordir')
-install_systemdgeneratordir = (systemd_systemdsystemgeneratordir != 'no')
-
-if install_systemdgeneratordir and systemd_systemdsystemgeneratordir == ''
-  assert(systemd_dep.found(), 'systemd required but not found, please provide a valid systemd user generator dir or disable it')
-  systemd_systemdsystemgeneratordir = systemd_dep.get_variable(pkgconfig: 'systemdsystemgeneratordir', pkgconfig_define: ['rootprefix', nm_prefix])
-endif
-
 enable_systemd_journal = get_option('systemd_journal')
 if enable_systemd_journal
   assert(libsystemd_dep.found(), 'Missing systemd-journald support')
@@ -489,6 +473,19 @@ if enable_selinux
 endif
 config_h.set10('HAVE_SELINUX', enable_selinux)
 
+# eBPF support
+ebpf_opt = get_option('ebpf')
+# 'auto' means 'false', because there are still issues.
+if ebpf_opt != 'true'
+  enable_ebpf = false
+else
+  enable_ebpf = true
+  if not cc.has_header('linux/bpf.h')
+    assert(ebpf_opt != 'true', 'eBPF requires kernel support')
+    enable_ebpf = false
+  endif
+endif
+
 # libaudit support
 libaudit = get_option('libaudit')
 enable_libaudit = libaudit.contains('yes')
@@ -507,14 +504,12 @@ if enable_teamdctl
   libteamdctl_dep = dependency('libteamdctl', version: '>= 1.9')
   assert(libteamdctl_dep.found(), 'You must have libteamdctl installed to build. Use -Dteamdctl=false to disable it')
 endif
-config_h.set10('WITH_TEAMDCTL', enable_teamdctl)
 
 # polkit
 enable_polkit = get_option('polkit')
 if enable_polkit
   # FIXME: policydir should be relative to `datadir`, not `prefix`. Fixed in https://gitlab.freedesktop.org/polkit/polkit/merge_requests/2
-  polkit_policydir = dependency('polkit-gobject-1').get_variable(pkgconfig: 'policydir', pkgconfig_define: ['prefix', nm_prefix])
-  polkit_rulesdir = join_paths(fs.parent(polkit_policydir), 'rules.d')
+  polkit_gobject_policydir = dependency('polkit-gobject-1').get_variable(pkgconfig: 'policydir', pkgconfig_define: ['prefix', nm_prefix])
 endif
 
 config_auth_polkit_default = get_option('config_auth_polkit_default')
@@ -524,12 +519,6 @@ endif
 config_h.set_quoted('NM_CONFIG_DEFAULT_MAIN_AUTH_POLKIT', config_auth_polkit_default)
 
 enable_modify_system = get_option('modify_system')
-if enable_modify_system
-  # FIXME: remove this after everyone has stopped using modify_system
-  error('modify_system=true is no longer allowed due to security reasons')
-endif
-
-polkit_noauth_group = get_option('polkit_noauth_group')
 
 polkit_agent_helper_1_path = get_option('polkit_agent_helper_1')
 foreach p : [ '/usr/libexec/polkit-agent-helper-1',
@@ -624,7 +613,6 @@ if enable_modem_manager
   endif
   config_h.set_quoted('MOBILE_BROADBAND_PROVIDER_INFO_DATABASE', mobile_broadband_provider_info_database)
 endif
-config_h.set10('WITH_WWAN', enable_modem_manager)
 
 # Bluez5 DUN support
 enable_bluez5_dun = get_option('bluez5_dun')
@@ -825,7 +813,6 @@ if enable_nm_cloud_setup
   assert(jansson_dep.found(), 'nm-cloud-setup requires jansson library. Use -Dnm_cloud_setup=false to disable it')
 endif
 
-enable_man = get_option('man')
 enable_docs = get_option('docs')
 
 more_asserts = get_option('more_asserts')
@@ -924,6 +911,7 @@ endif
 test_args = [
   '--called-from-make',
   build_root,
+  '',
   enable_valgrind ? valgrind_path : '',
   enable_valgrind ? valgrind_suppressions_path : '',
   '--launch-dbus=auto',
@@ -941,14 +929,6 @@ if python.found()
   config_h.set_quoted('TEST_NM_PYTHON', python_path)
 endif
 
-# libnvme (NBFT support)
-enable_nbft = get_option('nbft')
-if enable_nbft
-  libnvme_dep = dependency('libnvme', version: '>= 1.5', required: false)
-  assert(libnvme_dep.found(), 'NBFT support was requested, but the libnvme library is not available. Use -Dnbft=false to build without it.')
-endif
-config_h.set10('WITH_NBFT', enable_nbft)
-
 data_conf = configuration_data()
 data_conf.set('DISTRO_NETWORK_SERVICE',                  (enable_ifcfg_rh ? 'network.service' : ''))
 data_conf.set('NM_CONFIG_DEFAULT_LOGGING_AUDIT_TEXT',    config_default_logging_audit)
@@ -962,6 +942,7 @@ data_conf.set('NM_DHCP_CLIENTS_ENABLED',                 ', '.join(config_dhcp_c
 data_conf.set('NM_MAJOR_VERSION',                        nm_major_version)
 data_conf.set('NM_MICRO_VERSION',                        nm_micro_version)
 data_conf.set('NM_MINOR_VERSION',                        nm_minor_version)
+data_conf.set('NM_MODIFY_SYSTEM_POLICY',                 (enable_modify_system ? 'yes' : 'auth_admin_keep'))
 data_conf.set('NM_VERSION',                              nm_version)
 data_conf.set('VERSION',                                 nm_version)
 data_conf.set('bindir',                                  nm_bindir)
@@ -972,6 +953,38 @@ data_conf.set('nmstatedir',                              nm_pkgstatedir)
 data_conf.set('sbindir',                                 nm_sbindir)
 data_conf.set('sysconfdir',                              nm_sysconfdir)
 
+# check if we can build setting property documentation
+'''
+build_docs=no
+if test -n "$INTROSPECTION_MAKEFILE"; then
+  # If g-i is installed we know we have python, but we might not have pygobject
+  if ! "$PYTHON" -c 'from gi.repository import GObject' >& /dev/null; then
+    AC_MSG_ERROR(["--enable-introspection aims to build the settings documentation. This requires GObject introspection for python (pygobject)])
+  fi
+
+  AC_PATH_PROG(PERL, perl)
+  if test -z "$PERL"; then
+    AC_MSG_ERROR([--enable-introspection requires perl])
+  fi
+  AC_PATH_PROG(XSLTPROC, xsltproc)
+  if test -z "$XSLTPROC"; then
+    AC_MSG_ERROR([--enable-introspection requires xsltproc])
+  fi
+
+  have_introspection=yes
+  if test "$enable_gtk_doc" = "yes"; then
+    build_docs=yes
+  fi
+else
+  if test "$enable_gtk_doc" = "yes"; then
+    # large parts of the documentation require introspection/pygobject to extract
+    # the documentation out of the source files. You cannot enable gtk-doc without alone.
+    AC_MSG_ERROR(["--with-gtk-doc requires --enable-introspection"])
+  fi
+  have_introspection=no
+fi
+'''
+
 content_files = []
 
 subdir('introspection')
@@ -1009,14 +1022,9 @@ if enable_qt != 'false'
   endif
 endif
 
-# The man/ directory builds a couple targets needed by the docs build too.
-# If we build with docs but no man, then enter the subdir and only build
-# some targets.
-if enable_docs or enable_man
-  subdir('man')
-endif
 if enable_docs
   assert(enable_introspection, '-Ddocs=true requires -Dintrospection=true')
+  subdir('man')
   subdir('docs')
   meson.add_dist_script(
     'tools/meson-dist-data.sh',
@@ -1067,7 +1075,7 @@ meson.add_install_script(
   nm_pkgstatedir,
   nm_mandir,
   nm_sysconfdir,
-  enable_man ? '1' : '0',
+  enable_docs ? '1' : '0',
   enable_ifcfg_rh ? '1' : '0',
   enable_nm_cloud_setup ? '1' : '0',
   install_systemdunitdir ? '1' : '0',
@@ -1077,7 +1085,6 @@ output = '\nSystem paths:\n'
 output += '  prefix: ' + nm_prefix + '\n'
 output += '  exec_prefix: ' + nm_prefix + '\n'
 output += '  systemdunitdir: ' + systemd_systemdsystemunitdir + '\n'
-output += '  systemdgeneratordir: ' + systemd_systemdsystemgeneratordir + '\n'
 output += '  udev_dir: ' + udev_udevdir + '\n'
 output += '  nmbinary: ' + nm_pkgsbindir + '\n'
 output += '  nmconfdir: ' + nm_pkgconfdir + '\n'
@@ -1092,7 +1099,17 @@ output += '  dbus_conf_dir: ' + dbus_conf_dir + '\n'
 output += '\nPlatform:\n'
 output += '  session tracking: ' + ','.join(session_trackers) + '\n'
 output += '  suspend/resume: ' + suspend_resume + '\n'
-output += '  policykit: ' + enable_polkit.to_string() + ' (default: ' + config_auth_polkit_default + ', noauth_group: "' + polkit_noauth_group + '")\n'
+output += '  policykit: ' + enable_polkit.to_string() + ' (default: ' + config_auth_polkit_default + ')'
+if enable_polkit
+  output += ' ('
+  if enable_modify_system
+    output += 'permissive'
+  else
+    output += 'restrictive'
+  endif
+  output += ' modify.system)'
+endif
+output += '\n'
 output += '  polkit-agent-helper-1: ' + polkit_agent_helper_1_path + '\n'
 output += '  selinux: ' + enable_selinux.to_string() + '\n'
 output += '  systemd-journald: ' + enable_systemd_journal.to_string() + ' (default: logging.backend=' + config_logging_backend_default + ')\n'
@@ -1156,5 +1173,6 @@ output +=      'have-nss: ' + crypto_nss_dep.found().to_string() + ')\n'
 output += '  sanitizers: ' + get_option('b_sanitize') + '\n'
 output += '  Mozilla Public Suffix List: ' + enable_libpsl.to_string() + '\n'
 output += '  vapi: ' + enable_vapi.to_string() + '\n'
+output += '  ebpf: ' + enable_ebpf.to_string() + '\n'
 output += '  readline: ' + with_readline + '\n'
 message(output)

meson_options.txt

@@ -1,6 +1,5 @@
 # system paths
 option('systemdsystemunitdir', type: 'string', value: '', description: 'Directory for systemd service files')
-option('systemdsystemgeneratordir', type: 'string', value: '', description: 'Directory for systemd generator files')
 option('system_ca_path', type: 'string', value: '/etc/ssl/certs', description: 'path to system CA certificates')
 option('udev_dir', type: 'string', value: '', description: 'Absolute path of the udev base directory. Set to \'no\' not to install the udev rule')
 option('dbus_conf_dir', type: 'string', value: '', description: 'where D-Bus system.d directory is')
@@ -19,8 +18,7 @@ option('session_tracking', type: 'combo', choices: ['systemd', 'elogind', 'no'],
 option('suspend_resume', type: 'combo', choices: ['systemd', 'elogind', 'consolekit', 'auto'], value: 'auto', description: 'Build NetworkManager with specific suspend/resume support')
 option('polkit', type: 'boolean', value: true, description: 'User auth-polkit configuration option.')
 option('config_auth_polkit_default', type: 'combo', choices: ['default', 'true', 'false', 'root-only'], value: 'default', description: 'Default value for configuration main.auth-polkit.')
-option('modify_system', type: 'boolean', value: false, description: 'Allow users to modify system connections (option no longer supported, don\'t use)')
-option('polkit_noauth_group', type: 'string', value: '', description: 'Allow users of the selected group, typically sudo or wheel, to modify system connections without introducing a password (discouraged)')
+option('modify_system', type: 'boolean', value: false, description: 'Allow users to modify system connections')
 option('polkit_agent_helper_1', type: 'string', value: '', description: 'Path name to the polkit-agent-helper-1 binary from polkit')
 option('selinux', type: 'boolean', value: true, description: 'Build with SELinux')
 option('systemd_journal', type: 'boolean', value: true, description: 'Use systemd journal for logging')
@@ -30,7 +28,7 @@ option('hostname_persist', type: 'combo', choices: ['default', 'suse', 'gentoo',
 option('libaudit', type: 'combo', choices: ['yes', 'yes-disabled-by-default', 'no'], value: 'yes', description: 'Build with audit daemon support. yes-disabled-by-default enables support, but disables it unless explicitly configured via NetworkManager.conf')
 
 # features
-option('wext', type: 'combo', choices: ['true', 'false', 'force' ], value: 'false', description: 'Enable or disable Linux Wireless Extensions (deprecated). wext support will be removed in a future release, don\'t rely on this.')
+option('wext', type: 'boolean', value: true, description: 'Enable or disable Linux Wireless Extensions')
 option('wifi', type: 'boolean', value: true, description: 'enable Wi-Fi support')
 option('iwd', type: 'boolean', value: false, description: 'enable iwd support (experimental)')
 option('ppp', type: 'boolean', value: true, description: 'enable PPP/PPPoE support')
@@ -46,8 +44,7 @@ option('nmcli', type: 'boolean', value: true, description: 'Build nmcli')
 option('nmtui', type: 'boolean', value: true, description: 'Build nmtui')
 option('nm_cloud_setup', type: 'boolean', value: true, description: 'Build nm-cloud-setup, a tool for automatically configuring networking in cloud')
 option('bluez5_dun', type: 'boolean', value: false, description: 'enable Bluez5 DUN support')
-option('ebpf', type: 'combo', choices: ['auto', 'true', 'false'], description: 'Enable eBPF support (deprecated)')
-option('nbft', type: 'boolean', value: true, description: 'Enable NBFT support in the initrd generator')
+option('ebpf', type: 'combo', choices: ['auto', 'true', 'false'], description: 'Enable eBPF support')
 
 # configuration plugins
 option('config_plugins_default', type: 'string', value: '', description: 'Default configuration option for main.plugins setting, used as fallback if the configuration option is unset')
@@ -69,7 +66,6 @@ option('config_dhcp_default', type: 'combo', choices: ['dhclient', 'dhcpcd', 'in
 option('introspection', type: 'boolean', value: true, description: 'Enable introspection for this build')
 option('vapi', type : 'combo', choices : ['auto', 'true', 'false'], description: 'build Vala bindings')
 option('docs', type: 'boolean', value: false, description: 'use to build documentation')
-option('man', type: 'boolean', value: true, description: 'Install manpages')
 option('tests', type: 'combo', choices: ['yes', 'no', 'root'], value: 'yes', description: 'Build NetworkManager tests')
 option('firewalld_zone', type: 'boolean', value: true, description: 'Install and use firewalld zone for shared mode')
 option('more_asserts', type: 'string', value: 'auto', description: 'Enable more assertions for debugging (0 = no, 100 = all, default: auto)')

po/POTFILES.in

@@ -1,6 +1,6 @@
 # List of source files containing translatable strings.
 # Please keep this file sorted alphabetically.
-data/org.freedesktop.NetworkManager.policy.in
+data/org.freedesktop.NetworkManager.policy.in.in
 src/core/NetworkManagerUtils.c
 src/core/devices/adsl/nm-device-adsl.c
 src/core/devices/bluetooth/nm-bluez-manager.c
@@ -95,7 +95,6 @@ src/libnm-core-impl/nm-setting-hsr.c
 src/libnm-core-impl/nm-setting-infiniband.c
 src/libnm-core-impl/nm-setting-ip-config.c
 src/libnm-core-impl/nm-setting-ip-tunnel.c
-src/libnm-core-impl/nm-setting-ipvlan.c
 src/libnm-core-impl/nm-setting-ip4-config.c
 src/libnm-core-impl/nm-setting-ip6-config.c
 src/libnm-core-impl/nm-setting-loopback.c
@@ -149,7 +148,6 @@ src/libnmc-base/nm-secret-agent-simple.c
 src/libnmc-base/nm-vpn-helpers.c
 src/libnmc-setting/nm-meta-setting-access.c
 src/libnmc-setting/nm-meta-setting-desc.c
-src/libnmc-setting/nm-meta-setting-desc.h
 src/libnmc-setting/settings-docs.h.in
 src/libnmt-newt/nmt-newt-utils.c
 src/nm-online/nm-online.c
@@ -181,7 +179,6 @@ src/nmtui/nmt-page-infiniband.c
 src/nmtui/nmt-page-ip-tunnel.c
 src/nmtui/nmt-page-ip4.c
 src/nmtui/nmt-page-ip6.c
-src/nmtui/nmt-page-loopback.c
 src/nmtui/nmt-page-macsec.c
 src/nmtui/nmt-page-ppp.c
 src/nmtui/nmt-page-team-port.c

po/POTFILES.skip

@@ -1,11 +1,20 @@
 contrib/fedora/rpm/
 data/NetworkManager-dispatcher.service.in
 data/NetworkManager-wait-online.service.in
-data/NetworkManager-wait-online-initrd.service.in
-data/NetworkManager-initrd.service.in
 data/NetworkManager.service.in
 data/nm-priv-helper.service.in
+data/org.freedesktop.NetworkManager.policy.in
+examples/python/NetworkManager.py
+examples/python/systray/eggtrayicon.c
 src/contrib/nm-vpn-editor-plugin-call.h
 src/contrib/nm-vpn-plugin-utils.c
-src/libnm-systemd-shared/src/basic/parse-util.c
 src/nm-cloud-setup/nm-cloud-setup.service.in
+vpn-daemons/openvpn
+vpn-daemons/pptp
+vpn-daemons/vpnc
+
+# https://bugs.launchpad.net/intltool/+bug/1117944
+sub/data/org.freedesktop.NetworkManager.policy.in
+
+# from meson build directory:
+build/data/org.freedesktop.NetworkManager.policy.in

po/ca.po

@@ -8,15 +8,14 @@
 # Lubomir Rintel <lkundrak@v3.sk>, 2016. #zanata
 # Lubomir Rintel <lkundrak@v3.sk>, 2017. #zanata
 # Thomas Haller <thaller@redhat.com>, 2017. #zanata
-# Jordi Mas i Hernàndez <jmas@softcatala.org>, 2025
 msgid ""
 msgstr ""
 "Project-Id-Version: NetworkManager\n"
 "Report-Msgid-Bugs-To: https://gitlab.freedesktop.org/NetworkManager/"
 "NetworkManager/issues\n"
 "POT-Creation-Date: 2023-06-16 15:26+0000\n"
-"PO-Revision-Date: 2025-09-28 00:07+0200\n"
-"Last-Translator: Jordi Mas i Hernàndez <jmas@softcatala.org>\n"
+"PO-Revision-Date: 2023-06-17 00:07+0200\n"
+"Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Catalan <tradgnome@softcatala.org>\n"
 "Language: ca\n"
 "MIME-Version: 1.0\n"
@@ -356,7 +355,7 @@ msgstr "Connexió WPAN"
 
 #: src/core/devices/team/nm-device-team.c:131
 msgid "Team connection"
-msgstr "Connexió d'equip"
+msgstr "Connexió equip"
 
 #: src/core/devices/wifi/nm-device-olpc-mesh.c:112 src/nmcli/devices.c:1400
 msgid "Mesh"
@@ -649,7 +648,7 @@ msgstr "Surt després de la configuració inicial"
 #: src/core/nm-config.c:639
 msgid "Don't become a daemon, and log to stderr"
 msgstr ""
-"No et converteixis en un dimoni, i envia el registre a la sortida d'error"
+"No et converteixis en un dimoni, i envia el registre a la sortida estàndard"
 
 #: src/core/nm-config.c:648
 msgid "An http(s) address for checking internet connectivity"
@@ -796,7 +795,7 @@ msgstr "La connexió no era una connexió Ethernet o PPPoE."
 
 #: src/libnm-client-impl/nm-device-ethernet.c:206
 msgid "The connection and device differ in S390 subchannels."
-msgstr "La connexió i el dispositiu difereixen als subcanals S390."
+msgstr "La connexió i el dispositiu difereixen als subcanals 5930."
 
 #: src/libnm-client-impl/nm-device-ethernet.c:223
 #, c-format
@@ -882,7 +881,7 @@ msgstr "La connexió no era una connexió tun."
 
 #: src/libnm-client-impl/nm-device-team.c:124
 msgid "The connection was not a team connection."
-msgstr "La connexió no era una connexió d'equip."
+msgstr "La connexió no era una connexió equip."
 
 #: src/libnm-client-impl/nm-device-tun.c:204
 msgid "The connection was not a tun connection."
@@ -1326,27 +1325,27 @@ msgstr ""
 
 #: src/libnm-core-impl/nm-keyfile.c:333
 msgid "ignoring missing number"
-msgstr "s'ignora el número faltant"
+msgstr "s'ignorarà el número faltant"
 
 #: src/libnm-core-impl/nm-keyfile.c:345
 #, c-format
 msgid "ignoring invalid number '%s'"
-msgstr "s'ignora el número «%s» no vàlid"
+msgstr "s'ignorarà el número «%s» no vàlid"
 
 #: src/libnm-core-impl/nm-keyfile.c:374
 #, c-format
 msgid "ignoring invalid %s address: %s"
-msgstr "s'ignora l'adreça %s no vàlida: %s"
+msgstr "s'ignorarà l'adreça %s no vàlida: %s"
 
 #: src/libnm-core-impl/nm-keyfile.c:420
 #, c-format
 msgid "ignoring invalid gateway '%s' for %s route"
-msgstr "s'ignora la passarel·la «%s» no vàlida per a la ruta %s"
+msgstr "s'ignorarà la passarel·la «%s» no vàlida per a la ruta %s"
 
 #: src/libnm-core-impl/nm-keyfile.c:442
 #, c-format
 msgid "ignoring invalid %s route: %s"
-msgstr "s'ignora la ruta %s no vàlida: %s"
+msgstr "s'ignorarà la ruta %s no vàlida: %s"
 
 #: src/libnm-core-impl/nm-keyfile.c:620
 #, c-format
@@ -1362,7 +1361,7 @@ msgstr "caràcter «%c» inesperat per a %s: «%s» (posició %td)"
 #, c-format
 msgid "unexpected character '%c' in prefix length for %s: '%s' (position %td)"
 msgstr ""
-"caràcter «%c» inesperat a la longitud de prefix %s: «%s» (posició %td)"
+"caràcter «%c» inesperat a la longitud de prefix %s: «%s» (posició %td)<"
 
 #: src/libnm-core-impl/nm-keyfile.c:669
 #, c-format
@@ -1414,11 +1413,11 @@ msgstr "s'ignorarà l'adreça %s no vàlida: %s"
 
 #: src/libnm-core-impl/nm-keyfile.c:1518
 msgid "ignoring invalid SSID"
-msgstr "s'ignora l'SSID no vàlida"
+msgstr "s'ignorarà l'SSID no vàlida"
 
 #: src/libnm-core-impl/nm-keyfile.c:1536
 msgid "ignoring invalid raw password"
-msgstr "s'ignora la contrasenya sense processar no vàlida"
+msgstr "s'ignorarà la contrasenya sense processar no vàlida"
 
 #: src/libnm-core-impl/nm-keyfile.c:1681
 msgid "invalid key/cert value"
@@ -1459,7 +1458,7 @@ msgstr "valor de paritat «%s» no vàlid"
 #: src/libnm-core-impl/nm-keyfile.c:1958 src/libnm-core-impl/nm-keyfile.c:3540
 #, c-format
 msgid "invalid setting: %s"
-msgstr "el paràmetre no és vàlid: %s"
+msgstr "el paràmetre no és vàlid: «%s»"
 
 #: src/libnm-core-impl/nm-keyfile.c:1978
 #, fuzzy, c-format
@@ -1974,7 +1973,7 @@ msgstr "file:// URI no és UTF-8 vàlida"
 
 #: src/libnm-core-impl/nm-setting-connection.c:1501
 msgid "invalid permissions not in format \"user:$UNAME[:]\""
-msgstr "els permisos no són vàlids, no estan en el format «user:$UNAME[:]"
+msgstr "els permisos no són vàlids, no estan en el format «user:$UNANE[:]"
 
 #: src/libnm-core-impl/nm-setting-connection.c:1530
 #, c-format
@@ -2087,7 +2086,7 @@ msgstr "«%s» no és un número"
 
 #: src/libnm-core-impl/nm-setting-gsm.c:479
 msgid "property is empty or wrong size"
-msgstr "la propietat és buida o de mida incorrecta"
+msgstr "la propietat és buda o de mida incorrecta"
 
 #: src/libnm-core-impl/nm-setting-gsm.c:492
 msgid "property must contain only digits"
@@ -2099,12 +2098,12 @@ msgstr "no es pot activar quan hi ha una configuració manual"
 
 #: src/libnm-core-impl/nm-setting-infiniband.c:215
 msgid "Must specify a P_Key if specifying parent"
-msgstr "S'ha d'especificar una P_Key si s'especifica el pare"
+msgstr "S'ha d'especificar una P-Key si s'especifica el pare"
 
 #: src/libnm-core-impl/nm-setting-infiniband.c:226
 msgid "InfiniBand P_Key connection did not specify parent interface name"
 msgstr ""
-"La connexió InfiniBand P_Key no ha especificat el nom de la interfície pare"
+"La connexió InfiniBand P_Key no ha especificat el nom de l'interfície pare"
 
 #: src/libnm-core-impl/nm-setting-infiniband.c:234
 msgid "the values 0 and 0x8000 are not allowed"
@@ -2157,12 +2156,12 @@ msgstr "Adreça IPv4 «%s» no és vàlida"
 #: src/libnm-core-impl/nm-setting-ip-config.c:106
 #, c-format
 msgid "Invalid IPv4 address prefix '%u'"
-msgstr "Prefix «%u» d'adreça IPv4 no vàlid"
+msgstr "Prefix «%u» d'adreça IPv4 no vàlida"
 
 #: src/libnm-core-impl/nm-setting-ip-config.c:107
 #, c-format
 msgid "Invalid IPv6 address prefix '%u'"
-msgstr "Prefix «%u» d'adreça IPv6 no vàlid"
+msgstr "Prefix «%u» d'adreça IPv6 no vàlida<"
 
 #: src/libnm-core-impl/nm-setting-ip-config.c:124
 #, c-format
@@ -2209,7 +2208,7 @@ msgstr "el prefix %s no és vàlid"
 #: src/libnm-core-impl/nm-setting-ip-config.c:1423
 #, c-format
 msgid "%s is not a valid route type"
-msgstr "%s no és un tipus de ruta vàlid"
+msgstr "%s no és un nom de ruta vàlid"
 
 #: src/libnm-core-impl/nm-setting-ip-config.c:1442
 #, fuzzy
@@ -2433,7 +2432,7 @@ msgstr "La ruta %d. no és vàlida"
 #: src/libnm-core-impl/nm-setting-ip-config.c:5638
 #, c-format
 msgid "invalid attribute: %s"
-msgstr "atribut no vàlid: %s"
+msgstr "atribut no vàlid: «%s»"
 
 #: src/libnm-core-impl/nm-setting-ip-config.c:5658
 #, c-format
@@ -4106,7 +4105,7 @@ msgstr "«%s» no és vàlid; useu [%s] or [%s]"
 #: src/libnmc-base/nm-client-utils.c:176
 #, c-format
 msgid "'%s' is not valid; use [%s], [%s] or [%s]"
-msgstr "«%s» no és vàlid, useu [%s], [%s] o [%s]"
+msgstr "«%s» no és vàld, useu [%s], [%s] o [%s]"
 
 #: src/libnmc-base/nm-client-utils.c:230
 #, c-format
@@ -4677,7 +4676,7 @@ msgstr "clau privada no vàlida"
 #, fuzzy, c-format
 msgid "Secrets are required to connect WireGuard VPN '%s'"
 msgstr ""
-"Es requereixen contrasenyes o claus d'encriptació per accedir la xarxa sense "
+"Es requereixen contrasenyes o claus d'encriptació per accedir la xarxa sens "
 "fil «%s»."
 
 #: src/libnmc-base/nm-secret-agent-simple.c:620
@@ -4699,7 +4698,7 @@ msgid ""
 "Passwords or encryption keys are required to access the wireless network "
 "'%s'."
 msgstr ""
-"Es requereixen contrasenyes o claus d'encriptació per accedir la xarxa sense "
+"Es requereixen contrasenyes o claus d'encriptació per accedir la xarxa sens "
 "fil «%s»."
 
 #: src/libnmc-base/nm-secret-agent-simple.c:886
@@ -4710,7 +4709,7 @@ msgstr "Autenticació 802.1X de xarxa amb fil"
 #, fuzzy, c-format
 msgid "Secrets are required to access the wired network '%s'"
 msgstr ""
-"Es requereixen contrasenyes o claus d'encriptació per accedir la xarxa sense "
+"Es requereixen contrasenyes o claus d'encriptació per accedir la xarxa sens "
 "fil «%s»."
 
 #: src/libnmc-base/nm-secret-agent-simple.c:893
@@ -5419,10 +5418,10 @@ msgid ""
 msgstr ""
 "Entreu els bytes com una llista de valors hexadecimals.\n"
 "S'accepten dos formats:\n"
-"(a) una cadena de dígits hexadecimals, on cada dos dígits representen un "
+"(a) una cadena de dígits exadecimals, on cada dos dígits representen un "
 "byte\n"
-"(b) una llista separada per espais de bytes escrits com a dígits hexadecimals "
-"(amb prefix opcional 0x/0X,i un 0 inicial opcional).\n"
+"(b) una llista separada per espais de bytes escrits com a dígits hexadecimas "
+"(amb prefix opcional 0x/0X,i un 0 inicial opcional). \n"
 "\n"
 "Exemples: ab0455a6ea3a74C2\n"
 "          ab 4 55 0xa6 ea 3a 74 C2\n"
@@ -5494,7 +5493,7 @@ msgstr "Demora cap endavant"
 #: src/libnmc-setting/nm-meta-setting-desc.c:5280
 #: src/nmtui/nmt-page-bridge.c:134
 msgid "Hello time"
-msgstr "Temps de benvinguda"
+msgstr "Temps de benviguda"
 
 #: src/libnmc-setting/nm-meta-setting-desc.c:5286
 #: src/nmtui/nmt-page-bridge.c:148
@@ -5568,7 +5567,7 @@ msgid ""
 msgstr ""
 "Entreu les connexions secundàries que s'haurien d'activar quan s'activa "
 "aquesta connexió. Les connexions es poden especificar o bé per UUID o per ID "
-"(nom). nmcli tradueix transparentment els noms a UUID. Noteu que el "
+"(nom). L'nmcli tradueix transparentment els noms a UUID. Noteu que el "
 "NetworkManager actualment sols dóna suport els VPN com a connexions "
 "secundàries.\n"
 "Els elements es poden separar per comes o espais.\n"
@@ -5677,7 +5676,7 @@ msgid ""
 "  priority [prio] [from [src]] [to [dst]], ,...\n"
 "\n"
 msgstr ""
-"Introduïu una llista de regles d'encaminament IPv4 amb el següent format:\n"
+"Introduïu una llista de regles d'encaminanent IPv4 amb el següent format:\n"
 "  priority [prioritat] [from [origen]] [to [destí]], ,...\n"
 "\n"
 "\n"
@@ -5697,7 +5696,7 @@ msgstr ""
 "configuració IPv6 \n"
 "és «auto» aquests servidors DNS s'annexen als que retorna (si retorna cap) "
 "la \n"
-"configuració automàtica. Els servidors DNS no es poden usar amb els mètodes "
+"configuració automatica. Els servidors DNS no es poden usar amb els métodes "
 "de \n"
 "configuracó DNS «shared» o «link-local», atès que no hi una xarxa superior. "
 "A tots\n"
@@ -8152,12 +8151,12 @@ msgstr ""
 "canonada (|) o un ampersand (&). El primer indica que l'element és opcional "
 "i el segon significa que és obligatori. Si hi ha algun element opcional, "
 "llavors la coincidència avalua a cert si almenys un dels elements opcionals "
-"coincideix (O lògica). Si hi ha elements obligatoris, llavors tots han de "
+"coincideix (O lògicà). Si hi ha elements obligatoris, llavors tots han de "
 "coincidir (I lògica). Per defecte, un element és opcional. Això significa "
 "que un element «foo» es comporta igual que «|foo». Un element també es pot "
 "invertir amb el símbol d'exclamació (!) entre el símbol de la canonada (o de "
 "l'ampersand) i abans del patró. Tingueu en compte que «!foo» és una drecera "
-"per al patró obligatori «&!foo». Finalment, es pot utilitzar una barra "
+"per al patró obligatòri «&!foo». Finalment, es pot utilitzar una barra "
 "inversa al començament de l'element (després dels caràcters especials "
 "opcionals) per no considerar-lo inici del patró. Per exemple, «\\!a» és una "
 "coincidència obligatòria per literalment «!a»."
@@ -10723,7 +10722,7 @@ msgstr "Error: «%s» no és una connexió activa.\n"
 
 #: src/nmcli/connections.c:3436
 msgid "Error: not all active connections found."
-msgstr "Error: No s'han trobat totes les connexions actives."
+msgstr "Error: No s'han trobar totes les connexions actives."
 
 #: src/nmcli/connections.c:3444
 msgid "Error: no active connection provided."
@@ -11042,7 +11041,7 @@ msgstr ""
 "Verifica si el paràmetre o la connexió és vàlida i es pot desar més tard.\n"
 "Indica valors no vàlids quan hi ha un error. Alguns errors es poden "
 "corregir\n"
-"automàticament amb l'opció «fix».\n"
+"automàticaent amb l'opció «fix».\n"
 "\n"
 "Exemples: nmcli> verify\n"
 "          nmcli> verify fix\n"
@@ -11064,7 +11063,7 @@ msgid ""
 msgstr ""
 "save [persistent|temporary]  :: desa la connexió\n"
 "\n"
-"Envia el perfil de la connexió al NetworkManager que o bé la desarà de forma\n"
+"Envia el perfil de la connexió al NetworManager que o bé la desarà de forma\n"
 "persistent o bé sols la mantindrà a la memòria. «desa» sense cap argument\n"
 "significa «desa de forma persistent».\n"
 "Noteu que un cop que deseu el perfile de forma persistent aquestes "
@@ -11486,7 +11485,7 @@ msgstr "Opció no vàlida de verificació: %s\n"
 #: src/nmcli/connections.c:8486
 #, c-format
 msgid "Verify setting '%s': %s\n"
-msgstr "Verifica el paràmetre «%s»: %s\n"
+msgstr "Verifica el paràmere «%s»: %s\n"
 
 #: src/nmcli/connections.c:8501
 #, c-format
@@ -11553,12 +11552,12 @@ msgstr "Error: no es pot activar la connexió: %s.\n"
 #: src/nmcli/connections.c:8679
 #, c-format
 msgid "Error: Failed to activate '%s' (%s) connection: %s\n"
-msgstr "Error: no s'ha pogut activar la connexió «%s» (%s): %s\n"
+msgstr "Error: no s'ha pogut desconnectar la connexió «%s» (%s): %s\n"
 
 #: src/nmcli/connections.c:8686
 msgid "Monitoring connection activation (press any key to continue)\n"
 msgstr ""
-"S'està supervisant l'activació de la connexió (premeu qualsevol tecla per "
+"S'està supervisant l'activació de la connexio (premeu qualsevol teclar per "
 "continuar)\n"
 
 #: src/nmcli/connections.c:8721
@@ -11583,7 +11582,7 @@ msgstr "Configuració actual del nmcli:\n"
 #: src/nmcli/connections.c:8753
 #, c-format
 msgid "Invalid configuration option '%s'; allowed [%s]\n"
-msgstr "Opció de configuració no vàlida: «%s»; es permet [%s]\n"
+msgstr "Opció de configuració no vàida: «%s»; es permet [%s]\n"
 
 #: src/nmcli/connections.c:8985
 #, fuzzy
@@ -12397,7 +12396,7 @@ msgstr "Error: no s'ha pogut afegir/activar la connexió nova: %s"
 #: src/nmcli/devices.c:2266
 #, c-format
 msgid "Error: Device activation failed: %s"
-msgstr "Error: no s'ha pogut activar el dispositiu: %s"
+msgstr "Error: no s'ha pogut activar el dispositu: %s"
 
 #: src/nmcli/devices.c:2322
 #, c-format
@@ -12604,7 +12603,7 @@ msgstr "Contrasenya: "
 #: src/nmcli/devices.c:4172
 #, c-format
 msgid "'%s' is not valid WPA PSK"
-msgstr "«%s» no és una WPA PSK vàlida"
+msgstr "«%s» no és una WPS PSK vàlida"
 
 #: src/nmcli/devices.c:4193
 #, c-format
@@ -13539,7 +13538,7 @@ msgstr "Error: s'esperava l'argument «%s», però s'ha proporcionat «%s»."
 #: src/nmcli/utils.c:315
 #, c-format
 msgid "Error: Unexpected argument '%s'"
-msgstr "Error: argument inesperat «%s»"
+msgstr "Error: argument inesperat «%s»."
 
 #: src/nmcli/utils.c:702
 #, fuzzy, c-format
@@ -13898,7 +13897,7 @@ msgstr "«%s» <"
 #. NB: the ordering/numbering here corresponds to NmtPageBondMonitoringMode
 #: src/nmtui/nmt-page-bond.c:92
 msgid "MII (recommended)"
-msgstr "MII (recomanat)"
+msgstr "MII (recomendat)"
 
 #: src/nmtui/nmt-page-bond.c:93
 msgid "ARP"
@@ -14544,7 +14543,7 @@ msgstr ""
 
 #: src/nmtui/nmtui-edit.c:394 src/nmtui/nmtui-edit.c:410
 msgid "New Connection"
-msgstr "Connexió nova"
+msgstr "Connexions nova"
 
 #: src/nmtui/nmtui-edit.c:452
 #, c-format

po/it.po

@@ -12596,7 +12596,7 @@ msgstr "Digitare «help» o «?» per i comandi disponibili."
 #. TRANSLATORS: do not translate 'print', leave it as it is
 #: src/nmcli/connections.c:9072
 msgid "Type 'print' to show all the connection properties."
-msgstr "Digitare «print» per mostrare tutte le proprietà della connessione."
+msgstr "Digitare «stampa» per mostrare tutte le proprietà della connessione."
 
 #. TRANSLATORS: do not translate 'describe', leave it as it is
 #: src/nmcli/connections.c:9075

po/meson.build

@@ -1,8 +1,3 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later
 
 i18n.gettext(nm_name, preset: 'glib')
-
-test(
-    'check-potfile-list',
-    find_program(join_paths(source_root, 'src/tests/check-potfile-list.py'))
-)

src/contrib/nm-vpn-editor-plugin-call.h

@@ -11,7 +11,7 @@
  *
  * This uses the NMVpnEditorPluginVT and allows a user (nm-applet)
  * to directly communicate with a VPN plugin using API that is newer
- * then the current libnm version. That is, it allows a user to call to a VPN
+ * then the current libnm version. That is, it allows to call to a VPN
  * plugin bypassing libnm. */
 
 #include <NetworkManager.h>

src/contrib/nm-vpn-plugin-utils.c

@@ -155,33 +155,3 @@ nm_vpn_plugin_utils_load_editor(const char                   *module_path,
     g_return_val_if_fail(NM_IS_VPN_EDITOR(editor), NULL);
     return editor;
 }
-
-char *
-nm_vpn_plugin_utils_get_cert_path(const char *plugin)
-{
-    const char *path;
-
-    g_return_val_if_fail(plugin, NULL);
-
-    /* Users can set NM_CERT_PATH=~/.cert to be compatible with the certificate
-     * directory used in the past. */
-    path = g_getenv("NM_CERT_PATH");
-    if (path)
-        return g_build_filename(path, plugin, NULL);
-
-    /* Otherwise use XDG_DATA_HOME. We use subdirectory "networkmanagement/certificates"
-     * because the SELinux policy already has rules to set the correct labels in that
-     * directory. */
-    path = g_getenv("XDG_DATA_HOME");
-    if (path)
-        return g_build_filename(path, "networkmanagement", "certificates", plugin, NULL);
-
-    /* Use the default value for XDG_DATA_HOME */
-    return g_build_filename(g_get_home_dir(),
-                            ".local",
-                            "share",
-                            "networkmanagement",
-                            "certificates",
-                            plugin,
-                            NULL);
-}

src/contrib/nm-vpn-plugin-utils.h

@@ -24,6 +24,4 @@ NMVpnEditor *nm_vpn_plugin_utils_load_editor(const char                   *modul
                                              gpointer                      user_data,
                                              GError                      **error);
 
-char *nm_vpn_plugin_utils_get_cert_path(const char *plugin);
-
 #endif /* __NM_VPN_PLUGIN_UTILS_H__ */

src/core/NetworkManagerUtils.c

@@ -1509,6 +1509,7 @@ nm_utils_ip_route_attribute_to_platform(int                addr_family,
     GET_ATTR(NM_IP_ROUTE_ATTRIBUTE_INITCWND, r->initcwnd, UINT32, uint32, 0);
     GET_ATTR(NM_IP_ROUTE_ATTRIBUTE_INITRWND, r->initrwnd, UINT32, uint32, 0);
     GET_ATTR(NM_IP_ROUTE_ATTRIBUTE_MTU, r->mtu, UINT32, uint32, 0);
+    GET_ATTR(NM_IP_ROUTE_ATTRIBUTE_RTO_MIN, r->rto_min, UINT32, uint32, 0);
     GET_ATTR(NM_IP_ROUTE_ATTRIBUTE_QUICKACK, r->quickack, BOOLEAN, boolean, FALSE);
     GET_ATTR(NM_IP_ROUTE_ATTRIBUTE_LOCK_WINDOW, r->lock_window, BOOLEAN, boolean, FALSE);
     GET_ATTR(NM_IP_ROUTE_ATTRIBUTE_LOCK_CWND, r->lock_cwnd, BOOLEAN, boolean, FALSE);
@@ -1517,18 +1518,6 @@ nm_utils_ip_route_attribute_to_platform(int                addr_family,
     GET_ATTR(NM_IP_ROUTE_ATTRIBUTE_LOCK_MTU, r->lock_mtu, BOOLEAN, boolean, FALSE);
     GET_ATTR(NM_IP_ROUTE_ATTRIBUTE_LOCK_ADVMSS, r->lock_mss, BOOLEAN, boolean, FALSE);
 
-    {
-        GVariant *_variant = nm_ip_route_get_attribute(s_route, NM_IP_ROUTE_ATTRIBUTE_RTO_MIN);
-
-        if (_variant && g_variant_is_of_type(_variant, G_VARIANT_TYPE_UINT32)) {
-            r->rto_min     = g_variant_get_uint32(_variant);
-            r->rto_min_set = TRUE;
-        } else {
-            r->rto_min     = 0;
-            r->rto_min_set = FALSE;
-        }
-    }
-
     if ((variant = nm_ip_route_get_attribute(s_route, NM_IP_ROUTE_ATTRIBUTE_SRC))
         && g_variant_is_of_type(variant, G_VARIANT_TYPE_STRING)) {
         if (inet_pton(addr_family, g_variant_get_string(variant, NULL), &addr) == 1) {

src/core/devices/nm-device-bond.c

@@ -52,7 +52,8 @@
         NM_SETTING_BOND_OPTION_PACKETS_PER_SLAVE, NM_SETTING_BOND_OPTION_PRIMARY_RESELECT, \
         NM_SETTING_BOND_OPTION_RESEND_IGMP, NM_SETTING_BOND_OPTION_USE_CARRIER,            \
         NM_SETTING_BOND_OPTION_XMIT_HASH_POLICY, NM_SETTING_BOND_OPTION_NUM_GRAT_ARP,      \
-        NM_SETTING_BOND_OPTION_PEER_NOTIF_DELAY, NM_SETTING_BOND_OPTION_ARP_MISSED_MAX
+        NM_SETTING_BOND_OPTION_PEER_NOTIF_DELAY, NM_SETTING_BOND_OPTION_ARP_MISSED_MAX,    \
+        NM_SETTING_BOND_OPTION_LACP_ACTIVE
 
 #define OPTIONS_REAPPLY_FULL                                     \
     OPTIONS_REAPPLY_SUBSET, NM_SETTING_BOND_OPTION_ACTIVE_SLAVE, \
@@ -136,13 +137,13 @@ _set_bond_attr(NMDevice *device, const char *attr, const char *value)
     return ret;
 }
 
-#define _set_bond_attr_take(device, attr, value) \
-    G_STMT_START                                 \
-    {                                            \
-        gs_free char *_tmp = (value);            \
-                                                 \
-        _set_bond_attr(device, attr, _tmp);      \
-    }                                            \
+#define _set_bond_attr_take(device, attr, value)                            \
+    G_STMT_START                                                            \
+    {                                                                       \
+        gs_free char *_tmp = (value);                                       \
+                                                                            \
+        _set_bond_attr(device, NM_SETTING_BOND_OPTION_ARP_IP_TARGET, _tmp); \
+    }                                                                       \
     G_STMT_END
 
 #define _set_bond_attr_printf(device, attr, fmt, ...) \
@@ -901,7 +902,7 @@ reapply_connection(NMDevice *device, NMConnection *con_old, NMConnection *con_ne
     mode  = _nm_setting_bond_mode_from_string(value);
     g_return_if_fail(mode != NM_BOND_MODE_UNKNOWN);
 
-    /* Below we set only the bond options that the kernel allows modifying
+    /* Below we set only the bond options that kernel allows to modify
      * while keeping the bond interface up */
 
     set_bond_arp_ip_targets(device, s_bond);

src/core/devices/nm-device-bridge.c

@@ -1066,7 +1066,7 @@ attach_port(NMDevice                  *device,
 
             plat_vlans = setting_vlans_to_platform(vlans, &num_vlans);
 
-            /* Since the link was just attached, there are no existing VLANs
+            /* Since the link was just enportd, there are no existing VLANs
              * (except for the default one) and so there's no need to flush. */
 
             if (plat_vlans

src/core/devices/nm-device-ethernet.c

@@ -14,6 +14,7 @@
 #include <libudev.h>
 #include <linux/if_ether.h>
 
+#include "NetworkManagerUtils.h"
 #include "NetworkManagerUtils.h"
 #include "libnm-core-aux-intern/nm-libnm-core-utils.h"
 #include "libnm-core-intern/nm-core-internal.h"
@@ -707,9 +708,6 @@ supplicant_iface_start(NMDeviceEthernet *self)
     NMDeviceEthernetPrivate            *priv   = NM_DEVICE_ETHERNET_GET_PRIVATE(self);
     gs_unref_object NMSupplicantConfig *config = NULL;
     gs_free_error GError               *error  = NULL;
-    NMActRequest                       *request;
-    NMActiveConnection                 *controller_ac;
-    NMDevice                           *controller;
 
     config = build_supplicant_config(self, &error);
     if (!config) {
@@ -724,16 +722,6 @@ supplicant_iface_start(NMDeviceEthernet *self)
     }
 
     nm_supplicant_interface_disconnect(priv->supplicant.iface);
-
-    /* Tell the supplicant in which bridge the interface is */
-    if ((request = nm_device_get_act_request(NM_DEVICE(self)))
-        && (controller_ac = nm_active_connection_get_controller(NM_ACTIVE_CONNECTION(request)))
-        && (controller = nm_active_connection_get_device(controller_ac))
-        && nm_device_get_device_type(controller) == NM_DEVICE_TYPE_BRIDGE) {
-        nm_supplicant_interface_set_bridge(priv->supplicant.iface, nm_device_get_iface(controller));
-    } else
-        nm_supplicant_interface_set_bridge(priv->supplicant.iface, NULL);
-
     nm_supplicant_interface_assoc(priv->supplicant.iface, config, supplicant_iface_assoc_cb, self);
     return TRUE;
 }
@@ -1913,7 +1901,7 @@ get_ip_method_auto(NMDevice *device, int addr_family)
         /* We cannot do DHCPv4 on a PPP link, instead we get "auto" IP addresses
          * by pppd. Return "manual" here, which has the suitable effect to a
          * (zero) manual addresses in addition. */
-        return NM_SETTING_IP4_CONFIG_METHOD_MANUAL;
+        return NM_SETTING_IP6_CONFIG_METHOD_MANUAL;
     }
 
     return NM_SETTING_IP6_CONFIG_METHOD_AUTO;

src/core/devices/nm-device-hsr.c

@@ -94,10 +94,8 @@ update_properties(NMDevice *device)
     CHECK_PROPERTY_CHANGED(multicast_spec, PROP_MULTICAST_SPEC);
     CHECK_PROPERTY_CHANGED(prp, PROP_PRP);
 
-    if (!nm_ether_addr_equal(&priv->props.supervision_address, &props->supervision_address)) {
-        priv->props.supervision_address = props->supervision_address;
+    if (!nm_ether_addr_equal(&priv->props.supervision_address, &props->supervision_address))
         _notify(self, PROP_SUPERVISION_ADDRESS);
-    }
 
     g_object_thaw_notify((GObject *) device);
 }
@@ -116,51 +114,29 @@ create_and_realize(NMDevice              *device,
                    const NMPlatformLink **out_plink,
                    GError               **error)
 {
-    const char        *iface   = nm_device_get_iface(device);
-    nm_auto_free char *err_msg = NULL;
-    NMSettingHsr      *s_hsr;
-    NMPlatformLnkHsr   lnk = {};
-    int                r   = 0;
+    const char      *iface = nm_device_get_iface(device);
+    NMSettingHsr    *s_hsr;
+    NMPlatformLnkHsr lnk = {};
+    int              r;
 
     s_hsr = _nm_connection_get_setting(connection, NM_TYPE_SETTING_HSR);
-
     nm_assert(s_hsr);
 
     if (nm_setting_hsr_get_port1(s_hsr) != NULL)
         lnk.port1 = nm_platform_link_get_ifindex(NM_PLATFORM_GET, nm_setting_hsr_get_port1(s_hsr));
     if (nm_setting_hsr_get_port2(s_hsr) != NULL)
         lnk.port2 = nm_platform_link_get_ifindex(NM_PLATFORM_GET, nm_setting_hsr_get_port2(s_hsr));
-    if (nm_setting_hsr_get_interlink(s_hsr) != NULL) {
-        const char *ifname  = nm_setting_hsr_get_interlink(s_hsr);
-        int         ifindex = nm_platform_link_get_ifindex(NM_PLATFORM_GET, ifname);
-
-        if (ifindex <= 0) {
-            err_msg = g_strdup_printf("interlink port '%s' does not exist", ifname);
-            goto out;
-        }
-
-        lnk.interlink = ifindex;
-    }
-
-    lnk.multicast_spec   = nm_setting_hsr_get_multicast_spec(s_hsr);
-    lnk.prp              = nm_setting_hsr_get_prp(s_hsr);
-    lnk.protocol_version = nm_setting_hsr_get_protocol_version(s_hsr);
-
+    lnk.multicast_spec = nm_setting_hsr_get_multicast_spec(s_hsr);
+    lnk.prp            = nm_setting_hsr_get_prp(s_hsr);
     r = nm_platform_link_hsr_add(nm_device_get_platform(device), iface, &lnk, out_plink);
-
     if (r < 0) {
-        err_msg = g_strdup(nm_strerror(r) ?: "unknown");
-    }
-
-out:
-    if (err_msg) {
         g_set_error(error,
                     NM_DEVICE_ERROR,
                     NM_DEVICE_ERROR_CREATION_FAILED,
                     "Failed to create HSR interface '%s' for '%s': %s",
                     iface,
                     nm_connection_get_id(connection),
-                    err_msg);
+                    nm_strerror(r));
         return FALSE;
     }
 

src/core/devices/nm-device-macsec.c

@@ -440,9 +440,6 @@ supplicant_iface_start(NMDeviceMacsec *self)
     NMDeviceMacsecPrivate              *priv   = NM_DEVICE_MACSEC_GET_PRIVATE(self);
     gs_unref_object NMSupplicantConfig *config = NULL;
     gs_free_error GError               *error  = NULL;
-    NMActRequest                       *request;
-    NMActiveConnection                 *controller_ac;
-    NMDevice                           *controller;
 
     config = build_supplicant_config(self, &error);
     if (!config) {
@@ -455,16 +452,6 @@ supplicant_iface_start(NMDeviceMacsec *self)
     }
 
     nm_supplicant_interface_disconnect(priv->supplicant.iface);
-
-    /* Tell the supplicant in which bridge the interface is */
-    if ((request = nm_device_get_act_request(NM_DEVICE(self)))
-        && (controller_ac = nm_active_connection_get_controller(NM_ACTIVE_CONNECTION(request)))
-        && (controller = nm_active_connection_get_device(controller_ac))
-        && nm_device_get_device_type(controller) == NM_DEVICE_TYPE_BRIDGE) {
-        nm_supplicant_interface_set_bridge(priv->supplicant.iface, nm_device_get_iface(controller));
-    } else
-        nm_supplicant_interface_set_bridge(priv->supplicant.iface, NULL);
-
     nm_supplicant_interface_assoc(priv->supplicant.iface, config, supplicant_iface_assoc_cb, self);
     return TRUE;
 }

src/core/devices/nm-device-private.h

@@ -115,6 +115,9 @@ gboolean nm_device_sysctl_ip_conf_set(NMDevice   *self,
 
 NML3ConfigData *nm_device_create_l3_config_data(NMDevice *self, NMIPConfigSource source);
 
+NML3ConfigData *nm_device_create_l3_config_data_from_connection(NMDevice     *self,
+                                                                NMConnection *connection);
+
 void nm_device_ip_method_dhcp4_start(NMDevice *self);
 
 void nm_device_ip_method_autoconf6_start(NMDevice *self);

src/core/devices/nm-device-tun.c

@@ -242,14 +242,12 @@ create_and_realize(NMDevice              *device,
         g_return_val_if_reached(FALSE);
     }
 
-    owner =
-        _nm_utils_ascii_str_to_int64(nm_setting_tun_get_owner(s_tun), 10, 0, G_MAXUINT32 - 1, -1);
+    owner = _nm_utils_ascii_str_to_int64(nm_setting_tun_get_owner(s_tun), 10, 0, G_MAXINT32, -1);
     if (owner != -1) {
         props.owner_valid = TRUE;
         props.owner       = owner;
     }
-    group =
-        _nm_utils_ascii_str_to_int64(nm_setting_tun_get_group(s_tun), 10, 0, G_MAXUINT32 - 1, -1);
+    group = _nm_utils_ascii_str_to_int64(nm_setting_tun_get_group(s_tun), 10, 0, G_MAXINT32, -1);
     if (group != -1) {
         props.group_valid = TRUE;
         props.group       = group;
@@ -280,7 +278,7 @@ _same_og(const char *str, gboolean og_valid, guint32 og_num)
 {
     gint64 v;
 
-    v = _nm_utils_ascii_str_to_int64(str, 10, 0, G_MAXUINT32 - 1, -1);
+    v = _nm_utils_ascii_str_to_int64(str, 10, 0, G_MAXINT32, -1);
     return (!og_valid && (v == (gint64) -1)) || (og_valid && (((guint32) v) == og_num));
 }
 

src/core/devices/nm-device-utils.c

@@ -135,17 +135,13 @@ NM_UTILS_LOOKUP_STR_DEFINE(
     NM_UTILS_LOOKUP_STR_ITEM(NM_DEVICE_STATE_REASON_UNMANAGED_LINK_NOT_INIT,
                              "unmanaged-link-not-init"),
     NM_UTILS_LOOKUP_STR_ITEM(NM_DEVICE_STATE_REASON_UNMANAGED_QUITTING, "unmanaged-quitting"),
-    NM_UTILS_LOOKUP_STR_ITEM(NM_DEVICE_STATE_REASON_UNMANAGED_MANAGER_DISABLED,
-                             "unmanaged-nm-disabled"),
+    NM_UTILS_LOOKUP_STR_ITEM(NM_DEVICE_STATE_REASON_UNMANAGED_SLEEPING, "unmanaged-sleeping"),
     NM_UTILS_LOOKUP_STR_ITEM(NM_DEVICE_STATE_REASON_UNMANAGED_USER_CONF, "unmanaged-user-conf"),
     NM_UTILS_LOOKUP_STR_ITEM(NM_DEVICE_STATE_REASON_UNMANAGED_USER_EXPLICIT,
                              "unmanaged-user-explicit"),
     NM_UTILS_LOOKUP_STR_ITEM(NM_DEVICE_STATE_REASON_UNMANAGED_USER_SETTINGS,
                              "unmanaged-user-settings"),
-    NM_UTILS_LOOKUP_STR_ITEM(NM_DEVICE_STATE_REASON_UNMANAGED_USER_UDEV, "unmanaged-user-udev"),
-    NM_UTILS_LOOKUP_STR_ITEM(NM_DEVICE_STATE_REASON_NETWORKING_OFF, "networking-off"),
-    NM_UTILS_LOOKUP_STR_ITEM(NM_DEVICE_STATE_REASON_MODEM_NO_OPERATOR_CODE,
-                             "modem-no-operator-code"), );
+    NM_UTILS_LOOKUP_STR_ITEM(NM_DEVICE_STATE_REASON_UNMANAGED_USER_UDEV, "unmanaged-user-udev"), );
 
 NM_UTILS_LOOKUP_STR_DEFINE(nm_device_mtu_source_to_string,
                            NMDeviceMtuSource,

src/core/devices/nm-device-vrf.c

@@ -235,7 +235,7 @@ attach_port(NMDevice                  *device,
 
         _LOGI(LOGD_DEVICE, "attached VRF port %s", port_iface);
     } else
-        _LOGI(LOGD_DEVICE, "VRF port %s was attached", port_iface);
+        _LOGI(LOGD_BOND, "VRF port %s was attached", port_iface);
 
     return TRUE;
 }

src/core/devices/nm-device-wireguard.c

@@ -1672,57 +1672,6 @@ act_stage2_config(NMDevice *device, NMDeviceStateReason *out_failure_reason)
     return ret;
 }
 
-static gboolean
-skip_peer_route(const NMIPAddr    *peer_addr,
-                guint              peer_addr_prefix,
-                int                addr_family,
-                NMSettingIPConfig *s_ip)
-{
-    guint num_addresses;
-    guint i;
-
-    /*
-     * If the allowed-ip subnet is already reachable on the interface via the
-     * prefix route of a static IP address, skip adding the peer route.
-     * We don't want to override the prefix route with a new one because the
-     * prefix route also specifies the correct source IP address.
-     *
-     * wg-quick does something similar here:
-     * https://git.zx2c4.com/wireguard-tools/tree/src/wg-quick/linux.bash?h=v1.0.20250521#n177
-     * The condition in wg-quick is a bit different because it checks that no
-     * duplicate route exists on the interface. We can't do exactly the same
-     * because here we don't have visibility on all the platform routes.
-     */
-
-    if (!s_ip)
-        return FALSE;
-
-    num_addresses = nm_setting_ip_config_get_num_addresses(s_ip);
-    for (i = 0; i < num_addresses; i++) {
-        NMIPAddr     setting_addr;
-        NMIPAddr     peer_addr_tmp;
-        guint        setting_prefix;
-        NMIPAddress *a;
-
-        peer_addr_tmp = *peer_addr;
-
-        a = nm_setting_ip_config_get_address(s_ip, i);
-        nm_ip_address_get_address_binary(a, &setting_addr);
-        setting_prefix = nm_ip_address_get_prefix(a);
-
-        if (setting_prefix > peer_addr_prefix)
-            continue;
-
-        nm_ip_addr_clear_host_address(addr_family, &setting_addr, NULL, setting_prefix);
-        nm_ip_addr_clear_host_address(addr_family, &peer_addr_tmp, NULL, setting_prefix);
-
-        if (nm_ip_addr_equal(addr_family, &peer_addr_tmp, &setting_addr))
-            return TRUE;
-    }
-
-    return FALSE;
-}
-
 static const NML3ConfigData *
 _get_dev2_ip_config(NMDeviceWireGuard *self, int addr_family)
 {
@@ -1789,7 +1738,6 @@ _get_dev2_ip_config(NMDeviceWireGuard *self, int addr_family)
 
         n_aips = nm_wireguard_peer_get_allowed_ips_len(peer);
         for (j = 0; j < n_aips; j++) {
-            NMSettingIPConfig *s_ip;
             NMPlatformIPXRoute rt;
             NMIPAddr           addrbin;
             const char        *aip;
@@ -1797,8 +1745,7 @@ _get_dev2_ip_config(NMDeviceWireGuard *self, int addr_family)
             int                prefix;
             guint32            rtable_coerced;
 
-            aip  = nm_wireguard_peer_get_allowed_ip(peer, j, &valid);
-            s_ip = nm_connection_get_setting_ip_config(connection, addr_family);
+            aip = nm_wireguard_peer_get_allowed_ip(peer, j, &valid);
 
             if (!valid || !nm_inet_parse_with_prefix_bin(addr_family, aip, NULL, &addrbin, &prefix))
                 continue;
@@ -1807,6 +1754,9 @@ _get_dev2_ip_config(NMDeviceWireGuard *self, int addr_family)
                 prefix = (addr_family == AF_INET) ? 32 : 128;
 
             if (prefix == 0) {
+                NMSettingIPConfig *s_ip;
+
+                s_ip = nm_connection_get_setting_ip_config(connection, addr_family);
                 if (nm_setting_ip_config_get_never_default(s_ip))
                     continue;
             }
@@ -1819,9 +1769,6 @@ _get_dev2_ip_config(NMDeviceWireGuard *self, int addr_family)
 
             nm_ip_addr_clear_host_address(addr_family, &addrbin, NULL, prefix);
 
-            if (skip_peer_route(&addrbin, prefix, addr_family, s_ip))
-                continue;
-
             rtable_coerced = route_table_coerced;
 
             if (prefix == 0 && auto_default_route_enabled) {

src/core/devices/nm-device.c

@@ -113,19 +113,6 @@ typedef enum {
     RELEASE_PORT_TYPE_CONFIG_FORCE,
 } ReleasePortType;
 
-/**
- * CleanupType:
- * @CLEANUP_TYPE_KEEP: Cleanup internally but keep the real device's config. This is
- *   often used when moving a partially managed device to "unmanaged" (but not only).
- * @CLEANUP_TYPE_REMOVED: The device suddently disappeared. Cleanup internally but don't
- *   make any action on the real device at all, as it no longer exists.
- * @CLEANUP_TYPE_DECONFIGURE: Also deconfigure the real device. This is the typical
- *   action when a connection or device is set to "down", or fully managed devices
- *   moved to "unmanaged".
- * @CLEANUP_TYPE_KEEP_REAPPLY: Like %CLEANUP_TYPE_KEEP, but indicating that it's a
- *   reapply. Some special actions can be done if we're doing a reapply, like keeping
- *   the existing DHCP lease, for example.
- */
 typedef enum {
     CLEANUP_TYPE_KEEP,
     CLEANUP_TYPE_REMOVED,
@@ -278,11 +265,11 @@ typedef struct {
     NMDeviceIPState state;
     union {
         struct {
-            NMDnsMasqManager     *dnsmasq_manager;
-            NMNetnsIPReservation *ip_reservation;
-            NMFirewallConfig     *firewall_config;
-            gulong                dnsmasq_state_id;
-            const NML3ConfigData *l3cd;
+            NMDnsMasqManager      *dnsmasq_manager;
+            NMNetnsSharedIPHandle *shared_ip_handle;
+            NMFirewallConfig      *firewall_config;
+            gulong                 dnsmasq_state_id;
+            const NML3ConfigData  *l3cd;
         } v4;
         struct {
         } v6;
@@ -711,8 +698,6 @@ typedef struct _NMDevicePrivate {
 
     IPDevStateData ipdev_data_unspec;
 
-    gulong sharing_ipv4_changed_id;
-
     struct {
         /* If we set the addrgenmode6, this records the previously set value. */
         guint8 previous_mode_val;
@@ -894,8 +879,6 @@ static void _dev_ipshared4_spawn_dnsmasq(NMDevice *self);
 
 static void _dev_ipshared6_start(NMDevice *self);
 
-static void _dev_ipforwarding4_start(NMDevice *self, int addr_family);
-
 static void
 _cleanup_ip_pre(NMDevice *self, int addr_family, CleanupType cleanup_type, gboolean preserve_dhcp);
 
@@ -910,7 +893,6 @@ static void device_ifindex_changed_cb(NMManager *manager, NMDevice *device_chang
 static gboolean device_link_changed(gpointer user_data);
 static gboolean _get_maybe_ipv6_disabled(NMDevice *self);
 static void     deactivate_ready(NMDevice *self, NMDeviceStateReason reason);
-static void     carrier_disconnected_action_cancel(NMDevice *self);
 
 /*****************************************************************************/
 
@@ -1424,12 +1406,14 @@ _prop_get_ipvx_routed_dns(NMDevice *self, int addr_family)
 }
 
 static NMSettingConnectionMdns
-_prop_get_connection_mdns(NMDevice *self, NMConnection *connection)
+_prop_get_connection_mdns(NMDevice *self)
 {
+    NMConnection           *connection;
     NMSettingConnectionMdns mdns = NM_SETTING_CONNECTION_MDNS_DEFAULT;
 
     g_return_val_if_fail(NM_IS_DEVICE(self), NM_SETTING_CONNECTION_MDNS_DEFAULT);
 
+    connection = nm_device_get_applied_connection(self);
     if (connection)
         mdns = nm_setting_connection_get_mdns(nm_connection_get_setting_connection(connection));
     if (mdns != NM_SETTING_CONNECTION_MDNS_DEFAULT)
@@ -1443,33 +1427,15 @@ _prop_get_connection_mdns(NMDevice *self, NMConnection *connection)
                                                        NM_SETTING_CONNECTION_MDNS_DEFAULT);
 }
 
-static gboolean
-_prop_get_sriov_preserve_on_down(NMDevice *self, NMSettingSriov *s_sriov)
-{
-    NMSriovPreserveOnDown preserve;
-
-    g_return_val_if_fail(NM_IS_DEVICE(self), FALSE);
-    g_return_val_if_fail(NM_IS_SETTING_SRIOV(s_sriov), FALSE);
-
-    preserve = nm_setting_sriov_get_preserve_on_down(s_sriov);
-    if (NM_IN_SET(preserve, NM_SRIOV_PRESERVE_ON_DOWN_NO, NM_SRIOV_PRESERVE_ON_DOWN_YES))
-        return preserve;
-
-    return nm_config_data_get_connection_default_int64(NM_CONFIG_GET_DATA,
-                                                       NM_CON_DEFAULT("sriov.preserve-on-down"),
-                                                       self,
-                                                       NM_SRIOV_PRESERVE_ON_DOWN_NO,
-                                                       NM_SRIOV_PRESERVE_ON_DOWN_YES,
-                                                       NM_SRIOV_PRESERVE_ON_DOWN_NO);
-}
-
 static NMSettingConnectionLlmnr
-_prop_get_connection_llmnr(NMDevice *self, NMConnection *connection)
+_prop_get_connection_llmnr(NMDevice *self)
 {
+    NMConnection            *connection;
     NMSettingConnectionLlmnr llmnr = NM_SETTING_CONNECTION_LLMNR_DEFAULT;
 
     g_return_val_if_fail(NM_IS_DEVICE(self), NM_SETTING_CONNECTION_LLMNR_DEFAULT);
 
+    connection = nm_device_get_applied_connection(self);
     if (connection)
         llmnr = nm_setting_connection_get_llmnr(nm_connection_get_setting_connection(connection));
     if (llmnr != NM_SETTING_CONNECTION_LLMNR_DEFAULT)
@@ -1484,12 +1450,14 @@ _prop_get_connection_llmnr(NMDevice *self, NMConnection *connection)
 }
 
 static NMSettingConnectionDnsOverTls
-_prop_get_connection_dns_over_tls(NMDevice *self, NMConnection *connection)
+_prop_get_connection_dns_over_tls(NMDevice *self)
 {
+    NMConnection                 *connection;
     NMSettingConnectionDnsOverTls dns_over_tls = NM_SETTING_CONNECTION_DNS_OVER_TLS_DEFAULT;
 
     g_return_val_if_fail(NM_IS_DEVICE(self), NM_SETTING_CONNECTION_DNS_OVER_TLS_DEFAULT);
 
+    connection = nm_device_get_applied_connection(self);
     if (connection)
         dns_over_tls = nm_setting_connection_get_dns_over_tls(
             nm_connection_get_setting_connection(connection));
@@ -1504,33 +1472,15 @@ _prop_get_connection_dns_over_tls(NMDevice *self, NMConnection *connection)
                                                        NM_SETTING_CONNECTION_DNS_OVER_TLS_DEFAULT);
 }
 
-static NMSettingConnectionDnssec
-_prop_get_connection_dnssec(NMDevice *self, NMConnection *connection)
-{
-    NMSettingConnectionDnssec dnssec = NM_SETTING_CONNECTION_DNSSEC_DEFAULT;
-
-    g_return_val_if_fail(NM_IS_DEVICE(self), NM_SETTING_CONNECTION_DNSSEC_DEFAULT);
-
-    if (connection)
-        dnssec = nm_setting_connection_get_dnssec(nm_connection_get_setting_connection(connection));
-    if (dnssec != NM_SETTING_CONNECTION_DNSSEC_DEFAULT)
-        return dnssec;
-
-    return nm_config_data_get_connection_default_int64(NM_CONFIG_GET_DATA,
-                                                       NM_CON_DEFAULT("connection.dnssec"),
-                                                       self,
-                                                       NM_SETTING_CONNECTION_DNSSEC_NO,
-                                                       NM_SETTING_CONNECTION_DNSSEC_YES,
-                                                       NM_SETTING_CONNECTION_DNSSEC_DEFAULT);
-}
-
 static NMMptcpFlags
-_prop_get_connection_mptcp_flags(NMDevice *self, NMConnection *connection)
+_prop_get_connection_mptcp_flags(NMDevice *self)
 {
-    NMMptcpFlags mptcp_flags = NM_MPTCP_FLAGS_NONE;
+    NMConnection *connection;
+    NMMptcpFlags  mptcp_flags = NM_MPTCP_FLAGS_NONE;
 
     g_return_val_if_fail(NM_IS_DEVICE(self), NM_MPTCP_FLAGS_DISABLED);
 
+    connection = nm_device_get_applied_connection(self);
     if (connection) {
         mptcp_flags =
             nm_setting_connection_get_mptcp_flags(nm_connection_get_setting_connection(connection));
@@ -2172,33 +2122,6 @@ _prop_get_ipvx_dhcp_send_hostname(NMDevice *self, int addr_family)
     return send_hostname_v2;
 }
 
-static NMSettingIPConfigForwarding
-_prop_get_ipv4_forwarding(NMDevice *self)
-{
-    NMSettingIPConfig          *s_ip;
-    NMSettingIPConfigForwarding forwarding;
-
-    g_return_val_if_fail(NM_IS_DEVICE(self), NM_SETTING_IP_CONFIG_FORWARDING_AUTO);
-
-    s_ip = nm_device_get_applied_setting(self, NM_TYPE_SETTING_IP4_CONFIG);
-    if (s_ip)
-        forwarding = nm_setting_ip_config_get_forwarding(s_ip);
-    else
-        forwarding = NM_SETTING_IP_CONFIG_FORWARDING_DEFAULT;
-
-    if (forwarding == NM_SETTING_IP_CONFIG_FORWARDING_DEFAULT) {
-        forwarding =
-            nm_config_data_get_connection_default_int64(NM_CONFIG_GET_DATA,
-                                                        NM_CON_DEFAULT("ipv4.forwarding"),
-                                                        self,
-                                                        NM_SETTING_IP_CONFIG_FORWARDING_NO,
-                                                        NM_SETTING_IP_CONFIG_FORWARDING_AUTO,
-                                                        NM_SETTING_IP_CONFIG_FORWARDING_AUTO);
-    }
-
-    return forwarding;
-}
-
 static gboolean
 _prop_get_connection_ip_ping_addresses_require_all(NMDevice *self, NMSettingConnection *s_con)
 {
@@ -2496,14 +2419,16 @@ _prop_get_ipv4_dhcp_vendor_class_identifier(NMDevice *self, NMSettingIP4Config *
 }
 
 static NMSettingIP6ConfigPrivacy
-_prop_get_ipv6_ip6_privacy(NMDevice *self, NMConnection *connection)
+_prop_get_ipv6_ip6_privacy(NMDevice *self)
 {
     NMSettingIP6ConfigPrivacy ip6_privacy;
+    NMConnection             *connection;
 
     g_return_val_if_fail(self, NM_SETTING_IP6_CONFIG_PRIVACY_UNKNOWN);
 
     /* 1.) First look at the per-connection setting. If it is not -1 (unknown),
      * use it. */
+    connection = nm_device_get_applied_connection(self);
     if (connection) {
         NMSettingIPConfig *s_ip6 = nm_connection_get_setting_ip6_config(connection);
 
@@ -2805,7 +2730,7 @@ _ethtool_features_set(NMDevice         *self,
     if (nm_setting_ethtool_init_features(s_ethtool, ethtool_state->requested) == 0)
         return;
 
-    features = nm_platform_ethtool_get_features(platform, ethtool_state->ifindex);
+    features = nm_platform_ethtool_get_link_features(platform, ethtool_state->ifindex);
     if (!features) {
         _LOGW(LOGD_DEVICE, "ethtool: failure setting offload features (cannot read features)");
         return;
@@ -2924,9 +2849,9 @@ _ethtool_coalesce_set(NMDevice         *self,
             continue;
 
         if (!has_old) {
-            if (!nm_platform_ethtool_get_coalesce(platform,
-                                                  ethtool_state->ifindex,
-                                                  &coalesce_old)) {
+            if (!nm_platform_ethtool_get_link_coalesce(platform,
+                                                       ethtool_state->ifindex,
+                                                       &coalesce_old)) {
                 _LOGW(LOGD_DEVICE, "ethtool: failure getting coalesce settings (cannot read)");
                 return;
             }
@@ -3005,7 +2930,7 @@ _ethtool_ring_set(NMDevice         *self,
         nm_assert(g_variant_is_of_type(variant, G_VARIANT_TYPE_UINT32));
 
         if (!has_old) {
-            if (!nm_platform_ethtool_get_ring(platform, ethtool_state->ifindex, &ring_old)) {
+            if (!nm_platform_ethtool_get_link_ring(platform, ethtool_state->ifindex, &ring_old)) {
                 _LOGW(LOGD_DEVICE,
                       "ethtool: failure setting ring options (cannot read existing setting)");
                 return;
@@ -3101,9 +3026,9 @@ _ethtool_channels_set(NMDevice         *self,
         nm_assert(g_variant_is_of_type(variant, G_VARIANT_TYPE_UINT32));
 
         if (!has_old) {
-            if (!nm_platform_ethtool_get_channels(platform,
-                                                  ethtool_state->ifindex,
-                                                  &channels_old)) {
+            if (!nm_platform_ethtool_get_link_channels(platform,
+                                                       ethtool_state->ifindex,
+                                                       &channels_old)) {
                 _LOGW(LOGD_DEVICE,
                       "ethtool: failure setting channels options (cannot read existing setting)");
                 return;
@@ -3220,7 +3145,7 @@ _ethtool_pause_set(NMDevice         *self,
         nm_assert(g_variant_is_of_type(variant, G_VARIANT_TYPE_BOOLEAN));
 
         if (!has_old) {
-            if (!nm_platform_ethtool_get_pause(platform, ethtool_state->ifindex, &pause_old)) {
+            if (!nm_platform_ethtool_get_link_pause(platform, ethtool_state->ifindex, &pause_old)) {
                 _LOGW(LOGD_DEVICE,
                       "ethtool: failure setting pause options (cannot read "
                       "existing setting)");
@@ -3306,7 +3231,7 @@ _ethtool_eee_set(NMDevice         *self,
         nm_assert(g_variant_is_of_type(variant, G_VARIANT_TYPE_BOOLEAN));
 
         if (!has_old) {
-            if (!nm_platform_ethtool_get_eee(platform, ethtool_state->ifindex, &eee_old)) {
+            if (!nm_platform_ethtool_get_link_eee(platform, ethtool_state->ifindex, &eee_old)) {
                 _LOGW(LOGD_DEVICE,
                       "ethtool: failure setting eee options (cannot read "
                       "existing setting)");
@@ -3636,12 +3561,11 @@ nm_device_create_l3_config_data_from_connection(NMDevice *self, NMConnection *co
 
     l3cd =
         nm_l3_config_data_new_from_connection(nm_device_get_multi_index(self), ifindex, connection);
-    nm_l3_config_data_set_mdns(l3cd, _prop_get_connection_mdns(self, connection));
-    nm_l3_config_data_set_llmnr(l3cd, _prop_get_connection_llmnr(self, connection));
-    nm_l3_config_data_set_dns_over_tls(l3cd, _prop_get_connection_dns_over_tls(self, connection));
-    nm_l3_config_data_set_dnssec(l3cd, _prop_get_connection_dnssec(self, connection));
-    nm_l3_config_data_set_ip6_privacy(l3cd, _prop_get_ipv6_ip6_privacy(self, connection));
-    nm_l3_config_data_set_mptcp_flags(l3cd, _prop_get_connection_mptcp_flags(self, connection));
+    nm_l3_config_data_set_mdns(l3cd, _prop_get_connection_mdns(self));
+    nm_l3_config_data_set_llmnr(l3cd, _prop_get_connection_llmnr(self));
+    nm_l3_config_data_set_dns_over_tls(l3cd, _prop_get_connection_dns_over_tls(self));
+    nm_l3_config_data_set_ip6_privacy(l3cd, _prop_get_ipv6_ip6_privacy(self));
+    nm_l3_config_data_set_mptcp_flags(l3cd, _prop_get_connection_mptcp_flags(self));
     return l3cd;
 }
 
@@ -5082,10 +5006,6 @@ _set_ifindex(NMDevice *self, int ifindex, gboolean is_ip_ifindex)
 
     ip_ifindex_new = nm_device_get_ip_ifindex(self);
 
-    /* the ifindex changed; forget about any carrier change event for
-     * the previous ifindex */
-    carrier_disconnected_action_cancel(self);
-
     if (priv->l3cfg) {
         if (ip_ifindex_new <= 0 || ip_ifindex_new != nm_l3cfg_get_ifindex(priv->l3cfg)) {
             const NML3ConfigData *l3cd_old;
@@ -6344,14 +6264,6 @@ concheck_is_possible(NMDevice *self)
     if (priv->state == NM_DEVICE_STATE_UNKNOWN)
         return FALSE;
 
-    if (!nm_config_data_get_device_config_boolean_by_device(
-            NM_CONFIG_GET_DATA,
-            NM_CONFIG_KEYFILE_KEY_DEVICE_CHECK_CONNECTIVITY,
-            self,
-            TRUE,
-            TRUE))
-        return FALSE;
-
     return TRUE;
 }
 
@@ -6372,10 +6284,8 @@ concheck_periodic_schedule_do(NMDevice *self, int addr_family, gint64 now_ns)
         goto out;
     }
 
-    if (!concheck_is_possible(self)) {
-        concheck_update_state(self, addr_family, NM_CONNECTIVITY_UNKNOWN, FALSE);
+    if (!concheck_is_possible(self))
         goto out;
-    }
 
     nm_assert(now_ns > 0);
     nm_assert(priv->concheck_x[IS_IPv4].p_cur_interval > 0);
@@ -6598,11 +6508,7 @@ concheck_update_interval(NMDevice *self, int addr_family, gboolean check_now)
         concheck_periodic_schedule_do(self, addr_family, 0);
 
         /* also update the fake connectivity state. */
-        if (concheck_is_possible(self))
-            concheck_update_state(self, addr_family, NM_CONNECTIVITY_FAKE, TRUE);
-        else
-            concheck_update_state(self, addr_family, NM_CONNECTIVITY_UNKNOWN, FALSE);
-
+        concheck_update_state(self, addr_family, NM_CONNECTIVITY_FAKE, TRUE);
         return;
     }
 
@@ -6631,7 +6537,6 @@ concheck_update_state(NMDevice           *self,
     /* @state is a result of the connectivity check. We only expect a precise
      * number of possible values. */
     nm_assert(NM_IN_SET(state,
-                        NM_CONNECTIVITY_UNKNOWN,
                         NM_CONNECTIVITY_LIMITED,
                         NM_CONNECTIVITY_PORTAL,
                         NM_CONNECTIVITY_FULL,
@@ -6692,12 +6597,8 @@ concheck_update_state(NMDevice           *self,
 
     _notify(self, IS_IPv4 ? PROP_IP4_CONNECTIVITY : PROP_IP6_CONNECTIVITY);
 
-    /* State change could've affected the route metrics (removed the penalty
-     * once FULL connectivity is reached), redo the L3 configuration. */
-    if (priv->state > NM_DEVICE_STATE_IP_CONFIG && priv->state < NM_DEVICE_STATE_DEACTIVATING
-        && !nm_device_managed_type_is_external(self)) {
+    if (priv->state == NM_DEVICE_STATE_ACTIVATED && !nm_device_managed_type_is_external(self))
         _dev_l3_register_l3cds(self, priv->l3cfg, TRUE, NM_TERNARY_DEFAULT);
-    }
 }
 
 static const char *
@@ -6955,11 +6856,8 @@ nm_device_check_connectivity(NMDevice                    *self,
                              NMDeviceConnectivityCallback callback,
                              gpointer                     user_data)
 {
-    if (!concheck_is_possible(self)) {
-        concheck_update_state(self, AF_INET, NM_CONNECTIVITY_UNKNOWN, FALSE);
-        concheck_update_state(self, AF_INET6, NM_CONNECTIVITY_UNKNOWN, FALSE);
+    if (!concheck_is_possible(self))
         return NULL;
-    }
 
     concheck_periodic_schedule_set(self, addr_family, CONCHECK_SCHEDULE_CHECK_EXTERNAL);
     return concheck_start(self, addr_family, callback, user_data, FALSE);
@@ -7840,7 +7738,9 @@ device_link_changed(gpointer user_data)
          * tagged for carrier ignore) ensure that when the carrier appears we
          * renew DHCP leases and such.
          */
-        nm_device_update_dynamic_ip_setup(self, "interface got carrier");
+        if (priv->state == NM_DEVICE_STATE_ACTIVATED) {
+            nm_device_update_dynamic_ip_setup(self, "interface got carrier");
+        }
     }
 
     if (update_unmanaged_specs)
@@ -8347,17 +8247,6 @@ config_changed(NMConfig           *config,
             && !nm_device_get_applied_setting(self, NM_TYPE_SETTING_SRIOV))
             device_init_static_sriov_num_vfs(self);
     }
-
-    if (NM_FLAGS_HAS(changes, NM_CONFIG_CHANGE_VALUES) && concheck_is_possible(self)) {
-        /* restart (periodic) connectivity checks if they were previously disabled */
-        if (!nm_config_data_get_device_config_boolean_by_device(
-                old_data,
-                NM_CONFIG_KEYFILE_KEY_DEVICE_CHECK_CONNECTIVITY,
-                self,
-                TRUE,
-                TRUE))
-            nm_device_check_connectivity_update_interval(self);
-    }
 }
 
 static void
@@ -8708,8 +8597,6 @@ nm_device_unrealize(NMDevice *self, gboolean remove_resources, GError **error)
 
     g_object_thaw_notify(G_OBJECT(self));
 
-    nm_device_managed_type_set(self, NM_DEVICE_MANAGED_TYPE_REMOVED);
-
     nm_device_set_unmanaged_flags(self, NM_UNMANAGED_PLATFORM_INIT, TRUE);
 
     nm_device_set_unmanaged_flags(self,
@@ -9100,7 +8987,7 @@ nm_device_port_notify_attach_as_port(NMDevice *self, gboolean success)
 
             priv->is_attached = TRUE;
 
-            _notify(self, PROP_CONTROLLER);
+            _notify(priv->controller, PROP_CONTROLLER);
 
             nm_clear_pointer(&NM_DEVICE_GET_PRIVATE(priv->controller)->ports_variant,
                              g_variant_unref);
@@ -9179,7 +9066,7 @@ nm_device_port_notify_release(NMDevice           *self,
 
     priv->is_attached = FALSE;
 
-    _notify(self, PROP_CONTROLLER);
+    _notify(priv->controller, PROP_CONTROLLER);
 
     nm_clear_pointer(&NM_DEVICE_GET_PRIVATE(priv->controller)->ports_variant, g_variant_unref);
     nm_gobject_notify_together(priv->controller, PROP_PORTS, PROP_SLAVES);
@@ -9235,10 +9122,6 @@ is_available(NMDevice *self, NMDeviceCheckDevAvailableFlags flags)
 {
     NMDevicePrivate *priv = NM_DEVICE_GET_PRIVATE(self);
 
-    /* unrealized software devices are always available, hardware devices never */
-    if (!nm_device_is_real(self))
-        return nm_device_is_software(self);
-
     if (priv->carrier || priv->ignore_carrier)
         return TRUE;
 
@@ -9651,7 +9534,7 @@ nm_device_generate_connection(NMDevice *self,
                  NM_SETTING_CONNECTION_ID,
                  ifname,
                  NM_SETTING_CONNECTION_AUTOCONNECT,
-                 TRUE,
+                 FALSE,
                  NM_SETTING_CONNECTION_INTERFACE_NAME,
                  ifname,
                  NM_SETTING_CONNECTION_TIMESTAMP,
@@ -11596,13 +11479,6 @@ _dev_ipdhcpx_notify(NMDhcpClient *client, const NMDhcpClientNotifyData *notify_d
     switch (notify_data->notify_type) {
     case NM_DHCP_CLIENT_NOTIFY_TYPE_PREFIX_DELEGATED:
         nm_assert(!IS_IPv4);
-        if (notify_data->prefix_delegated.prefix->plen == 0
-            || notify_data->prefix_delegated.prefix->plen > 64) {
-            _LOGW_ipdhcp(addr_family,
-                         "ignoring invalid prefix-delegation with length %u",
-                         notify_data->prefix_delegated.prefix->plen);
-            return;
-        }
         /* Just re-emit. The device just contributes the prefix to the
          * pool in NMPolicy, which decides about subnet allocation
          * on the shared devices. */
@@ -13027,7 +12903,7 @@ _dev_ipac6_start(NMDevice *self)
             .router_solicitations         = router_solicitations,
             .router_solicitation_interval = router_solicitation_interval,
             .ra_timeout                   = ra_timeout,
-            .ip6_privacy                  = _prop_get_ipv6_ip6_privacy(self, connection),
+            .ip6_privacy                  = _prop_get_ipv6_ip6_privacy(self),
         };
 
         priv->ipac6_data.ndisc = nm_lndp_ndisc_new(&config);
@@ -13214,6 +13090,7 @@ _dev_addrgenmode6_set(NMDevice *self, guint8 addr_gen_mode)
     if (!priv->addrgenmode6_data.previous_mode_has) {
         priv->addrgenmode6_data.previous_mode_has = TRUE;
         priv->addrgenmode6_data.previous_mode_val = cur_addr_gen_mode;
+        nm_assert(priv->addrgenmode6_data.previous_mode_val == cur_addr_gen_mode);
     }
 
     _LOGD_ip(AF_INET6,
@@ -13344,8 +13221,6 @@ activate_stage3_ip_config_for_addr_family(NMDevice *self, int addr_family)
         if (priv->ipll_data_4.v4.mode == NM_SETTING_IP4_LL_ENABLED)
             _dev_ipll4_start(self);
 
-        _dev_ipforwarding4_start(self, addr_family);
-
         if (nm_streq(priv->ipv4_method, NM_SETTING_IP4_CONFIG_METHOD_AUTO))
             _dev_ipdhcpx_start(self, AF_INET);
         else if (nm_streq(priv->ipv4_method, NM_SETTING_IP4_CONFIG_METHOD_LINK_LOCAL)) {
@@ -13638,8 +13513,7 @@ activate_stage3_ip_config(NMDevice *self)
              * IPv6LL if this is not an assumed connection, since assumed connections
              * will already have IPv6 set up.
              */
-            if ((priv->state <= NM_DEVICE_STATE_IP_CONFIG || priv->ip_data_6.do_reapply)
-                && !nm_device_managed_type_is_external_or_assume(self))
+            if (!nm_device_managed_type_is_external_or_assume(self))
                 _dev_addrgenmode6_set(self, NM_IN6_ADDR_GEN_MODE_NONE);
 
             /* Re-enable IPv6 on the interface */
@@ -13665,21 +13539,15 @@ nm_device_activate_schedule_stage3_ip_config(NMDevice *self, gboolean do_sync)
 static void
 _dev_ipsharedx_set_state(NMDevice *self, int addr_family, NMDeviceIPState state)
 {
-    NMDevicePrivate *priv      = NM_DEVICE_GET_PRIVATE(self);
-    const int        IS_IPv4   = NM_IS_IPv4(addr_family);
-    NMDeviceIPState  old_state = priv->ipshared_data_x[IS_IPv4].state;
+    NMDevicePrivate *priv    = NM_DEVICE_GET_PRIVATE(self);
+    const int        IS_IPv4 = NM_IS_IPv4(addr_family);
 
-    if (old_state != state) {
+    if (priv->ipshared_data_x[IS_IPv4].state != state) {
         _LOGD_ipshared(addr_family,
                        "set state %s (was %s)",
                        nm_device_ip_state_to_string(state),
-                       nm_device_ip_state_to_string(old_state));
+                       nm_device_ip_state_to_string(priv->ipshared_data_x[IS_IPv4].state));
         priv->ipshared_data_x[IS_IPv4].state = state;
-
-        if (old_state == NM_DEVICE_IP_STATE_READY || state == NM_DEVICE_IP_STATE_READY)
-            nm_manager_update_shared_connection(NM_MANAGER_GET,
-                                                addr_family,
-                                                state == NM_DEVICE_IP_STATE_READY);
     }
 }
 
@@ -13702,7 +13570,7 @@ _dev_ipsharedx_cleanup(NMDevice *self, int addr_family)
             nm_clear_pointer(&priv->ipshared_data_4.v4.firewall_config, nm_firewall_config_free);
         }
 
-        nm_clear_pointer(&priv->ipshared_data_4.v4.ip_reservation, nm_netns_ip_reservation_release);
+        nm_clear_pointer(&priv->ipshared_data_4.v4.shared_ip_handle, nm_netns_shared_ip_release);
         nm_clear_l3cd(&priv->ipshared_data_4.v4.l3cd);
 
         _dev_l3_register_l3cds_set_one(self, L3_CONFIG_DATA_TYPE_SHARED_4, NULL, FALSE);
@@ -13736,14 +13604,13 @@ _dev_ipshared4_new_l3cd(NMDevice *self, NMConnection *connection, NMPlatformIP4A
 
         nm_ip_address_get_address_binary(user, &a);
         nm_platform_ip4_address_set_addr(&address, a, nm_ip_address_get_prefix(user));
-        nm_clear_pointer(&priv->ipshared_data_4.v4.ip_reservation, nm_netns_ip_reservation_release);
+        nm_clear_pointer(&priv->ipshared_data_4.v4.shared_ip_handle, nm_netns_shared_ip_release);
     } else {
-        if (!priv->ipshared_data_4.v4.ip_reservation)
-            priv->ipshared_data_4.v4.ip_reservation =
-                nm_netns_ip_reservation_get(nm_device_get_netns(self),
-                                            NM_NETNS_IP_RESERVATION_TYPE_SHARED4);
+        if (!priv->ipshared_data_4.v4.shared_ip_handle)
+            priv->ipshared_data_4.v4.shared_ip_handle =
+                nm_netns_shared_ip_reserve(nm_device_get_netns(self));
         nm_platform_ip4_address_set_addr(&address,
-                                         priv->ipshared_data_4.v4.ip_reservation->addr,
+                                         priv->ipshared_data_4.v4.shared_ip_handle->addr,
                                          24);
     }
 
@@ -13781,6 +13648,19 @@ _dev_ipshared4_init(NMDevice *self)
         break;
     }
 
+    if (nm_platform_sysctl_get_int32(nm_device_get_platform(self),
+                                     NMP_SYSCTL_PATHID_ABSOLUTE("/proc/sys/net/ipv4/ip_forward"),
+                                     -1)
+        == 1) {
+        /* nothing to do. */
+    } else if (!nm_platform_sysctl_set(nm_device_get_platform(self),
+                                       NMP_SYSCTL_PATHID_ABSOLUTE("/proc/sys/net/ipv4/ip_forward"),
+                                       "1")) {
+        errsv = errno;
+        _LOGW_ipshared(AF_INET, "error enabling IPv4 forwarding: %s", nm_strerror_native(errsv));
+        return FALSE;
+    }
+
     if (nm_platform_sysctl_get_int32(nm_device_get_platform(self),
                                      NMP_SYSCTL_PATHID_ABSOLUTE("/proc/sys/net/ipv4/ip_dynaddr"),
                                      -1)
@@ -13975,106 +13855,6 @@ _dev_ipshared6_start(NMDevice *self)
 
 /*****************************************************************************/
 
-/**
- * Set the device's forwarding to the specified value. If %NM_TERNARY_DEFAULT is specified,
- * it's set to the kernel's default, otherwise it's set to the specific value.
- */
-static void
-_dev_ipforwarding4_set(NMDevice *self, NMTernary val)
-{
-    gs_free const char *default_forwarding = NULL;
-    gs_free const char *current_forwarding = NULL;
-    const char         *val_str;
-
-    if (val != NM_TERNARY_DEFAULT) {
-        val_str = val ? "1" : "0";
-    } else {
-        default_forwarding = nm_platform_sysctl_get(
-            nm_device_get_platform(self),
-            NMP_SYSCTL_PATHID_ABSOLUTE("/proc/sys/net/ipv4/conf/default/forwarding"));
-
-        if (!default_forwarding) {
-            _LOGW(LOGD_DEVICE,
-                  "error setting IPv4 forwarding: can't read default forwarding value: %s",
-                  nm_strerror_native(errno));
-            return; /* Non fatal */
-        }
-
-        val_str = default_forwarding;
-    }
-
-    current_forwarding = nm_device_sysctl_ip_conf_get(self, AF_INET, "forwarding");
-    if (nm_streq0(current_forwarding, val_str))
-        return;
-
-    if (!nm_device_sysctl_ip_conf_set(self, AF_INET, "forwarding", val_str))
-        _LOGW(LOGD_DEVICE,
-              "error setting IPv4 forwarding to '%s': %s",
-              val_str,
-              nm_strerror_native(errno));
-}
-
-static void
-_dev_ipforwarding4_auto_cb(NMManager *manager, gboolean sharing_ipv4, gpointer data)
-{
-    NMDevice *self = NM_DEVICE(data);
-
-    _dev_ipforwarding4_set(self, sharing_ipv4 ? NM_TERNARY_TRUE : NM_TERNARY_DEFAULT);
-}
-
-static void
-_dev_ipforwarding4_start(NMDevice *self, int addr_family)
-{
-    NMDevicePrivate            *priv            = NM_DEVICE_GET_PRIVATE(self);
-    NMSettingIPConfigForwarding ipv4_forwarding = _prop_get_ipv4_forwarding(self);
-    NMTernary                   new_forwarding  = NM_TERNARY_DEFAULT;
-
-    /* IPv6 per-interface forwarding not supported yet */
-    if (addr_family != AF_INET)
-        return;
-
-    if (nm_streq(priv->ipv4_method, NM_SETTING_IP4_CONFIG_METHOD_SHARED)) {
-        new_forwarding = NM_TERNARY_TRUE;
-    } else if (ipv4_forwarding == NM_SETTING_IP_CONFIG_FORWARDING_YES) {
-        new_forwarding = NM_TERNARY_TRUE;
-    } else if (ipv4_forwarding == NM_SETTING_IP_CONFIG_FORWARDING_NO) {
-        new_forwarding = NM_TERNARY_FALSE;
-    } else if (ipv4_forwarding == NM_SETTING_IP_CONFIG_FORWARDING_AUTO) {
-        if (nm_manager_get_sharing_ipv4(NM_MANAGER_GET))
-            new_forwarding = NM_TERNARY_TRUE;
-        else
-            new_forwarding = NM_TERNARY_DEFAULT;
-
-        if (!priv->sharing_ipv4_changed_id)
-            priv->sharing_ipv4_changed_id = g_signal_connect(NM_MANAGER_GET,
-                                                             NM_MANAGER_SHARING_IPV4_CHANGED,
-                                                             G_CALLBACK(_dev_ipforwarding4_auto_cb),
-                                                             self);
-    } else {
-        nm_assert_not_reached();
-    }
-
-    _dev_ipforwarding4_set(self, new_forwarding);
-}
-
-static void
-_dev_ipforwarding_cleanup(NMDevice *self, int addr_family, CleanupType cleanup_type)
-{
-    NMDevicePrivate *priv = NM_DEVICE_GET_PRIVATE(self);
-
-    if (!NM_IS_IPv4(addr_family))
-        return;
-
-    nm_clear_g_signal_handler(NM_MANAGER_GET, &priv->sharing_ipv4_changed_id);
-
-    if (NM_IN_SET(cleanup_type, CLEANUP_TYPE_DECONFIGURE, CLEANUP_TYPE_KEEP_REAPPLY)) {
-        /* Deconfigure by restoring kernel's default */
-        _dev_ipforwarding4_set(self, NM_TERNARY_DEFAULT);
-    }
-}
-
-/*****************************************************************************/
-
 static void
 act_request_set(NMDevice *self, NMActRequest *act_request)
 {
@@ -14187,8 +13967,6 @@ _cleanup_ip_pre(NMDevice *self, int addr_family, CleanupType cleanup_type, gbool
     NMDevicePrivate *priv         = NM_DEVICE_GET_PRIVATE(self);
     gboolean         keep_reapply = (cleanup_type == CLEANUP_TYPE_KEEP_REAPPLY);
 
-    _dev_ipforwarding_cleanup(self, addr_family, cleanup_type);
-
     _dev_ipsharedx_cleanup(self, addr_family);
 
     _dev_ipdev_cleanup(self, AF_UNSPEC);
@@ -14336,7 +14114,6 @@ can_reapply_change(NMDevice   *self,
                                                  NM_SETTING_CONNECTION_MDNS,
                                                  NM_SETTING_CONNECTION_LLMNR,
                                                  NM_SETTING_CONNECTION_DNS_OVER_TLS,
-                                                 NM_SETTING_CONNECTION_DNSSEC,
                                                  NM_SETTING_CONNECTION_MPTCP_FLAGS,
                                                  NM_SETTING_CONNECTION_WAIT_ACTIVATION_DELAY);
     }
@@ -14361,6 +14138,15 @@ can_reapply_change(NMDevice   *self,
         goto out_fail;
     }
 
+    if (NM_IN_STRSET(setting_name,
+                     NM_SETTING_OVS_EXTERNAL_IDS_SETTING_NAME,
+                     NM_SETTING_OVS_OTHER_CONFIG_SETTING_NAME)
+        && NM_DEVICE_GET_CLASS(self)->can_reapply_change_ovs_external_ids) {
+        /* TODO: this means, you cannot reapply changes to the external-ids for
+         * OVS system interfaces. */
+        return TRUE;
+    }
+
     if (nm_streq(setting_name, NM_SETTING_BRIDGE_PORT_SETTING_NAME)) {
         return nm_device_hash_check_invalid_keys(diffs,
                                                  NM_SETTING_BRIDGE_PORT_SETTING_NAME,
@@ -14372,7 +14158,6 @@ can_reapply_change(NMDevice   *self,
         return nm_device_hash_check_invalid_keys(diffs,
                                                  NM_SETTING_SRIOV_SETTING_NAME,
                                                  error,
-                                                 NM_SETTING_SRIOV_PRESERVE_ON_DOWN,
                                                  NM_SETTING_SRIOV_VFS);
     }
 
@@ -14595,7 +14380,6 @@ check_and_reapply_connection(NMDevice            *self,
                 NM_SETTING_CONNECTION_MDNS,
                 NM_SETTING_CONNECTION_LLMNR,
                 NM_SETTING_CONNECTION_DNS_OVER_TLS,
-                NM_SETTING_CONNECTION_DNSSEC,
                 NM_SETTING_CONNECTION_MPTCP_FLAGS)) {
             priv->ip_data_4.do_reapply = TRUE;
             priv->ip_data_6.do_reapply = TRUE;
@@ -15947,7 +15731,7 @@ nm_device_get_firmware_missing(NMDevice *self)
 
 NM_UTILS_FLAGS2STR_DEFINE(nm_unmanaged_flags2str,
                           NMUnmanagedFlags,
-                          NM_UTILS_FLAGS2STR(NM_UNMANAGED_MANAGER_DISABLED, "nm-disabled"),
+                          NM_UTILS_FLAGS2STR(NM_UNMANAGED_SLEEPING, "sleeping"),
                           NM_UTILS_FLAGS2STR(NM_UNMANAGED_QUITTING, "quitting"),
                           NM_UTILS_FLAGS2STR(NM_UNMANAGED_PLATFORM_INIT, "platform-init"),
                           NM_UTILS_FLAGS2STR(NM_UNMANAGED_USER_EXPLICIT, "user-explicit"),
@@ -16011,8 +15795,8 @@ unmanaged_flags_to_reason(NMUnmanagedFlags flags)
     /* Even if there are multiple flags, we can only return one reason.
      * Return the most important reason.
      */
-    if (NM_FLAGS_HAS(flags, NM_UNMANAGED_MANAGER_DISABLED))
-        return NM_DEVICE_STATE_REASON_UNMANAGED_MANAGER_DISABLED;
+    if (NM_FLAGS_HAS(flags, NM_UNMANAGED_SLEEPING))
+        return NM_DEVICE_STATE_REASON_UNMANAGED_SLEEPING;
     if (NM_FLAGS_HAS(flags, NM_UNMANAGED_QUITTING))
         return NM_DEVICE_STATE_REASON_UNMANAGED_QUITTING;
     if (NM_FLAGS_HAS(flags, NM_UNMANAGED_USER_SETTINGS))
@@ -17340,25 +17124,6 @@ nm_device_cleanup(NMDevice *self, NMDeviceStateReason reason, CleanupType cleanu
         /* controller: release ports */
         nm_device_controller_release_ports_all(self);
 
-        /* port: detach from controller */
-        if (priv->controller) {
-            nm_device_controller_release_port(priv->controller,
-                                              self,
-                                              RELEASE_PORT_TYPE_CONFIG,
-                                              reason);
-        }
-    }
-
-    /* port: mark no longer attached */
-    if (priv->controller && priv->ifindex > 0
-        && nm_platform_link_get_controller(nm_device_get_platform(self), priv->ifindex) <= 0) {
-        nm_device_controller_release_port(priv->controller,
-                                          self,
-                                          RELEASE_PORT_TYPE_NO_CONFIG,
-                                          NM_DEVICE_STATE_REASON_CONNECTION_ASSUMED);
-    }
-
-    if (cleanup_type == CLEANUP_TYPE_DECONFIGURE) {
         /* Take out any entries in the routing table and any IP address the device had. */
         if (ifindex > 0) {
             NMPlatform *platform = nm_device_get_platform(self);
@@ -17382,6 +17147,15 @@ nm_device_cleanup(NMDevice *self, NMDeviceStateReason reason, CleanupType cleanu
     if (ifindex > 0)
         nm_platform_ip4_dev_route_blacklist_set(nm_device_get_platform(self), ifindex, NULL);
 
+    /* port: mark no longer attached */
+    if (priv->controller && priv->ifindex > 0
+        && nm_platform_link_get_controller(nm_device_get_platform(self), priv->ifindex) <= 0) {
+        nm_device_controller_release_port(priv->controller,
+                                          self,
+                                          RELEASE_PORT_TYPE_NO_CONFIG,
+                                          NM_DEVICE_STATE_REASON_CONNECTION_ASSUMED);
+    }
+
     lldp_setup(self, NM_TERNARY_FALSE);
 
     nm_device_update_metered(self);
@@ -17859,8 +17633,7 @@ _set_state_full(NMDevice *self, NMDeviceState state, NMDeviceStateReason reason,
             }
 
             if (priv->ifindex > 0
-                && (s_sriov = nm_device_get_applied_setting(self, NM_TYPE_SETTING_SRIOV))
-                && (!_prop_get_sriov_preserve_on_down(self, s_sriov))) {
+                && (s_sriov = nm_device_get_applied_setting(self, NM_TYPE_SETTING_SRIOV))) {
                 priv->sriov_reset_pending++;
                 sriov_op_queue(self,
                                0,
@@ -17916,8 +17689,7 @@ _set_state_full(NMDevice *self, NMDeviceState state, NMDeviceStateReason reason,
             nm_settings_connection_update_timestamp(sett_conn, (guint64) 0);
 
         if (priv->ifindex > 0
-            && (s_sriov = nm_device_get_applied_setting(self, NM_TYPE_SETTING_SRIOV))
-            && (!_prop_get_sriov_preserve_on_down(self, s_sriov))) {
+            && (s_sriov = nm_device_get_applied_setting(self, NM_TYPE_SETTING_SRIOV))) {
             priv->sriov_reset_pending++;
             sriov_op_queue(self,
                            0,
@@ -19038,7 +18810,7 @@ hostname_dns_lookup_callback(GObject *source, GAsyncResult *result, gpointer use
         gboolean valid;
 
         resolver->hostname = g_steal_pointer(&output);
-        valid              = nm_sd_dns_name_is_valid(resolver->hostname);
+        valid              = nm_utils_validate_hostname(resolver->hostname);
 
         _LOGD(LOGD_DNS,
               "hostname-from-dns: ipv%c resolver %s: lookup successful for %s, result %s%s%s%s",

src/core/devices/nm-device.h

@@ -209,6 +209,8 @@ typedef struct _NMDeviceClass {
 
     bool act_stage1_prepare_set_hwaddr_ethernet : 1;
 
+    bool can_reapply_change_ovs_external_ids : 1;
+
     bool allow_autoconnect_on_external : 1;
 
     NMRfkillType rfkill_type : 4;
@@ -581,8 +583,7 @@ void nm_device_copy_ip6_dns_config(NMDevice *self, NMDevice *from_device);
 /**
  * NMUnmanagedFlags:
  * @NM_UNMANAGED_NONE: placeholder value
- * @NM_UNMANAGED_MANAGER_DISABLED: %TRUE when unmanaged because NM is disabled.
- *   Currently, this happens when sleeping or with networking disabled.
+ * @NM_UNMANAGED_SLEEPING: %TRUE when unmanaged because NM is sleeping.
  * @NM_UNMANAGED_QUITTING: %TRUE when unmanaged because NM is shutting down.
  * @NM_UNMANAGED_PLATFORM_INIT: %TRUE when unmanaged because platform link not
  *   yet initialized. Unrealized device are also unmanaged for this reason.
@@ -611,11 +612,11 @@ typedef enum {
 
     /* these flags are authoritative. If one of them is set,
      * the device cannot be managed. */
-    NM_UNMANAGED_MANAGER_DISABLED = (1LL << 0),
-    NM_UNMANAGED_QUITTING         = (1LL << 1),
-    NM_UNMANAGED_PLATFORM_INIT    = (1LL << 2),
-    NM_UNMANAGED_USER_EXPLICIT    = (1LL << 3),
-    NM_UNMANAGED_USER_SETTINGS    = (1LL << 4),
+    NM_UNMANAGED_SLEEPING      = (1LL << 0),
+    NM_UNMANAGED_QUITTING      = (1LL << 1),
+    NM_UNMANAGED_PLATFORM_INIT = (1LL << 2),
+    NM_UNMANAGED_USER_EXPLICIT = (1LL << 3),
+    NM_UNMANAGED_USER_SETTINGS = (1LL << 4),
 
     /* These flags can be non-effective and be overwritten
      * by other flags. */
@@ -853,7 +854,4 @@ void nm_routing_rules_sync(NMConnection *applied_connection,
                            NMDevice *self,
                            NMNetns  *netns);
 
-NML3ConfigData *nm_device_create_l3_config_data_from_connection(NMDevice     *self,
-                                                                NMConnection *connection);
-
 #endif /* __NETWORKMANAGER_DEVICE_H__ */

src/core/devices/nm-lldp-listener.c

@@ -310,7 +310,7 @@ format_string(const guint8 *data, gsize len, gboolean allow_trim, char **out_to_
     if (len == 0)
         return NULL;
 
-    if (memchr(data, '\0', len))
+    if (memchr(data, len, '\0'))
         return NULL;
 
     return nm_utils_buf_utf8safe_escape(data,

src/core/devices/ovs/nm-device-ovs-bridge.c

@@ -162,11 +162,6 @@ can_reapply_change(NMDevice   *device,
                                                  NM_SETTING_OVS_BRIDGE_STP_ENABLE);
     }
 
-    if (NM_IN_STRSET(setting_name,
-                     NM_SETTING_OVS_EXTERNAL_IDS_SETTING_NAME,
-                     NM_SETTING_OVS_OTHER_CONFIG_SETTING_NAME))
-        return TRUE;
-
     return device_class->can_reapply_change(device, setting_name, s_old, s_new, diffs, error);
 }
 
@@ -199,15 +194,16 @@ nm_device_ovs_bridge_class_init(NMDeviceOvsBridgeClass *klass)
     device_class->connection_type_check_compatible = NM_SETTING_OVS_BRIDGE_SETTING_NAME;
     device_class->link_types                       = NM_DEVICE_DEFINE_LINK_TYPES();
 
-    device_class->is_controller            = TRUE;
-    device_class->get_type_description     = get_type_description;
-    device_class->create_and_realize       = create_and_realize;
-    device_class->unrealize                = unrealize;
-    device_class->get_generic_capabilities = get_generic_capabilities;
-    device_class->act_stage3_ip_config     = act_stage3_ip_config;
-    device_class->ready_for_ip_config      = ready_for_ip_config;
-    device_class->attach_port              = attach_port;
-    device_class->detach_port              = detach_port;
-    device_class->can_reapply_change       = can_reapply_change;
-    device_class->reapply_connection       = nm_device_ovs_reapply_connection;
+    device_class->is_controller                       = TRUE;
+    device_class->get_type_description                = get_type_description;
+    device_class->create_and_realize                  = create_and_realize;
+    device_class->unrealize                           = unrealize;
+    device_class->get_generic_capabilities            = get_generic_capabilities;
+    device_class->act_stage3_ip_config                = act_stage3_ip_config;
+    device_class->ready_for_ip_config                 = ready_for_ip_config;
+    device_class->attach_port                         = attach_port;
+    device_class->detach_port                         = detach_port;
+    device_class->can_reapply_change                  = can_reapply_change;
+    device_class->can_reapply_change_ovs_external_ids = TRUE;
+    device_class->reapply_connection                  = nm_device_ovs_reapply_connection;
 }

src/core/devices/ovs/nm-device-ovs-interface.c

@@ -16,8 +16,6 @@
 #include "nm-setting-ovs-bridge.h"
 #include "nm-setting-ovs-interface.h"
 #include "nm-setting-ovs-port.h"
-#include "nm-setting-ovs-external-ids.h"
-#include "nm-setting-ovs-other-config.h"
 
 #define _NMLOG_DEVICE_TYPE NMDeviceOvsInterface
 #include "devices/nm-device-logging.h"
@@ -633,28 +631,6 @@ can_update_from_platform_link(NMDevice *device, const NMPlatformLink *plink)
     return !plink || nm_device_get_state(device) != NM_DEVICE_STATE_DEACTIVATING;
 }
 
-static gboolean
-can_reapply_change(NMDevice   *device,
-                   const char *setting_name,
-                   NMSetting  *s_old,
-                   NMSetting  *s_new,
-                   GHashTable *diffs,
-                   GError    **error)
-{
-    NMDeviceClass *device_class = NM_DEVICE_CLASS(nm_device_ovs_interface_parent_class);
-
-    if (NM_IN_STRSET(setting_name,
-                     NM_SETTING_OVS_EXTERNAL_IDS_SETTING_NAME,
-                     NM_SETTING_OVS_OTHER_CONFIG_SETTING_NAME)) {
-        /* TODO: it's currently not possible to reapply those settings on OVS
-         * system interfaces because they have type != "ovs-interface" (e.g.
-         * "ethernet") */
-        return TRUE;
-    }
-
-    return device_class->can_reapply_change(device, setting_name, s_old, s_new, diffs, error);
-}
-
 /*****************************************************************************/
 
 static void
@@ -720,21 +696,21 @@ nm_device_ovs_interface_class_init(NMDeviceOvsInterfaceClass *klass)
     device_class->connection_type_check_compatible = NM_SETTING_OVS_INTERFACE_SETTING_NAME;
     device_class->link_types = NM_DEVICE_DEFINE_LINK_TYPES(NM_LINK_TYPE_OPENVSWITCH);
 
-    device_class->can_auto_connect              = can_auto_connect;
-    device_class->can_update_from_platform_link = can_update_from_platform_link;
-    device_class->deactivate                    = deactivate;
-    device_class->deactivate_async              = deactivate_async;
-    device_class->get_type_description          = get_type_description;
-    device_class->create_and_realize            = create_and_realize;
-    device_class->get_generic_capabilities      = get_generic_capabilities;
-    device_class->is_available                  = is_available;
-    device_class->check_connection_compatible   = check_connection_compatible;
-    device_class->link_changed                  = link_changed;
-    device_class->act_stage3_ip_config          = act_stage3_ip_config;
-    device_class->ready_for_ip_config           = ready_for_ip_config;
-    device_class->can_unmanaged_external_down   = can_unmanaged_external_down;
-    device_class->set_platform_mtu              = set_platform_mtu;
-    device_class->get_configured_mtu            = nm_device_get_configured_mtu_for_wired;
-    device_class->can_reapply_change            = can_reapply_change;
-    device_class->reapply_connection            = nm_device_ovs_reapply_connection;
+    device_class->can_auto_connect                    = can_auto_connect;
+    device_class->can_update_from_platform_link       = can_update_from_platform_link;
+    device_class->deactivate                          = deactivate;
+    device_class->deactivate_async                    = deactivate_async;
+    device_class->get_type_description                = get_type_description;
+    device_class->create_and_realize                  = create_and_realize;
+    device_class->get_generic_capabilities            = get_generic_capabilities;
+    device_class->is_available                        = is_available;
+    device_class->check_connection_compatible         = check_connection_compatible;
+    device_class->link_changed                        = link_changed;
+    device_class->act_stage3_ip_config                = act_stage3_ip_config;
+    device_class->ready_for_ip_config                 = ready_for_ip_config;
+    device_class->can_unmanaged_external_down         = can_unmanaged_external_down;
+    device_class->set_platform_mtu                    = set_platform_mtu;
+    device_class->get_configured_mtu                  = nm_device_get_configured_mtu_for_wired;
+    device_class->can_reapply_change_ovs_external_ids = TRUE;
+    device_class->reapply_connection                  = nm_device_ovs_reapply_connection;
 }

src/core/devices/ovs/nm-device-ovs-port.c

@@ -16,8 +16,6 @@
 #include "nm-setting-connection.h"
 #include "nm-setting-ovs-port.h"
 #include "nm-setting-ovs-interface.h"
-#include "nm-setting-ovs-external-ids.h"
-#include "nm-setting-ovs-other-config.h"
 #include "nm-setting-wired.h"
 
 #define _NMLOG_DEVICE_TYPE NMDeviceOvsPort
@@ -281,11 +279,6 @@ can_reapply_change(NMDevice   *device,
                                                  NM_SETTING_OVS_PORT_TRUNKS);
     }
 
-    if (NM_IN_STRSET(setting_name,
-                     NM_SETTING_OVS_EXTERNAL_IDS_SETTING_NAME,
-                     NM_SETTING_OVS_OTHER_CONFIG_SETTING_NAME))
-        return TRUE;
-
     return device_class->can_reapply_change(device, setting_name, s_old, s_new, diffs, error);
 }
 
@@ -318,14 +311,15 @@ nm_device_ovs_port_class_init(NMDeviceOvsPortClass *klass)
     device_class->connection_type_check_compatible = NM_SETTING_OVS_PORT_SETTING_NAME;
     device_class->link_types                       = NM_DEVICE_DEFINE_LINK_TYPES();
 
-    device_class->is_controller            = TRUE;
-    device_class->get_type_description     = get_type_description;
-    device_class->create_and_realize       = create_and_realize;
-    device_class->get_generic_capabilities = get_generic_capabilities;
-    device_class->act_stage3_ip_config     = act_stage3_ip_config;
-    device_class->ready_for_ip_config      = ready_for_ip_config;
-    device_class->attach_port              = attach_port;
-    device_class->detach_port              = detach_port;
-    device_class->can_reapply_change       = can_reapply_change;
-    device_class->reapply_connection       = nm_device_ovs_reapply_connection;
+    device_class->is_controller                       = TRUE;
+    device_class->get_type_description                = get_type_description;
+    device_class->create_and_realize                  = create_and_realize;
+    device_class->get_generic_capabilities            = get_generic_capabilities;
+    device_class->act_stage3_ip_config                = act_stage3_ip_config;
+    device_class->ready_for_ip_config                 = ready_for_ip_config;
+    device_class->attach_port                         = attach_port;
+    device_class->detach_port                         = detach_port;
+    device_class->can_reapply_change                  = can_reapply_change;
+    device_class->can_reapply_change_ovs_external_ids = TRUE;
+    device_class->reapply_connection                  = nm_device_ovs_reapply_connection;
 }

src/core/devices/ovs/nm-ovs-factory.c

@@ -75,6 +75,9 @@ new_device_from_type(const char *name, NMDeviceType device_type)
     const char *type_desc;
     NMLinkType  link_type = NM_LINK_TYPE_NONE;
 
+    if (nm_manager_get_device(NM_MANAGER_GET, name, device_type))
+        return NULL;
+
     if (device_type == NM_DEVICE_TYPE_OVS_INTERFACE) {
         type      = NM_TYPE_DEVICE_OVS_INTERFACE;
         type_desc = "Open vSwitch Interface";
@@ -86,7 +89,6 @@ new_device_from_type(const char *name, NMDeviceType device_type)
         type      = NM_TYPE_DEVICE_OVS_BRIDGE;
         type_desc = "Open vSwitch Bridge";
     } else {
-        _LOGT(name, NULL, "Unrecognized link type: %d", device_type);
         return NULL;
     }
 
@@ -123,11 +125,6 @@ ovsdb_device_added(NMOvsdb         *ovsdb,
         return;
     }
 
-    if (nm_manager_get_device(NM_MANAGER_GET, name, device_type)) {
-        _LOGT(name, NULL, "Device already registered with manager, skipping.");
-        return;
-    }
-
     device = new_device_from_type(name, device_type);
     if (!device)
         return;
@@ -291,31 +288,23 @@ create_device(NMDeviceFactory      *self,
 {
     NMDeviceType device_type     = NM_DEVICE_TYPE_UNKNOWN;
     const char  *connection_type = NULL;
-    const char  *connection_uuid = NULL;
 
     if (g_strcmp0(iface, "ovs-system") == 0) {
         *out_ignore = TRUE;
         return NULL;
     }
 
-    if (connection) {
+    if (connection)
         connection_type = nm_connection_get_connection_type(connection);
-        connection_uuid = nm_connection_get_uuid(connection);
-    }
 
-    if (plink) {
-        _LOGD(iface, connection_uuid, "creating OVS interface (from a platform link)");
+    if (plink)
         device_type = NM_DEVICE_TYPE_OVS_INTERFACE;
-    } else if (nm_streq0(connection_type, NM_SETTING_OVS_INTERFACE_SETTING_NAME)) {
-        _LOGD(iface, connection_uuid, "creating OVS interface (from setting)");
+    else if (g_strcmp0(connection_type, NM_SETTING_OVS_INTERFACE_SETTING_NAME) == 0)
         device_type = NM_DEVICE_TYPE_OVS_INTERFACE;
-    } else if (nm_streq0(connection_type, NM_SETTING_OVS_PORT_SETTING_NAME)) {
-        _LOGD(iface, connection_uuid, "creating OVS port (from setting)");
+    else if (g_strcmp0(connection_type, NM_SETTING_OVS_PORT_SETTING_NAME) == 0)
         device_type = NM_DEVICE_TYPE_OVS_PORT;
-    } else if (nm_streq0(connection_type, NM_SETTING_OVS_BRIDGE_SETTING_NAME)) {
-        _LOGD(iface, connection_uuid, "creating OVS bridge (from setting)");
+    else if (g_strcmp0(connection_type, NM_SETTING_OVS_BRIDGE_SETTING_NAME) == 0)
         device_type = NM_DEVICE_TYPE_OVS_BRIDGE;
-    }
 
     return new_device_from_type(iface, device_type);
 }

src/core/devices/ovs/nm-ovsdb.c

@@ -900,17 +900,15 @@ _insert_interface(json_t       *params,
         s_ovs_patch = nm_connection_get_setting_ovs_patch(interface);
 
     if (s_ovs_dpdk) {
-        const char                  *devargs;
-        guint32                      n_rxq;
-        guint32                      n_rxq_desc;
-        guint32                      n_txq_desc;
-        NMSettingOvsDpdkLscInterrupt lsc_int;
+        const char *devargs;
+        guint32     n_rxq;
+        guint32     n_rxq_desc;
+        guint32     n_txq_desc;
 
         devargs    = nm_setting_ovs_dpdk_get_devargs(s_ovs_dpdk);
         n_rxq      = nm_setting_ovs_dpdk_get_n_rxq(s_ovs_dpdk);
         n_rxq_desc = nm_setting_ovs_dpdk_get_n_rxq_desc(s_ovs_dpdk);
         n_txq_desc = nm_setting_ovs_dpdk_get_n_txq_desc(s_ovs_dpdk);
-        lsc_int    = nm_setting_ovs_dpdk_get_lsc_interrupt(s_ovs_dpdk);
 
         dpdk_array = json_array();
 
@@ -932,17 +930,6 @@ _insert_interface(json_t       *params,
                 json_pack("[s,s]", "n_txq_desc", nm_sprintf_buf(sbuf, "%u", n_txq_desc)));
         }
 
-        switch (lsc_int) {
-        case NM_SETTING_OVS_DPDK_LSC_INTERRUPT_IGNORE:
-            break;
-        case NM_SETTING_OVS_DPDK_LSC_INTERRUPT_ENABLED:
-            json_array_append_new(dpdk_array, json_pack("[s,s]", "dpdk-lsc-interrupt", "true"));
-            break;
-        case NM_SETTING_OVS_DPDK_LSC_INTERRUPT_DISABLED:
-            json_array_append_new(dpdk_array, json_pack("[s,s]", "dpdk-lsc-interrupt", "false"));
-            break;
-        }
-
         json_array_append_new(options, dpdk_array);
 
     } else if (s_ovs_patch) {
@@ -1890,7 +1877,7 @@ ovsdb_got_update(NMOvsdb *self, json_t *msg)
         == -1) {
         /* This doesn't really have to be an error; the key might
          * be missing if there really are no bridges present. */
-        _LOGD("monitor: bad update: %s", json_error.text);
+        _LOGD("Bad update: %s", json_error.text);
     }
 
     if (ovs) {
@@ -1936,12 +1923,12 @@ ovsdb_got_update(NMOvsdb *self, json_t *msg)
                                              &unused))
                 continue;
 
-            _LOGT("monitor: %s: interface removed: type=%s, obj[iface:%s]%s%s",
-                  ovs_interface->name,
-                  ovs_interface->type,
+            _LOGT("obj[iface:%s]: removed an '%s' interface: %s%s%s",
                   key,
+                  ovs_interface->type,
+                  ovs_interface->name,
                   NM_PRINT_FMT_QUOTED2(ovs_interface->connection_uuid,
-                                       ", connection=",
+                                       ", ",
                                        ovs_interface->connection_uuid,
                                        ""));
             _signal_emit_device_removed(self,
@@ -1989,18 +1976,17 @@ ovsdb_got_update(NMOvsdb *self, json_t *msg)
                 gs_free char *strtmp1 = NULL;
                 gs_free char *strtmp2 = NULL;
 
-                _LOGT(
-                    "monitor: %s: interface changed: type=%s, obj[iface:%s]%s%s, external-ids=%s, "
-                    "other-config=%s",
-                    ovs_interface->name,
-                    type,
-                    key,
-                    NM_PRINT_FMT_QUOTED2(ovs_interface->connection_uuid,
-                                         ", connection=",
-                                         ovs_interface->connection_uuid,
-                                         ""),
-                    (strtmp1 = _strdict_to_string(ovs_interface->external_ids)),
-                    (strtmp2 = _strdict_to_string(ovs_interface->other_config)));
+                _LOGT("obj[iface:%s]: changed an '%s' interface: %s%s%s, external-ids=%s, "
+                      "other-config=%s",
+                      key,
+                      type,
+                      ovs_interface->name,
+                      NM_PRINT_FMT_QUOTED2(ovs_interface->connection_uuid,
+                                           ", ",
+                                           ovs_interface->connection_uuid,
+                                           ""),
+                      (strtmp1 = _strdict_to_string(ovs_interface->external_ids)),
+                      (strtmp2 = _strdict_to_string(ovs_interface->other_config)));
             }
         } else {
             gs_free char *strtmp1 = NULL;
@@ -2016,17 +2002,17 @@ ovsdb_got_update(NMOvsdb *self, json_t *msg)
                 .other_config    = g_steal_pointer(&other_config_arr),
             };
             g_hash_table_add(priv->interfaces, ovs_interface);
-            _LOGT("monitor: %s: interface added: type=%s, obj[iface:%s]%s%s, external-ids=%s, "
-                  "other-config=%s",
-                  ovs_interface->name,
-                  ovs_interface->type,
-                  key,
-                  NM_PRINT_FMT_QUOTED2(ovs_interface->connection_uuid,
-                                       ", connection=",
-                                       ovs_interface->connection_uuid,
-                                       ""),
-                  (strtmp1 = _strdict_to_string(ovs_interface->external_ids)),
-                  (strtmp2 = _strdict_to_string(ovs_interface->other_config)));
+            _LOGT(
+                "obj[iface:%s]: added an '%s' interface: %s%s%s, external-ids=%s, other-config=%s",
+                key,
+                ovs_interface->type,
+                ovs_interface->name,
+                NM_PRINT_FMT_QUOTED2(ovs_interface->connection_uuid,
+                                     ", ",
+                                     ovs_interface->connection_uuid,
+                                     ""),
+                (strtmp1 = _strdict_to_string(ovs_interface->external_ids)),
+                (strtmp2 = _strdict_to_string(ovs_interface->other_config)));
             _signal_emit_device_added(self,
                                       ovs_interface->name,
                                       NM_DEVICE_TYPE_OVS_INTERFACE,
@@ -2072,11 +2058,11 @@ ovsdb_got_update(NMOvsdb *self, json_t *msg)
             if (!g_hash_table_steal_extended(priv->ports, &key, (gpointer *) &ovs_port, &unused))
                 continue;
 
-            _LOGT("monitor: %s: port removed: obj[port:%s]%s%s",
-                  ovs_port->name,
+            _LOGT("obj[port:%s]: removed a port: %s%s%s",
                   key,
+                  ovs_port->name,
                   NM_PRINT_FMT_QUOTED2(ovs_port->connection_uuid,
-                                       ", connection=",
+                                       ", ",
                                        ovs_port->connection_uuid,
                                        ""));
             _signal_emit_device_removed(self, ovs_port->name, NM_DEVICE_TYPE_OVS_PORT, NULL);
@@ -2123,16 +2109,15 @@ ovsdb_got_update(NMOvsdb *self, json_t *msg)
                 gs_free char *strtmp1 = NULL;
                 gs_free char *strtmp2 = NULL;
 
-                _LOGT(
-                    "monitor: %s: port changed: obj[port:%s]%s%s, external-ids=%s, other-config=%s",
-                    ovs_port->name,
-                    key,
-                    NM_PRINT_FMT_QUOTED2(ovs_port->connection_uuid,
-                                         ", connection=",
-                                         ovs_port->connection_uuid,
-                                         ""),
-                    (strtmp1 = _strdict_to_string(ovs_port->external_ids)),
-                    (strtmp2 = _strdict_to_string(ovs_port->other_config)));
+                _LOGT("obj[port:%s]: changed a port: %s%s%s, external-ids=%s, other-config=%s",
+                      key,
+                      ovs_port->name,
+                      NM_PRINT_FMT_QUOTED2(ovs_port->connection_uuid,
+                                           ", ",
+                                           ovs_port->connection_uuid,
+                                           ""),
+                      (strtmp1 = _strdict_to_string(ovs_port->external_ids)),
+                      (strtmp2 = _strdict_to_string(ovs_port->other_config)));
             }
         } else {
             gs_free char *strtmp1 = NULL;
@@ -2148,11 +2133,11 @@ ovsdb_got_update(NMOvsdb *self, json_t *msg)
                 .other_config    = g_steal_pointer(&other_config_arr),
             };
             g_hash_table_add(priv->ports, ovs_port);
-            _LOGT("monitor: %s: port added: obj[port:%s]%s%s, external-ids=%s, other-config=%s",
-                  ovs_port->name,
+            _LOGT("obj[port:%s]: added a port: %s%s%s, external-ids=%s, other-config=%s",
                   key,
+                  ovs_port->name,
                   NM_PRINT_FMT_QUOTED2(ovs_port->connection_uuid,
-                                       ", connection=",
+                                       ", ",
                                        ovs_port->connection_uuid,
                                        ""),
                   (strtmp1 = _strdict_to_string(ovs_port->external_ids)),
@@ -2194,11 +2179,11 @@ ovsdb_got_update(NMOvsdb *self, json_t *msg)
                                              &unused))
                 continue;
 
-            _LOGT("monitor: %s: bridge removed: obj[bridge:%s]%s%s",
-                  ovs_bridge->name,
+            _LOGT("obj[bridge:%s]: removed a bridge: %s%s%s",
                   key,
+                  ovs_bridge->name,
                   NM_PRINT_FMT_QUOTED2(ovs_bridge->connection_uuid,
-                                       ", connection=",
+                                       ", ",
                                        ovs_bridge->connection_uuid,
                                        ""));
             _signal_emit_device_removed(self, ovs_bridge->name, NM_DEVICE_TYPE_OVS_BRIDGE, NULL);
@@ -2245,16 +2230,15 @@ ovsdb_got_update(NMOvsdb *self, json_t *msg)
                 gs_free char *strtmp1 = NULL;
                 gs_free char *strtmp2 = NULL;
 
-                _LOGT("monitor: %s: bridge changed: obj[bridge:%s]%s%s, external-ids=%s, "
-                      "other-config=%s",
-                      ovs_bridge->name,
+                _LOGT("obj[bridge:%s]: changed a bridge: %s%s%s, external-ids=%s, other-config=%s",
                       key,
+                      ovs_bridge->name,
                       NM_PRINT_FMT_QUOTED2(ovs_bridge->connection_uuid,
-                                           ", connection=",
+                                           ", ",
                                            ovs_bridge->connection_uuid,
                                            ""),
                       (strtmp1 = _strdict_to_string(ovs_bridge->external_ids)),
-                      (strtmp2 = _strdict_to_string(ovs_bridge->other_config)));
+                      (strtmp2 = _strdict_to_string(ovs_bridge->external_ids)));
             }
         } else {
             gs_free char *strtmp1 = NULL;
@@ -2270,11 +2254,11 @@ ovsdb_got_update(NMOvsdb *self, json_t *msg)
                 .other_config    = g_steal_pointer(&other_config_arr),
             };
             g_hash_table_add(priv->bridges, ovs_bridge);
-            _LOGT("monitor: %s: bridge added: obj[bridge:%s]%s%s, external-ids=%s, other-config=%s",
-                  ovs_bridge->name,
+            _LOGT("obj[bridge:%s]: added a bridge: %s%s%s, external-ids=%s, other-config=%s",
                   key,
+                  ovs_bridge->name,
                   NM_PRINT_FMT_QUOTED2(ovs_bridge->connection_uuid,
-                                       ", connection=",
+                                       ", ",
                                        ovs_bridge->connection_uuid,
                                        ""),
                   (strtmp1 = _strdict_to_string(ovs_bridge->external_ids)),

src/core/devices/wifi/nm-device-wifi.c

@@ -191,19 +191,12 @@ static void supplicant_iface_notify_p2p_available(NMSupplicantInterface *iface,
                                                   GParamSpec            *pspec,
                                                   NMDeviceWifi          *self);
 
-static void supplicant_iface_notify_wpa_psk_mismatch_cb(NMSupplicantInterface *iface,
-                                                        NMDeviceWifi          *self);
-
-static void supplicant_iface_notify_wpa_sae_mismatch_cb(NMSupplicantInterface *iface,
-                                                        NMDeviceWifi          *self);
-
 static void periodic_update(NMDeviceWifi *self);
 
 static void ap_add_remove(NMDeviceWifi *self,
                           gboolean      is_adding,
                           NMWifiAP     *ap,
-                          gboolean      recheck_available_connections,
-                          gboolean      recheck_auto_activate);
+                          gboolean      recheck_available_connections);
 
 static void _hw_addr_set_scanning(NMDeviceWifi *self, gboolean do_reset);
 
@@ -630,14 +623,6 @@ supplicant_interface_acquire_cb(NMSupplicantManager         *supplicant_manager,
                      "notify::" NM_SUPPLICANT_INTERFACE_P2P_AVAILABLE,
                      G_CALLBACK(supplicant_iface_notify_p2p_available),
                      self);
-    g_signal_connect(priv->sup_iface,
-                     NM_SUPPLICANT_INTERFACE_PSK_MISMATCH,
-                     G_CALLBACK(supplicant_iface_notify_wpa_psk_mismatch_cb),
-                     self);
-    g_signal_connect(priv->sup_iface,
-                     NM_SUPPLICANT_INTERFACE_SAE_MISMATCH,
-                     G_CALLBACK(supplicant_iface_notify_wpa_sae_mismatch_cb),
-                     self);
 
     _scan_notify_is_scanning(self);
 
@@ -729,10 +714,7 @@ update_seen_bssids_cache(NMDeviceWifi *self, NMWifiAP *ap)
 }
 
 static void
-set_current_ap(NMDeviceWifi *self,
-               NMWifiAP     *new_ap,
-               gboolean      recheck_available_connections,
-               gboolean      recheck_auto_activate)
+set_current_ap(NMDeviceWifi *self, NMWifiAP *new_ap, gboolean recheck_available_connections)
 {
     NMDeviceWifiPrivate *priv;
     NMWifiAP            *old_ap;
@@ -759,11 +741,7 @@ set_current_ap(NMDeviceWifi *self,
         /* Remove any AP from the internal list if it was created by NM or isn't known to the supplicant */
         if (NM_IN_SET(mode, _NM_802_11_MODE_ADHOC, _NM_802_11_MODE_AP)
             || nm_wifi_ap_get_fake(old_ap))
-            ap_add_remove(self,
-                          FALSE,
-                          old_ap,
-                          recheck_available_connections,
-                          recheck_auto_activate);
+            ap_add_remove(self, FALSE, old_ap, recheck_available_connections);
         g_object_unref(old_ap);
     }
 
@@ -836,8 +814,7 @@ static void
 ap_add_remove(NMDeviceWifi *self,
               gboolean      is_adding, /* or else removing */
               NMWifiAP     *ap,
-              gboolean      recheck_available_connections,
-              gboolean      recheck_auto_activate)
+              gboolean      recheck_available_connections)
 {
     NMDeviceWifiPrivate *priv = NM_DEVICE_WIFI_GET_PRIVATE(self);
 
@@ -868,14 +845,13 @@ ap_add_remove(NMDeviceWifi *self,
         nm_dbus_object_clear_and_unexport(&ap);
     }
 
-    if (recheck_auto_activate)
-        nm_device_recheck_auto_activate_schedule(NM_DEVICE(self));
+    nm_device_recheck_auto_activate_schedule(NM_DEVICE(self));
     if (recheck_available_connections)
         nm_device_recheck_available_connections(NM_DEVICE(self));
 }
 
 static void
-remove_all_aps(NMDeviceWifi *self, gboolean disposing)
+remove_all_aps(NMDeviceWifi *self)
 {
     NMDeviceWifiPrivate *priv = NM_DEVICE_WIFI_GET_PRIVATE(self);
     NMWifiAP            *ap;
@@ -883,13 +859,12 @@ remove_all_aps(NMDeviceWifi *self, gboolean disposing)
     if (c_list_is_empty(&priv->aps_lst_head))
         return;
 
-    set_current_ap(self, NULL, FALSE, !disposing);
+    set_current_ap(self, NULL, FALSE);
 
     while ((ap = c_list_first_entry(&priv->aps_lst_head, NMWifiAP, aps_lst)))
-        ap_add_remove(self, FALSE, ap, FALSE, !disposing);
+        ap_add_remove(self, FALSE, ap, FALSE);
 
-    if (!disposing)
-        nm_device_recheck_available_connections(NM_DEVICE(self));
+    nm_device_recheck_available_connections(NM_DEVICE(self));
 }
 
 static gboolean
@@ -976,7 +951,7 @@ deactivate(NMDevice *device)
 
     priv->rate = 0;
 
-    set_current_ap(self, NULL, TRUE, TRUE);
+    set_current_ap(self, NULL, TRUE);
 
     if (!wake_on_wlan_restore(self))
         _LOGW(LOGD_DEVICE | LOGD_WIFI, "Cannot unconfigure WoWLAN.");
@@ -2025,7 +2000,7 @@ supplicant_iface_bss_changed_cb(NMSupplicantInterface *iface,
             if (nm_wifi_ap_set_fake(found_ap, TRUE))
                 _ap_dump(self, LOGL_DEBUG, found_ap, "updated", 0);
         } else {
-            ap_add_remove(self, FALSE, found_ap, TRUE, TRUE);
+            ap_add_remove(self, FALSE, found_ap, TRUE);
             schedule_ap_list_dump(self);
         }
         return;
@@ -2068,7 +2043,7 @@ supplicant_iface_bss_changed_cb(NMSupplicantInterface *iface,
             }
         }
 
-        ap_add_remove(self, TRUE, ap, TRUE, TRUE);
+        ap_add_remove(self, TRUE, ap, TRUE);
     }
 
     /* Update the current AP if the supplicant notified a current BSS change
@@ -2293,7 +2268,7 @@ link_timeout_cb(gpointer user_data)
     if (nm_device_get_state(device) != NM_DEVICE_STATE_ACTIVATED)
         return FALSE;
 
-    set_current_ap(self, NULL, TRUE, TRUE);
+    set_current_ap(self, NULL, TRUE);
 
     nm_device_state_changed(device,
                             NM_DEVICE_STATE_FAILED,
@@ -2412,9 +2387,6 @@ handle_8021x_or_psk_auth_fail(NMDeviceWifi              *self,
 
     g_return_val_if_fail(new_state == NM_SUPPLICANT_INTERFACE_STATE_DISCONNECTED, FALSE);
 
-    if (nm_device_get_state(device) != NM_DEVICE_STATE_CONFIG)
-        return FALSE;
-
     req = nm_device_get_act_request(NM_DEVICE(self));
     g_return_val_if_fail(req != NULL, FALSE);
 
@@ -2712,7 +2684,7 @@ supplicant_iface_notify_current_bss(NMSupplicantInterface *iface,
             }
         }
 
-        set_current_ap(self, new_ap, TRUE, TRUE);
+        set_current_ap(self, new_ap, TRUE);
 
         req = nm_device_get_act_request(NM_DEVICE(self));
         if (req) {
@@ -2858,62 +2830,6 @@ handle_auth_or_fail(NMDeviceWifi *self, NMActRequest *req, gboolean new_secrets)
     return TRUE;
 }
 
-static void
-supplicant_iface_notify_wpa_psk_mismatch_cb(NMSupplicantInterface *iface, NMDeviceWifi *self)
-{
-    NMDevice     *device = NM_DEVICE(self);
-    NMActRequest *req;
-    const char   *setting_name = NM_SETTING_WIRELESS_SECURITY_SETTING_NAME;
-
-    if (nm_device_get_state(device) != NM_DEVICE_STATE_CONFIG)
-        return;
-
-    _LOGI(LOGD_DEVICE | LOGD_WIFI,
-          "Activation: (wifi) psk mismatch reported by supplicant, asking for new key");
-
-    req = nm_device_get_act_request(NM_DEVICE(self));
-    g_return_if_fail(req != NULL);
-
-    nm_act_request_clear_secrets(req);
-
-    cleanup_association_attempt(self, TRUE);
-    nm_device_state_changed(device,
-                            NM_DEVICE_STATE_NEED_AUTH,
-                            NM_DEVICE_STATE_REASON_SUPPLICANT_DISCONNECT);
-    wifi_secrets_get_secrets(self,
-                             setting_name,
-                             NM_SECRET_AGENT_GET_SECRETS_FLAG_ALLOW_INTERACTION
-                                 | NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW);
-}
-
-static void
-supplicant_iface_notify_wpa_sae_mismatch_cb(NMSupplicantInterface *iface, NMDeviceWifi *self)
-{
-    NMDevice     *device = NM_DEVICE(self);
-    NMActRequest *req;
-    const char   *setting_name = NM_SETTING_WIRELESS_SECURITY_SETTING_NAME;
-
-    if (nm_device_get_state(device) != NM_DEVICE_STATE_CONFIG)
-        return;
-
-    _LOGI(LOGD_DEVICE | LOGD_WIFI,
-          "Activation: (wifi) SAE password mismatch reported by supplicant, asking for new key");
-
-    req = nm_device_get_act_request(NM_DEVICE(self));
-    g_return_if_fail(req != NULL);
-
-    nm_act_request_clear_secrets(req);
-
-    cleanup_association_attempt(self, TRUE);
-    nm_device_state_changed(device,
-                            NM_DEVICE_STATE_NEED_AUTH,
-                            NM_DEVICE_STATE_REASON_SUPPLICANT_DISCONNECT);
-    wifi_secrets_get_secrets(self,
-                             setting_name,
-                             NM_SECRET_AGENT_GET_SECRETS_FLAG_ALLOW_INTERACTION
-                                 | NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW);
-}
-
 /*
  * supplicant_connection_timeout_cb
  *
@@ -3204,7 +3120,7 @@ act_stage1_prepare(NMDevice *device, NMDeviceStateReason *out_failure_reason)
         priv->mode = _NM_802_11_MODE_AP;
 
         /* Scanning not done in AP mode; clear the scan list */
-        remove_all_aps(self, FALSE);
+        remove_all_aps(self);
     } else if (g_strcmp0(mode, NM_SETTING_WIRELESS_MODE_MESH) == 0)
         priv->mode = _NM_802_11_MODE_MESH;
     _notify(self, PROP_MODE);
@@ -3241,14 +3157,14 @@ act_stage1_prepare(NMDevice *device, NMDeviceStateReason *out_failure_reason)
             nm_wifi_ap_set_address(ap_fake, nm_device_get_hw_address(device));
 
         g_object_freeze_notify(G_OBJECT(self));
-        ap_add_remove(self, TRUE, ap_fake, TRUE, TRUE);
+        ap_add_remove(self, TRUE, ap_fake, TRUE);
         g_object_thaw_notify(G_OBJECT(self));
         ap = ap_fake;
     }
 
     _scan_notify_allowed(self, NM_TERNARY_DEFAULT);
 
-    set_current_ap(self, ap, FALSE, TRUE);
+    set_current_ap(self, ap, FALSE);
     nm_active_connection_set_specific_object(NM_ACTIVE_CONNECTION(req),
                                              nm_dbus_object_get_path(NM_DBUS_OBJECT(ap)));
     return NM_ACT_STAGE_RETURN_SUCCESS;
@@ -3614,7 +3530,7 @@ device_state_changed(NMDevice           *device,
 
         cleanup_association_attempt(self, TRUE);
         cleanup_supplicant_failures(self);
-        remove_all_aps(self, FALSE);
+        remove_all_aps(self);
     }
 
     switch (new_state) {
@@ -3652,7 +3568,7 @@ device_state_changed(NMDevice           *device,
     }
 
     if (clear_aps)
-        remove_all_aps(self, FALSE);
+        remove_all_aps(self);
 
     _scan_notify_allowed(self, NM_TERNARY_DEFAULT);
 }
@@ -3894,7 +3810,7 @@ dispose(GObject *object)
 
     g_clear_object(&priv->sup_mgr);
 
-    remove_all_aps(self, TRUE);
+    remove_all_aps(self);
 
     if (priv->p2p_device) {
         /* Destroy the P2P device. */

src/core/devices/wifi/nm-iwd-manager.c

@@ -684,7 +684,7 @@ iwd_config_write(GKeyFile              *config,
      * in the last few filename characters -- it cannot end in .open, .psk
      * or .8021x.
      */
-    return nm_utils_file_set_contents(filepath, data, length, 0600, times, NULL, NULL, error);
+    return nm_utils_file_set_contents(filepath, data, length, 0600, times, NULL, error);
 }
 
 static const char *

src/core/devices/wwan/nm-modem-broadband.c

@@ -508,9 +508,8 @@ find_gsm_apn_cb(const char   *apn,
 static gboolean
 try_create_connect_properties(NMModemBroadband *self)
 {
-    NMModemBroadbandPrivate *priv        = NM_MODEM_BROADBAND_GET_PRIVATE(self);
-    ConnectContext          *ctx         = priv->ctx;
-    NMDeviceStateReason      fail_reason = NM_DEVICE_STATE_REASON_MODEM_INIT_FAILED;
+    NMModemBroadbandPrivate *priv = NM_MODEM_BROADBAND_GET_PRIVATE(self);
+    ConnectContext          *ctx  = priv->ctx;
 
     if (MODEM_CAPS_3GPP(ctx->caps)) {
         NMSettingGsm *s_gsm = nm_connection_get_setting_gsm(ctx->connection);
@@ -523,7 +522,7 @@ try_create_connect_properties(NMModemBroadband *self)
             if (s_gsm)
                 network_id = nm_setting_gsm_get_network_id(s_gsm);
             if (!network_id) {
-                if (mm_modem_get_state(self->_priv.modem_iface) != MM_MODEM_STATE_REGISTERED)
+                if (mm_modem_get_state(self->_priv.modem_iface) < MM_MODEM_STATE_REGISTERED)
                     return FALSE;
                 modem_3gpp = mm_object_get_modem_3gpp(priv->modem_object);
                 network_id = mm_modem_3gpp_get_operator_code(modem_3gpp);
@@ -531,7 +530,6 @@ try_create_connect_properties(NMModemBroadband *self)
             if (!network_id) {
                 _LOGW("failed to connect '%s': unable to determine the network id",
                       nm_connection_get_id(ctx->connection));
-                fail_reason = NM_DEVICE_STATE_REASON_MODEM_NO_OPERATOR_CODE;
                 goto out;
             }
 
@@ -560,7 +558,7 @@ try_create_connect_properties(NMModemBroadband *self)
     }
 
 out:
-    nm_modem_emit_prepare_result(NM_MODEM(self), FALSE, fail_reason);
+    nm_modem_emit_prepare_result(NM_MODEM(self), FALSE, NM_DEVICE_STATE_REASON_MODEM_INIT_FAILED);
     connect_context_clear(self);
     return TRUE;
 }
@@ -1651,8 +1649,6 @@ nm_modem_broadband_new(GObject *object, GError **error)
                         driver,
                         NM_MODEM_OPERATOR_CODE,
                         operator_code,
-                        NM_MODEM_DEVICE_UID,
-                        mm_modem_get_device(modem_iface),
                         NULL);
 }
 

src/core/devices/wwan/nm-modem.c

@@ -39,8 +39,7 @@ NM_GOBJECT_PROPERTIES_DEFINE(NMModem,
                              PROP_IP_TYPES,
                              PROP_SIM_OPERATOR_ID,
                              PROP_OPERATOR_CODE,
-                             PROP_APN,
-                             PROP_DEVICE_UID, );
+                             PROP_APN, );
 
 enum {
     PPP_STATS,
@@ -79,7 +78,6 @@ typedef struct _NMModemPrivate {
     char           *sim_operator_id;
     char           *operator_code;
     char           *apn;
-    char           *device_uid;
 
     NMPPPManager *ppp_manager;
     NMPppMgr     *ppp_mgr;
@@ -620,12 +618,6 @@ nm_modem_get_apn(NMModem *self)
     return NM_MODEM_GET_PRIVATE(self)->apn;
 }
 
-const char *
-nm_modem_get_device_uid(NMModem *self)
-{
-    return NM_MODEM_GET_PRIVATE(self)->device_uid;
-}
-
 /*****************************************************************************/
 
 static void
@@ -1129,22 +1121,6 @@ nm_modem_check_connection_compatible(NMModem *self, NMConnection *connection, GE
             }
         }
 
-        str = nm_setting_gsm_get_device_uid(s_gsm);
-        if (str) {
-            if (!priv->device_uid) {
-                nm_utils_error_set_literal(error,
-                                           NM_UTILS_ERROR_CONNECTION_AVAILABLE_TEMPORARY,
-                                           "GSM profile has device-uid, device does not");
-                return FALSE;
-            }
-            if (!nm_streq(str, priv->device_uid)) {
-                nm_utils_error_set_literal(error,
-                                           NM_UTILS_ERROR_CONNECTION_AVAILABLE_TEMPORARY,
-                                           "device has differing device-uid than GSM profile");
-                return FALSE;
-            }
-        }
-
         /* SIM properties may not be available before the SIM is unlocked, so
          * to ensure that autoconnect works, the connection's SIM properties
          * are only compared if present on the device.
@@ -1668,9 +1644,6 @@ get_property(GObject *object, guint prop_id, GValue *value, GParamSpec *pspec)
     case PROP_APN:
         g_value_set_string(value, priv->apn);
         break;
-    case PROP_DEVICE_UID:
-        g_value_set_string(value, priv->device_uid);
-        break;
     default:
         G_OBJECT_WARN_INVALID_PROPERTY_ID(object, prop_id, pspec);
         break;
@@ -1726,10 +1699,6 @@ set_property(GObject *object, guint prop_id, const GValue *value, GParamSpec *ps
         /* construct-only */
         priv->operator_code = g_value_dup_string(value);
         break;
-    case PROP_DEVICE_UID:
-        /* construct-only */
-        priv->device_uid = g_value_dup_string(value);
-        break;
     default:
         G_OBJECT_WARN_INVALID_PROPERTY_ID(object, prop_id, pspec);
         break;
@@ -1789,7 +1758,6 @@ finalize(GObject *object)
     g_free(priv->sim_operator_id);
     g_free(priv->operator_code);
     g_free(priv->apn);
-    g_free(priv->device_uid);
 
     G_OBJECT_CLASS(nm_modem_parent_class)->finalize(object);
 }
@@ -1895,13 +1863,6 @@ nm_modem_class_init(NMModemClass *klass)
     obj_properties[PROP_APN] =
         g_param_spec_string(NM_MODEM_APN, "", "", NULL, G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
 
-    obj_properties[PROP_DEVICE_UID] =
-        g_param_spec_string(NM_MODEM_DEVICE_UID,
-                            "",
-                            "",
-                            NULL,
-                            G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY | G_PARAM_STATIC_STRINGS);
-
     g_object_class_install_properties(object_class, _PROPERTY_ENUMS_LAST, obj_properties);
 
     signals[PPP_STATS] = g_signal_new(NM_MODEM_PPP_STATS,

src/core/devices/wwan/nm-modem.h

@@ -30,7 +30,6 @@
 #define NM_MODEM_SIM_OPERATOR_ID "sim-operator-id"
 #define NM_MODEM_OPERATOR_CODE   "operator-code"
 #define NM_MODEM_APN             "apn"
-#define NM_MODEM_DEVICE_UID      "device-uid"
 
 /* Signals */
 #define NM_MODEM_PPP_STATS      "ppp-stats"
@@ -155,7 +154,6 @@ const char *nm_modem_get_sim_id(NMModem *modem);
 const char *nm_modem_get_sim_operator_id(NMModem *modem);
 const char *nm_modem_get_operator_code(NMModem *modem);
 const char *nm_modem_get_apn(NMModem *modem);
-const char *nm_modem_get_device_uid(NMModem *modem);
 
 gboolean nm_modem_set_data_port(NMModem        *self,
                                 NMPlatform     *platform,

src/core/dhcp/nm-dhcp-options.c

@@ -68,7 +68,7 @@ const NMDhcpOption _nm_dhcp_option_dhcp4_options[] = {
     REQ(NM_DHCP_OPTION_DHCP4_ARP_CACHE_TIMEOUT, "arp_cache_timeout", FALSE),
     REQ(NM_DHCP_OPTION_DHCP4_IEEE802_3_ENCAPSULATION, "ieee802_3_encapsulation", FALSE),
     REQ(NM_DHCP_OPTION_DHCP4_DEFAULT_TCP_TTL, "default_tcp_ttl", FALSE),
-    REQ(NM_DHCP_OPTION_DHCP4_TCP_KEEPALIVE_INTERVAL, "tcp_keepalive_interval", FALSE),
+    REQ(NM_DHCP_OPTION_DHCP4_TCP_KEEPALIVE_INTERVAL, "tcp_keepalive_internal", FALSE),
     REQ(NM_DHCP_OPTION_DHCP4_TCP_KEEPALIVE_GARBAGE, "tcp_keepalive_garbage", FALSE),
     REQ(NM_DHCP_OPTION_DHCP4_VENDOR_SPECIFIC, "vendor_encapsulated_options", FALSE),
     REQ(NM_DHCP_OPTION_DHCP4_NETBIOS_NAMESERVER, "netbios_name_servers", FALSE),

src/core/dhcp/nm-dhcp-systemd.c

@@ -395,7 +395,7 @@ ip6_start(NMDhcpClient *client, const struct in6_addr *ll_addr, GError **error)
     prefix_delegation = FALSE;
     if (client_config->v6.needed_prefixes > 0) {
         if (client_config->v6.needed_prefixes > 1) {
-            /* FIXME: systemd-networkd API only allows requesting a
+            /* FIXME: systemd-networkd API only allows to request a
              * single prefix */
             _LOGW("dhcp-client6: only one prefix request is supported");
         }

src/core/dhcp/nm-dhcp-utils.c

@@ -32,11 +32,11 @@ ip4_process_dhcpcd_rfc3442_routes(const char     *iface,
                                   in_addr_t       address,
                                   guint32        *out_gwaddr)
 {
-    gs_free char **routes = NULL;
-    char         **r;
-    gboolean       have_routes = FALSE;
+    gs_free const char **routes = NULL;
+    const char         **r;
+    gboolean             have_routes = FALSE;
 
-    routes = (char **) nm_strsplit_set(str, " ");
+    routes = nm_strsplit_set(str, " ");
     if (!routes)
         return FALSE;
 
@@ -1224,7 +1224,7 @@ lease_option_print_domain_name(const uint8_t  *cache,
         }
         case 0xC0: /* back pointer */
         {
-            size_t offset = (c & 0x3F) << 8;
+            size_t offset = (c & 0x3F) << 16;
 
             /*
              * The offset is given as two bytes (in big endian), where the

src/core/dhcp/tests/test-dhcp-utils.c

@@ -239,76 +239,6 @@ test_parse_search_list(void)
     g_assert_cmpint(g_strv_length(domains), ==, 1);
     g_assert_cmpstr(domains[0], ==, "okay");
     g_strfreev(domains);
-
-    /* Test that the message compression works when the offset uses both bytes */
-    data = (guint8[]) {
-        /* clang-format off */
-         /* offset 0 */
-         0x3e,
-        'a','a','a','a','a','a','a','a','a','a','a','a','a','a','a','a',
-        'a','a','a','a','a','a','a','a','a','a','a','a','a','a','a','a',
-        'a','a','a','a','a','a','a','a','a','a','a','a','a','a','a','a',
-        'a','a','a','a','a','a','a','a','a','a','a','a','a','a',
-        0x00,
-        /* offset 0x40 */
-        0x3e,
-        'b','b','b','b','b','b','b','b','b','b','b','b','b','b','b','b',
-        'b','b','b','b','b','b','b','b','b','b','b','b','b','b','b','b',
-        'b','b','b','b','b','b','b','b','b','b','b','b','b','b','b','b',
-        'b','b','b','b','b','b','b','b','b','b','b','b','b','b',
-        0x00,
-        /* offset 0x80 */
-        0x3e,
-        'c','c','c','c','c','c','c','c','c','c','c','c','c','c','c','c',
-        'c','c','c','c','c','c','c','c','c','c','c','c','c','c','c','c',
-        'c','c','c','c','c','c','c','c','c','c','c','c','c','c','c','c',
-        'c','c','c','c','c','c','c','c','c','c','c','c','c','c',
-        0x00,
-        /* offset 0xc0 */
-        0x3e,
-        'd','d','d','d','d','d','d','d','d','d','d','d','d','d','d','d',
-        'd','d','d','d','d','d','d','d','d','d','d','d','d','d','d','d',
-        'd','d','d','d','d','d','d','d','d','d','d','d','d','d','d','d',
-        'd','d','d','d','d','d','d','d','d','d','d','d','d','d',
-        0x00,
-        /* offset 0x100 */
-        0x3e,
-        'e','e','e','e','e','e','e','e','e','e','e','e','e','e','e','e',
-        'e','e','e','e','e','e','e','e','e','e','e','e','e','e','e','e',
-        'e','e','e','e','e','e','e','e','e','e','e','e','e','e','e','e',
-        'e','e','e','e','e','e','e','e','e','e','e','e','e','e',
-        0x00,
-        /* offset 0x140 */
-        0x06, 'f','o','o','b','a','r', 0x03, 'c', 'o', 'm', 0x00,
-        0x04, 't', 'e', 's', 't', 0xc1, 0x40, /* back pointer to offset 0x140*/
-        /* clang-format on */
-    };
-
-    domains = nm_dhcp_lease_data_parse_search_list(data,
-                                                   0x153,
-                                                   "eth0",
-                                                   AF_INET,
-                                                   NM_DHCP_OPTION_DHCP4_DOMAIN_SEARCH_LIST);
-    g_assert(domains);
-    g_assert_cmpint(g_strv_length(domains), ==, 7);
-    g_assert_cmpstr(domains[0],
-                    ==,
-                    "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
-    g_assert_cmpstr(domains[1],
-                    ==,
-                    "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb");
-    g_assert_cmpstr(domains[2],
-                    ==,
-                    "cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc");
-    g_assert_cmpstr(domains[3],
-                    ==,
-                    "dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd");
-    g_assert_cmpstr(domains[4],
-                    ==,
-                    "eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee");
-    g_assert_cmpstr(domains[5], ==, "foobar.com");
-    g_assert_cmpstr(domains[6], ==, "test.foobar.com");
-    g_strfreev(domains);
 }
 
 static void

src/core/dns/nm-dns-dnsconfd.c

@@ -368,13 +368,12 @@ server_builder_append_base(GVariantBuilder   *argument_builder,
                            const char        *address_string,
                            const char *const *routing_domains,
                            const char *const *search_domains,
-                           const char        *ca,
-                           int                priority)
+                           const char        *ca)
 {
     NMDnsServer dns_server;
     gsize       addr_size;
 
-    if (!nm_dns_uri_parse(address_family, address_string, &dns_server, NULL))
+    if (!nm_dns_uri_parse(address_family, address_string, &dns_server))
         return FALSE;
     addr_size = nm_utils_addr_family_to_size(dns_server.addr_family);
 
@@ -393,12 +392,6 @@ server_builder_append_base(GVariantBuilder   *argument_builder,
                               "{sv}",
                               "name",
                               g_variant_new("s", dns_server.servername));
-    if (dns_server.port != NM_DNS_PORT_UNDEFINED) {
-        g_variant_builder_add(argument_builder,
-                              "{sv}",
-                              "port",
-                              g_variant_new("i", dns_server.port));
-    }
     if (routing_domains) {
         g_variant_builder_add(argument_builder,
                               "{sv}",
@@ -414,9 +407,6 @@ server_builder_append_base(GVariantBuilder   *argument_builder,
     if (ca) {
         g_variant_builder_add(argument_builder, "{sv}", "ca", g_variant_new("s", ca));
     }
-    /* dnsconfd defines priority as bigger number equals bigger priority, while NM
-     * uses the exact opposite, thus use -priority */
-    g_variant_builder_add(argument_builder, "{sv}", "priority", g_variant_new("i", -priority));
     return TRUE;
 }
 
@@ -453,8 +443,7 @@ parse_global_config(const NMGlobalDnsConfig *global_config,
                                            servers[j],
                                            routing_domains,
                                            searches,
-                                           *ca,
-                                           NM_DNS_PRIORITY_DEFAULT_NORMAL)) {
+                                           *ca)) {
                 g_variant_builder_close(argument_builder);
             }
         }
@@ -571,7 +560,7 @@ dnsconfd_start_done(GObject *source_object, GAsyncResult *res, gpointer user_dat
         g_dbus_error_strip_remote_error(error);
         _LOGW("failed to start Dnsconfd %s", error->message);
     } else {
-        _LOGT("successfully started Dnsconfd");
+        _LOGT("succesfully started Dnsconfd");
     }
 
     /* No update maybe changed or state change, as this is handled by the name owner callbacks
@@ -639,7 +628,6 @@ parse_all_interface_config(GVariantBuilder *argument_builder,
     NMDnsConfigIPData *ip_data;
     const char *const *dns_server_strings;
     guint              nameserver_count;
-    int                priority;
     const char        *ifname;
     gboolean           explicit_default = is_default_interface_explicit(ip_data_lst_head);
 
@@ -660,9 +648,6 @@ parse_all_interface_config(GVariantBuilder *argument_builder,
 
         gather_interface_domains(ip_data, explicit_default, &routing_domains, &search_domains);
         get_networks(ip_data, &networks);
-        if (!nm_l3_config_data_get_dns_priority(ip_data->l3cd, ip_data->addr_family, &priority)) {
-            priority = NM_DNS_PRIORITY_DEFAULT_NORMAL;
-        }
 
         for (guint i = 0; i < nameserver_count; i++) {
             if (server_builder_append_base(argument_builder,
@@ -670,8 +655,7 @@ parse_all_interface_config(GVariantBuilder *argument_builder,
                                            dns_server_strings[i],
                                            routing_domains,
                                            search_domains,
-                                           ca,
-                                           priority)) {
+                                           ca)) {
                 server_builder_append_interface_info(argument_builder, ifname, networks);
             }
         }

src/core/dns/nm-dns-dnsmasq.c

@@ -521,10 +521,9 @@ _gl_pid_spawn_next_step(void)
     argv[argv_idx++] = "--no-resolv"; /* Use only commandline */
     argv[argv_idx++] = "--keep-in-foreground";
     argv[argv_idx++] = "--no-hosts"; /* don't use /etc/hosts to resolve */
-    argv[argv_idx++] = "--bind-dynamic";
+    argv[argv_idx++] = "--bind-interfaces";
     argv[argv_idx++] = "--pid-file=" PIDFILE;
-    argv[argv_idx++] = "--listen-address=127.0.0.1";
-    argv[argv_idx++] = "--listen-address=::1";
+    argv[argv_idx++] = "--listen-address=127.0.0.1"; /* Should work for both 4 and 6 */
     argv[argv_idx++] = "--cache-size=400";
     argv[argv_idx++] = "--clear-on-reload";     /* clear cache when dns server changes */
     argv[argv_idx++] = "--conf-file=/dev/null"; /* avoid loading /etc/dnsmasq.conf */

src/core/dns/nm-dns-manager.c

@@ -26,7 +26,6 @@
 
 #include "libnm-core-intern/nm-core-internal.h"
 #include "libnm-glib-aux/nm-str-buf.h"
-#include "libnm-glib-aux/nm-io-utils.h"
 
 #include "NetworkManagerUtils.h"
 #include "devices/nm-device.h"
@@ -587,11 +586,7 @@ add_dns_domains(GPtrArray            *array,
 }
 
 static void
-merge_one_l3cd(NMResolvConfData     *rc,
-               int                   addr_family,
-               int                   ifindex,
-               const NML3ConfigData *l3cd,
-               gboolean              ignore_searches_and_options)
+merge_one_l3cd(NMResolvConfData *rc, int addr_family, int ifindex, const NML3ConfigData *l3cd)
 {
     char               buf[NM_INET_ADDRSTRLEN + 50];
     gboolean           has_trust_ad;
@@ -629,33 +624,31 @@ merge_one_l3cd(NMResolvConfData     *rc,
         add_string_item(rc->nameservers, buf, TRUE);
     }
 
-    if (!ignore_searches_and_options) {
-        add_dns_domains(rc->searches, addr_family, l3cd, FALSE, TRUE);
+    add_dns_domains(rc->searches, addr_family, l3cd, FALSE, TRUE);
 
-        has_trust_ad = FALSE;
-        strarr       = nm_l3_config_data_get_dns_options(l3cd, addr_family, &num);
-        for (i = 0; i < num; i++) {
-            const char *option = strarr[i];
+    has_trust_ad = FALSE;
+    strarr       = nm_l3_config_data_get_dns_options(l3cd, addr_family, &num);
+    for (i = 0; i < num; i++) {
+        const char *option = strarr[i];
 
-            if (nm_streq(option, NM_SETTING_DNS_OPTION_TRUST_AD)) {
-                has_trust_ad = TRUE;
-                continue;
-            }
-            add_dns_option_item(rc->options, option);
+        if (nm_streq(option, NM_SETTING_DNS_OPTION_TRUST_AD)) {
+            has_trust_ad = TRUE;
+            continue;
         }
-
-        if (num_nameservers == 0) {
-            /* If the @l3cd contributes no DNS servers, ignore whether trust-ad is set or unset
-             * for this @l3cd. */
-        } else if (has_trust_ad) {
-            /* We only set has_trust_ad to TRUE, if all IP configs agree (or don't contribute).
-             * Once set to FALSE, it doesn't get reset. */
-            if (rc->has_trust_ad == NM_TERNARY_DEFAULT)
-                rc->has_trust_ad = NM_TERNARY_TRUE;
-        } else
-            rc->has_trust_ad = NM_TERNARY_FALSE;
+        add_dns_option_item(rc->options, option);
     }
 
+    if (num_nameservers == 0) {
+        /* If the @l3cd contributes no DNS servers, ignore whether trust-ad is set or unset
+         * for this @l3cd. */
+    } else if (has_trust_ad) {
+        /* We only set has_trust_ad to TRUE, if all IP configs agree (or don't contribute).
+         * Once set to FALSE, it doesn't get reset. */
+        if (rc->has_trust_ad == NM_TERNARY_DEFAULT)
+            rc->has_trust_ad = NM_TERNARY_TRUE;
+    } else
+        rc->has_trust_ad = NM_TERNARY_FALSE;
+
     if (addr_family == AF_INET) {
         const in_addr_t *nis_servers;
         const char      *nis_domain;
@@ -1007,8 +1000,7 @@ _read_link_cached(const char *path, gboolean *is_cached, char **cached)
 #define MY_RESOLV_CONF_TMP MY_RESOLV_CONF ".tmp"
 #define RESOLV_CONF_TMP    "/etc/.resolv.conf.NetworkManager"
 
-#define NO_STUB_RESOLV_CONF     NMRUNDIR "/no-stub-resolv.conf"
-#define NO_STUB_RESOLV_CONF_TMP NMRUNDIR "/no-stub-resolv.conf.tmp"
+#define NO_STUB_RESOLV_CONF NMRUNDIR "/no-stub-resolv.conf"
 
 static void
 update_resolv_conf_no_stub(NMDnsManager      *self,
@@ -1021,14 +1013,7 @@ update_resolv_conf_no_stub(NMDnsManager      *self,
 
     content = create_resolv_conf(searches, nameservers, options);
 
-    if (!nm_utils_file_set_contents(NO_STUB_RESOLV_CONF,
-                                    content,
-                                    -1,
-                                    0644,
-                                    NULL,
-                                    NO_STUB_RESOLV_CONF_TMP,
-                                    NULL,
-                                    &local)) {
+    if (!g_file_set_contents(NO_STUB_RESOLV_CONF, content, -1, &local)) {
         _LOGD("update-resolv-no-stub: failure to write file: %s", local->message);
         g_error_free(local);
         return;
@@ -1246,15 +1231,12 @@ compute_hash(NMDnsManager *self, const NMGlobalDnsConfig *global, guint8 buffer[
 {
     nm_auto_free_checksum GChecksum *sum = NULL;
     NMDnsConfigIPData               *ip_data;
-    gboolean                         has_global_dns_section = FALSE;
 
     sum = g_checksum_new(G_CHECKSUM_SHA1);
     nm_assert(HASH_LEN == g_checksum_type_get_length(G_CHECKSUM_SHA1));
 
-    if (global) {
+    if (global)
         nm_global_dns_config_update_checksum(global, sum);
-        has_global_dns_section = nm_global_dns_has_global_dns_section(global);
-    }
 
     if (!global || !nm_global_dns_config_lookup_domain(global, "*")) {
         const CList *head;
@@ -1266,8 +1248,7 @@ compute_hash(NMDnsManager *self, const NMGlobalDnsConfig *global, guint8 buffer[
             nm_l3_config_data_hash_dns(ip_data->l3cd,
                                        sum,
                                        ip_data->addr_family,
-                                       ip_data->ip_config_type,
-                                       has_global_dns_section);
+                                       ip_data->ip_config_type);
         }
     }
 
@@ -1283,9 +1264,6 @@ merge_global_dns_config(NMResolvConfData *rc, NMGlobalDnsConfig *global_conf)
     const char *const *servers;
     guint              i;
 
-    /* Global config must be processed before connections' config */
-    nm_assert(rc->nameservers->len == 0);
-
     if (!global_conf)
         return FALSE;
 
@@ -1373,17 +1351,12 @@ _collect_resolv_conf_data(NMDnsManager      *self,
             .nis_servers  = g_ptr_array_new(),
             .has_trust_ad = NM_TERNARY_DEFAULT,
     };
-    gboolean has_global_dns_section = FALSE;
 
     priv = NM_DNS_MANAGER_GET_PRIVATE(self);
 
-    if (global_config) {
+    if (global_config)
         merge_global_dns_config(&rc, global_config);
-        has_global_dns_section = nm_global_dns_has_global_dns_section(global_config);
-    }
 
-    /* If global nameservers are defined, no DNS configs are used from connections at all,
-     * including searches and options. */
     if (!global_config || !nm_global_dns_config_lookup_domain(global_config, "*")) {
         nm_auto_str_buf NMStrBuf tmp_strbuf = NM_STR_BUF_INIT(0, FALSE);
         int                      first_prio = 0;
@@ -1417,16 +1390,8 @@ _collect_resolv_conf_data(NMDnsManager      *self,
                   skip ? "<SKIP>" : "",
                   get_nameserver_list(ip_data->addr_family, ip_data->l3cd, &tmp_strbuf));
 
-            if (!skip) {
-                /* Merge the configs from connections. However, if there was a [global-dns]
-                 * it overwrites searches and options from the connections, thus we only
-                 * merge the nameservers. */
-                merge_one_l3cd(&rc,
-                               ip_data->addr_family,
-                               ip_data->data->ifindex,
-                               ip_data->l3cd,
-                               has_global_dns_section);
-            }
+            if (!skip)
+                merge_one_l3cd(&rc, ip_data->addr_family, ip_data->data->ifindex, ip_data->l3cd);
         }
     }
 
@@ -1510,8 +1475,8 @@ _domain_track_is_shadowed(GHashTable  *ht,
                           const char **out_parent,
                           int         *out_parent_priority)
 {
-    const char *parent;
-    int         parent_priority;
+    char *parent;
+    int   parent_priority;
 
     if (!ht)
         return FALSE;

src/core/dns/nm-dns-systemd-resolved.c

@@ -37,7 +37,6 @@
 static const char *const DBUS_OP_SET_LINK_DEFAULT_ROUTE = "SetLinkDefaultRoute";
 static const char *const DBUS_OP_SET_LINK_DNS_OVER_TLS  = "SetLinkDNSOverTLS";
 static const char *const DBUS_OP_SET_LINK_DNS_EX        = "SetLinkDNSEx";
-static const char *const DBUS_OP_SET_LINK_DNSSEC        = "SetLinkDNSSEC";
 
 /*****************************************************************************/
 
@@ -399,7 +398,7 @@ update_add_ip_config(NMDnsSystemdResolved    *self,
     for (i = 0; i < n; i++) {
         NMDnsServer dns_server;
 
-        if (!nm_dns_uri_parse(ip_data->addr_family, strarr[i], &dns_server, NULL))
+        if (!nm_dns_uri_parse(ip_data->addr_family, strarr[i], &dns_server))
             continue;
 
         if (!NM_IN_SET(dns_server.scheme,
@@ -485,11 +484,9 @@ prepare_one_interface(NMDnsSystemdResolved *self, const InterfaceConfig *ic)
     NMSettingConnectionMdns       mdns              = NM_SETTING_CONNECTION_MDNS_DEFAULT;
     NMSettingConnectionLlmnr      llmnr             = NM_SETTING_CONNECTION_LLMNR_DEFAULT;
     NMSettingConnectionDnsOverTls dns_over_tls      = NM_SETTING_CONNECTION_DNS_OVER_TLS_DEFAULT;
-    NMSettingConnectionDnssec     dnssec            = NM_SETTING_CONNECTION_DNSSEC_DEFAULT;
     const char                   *mdns_arg          = NULL;
     const char                   *llmnr_arg         = NULL;
     const char                   *dns_over_tls_arg  = NULL;
-    const char                   *dnssec_arg        = NULL;
     gboolean                      has_config        = FALSE;
     gboolean                      has_default_route = FALSE;
     guint                         i;
@@ -520,7 +517,6 @@ prepare_one_interface(NMDnsSystemdResolved *self, const InterfaceConfig *ic)
                 llmnr = NM_MAX(llmnr, nm_l3_config_data_get_llmnr(ip_data->l3cd));
                 dns_over_tls =
                     NM_MAX(dns_over_tls, nm_l3_config_data_get_dns_over_tls(ip_data->l3cd));
-                dnssec = NM_MAX(dnssec, nm_l3_config_data_get_dnssec(ip_data->l3cd));
             }
         }
     }
@@ -593,24 +589,8 @@ prepare_one_interface(NMDnsSystemdResolved *self, const InterfaceConfig *ic)
     }
     nm_assert(dns_over_tls_arg);
 
-    switch (dnssec) {
-    case NM_SETTING_CONNECTION_DNSSEC_NO:
-        dnssec_arg = "no";
-        break;
-    case NM_SETTING_CONNECTION_DNSSEC_ALLOW_DOWNGRADE:
-        dnssec_arg = "allow-downgrade";
-        break;
-    case NM_SETTING_CONNECTION_DNSSEC_YES:
-        dnssec_arg = "yes";
-        break;
-    case NM_SETTING_CONNECTION_DNSSEC_DEFAULT:
-        dnssec_arg = "";
-        break;
-    }
-    nm_assert(dnssec_arg);
-
     if (!nm_str_is_empty(mdns_arg) || !nm_str_is_empty(llmnr_arg)
-        || !nm_str_is_empty(dns_over_tls_arg) || !nm_str_is_empty(dnssec_arg))
+        || !nm_str_is_empty(dns_over_tls_arg))
         has_config = TRUE;
 
     _request_item_append(self, "SetLinkDomains", ic->ifindex, g_variant_builder_end(&domains));
@@ -638,10 +618,6 @@ prepare_one_interface(NMDnsSystemdResolved *self, const InterfaceConfig *ic)
                          DBUS_OP_SET_LINK_DNS_OVER_TLS,
                          ic->ifindex,
                          g_variant_new("(is)", ic->ifindex, dns_over_tls_arg ?: ""));
-    _request_item_append(self,
-                         DBUS_OP_SET_LINK_DNSSEC,
-                         ic->ifindex,
-                         g_variant_new("(is)", ic->ifindex, dnssec_arg ?: ""));
 
     return has_config;
 }

src/core/main-utils.c

@@ -81,7 +81,7 @@ nm_main_utils_write_pidfile(const char *pidfile)
     char                  pid[16];
 
     nm_sprintf_buf(pid, "%lld", (long long) getpid());
-    if (!nm_utils_file_set_contents(pidfile, pid, -1, 00644, NULL, NULL, NULL, &error)) {
+    if (!nm_utils_file_set_contents(pidfile, pid, -1, 00644, NULL, NULL, &error)) {
         fprintf(stderr, _("Writing to %s failed: %s\n"), pidfile, error->message);
         return FALSE;
     }

src/core/main.c

@@ -339,7 +339,7 @@ main(int argc, char *argv[])
         char *path, *slash;
         int   g;
 
-        /* exe is <builddir>/src/core/NetworkManager, so chop off
+        /* exe is <basedir>/src/.libs/lt-NetworkManager, so chop off
          * the last three components */
         path = realpath("/proc/self/exe", NULL);
         g_assert(path != NULL);

src/core/ndisc/nm-lndp-ndisc.c

@@ -19,7 +19,6 @@
 #include "libnm-systemd-shared/nm-sd-utils-shared.h"
 #include "nm-l3cfg.h"
 #include "nm-ndisc-private.h"
-#include "nm-core-utils.h"
 
 #define _NMLOG_PREFIX_NAME "ndisc-lndp"
 
@@ -28,14 +27,6 @@
 typedef struct {
     struct ndp *ndp;
     GSource    *event_source;
-
-    struct {
-        NMRateLimit pio_lft;
-        NMRateLimit mtu;
-        NMRateLimit omit_prefix;
-        NMRateLimit omit_dns;
-        NMRateLimit omit_dnssl;
-    } msg_ratelimit;
 } NMLndpNDiscPrivate;
 
 /*****************************************************************************/
@@ -58,36 +49,6 @@ G_DEFINE_TYPE(NMLndpNDisc, nm_lndp_ndisc, NM_TYPE_NDISC)
 
 /*****************************************************************************/
 
-/*
- * If we log a message about an invalid RA packet, don't repeat the same message
- * at every packet received or sent. Rate limit the message to 6 every 12 hours
- * per type and per ndisc instance.
- */
-
-#define LOG_INV_RA_WINDOW (12 * 3600)
-#define LOG_INV_RA_BURST  6
-
-#define _LOG_INVALID_RA(ndisc, rate_limit, ...)                                  \
-    G_STMT_START                                                                 \
-    {                                                                            \
-        NMNDisc     *__ndisc  = (ndisc);                                         \
-        NMRateLimit *__rl     = (rate_limit);                                    \
-        const char  *__ifname = nm_ndisc_get_ifname(__ndisc);                    \
-                                                                                 \
-        if (__ifname && nm_logging_enabled(LOGL_WARN, LOGD_IP6)                  \
-            && nm_rate_limit_check(__rl, LOG_INV_RA_WINDOW, LOG_INV_RA_BURST)) { \
-            nm_log(LOGL_WARN,                                                    \
-                   LOGD_IP6,                                                     \
-                   __ifname,                                                     \
-                   NULL,                                                         \
-                   "ndisc (%s): " _NM_UTILS_MACRO_FIRST(__VA_ARGS__),            \
-                   __ifname _NM_UTILS_MACRO_REST(__VA_ARGS__));                  \
-        }                                                                        \
-    }                                                                            \
-    G_STMT_END
-
-/*****************************************************************************/
-
 static gboolean
 send_rs(NMNDisc *ndisc, GError **error)
 {
@@ -152,7 +113,6 @@ static int
 receive_ra(struct ndp *ndp, struct ndp_msg *msg, gpointer user_data)
 {
     NMNDisc             *ndisc   = (NMNDisc *) user_data;
-    NMLndpNDiscPrivate  *priv    = NM_LNDP_NDISC_GET_PRIVATE(ndisc);
     NMNDiscDataInternal *rdata   = ndisc->rdata;
     NMNDiscConfigMap     changed = 0;
     NMNDiscGateway       gateway;
@@ -258,26 +218,10 @@ receive_ra(struct ndp *ndp, struct ndp_msg *msg, gpointer user_data)
 
         /* Address */
         if (r_plen == 64 && ndp_msg_opt_prefix_flag_auto_addr_conf(msg, offset)) {
-            const guint32  valid_time     = ndp_msg_opt_prefix_valid_time(msg, offset);
-            const guint32  preferred_time = ndp_msg_opt_prefix_preferred_time(msg, offset);
-            NMNDiscAddress address;
-
-            /*
-             * RFC 4862 Section 5.5.3 states:
-             * c)  If the preferred lifetime is greater than the valid lifetime,
-             * silently ignore the Prefix Information option. A node MAY wish to
-             * log a system management error in this case.
-             */
-            if (preferred_time > valid_time) {
-                _LOG_INVALID_RA(
-                    ndisc,
-                    &priv->msg_ratelimit.pio_lft,
-                    "ignoring Prefix Information Option with invalid lifetimes in received IPv6 "
-                    "router advertisement");
-                continue;
-            }
-
-            address = (NMNDiscAddress) {
+            const guint32 valid_time = ndp_msg_opt_prefix_valid_time(msg, offset);
+            const guint32 preferred_time =
+                NM_MIN(ndp_msg_opt_prefix_preferred_time(msg, offset), valid_time);
+            const NMNDiscAddress address = {
                 .address               = r_network,
                 .expiry_msec           = _nm_ndisc_lifetime_to_expiry(now_msec, valid_time),
                 .expiry_preferred_msec = _nm_ndisc_lifetime_to_expiry(now_msec, preferred_time),
@@ -393,11 +337,7 @@ receive_ra(struct ndp *ndp, struct ndp_msg *msg, gpointer user_data)
              * Kernel would set it, but would flush out all IPv6 addresses away
              * from the link, even the link-local, and we wouldn't be able to
              * listen for further RAs that could fix the MTU. */
-            _LOG_INVALID_RA(ndisc,
-                            &priv->msg_ratelimit.mtu,
-                            "ignoring too small MTU %u in received IPv6 "
-                            "router advertisement",
-                            mtu);
+            _LOGW("MTU too small for IPv6 ignored: %d", mtu);
         }
     }
 
@@ -493,11 +433,8 @@ send_ra(NMNDisc *ndisc, GError **error)
 
         prefix = _ndp_msg_add_option(msg, sizeof(*prefix));
         if (!prefix) {
-            /* Maybe we could send separate RAs, but why bother... */
-            _LOG_INVALID_RA(
-                ndisc,
-                &priv->msg_ratelimit.omit_prefix,
-                "the outgoing IPv6 router advertisement is too big: omitting some prefixes");
+            /* Maybe we could sent separate RAs, but why bother... */
+            _LOGW("The RA is too big, had to omit some some prefixes.");
             break;
         }
 
@@ -526,10 +463,7 @@ send_ra(NMNDisc *ndisc, GError **error)
 
         option = _ndp_msg_add_option(msg, len);
         if (!option) {
-            _LOG_INVALID_RA(
-                ndisc,
-                &priv->msg_ratelimit.omit_dns,
-                "the outgoing IPv6 router advertisement is too big: omitting DNS information");
+            _LOGW("The RA is too big, had to omit DNS information.");
             goto dns_servers_done;
         }
 
@@ -607,10 +541,7 @@ dns_servers_done:
         nm_assert(len / 8u >= 2u);
 
         if (len / 8u >= 256u || !(option = _ndp_msg_add_option(msg, len))) {
-            _LOG_INVALID_RA(
-                ndisc,
-                &priv->msg_ratelimit.omit_dnssl,
-                "the outgoing IPv6 router advertisement is too big: omitting DNS search list");
+            _LOGW("The RA is too big, had to omit DNS search list.");
             goto dns_domains_done;
         }
 

src/core/ndisc/nm-ndisc.c

@@ -1490,7 +1490,7 @@ clean_addresses(NMNDisc *ndisc, gint64 now_msec, NMNDiscConfigMap *changed, gint
         g_array_set_size(rdata->addresses, j);
     }
 
-    if (_array_set_size_max(rdata->addresses, priv->config.max_addresses))
+    if (_array_set_size_max(rdata->gateways, priv->config.max_addresses))
         *changed |= NM_NDISC_CONFIG_ADDRESSES;
 }
 
@@ -1830,7 +1830,7 @@ _config_init(NMNDiscConfig *config, const NMNDiscConfig *src)
     nm_assert(config);
     g_return_if_fail(src);
 
-    /* we only allow one to set @config if it was cleared (or is not yet initialized). */
+    /* we only allow to set @config if it was cleared (or is not yet initialized). */
     nm_assert(!config->l3cfg);
     nm_assert(!config->ifname);
     nm_assert(!config->network_id);

src/core/nm-bond-manager.c

@@ -916,21 +916,21 @@ nm_bond_manager_send_arp(int                 bond_ifindex,
     if (announce_fdb) {
         /* if we are announcing the FDB we do a RARP, we don't set the
          * source/dest IPv4 address */
-        int                         ifindexes[] = {bridge_ifindex, bond_ifindex};
-        int                         i;
-        nm_auto_freev NMEtherAddr **fdb_addrs = NULL;
+        int                   ifindexes[] = {bridge_ifindex, bond_ifindex};
+        int                   i;
+        gs_free NMEtherAddr **fdb_addrs = NULL;
 
-        fdb_addrs = nm_linux_platform_get_bridge_fdb(platform, ifindexes, 2);
+        fdb_addrs = nm_linux_platform_get_link_fdb_table(platform, ifindexes, 2);
         /* we want to send a Reverse ARP (RARP) packet */
         data.op = htons(ARP_OP_RARP);
 
         i = 0;
         while (fdb_addrs[i] != NULL) {
             NMEtherAddr *tmp_hwaddr = fdb_addrs[i];
-
             memcpy(data.s_hw_addr, tmp_hwaddr, ETH_ALEN);
             memcpy(data.d_hw_addr, tmp_hwaddr, ETH_ALEN);
             memcpy(data.s_addr, tmp_hwaddr, ETH_ALEN);
+            g_free(tmp_hwaddr);
             if (sendto(sockfd, &data, sizeof(data), 0, (struct sockaddr *) &addr, sizeof(addr)) < 0)
                 return FALSE;
             i++;

src/core/nm-checkpoint.c

@@ -160,7 +160,7 @@ parse_connection_from_shadowed_file(const char *path, GError **error)
 {
     nm_auto_unref_keyfile GKeyFile *keyfile  = NULL;
     gs_free char                   *base_dir = NULL;
-    const char                     *sep;
+    char                           *sep;
 
     keyfile = g_key_file_new();
     if (!g_key_file_load_from_file(keyfile, path, G_KEY_FILE_NONE, error))

src/core/nm-config-data.c

@@ -50,9 +50,9 @@ struct _NMGlobalDnsConfig {
     char           **options;
     GHashTable      *domains;
     const char     **domain_list;
+    gboolean         internal;
     char            *cert_authority;
     NMDnsResolveMode resolve_mode;
-    gboolean         internal;
 };
 
 /*****************************************************************************/
@@ -941,14 +941,6 @@ next:
 
 /*****************************************************************************/
 
-gboolean
-nm_global_dns_has_global_dns_section(const NMGlobalDnsConfig *dns_config)
-{
-    g_return_val_if_fail(dns_config, FALSE);
-
-    return dns_config->searches != NULL || dns_config->options != NULL;
-}
-
 const char *const *
 nm_global_dns_config_get_searches(const NMGlobalDnsConfig *dns_config)
 {
@@ -1244,7 +1236,6 @@ load_global_dns(GKeyFile *keyfile, gboolean internal)
     gs_free char      *cert_authority = NULL;
     gs_free char      *resolve_mode   = NULL;
     NMDnsResolveMode   parsed_resolve_mode;
-    gboolean           has_global_dns_section;
 
     if (internal) {
         group         = NM_CONFIG_KEYFILE_GROUP_INTERN_GLOBAL_DNS;
@@ -1395,22 +1386,6 @@ load_global_dns(GKeyFile *keyfile, gboolean internal)
         return NULL;
     }
 
-    /* Defining [global-dns-domain-*] implies defining [global-dns] too (maybe empty) */
-    if (default_found)
-        has_global_dns_section = TRUE;
-    else
-        has_global_dns_section = g_key_file_has_group(keyfile, group);
-
-    /* If there exist a [global-dns] section, always initialize "searches" and "options" so
-     * they appear in D-Bus. Clients can use this to know if it's defined, so they can know
-     * if DNS configs from connections are relevant or not. */
-    if (has_global_dns_section) {
-        if (!dns_config->searches)
-            dns_config->searches = nm_strv_empty_new();
-        if (!dns_config->options)
-            dns_config->options = nm_strv_empty_new();
-    }
-
     dns_config->internal = internal;
     global_dns_config_seal_domains(dns_config);
     return dns_config;
@@ -1631,6 +1606,17 @@ nm_global_dns_config_from_dbus(const GValue *value, GError **error)
         g_variant_unref(val);
     }
 
+    /* An empty value is valid and clears the internal configuration */
+    if (!nm_global_dns_config_is_empty(dns_config)
+        && !nm_global_dns_config_lookup_domain(dns_config, "*")) {
+        g_set_error_literal(error,
+                            NM_MANAGER_ERROR,
+                            NM_MANAGER_ERROR_FAILED,
+                            "Global DNS configuration is missing the default domain");
+        nm_global_dns_config_free(dns_config);
+        return NULL;
+    }
+
     global_dns_config_seal_domains(dns_config);
     return dns_config;
 }

src/core/nm-config-data.h

@@ -274,7 +274,6 @@ gboolean nm_config_data_is_intern_atomic_group(const NMConfigData *self, const c
 
 GKeyFile *nm_config_data_clone_keyfile_intern(const NMConfigData *self);
 
-gboolean           nm_global_dns_has_global_dns_section(const NMGlobalDnsConfig *dns_config);
 const char *const *nm_global_dns_config_get_searches(const NMGlobalDnsConfig *dns_config);
 const char *const *nm_global_dns_config_get_options(const NMGlobalDnsConfig *dns_config);
 const char *nm_global_dns_config_get_certification_authority(const NMGlobalDnsConfig *dns_config);

src/core/nm-config.c

@@ -18,7 +18,6 @@
 #include "libnm-core-intern/nm-core-internal.h"
 #include "libnm-core-intern/nm-keyfile-internal.h"
 #include "libnm-core-intern/nm-keyfile-utils.h"
-#include "libnm-glib-aux/nm-keyfile-aux.h"
 
 #define DEFAULT_CONFIG_MAIN_FILE     NMCONFDIR "/NetworkManager.conf"
 #define DEFAULT_CONFIG_DIR           NMCONFDIR "/conf.d"
@@ -892,7 +891,6 @@ static const ConfigGroup config_groups[] = {
         .is_prefix = TRUE,
         .keys      = NM_MAKE_STRV(NM_CONFIG_KEYFILE_KEY_DEVICE_CARRIER_WAIT_TIMEOUT,
                              NM_CONFIG_KEYFILE_KEY_DEVICE_IGNORE_CARRIER,
-                             NM_CONFIG_KEYFILE_KEY_DEVICE_CHECK_CONNECTIVITY,
                              NM_CONFIG_KEYFILE_KEY_DEVICE_MANAGED,
                              NM_CONFIG_KEYFILE_KEY_DEVICE_SRIOV_NUM_VFS,
                              NM_CONFIG_KEYFILE_KEY_DEVICE_KEEP_CONFIGURATION,
@@ -1048,10 +1046,6 @@ read_config(GKeyFile   *keyfile,
             /* internal groups cannot be set by user configuration. */
             continue;
         }
-
-        if (!g_key_file_has_group(keyfile, group))
-            nm_key_file_add_group(keyfile, group);
-
         keys = g_key_file_get_keys(kf, group, &nkeys, NULL);
         if (!keys)
             continue;
@@ -1645,12 +1639,6 @@ intern_config_read(const char        *filename,
                                  "");
         }
 
-        if (!g_key_file_has_group(keyfile_intern, group)) {
-            nm_key_file_add_group(keyfile_intern, group);
-            if (is_intern)
-                has_intern = TRUE;
-        }
-
         for (k = 0; keys[k]; k++) {
             gs_free char *value_set = NULL;
             const char   *key       = keys[k];
@@ -1835,9 +1823,6 @@ intern_config_write(const char        *filename,
             }
         }
 
-        if (!g_key_file_has_group(keyfile, group))
-            nm_key_file_add_group(keyfile, group);
-
         for (k = 0; keys[k]; k++) {
             const char   *key       = keys[k];
             gs_free char *value_set = NULL;

src/core/nm-connectivity.c

@@ -77,8 +77,6 @@ struct _NMConnectivityCheckHandle {
         ConConfig *con_config;
 
         GCancellable      *resolve_cancellable;
-        int                resolve_ifindex;
-        GDBusConnection   *dbus_connection;
         CURLM             *curl_mhandle;
         CURL              *curl_ehandle;
         struct curl_slist *request_headers;
@@ -955,113 +953,6 @@ systemd_resolved_resolve_cb(GObject *object, GAsyncResult *res, gpointer user_da
     do_curl_request(cb_data, nm_str_buf_get_str(&strbuf_hosts));
 }
 
-static void
-systemd_resolved_resolve(NMConnectivityCheckHandle *cb_data)
-{
-    _LOG2D("start request to '%s' (try resolving '%s' using systemd-resolved with ifindex %d)",
-           cb_data->concheck.con_config->uri,
-           cb_data->concheck.con_config->host,
-           cb_data->concheck.resolve_ifindex);
-
-    g_dbus_connection_call(cb_data->concheck.dbus_connection,
-                           "org.freedesktop.resolve1",
-                           "/org/freedesktop/resolve1",
-                           "org.freedesktop.resolve1.Manager",
-                           "ResolveHostname",
-                           g_variant_new("(isit)",
-                                         (gint32) cb_data->concheck.resolve_ifindex,
-                                         cb_data->concheck.con_config->host,
-                                         (gint32) cb_data->addr_family,
-                                         SD_RESOLVED_DNS),
-                           G_VARIANT_TYPE("(a(iiay)st)"),
-                           G_DBUS_CALL_FLAGS_NONE,
-                           -1,
-                           cb_data->concheck.resolve_cancellable,
-                           systemd_resolved_resolve_cb,
-                           cb_data);
-}
-
-static void
-systemd_resolved_link_scopes_cb(GObject *object, GAsyncResult *res, gpointer user_data)
-{
-    NMConnectivityCheckHandle *cb_data;
-    gs_unref_variant GVariant *result     = NULL;
-    gs_unref_variant GVariant *value      = NULL;
-    gs_free_error GError      *error      = NULL;
-    guint64                    scope_mask = 0;
-
-    result = g_dbus_connection_call_finish(G_DBUS_CONNECTION(object), res, &error);
-    if (nm_utils_error_is_cancelled(error))
-        return;
-
-    cb_data = user_data;
-
-    if (!result) {
-        _LOG2D("unable to obtain systemd-resolved link ScopesMask for interface %d: %s",
-               cb_data->concheck.resolve_ifindex,
-               error->message);
-
-        cb_data->concheck.resolve_ifindex = 0;
-        systemd_resolved_resolve(cb_data);
-        return;
-    }
-
-    g_variant_get(result, "(v)", &value);
-    g_variant_get(value, "t", &scope_mask);
-
-    if (!(scope_mask & SD_RESOLVED_DNS)) {
-        /* there is no per-link DNS configured / active; query all available /
-         * system DNS resolvers instead of restricting the lookup to just this
-         * one, which would turn up no results. */
-        _LOG2D("no per-link DNS available (scope mask %" G_GUINT64_FORMAT
-               "); falling back to system-wide lookups",
-               scope_mask);
-        cb_data->concheck.resolve_ifindex = 0;
-    }
-
-    systemd_resolved_resolve(cb_data);
-}
-
-static void
-systemd_resolved_get_link_cb(GObject *object, GAsyncResult *res, gpointer user_data)
-{
-    NMConnectivityCheckHandle *cb_data;
-    gs_unref_variant GVariant *result    = NULL;
-    gs_free char              *link_path = NULL;
-    gs_free_error GError      *error     = NULL;
-
-    result = g_dbus_connection_call_finish(G_DBUS_CONNECTION(object), res, &error);
-    if (nm_utils_error_is_cancelled(error))
-        return;
-
-    cb_data = user_data;
-
-    if (!result) {
-        _LOG2D("unable to obtain systemd-resolved link D-Bus object for interface %d: %s",
-               cb_data->concheck.resolve_ifindex,
-               error->message);
-
-        cb_data->concheck.resolve_ifindex = 0;
-        systemd_resolved_resolve(cb_data);
-        return;
-    }
-
-    g_variant_get(result, "(o)", &link_path);
-
-    g_dbus_connection_call(cb_data->concheck.dbus_connection,
-                           "org.freedesktop.resolve1",
-                           link_path,
-                           "org.freedesktop.DBus.Properties",
-                           "Get",
-                           g_variant_new("(ss)", "org.freedesktop.resolve1.Link", "ScopesMask"),
-                           G_VARIANT_TYPE("(v)"),
-                           G_DBUS_CALL_FLAGS_NONE,
-                           -1,
-                           cb_data->concheck.resolve_cancellable,
-                           systemd_resolved_link_scopes_cb,
-                           cb_data);
-}
-
 static NMConnectivityState
 check_platform_config(NMConnectivity *self,
                       NMPlatform     *platform,
@@ -1176,7 +1067,6 @@ nm_connectivity_check_start(NMConnectivity             *self,
         }
 
         cb_data->concheck.resolve_cancellable = g_cancellable_new();
-        cb_data->concheck.resolve_ifindex     = ifindex;
 
         /* note that we pick up support for systemd-resolved right away when we need it.
          * We don't need to remember the setting, because we can (cheaply) check anew
@@ -1199,8 +1089,10 @@ nm_connectivity_check_start(NMConnectivity             *self,
         has_systemd_resolved = !!nm_dns_manager_get_systemd_resolved(nm_dns_manager_get());
 
         if (has_systemd_resolved) {
-            cb_data->concheck.dbus_connection = NM_MAIN_DBUS_CONNECTION_GET;
-            if (!cb_data->concheck.dbus_connection) {
+            GDBusConnection *dbus_connection;
+
+            dbus_connection = NM_MAIN_DBUS_CONNECTION_GET;
+            if (!dbus_connection) {
                 /* we have no D-Bus connection? That might happen in configure and quit mode.
                  *
                  * Anyway, something is very odd, just fail connectivity check. */
@@ -1211,19 +1103,25 @@ nm_connectivity_check_start(NMConnectivity             *self,
                 return cb_data;
             }
 
-            /* first check whether there has been a per-link DNS configured */
-            g_dbus_connection_call(cb_data->concheck.dbus_connection,
+            g_dbus_connection_call(dbus_connection,
                                    "org.freedesktop.resolve1",
                                    "/org/freedesktop/resolve1",
                                    "org.freedesktop.resolve1.Manager",
-                                   "GetLink",
-                                   g_variant_new("(i)", ifindex),
-                                   G_VARIANT_TYPE("(o)"),
+                                   "ResolveHostname",
+                                   g_variant_new("(isit)",
+                                                 0,
+                                                 cb_data->concheck.con_config->host,
+                                                 (gint32) cb_data->addr_family,
+                                                 SD_RESOLVED_DNS),
+                                   G_VARIANT_TYPE("(a(iiay)st)"),
                                    G_DBUS_CALL_FLAGS_NONE,
                                    -1,
                                    cb_data->concheck.resolve_cancellable,
-                                   systemd_resolved_get_link_cb,
+                                   systemd_resolved_resolve_cb,
                                    cb_data);
+            _LOG2D("start request to '%s' (try resolving '%s' using systemd-resolved)",
+                   cb_data->concheck.con_config->uri,
+                   cb_data->concheck.con_config->host);
             return cb_data;
         }
 

src/core/nm-core-utils.c

@@ -2865,7 +2865,6 @@ _host_id_read(guint8 **out_host_id, gsize *out_host_id_len)
                                                0600,
                                                NULL,
                                                NULL,
-                                               NULL,
                                                &error)) {
             nm_log_warn(
                 LOGD_CORE,
@@ -4643,13 +4642,13 @@ get_max_rate_vht_80_ss3(int mcs)
     case 5:
         return 702000000;
     case 6:
-        return 0; /* invalid */
+        return 0;
     case 7:
         return 877500000;
     case 8:
-        return 1053000000;
+        return 105300000;
     case 9:
-        return 1170000000;
+        return 117000000;
     }
     return 0;
 }
@@ -4733,7 +4732,7 @@ get_max_rate_vht_160_ss3(int mcs)
     case 8:
         return 2106000000;
     case 9:
-        return 0; /* invalid */
+        return 0;
     }
     return 0;
 }
@@ -5447,7 +5446,7 @@ again:
     if ((g = g_atomic_int_get(&g_static)) == -1) {
         gid_t g2;
 
-        g2 = getegid();
+        g2 = geteuid();
         g  = g2;
         nm_assert(g == g2);
         nm_assert(g >= 0);
@@ -5505,155 +5504,6 @@ nm_utils_shorten_hostname(const char *hostname, char **shortened)
     return TRUE;
 }
 
-/**
- * nm_utils_connection_supported:
- * @connection: the connection
- * @error: on return, the reason why the connection in not supported
- *
- * Returns whether the given connection is supported by this version
- * of NetworkManager.
- */
-gboolean
-nm_utils_connection_supported(NMConnection *connection, GError **error)
-{
-    const char *type;
-    const char *feature = NULL;
-
-    g_return_val_if_fail(connection, FALSE);
-    g_return_val_if_fail(!error || !*error, FALSE);
-
-    type = nm_connection_get_connection_type(connection);
-
-    if (!WITH_TEAMDCTL) {
-        NMSettingConnection *s_con;
-
-        if (nm_streq0(type, NM_SETTING_TEAM_SETTING_NAME)) {
-            feature = "team";
-            goto out_disabled;
-        }
-
-        /* Match team ports */
-        if ((s_con = nm_connection_get_setting_connection(connection))
-            && nm_streq0(nm_setting_connection_get_port_type(s_con),
-                         NM_SETTING_TEAM_SETTING_NAME)) {
-            feature = "team";
-            goto out_disabled;
-        }
-    }
-
-    if (!WITH_OPENVSWITCH) {
-        if (NM_IN_STRSET(type,
-                         NM_SETTING_OVS_BRIDGE_SETTING_NAME,
-                         NM_SETTING_OVS_PORT_SETTING_NAME,
-                         NM_SETTING_OVS_INTERFACE_SETTING_NAME)) {
-            feature = "Open vSwitch";
-            goto out_disabled;
-        }
-
-        /* Match OVS system interfaces */
-        if (nm_connection_get_setting_ovs_interface(connection)) {
-            feature = "Open vSwitch";
-            goto out_disabled;
-        }
-    }
-
-    if (!WITH_WIFI
-        && NM_IN_STRSET(type,
-                        NM_SETTING_WIRELESS_SETTING_NAME,
-                        NM_SETTING_OLPC_MESH_SETTING_NAME,
-                        NM_SETTING_WIFI_P2P_SETTING_NAME)) {
-        feature = "Wi-Fi";
-        goto out_disabled;
-    }
-
-    if (!WITH_WWAN
-        && NM_IN_STRSET(type, NM_SETTING_GSM_SETTING_NAME, NM_SETTING_CDMA_SETTING_NAME)) {
-        feature = "WWAN";
-        goto out_disabled;
-    }
-
-    if (nm_streq0(type, NM_SETTING_WIMAX_SETTING_NAME)) {
-        feature = "WiMAX";
-        goto out_removed;
-    }
-
-    return TRUE;
-
-out_disabled:
-    nm_assert(feature);
-    g_set_error(error,
-                NM_SETTINGS_ERROR,
-                NM_SETTINGS_ERROR_FEATURE_DISABLED,
-                "%s support is disabled in this build",
-                feature);
-    return FALSE;
-
-out_removed:
-    nm_assert(feature);
-    g_set_error(error,
-                NM_SETTINGS_ERROR,
-                NM_SETTINGS_ERROR_FEATURE_REMOVED,
-                "%s is no longer supported",
-                feature);
-    return FALSE;
-}
-
-/*****************************************************************************/
-
-/**
- * nm_rate_limit_check():
- * @rate_limit: the NMRateLimit instance
- * @window_sec: the time window in seconds, between 1 and 864000 (ten days)
- * @burst: the number of max allowed event occurrences in the given time
- *   window
- *
- * The function rate limits an event. Call it multiple times with the
- * same @window_sec, and @burst values.
- *
- * Returns: TRUE if the event is allowed, FALSE if it is rate-limited
- */
-gboolean
-nm_rate_limit_check(NMRateLimit *rate_limit, gint32 window_sec, gint32 burst)
-{
-    gint64 now;
-    gint64 old_ts_msec;
-    gint64 window_msec;
-    gint64 capacity;
-    gint64 elapsed;
-
-    nm_assert(window_sec >= 1 && window_sec <= 864000);
-    nm_assert(burst >= 1);
-
-    /* This implements a simple token bucket algorithm. For each millisecond,
-     * refill "burst" tokens. Thus, during a full time window we
-     * refill (window_msec * burst) tokens. Each event consumes @window_msec
-     * tokens. */
-
-    window_msec         = (gint64) window_sec * NM_UTILS_MSEC_PER_SEC;
-    capacity            = window_msec * (gint64) burst;
-    old_ts_msec         = rate_limit->ts_msec;
-    now                 = nm_utils_get_monotonic_timestamp_msec();
-    rate_limit->ts_msec = now;
-
-    elapsed = now - old_ts_msec;
-    if (old_ts_msec == 0 || elapsed > window_msec) {
-        /* On the first call, or in case a whole window passed, (re)start with
-         * a full budget */
-        rate_limit->tokens = capacity;
-    } else {
-        rate_limit->tokens += elapsed * (gint64) burst;
-        rate_limit->tokens = NM_MIN(rate_limit->tokens, capacity);
-    }
-
-    /* Consume the tokens */
-    if (rate_limit->tokens >= window_msec) {
-        rate_limit->tokens -= window_msec;
-        return TRUE;
-    }
-
-    return FALSE;
-}
-
 const char *
 nm_utils_get_connection_first_permissions_user(NMConnection *connection)
 {

src/core/nm-core-utils.h

@@ -494,19 +494,6 @@ gid_t nm_utils_get_nm_gid(void);
 
 /*****************************************************************************/
 
-gboolean nm_utils_connection_supported(NMConnection *connection, GError **error);
-
-/*****************************************************************************/
-
-typedef struct {
-    gint64 ts_msec;
-    gint64 tokens;
-} NMRateLimit;
-
-gboolean nm_rate_limit_check(NMRateLimit *rate_limit, gint32 window_sec, gint32 burst);
-
-/*****************************************************************************/
-
 const char *nm_utils_get_connection_first_permissions_user(NMConnection *connection);
 
 /*****************************************************************************/

src/core/nm-l3-config-data.c

@@ -120,7 +120,6 @@ struct _NML3ConfigData {
     NMSettingConnectionMdns       mdns;
     NMSettingConnectionLlmnr      llmnr;
     NMSettingConnectionDnsOverTls dns_over_tls;
-    NMSettingConnectionDnssec     dnssec;
     NMUtilsIPv6IfaceId            ip6_token;
 
     NML3ConfigDatFlags flags;
@@ -578,16 +577,6 @@ nm_l3_config_data_log(const NML3ConfigData *self,
                                            NULL)));
     }
 
-    if (self->dnssec != NM_SETTING_CONNECTION_DNSSEC_DEFAULT) {
-        gs_free char *s = NULL;
-
-        _L("dnssec: %s",
-           (s = _nm_utils_enum_to_str_full(nm_setting_connection_dnssec_get_type(),
-                                           self->dnssec,
-                                           " ",
-                                           NULL)));
-    }
-
     if (self->mptcp_flags != NM_MPTCP_FLAGS_NONE) {
         gs_free char *s = NULL;
 
@@ -705,7 +694,6 @@ nm_l3_config_data_new(NMDedupMultiIndex *multi_idx, int ifindex, NMIPConfigSourc
         .mdns                           = NM_SETTING_CONNECTION_MDNS_DEFAULT,
         .llmnr                          = NM_SETTING_CONNECTION_LLMNR_DEFAULT,
         .dns_over_tls                   = NM_SETTING_CONNECTION_DNS_OVER_TLS_DEFAULT,
-        .dnssec                         = NM_SETTING_CONNECTION_DNSSEC_DEFAULT,
         .flags                          = NM_L3_CONFIG_DAT_FLAGS_NONE,
         .metered                        = NM_TERNARY_DEFAULT,
         .proxy_browser_only             = NM_TERNARY_DEFAULT,
@@ -1431,9 +1419,6 @@ _check_and_add_domain(GPtrArray **p_arr, const char *domain)
     if (domain[0] == '.' || strstr(domain, ".."))
         return FALSE;
 
-    if (!g_utf8_validate(domain, -1, NULL))
-        return FALSE;
-
     len = strlen(domain);
     if (domain[len - 1] == '.') {
         copy   = g_strndup(domain, len - 1);
@@ -1779,26 +1764,6 @@ nm_l3_config_data_set_dns_over_tls(NML3ConfigData *self, NMSettingConnectionDnsO
     return TRUE;
 }
 
-NMSettingConnectionDnssec
-nm_l3_config_data_get_dnssec(const NML3ConfigData *self)
-{
-    nm_assert(_NM_IS_L3_CONFIG_DATA(self, TRUE));
-
-    return self->dnssec;
-}
-
-gboolean
-nm_l3_config_data_set_dnssec(NML3ConfigData *self, NMSettingConnectionDnssec dnssec)
-{
-    nm_assert(_NM_IS_L3_CONFIG_DATA(self, FALSE));
-
-    if (self->dnssec == dnssec)
-        return FALSE;
-
-    self->dnssec = dnssec;
-    return TRUE;
-}
-
 NMIPRouteTableSyncMode
 nm_l3_config_data_get_route_table_sync(const NML3ConfigData *self, int addr_family)
 {
@@ -2478,7 +2443,6 @@ nm_l3_config_data_cmp_full(const NML3ConfigData *a,
         NM_CMP_DIRECT(a->mdns, b->mdns);
         NM_CMP_DIRECT(a->llmnr, b->llmnr);
         NM_CMP_DIRECT(a->dns_over_tls, b->dns_over_tls);
-        NM_CMP_DIRECT(a->dnssec, b->dnssec);
     }
 
     if (NM_FLAGS_HAS(flags, NM_L3_CONFIG_CMP_FLAGS_OTHER)) {
@@ -3172,8 +3136,7 @@ void
 nm_l3_config_data_hash_dns(const NML3ConfigData *l3cd,
                            GChecksum            *sum,
                            int                   addr_family,
-                           NMDnsIPConfigType     dns_ip_config_type,
-                           gboolean              ignore_searches_and_options)
+                           NMDnsIPConfigType     dns_ip_config_type)
 {
     guint              i;
     int                val;
@@ -3212,18 +3175,16 @@ nm_l3_config_data_hash_dns(const NML3ConfigData *l3cd,
         empty = FALSE;
     }
 
-    if (!ignore_searches_and_options) {
-        searches = nm_l3_config_data_get_searches(l3cd, addr_family, &num_searches);
-        for (i = 0; i < num_searches; i++) {
-            g_checksum_update(sum, (const guint8 *) searches[i], strlen(searches[i]));
-            empty = FALSE;
-        }
+    searches = nm_l3_config_data_get_searches(l3cd, addr_family, &num_searches);
+    for (i = 0; i < num_searches; i++) {
+        g_checksum_update(sum, (const guint8 *) searches[i], strlen(searches[i]));
+        empty = FALSE;
+    }
 
-        options = nm_l3_config_data_get_dns_options(l3cd, addr_family, &num_options);
-        for (i = 0; i < num_options; i++) {
-            g_checksum_update(sum, (const guint8 *) options[i], strlen(options[i]));
-            empty = FALSE;
-        }
+    options = nm_l3_config_data_get_dns_options(l3cd, addr_family, &num_options);
+    for (i = 0; i < num_options; i++) {
+        g_checksum_update(sum, (const guint8 *) options[i], strlen(options[i]));
+        empty = FALSE;
     }
 
     val = nm_l3_config_data_get_mdns(l3cd);
@@ -3244,12 +3205,6 @@ nm_l3_config_data_hash_dns(const NML3ConfigData *l3cd,
         empty = FALSE;
     }
 
-    val = nm_l3_config_data_get_dnssec(l3cd);
-    if (val != NM_SETTING_CONNECTION_DNSSEC_DEFAULT) {
-        g_checksum_update(sum, (const guint8 *) &val, sizeof(val));
-        empty = FALSE;
-    }
-
     if (!empty) {
         int prio = 0;
 
@@ -3500,9 +3455,6 @@ nm_l3_config_data_merge(NML3ConfigData       *self,
     if (self->dns_over_tls == NM_SETTING_CONNECTION_DNS_OVER_TLS_DEFAULT)
         self->dns_over_tls = src->dns_over_tls;
 
-    if (self->dnssec == NM_SETTING_CONNECTION_DNSSEC_DEFAULT)
-        self->dnssec = src->dnssec;
-
     if (self->ip6_token.id == 0)
         self->ip6_token.id = src->ip6_token.id;
 

src/core/nm-l3-config-data.h

@@ -458,10 +458,6 @@ NMSettingConnectionDnsOverTls nm_l3_config_data_get_dns_over_tls(const NML3Confi
 gboolean nm_l3_config_data_set_dns_over_tls(NML3ConfigData               *self,
                                             NMSettingConnectionDnsOverTls dns_over_tls);
 
-NMSettingConnectionDnssec nm_l3_config_data_get_dnssec(const NML3ConfigData *self);
-
-gboolean nm_l3_config_data_set_dnssec(NML3ConfigData *self, NMSettingConnectionDnssec dnssec);
-
 NMIPRouteTableSyncMode nm_l3_config_data_get_route_table_sync(const NML3ConfigData *self,
                                                               int                   addr_family);
 
@@ -619,7 +615,6 @@ nmtst_l3_config_data_get_best_gateway(const NML3ConfigData *self, int addr_famil
 void nm_l3_config_data_hash_dns(const NML3ConfigData *l3cd,
                                 GChecksum            *sum,
                                 int                   addr_family,
-                                NMDnsIPConfigType     dns_ip_config_type,
-                                gboolean              ignore_searches_and_options);
+                                NMDnsIPConfigType     dns_ip_config_type);
 
 #endif /* __NM_L3_CONFIG_DATA_H__ */

src/core/nm-l3cfg.c

@@ -40,7 +40,8 @@ G_STATIC_ASSERT(NM_ACD_TIMEOUT_RFC5227_MSEC == N_ACD_TIMEOUT_RFC5227);
 
 #define ACD_SUPPORTED_ETH_ALEN                  ETH_ALEN
 #define ACD_ENSURE_RATELIMIT_MSEC               ((guint32) 4000u)
-#define ACD_WAIT_PROBING_EXTRA_TIME_MSEC        ((guint32) (2000u + ACD_ENSURE_RATELIMIT_MSEC))
+#define ACD_WAIT_PROBING_EXTRA_TIME_MSEC        ((guint32) (1000u + ACD_ENSURE_RATELIMIT_MSEC))
+#define ACD_WAIT_PROBING_EXTRA_TIME2_MSEC       ((guint32) 1000u)
 #define ACD_WAIT_TIME_PROBING_FULL_RESTART_MSEC ((guint32) 30000u)
 #define ACD_WAIT_TIME_CONFLICT_RESTART_MSEC     ((guint32) 120000u)
 #define ACD_WAIT_TIME_ANNOUNCE_RESTART_MSEC     ((guint32) 30000u)
@@ -2293,7 +2294,7 @@ _l3_acd_data_timeout_schedule(AcdData *acd_data, gint64 timeout_msec)
      * expect timeouts in certain states.
      *
      * That means, scheduling a timeout is only correct if we are in a certain
-     * state, which allows one to handle timeouts. This assert checks for that to
+     * state, which allows to handle timeouts. This assert checks for that to
      * ensure we don't call a timeout in an unexpected state. */
     nm_assert(NM_IN_SET(acd_data->info.state,
                         NM_L3_ACD_ADDR_STATE_PROBING,
@@ -2739,8 +2740,9 @@ handle_init:
             nm_utils_get_monotonic_timestamp_msec_cached(p_now_msec);
 
             if (acd_data->info.state == NM_L3_ACD_ADDR_STATE_PROBING) {
-                if ((*p_now_msec)
-                    > acd_data->probing_timestamp_msec + ACD_WAIT_PROBING_EXTRA_TIME_MSEC) {
+                if ((*p_now_msec) > acd_data->probing_timestamp_msec
+                                        + ACD_WAIT_PROBING_EXTRA_TIME_MSEC
+                                        + ACD_WAIT_PROBING_EXTRA_TIME2_MSEC) {
                     /* hm. We failed to create a new probe too long. Something is really wrong
                      * internally, but let's ignore the issue and assume the address is good. What
                      * else would we do? Assume the address is USED? */
@@ -2749,8 +2751,9 @@ handle_init:
                     goto handle_start_defending;
                 }
 
-                acd_data->probing_timeout_msec = acd_timeout_msec;
-                log_reason                     = "retry probing on timeout";
+                acd_data->probing_timestamp_msec = (*p_now_msec);
+                acd_data->probing_timeout_msec   = acd_timeout_msec;
+                log_reason                       = "retry probing on timeout";
                 goto handle_start_probing;
             }
 
@@ -2946,7 +2949,7 @@ handle_init:
             nm_utils_get_monotonic_timestamp_msec_cached(p_now_msec);
 
             if (acd_data->probing_timestamp_msec + acd_data->probing_timeout_msec
-                    + ACD_WAIT_PROBING_EXTRA_TIME_MSEC
+                    + ACD_WAIT_PROBING_EXTRA_TIME_MSEC + ACD_WAIT_PROBING_EXTRA_TIME2_MSEC
                 >= (*p_now_msec)) {
                 /* The probing already started quite a while ago. We ignore the link event
                  * and let the probe come to it's natural end. */
@@ -3047,7 +3050,7 @@ handle_start_probing:
         if (!acd_data->nacd_probe) {
             _LOGT_acd(acd_data,
                       "probing currently %snot possible (timeout %u msec; %s, %s)",
-                      orig_state == NM_L3_ACD_ADDR_STATE_INIT ? "" : "still ",
+                      orig_state == NM_L3_ACD_ADDR_STATE_INIT ? "" : " still",
                       acd_data->probing_timeout_msec,
                       failure_reason,
                       log_reason);
@@ -3056,10 +3059,9 @@ handle_start_probing:
         }
 
         _LOGT_acd(acd_data,
-                  "%sstart probing (timeout %u msec, ebpf %s; %s)",
+                  "%sstart probing (timeout %u msec, %s)",
                   orig_state == NM_L3_ACD_ADDR_STATE_INIT ? "" : "re",
                   acd_data->probing_timeout_msec,
-                  n_acd_has_bpf(self->priv.p->nacd) ? "enabled" : "disabled",
                   log_reason);
         return;
     }
@@ -3154,11 +3156,10 @@ handle_start_defending:
         }
 
         _LOGT_acd(acd_data,
-                  "start announcing (defend=%s) (probe created with ebpf %s)",
+                  "start announcing (defend=%s) (probe created)",
                   _l3_acd_defend_type_to_string(acd_data->acd_defend_type_current,
                                                 sbuf256,
-                                                sizeof(sbuf256)),
-                  n_acd_has_bpf(self->priv.p->nacd) ? "enabled" : "disabled");
+                                                sizeof(sbuf256)));
         acd_data->acd_defend_type_is_active = FALSE;
         acd_data->nacd_probe                = probe;
         return;
@@ -3989,7 +3990,7 @@ _l3cfg_routed_dns_apply(NML3Cfg *self, const NML3ConfigData *l3cd)
             NMDnsServer               dns;
             int                       r;
 
-            if (!nm_dns_uri_parse(addr_family, nameservers[i], &dns, NULL))
+            if (!nm_dns_uri_parse(addr_family, nameservers[i], &dns))
                 continue;
 
             /* Find the gateway to the DNS over the current interface. When
@@ -5054,8 +5055,8 @@ _l3_commit_mptcp_af(NML3Cfg          *self,
             (NM_FLAGS_HAS(mptcp_flags, NM_MPTCP_FLAGS_SIGNAL) ? MPTCP_PM_ADDR_FLAG_SIGNAL : 0)
             | (NM_FLAGS_HAS(mptcp_flags, NM_MPTCP_FLAGS_SUBFLOW) ? MPTCP_PM_ADDR_FLAG_SUBFLOW : 0)
             | (NM_FLAGS_HAS(mptcp_flags, NM_MPTCP_FLAGS_BACKUP) ? MPTCP_PM_ADDR_FLAG_BACKUP : 0)
-            | (NM_FLAGS_HAS(mptcp_flags, NM_MPTCP_FLAGS_FULLMESH) ? MPTCP_PM_ADDR_FLAG_FULLMESH : 0)
-            | (NM_FLAGS_HAS(mptcp_flags, NM_MPTCP_FLAGS_LAMINAR) ? MPTCP_PM_ADDR_FLAG_LAMINAR : 0);
+            | (NM_FLAGS_HAS(mptcp_flags, NM_MPTCP_FLAGS_FULLMESH) ? MPTCP_PM_ADDR_FLAG_FULLMESH
+                                                                  : 0);
         NMPlatformMptcpAddr a = {
             .ifindex     = self->priv.ifindex,
             .id          = 0,