rpms
/
NetworkManager
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import NetworkManager-1.32.10-4.el8

This commit is contained in:
CentOS Sources 2021-11-09 04:57:15 -05:00 committed by Stepan Oksanichenko
parent 8a2e4519fb
commit 136bcc0cef
26 changed files with 796 additions and 10508 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.NetworkManager.metadata
View File

@ -1 +1 @@
550918f97f1614532a317465220d6b5cab08d47a SOURCES/NetworkManager-1.30.0.tar.xz
d2b4c08e920b5c96c128041948e3092eedcbba80 SOURCES/NetworkManager-1.32.10.tar.xz

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/NetworkManager-1.30.0.tar.xz
SOURCES/NetworkManager-1.32.10.tar.xz

18
SOURCES/0001-cloud-setup-systemd-unit-rh1791758.patch
View File

@ -1,19 +1,19 @@
From 6069af3e7a7d506c02f007c71e2a9271b8ef3d09 Mon Sep 17 00:00:00 2001
From 45f33b5379c41f34fb1a27452e5f62e2d571e85e Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Thu, 16 Jan 2020 13:40:26 +0100
Subject: [PATCH 1/1] cloud-setup: avoid unsupported systemd settings in
Subject: [PATCH] cloud-setup: avoid unsupported systemd settings in
nm-cloud-setup.service init for rhel-8.2
https://bugzilla.redhat.com/show_bug.cgi?id=1791758
---
clients/cloud-setup/nm-cloud-setup.service.in | 6 +++---
src/nm-cloud-setup/nm-cloud-setup.service.in | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/clients/cloud-setup/nm-cloud-setup.service.in b/clients/cloud-setup/nm-cloud-setup.service.in
index 9866acd8b0ae..a3df3863c4df 100644
--- a/clients/cloud-setup/nm-cloud-setup.service.in
+++ b/clients/cloud-setup/nm-cloud-setup.service.in
@@ -22,15 +22,15 @@ PrivateDevices=yes
diff --git a/src/nm-cloud-setup/nm-cloud-setup.service.in b/src/nm-cloud-setup/nm-cloud-setup.service.in
index f4b0e2638f14..c59bd47574ba 100644
--- a/src/nm-cloud-setup/nm-cloud-setup.service.in
+++ b/src/nm-cloud-setup/nm-cloud-setup.service.in
@@ -28,15 +28,15 @@ PrivateDevices=yes
PrivateTmp=yes
ProtectControlGroups=yes
ProtectHome=yes
@ -33,5 +33,5 @@ index 9866acd8b0ae..a3df3863c4df 100644
[Install]
--
2.26.2
2.31.1

34
SOURCES/0002-firewall-Default-to-iptables-backend-to-preserve-behavior.patch Normal file
View File

@ -0,0 +1,34 @@
From af25d85a43eb2aa59a80c13aa214cbc5509b6815 Mon Sep 17 00:00:00 2001
From: Wen Liang <wenliang@redhat.com>
Date: Wed, 16 Jun 2021 22:43:32 +0200
Subject: [PATCH] firewall: Default to iptables backend to preserve behavior
For upsteam, the default is "nftables" (if nft is installed). On RHEL8, we will
always default to "iptables" to preserve behavior.
---
src/core/nm-firewall-utils.c | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/src/core/nm-firewall-utils.c b/src/core/nm-firewall-utils.c
index a2446553b76f..5525a677cb1d 100644
--- a/src/core/nm-firewall-utils.c
+++ b/src/core/nm-firewall-utils.c
@@ -744,12 +744,9 @@ nm_firewall_config_apply(NMFirewallConfig *self, gboolean shared)
static NMFirewallBackend
_firewall_backend_detect(void)
{
- if (g_file_test(NFT_PATH, G_FILE_TEST_IS_EXECUTABLE))
- return NM_FIREWALL_BACKEND_NFTABLES;
- if (g_file_test(IPTABLES_PATH, G_FILE_TEST_IS_EXECUTABLE))
- return NM_FIREWALL_BACKEND_IPTABLES;
-
- return NM_FIREWALL_BACKEND_NFTABLES;
+ /* For upsteam, the default is "nftables" (if nft is installed). On RHEL8, we will
+ * always default to "iptables" to preserve behavior. */
+ return NM_FIREWALL_BACKEND_IPTABLES;
}
NMFirewallBackend
--
2.31.1

91
SOURCES/1000-bond-avoid-logging-warning-to-set-ad_actor_system-00.patch
View File

@ -1,91 +0,0 @@
From 9f90c590d73eb86e357bf4a854af41b73039342c Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Tue, 23 Feb 2021 13:28:10 +0100
Subject: [PATCH 1/1] bond: avoid logging warning to set
"ad_actor_system=00:00:00:00:00:00"
The bond option ad_actor_system only matters (and is available) with
mode=802.3ad.
When you create a new bond, the sysctl value will be set to "00:00:00:00:00:00".
So this seems to be a valid value, and in fact the default value for
this option. However, kernel will fail with EINVAL to set the sysctl to
"00:00:00:00:00:00". Kernel fails both if the value is already
"00:00:00:00:00:00" (i.e. setting the same value results in an error) and
it also fails otherwise (i.e. we cannot ever reset the value to
"00:00:00:00:00:00", at least not via sysfs).
Avoid the warning in the common case, where the value is already as
expected.
Otherwise, we still get the warning and won't be able to set the right
value. But this is really a limitation of the kernel API where we cannot
do anything about it (in NetworkManager).
https://bugzilla.redhat.com/show_bug.cgi?id=1923999
(cherry picked from commit 9e7af314546d7912ee23b3850230008902aca4d3)
(cherry picked from commit 199ac9b146b0d7b1d6679a8d703822447abc3ce7)
---
libnm-core/nm-core-internal.h | 2 ++
libnm-core/nm-setting-bond.c | 2 +-
src/core/devices/nm-device-bond.c | 18 ++++++++++++++++++
3 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/libnm-core/nm-core-internal.h b/libnm-core/nm-core-internal.h
index d9374fe5a7a8..e386d5e9d074 100644
--- a/libnm-core/nm-core-internal.h
+++ b/libnm-core/nm-core-internal.h
@@ -586,6 +586,8 @@ NMBondOptionType _nm_setting_bond_get_option_type(NMSettingBond *setting, const
const char *nm_setting_bond_get_option_or_default(NMSettingBond *self, const char *option);
+#define NM_BOND_AD_ACTOR_SYSTEM_DEFAULT "00:00:00:00:00:00"
+
/*****************************************************************************/
/* nm_connection_get_uuid() asserts against NULL, which is the right thing to
diff --git a/libnm-core/nm-setting-bond.c b/libnm-core/nm-setting-bond.c
index 2d64ef02b48c..68d4ca88f678 100644
--- a/libnm-core/nm-setting-bond.c
+++ b/libnm-core/nm-setting-bond.c
@@ -337,7 +337,7 @@ _bond_get_option_normalized(NMSettingBond *self, const char *option, gboolean ge
if (nm_streq(option, NM_SETTING_BOND_OPTION_AD_ACTOR_SYSTEM)) {
/* The default value depends on the current mode */
if (mode == NM_BOND_MODE_8023AD)
- return "00:00:00:00:00:00";
+ return NM_BOND_AD_ACTOR_SYSTEM_DEFAULT;
return "";
}
diff --git a/src/core/devices/nm-device-bond.c b/src/core/devices/nm-device-bond.c
index f68c080b1839..5814aef4518f 100644
--- a/src/core/devices/nm-device-bond.c
+++ b/src/core/devices/nm-device-bond.c
@@ -109,6 +109,24 @@ _set_bond_attr(NMDevice *device, const char *attr, const char *value)
int ifindex = nm_device_get_ifindex(device);
gboolean ret;
+ nm_assert(attr && attr[0]);
+ nm_assert(value);
+
+ if (nm_streq(value, NM_BOND_AD_ACTOR_SYSTEM_DEFAULT)
+ && nm_streq(attr, NM_SETTING_BOND_OPTION_AD_ACTOR_SYSTEM)) {
+ gs_free char *cur_val = NULL;
+
+ /* kernel does not allow setting ad_actor_system to "00:00:00:00:00:00". We would thus
+ * log an EINVAL error. Avoid that... at least, if the value is already "00:00:00:00:00:00". */
+ cur_val =
+ nm_platform_sysctl_master_get_option(nm_device_get_platform(device), ifindex, attr);
+ if (nm_streq0(cur_val, NM_BOND_AD_ACTOR_SYSTEM_DEFAULT))
+ return TRUE;
+
+ /* OK, the current value is different, and we will proceed setting "00:00:00:00:00:00".
+ * That will fail, and we will log a warning. There is nothing else to do. */
+ }
+
ret =
nm_platform_sysctl_master_set_option(nm_device_get_platform(device), ifindex, attr, value);
if (!ret)
--
2.29.2

48
SOURCES/1000-platform-fix-capturing-addresses-from-platform-for-assuming-after-restart.patch Normal file
View File

@ -0,0 +1,48 @@
From af06ca8b1190240146f746f8aeca6fd11bfbe6ad Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Thu, 19 Aug 2021 13:35:27 +0200
Subject: [PATCH] platform: fix capturing addresses from platform for assuming
after restart
Commit c631aa48f034 ('platform: capture NMIP[46]Config from platform
with correct (reversed) order of IP addresses') changed this for IPv6
and IPv4, but it's not correct for IPv4.
For IPv6, later `ip addr add` calls adds a new primary address, which
is also listed in `ip addr show` first. Hence, as NMIP6Config tracks
addresses in increasing priority, while NMPlatform tracks them as
exposed by kernel, the order when appending addresses form platform
to NMIP6Config must be reversed.
That is not the case for IPv4. For IPv4, later `ip addr add` calls
add a secondary IP address. Also, in `ip addr show` output they are
appended. Consequently, IPv4 addresses are tracked by NMPlatform with
decreasing priority (in the reverse order than for IPv6).
Fix constructing the NMIP4Config by fixing the address order. This is
important, because during restart devices get assumed and our code would
configure the order of addresses as it finds them.
Fixes: c631aa48f034 ('platform: capture NMIP[46]Config from platform with correct (reversed) order of IP addresses')
(cherry picked from commit c380893dc6757e30b429f968bc90bc1edda68998)
(cherry picked from commit 605373b38ab463826bd7eb80408fb2cfae07ee91)
---
src/core/nm-ip4-config.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/nm-ip4-config.c b/src/core/nm-ip4-config.c
index 90531d0291..52a8faa791 100644
--- a/src/core/nm-ip4-config.c
+++ b/src/core/nm-ip4-config.c
@@ -543,7 +543,7 @@ nm_ip4_config_capture(NMDedupMultiIndex *multi_idx, NMPlatform *platform, int if
head_entry = nm_platform_lookup_object(platform, NMP_OBJECT_TYPE_IP4_ADDRESS, ifindex);
if (head_entry) {
- nmp_cache_iter_for_each_reverse (&iter, head_entry, &plobj) {
+ nmp_cache_iter_for_each (&iter, head_entry, &plobj) {
if (!_nm_ip_config_add_obj(priv->multi_idx,
&priv->idx_ip4_addresses_,
ifindex,
--
2.26.3

41
SOURCES/1001-core-increase-limit-of-open-file-descriptors-for-Net.patch
View File

@ -1,41 +0,0 @@
From a5eb2f55d79b9023fbda6945da09f9bcecea8560 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Sun, 28 Feb 2021 11:18:16 +0100
Subject: [PATCH 1/1] core: increase limit of open file descriptors for
NetworkManager.service
Note that POSIX select() can only handle up to 1024 descriptors. That
means, our code (and the libraries that we use) must not use select().
Note that libndp uses select(), which means NetworkManager will crash
when using file descriptors larger than 1023. On the other hand,
depriving NetworkManager of file descriptors will also crash it.
So libndp must be fixed ([1]).
[1] https://listman.redhat.com/archives/libndp-list/2021-February/msg00000.html
https://bugzilla.redhat.com/show_bug.cgi?id=1926599
(cherry picked from commit a708a172a6a289d5399897e7da3a0e38721b1b7e)
(cherry picked from commit 2ca405fa9bd047593cd299691b74af7f44184c71)
---
data/NetworkManager.service.in | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/data/NetworkManager.service.in b/data/NetworkManager.service.in
index 91ebd9a36e65..9cf1c3d28f47 100644
--- a/data/NetworkManager.service.in
+++ b/data/NetworkManager.service.in
@@ -19,6 +19,10 @@ CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SE
ProtectSystem=true
ProtectHome=read-only
+# We require file descriptors for DHCP etc. When activating many interfaces,
+# the default limit of 1024 is easily reached.
+LimitNOFILE=65536
+
[Install]
WantedBy=multi-user.target
Also=NetworkManager-dispatcher.service
--
2.29.2

59
SOURCES/1001-nmcli-docs-fix-address-order-in-ipv46-addresses-documentation-for-nm-settings-nmcli.patch Normal file
View File

@ -0,0 +1,59 @@
From d0ba892917461659b5b1e429fb217218ff204379 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Thu, 19 Aug 2021 13:53:29 +0200
Subject: [PATCH] nmcli/docs: fix address order in ipv46.addresses
documentation for `man nm-settings-nmcli`
For IPv4, the order is not like for IPv6. Of course not.
Fixes: 7aa4ad0fa22c ('nmcli/docs: better describe ipv[46].addresses in `man nm-settings-nmcli`')
(cherry picked from commit 2f3c2647d2263bf565fd21d14a3db56f6a063b91)
(cherry picked from commit dd8bc31fdb37acc2780f94defeb54e80bb1acf53)
---
src/libnm-core-impl/nm-setting-ip4-config.c | 2 +-
src/libnmc-setting/settings-docs.h.in | 2 +-
src/nmcli/generate-docs-nm-settings-nmcli.xml.in | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/libnm-core-impl/nm-setting-ip4-config.c b/src/libnm-core-impl/nm-setting-ip4-config.c
index b3a18bcae7..a24ebcfb5c 100644
--- a/src/libnm-core-impl/nm-setting-ip4-config.c
+++ b/src/libnm-core-impl/nm-setting-ip4-config.c
@@ -967,7 +967,7 @@ nm_setting_ip4_config_class_init(NMSettingIP4ConfigClass *klass)
* format: a comma separated list of addresses
* description: A list of IPv4 addresses and their prefix length. Multiple addresses
* can be separated by comma. For example "192.168.1.5/24, 10.1.0.5/24".
- * The addresses are listed in increasing priority, meaning the last address will
+ * The addresses are listed in decreasing priority, meaning the first address will
* be the primary address.
* ---end---
*/
diff --git a/src/libnmc-setting/settings-docs.h.in b/src/libnmc-setting/settings-docs.h.in
index 12625d4459..85c5aca1e4 100644
--- a/src/libnmc-setting/settings-docs.h.in
+++ b/src/libnmc-setting/settings-docs.h.in
@@ -226,7 +226,7 @@
#define DESCRIBE_DOC_NM_SETTING_IP_TUNNEL_REMOTE N_("The remote endpoint of the tunnel; the value must contain an IPv4 or IPv6 address.")
#define DESCRIBE_DOC_NM_SETTING_IP_TUNNEL_TOS N_("The type of service (IPv4) or traffic class (IPv6) field to be set on tunneled packets.")
#define DESCRIBE_DOC_NM_SETTING_IP_TUNNEL_TTL N_("The TTL to assign to tunneled packets. 0 is a special value meaning that packets inherit the TTL value.")
-#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_ADDRESSES N_("A list of IPv4 addresses and their prefix length. Multiple addresses can be separated by comma. For example \"192.168.1.5/24, 10.1.0.5/24\". The addresses are listed in increasing priority, meaning the last address will be the primary address.")
+#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_ADDRESSES N_("A list of IPv4 addresses and their prefix length. Multiple addresses can be separated by comma. For example \"192.168.1.5/24, 10.1.0.5/24\". The addresses are listed in decreasing priority, meaning the first address will be the primary address.")
#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DAD_TIMEOUT N_("Timeout in milliseconds used to check for the presence of duplicate IP addresses on the network. If an address conflict is detected, the activation will fail. A zero value means that no duplicate address detection is performed, -1 means the default value (either configuration ipvx.dad-timeout override or zero). A value greater than zero is a timeout in milliseconds. The property is currently implemented only for IPv4.")
#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DHCP_CLIENT_ID N_("A string sent to the DHCP server to identify the local machine which the DHCP server may use to customize the DHCP lease and options. When the property is a hex string ('aa:bb:cc') it is interpreted as a binary client ID, in which case the first byte is assumed to be the 'type' field as per RFC 2132 section 9.14 and the remaining bytes may be an hardware address (e.g. '01:xx:xx:xx:xx:xx:xx' where 1 is the Ethernet ARP type and the rest is a MAC address). If the property is not a hex string it is considered as a non-hardware-address client ID and the 'type' field is set to 0. The special values \"mac\" and \"perm-mac\" are supported, which use the current or permanent MAC address of the device to generate a client identifier with type ethernet (01). Currently, these options only work for ethernet type of links. The special value \"ipv6-duid\" uses the DUID from \"ipv6.dhcp-duid\" property as an RFC4361-compliant client identifier. As IAID it uses \"ipv4.dhcp-iaid\" and falls back to \"ipv6.dhcp-iaid\" if unset. The special value \"duid\" generates a RFC4361-compliant client identifier based on \"ipv4.dhcp-iaid\" and uses a DUID generated by hashing /etc/machine-id. The special value \"stable\" is supported to generate a type 0 client identifier based on the stable-id (see connection.stable-id) and a per-host key. If you set the stable-id, you may want to include the \"${DEVICE}\" or \"${MAC}\" specifier to get a per-device key. If unset, a globally configured default is used. If still unset, the default depends on the DHCP plugin.")
#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DHCP_FQDN N_("If the \"dhcp-send-hostname\" property is TRUE, then the specified FQDN will be sent to the DHCP server when acquiring a lease. This property and \"dhcp-hostname\" are mutually exclusive and cannot be set at the same time.")
diff --git a/src/nmcli/generate-docs-nm-settings-nmcli.xml.in b/src/nmcli/generate-docs-nm-settings-nmcli.xml.in
index 88803094d6..ca5225ba28 100644
--- a/src/nmcli/generate-docs-nm-settings-nmcli.xml.in
+++ b/src/nmcli/generate-docs-nm-settings-nmcli.xml.in
@@ -650,7 +650,7 @@
description="DNS servers priority. The relative priority for DNS servers specified by this setting. A lower numerical value is better (higher priority). Negative values have the special effect of excluding other configurations with a greater numerical priority value; so in presence of at least one negative priority, only DNS servers from connections with the lowest priority value will be used. To avoid all DNS leaks, set the priority of the profile that should be used to the most negative value of all active connections profiles. Zero selects a globally configured default value. If the latter is missing or zero too, it defaults to 50 for VPNs (including WireGuard) and 100 for other connections. Note that the priority is to order DNS settings for multiple active connections. It does not disambiguate multiple DNS servers within the same connection profile. When multiple devices have configurations with the same priority, VPNs will be considered first, then devices with the best (lowest metric) default route and then all other devices. When using dns=default, servers with higher priority will be on top of resolv.conf. To prioritize a given server over another one within the same connection, just specify them in the desired order. Note that commonly the resolver tries name servers in /etc/resolv.conf in the order listed, proceeding with the next server in the list on failure. See for example the &quot;rotate&quot; option of the dns-options setting. If there are any negative DNS priorities, then only name servers from the devices with that lowest priority will be considered. When using a DNS resolver that supports Conditional Forwarding or Split DNS (with dns=dnsmasq or dns=systemd-resolved settings), each connection is used to query domains in its search list. The search domains determine which name servers to ask, and the DNS priority is used to prioritize name servers based on the domain. Queries for domains not present in any search list are routed through connections having the &apos;~.&apos; special wildcard domain, which is added automatically to connections with the default route (or can be added manually). When multiple connections specify the same domain, the one with the best priority (lowest numerical value) wins. If a sub domain is configured on another interface it will be accepted regardless the priority, unless parent domain on the other interface has a negative priority, which causes the sub domain to be shadowed. With Split DNS one can avoid undesired DNS leaks by properly configuring DNS priorities and the search domains, so that only name servers of the desired interface are configured." />
<property name="addresses"
alias="ip4"
- description="A list of IPv4 addresses and their prefix length. Multiple addresses can be separated by comma. For example &quot;192.168.1.5/24, 10.1.0.5/24&quot;. The addresses are listed in increasing priority, meaning the last address will be the primary address." />
+ description="A list of IPv4 addresses and their prefix length. Multiple addresses can be separated by comma. For example &quot;192.168.1.5/24, 10.1.0.5/24&quot;. The addresses are listed in decreasing priority, meaning the first address will be the primary address." />
<property name="gateway"
alias="gw4"
description="The gateway associated with this configuration. This is only meaningful if &quot;addresses&quot; is also set. The gateway&apos;s main purpose is to control the next hop of the standard default route on the device. Hence, the gateway property conflicts with &quot;never-default&quot; and will be automatically dropped if the IP configuration is set to never-default. As an alternative to set the gateway, configure a static default route with /0 as prefix length." />
--
2.26.3

81
SOURCES/1002-initrd-apply-mtu-to-bond-connection.patch
View File

@ -1,81 +0,0 @@
From 9ab6906ea1c2ddd23a3926b35ed75128dd302d13 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Mon, 1 Mar 2021 21:16:08 +0100
Subject: [PATCH] initrd: apply the MTU from bond= argument to the bond
connection
Currently the MTU specified in:
bond=<bondname>[:<bondslaves>:[:<options>[:<mtu>]]]
gets applied to the bond ports. Instead it should be applied to the
bond itself.
Fixes: ecc074b2f8a6 ('initrd: add command line parser')
https://bugzilla.redhat.com/show_bug.cgi?id=1932502
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/767
(cherry picked from commit 8df3ef5063cf0f8ee904f8fd39e9e64cc60836eb)
(cherry picked from commit 43d16d2cd63a3443704ca7bb539ba5cb673ba183)
---
src/core/initrd/nmi-cmdline-reader.c | 5 +++--
src/core/initrd/tests/test-cmdline-reader.c | 7 ++++++-
2 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/src/core/initrd/nmi-cmdline-reader.c b/src/core/initrd/nmi-cmdline-reader.c
index 508ef2b25c..5f40f63ef2 100644
--- a/src/core/initrd/nmi-cmdline-reader.c
+++ b/src/core/initrd/nmi-cmdline-reader.c
@@ -764,6 +764,9 @@ reader_parse_master(Reader *reader, char *argument, const char *type_name, const
mtu = get_word(&argument, ':');
}
+ if (mtu)
+ connection_set(connection, NM_SETTING_WIRED_SETTING_NAME, NM_SETTING_WIRED_MTU, mtu);
+
do {
slave = get_word(&slaves, ',');
if (slave == NULL)
@@ -777,8 +780,6 @@ reader_parse_master(Reader *reader, char *argument, const char *type_name, const
NM_SETTING_CONNECTION_MASTER,
master,
NULL);
- if (mtu)
- connection_set(connection, NM_SETTING_WIRED_SETTING_NAME, NM_SETTING_WIRED_MTU, mtu);
} while (slaves && *slaves != '\0');
if (argument && *argument)
diff --git a/src/core/initrd/tests/test-cmdline-reader.c b/src/core/initrd/tests/test-cmdline-reader.c
index 33fb22d364..4b450aae0f 100644
--- a/src/core/initrd/tests/test-cmdline-reader.c
+++ b/src/core/initrd/tests/test-cmdline-reader.c
@@ -825,13 +825,14 @@ test_bond(void)
{
gs_unref_hashtable GHashTable *connections = NULL;
const char *const * ARGV = NM_MAKE_STRV("rd.route=192.0.2.53::bong0",
- "bond=bong0:eth0,eth1:mode=balance-rr",
+ "bond=bong0:eth0,eth1:mode=balance-rr:9000",
"nameserver=203.0.113.53");
NMConnection * connection;
NMSettingConnection * s_con;
NMSettingIPConfig * s_ip4;
NMSettingIPConfig * s_ip6;
NMSettingBond * s_bond;
+ NMSettingWired * s_wired;
NMIPRoute * ip_route;
const char * master_uuid;
@@ -847,6 +848,10 @@ test_bond(void)
master_uuid = nm_connection_get_uuid(connection);
g_assert(master_uuid);
+ s_wired = nm_connection_get_setting_wired(connection);
+ g_assert(s_wired);
+ g_assert_cmpint(nm_setting_wired_get_mtu(s_wired), ==, 9000);
+
s_ip4 = nm_connection_get_setting_ip4_config(connection);
g_assert(s_ip4);
g_assert_cmpstr(nm_setting_ip_config_get_method(s_ip4), ==, NM_SETTING_IP4_CONFIG_METHOD_AUTO);
--
2.29.2

19
SOURCES/1013-platform-preserve-IPv6-multicast-route-added-by-kern.patch → SOURCES/1002-preserve-IPv6-multicast-route-rh2004212.patch
View File

@ -1,4 +1,4 @@
From d01912d2fc964af30b3c9a47e98c7925a5f60c07 Mon Sep 17 00:00:00 2001
From 5f25baaba435aaa71e63350eac72afbf4d4513fd Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Fri, 17 Sep 2021 13:53:18 +0200
Subject: [PATCH] platform: preserve IPv6 multicast route added by kernel
@ -26,16 +26,15 @@ https://bugzilla.redhat.com/show_bug.cgi?id=2004212
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/984
(cherry picked from commit 8003ca68f770c69e109c16f638abbcce44af9439)
(cherry picked from commit ce8eb446b4d9465a906bf8952c1b454dab8d0c7c)
(cherry picked from commit d01912d2fc964af30b3c9a47e98c7925a5f60c07)
---
src/core/platform/nm-platform.c | 39 +++++++++++++++++++++++++++++++++
src/libnm-platform/nm-platform.c | 39 ++++++++++++++++++++++++++++++++
1 file changed, 39 insertions(+)
diff --git a/src/core/platform/nm-platform.c b/src/core/platform/nm-platform.c
index 459a330717..febc3a8d6f 100644
--- a/src/core/platform/nm-platform.c
+++ b/src/core/platform/nm-platform.c
@@ -4359,6 +4359,7 @@ nm_platform_ip_route_get_prune_list(NMPlatform * self,
diff --git a/src/libnm-platform/nm-platform.c b/src/libnm-platform/nm-platform.c
index 6c0d0015d6..b7a65df597 100644
--- a/src/libnm-platform/nm-platform.c
+++ b/src/libnm-platform/nm-platform.c
@@ -4304,6 +4304,7 @@ nm_platform_ip_route_get_prune_list(NMPlatform * self,
CList * iter;
NMPlatformIP4Route rt_local4;
NMPlatformIP6Route rt_local6;
@ -43,7 +42,7 @@ index 459a330717..febc3a8d6f 100644
const NMPlatformLink * pllink;
const NMPlatformLnkVrf * lnk_vrf;
guint32 local_table;
@@ -4383,6 +4384,7 @@ nm_platform_ip_route_get_prune_list(NMPlatform * self,
@@ -4328,6 +4329,7 @@ nm_platform_ip_route_get_prune_list(NMPlatform * self,
rt_local4.plen = 0;
rt_local6.plen = 0;
@ -51,7 +50,7 @@ index 459a330717..febc3a8d6f 100644
routes_prune = g_ptr_array_new_full(head_entry->len, (GDestroyNotify) nm_dedup_multi_obj_unref);
@@ -4475,6 +4477,43 @@ nm_platform_ip_route_get_prune_list(NMPlatform * self,
@@ -4420,6 +4422,43 @@ nm_platform_ip_route_get_prune_list(NMPlatform * self,
== 0)
continue;
}

68
SOURCES/1003-bond-only-restore-mac-if-cloned.patch
View File

@ -1,68 +0,0 @@
From ccc66f603d5fac8748d2271d051bbd1c42eeb682 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Sat, 6 Mar 2021 11:35:12 +0100
Subject: [PATCH] bond: restore MAC on release only when there is a cloned MAC
address
Currently we unconditionally reset the MAC to the previous value after
releasing ports. This has some disadvantages:
- by default, after the last port is removed the bond will have one
of the previous port's address, which could conflict with the port;
- in some cases, changing the bond MAC is not possible. For example
when the bond is active-backup and has fail_over_mac=1|2. In such
case the netlink call succeeds, but the address doesn't
change; then NM would keep waiting for some time.
Don't try to restore the MAC unless the bond connection has a cloned
MAC set.
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/775
(cherry picked from commit 190fd9aa9f3fbf5705c2b80b9fc64c89d22b7593)
(cherry picked from commit 4c1e60549a5be170185a77439379cc170d6b3631)
---
src/core/devices/nm-device-bond.c | 20 ++++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
diff --git a/src/core/devices/nm-device-bond.c b/src/core/devices/nm-device-bond.c
index 5814aef451..247ce41c07 100644
--- a/src/core/devices/nm-device-bond.c
+++ b/src/core/devices/nm-device-bond.c
@@ -444,9 +444,10 @@ release_slave(NMDevice *device, NMDevice *slave, gboolean configure)
_LOGD(LOGD_BOND, "bond slave %s is already released", nm_device_get_ip_iface(slave));
if (configure) {
- /* When the last slave is released the bond MAC will be set to a random
- * value by kernel; remember the current one and restore it afterwards.
- */
+ NMConnection * applied;
+ NMSettingWired *s_wired;
+ const char * cloned_mac;
+
address = g_strdup(nm_device_get_hw_address(device));
if (ifindex_slave > 0) {
@@ -461,9 +462,16 @@ release_slave(NMDevice *device, NMDevice *slave, gboolean configure)
}
}
- nm_platform_process_events(nm_device_get_platform(device));
- if (nm_device_update_hw_address(device))
- nm_device_hw_addr_set(device, address, "restore", FALSE);
+ if ((applied = nm_device_get_applied_connection(device))
+ && ((s_wired = nm_connection_get_setting_wired(applied)))
+ && ((cloned_mac = nm_setting_wired_get_cloned_mac_address(s_wired)))) {
+ /* When the last slave is released the bond MAC will be set to a random
+ * value by kernel; if we have set a cloned-mac-address, we need to
+ * restore it to the previous value. */
+ nm_platform_process_events(nm_device_get_platform(device));
+ if (nm_device_update_hw_address(device))
+ nm_device_hw_addr_set(device, address, "restore", FALSE);
+ }
/* Kernel bonding code "closes" the slave when releasing it, (which clears
* IFF_UP), so we must bring it back up here to ensure carrier changes and
--
2.29.2

1076
SOURCES/1014-default-route-inter-feres-with-other-subnets-on-the-VM.patch → SOURCES/1003-cloud-setup-better-handle-other-routes-rh1977984.patch
View File

File diff suppressed because it is too large Load Diff

570
SOURCES/1004-fix-handling-generated-local-routes-rh1907661.patch
View File

@ -1,570 +0,0 @@
From 549687f0202469289cef3ac322f81a04677873b6 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Tue, 23 Mar 2021 17:48:43 +0100
Subject: [PATCH 1/6] core: avoid logging pointer value in
nm_device_set_ip_config()
(cherry picked from commit 5da8c073efd67f12292c1c5c67ada64b9c9f5a6c)
(cherry picked from commit c0e937c8b9a1077d1e77c3fe1f480b6e5b54c55b)
---
src/core/devices/nm-device.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/core/devices/nm-device.c b/src/core/devices/nm-device.c
index 040dd0b4d367..44b87490c17e 100644
--- a/src/core/devices/nm-device.c
+++ b/src/core/devices/nm-device.c
@@ -13496,10 +13496,10 @@ nm_device_set_ip_config(NMDevice * self,
nm_assert(IS_IPv4 || !ip4_dev_route_blacklist);
_LOGD(LOGD_IPX(IS_IPv4),
- "ip%c-config: update (commit=%d, new-config=%p)",
+ "ip%c-config: update (commit=%d, new-config=" NM_HASH_OBFUSCATE_PTR_FMT")",
nm_utils_addr_family_to_char(addr_family),
commit,
- new_config);
+ NM_HASH_OBFUSCATE_PTR(new_config));
/* Always commit to nm-platform to update lifetimes */
if (commit && new_config) {
--
2.30.2
From a633a7855bb08afc9709a8dbed01fb5e4278d540 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Tue, 23 Mar 2021 17:56:37 +0100
Subject: [PATCH 2/6] core: log route-table-sync-mode in
nm_device_set_ip_config()
(cherry picked from commit f6db2c6261b560ec34b56eeeb3766c9165f5619b)
(cherry picked from commit 2fb1a22e2be6d9e83bfc9e9873f93976286a55b0)
---
src/core/devices/nm-device.c | 28 ++++++++++++++++++----------
1 file changed, 18 insertions(+), 10 deletions(-)
diff --git a/src/core/devices/nm-device.c b/src/core/devices/nm-device.c
index 44b87490c17e..5eaf8c23e7da 100644
--- a/src/core/devices/nm-device.c
+++ b/src/core/devices/nm-device.c
@@ -13478,12 +13478,13 @@ nm_device_set_ip_config(NMDevice * self,
gboolean commit,
GPtrArray * ip4_dev_route_blacklist)
{
- NMDevicePrivate * priv = NM_DEVICE_GET_PRIVATE(self);
- const int IS_IPv4 = NM_IS_IPv4(addr_family);
- NMIPConfig * old_config;
- gboolean has_changes = FALSE;
- gboolean success = TRUE;
- NMSettingsConnection *settings_connection;
+ NMDevicePrivate * priv = NM_DEVICE_GET_PRIVATE(self);
+ const int IS_IPv4 = NM_IS_IPv4(addr_family);
+ NMIPConfig * old_config;
+ gboolean has_changes = FALSE;
+ gboolean success = TRUE;
+ NMSettingsConnection * settings_connection;
+ NMIPRouteTableSyncMode route_table_sync_mode;
nm_assert_addr_family(addr_family);
nm_assert(!new_config || nm_ip_config_get_addr_family(new_config) == addr_family);
@@ -13495,11 +13496,18 @@ nm_device_set_ip_config(NMDevice * self,
})));
nm_assert(IS_IPv4 || !ip4_dev_route_blacklist);
+ if (commit && new_config)
+ route_table_sync_mode = _get_route_table_sync_mode_stateful(self, addr_family);
+ else
+ route_table_sync_mode = NM_IP_ROUTE_TABLE_SYNC_MODE_NONE;
+
_LOGD(LOGD_IPX(IS_IPv4),
- "ip%c-config: update (commit=%d, new-config=" NM_HASH_OBFUSCATE_PTR_FMT")",
+ "ip%c-config: update (commit=%d, new-config=" NM_HASH_OBFUSCATE_PTR_FMT
+ ", route-table-sync-mode=%d)",
nm_utils_addr_family_to_char(addr_family),
commit,
- NM_HASH_OBFUSCATE_PTR(new_config));
+ NM_HASH_OBFUSCATE_PTR(new_config),
+ (int) route_table_sync_mode);
/* Always commit to nm-platform to update lifetimes */
if (commit && new_config) {
@@ -13508,7 +13516,7 @@ nm_device_set_ip_config(NMDevice * self,
if (IS_IPv4) {
success = nm_ip4_config_commit(NM_IP4_CONFIG(new_config),
nm_device_get_platform(self),
- _get_route_table_sync_mode_stateful(self, AF_INET));
+ route_table_sync_mode);
nm_platform_ip4_dev_route_blacklist_set(nm_device_get_platform(self),
nm_ip_config_get_ifindex(new_config),
ip4_dev_route_blacklist);
@@ -13517,7 +13525,7 @@ nm_device_set_ip_config(NMDevice * self,
success = nm_ip6_config_commit(NM_IP6_CONFIG(new_config),
nm_device_get_platform(self),
- _get_route_table_sync_mode_stateful(self, AF_INET6),
+ route_table_sync_mode,
&temporary_not_available);
if (!_rt6_temporary_not_available_set(self, temporary_not_available))
--
2.30.2
From a9aead98e4c2d5ce73ab6388360139489f677320 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Mon, 22 Mar 2021 17:31:35 +0100
Subject: [PATCH 3/6] core: add NM_IP_ROUTE_TABLE_SYNC_MODE_ALL_PRUNE mode
When we deactivate a device, we flush all IP addresses and
routes. Thus, have yet another sync mode for that. It will sync more
than "ALL".
(cherry picked from commit e226b5eb829e5e8c623948e35d406e815cd05089)
(cherry picked from commit b263454f241ea944d87e13f935530d0539343bce)
---
src/core/nm-types.h | 12 ++++++++----
src/core/platform/nm-platform.c | 29 +++++++++++++++++++----------
2 files changed, 27 insertions(+), 14 deletions(-)
diff --git a/src/core/nm-types.h b/src/core/nm-types.h
index ab2314594d4a..8a32b7d20459 100644
--- a/src/core/nm-types.h
+++ b/src/core/nm-types.h
@@ -245,12 +245,16 @@ typedef enum {
* local table (255).
* @NM_IP_ROUTE_TABLE_SYNC_MODE_ALL: NM will sync all tables, including the
* local table (255).
+ * @NM_IP_ROUTE_TABLE_SYNC_MODE_ALL_PRUNE: NM will sync all tables (including
+ * the local table). It will thereby remove all addresses, that is during
+ * deactivation.
*/
typedef enum {
- NM_IP_ROUTE_TABLE_SYNC_MODE_NONE = 0,
- NM_IP_ROUTE_TABLE_SYNC_MODE_MAIN = 1,
- NM_IP_ROUTE_TABLE_SYNC_MODE_FULL = 2,
- NM_IP_ROUTE_TABLE_SYNC_MODE_ALL = 3,
+ NM_IP_ROUTE_TABLE_SYNC_MODE_NONE,
+ NM_IP_ROUTE_TABLE_SYNC_MODE_MAIN,
+ NM_IP_ROUTE_TABLE_SYNC_MODE_FULL,
+ NM_IP_ROUTE_TABLE_SYNC_MODE_ALL,
+ NM_IP_ROUTE_TABLE_SYNC_MODE_ALL_PRUNE,
} NMIPRouteTableSyncMode;
/* settings */
diff --git a/src/core/platform/nm-platform.c b/src/core/platform/nm-platform.c
index 0e5f8ab54806..8cfcf8bc6654 100644
--- a/src/core/platform/nm-platform.c
+++ b/src/core/platform/nm-platform.c
@@ -4363,7 +4363,8 @@ nm_platform_ip_route_get_prune_list(NMPlatform * self,
nm_assert(NM_IN_SET(route_table_sync,
NM_IP_ROUTE_TABLE_SYNC_MODE_MAIN,
NM_IP_ROUTE_TABLE_SYNC_MODE_FULL,
- NM_IP_ROUTE_TABLE_SYNC_MODE_ALL));
+ NM_IP_ROUTE_TABLE_SYNC_MODE_ALL,
+ NM_IP_ROUTE_TABLE_SYNC_MODE_ALL_PRUNE));
nmp_lookup_init_object(&lookup, NMP_OBJECT_TYPE_IP_ROUTE(NM_IS_IPv4(addr_family)), ifindex);
head_entry = nm_platform_lookup(self, &lookup);
@@ -4375,16 +4376,24 @@ nm_platform_ip_route_get_prune_list(NMPlatform * self,
c_list_for_each (iter, &head_entry->lst_entries_head) {
const NMPObject *obj = c_list_entry(iter, NMDedupMultiEntry, lst_entries)->obj;
- if (route_table_sync == NM_IP_ROUTE_TABLE_SYNC_MODE_FULL) {
- if (nm_platform_ip_route_get_effective_table(NMP_OBJECT_CAST_IP_ROUTE(obj))
- == RT_TABLE_LOCAL)
- continue;
- } else if (route_table_sync == NM_IP_ROUTE_TABLE_SYNC_MODE_MAIN) {
+ switch (route_table_sync) {
+ case NM_IP_ROUTE_TABLE_SYNC_MODE_MAIN:
if (!nm_platform_route_table_is_main(
nm_platform_ip_route_get_effective_table(NMP_OBJECT_CAST_IP_ROUTE(obj))))
continue;
- } else
- nm_assert(route_table_sync == NM_IP_ROUTE_TABLE_SYNC_MODE_ALL);
+ break;
+ case NM_IP_ROUTE_TABLE_SYNC_MODE_FULL:
+ if (nm_platform_ip_route_get_effective_table(NMP_OBJECT_CAST_IP_ROUTE(obj))
+ == RT_TABLE_LOCAL)
+ continue;
+ break;
+ case NM_IP_ROUTE_TABLE_SYNC_MODE_ALL:
+ case NM_IP_ROUTE_TABLE_SYNC_MODE_ALL_PRUNE:
+ break;
+ default:
+ nm_assert_not_reached();
+ break;
+ }
g_ptr_array_add(routes_prune, (gpointer) nmp_object_ref(obj));
}
@@ -4679,7 +4688,7 @@ nm_platform_ip_route_flush(NMPlatform *self, int addr_family, int ifindex)
routes_prune = nm_platform_ip_route_get_prune_list(self,
AF_INET,
ifindex,
- NM_IP_ROUTE_TABLE_SYNC_MODE_ALL);
+ NM_IP_ROUTE_TABLE_SYNC_MODE_ALL_PRUNE);
success &= nm_platform_ip_route_sync(self, AF_INET, ifindex, NULL, routes_prune, NULL);
}
if (NM_IN_SET(addr_family, AF_UNSPEC, AF_INET6)) {
@@ -4688,7 +4697,7 @@ nm_platform_ip_route_flush(NMPlatform *self, int addr_family, int ifindex)
routes_prune = nm_platform_ip_route_get_prune_list(self,
AF_INET6,
ifindex,
- NM_IP_ROUTE_TABLE_SYNC_MODE_ALL);
+ NM_IP_ROUTE_TABLE_SYNC_MODE_ALL_PRUNE);
success &= nm_platform_ip_route_sync(self, AF_INET6, ifindex, NULL, routes_prune, NULL);
}
return success;
--
2.30.2
From 7e6bf896b89c6c51f3524fa26f1214f65e748843 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Mon, 22 Mar 2021 21:43:47 +0100
Subject: [PATCH 4/6] core: don't add ff00::/8 unicast route to
nm_ip6_config_add_dependent_routes()
This effectively reverts commit cd89026c5f4f ('core: add dependent
multicast route configured by kernel for IPv6').
It's not clear to me why this was done or why it would be correct.
True, kernel automatically adds multicast route like
multicast ff00::/8 dev $IFACE table local proto kernel metric 256 pref medium
But NetworkManager ignores all multicast routes for now. So the dependent
routes cannot contain multicast routes as they are not handled. Also,
the code added a unicast route, so I don't understand why the comment
is talking about multicast.
This seems just wrong. Drop it.
(cherry picked from commit c29d995000a147cecbe1dbaa9607936c1844ba10)
(cherry picked from commit 40bc834176fbe8c17a22c7ea77f3cb8aa6c407b6)
---
src/core/nm-ip6-config.c | 17 -----------------
1 file changed, 17 deletions(-)
diff --git a/src/core/nm-ip6-config.c b/src/core/nm-ip6-config.c
index 1f7def346510..f498fc796a44 100644
--- a/src/core/nm-ip6-config.c
+++ b/src/core/nm-ip6-config.c
@@ -396,23 +396,6 @@ nm_ip6_config_add_dependent_routes(NMIP6Config *self,
*
* For manually added IPv6 routes, add the device routes explicitly. */
- /* Pre-generate multicast route */
- {
- nm_auto_nmpobj NMPObject *r = NULL;
- NMPlatformIP6Route * route;
-
- r = nmp_object_new(NMP_OBJECT_TYPE_IP6_ROUTE, NULL);
- route = NMP_OBJECT_CAST_IP6_ROUTE(r);
- route->ifindex = ifindex;
- route->network.s6_addr[0] = 0xffu;
- route->plen = 8;
- route->table_coerced = nm_platform_route_table_coerce(RT_TABLE_LOCAL);
- route->type_coerced = nm_platform_route_type_coerce(RTN_UNICAST);
- route->metric = 256;
-
- _add_route(self, r, NULL, NULL);
- }
-
nm_ip_config_iter_ip6_address_for_each (&iter, self, &my_addr) {
NMPlatformIP6Route *route;
gboolean has_peer;
--
2.30.2
From 542388d6b508981656eb96e6940fdf3359ac1353 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Tue, 23 Mar 2021 10:05:30 +0100
Subject: [PATCH 5/6] core: minor cleanup in
nm_platform_ip_route_get_prune_list()
(cherry picked from commit fe1bf4c907c29997cbc6a28bc0781bfc419cb07f)
(cherry picked from commit 087c7f394cbffcf4bc786a8e92825059d340dfc9)
---
src/core/platform/nm-platform.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/core/platform/nm-platform.c b/src/core/platform/nm-platform.c
index 8cfcf8bc6654..45636ea85ed3 100644
--- a/src/core/platform/nm-platform.c
+++ b/src/core/platform/nm-platform.c
@@ -4374,22 +4374,22 @@ nm_platform_ip_route_get_prune_list(NMPlatform * self,
routes_prune = g_ptr_array_new_full(head_entry->len, (GDestroyNotify) nm_dedup_multi_obj_unref);
c_list_for_each (iter, &head_entry->lst_entries_head) {
- const NMPObject *obj = c_list_entry(iter, NMDedupMultiEntry, lst_entries)->obj;
+ const NMPObject * obj = c_list_entry(iter, NMDedupMultiEntry, lst_entries)->obj;
+ const NMPlatformIPXRoute *rt = NMP_OBJECT_CAST_IPX_ROUTE(obj);
switch (route_table_sync) {
case NM_IP_ROUTE_TABLE_SYNC_MODE_MAIN:
- if (!nm_platform_route_table_is_main(
- nm_platform_ip_route_get_effective_table(NMP_OBJECT_CAST_IP_ROUTE(obj))))
+ if (!nm_platform_route_table_is_main(nm_platform_ip_route_get_effective_table(&rt->rx)))
continue;
break;
case NM_IP_ROUTE_TABLE_SYNC_MODE_FULL:
- if (nm_platform_ip_route_get_effective_table(NMP_OBJECT_CAST_IP_ROUTE(obj))
- == RT_TABLE_LOCAL)
+ if (nm_platform_ip_route_get_effective_table(&rt->rx) == RT_TABLE_LOCAL)
continue;
break;
case NM_IP_ROUTE_TABLE_SYNC_MODE_ALL:
case NM_IP_ROUTE_TABLE_SYNC_MODE_ALL_PRUNE:
break;
+
default:
nm_assert_not_reached();
break;
--
2.30.2
From 0a331bb0f4646e3590e30660ed5c4bf599275a8b Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Fri, 19 Mar 2021 21:20:52 +0100
Subject: [PATCH 6/6] core: don't add dependent local route for addresses
When adding an IPv4 address, kernel automatically adds a local route.
This is done by fib_add_ifaddr(). Note that if the address is
IFA_F_SECONDARY, then the "src" is the primary address. That means, with
nmcli connection add con-name t type ethernet ifname t autoconnect no \
ipv4.method manual ipv6.method disabled \
ipv4.addresses '192.168.77.10/24, 192.168.77.11/24'
we get two routes:
"local 192.168.77.10 dev t table local proto kernel scope host src 192.168.77.10"
"local 192.168.77.11 dev t table local proto kernel scope host src 192.168.77.10"
Our code would only generate instead:
"local 192.168.77.10 dev t table local proto kernel scope host src 192.168.77.10"
"local 192.168.77.11 dev t table local proto kernel scope host src 192.168.77.11"
Afterwards, this artificial route will be leaked:
#!/bin/bash
set -vx
nmcli connection delete t || :
ip link delete t || :
ip link add name t type veth peer t-veth
nmcli connection add con-name t type ethernet ifname t autoconnect no ipv4.method manual ipv4.addresses '192.168.77.10/24, 192.168.77.11/24' ipv6.method disabled
nmcli connection up t
ip route show table all dev t | grep --color '^\|192.168.77.11'
sleep 1
nmcli device modify t -ipv4.addresses 192.168.77.11/24
ip route show table all dev t | grep --color '^\|192.168.77.11'
ip route show table all dev t | grep -q 192.168.77.11 && echo "the local route 192.168.77.11 is still there, because NM adds a local route with wrong pref-src"
It will also be leaked because in the example above ipv4.route-table is
unset, so we are not in full route sync mode and the local table is not
synced.
This was introduced by commit 3e5fc04df320 ('core: add dependent local
routes configured by kernel'), but it's unclear to me why we really need
this. Drop it again and effectively revert commit 3e5fc04df320 ('core:
add dependent local routes configured by kernel').
I think this "solution" is still bad. We need to improve our route sync
approach with L3Cfg rework. For now, it's probably good enough.
https://bugzilla.redhat.com/show_bug.cgi?id=1907661
(cherry picked from commit 557644f5e03a77b3ebe09ceba672217959cf3bdc)
(cherry picked from commit eb1c607c7054ff6b60209ef3afb10db74e19305e)
---
src/core/nm-ip4-config.c | 15 ------
src/core/nm-ip6-config.c | 16 ------
src/core/platform/nm-platform.c | 91 +++++++++++++++++++++++++++++++++
3 files changed, 91 insertions(+), 31 deletions(-)
diff --git a/src/core/nm-ip4-config.c b/src/core/nm-ip4-config.c
index c49dfb4c34b8..608b7fc8b70c 100644
--- a/src/core/nm-ip4-config.c
+++ b/src/core/nm-ip4-config.c
@@ -649,21 +649,6 @@ nm_ip4_config_add_dependent_routes(NMIP4Config *self,
if (my_addr->external)
continue;
- /* Pre-generate local route added by kernel */
- r = nmp_object_new(NMP_OBJECT_TYPE_IP4_ROUTE, NULL);
- route = NMP_OBJECT_CAST_IP4_ROUTE(r);
- route->ifindex = ifindex;
- route->rt_source = NM_IP_CONFIG_SOURCE_KERNEL;
- route->network = my_addr->address;
- route->plen = 32;
- route->pref_src = my_addr->address;
- route->type_coerced = nm_platform_route_type_coerce(RTN_LOCAL);
- route->scope_inv = nm_platform_route_scope_inv(RT_SCOPE_HOST);
- route->table_coerced =
- nm_platform_route_table_coerce(is_vrf ? route_table : RT_TABLE_LOCAL);
- _add_route(self, r, NULL, NULL);
- nm_clear_pointer(&r, nmp_object_unref);
-
if (nm_utils_ip4_address_is_zeronet(network)) {
/* Kernel doesn't add device-routes for destinations that
* start with 0.x.y.z. Skip them. */
diff --git a/src/core/nm-ip6-config.c b/src/core/nm-ip6-config.c
index f498fc796a44..1e36050d9bff 100644
--- a/src/core/nm-ip6-config.c
+++ b/src/core/nm-ip6-config.c
@@ -404,22 +404,6 @@ nm_ip6_config_add_dependent_routes(NMIP6Config *self,
if (my_addr->external)
continue;
- {
- nm_auto_nmpobj NMPObject *r = NULL;
-
- /* Pre-generate local route added by kernel */
- r = nmp_object_new(NMP_OBJECT_TYPE_IP6_ROUTE, NULL);
- route = NMP_OBJECT_CAST_IP6_ROUTE(r);
- route->ifindex = ifindex;
- route->network = my_addr->address;
- route->plen = 128;
- route->type_coerced = nm_platform_route_type_coerce(RTN_LOCAL);
- route->metric = 0;
- route->table_coerced =
- nm_platform_route_table_coerce(is_vrf ? route_table : RT_TABLE_LOCAL);
- _add_route(self, r, NULL, NULL);
- }
-
if (NM_FLAGS_HAS(my_addr->n_ifa_flags, IFA_F_NOPREFIXROUTE))
continue;
if (my_addr->plen == 0)
diff --git a/src/core/platform/nm-platform.c b/src/core/platform/nm-platform.c
index 45636ea85ed3..459a33071700 100644
--- a/src/core/platform/nm-platform.c
+++ b/src/core/platform/nm-platform.c
@@ -4357,6 +4357,11 @@ nm_platform_ip_route_get_prune_list(NMPlatform * self,
GPtrArray * routes_prune;
const NMDedupMultiHeadEntry *head_entry;
CList * iter;
+ NMPlatformIP4Route rt_local4;
+ NMPlatformIP6Route rt_local6;
+ const NMPlatformLink * pllink;
+ const NMPlatformLnkVrf * lnk_vrf;
+ guint32 local_table;
nm_assert(NM_IS_PLATFORM(self));
nm_assert(NM_IN_SET(addr_family, AF_INET, AF_INET6));
@@ -4371,6 +4376,14 @@ nm_platform_ip_route_get_prune_list(NMPlatform * self,
if (!head_entry)
return NULL;
+ lnk_vrf = nm_platform_link_get_lnk_vrf(self, ifindex, &pllink);
+ if (!lnk_vrf && pllink && pllink->master > 0)
+ lnk_vrf = nm_platform_link_get_lnk_vrf(self, pllink->master, NULL);
+ local_table = lnk_vrf ? lnk_vrf->table : RT_TABLE_LOCAL;
+
+ rt_local4.plen = 0;
+ rt_local6.plen = 0;
+
routes_prune = g_ptr_array_new_full(head_entry->len, (GDestroyNotify) nm_dedup_multi_obj_unref);
c_list_for_each (iter, &head_entry->lst_entries_head) {
@@ -4387,6 +4400,84 @@ nm_platform_ip_route_get_prune_list(NMPlatform * self,
continue;
break;
case NM_IP_ROUTE_TABLE_SYNC_MODE_ALL:
+
+ /* FIXME: we should better handle routes that are automatically added by kernel.
+ *
+ * For now, make a good guess which are those routes and exclude them from
+ * pruning them. */
+
+ if (NM_IS_IPv4(addr_family)) {
+ /* for each IPv4 address kernel adds a route like
+ *
+ * local $ADDR dev $IFACE table local proto kernel scope host src $PRIMARY_ADDR
+ *
+ * Check whether route could be of that kind. */
+ if (nm_platform_ip_route_get_effective_table(&rt->rx) == local_table
+ && rt->rx.plen == 32 && rt->rx.rt_source == NM_IP_CONFIG_SOURCE_RTPROT_KERNEL
+ && rt->rx.metric == 0
+ && rt->r4.scope_inv == nm_platform_route_scope_inv(RT_SCOPE_HOST)
+ && rt->r4.gateway == INADDR_ANY) {
+ if (rt_local4.plen == 0) {
+ rt_local4 = (NMPlatformIP4Route){
+ .ifindex = ifindex,
+ .type_coerced = nm_platform_route_type_coerce(RTN_LOCAL),
+ .plen = 32,
+ .rt_source = NM_IP_CONFIG_SOURCE_RTPROT_KERNEL,
+ .metric = 0,
+ .table_coerced = nm_platform_route_table_coerce(local_table),
+ .scope_inv = nm_platform_route_scope_inv(RT_SCOPE_HOST),
+ .gateway = INADDR_ANY,
+ };
+ }
+
+ /* the possible "network" depends on the addresses we have. We don't check that
+ * carefully. If the other parameters match, we assume that this route is the one
+ * generated by kernel. */
+ rt_local4.network = rt->r4.network;
+ rt_local4.pref_src = rt->r4.pref_src;
+
+ /* to be more confident about comparing the value, use our nm_platform_ip4_route_cmp()
+ * implementation. That will also consider parameters that we leave unspecified here. */
+ if (nm_platform_ip4_route_cmp(&rt->r4,
+ &rt_local4,
+ NM_PLATFORM_IP_ROUTE_CMP_TYPE_SEMANTICALLY)
+ == 0)
+ continue;
+ }
+ } else {
+ /* for each IPv6 address (that is no longer tentative) kernel adds a route like
+ *
+ * local $ADDR dev $IFACE table local proto kernel metric 0 pref medium
+ *
+ * Same as for the IPv4 case. */
+ if (nm_platform_ip_route_get_effective_table(&rt->rx) == local_table
+ && rt->rx.plen == 128 && rt->rx.rt_source == NM_IP_CONFIG_SOURCE_RTPROT_KERNEL
+ && rt->rx.metric == 0 && rt->r6.rt_pref == NM_ICMPV6_ROUTER_PREF_MEDIUM
+ && IN6_IS_ADDR_UNSPECIFIED(&rt->r6.gateway)) {
+ if (rt_local6.plen == 0) {
+ rt_local6 = (NMPlatformIP6Route){
+ .ifindex = ifindex,
+ .type_coerced = nm_platform_route_type_coerce(RTN_LOCAL),
+ .plen = 128,
+ .rt_source = NM_IP_CONFIG_SOURCE_RTPROT_KERNEL,
+ .metric = 0,
+ .table_coerced = nm_platform_route_table_coerce(local_table),
+ .rt_pref = NM_ICMPV6_ROUTER_PREF_MEDIUM,
+ .gateway = IN6ADDR_ANY_INIT,
+ };
+ }
+
+ rt_local6.network = rt->r6.network;
+
+ if (nm_platform_ip6_route_cmp(&rt->r6,
+ &rt_local6,
+ NM_PLATFORM_IP_ROUTE_CMP_TYPE_SEMANTICALLY)
+ == 0)
+ continue;
+ }
+ }
+ break;
+
case NM_IP_ROUTE_TABLE_SYNC_MODE_ALL_PRUNE:
break;
--
2.30.2

79
SOURCES/1005-initrd-fix-crash-parsing-empty-rd.znet-argument.patch
View File

@ -1,79 +0,0 @@
From 31e882a46229c74649216ddc80fdb2ecbf75ab9e Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Tue, 16 Mar 2021 10:00:44 +0100
Subject: [PATCH 1/1] initrd: fix crash parsing empty rd.znet argument
Ignore a rd.znet argument without subchannels. When using net.ifnames
(the default), subchannels are used to build the interface name, which
is required to match the right connection.
With net.ifnames=0 the interface name is build using a prefix and a
global counter and therefore in theory it is possible to omit
subchannels. However, without subchannels there won't be a udev rule
that renames the interface and so it can't work.
https://bugzilla.redhat.com/show_bug.cgi?id=1931284
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/783
(cherry picked from commit 0f8fe3c76b9ecdf52c1690295f7dcc7b7ade16b6)
(cherry picked from commit d0d2d97ca51444bc7013943748ede334cc79a33f)
---
src/core/initrd/nmi-cmdline-reader.c | 5 +++++
src/core/initrd/tests/test-cmdline-reader.c | 19 +++++++++++++++++++
2 files changed, 24 insertions(+)
diff --git a/src/core/initrd/nmi-cmdline-reader.c b/src/core/initrd/nmi-cmdline-reader.c
index 5f40f63ef269..e3ecc7d969bb 100644
--- a/src/core/initrd/nmi-cmdline-reader.c
+++ b/src/core/initrd/nmi-cmdline-reader.c
@@ -917,6 +917,11 @@ reader_parse_rd_znet(Reader *reader, char *argument, gboolean net_ifnames)
subchannels[0] = get_word(&argument, ',');
subchannels[1] = get_word(&argument, ',');
+ /* Without subchannels we can't univocally match
+ * a device. */
+ if (!subchannels[0] || !subchannels[1])
+ return;
+
if (nm_streq0(nettype, "ctc")) {
if (net_ifnames == TRUE) {
prefix = "sl";
diff --git a/src/core/initrd/tests/test-cmdline-reader.c b/src/core/initrd/tests/test-cmdline-reader.c
index 4b450aae0fa4..ba072e7933dc 100644
--- a/src/core/initrd/tests/test-cmdline-reader.c
+++ b/src/core/initrd/tests/test-cmdline-reader.c
@@ -1815,6 +1815,24 @@ test_rd_znet_no_ip(void)
g_assert_cmpint(g_hash_table_size(connections), ==, 0);
}
+static void
+test_rd_znet_malformed(void)
+{
+ const char *const *const ARGV0 = NM_MAKE_STRV("rd.znet=");
+ const char *const *const ARGV1 = NM_MAKE_STRV("rd.znet=,");
+ const char *const *const ARGV2 = NM_MAKE_STRV("rd.znet=foobar");
+ const char *const *const ARGV3 = NM_MAKE_STRV("rd.znet=qeth,0.0.0800,,,layer2=0,portno=1");
+ const char *const *const ARGV[] = {ARGV0, ARGV1, ARGV2, ARGV3};
+ guint i;
+
+ for (i = 0; i < G_N_ELEMENTS(ARGV); i++) {
+ gs_unref_hashtable GHashTable *connections = NULL;
+
+ connections = _parse_cons(ARGV[i]);
+ g_assert_cmpint(g_hash_table_size(connections), ==, 0);
+ }
+}
+
static void
test_bootif_ip(void)
{
@@ -2173,6 +2191,7 @@ main(int argc, char **argv)
g_test_add_func("/initrd/cmdline/rd_znet", test_rd_znet);
g_test_add_func("/initrd/cmdline/rd_znet/legacy", test_rd_znet_legacy);
g_test_add_func("/initrd/cmdline/rd_znet/no_ip", test_rd_znet_no_ip);
+ g_test_add_func("/initrd/cmdline/rd_znet/empty", test_rd_znet_malformed);
g_test_add_func("/initrd/cmdline/bootif/ip", test_bootif_ip);
g_test_add_func("/initrd/cmdline/bootif/no_ip", test_bootif_no_ip);
g_test_add_func("/initrd/cmdline/bootif/hwtype", test_bootif_hwtype);
--
2.30.2

79
SOURCES/1006-core-fix-crash-in-nm_wildcard_match_check.patch
View File

@ -1,79 +0,0 @@
From 0bd46e9042970cdf82d2cc9dcf8d491f3237b408 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Wed, 24 Mar 2021 21:05:19 +0100
Subject: [PATCH 1/1] core: fix crash in nm_wildcard_match_check()
It's not entirely clear how to treat %NULL.
Clearly "match.interface-name=eth0" should not
match with an interface %NULL. But what about
"match.interface-name=!eth0"? It's now implemented
that negative matches still succeed against %NULL.
What about "match.interface-name=*"? That probably
should also match with %NULL. So we treat %NULL really
like "".
Against commit 11cd443448bc ('iwd: Don't call IWD methods when device
unmanaged'), we got this backtrace:
#0 0x00007f1c164069f1 in __strnlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:62
#1 0x00007f1c1637ac9e in __fnmatch (pattern=<optimized out>, string=<optimized out>, string@entry=0x0, flags=flags@entry=0) at fnmatch.c:379
p = 0x0
res = <optimized out>
orig_pattern = <optimized out>
n = <optimized out>
wpattern = 0x7fff8d860730 L"pci-0000:03:00.0"
ps = {__count = 0, __value = {__wch = 0, __wchb = "\000\000\000"}}
wpattern_malloc = 0x0
wstring_malloc = 0x0
wstring = <optimized out>
alloca_used = 80
__PRETTY_FUNCTION__ = "__fnmatch"
#2 0x0000564484a978bf in nm_wildcard_match_check (str=0x0, patterns=<optimized out>, num_patterns=<optimized out>) at src/core/nm-core-utils.c:1959
is_inverted = 0
is_mandatory = 0
match = <optimized out>
p = 0x564486c43fa0 "pci-0000:03:00.0"
has_optional = 0
has_any_optional = 0
i = <optimized out>
#3 0x0000564484bf4797 in check_connection_compatible (self=<optimized out>, connection=<optimized out>, error=0x0) at src/core/devices/nm-device.c:7499
patterns = <optimized out>
device_driver = 0x564486c76bd0 "veth"
num_patterns = 1
priv = 0x564486cbe0b0
__func__ = "check_connection_compatible"
device_iface = <optimized out>
local = 0x564486c99a60
conn_iface = 0x0
klass = <optimized out>
s_match = 0x564486c63df0 [NMSettingMatch]
#4 0x0000564484c38491 in check_connection_compatible (device=0x564486cbe590 [NMDeviceVeth], connection=0x564486c6b160, error=0x0) at src/core/devices/nm-device-ethernet.c:348
self = 0x564486cbe590 [NMDeviceVeth]
s_wired = <optimized out>
Fixes: 3ced486f4162 ('libnm/match: extend syntax for match patterns with '|', '&', '!' and '\\'')
https://bugzilla.redhat.com/show_bug.cgi?id=1942741
(cherry picked from commit 420784e342da4883f6debdfe10cde68507b10d27)
(cherry picked from commit eaba0b48458a34494d91dc85e6eb5bd7e2b9b2d0)
---
src/core/nm-core-utils.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/core/nm-core-utils.c b/src/core/nm-core-utils.c
index 9075c30dd0c5..eed8cd7ec157 100644
--- a/src/core/nm-core-utils.c
+++ b/src/core/nm-core-utils.c
@@ -1956,7 +1956,8 @@ nm_wildcard_match_check(const char *str, const char *const *patterns, guint num_
_pattern_parse(patterns[i], &p, &is_inverted, &is_mandatory);
- match = (fnmatch(p, str, 0) == 0);
+ match = (fnmatch(p, str ?: "", 0) == 0);
+
if (is_inverted)
match = !match;
--
2.30.2

144
SOURCES/1007-initrd-multiconnect-single-for-manual-ip-rh1915493.patch
View File

@ -1,144 +0,0 @@
From eba6e2d5f34bea51064cb6f0303255acf3196abf Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Wed, 10 Mar 2021 09:18:59 +0100
Subject: [PATCH 1/2] initrd: fix may-fail for IPv6
(cherry picked from commit 5f736465249fd16115120f022aa0eb5ddf0b2bfc)
(cherry picked from commit 1bf1a902beea3a1b9505cf8c9177d74cfea859b3)
---
src/core/initrd/nmi-cmdline-reader.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/initrd/nmi-cmdline-reader.c b/src/core/initrd/nmi-cmdline-reader.c
index e3ecc7d969..6d3b2b7dda 100644
--- a/src/core/initrd/nmi-cmdline-reader.c
+++ b/src/core/initrd/nmi-cmdline-reader.c
@@ -599,7 +599,7 @@ reader_parse_ip(Reader *reader, const char *sysfs_dir, char *argument)
NULL);
}
} else if (NM_IN_STRSET(kind, "auto6", "dhcp6")) {
- g_object_set(s_ip4, NM_SETTING_IP_CONFIG_MAY_FAIL, FALSE, NULL);
+ g_object_set(s_ip6, NM_SETTING_IP_CONFIG_MAY_FAIL, FALSE, NULL);
if (nm_setting_ip_config_get_num_addresses(s_ip4) == 0) {
g_object_set(s_ip4,
NM_SETTING_IP_CONFIG_METHOD,
--
2.29.2
From 118d46a3122ac35b0e4447c976f77a4ccdbdea33 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Thu, 11 Mar 2021 09:15:37 +0100
Subject: [PATCH 2/2] initrd: set multi-connect=single for connections with
static IP
We don't want to have multiple devices up with the same static IP. Set
multi-connect=single.
https://bugzilla.redhat.com/show_bug.cgi?id=1915493
(cherry picked from commit c27626a0ce4da8438503d764815542927def6dce)
(cherry picked from commit fafefc71f826643ce8279f6a88f97d03f92e8422)
---
src/core/initrd/nmi-cmdline-reader.c | 12 +++++-
src/core/initrd/tests/test-cmdline-reader.c | 42 +++++++++++++++++++++
2 files changed, 52 insertions(+), 2 deletions(-)
diff --git a/src/core/initrd/nmi-cmdline-reader.c b/src/core/initrd/nmi-cmdline-reader.c
index 6d3b2b7dda..eae75847ee 100644
--- a/src/core/initrd/nmi-cmdline-reader.c
+++ b/src/core/initrd/nmi-cmdline-reader.c
@@ -393,8 +393,9 @@ reader_read_all_connections_from_fw(Reader *reader, const char *sysfs_dir)
static void
reader_parse_ip(Reader *reader, const char *sysfs_dir, char *argument)
{
- NMConnection * connection;
- NMSettingIPConfig *s_ip4 = NULL, *s_ip6 = NULL;
+ NMConnection * connection;
+ NMSettingConnection *s_con;
+ NMSettingIPConfig * s_ip4 = NULL, *s_ip6 = NULL;
gs_unref_hashtable GHashTable *ibft = NULL;
const char * tmp;
const char * tmp2;
@@ -495,6 +496,7 @@ reader_parse_ip(Reader *reader, const char *sysfs_dir, char *argument)
g_hash_table_add(reader->explicit_ip_connections, g_object_ref(connection));
+ s_con = nm_connection_get_setting_connection(connection);
s_ip4 = nm_connection_get_setting_ip4_config(connection);
s_ip6 = nm_connection_get_setting_ip6_config(connection);
@@ -544,6 +546,12 @@ reader_parse_ip(Reader *reader, const char *sysfs_dir, char *argument)
nm_assert_not_reached();
if (address) {
+ /* We don't want to have multiple devices up with the
+ * same static address. */
+ g_object_set(s_con,
+ NM_SETTING_CONNECTION_MULTI_CONNECT,
+ NM_CONNECTION_MULTI_CONNECT_SINGLE,
+ NULL);
switch (client_ip_family) {
case AF_INET:
g_object_set(s_ip4,
diff --git a/src/core/initrd/tests/test-cmdline-reader.c b/src/core/initrd/tests/test-cmdline-reader.c
index ba072e7933..187d61c9dc 100644
--- a/src/core/initrd/tests/test-cmdline-reader.c
+++ b/src/core/initrd/tests/test-cmdline-reader.c
@@ -455,6 +455,47 @@ test_if_ip4_manual(void)
g_assert(nm_setting_ip_config_get_may_fail(s_ip6));
}
+static void
+test_if_ip4_manual_no_dev(void)
+{
+ gs_unref_hashtable GHashTable *connections = NULL;
+ const char *const * ARGV = NM_MAKE_STRV("ip=192.0.2.2::192.0.2.1:24:::");
+ NMConnection * connection;
+ NMSettingConnection * s_con;
+ NMSettingIPConfig * s_ip4;
+ NMSettingIPConfig * s_ip6;
+ NMIPAddress * ip_addr;
+
+ connection = _parse_con(ARGV, "default_connection");
+ g_assert_cmpstr(nm_connection_get_id(connection), ==, "Wired Connection");
+
+ s_con = nm_connection_get_setting_connection(connection);
+ g_assert(s_con);
+ g_assert_cmpint(nm_setting_connection_get_wait_device_timeout(s_con), ==, -1);
+ g_assert_cmpint(nm_setting_connection_get_multi_connect(s_con),
+ ==,
+ NM_CONNECTION_MULTI_CONNECT_SINGLE);
+
+ s_ip4 = nm_connection_get_setting_ip4_config(connection);
+ g_assert(s_ip4);
+ g_assert_cmpstr(nm_setting_ip_config_get_method(s_ip4),
+ ==,
+ NM_SETTING_IP4_CONFIG_METHOD_MANUAL);
+ g_assert(!nm_setting_ip_config_get_ignore_auto_dns(s_ip4));
+ g_assert_cmpint(nm_setting_ip_config_get_num_routes(s_ip4), ==, 0);
+ g_assert_cmpint(nm_setting_ip_config_get_num_addresses(s_ip4), ==, 1);
+ ip_addr = nm_setting_ip_config_get_address(s_ip4, 0);
+ g_assert(ip_addr);
+ g_assert_cmpstr(nm_ip_address_get_address(ip_addr), ==, "192.0.2.2");
+ g_assert_cmpint(nm_ip_address_get_prefix(ip_addr), ==, 24);
+ g_assert_cmpstr(nm_setting_ip_config_get_gateway(s_ip4), ==, "192.0.2.1");
+
+ s_ip6 = nm_connection_get_setting_ip6_config(connection);
+ g_assert(s_ip6);
+ g_assert_cmpstr(nm_setting_ip_config_get_method(s_ip6), ==, NM_SETTING_IP6_CONFIG_METHOD_AUTO);
+ g_assert(nm_setting_ip_config_get_may_fail(s_ip6));
+}
+
static void
test_if_ip6_manual(void)
{
@@ -2165,6 +2206,7 @@ main(int argc, char **argv)
g_test_add_func("/initrd/cmdline/if_dhcp6", test_if_dhcp6);
g_test_add_func("/initrd/cmdline/if_auto_with_mtu_and_mac", test_if_auto_with_mtu_and_mac);
g_test_add_func("/initrd/cmdline/if_ip4_manual", test_if_ip4_manual);
+ g_test_add_func("/initrd/cmdline/if_ip4_manual_no_dev", test_if_ip4_manual_no_dev);
g_test_add_func("/initrd/cmdline/if_ip6_manual", test_if_ip6_manual);
g_test_add_func("/initrd/cmdline/if_mac_ifname", test_if_mac_ifname);
g_test_add_func("/initrd/cmdline/if_off", test_if_off);
--
2.29.2

176
SOURCES/1008-manager-fix-active_connection_find.patch
View File

@ -1,176 +0,0 @@
From 602f73a2e838ea1055ef5e6913aec3d8a87ed610 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Thu, 13 May 2021 10:49:39 +0200
Subject: [PATCH 1/2] manager: fix active_connection_find()
Commit 33b9fa3a3caf ("manager: Keep volatile/external connections
while referenced by async_op_lst") changed active_connection_find() to
also return active connections that are not yet activating but are
waiting authorization.
This has side effect for other callers of the function. In particular,
_get_activatable_connections_filter() should exclude only ACs that are
really active, not those waiting for authorization.
Otherwise, in ensure_master_active_connection() all the ACs waiting
authorization are missed and we might fail to find the right master
AC.
Add an argument to active_connection_find to select whether include
ACs waiting authorization.
Fixes: 33b9fa3a3caf ('manager: Keep volatile/external connections while referenced by async_op_lst')
https://bugzilla.redhat.com/show_bug.cgi?id=1955101
(cherry picked from commit e694f2cec1a0e7bc188776c8573e07a4d57851dc)
(cherry picked from commit fc611f60470160fe98512c405d6785f2b24b98a1)
---
src/core/nm-manager.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/src/core/nm-manager.c b/src/core/nm-manager.c
index 5a6e05a934..c751b2db50 100644
--- a/src/core/nm-manager.c
+++ b/src/core/nm-manager.c
@@ -363,6 +363,7 @@ static NMActiveConnection *active_connection_find(NMManager * self,
NMSettingsConnection * sett_conn,
const char * uuid,
NMActiveConnectionState max_state,
+ gboolean also_waiting_auth,
GPtrArray ** out_all_matching);
static NMConnectivity *concheck_get_mgr(NMManager *self);
@@ -833,6 +834,7 @@ _delete_volatile_connection_do(NMManager *self, NMSettingsConnection *connection
connection,
NULL,
NM_ACTIVE_CONNECTION_STATE_DEACTIVATED,
+ TRUE,
NULL))
return;
@@ -978,6 +980,7 @@ active_connection_find(
NMSettingsConnection * sett_conn,
const char * uuid,
NMActiveConnectionState max_state /* candidates in state @max_state will be found */,
+ gboolean also_waiting_auth /* return also ACs waiting authorization */,
GPtrArray ** out_all_matching)
{
NMManagerPrivate * priv = NM_MANAGER_GET_PRIVATE(self);
@@ -1017,6 +1020,9 @@ active_connection_find(
if (!best_ac) {
AsyncOpData *async_op_data;
+ if (!also_waiting_auth)
+ return NULL;
+
c_list_for_each_entry (async_op_data, &priv->async_op_lst_head, async_op_lst) {
NMSettingsConnection *ac_conn;
@@ -1078,6 +1084,7 @@ active_connection_find_by_connection(NMManager * self,
sett_conn,
sett_conn ? NULL : nm_connection_get_uuid(connection),
max_state,
+ FALSE,
out_all_matching);
}
@@ -1112,6 +1119,7 @@ _get_activatable_connections_filter(NMSettings * settings,
sett_conn,
NULL,
NM_ACTIVE_CONNECTION_STATE_ACTIVATED,
+ FALSE,
NULL);
}
@@ -2245,6 +2253,7 @@ connection_flags_changed(NMSettings *settings, NMSettingsConnection *connection,
connection,
NULL,
NM_ACTIVE_CONNECTION_STATE_DEACTIVATED,
+ FALSE,
NULL)) {
/* the connection still has an active-connection. It will be purged
* when the active connection(s) get(s) removed. */
@@ -2564,6 +2573,7 @@ new_activation_allowed_for_connection(NMManager *self, NMSettingsConnection *con
connection,
NULL,
NM_ACTIVE_CONNECTION_STATE_ACTIVATED,
+ FALSE,
NULL);
}
@@ -4134,6 +4144,7 @@ find_master(NMManager * self,
master_connection,
NULL,
NM_ACTIVE_CONNECTION_STATE_DEACTIVATING,
+ FALSE,
NULL);
}
@@ -4985,6 +4996,7 @@ _internal_activate_device(NMManager *self, NMActiveConnection *active, GError **
sett_conn,
NULL,
NM_ACTIVE_CONNECTION_STATE_ACTIVATED,
+ FALSE,
&all_ac_arr);
if (ac) {
n_all = all_ac_arr ? all_ac_arr->len : ((guint) 1);
--
2.26.3
From cf2f0e5a5180d2333ce33b925d54c8b7b925e094 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Fri, 30 Apr 2021 22:35:20 +0200
Subject: [PATCH 2/2] manager: fix assertion failure in
active_connection_find()
Active-connections in the async_op_lst are not guaranteed to have a
settings-connection. In particular, the settings-connection for an
AddAndActivate() AC is set only after the authorization succeeds. Use
the non-asserting variant of the function to fix the following
failure:
nm_active_connection_get_settings_connection: assertion 'sett_conn' failed
1 _g_log_abort()
2 g_logv()
3 g_log()
4 _nm_g_return_if_fail_warning.constprop.14()
5 nm_active_connection_get_settings_connection()
6 active_connection_find()
7 _get_activatable_connections_filter()
8 nm_settings_get_connections_clone()
9 nm_manager_get_activatable_connections()
10 auto_activate_device_cb()
11 g_idle_dispatch()
12 g_main_context_dispatch()
13 g_main_context_iterate.isra.21()
14 g_main_loop_run()
15 main()
Fixes: 33b9fa3a3caf ('manager: Keep volatile/external connections while referenced by async_op_lst')
https://bugzilla.redhat.com/show_bug.cgi?id=1933719
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/834
(cherry picked from commit 23cc0bf3353ea43d95a906e27c9881b1b68e2bbe)
(cherry picked from commit d0b0c65905ae19145d1c1f2912aa580a3b0a36e0)
---
src/core/nm-manager.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/nm-manager.c b/src/core/nm-manager.c
index c751b2db50..3405de86ee 100644
--- a/src/core/nm-manager.c
+++ b/src/core/nm-manager.c
@@ -1027,7 +1027,7 @@ active_connection_find(
NMSettingsConnection *ac_conn;
ac = async_op_data->ac_auth.active;
- ac_conn = nm_active_connection_get_settings_connection(ac);
+ ac_conn = _nm_active_connection_get_settings_connection(ac);
if (sett_conn && sett_conn != ac_conn)
continue;
if (uuid && !nm_streq0(uuid, nm_settings_connection_get_uuid(ac_conn)))
--
2.26.3

53
SOURCES/1009-bond-support-tlb_dynamic_lb-in-balance-alb-mode.patch
View File

@ -1,53 +0,0 @@
From ba9dbfa4e5aaef9aa646a7718f302433ecf1a001 Mon Sep 17 00:00:00 2001
From: Wen Liang <liangwen12year@gmail.com>
Date: Tue, 25 May 2021 08:45:46 -0400
Subject: [PATCH] bond: support `tlb_dynamic_lb` in `balance-alb` mode
In kernel, `tlb_dynamic_lb` is supported to configure in bonding mode
`balance-alb`. Therefore, add the support in NetworkManager to avoid
undesirable limitation.
Kernel previously had such limitation and it was removed in
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e79c1055749e3183a2beee04a24da378623329c5.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
https://bugzilla.redhat.com/show_bug.cgi?id=1959934
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/868
(cherry picked from commit 18839361aca42d5c9f470268c28063a6e7578851)
(cherry picked from commit 2f42c781edebac329c8031561c4b210118c0b3ab)
---
libnm-core/nm-setting-bond.c | 2 +-
libnm-core/tests/test-setting.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/libnm-core/nm-setting-bond.c b/libnm-core/nm-setting-bond.c
index 68d4ca88f6..ea82d838c7 100644
--- a/libnm-core/nm-setting-bond.c
+++ b/libnm-core/nm-setting-bond.c
@@ -225,7 +225,7 @@ static NM_UTILS_STRING_TABLE_LOOKUP_DEFINE(
{NM_SETTING_BOND_OPTION_PACKETS_PER_SLAVE, ~(BIT(NM_BOND_MODE_ROUNDROBIN))},
{NM_SETTING_BOND_OPTION_PRIMARY,
~(BIT(NM_BOND_MODE_ACTIVEBACKUP) | BIT(NM_BOND_MODE_TLB) | BIT(NM_BOND_MODE_ALB))},
- {NM_SETTING_BOND_OPTION_TLB_DYNAMIC_LB, ~(BIT(NM_BOND_MODE_TLB))}, );
+ {NM_SETTING_BOND_OPTION_TLB_DYNAMIC_LB, ~(BIT(NM_BOND_MODE_TLB) | BIT(NM_BOND_MODE_ALB))}, );
gboolean
_nm_setting_bond_option_supported(const char *option, NMBondMode mode)
diff --git a/libnm-core/tests/test-setting.c b/libnm-core/tests/test-setting.c
index 01cdb41cb2..56ba31541a 100644
--- a/libnm-core/tests/test-setting.c
+++ b/libnm-core/tests/test-setting.c
@@ -687,7 +687,7 @@ test_bond_normalize(void)
((const char *[]){"mode", "active-backup", "miimon", "1", NULL}));
test_bond_normalize_options(
((const char *[]){"mode", "balance-alb", "tlb_dynamic_lb", "1", NULL}),
- ((const char *[]){"mode", "balance-alb", NULL}));
+ ((const char *[]){"mode", "balance-alb", "tlb_dynamic_lb", "1", NULL}));
test_bond_normalize_options(
((const char *[]){"mode", "balance-tlb", "tlb_dynamic_lb", "1", NULL}),
((const char *[]){"mode", "balance-tlb", "tlb_dynamic_lb", "1", NULL}));
--
2.26.3

213
SOURCES/1010-manager-delete-default-connection-when-veth-removed.patch
View File

@ -1,213 +0,0 @@
From a2cd778f7d54de1cf9f173fff5f09fededf5f49e Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Wed, 21 Apr 2021 13:42:45 +0200
Subject: [PATCH 1/2] device: take reference to device object before
'delete_on_deactivate'
It's not clear why currently a weak reference is needed.
(cherry picked from commit a42682d44fe2220412574fb13128814e643ed775)
(cherry picked from commit 8cfbb73294e9eaa475d28a6eada2c5ab14f1d74a)
---
src/core/devices/nm-device.c | 44 ++++++++++++------------------------
1 file changed, 15 insertions(+), 29 deletions(-)
diff --git a/src/core/devices/nm-device.c b/src/core/devices/nm-device.c
index 5eaf8c23e7..7c2a6d3250 100644
--- a/src/core/devices/nm-device.c
+++ b/src/core/devices/nm-device.c
@@ -125,7 +125,6 @@ typedef struct {
typedef struct {
NMDevice *device;
guint idle_add_id;
- int ifindex;
} DeleteOnDeactivateData;
typedef struct {
@@ -12141,28 +12140,19 @@ nm_device_is_nm_owned(NMDevice *self)
static gboolean
delete_on_deactivate_link_delete(gpointer user_data)
{
- DeleteOnDeactivateData *data = user_data;
- NMDevice * self = data->device;
+ DeleteOnDeactivateData *data = user_data;
+ nm_auto_unref_object NMDevice *self = data->device;
+ NMDevicePrivate * priv = NM_DEVICE_GET_PRIVATE(self);
+ gs_free_error GError *error = NULL;
_LOGD(LOGD_DEVICE,
- "delete_on_deactivate: cleanup and delete virtual link #%d (id=%u)",
- data->ifindex,
+ "delete_on_deactivate: cleanup and delete virtual link (id=%u)",
data->idle_add_id);
- if (data->device) {
- NMDevicePrivate *priv = NM_DEVICE_GET_PRIVATE(data->device);
- gs_free_error GError *error = NULL;
+ priv->delete_on_deactivate_data = NULL;
- g_object_remove_weak_pointer(G_OBJECT(data->device), (void **) &data->device);
- priv->delete_on_deactivate_data = NULL;
-
- if (!nm_device_unrealize(data->device, TRUE, &error))
- _LOGD(LOGD_DEVICE,
- "delete_on_deactivate: unrealizing %d failed (%s)",
- data->ifindex,
- error->message);
- } else if (data->ifindex > 0)
- nm_platform_link_delete(nm_device_get_platform(self), data->ifindex);
+ if (!nm_device_unrealize(self, TRUE, &error))
+ _LOGD(LOGD_DEVICE, "delete_on_deactivate: unrealizing failed (%s)", error->message);
nm_device_emit_recheck_auto_activate(self);
@@ -12181,17 +12171,16 @@ delete_on_deactivate_unschedule(NMDevice *self)
priv->delete_on_deactivate_data = NULL;
g_source_remove(data->idle_add_id);
- g_object_remove_weak_pointer(G_OBJECT(self), (void **) &data->device);
_LOGD(LOGD_DEVICE,
- "delete_on_deactivate: cancel cleanup and delete virtual link #%d (id=%u)",
- data->ifindex,
+ "delete_on_deactivate: cancel cleanup and delete virtual link (id=%u)",
data->idle_add_id);
+ g_object_unref(data->device);
g_free(data);
}
}
static void
-delete_on_deactivate_check_and_schedule(NMDevice *self, int ifindex)
+delete_on_deactivate_check_and_schedule(NMDevice *self)
{
NMDevicePrivate * priv = NM_DEVICE_GET_PRIVATE(self);
DeleteOnDeactivateData *data;
@@ -12208,16 +12197,13 @@ delete_on_deactivate_check_and_schedule(NMDevice *self, int ifindex)
return;
delete_on_deactivate_unschedule(self); /* always cancel and reschedule */
- data = g_new(DeleteOnDeactivateData, 1);
- g_object_add_weak_pointer(G_OBJECT(self), (void **) &data->device);
- data->device = self;
- data->ifindex = ifindex;
+ data = g_new(DeleteOnDeactivateData, 1);
+ data->device = g_object_ref(self);
data->idle_add_id = g_idle_add(delete_on_deactivate_link_delete, data);
priv->delete_on_deactivate_data = data;
_LOGD(LOGD_DEVICE,
- "delete_on_deactivate: schedule cleanup and delete virtual link #%d (id=%u)",
- ifindex,
+ "delete_on_deactivate: schedule cleanup and delete virtual link (id=%u)",
data->idle_add_id);
}
@@ -15854,7 +15840,7 @@ _cleanup_generic_post(NMDevice *self, CleanupType cleanup_type)
/* Check if the device was deactivated, and if so, delete_link.
* Don't call delete_link synchronously because we are currently
* handling a state change -- which is not reentrant. */
- delete_on_deactivate_check_and_schedule(self, nm_device_get_ip_ifindex(self));
+ delete_on_deactivate_check_and_schedule(self);
}
/* ip_iface should be cleared after flushing all routes and addresses, since
--
2.26.3
From a8eac46cc6a0579cd1b17634c50d9a54518cb53e Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Wed, 31 Mar 2021 21:32:43 +0200
Subject: [PATCH 2/2] manager: ensure auto default connection is deleted when a
veth goes away
When the link goes away the manager keeps software devices alive as
unrealized because there is still a connection for them.
If the device is software and has a NM-generated connection, keeping
the device alive means that also the generated connection stays
alive. The result is that both stick around forever even if there is
no longer a kernel link.
Add a check to avoid this situation.
https://bugzilla.redhat.com/show_bug.cgi?id=1945282
Fixes: cd0cf9229d49 ('veth: add support to configure veth interfaces')
(cherry picked from commit d19773ecd4bee36f11749085a15d70a49168c0b7)
(cherry picked from commit 5279b85e02341d24a18fc8dd9238f9f68b733bff)
---
src/core/nm-manager.c | 45 +++++++++++++++++++++++++++++++++++++++++--
1 file changed, 43 insertions(+), 2 deletions(-)
diff --git a/src/core/nm-manager.c b/src/core/nm-manager.c
index c751b2db50..804e8db0f0 100644
--- a/src/core/nm-manager.c
+++ b/src/core/nm-manager.c
@@ -3519,6 +3519,45 @@ typedef struct {
guint idle_id;
} PlatformLinkCbData;
+static gboolean
+_check_remove_dev_on_link_deleted(NMManager *self, NMDevice *device)
+{
+ NMManagerPrivate * priv = NM_MANAGER_GET_PRIVATE(self);
+ NMSettingsConnection *const *scons = NULL;
+ NMConnection * con;
+ guint i;
+
+ nm_assert(nm_device_is_software(device));
+
+ /* In general, software devices stick around as unrealized
+ * until their connection is removed. However, we don't want
+ * that a NM-generated connection keeps the device alive.
+ * If there are no other compatible connections, the device
+ * should be also removed.
+ */
+
+ scons = nm_settings_get_connections(priv->settings, NULL);
+
+ for (i = 0; scons[i]; i++) {
+ con = nm_settings_connection_get_connection(scons[i]);
+ if (!nm_connection_is_virtual(con))
+ continue;
+
+ if (NM_FLAGS_HAS(nm_settings_connection_get_flags(scons[i]),
+ NM_SETTINGS_CONNECTION_INT_FLAGS_NM_GENERATED))
+ continue;
+
+ if (!nm_device_check_connection_compatible(device, con, NULL))
+ continue;
+
+ /* Found a virtual connection compatible, the device must
+ * stay around unrealized. */
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
static gboolean
_platform_link_cb_idle(PlatformLinkCbData *data)
{
@@ -3544,13 +3583,15 @@ _platform_link_cb_idle(PlatformLinkCbData *data)
if (device) {
if (nm_device_is_software(device)) {
nm_device_sys_iface_state_set(device, NM_DEVICE_SYS_IFACE_STATE_REMOVED);
- /* Our software devices stick around until their connection is removed */
if (!nm_device_unrealize(device, FALSE, &error)) {
_LOG2W(LOGD_DEVICE, device, "failed to unrealize: %s", error->message);
g_clear_error(&error);
remove_device(self, device, FALSE);
} else {
- nm_device_update_from_platform_link(device, NULL);
+ if (_check_remove_dev_on_link_deleted(self, device))
+ remove_device(self, device, FALSE);
+ else
+ nm_device_update_from_platform_link(device, NULL);
}
} else {
/* Hardware and external devices always get removed when their kernel link is gone */
--
2.26.3

482
SOURCES/1011-don-t-touch-device-tc-config-by-default-rh1928078.patch
View File

@ -1,482 +0,0 @@
From 78e4c3d3d06b411a1bc9e60ee8bf0c460d4453b2 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Tue, 25 May 2021 16:58:28 +0200
Subject: [PATCH 1/2] core,libnm: don't touch device TC configuration by
default
NetworkManager supports a very limited set of qdiscs. If users want to
configure a unsupported qdisc, they need to do it outside of
NetworkManager using tc.
The problem is that NM also removes all qdiscs and filters during
activation if the connection doesn't contain a TC setting. Therefore,
setting TC configuration outside of NM is hard because users need to
do it *after* the connection is up (for example through a dispatcher
script).
Let NM consider the presence (or absence) of a TC setting in the
connection to determine whether NM should configure (or not) qdiscs
and filters on the interface. We already do something similar for
SR-IOV configuration.
Since new connections don't have the TC setting, the new behavior
(ignore existing configuration) will be the default. The impact of
this change in different scenarios is:
- the user previously configured TC settings via NM. This continues
to work as before;
- the user didn't set any qdiscs or filters in the connection, and
expected NM to clear them from the interface during activation.
Here there is a change in behavior, but it seems unlikely that
anybody relied on the old one;
- the user didn't care about qdiscs and filters; NM removed all
qdiscs upon activation, and so the default qdisc from kernel was
used. After this change, NM will not touch qdiscs and the default
qdisc will be used, as before;
- the user set a different qdisc via tc and NM cleared it during
activation. Now this will work as expected.
So, the new default behavior seems better than the previous one.
https://bugzilla.redhat.com/show_bug.cgi?id=1928078
(cherry picked from commit a48edd0410c878d65fc5adcd5192b116ab6f8afc)
(cherry picked from commit 2a8181bcd78d055b7cb9e6c0e026bc3b08231b5a)
---
.../generate-docs-nm-settings-nmcli.xml.in | 4 +--
clients/common/settings-docs.h.in | 4 +--
libnm-core/nm-setting-tc-config.c | 16 ++++++++++++
src/core/devices/nm-device.c | 26 +++++++++----------
4 files changed, 33 insertions(+), 17 deletions(-)
diff --git a/clients/cli/generate-docs-nm-settings-nmcli.xml.in b/clients/cli/generate-docs-nm-settings-nmcli.xml.in
index 1044ae0d38..0a75a0e681 100644
--- a/clients/cli/generate-docs-nm-settings-nmcli.xml.in
+++ b/clients/cli/generate-docs-nm-settings-nmcli.xml.in
@@ -914,9 +914,9 @@
</setting>
<setting name="tc" >
<property name="qdiscs"
- description="Array of TC queueing disciplines." />
+ description="Array of TC queueing disciplines. When the &quot;tc&quot; setting is present, qdiscs from this property are applied upon activation. If the property is empty, all qdiscs are removed and the device will only have the default qdisc assigned by kernel according to the &quot;net.core.default_qdisc&quot; sysctl. If the &quot;tc&quot; setting is not present, NetworkManager doesn&apos;t touch the qdiscs present on the interface." />
<property name="tfilters"
- description="Array of TC traffic filters." />
+ description="Array of TC traffic filters. When the &quot;tc&quot; setting is present, filters from this property are applied upon activation. If the property is empty, NetworkManager removes all the filters. If the &quot;tc&quot; setting is not present, NetworkManager doesn&apos;t touch the filters present on the interface." />
</setting>
<setting name="team" >
<property name="config"
diff --git a/clients/common/settings-docs.h.in b/clients/common/settings-docs.h.in
index 2c275a99c8..7c3ff25fe3 100644
--- a/clients/common/settings-docs.h.in
+++ b/clients/common/settings-docs.h.in
@@ -342,8 +342,8 @@
#define DESCRIBE_DOC_NM_SETTING_SRIOV_AUTOPROBE_DRIVERS N_("Whether to autoprobe virtual functions by a compatible driver. If set to NM_TERNARY_TRUE (1), the kernel will try to bind VFs to a compatible driver and if this succeeds a new network interface will be instantiated for each VF. If set to NM_TERNARY_FALSE (0), VFs will not be claimed and no network interfaces will be created for them. When set to NM_TERNARY_DEFAULT (-1), the global default is used; in case the global default is unspecified it is assumed to be NM_TERNARY_TRUE (1).")
#define DESCRIBE_DOC_NM_SETTING_SRIOV_TOTAL_VFS N_("The total number of virtual functions to create. Note that when the sriov setting is present NetworkManager enforces the number of virtual functions on the interface (also when it is zero) during activation and resets it upon deactivation. To prevent any changes to SR-IOV parameters don't add a sriov setting to the connection.")
#define DESCRIBE_DOC_NM_SETTING_SRIOV_VFS N_("Array of virtual function descriptors. Each VF descriptor is a dictionary mapping attribute names to GVariant values. The 'index' entry is mandatory for each VF. When represented as string a VF is in the form: \"INDEX [ATTR=VALUE[ ATTR=VALUE]...]\". for example: \"2 mac=00:11:22:33:44:55 spoof-check=true\". Multiple VFs can be specified using a comma as separator. Currently, the following attributes are supported: mac, spoof-check, trust, min-tx-rate, max-tx-rate, vlans. The \"vlans\" attribute is represented as a semicolon-separated list of VLAN descriptors, where each descriptor has the form \"ID[.PRIORITY[.PROTO]]\". PROTO can be either 'q' for 802.1Q (the default) or 'ad' for 802.1ad.")
-#define DESCRIBE_DOC_NM_SETTING_TC_CONFIG_QDISCS N_("Array of TC queueing disciplines.")
-#define DESCRIBE_DOC_NM_SETTING_TC_CONFIG_TFILTERS N_("Array of TC traffic filters.")
+#define DESCRIBE_DOC_NM_SETTING_TC_CONFIG_QDISCS N_("Array of TC queueing disciplines. When the \"tc\" setting is present, qdiscs from this property are applied upon activation. If the property is empty, all qdiscs are removed and the device will only have the default qdisc assigned by kernel according to the \"net.core.default_qdisc\" sysctl. If the \"tc\" setting is not present, NetworkManager doesn't touch the qdiscs present on the interface.")
+#define DESCRIBE_DOC_NM_SETTING_TC_CONFIG_TFILTERS N_("Array of TC traffic filters. When the \"tc\" setting is present, filters from this property are applied upon activation. If the property is empty, NetworkManager removes all the filters. If the \"tc\" setting is not present, NetworkManager doesn't touch the filters present on the interface.")
#define DESCRIBE_DOC_NM_SETTING_TEAM_CONFIG N_("The JSON configuration for the team network interface. The property should contain raw JSON configuration data suitable for teamd, because the value is passed directly to teamd. If not specified, the default configuration is used. See man teamd.conf for the format details.")
#define DESCRIBE_DOC_NM_SETTING_TEAM_LINK_WATCHERS N_("Link watchers configuration for the connection: each link watcher is defined by a dictionary, whose keys depend upon the selected link watcher. Available link watchers are 'ethtool', 'nsna_ping' and 'arp_ping' and it is specified in the dictionary with the key 'name'. Available keys are: ethtool: 'delay-up', 'delay-down', 'init-wait'; nsna_ping: 'init-wait', 'interval', 'missed-max', 'target-host'; arp_ping: all the ones in nsna_ping and 'source-host', 'validate-active', 'validate-inactive', 'send-always'. See teamd.conf man for more details.")
#define DESCRIBE_DOC_NM_SETTING_TEAM_MCAST_REJOIN_COUNT N_("Corresponds to the teamd mcast_rejoin.count.")
diff --git a/libnm-core/nm-setting-tc-config.c b/libnm-core/nm-setting-tc-config.c
index 33df6d34e5..2fad98b1e8 100644
--- a/libnm-core/nm-setting-tc-config.c
+++ b/libnm-core/nm-setting-tc-config.c
@@ -1810,6 +1810,15 @@ nm_setting_tc_config_class_init(NMSettingTCConfigClass *klass)
* NMSettingTCConfig:qdiscs: (type GPtrArray(NMTCQdisc))
*
* Array of TC queueing disciplines.
+ *
+ * When the #NMSettingTCConfig setting is present, qdiscs from this
+ * property are applied upon activation. If the property is empty,
+ * all qdiscs are removed and the device will only
+ * have the default qdisc assigned by kernel according to the
+ * "net.core.default_qdisc" sysctl.
+ *
+ * If the #NMSettingTCConfig setting is not present, NetworkManager
+ * doesn't touch the qdiscs present on the interface.
**/
/* ---ifcfg-rh---
* property: qdiscs
@@ -1834,6 +1843,13 @@ nm_setting_tc_config_class_init(NMSettingTCConfigClass *klass)
* NMSettingTCConfig:tfilters: (type GPtrArray(NMTCTfilter))
*
* Array of TC traffic filters.
+ *
+ * When the #NMSettingTCConfig setting is present, filters from this
+ * property are applied upon activation. If the property is empty,
+ * NetworkManager removes all the filters.
+ *
+ * If the #NMSettingTCConfig setting is not present, NetworkManager
+ * doesn't touch the filters present on the interface.
**/
/* ---ifcfg-rh---
* property: qdiscs
diff --git a/src/core/devices/nm-device.c b/src/core/devices/nm-device.c
index 7c2a6d3250..901d309c59 100644
--- a/src/core/devices/nm-device.c
+++ b/src/core/devices/nm-device.c
@@ -8361,26 +8361,23 @@ _routing_rules_sync(NMDevice *self, NMTernary set_mode)
static gboolean
tc_commit(NMDevice *self)
{
- NMConnection * connection = NULL;
gs_unref_ptrarray GPtrArray *qdiscs = NULL;
gs_unref_ptrarray GPtrArray *tfilters = NULL;
- NMSettingTCConfig * s_tc = NULL;
+ NMSettingTCConfig * s_tc;
NMPlatform * platform;
int ip_ifindex;
- platform = nm_device_get_platform(self);
- connection = nm_device_get_applied_connection(self);
- if (connection)
- s_tc = nm_connection_get_setting_tc_config(connection);
+ s_tc = nm_device_get_applied_setting(self, NM_TYPE_SETTING_TC_CONFIG);
+ if (!s_tc)
+ return TRUE;
ip_ifindex = nm_device_get_ip_ifindex(self);
if (!ip_ifindex)
- return s_tc == NULL;
+ return FALSE;
- if (s_tc) {
- qdiscs = nm_utils_qdiscs_from_tc_setting(platform, s_tc, ip_ifindex);
- tfilters = nm_utils_tfilters_from_tc_setting(platform, s_tc, ip_ifindex);
- }
+ platform = nm_device_get_platform(self);
+ qdiscs = nm_utils_qdiscs_from_tc_setting(platform, s_tc, ip_ifindex);
+ tfilters = nm_utils_tfilters_from_tc_setting(platform, s_tc, ip_ifindex);
if (!nm_platform_qdisc_sync(platform, ip_ifindex, qdiscs))
return FALSE;
@@ -15900,9 +15897,12 @@ nm_device_cleanup(NMDevice *self, NMDeviceStateReason reason, CleanupType cleanu
nm_platform_ip_route_flush(platform, AF_UNSPEC, ifindex);
nm_platform_ip_address_flush(platform, AF_UNSPEC, ifindex);
- nm_platform_tfilter_sync(platform, ifindex, NULL);
- nm_platform_qdisc_sync(platform, ifindex, NULL);
set_ipv6_token(self, iid, "::");
+
+ if (nm_device_get_applied_setting(self, NM_TYPE_SETTING_TC_CONFIG)) {
+ nm_platform_tfilter_sync(platform, ifindex, NULL);
+ nm_platform_qdisc_sync(platform, ifindex, NULL);
+ }
}
}
--
2.31.1
From 450b6aab2ba4221a08e8ce529ec7c16dfb97458b Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Tue, 25 May 2021 18:00:27 +0200
Subject: [PATCH 2/2] ifcfg-rh: preserve an empty tc configuration
If the TC setting contains no qdiscs and filters, it is lost after a
write-read cycle. Fix this by adding a new property to indicate the
presence of the (empty) setting.
(cherry picked from commit 6a88d4e55cf031da2b5a8458d21487a011357da4)
(cherry picked from commit acf0c4df2b0fb0dc332aa929131953390998828f)
---
Makefile.am | 1 +
libnm-core/nm-setting-tc-config.c | 14 +++-
.../plugins/ifcfg-rh/nms-ifcfg-rh-reader.c | 3 +-
.../plugins/ifcfg-rh/nms-ifcfg-rh-utils.c | 1 +
.../plugins/ifcfg-rh/nms-ifcfg-rh-utils.h | 2 +-
.../plugins/ifcfg-rh/nms-ifcfg-rh-writer.c | 38 +++++----
.../ifcfg-test-tc-write-empty.cexpected | 15 ++++
.../plugins/ifcfg-rh/tests/test-ifcfg-rh.c | 80 +++++++++++++++++++
8 files changed, 128 insertions(+), 26 deletions(-)
create mode 100644 src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-tc-write-empty.cexpected
diff --git a/Makefile.am b/Makefile.am
index 9279672c1f..c8e417729b 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -3300,6 +3300,7 @@ EXTRA_DIST += \
src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-static-routes-legacy.cexpected \
src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-tc \
src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-tc-write.cexpected \
+ src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-tc-write-empty.cexpected \
src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-team-master-1 \
src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-team-master-2 \
src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-team-master-invalid \
diff --git a/libnm-core/nm-setting-tc-config.c b/libnm-core/nm-setting-tc-config.c
index 2fad98b1e8..31e829c1d2 100644
--- a/libnm-core/nm-setting-tc-config.c
+++ b/libnm-core/nm-setting-tc-config.c
@@ -1822,8 +1822,11 @@ nm_setting_tc_config_class_init(NMSettingTCConfigClass *klass)
**/
/* ---ifcfg-rh---
* property: qdiscs
- * variable: QDISC1(+), QDISC2(+), ...
- * description: Queueing disciplines
+ * variable: QDISC1(+), QDISC2(+), ..., TC_COMMIT(+)
+ * description: Queueing disciplines to set on the interface. When no
+ * QDISC1, QDISC2, ..., FILTER1, FILTER2, ... keys are present,
+ * NetworkManager doesn't touch qdiscs and filters present on the
+ * interface, unless TC_COMMIT is set to 'yes'.
* example: QDISC1=ingress, QDISC2="root handle 1234: fq_codel"
* ---end---
*/
@@ -1853,8 +1856,11 @@ nm_setting_tc_config_class_init(NMSettingTCConfigClass *klass)
**/
/* ---ifcfg-rh---
* property: qdiscs
- * variable: FILTER1(+), FILTER2(+), ...
- * description: Traffic filters
+ * variable: FILTER1(+), FILTER2(+), ..., TC_COMMIT(+)
+ * description: Traffic filters to set on the interface. When no
+ * QDISC1, QDISC2, ..., FILTER1, FILTER2, ... keys are present,
+ * NetworkManager doesn't touch qdiscs and filters present on the
+ * interface, unless TC_COMMIT is set to 'yes'.
* example: FILTER1="parent ffff: matchall action simple sdata Input", ...
* ---end---
*/
diff --git a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
index 209957d9b8..a42c418884 100644
--- a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
+++ b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
@@ -2707,7 +2707,8 @@ make_tc_setting(shvarFile *ifcfg)
}
if (nm_setting_tc_config_get_num_qdiscs(s_tc) > 0
- || nm_setting_tc_config_get_num_tfilters(s_tc) > 0)
+ || nm_setting_tc_config_get_num_tfilters(s_tc) > 0
+ || svGetValueBoolean(ifcfg, "TC_COMMIT", FALSE))
return NM_SETTING(s_tc);
g_object_unref(s_tc);
diff --git a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.c b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.c
index 8da5de473b..ada1942acb 100644
--- a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.c
+++ b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.c
@@ -1026,6 +1026,7 @@ const NMSIfcfgKeyTypeInfo nms_ifcfg_well_known_keys[] = {
_KEY_TYPE("STABLE_ID", NMS_IFCFG_KEY_TYPE_IS_PLAIN),
_KEY_TYPE("STP", NMS_IFCFG_KEY_TYPE_IS_PLAIN),
_KEY_TYPE("SUBCHANNELS", NMS_IFCFG_KEY_TYPE_IS_PLAIN),
+ _KEY_TYPE("TC_COMMIT", NMS_IFCFG_KEY_TYPE_IS_PLAIN),
_KEY_TYPE("TEAM_CONFIG", NMS_IFCFG_KEY_TYPE_IS_PLAIN),
_KEY_TYPE("TEAM_MASTER", NMS_IFCFG_KEY_TYPE_IS_PLAIN),
_KEY_TYPE("TEAM_MASTER_UUID", NMS_IFCFG_KEY_TYPE_IS_PLAIN),
diff --git a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.h b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.h
index 36ec922514..04a1b63d3e 100644
--- a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.h
+++ b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.h
@@ -33,7 +33,7 @@ typedef struct {
NMSIfcfgKeyTypeFlags key_flags;
} NMSIfcfgKeyTypeInfo;
-extern const NMSIfcfgKeyTypeInfo nms_ifcfg_well_known_keys[247];
+extern const NMSIfcfgKeyTypeInfo nms_ifcfg_well_known_keys[248];
const NMSIfcfgKeyTypeInfo *nms_ifcfg_well_known_key_find_info(const char *key, gssize *out_idx);
diff --git a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
index a968fce0ba..65bacb293a 100644
--- a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
+++ b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
@@ -2511,46 +2511,46 @@ write_sriov_setting(NMConnection *connection, shvarFile *ifcfg)
}
}
-static gboolean
-write_tc_setting(NMConnection *connection, shvarFile *ifcfg, GError **error)
+static void
+write_tc_setting(NMConnection *connection, shvarFile *ifcfg)
{
NMSettingTCConfig *s_tc;
- guint i, num, n;
+ guint num_qdiscs;
+ guint num_filters;
+ guint i;
+ guint n;
char tag[64];
s_tc = nm_connection_get_setting_tc_config(connection);
if (!s_tc)
- return TRUE;
+ return;
- num = nm_setting_tc_config_get_num_qdiscs(s_tc);
- for (n = 1, i = 0; i < num; i++) {
+ num_qdiscs = nm_setting_tc_config_get_num_qdiscs(s_tc);
+ for (n = 1, i = 0; i < num_qdiscs; i++) {
NMTCQdisc * qdisc;
gs_free char *str = NULL;
qdisc = nm_setting_tc_config_get_qdisc(s_tc, i);
- str = nm_utils_tc_qdisc_to_str(qdisc, error);
- if (!str)
- return FALSE;
-
+ str = nm_utils_tc_qdisc_to_str(qdisc, NULL);
+ nm_assert(str);
svSetValueStr(ifcfg, numbered_tag(tag, "QDISC", n), str);
n++;
}
- num = nm_setting_tc_config_get_num_tfilters(s_tc);
- for (n = 1, i = 0; i < num; i++) {
+ num_filters = nm_setting_tc_config_get_num_tfilters(s_tc);
+ for (n = 1, i = 0; i < num_filters; i++) {
NMTCTfilter * tfilter;
gs_free char *str = NULL;
tfilter = nm_setting_tc_config_get_tfilter(s_tc, i);
- str = nm_utils_tc_tfilter_to_str(tfilter, error);
- if (!str)
- return FALSE;
-
+ str = nm_utils_tc_tfilter_to_str(tfilter, NULL);
+ nm_assert(str);
svSetValueStr(ifcfg, numbered_tag(tag, "FILTER", n), str);
n++;
}
- return TRUE;
+ if (num_qdiscs == 0 && num_filters == 0)
+ svSetValueBoolean(ifcfg, "TC_COMMIT", TRUE);
}
static void
@@ -3373,9 +3373,7 @@ do_write_construct(NMConnection * connection,
write_match_setting(connection, ifcfg);
write_hostname_setting(connection, ifcfg);
write_sriov_setting(connection, ifcfg);
-
- if (!write_tc_setting(connection, ifcfg, error))
- return FALSE;
+ write_tc_setting(connection, ifcfg);
route_path_is_svformat = utils_has_route_file_new_syntax(route_path);
diff --git a/src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-tc-write-empty.cexpected b/src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-tc-write-empty.cexpected
new file mode 100644
index 0000000000..4df768b463
--- /dev/null
+++ b/src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-tc-write-empty.cexpected
@@ -0,0 +1,15 @@
+TYPE=Ethernet
+PROXY_METHOD=none
+BROWSER_ONLY=no
+TC_COMMIT=yes
+BOOTPROTO=none
+IPADDR=1.1.1.3
+PREFIX=24
+GATEWAY=1.1.1.1
+DEFROUTE=yes
+IPV4_FAILURE_FATAL=no
+IPV6INIT=no
+NAME="Test Write TC config"
+UUID=${UUID}
+DEVICE=eth0
+ONBOOT=yes
diff --git a/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c b/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c
index 59127d0103..9d9ed62653 100644
--- a/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c
+++ b/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c
@@ -11108,6 +11108,85 @@ test_tc_read(void)
g_object_unref(connection);
}
+static void
+test_tc_write_empty(void)
+{
+ nmtst_auto_unlinkfile char *testfile = NULL;
+ gs_unref_object NMConnection *connection = NULL;
+ gs_unref_object NMConnection *reread = NULL;
+ NMSettingConnection * s_con;
+ NMSettingIPConfig * s_ip4;
+ NMSettingIPConfig * s_ip6;
+ NMSettingWired * s_wired;
+ NMSettingTCConfig * s_tc;
+ NMIPAddress * addr;
+ GError * error = NULL;
+
+ connection = nm_simple_connection_new();
+
+ /* Connection setting */
+ s_con = (NMSettingConnection *) nm_setting_connection_new();
+ nm_connection_add_setting(connection, NM_SETTING(s_con));
+
+ g_object_set(s_con,
+ NM_SETTING_CONNECTION_ID,
+ "Test Write TC config",
+ NM_SETTING_CONNECTION_UUID,
+ nm_utils_uuid_generate_a(),
+ NM_SETTING_CONNECTION_AUTOCONNECT,
+ TRUE,
+ NM_SETTING_CONNECTION_INTERFACE_NAME,
+ "eth0",
+ NM_SETTING_CONNECTION_TYPE,
+ NM_SETTING_WIRED_SETTING_NAME,
+ NULL);
+
+ /* Wired setting */
+ s_wired = (NMSettingWired *) nm_setting_wired_new();
+ nm_connection_add_setting(connection, NM_SETTING(s_wired));
+
+ /* IP4 setting */
+ s_ip4 = (NMSettingIPConfig *) nm_setting_ip4_config_new();
+ nm_connection_add_setting(connection, NM_SETTING(s_ip4));
+
+ g_object_set(s_ip4,
+ NM_SETTING_IP_CONFIG_METHOD,
+ NM_SETTING_IP4_CONFIG_METHOD_MANUAL,
+ NM_SETTING_IP_CONFIG_GATEWAY,
+ "1.1.1.1",
+ NM_SETTING_IP_CONFIG_MAY_FAIL,
+ TRUE,
+ NULL);
+
+ addr = nm_ip_address_new(AF_INET, "1.1.1.3", 24, &error);
+ g_assert_no_error(error);
+ nm_setting_ip_config_add_address(s_ip4, addr);
+ nm_ip_address_unref(addr);
+
+ /* IP6 setting */
+ s_ip6 = (NMSettingIPConfig *) nm_setting_ip6_config_new();
+ nm_connection_add_setting(connection, NM_SETTING(s_ip6));
+
+ g_object_set(s_ip6, NM_SETTING_IP_CONFIG_METHOD, NM_SETTING_IP6_CONFIG_METHOD_IGNORE, NULL);
+
+ /* TC setting */
+ s_tc = (NMSettingTCConfig *) nm_setting_tc_config_new();
+ nm_connection_add_setting(connection, NM_SETTING(s_tc));
+
+ nm_connection_add_setting(connection, nm_setting_proxy_new());
+
+ nmtst_assert_connection_verifies_without_normalization(connection);
+
+ _writer_new_connec_exp(connection,
+ TEST_SCRATCH_DIR,
+ TEST_IFCFG_DIR "/ifcfg-test-tc-write-empty.cexpected",
+ &testfile);
+
+ reread = _connection_from_file(testfile, NULL, TYPE_BOND, NULL);
+
+ nmtst_assert_connection_equals(connection, FALSE, reread, FALSE);
+}
+
static void
test_tc_write(void)
{
@@ -11848,6 +11927,7 @@ main(int argc, char **argv)
g_test_add_func(TPATH "tc/read", test_tc_read);
g_test_add_func(TPATH "tc/write", test_tc_write);
+ g_test_add_func(TPATH "tc/write_empty", test_tc_write_empty);
g_test_add_func(TPATH "utils/test_well_known_keys", test_well_known_keys);
g_test_add_func(TPATH "utils/test_utils_has_route_file_new_syntax",
test_utils_has_route_file_new_syntax);
--
2.31.1

43
SOURCES/1012-prefer-IPv4-to-determine-the-hostname.patch
View File

@ -1,43 +0,0 @@
From 65ea6e97238a76386d0477abc0d22b2227f38d60 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Thu, 17 Jun 2021 11:35:54 +0200
Subject: [PATCH] policy: prefer IPv4 to determine the hostname
When determining the hostname, it is preferable to evaluate devices in
a predictable order to avoid that the hostname changes between
different boots.
The current order is based first on hostname priority, then on the
presence of a best default route, and then on activation order.
The activation order is not a very strong condition, as it is
basically useless for devices that are autoactivated at boot.
As we already prefer IPv4 over IPv6 within the same connection, also
prefer it when 2 connections have the same priority and the same
default route status, to achieve better predictability.
https://bugzilla.redhat.com/show_bug.cgi?id=1970335
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/895
(cherry picked from commit 637a45e25b58afd1ac22af8657121e0956093b61)
(cherry picked from commit 21051dc6d8b87c48fafb44b5cde901633b0a7cd2)
(cherry picked from commit b793925889a3137b77fa2b8679144b1e4948d246)
---
src/core/nm-policy.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/core/nm-policy.c b/src/core/nm-policy.c
index db4983f889..71aa1eceaf 100644
--- a/src/core/nm-policy.c
+++ b/src/core/nm-policy.c
@@ -652,6 +652,7 @@ device_hostname_info_compare(gconstpointer a, gconstpointer b)
NM_CMP_FIELD(info1, info2, priority);
NM_CMP_FIELD_UNSAFE(info2, info1, is_default);
+ NM_CMP_FIELD_UNSAFE(info2, info1, IS_IPv4);
return 0;
}
--
2.31.1

7181
SOURCES/1015-initrd-set-IPv4-required-timeout-rh1961666.patch
View File

File diff suppressed because it is too large Load Diff

461
SOURCES/1016-cloud-setup-azure-fix-gateway-rh1912236.patch
View File

@ -1,461 +0,0 @@
From 302779f46c6d04eb92257606826c97c0e226ff29 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Tue, 20 Apr 2021 13:46:29 +0200
Subject: [PATCH 1/4] cloud-setup: remove redundant check in Azure's
_get_net_ifaces_list_cb()
This condition always true, because there is a check above.
(cherry picked from commit d3f07d5ca2a459e3410611902d2de02bb7be1ae7)
(cherry picked from commit 3256239b1f2b31359861c85c642c7009f07f3797)
---
clients/cloud-setup/nmcs-provider-azure.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/clients/cloud-setup/nmcs-provider-azure.c b/clients/cloud-setup/nmcs-provider-azure.c
index a0e6076fd3..b9c0ffc08a 100644
--- a/clients/cloud-setup/nmcs-provider-azure.c
+++ b/clients/cloud-setup/nmcs-provider-azure.c
@@ -434,7 +434,7 @@ _get_net_ifaces_list_cb(GObject *source, GAsyncResult *result, gpointer user_dat
* extra NULL character after the buffer. */
((char *) line)[line_len] = '\0';
- if (line[line_len - 1] == '/' && line_len != 0)
+ if (line[line_len - 1] == '/')
((char *) line)[--line_len] = '\0';
intern_iface_idx = _nm_utils_ascii_str_to_int64(line, 10, 0, G_MAXSSIZE, -1);
--
2.31.1
From 0b885286ad2a350d14933b54002b943cc032ad96 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Tue, 20 Apr 2021 14:31:58 +0200
Subject: [PATCH 2/4] cloud-setup/azure: cleanup constructing URI in
_get_config_ips_prefix_list_cb()
(cherry picked from commit c9fc3f5b037422e7ead7f5ef1a56fcd2a750d152)
(cherry picked from commit 57c6a4fddc20af78b1594515981d174fa43383c9)
---
clients/cloud-setup/nmcs-provider-azure.c | 58 +++++++++++------------
1 file changed, 27 insertions(+), 31 deletions(-)
diff --git a/clients/cloud-setup/nmcs-provider-azure.c b/clients/cloud-setup/nmcs-provider-azure.c
index b9c0ffc08a..98b34e2960 100644
--- a/clients/cloud-setup/nmcs-provider-azure.c
+++ b/clients/cloud-setup/nmcs-provider-azure.c
@@ -216,6 +216,7 @@ _get_config_ips_prefix_list_cb(GObject *source, GAsyncResult *result, gpointer u
NMCSProviderGetConfigTaskData *get_config_data;
const char * line;
gsize line_len;
+ char iface_idx_str[30];
nm_http_client_poll_get_finish(NM_HTTP_CLIENT(source), result, NULL, &response, &error);
@@ -231,12 +232,16 @@ _get_config_ips_prefix_list_cb(GObject *source, GAsyncResult *result, gpointer u
/* NMHttpClient guarantees that there is a trailing NUL after the data. */
nm_assert(response_str[response_len] == 0);
- nm_assert(!iface_data->iface_get_config->has_ipv4s);
nm_assert(!iface_data->iface_get_config->ipv4s_arr);
+ nm_assert(!iface_data->iface_get_config->has_ipv4s);
nm_assert(!iface_data->iface_get_config->has_cidr);
+ nm_sprintf_buf(iface_idx_str, "%" G_GSSIZE_FORMAT, iface_data->intern_iface_idx);
+
while (nm_utils_parse_next_line(&response_str, &response_len, &line, &line_len)) {
- gint64 ips_prefix_idx;
+ gint64 ips_prefix_idx;
+ gs_free char *uri = NULL;
+ char buf[100];
if (line_len == 0)
continue;
@@ -251,45 +256,36 @@ _get_config_ips_prefix_list_cb(GObject *source, GAsyncResult *result, gpointer u
if (ips_prefix_idx < 0)
continue;
- {
- gs_free const char *uri = NULL;
- char buf[100];
-
- iface_data->n_iface_data_pending++;
-
- nm_http_client_poll_get(
- NM_HTTP_CLIENT(source),
- (uri = _azure_uri_interfaces(nm_sprintf_buf(
- buf,
- "%" G_GSSIZE_FORMAT "/ipv4/ipAddress/%" G_GINT64_FORMAT "/privateIpAddress",
- iface_data->intern_iface_idx,
- ips_prefix_idx))),
- HTTP_TIMEOUT_MS,
- 512 * 1024,
- 10000,
- 1000,
- NM_MAKE_STRV(NM_AZURE_METADATA_HEADER),
- get_config_data->intern_cancellable,
- NULL,
- NULL,
- _get_config_fetch_done_cb_private_ipv4s,
- iface_data);
- }
+ iface_data->n_iface_data_pending++;
+
+ nm_http_client_poll_get(
+ NM_HTTP_CLIENT(source),
+ (uri = _azure_uri_interfaces(iface_idx_str,
+ "/ipv4/ipAddress/",
+ nm_sprintf_buf(buf, "%" G_GINT64_FORMAT, ips_prefix_idx),
+ "/privateIpAddress")),
+ HTTP_TIMEOUT_MS,
+ 512 * 1024,
+ 10000,
+ 1000,
+ NM_MAKE_STRV(NM_AZURE_METADATA_HEADER),
+ get_config_data->intern_cancellable,
+ NULL,
+ NULL,
+ _get_config_fetch_done_cb_private_ipv4s,
+ iface_data);
}
iface_data->iface_get_config->ipv4s_len = 0;
iface_data->iface_get_config->ipv4s_arr = g_new(in_addr_t, iface_data->n_iface_data_pending);
{
- gs_free const char *uri = NULL;
- char buf[30];
+ gs_free char *uri = NULL;
iface_data->n_iface_data_pending++;
nm_http_client_poll_get(
NM_HTTP_CLIENT(source),
- (uri = _azure_uri_interfaces(
- nm_sprintf_buf(buf, "%" G_GSSIZE_FORMAT, iface_data->intern_iface_idx),
- "/ipv4/subnet/0/prefix/")),
+ (uri = _azure_uri_interfaces(iface_idx_str, "/ipv4/subnet/0/prefix/")),
HTTP_TIMEOUT_MS,
512 * 1024,
10000,
--
2.31.1
From 9173aee61c088badbe172019de1f05e20e25aa52 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Tue, 20 Apr 2021 14:56:15 +0200
Subject: [PATCH 3/4] cloud-setup/azure: refactor callback for
_get_config_ips_prefix_list_cb()
(cherry picked from commit 889498c12cc5cd4ab718cbc8adbccc1f197adda5)
(cherry picked from commit 783d470b6f741c79d2b38d229db0338210343a35)
---
clients/cloud-setup/nmcs-provider-azure.c | 75 ++++++++++++-----------
1 file changed, 40 insertions(+), 35 deletions(-)
diff --git a/clients/cloud-setup/nmcs-provider-azure.c b/clients/cloud-setup/nmcs-provider-azure.c
index 98b34e2960..c7dbc712cb 100644
--- a/clients/cloud-setup/nmcs-provider-azure.c
+++ b/clients/cloud-setup/nmcs-provider-azure.c
@@ -93,6 +93,11 @@ detect(NMCSProvider *provider, GTask *task)
/*****************************************************************************/
+typedef enum {
+ GET_CONFIG_FETCH_TYPE_IPV4_IPADDRESS_X_PRIVATEIPADDRESS,
+ GET_CONFIG_FETCH_TYPE_IPV4_SUBNET_0_PREFIX,
+} GetConfigFetchType;
+
typedef struct {
NMCSProviderGetConfigTaskData * get_config_data;
NMCSProviderGetConfigIfaceData *iface_get_config;
@@ -108,25 +113,28 @@ _azure_iface_data_destroy(AzureIfaceData *iface_data)
}
static void
-_get_config_fetch_done_cb(NMHttpClient * http_client,
- GAsyncResult * result,
- AzureIfaceData *iface_data,
- gboolean is_ipv4)
+_get_config_fetch_done_cb(NMHttpClient * http_client,
+ GAsyncResult * result,
+ AzureIfaceData * iface_data,
+ GetConfigFetchType fetch_type)
{
NMCSProviderGetConfigTaskData * get_config_data;
NMCSProviderGetConfigIfaceData *iface_get_config;
gs_unref_bytes GBytes *response = NULL;
gs_free_error GError *error = NULL;
- gs_free char * v_hwaddr = NULL;
const char * resp_str = NULL;
gsize resp_len;
+ char tmp_addr_str[NM_UTILS_INET_ADDRSTRLEN];
+ in_addr_t tmp_addr;
+ int tmp_prefix = -1;
nm_http_client_poll_get_finish(http_client, result, NULL, &response, &error);
if (nm_utils_error_is_cancelled(error))
return;
- get_config_data = iface_data->get_config_data;
+ get_config_data = iface_data->get_config_data;
+ iface_get_config = iface_data->iface_get_config;
if (error)
goto out_done;
@@ -134,36 +142,23 @@ _get_config_fetch_done_cb(NMHttpClient * http_client,
resp_str = g_bytes_get_data(response, &resp_len);
nm_assert(resp_str[resp_len] == '\0');
- v_hwaddr = nmcs_utils_hwaddr_normalize_gbytes(response);
- if (!v_hwaddr) {
- _LOGI("interface[%" G_GSSIZE_FORMAT "]: invalid MAC address returned",
- iface_data->intern_iface_idx);
- error = nm_utils_error_new(NM_UTILS_ERROR_UNKNOWN,
- "invalid MAC address for index %" G_GSSIZE_FORMAT,
- iface_data->intern_iface_idx);
- goto out_done;
- }
-
- iface_data->iface_get_config = g_hash_table_lookup(get_config_data->result_dict, v_hwaddr);
- iface_get_config = iface_data->iface_get_config;
-
- if (is_ipv4) {
- char tmp_addr_str[NM_UTILS_INET_ADDRSTRLEN];
- in_addr_t tmp_addr;
+ switch (fetch_type) {
+ case GET_CONFIG_FETCH_TYPE_IPV4_IPADDRESS_X_PRIVATEIPADDRESS:
if (!nmcs_utils_ipaddr_normalize_bin(AF_INET, resp_str, resp_len, NULL, &tmp_addr)) {
error =
nm_utils_error_new(NM_UTILS_ERROR_UNKNOWN, "ip is not a valid private ip address");
goto out_done;
}
- _LOGD("interface[%" G_GSSIZE_FORMAT "]: adding private ip %s",
+ _LOGD("interface[%" G_GSSIZE_FORMAT "]: received address %s",
iface_data->intern_iface_idx,
_nm_utils_inet4_ntop(tmp_addr, tmp_addr_str));
iface_get_config->ipv4s_arr[iface_get_config->ipv4s_len] = tmp_addr;
iface_get_config->has_ipv4s = TRUE;
iface_get_config->ipv4s_len++;
- } else {
- int tmp_prefix;
+ break;
+
+ case GET_CONFIG_FETCH_TYPE_IPV4_SUBNET_0_PREFIX:
tmp_prefix = _nm_utils_ascii_str_to_int64_bin(resp_str, resp_len, 10, 0, 32, -1);
if (tmp_prefix == -1) {
@@ -173,11 +168,11 @@ _get_config_fetch_done_cb(NMHttpClient * http_client,
goto out_done;
}
- _LOGD("interface[%" G_GSSIZE_FORMAT "]: adding prefix %d",
+ _LOGD("interface[%" G_GSSIZE_FORMAT "]: received subnet prefix %d",
iface_data->intern_iface_idx,
tmp_prefix);
iface_get_config->cidr_prefix = tmp_prefix;
- iface_get_config->has_cidr = TRUE;
+ break;
}
out_done:
@@ -192,17 +187,25 @@ out_done:
}
static void
-_get_config_fetch_done_cb_private_ipv4s(GObject *source, GAsyncResult *result, gpointer user_data)
+_get_config_fetch_done_cb_ipv4_ipaddress_x_privateipaddress(GObject * source,
+ GAsyncResult *result,
+ gpointer user_data)
{
- _get_config_fetch_done_cb(NM_HTTP_CLIENT(source), result, user_data, TRUE);
+ _get_config_fetch_done_cb(NM_HTTP_CLIENT(source),
+ result,
+ user_data,
+ GET_CONFIG_FETCH_TYPE_IPV4_IPADDRESS_X_PRIVATEIPADDRESS);
}
static void
-_get_config_fetch_done_cb_subnet_cidr_prefix(GObject * source,
- GAsyncResult *result,
- gpointer user_data)
+_get_config_fetch_done_cb_ipv4_subnet_0_prefix(GObject * source,
+ GAsyncResult *result,
+ gpointer user_data)
{
- _get_config_fetch_done_cb(NM_HTTP_CLIENT(source), result, user_data, FALSE);
+ _get_config_fetch_done_cb(NM_HTTP_CLIENT(source),
+ result,
+ user_data,
+ GET_CONFIG_FETCH_TYPE_IPV4_SUBNET_0_PREFIX);
}
static void
@@ -245,6 +248,7 @@ _get_config_ips_prefix_list_cb(GObject *source, GAsyncResult *result, gpointer u
if (line_len == 0)
continue;
+
/* Truncate the string. It's safe to do, because we own @response an it has an
* extra NULL character after the buffer. */
((char *) line)[line_len] = '\0';
@@ -253,6 +257,7 @@ _get_config_ips_prefix_list_cb(GObject *source, GAsyncResult *result, gpointer u
((char *) line)[--line_len] = '\0';
ips_prefix_idx = _nm_utils_ascii_str_to_int64(line, 10, 0, G_MAXINT64, -1);
+
if (ips_prefix_idx < 0)
continue;
@@ -272,7 +277,7 @@ _get_config_ips_prefix_list_cb(GObject *source, GAsyncResult *result, gpointer u
get_config_data->intern_cancellable,
NULL,
NULL,
- _get_config_fetch_done_cb_private_ipv4s,
+ _get_config_fetch_done_cb_ipv4_ipaddress_x_privateipaddress,
iface_data);
}
@@ -294,7 +299,7 @@ _get_config_ips_prefix_list_cb(GObject *source, GAsyncResult *result, gpointer u
get_config_data->intern_cancellable,
NULL,
NULL,
- _get_config_fetch_done_cb_subnet_cidr_prefix,
+ _get_config_fetch_done_cb_ipv4_subnet_0_prefix,
iface_data);
}
return;
--
2.31.1
From ff2c2c4cabefc178767c4f535b9c82da7d765d6e Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Tue, 20 Apr 2021 10:52:04 +0200
Subject: [PATCH 4/4] cloud-setup/azure: fix detecting the gateway address
The code never set "iface_get_config->cidr_addr", despite
setting "cidr_prefix" and "has_cidr". As a result, cloud-setup
would think that the subnet is "0.0.0.0/$PLEN", and calculate
the gateway as "0.0.0.1".
As a result it would add a default route to table 30400 via 0.0.0.1,
which is obviously wrong.
How to detect the right gateway? Let's try obtain the subnet also via
the meta data. That seems mostly correct, except that we only access
subnet at index 0. What if there are multiple ones? I don't know.
https://bugzilla.redhat.com/show_bug.cgi?id=1912236
(cherry picked from commit c2629f72b0e6b438bf3f2b93967f58c9defafea6)
(cherry picked from commit 5d112092bc184ac284cb7f6c5fda68fcd5f5cd22)
---
clients/cloud-setup/nmcs-provider-azure.c | 45 +++++++++++++++++++++++
man/nm-cloud-setup.xml | 4 +-
2 files changed, 48 insertions(+), 1 deletion(-)
diff --git a/clients/cloud-setup/nmcs-provider-azure.c b/clients/cloud-setup/nmcs-provider-azure.c
index c7dbc712cb..28019bac42 100644
--- a/clients/cloud-setup/nmcs-provider-azure.c
+++ b/clients/cloud-setup/nmcs-provider-azure.c
@@ -95,6 +95,7 @@ detect(NMCSProvider *provider, GTask *task)
typedef enum {
GET_CONFIG_FETCH_TYPE_IPV4_IPADDRESS_X_PRIVATEIPADDRESS,
+ GET_CONFIG_FETCH_TYPE_IPV4_SUBNET_0_ADDRESS,
GET_CONFIG_FETCH_TYPE_IPV4_SUBNET_0_PREFIX,
} GetConfigFetchType;
@@ -158,6 +159,18 @@ _get_config_fetch_done_cb(NMHttpClient * http_client,
iface_get_config->ipv4s_len++;
break;
+ case GET_CONFIG_FETCH_TYPE_IPV4_SUBNET_0_ADDRESS:
+
+ if (!nmcs_utils_ipaddr_normalize_bin(AF_INET, resp_str, resp_len, NULL, &tmp_addr)) {
+ error = nm_utils_error_new(NM_UTILS_ERROR_UNKNOWN, "ip is not a subnet address");
+ goto out_done;
+ }
+ _LOGD("interface[%" G_GSSIZE_FORMAT "]: received subnet address %s",
+ iface_data->intern_iface_idx,
+ _nm_utils_inet4_ntop(tmp_addr, tmp_addr_str));
+ iface_get_config->cidr_addr = tmp_addr;
+ break;
+
case GET_CONFIG_FETCH_TYPE_IPV4_SUBNET_0_PREFIX:
tmp_prefix = _nm_utils_ascii_str_to_int64_bin(resp_str, resp_len, 10, 0, 32, -1);
@@ -180,6 +193,10 @@ out_done:
--iface_data->n_iface_data_pending;
if (iface_data->n_iface_data_pending > 0)
return;
+
+ /* we surely have cidr_addr and cidr_prefix, otherwise
+ * we would have errored out above. */
+ iface_get_config->has_cidr = TRUE;
}
--get_config_data->n_pending;
@@ -197,6 +214,17 @@ _get_config_fetch_done_cb_ipv4_ipaddress_x_privateipaddress(GObject * source
GET_CONFIG_FETCH_TYPE_IPV4_IPADDRESS_X_PRIVATEIPADDRESS);
}
+static void
+_get_config_fetch_done_cb_ipv4_subnet_0_address(GObject * source,
+ GAsyncResult *result,
+ gpointer user_data)
+{
+ _get_config_fetch_done_cb(NM_HTTP_CLIENT(source),
+ result,
+ user_data,
+ GET_CONFIG_FETCH_TYPE_IPV4_SUBNET_0_ADDRESS);
+}
+
static void
_get_config_fetch_done_cb_ipv4_subnet_0_prefix(GObject * source,
GAsyncResult *result,
@@ -287,6 +315,23 @@ _get_config_ips_prefix_list_cb(GObject *source, GAsyncResult *result, gpointer u
{
gs_free char *uri = NULL;
+ iface_data->n_iface_data_pending++;
+ nm_http_client_poll_get(
+ NM_HTTP_CLIENT(source),
+ (uri = _azure_uri_interfaces(iface_idx_str, "/ipv4/subnet/0/address/")),
+ HTTP_TIMEOUT_MS,
+ 512 * 1024,
+ 10000,
+ 1000,
+ NM_MAKE_STRV(NM_AZURE_METADATA_HEADER),
+ get_config_data->intern_cancellable,
+ NULL,
+ NULL,
+ _get_config_fetch_done_cb_ipv4_subnet_0_address,
+ iface_data);
+
+ nm_clear_g_free(&uri);
+
iface_data->n_iface_data_pending++;
nm_http_client_poll_get(
NM_HTTP_CLIENT(source),
diff --git a/man/nm-cloud-setup.xml b/man/nm-cloud-setup.xml
index 4ae4042f84..a4ed737bc5 100644
--- a/man/nm-cloud-setup.xml
+++ b/man/nm-cloud-setup.xml
@@ -329,7 +329,9 @@
<listitem>
<para>Then, for each IP address index fetch the address at
<literal>http://169.254.169.254/metadata/instance/network/interface/$IFACE_INDEX/ipv4/ipAddress/$ADDR_INDEX/privateIpAddress?format=text&amp;api-version=2017-04-02</literal>.
- Also fetch the size of the subnet (the netmask) for the interface from
+ Also fetch the size of the subnet and prefix for the interface from
+ <literal>http://169.254.169.254/metadata/instance/network/interface/$IFACE_INDEX/ipv4/subnet/0/address/?format=text&amp;api-version=2017-04-02</literal>.
+ and
<literal>http://169.254.169.254/metadata/instance/network/interface/$IFACE_INDEX/ipv4/subnet/0/prefix/?format=text&amp;api-version=2017-04-02</literal>.
</para>
</listitem>
--
2.31.1

104
SOURCES/9999-fix-pregen-doc.patch
View File

@ -1,7 +1,7 @@
From ce8ee35cb4e94e85ac1ecb268c6fa1ea14b1ae8d Mon Sep 17 00:00:00 2001
From 7423b47a3333b09fce9ddce33041e5dbdbb4c7e6 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Tue, 27 Aug 2019 15:47:32 +0200
Subject: [PATCH 1/1] patch documentation with the proper default values
Subject: [PATCH] patch documentation with the proper default values
We don't regenerate the documentation for RHEL builds, but
the docs from the tarball are generated with a certain set
@ -9,15 +9,21 @@ of defaults.
Patch the man pages with the proper values.
---
docs/api/html/NetworkManager.conf.html | 2 +-
man/NetworkManager.conf.5 | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
docs/api/html/NetworkManager.conf.html | 2 +-
docs/api/html/nm-settings-nmcli.html | 2 +-
man/NetworkManager.conf.5 | 2 +-
man/nm-settings-nmcli.5 | 2 +-
man/nm-settings-nmcli.xml | 2 +-
src/libnm-client-impl/nm-property-infos-nmcli.xml | 2 +-
src/libnmc-setting/settings-docs.h | 2 +-
src/nmcli/generate-docs-nm-settings-nmcli.xml | 2 +-
8 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/docs/api/html/NetworkManager.conf.html b/docs/api/html/NetworkManager.conf.html
index 44b25c4cbc9d..1ee9c2fb1e83 100644
index e8efb5e7fe7d..f432f6736691 100644
--- a/docs/api/html/NetworkManager.conf.html
+++ b/docs/api/html/NetworkManager.conf.html
@@ -574,7 +574,7 @@ unmanaged-devices=mac:00:22:68:1c:59:b1;mac:00:1E:65:30:D1:C4;interface-name:eth
@@ -658,7 +658,7 @@ unmanaged-devices=mac:00:22:68:1c:59:b1;mac:00:1E:65:30:D1:C4;interface-name:eth
are "<code class="literal">syslog</code>" and "<code class="literal">journal</code>".
When NetworkManager is started with "<code class="literal">--debug</code>"
in addition all messages will be printed to stderr.
@ -26,11 +32,24 @@ index 44b25c4cbc9d..1ee9c2fb1e83 100644
</p></td>
</tr>
<tr>
diff --git a/docs/api/html/nm-settings-nmcli.html b/docs/api/html/nm-settings-nmcli.html
index e221ce1496fa..1ce647f7bf7d 100644
--- a/docs/api/html/nm-settings-nmcli.html
+++ b/docs/api/html/nm-settings-nmcli.html
@@ -1955,7 +1955,7 @@
<td>
<p>
Alias: ip4</p>
-<p>A list of IPv4 addresses and their prefix length. Multiple addresses can be separated by comma. For example "192.168.1.5/24, 10.1.0.5/24". The addresses are listed in increasing priority, meaning the last address will be the primary address.</p>
+<p>A list of IPv4 addresses and their prefix length. Multiple addresses can be separated by comma. For example "192.168.1.5/24, 10.1.0.5/24". The addresses are listed in decreasing priority, meaning the first address will be the primary address.</p>
<p>
Format: a comma separated list of addresses</p>
</td>
diff --git a/man/NetworkManager.conf.5 b/man/NetworkManager.conf.5
index 396267e3ec09..7702b84b04fc 100644
index 33850bb0e398..cd0379806b29 100644
--- a/man/NetworkManager.conf.5
+++ b/man/NetworkManager.conf.5
@@ -598,7 +598,7 @@ INFO\&.
@@ -664,7 +664,7 @@ INFO\&.
.PP
\fIbackend\fR
.RS 4
@ -39,6 +58,71 @@ index 396267e3ec09..7702b84b04fc 100644
.RE
.PP
\fIaudit\fR
diff --git a/man/nm-settings-nmcli.5 b/man/nm-settings-nmcli.5
index 2d9c067a4679..d3a03d306a1d 100644
--- a/man/nm-settings-nmcli.5
+++ b/man/nm-settings-nmcli.5
@@ -1655,7 +1655,7 @@ Properties:
.RS 4
Alias: ip4
.sp
-A list of IPv4 addresses and their prefix length\&. Multiple addresses can be separated by comma\&. For example "192\&.168\&.1\&.5/24, 10\&.1\&.0\&.5/24"\&. The addresses are listed in increasing priority, meaning the last address will be the primary address\&.
+A list of IPv4 addresses and their prefix length\&. Multiple addresses can be separated by comma\&. For example "192\&.168\&.1\&.5/24, 10\&.1\&.0\&.5/24"\&. The addresses are listed in decreasing priority, meaning the first address will be the primary address\&.
.sp
Format: a comma separated list of addresses
.RE
diff --git a/man/nm-settings-nmcli.xml b/man/nm-settings-nmcli.xml
index 258e4135009b..199e49e91794 100644
--- a/man/nm-settings-nmcli.xml
+++ b/man/nm-settings-nmcli.xml
@@ -274,7 +274,7 @@
Format: string</para></listitem></varlistentry></variablelist></para></refsect2><refsect2><title>ipv4 setting</title><para>IPv4 Settings.</para><para>
Properties:
<variablelist><varlistentry><term><option id="nm-settings-nmcli.property.ipv4.addresses">addresses</option></term><listitem><para>
- Alias: ip4</para><para>A list of IPv4 addresses and their prefix length. Multiple addresses can be separated by comma. For example "192.168.1.5/24, 10.1.0.5/24". The addresses are listed in increasing priority, meaning the last address will be the primary address.</para><para>
+ Alias: ip4</para><para>A list of IPv4 addresses and their prefix length. Multiple addresses can be separated by comma. For example "192.168.1.5/24, 10.1.0.5/24". The addresses are listed in decreasing priority, meaning the first address will be the primary address.</para><para>
Format: a comma separated list of addresses</para></listitem></varlistentry><varlistentry><term><option id="nm-settings-nmcli.property.ipv4.dad-timeout">dad-timeout</option></term><listitem><para>Timeout in milliseconds used to check for the presence of duplicate IP addresses on the network. If an address conflict is detected, the activation will fail. A zero value means that no duplicate address detection is performed, -1 means the default value (either configuration ipvx.dad-timeout override or zero). A value greater than zero is a timeout in milliseconds. The property is currently implemented only for IPv4.</para><para>
Format: int32</para></listitem></varlistentry><varlistentry><term><option id="nm-settings-nmcli.property.ipv4.dhcp-client-id">dhcp-client-id</option></term><listitem><para>A string sent to the DHCP server to identify the local machine which the DHCP server may use to customize the DHCP lease and options. When the property is a hex string ('aa:bb:cc') it is interpreted as a binary client ID, in which case the first byte is assumed to be the 'type' field as per RFC 2132 section 9.14 and the remaining bytes may be an hardware address (e.g. '01:xx:xx:xx:xx:xx:xx' where 1 is the Ethernet ARP type and the rest is a MAC address). If the property is not a hex string it is considered as a non-hardware-address client ID and the 'type' field is set to 0. The special values "mac" and "perm-mac" are supported, which use the current or permanent MAC address of the device to generate a client identifier with type ethernet (01). Currently, these options only work for ethernet type of links. The special value "ipv6-duid" uses the DUID from "ipv6.dhcp-duid" property as an RFC4361-compliant client identifier. As IAID it uses "ipv4.dhcp-iaid" and falls back to "ipv6.dhcp-iaid" if unset. The special value "duid" generates a RFC4361-compliant client identifier based on "ipv4.dhcp-iaid" and uses a DUID generated by hashing /etc/machine-id. The special value "stable" is supported to generate a type 0 client identifier based on the stable-id (see connection.stable-id) and a per-host key. If you set the stable-id, you may want to include the "${DEVICE}" or "${MAC}" specifier to get a per-device key. If unset, a globally configured default is used. If still unset, the default depends on the DHCP plugin.</para><para>
Format: string</para></listitem></varlistentry><varlistentry><term><option id="nm-settings-nmcli.property.ipv4.dhcp-fqdn">dhcp-fqdn</option></term><listitem><para>If the "dhcp-send-hostname" property is TRUE, then the specified FQDN will be sent to the DHCP server when acquiring a lease. This property and "dhcp-hostname" are mutually exclusive and cannot be set at the same time.</para><para>
diff --git a/src/libnm-client-impl/nm-property-infos-nmcli.xml b/src/libnm-client-impl/nm-property-infos-nmcli.xml
index b771b74c5909..d6aa8a80c8e3 100644
--- a/src/libnm-client-impl/nm-property-infos-nmcli.xml
+++ b/src/libnm-client-impl/nm-property-infos-nmcli.xml
@@ -34,7 +34,7 @@
<setting name="ip-tunnel">
</setting>
<setting name="ipv4">
-<property name="addresses" variable="addresses" format="a comma separated list of addresses" values="" default="" example="" description="A list of IPv4 addresses and their prefix length. Multiple addresses can be separated by comma. For example &quot;192.168.1.5/24, 10.1.0.5/24&quot;. The addresses are listed in increasing priority, meaning the last address will be the primary address." />
+<property name="addresses" variable="addresses" format="a comma separated list of addresses" values="" default="" example="" description="A list of IPv4 addresses and their prefix length. Multiple addresses can be separated by comma. For example &quot;192.168.1.5/24, 10.1.0.5/24&quot;. The addresses are listed in decreasing priority, meaning the first address will be the primary address." />
<property name="routes" variable="routes" format="a comma separated list of routes" values="" default="" example="" description="A list of IPv4 destination addresses, prefix length, optional IPv4 next hop addresses, optional route metric, optional attribute. The valid syntax is: &quot;ip[/prefix] [next-hop] [metric] [attribute=val]...[,ip[/prefix]...]&quot;. For example &quot;192.0.2.0/24 10.1.1.1 77, 198.51.100.0/24&quot;." />
</setting>
<setting name="ipv6">
diff --git a/src/libnmc-setting/settings-docs.h b/src/libnmc-setting/settings-docs.h
index 12625d445966..85c5aca1e4c8 100644
--- a/src/libnmc-setting/settings-docs.h
+++ b/src/libnmc-setting/settings-docs.h
@@ -226,7 +226,7 @@
#define DESCRIBE_DOC_NM_SETTING_IP_TUNNEL_REMOTE N_("The remote endpoint of the tunnel; the value must contain an IPv4 or IPv6 address.")
#define DESCRIBE_DOC_NM_SETTING_IP_TUNNEL_TOS N_("The type of service (IPv4) or traffic class (IPv6) field to be set on tunneled packets.")
#define DESCRIBE_DOC_NM_SETTING_IP_TUNNEL_TTL N_("The TTL to assign to tunneled packets. 0 is a special value meaning that packets inherit the TTL value.")
-#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_ADDRESSES N_("A list of IPv4 addresses and their prefix length. Multiple addresses can be separated by comma. For example \"192.168.1.5/24, 10.1.0.5/24\". The addresses are listed in increasing priority, meaning the last address will be the primary address.")
+#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_ADDRESSES N_("A list of IPv4 addresses and their prefix length. Multiple addresses can be separated by comma. For example \"192.168.1.5/24, 10.1.0.5/24\". The addresses are listed in decreasing priority, meaning the first address will be the primary address.")
#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DAD_TIMEOUT N_("Timeout in milliseconds used to check for the presence of duplicate IP addresses on the network. If an address conflict is detected, the activation will fail. A zero value means that no duplicate address detection is performed, -1 means the default value (either configuration ipvx.dad-timeout override or zero). A value greater than zero is a timeout in milliseconds. The property is currently implemented only for IPv4.")
#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DHCP_CLIENT_ID N_("A string sent to the DHCP server to identify the local machine which the DHCP server may use to customize the DHCP lease and options. When the property is a hex string ('aa:bb:cc') it is interpreted as a binary client ID, in which case the first byte is assumed to be the 'type' field as per RFC 2132 section 9.14 and the remaining bytes may be an hardware address (e.g. '01:xx:xx:xx:xx:xx:xx' where 1 is the Ethernet ARP type and the rest is a MAC address). If the property is not a hex string it is considered as a non-hardware-address client ID and the 'type' field is set to 0. The special values \"mac\" and \"perm-mac\" are supported, which use the current or permanent MAC address of the device to generate a client identifier with type ethernet (01). Currently, these options only work for ethernet type of links. The special value \"ipv6-duid\" uses the DUID from \"ipv6.dhcp-duid\" property as an RFC4361-compliant client identifier. As IAID it uses \"ipv4.dhcp-iaid\" and falls back to \"ipv6.dhcp-iaid\" if unset. The special value \"duid\" generates a RFC4361-compliant client identifier based on \"ipv4.dhcp-iaid\" and uses a DUID generated by hashing /etc/machine-id. The special value \"stable\" is supported to generate a type 0 client identifier based on the stable-id (see connection.stable-id) and a per-host key. If you set the stable-id, you may want to include the \"${DEVICE}\" or \"${MAC}\" specifier to get a per-device key. If unset, a globally configured default is used. If still unset, the default depends on the DHCP plugin.")
#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DHCP_FQDN N_("If the \"dhcp-send-hostname\" property is TRUE, then the specified FQDN will be sent to the DHCP server when acquiring a lease. This property and \"dhcp-hostname\" are mutually exclusive and cannot be set at the same time.")
diff --git a/src/nmcli/generate-docs-nm-settings-nmcli.xml b/src/nmcli/generate-docs-nm-settings-nmcli.xml
index 88803094d6ce..ca5225ba2811 100644
--- a/src/nmcli/generate-docs-nm-settings-nmcli.xml
+++ b/src/nmcli/generate-docs-nm-settings-nmcli.xml
@@ -650,7 +650,7 @@
description="DNS servers priority. The relative priority for DNS servers specified by this setting. A lower numerical value is better (higher priority). Negative values have the special effect of excluding other configurations with a greater numerical priority value; so in presence of at least one negative priority, only DNS servers from connections with the lowest priority value will be used. To avoid all DNS leaks, set the priority of the profile that should be used to the most negative value of all active connections profiles. Zero selects a globally configured default value. If the latter is missing or zero too, it defaults to 50 for VPNs (including WireGuard) and 100 for other connections. Note that the priority is to order DNS settings for multiple active connections. It does not disambiguate multiple DNS servers within the same connection profile. When multiple devices have configurations with the same priority, VPNs will be considered first, then devices with the best (lowest metric) default route and then all other devices. When using dns=default, servers with higher priority will be on top of resolv.conf. To prioritize a given server over another one within the same connection, just specify them in the desired order. Note that commonly the resolver tries name servers in /etc/resolv.conf in the order listed, proceeding with the next server in the list on failure. See for example the &quot;rotate&quot; option of the dns-options setting. If there are any negative DNS priorities, then only name servers from the devices with that lowest priority will be considered. When using a DNS resolver that supports Conditional Forwarding or Split DNS (with dns=dnsmasq or dns=systemd-resolved settings), each connection is used to query domains in its search list. The search domains determine which name servers to ask, and the DNS priority is used to prioritize name servers based on the domain. Queries for domains not present in any search list are routed through connections having the &apos;~.&apos; special wildcard domain, which is added automatically to connections with the default route (or can be added manually). When multiple connections specify the same domain, the one with the best priority (lowest numerical value) wins. If a sub domain is configured on another interface it will be accepted regardless the priority, unless parent domain on the other interface has a negative priority, which causes the sub domain to be shadowed. With Split DNS one can avoid undesired DNS leaks by properly configuring DNS priorities and the search domains, so that only name servers of the desired interface are configured." />
<property name="addresses"
alias="ip4"
- description="A list of IPv4 addresses and their prefix length. Multiple addresses can be separated by comma. For example &quot;192.168.1.5/24, 10.1.0.5/24&quot;. The addresses are listed in increasing priority, meaning the last address will be the primary address." />
+ description="A list of IPv4 addresses and their prefix length. Multiple addresses can be separated by comma. For example &quot;192.168.1.5/24, 10.1.0.5/24&quot;. The addresses are listed in decreasing priority, meaning the first address will be the primary address." />
<property name="gateway"
alias="gw4"
description="The gateway associated with this configuration. This is only meaningful if &quot;addresses&quot; is also set. The gateway&apos;s main purpose is to control the next hop of the standard default route on the device. Hence, the gateway property conflicts with &quot;never-default&quot; and will be automatically dropped if the IP configuration is set to never-default. As an alternative to set the gateway, configure a static default route with /0 as prefix length." />
--
2.26.2
2.31.1

24
SOURCES/NetworkManager.conf
View File

@ -3,20 +3,18 @@
# See "man 5 NetworkManager.conf" for details.
#
# The directories /usr/lib/NetworkManager/conf.d/ and /run/NetworkManager/conf.d/
# can contain additional configuration snippets installed by packages. These files are
# can contain additional .conf snippets installed by packages. These files are
# read before NetworkManager.conf and have thus lowest priority.
# The directory /etc/NetworkManager/conf.d/ can contain additional configuration
# The directory /etc/NetworkManager/conf.d/ can contain additional .conf
# snippets. Those snippets are merged last and overwrite the settings from this main
# file.
#
# The files within one conf.d/ directory are read in asciibetical order.
#
# If /etc/NetworkManager/conf.d/ contains a file with the same name as
# /usr/lib/NetworkManager/conf.d/, the latter file is shadowed and thus ignored.
# Hence, to disable loading a file from /usr/lib/NetworkManager/conf.d/ you can
# put an empty file to /etc with the same name. The same applies with respect
# to the directory /run/NetworkManager/conf.d where files in /run shadow
# /usr/lib and are themselves shadowed by files under /etc.
# You can prevent loading a file /usr/lib/NetworkManager/conf.d/NAME.conf
# by having a file NAME.conf in either /run/NetworkManager/conf.d/ or /etc/NetworkManager/conf.d/.
# Likewise, snippets from /run can be prevented from loading by placing
# a file with the same name in /etc/NetworkManager/conf.d/.
#
# If two files define the same key, the one that is read afterwards will overwrite
# the previous one.
@ -30,8 +28,7 @@
#
# Logfiles contain no passwords and little sensitive information. But please
# check before posting the file online. You can also personally hand over the
# logfile to a NM developer to treat it confidential. Meet us on #nm on freenode.
# Please post full logfiles except minimal modifications of private data.
# logfile to a NM developer to treat it confidential. Meet us on #nm on Libera.Chat.
#
# You can also change the log-level at runtime via
# $ nmcli general logging level TRACE domains ALL
@ -42,9 +39,14 @@
# You will find the logfiles in syslog, for example via
# $ journalctl -u NetworkManager
#
# Please post full logfiles for bug reports without pre-filtering or truncation.
# Also, for debugging the entire `journalctl` output can be interesting. Don't
# limit unnecessarily with `journalctl -u`. Exceptions are if you are worried
# about private data. Check before posting logfiles!
#
# Note that debug logging of NetworkManager can be quite verbose. Some messages
# might be rate-limited by the logging daemon (see RateLimitIntervalSec, RateLimitBurst
# in man journald.conf). Please disable rate-limiting before collecting debug logs.
# in man journald.conf). Please disable rate-limiting before collecting debug logs!
#
#level=TRACE
#domains=ALL

156
SPECS/NetworkManager.spec
View File

@ -5,9 +5,9 @@
%global glib2_version %(pkg-config --modversion glib-2.0 2>/dev/null || echo bad)
%global epoch_version 1
%global rpm_version 1.30.0
%global real_version 1.30.0
%global release_version 13
%global rpm_version 1.32.10
%global real_version 1.32.10
%global release_version 4
%global snapshot %{nil}
%global git_sha %{nil}
@ -60,10 +60,8 @@
%bcond_without ppp
%bcond_without nmtui
%bcond_without nm_cloud_setup
# on RHEL we don't regenerate the documentation
%bcond_with regen_docs
%if %{bcond_default_debug}
%bcond_without debug
%else
@ -108,7 +106,7 @@
###############################################################################
%if 0%{?fedora}
%if 0%{?fedora} || 0%{?rhel} > 7
%global dbus_version 1.9.18
%global dbus_sys_dir %{_datadir}/dbus-1/system.d
%else
@ -116,6 +114,14 @@
%global dbus_sys_dir %{_sysconfdir}/dbus-1/system.d
%endif
# Older libndp versions use select() (rh#1933041). On well known distros,
# choose a version that has the necessary fix.
%if 0%{?rhel} && 0%{?rhel} == 8
%global libndp_version 1.7-4
%else
%global libndp_version %{nil}
%endif
%if %{with bluetooth} || %{with wwan}
%global with_modem_manager_1 1
%else
@ -184,25 +190,13 @@ Source6: 70-nm-connectivity.conf
# These are not bugfixes, hence they are also relevant after
# the next rebase of the source tarball.
Patch1: 0001-cloud-setup-systemd-unit-rh1791758.patch
Patch2: 0002-firewall-Default-to-iptables-backend-to-preserve-behavior.patch
# Bugfixes that are only relevant until next rebase of the package.
Patch1000: 1000-bond-avoid-logging-warning-to-set-ad_actor_system-00.patch
Patch1001: 1001-core-increase-limit-of-open-file-descriptors-for-Net.patch
Patch1002: 1002-initrd-apply-mtu-to-bond-connection.patch
Patch1003: 1003-bond-only-restore-mac-if-cloned.patch
Patch1004: 1004-fix-handling-generated-local-routes-rh1907661.patch
Patch1005: 1005-initrd-fix-crash-parsing-empty-rd.znet-argument.patch
Patch1006: 1006-core-fix-crash-in-nm_wildcard_match_check.patch
Patch1007: 1007-initrd-multiconnect-single-for-manual-ip-rh1915493.patch
Patch1008: 1008-manager-fix-active_connection_find.patch
Patch1009: 1009-bond-support-tlb_dynamic_lb-in-balance-alb-mode.patch
Patch1010: 1010-manager-delete-default-connection-when-veth-removed.patch
Patch1011: 1011-don-t-touch-device-tc-config-by-default-rh1928078.patch
Patch1012: 1012-prefer-IPv4-to-determine-the-hostname.patch
Patch1013: 1013-platform-preserve-IPv6-multicast-route-added-by-kern.patch
Patch1014: 1014-default-route-inter-feres-with-other-subnets-on-the-VM.patch
Patch1015: 1015-initrd-set-IPv4-required-timeout-rh1961666.patch
Patch1016: 1016-cloud-setup-azure-fix-gateway-rh1912236.patch
Patch1000: 1000-platform-fix-capturing-addresses-from-platform-for-assuming-after-restart.patch
Patch1001: 1001-nmcli-docs-fix-address-order-in-ipv46-addresses-documentation-for-nm-settings-nmcli.patch
Patch1002: 1002-preserve-IPv6-multicast-route-rh2004212.patch
Patch1003: 1003-cloud-setup-better-handle-other-routes-rh1977984.patch
# The pregenerated docs contain default values and paths that depend
# on the configure options when creating the source tarball.
@ -219,8 +213,9 @@ Requires(postun): systemd
Requires: dbus >= %{dbus_version}
Requires: glib2 >= %{glib2_version}
Requires: %{name}-libnm%{?_isa} = %{epoch}:%{version}-%{release}
Requires: libndp >= 1.7-4
Obsoletes: dhcdbd
%if "%{libndp_version}" != ""
Requires: libndp >= %{libndp_version}
%endif
Obsoletes: NetworkManager < %{obsoletes_device_plugins}
Obsoletes: NetworkManager < %{obsoletes_ppp_plugin}
Obsoletes: NetworkManager-wimax < 1.2
@ -269,7 +264,6 @@ BuildRequires: gtk-doc
BuildRequires: libudev-devel
BuildRequires: libuuid-devel
BuildRequires: /usr/bin/valac
BuildRequires: iptables
BuildRequires: libxslt
%if %{with bluetooth}
BuildRequires: bluez-libs-devel
@ -327,7 +321,7 @@ Provides: %{name}-dispatcher%{?_isa} = %{epoch}:%{version}-%{release}
# that the scripts that would parse the SPEC file naively would be unlikely
# to fail. Refer to git log for the real date and commit number of last
# synchronization:
# https://gitlab.freedesktop.org/NetworkManager/NetworkManager/commits/master/src/systemd
# https://gitlab.freedesktop.org/NetworkManager/NetworkManager/commits/main/src/
Provides: bundled(systemd) = 0
@ -345,7 +339,6 @@ Summary: ADSL device plugin for NetworkManager
Group: System Environment/Base
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
Obsoletes: NetworkManager < %{obsoletes_device_plugins}
Obsoletes: NetworkManager-atm
%description adsl
This package contains NetworkManager support for ADSL devices.
@ -365,7 +358,6 @@ Requires: NetworkManager-wwan = %{epoch}:%{version}-%{release}
Requires: bluez >= 4.101-5
%endif
Obsoletes: NetworkManager < %{obsoletes_device_plugins}
Obsoletes: NetworkManager-bt
%description bluetooth
This package contains NetworkManager support for Bluetooth devices.
@ -470,7 +462,7 @@ This package contains NetworkManager support for PPP.
%package libnm
Summary: Libraries for adding NetworkManager support to applications.
Group: Development/Libraries
Conflicts: NetworkManager-glib < %{epoch}:%{version}-%{release}
Conflicts: NetworkManager-glib < 1:1.31.0
License: LGPLv2+
%description libnm
@ -538,7 +530,7 @@ Summary: NetworkManager dispatcher file for advanced routing rules
Group: System Environment/Base
BuildArch: noarch
Provides: %{name}-config-routing-rules = %{epoch}:%{version}-%{release}
Obsoletes: %{name}-config-routing-rules < %{epoch}:%{version}-%{release}
Obsoletes: %{name}-config-routing-rules < 1:1.31.0
%description dispatcher-routing-rules
This adds a NetworkManager dispatcher file to support networking
@ -586,6 +578,8 @@ This tool is still experimental.
%if %{with test}
--werror \
%endif
-Dnft=/usr/sbin/nft \
-Diptables=/usr/sbin/iptables \
-Ddhcpcanon=no \
-Ddhcpcd=no \
-Dconfig_dhcp_default=%{dhcp_default} \
@ -714,6 +708,8 @@ intltoolize --automake --copy --force
--with-runstatedir=%{_rundir} \
--disable-silent-rules \
--disable-static \
--with-nft=/usr/sbin/nft \
--with-iptables=/usr/sbin/iptables \
--with-dhclient=yes \
--with-dhcpcd=no \
--with-dhcpcanon=no \
@ -1000,6 +996,7 @@ fi
%dir %{_sysconfdir}/%{name}/dnsmasq-shared.d
%dir %{_sysconfdir}/%{name}/system-connections
%config(noreplace) %{_sysconfdir}/%{name}/NetworkManager.conf
%ghost %{_sysconfdir}/%{name}/VPN
%{_bindir}/nm-online
%{_libexecdir}/nm-ifup
%ghost %attr(755, root, root) %{_sbindir}/ifup
@ -1009,6 +1006,7 @@ fi
%{_libexecdir}/nm-dispatcher
%{_libexecdir}/nm-iface-helper
%{_libexecdir}/nm-initrd-generator
%{_libexecdir}/nm-daemon-helper
%dir %{_libdir}/%{name}
%dir %{nmplugindir}
%{nmplugindir}/libnm-settings-plugin*.so
@ -1028,6 +1026,7 @@ fi
%{_mandir}/man7/nmcli-examples.7*
%{_mandir}/man8/nm-initrd-generator.8.gz
%{_mandir}/man8/NetworkManager.8.gz
%{_mandir}/man8/NetworkManager-dispatcher.8.gz
%dir %{_localstatedir}/lib/NetworkManager
%dir %{_sysconfdir}/sysconfig/network-scripts
%{_datadir}/dbus-1/system-services/org.freedesktop.nm_dispatcher.service
@ -1042,7 +1041,7 @@ fi
%{systemd_dir}/NetworkManager-dispatcher.service
%dir %{_datadir}/doc/NetworkManager/examples
%{_datadir}/doc/NetworkManager/examples/server.conf
%doc NEWS AUTHORS README CONTRIBUTING TODO
%doc NEWS AUTHORS README CONTRIBUTING.md TODO
%license COPYING
%license COPYING.LGPL
%license COPYING.GFDL
@ -1167,35 +1166,84 @@ fi
%changelog
* Thu Oct 14 2021 Ana Cabral <acabral@redhat.com> - 1:1.30.0-13
- Fixes nm-cloud-setup.service interference in network connectivity (rh#2013208)
* Tue Sep 28 2021 Thomas Haller <thaller@redhat.com> - 1:1.32.10-4
- revert unapproved patches part of "cloud-setup" change (rh #1977984)
* Thu Oct 7 2021 Fernando Fernandez Mancera <ferferna@redhat.com> - 1:1.30.0-12
- initrd: set an IPv4 required-timeout of 20 seconds, to prefer IPv4
over IPv6 for default connections (rh #1961666)
* Fri Sep 24 2021 Beniamino Galvani <bgalvani@redhat.com> - 1:1.32.10-3
- preserve the IPv6 multicast route added by kernel (rh #2004212)
- cloud-setup: better handle other route configuration (rh #1977984)
* Tue Oct 5 2021 Fernando Fernandez Mancera <ferferna@redhat.com> - 1:1.30.0-11
- platform: preserve IPv6 multicast route added by kernel (rh #2007264)
- cloud-setup: don't interfere with other subnets (rh #2007341)
* Thu Aug 19 2021 Wen Liang <wenliang@redhat.com> - 1:1.32.10-2
- platform: fix capturing IPv4 addresses from platform for assuming after restart (rh #1988751)
* Mon Jul 12 2021 Beniamino Galvani <bgalvani@redhat.com> - 1:1.30.0-10
- core: prefer IPv4 to determine the hostname (rh #1970335)
* Wed Aug 18 2021 Wen Liang <wenliang@redhat.com> - 1:1.32.10-1
- update to 1.32.10 release
- nm-initrd-generator: add kernel command line options ethtool autoneg and speed (rh #1940934)
- IP: fix the order of IP addresses during service restart (rh #1988751)
* Fri Jun 18 2021 Beniamino Galvani <bgalvani@redhat.com> - 1:1.30.0-9
- core: don't touch device traffic control (TC) configuration by default (rh #1928078)
* Tue Aug 10 2021 Fernando Fernandez Mancera <ferferna@redhat.com> - 1:1.32.8-1
- Upgrade to 1.32.8 release
- firewalld: configure zones on "Reloaded" signal (rh #1982403)
- ethtool: support configuring newer gigabit ethernet speeds (rh #1897004)
- core: fix wrong MTU for bridge interfaces (rh #1973536)
- cloud-setup: fix gateway address for Aliyun cloud (rh #1823315)
* Fri Jun 4 2021 Wen Liang <wenliang@redhat.com> - 1:1.30.0-8
- core: fix finding active connection for controller (rh #1965337)
- bond: support 'tlb_dynamic_lb' in 'balance-alb' mode (rh #1965948)
- manager: delete default connection when veth removed (rh #1965336)
* Thu Jul 29 2021 Gris Ge <fge@redhat.com> - 1:1.32.6-1
- Upgrade to 1.32.6 release
- core: fix adding stale local routes when address changes (rh #1979192)
- dhcp: handle filename/bootfile_name DHCP option and write it to device state
file for initrd/kickstart (rh #1979387)
- initrd: add "ib.pkey=" command line option (rh #1805708)
- core: introduce "keep-configuration" device option to forcefully activate a
profile on start (rh #1934122)
* Fri Mar 26 2021 Beniamino Galvani <bgalvani@redhat.com> - 1:1.30.0-7
- initrd: set multi-connect=single for connections with static IP (rh #1915493)
* Wed Jul 21 2021 Gris Ge <fge@redhat.com> - 1:1.32.4-1
- Upgrade to 1.32.4 with fixes of:
- nmcli: show DNS SEARCH field in device information. (rh #1852317)
- device: avoid crash setting VPN config during unrealize. (rh #1912423)
- core: send ARP announcements when there is carrier. (rh #1956793)
- core: add ipv[46].required-timeout option to wait for IP configuration while activating. (rh #1961666)
- core: start DHCPv6 when a prefix delegation is needed for shared mode. (rh #1973199)
- ifcfg: log warning about invalid keys in ifcfg files. (rh #1959656)
- cloud-setup: add support for Aliyun cloud. (rh #1823315)
* Thu Mar 25 2021 Thomas Haller <thaller@redhat.com> - 1:1.30.0-6
- core: fix handling local routes generated by kernel (rh #1907661)
- initrd: fix crash with rd.znet= argument (rh #1941106)
- core: fix crash handling path match (rh #1942741)
* Thu Jul 1 2021 Wen Liang <wenliang@redhat.com> - 1:1.32.2-1
- update to 1.32.2 release
- device: prefer IPv6 not-deprecated addresses for hostname lookup (rh #1820770)
- docs: describe qdiscs and tfilters in nm-settings manpage (rh #1847894)
- cloud-setup: preserve IPv4 addresses/routes/rules from profile (rh #1971527)
- daemon: performance improvements (rh #1847125)
- dhcp/systemd: ignore FORCERENEW requests for DHCPV4 (rh #1961251, CVE-2020-13529)
- Add bridge_role in 802-3-ethernet.s390-options using nmcli (rh #1935842)
* Fri Jun 18 2021 Wen Liang <wenliang@redhat.com> - 1:1.32.0-1
- update to 1.32.0 release
- veth: fix null error when deleting the device (rh #1915278)
- veth: fix crash when deleting the device profile (rh #1915276)
- firewall: add new "nftables" firewall-backend (rh #1548825)
- DNS: fix lookup of hostname via DNS (rh #1970335)
* Mon Jun 7 2021 Thomas Haller <thaller@redhat.com> - 1:1.32.0-0.5
- update to 1.32-rc1 (1.31.90) (release candidate)
- core: allow to preserved external TFilter and QDisc settings (rh #1928078)
- bond: support "tlb_dynamic_lb" in "balance-alb" mode (rh #1959934)
* Thu May 20 2021 Wen Liang <wenliang@redhat.com> - 1:1.32.0-0.4
- Update to 1.31.5 (development)
- core: configure MTU early before DHCP completes (rh #1890234)
- core: fix activation handling for ports (rh #1955101, rh #1959961)
- core: add support for ethtool pause parameters (rh #1899372)
- dhcp: support option 249 (Microsoft Classless Static Route) (rh #1959461)
* Wed May 5 2021 Beniamino Galvani <bgalvani@redhat.com> - 1:1.32.0-0.3
- Update to 1.31.4 (development)
- core: fix assertion failure in activation handling (rh #1933719)
* Thu Apr 22 2021 Beniamino Galvani <bgalvani@redhat.com> - 1:1.32.0-0.2
- Update to 1.31.3 (development)
* Thu Mar 25 2021 Beniamino Galvani <bgalvani@redhat.com> - 1:1.32.0-0.1
- Update to 1.31.2 (development)
* Tue Mar 23 2021 Beniamino Galvani <bgalvani@redhat.com> - 1:1.30.0-5
- bond: restore MAC on release only when there is a cloned MAC address (rh #1933292)