rpms/NetworkManager
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import UBI NetworkManager-1.44.0-3.el9

Browse Source
This commit is contained in:
eabdullin 2023-11-07 11:22:41 +00:00
parent 45ed130110
commit 13b46df6aa
12 changed files with 206 additions and 1234 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.NetworkManager.metadata
View File

@ -1 +1 @@
83eaa880bb7d4d8f178e426c30d17895e117fb79 SOURCES/NetworkManager-1.42.2.tar.xz
b3d857c8fdfae1dd36d6bd833cd84a85fcf71880 SOURCES/NetworkManager-1.44.0.tar.xz

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/NetworkManager-1.42.2.tar.xz
SOURCES/NetworkManager-1.44.0.tar.xz

138
SOURCES/1001-ipv6ll-don-t-regenerate-the-address-when-removed-rh2196441.patch
View File

@ -1,138 +0,0 @@
From 8848568653c686aec4b9edd2deaa630588533b49 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Thu, 11 May 2023 13:32:13 +0200
Subject: [PATCH] ipv6ll: don't regenerate the address when it's removed
externally
Currently if the IPv6 link-local address is removed after it passed
DAD, NetworkManager tries to generate a new link-local address. If
this fails, which is always the case for EUI64, ipv6ll is considered
as failed and the connection can go down (depending on may-fail).
This is particularly bad for virtual interfaces because if somebody
removes the link-local address, the activation can fail and destroy
the interface, breaking all services that require it. Also, it's a
change in behavior introduced in 1.36.0.
It seems that a better approach here is to re-add the address that was
removed externally.
[bgalvani@redhat.com: since the branch is missing commit 7ca95cee15b3
('platform: always reconfigure IP routes even if removed externally'),
we need to set flag NM_L3CFG_CONFIG_FLAGS_FORCE_ONCE when committing
the address, otherwise it's not re-added]
Fixes: aa070fb82190 ('core: add NML3IPv6LL helper')
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1622
(cherry picked from commit 53ba9f4701f30b12637df2c7215a0b7da845b34c)
(cherry picked from commit 2976e4c3b7fcee06051ce83c9a7fa911ad192dc4)
---
src/core/nm-l3-ipv6ll.c | 34 ++++++++++++++++++++++------------
1 file changed, 22 insertions(+), 12 deletions(-)
diff --git a/src/core/nm-l3-ipv6ll.c b/src/core/nm-l3-ipv6ll.c
index 2e2a6a0a5a..0133ebe6dd 100644
--- a/src/core/nm-l3-ipv6ll.c
+++ b/src/core/nm-l3-ipv6ll.c
@@ -391,7 +391,7 @@ _pladdr_find_ll(NML3IPv6LL *self, gboolean *out_cur_addr_failed)
/*****************************************************************************/
static void
-_lladdr_handle_changed(NML3IPv6LL *self)
+_lladdr_handle_changed(NML3IPv6LL *self, gboolean force_commit)
{
const NML3ConfigData *l3cd;
gboolean changed = FALSE;
@@ -420,7 +420,9 @@ _lladdr_handle_changed(NML3IPv6LL *self)
NM_DNS_PRIORITY_DEFAULT_NORMAL,
NM_L3_ACD_DEFEND_TYPE_ALWAYS,
0,
- NM_L3CFG_CONFIG_FLAGS_NONE,
+ /* Even if the address was removed from platform, it must
+ * be re-added, hence FORCE_ONCE. */
+ NM_L3CFG_CONFIG_FLAGS_FORCE_ONCE,
NM_L3_CONFIG_MERGE_FLAGS_NONE))
changed = TRUE;
} else {
@@ -434,7 +436,7 @@ _lladdr_handle_changed(NML3IPv6LL *self)
self->l3cfg_commit_handle,
"ipv6ll");
- if (changed)
+ if (changed || force_commit)
nm_l3cfg_commit_on_idle_schedule(self->l3cfg, NM_L3_CFG_COMMIT_TYPE_AUTO);
if (!self->emit_changed_idle_source) {
@@ -515,6 +517,7 @@ _check(NML3IPv6LL *self)
const NMPlatformIP6Address *pladdr;
char sbuf[INET6_ADDRSTRLEN];
gboolean cur_addr_failed;
+ gboolean restarted = FALSE;
struct in6_addr lladdr;
pladdr = _pladdr_find_ll(self, &cur_addr_failed);
@@ -526,14 +529,14 @@ _check(NML3IPv6LL *self)
if (_set_cur_lladdr_obj(self, NM_L3_IPV6LL_STATE_DAD_IN_PROGRESS, pladdr)) {
_LOGT("changed: waiting for address %s to complete DAD",
nm_inet6_ntop(&self->cur_lladdr, sbuf));
- _lladdr_handle_changed(self);
+ _lladdr_handle_changed(self, FALSE);
}
return;
}
if (_set_cur_lladdr_obj(self, NM_L3_IPV6LL_STATE_READY, pladdr)) {
_LOGT("changed: address %s is ready", nm_inet6_ntop(&self->cur_lladdr, sbuf));
- _lladdr_handle_changed(self);
+ _lladdr_handle_changed(self, FALSE);
}
return;
}
@@ -543,11 +546,17 @@ _check(NML3IPv6LL *self)
* Prematurely abort DAD to generate a new address below. */
nm_assert(
NM_IN_SET(self->state, NM_L3_IPV6LL_STATE_DAD_IN_PROGRESS, NM_L3_IPV6LL_STATE_READY));
- if (self->state == NM_L3_IPV6LL_STATE_DAD_IN_PROGRESS)
- _LOGT("changed: address %s did not complete DAD",
- nm_inet6_ntop(&self->cur_lladdr, sbuf));
- else {
+
+ if (cur_addr_failed) {
+ /* On DAD failure, we always try to regenerate a new address. */
+ _LOGT("changed: address %s failed", nm_inet6_ntop(&self->cur_lladdr, sbuf));
+ } else {
_LOGT("changed: address %s is gone", nm_inet6_ntop(&self->cur_lladdr, sbuf));
+ /* When the address is removed, we always try to re-add it. */
+ nm_clear_g_source_inst(&self->wait_for_addr_source);
+ lladdr = self->cur_lladdr;
+ restarted = TRUE;
+ goto commit;
}
/* reset the state here, so that we are sure that the following
@@ -569,18 +578,19 @@ _check(NML3IPv6LL *self)
if (_set_cur_lladdr_bin(self, NM_L3_IPV6LL_STATE_DAD_FAILED, NULL)) {
_LOGW("changed: no IPv6 link local address to retry after Duplicate Address Detection "
"failures (back off)");
- _lladdr_handle_changed(self);
+ _lladdr_handle_changed(self, FALSE);
}
return;
}
+commit:
/* we give NML3Cfg 2 seconds to configure the address on the interface. We
* thus very soon expect to see this address configured (and kernel started DAD).
* If that does not happen within timeout, we assume that this address failed DAD. */
self->wait_for_addr_source = nm_g_timeout_add_source(2000, _wait_for_addr_timeout_cb, self);
- if (_set_cur_lladdr_bin(self, NM_L3_IPV6LL_STATE_DAD_IN_PROGRESS, &lladdr)) {
+ if (_set_cur_lladdr_bin(self, NM_L3_IPV6LL_STATE_DAD_IN_PROGRESS, &lladdr) || restarted) {
_LOGT("changed: starting DAD for address %s", nm_inet6_ntop(&self->cur_lladdr, sbuf));
- _lladdr_handle_changed(self);
+ _lladdr_handle_changed(self, restarted);
}
return;
}
--
2.39.2

54
SOURCES/1001-nm-manager-ensure-device-is-exported-on-D-Bus-in-aut-rhbz2210271.patch Normal file
View File

@ -0,0 +1,54 @@
From 6302c2ea52c6c28d36b6006b29823c469e171e2a Mon Sep 17 00:00:00 2001
From: Wen Liang <liangwen12year@gmail.com>
Date: Thu, 3 Aug 2023 10:16:42 -0400
Subject: [PATCH] nm-manager: ensure device is exported on D-Bus in
authentication request
The device authentication request is an async process, it can not know
the answer right away, it is not guarantee that device is still
exported on D-Bus when authentication finishes. Thus, do not return
SUCCESS and abort the authentication request when device is not alive.
https://bugzilla.redhat.com/show_bug.cgi?id=2210271
(cherry picked from commit b341161e2a4988403ae4a6ef7653e01567da36a0)
(cherry picked from commit 0e27e84247ed824b27d105292d7bf42dc0341cbb)
---
src/core/nm-manager.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/src/core/nm-manager.c b/src/core/nm-manager.c
index 9c7212202b..937acbba1e 100644
--- a/src/core/nm-manager.c
+++ b/src/core/nm-manager.c
@@ -3222,6 +3222,13 @@ device_auth_done_cb(NMAuthChain *chain, GDBusMethodInvocation *context, gpointer
nm_assert(error || (result == NM_AUTH_CALL_RESULT_YES));
}
+ if (!error && !nm_dbus_object_is_exported(NM_DBUS_OBJECT(device))) {
+ g_set_error(&error,
+ NM_MANAGER_ERROR,
+ NM_MANAGER_ERROR_UNKNOWN_DEVICE,
+ "device no longer exists");
+ }
+
callback(device, context, subject, error, nm_auth_chain_get_data(chain, "user-data"));
}
@@ -3287,6 +3294,14 @@ nm_manager_device_auth_request(NMManager *self,
&error))
goto fail_on_idle;
+ if (!nm_dbus_object_is_exported(NM_DBUS_OBJECT(device))) {
+ g_set_error(&error,
+ NM_MANAGER_ERROR,
+ NM_MANAGER_ERROR_UNKNOWN_DEVICE,
+ "device no longer exists");
+ goto fail_on_idle;
+ }
+
chain = nm_auth_chain_new_subject(subject, context, device_auth_done_cb, self);
if (cancellable)
nm_auth_chain_set_cancellable(chain, cancellable);
--
2.41.0

270
SOURCES/1002-Revert-infiniband-avoid-normalizing-the-p-key-rh2209976.patch
View File

@ -1,270 +0,0 @@
From 0ad139d4f8c49ec1c0e511776fc62c415ec5910c Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Wed, 24 May 2023 09:44:59 +0200
Subject: [PATCH 1/2] Revert "infiniband: avoid normalizing the p-key when
reading from ifcfg"
Historically, initscripts' ifup-ib would set the highest bit of
PKEY_ID=. That changed and needs to be restored.
Note that it probably makes little sense to ever configure p-keys
without the highest bit set, because that flag indicates full membership
and kernel will automatically add it. At least, kernel will add the flag
for the p-key, but not for the automatically chosen interface name.
Meaning, writing 0x00f0 to create_child sysctl, results in an interface
"$parent.00f0", but `ip -d link` shows pkey 0x80f0.
As NetworkManager otherwise supports p-keys without the highest bit set,
and since that high bit is honored for the interface name, we cannot
just always add the high bit. NetworkManager always assuming the highest
bit is set, would change the interface names of existing configuration.
With this revert, when a user configures a small p-key and the profile
is stored in ifcfg-rh format, the settings backend will automatically
mangle the profile and set 0x8000. That is different from when the
profile is stored in keyfile format. Since using small p-keys is
probably an odd case, we don't try to workaround that any other way
(like that ifcfg format could represent the orignal value of the profile
and not doing such mangling, or to add the high bit throughout
NetworkManager to the p-key). It's an inconsistency, but given the
existing behaviors it seems best to stick (revert) to it.
This reverts commit a4fe16a426097eee263cb3ef831dcea468b1ca26.
Affected versions were 1.42.2+ and 1.40.2+.
See-also: https://src.fedoraproject.org/rpms/rdma/blob/05333c3602aa3c1d82a6363521bdd5a498eac6d0/f/rdma.ifup-ib#_75
https://bugzilla.redhat.com/show_bug.cgi?id=2209164
(cherry picked from commit f8e5e07355e23b6d59b1b1c9cd2387c6b40b214b)
(cherry picked from commit 76de1b7ec29729af901e7e246387af9fda56f6ac)
---
.../plugins/ifcfg-rh/nms-ifcfg-rh-reader.c | 18 ++++++
.../plugins/ifcfg-rh/tests/test-ifcfg-rh.c | 57 ++++++++++++++-----
2 files changed, 60 insertions(+), 15 deletions(-)
diff --git a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
index aa593331c5..c8150782ec 100644
--- a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
+++ b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
@@ -5406,6 +5406,24 @@ parse_infiniband_p_key(shvarFile *ifcfg, int *out_p_key, char **out_parent, GErr
return FALSE;
}
+ /* The highest bit 0x8000 indicates full membership, which kernel always
+ * automatically sets.
+ *
+ * NetworkManager supports p-keys without the high bit set. That affects
+ * the interface name (nmp_utils_new_infiniband_name()) and is what
+ * we write to "create_child"/"delete_child" sysctl. Kernel will honor
+ * such p-keys for the interface name, but for other purposes it adds the
+ * highest bit. That makes using p-keys without the highest bit odd.
+ *
+ * Historically, /etc/sysconfig/network-scripts/ifup-ib would always add "|=0x8000".
+ * The reader does that too.
+ *
+ * Note that this means ifcfg cannot handle p-keys without the highest bit set,
+ * and when trying to store that to ifcfg format, the profile will be mangled/modified
+ * by the ifcg plugin (unlike keyfile backend, which preserves the original p-key value).
+ */
+ id |= 0x8000;
+
*out_p_key = id;
*out_parent = g_steal_pointer(&physdev);
return TRUE;
diff --git a/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c b/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c
index 40ff7c670e..8714f19682 100644
--- a/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c
+++ b/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c
@@ -8409,21 +8409,21 @@ test_read_ipoib(void)
s_infiniband = nmtst_connection_assert_setting(connection, NM_TYPE_SETTING_INFINIBAND);
pkey = nm_setting_infiniband_get_p_key(s_infiniband);
- g_assert(pkey);
- g_assert_cmpint(pkey, ==, 12);
+ g_assert_cmpint(pkey, ==, 0x800c);
transport_mode = nm_setting_infiniband_get_transport_mode(s_infiniband);
- g_assert(transport_mode);
g_assert_cmpstr(transport_mode, ==, "connected");
}
static void
test_write_infiniband(gconstpointer test_data)
{
- const int TEST_IDX = GPOINTER_TO_INT(test_data);
- nmtst_auto_unlinkfile char *testfile = NULL;
- gs_unref_object NMConnection *connection = NULL;
- gs_unref_object NMConnection *reread = NULL;
+ const int TEST_IDX = GPOINTER_TO_INT(test_data);
+ nmtst_auto_unlinkfile char *testfile = NULL;
+ gs_unref_object NMConnection *connection = NULL;
+ gs_unref_object NMConnection *expected = NULL;
+ gs_unref_object NMConnection *reread = NULL;
+ gboolean reread_same = FALSE;
NMSettingConnection *s_con;
NMSettingInfiniband *s_infiniband;
NMSettingIPConfig *s_ip4;
@@ -8433,6 +8433,7 @@ test_write_infiniband(gconstpointer test_data)
NMIPAddress *addr;
GError *error = NULL;
const char *interface_name = NULL;
+ int p_key;
connection = nm_simple_connection_new();
@@ -8448,14 +8449,21 @@ test_write_infiniband(gconstpointer test_data)
NM_SETTING_INFINIBAND_SETTING_NAME,
NULL);
- if (NM_IN_SET(TEST_IDX, 1, 3))
- interface_name = "ib0.000c";
+ if (NM_IN_SET(TEST_IDX, 1, 2))
+ p_key = nmtst_get_rand_bool() ? 0x000c : 0x800c;
+ else
+ p_key = -1;
+
+ if (NM_IN_SET(TEST_IDX, 1, 3)) {
+ if (p_key >= 0x8000)
+ interface_name = "ib0.800c";
+ }
g_object_set(s_con, NM_SETTING_CONNECTION_INTERFACE_NAME, interface_name, NULL);
s_infiniband = _nm_connection_new_setting(connection, NM_TYPE_SETTING_INFINIBAND);
g_object_set(s_infiniband, NM_SETTING_INFINIBAND_TRANSPORT_MODE, "connected", NULL);
- if (NM_IN_SET(TEST_IDX, 1, 2)) {
+ if (p_key == -1) {
g_object_set(s_infiniband,
NM_SETTING_INFINIBAND_MAC_ADDRESS,
mac,
@@ -8465,7 +8473,7 @@ test_write_infiniband(gconstpointer test_data)
} else {
g_object_set(s_infiniband,
NM_SETTING_INFINIBAND_P_KEY,
- 12,
+ p_key,
NM_SETTING_INFINIBAND_PARENT,
"ib0",
NULL);
@@ -8494,13 +8502,32 @@ test_write_infiniband(gconstpointer test_data)
nmtst_assert_connection_verifies(connection);
- _writer_new_connection(connection, TEST_SCRATCH_DIR, &testfile);
-
- reread = _connection_from_file(testfile, NULL, TYPE_INFINIBAND, NULL);
+ if (p_key != -1 && p_key < 0x8000) {
+ expected = nm_simple_connection_new_clone(connection);
+ g_object_set(nm_connection_get_setting(expected, NM_TYPE_SETTING_INFINIBAND),
+ NM_SETTING_INFINIBAND_P_KEY,
+ (int) (p_key | 0x8000),
+ NULL);
+ } else
+ expected = g_object_ref(connection);
- nmtst_assert_connection_equals(connection, TRUE, reread, FALSE);
+ _writer_new_connection_reread(connection,
+ TEST_SCRATCH_DIR,
+ &testfile,
+ NO_EXPECTED,
+ &reread,
+ &reread_same);
+ _assert_reread_same(expected, reread);
+ if (p_key == -1 || p_key > 0x8000)
+ g_assert(reread_same);
+ else
+ g_assert(!reread_same);
g_assert_cmpstr(interface_name, ==, nm_connection_get_interface_name(reread));
+ g_assert_cmpint(nm_setting_infiniband_get_p_key(
+ _nm_connection_get_setting(reread, NM_TYPE_SETTING_INFINIBAND)),
+ ==,
+ p_key == -1 ? -1 : (p_key | 0x8000));
}
static void
--
2.38.1
From 13156501fb6f214eccf22fe6b7447dae9b052b8d Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Wed, 24 May 2023 10:44:58 +0200
Subject: [PATCH 2/2] libnm/docs: clarify behavior of infiniband.p-key property
(cherry picked from commit ea18e66ef657b55eca941dca3de4949b950e656b)
(cherry picked from commit 2945254e29c58839410127e695e0216763a3dd01)
---
src/libnm-core-impl/nm-setting-infiniband.c | 19 ++++++++++++++++---
src/libnmc-setting/settings-docs.h.in | 2 +-
.../gen-metadata-nm-settings-nmcli.xml.in | 2 +-
3 files changed, 18 insertions(+), 5 deletions(-)
diff --git a/src/libnm-core-impl/nm-setting-infiniband.c b/src/libnm-core-impl/nm-setting-infiniband.c
index 410f1f0687..7ba5720619 100644
--- a/src/libnm-core-impl/nm-setting-infiniband.c
+++ b/src/libnm-core-impl/nm-setting-infiniband.c
@@ -449,9 +449,20 @@ nm_setting_infiniband_class_init(NMSettingInfinibandClass *klass)
* NMSettingInfiniband:p-key:
*
* The InfiniBand P_Key to use for this device. A value of -1 means to use
- * the default P_Key (aka "the P_Key at index 0"). Otherwise, it is a 16-bit
- * unsigned integer, whose high bit is set if it is a "full membership"
- * P_Key.
+ * the default P_Key (aka "the P_Key at index 0"). Otherwise, it is a
+ * 16-bit unsigned integer, whose high bit 0x8000 is set if it is a "full
+ * membership" P_Key. The values 0 and 0x8000 are not allowed.
+ *
+ * With the p-key set, the interface name is always "$parent.$p_key".
+ * Setting "connection.interface-name" to another name is not supported.
+ *
+ * Note that kernel will internally always set the full membership bit,
+ * although the interface name does not reflect that. Thus, not setting
+ * the high bit is probably not useful.
+ *
+ * If the profile is stored in ifcfg-rh format, then the full membership
+ * bit is automatically added. To get consistent behavior, it is
+ * best to only use p-key values with the full membership bit set.
**/
/* ---ifcfg-rh---
* property: p-key
@@ -460,6 +471,8 @@ nm_setting_infiniband_class_init(NMSettingInfinibandClass *klass)
* description: InfiniBand P_Key. The value can be a hex number prefixed with "0x"
* or a decimal number.
* When PKEY_ID is specified, PHYSDEV and DEVICE also must be specified.
+ * Note that ifcfg-rh format will always automatically set the full membership
+ * bit 0x8000. Other p-key cannot be stored.
* example: PKEY=yes PKEY_ID=2 PHYSDEV=mlx4_ib0 DEVICE=mlx4_ib0.8002
* ---end---
*/
diff --git a/src/libnmc-setting/settings-docs.h.in b/src/libnmc-setting/settings-docs.h.in
index cd5b231bb9..00532df93c 100644
--- a/src/libnmc-setting/settings-docs.h.in
+++ b/src/libnmc-setting/settings-docs.h.in
@@ -153,7 +153,7 @@
#define DESCRIBE_DOC_NM_SETTING_GSM_USERNAME N_("The username used to authenticate with the network, if required. Many providers do not require a username, or accept any username. But if a username is required, it is specified here.")
#define DESCRIBE_DOC_NM_SETTING_INFINIBAND_MAC_ADDRESS N_("If specified, this connection will only apply to the IPoIB device whose permanent MAC address matches. This property does not change the MAC address of the device (i.e. MAC spoofing).")
#define DESCRIBE_DOC_NM_SETTING_INFINIBAND_MTU N_("If non-zero, only transmit packets of the specified size or smaller, breaking larger packets up into multiple frames.")
-#define DESCRIBE_DOC_NM_SETTING_INFINIBAND_P_KEY N_("The InfiniBand P_Key to use for this device. A value of -1 means to use the default P_Key (aka \"the P_Key at index 0\"). Otherwise, it is a 16-bit unsigned integer, whose high bit is set if it is a \"full membership\" P_Key.")
+#define DESCRIBE_DOC_NM_SETTING_INFINIBAND_P_KEY N_("The InfiniBand P_Key to use for this device. A value of -1 means to use the default P_Key (aka \"the P_Key at index 0\"). Otherwise, it is a 16-bit unsigned integer, whose high bit 0x8000 is set if it is a \"full membership\" P_Key. The values 0 and 0x8000 are not allowed. With the p-key set, the interface name is always \"$parent.$p_key\". Setting \"connection.interface-name\" to another name is not supported. Note that kernel will internally always set the full membership bit, although the interface name does not reflect that. Thus, not setting the high bit is probably not useful. If the profile is stored in ifcfg-rh format, then the full membership bit is automatically added. To get consistent behavior, it is best to only use p-key values with the full membership bit set.")
#define DESCRIBE_DOC_NM_SETTING_INFINIBAND_PARENT N_("The interface name of the parent device of this device. Normally NULL, but if the \"p_key\" property is set, then you must specify the base device by setting either this property or \"mac-address\".")
#define DESCRIBE_DOC_NM_SETTING_INFINIBAND_TRANSPORT_MODE N_("The IP-over-InfiniBand transport mode. Either \"datagram\" or \"connected\".")
#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_ADDRESSES N_("A list of IPv4 addresses and their prefix length. Multiple addresses can be separated by comma. For example \"192.168.1.5/24, 10.1.0.5/24\". The addresses are listed in decreasing priority, meaning the first address will be the primary address.")
diff --git a/src/nmcli/gen-metadata-nm-settings-nmcli.xml.in b/src/nmcli/gen-metadata-nm-settings-nmcli.xml.in
index dfea3c3440..3d2bb5186b 100644
--- a/src/nmcli/gen-metadata-nm-settings-nmcli.xml.in
+++ b/src/nmcli/gen-metadata-nm-settings-nmcli.xml.in
@@ -611,7 +611,7 @@
description="The IP-over-InfiniBand transport mode. Either &quot;datagram&quot; or &quot;connected&quot;." />
<property name="p-key"
alias="p-key"
- description="The InfiniBand P_Key to use for this device. A value of -1 means to use the default P_Key (aka &quot;the P_Key at index 0&quot;). Otherwise, it is a 16-bit unsigned integer, whose high bit is set if it is a &quot;full membership&quot; P_Key." />
+ description="The InfiniBand P_Key to use for this device. A value of -1 means to use the default P_Key (aka &quot;the P_Key at index 0&quot;). Otherwise, it is a 16-bit unsigned integer, whose high bit 0x8000 is set if it is a &quot;full membership&quot; P_Key. The values 0 and 0x8000 are not allowed. With the p-key set, the interface name is always &quot;$parent.$p_key&quot;. Setting &quot;connection.interface-name&quot; to another name is not supported. Note that kernel will internally always set the full membership bit, although the interface name does not reflect that. Thus, not setting the high bit is probably not useful. If the profile is stored in ifcfg-rh format, then the full membership bit is automatically added. To get consistent behavior, it is best to only use p-key values with the full membership bit set." />
<property name="parent"
alias="parent"
description="The interface name of the parent device of this device. Normally NULL, but if the &quot;p_key&quot; property is set, then you must specify the base device by setting either this property or &quot;mac-address&quot;." />
--
2.38.1

67
SOURCES/1002-checkpoint-Fix-segfault-crash-when-rollback-rhel-1526.patch Normal file
View File

@ -0,0 +1,67 @@
From d9b3114b6ef8e0f4d50a8d56d750a698d85fa984 Mon Sep 17 00:00:00 2001
From: Gris Ge <fge@redhat.com>
Date: Tue, 29 Aug 2023 08:25:23 +0800
Subject: [PATCH] checkpoint: Fix segfault crash when rollback
When rolling back a checkpoint, NM will crash due to dereference a NULL
pointer of `priv->removed_devices->len`.
To fix it, we just place a NULL check before that code block.
Fixes: 1f1b71ad9f8a ('checkpoint: preserve devices that were removed and
readded')
Reference: https://issues.redhat.com/browse/RHEL-1526
Signed-off-by: Gris Ge <fge@redhat.com>
(cherry picked from commit 3162507d6ca381cfbe02ceba2d80ba0f3ba3e5f7)
(cherry picked from commit e5600d4c5a33749939b984184f27fbe4159a2b65)
---
src/core/nm-checkpoint.c | 23 +++++++++++++----------
1 file changed, 13 insertions(+), 10 deletions(-)
diff --git a/src/core/nm-checkpoint.c b/src/core/nm-checkpoint.c
index 5c4d4e53d6..74adf48477 100644
--- a/src/core/nm-checkpoint.c
+++ b/src/core/nm-checkpoint.c
@@ -460,24 +460,27 @@ next_dev:
NMDeviceState state;
nm_manager_for_each_device (priv->manager, device, tmp_lst) {
- gboolean found = FALSE;
-
if (g_hash_table_contains(priv->devices, device))
continue;
/* Also ignore devices that were in the checkpoint initially and
* were moved to 'removed_devices' because they got removed from
* the system. */
- for (i = 0; i < priv->removed_devices->len; i++) {
- dev_checkpoint = priv->removed_devices->pdata[i];
- if (dev_checkpoint->dev_type == nm_device_get_device_type(device)
- && nm_streq0(dev_checkpoint->original_dev_name, nm_device_get_iface(device))) {
- found = TRUE;
- break;
+ if (priv->removed_devices) {
+ gboolean found = FALSE;
+
+ for (i = 0; i < priv->removed_devices->len; i++) {
+ dev_checkpoint = priv->removed_devices->pdata[i];
+ if (dev_checkpoint->dev_type == nm_device_get_device_type(device)
+ && nm_streq0(dev_checkpoint->original_dev_name,
+ nm_device_get_iface(device))) {
+ found = TRUE;
+ break;
+ }
}
+ if (found)
+ continue;
}
- if (found)
- continue;
state = nm_device_get_state(device);
if (state > NM_DEVICE_STATE_DISCONNECTED && state < NM_DEVICE_STATE_DEACTIVATING) {
--
2.41.0

45
SOURCES/1003-unblock-autoconnect-upon-reapply-rh2217903.patch
View File

@ -1,45 +0,0 @@
From 18ce5f43bd16b3cc394424619652c782cb3795c3 Mon Sep 17 00:00:00 2001
From: Gris Ge <fge@redhat.com>
Date: Tue, 27 Jun 2023 15:02:54 +0800
Subject: [PATCH] setting-connection: Unblock autoconnect upon finish of
`Reapply`
The activation of a connection will clear the block of autoconnect,
we should do the same for reapply.
Signed-off-by: Gris Ge <fge@redhat.com>
(cherry picked from commit 0486efd3584c70179072f611e63b9c0ff6851b80)
---
src/core/devices/nm-device.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/src/core/devices/nm-device.c b/src/core/devices/nm-device.c
index c168fa045d..62a9ff1e84 100644
--- a/src/core/devices/nm-device.c
+++ b/src/core/devices/nm-device.c
@@ -12902,6 +12902,7 @@ check_and_reapply_connection(NMDevice *self,
NMConnection *con_old;
NMConnection *con_new;
GHashTableIter iter;
+ NMSettingsConnection *sett_conn;
if (priv->state < NM_DEVICE_STATE_PREPARE || priv->state > NM_DEVICE_STATE_ACTIVATED) {
g_set_error_literal(error,
@@ -13074,6 +13075,14 @@ check_and_reapply_connection(NMDevice *self,
if (priv->state >= NM_DEVICE_STATE_ACTIVATED)
nm_device_update_metered(self);
+ sett_conn = nm_device_get_settings_connection(self);
+ if (sett_conn) {
+ nm_settings_connection_autoconnect_blocked_reason_set(
+ sett_conn,
+ NM_SETTINGS_AUTO_CONNECT_BLOCKED_REASON_USER_REQUEST,
+ FALSE);
+ }
+
/* Notify dispatcher when re-applied */
_LOGD(LOGD_DEVICE, "Notifying re-apply complete");
nm_dispatcher_call_device(NM_DISPATCHER_ACTION_REAPPLY, self, NULL, NULL, NULL, NULL);
--
2.39.3

88
SOURCES/1004-core-fix-l3cd-comparison-rhbz2219847.patch
View File

@ -1,88 +0,0 @@
From d6f13aefda85ea06985e7fe2f776abd8ee0406cf Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Fri, 24 Mar 2023 17:42:45 +0100
Subject: [PATCH] core: fix l3cd comparison
NM_CMP_SELF(a, b) returns immediately if the objects are the same.
Fixes: cb29244552af ('core: support compare flags in nm_l3_config_data_cmp_full()')
Fixes-test: @dracut_NM_iSCSI_ibft_table
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1583
(cherry picked from commit 0a02995175e06e62924705393121a1c5efc3822d)
(cherry picked from commit 5d95c20787077a91d684259d67f2e0ff3a1d7a1a)
---
src/core/nm-l3-config-data.c | 54 +++++++++++++++++++-----------------
1 file changed, 28 insertions(+), 26 deletions(-)
diff --git a/src/core/nm-l3-config-data.c b/src/core/nm-l3-config-data.c
index 17bb9db87d..d5dedb9c8a 100644
--- a/src/core/nm-l3-config-data.c
+++ b/src/core/nm-l3-config-data.c
@@ -2297,35 +2297,37 @@ nm_l3_config_data_cmp_full(const NML3ConfigData *a,
const NMPObject *def_route_a = a->best_default_route_x[IS_IPv4];
const NMPObject *def_route_b = b->best_default_route_x[IS_IPv4];
- NM_CMP_SELF(def_route_a, def_route_b);
-
- if (NM_FLAGS_HAS(flags, NM_L3_CONFIG_CMP_FLAGS_ROUTES)) {
- NM_CMP_RETURN(nmp_object_cmp_full(def_route_a,
- def_route_b,
- NM_FLAGS_HAS(flags, NM_L3_CONFIG_CMP_FLAGS_IFINDEX)
- ? NMP_OBJECT_CMP_FLAGS_NONE
- : NMP_OBJECT_CMP_FLAGS_IGNORE_IFINDEX));
- } else if (NM_FLAGS_HAS(flags, NM_L3_CONFIG_CMP_FLAGS_ROUTES_ID)) {
- if (NM_FLAGS_HAS(flags, NM_L3_CONFIG_CMP_FLAGS_IFINDEX)) {
- NM_CMP_DIRECT(def_route_a->obj_with_ifindex.ifindex,
- def_route_b->obj_with_ifindex.ifindex);
- }
+ if (def_route_a != def_route_b) {
+ if (NM_FLAGS_HAS(flags, NM_L3_CONFIG_CMP_FLAGS_ROUTES)) {
+ NM_CMP_RETURN(
+ nmp_object_cmp_full(def_route_a,
+ def_route_b,
+ NM_FLAGS_HAS(flags, NM_L3_CONFIG_CMP_FLAGS_IFINDEX)
+ ? NMP_OBJECT_CMP_FLAGS_NONE
+ : NMP_OBJECT_CMP_FLAGS_IGNORE_IFINDEX));
+ } else if (NM_FLAGS_HAS(flags, NM_L3_CONFIG_CMP_FLAGS_ROUTES_ID)) {
+ if (NM_FLAGS_HAS(flags, NM_L3_CONFIG_CMP_FLAGS_IFINDEX)) {
+ NM_CMP_DIRECT(def_route_a->obj_with_ifindex.ifindex,
+ def_route_b->obj_with_ifindex.ifindex);
+ }
- if (IS_IPv4) {
- NMPlatformIP4Route ra = def_route_a->ip4_route;
- NMPlatformIP4Route rb = def_route_b->ip4_route;
+ if (IS_IPv4) {
+ NMPlatformIP4Route ra = def_route_a->ip4_route;
+ NMPlatformIP4Route rb = def_route_b->ip4_route;
- NM_CMP_DIRECT(ra.metric, rb.metric);
- NM_CMP_DIRECT(ra.plen, rb.plen);
- NM_CMP_RETURN_DIRECT(nm_ip4_addr_same_prefix_cmp(ra.network, rb.network, ra.plen));
- } else {
- NMPlatformIP6Route ra = def_route_a->ip6_route;
- NMPlatformIP6Route rb = def_route_b->ip6_route;
+ NM_CMP_DIRECT(ra.metric, rb.metric);
+ NM_CMP_DIRECT(ra.plen, rb.plen);
+ NM_CMP_RETURN_DIRECT(
+ nm_ip4_addr_same_prefix_cmp(ra.network, rb.network, ra.plen));
+ } else {
+ NMPlatformIP6Route ra = def_route_a->ip6_route;
+ NMPlatformIP6Route rb = def_route_b->ip6_route;
- NM_CMP_DIRECT(ra.metric, rb.metric);
- NM_CMP_DIRECT(ra.plen, rb.plen);
- NM_CMP_RETURN_DIRECT(
- nm_ip6_addr_same_prefix_cmp(&ra.network, &rb.network, ra.plen));
+ NM_CMP_DIRECT(ra.metric, rb.metric);
+ NM_CMP_DIRECT(ra.plen, rb.plen);
+ NM_CMP_RETURN_DIRECT(
+ nm_ip6_addr_same_prefix_cmp(&ra.network, &rb.network, ra.plen));
+ }
}
}
--
2.38.1

530
SOURCES/1005-firewall-create-dynamic-sets-rhbz2220952.patch
View File

@ -1,530 +0,0 @@
From c00002b12d34c12d418f5753e03df43ecb6ef67d Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Wed, 10 May 2023 08:37:06 +0200
Subject: [PATCH 1/5] glib-aux: add
NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_DOUBLE_QUOTE flag to escape double quotes
This is useful when printing a string for debugging. Then we can
printf("v=\"%s\"", utf8safe_escaped_text), which can be safely unescaped
with `echo -e`.
(cherry picked from commit c26a94e95551021d86cae6fc0e6aafb97b1363f6)
(cherry picked from commit 18848c77c7a44b179ad0c582ac60cee7602d1786)
---
src/libnm-glib-aux/nm-shared-utils.c | 21 +++++++++++++--------
src/libnm-glib-aux/nm-shared-utils.h | 8 ++++++--
2 files changed, 19 insertions(+), 10 deletions(-)
diff --git a/src/libnm-glib-aux/nm-shared-utils.c b/src/libnm-glib-aux/nm-shared-utils.c
index 702a63e9f6..49f2c93e35 100644
--- a/src/libnm-glib-aux/nm-shared-utils.c
+++ b/src/libnm-glib-aux/nm-shared-utils.c
@@ -2755,13 +2755,16 @@ nm_utils_buf_utf8safe_escape(gconstpointer buf,
if (g_utf8_validate(str, buflen, &p) && nul_terminated) {
/* note that g_utf8_validate() does not allow NUL character inside @str. Good.
* We can treat @str like a NUL terminated string. */
- if (!NM_STRCHAR_ANY(str,
- ch,
- (ch == '\\'
- || (NM_FLAGS_HAS(flags, NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_CTRL)
- && nm_ascii_is_ctrl_or_del(ch))
- || (NM_FLAGS_HAS(flags, NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_NON_ASCII)
- && nm_ascii_is_non_ascii(ch)))))
+ if (!NM_STRCHAR_ANY(
+ str,
+ ch,
+ (ch == '\\'
+ || (NM_FLAGS_HAS(flags, NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_CTRL)
+ && nm_ascii_is_ctrl_or_del(ch))
+ || (NM_FLAGS_HAS(flags, NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_NON_ASCII)
+ && nm_ascii_is_non_ascii(ch))
+ || (NM_FLAGS_HAS(flags, NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_DOUBLE_QUOTE)
+ && ch == '"'))))
return str;
}
@@ -2781,7 +2784,9 @@ nm_utils_buf_utf8safe_escape(gconstpointer buf,
else if ((NM_FLAGS_HAS(flags, NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_CTRL)
&& nm_ascii_is_ctrl_or_del(ch))
|| (NM_FLAGS_HAS(flags, NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_NON_ASCII)
- && nm_ascii_is_non_ascii(ch)))
+ && nm_ascii_is_non_ascii(ch))
+ || (NM_FLAGS_HAS(flags, NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_DOUBLE_QUOTE)
+ && ch == '"'))
_str_buf_append_c_escape_octal(&strbuf, ch);
else
nm_str_buf_append_c(&strbuf, ch);
diff --git a/src/libnm-glib-aux/nm-shared-utils.h b/src/libnm-glib-aux/nm-shared-utils.h
index 083ed137ee..ad24e7c427 100644
--- a/src/libnm-glib-aux/nm-shared-utils.h
+++ b/src/libnm-glib-aux/nm-shared-utils.h
@@ -1243,12 +1243,16 @@ typedef enum {
* It will backslash escape ascii characters according to nm_ascii_is_non_ascii(). */
NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_NON_ASCII = 0x0002,
+ /* Escape '"' as ASCII "\\042". This is useful when escaping a string so that
+ * it can be unescaped with `echo -e $PASTE_TEXT`. */
+ NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_DOUBLE_QUOTE = 0x0004,
+
/* This flag only has an effect during escaping to ensure we
* don't leak secrets in memory. Note that during unescape we
* know the maximum result size from the beginning, and no
* reallocation happens. Thus, unescape always avoids leaking
* secrets already. */
- NM_UTILS_STR_UTF8_SAFE_FLAG_SECRET = 0x0004,
+ NM_UTILS_STR_UTF8_SAFE_FLAG_SECRET = 0x0008,
/* This flag only has an effect during unescaping. It means
* that non-escaped whitespaces (g_ascii_isspace()) will be
@@ -1256,7 +1260,7 @@ typedef enum {
* this flag is only useful for gracefully accepting user input
* with spaces. With this flag, escape and unescape may no longer
* yield the original input. */
- NM_UTILS_STR_UTF8_SAFE_UNESCAPE_STRIP_SPACES = 0x0008,
+ NM_UTILS_STR_UTF8_SAFE_UNESCAPE_STRIP_SPACES = 0x0010,
} NMUtilsStrUtf8SafeFlags;
const char *nm_utils_buf_utf8safe_escape(gconstpointer buf,
--
2.41.0
From 668d8caff3b0a8ea45a63ef9676f05d87428825d Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Wed, 10 May 2023 08:41:00 +0200
Subject: [PATCH 2/5] glib-aux: add nmtst_assert_cmpmem() helper
g_assert_cmpmem() exists, but it does not print the actual buffer
content on test failure. It is useful to see what actually failed in
the test output.
Also, nmtst_assert_cmpmem() prints a backslash escaped output, that you
can unescape in the terminal with `echo -e`. You can also directly copy
and paste the output to C source code.
(cherry picked from commit 3c3938406dd825f6a0d9e6e55319f0f68a6e2f83)
(cherry picked from commit 4ec00efca9154029f377f8498ef4bd3bd9b4cfa9)
---
src/libnm-glib-aux/nm-test-utils.h | 48 ++++++++++++++++++++++++++++++
1 file changed, 48 insertions(+)
diff --git a/src/libnm-glib-aux/nm-test-utils.h b/src/libnm-glib-aux/nm-test-utils.h
index b65818e00a..a55977d1ce 100644
--- a/src/libnm-glib-aux/nm-test-utils.h
+++ b/src/libnm-glib-aux/nm-test-utils.h
@@ -203,6 +203,54 @@
} \
G_STMT_END
+#define nmtst_assert_cmpmem(m1, l1, m2, l2) \
+ G_STMT_START \
+ { \
+ const guint8 *const _m1 = (gpointer) (m1); \
+ const guint8 *const _m2 = (gpointer) (m2); \
+ const gsize _l1 = (l1); \
+ const gsize _l2 = (l2); \
+ \
+ /* This is like g_assert_cmpmem(), however on failure it actually
+ * prints the compared buffer contents, which is useful for debugging
+ * the test failure. */ \
+ \
+ g_assert(_l1 == 0 || _m1); \
+ g_assert(_l2 == 0 || _m2); \
+ \
+ if (_l1 != _l2 || (_l1 > 0 && memcmp(_m1, _m2, _l1) != 0)) { \
+ gs_free char *_s1 = NULL; \
+ gs_free char *_s2 = NULL; \
+ \
+ g_error( \
+ "ERROR: %s:%d : buffer [\"%s\" (%s, %zu bytes)] differs from [\"%s\" (%s, %zu " \
+ "bytes)]:\n" \
+ " a=[ \"%s\" ]\n" \
+ " b=[ \"%s\" ]\n", \
+ __FILE__, \
+ (int) __LINE__, \
+ #m1, \
+ #l1, \
+ _l1, \
+ #m2, \
+ #l2, \
+ _l2, \
+ (_s1 = nm_utils_buf_utf8safe_escape_cp( \
+ _m1, \
+ _l1, \
+ NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_CTRL \
+ | NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_DOUBLE_QUOTE)) \
+ ?: "", \
+ (_s2 = nm_utils_buf_utf8safe_escape_cp( \
+ _m2, \
+ _l2, \
+ NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_CTRL \
+ | NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_DOUBLE_QUOTE)) \
+ ?: ""); \
+ } \
+ } \
+ G_STMT_END
+
/*****************************************************************************/
/* Our nm-error error numbers use negative values to signal failure.
--
2.41.0
From 90b9aa2be6ec9ee3527edf146d6fce74cb2d9926 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Wed, 10 May 2023 07:44:52 +0200
Subject: [PATCH 3/5] bond: don't configure "counter" on nft rules for
slb-bonding/mlag
Counters are convenient for debugging, but have a performance overhead.
Configure them only when debug logging in NetworkManager is enabled.
(cherry picked from commit 2c716f04f9b75ed8df70314920a705b48c36c8eb)
(cherry picked from commit 7bb285abb70d76dff33517252b71d0b8f96adc41)
---
src/core/nm-bond-manager.c | 8 ++++++-
src/core/nm-firewall-utils.c | 43 +++++++++++++++++++++---------------
src/core/nm-firewall-utils.h | 3 ++-
3 files changed, 34 insertions(+), 20 deletions(-)
diff --git a/src/core/nm-bond-manager.c b/src/core/nm-bond-manager.c
index 2d15b0b5a0..9985fccf11 100644
--- a/src/core/nm-bond-manager.c
+++ b/src/core/nm-bond-manager.c
@@ -438,6 +438,7 @@ _nft_call(NMBondManager *self,
{
gs_unref_bytes GBytes *stdin_buf = NULL;
gs_free const char *const *previous_members_strv = NULL;
+ gboolean with_counters;
if (up) {
gs_unref_ptrarray GPtrArray *arr = NULL;
@@ -480,11 +481,16 @@ _nft_call(NMBondManager *self,
}
}
+ /* counters in the nft rules are convenient for debugging, but have a performance overhead.
+ * Enable counters based on whether NM logging is enabled. */
+ with_counters = _NMLOG_ENABLED(LOGL_TRACE);
+
stdin_buf = nm_firewall_nft_stdio_mlag(up,
bond_ifname,
bond_ifnames_down,
active_members,
- previous_members_strv);
+ previous_members_strv,
+ with_counters);
nm_clear_g_cancellable(&self->cancellable);
self->cancellable = g_cancellable_new();
diff --git a/src/core/nm-firewall-utils.c b/src/core/nm-firewall-utils.c
index f231583a21..b8ae4397bf 100644
--- a/src/core/nm-firewall-utils.c
+++ b/src/core/nm-firewall-utils.c
@@ -763,13 +763,15 @@ nm_firewall_nft_stdio_mlag(gboolean up,
const char *bond_ifname,
const char *const *bond_ifnames_down,
const char *const *active_members,
- const char *const *previous_members)
+ const char *const *previous_members,
+ gboolean with_counters)
{
nm_auto_str_buf NMStrBuf strbuf_table_name =
NM_STR_BUF_INIT_A(NM_UTILS_GET_NEXT_REALLOC_SIZE_32, FALSE);
nm_auto_str_buf NMStrBuf strbuf = NM_STR_BUF_INIT(NM_UTILS_GET_NEXT_REALLOC_SIZE_1000, FALSE);
const char *table_name;
gsize i;
+ const char *const s_counter = with_counters ? " counter" : "";
if (NM_MORE_ASSERTS > 10 && active_members) {
/* No duplicates. We make certain assumptions here, and we don't
@@ -876,9 +878,10 @@ nm_firewall_nft_stdio_mlag(gboolean up,
_append(&strbuf,
"add rule netdev %s %s pkttype {"
" broadcast, multicast "
- "} counter drop",
+ "}%s drop",
table_name,
- chain_name);
+ chain_name,
+ s_counter);
}
/* OVS SLB rule 2
@@ -905,15 +908,17 @@ nm_firewall_nft_stdio_mlag(gboolean up,
table_name,
bond_ifname);
_append(&strbuf,
- "add rule netdev %s tx-snoop-source-mac set update ether saddr . vlan id"
- " timeout 5s @macset-tagged counter return"
+ "add rule netdev %s tx-snoop-source-mac set update ether saddr . vlan id "
+ "timeout 5s @macset-tagged%s return"
"", /* tagged */
- table_name);
+ table_name,
+ s_counter);
_append(&strbuf,
- "add rule netdev %s tx-snoop-source-mac set update ether saddr"
- " timeout 5s @macset-untagged counter"
+ "add rule netdev %s tx-snoop-source-mac set update ether saddr timeout 5s "
+ "@macset-untagged%s"
"", /* untagged*/
- table_name);
+ table_name,
+ s_counter);
_append(&strbuf,
"add chain netdev %s rx-drop-looped-packets {"
@@ -921,18 +926,20 @@ nm_firewall_nft_stdio_mlag(gboolean up,
"}",
table_name,
bond_ifname);
+ _append(
+ &strbuf,
+ "add rule netdev %s rx-drop-looped-packets ether saddr . vlan id @macset-tagged%s drop",
+ table_name,
+ s_counter);
_append(&strbuf,
- "add rule netdev %s rx-drop-looped-packets ether saddr . vlan id"
- " @macset-tagged counter drop",
- table_name);
- _append(&strbuf,
- "add rule netdev %s rx-drop-looped-packets ether type vlan counter return"
+ "add rule netdev %s rx-drop-looped-packets ether type vlan%s return"
"", /* avoid looking up tagged packets in untagged table */
- table_name);
+ table_name,
+ s_counter);
_append(&strbuf,
- "add rule netdev %s rx-drop-looped-packets ether saddr @macset-untagged"
- " counter drop",
- table_name);
+ "add rule netdev %s rx-drop-looped-packets ether saddr @macset-untagged%s drop",
+ table_name,
+ s_counter);
}
out:
diff --git a/src/core/nm-firewall-utils.h b/src/core/nm-firewall-utils.h
index ca138ccf78..9f13a5127e 100644
--- a/src/core/nm-firewall-utils.h
+++ b/src/core/nm-firewall-utils.h
@@ -39,6 +39,7 @@ GBytes *nm_firewall_nft_stdio_mlag(gboolean up,
const char *bond_ifname,
const char *const *bond_ifnames_down,
const char *const *active_members,
- const char *const *previous_members);
+ const char *const *previous_members,
+ gboolean with_counters);
#endif /* __NM_FIREWALL_UTILS_H__ */
--
2.41.0
From 863171b69d72053d0b6bfafe510af62098c218d8 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Wed, 10 May 2023 08:42:49 +0200
Subject: [PATCH 4/5] core/tests: add test for nm_firewall_nft_stdio_mlag()
If only to hit some of the code paths in our test, and to have valgrind
check (some of) the code paths.
(cherry picked from commit a20d4a7a912a7e7a535318bc7294ebd8b6bb6655)
(cherry picked from commit 8e7d94b10c50a4ce963ddf441752522183b35ab3)
---
src/core/tests/test-core.c | 122 +++++++++++++++++++++++++++++++++++++
1 file changed, 122 insertions(+)
diff --git a/src/core/tests/test-core.c b/src/core/tests/test-core.c
index 887803bffe..d90e44f04f 100644
--- a/src/core/tests/test-core.c
+++ b/src/core/tests/test-core.c
@@ -18,6 +18,7 @@
#include "dns/nm-dns-manager.h"
#include "nm-connectivity.h"
+#include "nm-firewall-utils.h"
#include "nm-test-utils-core.h"
@@ -2580,6 +2581,125 @@ test_connectivity_state_cmp(void)
/*****************************************************************************/
+static void
+test_nm_firewall_nft_stdio_mlag(void)
+{
+#define _T(up, \
+ bond_ifname, \
+ bond_ifnames_down, \
+ active_members, \
+ previous_members, \
+ with_counters, \
+ expected) \
+ G_STMT_START \
+ { \
+ gs_unref_bytes GBytes *_b = NULL; \
+ \
+ _b = nm_firewall_nft_stdio_mlag((up), \
+ (bond_ifname), \
+ (bond_ifnames_down), \
+ (active_members), \
+ (previous_members), \
+ (with_counters)); \
+ \
+ g_assert(_b); \
+ nmtst_assert_cmpmem(expected, \
+ NM_STRLEN(expected), \
+ g_bytes_get_data(_b, NULL), \
+ g_bytes_get_size(_b)); \
+ } \
+ G_STMT_END
+
+ _T(TRUE,
+ "bond0",
+ NM_MAKE_STRV("eth0"),
+ NM_MAKE_STRV("eth1"),
+ NM_MAKE_STRV("eth2"),
+ TRUE,
+ "add table netdev nm-mlag-eth0\012delete table netdev nm-mlag-eth0\012add table netdev "
+ "nm-mlag-bond0\012flush table netdev nm-mlag-bond0\012add chain netdev nm-mlag-bond0 "
+ "rx-drop-bc-mc-eth2 { type filter hook ingress device eth2 priority filter; }\012delete "
+ "chain netdev nm-mlag-bond0 rx-drop-bc-mc-eth2\012add chain netdev nm-mlag-bond0 "
+ "rx-drop-bc-mc-eth1 { type filter hook ingress device eth1 priority filter; }\012delete "
+ "chain netdev nm-mlag-bond0 rx-drop-bc-mc-eth1\012add set netdev nm-mlag-bond0 "
+ "macset-tagged { typeof ether saddr . vlan id; flags dynamic,timeout; }\012add set netdev "
+ "nm-mlag-bond0 macset-untagged { typeof ether saddr; flags dynamic,timeout; }\012add chain "
+ "netdev nm-mlag-bond0 tx-snoop-source-mac { type filter hook egress device bond0 priority "
+ "filter; }\012add rule netdev nm-mlag-bond0 tx-snoop-source-mac set update ether saddr . "
+ "vlan id timeout 5s @macset-tagged counter return\012add rule netdev nm-mlag-bond0 "
+ "tx-snoop-source-mac set update ether saddr timeout 5s @macset-untagged counter\012add "
+ "chain netdev nm-mlag-bond0 rx-drop-looped-packets { type filter hook ingress device bond0 "
+ "priority filter; }\012add rule netdev nm-mlag-bond0 rx-drop-looped-packets ether saddr . "
+ "vlan id @macset-tagged counter drop\012add rule netdev nm-mlag-bond0 "
+ "rx-drop-looped-packets ether type vlan counter return\012add rule netdev nm-mlag-bond0 "
+ "rx-drop-looped-packets ether saddr @macset-untagged counter drop\012");
+
+ _T(TRUE,
+ "bond0",
+ NM_MAKE_STRV("eth0"),
+ NM_MAKE_STRV("eth1"),
+ NM_MAKE_STRV("eth2"),
+ FALSE,
+ "add table netdev nm-mlag-eth0\012delete table netdev nm-mlag-eth0\012add table netdev "
+ "nm-mlag-bond0\012flush table netdev nm-mlag-bond0\012add chain netdev nm-mlag-bond0 "
+ "rx-drop-bc-mc-eth2 { type filter hook ingress device eth2 priority filter; }\012delete "
+ "chain netdev nm-mlag-bond0 rx-drop-bc-mc-eth2\012add chain netdev nm-mlag-bond0 "
+ "rx-drop-bc-mc-eth1 { type filter hook ingress device eth1 priority filter; }\012delete "
+ "chain netdev nm-mlag-bond0 rx-drop-bc-mc-eth1\012add set netdev nm-mlag-bond0 "
+ "macset-tagged { typeof ether saddr . vlan id; flags dynamic,timeout; }\012add set netdev "
+ "nm-mlag-bond0 macset-untagged { typeof ether saddr; flags dynamic,timeout; }\012add chain "
+ "netdev nm-mlag-bond0 tx-snoop-source-mac { type filter hook egress device bond0 priority "
+ "filter; }\012add rule netdev nm-mlag-bond0 tx-snoop-source-mac set update ether saddr . "
+ "vlan id timeout 5s @macset-tagged return\012add rule netdev nm-mlag-bond0 "
+ "tx-snoop-source-mac set update ether saddr timeout 5s @macset-untagged\012add chain netdev "
+ "nm-mlag-bond0 rx-drop-looped-packets { type filter hook ingress device bond0 priority "
+ "filter; }\012add rule netdev nm-mlag-bond0 rx-drop-looped-packets ether saddr . vlan id "
+ "@macset-tagged drop\012add rule netdev nm-mlag-bond0 rx-drop-looped-packets ether type "
+ "vlan return\012add rule netdev nm-mlag-bond0 rx-drop-looped-packets ether saddr "
+ "@macset-untagged drop\012");
+
+ _T(TRUE,
+ "bond0",
+ NM_MAKE_STRV("eth0", "eth1"),
+ NM_MAKE_STRV("eth2", "eth3"),
+ NM_MAKE_STRV("eth4", "eth5"),
+ FALSE,
+ "add table netdev nm-mlag-eth0\012delete table netdev nm-mlag-eth0\012add table netdev "
+ "nm-mlag-eth1\012delete table netdev nm-mlag-eth1\012add table netdev "
+ "nm-mlag-bond0\012flush table netdev nm-mlag-bond0\012add chain netdev nm-mlag-bond0 "
+ "rx-drop-bc-mc-eth4 { type filter hook ingress device eth4 priority filter; }\012delete "
+ "chain netdev nm-mlag-bond0 rx-drop-bc-mc-eth4\012add chain netdev nm-mlag-bond0 "
+ "rx-drop-bc-mc-eth5 { type filter hook ingress device eth5 priority filter; }\012delete "
+ "chain netdev nm-mlag-bond0 rx-drop-bc-mc-eth5\012add chain netdev nm-mlag-bond0 "
+ "rx-drop-bc-mc-eth2 { type filter hook ingress device eth2 priority filter; }\012delete "
+ "chain netdev nm-mlag-bond0 rx-drop-bc-mc-eth2\012add chain netdev nm-mlag-bond0 "
+ "rx-drop-bc-mc-eth3 { type filter hook ingress device eth3 priority filter; }\012add rule "
+ "netdev nm-mlag-bond0 rx-drop-bc-mc-eth3 pkttype { broadcast, multicast } drop\012add set "
+ "netdev nm-mlag-bond0 macset-tagged { typeof ether saddr . vlan id; flags dynamic,timeout; "
+ "}\012add set netdev nm-mlag-bond0 macset-untagged { typeof ether saddr; flags "
+ "dynamic,timeout; }\012add chain netdev nm-mlag-bond0 tx-snoop-source-mac { type filter "
+ "hook egress device bond0 priority filter; }\012add rule netdev nm-mlag-bond0 "
+ "tx-snoop-source-mac set update ether saddr . vlan id timeout 5s @macset-tagged "
+ "return\012add rule netdev nm-mlag-bond0 tx-snoop-source-mac set update ether saddr timeout "
+ "5s @macset-untagged\012add chain netdev nm-mlag-bond0 rx-drop-looped-packets { type filter "
+ "hook ingress device bond0 priority filter; }\012add rule netdev nm-mlag-bond0 "
+ "rx-drop-looped-packets ether saddr . vlan id @macset-tagged drop\012add rule netdev "
+ "nm-mlag-bond0 rx-drop-looped-packets ether type vlan return\012add rule netdev "
+ "nm-mlag-bond0 rx-drop-looped-packets ether saddr @macset-untagged drop\012");
+
+ _T(FALSE,
+ "bond0",
+ NM_MAKE_STRV("eth0", "eth1"),
+ NM_MAKE_STRV("eth2", "eth3"),
+ NM_MAKE_STRV("eth4", "eth5"),
+ FALSE,
+ "add table netdev nm-mlag-eth0\012delete table netdev nm-mlag-eth0\012add table netdev "
+ "nm-mlag-eth1\012delete table netdev nm-mlag-eth1\012add table netdev "
+ "nm-mlag-bond0\012delete table netdev nm-mlag-bond0\012");
+}
+
+/*****************************************************************************/
+
NMTST_DEFINE();
int
@@ -2654,5 +2774,7 @@ main(int argc, char **argv)
g_test_add_func("/core/general/test_kernel_cmdline_match_check",
test_kernel_cmdline_match_check);
+ g_test_add_func("/core/test_nm_firewall_nft_stdio_mlag", test_nm_firewall_nft_stdio_mlag);
+
return g_test_run();
}
--
2.41.0
From e981987cd4315c0d37f980b28c02c35340d81a2f Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Tue, 2 May 2023 08:54:21 +0200
Subject: [PATCH 5/5] firewall: create "dynamic" sets for nft rules for
slb-bonding
A workaround for a nftables issue ([1]). I don't know why that matters.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2177667
Fixes: e9268e392418 ('firewall: add mlag firewall utils for multi chassis link aggregation (MLAG) for bonding-slb')
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1614
(cherry picked from commit d3b54963622f242db1ebeda21dedd9558b484355)
(cherry picked from commit 0d9d753523bc30bfd42519e1716a2d7e447f011e)
---
src/core/nm-firewall-utils.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/core/nm-firewall-utils.c b/src/core/nm-firewall-utils.c
index b8ae4397bf..ac12d3e432 100644
--- a/src/core/nm-firewall-utils.c
+++ b/src/core/nm-firewall-utils.c
@@ -892,12 +892,12 @@ nm_firewall_nft_stdio_mlag(gboolean up,
*/
_append(&strbuf,
"add set netdev %s macset-tagged {"
- " typeof ether saddr . vlan id; flags timeout; "
+ " typeof ether saddr . vlan id; flags dynamic,timeout; "
"}",
table_name);
_append(&strbuf,
"add set netdev %s macset-untagged {"
- " typeof ether saddr; flags timeout;"
+ " typeof ether saddr; flags dynamic,timeout; "
"}",
table_name);
--
2.41.0

42
SOURCES/1006-assume-change-IPv6-method-from-ignore-rhbz2229671.patch
View File

@ -1,42 +0,0 @@
From 72fc1ef4c365cfda7fc0a86afd3ce124d57e8d5c Mon Sep 17 00:00:00 2001
From: Wen Liang <liangwen12year@gmail.com>
Date: Mon, 17 Jul 2023 14:09:04 -0400
Subject: [PATCH] assume: change IPv6 method from "ignore" and "disabled" into
"auto"
IPv6 method "disabled" and "ignore" are not supported for loopback
device, when generating the assume connection, the generated connection
will fail verification. Therefore, change the IPv6 method into "auto",
as a result, for loopback external connection, NM will not toggle the
`disable_ipv6` sysctl setting when `systemd-sysctl` sets it into 1.
https://bugzilla.redhat.com/show_bug.cgi?id=2207878
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1694
(cherry picked from commit e8a2306afbcd3e328f62004af92cd21b2477f0ac)
(cherry picked from commit 832e8df0c17f44be2c62485c19a0b20f6d3efa07)
---
src/core/NetworkManagerUtils.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/core/NetworkManagerUtils.c b/src/core/NetworkManagerUtils.c
index 6f4c60f876..84ee6c3a0d 100644
--- a/src/core/NetworkManagerUtils.c
+++ b/src/core/NetworkManagerUtils.c
@@ -1748,6 +1748,13 @@ nm_utils_platform_capture_ip_setting(NMPlatform *platform,
method = maybe_ipv6_disabled ? NM_SETTING_IP6_CONFIG_METHOD_DISABLED
: NM_SETTING_IP6_CONFIG_METHOD_IGNORE;
}
+
+ /* The IPv6 method "ignore" and "disabled" are not supported for loopback */
+ if (ifindex == 1
+ && NM_IN_STRSET(method,
+ NM_SETTING_IP6_CONFIG_METHOD_DISABLED,
+ NM_SETTING_IP6_CONFIG_METHOD_IGNORE))
+ method = NM_SETTING_IP6_CONFIG_METHOD_AUTO;
g_object_set(s_ip, NM_SETTING_IP_CONFIG_METHOD, method, NULL);
nmp_lookup_init_object_by_ifindex(&lookup, NMP_OBJECT_TYPE_IP_ROUTE(IS_IPv4), ifindex);
--
2.41.0

89
SOURCES/1007-settings-preserve-existing-connection-flags-on-updat-rhbz2229671.patch
View File

@ -1,89 +0,0 @@
From 895ed1ef14c49a94fb665e519bad409adf53c80f Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Mon, 27 Feb 2023 09:10:34 +0100
Subject: [PATCH] settings: preserve existing connection flags on update
We are passing to the plugin only 'sett_flags', which is the bitmask
of flags to change and works together with 'sett_mask'; however,
plugins interpret that value as the new flags value. The result is
that if there is no change needed (0/0), the existing flags are lost.
Simple reproducer:
ip link add dummy1 type dummy
ip link set dummy1 up
ip addr add dev dummy1 fd01::12/64
sleep 1
# now, a external connection is created by NM
echo "BEFORE:"
cat /run/NetworkManager/system-connections/dummy1.nmconnection | grep "nm-generated\|volatile\|external"
# just add a new address to the interface to make it lose
# the external flag
ip addr add dev dummy1 172.25.42.1/24
sleep 1
echo "AFTER:"
cat /run/NetworkManager/system-connections/dummy1.nmconnection | grep "nm-generated\|volatile\|external"
Output:
BEFORE:
nm-generated=true
volatile=true
external=true
AFTER:
Fixes: d35d3c468a30 ('settings: rework tracking settings connections and settings plugins')
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1548
(cherry picked from commit 86b922695f18566132980bd23516038b6ca4c0f4)
(cherry picked from commit 4353f842303d0d905c92e8e497e22f8440261381)
---
src/core/settings/nm-settings.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/core/settings/nm-settings.c b/src/core/settings/nm-settings.c
index 63476c3c94..9995b490d2 100644
--- a/src/core/settings/nm-settings.c
+++ b/src/core/settings/nm-settings.c
@@ -2009,6 +2009,7 @@ nm_settings_update_connection(NMSettings *self,
const char *uuid;
gboolean tombstone_in_memory = FALSE;
gboolean tombstone_on_disk = FALSE;
+ NMSettingsConnectionIntFlags new_flags;
g_return_val_if_fail(NM_IS_SETTINGS(self), FALSE);
g_return_val_if_fail(NM_IS_SETTINGS_CONNECTION(sett_conn), FALSE);
@@ -2228,13 +2229,16 @@ nm_settings_update_connection(NMSettings *self,
}
}
+ new_flags = nm_settings_connection_get_flags(sett_conn);
+ new_flags = NM_FLAGS_ASSIGN_MASK(new_flags, sett_mask, sett_flags);
+
if (!update_storage) {
success = _add_connection_to_first_plugin(self,
plugin_name,
sett_conn_entry,
connection,
new_in_memory,
- sett_flags,
+ new_flags,
new_shadowed_storage_filename,
new_shadowed_owned,
&new_storage,
@@ -2245,7 +2249,7 @@ nm_settings_update_connection(NMSettings *self,
success = _update_connection_to_plugin(self,
update_storage,
connection,
- sett_flags,
+ new_flags,
update_reason,
new_shadowed_storage_filename,
new_shadowed_owned,
--
2.41.0

113
SPECS/NetworkManager.spec
View File

@ -1,12 +1,12 @@
%global wpa_supplicant_version 1:1.1
%global ppp_version %(sed -n 's/^#define\\s*VERSION\\s*"\\([^\\s]*\\)"$/\\1/p' %{_includedir}/pppd/patchlevel.h 2>/dev/null | grep . || echo bad)
%global ppp_version %(pkg-config --modversion pppd 2>/dev/null || sed -n 's/^#define\\s*VERSION\\s*"\\([^\\s]*\\)"$/\\1/p' %{_includedir}/pppd/patchlevel.h 2>/dev/null | grep . || echo bad)
%global glib2_version %(pkg-config --modversion glib-2.0 2>/dev/null || echo bad)
%global epoch_version 1
%global real_version 1.42.2
%global real_version 1.44.0
%global rpm_version %{real_version}
%global release_version 8
%global release_version 3
%global snapshot %{nil}
%global git_sha %{nil}
%global bcond_default_debug 0
@ -202,14 +202,8 @@ Source7: readme-ifcfg-rh.txt
# Patch0001: 0001-some.patch
# Bugfixes that are only relevant until next rebase of the package.
# Patch1001: 1001-some.patch
Patch1001: 1001-ipv6ll-don-t-regenerate-the-address-when-removed-rh2196441.patch
Patch1002: 1002-Revert-infiniband-avoid-normalizing-the-p-key-rh2209976.patch
Patch1003: 1003-unblock-autoconnect-upon-reapply-rh2217903.patch
Patch1004: 1004-core-fix-l3cd-comparison-rhbz2219847.patch
Patch1005: 1005-firewall-create-dynamic-sets-rhbz2220952.patch
Patch1006: 1006-assume-change-IPv6-method-from-ignore-rhbz2229671.patch
Patch1007: 1007-settings-preserve-existing-connection-flags-on-updat-rhbz2229671.patch
Patch1001: 1001-nm-manager-ensure-device-is-exported-on-D-Bus-in-aut-rhbz2210271.patch
Patch1002: 1002-checkpoint-Fix-segfault-crash-when-rollback-rhel-1526.patch
Requires(post): systemd
%if 0%{?fedora} || 0%{?rhel} >= 8
@ -598,8 +592,8 @@ Requires: %{name}-libnm%{?_isa} = %{epoch}:%{version}-%{release}
%description cloud-setup
Installs a nm-cloud-setup tool that can automatically configure
NetworkManager in cloud setups. Currently only EC2 is supported.
This tool is still experimental.
NetworkManager in cloud environment. Only certain cloud providers
like Aliyun, Azure, EC2, GCP are supported.
%endif
@ -732,9 +726,9 @@ Preferably use nmcli instead.
-Difcfg_rh=true \
-Difupdown=false \
%if %{with ppp}
-Dpppd_plugin_dir="%{_libdir}/pppd/%{ppp_version}" \
-Dpppd="%{_sbindir}/pppd" \
-Dppp=true \
-Dpppd="%{_sbindir}/pppd" \
-Dpppd_plugin_dir="%{_libdir}/pppd/%{ppp_version}" \
%else
-Dppp=false \
%endif
@ -1246,6 +1240,7 @@ fi
%{_unitdir}/nm-cloud-setup.timer
%{nmlibdir}/dispatcher.d/90-nm-cloud-setup.sh
%{nmlibdir}/dispatcher.d/no-wait.d/90-nm-cloud-setup.sh
%{nmlibdir}/dispatcher.d/pre-up.d/90-nm-cloud-setup.sh
%{_mandir}/man8/nm-cloud-setup.8*
%endif
@ -1258,26 +1253,84 @@ fi
%changelog
* Wed Aug 16 2023 Fernando Fernandez Mancera <ferferna@redhat.com> - 1:1.42.2-8
- settings: preserve existing connection flags on update (rh #2229671)
* Wed Aug 30 2023 Fernando Fernandez Mancera <ferferna@redhat.com> - 1:1.44.0-3
- checkpoint: Fix segfault crash when rollback (rhel-1526)
* Mon Aug 14 2023 Fernando Fernandez Mancera <ferferna@redhat.com> - 1:1.42.2-7
- assume: change IPv6 method from "ignore" and "disabled" into "auto" (rh #2229671)
* Wed Aug 23 2023 Fernando Fernandez Mancera <ferferna@redhat.com> - 1:1.44.0-2
- manager: ensure device is exported on D-Bus in authentication request (rh #2210271)
* Wed Jul 12 2023 Fernando Fernandez Mancera <ferferna@redhat.com> - 1:1.42.2-6
- firewall: create "dynamic" sets for nft rules for slb-bonding (rh #2220952)
* Thu Aug 10 2023 Fernando Fernandez Mancera <ferferna@redhat.com> - 1:1.44.0-1
- update to 1.44.0 release
- nmcli: add nmcli version mismatch warning (rh #2173196)
- checkpoint: preserve devices that were removed and readded (rh #2177590)
* Wed Jul 5 2023 Wen Liang <wenliang@redhat.com> - 1:1.42.2-5
- make sure that the IP and DNS configuration gets applied when it changes (rh #2219847)
* Wed Jul 26 2023 Wen Liang <wenliang@redhat.com> - 1:1.43.90-1
- update to 1.43.90 release (release candidate)
- manager: allow controller activation if device is deactivating (rh #2125615)
- assume: change IPv6 method from "ignore" and "disabled" into "auto" for loopback device (rh #2207878)
- device: delete software device when lose carrier and is controller (rh #2224479)
- core: better handle ignore-carrier=no for bond/bridge/team devices (rh #2180363)
* Thu Jun 29 2023 Gris Ge <fge@redhat.com> - 1:1.42.2-4
- unblock autoconnect upon reapply finish (rh #2217903)
* Wed Jul 12 2023 Beniamino Galvani <bgalvani@redhat.com> - 1:1.43.11-1
- update to 1.43.11 release (development)
- fix assertion about missing ifindex when resetting MAC (rh #2215022)
- fix wrong order of entries in resolv.conf after reconnect (rh #2218448)
- do not fail activation when SR-IOV VF parameters can't be applied (rh #2210164)
- warn that the ifcfg-rh plugin is deprecated (rh #2190375)
* Mon May 29 2023 Wen Liang <wenliang@redhat.com> - 1:1.42.2-3
- revert "infiniband: avoid normalizing the p-key when reading from ifcfg" (rh #2209976)
* Wed Jun 14 2023 Thomas Haller <thaller@redhat.com> - 1:1.43.10-1
- Update to 1.43.10 release (development)
- fix reading infiniband p-key from ifcfg files (rh #2209974)
- improve autoconnect when selecting controller (rh #2121451)
- fix managing devices after network reconnect (rh #2149012)
- better handle ignore-carrier for bond/bridge/team (rh #2180363)
- cloud-setup: block wait-online while configuration is ongoing (rh #2151040)
- cloud-setup: avoid leaving half configured system (rh #2207812)
- cloud-setup: log warning when no provider detected (rh #2214880)
- cloud-setup: fix RPM description (rh #2214491)
* Tue May 23 2023 Beniamino Galvani <bgalvani@redhat.com> - 1:1.42.2-2
- don't fail when the IPv6 link-local address is removed (rh #2196441)
* Wed May 31 2023 Thomas Haller <thaller@redhat.com> - 1:1.43.9-1
- Update to 1.43.9 release (development)
- improve autoconnect logic for port/controller configurations (rh #2121451)
- fix handling external devices during network off/on (rh #2149012)
* Tue May 16 2023 Beniamino Galvani <bgalvani@redhat.com> - 1:1.43.8-1
- Update to 1.43.8 release (development)
- ipv6ll: don't regenerate the address when it's removed externally (rh #2196441)
* Wed May 3 2023 Thomas Haller <thaller@redhat.com> - 1:1.43.7-1
- Update to 1.43.7 release (development)
- bond: support port priorities (rh #2152304)
- ovs: fix autoconnect race (rh #2152864)
* Wed Apr 19 2023 Beniamino Galvani <bgalvani@redhat.com> - 1:1.43.6-1
- Update to 1.43.6 release (development)
- fix assertion failure when renewing DHCP lease (rh #2179890)
- emit the dhcp-change dispatcher script event on lease renewal (rh #2179537)
- ensure the NetworkManager is restarted when dbus is restarted (rh #2161915)
- add support for the "no-aaaa" resolv.conf option (rh #2176137) -
* Wed Apr 05 2023 Lubomir Rintel <lkundrak@v3.sk> - 1:1.43.5-1
- Update to 1.43.5 release (development)
- cloud-init/ec2: use right HTTP method for IMDSv2 (rh #2179718)
- core: request a bus name only when dbus objects are present (rh #2175919)
- core: fix autoconnect retry count tracking (rh #2174353)
- core: fix retry on netlink socket buffer exhaustion (rh #2169512)
- ovs: fix a race condition on port detachment (rh #2054933)
* Wed Mar 22 2023 Thomas Haller <thaller@redhat.com> - 1:1.43.4-1
- Update to 1.43.4 release (development)
- core: fix handling of IPv4 prefsrc routes with ACD (rh #2046293)
- core: don't configure static routes without addresses (rh #2102212)
- core: fix race activating VLAN devices (rh #2155991)
* Thu Mar 09 2023 Lubomir Rintel <lkundrak@v3.sk> - 1:1.43.3-1
- Update to an early 1.44 snapshot
- cloud-setup: add IDMSv2 support (rh #2151986)
- core: add [link] setting (rh #2158328)
- dhcp: expose client ID, DUID and IAID that have been used (rh #2169869)
- ovs: ensure device has a proper MAC address once we start dhcp (rh #2168477)
- team: fix assumption of team port management (rh #2092215)
* Thu Feb 23 2023 Beniamino Galvani <bgalvani@redhat.com> - 1:1.42.2-1
- Update to 1.42.2 release
@ -1289,7 +1342,7 @@ fi
* Fri Feb 10 2023 Thomas Haller <thaller@redhat.com> - 1:1.42.0-1
- Update to 1.42.0 release
* Thu Jan 26 2023 Lubomir Rintel <lkundrak@v3.sk> - - 1:1.41.91-1
* Thu Jan 26 2023 Lubomir Rintel <lkundrak@v3.sk> - 1:1.41.91-1
- Update to 1.41.91 release (release candidate)
- core: retry if a rtnetlink socket runs out of buffer space (rh #2154350)
- dns: allow changing resolv.conf options alone via global-dns (rh #2019306)