import NetworkManager-1.36.0-4.el8

This commit is contained in:
CentOS Sources 2022-05-10 03:08:53 -04:00 committed by Stepan Oksanichenko
parent 52f9c59ce2
commit 1b23d305e8
12 changed files with 602 additions and 1949 deletions

View File

@ -1 +1 @@
d2b4c08e920b5c96c128041948e3092eedcbba80 SOURCES/NetworkManager-1.32.10.tar.xz
adbe8e9eef649ac73c4fbaefd71a1335d4d016cd SOURCES/NetworkManager-1.36.0.tar.xz

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/NetworkManager-1.32.10.tar.xz
SOURCES/NetworkManager-1.36.0.tar.xz

View File

@ -1,48 +0,0 @@
From af06ca8b1190240146f746f8aeca6fd11bfbe6ad Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Thu, 19 Aug 2021 13:35:27 +0200
Subject: [PATCH] platform: fix capturing addresses from platform for assuming
after restart
Commit c631aa48f034 ('platform: capture NMIP[46]Config from platform
with correct (reversed) order of IP addresses') changed this for IPv6
and IPv4, but it's not correct for IPv4.
For IPv6, later `ip addr add` calls adds a new primary address, which
is also listed in `ip addr show` first. Hence, as NMIP6Config tracks
addresses in increasing priority, while NMPlatform tracks them as
exposed by kernel, the order when appending addresses form platform
to NMIP6Config must be reversed.
That is not the case for IPv4. For IPv4, later `ip addr add` calls
add a secondary IP address. Also, in `ip addr show` output they are
appended. Consequently, IPv4 addresses are tracked by NMPlatform with
decreasing priority (in the reverse order than for IPv6).
Fix constructing the NMIP4Config by fixing the address order. This is
important, because during restart devices get assumed and our code would
configure the order of addresses as it finds them.
Fixes: c631aa48f034 ('platform: capture NMIP[46]Config from platform with correct (reversed) order of IP addresses')
(cherry picked from commit c380893dc6757e30b429f968bc90bc1edda68998)
(cherry picked from commit 605373b38ab463826bd7eb80408fb2cfae07ee91)
---
src/core/nm-ip4-config.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/nm-ip4-config.c b/src/core/nm-ip4-config.c
index 90531d0291..52a8faa791 100644
--- a/src/core/nm-ip4-config.c
+++ b/src/core/nm-ip4-config.c
@@ -543,7 +543,7 @@ nm_ip4_config_capture(NMDedupMultiIndex *multi_idx, NMPlatform *platform, int if
head_entry = nm_platform_lookup_object(platform, NMP_OBJECT_TYPE_IP4_ADDRESS, ifindex);
if (head_entry) {
- nmp_cache_iter_for_each_reverse (&iter, head_entry, &plobj) {
+ nmp_cache_iter_for_each (&iter, head_entry, &plobj) {
if (!_nm_ip_config_add_obj(priv->multi_idx,
&priv->idx_ip4_addresses_,
ifindex,
--
2.26.3

View File

@ -1,59 +0,0 @@
From d0ba892917461659b5b1e429fb217218ff204379 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Thu, 19 Aug 2021 13:53:29 +0200
Subject: [PATCH] nmcli/docs: fix address order in ipv46.addresses
documentation for `man nm-settings-nmcli`
For IPv4, the order is not like for IPv6. Of course not.
Fixes: 7aa4ad0fa22c ('nmcli/docs: better describe ipv[46].addresses in `man nm-settings-nmcli`')
(cherry picked from commit 2f3c2647d2263bf565fd21d14a3db56f6a063b91)
(cherry picked from commit dd8bc31fdb37acc2780f94defeb54e80bb1acf53)
---
src/libnm-core-impl/nm-setting-ip4-config.c | 2 +-
src/libnmc-setting/settings-docs.h.in | 2 +-
src/nmcli/generate-docs-nm-settings-nmcli.xml.in | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/libnm-core-impl/nm-setting-ip4-config.c b/src/libnm-core-impl/nm-setting-ip4-config.c
index b3a18bcae7..a24ebcfb5c 100644
--- a/src/libnm-core-impl/nm-setting-ip4-config.c
+++ b/src/libnm-core-impl/nm-setting-ip4-config.c
@@ -967,7 +967,7 @@ nm_setting_ip4_config_class_init(NMSettingIP4ConfigClass *klass)
* format: a comma separated list of addresses
* description: A list of IPv4 addresses and their prefix length. Multiple addresses
* can be separated by comma. For example "192.168.1.5/24, 10.1.0.5/24".
- * The addresses are listed in increasing priority, meaning the last address will
+ * The addresses are listed in decreasing priority, meaning the first address will
* be the primary address.
* ---end---
*/
diff --git a/src/libnmc-setting/settings-docs.h.in b/src/libnmc-setting/settings-docs.h.in
index 12625d4459..85c5aca1e4 100644
--- a/src/libnmc-setting/settings-docs.h.in
+++ b/src/libnmc-setting/settings-docs.h.in
@@ -226,7 +226,7 @@
#define DESCRIBE_DOC_NM_SETTING_IP_TUNNEL_REMOTE N_("The remote endpoint of the tunnel; the value must contain an IPv4 or IPv6 address.")
#define DESCRIBE_DOC_NM_SETTING_IP_TUNNEL_TOS N_("The type of service (IPv4) or traffic class (IPv6) field to be set on tunneled packets.")
#define DESCRIBE_DOC_NM_SETTING_IP_TUNNEL_TTL N_("The TTL to assign to tunneled packets. 0 is a special value meaning that packets inherit the TTL value.")
-#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_ADDRESSES N_("A list of IPv4 addresses and their prefix length. Multiple addresses can be separated by comma. For example \"192.168.1.5/24, 10.1.0.5/24\". The addresses are listed in increasing priority, meaning the last address will be the primary address.")
+#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_ADDRESSES N_("A list of IPv4 addresses and their prefix length. Multiple addresses can be separated by comma. For example \"192.168.1.5/24, 10.1.0.5/24\". The addresses are listed in decreasing priority, meaning the first address will be the primary address.")
#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DAD_TIMEOUT N_("Timeout in milliseconds used to check for the presence of duplicate IP addresses on the network. If an address conflict is detected, the activation will fail. A zero value means that no duplicate address detection is performed, -1 means the default value (either configuration ipvx.dad-timeout override or zero). A value greater than zero is a timeout in milliseconds. The property is currently implemented only for IPv4.")
#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DHCP_CLIENT_ID N_("A string sent to the DHCP server to identify the local machine which the DHCP server may use to customize the DHCP lease and options. When the property is a hex string ('aa:bb:cc') it is interpreted as a binary client ID, in which case the first byte is assumed to be the 'type' field as per RFC 2132 section 9.14 and the remaining bytes may be an hardware address (e.g. '01:xx:xx:xx:xx:xx:xx' where 1 is the Ethernet ARP type and the rest is a MAC address). If the property is not a hex string it is considered as a non-hardware-address client ID and the 'type' field is set to 0. The special values \"mac\" and \"perm-mac\" are supported, which use the current or permanent MAC address of the device to generate a client identifier with type ethernet (01). Currently, these options only work for ethernet type of links. The special value \"ipv6-duid\" uses the DUID from \"ipv6.dhcp-duid\" property as an RFC4361-compliant client identifier. As IAID it uses \"ipv4.dhcp-iaid\" and falls back to \"ipv6.dhcp-iaid\" if unset. The special value \"duid\" generates a RFC4361-compliant client identifier based on \"ipv4.dhcp-iaid\" and uses a DUID generated by hashing /etc/machine-id. The special value \"stable\" is supported to generate a type 0 client identifier based on the stable-id (see connection.stable-id) and a per-host key. If you set the stable-id, you may want to include the \"${DEVICE}\" or \"${MAC}\" specifier to get a per-device key. If unset, a globally configured default is used. If still unset, the default depends on the DHCP plugin.")
#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DHCP_FQDN N_("If the \"dhcp-send-hostname\" property is TRUE, then the specified FQDN will be sent to the DHCP server when acquiring a lease. This property and \"dhcp-hostname\" are mutually exclusive and cannot be set at the same time.")
diff --git a/src/nmcli/generate-docs-nm-settings-nmcli.xml.in b/src/nmcli/generate-docs-nm-settings-nmcli.xml.in
index 88803094d6..ca5225ba28 100644
--- a/src/nmcli/generate-docs-nm-settings-nmcli.xml.in
+++ b/src/nmcli/generate-docs-nm-settings-nmcli.xml.in
@@ -650,7 +650,7 @@
description="DNS servers priority. The relative priority for DNS servers specified by this setting. A lower numerical value is better (higher priority). Negative values have the special effect of excluding other configurations with a greater numerical priority value; so in presence of at least one negative priority, only DNS servers from connections with the lowest priority value will be used. To avoid all DNS leaks, set the priority of the profile that should be used to the most negative value of all active connections profiles. Zero selects a globally configured default value. If the latter is missing or zero too, it defaults to 50 for VPNs (including WireGuard) and 100 for other connections. Note that the priority is to order DNS settings for multiple active connections. It does not disambiguate multiple DNS servers within the same connection profile. When multiple devices have configurations with the same priority, VPNs will be considered first, then devices with the best (lowest metric) default route and then all other devices. When using dns=default, servers with higher priority will be on top of resolv.conf. To prioritize a given server over another one within the same connection, just specify them in the desired order. Note that commonly the resolver tries name servers in /etc/resolv.conf in the order listed, proceeding with the next server in the list on failure. See for example the &quot;rotate&quot; option of the dns-options setting. If there are any negative DNS priorities, then only name servers from the devices with that lowest priority will be considered. When using a DNS resolver that supports Conditional Forwarding or Split DNS (with dns=dnsmasq or dns=systemd-resolved settings), each connection is used to query domains in its search list. The search domains determine which name servers to ask, and the DNS priority is used to prioritize name servers based on the domain. Queries for domains not present in any search list are routed through connections having the &apos;~.&apos; special wildcard domain, which is added automatically to connections with the default route (or can be added manually). When multiple connections specify the same domain, the one with the best priority (lowest numerical value) wins. If a sub domain is configured on another interface it will be accepted regardless the priority, unless parent domain on the other interface has a negative priority, which causes the sub domain to be shadowed. With Split DNS one can avoid undesired DNS leaks by properly configuring DNS priorities and the search domains, so that only name servers of the desired interface are configured." />
<property name="addresses"
alias="ip4"
- description="A list of IPv4 addresses and their prefix length. Multiple addresses can be separated by comma. For example &quot;192.168.1.5/24, 10.1.0.5/24&quot;. The addresses are listed in increasing priority, meaning the last address will be the primary address." />
+ description="A list of IPv4 addresses and their prefix length. Multiple addresses can be separated by comma. For example &quot;192.168.1.5/24, 10.1.0.5/24&quot;. The addresses are listed in decreasing priority, meaning the first address will be the primary address." />
<property name="gateway"
alias="gw4"
description="The gateway associated with this configuration. This is only meaningful if &quot;addresses&quot; is also set. The gateway&apos;s main purpose is to control the next hop of the standard default route on the device. Hence, the gateway property conflicts with &quot;never-default&quot; and will be automatically dropped if the IP configuration is set to never-default. As an alternative to set the gateway, configure a static default route with /0 as prefix length." />
--
2.26.3

View File

@ -0,0 +1,62 @@
From 7ba52fdcfeeb1e5400bcecb9fa93b3099dcccb47 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Fri, 25 Feb 2022 10:06:48 +0100
Subject: [PATCH] core: initialize l3cd dns-priority for ppp and wwan
For devices that configure IP by themselves (by returning
"->ready_for_ip_config() = TRUE" and implementing
->act_stage3_ip_config()), we skip manual configuration. Currently,
manual configuration is the only one that sets flag HAS_DNS_PRIORITY
into the resulting l3cd.
So, the merged l3cd for such devices misses a dns-priority and is
ignored by the DNS manager.
Explicitly initialize the priority to 0; in this way, the default
value for the device will be set in the final l3cd during the merge.
Fixes: 58287cbcc0c8 ('core: rework IP configuration in NetworkManager using layer 3 configuration')
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/931
(cherry picked from commit b2e559fab2fa5adbf4e159fc1c2cadd3d965b01b)
(cherry picked from commit bfd3216584e9fe1eb0b6f3f81e3eb75a40877775)
---
src/core/devices/wwan/nm-modem-broadband.c | 2 ++
src/core/ppp/nm-ppp-manager.c | 1 +
2 files changed, 3 insertions(+)
diff --git a/src/core/devices/wwan/nm-modem-broadband.c b/src/core/devices/wwan/nm-modem-broadband.c
index f5336d3750..b585652e5d 100644
--- a/src/core/devices/wwan/nm-modem-broadband.c
+++ b/src/core/devices/wwan/nm-modem-broadband.c
@@ -1032,6 +1032,7 @@ stage3_ip_config_start(NMModem *modem, int addr_family, NMModemIPMethod ip_metho
l3cd = nm_l3_config_data_new(nm_platform_get_multi_idx(NM_PLATFORM_GET),
ifindex,
NM_IP_CONFIG_SOURCE_WWAN);
+ nm_l3_config_data_set_dns_priority(l3cd, AF_INET, 0);
address = (NMPlatformIP4Address){
.address = address_network,
@@ -1118,6 +1119,7 @@ stage3_ip_config_start(NMModem *modem, int addr_family, NMModemIPMethod ip_metho
l3cd = nm_l3_config_data_new(nm_platform_get_multi_idx(NM_PLATFORM_GET),
ifindex,
NM_IP_CONFIG_SOURCE_WWAN);
+ nm_l3_config_data_set_dns_priority(l3cd, AF_INET6, 0);
do_auto = TRUE;
diff --git a/src/core/ppp/nm-ppp-manager.c b/src/core/ppp/nm-ppp-manager.c
index dd6b1bc7f0..5761d59d39 100644
--- a/src/core/ppp/nm-ppp-manager.c
+++ b/src/core/ppp/nm-ppp-manager.c
@@ -545,6 +545,7 @@ impl_ppp_manager_set_ip4_config(NMDBusObject *obj,
NM_IP_CONFIG_SOURCE_PPP);
nm_l3_config_data_set_mtu(l3cd, mtu);
+ nm_l3_config_data_set_dns_priority(l3cd, AF_INET, 0);
address = (NMPlatformIP4Address){
.plen = 32,
--
2.34.1

View File

@ -0,0 +1,332 @@
From b55842ac0803b59fe8675464191180e44634ce1f Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Tue, 22 Feb 2022 22:08:18 +0100
Subject: [PATCH 1/2] core: reject unsupported flags for CheckpointCreate D-Bus
request
(cherry picked from commit df6ee44fb2b96cf05aaeeee500c75d7d91b37404)
(cherry picked from commit 4cfc2245d382b0b869bd52238eecd17f1c10af1c)
---
src/core/nm-manager.c | 34 +++++++++++++++++++++++++---------
1 file changed, 25 insertions(+), 9 deletions(-)
diff --git a/src/core/nm-manager.c b/src/core/nm-manager.c
index b440b22457f2..53ef1754bb72 100644
--- a/src/core/nm-manager.c
+++ b/src/core/nm-manager.c
@@ -7453,15 +7453,30 @@ impl_manager_checkpoint_create(NMDBusObject *obj,
GDBusMethodInvocation *invocation,
GVariant *parameters)
{
- NMManager *self = NM_MANAGER(obj);
- NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE(self);
- NMAuthChain *chain;
- char **devices;
- guint32 rollback_timeout;
- guint32 flags;
+ NMManager *self = NM_MANAGER(obj);
+ NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE(self);
+ NMAuthChain *chain;
+ gs_strfreev char **devices = NULL;
+ guint32 rollback_timeout;
+ guint32 flags;
G_STATIC_ASSERT_EXPR(sizeof(flags) <= sizeof(NMCheckpointCreateFlags));
+ g_variant_get(parameters, "(^aouu)", &devices, &rollback_timeout, &flags);
+
+ if ((NMCheckpointCreateFlags) flags != flags
+ || NM_FLAGS_ANY(flags,
+ ~((guint32) (NM_CHECKPOINT_CREATE_FLAG_DESTROY_ALL
+ | NM_CHECKPOINT_CREATE_FLAG_DELETE_NEW_CONNECTIONS
+ | NM_CHECKPOINT_CREATE_FLAG_DISCONNECT_NEW_DEVICES
+ | NM_CHECKPOINT_CREATE_FLAG_ALLOW_OVERLAPPING)))) {
+ g_dbus_method_invocation_return_error_literal(invocation,
+ NM_MANAGER_ERROR,
+ NM_MANAGER_ERROR_INVALID_ARGUMENTS,
+ "Invalid flags");
+ return;
+ }
+
chain = nm_auth_chain_new_context(invocation, checkpoint_auth_done_cb, self);
if (!chain) {
g_dbus_method_invocation_return_error_literal(invocation,
@@ -7471,11 +7486,12 @@ impl_manager_checkpoint_create(NMDBusObject *obj,
return;
}
- g_variant_get(parameters, "(^aouu)", &devices, &rollback_timeout, &flags);
-
c_list_link_tail(&priv->auth_lst_head, nm_auth_chain_parent_lst_list(chain));
nm_auth_chain_set_data(chain, "audit-op", NM_AUDIT_OP_CHECKPOINT_CREATE, NULL);
- nm_auth_chain_set_data(chain, "devices", devices, (GDestroyNotify) g_strfreev);
+ nm_auth_chain_set_data(chain,
+ "devices",
+ g_steal_pointer(&devices),
+ (GDestroyNotify) g_strfreev);
nm_auth_chain_set_data(chain, "flags", GUINT_TO_POINTER(flags), NULL);
nm_auth_chain_set_data(chain, "timeout", GUINT_TO_POINTER(rollback_timeout), NULL);
nm_auth_chain_add_call(chain, NM_AUTH_PERMISSION_CHECKPOINT_ROLLBACK, TRUE);
--
2.35.1
From 3c417c8338bf44292d4869763587286c7d492c0c Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Tue, 22 Feb 2022 21:55:57 +0100
Subject: [PATCH 2/2] core: preserve external ports during checkpoint rollback
When we have a bridge interface with ports attached externally (that is,
not by NetworkManager itself), then it can make sense that during
checkpoint rollback we want to keep those ports attached.
During rollback, we may need to deactivate the bridge device and
re-activate it. Implement this, by setting a flag before deactivating,
which prevents external ports to be detached. The flag gets cleared,
when the device state changes to activated (the following activation)
or unmanaged.
This is an ugly solution, for several reasons.
For one, NMDevice tracks its ports in the "slaves" list. But what
it does is ugly. There is no clear concept to understand what it
actually tacks. For example, it tracks externally added interfaces
(nm_device_sys_iface_state_is_external()) that are attached while
not being connected. But it also tracks interfaces that we want to attach
during activation (but which are not yet actually enslaved). It also tracks
slaves that have no actual netdev device (OVS). So it's not clear what this
list contains and what it should contain at any point in time. When we skip
the change of the slaves states during nm_device_master_release_slaves_all(),
it's not really clear what the effects are. It's ugly, but probably correct
enough. What would be better, if we had a clear purpose of what the
lists (or several lists) mean. E.g. a list of all ports that are
currently, physically attached vs. a list of ports we want to attach vs.
a list of OVS slaves that have no actual netdev device.
Another problem is that we attach state on the device
("activation_state_preserve_external_ports"), which should linger there
during the deactivation and reactivation. How can we be sure that we don't
leave that flag dangling there, and that the desired following activation
is the one we cared about? If the follow-up activation fails short (e.g. an
unmanaged command comes first), will we properly disconnect the slaves?
Should we even? In practice, it might be correct enough.
Also, we only implement this for bridges. I think this is where it makes
the most sense. And after all, it's an odd thing to preserve unknown,
external things during a rollback -- unknown, because we have no knowledge
about why these ports are attached and what to do with them.
Also, the change doesn't remember the ports that were attached when the
checkpoint was created. Instead, we preserve all ports that are attached
during rollback. That seems more useful and easier to implement. So we
don't actually rollback to the configuration when the checkpoint was
created. Instead, we rollback, but keep external devices.
Also, we do this now by default and introduce a flag to get the previous
behavior.
https://bugzilla.redhat.com/show_bug.cgi?id=2035519
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/ # 909
(cherry picked from commit 98b3056604fc565f273c264b892086a75a4db0e9)
(cherry picked from commit 351ca13358f62f85af675672c3399141bec092cd)
---
src/core/devices/nm-device.c | 71 ++++++++++++++++++++++-
src/core/devices/nm-device.h | 2 +
src/core/nm-checkpoint.c | 5 ++
src/core/nm-manager.c | 3 +-
src/libnm-core-public/nm-dbus-interface.h | 16 +++--
5 files changed, 90 insertions(+), 7 deletions(-)
diff --git a/src/core/devices/nm-device.c b/src/core/devices/nm-device.c
index 35360ceebb7b..a11486d54be3 100644
--- a/src/core/devices/nm-device.c
+++ b/src/core/devices/nm-device.c
@@ -76,6 +76,7 @@
#include "nm-hostname-manager.h"
#include "nm-device-generic.h"
+#include "nm-device-bridge.h"
#include "nm-device-vlan.h"
#include "nm-device-vrf.h"
#include "nm-device-wireguard.h"
@@ -483,9 +484,12 @@ typedef struct _NMDevicePrivate {
NMUtilsStableType current_stable_id_type : 3;
+ bool activation_state_preserve_external_ports : 1;
+
bool nm_owned : 1; /* whether the device is a device owned and created by NM */
- bool assume_state_guess_assume : 1;
+ bool assume_state_guess_assume : 1;
+
char *assume_state_connection_uuid;
guint64 udi_id;
@@ -7666,8 +7670,19 @@ nm_device_master_release_slaves(NMDevice *self)
c_list_for_each_safe (iter, safe, &priv->slaves) {
SlaveInfo *info = c_list_entry(iter, SlaveInfo, lst_slave);
+ if (priv->activation_state_preserve_external_ports
+ && nm_device_sys_iface_state_is_external(info->slave)) {
+ _LOGT(LOGD_DEVICE,
+ "master: preserve external port %s",
+ nm_device_get_iface(info->slave));
+ continue;
+ }
nm_device_master_release_one_slave(self, info->slave, TRUE, FALSE, reason);
}
+
+ /* We only need this flag for a short time. It served its purpose. Clear
+ * it again. */
+ nm_device_activation_state_set_preserve_external_ports(self, FALSE);
}
/**
@@ -15386,6 +15401,16 @@ _set_state_full(NMDevice *self, NMDeviceState state, NMDeviceStateReason reason,
if (state > NM_DEVICE_STATE_DISCONNECTED)
nm_device_assume_state_reset(self);
+ if (state < NM_DEVICE_STATE_UNAVAILABLE
+ || (state >= NM_DEVICE_STATE_IP_CONFIG && state < NM_DEVICE_STATE_ACTIVATED)) {
+ /* preserve-external-ports is used by NMCheckpoint to activate a master
+ * device, and preserve already attached ports. This means, this state is only
+ * relevant during the deactivation and the following activation of the
+ * right profile. Once we are sufficiently far in the activation of the
+ * intended profile, we clear the state again. */
+ nm_device_activation_state_set_preserve_external_ports(self, FALSE);
+ }
+
if (state <= NM_DEVICE_STATE_UNAVAILABLE) {
if (available_connections_del_all(self))
_notify(self, PROP_AVAILABLE_CONNECTIONS);
@@ -15790,6 +15815,50 @@ nm_device_get_state(NMDevice *self)
return NM_DEVICE_GET_PRIVATE(self)->state;
}
+/*****************************************************************************/
+
+/**
+ * nm_device_activation_state_set_preserve_external_ports:
+ * @self: the NMDevice.
+ * @flag: whether to set or clear the the flag.
+ *
+ * This sets an internal flag to true, which does something specific.
+ * For non-master devices, it has no effect. For master devices, this
+ * will prevent to detach all external ports, until the next activation
+ * completes.
+ *
+ * This is used during checkpoint/rollback. We may want to preserve
+ * externally attached ports during the restore. NMCheckpoint will
+ * call this before doing a re-activation. By setting the flag,
+ * we basically preserve such ports.
+ *
+ * Once we reach again ACTIVATED state, the flag gets cleared. This
+ * only has effect for the next activation cycle. */
+void
+nm_device_activation_state_set_preserve_external_ports(NMDevice *self, gboolean flag)
+{
+ NMDevicePrivate *priv;
+
+ g_return_if_fail(NM_IS_DEVICE(self));
+
+ priv = NM_DEVICE_GET_PRIVATE(self);
+
+ if (!NM_IS_DEVICE_BRIDGE(self)) {
+ /* This is actually only implemented for bridge devices. While it might
+ * make sense for bond/team or OVS, it's not clear that it is actually
+ * useful or desirable. */
+ return;
+ }
+
+ if (priv->activation_state_preserve_external_ports == flag)
+ return;
+
+ priv->activation_state_preserve_external_ports = flag;
+ _LOGD(LOGD_DEVICE,
+ "activation-state: preserve-external-ports %s",
+ flag ? "enabled" : "disabled");
+}
+
/*****************************************************************************/
/* NMConfigDevice interface related stuff */
diff --git a/src/core/devices/nm-device.h b/src/core/devices/nm-device.h
index cfcd4ade6d80..a7badb861087 100644
--- a/src/core/devices/nm-device.h
+++ b/src/core/devices/nm-device.h
@@ -444,6 +444,8 @@ NMDeviceType nm_device_get_device_type(NMDevice *dev);
NMLinkType nm_device_get_link_type(NMDevice *dev);
NMMetered nm_device_get_metered(NMDevice *dev);
+void nm_device_activation_state_set_preserve_external_ports(NMDevice *self, gboolean flag);
+
guint32 nm_device_get_route_table(NMDevice *self, int addr_family);
guint32 nm_device_get_route_metric(NMDevice *dev, int addr_family);
diff --git a/src/core/nm-checkpoint.c b/src/core/nm-checkpoint.c
index 0153af970de7..5b48f91aa515 100644
--- a/src/core/nm-checkpoint.c
+++ b/src/core/nm-checkpoint.c
@@ -282,6 +282,11 @@ restore_and_activate_connection(NMCheckpoint *self, DeviceCheckpoint *dev_checkp
* an internal subject. */
if (nm_device_get_state(dev_checkpoint->device) > NM_DEVICE_STATE_DISCONNECTED
&& nm_device_get_state(dev_checkpoint->device) < NM_DEVICE_STATE_DEACTIVATING) {
+ if (!NM_FLAGS_HAS(priv->flags, NM_CHECKPOINT_CREATE_FLAG_NO_PRESERVE_EXTERNAL_PORTS)) {
+ nm_device_activation_state_set_preserve_external_ports(dev_checkpoint->device,
+ TRUE);
+ }
+
nm_device_state_changed(dev_checkpoint->device,
NM_DEVICE_STATE_DEACTIVATING,
NM_DEVICE_STATE_REASON_NEW_ACTIVATION);
diff --git a/src/core/nm-manager.c b/src/core/nm-manager.c
index 53ef1754bb72..6c73d237c845 100644
--- a/src/core/nm-manager.c
+++ b/src/core/nm-manager.c
@@ -7469,7 +7469,8 @@ impl_manager_checkpoint_create(NMDBusObject *obj,
~((guint32) (NM_CHECKPOINT_CREATE_FLAG_DESTROY_ALL
| NM_CHECKPOINT_CREATE_FLAG_DELETE_NEW_CONNECTIONS
| NM_CHECKPOINT_CREATE_FLAG_DISCONNECT_NEW_DEVICES
- | NM_CHECKPOINT_CREATE_FLAG_ALLOW_OVERLAPPING)))) {
+ | NM_CHECKPOINT_CREATE_FLAG_ALLOW_OVERLAPPING
+ | NM_CHECKPOINT_CREATE_FLAG_NO_PRESERVE_EXTERNAL_PORTS)))) {
g_dbus_method_invocation_return_error_literal(invocation,
NM_MANAGER_ERROR,
NM_MANAGER_ERROR_INVALID_ARGUMENTS,
diff --git a/src/libnm-core-public/nm-dbus-interface.h b/src/libnm-core-public/nm-dbus-interface.h
index fe2a6c09db58..0d23c7d7a793 100644
--- a/src/libnm-core-public/nm-dbus-interface.h
+++ b/src/libnm-core-public/nm-dbus-interface.h
@@ -959,17 +959,23 @@ typedef enum {
* overlapping younger checkpoints. This opts-in that the
* checkpoint can be automatically destroyed by the rollback
* of an older checkpoint. Since: 1.12.
+ * @NM_CHECKPOINT_CREATE_FLAG_NO_PRESERVE_EXTERNAL_PORTS: during rollback,
+ * by default externally added ports attached to bridge devices are preserved.
+ * With this flag, the rollback detaches all external ports.
+ * This only has an effect for bridge ports. Before 1.38, 1.36.2, this was the default
+ * behavior. Since: 1.38, 1.36.2.
*
* The flags for CheckpointCreate call
*
* Since: 1.4 (gi flags generated since 1.12)
*/
typedef enum { /*< flags >*/
- NM_CHECKPOINT_CREATE_FLAG_NONE = 0,
- NM_CHECKPOINT_CREATE_FLAG_DESTROY_ALL = 0x01,
- NM_CHECKPOINT_CREATE_FLAG_DELETE_NEW_CONNECTIONS = 0x02,
- NM_CHECKPOINT_CREATE_FLAG_DISCONNECT_NEW_DEVICES = 0x04,
- NM_CHECKPOINT_CREATE_FLAG_ALLOW_OVERLAPPING = 0x08,
+ NM_CHECKPOINT_CREATE_FLAG_NONE = 0,
+ NM_CHECKPOINT_CREATE_FLAG_DESTROY_ALL = 0x01,
+ NM_CHECKPOINT_CREATE_FLAG_DELETE_NEW_CONNECTIONS = 0x02,
+ NM_CHECKPOINT_CREATE_FLAG_DISCONNECT_NEW_DEVICES = 0x04,
+ NM_CHECKPOINT_CREATE_FLAG_ALLOW_OVERLAPPING = 0x08,
+ NM_CHECKPOINT_CREATE_FLAG_NO_PRESERVE_EXTERNAL_PORTS = 0x10,
} NMCheckpointCreateFlags;
/**
--
2.35.1

View File

@ -1,99 +0,0 @@
From 5f25baaba435aaa71e63350eac72afbf4d4513fd Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Fri, 17 Sep 2021 13:53:18 +0200
Subject: [PATCH] platform: preserve IPv6 multicast route added by kernel
Kernels < 5.11 add a route like:
unicast ff00::/8 dev $IFACE proto boot scope global metric 256 pref medium
to allow sending and receiving IPv6 multicast traffic. Ensure it's not
removed it when we do a route sync in mode ALL.
In kernel 5.11 there were commits:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ceed9038b2783d14e0422bdc6fd04f70580efb4c
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a826b04303a40d52439aa141035fca5654ccaccd
After those the route looks like
multicast ff00::/8 dev $IFACE proto kernel metric 256 pref medium
As NM ignores routes with rtm_type multicast, the code in this commit
is not needed on newer kernels.
https://bugzilla.redhat.com/show_bug.cgi?id=2004212
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/984
(cherry picked from commit 8003ca68f770c69e109c16f638abbcce44af9439)
(cherry picked from commit ce8eb446b4d9465a906bf8952c1b454dab8d0c7c)
---
src/libnm-platform/nm-platform.c | 39 ++++++++++++++++++++++++++++++++
1 file changed, 39 insertions(+)
diff --git a/src/libnm-platform/nm-platform.c b/src/libnm-platform/nm-platform.c
index 6c0d0015d6..b7a65df597 100644
--- a/src/libnm-platform/nm-platform.c
+++ b/src/libnm-platform/nm-platform.c
@@ -4304,6 +4304,7 @@ nm_platform_ip_route_get_prune_list(NMPlatform * self,
CList * iter;
NMPlatformIP4Route rt_local4;
NMPlatformIP6Route rt_local6;
+ NMPlatformIP6Route rt_mcast6;
const NMPlatformLink * pllink;
const NMPlatformLnkVrf * lnk_vrf;
guint32 local_table;
@@ -4328,6 +4329,7 @@ nm_platform_ip_route_get_prune_list(NMPlatform * self,
rt_local4.plen = 0;
rt_local6.plen = 0;
+ rt_mcast6.plen = 0;
routes_prune = g_ptr_array_new_full(head_entry->len, (GDestroyNotify) nm_dedup_multi_obj_unref);
@@ -4420,6 +4422,43 @@ nm_platform_ip_route_get_prune_list(NMPlatform * self,
== 0)
continue;
}
+
+ /* Kernels < 5.11 add a route like:
+ *
+ * unicast ff00::/8 dev $IFACE proto boot scope global metric 256 pref medium
+ *
+ * to allow sending and receiving IPv6 multicast traffic. Don't remove it.
+ * Since kernel 5.11 the route looks like:
+ *
+ * multicast ff00::/8 dev $IFACE proto kernel metric 256 pref medium
+ *
+ * As NM ignores routes with rtm_type multicast, there is no need for the code
+ * below on newer kernels.
+ */
+ if (nm_platform_ip_route_get_effective_table(&rt->rx) == local_table
+ && rt->rx.plen == 8 && rt->rx.rt_source == NM_IP_CONFIG_SOURCE_RTPROT_BOOT
+ && rt->rx.metric == 256 && rt->r6.rt_pref == NM_ICMPV6_ROUTER_PREF_MEDIUM
+ && IN6_IS_ADDR_UNSPECIFIED(&rt->r6.gateway)) {
+ if (rt_mcast6.plen == 0) {
+ rt_mcast6 = (NMPlatformIP6Route){
+ .ifindex = ifindex,
+ .type_coerced = nm_platform_route_type_coerce(RTN_UNICAST),
+ .plen = 8,
+ .rt_source = NM_IP_CONFIG_SOURCE_RTPROT_BOOT,
+ .metric = 256,
+ .table_coerced = nm_platform_route_table_coerce(local_table),
+ .rt_pref = NM_ICMPV6_ROUTER_PREF_MEDIUM,
+ .gateway = IN6ADDR_ANY_INIT,
+ .network = {{{0xff, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}}},
+ };
+ }
+
+ if (nm_platform_ip6_route_cmp(&rt->r6,
+ &rt_mcast6,
+ NM_PLATFORM_IP_ROUTE_CMP_TYPE_SEMANTICALLY)
+ == 0)
+ continue;
+ }
}
break;
--
2.31.1

View File

@ -0,0 +1,52 @@
From 482f9671c69800de2077d2dab9352a9b385115d3 Mon Sep 17 00:00:00 2001
From: Lubomir Rintel <lkundrak@v3.sk>
Date: Tue, 22 Feb 2022 16:18:40 +0100
Subject: [PATCH] ovs-port: fix removal of ovsdb entry if the interface goes
away
Hope third time is the charm.
The idea here is to remove the OVSDB entry if the device actually went away
violently (like, the it was actually removed from the platform), but keep it if
we're shutting down.
Fixes-test: @ovs_nmstate
Fixes: 966413e78f14 ('ovs-port: avoid removing the OVSDB entry if we're shutting down')
Fixes: ecc73eb239e6 ('ovs-port: always remove the OVSDB entry on slave release')
https://bugzilla.redhat.com/show_bug.cgi?id=2055665
(cherry picked from commit 65fdfb25006acc3c67059792579dd7a770d04768)
(cherry picked from commit fee7328c86e5fe8171f8382492f147e7d263891b)
---
src/core/devices/ovs/nm-device-ovs-port.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/core/devices/ovs/nm-device-ovs-port.c b/src/core/devices/ovs/nm-device-ovs-port.c
index 8406c3648cef..116f58c43ace 100644
--- a/src/core/devices/ovs/nm-device-ovs-port.c
+++ b/src/core/devices/ovs/nm-device-ovs-port.c
@@ -188,8 +188,10 @@ del_iface_cb(GError *error, gpointer user_data)
static void
release_slave(NMDevice *device, NMDevice *slave, gboolean configure)
{
- NMDeviceOvsPort *self = NM_DEVICE_OVS_PORT(device);
- bool slave_removed = nm_device_sys_iface_state_get(slave) == NM_DEVICE_SYS_IFACE_STATE_REMOVED;
+ NMDeviceOvsPort *self = NM_DEVICE_OVS_PORT(device);
+ bool slave_not_managed = !NM_IN_SET(nm_device_sys_iface_state_get(slave),
+ NM_DEVICE_SYS_IFACE_STATE_MANAGED,
+ NM_DEVICE_SYS_IFACE_STATE_ASSUME);
_LOGI(LOGD_DEVICE, "releasing ovs interface %s", nm_device_get_ip_iface(slave));
@@ -197,7 +199,7 @@ release_slave(NMDevice *device, NMDevice *slave, gboolean configure)
* removed and thus we're called with configure=FALSE), we still need
* to make sure its OVSDB entry is gone.
*/
- if (configure || slave_removed) {
+ if (configure || slave_not_managed) {
nm_ovsdb_del_interface(nm_ovsdb_get(),
nm_device_get_iface(slave),
del_iface_cb,
--
2.35.1

View File

@ -1,4 +1,4 @@
From 49e9c3560289f5d02ad1bbf95ae3b2d8d81baa37 Mon Sep 17 00:00:00 2001
From 118561e284ff7f28421b19530d4471075b89645c Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Thu, 10 Mar 2022 12:07:49 +0100
Subject: [PATCH] n-dhcp4: discard NAKs from other servers in SELECTING

View File

@ -1,4 +1,4 @@
From 7423b47a3333b09fce9ddce33041e5dbdbb4c7e6 Mon Sep 17 00:00:00 2001
From 9603d930557bcd8268c3e36897db9941ea3af0b7 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Tue, 27 Aug 2019 15:47:32 +0200
Subject: [PATCH] patch documentation with the proper default values
@ -9,21 +9,15 @@ of defaults.
Patch the man pages with the proper values.
---
docs/api/html/NetworkManager.conf.html | 2 +-
docs/api/html/nm-settings-nmcli.html | 2 +-
man/NetworkManager.conf.5 | 2 +-
man/nm-settings-nmcli.5 | 2 +-
man/nm-settings-nmcli.xml | 2 +-
src/libnm-client-impl/nm-property-infos-nmcli.xml | 2 +-
src/libnmc-setting/settings-docs.h | 2 +-
src/nmcli/generate-docs-nm-settings-nmcli.xml | 2 +-
8 files changed, 8 insertions(+), 8 deletions(-)
docs/api/html/NetworkManager.conf.html | 2 +-
man/NetworkManager.conf.5 | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/docs/api/html/NetworkManager.conf.html b/docs/api/html/NetworkManager.conf.html
index e8efb5e7fe7d..f432f6736691 100644
index 02029c2e336a..cf9269c7bef4 100644
--- a/docs/api/html/NetworkManager.conf.html
+++ b/docs/api/html/NetworkManager.conf.html
@@ -658,7 +658,7 @@ unmanaged-devices=mac:00:22:68:1c:59:b1;mac:00:1E:65:30:D1:C4;interface-name:eth
@@ -663,7 +663,7 @@ unmanaged-devices=mac:00:22:68:1c:59:b1;mac:00:1E:65:30:D1:C4;interface-name:eth
are "<code class="literal">syslog</code>" and "<code class="literal">journal</code>".
When NetworkManager is started with "<code class="literal">--debug</code>"
in addition all messages will be printed to stderr.
@ -32,24 +26,11 @@ index e8efb5e7fe7d..f432f6736691 100644
</p></td>
</tr>
<tr>
diff --git a/docs/api/html/nm-settings-nmcli.html b/docs/api/html/nm-settings-nmcli.html
index e221ce1496fa..1ce647f7bf7d 100644
--- a/docs/api/html/nm-settings-nmcli.html
+++ b/docs/api/html/nm-settings-nmcli.html
@@ -1955,7 +1955,7 @@
<td>
<p>
Alias: ip4</p>
-<p>A list of IPv4 addresses and their prefix length. Multiple addresses can be separated by comma. For example "192.168.1.5/24, 10.1.0.5/24". The addresses are listed in increasing priority, meaning the last address will be the primary address.</p>
+<p>A list of IPv4 addresses and their prefix length. Multiple addresses can be separated by comma. For example "192.168.1.5/24, 10.1.0.5/24". The addresses are listed in decreasing priority, meaning the first address will be the primary address.</p>
<p>
Format: a comma separated list of addresses</p>
</td>
diff --git a/man/NetworkManager.conf.5 b/man/NetworkManager.conf.5
index 33850bb0e398..cd0379806b29 100644
index 4f62ed7c0cde..74daf4c8dc02 100644
--- a/man/NetworkManager.conf.5
+++ b/man/NetworkManager.conf.5
@@ -664,7 +664,7 @@ INFO\&.
@@ -669,7 +669,7 @@ INFO\&.
.PP
\fIbackend\fR
.RS 4
@ -58,71 +39,6 @@ index 33850bb0e398..cd0379806b29 100644
.RE
.PP
\fIaudit\fR
diff --git a/man/nm-settings-nmcli.5 b/man/nm-settings-nmcli.5
index 2d9c067a4679..d3a03d306a1d 100644
--- a/man/nm-settings-nmcli.5
+++ b/man/nm-settings-nmcli.5
@@ -1655,7 +1655,7 @@ Properties:
.RS 4
Alias: ip4
.sp
-A list of IPv4 addresses and their prefix length\&. Multiple addresses can be separated by comma\&. For example "192\&.168\&.1\&.5/24, 10\&.1\&.0\&.5/24"\&. The addresses are listed in increasing priority, meaning the last address will be the primary address\&.
+A list of IPv4 addresses and their prefix length\&. Multiple addresses can be separated by comma\&. For example "192\&.168\&.1\&.5/24, 10\&.1\&.0\&.5/24"\&. The addresses are listed in decreasing priority, meaning the first address will be the primary address\&.
.sp
Format: a comma separated list of addresses
.RE
diff --git a/man/nm-settings-nmcli.xml b/man/nm-settings-nmcli.xml
index 258e4135009b..199e49e91794 100644
--- a/man/nm-settings-nmcli.xml
+++ b/man/nm-settings-nmcli.xml
@@ -274,7 +274,7 @@
Format: string</para></listitem></varlistentry></variablelist></para></refsect2><refsect2><title>ipv4 setting</title><para>IPv4 Settings.</para><para>
Properties:
<variablelist><varlistentry><term><option id="nm-settings-nmcli.property.ipv4.addresses">addresses</option></term><listitem><para>
- Alias: ip4</para><para>A list of IPv4 addresses and their prefix length. Multiple addresses can be separated by comma. For example "192.168.1.5/24, 10.1.0.5/24". The addresses are listed in increasing priority, meaning the last address will be the primary address.</para><para>
+ Alias: ip4</para><para>A list of IPv4 addresses and their prefix length. Multiple addresses can be separated by comma. For example "192.168.1.5/24, 10.1.0.5/24". The addresses are listed in decreasing priority, meaning the first address will be the primary address.</para><para>
Format: a comma separated list of addresses</para></listitem></varlistentry><varlistentry><term><option id="nm-settings-nmcli.property.ipv4.dad-timeout">dad-timeout</option></term><listitem><para>Timeout in milliseconds used to check for the presence of duplicate IP addresses on the network. If an address conflict is detected, the activation will fail. A zero value means that no duplicate address detection is performed, -1 means the default value (either configuration ipvx.dad-timeout override or zero). A value greater than zero is a timeout in milliseconds. The property is currently implemented only for IPv4.</para><para>
Format: int32</para></listitem></varlistentry><varlistentry><term><option id="nm-settings-nmcli.property.ipv4.dhcp-client-id">dhcp-client-id</option></term><listitem><para>A string sent to the DHCP server to identify the local machine which the DHCP server may use to customize the DHCP lease and options. When the property is a hex string ('aa:bb:cc') it is interpreted as a binary client ID, in which case the first byte is assumed to be the 'type' field as per RFC 2132 section 9.14 and the remaining bytes may be an hardware address (e.g. '01:xx:xx:xx:xx:xx:xx' where 1 is the Ethernet ARP type and the rest is a MAC address). If the property is not a hex string it is considered as a non-hardware-address client ID and the 'type' field is set to 0. The special values "mac" and "perm-mac" are supported, which use the current or permanent MAC address of the device to generate a client identifier with type ethernet (01). Currently, these options only work for ethernet type of links. The special value "ipv6-duid" uses the DUID from "ipv6.dhcp-duid" property as an RFC4361-compliant client identifier. As IAID it uses "ipv4.dhcp-iaid" and falls back to "ipv6.dhcp-iaid" if unset. The special value "duid" generates a RFC4361-compliant client identifier based on "ipv4.dhcp-iaid" and uses a DUID generated by hashing /etc/machine-id. The special value "stable" is supported to generate a type 0 client identifier based on the stable-id (see connection.stable-id) and a per-host key. If you set the stable-id, you may want to include the "${DEVICE}" or "${MAC}" specifier to get a per-device key. If unset, a globally configured default is used. If still unset, the default depends on the DHCP plugin.</para><para>
Format: string</para></listitem></varlistentry><varlistentry><term><option id="nm-settings-nmcli.property.ipv4.dhcp-fqdn">dhcp-fqdn</option></term><listitem><para>If the "dhcp-send-hostname" property is TRUE, then the specified FQDN will be sent to the DHCP server when acquiring a lease. This property and "dhcp-hostname" are mutually exclusive and cannot be set at the same time.</para><para>
diff --git a/src/libnm-client-impl/nm-property-infos-nmcli.xml b/src/libnm-client-impl/nm-property-infos-nmcli.xml
index b771b74c5909..d6aa8a80c8e3 100644
--- a/src/libnm-client-impl/nm-property-infos-nmcli.xml
+++ b/src/libnm-client-impl/nm-property-infos-nmcli.xml
@@ -34,7 +34,7 @@
<setting name="ip-tunnel">
</setting>
<setting name="ipv4">
-<property name="addresses" variable="addresses" format="a comma separated list of addresses" values="" default="" example="" description="A list of IPv4 addresses and their prefix length. Multiple addresses can be separated by comma. For example &quot;192.168.1.5/24, 10.1.0.5/24&quot;. The addresses are listed in increasing priority, meaning the last address will be the primary address." />
+<property name="addresses" variable="addresses" format="a comma separated list of addresses" values="" default="" example="" description="A list of IPv4 addresses and their prefix length. Multiple addresses can be separated by comma. For example &quot;192.168.1.5/24, 10.1.0.5/24&quot;. The addresses are listed in decreasing priority, meaning the first address will be the primary address." />
<property name="routes" variable="routes" format="a comma separated list of routes" values="" default="" example="" description="A list of IPv4 destination addresses, prefix length, optional IPv4 next hop addresses, optional route metric, optional attribute. The valid syntax is: &quot;ip[/prefix] [next-hop] [metric] [attribute=val]...[,ip[/prefix]...]&quot;. For example &quot;192.0.2.0/24 10.1.1.1 77, 198.51.100.0/24&quot;." />
</setting>
<setting name="ipv6">
diff --git a/src/libnmc-setting/settings-docs.h b/src/libnmc-setting/settings-docs.h
index 12625d445966..85c5aca1e4c8 100644
--- a/src/libnmc-setting/settings-docs.h
+++ b/src/libnmc-setting/settings-docs.h
@@ -226,7 +226,7 @@
#define DESCRIBE_DOC_NM_SETTING_IP_TUNNEL_REMOTE N_("The remote endpoint of the tunnel; the value must contain an IPv4 or IPv6 address.")
#define DESCRIBE_DOC_NM_SETTING_IP_TUNNEL_TOS N_("The type of service (IPv4) or traffic class (IPv6) field to be set on tunneled packets.")
#define DESCRIBE_DOC_NM_SETTING_IP_TUNNEL_TTL N_("The TTL to assign to tunneled packets. 0 is a special value meaning that packets inherit the TTL value.")
-#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_ADDRESSES N_("A list of IPv4 addresses and their prefix length. Multiple addresses can be separated by comma. For example \"192.168.1.5/24, 10.1.0.5/24\". The addresses are listed in increasing priority, meaning the last address will be the primary address.")
+#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_ADDRESSES N_("A list of IPv4 addresses and their prefix length. Multiple addresses can be separated by comma. For example \"192.168.1.5/24, 10.1.0.5/24\". The addresses are listed in decreasing priority, meaning the first address will be the primary address.")
#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DAD_TIMEOUT N_("Timeout in milliseconds used to check for the presence of duplicate IP addresses on the network. If an address conflict is detected, the activation will fail. A zero value means that no duplicate address detection is performed, -1 means the default value (either configuration ipvx.dad-timeout override or zero). A value greater than zero is a timeout in milliseconds. The property is currently implemented only for IPv4.")
#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DHCP_CLIENT_ID N_("A string sent to the DHCP server to identify the local machine which the DHCP server may use to customize the DHCP lease and options. When the property is a hex string ('aa:bb:cc') it is interpreted as a binary client ID, in which case the first byte is assumed to be the 'type' field as per RFC 2132 section 9.14 and the remaining bytes may be an hardware address (e.g. '01:xx:xx:xx:xx:xx:xx' where 1 is the Ethernet ARP type and the rest is a MAC address). If the property is not a hex string it is considered as a non-hardware-address client ID and the 'type' field is set to 0. The special values \"mac\" and \"perm-mac\" are supported, which use the current or permanent MAC address of the device to generate a client identifier with type ethernet (01). Currently, these options only work for ethernet type of links. The special value \"ipv6-duid\" uses the DUID from \"ipv6.dhcp-duid\" property as an RFC4361-compliant client identifier. As IAID it uses \"ipv4.dhcp-iaid\" and falls back to \"ipv6.dhcp-iaid\" if unset. The special value \"duid\" generates a RFC4361-compliant client identifier based on \"ipv4.dhcp-iaid\" and uses a DUID generated by hashing /etc/machine-id. The special value \"stable\" is supported to generate a type 0 client identifier based on the stable-id (see connection.stable-id) and a per-host key. If you set the stable-id, you may want to include the \"${DEVICE}\" or \"${MAC}\" specifier to get a per-device key. If unset, a globally configured default is used. If still unset, the default depends on the DHCP plugin.")
#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DHCP_FQDN N_("If the \"dhcp-send-hostname\" property is TRUE, then the specified FQDN will be sent to the DHCP server when acquiring a lease. This property and \"dhcp-hostname\" are mutually exclusive and cannot be set at the same time.")
diff --git a/src/nmcli/generate-docs-nm-settings-nmcli.xml b/src/nmcli/generate-docs-nm-settings-nmcli.xml
index 88803094d6ce..ca5225ba2811 100644
--- a/src/nmcli/generate-docs-nm-settings-nmcli.xml
+++ b/src/nmcli/generate-docs-nm-settings-nmcli.xml
@@ -650,7 +650,7 @@
description="DNS servers priority. The relative priority for DNS servers specified by this setting. A lower numerical value is better (higher priority). Negative values have the special effect of excluding other configurations with a greater numerical priority value; so in presence of at least one negative priority, only DNS servers from connections with the lowest priority value will be used. To avoid all DNS leaks, set the priority of the profile that should be used to the most negative value of all active connections profiles. Zero selects a globally configured default value. If the latter is missing or zero too, it defaults to 50 for VPNs (including WireGuard) and 100 for other connections. Note that the priority is to order DNS settings for multiple active connections. It does not disambiguate multiple DNS servers within the same connection profile. When multiple devices have configurations with the same priority, VPNs will be considered first, then devices with the best (lowest metric) default route and then all other devices. When using dns=default, servers with higher priority will be on top of resolv.conf. To prioritize a given server over another one within the same connection, just specify them in the desired order. Note that commonly the resolver tries name servers in /etc/resolv.conf in the order listed, proceeding with the next server in the list on failure. See for example the &quot;rotate&quot; option of the dns-options setting. If there are any negative DNS priorities, then only name servers from the devices with that lowest priority will be considered. When using a DNS resolver that supports Conditional Forwarding or Split DNS (with dns=dnsmasq or dns=systemd-resolved settings), each connection is used to query domains in its search list. The search domains determine which name servers to ask, and the DNS priority is used to prioritize name servers based on the domain. Queries for domains not present in any search list are routed through connections having the &apos;~.&apos; special wildcard domain, which is added automatically to connections with the default route (or can be added manually). When multiple connections specify the same domain, the one with the best priority (lowest numerical value) wins. If a sub domain is configured on another interface it will be accepted regardless the priority, unless parent domain on the other interface has a negative priority, which causes the sub domain to be shadowed. With Split DNS one can avoid undesired DNS leaks by properly configuring DNS priorities and the search domains, so that only name servers of the desired interface are configured." />
<property name="addresses"
alias="ip4"
- description="A list of IPv4 addresses and their prefix length. Multiple addresses can be separated by comma. For example &quot;192.168.1.5/24, 10.1.0.5/24&quot;. The addresses are listed in increasing priority, meaning the last address will be the primary address." />
+ description="A list of IPv4 addresses and their prefix length. Multiple addresses can be separated by comma. For example &quot;192.168.1.5/24, 10.1.0.5/24&quot;. The addresses are listed in decreasing priority, meaning the first address will be the primary address." />
<property name="gateway"
alias="gw4"
description="The gateway associated with this configuration. This is only meaningful if &quot;addresses&quot; is also set. The gateway&apos;s main purpose is to control the next hop of the standard default route on the device. Hence, the gateway property conflicts with &quot;never-default&quot; and will be automatically dropped if the IP configuration is set to never-default. As an alternative to set the gateway, configure a static default route with /0 as prefix length." />
--
2.31.1

View File

@ -5,14 +5,15 @@
%global glib2_version %(pkg-config --modversion glib-2.0 2>/dev/null || echo bad)
%global epoch_version 1
%global rpm_version 1.32.10
%global real_version 1.32.10
%global release_version 5
%global rpm_version 1.36.0
%global real_version 1.36.0
%global release_version 4
%global snapshot %{nil}
%global git_sha %{nil}
%global obsoletes_device_plugins 1:0.9.9.95-1
%global obsoletes_ppp_plugin 1:1.5.3
%global obsoletes_device_plugins 1:0.9.9.95-1
%global obsoletes_ppp_plugin 1:1.5.3
%global obsoletes_initscripts_updown 1:1.36.0-0.6
%global systemd_dir %{_prefix}/lib/systemd/system
%global sysctl_dir %{_prefix}/lib/sysctl.d
@ -193,11 +194,10 @@ Patch1: 0001-cloud-setup-systemd-unit-rh1791758.patch
Patch2: 0002-firewall-Default-to-iptables-backend-to-preserve-behavior.patch
# Bugfixes that are only relevant until next rebase of the package.
Patch1000: 1000-platform-fix-capturing-addresses-from-platform-for-assuming-after-restart.patch
Patch1001: 1001-nmcli-docs-fix-address-order-in-ipv46-addresses-documentation-for-nm-settings-nmcli.patch
Patch1002: 1002-preserve-IPv6-multicast-route-rh2004212.patch
Patch1003: 1003-cloud-setup-better-handle-other-routes-rh1977984.patch
Patch1004: 1004-n-dhcp4-discard-NAKs-from-other-servers-rhbz2065188.patch
Patch1001: 1001-wwan-dns-fix-rh2059138.patch
Patch1002: 1002-checkpoint-preserve-external-bridge-ports-rh2035519.patch
Patch1003: 1003-fix-ovsdb-removal-ports-rhbz1935026.patch
Patch1004: 1004-n-dhcp4-discard-NAKs-from-other-servers-rhbz2059673.patch
# The pregenerated docs contain default values and paths that depend
# on the configure options when creating the source tarball.
@ -206,6 +206,9 @@ Patch1004: 1004-n-dhcp4-discard-NAKs-from-other-servers-rhbz2065188.patch
Patch9999: 9999-fix-pregen-doc.patch
Requires(post): systemd
%if 0%{?fedora} || 0%{?rhel} > 7
Requires(post): systemd-udev
%endif
Requires(post): /usr/sbin/update-alternatives
Requires(preun): systemd
Requires(preun): /usr/sbin/update-alternatives
@ -220,6 +223,10 @@ Requires: libndp >= %{libndp_version}
Obsoletes: NetworkManager < %{obsoletes_device_plugins}
Obsoletes: NetworkManager < %{obsoletes_ppp_plugin}
Obsoletes: NetworkManager-wimax < 1.2
%if 0%{?rhel} && 0%{?rhel} == 8
Suggests: NetworkManager-initscripts-updown
%endif
Obsoletes: NetworkManager < %{obsoletes_initscripts_updown}
%if 0%{?rhel} && 0%{?rhel} <= 7
# Kept for RHEL to ensure that wired 802.1x works out of the box
@ -567,6 +574,20 @@ This tool is still experimental.
%endif
%package initscripts-updown
Summary: Legacy ifup/ifdown scripts for NetworkManager that replace initscripts (network-scripts)
Group: System Environment/Base
BuildArch: noarch
Requires: NetworkManager
Requires: /usr/bin/nmcli
Obsoletes: NetworkManager < %{obsoletes_initscripts_updown}
%description initscripts-updown
Installs alternative ifup/ifdown scripts that talk to NetworkManager.
This is only for backward compatibility with initscripts (network-scripts).
Preferably use nmcli instead.
%prep
%autosetup -p1 -n NetworkManager-%{real_version}
@ -693,8 +714,7 @@ This tool is still experimental.
-Dresolvconf=no \
-Dnetconfig=no \
-Dconfig_dns_rc_manager_default=%{dns_rc_manager_default} \
-Dconfig_logging_backend_default=%{logging_backend_default} \
-Djson_validation=true
-Dconfig_logging_backend_default=%{logging_backend_default}
%meson_build
@ -880,7 +900,8 @@ mkdir -p %{buildroot}%{_prefix}/src/debug/NetworkManager-%{real_version}
cp valgrind.suppressions %{buildroot}%{_prefix}/src/debug/NetworkManager-%{real_version}
%endif
touch %{buildroot}%{_sbindir}/ifup %{buildroot}%{_sbindir}/ifdown
touch %{buildroot}%{_sbindir}/ifup
touch %{buildroot}%{_sbindir}/ifdown
%check
@ -923,7 +944,8 @@ fi
%systemd_post %{systemd_units}
%triggerin -- initscripts
%post initscripts-updown
if [ -f %{_sbindir}/ifup -a ! -L %{_sbindir}/ifup ]; then
# initscripts package too old, won't let us set an alternative
/usr/sbin/update-alternatives --remove ifup %{_libexecdir}/nm-ifup >/dev/null 2>&1 || :
@ -946,12 +968,16 @@ if [ $1 -eq 0 ]; then
# Don't kill networking entirely just on package remove
#/bin/systemctl stop NetworkManager.service >/dev/null 2>&1 || :
/usr/sbin/update-alternatives --remove ifup %{_libexecdir}/nm-ifup >/dev/null 2>&1 || :
fi
%systemd_preun NetworkManager-wait-online.service NetworkManager-dispatcher.service
%preun initscripts-updown
if [ $1 -eq 0 ]; then
/usr/sbin/update-alternatives --remove ifup %{_libexecdir}/nm-ifup >/dev/null 2>&1 || :
fi
%if %{with nm_cloud_setup}
%preun cloud-setup
%systemd_preun %{systemd_units_cloud_setup}
@ -983,6 +1009,7 @@ fi
%files
%{dbus_sys_dir}/org.freedesktop.NetworkManager.conf
%{dbus_sys_dir}/nm-dispatcher.conf
%exclude %{dbus_sys_dir}/nm-priv-helper.conf
%{dbus_sys_dir}/nm-ifcfg-rh.conf
%{_sbindir}/%{name}
%{_bindir}/nmcli
@ -999,15 +1026,11 @@ fi
%config(noreplace) %{_sysconfdir}/%{name}/NetworkManager.conf
%ghost %{_sysconfdir}/%{name}/VPN
%{_bindir}/nm-online
%{_libexecdir}/nm-ifup
%ghost %attr(755, root, root) %{_sbindir}/ifup
%{_libexecdir}/nm-ifdown
%ghost %attr(755, root, root) %{_sbindir}/ifdown
%{_libexecdir}/nm-dhcp-helper
%{_libexecdir}/nm-dispatcher
%{_libexecdir}/nm-iface-helper
%{_libexecdir}/nm-initrd-generator
%{_libexecdir}/nm-daemon-helper
%exclude %{_libexecdir}/nm-priv-helper
%dir %{_libdir}/%{name}
%dir %{nmplugindir}
%{nmplugindir}/libnm-settings-plugin*.so
@ -1031,6 +1054,7 @@ fi
%dir %{_localstatedir}/lib/NetworkManager
%dir %{_sysconfdir}/sysconfig/network-scripts
%{_datadir}/dbus-1/system-services/org.freedesktop.nm_dispatcher.service
%{_datadir}/dbus-1/system-services/org.freedesktop.nm_priv_helper.service
%{_datadir}/polkit-1/actions/*.policy
%{_prefix}/lib/udev/rules.d/*.rules
%if %{with firewalld_zone}
@ -1040,6 +1064,7 @@ fi
%{systemd_dir}/NetworkManager.service
%{systemd_dir}/NetworkManager-wait-online.service
%{systemd_dir}/NetworkManager-dispatcher.service
%exclude %{systemd_dir}/nm-priv-helper.service
%dir %{_datadir}/doc/NetworkManager/examples
%{_datadir}/doc/NetworkManager/examples/server.conf
%doc NEWS AUTHORS README CONTRIBUTING.md TODO
@ -1166,16 +1191,108 @@ fi
%endif
%files initscripts-updown
%{_libexecdir}/nm-ifup
%ghost %attr(755, root, root) %{_sbindir}/ifup
%{_libexecdir}/nm-ifdown
%ghost %attr(755, root, root) %{_sbindir}/ifdown
%changelog
* Mon Mar 21 2022 Fernando Fernandez Mancera <ferferna@redhat.com> - 1:1.36.10-5
- n-dhcp4: discard NAKs from different servers in SELECTING (rh #2065188)
* Fri Mar 11 2022 Thomas Haller <thaller@redhat.com> - 1:1.36.0-3
- core: preserve external bridge ports during checkpoint rollback (rh #2035519)
- ovs-port: fix removal of ovsdb entry if the interface goes away (rh #1935026)
* Tue Sep 28 2021 Thomas Haller <thaller@redhat.com> - 1:1.32.10-4
- revert unapproved patches part of "cloud-setup" change (rh #1977984)
* Mon Feb 28 2022 Beniamino Galvani <bgalvani@redhat.com> - 1:1.36.0-2
- core: fix setting DNS from WWAN and PPP (rh #2059138)
* Fri Sep 24 2021 Beniamino Galvani <bgalvani@redhat.com> - 1:1.32.10-3
- preserve the IPv6 multicast route added by kernel (rh #2004212)
- cloud-setup: better handle other route configuration (rh #1977984)
* Thu Feb 24 2022 Lubomir Rintel <lkundrak@v3.sk> - 1:1.36.0-1
- Upgrade to 1.36.0 release
- core: avoid losing L3 configuration the second time it's applied (rh #2043514)
- ovs: avoid removing OVSDB entries on daemon shutdown (rh #2055665)
- nmcli: fix defaults for some properties on interactive add (rh #2053603)
* Sat Feb 19 2022 Lubomir Rintel <lkundrak@v3.sk> - 1:1.36.0-0.9
- revert: generate docs during build instead of using pre-generated (rh #1995915)
- Upgrade to 1.35.92 (release candidate)
- ppp: increase disconnect timeout (rh #2049596)
- core: finish activation after all objects are committed (rh #2043133)
- ipv6: add support for multipath routes (rh #1837254)
- keyfile: do not write empty string list properties (rh #2022623)
* Fri Feb 04 2022 Lubomir Rintel <lkundrak@v3.sk> - 1:1.36.0-0.8
- Upgrade to 1.35.91 release (release candidate)
- bond: fix duplicate IPv4 address detection (rh #2028751)
- core: add support for blackhole routes (rh #1937823) (rh #2013587)
- core: re-assess IP configuration if one IP family times out (rh #2051904)
- ovs: remove ovsdb entry on interface removal (rh #2047302)
- ovs: properly clean up devices on daemon shutdown (rh #2029937)
- core: avoid losing addresses on handover from initrd to ral root (rh #2047302)
- core: fix a possibe assertion failure in ACD (rh #2047788)
* Fri Jan 28 2022 Thomas Haller <thaller@redhat.com> - 1:1.36.0-0.7
- Upgrade to 1.35.7 release (development)
- core: fix crash related to DHCPv6 leases (rh #2028849)
- wifi: fix stale ActiveAccessPoint in D-Bus (rh #1983747)
- libnm: fix dangling pointer in NMObject (rh #2039331)
* Wed Jan 26 2022 Thomas Haller <thaller@redhat.com> - 1:1.36.0-0.6
- Upgrade to 1.35.6 release (development)
- Move ifup/ifdown scripts to new NetworkManager-initscripts-updown package (rh #2022418)
- wwan: fix assertion failure in modem/ppp code (rh #2028385)
- core: fix performance regression with 500vlans test (rh #2028849)
- core: drop defective BPF filter for netlink sockets that caused hangs (rh #2037411)
- initrd: add support for rd.znet_ifnames (rh #1980387)
* Thu Jan 20 2022 Thomas Haller <thaller@redhat.com> - 1:1.36.0-0.5
- generate docs during build instead of using pre-generated (rh #1995915)
* Wed Jan 12 2022 Wen Liang <wenliang@redhat.com> - 1:1.36.0-0.4
- Upgrade to 1.35.4 release (development)
- ipv4ll: fix assert on external LL address removal (rh #2028404)
- openvswitch: add DPDK n_rxq configuration option (rh #2001563)
- device: ignore ndisc signal if device has no ifindex (rh #2013266)
- bluetooth: fix invalid assertion in NMBluezManager:dispose() (rh #2028427)
- supplicant: enable SAE-H2E (rh #2019396)
* Thu Dec 16 2021 Wen Liang <wenliang@redhat.com> - 1:1.36.0-0.3
- Upgrade to 1.35.3 release (development)
- device: fix update of the ip-iface property (rh #2027490)
- platform: add bpf filter to ignore routes from routing daemons (rh #1861527)
* Wed Dec 1 2021 Wen Liang <wenliang@redhat.com> - 1:1.36.0-0.2
- Upgrade to 1.35.2 release (development)
- initrd: handle ip=dhcp,dhcp6 specially to wait for both IPv4 and IPv6 (rh #1961666)
- bridge: fix ageing_time bridge option (rh #1871950)
- core: make sure Device and AC emit StateChanged a bit later (rh #2006677)
- ovsdb: deactivate removed device if does not have a master (rh #2022275)
- nmcli: fix setting wake-on-lan property on edit mode (rh #2016348)
- core: fix wrong DHCPv6 timeouts due to endianness problem (rh #2027267)
* Thu Nov 18 2021 Beniamino Galvani <bgalvani@redhat.com> - 1:1.36.0-0.1
- Upgrade to 1.35.1 release (development)
- core: refactor IP configuration code (rh #1868254)
- core: fix deleting external route during service restart (rh #2010640)
* Thu Oct 21 2021 Ana Cabral <acabral@redhat.com> - 1:1.34.0-0.3
- Upgrade to 1.33.4 release (development)
- Deprecate "master"/"slave" on bonding and bridge API (rh #1949023)
- core: Fix configuration reload for active devices (rh #1852445)
- Update systemd-udev dependency (rh #2012123)
* Thu Sep 23 2021 Ana Cabral <acabral@redhat.com> - 1:1.34.0-0.2
- Upgrade to 1.33.3 release (development)
- platform: don't listen for tc netlink messages (rh #1753677)
- cloud-setup: better handle other route configuration (rh #2006370)
- Fix autoneg advertisement (rh #1897004)
* Thu Sep 9 2021 Ana Cabral <acabral@redhat.com> - 1:1.34.0-0.1
- Upgrade to 1.33.2 release (development) (rh #1996617)
- Obtain permanent hardware address via netlink or lookup via ethtool (rh #1987286)
- Show more information about routes in nmcli (rh #1870059)
- Add test for creation and activation of new connection via interface (rh #1763054)
- ethtool: fix setting autonegotiation/speed on reactivation (rh #1897004)
- Fix MTU's decrease after the removal of 802-3-ethernet configuration (rh #1973536)
* Thu Aug 19 2021 Wen Liang <wenliang@redhat.com> - 1:1.32.10-2
- platform: fix capturing IPv4 addresses from platform for assuming after restart (rh #1988751)