rpms/NetworkManager
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import NetworkManager-1.40.0-1.el9

Browse Source
This commit is contained in:
CentOS Sources 2022-11-15 01:59:07 -05:00 committed by Stepan Oksanichenko
parent c4e09bfc2d
commit 3a1ea5f5d5
11 changed files with 226 additions and 2965 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.NetworkManager.metadata
View File

@ -1 +1 @@
adbe8e9eef649ac73c4fbaefd71a1335d4d016cd SOURCES/NetworkManager-1.36.0.tar.xz
eba3800b6308c38916f22e8515fb415730a4e89a SOURCES/NetworkManager-1.40.0.tar.xz

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/NetworkManager-1.36.0.tar.xz
SOURCES/NetworkManager-1.40.0.tar.xz

62
SOURCES/1001-wwan-dns-fix-rh2059138.patch
View File

@ -1,62 +0,0 @@
From 7ba52fdcfeeb1e5400bcecb9fa93b3099dcccb47 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Fri, 25 Feb 2022 10:06:48 +0100
Subject: [PATCH] core: initialize l3cd dns-priority for ppp and wwan
For devices that configure IP by themselves (by returning
"->ready_for_ip_config() = TRUE" and implementing
->act_stage3_ip_config()), we skip manual configuration. Currently,
manual configuration is the only one that sets flag HAS_DNS_PRIORITY
into the resulting l3cd.
So, the merged l3cd for such devices misses a dns-priority and is
ignored by the DNS manager.
Explicitly initialize the priority to 0; in this way, the default
value for the device will be set in the final l3cd during the merge.
Fixes: 58287cbcc0c8 ('core: rework IP configuration in NetworkManager using layer 3 configuration')
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/931
(cherry picked from commit b2e559fab2fa5adbf4e159fc1c2cadd3d965b01b)
(cherry picked from commit bfd3216584e9fe1eb0b6f3f81e3eb75a40877775)
---
src/core/devices/wwan/nm-modem-broadband.c | 2 ++
src/core/ppp/nm-ppp-manager.c | 1 +
2 files changed, 3 insertions(+)
diff --git a/src/core/devices/wwan/nm-modem-broadband.c b/src/core/devices/wwan/nm-modem-broadband.c
index f5336d3750..b585652e5d 100644
--- a/src/core/devices/wwan/nm-modem-broadband.c
+++ b/src/core/devices/wwan/nm-modem-broadband.c
@@ -1032,6 +1032,7 @@ stage3_ip_config_start(NMModem *modem, int addr_family, NMModemIPMethod ip_metho
l3cd = nm_l3_config_data_new(nm_platform_get_multi_idx(NM_PLATFORM_GET),
ifindex,
NM_IP_CONFIG_SOURCE_WWAN);
+ nm_l3_config_data_set_dns_priority(l3cd, AF_INET, 0);
address = (NMPlatformIP4Address){
.address = address_network,
@@ -1118,6 +1119,7 @@ stage3_ip_config_start(NMModem *modem, int addr_family, NMModemIPMethod ip_metho
l3cd = nm_l3_config_data_new(nm_platform_get_multi_idx(NM_PLATFORM_GET),
ifindex,
NM_IP_CONFIG_SOURCE_WWAN);
+ nm_l3_config_data_set_dns_priority(l3cd, AF_INET6, 0);
do_auto = TRUE;
diff --git a/src/core/ppp/nm-ppp-manager.c b/src/core/ppp/nm-ppp-manager.c
index dd6b1bc7f0..5761d59d39 100644
--- a/src/core/ppp/nm-ppp-manager.c
+++ b/src/core/ppp/nm-ppp-manager.c
@@ -545,6 +545,7 @@ impl_ppp_manager_set_ip4_config(NMDBusObject *obj,
NM_IP_CONFIG_SOURCE_PPP);
nm_l3_config_data_set_mtu(l3cd, mtu);
+ nm_l3_config_data_set_dns_priority(l3cd, AF_INET, 0);
address = (NMPlatformIP4Address){
.plen = 32,
--
2.34.1

332
SOURCES/1002-checkpoint-preserve-external-bridge-ports-rh2035519.patch
View File

@ -1,332 +0,0 @@
From b55842ac0803b59fe8675464191180e44634ce1f Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Tue, 22 Feb 2022 22:08:18 +0100
Subject: [PATCH 1/2] core: reject unsupported flags for CheckpointCreate D-Bus
request
(cherry picked from commit df6ee44fb2b96cf05aaeeee500c75d7d91b37404)
(cherry picked from commit 4cfc2245d382b0b869bd52238eecd17f1c10af1c)
---
src/core/nm-manager.c | 34 +++++++++++++++++++++++++---------
1 file changed, 25 insertions(+), 9 deletions(-)
diff --git a/src/core/nm-manager.c b/src/core/nm-manager.c
index b440b22457f2..53ef1754bb72 100644
--- a/src/core/nm-manager.c
+++ b/src/core/nm-manager.c
@@ -7453,15 +7453,30 @@ impl_manager_checkpoint_create(NMDBusObject *obj,
GDBusMethodInvocation *invocation,
GVariant *parameters)
{
- NMManager *self = NM_MANAGER(obj);
- NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE(self);
- NMAuthChain *chain;
- char **devices;
- guint32 rollback_timeout;
- guint32 flags;
+ NMManager *self = NM_MANAGER(obj);
+ NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE(self);
+ NMAuthChain *chain;
+ gs_strfreev char **devices = NULL;
+ guint32 rollback_timeout;
+ guint32 flags;
G_STATIC_ASSERT_EXPR(sizeof(flags) <= sizeof(NMCheckpointCreateFlags));
+ g_variant_get(parameters, "(^aouu)", &devices, &rollback_timeout, &flags);
+
+ if ((NMCheckpointCreateFlags) flags != flags
+ || NM_FLAGS_ANY(flags,
+ ~((guint32) (NM_CHECKPOINT_CREATE_FLAG_DESTROY_ALL
+ | NM_CHECKPOINT_CREATE_FLAG_DELETE_NEW_CONNECTIONS
+ | NM_CHECKPOINT_CREATE_FLAG_DISCONNECT_NEW_DEVICES
+ | NM_CHECKPOINT_CREATE_FLAG_ALLOW_OVERLAPPING)))) {
+ g_dbus_method_invocation_return_error_literal(invocation,
+ NM_MANAGER_ERROR,
+ NM_MANAGER_ERROR_INVALID_ARGUMENTS,
+ "Invalid flags");
+ return;
+ }
+
chain = nm_auth_chain_new_context(invocation, checkpoint_auth_done_cb, self);
if (!chain) {
g_dbus_method_invocation_return_error_literal(invocation,
@@ -7471,11 +7486,12 @@ impl_manager_checkpoint_create(NMDBusObject *obj,
return;
}
- g_variant_get(parameters, "(^aouu)", &devices, &rollback_timeout, &flags);
-
c_list_link_tail(&priv->auth_lst_head, nm_auth_chain_parent_lst_list(chain));
nm_auth_chain_set_data(chain, "audit-op", NM_AUDIT_OP_CHECKPOINT_CREATE, NULL);
- nm_auth_chain_set_data(chain, "devices", devices, (GDestroyNotify) g_strfreev);
+ nm_auth_chain_set_data(chain,
+ "devices",
+ g_steal_pointer(&devices),
+ (GDestroyNotify) g_strfreev);
nm_auth_chain_set_data(chain, "flags", GUINT_TO_POINTER(flags), NULL);
nm_auth_chain_set_data(chain, "timeout", GUINT_TO_POINTER(rollback_timeout), NULL);
nm_auth_chain_add_call(chain, NM_AUTH_PERMISSION_CHECKPOINT_ROLLBACK, TRUE);
--
2.35.1
From 3c417c8338bf44292d4869763587286c7d492c0c Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Tue, 22 Feb 2022 21:55:57 +0100
Subject: [PATCH 2/2] core: preserve external ports during checkpoint rollback
When we have a bridge interface with ports attached externally (that is,
not by NetworkManager itself), then it can make sense that during
checkpoint rollback we want to keep those ports attached.
During rollback, we may need to deactivate the bridge device and
re-activate it. Implement this, by setting a flag before deactivating,
which prevents external ports to be detached. The flag gets cleared,
when the device state changes to activated (the following activation)
or unmanaged.
This is an ugly solution, for several reasons.
For one, NMDevice tracks its ports in the "slaves" list. But what
it does is ugly. There is no clear concept to understand what it
actually tacks. For example, it tracks externally added interfaces
(nm_device_sys_iface_state_is_external()) that are attached while
not being connected. But it also tracks interfaces that we want to attach
during activation (but which are not yet actually enslaved). It also tracks
slaves that have no actual netdev device (OVS). So it's not clear what this
list contains and what it should contain at any point in time. When we skip
the change of the slaves states during nm_device_master_release_slaves_all(),
it's not really clear what the effects are. It's ugly, but probably correct
enough. What would be better, if we had a clear purpose of what the
lists (or several lists) mean. E.g. a list of all ports that are
currently, physically attached vs. a list of ports we want to attach vs.
a list of OVS slaves that have no actual netdev device.
Another problem is that we attach state on the device
("activation_state_preserve_external_ports"), which should linger there
during the deactivation and reactivation. How can we be sure that we don't
leave that flag dangling there, and that the desired following activation
is the one we cared about? If the follow-up activation fails short (e.g. an
unmanaged command comes first), will we properly disconnect the slaves?
Should we even? In practice, it might be correct enough.
Also, we only implement this for bridges. I think this is where it makes
the most sense. And after all, it's an odd thing to preserve unknown,
external things during a rollback -- unknown, because we have no knowledge
about why these ports are attached and what to do with them.
Also, the change doesn't remember the ports that were attached when the
checkpoint was created. Instead, we preserve all ports that are attached
during rollback. That seems more useful and easier to implement. So we
don't actually rollback to the configuration when the checkpoint was
created. Instead, we rollback, but keep external devices.
Also, we do this now by default and introduce a flag to get the previous
behavior.
https://bugzilla.redhat.com/show_bug.cgi?id=2035519
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/ # 909
(cherry picked from commit 98b3056604fc565f273c264b892086a75a4db0e9)
(cherry picked from commit 351ca13358f62f85af675672c3399141bec092cd)
---
src/core/devices/nm-device.c | 71 ++++++++++++++++++++++-
src/core/devices/nm-device.h | 2 +
src/core/nm-checkpoint.c | 5 ++
src/core/nm-manager.c | 3 +-
src/libnm-core-public/nm-dbus-interface.h | 16 +++--
5 files changed, 90 insertions(+), 7 deletions(-)
diff --git a/src/core/devices/nm-device.c b/src/core/devices/nm-device.c
index 35360ceebb7b..a11486d54be3 100644
--- a/src/core/devices/nm-device.c
+++ b/src/core/devices/nm-device.c
@@ -76,6 +76,7 @@
#include "nm-hostname-manager.h"
#include "nm-device-generic.h"
+#include "nm-device-bridge.h"
#include "nm-device-vlan.h"
#include "nm-device-vrf.h"
#include "nm-device-wireguard.h"
@@ -483,9 +484,12 @@ typedef struct _NMDevicePrivate {
NMUtilsStableType current_stable_id_type : 3;
+ bool activation_state_preserve_external_ports : 1;
+
bool nm_owned : 1; /* whether the device is a device owned and created by NM */
- bool assume_state_guess_assume : 1;
+ bool assume_state_guess_assume : 1;
+
char *assume_state_connection_uuid;
guint64 udi_id;
@@ -7666,8 +7670,19 @@ nm_device_master_release_slaves(NMDevice *self)
c_list_for_each_safe (iter, safe, &priv->slaves) {
SlaveInfo *info = c_list_entry(iter, SlaveInfo, lst_slave);
+ if (priv->activation_state_preserve_external_ports
+ && nm_device_sys_iface_state_is_external(info->slave)) {
+ _LOGT(LOGD_DEVICE,
+ "master: preserve external port %s",
+ nm_device_get_iface(info->slave));
+ continue;
+ }
nm_device_master_release_one_slave(self, info->slave, TRUE, FALSE, reason);
}
+
+ /* We only need this flag for a short time. It served its purpose. Clear
+ * it again. */
+ nm_device_activation_state_set_preserve_external_ports(self, FALSE);
}
/**
@@ -15386,6 +15401,16 @@ _set_state_full(NMDevice *self, NMDeviceState state, NMDeviceStateReason reason,
if (state > NM_DEVICE_STATE_DISCONNECTED)
nm_device_assume_state_reset(self);
+ if (state < NM_DEVICE_STATE_UNAVAILABLE
+ || (state >= NM_DEVICE_STATE_IP_CONFIG && state < NM_DEVICE_STATE_ACTIVATED)) {
+ /* preserve-external-ports is used by NMCheckpoint to activate a master
+ * device, and preserve already attached ports. This means, this state is only
+ * relevant during the deactivation and the following activation of the
+ * right profile. Once we are sufficiently far in the activation of the
+ * intended profile, we clear the state again. */
+ nm_device_activation_state_set_preserve_external_ports(self, FALSE);
+ }
+
if (state <= NM_DEVICE_STATE_UNAVAILABLE) {
if (available_connections_del_all(self))
_notify(self, PROP_AVAILABLE_CONNECTIONS);
@@ -15790,6 +15815,50 @@ nm_device_get_state(NMDevice *self)
return NM_DEVICE_GET_PRIVATE(self)->state;
}
+/*****************************************************************************/
+
+/**
+ * nm_device_activation_state_set_preserve_external_ports:
+ * @self: the NMDevice.
+ * @flag: whether to set or clear the the flag.
+ *
+ * This sets an internal flag to true, which does something specific.
+ * For non-master devices, it has no effect. For master devices, this
+ * will prevent to detach all external ports, until the next activation
+ * completes.
+ *
+ * This is used during checkpoint/rollback. We may want to preserve
+ * externally attached ports during the restore. NMCheckpoint will
+ * call this before doing a re-activation. By setting the flag,
+ * we basically preserve such ports.
+ *
+ * Once we reach again ACTIVATED state, the flag gets cleared. This
+ * only has effect for the next activation cycle. */
+void
+nm_device_activation_state_set_preserve_external_ports(NMDevice *self, gboolean flag)
+{
+ NMDevicePrivate *priv;
+
+ g_return_if_fail(NM_IS_DEVICE(self));
+
+ priv = NM_DEVICE_GET_PRIVATE(self);
+
+ if (!NM_IS_DEVICE_BRIDGE(self)) {
+ /* This is actually only implemented for bridge devices. While it might
+ * make sense for bond/team or OVS, it's not clear that it is actually
+ * useful or desirable. */
+ return;
+ }
+
+ if (priv->activation_state_preserve_external_ports == flag)
+ return;
+
+ priv->activation_state_preserve_external_ports = flag;
+ _LOGD(LOGD_DEVICE,
+ "activation-state: preserve-external-ports %s",
+ flag ? "enabled" : "disabled");
+}
+
/*****************************************************************************/
/* NMConfigDevice interface related stuff */
diff --git a/src/core/devices/nm-device.h b/src/core/devices/nm-device.h
index cfcd4ade6d80..a7badb861087 100644
--- a/src/core/devices/nm-device.h
+++ b/src/core/devices/nm-device.h
@@ -444,6 +444,8 @@ NMDeviceType nm_device_get_device_type(NMDevice *dev);
NMLinkType nm_device_get_link_type(NMDevice *dev);
NMMetered nm_device_get_metered(NMDevice *dev);
+void nm_device_activation_state_set_preserve_external_ports(NMDevice *self, gboolean flag);
+
guint32 nm_device_get_route_table(NMDevice *self, int addr_family);
guint32 nm_device_get_route_metric(NMDevice *dev, int addr_family);
diff --git a/src/core/nm-checkpoint.c b/src/core/nm-checkpoint.c
index 0153af970de7..5b48f91aa515 100644
--- a/src/core/nm-checkpoint.c
+++ b/src/core/nm-checkpoint.c
@@ -282,6 +282,11 @@ restore_and_activate_connection(NMCheckpoint *self, DeviceCheckpoint *dev_checkp
* an internal subject. */
if (nm_device_get_state(dev_checkpoint->device) > NM_DEVICE_STATE_DISCONNECTED
&& nm_device_get_state(dev_checkpoint->device) < NM_DEVICE_STATE_DEACTIVATING) {
+ if (!NM_FLAGS_HAS(priv->flags, NM_CHECKPOINT_CREATE_FLAG_NO_PRESERVE_EXTERNAL_PORTS)) {
+ nm_device_activation_state_set_preserve_external_ports(dev_checkpoint->device,
+ TRUE);
+ }
+
nm_device_state_changed(dev_checkpoint->device,
NM_DEVICE_STATE_DEACTIVATING,
NM_DEVICE_STATE_REASON_NEW_ACTIVATION);
diff --git a/src/core/nm-manager.c b/src/core/nm-manager.c
index 53ef1754bb72..6c73d237c845 100644
--- a/src/core/nm-manager.c
+++ b/src/core/nm-manager.c
@@ -7469,7 +7469,8 @@ impl_manager_checkpoint_create(NMDBusObject *obj,
~((guint32) (NM_CHECKPOINT_CREATE_FLAG_DESTROY_ALL
| NM_CHECKPOINT_CREATE_FLAG_DELETE_NEW_CONNECTIONS
| NM_CHECKPOINT_CREATE_FLAG_DISCONNECT_NEW_DEVICES
- | NM_CHECKPOINT_CREATE_FLAG_ALLOW_OVERLAPPING)))) {
+ | NM_CHECKPOINT_CREATE_FLAG_ALLOW_OVERLAPPING
+ | NM_CHECKPOINT_CREATE_FLAG_NO_PRESERVE_EXTERNAL_PORTS)))) {
g_dbus_method_invocation_return_error_literal(invocation,
NM_MANAGER_ERROR,
NM_MANAGER_ERROR_INVALID_ARGUMENTS,
diff --git a/src/libnm-core-public/nm-dbus-interface.h b/src/libnm-core-public/nm-dbus-interface.h
index fe2a6c09db58..0d23c7d7a793 100644
--- a/src/libnm-core-public/nm-dbus-interface.h
+++ b/src/libnm-core-public/nm-dbus-interface.h
@@ -959,17 +959,23 @@ typedef enum {
* overlapping younger checkpoints. This opts-in that the
* checkpoint can be automatically destroyed by the rollback
* of an older checkpoint. Since: 1.12.
+ * @NM_CHECKPOINT_CREATE_FLAG_NO_PRESERVE_EXTERNAL_PORTS: during rollback,
+ * by default externally added ports attached to bridge devices are preserved.
+ * With this flag, the rollback detaches all external ports.
+ * This only has an effect for bridge ports. Before 1.38, 1.36.2, this was the default
+ * behavior. Since: 1.38, 1.36.2.
*
* The flags for CheckpointCreate call
*
* Since: 1.4 (gi flags generated since 1.12)
*/
typedef enum { /*< flags >*/
- NM_CHECKPOINT_CREATE_FLAG_NONE = 0,
- NM_CHECKPOINT_CREATE_FLAG_DESTROY_ALL = 0x01,
- NM_CHECKPOINT_CREATE_FLAG_DELETE_NEW_CONNECTIONS = 0x02,
- NM_CHECKPOINT_CREATE_FLAG_DISCONNECT_NEW_DEVICES = 0x04,
- NM_CHECKPOINT_CREATE_FLAG_ALLOW_OVERLAPPING = 0x08,
+ NM_CHECKPOINT_CREATE_FLAG_NONE = 0,
+ NM_CHECKPOINT_CREATE_FLAG_DESTROY_ALL = 0x01,
+ NM_CHECKPOINT_CREATE_FLAG_DELETE_NEW_CONNECTIONS = 0x02,
+ NM_CHECKPOINT_CREATE_FLAG_DISCONNECT_NEW_DEVICES = 0x04,
+ NM_CHECKPOINT_CREATE_FLAG_ALLOW_OVERLAPPING = 0x08,
+ NM_CHECKPOINT_CREATE_FLAG_NO_PRESERVE_EXTERNAL_PORTS = 0x10,
} NMCheckpointCreateFlags;
/**
--
2.35.1

52
SOURCES/1003-fix-ovsdb-removal-ports-rhbz1935026.patch
View File

@ -1,52 +0,0 @@
From 482f9671c69800de2077d2dab9352a9b385115d3 Mon Sep 17 00:00:00 2001
From: Lubomir Rintel <lkundrak@v3.sk>
Date: Tue, 22 Feb 2022 16:18:40 +0100
Subject: [PATCH] ovs-port: fix removal of ovsdb entry if the interface goes
away
Hope third time is the charm.
The idea here is to remove the OVSDB entry if the device actually went away
violently (like, the it was actually removed from the platform), but keep it if
we're shutting down.
Fixes-test: @ovs_nmstate
Fixes: 966413e78f14 ('ovs-port: avoid removing the OVSDB entry if we're shutting down')
Fixes: ecc73eb239e6 ('ovs-port: always remove the OVSDB entry on slave release')
https://bugzilla.redhat.com/show_bug.cgi?id=2055665
(cherry picked from commit 65fdfb25006acc3c67059792579dd7a770d04768)
(cherry picked from commit fee7328c86e5fe8171f8382492f147e7d263891b)
---
src/core/devices/ovs/nm-device-ovs-port.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/core/devices/ovs/nm-device-ovs-port.c b/src/core/devices/ovs/nm-device-ovs-port.c
index 8406c3648cef..116f58c43ace 100644
--- a/src/core/devices/ovs/nm-device-ovs-port.c
+++ b/src/core/devices/ovs/nm-device-ovs-port.c
@@ -188,8 +188,10 @@ del_iface_cb(GError *error, gpointer user_data)
static void
release_slave(NMDevice *device, NMDevice *slave, gboolean configure)
{
- NMDeviceOvsPort *self = NM_DEVICE_OVS_PORT(device);
- bool slave_removed = nm_device_sys_iface_state_get(slave) == NM_DEVICE_SYS_IFACE_STATE_REMOVED;
+ NMDeviceOvsPort *self = NM_DEVICE_OVS_PORT(device);
+ bool slave_not_managed = !NM_IN_SET(nm_device_sys_iface_state_get(slave),
+ NM_DEVICE_SYS_IFACE_STATE_MANAGED,
+ NM_DEVICE_SYS_IFACE_STATE_ASSUME);
_LOGI(LOGD_DEVICE, "releasing ovs interface %s", nm_device_get_ip_iface(slave));
@@ -197,7 +199,7 @@ release_slave(NMDevice *device, NMDevice *slave, gboolean configure)
* removed and thus we're called with configure=FALSE), we still need
* to make sure its OVSDB entry is gone.
*/
- if (configure || slave_removed) {
+ if (configure || slave_not_managed) {
nm_ovsdb_del_interface(nm_ovsdb_get(),
nm_device_get_iface(slave),
del_iface_cb,
--
2.35.1

82
SOURCES/1004-n-dhcp4-discard-NAKs-from-other-servers-rhbz2067122.patch
View File

@ -1,82 +0,0 @@
From 118561e284ff7f28421b19530d4471075b89645c Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Thu, 10 Mar 2022 12:07:49 +0100
Subject: [PATCH] n-dhcp4: discard NAKs from other servers in SELECTING
I got a report of a scenario where multiple servers reply to a REQUEST
in SELECTING, and all servers send NAKs except the one which sent the
offer, which replies with a ACK. In that scenario, n-dhcp4 is not able
to obtain a lease because it restarts from INIT as soon as the first
NAK is received. For comparison, dhclient can get a lease because it
ignores all NAKs in SELECTING.
Arguably, the network is misconfigured there, but it would be great if
n-dhcp4 could still work in such scenario.
According to RFC 2131, ACK and NAK messages from server must contain a
server-id option. The RFC doesn't explicitly say that the client
should check the option, but I think it's a reasonable thing to do, at
least for NAKs.
This patch stores the server-id of the REQUEST in SELECTING, and
compares it with the server-id from NAKs, to discard other servers'
replies.
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1144
---
src/n-dhcp4/src/n-dhcp4-c-connection.c | 19 +++++++++++++++++++
src/n-dhcp4/src/n-dhcp4-private.h | 1 +
2 files changed, 20 insertions(+)
diff --git a/src/n-dhcp4/src/n-dhcp4-c-connection.c b/src/n-dhcp4/src/n-dhcp4-c-connection.c
index 4aba97393d..2f660e3b30 100644
--- a/src/n-dhcp4/src/n-dhcp4-c-connection.c
+++ b/src/n-dhcp4/src/n-dhcp4-c-connection.c
@@ -705,6 +705,7 @@ int n_dhcp4_c_connection_select_new(NDhcp4CConnection *connection,
message->userdata.start_time = offer->userdata.start_time;
message->userdata.base_time = offer->userdata.base_time;
message->userdata.client_addr = client.s_addr;
+ message->userdata.server_id = server.s_addr;
n_dhcp4_incoming_get_xid(offer, &xid);
n_dhcp4_outgoing_set_xid(message, xid);
@@ -1224,6 +1225,24 @@ int n_dhcp4_c_connection_dispatch_io(NDhcp4CConnection *connection,
serv_addr, sizeof(serv_addr)));
}
+ if (type == N_DHCP4_MESSAGE_NAK &&
+ connection->request->userdata.server_id != INADDR_ANY) {
+ struct in_addr server;
+
+ r = n_dhcp4_incoming_query_server_identifier(message, &server);
+ if (r)
+ return N_DHCP4_E_AGAIN;
+
+ if (connection->request->userdata.server_id != server.s_addr) {
+ n_dhcp4_log(connection->log_queue,
+ LOG_DEBUG,
+ "discarded NAK with wrong server-id %s",
+ inet_ntop(AF_INET, &server,
+ serv_addr, sizeof(serv_addr)));
+ return N_DHCP4_E_AGAIN;
+ }
+ }
+
switch (type) {
case N_DHCP4_MESSAGE_OFFER:
case N_DHCP4_MESSAGE_ACK:
diff --git a/src/n-dhcp4/src/n-dhcp4-private.h b/src/n-dhcp4/src/n-dhcp4-private.h
index db7b24ff7d..191e946e70 100644
--- a/src/n-dhcp4/src/n-dhcp4-private.h
+++ b/src/n-dhcp4/src/n-dhcp4-private.h
@@ -202,6 +202,7 @@ struct NDhcp4Outgoing {
uint8_t type;
uint8_t message_type;
uint32_t client_addr;
+ uint32_t server_id;
uint64_t start_time;
uint64_t base_time;
uint64_t send_time;
--
2.35.1

1994
SOURCES/1005-fix-dhcp-loses-lease-when-restarting-rhbz2094715.patch
View File

File diff suppressed because it is too large Load Diff

309
SOURCES/1006-dhcp-routes-src-rh2094778.patch
View File

@ -1,309 +0,0 @@
From 3547c4d09a1d10b150a61bcbdc2418d750f7f616 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Fri, 1 Apr 2022 08:39:56 +0200
Subject: [PATCH 1/2] dhcp: set "src" for DHCPv4 routes
Let's set the "src" (RTA_PREFSRC) of DHCP routes.
This helps with source address selection.
This can matter if the interface also has static addresses
configured.
Systemd-networkd also does this ([1], [2]).
[1] https://github.com/systemd/systemd/commit/ac2dce5f36bb8b1a877ff765e6a4dfde6bfb2d49
[2] https://github.com/systemd/systemd/blob/5b89bff55f45235f72d30d90fd489fe2247ad00d/src/network/networkd-dhcp4.c#L395
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1995372
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1173
(cherry picked from commit 2dc7a3d9f9135959adf415405bdcb05a7387c1d4)
(cherry picked from commit 10b9e07bfc3ae044b35a7dc6559aa6a4583bd7e8)
(cherry picked from commit f2942d11a75e5fb0bda35f8b659d0643f1f418b2)
---
src/core/dhcp/nm-dhcp-nettools.c | 16 ++++++++++++----
src/core/dhcp/nm-dhcp-systemd.c | 4 +++-
src/core/dhcp/nm-dhcp-utils.c | 26 +++++++++++++++-----------
3 files changed, 30 insertions(+), 16 deletions(-)
diff --git a/src/core/dhcp/nm-dhcp-nettools.c b/src/core/dhcp/nm-dhcp-nettools.c
index d7fbe3561599..769b0325f23d 100644
--- a/src/core/dhcp/nm-dhcp-nettools.c
+++ b/src/core/dhcp/nm-dhcp-nettools.c
@@ -154,6 +154,7 @@ static gboolean
lease_parse_address(NDhcp4ClientLease *lease,
NML3ConfigData *l3cd,
GHashTable *options,
+ in_addr_t *out_address,
GError **error)
{
struct in_addr a_address;
@@ -268,6 +269,8 @@ lease_parse_address(NDhcp4ClientLease *lease,
.preferred = a_lifetime,
}));
+ NM_SET_OUT(out_address, a_address.s_addr);
+
return TRUE;
}
@@ -326,6 +329,7 @@ lease_parse_address_list(NDhcp4ClientLease *lease,
static void
lease_parse_routes(NDhcp4ClientLease *lease,
NML3ConfigData *l3cd,
+ in_addr_t lease_address,
GHashTable *options,
NMStrBuf *sbuf)
{
@@ -373,10 +377,11 @@ lease_parse_routes(NDhcp4ClientLease *lease,
nm_l3_config_data_add_route_4(l3cd,
&((const NMPlatformIP4Route){
+ .rt_source = NM_IP_CONFIG_SOURCE_DHCP,
.network = dest,
.plen = plen,
.gateway = gateway,
- .rt_source = NM_IP_CONFIG_SOURCE_DHCP,
+ .pref_src = lease_address,
.table_any = TRUE,
.table_coerced = 0,
.metric_any = TRUE,
@@ -416,10 +421,11 @@ lease_parse_routes(NDhcp4ClientLease *lease,
nm_l3_config_data_add_route_4(l3cd,
&((const NMPlatformIP4Route){
+ .rt_source = NM_IP_CONFIG_SOURCE_DHCP,
.network = dest,
.plen = plen,
.gateway = gateway,
- .rt_source = NM_IP_CONFIG_SOURCE_DHCP,
+ .pref_src = lease_address,
.table_any = TRUE,
.table_coerced = 0,
.metric_any = TRUE,
@@ -464,6 +470,7 @@ lease_parse_routes(NDhcp4ClientLease *lease,
&((const NMPlatformIP4Route){
.rt_source = NM_IP_CONFIG_SOURCE_DHCP,
.gateway = gateway,
+ .pref_src = lease_address,
.table_any = TRUE,
.table_coerced = 0,
.metric_any = TRUE,
@@ -547,6 +554,7 @@ lease_to_ip4_config(NMDedupMultiIndex *multi_idx,
const char *v_str;
guint16 v_u16;
in_addr_t v_inaddr;
+ in_addr_t lease_address;
struct in_addr v_inaddr_s;
int r;
@@ -556,7 +564,7 @@ lease_to_ip4_config(NMDedupMultiIndex *multi_idx,
options = nm_dhcp_option_create_options_dict();
- if (!lease_parse_address(lease, l3cd, options, error))
+ if (!lease_parse_address(lease, l3cd, options, &lease_address, error))
return NULL;
r = n_dhcp4_client_lease_get_server_identifier(lease, &v_inaddr_s);
@@ -575,7 +583,7 @@ lease_to_ip4_config(NMDedupMultiIndex *multi_idx,
v_inaddr);
}
- lease_parse_routes(lease, l3cd, options, &sbuf);
+ lease_parse_routes(lease, l3cd, lease_address, options, &sbuf);
lease_parse_address_list(lease, l3cd, NM_DHCP_OPTION_DHCP4_DOMAIN_NAME_SERVER, options, &sbuf);
diff --git a/src/core/dhcp/nm-dhcp-systemd.c b/src/core/dhcp/nm-dhcp-systemd.c
index 0884def35dc6..d17646154f67 100644
--- a/src/core/dhcp/nm-dhcp-systemd.c
+++ b/src/core/dhcp/nm-dhcp-systemd.c
@@ -309,10 +309,11 @@ lease_to_ip4_config(NMDedupMultiIndex *multi_idx,
nm_l3_config_data_add_route_4(l3cd,
&((const NMPlatformIP4Route){
+ .rt_source = NM_IP_CONFIG_SOURCE_DHCP,
.network = network_net,
.plen = r_plen,
.gateway = r_gateway.s_addr,
- .rt_source = NM_IP_CONFIG_SOURCE_DHCP,
+ .pref_src = a_address.s_addr,
.metric_any = TRUE,
.metric = m,
.table_any = TRUE,
@@ -366,6 +367,7 @@ lease_to_ip4_config(NMDedupMultiIndex *multi_idx,
&((const NMPlatformIP4Route){
.rt_source = NM_IP_CONFIG_SOURCE_DHCP,
.gateway = a_router[i].s_addr,
+ .pref_src = a_address.s_addr,
.table_any = TRUE,
.table_coerced = 0,
.metric_any = TRUE,
diff --git a/src/core/dhcp/nm-dhcp-utils.c b/src/core/dhcp/nm-dhcp-utils.c
index 4a138086b957..c71796f8bd9d 100644
--- a/src/core/dhcp/nm-dhcp-utils.c
+++ b/src/core/dhcp/nm-dhcp-utils.c
@@ -28,7 +28,8 @@ static gboolean
ip4_process_dhcpcd_rfc3442_routes(const char *iface,
const char *str,
NML3ConfigData *l3cd,
- guint32 *gwaddr)
+ in_addr_t address,
+ guint32 *out_gwaddr)
{
gs_free const char **routes = NULL;
const char **r;
@@ -79,7 +80,7 @@ ip4_process_dhcpcd_rfc3442_routes(const char *iface,
have_routes = TRUE;
if (rt_cidr == 0 && rt_addr == 0) {
/* FIXME: how to handle multiple routers? */
- *gwaddr = rt_route;
+ *out_gwaddr = rt_route;
} else {
_LOG2I(LOGD_DHCP4,
iface,
@@ -91,13 +92,13 @@ ip4_process_dhcpcd_rfc3442_routes(const char *iface,
nm_l3_config_data_add_route_4(
l3cd,
&((const NMPlatformIP4Route){
+ .rt_source = NM_IP_CONFIG_SOURCE_DHCP,
.network = nm_utils_ip4_address_clear_host_address(rt_addr, rt_cidr),
.plen = rt_cidr,
.gateway = rt_route,
- .rt_source = NM_IP_CONFIG_SOURCE_DHCP,
+ .pref_src = address,
.metric_any = TRUE,
.table_any = TRUE,
-
}));
}
}
@@ -158,7 +159,8 @@ static gboolean
ip4_process_dhclient_rfc3442_routes(const char *iface,
const char *str,
NML3ConfigData *l3cd,
- guint32 *gwaddr)
+ in_addr_t address,
+ guint32 *out_gwaddr)
{
gs_free const char **octets = NULL;
const char *const *o;
@@ -182,13 +184,14 @@ ip4_process_dhclient_rfc3442_routes(const char *iface,
have_routes = TRUE;
if (!route.plen) {
/* gateway passed as classless static route */
- *gwaddr = route.gateway;
+ *out_gwaddr = route.gateway;
} else {
char b1[INET_ADDRSTRLEN];
char b2[INET_ADDRSTRLEN];
/* normal route */
route.rt_source = NM_IP_CONFIG_SOURCE_DHCP;
+ route.pref_src = address;
route.table_any = TRUE;
route.table_coerced = 0;
route.metric_any = TRUE;
@@ -212,14 +215,15 @@ static gboolean
ip4_process_classless_routes(const char *iface,
GHashTable *options,
NML3ConfigData *l3cd,
- guint32 *gwaddr)
+ in_addr_t address,
+ guint32 *out_gwaddr)
{
const char *str, *p;
g_return_val_if_fail(options != NULL, FALSE);
g_return_val_if_fail(l3cd != NULL, FALSE);
- *gwaddr = 0;
+ *out_gwaddr = 0;
/* dhcpd/dhclient in Fedora has support for rfc3442 implemented using a
* slightly different format:
@@ -266,10 +270,10 @@ ip4_process_classless_routes(const char *iface,
if (strchr(str, '/')) {
/* dhcpcd format */
- return ip4_process_dhcpcd_rfc3442_routes(iface, str, l3cd, gwaddr);
+ return ip4_process_dhcpcd_rfc3442_routes(iface, str, l3cd, address, out_gwaddr);
}
- return ip4_process_dhclient_rfc3442_routes(iface, str, l3cd, gwaddr);
+ return ip4_process_dhclient_rfc3442_routes(iface, str, l3cd, address, out_gwaddr);
}
static void
@@ -422,7 +426,7 @@ nm_dhcp_utils_ip4_config_from_options(NMDedupMultiIndex *multi_idx,
/* Routes: if the server returns classless static routes, we MUST ignore
* the 'static_routes' option.
*/
- if (!ip4_process_classless_routes(iface, options, l3cd, &gateway))
+ if (!ip4_process_classless_routes(iface, options, l3cd, address.address, &gateway))
process_classful_routes(iface, options, l3cd);
if (gateway) {
--
2.36.1
From ebfc7c2c58e6125346baf9b530e71b2571dc0c10 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Wed, 13 Apr 2022 10:43:13 +0200
Subject: [PATCH 2/2] dhcp/dhclient: fix setting "src" attribute for certain
routes
Fixes: 2dc7a3d9f913 ('dhcp: set "src" for DHCPv4 routes')
(cherry picked from commit 197e73ac7c53556b32ff048c9720907be3217487)
(cherry picked from commit 0c6d242dc0b67b6269657acf33bf9d1f0830f0b4)
(cherry picked from commit b0a7dda2eae1493a3a285ed1d08178409266ba07)
---
src/core/dhcp/nm-dhcp-utils.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/src/core/dhcp/nm-dhcp-utils.c b/src/core/dhcp/nm-dhcp-utils.c
index c71796f8bd9d..35a2c6543759 100644
--- a/src/core/dhcp/nm-dhcp-utils.c
+++ b/src/core/dhcp/nm-dhcp-utils.c
@@ -277,7 +277,10 @@ ip4_process_classless_routes(const char *iface,
}
static void
-process_classful_routes(const char *iface, GHashTable *options, NML3ConfigData *l3cd)
+process_classful_routes(const char *iface,
+ GHashTable *options,
+ NML3ConfigData *l3cd,
+ in_addr_t address)
{
gs_free const char **searches = NULL;
const char **s;
@@ -325,6 +328,7 @@ process_classful_routes(const char *iface, GHashTable *options, NML3ConfigData *
route.plen = 32;
}
route.gateway = rt_route;
+ route.pref_src = address;
route.rt_source = NM_IP_CONFIG_SOURCE_DHCP;
route.table_any = TRUE;
route.table_coerced = 0;
@@ -427,7 +431,7 @@ nm_dhcp_utils_ip4_config_from_options(NMDedupMultiIndex *multi_idx,
* the 'static_routes' option.
*/
if (!ip4_process_classless_routes(iface, options, l3cd, address.address, &gateway))
- process_classful_routes(iface, options, l3cd);
+ process_classful_routes(iface, options, l3cd, address.address);
if (gateway) {
_LOG2I(LOGD_DHCP4, iface, " gateway %s", _nm_utils_inet4_ntop(gateway, sbuf));
@@ -457,6 +461,7 @@ nm_dhcp_utils_ip4_config_from_options(NMDedupMultiIndex *multi_idx,
const NMPlatformIP4Route r = {
.rt_source = NM_IP_CONFIG_SOURCE_DHCP,
.gateway = gateway,
+ .pref_src = address.address,
.table_any = TRUE,
.table_coerced = 0,
.metric_any = TRUE,
--
2.36.1

48
SOURCES/1007-platform-workaround-for-preserving-ipv6-address-rhbz2094715.patch
View File

@ -1,48 +0,0 @@
From 43b27ab2c4735e35d84e6f5c90b8a79e23c05587 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Thu, 9 Jun 2022 10:00:47 +0200
Subject: [PATCH 1/1] platform: workaround for preserving IPv6 address order
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/ ## 1021
---
src/libnm-platform/nm-platform.c | 25 ++++++++++++++++++++-----
1 file changed, 20 insertions(+), 5 deletions(-)
diff --git a/src/libnm-platform/nm-platform.c b/src/libnm-platform/nm-platform.c
index f264ed7a45b2..45534dd96a46 100644
--- a/src/libnm-platform/nm-platform.c
+++ b/src/libnm-platform/nm-platform.c
@@ -3978,11 +3978,26 @@ nm_platform_ip_address_sync(NMPlatform *self,
/* @plat_addresses for IPv6 must be sorted in decreasing priority order (highest priority addresses first).
* IPv4 are probably unsorted or sorted with lowest priority first, but their order doesn't matter because
* we check the "secondary" flag. */
- plat_addresses = nm_platform_lookup_clone(
- self,
- nmp_lookup_init_object(&lookup, NMP_OBJECT_TYPE_IP_ADDRESS(IS_IPv4), ifindex),
- NULL,
- NULL);
+ if (IS_IPv4) {
+ plat_addresses = nm_platform_lookup_clone(
+ self,
+ nmp_lookup_init_object(&lookup, NMP_OBJECT_TYPE_IP_ADDRESS(IS_IPv4), ifindex),
+ NULL,
+ NULL);
+ } else {
+ /* HACK: early 1.36 versions had a bug of not actually reordering the IPv6 addresses.
+ * This was fixed by commit cd4601802de5 ('platform: fix address order in
+ * nm_platform_ip_address_sync()').
+ *
+ * However, also in 1.36, the actually implemented order of IPv6 addresses is not
+ * the one we want ([1]). So disable the fix again, to not reorder IPv6 addresses.
+ *
+ * The effect is, that DHCPv6 addresses end up being preferred over SLAAC, because
+ * they get added later during activation. Of course, if any address gets added
+ * even later (like a new router appearing), then the order will be wrong again.
+ *
+ * [1] https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1021 */
+ }
if (nm_g_ptr_array_len(plat_addresses) > 0) {
/* Delete addresses that interfere with our intended order. */
--
2.36.1

31
SOURCES/readme-ifcfg-rh.txt Normal file
View File

@ -0,0 +1,31 @@
NetworkManager stores new network profiles in keyfile format in the
/etc/NetworkManager/system-connections/ directory.
Previously, NetworkManager stored network profiles in ifcfg format
in this directory (/etc/sysconfig/network-scripts/). However, the ifcfg
format is deprecated. By default, NetworkManager no longer creates
new profiles in this format.
Connection profiles in keyfile format have many benefits. For example,
this format is INI file-based and can easily be parsed and generated.
Each section in NetworkManager keyfiles corresponds to a NetworkManager
setting name as described in the nm-settings(5) and nm-settings-keyfile(5)
man pages. Each key-value-pair in a section is one of the properties
listed in the settings specification of the man page.
If you still use network profiles in ifcfg format, consider migrating
them to keyfile format. To migrate all profiles at once, enter:
# nmcli connection migrate
This command migrates all profiles from ifcfg format to keyfile
format and stores them in /etc/NetworkManager/system-connections/.
Alternatively, to migrate only a specific profile, enter:
# nmcli connection migrate <profile_name|UUID|D-Bus_path>
For further details, see:
* nm-settings-keyfile(5)
* nmcli(1)

277
SPECS/NetworkManager.spec
View File

@ -1,22 +1,22 @@
%global wpa_supplicant_version 1:1.1
%global ppp_version %(sed -n 's/^#define\\s*VERSION\\s*"\\([^\\s]*\\)"$/\\1/p' %{_includedir}/pppd/patchlevel.h 2>/dev/null | grep . || echo bad)
%global glib2_version %(pkg-config --modversion glib-2.0 2>/dev/null || echo bad)
%global epoch_version 1
%global rpm_version 1.36.0
%global real_version 1.36.0
%global release_version 5
%global real_version 1.40.0
%global rpm_version %{real_version}
%global release_version 1
%global snapshot %{nil}
%global git_sha %{nil}
%global bcond_default_debug 0
%global bcond_default_test 0
%global obsoletes_device_plugins 1:0.9.9.95-1
%global obsoletes_ppp_plugin 1:1.5.3
%global obsoletes_initscripts_updown 1:1.36.0-0.6
%global obsoletes_ifcfg_rh 1:1.36.2
%global systemd_dir %{_prefix}/lib/systemd/system
%global sysctl_dir %{_prefix}/lib/sysctl.d
%global nmlibdir %{_prefix}/lib/%{name}
%global nmplugindir %{_libdir}/%{name}/%{version}-%{release}
@ -39,18 +39,6 @@
###############################################################################
%if "x__BCOND_DEFAULT_DEBUG__" == "x1" || "x__BCOND_DEFAULT_DEBUG__" == "x0"
%global bcond_default_debug __BCOND_DEFAULT_DEBUG__
%else
%global bcond_default_debug 0
%endif
%if "x__BCOND_DEFAULT_TEST__" == "x1" || "x__BCOND_DEFAULT_TEST__" == "x0"
%global bcond_default_test __BCOND_DEFAULT_TEST__
%else
%global bcond_default_test 0
%endif
%bcond_with meson
%bcond_without adsl
%bcond_without bluetooth
@ -83,12 +71,12 @@
%else
%bcond_with connectivity_fedora
%endif
%if 0%{?rhel} && 0%{?rhel} > 7
%if 0%{?rhel} && 0%{?rhel} >= 8
%bcond_without connectivity_redhat
%else
%bcond_with connectivity_redhat
%endif
%if 0%{?fedora} > 28 || 0%{?rhel} > 7
%if 0%{?fedora} >= 29 || 0%{?rhel} >= 8
%bcond_without crypto_gnutls
%else
%bcond_with crypto_gnutls
@ -98,7 +86,7 @@
%else
%bcond_without iwd
%endif
%if 0%{?fedora} > 31 || 0%{?rhel} > 7
%if 0%{?fedora} >= 32 || 0%{?rhel} >= 8
%bcond_without firewalld_zone
%else
%bcond_with firewalld_zone
@ -106,7 +94,7 @@
###############################################################################
%if 0%{?fedora} || 0%{?rhel} > 7
%if 0%{?fedora} || 0%{?rhel} >= 8
%global dbus_version 1.9.18
%global dbus_sys_dir %{_datadir}/dbus-1/system.d
%else
@ -128,15 +116,15 @@
%global with_modem_manager_1 0
%endif
%if 0%{?fedora} >= 31 || 0%{?rhel} > 7
%if 0%{?fedora} >= 31 || 0%{?rhel} >= 8
%global dhcp_default internal
%else
%global dhcp_default dhclient
%endif
%if 0%{?fedora} || 0%{?rhel} > 7
%if 0%{?fedora} || 0%{?rhel} >= 8
%global logging_backend_default journal
%if 0%{?fedora} || 0%{?rhel} > 8
%if 0%{?fedora} || 0%{?rhel} >= 9
%global dns_rc_manager_default auto
%else
%global dns_rc_manager_default symlink
@ -146,10 +134,22 @@
%global dns_rc_manager_default file
%endif
%if 0%{?rhel} > 8 || 0%{?fedora} > 32
%global config_plugins_default keyfile,ifcfg-rh
%if 0%{?fedora} >= 33 || 0%{?rhel} >= 9
%global config_plugins_default_ifcfg_rh 0
%else
%global config_plugins_default ifcfg-rh
%global config_plugins_default_ifcfg_rh 1
%endif
%if 0%{?fedora} >= 36 || 0%{?rhel} >= 10
%global split_ifcfg_rh 1
%else
%global split_ifcfg_rh 0
%endif
%if 0%{?fedora} >= 36 || 0%{?rhel} >= 9
%global ifcfg_warning 1
%else
%global ifcfg_warning 0
%endif
%if 0%{?fedora}
@ -185,6 +185,7 @@ Source2: 00-server.conf
Source4: 20-connectivity-fedora.conf
Source5: 20-connectivity-redhat.conf
Source6: 70-nm-connectivity.conf
Source7: readme-ifcfg-rh.txt
# RHEL downstream patches that change behavior from upstream.
# These are not bugfixes, hence they are also relevant after
@ -192,16 +193,10 @@ Source6: 70-nm-connectivity.conf
# Patch0001: 0001-some.patch
# Bugfixes that are only relevant until next rebase of the package.
Patch1001: 1001-wwan-dns-fix-rh2059138.patch
Patch1002: 1002-checkpoint-preserve-external-bridge-ports-rh2035519.patch
Patch1003: 1003-fix-ovsdb-removal-ports-rhbz1935026.patch
Patch1004: 1004-n-dhcp4-discard-NAKs-from-other-servers-rhbz2067122.patch
Patch1005: 1005-fix-dhcp-loses-lease-when-restarting-rhbz2094715.patch
Patch1006: 1006-dhcp-routes-src-rh2094778.patch
Patch1007: 1007-platform-workaround-for-preserving-ipv6-address-rhbz2094715.patch
# Patch1001: 1001-some.patch
Requires(post): systemd
%if 0%{?fedora} || 0%{?rhel} > 7
%if 0%{?fedora} || 0%{?rhel} >= 8
Requires(post): systemd-udev
%endif
Requires(post): /usr/sbin/update-alternatives
@ -222,6 +217,9 @@ Obsoletes: NetworkManager-wimax < 1.2
Suggests: NetworkManager-initscripts-updown
%endif
Obsoletes: NetworkManager < %{obsoletes_initscripts_updown}
%if 0%{?split_ifcfg_rh}
Obsoletes: NetworkManager < %{obsoletes_ifcfg_rh}
%endif
%if 0%{?rhel} && 0%{?rhel} <= 7
# Kept for RHEL to ensure that wired 802.1x works out of the box
@ -244,8 +242,7 @@ BuildRequires: meson
BuildRequires: automake
BuildRequires: autoconf
%endif
BuildRequires: intltool
BuildRequires: gettext-devel
BuildRequires: gettext-devel >= 0.19.8
BuildRequires: dbus-devel >= %{dbus_version}
BuildRequires: glib2-devel >= 2.40.0
@ -287,14 +284,16 @@ BuildRequires: mobile-broadband-provider-info-devel
BuildRequires: newt-devel
%endif
BuildRequires: /usr/bin/dbus-launch
%if 0%{?fedora} > 27 || 0%{?rhel} > 7
%if 0%{?fedora} >= 28 || 0%{?rhel} >= 8
BuildRequires: python3
BuildRequires: python3-gobject-base
BuildRequires: python3-dbus
BuildRequires: python3-pexpect
%else
BuildRequires: python2
BuildRequires: pygobject3-base
BuildRequires: dbus-python
BuildRequires: pexpect
%endif
BuildRequires: libselinux-devel
BuildRequires: polkit-devel
@ -309,7 +308,7 @@ BuildRequires: libubsan
BuildRequires: firewalld-filesystem
%endif
BuildRequires: iproute
%if 0%{?fedora} || 0%{?rhel} > 7
%if 0%{?fedora} || 0%{?rhel} >= 8
BuildRequires: iproute-tc
%endif
@ -398,7 +397,7 @@ Requires: wireless-regdb
Requires: crda
%endif
%if %{with iwd} && (0%{?fedora} > 24 || 0%{?rhel} > 7)
%if %{with iwd} && (0%{?fedora} >= 25 || 0%{?rhel} >= 8)
Requires: (wpa_supplicant >= %{wpa_supplicant_version} or iwd)
Suggests: wpa_supplicant
%else
@ -531,6 +530,9 @@ deployments.
%package dispatcher-routing-rules
Summary: NetworkManager dispatcher file for advanced routing rules
Group: System Environment/Base
%if 0%{?split_ifcfg_rh}
Requires: %{name}-initscripts-ifcfg-rh
%endif
BuildArch: noarch
Provides: %{name}-config-routing-rules = %{epoch}:%{version}-%{release}
Obsoletes: %{name}-config-routing-rules < 1:1.31.0
@ -555,6 +557,19 @@ by nm-connection-editor and nm-applet in a non-graphical environment.
%endif
%if 0%{?split_ifcfg_rh}
%package initscripts-ifcfg-rh
Summary: NetworkManager plugin for reading and writing connections in ifcfg-rh format
Group: System Environment/Base
Requires: %{name} = %{epoch}:%{version}-%{release}
Obsoletes: NetworkManager < %{obsoletes_ifcfg_rh}
%description initscripts-ifcfg-rh
Installs a plugin for reading and writing connection profiles using
the Red Hat ifcfg format in /etc/sysconfig/network-scripts/.
%endif
%if %{with nm_cloud_setup}
%package cloud-setup
Summary: Automatically configure NetworkManager in cloud
@ -688,7 +703,6 @@ Preferably use nmcli instead.
%endif
-Dsession_tracking=systemd \
-Dsuspend_resume=systemd \
-Dsystemdsystemunitdir=%{systemd_dir} \
-Dsystem_ca_path=/etc/pki/tls/cert.pem \
-Ddbus_conf_dir=%{dbus_sys_dir} \
-Dtests=yes \
@ -705,7 +719,9 @@ Preferably use nmcli instead.
-Dfirewalld_zone=false \
%endif
-Ddist_version=%{version}-%{release} \
-Dconfig_plugins_default=%{config_plugins_default} \
%if %{?config_plugins_default_ifcfg_rh}
-Dconfig_plugins_default=ifcfg-rh \
%endif
-Dresolvconf=no \
-Dnetconfig=no \
-Dconfig_dns_rc_manager_default=%{dns_rc_manager_default} \
@ -719,11 +735,10 @@ Preferably use nmcli instead.
gtkdocize
%endif
autoreconf --install --force
intltoolize --automake --copy --force
%configure \
--with-runstatedir=%{_rundir} \
--disable-silent-rules \
--disable-static \
--enable-silent-rules=no \
--enable-static=no \
--with-nft=/usr/sbin/nft \
--with-iptables=/usr/sbin/iptables \
--with-dhclient=yes \
@ -738,26 +753,26 @@ intltoolize --automake --copy --force
%if %{with sanitizer}
--with-address-sanitizer=exec \
%if 0%{?fedora} || 0%{?rhel} >= 8
--enable-undefined-sanitizer \
--enable-undefined-sanitizer=yes \
%else
--disable-undefined-sanitizer \
--enable-undefined-sanitizer=no \
%endif
%else
--with-address-sanitizer=no \
--disable-undefined-sanitizer \
--enable-undefined-sanitizer=no \
%endif
%if %{with debug}
--enable-more-logging \
--enable-more-logging=yes \
--with-more-asserts=10000 \
%else
--disable-more-logging \
--without-more-asserts \
--enable-more-logging=no \
--with-more-asserts=0 \
%endif
--enable-ld-gc \
--enable-ld-gc=yes \
%if %{with lto}
--enable-lto \
--enable-lto=yes \
%else
--disable-lto \
--enable-lto=no \
%endif
--with-libaudit=yes-disabled-by-default \
%if 0%{?with_modem_manager_1}
@ -796,11 +811,11 @@ intltoolize --automake --copy --force
--with-nm-cloud-setup=no \
%endif
--enable-vala=yes \
--enable-introspection \
--enable-introspection=yes \
%if %{with regen_docs}
--enable-gtk-doc \
--enable-gtk-doc=yes \
%else
--disable-gtk-doc \
--enable-gtk-doc=no \
%endif
%if %{with team}
--enable-teamdctl=yes \
@ -815,16 +830,15 @@ intltoolize --automake --copy --force
--with-selinux=yes \
--enable-polkit=yes \
--enable-modify-system=yes \
--enable-concheck \
--enable-concheck=yes \
%if 0%{?fedora}
--with-libpsl \
--with-libpsl=yes \
%else
--without-libpsl \
--with-libpsl=no \
%endif
--with-ebpf=%{ebpf_enabled} \
--with-session-tracking=systemd \
--with-suspend-resume=systemd \
--with-systemdsystemunitdir=%{systemd_dir} \
--with-system-ca-path=/etc/pki/tls/cert.pem \
--with-dbus-sys-dir=%{dbus_sys_dir} \
--with-tests=yes \
@ -841,12 +855,14 @@ intltoolize --automake --copy --force
--enable-ppp=yes \
%endif
%if %{with firewalld_zone}
--enable-firewalld-zone \
--enable-firewalld-zone=yes \
%else
--disable-firewalld-zone \
--enable-firewalld-zone=no \
%endif
--with-dist-version=%{version}-%{release} \
--with-config-plugins-default=%{config_plugins_default} \
%if %{?config_plugins_default_ifcfg_rh}
--with-config-plugins-default=ifcfg-rh \
%endif
--with-resolvconf=no \
--with-netconfig=no \
--with-config-dns-rc-manager-default=%{dns_rc_manager_default} \
@ -877,6 +893,10 @@ mkdir -p %{buildroot}%{_sysctldir}
cp %{SOURCE6} %{buildroot}%{_sysctldir}
%endif
%if 0%{?ifcfg_warning}
cp %{SOURCE7} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts
%endif
cp examples/dispatcher/10-ifcfg-rh-routes.sh %{buildroot}%{nmlibdir}/dispatcher.d/
ln -s ../no-wait.d/10-ifcfg-rh-routes.sh %{buildroot}%{nmlibdir}/dispatcher.d/pre-up.d/
ln -s ../10-ifcfg-rh-routes.sh %{buildroot}%{nmlibdir}/dispatcher.d/no-wait.d/
@ -917,7 +937,7 @@ make -k %{?_smp_mflags} check || :
%pre
if [ -f "%{systemd_dir}/network-online.target.wants/NetworkManager-wait-online.service" ] ; then
if [ -f "%{_unitdir}/network-online.target.wants/NetworkManager-wait-online.service" ] ; then
# older versions used to install this file, effectively always enabling
# NetworkManager-wait-online.service. We no longer do that and rely on
# preset.
@ -1005,7 +1025,9 @@ fi
%{dbus_sys_dir}/org.freedesktop.NetworkManager.conf
%{dbus_sys_dir}/nm-dispatcher.conf
%{dbus_sys_dir}/nm-priv-helper.conf
%if 0%{?split_ifcfg_rh} == 0
%{dbus_sys_dir}/nm-ifcfg-rh.conf
%endif
%{_sbindir}/%{name}
%{_bindir}/nmcli
%{_datadir}/bash-completion/completions/nmcli
@ -1028,7 +1050,9 @@ fi
%{_libexecdir}/nm-priv-helper
%dir %{_libdir}/%{name}
%dir %{nmplugindir}
%{nmplugindir}/libnm-settings-plugin*.so
%if 0%{?split_ifcfg_rh} == 0
%{nmplugindir}/libnm-settings-plugin-ifcfg-rh.so
%endif
%if %{with nmtui}
%exclude %{_mandir}/man1/nmtui*
%endif
@ -1046,6 +1070,7 @@ fi
%{_mandir}/man8/nm-initrd-generator.8.gz
%{_mandir}/man8/NetworkManager.8.gz
%{_mandir}/man8/NetworkManager-dispatcher.8.gz
%{_mandir}/man8/NetworkManager-wait-online.service.8.gz
%dir %{_localstatedir}/lib/NetworkManager
%dir %{_sysconfdir}/sysconfig/network-scripts
%{_datadir}/dbus-1/system-services/org.freedesktop.nm_dispatcher.service
@ -1056,13 +1081,16 @@ fi
%{_prefix}/lib/firewalld/zones/nm-shared.xml
%endif
# systemd stuff
%{systemd_dir}/NetworkManager.service
%{systemd_dir}/NetworkManager-wait-online.service
%{systemd_dir}/NetworkManager-dispatcher.service
%{systemd_dir}/nm-priv-helper.service
%{_unitdir}/NetworkManager.service
%{_unitdir}/NetworkManager-wait-online.service
%{_unitdir}/NetworkManager-dispatcher.service
%{_unitdir}/nm-priv-helper.service
%dir %{_datadir}/doc/NetworkManager/examples
%{_datadir}/doc/NetworkManager/examples/server.conf
%doc NEWS AUTHORS README CONTRIBUTING.md TODO
%if 0%{?ifcfg_warning}
%{_sysconfdir}/sysconfig/network-scripts/readme-ifcfg-rh.txt
%endif
%doc NEWS AUTHORS README.md CONTRIBUTING.md
%license COPYING
%license COPYING.LGPL
%license COPYING.GFDL
@ -1104,7 +1132,7 @@ fi
%if %{with ovs}
%files ovs
%{nmplugindir}/libnm-device-plugin-ovs.so
%{systemd_dir}/NetworkManager.service.d/NetworkManager-ovs.conf
%{_unitdir}/NetworkManager.service.d/NetworkManager-ovs.conf
%{_mandir}/man7/nm-openvswitch.7*
%endif
@ -1175,11 +1203,18 @@ fi
%endif
%if 0%{?split_ifcfg_rh}
%files initscripts-ifcfg-rh
%{nmplugindir}/libnm-settings-plugin-ifcfg-rh.so
%{dbus_sys_dir}/nm-ifcfg-rh.conf
%endif
%if %{with nm_cloud_setup}
%files cloud-setup
%{_libexecdir}/nm-cloud-setup
%{systemd_dir}/nm-cloud-setup.service
%{systemd_dir}/nm-cloud-setup.timer
%{_unitdir}/nm-cloud-setup.service
%{_unitdir}/nm-cloud-setup.timer
%{nmlibdir}/dispatcher.d/90-nm-cloud-setup.sh
%{nmlibdir}/dispatcher.d/no-wait.d/90-nm-cloud-setup.sh
%{_mandir}/man8/nm-cloud-setup.8*
@ -1194,17 +1229,91 @@ fi
%changelog
* Thu Jun 09 2022 Fernando Fernandez Mancera <ferferna@redhat.com> - 1:1.36.0-5
- Fix DHCP loses lease when restarting (rh #2094715)
- core: set "src" attribute for routes from DHCPv4 (rh #2094778)
- platform: workaround for preserving IPv6 address order (rh #2094715)
* Fri Aug 26 2022 Ana Cabral <acabral@redhat.com> - 1:1.40.0-1
- Update to 1.40.0 release
* Fri Apr 01 2022 Fernando Fernandez Mancera <ferferna@redhat.com> - 1:1.36.0-4
- n-dhcp4: discard NAKs from different servers in SELECTING (rh #2067122)
* Tue Aug 16 2022 Ana Cabral <acabral@redhat.com> - 1:1.39.90-1
- Update to 1.39.90 release (release candidate)
- Add support for MPTCP (rh #2029636)
- nmcli: fix assertion failure (rh #2092323)
- bond: fix arp_ip_target option (rh #2117202)
- nmci: fix test restart_L2_only_lacp (rh #2092361)
* Fri Mar 11 2022 Thomas Haller <thaller@redhat.com> - 1:1.36.0-3
- core: preserve external bridge ports during checkpoint rollback (rh #2061711)
- ovs-port: fix removal of ovsdb entry if the interface goes away (rh #2061709)
* Fri Jul 29 2022 Lubomir Rintel <lkundrak@v3.sk> - 1:1.39.12-1
- Update to 1.39.12 release (development)
- bridge: fix reapply support (rh #2092762)
* Thu Jul 28 2022 Beniamino Galvani <bgalvani@redhat.com> - 1:1.39.11-1
- Update to 1.39.11 release (development)
- core: support nm.debug kernel command line option (rh #2102313)
- ovs: don't ever move unactivated devices to failed state (rh #2077950)
- dhclient: fix EXTENDED DHCP event handling (rh #2109285)
- core: make "nmcli net off/on" more robust (rh #2093175)
- bridge: add reapply support (rh #2092762)
- bridge: don't reset vlan filtering on external connections (rh #2107647)
* Thu Jul 14 2022 Vojtech Bubela <vbubela@redhat.com> - 1:1.39.10-1
- Update to 1.39.10 release (development)
- add support for {rto_min,quickack,advmss} route attributes (rh #2068525)
- fix empty hostname for "SaveHostname" and make setting hostname async (rh #2090946)
* Thu Jun 30 2022 Lubomir Rintel <lkundrak@v3.sk> - 1:1.39.8-1
- Update to 1.39.8 release (development)
- core: make ipv6.addr-gen-mode default configurable (rh #1743161) (rh #2082682)
- dhcpv6: finish DAD before considering a lease to be good (rh #2096386)
- core: add connection.wait-activation-delay property (rh #2008337)
* Thu Jun 16 2022 Thomas Haller <thaller@redhat.com> - 1:1.39.7-2
- fix priority of IPv6 addresses to prefer manual over DHCPv6 over SLAAC (rh #2097293)
- reverse order of priority for static IPv6 addresses in "ipv6.addresses" (rh #2097293)
* Wed Jun 15 2022 Lubomir Rintel <lkundrak@v3.sk> - 1:1.39.7-1
- Update to 1.39.7 release (development)
- core: cancel the IP check on deactivation (rh #2080928)
- core: ensure DHCP is restarted every time the link goes up (rh #2079406)
- core: fix a leak of L3 configuration memory (rh #2083453)
- ppp: fix a race with pppd when removing addresses (rh #2085382)
- wifi: fix a crash when checking WEP supplicant capability (rh #2092782)
* Wed Jun 1 2022 Beniamino Galvani <bgalvani@redhat.com> - 1:1.39.6-1
- Update to 1.39.6 release (development)
- Implement ACD (address conflict detection) for DHCPv4 (rh #1713380)
* Thu May 19 2022 Ana Cabral <acabral@redhat.com> - 1:1.39.5-1
- Update to 1.39.5 release (development)
- dhcp: fix ignoring addresses with DHCPv6 otherconf (O flag) (rh #2083968)
- cloud-setup: reorder addresses to honor "primary_ip_address" (rh #2079849)
* Wed May 4 2022 Wen Liang <wenliang@redhat.com> - 1:1.39.3-1
- Update to 1.39.3 release (development)
- l3cfg: drop NM_L3_CFG_COMMIT_TYPE_ASSUME and assume_config_once (rh #2050216)
* Thu Apr 21 2022 Thomas Haller <thaller@redhat.com> - 1:1.39.2-1
- Update to 1.39.2 release (development)
- dhcp: set "src" attribute for DHCP routes (rh #1995372)
- dhcp: drop internal DHCPv4 client based on systemd code (rh #2073067)
- core: delay startup complete for DNS update (rh #2049421)
- nmcli: support offline mode to create and edit keyfiles (rh #1361145)
* Wed Apr 6 2022 Ana Cabral <acabral@redhat.com> - 1:1.39.0-1
- Upgrade to 1.39.0 release (development)
- Include a migration tool for ifcfg configuration to NM keyfiles
(rh #2059608)
* Thu Mar 24 2022 Lubomir Rintel <lkundrak@v3.sk> - 1:1.37.3-1
- Upgrade to 1.37.3 release (development)
- core: allow reapply on autoconnect-slaves property change (rh #2065049)
- wifi: do not advertise channels outside regulatory domain (rh #2062785)
- wifi: warn about WEP being phased out (rh #2030997)
- bond: reject reapply when fail_over_mac was changed (rh #2003214)
* Wed Mar 9 2022 Beniamino Galvani <bgalvani@redhat.com> - 1:1.37.2-1
- Upgrade to 1.37.2 release (development)
- core: preserve external ports during checkpoint rollback (rh #2061711)
- core: fix ovs bridge deletion (rh #2061709)
- core: shorten hostname when too long (rh #2033643)
- nm-online: bump the timeout upper limit to 2073600 seconds (rh #2025617)
- cloud-setup: fix crash when handling sigterm (rh #2027674)
* Mon Feb 28 2022 Beniamino Galvani <bgalvani@redhat.com> - 1:1.36.0-2
- core: fix setting DNS from WWAN and PPP (rh #2059138)