rpms/NetworkManager
6
0
Fork 0
Code Issues Pull Requests Releases Activity

import UBI NetworkManager-1.52.0-3.el9_6

Browse Source
This commit is contained in:
eabdullin 2025-05-13 15:09:52 +00:00
parent 33c9aa78b2
commit 75d9dc9671
19 changed files with 8553 additions and 2180 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.NetworkManager.metadata
View File

@ -1 +1 @@
6423adef5f4bb2c0cc20c2173e03a7ac8b8565ca SOURCES/NetworkManager-1.48.10.tar.xz
44942a87c9e4a62e84b5e5917e7a81ba41547067 SOURCES/NetworkManager-1.52.0.tar.xz

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/NetworkManager-1.48.10.tar.xz
SOURCES/NetworkManager-1.52.0.tar.xz

20
SOURCES/0001-revert-change-default-value-for-ipv4.dad-timeout-from-0-to-200ms.patch
View File

@ -1,8 +1,8 @@
diff --git a/src/core/devices/nm-device.c b/src/core/devices/nm-device.c
index 16f8e1f261..036233e668 100644
index 66eba20..ef3d45b 100644
--- a/src/core/devices/nm-device.c
+++ b/src/core/devices/nm-device.c
@@ -1661,7 +1661,7 @@ _prop_get_ipv4_dad_timeout(NMDevice *self)
@@ -1664,7 +1664,7 @@ _prop_get_ipv4_dad_timeout(NMDevice *self)
self,
0,
NM_SETTING_IP_CONFIG_DAD_TIMEOUT_MAX,
@ -12,10 +12,10 @@ index 16f8e1f261..036233e668 100644
static guint32
diff --git a/src/libnm-core-impl/nm-setting-ip-config.c b/src/libnm-core-impl/nm-setting-ip-config.c
index bfebe7d13d..de56ed74ea 100644
index e79f25a..a7a2b69 100644
--- a/src/libnm-core-impl/nm-setting-ip-config.c
+++ b/src/libnm-core-impl/nm-setting-ip-config.c
@@ -6655,7 +6655,7 @@ nm_setting_ip_config_class_init(NMSettingIPConfigClass *klass)
@@ -6735,7 +6735,7 @@ nm_setting_ip_config_class_init(NMSettingIPConfigClass *klass)
*
* A zero value means that no duplicate address detection is performed, -1 means
* the default value (either the value configured globally in NetworkManger.conf
@ -25,10 +25,10 @@ index bfebe7d13d..de56ed74ea 100644
* actual duration can be between half and the full time specified in this
* property.
diff --git a/src/libnmc-setting/settings-docs.h.in b/src/libnmc-setting/settings-docs.h.in
index 77cde6620e..e42cb74e7f 100644
index 091dcd6..6ab2c44 100644
--- a/src/libnmc-setting/settings-docs.h.in
+++ b/src/libnmc-setting/settings-docs.h.in
@@ -162,7 +162,7 @@
@@ -166,7 +166,7 @@
#define DESCRIBE_DOC_NM_SETTING_INFINIBAND_TRANSPORT_MODE N_("The IP-over-InfiniBand transport mode. Either \"datagram\" or \"connected\".")
#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_ADDRESSES N_("A list of IPv4 addresses and their prefix length. Multiple addresses can be separated by comma. For example \"192.168.1.5/24, 10.1.0.5/24\". The addresses are listed in decreasing priority, meaning the first address will be the primary address.")
#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_AUTO_ROUTE_EXT_GW N_("VPN connections will default to add the route automatically unless this setting is set to FALSE. For other connection types, adding such an automatic route is currently not supported and setting this to TRUE has no effect.")
@ -37,8 +37,8 @@ index 77cde6620e..e42cb74e7f 100644
#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DHCP_CLIENT_ID N_("A string sent to the DHCP server to identify the local machine which the DHCP server may use to customize the DHCP lease and options. When the property is a hex string ('aa:bb:cc') it is interpreted as a binary client ID, in which case the first byte is assumed to be the 'type' field as per RFC 2132 section 9.14 and the remaining bytes may be an hardware address (e.g. '01:xx:xx:xx:xx:xx:xx' where 1 is the Ethernet ARP type and the rest is a MAC address). If the property is not a hex string it is considered as a non-hardware-address client ID and the 'type' field is set to 0. The special values \"mac\" and \"perm-mac\" are supported, which use the current or permanent MAC address of the device to generate a client identifier with type ethernet (01). Currently, these options only work for ethernet type of links. The special value \"ipv6-duid\" uses the DUID from \"ipv6.dhcp-duid\" property as an RFC4361-compliant client identifier. As IAID it uses \"ipv4.dhcp-iaid\" and falls back to \"ipv6.dhcp-iaid\" if unset. The special value \"duid\" generates a RFC4361-compliant client identifier based on \"ipv4.dhcp-iaid\" and uses a DUID generated by hashing /etc/machine-id. The special value \"stable\" is supported to generate a type 0 client identifier based on the stable-id (see connection.stable-id) and a per-host key. If you set the stable-id, you may want to include the \"${DEVICE}\" or \"${MAC}\" specifier to get a per-device key. The special value \"none\" prevents any client identifier from being sent. Note that this is normally not recommended. If unset, a globally configured default from NetworkManager.conf is used. If still unset, the default depends on the DHCP plugin. The internal dhcp client will default to \"mac\" and the dhclient plugin will try to use one from its config file if present, or won't sent any client-id otherwise.")
#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DHCP_DSCP N_("Specifies the value for the DSCP field (traffic class) of the IP header. When empty, the global default value is used; if no global default is specified, it is assumed to be \"CS0\". Allowed values are: \"CS0\", \"CS4\" and \"CS6\". The property is currently valid only for IPv4, and it is supported only by the \"internal\" DHCP plugin.")
#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DHCP_FQDN N_("If the \"dhcp-send-hostname\" property is TRUE, then the specified FQDN will be sent to the DHCP server when acquiring a lease. This property and \"dhcp-hostname\" are mutually exclusive and cannot be set at the same time.")
@@ -192,7 +192,7 @@
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_ADDR_GEN_MODE N_("Configure method for creating the IPv6 interface identifer of addresses with RFC4862 IPv6 Stateless Address Autoconfiguration and Link Local addresses. The permitted values are: \"eui64\" (0), \"stable-privacy\" (1), \"default\" (3) or \"default-or-eui64\" (2). If the property is set to \"eui64\", the addresses will be generated using the interface token derived from hardware address. This makes the host part of the address to stay constant, making it possible to track the host's presence when it changes networks. The address changes when the interface hardware is replaced. If a duplicate address is detected, there is also no fallback to generate another address. When configured, the \"ipv6.token\" is used instead of the MAC address to generate addresses for stateless autoconfiguration. If the property is set to \"stable-privacy\", the interface identifier is generated as specified by RFC7217. This works by hashing a host specific key (see NetworkManager(8) manual), the interface name, the connection's \"connection.stable-id\" property and the address prefix. This improves privacy by making it harder to use the address to track the host's presence and the address is stable when the network interface hardware is replaced. The special values \"default\" and \"default-or-eui64\" will fallback to the global connection default as documented in the NetworkManager.conf(5) manual. If the global default is not specified, the fallback value is \"stable-privacy\" or \"eui64\", respectively. If not specified, when creating a new profile the default is \"default\". Note that this setting is distinct from the Privacy Extensions as configured by \"ip6-privacy\" property and it does not affect the temporary addresses configured with this option.")
@@ -198,7 +198,7 @@
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_ADDR_GEN_MODE N_("Configure method for creating the IPv6 interface identifier of addresses with RFC4862 IPv6 Stateless Address Autoconfiguration and Link Local addresses. The permitted values are: \"eui64\" (0), \"stable-privacy\" (1), \"default\" (3) or \"default-or-eui64\" (2). If the property is set to \"eui64\", the addresses will be generated using the interface token derived from hardware address. This makes the host part of the address to stay constant, making it possible to track the host's presence when it changes networks. The address changes when the interface hardware is replaced. If a duplicate address is detected, there is also no fallback to generate another address. When configured, the \"ipv6.token\" is used instead of the MAC address to generate addresses for stateless autoconfiguration. If the property is set to \"stable-privacy\", the interface identifier is generated as specified by RFC7217. This works by hashing a host specific key (see NetworkManager(8) manual), the interface name, the connection's \"connection.stable-id\" property and the address prefix. This improves privacy by making it harder to use the address to track the host's presence and the address is stable when the network interface hardware is replaced. The special values \"default\" and \"default-or-eui64\" will fallback to the global connection default as documented in the NetworkManager.conf(5) manual. If the global default is not specified, the fallback value is \"stable-privacy\" or \"eui64\", respectively. If not specified, when creating a new profile the default is \"default\". Note that this setting is distinct from the Privacy Extensions as configured by \"ip6-privacy\" property and it does not affect the temporary addresses configured with this option.")
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_ADDRESSES N_("A list of IPv6 addresses and their prefix length. Multiple addresses can be separated by comma. For example \"2001:db8:85a3::8a2e:370:7334/64, 2001:db8:85a3::5/64\". The addresses are listed in decreasing priority, meaning the first address will be the primary address. This can make a difference with IPv6 source address selection (RFC 6724, section 5).")
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_AUTO_ROUTE_EXT_GW N_("VPN connections will default to add the route automatically unless this setting is set to FALSE. For other connection types, adding such an automatic route is currently not supported and setting this to TRUE has no effect.")
-#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DAD_TIMEOUT N_("Maximum timeout in milliseconds used to check for the presence of duplicate IP addresses on the network. If an address conflict is detected, the activation will fail. The property is currently implemented only for IPv4. A zero value means that no duplicate address detection is performed, -1 means the default value (either the value configured globally in NetworkManger.conf or 200ms). A value greater than zero is a timeout in milliseconds. Note that the time intervals are subject to randomization as per RFC 5227 and so the actual duration can be between half and the full time specified in this property.")
@ -47,10 +47,10 @@ index 77cde6620e..e42cb74e7f 100644
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DHCP_DUID N_("A string containing the DHCPv6 Unique Identifier (DUID) used by the dhcp client to identify itself to DHCPv6 servers (RFC 3315). The DUID is carried in the Client Identifier option. If the property is a hex string ('aa:bb:cc') it is interpreted as a binary DUID and filled as an opaque value in the Client Identifier option. The special value \"lease\" will retrieve the DUID previously used from the lease file belonging to the connection. If no DUID is found and \"dhclient\" is the configured dhcp client, the DUID is searched in the system-wide dhclient lease file. If still no DUID is found, or another dhcp client is used, a global and permanent DUID-UUID (RFC 6355) will be generated based on the machine-id. The special values \"llt\" and \"ll\" will generate a DUID of type LLT or LL (see RFC 3315) based on the current MAC address of the device. In order to try providing a stable DUID-LLT, the time field will contain a constant timestamp that is used globally (for all profiles) and persisted to disk. The special values \"stable-llt\", \"stable-ll\" and \"stable-uuid\" will generate a DUID of the corresponding type, derived from the connection's stable-id and a per-host unique key. You may want to include the \"${DEVICE}\" or \"${MAC}\" specifier in the stable-id, in case this profile gets activated on multiple devices. So, the link-layer address of \"stable-ll\" and \"stable-llt\" will be a generated address derived from the stable id. The DUID-LLT time value in the \"stable-llt\" option will be picked among a static timespan of three years (the upper bound of the interval is the same constant timestamp used in \"llt\"). When the property is unset, the global value provided for \"ipv6.dhcp-duid\" is used. If no global value is provided, the default \"lease\" value is assumed.")
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DHCP_HOSTNAME N_("If the \"dhcp-send-hostname\" property is TRUE, then the specified name will be sent to the DHCP server when acquiring a lease. This property and \"dhcp-fqdn\" are mutually exclusive and cannot be set at the same time.")
diff --git a/src/nmcli/gen-metadata-nm-settings-nmcli.xml.in b/src/nmcli/gen-metadata-nm-settings-nmcli.xml.in
index 8806bf2550..09648f3ff8 100644
index 7f5bc2c..0ffa6fb 100644
--- a/src/nmcli/gen-metadata-nm-settings-nmcli.xml.in
+++ b/src/nmcli/gen-metadata-nm-settings-nmcli.xml.in
@@ -1337,7 +1337,7 @@
@@ -1369,7 +1369,7 @@
values="-1 - 2147483647"
special-values="default (-1), infinity (2147483647)" />
<property name="dad-timeout"

45
SOURCES/1001-cloud-setup-allow-bigger-restart-bursts-rhel-56740.patch
View File

@ -1,45 +0,0 @@
From 065584036f8072c994a8bdab210bcfd0ff483960 Mon Sep 17 00:00:00 2001
From: Lubomir Rintel <lkundrak@v3.sk>
Date: Tue, 27 Aug 2024 00:29:17 +0200
Subject: [PATCH] cloud-setup: allow bigger restart bursts
On daemon startup, we may end up enqueueing many nm-cloud-setup.service
restarts in very a short time. That is perfectly fine, just bump the
thresholds so that systemd doesn't get in the way too quickly.
100 requests in 1 seconds seem like a fair choice -- little bit on the
conservative side, yet still giving the service manager some room to
interfere on a chance things really go awry.
https://issues.redhat.com/browse/RHEL-49694
(cherry picked from commit 927cff9f178911b2a146259a89bfcc9727cbd8c3)
(cherry picked from commit 4dc35c72744f8820575ab0ea4638c4ddd880547d)
---
src/nm-cloud-setup/nm-cloud-setup.service.in | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/src/nm-cloud-setup/nm-cloud-setup.service.in b/src/nm-cloud-setup/nm-cloud-setup.service.in
index e73654d892..ecb70e1c8e 100644
--- a/src/nm-cloud-setup/nm-cloud-setup.service.in
+++ b/src/nm-cloud-setup/nm-cloud-setup.service.in
@@ -8,6 +8,17 @@ After=NetworkManager.service
Type=oneshot
ExecStart=@libexecdir@/nm-cloud-setup
+# The service restart gets triggered from dispatcher script
+# (pre-up and dhcp4-change actions), possibly ending up with many
+# restart requests at the same time (e.g. on initial daemon startup
+# on a machine with multiple NICs). The systemd handles multiple
+# concurrent restart requests gracefully (the newer requests supersede
+# older, which wait for them to finish), but the default limits are way
+# too low: 5 restarts in 10 seconds. Raise that high enough for us to
+# be on the safe side.
+StartLimitIntervalSec=1
+StartLimitBurst=100
+
#Environment=NM_CLOUD_SETUP_LOG=TRACE
# Cloud providers are disabled by default. You need to
--
2.46.0

85
SOURCES/1001-core-fail-early-if-we-cannot-get-current-FEC-value-86851.patch Normal file
View File

@ -0,0 +1,85 @@
From 3199dbc5cd688e8b9239a17ba6602779e7b1ba01 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=8D=C3=B1igo=20Huguet?= <ihuguet@redhat.com>
Date: Thu, 3 Apr 2025 09:20:58 +0200
Subject: [PATCH 1/2] core: fail early if we cannot get current FEC value
If we cannot get current FEC value probably we won't be able to set it a
few lines later. Also, if it fails to set, we try to use the value of
the old one that we tried to retrieve without success. In that case, the
variable old_fec_mode would be uninitialized. Fix it by returning early
if we cannot get the current value.
Fixes: 19bed3121fb6 ('ethtool: support Forward Error Correction(fec)')
(cherry picked from commit cbdd0d9cca34f4e1cbd177e347e14265e1afaf6c)
(cherry picked from commit b7e34f225a57b5374d39e095284d6ad03da59097)
---
src/core/devices/nm-device.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/core/devices/nm-device.c b/src/core/devices/nm-device.c
index 801dc7cd76..8d7eaa5676 100644
--- a/src/core/devices/nm-device.c
+++ b/src/core/devices/nm-device.c
@@ -2768,13 +2768,16 @@ _ethtool_fec_set(NMDevice *self,
fec_mode = g_variant_get_uint32(variant);
}
- nm_platform_ethtool_get_fec_mode(platform, ethtool_state->ifindex, &old_fec_mode);
-
/* The NM_SETTING_ETHTOOL_FEC_MODE_NONE is query only value, hence do nothing. */
if (!fec_mode || fec_mode == NM_SETTING_ETHTOOL_FEC_MODE_NONE) {
return;
}
+ if (!nm_platform_ethtool_get_fec_mode(platform, ethtool_state->ifindex, &old_fec_mode)) {
+ _LOGW(LOGD_DEVICE, "ethtool: failure setting FEC %d: cannot get current value", fec_mode);
+ return;
+ }
+
if (!nm_platform_ethtool_set_fec_mode(platform, ethtool_state->ifindex, fec_mode))
_LOGW(LOGD_DEVICE, "ethtool: failure setting FEC %d", fec_mode);
else {
--
2.49.0
From 85e98d98e5511e3b4faa5248b51c32d650a098af Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=8D=C3=B1igo=20Huguet?= <ihuguet@redhat.com>
Date: Thu, 3 Apr 2025 09:32:26 +0200
Subject: [PATCH 2/2] core: optimize hash table search in _ethtool_fec_set
Break the loop as soon as we've found the value.
Fixes: 19bed3121fb6 ('ethtool: support Forward Error Correction(fec)')
(cherry picked from commit 245f0e0b35d385e966289080dbd2594e74a189b2)
(cherry picked from commit 094a542546b158038473cc59f3f8ab03851e63eb)
---
src/core/devices/nm-device.c | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/src/core/devices/nm-device.c b/src/core/devices/nm-device.c
index 8d7eaa5676..c777d934d6 100644
--- a/src/core/devices/nm-device.c
+++ b/src/core/devices/nm-device.c
@@ -2759,13 +2759,11 @@ _ethtool_fec_set(NMDevice *self,
g_hash_table_iter_init(&iter, hash);
while (g_hash_table_iter_next(&iter, (gpointer *) &name, (gpointer *) &variant)) {
- NMEthtoolID ethtool_id = nm_ethtool_id_get_by_name(name);
-
- if (!nm_ethtool_id_is_fec(ethtool_id))
- continue;
-
- nm_assert(g_variant_is_of_type(variant, G_VARIANT_TYPE_UINT32));
- fec_mode = g_variant_get_uint32(variant);
+ if (nm_ethtool_id_is_fec(nm_ethtool_id_get_by_name(name))) {
+ nm_assert(g_variant_is_of_type(variant, G_VARIANT_TYPE_UINT32));
+ fec_mode = g_variant_get_uint32(variant);
+ break;
+ }
}
/* The NM_SETTING_ETHTOOL_FEC_MODE_NONE is query only value, hence do nothing. */
--
2.49.0

140
SOURCES/1002-cloud-setup-ensure-azure-places-primary-address-first-rhel-56387.patch
View File

@ -1,140 +0,0 @@
From 7183fbf6f35572f9fb0c2eeef5c155a3b9c82a54 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=8D=C3=B1igo=20Huguet?= <ihuguet@redhat.com>
Date: Tue, 27 Aug 2024 12:08:16 +0200
Subject: [PATCH] cloud-setup: azure: ensure that primary address is placed
first
The primary address is that placed at position 0 of all the IP Addresses
of the interface. Sometimes we put it in a different position in the
ipv4s array because we insert them in the order we receive, but it might
happen that the HTTP responses comes back in wrong order.
In order to solve this, we pass the index of the IPv4 address to the
callback and the address is added in the right position directly.
Co-authored-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
(cherry picked from commit 72014db629cff33611ade58190d45a714efa1bbf)
(cherry picked from commit c976e212372da9683a1e2f8618e3bcfdf21d5e25)
---
src/nm-cloud-setup/nmcs-provider-azure.c | 43 ++++++++++++++++--------
1 file changed, 29 insertions(+), 14 deletions(-)
diff --git a/src/nm-cloud-setup/nmcs-provider-azure.c b/src/nm-cloud-setup/nmcs-provider-azure.c
index 771c43d9ad..78eda16cbb 100644
--- a/src/nm-cloud-setup/nmcs-provider-azure.c
+++ b/src/nm-cloud-setup/nmcs-provider-azure.c
@@ -102,6 +102,11 @@ typedef struct {
guint n_iface_data_pending;
} AzureIfaceData;
+typedef struct {
+ AzureIfaceData *iface_data;
+ guint64 ipaddress_idx;
+} AzureIpAddressReqData;
+
static void
_azure_iface_data_destroy(AzureIfaceData *iface_data)
{
@@ -112,7 +117,8 @@ static void
_get_config_fetch_done_cb(NMHttpClient *http_client,
GAsyncResult *result,
AzureIfaceData *iface_data,
- GetConfigFetchType fetch_type)
+ GetConfigFetchType fetch_type,
+ guint64 ipaddress_idx)
{
NMCSProviderGetConfigTaskData *get_config_data;
NMCSProviderGetConfigIfaceData *iface_get_config;
@@ -149,9 +155,7 @@ _get_config_fetch_done_cb(NMHttpClient *http_client,
_LOGD("interface[%" G_GSSIZE_FORMAT "]: received address %s",
iface_data->intern_iface_idx,
nm_inet4_ntop(tmp_addr, tmp_addr_str));
- iface_get_config->ipv4s_arr[iface_get_config->ipv4s_len] = tmp_addr;
- iface_get_config->has_ipv4s = TRUE;
- iface_get_config->ipv4s_len++;
+ iface_get_config->ipv4s_arr[ipaddress_idx] = tmp_addr;
break;
case GET_CONFIG_FETCH_TYPE_IPV4_SUBNET_0_ADDRESS:
@@ -203,10 +207,14 @@ _get_config_fetch_done_cb_ipv4_ipaddress_x_privateipaddress(GObject *source
GAsyncResult *result,
gpointer user_data)
{
+ AzureIpAddressReqData *ipaddress_req_data = user_data;
+
_get_config_fetch_done_cb(NM_HTTP_CLIENT(source),
result,
- user_data,
- GET_CONFIG_FETCH_TYPE_IPV4_IPADDRESS_X_PRIVATEIPADDRESS);
+ ipaddress_req_data->iface_data,
+ GET_CONFIG_FETCH_TYPE_IPV4_IPADDRESS_X_PRIVATEIPADDRESS,
+ ipaddress_req_data->ipaddress_idx);
+ g_free(ipaddress_req_data);
}
static void
@@ -217,7 +225,8 @@ _get_config_fetch_done_cb_ipv4_subnet_0_address(GObject *source,
_get_config_fetch_done_cb(NM_HTTP_CLIENT(source),
result,
user_data,
- GET_CONFIG_FETCH_TYPE_IPV4_SUBNET_0_ADDRESS);
+ GET_CONFIG_FETCH_TYPE_IPV4_SUBNET_0_ADDRESS,
+ 0);
}
static void
@@ -228,7 +237,8 @@ _get_config_fetch_done_cb_ipv4_subnet_0_prefix(GObject *source,
_get_config_fetch_done_cb(NM_HTTP_CLIENT(source),
result,
user_data,
- GET_CONFIG_FETCH_TYPE_IPV4_SUBNET_0_PREFIX);
+ GET_CONFIG_FETCH_TYPE_IPV4_SUBNET_0_PREFIX,
+ 0);
}
static void
@@ -265,9 +275,10 @@ _get_config_ips_prefix_list_cb(GObject *source, GAsyncResult *result, gpointer u
nm_sprintf_buf(iface_idx_str, "%" G_GSSIZE_FORMAT, iface_data->intern_iface_idx);
while (nm_utils_parse_next_line(&response_str, &response_len, &line, &line_len)) {
- gint64 ips_prefix_idx;
- gs_free char *uri = NULL;
- char buf[100];
+ AzureIpAddressReqData *ipaddress_req_data;
+ gint64 ips_prefix_idx;
+ gs_free char *uri = NULL;
+ char buf[100];
if (line_len == 0)
continue;
@@ -284,8 +295,11 @@ _get_config_ips_prefix_list_cb(GObject *source, GAsyncResult *result, gpointer u
if (ips_prefix_idx < 0)
continue;
- iface_data->n_iface_data_pending++;
+ ipaddress_req_data = g_new(AzureIpAddressReqData, 1);
+ ipaddress_req_data->iface_data = iface_data;
+ ipaddress_req_data->ipaddress_idx = ips_prefix_idx;
+ iface_data->n_iface_data_pending++;
nm_http_client_poll_req(
NM_HTTP_CLIENT(source),
(uri = _azure_uri_interfaces(iface_idx_str,
@@ -302,11 +316,12 @@ _get_config_ips_prefix_list_cb(GObject *source, GAsyncResult *result, gpointer u
NULL,
NULL,
_get_config_fetch_done_cb_ipv4_ipaddress_x_privateipaddress,
- iface_data);
+ ipaddress_req_data);
}
- iface_data->iface_get_config->ipv4s_len = 0;
iface_data->iface_get_config->ipv4s_arr = g_new(in_addr_t, iface_data->n_iface_data_pending);
+ iface_data->iface_get_config->has_ipv4s = TRUE;
+ iface_data->iface_get_config->ipv4s_len = iface_data->n_iface_data_pending;
{
gs_free char *uri = NULL;
--
2.46.0

8073
SOURCES/1002-oci-update-disconnected-vnics-83198.patch Normal file
View File

File diff suppressed because it is too large Load Diff

195
SOURCES/1003-dns-Fix-invalid-memory-access-on-Dnsconfd-DBUS-error-84692.patch Normal file
View File

@ -0,0 +1,195 @@
From de4f4e870dae3aae3dd77953b9e47a7cef7f5f90 Mon Sep 17 00:00:00 2001
From: Tomas Korbar <tkorbar@redhat.com>
Date: Thu, 13 Mar 2025 12:31:14 +0100
Subject: [PATCH 1/2] dns: Fix invalid memory access on Dnsconfd DBUS error
DBus errors were not properly handled after DBus calls and
that caused SIGSEGV. Now they are checked.
Fixes #1738
Fixes: b8714e86e4e7 ('dns: introduce configuration_serial support to the dnsconfd plugin')
(cherry picked from commit 4ad20787bbeb53559e96bdd74e06b8267a9d287b)
---
src/core/dns/nm-dns-dnsconfd.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/src/core/dns/nm-dns-dnsconfd.c b/src/core/dns/nm-dns-dnsconfd.c
index 63b3060f3d..c994ec8bc9 100644
--- a/src/core/dns/nm-dns-dnsconfd.c
+++ b/src/core/dns/nm-dns-dnsconfd.c
@@ -132,6 +132,13 @@ dnsconfd_serial_retrieval_done(GObject *source_object, GAsyncResult *res, gpoint
self = user_data;
priv = NM_DNS_DNSCONFD_GET_PRIVATE(self);
+ if (!response) {
+ _LOGW("dnsconfd serial retrieval failed: %s", error->message);
+ priv->plugin_state = DNSCONFD_PLUGIN_IDLE;
+ _nm_dns_plugin_update_pending_maybe_changed(NM_DNS_PLUGIN(self));
+ return;
+ }
+
nm_clear_g_cancellable(&priv->serial_cancellable);
g_variant_get(response, "(v)", &new_serial_variant);
@@ -201,8 +208,12 @@ dnsconfd_update_done(GObject *source_object, GAsyncResult *res, gpointer user_da
nm_clear_g_cancellable(&priv->update_cancellable);
- if (!response)
+ if (!response) {
_LOGW("dnsconfd update failed: %s", error->message);
+ priv->plugin_state = DNSCONFD_PLUGIN_IDLE;
+ _nm_dns_plugin_update_pending_maybe_changed(NM_DNS_PLUGIN(self));
+ return;
+ }
/* By using &s we will get pointer to char data contained
* in variant and thus no freing of dnsconfd_message is required */
--
2.49.0
From 873adc4dc04088542b107ebd6aa2289a4c4f6df9 Mon Sep 17 00:00:00 2001
From: Tomas Korbar <tkorbar@redhat.com>
Date: Thu, 13 Mar 2025 12:34:09 +0100
Subject: [PATCH 2/2] dns: Refactor changing of Dnsconfd plugin state
(cherry picked from commit 7ba27f7a13afaa8a55e662cd1857d480c52a3a85)
---
src/core/dns/nm-dns-dnsconfd.c | 45 ++++++++++++++++------------------
1 file changed, 21 insertions(+), 24 deletions(-)
diff --git a/src/core/dns/nm-dns-dnsconfd.c b/src/core/dns/nm-dns-dnsconfd.c
index c994ec8bc9..c17fb9cf44 100644
--- a/src/core/dns/nm-dns-dnsconfd.c
+++ b/src/core/dns/nm-dns-dnsconfd.c
@@ -71,6 +71,15 @@ typedef enum {
/*****************************************************************************/
+static void
+dnsconfd_change_plugin_state(NMDnsDnsconfd *self, DnsconfdPluginState new_state)
+{
+ NMDnsDnsconfdPrivate *priv = NM_DNS_DNSCONFD_GET_PRIVATE(self);
+
+ priv->plugin_state = new_state;
+ _nm_dns_plugin_update_pending_maybe_changed(NM_DNS_PLUGIN(self));
+}
+
static void
dnsconfd_serial_changed(NMDnsDnsconfd *self, guint new_serial)
{
@@ -78,12 +87,10 @@ dnsconfd_serial_changed(NMDnsDnsconfd *self, guint new_serial)
priv->present_configuration_serial = new_serial;
if (priv->plugin_state == DNSCONFD_PLUGIN_WAIT_SERIAL
&& priv->awaited_configuration_serial == new_serial) {
- priv->plugin_state = DNSCONFD_PLUGIN_IDLE;
+ dnsconfd_change_plugin_state(self, DNSCONFD_PLUGIN_IDLE);
/* Update finished, serials match */
_LOGT("serials match, update finished");
}
-
- _nm_dns_plugin_update_pending_maybe_changed(NM_DNS_PLUGIN(self));
}
static void
@@ -134,8 +141,7 @@ dnsconfd_serial_retrieval_done(GObject *source_object, GAsyncResult *res, gpoint
if (!response) {
_LOGW("dnsconfd serial retrieval failed: %s", error->message);
- priv->plugin_state = DNSCONFD_PLUGIN_IDLE;
- _nm_dns_plugin_update_pending_maybe_changed(NM_DNS_PLUGIN(self));
+ dnsconfd_change_plugin_state(self, DNSCONFD_PLUGIN_IDLE);
return;
}
@@ -210,8 +216,7 @@ dnsconfd_update_done(GObject *source_object, GAsyncResult *res, gpointer user_da
if (!response) {
_LOGW("dnsconfd update failed: %s", error->message);
- priv->plugin_state = DNSCONFD_PLUGIN_IDLE;
- _nm_dns_plugin_update_pending_maybe_changed(NM_DNS_PLUGIN(self));
+ dnsconfd_change_plugin_state(self, DNSCONFD_PLUGIN_IDLE);
return;
}
@@ -221,8 +226,7 @@ dnsconfd_update_done(GObject *source_object, GAsyncResult *res, gpointer user_da
if (!awaited_serial) {
_LOGW("dnsconfd refused update: %s", dnsconfd_message);
- priv->plugin_state = DNSCONFD_PLUGIN_IDLE;
- _nm_dns_plugin_update_pending_maybe_changed(NM_DNS_PLUGIN(self));
+ dnsconfd_change_plugin_state(self, DNSCONFD_PLUGIN_IDLE);
return;
}
@@ -231,14 +235,12 @@ dnsconfd_update_done(GObject *source_object, GAsyncResult *res, gpointer user_da
if (priv->awaited_configuration_serial == priv->present_configuration_serial) {
/* Serials match, update finished */
- priv->plugin_state = DNSCONFD_PLUGIN_IDLE;
+ dnsconfd_change_plugin_state(self, DNSCONFD_PLUGIN_IDLE);
_LOGT("after update serials match");
} else {
- priv->plugin_state = DNSCONFD_PLUGIN_WAIT_SERIAL;
+ dnsconfd_change_plugin_state(self, DNSCONFD_PLUGIN_WAIT_SERIAL);
_LOGT("after update serials don't match, waiting");
}
-
- _nm_dns_plugin_update_pending_maybe_changed(NM_DNS_PLUGIN(self));
}
static gboolean
@@ -489,8 +491,7 @@ name_owner_changed(NMDnsDnsconfd *self, const char *name_owner)
|| priv->plugin_state == DNSCONFD_PLUGIN_WAIT_SERIAL) {
/* We were waiting for either serial or confirmation of update and name
* disappeared, thus we need to retransmit */
- priv->plugin_state = DNSCONFD_PLUGIN_WAIT_CONNECT;
- _nm_dns_plugin_update_pending_maybe_changed(NM_DNS_PLUGIN(self));
+ dnsconfd_change_plugin_state(self, DNSCONFD_PLUGIN_WAIT_CONNECT);
}
return;
}
@@ -501,15 +502,13 @@ name_owner_changed(NMDnsDnsconfd *self, const char *name_owner)
if (!subscribe_serial(self)) {
/* This means that in time between new name and subscribe serial call
* we lost the name again thus wait again */
- priv->plugin_state = DNSCONFD_PLUGIN_WAIT_CONNECT;
+ dnsconfd_change_plugin_state(self, DNSCONFD_PLUGIN_WAIT_CONNECT);
_LOGT("subscription failed, waiting to connect");
} else {
- priv->plugin_state = DNSCONFD_PLUGIN_WAIT_UPDATE_DONE;
+ dnsconfd_change_plugin_state(self, DNSCONFD_PLUGIN_WAIT_UPDATE_DONE);
_LOGT("sending update and waiting for its finish");
send_dnsconfd_update(self);
}
-
- _nm_dns_plugin_update_pending_maybe_changed(NM_DNS_PLUGIN(self));
}
static void
@@ -706,18 +705,16 @@ update(NMDnsPlugin *plugin,
/* We need to consider only whether we are connected, because newer update call
* overrides the old one */
if (all_connected == CONNECTION_FAIL) {
- priv->plugin_state = DNSCONFD_PLUGIN_IDLE;
+ dnsconfd_change_plugin_state(self, DNSCONFD_PLUGIN_IDLE);
_LOGT("failed to connect");
} else if (all_connected == CONNECTION_WAIT) {
- priv->plugin_state = DNSCONFD_PLUGIN_WAIT_CONNECT;
+ dnsconfd_change_plugin_state(self, DNSCONFD_PLUGIN_WAIT_CONNECT);
_LOGT("not connected, waiting to connect");
} else {
- priv->plugin_state = DNSCONFD_PLUGIN_WAIT_UPDATE_DONE;
+ dnsconfd_change_plugin_state(self, DNSCONFD_PLUGIN_WAIT_UPDATE_DONE);
_LOGT("connected, waiting for update to finish");
}
- _nm_dns_plugin_update_pending_maybe_changed(plugin);
-
if (all_connected == CONNECTION_FAIL) {
nm_utils_error_set(error,
NM_UTILS_ERROR_UNKNOWN,
--
2.49.0

74
SOURCES/1003-only-validate-sriov-capability-when-enabled-rhel-58397.patch
View File

@ -1,74 +0,0 @@
From d9dd0aeff8ba2e1a0005c2e5751907c453927c5c Mon Sep 17 00:00:00 2001
From: Gris Ge <fge@redhat.com>
Date: Mon, 21 Oct 2024 21:13:29 +0800
Subject: [PATCH] sriov: only valid sriov capacity when enabled
NetworkManager current code will refuse to activate a connection if its
interface has no SRIOV capacity but holding a empty SRIOV settings.
This patch only valid SRIOV capacity when it is enabled(total_vfs > 0).
Resolves: https://issues.redhat.com/browse/RHEL-58397
Signed-off-by: Gris Ge <fge@redhat.com>
(cherry picked from commit 421ccf8b4cb85c96db3bf1cb6a860e41a784c950)
(cherry picked from commit c9e31e70cbf62c65cec460dc198712a61351e9f4)
(cherry picked from commit 90a3b014683c3c98c9fb4bbe2add65510e7f1b31)
---
src/core/devices/nm-device.c | 19 ++++++++++---------
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/src/core/devices/nm-device.c b/src/core/devices/nm-device.c
index 4780003a0a..e86c32a902 100644
--- a/src/core/devices/nm-device.c
+++ b/src/core/devices/nm-device.c
@@ -9468,6 +9468,7 @@ check_connection_compatible(NMDevice *self,
NMSettingMatch *s_match;
const GSList *specs;
gboolean has_match = FALSE;
+ NMSettingSriov *s_sriov = NULL;
klass = NM_DEVICE_GET_CLASS(self);
if (klass->connection_type_check_compatible) {
@@ -9485,12 +9486,14 @@ check_connection_compatible(NMDevice *self,
return FALSE;
}
- if (!nm_device_has_capability(self, NM_DEVICE_CAP_SRIOV)
- && nm_connection_get_setting(connection, NM_TYPE_SETTING_SRIOV)) {
- nm_utils_error_set_literal(error,
- NM_UTILS_ERROR_CONNECTION_AVAILABLE_TEMPORARY,
- "device does not support SR-IOV");
- return FALSE;
+ if (!nm_device_has_capability(self, NM_DEVICE_CAP_SRIOV)) {
+ s_sriov = (NMSettingSriov *) nm_connection_get_setting(connection, NM_TYPE_SETTING_SRIOV);
+ if (s_sriov && nm_setting_sriov_get_total_vfs(s_sriov)) {
+ nm_utils_error_set_literal(error,
+ NM_UTILS_ERROR_CONNECTION_AVAILABLE_TEMPORARY,
+ "device does not support SR-IOV");
+ return FALSE;
+ }
}
conn_iface = nm_manager_get_connection_iface(NM_MANAGER_GET, connection, NULL, NULL, &local);
@@ -10101,7 +10104,7 @@ activate_stage1_device_prepare(NMDevice *self)
s_sriov = nm_device_get_applied_setting(self, NM_TYPE_SETTING_SRIOV);
}
- if (s_sriov) {
+ if (s_sriov && nm_device_has_capability(self, NM_DEVICE_CAP_SRIOV)) {
nm_auto_freev NMPlatformVF **plat_vfs = NULL;
gs_free_error GError *error = NULL;
NMSriovVF *vf;
@@ -10109,8 +10112,6 @@ activate_stage1_device_prepare(NMDevice *self)
guint num;
guint i;
- nm_assert(nm_device_has_capability(self, NM_DEVICE_CAP_SRIOV));
-
autoprobe = nm_setting_sriov_get_autoprobe_drivers(s_sriov);
if (autoprobe == NM_TERNARY_DEFAULT) {
autoprobe = nm_config_data_get_connection_default_int64(
--
2.45.2

136
SOURCES/1004-fix-bug-when-deactivating-port-connections-rhel-50747.patch
View File

@ -1,136 +0,0 @@
From 3b1181dc02172033d8e2bb7fd2336b2ea0355a87 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Mon, 23 Sep 2024 17:28:03 +0200
Subject: [PATCH] device: fix bug when deactivating port connections
asynchronously
When the attach_port()/detach_port() methods do not return immediately
(currently, only for OVS ports), the following situation can arise:
- nm_device_controller_attach_port() starts the attachment by sending
the command to ovsdb. Note that here we don't set
`PortInfo->port_is_attached` to TRUE yet; that happens only after
the asynchronous command returns;
- the activation of the port gets interrupted because the connection
is deleted;
- the port device enters the deactivating state, triggering function
port_state_changed()
- the function calls nm_device_controller_release_port() which checks
whether the port is already attached; since
`PortInfo->port_is_attached` is not set yet, it assumes the port
doesn't need to be detached;
- in the meantime, the ovsdb operation succeeds. As a consequence,
the kernel link is created even if the connection no longer exists.
Fix this by turning `port_is_attached` into a tri-state variable that
also tracks when the port is attaching. When it is, we need to perform
an explicit detach during deactivation.
Fixes: 9fcbc6b37dec ('device: make attach_port() asynchronous')
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2043
Resolves: https://issues.redhat.com/browse/RHEL-58026
(cherry picked from commit a8329587c8bdd53e2bc4513a4e82529727cfa5ef)
(cherry picked from commit d809ca6db24b5145fcc1857b962afb7ae17d07a5)
(cherry picked from commit ca6ca684b21235f706b02cee42075f2ee3cb1795)
---
src/core/devices/nm-device.c | 27 ++++++++++++++++++++++-----
1 file changed, 22 insertions(+), 5 deletions(-)
diff --git a/src/core/devices/nm-device.c b/src/core/devices/nm-device.c
index e86c32a902..f9a2e7e8fe 100644
--- a/src/core/devices/nm-device.c
+++ b/src/core/devices/nm-device.c
@@ -126,12 +126,18 @@ typedef enum _nm_packed {
ADDR_METHOD_STATE_FAILED,
} AddrMethodState;
+typedef enum {
+ PORT_STATE_NOT_ATTACHED,
+ PORT_STATE_ATTACHED,
+ PORT_STATE_ATTACHING,
+} PortState;
+
typedef struct {
CList lst_port;
NMDevice *port;
GCancellable *cancellable;
gulong watch_id;
- bool port_is_attached;
+ PortState port_state;
bool configure;
} PortInfo;
@@ -6693,7 +6699,7 @@ attach_port_done(NMDevice *self, NMDevice *port, gboolean success)
if (!info)
return;
- info->port_is_attached = success;
+ info->port_state = (success ? PORT_STATE_ATTACHED : PORT_STATE_NOT_ATTACHED);
nm_device_port_notify_attach_as_port(info->port, success);
@@ -6756,7 +6762,7 @@ nm_device_controller_attach_port(NMDevice *self, NMDevice *port, NMConnection *c
if (!info)
return;
- if (info->port_is_attached)
+ if (info->port_state == PORT_STATE_ATTACHED)
success = TRUE;
else {
configure = (info->configure && connection != NULL);
@@ -6765,6 +6771,7 @@ nm_device_controller_attach_port(NMDevice *self, NMDevice *port, NMConnection *c
nm_clear_g_cancellable(&info->cancellable);
info->cancellable = g_cancellable_new();
+ info->port_state = PORT_STATE_ATTACHING;
success = NM_DEVICE_GET_CLASS(self)->attach_port(self,
port,
connection,
@@ -6819,6 +6826,7 @@ nm_device_controller_release_port(NMDevice *self,
PortInfo *info;
gs_unref_object NMDevice *self_free = NULL;
gs_unref_object NMDevice *port_free = NULL;
+ const char *port_state_str;
g_return_if_fail(NM_DEVICE(self));
g_return_if_fail(NM_DEVICE(port));
@@ -6830,11 +6838,20 @@ nm_device_controller_release_port(NMDevice *self,
info = find_port_info(self, port);
+ if (info->port_state == PORT_STATE_ATTACHED)
+ port_state_str = "(attached)";
+ else if (info->port_state == PORT_STATE_NOT_ATTACHED)
+ port_state_str = "(not attached)";
+ else {
+ nm_assert(info->port_state == PORT_STATE_ATTACHING);
+ port_state_str = "(attaching)";
+ }
+
_LOGT(LOGD_CORE,
"controller: release one port " NM_HASH_OBFUSCATE_PTR_FMT "/%s %s%s",
NM_HASH_OBFUSCATE_PTR(port),
nm_device_get_iface(port),
- !info ? "(not registered)" : (info->port_is_attached ? "(attached)" : "(not attached)"),
+ !info ? "(not registered)" : port_state_str,
release_type == RELEASE_PORT_TYPE_CONFIG_FORCE
? " (force-configure)"
: (release_type == RELEASE_PORT_TYPE_CONFIG ? " (configure)" : "(no-config)"));
@@ -6850,7 +6867,7 @@ nm_device_controller_release_port(NMDevice *self,
nm_clear_g_cancellable(&info->cancellable);
/* first, let subclasses handle the release ... */
- if (info->port_is_attached || nm_device_sys_iface_state_is_external(port)
+ if (info->port_state != PORT_STATE_NOT_ATTACHED || nm_device_sys_iface_state_is_external(port)
|| release_type >= RELEASE_PORT_TYPE_CONFIG_FORCE) {
NMTernary ret;
--
2.45.2

57
SOURCES/1005-fix-validation-of-ovs-dpdk-interface-name-rhel-60022.patch
View File

@ -1,57 +0,0 @@
From fd2768da4c3f966a215f01f09f8b5d7d534d0193 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Tue, 24 Sep 2024 16:25:03 +0200
Subject: [PATCH] libnm-core: fix validation of ovs-dpdk interface name
An ovs-dpdk interface doesn't have a kernel link and doesn't have the
15-character limit on the name.
Fixes: 3efe070dfc7a ('libnm: validate "connection.interface-name" at one place only')
Resolves: https://issues.redhat.com/browse/RHEL-60233
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2044
(cherry picked from commit fda05b0af085d9f7e4cc5691075dae63e7bf02a6)
(cherry picked from commit f6e4e537757a414cc896bc1b402da8c9c9e32eaa)
(cherry picked from commit c7035db5b43beff7ad7e91685ff17982a540d8e2)
---
src/libnm-core-impl/nm-setting-connection.c | 4 ++--
src/libnm-core-impl/tests/test-general.c | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/libnm-core-impl/nm-setting-connection.c b/src/libnm-core-impl/nm-setting-connection.c
index b51cd46bdd..3298dce60a 100644
--- a/src/libnm-core-impl/nm-setting-connection.c
+++ b/src/libnm-core-impl/nm-setting-connection.c
@@ -1379,13 +1379,13 @@ verify(NMSetting *setting, NMConnection *connection, GError **error)
if (connection)
goto after_interface_name;
iface_type = NMU_IFACE_ANY;
- } else if (NM_IN_STRSET(ovs_iface_type, "patch")) {
+ } else if (NM_IN_STRSET(ovs_iface_type, "patch", "dpdk")) {
/* this interface type is internal to OVS. */
iface_type = NMU_IFACE_OVS;
} else {
/* This interface type also requires a netdev. We need to validate
* for both OVS and KERNEL. */
- nm_assert(NM_IN_STRSET(ovs_iface_type, "internal", "system", "dpdk"));
+ nm_assert(NM_IN_STRSET(ovs_iface_type, "internal", "system"));
iface_type = NMU_IFACE_OVS_AND_KERNEL;
}
} else
diff --git a/src/libnm-core-impl/tests/test-general.c b/src/libnm-core-impl/tests/test-general.c
index 0a39010c11..8d4ea069c5 100644
--- a/src/libnm-core-impl/tests/test-general.c
+++ b/src/libnm-core-impl/tests/test-general.c
@@ -10832,7 +10832,7 @@ test_connection_ovs_ifname(gconstpointer test_data)
/* good if bridge, port, or patch interface */
g_object_set(s_con, NM_SETTING_CONNECTION_INTERFACE_NAME, "ovs123123123123130123123", NULL);
- if (!ovs_iface_type || nm_streq(ovs_iface_type, "patch"))
+ if (!ovs_iface_type || NM_IN_STRSET(ovs_iface_type, "patch", "dpdk"))
nmtst_assert_connection_verifies(con);
else {
nmtst_assert_connection_unnormalizable(con,
--
2.45.2

541
SOURCES/1006-remove-routes-added-by-nm-on-reapply-rhel-73013.patch
View File

@ -1,541 +0,0 @@
From 9628d71b541635047807e3344b871f701bddf77e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=8D=C3=B1igo=20Huguet?= <ihuguet@redhat.com>
Date: Wed, 4 Dec 2024 14:24:38 +0100
Subject: [PATCH 1/4] libnmc: fix bug checking VersionInfo's capabilities
Remove the `+ 31u` that was making that it would search for bit 1 at
array's element 1, instead of element 0. Fixed comparison >len that
shoudl be >=len. Fix a few typos.
Fixes: bc6098d44106 ('libnm: add internal nmc_client_has_{version_info_v,version_info_capability,capability}() helper')
(cherry picked from commit 5a65170b49d38f5195da900f63710c847ce3364e)
---
src/libnm-client-aux-extern/nm-libnm-aux.c | 11 ++++-------
src/libnm-client-impl/nm-client.c | 4 ++--
2 files changed, 6 insertions(+), 9 deletions(-)
diff --git a/src/libnm-client-aux-extern/nm-libnm-aux.c b/src/libnm-client-aux-extern/nm-libnm-aux.c
index 5855bc299b..77f4a19559 100644
--- a/src/libnm-client-aux-extern/nm-libnm-aux.c
+++ b/src/libnm-client-aux-extern/nm-libnm-aux.c
@@ -169,14 +169,11 @@ nmc_client_has_version_info_capability(NMClient *nmc, NMVersionInfoCapability ca
len--;
ver++;
- idx = (gsize) capability;
- if (idx >= G_MAXSIZE - 31u)
- return FALSE;
-
- idx_hi = ((idx + 31u) / 32u);
- idx_lo = (idx % 32u);
+ idx = (gsize) capability;
+ idx_hi = idx / 32u;
+ idx_lo = idx % 32u;
- if (idx_hi > len)
+ if (idx_hi >= len)
return FALSE;
return NM_FLAGS_ANY(ver[idx_hi], (1ull << idx_lo));
diff --git a/src/libnm-client-impl/nm-client.c b/src/libnm-client-impl/nm-client.c
index 4ecc83899c..677f9aacab 100644
--- a/src/libnm-client-impl/nm-client.c
+++ b/src/libnm-client-impl/nm-client.c
@@ -6315,7 +6315,7 @@ nm_client_get_capabilities(NMClient *client, gsize *length)
*
* If available, the first element in the array is NM_VERSION which
* encodes the daemon version as "(major << 16 | minor << 8 | micro)".
- * The following elements are a bitfield of %NMVersionInfoCapabilities
+ * The following elements are a bitfield of %NMVersionInfoCapability
* that indicate that the daemon supports a certain capability.
*
* Returns: (transfer none) (array length=length): the
@@ -8312,7 +8312,7 @@ nm_client_class_init(NMClientClass *client_class)
* Expose version info and capabilities of NetworkManager. If non-empty,
* the first element is NM_VERSION, which encodes the version of the
* daemon as "(major << 16 | minor << 8 | micro)". The following elements
- * is a bitfields of %NMVersionInfoCapabilities. If a bit is set, then
+ * is a bitfields of %NMVersionInfoCapability. If a bit is set, then
* the running NetworkManager has the respective capability.
*
* Since: 1.42
--
2.47.1
From 2498b7aa0b0e654d97c6ded907c20341b866af21 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=8D=C3=B1igo=20Huguet?= <ihuguet@redhat.com>
Date: Wed, 27 Nov 2024 08:48:50 +0100
Subject: [PATCH 2/4] platform: rename NM_IP_ROUTE_TABLE_SYNC_MODE_FULL ->
ALL_EXCEPT_LOCAL
The difference between FULL and ALL was not obvious without reading the
documentation. Moreover, a new mode is going to be introduced so the
confusion could grow. Rename to a more explicit name.
(cherry picked from commit e1840ad5fbe4684cb8fce4a638617729969255e5)
---
src/libnm-platform/nm-platform.c | 4 ++--
src/libnm-platform/nmp-base.h | 6 +++---
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/libnm-platform/nm-platform.c b/src/libnm-platform/nm-platform.c
index af04f29fad..ac2ecb421c 100644
--- a/src/libnm-platform/nm-platform.c
+++ b/src/libnm-platform/nm-platform.c
@@ -4890,7 +4890,7 @@ nm_platform_ip_route_get_prune_list(NMPlatform *self,
nm_assert(NM_IN_SET(addr_family, AF_INET, AF_INET6));
nm_assert(NM_IN_SET(route_table_sync,
NM_IP_ROUTE_TABLE_SYNC_MODE_MAIN,
- NM_IP_ROUTE_TABLE_SYNC_MODE_FULL,
+ NM_IP_ROUTE_TABLE_SYNC_MODE_ALL_EXCEPT_LOCAL,
NM_IP_ROUTE_TABLE_SYNC_MODE_ALL,
NM_IP_ROUTE_TABLE_SYNC_MODE_ALL_PRUNE));
@@ -4915,7 +4915,7 @@ nm_platform_ip_route_get_prune_list(NMPlatform *self,
if (!nm_platform_route_table_is_main(nm_platform_ip_route_get_effective_table(&rt->rx)))
continue;
break;
- case NM_IP_ROUTE_TABLE_SYNC_MODE_FULL:
+ case NM_IP_ROUTE_TABLE_SYNC_MODE_ALL_EXCEPT_LOCAL:
if (nm_platform_ip_route_get_effective_table(&rt->rx) == RT_TABLE_LOCAL)
continue;
break;
diff --git a/src/libnm-platform/nmp-base.h b/src/libnm-platform/nmp-base.h
index c7d487e23c..9e2e1063a1 100644
--- a/src/libnm-platform/nmp-base.h
+++ b/src/libnm-platform/nmp-base.h
@@ -211,8 +211,8 @@ nmp_object_type_to_flags(NMPObjectType obj_type)
* @NM_IP_ROUTE_TABLE_SYNC_MODE_NONE: indicate an invalid setting.
* @NM_IP_ROUTE_TABLE_SYNC_MODE_MAIN: only the main table is synced. For all
* other tables, NM won't delete any extra routes.
- * @NM_IP_ROUTE_TABLE_SYNC_MODE_FULL: NM will sync all tables, except the
- * local table (255).
+ * @NM_IP_ROUTE_TABLE_SYNC_MODE_ALL_EXCEPT_LOCAL: NM will sync all tables, except
+ * the local table (255).
* @NM_IP_ROUTE_TABLE_SYNC_MODE_ALL: NM will sync all tables, including the
* local table (255).
* @NM_IP_ROUTE_TABLE_SYNC_MODE_ALL_PRUNE: NM will sync all tables (including
@@ -222,7 +222,7 @@ nmp_object_type_to_flags(NMPObjectType obj_type)
typedef enum {
NM_IP_ROUTE_TABLE_SYNC_MODE_NONE,
NM_IP_ROUTE_TABLE_SYNC_MODE_MAIN,
- NM_IP_ROUTE_TABLE_SYNC_MODE_FULL,
+ NM_IP_ROUTE_TABLE_SYNC_MODE_ALL_EXCEPT_LOCAL,
NM_IP_ROUTE_TABLE_SYNC_MODE_ALL,
NM_IP_ROUTE_TABLE_SYNC_MODE_ALL_PRUNE,
} NMIPRouteTableSyncMode;
--
2.47.1
From f970d505e9f5cfdc6b699105e404cd06c51439ca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=8D=C3=B1igo=20Huguet?= <ihuguet@redhat.com>
Date: Wed, 27 Nov 2024 13:53:02 +0100
Subject: [PATCH 3/4] l3cfg: remove routes added by NM on reapply
By default, on reapply we were only syncing the main routes table. This
causes that routes added by NM to other tables are not removed on
reapply. This was done to preserve routes added externally, but routes
added by NM itself should be removed.
Add a new route table syncing mode "main + NM routes". This mode
maintains the normal behaviour of syncing completely the main table,
and for other tables removes only routes that were added by us, leaving
the rest untouched. Use this mode by default, as this is what a user
would expect on reapply.
Note: this might not work if NM is restarted between the profile being
modified and the reapply, because NM forgets what routes were added by
itself because of the restart. This is a rare corner case, though.
Use the D-Bus property "VersionInfo" to expose a capability flag
indicating that this bug is fixed. It is the first capability that we
expose in this way. However, it is convenient to do it this way as it's
something that clients like nmstate needs to know, so they can decide
whether a conn down is needed or not. It is not enough to decide that by
version number because it might be fixed via a downstream patch in distros
like RHEL.
https://issues.redhat.com/browse/RHEL-67324
https://issues.redhat.com/browse/RHEL-66262
Fixes: e9c17fcc9b33 ('l3cfg: default to 'main' route table sync mode')
(cherry picked from commit e330eb9c4a721d158641701cb48cd8094246d258)
---
src/core/nm-l3cfg.c | 22 ++++++-
src/core/nm-manager.c | 29 +++++----
src/libnm-core-public/nm-dbus-interface.h | 13 ++--
src/libnm-platform/nm-platform.c | 78 ++++++++++++++++++++++-
src/libnm-platform/nm-platform.h | 5 +-
src/libnm-platform/nmp-base.h | 4 ++
6 files changed, 127 insertions(+), 24 deletions(-)
diff --git a/src/core/nm-l3cfg.c b/src/core/nm-l3cfg.c
index 57baeac25d..9dd8275b1f 100644
--- a/src/core/nm-l3cfg.c
+++ b/src/core/nm-l3cfg.c
@@ -4997,7 +4997,7 @@ _l3_commit_one(NML3Cfg *self,
}
if (route_table_sync == NM_IP_ROUTE_TABLE_SYNC_MODE_NONE)
- route_table_sync = NM_IP_ROUTE_TABLE_SYNC_MODE_MAIN;
+ route_table_sync = NM_IP_ROUTE_TABLE_SYNC_MODE_MAIN_AND_NM_ROUTES;
if (any_dirty)
_obj_states_track_prune_dirty(self, TRUE);
@@ -5026,6 +5026,8 @@ _l3_commit_one(NML3Cfg *self,
}
if (c_list_is_empty(&self->priv.p->blocked_lst_head_x[IS_IPv4])) {
+ gs_unref_ptrarray GPtrArray *routes_old = NULL;
+
addresses_prune =
nm_platform_ip_address_get_prune_list(self->priv.platform,
addr_family,
@@ -5033,10 +5035,26 @@ _l3_commit_one(NML3Cfg *self,
nm_g_array_data(ipv6_temp_addrs_keep),
nm_g_array_len(ipv6_temp_addrs_keep));
+ if (route_table_sync == NM_IP_ROUTE_TABLE_SYNC_MODE_MAIN_AND_NM_ROUTES) {
+ NMDedupMultiIter iter;
+ const NMPObject *rt_obj;
+
+ routes_old = g_ptr_array_new();
+ nm_l3_config_data_iter_obj_for_each (&iter,
+ l3cd_old,
+ &rt_obj,
+ NMP_OBJECT_TYPE_IP_ROUTE(IS_IPv4))
+ g_ptr_array_add(routes_old, (gpointer) rt_obj);
+
+ nm_platform_route_objs_sort(routes_old, NM_PLATFORM_IP_ROUTE_CMP_TYPE_SEMANTICALLY);
+ }
+
routes_prune = nm_platform_ip_route_get_prune_list(self->priv.platform,
addr_family,
self->priv.ifindex,
- route_table_sync);
+ route_table_sync,
+ routes_old);
+
_obj_state_zombie_lst_prune_all(self, addr_family);
}
} else {
diff --git a/src/core/nm-manager.c b/src/core/nm-manager.c
index 0a7e7b2e4a..a673279712 100644
--- a/src/core/nm-manager.c
+++ b/src/core/nm-manager.c
@@ -462,21 +462,24 @@ static GVariant *
_version_info_get(void)
{
const guint32 arr[] = {
+ /* The array contains as first element NM_VERSION, which can be
+ * used to numerically compare the version (see also NM_ENCODE_VERSION,
+ * nm_utils_version(), nm_encode_version() and nm_decode_version(). */
NM_VERSION,
- };
- /* The array contains as first element NM_VERSION, which can be
- * used to numerically compare the version (see also NM_ENCODE_VERSION,
- * nm_utils_version(), nm_encode_version() and nm_decode_version().
- *
- * The following elements of the array are a bitfield of capabilities.
- * These capabilities should only depend on compile-time abilities
- * (unlike NM_MANAGER_CAPABILITIES, NMCapability). The supported values
- * are from NMVersionInfoCapability enum. This way to expose capabilities
- * is more cumbersome but more efficient compared to NM_MANAGER_CAPABILITIES.
- * As such, it is cheap to add capabilities for something, where you would
- * avoid it as NM_MANAGER_CAPABILITIES due to the overhead.
- */
+ /* The following elements of the array are a bitfield of capabilities.
+ * These capabilities should only depend on compile-time abilities
+ * (unlike NM_MANAGER_CAPABILITIES, NMCapability). The supported values
+ * are from NMVersionInfoCapability enum. This way to expose capabilities
+ * is more cumbersome but more efficient compared to NM_MANAGER_CAPABILITIES.
+ * As such, it is cheap to add capabilities for something, where you would
+ * avoid it as NM_MANAGER_CAPABILITIES due to the overhead.
+ *
+ * Each of the array's elements has 32 bits. This means that capabilities
+ * with index 0-31 goes to element #1, with index 32-63 to element #2,
+ * with index 64-95 to element #3 and so on. */
+ 1 << NM_VERSION_INFO_CAPABILITY_SYNC_ROUTE_WITH_TABLE,
+ };
return nm_g_variant_new_au(arr, G_N_ELEMENTS(arr));
}
diff --git a/src/libnm-core-public/nm-dbus-interface.h b/src/libnm-core-public/nm-dbus-interface.h
index 5eedd7da3a..9c737dbea5 100644
--- a/src/libnm-core-public/nm-dbus-interface.h
+++ b/src/libnm-core-public/nm-dbus-interface.h
@@ -93,16 +93,19 @@
/**
* NMVersionInfoCapability:
- * %_NM_VERSION_INFO_CAPABILITY_UNUSED: a dummy capability. It has no meaning,
- * don't use it.
+ * @NM_VERSION_INFO_CAPABILITY_SYNC_ROUTE_WITH_TABLE: Contains the fix to a bug that
+ * caused that routes in table other than main were not removed on reapply nor
+ * on connection down.
+ * https://issues.redhat.com/browse/RHEL-66262
+ * https://issues.redhat.com/browse/RHEL-67324
*
- * Currently no enum values are defined. These capabilities are exposed
- * on D-Bus in the "VersionInfo" bit field.
+ * The numeric values represent the bit index of the capability. These capabilities
+ * can be queried in the "VersionInfo" D-Bus property.
*
* Since: 1.42
*/
typedef enum {
- _NM_VERSION_INFO_CAPABILITY_UNUSED = 0x7FFFFFFFu,
+ NM_VERSION_INFO_CAPABILITY_SYNC_ROUTE_WITH_TABLE = 0,
} NMVersionInfoCapability;
/**
diff --git a/src/libnm-platform/nm-platform.c b/src/libnm-platform/nm-platform.c
index ac2ecb421c..6523fb8a98 100644
--- a/src/libnm-platform/nm-platform.c
+++ b/src/libnm-platform/nm-platform.c
@@ -61,6 +61,8 @@ G_STATIC_ASSERT(sizeof(((NMPlatformLink *) NULL)->l_address.data) == _NM_UTILS_H
G_STATIC_ASSERT(sizeof(((NMPlatformLink *) NULL)->l_perm_address.data) == _NM_UTILS_HWADDR_LEN_MAX);
G_STATIC_ASSERT(sizeof(((NMPlatformLink *) NULL)->l_broadcast.data) == _NM_UTILS_HWADDR_LEN_MAX);
+static int _route_objs_cmp_values(gconstpointer a, gconstpointer b, gpointer user_data);
+
static const char *
_nmp_link_port_data_to_string(NMPortKind port_kind,
const NMPlatformLinkPortData *port_data,
@@ -4872,11 +4874,24 @@ nm_platform_ip_address_get_prune_list(NMPlatform *self,
return result;
}
+static gboolean
+_route_obj_find_bsearch(GPtrArray *sorted_routes_objs, const NMPObject *route_obj)
+{
+ gssize pos =
+ nm_ptrarray_find_bsearch((gconstpointer *) sorted_routes_objs->pdata,
+ sorted_routes_objs->len,
+ route_obj,
+ _route_objs_cmp_values,
+ GINT_TO_POINTER((int) NM_PLATFORM_IP_ROUTE_CMP_TYPE_SEMANTICALLY));
+ return pos >= 0;
+}
+
GPtrArray *
nm_platform_ip_route_get_prune_list(NMPlatform *self,
int addr_family,
int ifindex,
- NMIPRouteTableSyncMode route_table_sync)
+ NMIPRouteTableSyncMode route_table_sync,
+ GPtrArray *sorted_old_routes_objs)
{
NMPLookup lookup;
GPtrArray *routes_prune = NULL;
@@ -4891,9 +4906,20 @@ nm_platform_ip_route_get_prune_list(NMPlatform *self,
nm_assert(NM_IN_SET(route_table_sync,
NM_IP_ROUTE_TABLE_SYNC_MODE_MAIN,
NM_IP_ROUTE_TABLE_SYNC_MODE_ALL_EXCEPT_LOCAL,
+ NM_IP_ROUTE_TABLE_SYNC_MODE_MAIN_AND_NM_ROUTES,
NM_IP_ROUTE_TABLE_SYNC_MODE_ALL,
NM_IP_ROUTE_TABLE_SYNC_MODE_ALL_PRUNE));
+ if (route_table_sync == NM_IP_ROUTE_TABLE_SYNC_MODE_MAIN_AND_NM_ROUTES) {
+ nm_assert(sorted_old_routes_objs);
+ nm_assert(nm_utils_ptrarray_is_sorted(
+ (gconstpointer *) sorted_old_routes_objs->pdata,
+ sorted_old_routes_objs->len,
+ FALSE,
+ _route_objs_cmp_values,
+ GINT_TO_POINTER((int) NM_PLATFORM_IP_ROUTE_CMP_TYPE_SEMANTICALLY)));
+ }
+
nmp_lookup_init_object_by_ifindex(&lookup,
NMP_OBJECT_TYPE_IP_ROUTE(NM_IS_IPv4(addr_family)),
ifindex);
@@ -4915,6 +4941,11 @@ nm_platform_ip_route_get_prune_list(NMPlatform *self,
if (!nm_platform_route_table_is_main(nm_platform_ip_route_get_effective_table(&rt->rx)))
continue;
break;
+ case NM_IP_ROUTE_TABLE_SYNC_MODE_MAIN_AND_NM_ROUTES:
+ if (!nm_platform_route_table_is_main(nm_platform_ip_route_get_effective_table(&rt->rx))
+ && !_route_obj_find_bsearch(sorted_old_routes_objs, obj))
+ continue;
+ break;
case NM_IP_ROUTE_TABLE_SYNC_MODE_ALL_EXCEPT_LOCAL:
if (nm_platform_ip_route_get_effective_table(&rt->rx) == RT_TABLE_LOCAL)
continue;
@@ -5284,7 +5315,8 @@ nm_platform_ip_route_flush(NMPlatform *self, int addr_family, int ifindex)
routes_prune = nm_platform_ip_route_get_prune_list(self,
AF_INET,
ifindex,
- NM_IP_ROUTE_TABLE_SYNC_MODE_ALL_PRUNE);
+ NM_IP_ROUTE_TABLE_SYNC_MODE_ALL_PRUNE,
+ NULL);
success &= nm_platform_ip_route_sync(self, AF_INET, ifindex, NULL, routes_prune, NULL);
}
if (NM_IN_SET(addr_family, AF_UNSPEC, AF_INET6)) {
@@ -5293,7 +5325,8 @@ nm_platform_ip_route_flush(NMPlatform *self, int addr_family, int ifindex)
routes_prune = nm_platform_ip_route_get_prune_list(self,
AF_INET6,
ifindex,
- NM_IP_ROUTE_TABLE_SYNC_MODE_ALL_PRUNE);
+ NM_IP_ROUTE_TABLE_SYNC_MODE_ALL_PRUNE,
+ NULL);
success &= nm_platform_ip_route_sync(self, AF_INET6, ifindex, NULL, routes_prune, NULL);
}
return success;
@@ -8767,6 +8800,45 @@ nm_platform_lnk_wireguard_cmp(const NMPlatformLnkWireGuard *a, const NMPlatformL
return 0;
}
+static int
+_route_objs_cmp_values(gconstpointer a, gconstpointer b, gpointer user_data)
+{
+ const NMPObject *a_obj = a;
+ const NMPObject *b_obj = b;
+ NMPlatformIPRouteCmpType cmp_type = GPOINTER_TO_INT(user_data);
+
+ nm_assert(a_obj && b_obj);
+ nm_assert(NMP_OBJECT_CAST_IP_ROUTE(a_obj) && NMP_OBJECT_CAST_IP_ROUTE(b_obj));
+
+ if (NMP_OBJECT_GET_ADDR_FAMILY(a_obj) != NMP_OBJECT_GET_ADDR_FAMILY(b_obj)) {
+ return NMP_OBJECT_GET_ADDR_FAMILY(a_obj) == AF_INET ? 1 : -1;
+ } else if (NMP_OBJECT_GET_ADDR_FAMILY(a_obj) == AF_INET) {
+ return nm_platform_ip4_route_cmp(NMP_OBJECT_CAST_IP4_ROUTE(a_obj),
+ NMP_OBJECT_CAST_IP4_ROUTE(b_obj),
+ cmp_type);
+ } else {
+ return nm_platform_ip6_route_cmp(NMP_OBJECT_CAST_IP6_ROUTE(a_obj),
+ NMP_OBJECT_CAST_IP6_ROUTE(b_obj),
+ cmp_type);
+ }
+}
+
+static int
+_route_objs_cmp(gconstpointer a, gconstpointer b, gpointer user_data)
+{
+ nm_assert(a && b);
+
+ return _route_objs_cmp_values(*((const NMPObject **) a), *((const NMPObject **) b), user_data);
+}
+
+void
+nm_platform_route_objs_sort(GPtrArray *routes_objs, NMPlatformIPRouteCmpType cmp_type)
+{
+ nm_assert(routes_objs);
+
+ g_ptr_array_sort_with_data(routes_objs, _route_objs_cmp, GINT_TO_POINTER((int) cmp_type));
+}
+
void
nm_platform_ip4_rt_nexthop_hash_update(const NMPlatformIP4RtNextHop *obj,
gboolean for_id,
diff --git a/src/libnm-platform/nm-platform.h b/src/libnm-platform/nm-platform.h
index e33be81356..22bf0fdbec 100644
--- a/src/libnm-platform/nm-platform.h
+++ b/src/libnm-platform/nm-platform.h
@@ -2389,7 +2389,8 @@ int nm_platform_ip6_route_add(NMPlatform *self, NMPNlmFlags flags, const NMPlatf
GPtrArray *nm_platform_ip_route_get_prune_list(NMPlatform *self,
int addr_family,
int ifindex,
- NMIPRouteTableSyncMode route_table_sync);
+ NMIPRouteTableSyncMode route_table_sync,
+ GPtrArray *old_routes_objs);
gboolean nm_platform_ip_route_sync(NMPlatform *self,
int addr_family,
@@ -2495,6 +2496,8 @@ int nm_platform_lnk_wireguard_cmp(const NMPlatformLnkWireGuard *a, const NMPlatf
GHashTable *nm_platform_ip4_address_addr_to_hash(NMPlatform *self, int ifindex);
+void nm_platform_route_objs_sort(GPtrArray *routes_objs, NMPlatformIPRouteCmpType cmp_type);
+
int nm_platform_ip4_route_cmp(const NMPlatformIP4Route *a,
const NMPlatformIP4Route *b,
NMPlatformIPRouteCmpType cmp_type);
diff --git a/src/libnm-platform/nmp-base.h b/src/libnm-platform/nmp-base.h
index 9e2e1063a1..3784a78e9d 100644
--- a/src/libnm-platform/nmp-base.h
+++ b/src/libnm-platform/nmp-base.h
@@ -211,6 +211,9 @@ nmp_object_type_to_flags(NMPObjectType obj_type)
* @NM_IP_ROUTE_TABLE_SYNC_MODE_NONE: indicate an invalid setting.
* @NM_IP_ROUTE_TABLE_SYNC_MODE_MAIN: only the main table is synced. For all
* other tables, NM won't delete any extra routes.
+ * @NM_IP_ROUTE_TABLE_SYNC_MODE_MAIN_AND_NM_ROUTES: only the main table is synced,
+ * plus individual routes in other tables added by NM, leaving routes that
+ * were not added by NM untouched.
* @NM_IP_ROUTE_TABLE_SYNC_MODE_ALL_EXCEPT_LOCAL: NM will sync all tables, except
* the local table (255).
* @NM_IP_ROUTE_TABLE_SYNC_MODE_ALL: NM will sync all tables, including the
@@ -222,6 +225,7 @@ nmp_object_type_to_flags(NMPObjectType obj_type)
typedef enum {
NM_IP_ROUTE_TABLE_SYNC_MODE_NONE,
NM_IP_ROUTE_TABLE_SYNC_MODE_MAIN,
+ NM_IP_ROUTE_TABLE_SYNC_MODE_MAIN_AND_NM_ROUTES,
NM_IP_ROUTE_TABLE_SYNC_MODE_ALL_EXCEPT_LOCAL,
NM_IP_ROUTE_TABLE_SYNC_MODE_ALL,
NM_IP_ROUTE_TABLE_SYNC_MODE_ALL_PRUNE,
--
2.47.1
From 2ac691360f265d655b1e2e1caf9344ae0ec6a802 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=8D=C3=B1igo=20Huguet?= <ihuguet@redhat.com>
Date: Tue, 10 Dec 2024 10:15:52 +0100
Subject: [PATCH 4/4] l3cfg: get routes to prune from the list of routes
configured by NM
We always sync routes in the main table, but routes in tables other
than main are only pruned if were added by NM, by default. Get the list
of routes to prune from other tables using obj_state->os_nm_configured,
as this tracks what routes were effectively added by NM.
The list should be the same that the one obtained from l3cfg_old. It
could be different if we commited the l3cfg with an NMIPRouteTableSyncMode
of NM_IP_ROUTE_TABLE_SYNC_MODE_MAIN, thus not deleting some routes at
commit time. However, since the previous commit, we never do it.
What all this shows is that starting to use different NMIPRouteTableSyncModes
is probably a bad idea: it will be a source of bugs of routes not being
always synced as users expect, and the use case for them is still to be
known.
(cherry picked from commit c06d130c38a4d4238e18c06f0152f8f1a6bafa7f)
---
src/core/nm-l3cfg.c | 20 +++++++++++---------
1 file changed, 11 insertions(+), 9 deletions(-)
diff --git a/src/core/nm-l3cfg.c b/src/core/nm-l3cfg.c
index 9dd8275b1f..f29cfa1baf 100644
--- a/src/core/nm-l3cfg.c
+++ b/src/core/nm-l3cfg.c
@@ -5036,15 +5036,17 @@ _l3_commit_one(NML3Cfg *self,
nm_g_array_len(ipv6_temp_addrs_keep));
if (route_table_sync == NM_IP_ROUTE_TABLE_SYNC_MODE_MAIN_AND_NM_ROUTES) {
- NMDedupMultiIter iter;
- const NMPObject *rt_obj;
-
- routes_old = g_ptr_array_new();
- nm_l3_config_data_iter_obj_for_each (&iter,
- l3cd_old,
- &rt_obj,
- NMP_OBJECT_TYPE_IP_ROUTE(IS_IPv4))
- g_ptr_array_add(routes_old, (gpointer) rt_obj);
+ GHashTableIter h_iter;
+ ObjStateData *obj_state;
+
+ /* Get list of all the routes that were configured by us */
+ routes_old = g_ptr_array_new_with_free_func((GDestroyNotify) nmp_object_unref);
+ g_hash_table_iter_init(&h_iter, self->priv.p->obj_state_hash);
+ while (g_hash_table_iter_next(&h_iter, (gpointer *) &obj_state, NULL)) {
+ if (NMP_OBJECT_GET_TYPE(obj_state->obj) == NMP_OBJECT_TYPE_IP_ROUTE(IS_IPv4)
+ && obj_state->os_nm_configured)
+ g_ptr_array_add(routes_old, (gpointer) nmp_object_ref(obj_state->obj));
+ }
nm_platform_route_objs_sort(routes_old, NM_PLATFORM_IP_ROUTE_CMP_TYPE_SEMANTICALLY);
}
--
2.47.1

60
SOURCES/1007-vpn-place-gateway-route-to-table-defined-in-ipvx-route-table-rhel-73166.patch
View File

@ -1,60 +0,0 @@
From d9addb0ded2da8b86fa4b6e1cdc4b96f83729afd Mon Sep 17 00:00:00 2001
From: Gris Ge <fge@redhat.com>
Date: Wed, 11 Dec 2024 22:22:59 +0800
Subject: [PATCH 1/1] vpn: Place gateway route to table defined in
ipvx.route-table
Previously, NM create direct route to gateway to main(254) route table
regardless `ipvx.route-table` value.
Fixed by setting `NMPlatformIP4Route.table_any` to `TRUE`.
Resolves: https://issues.redhat.com/browse/RHEL-69901
Signed-off-by: Gris Ge <fge@redhat.com>
(cherry picked from commit 6d06286f1db7421bef1c4dab5fada918c59daf87)
(cherry picked from commit 29f23d3519dbb4dcffc9682fbdfb721cfc0b851c)
(cherry picked from commit 0dc07c5ca4d32b5ea8e104cbad106da9bb5b096d)
---
src/core/vpn/nm-vpn-connection.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/core/vpn/nm-vpn-connection.c b/src/core/vpn/nm-vpn-connection.c
index b5a7fc4c29..88c5703a69 100644
--- a/src/core/vpn/nm-vpn-connection.c
+++ b/src/core/vpn/nm-vpn-connection.c
@@ -1242,6 +1242,7 @@ _parent_device_l3cd_add_gateway_route(NML3ConfigData *l3cd,
.gateway = parent_gw.addr4,
.rt_source = NM_IP_CONFIG_SOURCE_VPN,
.metric_any = TRUE,
+ .table_any = TRUE,
};
} else {
route.r6 = (NMPlatformIP6Route){
@@ -1251,6 +1252,7 @@ _parent_device_l3cd_add_gateway_route(NML3ConfigData *l3cd,
.gateway = parent_gw.addr6,
.rt_source = NM_IP_CONFIG_SOURCE_VPN,
.metric_any = TRUE,
+ .table_any = TRUE,
};
}
nm_l3_config_data_add_route(l3cd, addr_family, NULL, &route.rx);
@@ -1267,6 +1269,7 @@ _parent_device_l3cd_add_gateway_route(NML3ConfigData *l3cd,
.plen = 32,
.rt_source = NM_IP_CONFIG_SOURCE_VPN,
.metric_any = TRUE,
+ .table_any = TRUE,
};
} else {
route.r6 = (NMPlatformIP6Route){
@@ -1274,6 +1277,7 @@ _parent_device_l3cd_add_gateway_route(NML3ConfigData *l3cd,
.plen = 128,
.rt_source = NM_IP_CONFIG_SOURCE_VPN,
.metric_any = TRUE,
+ .table_any = TRUE,
};
}
nm_l3_config_data_add_route(l3cd, addr_family, NULL, &route.rx);
--
2.45.0

238
SOURCES/1008-vpn-support-routing-rules-in-vpn-conenctions-rhel-73167.patch
View File

@ -1,238 +0,0 @@
From 50331402dae72990a268704e4047d6c762572755 Mon Sep 17 00:00:00 2001
From: Wen Liang <wenliang@redhat.com>
Date: Fri, 20 Dec 2024 10:10:25 -0500
Subject: [PATCH 1/1] vpn: fix routing rules support in vpn conenctions
This commit introduces the ability to manage routing rules specifically
for VPN connections. These rules allow finer control over traffic
routing by enabling the specification of policy-based routing for
traffic over the VPN.
- Updated the connection backend to apply rules during VPN activation.
- Ensured proper cleanup of routing rules upon VPN deactivation.
This enhancement improves VPN usability in scenarios requiring advanced
routing configurations, such as split tunneling and traffic
prioritization.
Resolves: https://issues.redhat.com/browse/RHEL-70160
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2092
https://gitlab.freedesktop.org/NetworkManager/NetworkManager-ci/-/merge_requests/1842
(cherry picked from commit 308e34a501482d01c1cc6c87c38791ad9f34dc1f)
(cherry picked from commit a24b347e93e37b04aa0f5698efcb462c02517c09)
(cherry picked from commit b5c46f8a8d644e1c5a6dc07e06d5dab3338e9a91)
---
src/core/devices/nm-device.c | 62 +++++++++++++++++++-------------
src/core/devices/nm-device.h | 6 ++++
src/core/vpn/nm-vpn-connection.c | 7 +++-
3 files changed, 50 insertions(+), 25 deletions(-)
diff --git a/src/core/devices/nm-device.c b/src/core/devices/nm-device.c
index f9a2e7e8fe..070ba46495 100644
--- a/src/core/devices/nm-device.c
+++ b/src/core/devices/nm-device.c
@@ -10327,31 +10327,34 @@ lldp_setup(NMDevice *self, NMTernary enabled)
* as externally added ones. Don't restart NetworkManager if
* you care about that.
*/
-static void
-_routing_rules_sync(NMDevice *self, NMTernary set_mode)
+void
+nm_routing_rules_sync(NMConnection *applied_connection,
+ NMTernary set_mode,
+ GPtrArray *(*get_extra_rules)(NMDevice *self),
+ NMDevice *self,
+ NMNetns *netns)
{
- NMDevicePrivate *priv = NM_DEVICE_GET_PRIVATE(self);
- NMPGlobalTracker *global_tracker = nm_netns_get_global_tracker(nm_device_get_netns(self));
- NMDeviceClass *klass = NM_DEVICE_GET_CLASS(self);
+ NMPGlobalTracker *global_tracker = nm_netns_get_global_tracker(netns);
gboolean untrack_only_dirty = FALSE;
gboolean keep_deleted_rules;
gpointer user_tag_1;
gpointer user_tag_2;
- /* take two arbitrary user-tag pointers that belong to @self. */
- user_tag_1 = &priv->v4_route_table;
- user_tag_2 = &priv->v6_route_table;
+ if (self) {
+ user_tag_1 = ((guint32 *) self) + 1;
+ user_tag_2 = ((guint32 *) self) + 2;
+ } else {
+ user_tag_1 = ((guint32 *) applied_connection) + 1;
+ user_tag_2 = ((guint32 *) applied_connection) + 2;
+ }
if (set_mode == NM_TERNARY_TRUE) {
- NMConnection *applied_connection;
NMSettingIPConfig *s_ip;
guint i, num;
int is_ipv4;
untrack_only_dirty = TRUE;
- applied_connection = nm_device_get_applied_connection(self);
-
for (is_ipv4 = 0; applied_connection && is_ipv4 < 2; is_ipv4++) {
int addr_family = is_ipv4 ? AF_INET : AF_INET6;
@@ -10390,10 +10393,10 @@ _routing_rules_sync(NMDevice *self, NMTernary set_mode)
}
}
- if (klass->get_extra_rules) {
+ if (get_extra_rules) {
gs_unref_ptrarray GPtrArray *extra_rules = NULL;
- extra_rules = klass->get_extra_rules(self);
+ extra_rules = get_extra_rules(self);
if (extra_rules) {
for (i = 0; i < extra_rules->len; i++) {
nmp_global_tracker_track_rule(
@@ -10408,7 +10411,7 @@ _routing_rules_sync(NMDevice *self, NMTernary set_mode)
}
nmp_global_tracker_untrack_all(global_tracker, user_tag_1, !untrack_only_dirty, TRUE);
- if (klass->get_extra_rules)
+ if (get_extra_rules)
nmp_global_tracker_untrack_all(global_tracker, user_tag_2, !untrack_only_dirty, TRUE);
keep_deleted_rules = FALSE;
@@ -10468,8 +10471,8 @@ tc_commit(NMDevice *self)
static void
activate_stage2_device_config(NMDevice *self)
{
- NMDevicePrivate *priv = NM_DEVICE_GET_PRIVATE(self);
- NMDeviceClass *klass;
+ NMDevicePrivate *priv = NM_DEVICE_GET_PRIVATE(self);
+ NMDeviceClass *klass = NM_DEVICE_GET_CLASS(self);
NMActStageReturn ret;
NMSettingWired *s_wired;
gboolean no_firmware = FALSE;
@@ -10494,7 +10497,11 @@ activate_stage2_device_config(NMDevice *self)
priv->tc_committed = TRUE;
}
- _routing_rules_sync(self, NM_TERNARY_TRUE);
+ nm_routing_rules_sync(nm_device_get_applied_connection(self),
+ NM_TERNARY_TRUE,
+ klass->get_extra_rules,
+ self,
+ nm_device_get_netns(self));
if (!nm_device_sys_iface_state_is_external_or_assume(self)) {
if (!nm_device_bring_up_full(self, FALSE, TRUE, &no_firmware)) {
@@ -10506,7 +10513,6 @@ activate_stage2_device_config(NMDevice *self)
}
}
- klass = NM_DEVICE_GET_CLASS(self);
if (klass->act_stage2_config_also_for_external_or_assume
|| !nm_device_sys_iface_state_is_external_or_assume(self)) {
NMDeviceStateReason failure_reason = NM_DEVICE_STATE_REASON_NONE;
@@ -13881,7 +13887,11 @@ check_and_reapply_connection(NMDevice *self,
nm_device_activate_schedule_stage3_ip_config(self, FALSE);
- _routing_rules_sync(self, NM_TERNARY_TRUE);
+ nm_routing_rules_sync(nm_device_get_applied_connection(self),
+ NM_TERNARY_TRUE,
+ klass->get_extra_rules,
+ self,
+ nm_device_get_netns(self));
reactivate_proxy_config(self);
@@ -16444,6 +16454,7 @@ static void
nm_device_cleanup(NMDevice *self, NMDeviceStateReason reason, CleanupType cleanup_type)
{
NMDevicePrivate *priv;
+ NMDeviceClass *klass = NM_DEVICE_GET_CLASS(self);
int ifindex;
g_return_if_fail(NM_IS_DEVICE(self));
@@ -16468,8 +16479,8 @@ nm_device_cleanup(NMDevice *self, NMDeviceStateReason reason, CleanupType cleanu
}
/* Call device type-specific deactivation */
- if (NM_DEVICE_GET_CLASS(self)->deactivate)
- NM_DEVICE_GET_CLASS(self)->deactivate(self);
+ if (klass->deactivate)
+ klass->deactivate(self);
ifindex = nm_device_get_ip_ifindex(self);
@@ -16491,8 +16502,11 @@ nm_device_cleanup(NMDevice *self, NMDeviceStateReason reason, CleanupType cleanu
priv->tc_committed = FALSE;
- _routing_rules_sync(self,
- cleanup_type == CLEANUP_TYPE_KEEP ? NM_TERNARY_DEFAULT : NM_TERNARY_FALSE);
+ nm_routing_rules_sync(nm_device_get_applied_connection(self),
+ cleanup_type == CLEANUP_TYPE_KEEP ? NM_TERNARY_DEFAULT : NM_TERNARY_FALSE,
+ klass->get_extra_rules,
+ self,
+ nm_device_get_netns(self));
if (ifindex > 0)
nm_platform_ip4_dev_route_blacklist_set(nm_device_get_platform(self), ifindex, NULL);
@@ -16521,7 +16535,7 @@ nm_device_cleanup(NMDevice *self, NMDeviceStateReason reason, CleanupType cleanu
/* for other device states (UNAVAILABLE, DISCONNECTED), allow the
* device to overwrite the reset behavior, so that Wi-Fi can set
* a randomized MAC address used during scanning. */
- NM_DEVICE_GET_CLASS(self)->deactivate_reset_hw_addr(self);
+ klass->deactivate_reset_hw_addr(self);
}
}
diff --git a/src/core/devices/nm-device.h b/src/core/devices/nm-device.h
index 37eda5c0c8..c3a06c12e6 100644
--- a/src/core/devices/nm-device.h
+++ b/src/core/devices/nm-device.h
@@ -848,4 +848,10 @@ void nm_device_clear_dns_lookup_data(NMDevice *self, const char *reason);
gboolean nm_device_get_allow_autoconnect_on_external(NMDevice *self);
+void nm_routing_rules_sync(NMConnection *applied_connection,
+ NMTernary set_mode,
+ GPtrArray *(*get_extra_rules)(NMDevice *self),
+ NMDevice *self,
+ NMNetns *netns);
+
#endif /* __NETWORKMANAGER_DEVICE_H__ */
diff --git a/src/core/vpn/nm-vpn-connection.c b/src/core/vpn/nm-vpn-connection.c
index 88c5703a69..c14682b8cc 100644
--- a/src/core/vpn/nm-vpn-connection.c
+++ b/src/core/vpn/nm-vpn-connection.c
@@ -905,7 +905,8 @@ fw_call_cleanup(NMVpnConnection *self)
static void
vpn_cleanup(NMVpnConnection *self, NMDevice *parent_dev)
{
- const char *iface;
+ NMVpnConnectionPrivate *priv = NM_VPN_CONNECTION_GET_PRIVATE(self);
+ const char *iface;
/* Remove zone from firewall */
iface = nm_vpn_connection_get_ip_iface(self, FALSE);
@@ -917,6 +918,8 @@ vpn_cleanup(NMVpnConnection *self, NMDevice *parent_dev)
fw_call_cleanup(self);
_l3cfg_l3cd_clear_all(self);
+
+ nm_routing_rules_sync(_get_applied_connection(self), NM_TERNARY_FALSE, NULL, NULL, priv->netns);
}
static void
@@ -2278,6 +2281,8 @@ _dbus_signal_ip_config_cb(NMVpnConnection *self, int addr_family, GVariant *dict
_l3cfg_l3cd_set(self, L3CD_TYPE_IP_X(IS_IPv4), l3cd);
+ nm_routing_rules_sync(_get_applied_connection(self), NM_TERNARY_TRUE, NULL, NULL, priv->netns);
+
_check_complete(self, TRUE);
}
--
2.45.0

120
SOURCES/1009-core-prevent-the-activation-of-unavailable-devices-rhel-78745.patch
View File

@ -1,120 +0,0 @@
From a12b1dfdb0393687ae0fc505c57c76de2907209c Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Mon, 10 Feb 2025 15:15:18 +0100
Subject: [PATCH 1/2] core: cleanup nm_manager_get_best_device_for_connection()
Rename "unavailable_devices" to "exclude_devices", as the
"unavailable" term has a specific, different meaning in NetworkManager
(i.e. the device is in the UNAVAILABLE state). Also, use
nm_g_hash_table_contains() when needed.
(cherry picked from commit 6c1eb99d3258ac8cf969cb648a988565c205a205)
(cherry picked from commit da866c4cda996b14d5ea8c3540c8ba0d5d798e9a)
(cherry picked from commit 0045a0240cb64814126dc0f7adbcbaee9aca3b54)
---
src/core/nm-manager.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/src/core/nm-manager.c b/src/core/nm-manager.c
index a673279712..cd79653078 100644
--- a/src/core/nm-manager.c
+++ b/src/core/nm-manager.c
@@ -4536,7 +4536,7 @@ nm_manager_get_best_device_for_connection(NMManager *self,
NMSettingsConnection *sett_conn,
NMConnection *connection,
gboolean for_user_request,
- GHashTable *unavailable_devices,
+ GHashTable *exclude_devices,
GError **error)
{
NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE(self);
@@ -4619,7 +4619,7 @@ nm_manager_get_best_device_for_connection(NMManager *self,
ac_device = nm_active_connection_get_device(ac);
if (ac_device
- && ((unavailable_devices && g_hash_table_contains(unavailable_devices, ac_device))
+ && (nm_g_hash_table_contains(exclude_devices, ac_device)
|| !nm_device_check_connection_available(ac_device, connection, flags, NULL, NULL)))
ac_device = NULL;
@@ -4635,9 +4635,7 @@ nm_manager_get_best_device_for_connection(NMManager *self,
NMDevice *ac_device2 = nm_active_connection_get_device(ac2);
NMActiveConnectionState ac_state2;
- if (!ac_device2
- || (unavailable_devices
- && g_hash_table_contains(unavailable_devices, ac_device2))
+ if (!ac_device2 || nm_g_hash_table_contains(exclude_devices, ac_device2)
|| !nm_device_check_connection_available(ac_device2,
connection,
flags,
@@ -4698,7 +4696,7 @@ found_better:
GError *local = NULL;
DeviceActivationPrio prio;
- if (unavailable_devices && g_hash_table_contains(unavailable_devices, device))
+ if (nm_g_hash_table_contains(exclude_devices, device))
continue;
/* determine the priority of this device. Currently, this priority is independent
--
2.48.1
From 00a4e1cc0495e13ac72d0df82792654168e92781 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Mon, 10 Feb 2025 15:27:43 +0100
Subject: [PATCH 2/2] core: prevent the activation of unavailable devices
When autoconnecting ports of a controller, we look for all candidate
(device,connection) tuples through the following call trace:
-> autoconnect_ports()
-> find_ports()
-> nm_manager_get_best_device_for_connection()
-> nm_device_check_connection_available()
-> _nm_device_check_connection_available()
The last function checks that a specific device is available to be
activated with the given connection. For virtual devices, it only
checks that the device is compatible with the connection based on the
device type and characteristics, without considering any live network
information.
For OVS interfaces, this doesn't work as expected. During startup, NM
performs a cleanup of the ovsdb to remove entries that were previously
added by NM. When the cleanup is terminated, NMOvsdb sets the "ready"
flag and is ready to start the activation of new OVS interfaces. With
the current mechanism, it is possible that a OVS-interface connection
gets activated via the autoconnect-ports mechanism without checking
the "ready" flag.
Fix that by also checking that the device is available for activation.
(cherry picked from commit 774badb1519a76fb3b7c0f60cf46ee5ea25bce69)
(cherry picked from commit f459c7fecce8445515d052b5b48f10d808e97fff)
(cherry picked from commit b495d6bd55f4068596d380ce81614eb3d86943a3)
---
src/core/nm-manager.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/core/nm-manager.c b/src/core/nm-manager.c
index cd79653078..36b8bda0f5 100644
--- a/src/core/nm-manager.c
+++ b/src/core/nm-manager.c
@@ -4699,6 +4699,12 @@ found_better:
if (nm_g_hash_table_contains(exclude_devices, device))
continue;
+ if (!nm_device_is_available(device,
+ for_user_request
+ ? NM_DEVICE_CHECK_DEV_AVAILABLE_FOR_USER_REQUEST
+ : NM_DEVICE_CHECK_DEV_AVAILABLE_NONE))
+ continue;
+
/* determine the priority of this device. Currently, this priority is independent
* of the profile (connection) and the device's details (aside the state).
*
--
2.48.1

242
SOURCES/1010-fix-nmtui-segfault-adding-veth-rhel-75763.patch
View File

@ -1,242 +0,0 @@
From dd50a5199f1661c9d2226d8d5c01b0b485a9bc86 Mon Sep 17 00:00:00 2001
From: Jan Vaclav <jvaclav@redhat.com>
Date: Wed, 15 May 2024 12:57:41 +0200
Subject: [PATCH 1/2] nmtui: add veth page
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1943
(cherry picked from commit 187ff4c73b9ae1c3c020bd999633306b09eabead)
---
Makefile.am | 2 +
src/nmtui/meson.build | 1 +
src/nmtui/nmt-editor.c | 3 ++
src/nmtui/nmt-page-veth.c | 92 +++++++++++++++++++++++++++++++++++++++
src/nmtui/nmt-page-veth.h | 32 ++++++++++++++
5 files changed, 130 insertions(+)
create mode 100644 src/nmtui/nmt-page-veth.c
create mode 100644 src/nmtui/nmt-page-veth.h
diff --git a/Makefile.am b/Makefile.am
index a0daa95314..ee92a1de53 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -5304,6 +5304,8 @@ src_nmtui_nmtui_SOURCES = \
src/nmtui/nmt-page-team-port.h \
src/nmtui/nmt-page-team.c \
src/nmtui/nmt-page-team.h \
+ src/nmtui/nmt-page-veth.c \
+ src/nmtui/nmt-page-veth.h \
src/nmtui/nmt-page-vlan.c \
src/nmtui/nmt-page-vlan.h \
src/nmtui/nmt-page-wifi.c \
diff --git a/src/nmtui/meson.build b/src/nmtui/meson.build
index 13aa864750..eecfaa9927 100644
--- a/src/nmtui/meson.build
+++ b/src/nmtui/meson.build
@@ -32,6 +32,7 @@ executable(
'nmt-page-ppp.c',
'nmt-page-team.c',
'nmt-page-team-port.c',
+ 'nmt-page-veth.c',
'nmt-page-vlan.c',
'nmt-page-wifi.c',
'nmt-page-wireguard.c',
diff --git a/src/nmtui/nmt-editor.c b/src/nmtui/nmt-editor.c
index 6e502778d1..6205736a78 100644
--- a/src/nmtui/nmt-editor.c
+++ b/src/nmtui/nmt-editor.c
@@ -39,6 +39,7 @@
#include "nmt-page-ppp.h"
#include "nmt-page-team.h"
#include "nmt-page-team-port.h"
+#include "nmt-page-veth.h"
#include "nmt-page-vlan.h"
#include "nmt-page-wifi.h"
#include "nmt-page-wireguard.h"
@@ -369,6 +370,8 @@ nmt_editor_constructed(GObject *object)
page = nmt_page_dsl_new(priv->edit_connection, deventry);
else if (nm_connection_is_type(priv->edit_connection, NM_SETTING_TEAM_SETTING_NAME))
page = nmt_page_team_new(priv->edit_connection, deventry);
+ else if (nm_connection_is_type(priv->edit_connection, NM_SETTING_VETH_SETTING_NAME))
+ page = nmt_page_veth_new(priv->edit_connection, deventry);
else if (nm_connection_is_type(priv->edit_connection, NM_SETTING_VLAN_SETTING_NAME))
page = nmt_page_vlan_new(priv->edit_connection, deventry);
else if (nm_connection_is_type(priv->edit_connection, NM_SETTING_WIRED_SETTING_NAME))
diff --git a/src/nmtui/nmt-page-veth.c b/src/nmtui/nmt-page-veth.c
new file mode 100644
index 0000000000..35d0d78d58
--- /dev/null
+++ b/src/nmtui/nmt-page-veth.c
@@ -0,0 +1,92 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+/*
+ * Copyright (C) 2024 Red Hat, Inc.
+ */
+/**
+ * SECTION:nmt-page-veth
+ * @short_description: The editor page for veth connections
+ */
+
+#include "libnm-client-aux-extern/nm-default-client.h"
+
+#include <linux/if_ether.h>
+
+#include "nmt-page-veth.h"
+
+#include "libnm-core-aux-intern/nm-libnm-core-utils.h"
+#include "nmt-device-entry.h"
+#include "nmt-mac-entry.h"
+#include "nmt-mtu-entry.h"
+
+G_DEFINE_TYPE(NmtPageVeth, nmt_page_veth, NMT_TYPE_EDITOR_PAGE_DEVICE)
+
+#define NMT_PAGE_VETH_GET_PRIVATE(o) _NM_GET_PRIVATE(self, NmtPageVeth, NMT_IS_PAGE_VETH)
+
+static void
+nmt_page_veth_init(NmtPageVeth *veth)
+{}
+
+NmtEditorPage *
+nmt_page_veth_new(NMConnection *conn, NmtDeviceEntry *deventry)
+{
+ return g_object_new(NMT_TYPE_PAGE_VETH, "connection", conn, "device-entry", deventry, NULL);
+}
+
+static void
+nmt_page_veth_constructed(GObject *object)
+{
+ NmtPageVeth *veth = NMT_PAGE_VETH(object);
+ NmtEditorSection *section;
+ NmtEditorGrid *grid;
+ NMSettingVeth *s_veth;
+ NMSettingWired *s_wired;
+ NmtNewtWidget *widget;
+ NMConnection *conn;
+
+ conn = nmt_editor_page_get_connection(NMT_EDITOR_PAGE(veth));
+ s_veth = _nm_connection_ensure_setting(conn, NM_TYPE_SETTING_VETH);
+ s_wired = _nm_connection_ensure_setting(conn, NM_TYPE_SETTING_WIRED);
+
+ section = nmt_editor_section_new(_("VETH"), NULL, TRUE);
+ grid = nmt_editor_section_get_body(section);
+
+ widget = nmt_newt_entry_new(40, 0);
+ nmt_editor_grid_append(grid, _("Peer"), widget, NULL);
+ g_object_bind_property(s_veth,
+ NM_SETTING_VETH_PEER,
+ widget,
+ "text",
+ G_BINDING_SYNC_CREATE | G_BINDING_BIDIRECTIONAL);
+
+ nmt_editor_page_add_section(NMT_EDITOR_PAGE(veth), section);
+
+ section = nmt_editor_section_new(_("ETHERNET"), NULL, FALSE);
+ grid = nmt_editor_section_get_body(section);
+
+ widget = nmt_mac_entry_new(40, ETH_ALEN, NMT_MAC_ENTRY_TYPE_CLONED_ETHERNET);
+ g_object_bind_property(s_wired,
+ NM_SETTING_WIRED_CLONED_MAC_ADDRESS,
+ widget,
+ "mac-address",
+ G_BINDING_BIDIRECTIONAL | G_BINDING_SYNC_CREATE);
+ nmt_editor_grid_append(grid, _("Cloned MAC address"), widget, NULL);
+
+ widget = nmt_mtu_entry_new();
+ g_object_bind_property(s_wired,
+ NM_SETTING_WIRED_MTU,
+ widget,
+ "mtu",
+ G_BINDING_BIDIRECTIONAL | G_BINDING_SYNC_CREATE);
+ nmt_editor_grid_append(grid, _("MTU"), widget, NULL);
+
+ nmt_editor_page_add_section(NMT_EDITOR_PAGE(veth), section);
+
+ G_OBJECT_CLASS(nmt_page_veth_parent_class)->constructed(object);
+}
+
+static void
+nmt_page_veth_class_init(NmtPageVethClass *veth_class)
+{
+ GObjectClass *object_class = G_OBJECT_CLASS(veth_class);
+ object_class->constructed = nmt_page_veth_constructed;
+}
diff --git a/src/nmtui/nmt-page-veth.h b/src/nmtui/nmt-page-veth.h
new file mode 100644
index 0000000000..8822f3a27d
--- /dev/null
+++ b/src/nmtui/nmt-page-veth.h
@@ -0,0 +1,32 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+/*
+ * Copyright (C) 2024 Red Hat, Inc.
+ */
+
+#ifndef NMT_PAGE_VETH_H
+#define NMT_PAGE_VETH_H
+
+#include "nmt-editor-page-device.h"
+
+#define NMT_TYPE_PAGE_VETH (nmt_page_veth_get_type())
+#define NMT_PAGE_VETH(obj) (_NM_G_TYPE_CHECK_INSTANCE_CAST((obj), NMT_TYPE_PAGE_VETH, NmtPageVeth))
+#define NMT_PAGE_VETH_CLASS(klass) \
+ (G_TYPE_CHECK_CLASS_CAST((klass), NMT_TYPE_PAGE_VETH, NmtPageVethClass))
+#define NMT_IS_PAGE_VETH(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), NMT_TYPE_PAGE_VETH))
+#define NMT_IS_PAGE_VETH_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), NMT_TYPE_PAGE_VETH))
+#define NMT_PAGE_VETH_GET_CLASS(obj) \
+ (G_TYPE_INSTANCE_GET_CLASS((obj), NMT_TYPE_PAGE_VETH, NmtPageVethClass))
+
+typedef struct {
+ NmtEditorPageDevice parent;
+} NmtPageVeth;
+
+typedef struct {
+ NmtEditorPageDeviceClass parent;
+} NmtPageVethClass;
+
+GType nmt_page_veth_get_type(void);
+
+NmtEditorPage *nmt_page_veth_new(NMConnection *conn, NmtDeviceEntry *deventry);
+
+#endif /* NMT_PAGE_VETH_H */
--
2.47.1
From 7d9ed27897d90e6dbd97aef6e7bbb0a181c961df Mon Sep 17 00:00:00 2001
From: Jan Vaclav <jvaclav@redhat.com>
Date: Mon, 20 May 2024 14:04:18 +0200
Subject: [PATCH 2/2] nmtui: include veth devices in activation dialog
(cherry picked from commit e74f506b81595112893997f08cbad8482e7777aa)
---
src/libnm-core-impl/nm-connection.c | 2 ++
src/nmtui/nmt-connect-connection-list.c | 1 +
2 files changed, 3 insertions(+)
diff --git a/src/libnm-core-impl/nm-connection.c b/src/libnm-core-impl/nm-connection.c
index 95fe89a87c..6dace2b73c 100644
--- a/src/libnm-core-impl/nm-connection.c
+++ b/src/libnm-core-impl/nm-connection.c
@@ -3258,6 +3258,8 @@ nm_connection_get_virtual_device_description(NMConnection *connection)
display_type = _("WireGuard");
else if (nm_streq(type, NM_SETTING_TUN_SETTING_NAME))
display_type = _("TUN/TAP");
+ else if (nm_streq(type, NM_SETTING_VETH_SETTING_NAME))
+ display_type = _("Veth");
if (!iface || !display_type)
return NULL;
diff --git a/src/nmtui/nmt-connect-connection-list.c b/src/nmtui/nmt-connect-connection-list.c
index 70264d3ec2..1fd44b2957 100644
--- a/src/nmtui/nmt-connect-connection-list.c
+++ b/src/nmtui/nmt-connect-connection-list.c
@@ -96,6 +96,7 @@ static const char *device_sort_order[] = {"NMDeviceEthernet",
"NMDeviceInfiniband",
"NMDeviceWifi",
NM_SETTING_VLAN_SETTING_NAME,
+ NM_SETTING_VETH_SETTING_NAME,
NM_SETTING_BOND_SETTING_NAME,
NM_SETTING_TEAM_SETTING_NAME,
NM_SETTING_BRIDGE_SETTING_NAME,
--
2.47.1

136
SOURCES/1011-policy-always-reset-retries-when-unblocking-children-or-ports-rhel-78748.patch
View File

@ -1,136 +0,0 @@
From d1545823e467aec816ed0073c4eec1bec669e98f Mon Sep 17 00:00:00 2001
From: Fernando Fernandez Mancera <ffmancera@riseup.net>
Date: Wed, 12 Feb 2025 10:58:39 +0100
Subject: [PATCH] policy: always reset retries when unblocking children or
ports
When calling activate_port_or_children_connections() we are unblocking
the ports and children but we are not resetting the number of retries if
it is an internal activation.
This is wrong as even if it's an internal activation the number of
retries should be reset. It won't interferfe with other blocking reasons
like USER_REQUESTED or MISSING_SECRETS.
(cherry picked from commit 7acc66699af9a1546c602082b6994b98cfea7c80)
(cherry picked from commit 2daeef668d7d1e31d6165b89ef4222ce51ddeb89)
(cherry picked from commit 52ed8567e2084a21727ac89c26dcd110be19c35a)
(cherry picked from commit b870c94a4c319d1927f01107e01590c6ccc8342a)
---
src/core/nm-policy.c | 33 +++++++++------------------------
1 file changed, 9 insertions(+), 24 deletions(-)
diff --git a/src/core/nm-policy.c b/src/core/nm-policy.c
index 93b52526a2..e01a13fb8b 100644
--- a/src/core/nm-policy.c
+++ b/src/core/nm-policy.c
@@ -1873,8 +1873,7 @@ unblock_autoconnect_for_children(NMPolicy *self,
const char *parent_device,
const char *parent_uuid_settings,
const char *parent_uuid_applied,
- const char *parent_mac_addr,
- gboolean reset_devcon_autoconnect)
+ const char *parent_mac_addr)
{
NMPolicyPrivate *priv = NM_POLICY_GET_PRIVATE(self);
NMSettingsConnection *const *connections;
@@ -1915,10 +1914,8 @@ unblock_autoconnect_for_children(NMPolicy *self,
parent_mac_addr))
continue;
- if (reset_devcon_autoconnect) {
- if (nm_manager_devcon_autoconnect_retries_reset(priv->manager, NULL, sett_conn))
- changed = TRUE;
- }
+ if (nm_manager_devcon_autoconnect_retries_reset(priv->manager, NULL, sett_conn))
+ changed = TRUE;
/* unblock the devices associated with that connection */
if (nm_manager_devcon_autoconnect_blocked_reason_set(
@@ -1940,8 +1937,7 @@ static void
unblock_autoconnect_for_ports(NMPolicy *self,
const char *controller_device,
const char *controller_uuid_settings,
- const char *controller_uuid_applied,
- gboolean reset_devcon_autoconnect)
+ const char *controller_uuid_applied)
{
NMPolicyPrivate *priv = NM_POLICY_GET_PRIVATE(self);
NMSettingsConnection *const *connections;
@@ -1959,7 +1955,6 @@ unblock_autoconnect_for_ports(NMPolicy *self,
"\"",
""));
- changed = FALSE;
connections = nm_settings_get_connections(priv->settings, NULL);
for (i = 0; connections[i]; i++) {
NMSettingsConnection *sett_conn = connections[i];
@@ -1977,10 +1972,8 @@ unblock_autoconnect_for_ports(NMPolicy *self,
controller_uuid_settings))
continue;
- if (reset_devcon_autoconnect) {
- if (nm_manager_devcon_autoconnect_retries_reset(priv->manager, NULL, sett_conn))
- changed = TRUE;
- }
+ if (nm_manager_devcon_autoconnect_retries_reset(priv->manager, NULL, sett_conn))
+ changed = TRUE;
/* unblock the devices associated with that connection */
if (nm_manager_devcon_autoconnect_blocked_reason_set(
@@ -2015,7 +2008,7 @@ unblock_autoconnect_for_ports_for_sett_conn(NMPolicy *self, NMSettingsConnection
controller_uuid_settings = nm_setting_connection_get_uuid(s_con);
controller_device = nm_setting_connection_get_interface_name(s_con);
- unblock_autoconnect_for_ports(self, controller_device, controller_uuid_settings, NULL, TRUE);
+ unblock_autoconnect_for_ports(self, controller_device, controller_uuid_settings, NULL);
}
static void
@@ -2028,7 +2021,6 @@ activate_port_or_children_connections(NMPolicy *self,
const char *controller_uuid_applied = NULL;
const char *parent_mac_addr = NULL;
NMActRequest *req;
- gboolean internal_activation = FALSE;
controller_device = nm_device_get_iface(device);
nm_assert(controller_device);
@@ -2039,7 +2031,6 @@ activate_port_or_children_connections(NMPolicy *self,
if (req) {
NMConnection *connection;
NMSettingsConnection *sett_conn;
- NMAuthSubject *subject;
sett_conn = nm_active_connection_get_settings_connection(NM_ACTIVE_CONNECTION(req));
if (sett_conn)
@@ -2051,25 +2042,19 @@ activate_port_or_children_connections(NMPolicy *self,
if (nm_streq0(controller_uuid_settings, controller_uuid_applied))
controller_uuid_applied = NULL;
-
- subject = nm_active_connection_get_subject(NM_ACTIVE_CONNECTION(req));
- internal_activation =
- subject && (nm_auth_subject_get_subject_type(subject) == NM_AUTH_SUBJECT_TYPE_INTERNAL);
}
if (!activate_children_connections_only) {
unblock_autoconnect_for_ports(self,
controller_device,
controller_uuid_settings,
- controller_uuid_applied,
- !internal_activation);
+ controller_uuid_applied);
}
unblock_autoconnect_for_children(self,
controller_device,
controller_uuid_settings,
controller_uuid_applied,
- parent_mac_addr,
- !internal_activation);
+ parent_mac_addr);
}
static gboolean
--
2.48.1

53
SOURCES/1012-core-prevent-the-activation-of-unavailable-ovs-interfaces-only-rhel-79995.patch
View File

@ -1,53 +0,0 @@
From 11d2ec5d62fe061bb25db2343a51d9aa4239fb53 Mon Sep 17 00:00:00 2001
From: Fernando Fernandez Mancera <ffmancera@riseup.net>
Date: Mon, 17 Feb 2025 23:10:53 +0100
Subject: [PATCH] core: prevent the activation of unavailable OVS interfaces
only
Preventing the activation of unavailable devices for all device types is
too aggresive and leads to race conditions, e.g when a non-virtual bond
port gets a carrier, preventing the device to be a good candidate for
the connection.
Instead, enforce this check only on OVS interfaces as NetworkManager
just makes sure that ovsdb->ready is set to TRUE.
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2139
Fixes: 774badb1519a ('core: prevent the activation of unavailable devices')
(cherry picked from commit a1c05d2ce6f115c900ef21b69c3ee7e98ef4ddaf)
(cherry picked from commit b8ef2a551e505b5ffb02cc5d4e3ab29e78ea1fac)
(cherry picked from commit 8b39a79621435e0ea3c7b4caaa69640f268409ae)
(cherry picked from commit 67e71a9d7f110607838c5633db81eb2ed0ea6992)
---
src/core/nm-manager.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/src/core/nm-manager.c b/src/core/nm-manager.c
index 36b8bda0f5..cae3dff613 100644
--- a/src/core/nm-manager.c
+++ b/src/core/nm-manager.c
@@ -4699,10 +4699,16 @@ found_better:
if (nm_g_hash_table_contains(exclude_devices, device))
continue;
- if (!nm_device_is_available(device,
- for_user_request
- ? NM_DEVICE_CHECK_DEV_AVAILABLE_FOR_USER_REQUEST
- : NM_DEVICE_CHECK_DEV_AVAILABLE_NONE))
+ /* During startup, NM performs a cleanup of the ovsdb to remove previous entries.
+ * Before the device is suitable for the connection, it must have ovsdb->ready set
+ * to TRUE. Performing this check in all kind of interfaces is too agressive and leads
+ * to race conditions, e.g when a non-virtual bond port gets a carrier, preventing the
+ * device to be a good candidate for the connection. */
+ if (nm_device_get_device_type(device) == NM_DEVICE_TYPE_OVS_INTERFACE
+ && !nm_device_is_available(device,
+ for_user_request
+ ? NM_DEVICE_CHECK_DEV_AVAILABLE_FOR_USER_REQUEST
+ : NM_DEVICE_CHECK_DEV_AVAILABLE_NONE))
continue;
/* determine the priority of this device. Currently, this priority is independent
--
2.48.1

514
SPECS/NetworkManager.spec
View File

@ -4,9 +4,10 @@
%global glib2_version %(pkg-config --modversion glib-2.0 2>/dev/null || echo bad)
%global epoch_version 1
%global real_version 1.48.10
%global real_version 1.52.0
%global git_tag_version_suffix %{nil}
%global rpm_version %{real_version}
%global release_version 8
%global release_version 3
%global snapshot %{nil}
%global git_sha %{nil}
%global bcond_default_debug 0
@ -39,12 +40,19 @@
%global systemd_units_cloud_setup nm-cloud-setup.service nm-cloud-setup.timer
###############################################################################
%bcond_with meson
%if 0%{?fedora} > 40 || 0%{?rhel} >= 10
%bcond_with dhclient
%else
%bcond_without dhclient
%endif
%bcond_without adsl
%bcond_without bluetooth
%bcond_without wwan
%if 0%{?rhel} >= 10
%bcond_with team
%else
%bcond_without team
%endif
%bcond_without wifi
%bcond_without ovs
%bcond_without ppp
@ -62,7 +70,7 @@
%bcond_with test
%endif
%if "%{?bcond_default_lto}" == ""
%if 0%{?fedora} >= 33 || 0%{?rhel} >= 9
%if 0%{?fedora} || 0%{?rhel} >= 9
%bcond_without lto
%else
%bcond_with lto
@ -80,44 +88,21 @@
%else
%bcond_with connectivity_fedora
%endif
%if 0%{?rhel} && 0%{?rhel} >= 8
%if 0%{?rhel}
%bcond_without connectivity_redhat
%else
%bcond_with connectivity_redhat
%endif
%if 0%{?fedora} >= 29 || 0%{?rhel} >= 8
%bcond_without crypto_gnutls
%else
%bcond_with crypto_gnutls
%endif
%if 0%{?rhel}
%bcond_with iwd
%else
%bcond_without iwd
%endif
%if 0%{?fedora} >= 32 || 0%{?rhel} >= 8
%bcond_without firewalld_zone
%else
%bcond_with firewalld_zone
%endif
###############################################################################
%if 0%{?fedora} || 0%{?rhel} >= 8
%global dbus_version 1.9.18
%global dbus_sys_dir %{_datadir}/dbus-1/system.d
%else
%global dbus_version 1.1
%global dbus_sys_dir %{_sysconfdir}/dbus-1/system.d
%endif
# Older libndp versions use select() (rh#1933041). On well known distros,
# choose a version that has the necessary fix.
%if 0%{?rhel} && 0%{?rhel} == 8
%global libndp_version 1.7-4
%else
%global libndp_version %{nil}
%endif
%if %{with bluetooth} || %{with wwan}
%global with_modem_manager_1 1
@ -125,46 +110,39 @@
%global with_modem_manager_1 0
%endif
%if 0%{?fedora} >= 31 || 0%{?rhel} >= 8
%global dhcp_default internal
%else
%global dhcp_default dhclient
%endif
%if 0%{?fedora} || 0%{?rhel} >= 8
%global logging_backend_default journal
%if 0%{?fedora} || 0%{?rhel} >= 9
%global dns_rc_manager_default auto
%else
%global dns_rc_manager_default symlink
%endif
%else
%global logging_backend_default syslog
%global dns_rc_manager_default file
%endif
%if 0%{?fedora} >= 33 || 0%{?rhel} >= 9
%global config_plugins_default_ifcfg_rh 0
%bcond_with default_ifcfg_rh
%else
%global config_plugins_default_ifcfg_rh 1
%bcond_without default_ifcfg_rh
%endif
%if 0%{?fedora} >= 36 || 0%{?rhel} >= 10
%global split_ifcfg_rh 1
%if 0%{?rhel} >= 10 || 0%{?fedora} >= 41
%bcond_with ifcfg_rh
%bcond_with split_ifcfg_rh
%elif 0%{?fedora} >= 36
%bcond_without ifcfg_rh
%bcond_without split_ifcfg_rh
%else
%global split_ifcfg_rh 0
%bcond_without ifcfg_rh
%bcond_with split_ifcfg_rh
%endif
%if (0%{?fedora} >= 36 && 0%{?fedora} < 39) || 0%{?rhel} >= 9
%global ifcfg_warning 1
%if (0%{?fedora} >= 36 && 0%{?fedora} < 39) || 0%{?rhel} == 9
%bcond_without ifcfg_warning
%else
%global ifcfg_warning 0
%bcond_with ifcfg_warning
%endif
%if 0%{?fedora} >= 39
%global ifcfg_migrate 1
%if %{with ifcfg_rh} && 0%{?fedora} >= 39
%bcond_without ifcfg_migrate
%else
%global ifcfg_migrate 0
%bcond_with ifcfg_migrate
%endif
%if 0%{?fedora}
@ -194,7 +172,7 @@ Group: System Environment/Base
License: GPL-2.0-or-later AND LGPL-2.1-or-later
URL: https://networkmanager.dev/
Source: https://download.gnome.org/sources/NetworkManager/%{real_version_major}/%{name}-%{real_version}.tar.xz
Source: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/releases/%{real_version}%{git_tag_version_suffix}/downloads/%{name}-%{real_version}.tar.xz
Source1: NetworkManager.conf
Source2: 00-server.conf
Source4: 20-connectivity-fedora.conf
@ -211,23 +189,13 @@ Source9: readme-ifcfg-rh-migrated.txt
Patch0001: 0001-revert-change-default-value-for-ipv4.dad-timeout-from-0-to-200ms.patch
# Bugfixes that are only relevant until next rebase of the package.
Patch1001: 1001-cloud-setup-allow-bigger-restart-bursts-rhel-56740.patch
Patch1002: 1002-cloud-setup-ensure-azure-places-primary-address-first-rhel-56387.patch
Patch1003: 1003-only-validate-sriov-capability-when-enabled-rhel-58397.patch
Patch1004: 1004-fix-bug-when-deactivating-port-connections-rhel-50747.patch
Patch1005: 1005-fix-validation-of-ovs-dpdk-interface-name-rhel-60022.patch
Patch1006: 1006-remove-routes-added-by-nm-on-reapply-rhel-73013.patch
Patch1007: 1007-vpn-place-gateway-route-to-table-defined-in-ipvx-route-table-rhel-73166.patch
Patch1008: 1008-vpn-support-routing-rules-in-vpn-conenctions-rhel-73167.patch
Patch1009: 1009-core-prevent-the-activation-of-unavailable-devices-rhel-78745.patch
Patch1010: 1010-fix-nmtui-segfault-adding-veth-rhel-75763.patch
Patch1011: 1011-policy-always-reset-retries-when-unblocking-children-or-ports-rhel-78748.patch
Patch1012: 1012-core-prevent-the-activation-of-unavailable-ovs-interfaces-only-rhel-79995.patch
# Patch1001: 1001-some.patch
Patch1001: 1001-core-fail-early-if-we-cannot-get-current-FEC-value-86851.patch
Patch1002: 1002-oci-update-disconnected-vnics-83198.patch
Patch1003: 1003-dns-Fix-invalid-memory-access-on-Dnsconfd-DBUS-error-84692.patch
Requires(post): systemd
%if 0%{?fedora} || 0%{?rhel} >= 8
Requires(post): systemd-udev
%endif
Requires(post): /usr/sbin/update-alternatives
Requires(preun): systemd
Requires(preun): /usr/sbin/update-alternatives
@ -236,23 +204,40 @@ Requires(postun): systemd
Requires: dbus >= %{dbus_version}
Requires: glib2 >= %{glib2_version}
Requires: %{name}-libnm%{?_isa} = %{epoch}:%{version}-%{release}
%if "%{libndp_version}" != ""
Requires: libndp >= %{libndp_version}
Recommends: iputils
%if 0%{?rhel} == 8
# Older libndp versions use select() (rh#1933041). On well known distros,
# choose a version that has the necessary fix.
Requires: libndp >= 1.7-4
%endif
Obsoletes: NetworkManager < %{obsoletes_device_plugins}
Obsoletes: NetworkManager < %{obsoletes_ppp_plugin}
Obsoletes: NetworkManager-wimax < 1:1.2
%if 0%{?rhel} && 0%{?rhel} == 8
%if 0%{?rhel} == 8
Suggests: NetworkManager-initscripts-updown
%endif
Obsoletes: NetworkManager < %{obsoletes_initscripts_updown}
%if 0%{?split_ifcfg_rh}
%if %{with split_ifcfg_rh}
Obsoletes: NetworkManager < %{obsoletes_ifcfg_rh}
%endif
%if 0%{?rhel} && 0%{?rhel} <= 7
# Kept for RHEL to ensure that wired 802.1x works out of the box
Requires: wpa_supplicant >= 1:1.1
%if 0%{?rhel} >= 10
%if 0%{without team}
Obsoletes: NetworkManager-team < 1:1.47.5-3
%endif
Obsoletes: NetworkManager-initscripts-ifcfg-rh < 1:1.47.5-3
Obsoletes: NetworkManager-dispatcher-routing-rules < 1:1.47.5-3
%endif
%if 0%{?fedora} >= 41
%if %{without ifcfg_rh}
Obsoletes: NetworkManager-initscripts-ifcfg-rh < 1:1.49-3.1
Obsoletes: NetworkManager-dispatcher-routing-rules < 1:1.49.3-1
Obsoletes: NetworkManager-initscripts-updown < 1:1.49.3-1
%endif
%endif
Conflicts: NetworkManager-vpnc < 1:0.7.0.99-1
@ -260,17 +245,18 @@ Conflicts: NetworkManager-openvpn < 1:0.7.0.99-1
Conflicts: NetworkManager-pptp < 1:0.7.0.99-1
Conflicts: NetworkManager-openconnect < 0:0.7.0.99-1
Conflicts: kde-plasma-networkmanagement < 1:0.9-0.49.20110527git.nm09
%if 0%{?rhel} >= 10
%if 0%{without team}
Conflicts: NetworkManager-team <= 1:1.47.5-3
%endif
Conflicts: NetworkManager-initscripts-ifcfg-rh <= 1:1.47.5-3
Conflicts: NetworkManager-dispatcher-routing-rules <= 1:1.47.5-3
%endif
BuildRequires: make
BuildRequires: gcc
BuildRequires: libtool
BuildRequires: pkgconfig
%if %{with meson}
BuildRequires: meson
%else
BuildRequires: automake
BuildRequires: autoconf
%endif
BuildRequires: gettext-devel >= 0.19.8
BuildRequires: dbus-devel >= %{dbus_version}
@ -279,11 +265,7 @@ BuildRequires: gobject-introspection-devel >= 0.10.3
%if %{with ppp}
BuildRequires: ppp-devel >= 2.4.5
%endif
%if %{with crypto_gnutls}
BuildRequires: gnutls-devel >= 2.12
%else
BuildRequires: nss-devel >= 3.11.7
%endif
BuildRequires: readline-devel
BuildRequires: audit-libs-devel
%if %{with regen_docs}
@ -321,17 +303,11 @@ BuildRequires: polkit-devel
BuildRequires: jansson-devel
%if %{with sanitizer}
BuildRequires: libasan
%if 0%{?fedora} || 0%{?rhel} >= 8
BuildRequires: libubsan
%endif
%endif
%if %{with firewalld_zone}
BuildRequires: firewalld-filesystem
%endif
BuildRequires: iproute
%if 0%{?fedora} || 0%{?rhel} >= 8
BuildRequires: iproute-tc
%endif
Provides: %{name}-dispatcher%{?_isa} = %{epoch}:%{version}-%{release}
@ -374,12 +350,7 @@ Summary: Bluetooth device plugin for NetworkManager
Group: System Environment/Base
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
Requires: NetworkManager-wwan = %{epoch}:%{version}-%{release}
%if 0%{?rhel} && 0%{?rhel} <= 7
# No Requires:bluez to prevent it being installed when updating
# to the split NM package
%else
Requires: bluez >= 4.101-5
%endif
Obsoletes: NetworkManager < %{obsoletes_device_plugins}
%description bluetooth
@ -394,12 +365,10 @@ Group: System Environment/Base
BuildRequires: teamd-devel
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
Obsoletes: NetworkManager < %{obsoletes_device_plugins}
%if 0%{?fedora} || 0%{?rhel} >= 8
# Team was split from main NM binary between 0.9.10 and 1.0
# We need this Obsoletes in addition to the one above
# (git:3aede801521ef7bff039e6e3f1b3c7b566b4338d).
Obsoletes: NetworkManager < 1:1.0.0
%endif
%description team
This package contains NetworkManager support for team devices.
@ -418,13 +387,10 @@ Requires: wireless-regdb
Requires: crda
%endif
%if %{with iwd} && (0%{?fedora} >= 25 || 0%{?rhel} >= 8)
%if %{with iwd}
Requires: (wpa_supplicant >= %{wpa_supplicant_version} or iwd)
Suggests: wpa_supplicant
%else
# Just require wpa_supplicant on platforms that don't support boolean
# dependencies even though the plugin supports both supplicant and
# iwd backend.
Requires: wpa_supplicant >= %{wpa_supplicant_version}
%endif
@ -440,12 +406,7 @@ This package contains NetworkManager support for Wifi and OLPC devices.
Summary: Mobile broadband device plugin for NetworkManager
Group: System Environment/Base
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
%if 0%{?rhel} && 0%{?rhel} <= 7
# No Requires:ModemManager to prevent it being installed when updating
# to the split NM package
%else
Requires: ModemManager
%endif
Obsoletes: NetworkManager < %{obsoletes_device_plugins}
%description wwan
@ -548,10 +509,11 @@ This package is intended to be installed by default for server
deployments.
%if %{with ifcfg_rh}
%package dispatcher-routing-rules
Summary: NetworkManager dispatcher file for advanced routing rules
Group: System Environment/Base
%if 0%{?split_ifcfg_rh}
%if %{with split_ifcfg_rh}
Requires: %{name}-initscripts-ifcfg-rh
%endif
Requires: ipcalc
@ -563,6 +525,7 @@ Obsoletes: %{name}-config-routing-rules < 1:1.31.0
This adds a NetworkManager dispatcher file to support networking
configurations using "/etc/sysconfig/network-scripts/rule-NAME" files
(eg, to do policy-based routing).
%endif
%if %{with nmtui}
@ -579,7 +542,7 @@ by nm-connection-editor and nm-applet in a non-graphical environment.
%endif
%if 0%{?split_ifcfg_rh}
%if %{with split_ifcfg_rh}
%package initscripts-ifcfg-rh
Summary: NetworkManager plugin for reading and writing connections in ifcfg-rh format
Group: System Environment/Base
@ -606,6 +569,7 @@ like Aliyun, Azure, EC2, GCP are supported.
%endif
%if %{with ifcfg_rh}
%package initscripts-updown
Summary: Legacy ifup/ifdown scripts for NetworkManager that replace initscripts (network-scripts)
Group: System Environment/Base
@ -618,6 +582,7 @@ Obsoletes: NetworkManager < %{obsoletes_initscripts_updown}
Installs alternative ifup/ifdown scripts that talk to NetworkManager.
This is only for backward compatibility with initscripts (network-scripts).
Preferably use nmcli instead.
%endif
%prep
@ -625,7 +590,6 @@ Preferably use nmcli instead.
%build
%if %{with meson}
%meson \
-Db_ndebug=false \
--warnlevel 2 \
@ -634,15 +598,13 @@ Preferably use nmcli instead.
%endif
-Dnft=%{_sbindir}/nft \
-Diptables=%{_sbindir}/iptables \
%if %{with dhclient}
-Ddhclient=%{_sbindir}/dhclient \
-Ddhcpcanon=no \
-Ddhcpcd=no \
-Dconfig_dhcp_default=%{dhcp_default} \
%if %{with crypto_gnutls}
-Dcrypto=gnutls \
%else
-Dcrypto=nss \
-Ddhclient=no \
%endif
-Ddhcpcd=no \
-Dcrypto=gnutls \
%if %{with debug}
-Dmore_logging=true \
-Dmore_asserts=10000 \
@ -732,7 +694,11 @@ Preferably use nmcli instead.
-Ddbus_conf_dir=%{dbus_sys_dir} \
-Dtests=yes \
-Dvalgrind=no \
%if %{with ifcfg_rh}
-Difcfg_rh=true \
%else
-Difcfg_rh=false \
%endif
-Difupdown=false \
%if %{with ppp}
-Dppp=true \
@ -740,183 +706,30 @@ Preferably use nmcli instead.
-Dpppd_plugin_dir="%{_libdir}/pppd/%{ppp_version}" \
%else
-Dppp=false \
%endif
%if %{with firewalld_zone}
-Dfirewalld_zone=true \
%else
-Dfirewalld_zone=false \
%endif
-Ddist_version=%{version}-%{release} \
%if %{?config_plugins_default_ifcfg_rh}
%if %{with default_ifcfg_rh}
-Dconfig_plugins_default=ifcfg-rh \
%endif
%if %{?ifcfg_migrate}
%if %{with ifcfg_migrate}
-Dconfig_migrate_ifcfg_rh_default=true \
%endif
-Dresolvconf=no \
-Dnetconfig=no \
-Dconfig_dns_rc_manager_default=%{dns_rc_manager_default} \
-Dconfig_logging_backend_default=%{logging_backend_default}
-Dconfig_logging_backend_default=journal
%meson_build
# Limit number of jobs on ppc64 to prevent high RAM usage
%ifarch ppc64le
%global numjobs 4
%else
%global numjobs %{_smp_build_ncpus}
%endif
%else
# autotools
%if %{with regen_docs}
gtkdocize
%endif
autoreconf --install --force
%configure \
--with-runstatedir=%{_rundir} \
--enable-silent-rules=no \
--enable-static=no \
--with-nft=%{_sbindir}/nft \
--with-iptables=%{_sbindir}/iptables \
--with-dhclient=%{_sbindir}/dhclient \
--with-dhcpcd=no \
--with-dhcpcanon=no \
--with-config-dhcp-default=%{dhcp_default} \
%if %{with crypto_gnutls}
--with-crypto=gnutls \
%else
--with-crypto=nss \
%endif
%if %{with sanitizer}
--with-address-sanitizer=exec \
%if 0%{?fedora} || 0%{?rhel} >= 8
--enable-undefined-sanitizer=yes \
%else
--enable-undefined-sanitizer=no \
%endif
%else
--with-address-sanitizer=no \
--enable-undefined-sanitizer=no \
%endif
%if %{with debug}
--enable-more-logging=yes \
--with-more-asserts=10000 \
%else
--enable-more-logging=no \
--with-more-asserts=0 \
%endif
--enable-ld-gc=yes \
%if %{with lto}
--enable-lto=yes \
%else
--enable-lto=no \
%endif
--with-libaudit=yes-disabled-by-default \
%if 0%{?with_modem_manager_1}
--with-modem-manager-1=yes \
%else
--with-modem-manager-1=no \
%endif
%if %{with wifi}
--enable-wifi=yes \
%if 0%{?fedora}
--with-wext=yes \
%else
--with-wext=no \
%endif
%else
--enable-wifi=no \
%endif
%if %{with iwd}
--with-iwd=yes \
%else
--with-iwd=no \
%endif
%if %{with bluetooth}
--enable-bluez5-dun=yes \
%else
--enable-bluez5-dun=no \
%endif
%if %{with nmtui}
--with-nmtui=yes \
%else
--with-nmtui=no \
%endif
%if %{with nm_cloud_setup}
--with-nm-cloud-setup=yes \
%else
--with-nm-cloud-setup=no \
%endif
--enable-vala=yes \
--enable-introspection=yes \
%if %{with regen_docs}
--enable-gtk-doc=yes \
%else
--enable-gtk-doc=no \
%endif
%if %{with team}
--enable-teamdctl=yes \
%else
--enable-teamdctl=no \
%endif
%if %{with ovs}
--enable-ovs=yes \
%else
--enable-ovs=no \
%endif
--with-selinux=yes \
--enable-polkit=yes \
--enable-modify-system=yes \
--enable-concheck=yes \
%if 0%{?fedora}
--with-libpsl=yes \
%else
--with-libpsl=no \
%endif
--with-ebpf=%{ebpf_enabled} \
--with-session-tracking=systemd \
--with-suspend-resume=systemd \
--with-systemdsystemunitdir=%{_unitdir} \
--with-system-ca-path=/etc/pki/tls/cert.pem \
--with-dbus-sys-dir=%{dbus_sys_dir} \
--with-tests=yes \
%if %{with test}
--enable-more-warnings=error \
%else
--enable-more-warnings=yes \
%endif
--with-valgrind=no \
--enable-ifcfg-rh=yes \
--enable-ifupdown=no \
%if %{with ppp}
--enable-ppp=yes \
--with-pppd="%{_sbindir}/pppd" \
--with-pppd-plugin-dir="%{_libdir}/pppd/%{ppp_version}" \
%else
--enable-ppp=no \
%endif
%if %{with firewalld_zone}
--enable-firewalld-zone=yes \
%else
--enable-firewalld-zone=no \
%endif
--with-dist-version=%{version}-%{release} \
%if %{?config_plugins_default_ifcfg_rh}
--with-config-plugins-default=ifcfg-rh \
%endif
%if %{?ifcfg_migrate}
--with-config-migrate-ifcfg-rh-default=yes \
%endif
--with-resolvconf=no \
--with-netconfig=no \
--with-config-dns-rc-manager-default=%{dns_rc_manager_default} \
--with-config-logging-backend-default=%{logging_backend_default} \
--disable-autotools-deprecation
%make_build
%endif
%meson_build -j %{numjobs}
%install
%if %{with meson}
%meson_install
%else
%make_install
%endif
cp %{SOURCE1} %{buildroot}%{_sysconfdir}/%{name}/
@ -936,16 +749,18 @@ cp %{SOURCE7} %{buildroot}%{_sysctldir}
cp %{SOURCE6} %{buildroot}%{nmlibdir}/conf.d/
%endif
%if 0%{?ifcfg_warning}
%if %{with ifcfg_warning}
cp %{SOURCE8} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts
%endif
%if 0%{?ifcfg_migrate}
%if %{with ifcfg_migrate}
cp %{SOURCE9} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/readme-ifcfg-rh.txt
%endif
%if %{with ifcfg_rh}
cp examples/dispatcher/10-ifcfg-rh-routes.sh %{buildroot}%{nmlibdir}/dispatcher.d/
ln -s ../no-wait.d/10-ifcfg-rh-routes.sh %{buildroot}%{nmlibdir}/dispatcher.d/pre-up.d/
ln -s ../10-ifcfg-rh-routes.sh %{buildroot}%{nmlibdir}/dispatcher.d/no-wait.d/
%endif
%find_lang %{name}
@ -954,33 +769,25 @@ rm -f %{buildroot}%{_libdir}/pppd/%{ppp_version}/*.la
rm -f %{buildroot}%{nmplugindir}/*.la
# Ensure the documentation timestamps are constant to avoid multilib conflicts
find %{buildroot}%{_datadir}/gtk-doc -exec touch --reference configure.ac '{}' \+
find %{buildroot}%{_datadir}/gtk-doc -exec touch --reference meson.build '{}' \+
%if 0%{?__debug_package} && ! 0%{?flatpak}
mkdir -p %{buildroot}%{_prefix}/src/debug/NetworkManager-%{real_version}
cp valgrind.suppressions %{buildroot}%{_prefix}/src/debug/NetworkManager-%{real_version}
%endif
%if %{with ifcfg_rh}
touch %{buildroot}%{_sbindir}/ifup
touch %{buildroot}%{_sbindir}/ifdown
%endif
%check
%if %{with meson}
%if %{with test}
%meson_test
%else
%ninja_test -C %{_vpath_builddir} || :
%endif
%else
# autotools
%if %{with test}
make -k %{?_smp_mflags} check
%else
make -k %{?_smp_mflags} check || :
%endif
%endif
%pre
if [ -f "%{_unitdir}/network-online.target.wants/NetworkManager-wait-online.service" ] ; then
@ -999,13 +806,12 @@ if [ -S /run/udev/control ]; then
/usr/bin/udevadm control --reload-rules || :
/usr/bin/udevadm trigger --subsystem-match=net || :
fi
%if %{with firewalld_zone}
%firewalld_reload
%endif
%systemd_post %{systemd_units}
%if %{with ifcfg_rh}
%post initscripts-updown
if [ -f %{_sbindir}/ifup -a ! -L %{_sbindir}/ifup ]; then
# initscripts package too old, won't let us set an alternative
@ -1014,6 +820,7 @@ else
/usr/sbin/update-alternatives --install %{_sbindir}/ifup ifup %{_libexecdir}/nm-ifup 50 \
--slave %{_sbindir}/ifdown ifdown %{_libexecdir}/nm-ifdown
fi
%endif
%if %{with nm_cloud_setup}
@ -1033,10 +840,12 @@ fi
%systemd_preun NetworkManager-wait-online.service NetworkManager-dispatcher.service nm-priv-helper.service
%if %{with ifcfg_rh}
%preun initscripts-updown
if [ $1 -eq 0 ]; then
/usr/sbin/update-alternatives --remove ifup %{_libexecdir}/nm-ifup >/dev/null 2>&1 || :
fi
%endif
%if %{with nm_cloud_setup}
@ -1048,19 +857,11 @@ fi
%postun
/usr/bin/udevadm control --reload-rules || :
/usr/bin/udevadm trigger --subsystem-match=net || :
%if %{with firewalld_zone}
%firewalld_reload
%endif
%systemd_postun %{systemd_units}
%if (0%{?fedora} && 0%{?fedora} < 28) || 0%{?rhel}
%post libnm -p /sbin/ldconfig
%postun libnm -p /sbin/ldconfig
%endif
%if %{with nm_cloud_setup}
%postun cloud-setup
%systemd_postun %{systemd_units_cloud_setup}
@ -1071,7 +872,7 @@ fi
%{dbus_sys_dir}/org.freedesktop.NetworkManager.conf
%{dbus_sys_dir}/nm-dispatcher.conf
%{dbus_sys_dir}/nm-priv-helper.conf
%if 0%{?split_ifcfg_rh} == 0
%if %{with ifcfg_rh} && %{without split_ifcfg_rh}
%{dbus_sys_dir}/nm-ifcfg-rh.conf
%endif
%{_sbindir}/%{name}
@ -1099,7 +900,7 @@ fi
%{_libexecdir}/nm-priv-helper
%dir %{_libdir}/%{name}
%dir %{nmplugindir}
%if 0%{?split_ifcfg_rh} == 0
%if %{with ifcfg_rh} && %{without split_ifcfg_rh}
%{nmplugindir}/libnm-settings-plugin-ifcfg-rh.so
%endif
%if %{with nmtui}
@ -1121,14 +922,14 @@ fi
%{_mandir}/man8/NetworkManager-dispatcher.8*
%{_mandir}/man8/NetworkManager-wait-online.service.8*
%dir %{_localstatedir}/lib/NetworkManager
%if %{with ifcfg_rh}
%dir %{_sysconfdir}/sysconfig/network-scripts
%endif
%{_datadir}/dbus-1/system-services/org.freedesktop.nm_dispatcher.service
%{_datadir}/dbus-1/system-services/org.freedesktop.nm_priv_helper.service
%{_datadir}/polkit-1/actions/*.policy
%{_prefix}/lib/udev/rules.d/*.rules
%if %{with firewalld_zone}
%{_prefix}/lib/firewalld/zones/nm-shared.xml
%endif
# systemd stuff
%{_unitdir}/NetworkManager.service
%{_unitdir}/NetworkManager-wait-online.service
@ -1136,7 +937,7 @@ fi
%{_unitdir}/nm-priv-helper.service
%dir %{_datadir}/doc/NetworkManager/examples
%{_datadir}/doc/NetworkManager/examples/server.conf
%if 0%{?ifcfg_warning} || 0%{?ifcfg_migrate}
%if %{with ifcfg_warning} || %{with ifcfg_migrate}
%{_sysconfdir}/sysconfig/network-scripts/readme-ifcfg-rh.txt
%endif
%doc NEWS AUTHORS README.md CONTRIBUTING.md
@ -1236,10 +1037,12 @@ fi
%{nmlibdir}/conf.d/00-server.conf
%if %{with ifcfg_rh}
%files dispatcher-routing-rules
%{nmlibdir}/dispatcher.d/10-ifcfg-rh-routes.sh
%{nmlibdir}/dispatcher.d/no-wait.d/10-ifcfg-rh-routes.sh
%{nmlibdir}/dispatcher.d/pre-up.d/10-ifcfg-rh-routes.sh
%endif
%if %{with nmtui}
@ -1252,7 +1055,7 @@ fi
%endif
%if 0%{?split_ifcfg_rh}
%if %{with split_ifcfg_rh}
%files initscripts-ifcfg-rh
%{nmplugindir}/libnm-settings-plugin-ifcfg-rh.so
%{dbus_sys_dir}/nm-ifcfg-rh.conf
@ -1271,39 +1074,98 @@ fi
%endif
%if %{with ifcfg_rh}
%files initscripts-updown
%{_libexecdir}/nm-ifup
%ghost %attr(755, root, root) %{_sbindir}/ifup
%{_libexecdir}/nm-ifdown
%ghost %attr(755, root, root) %{_sbindir}/ifdown
%endif
%changelog
* Tue Feb 18 2025 Fernando Fernandez Mancera <ferferna@redhat.com> - 1:1.48.10-8
- policy: always reset retries when unblocking children or ports (RHEL-78748)
- core: prevent the activation of unavailable OVS interfaces only (RHEL-79995)
* Fri Apr 11 2025 Vladimír Beneš <vbenes@redhat.com> - 1:1.52.0-3
- Invalid memory access on Dnsconfd DBUS error (RHEL-84692)
- Support IP configuration for secondary interfaces on Oracle VM from metadata (RHEL-84695)
* Thu Feb 13 2025 Íñigo Huguet <ihuguet@redhat.com> - 1:1.48.10-7
- nmtui: fix segfault when adding veth interface (RHEL-75763)
* Wed Apr 09 2025 Wen Liang <wenliang@redhat.com> - 1:1.52.0-2
- core: fail early if we cannot get current FEC value (RHEL-86851)
* Wed Feb 12 2025 Fernando Fernandez Mancera <ferferna@redhat.com> - 1:1.48.10-6
- core: prevent the activation of unavailable devices (RHEL-77167)
* Mon Mar 03 2025 Íñigo Huguet <ihuguet@redhat.com> - 1:1.52.0-1
- Update to 1.52.0
- Add support for creating VLANs for secondary VNICs in nm-cloud-setup (RHEL-36423)
- Always reset retries when unblocking children or ports (RHEL-78122)
- Prevent the activation of unavailable OVS interfaces (RHEL-79997)
* Thu Jan 09 2025 Wen Liang <wenliang@redhat.com> - 1:1.48.10-5
- vpn: Support routing rules in vpn conenctions (RHEL-73167)
- vpn: Place gateway route to table defined in ipvx.route-table (RHEL-73166)
* Mon Fed 17 2025 Beniamino Galvani <bgalvani@redhat.com> - 1:1.51.90-2
- Fix state handling in the dnsconfd DNS plugin (RHEL-79693)
* Wed Jan 08 2025 Íñigo Huguet <ihuguet@redhat.com> - 1:1.48.10-4
- Remove routes added by NetworkManager when doing reapply, also those not in main table (RHEL-73013)
* Wed Feb 12 2025 Filip Pokryvka <fpokryvk@redhat.com> - 1:1.51.90-1
- Fix balance-slb ports rarely not being active after reboot (RHEL-77167)
* Tue Nov 12 2024 Beniamino Galvani <bgalvani@redhat.com> - 1:1.48.10-3
- Only validate the SR-IOV device capability when SR-IOV is enabled (RHEL-58397)
- Fix bug when deactivating port connections (RHEL-50747)
- Fix validation of ovs-dpdk interface name (RHEL-60022)
* Mon Feb 10 2025 Íñigo Huguet <ihuguet@redhat.com> - 1:1.51.7-2
- Remove the build argument -flto-partition to avoid compilation crashes due
to high memory usage.
* Fri Aug 30 2024 Fernando Fernandez Mancera <ferferna@redhat.com> - 1:1.48.10-2
- cloud-setup: Allow bigger restart bursts (RHEL-56740)
- cloud-setup: Fix Azure swap of primary and secondary IP addresses (RHEL-56387)
* Fri Feb 07 2025 Vladimír Beneš <vbenes@redhat.com> - 1:1.51.7-1
- Update to 1.51.7 (dev)
- Add support in initramfs generator for parsing NM eDNS configuration (RHEL-70420)
- Add new dnsconfd DNS backend (RHEL-67917)
* Mon Jan 20 2025 Beniamino Galvani <bgalvani@redhat.com> - 1:1.51.6-1
- Update to 1.51.6 (dev)
- Honor the routing-rules property for VPN connections (RHEL-69899)
- Fix potential crash when ipv4.dhcp-send-release is enabled (RHEL-67918)
- Support encrypted DNS servers (RHEL-66260)
- Fix configuration of VLAN ingress/egress QoS mapping (RHEL-72475)
* Fri Dec 27 2024 Íñigo Huguet <ihuguet@redhat.com> - 1:1.51.5-1
- Upgrade to 1.51.5 (dev)
- Never retry ACD on NOARP interfaces (RHEL-47301)
- Delete routes added by NM to tables different than main (RHEL-67324)
- Honor route-table property for the route to VPN server (RHEL-69901)
- Send GARP on bonding-slb failover (RHEL-59558)
* Fri Nov 15 2024 Íñigo Huguet <ihuguet@redhat.com> - 1:1.51.4-1
- Upgrade to 1.51.4 (dev)
- Add iputils as recommended dependency for ping command
- Fix configs shown with NetworkManger --print-config (RHEL-14438)
- Added ip-ping-addresses to check other hosts presence on activation (RHEL-21160)
- Support ethtool Forward Error Correction (FEC) (RHEL-24055)
* Mon Nov 04 2024 Fernando Fernandez Mancera <ferferna@redhat.com> - 1:1.51.3-1
- Upgrade to 1.51.3 (dev)
- Support configuring dhcp-send-hostname globally (RHEL-32685)
- cloud-setup: Support OCI (Oracle Cloud) provider (RHEL-62729)
- Support automatically adding DNS routes (RHEL-56555)
- Support IPv6-Only Preferred DHCPv4 option (RHEL-58660)
- Only validate SR-IOV capacity when enabled (RHEL-58397)
- Steer IGMP/MLD queries to the active bond balance-slb primary port (RHEL-59559)
* Fri Oct 11 2024 Íñigo Huguet <ihuguet@redhat.com> - 1:1.51.2-2
- Add ipcalc as dependency of NetworkManager-dispatcher-routing-rules again (RHEL-62201)
* Mon Sep 30 2024 Fernando Fernandez Mancera <ferferna@redhat.com> - 1:1.51.2-1
- Upgrade to 1.51.2 (dev)
- Fix race condition on OVS interface deletion (RHEL-50747)
- Fix validation of DPDK interface name (RHEL-60022)
- Support IPVLAN interface (RHEL-47334)
* Mon Sep 16 2024 Fernando Fernandez Mancera <ferferna@redhat.com> - 1:1.51.1-1
- Upgrade to 1.51.1 (dev)
- Use meson and remove autotools configuration
- Fix crashes (SIGABRT) in several functions (RHEL-17840)
* Tue Sep 10 2024 Fernando Fernandez Mancera <ferferna@redhat.com> - 1:1.51.0-1
- Upgrade to 1.51.0
- cloud-setup: Fix primary and secondary address swap in Azure (RHEL-50855)
* Fri Aug 30 2024 Lubomir Rintel <lkundrak@v3.sk> - 1:1.49.90-1
- Upgrade to 1.50 pre-release (rc1)
- Retry reverse hostname resolution when it fails (RHEL-17972)
- Allow VPNs to supply IP configurations with routes but no addresses (RHEL-21875)
- Warn of dhclient deprecation when it's explicitly chose (RHEL-24622)
- Allow cloud-setup to restart more rapidly (RHEL-49694)
* Thu Aug 22 2024 Íñigo Huguet <ihuguet@redhat.com> - 1:1.48.10-1
- Unblock the autoconnect for children when parent is available (RHEL-46904)