Import from CS git
This commit is contained in:
parent
aac0b497b5
commit
97a2d076ca
@ -0,0 +1,272 @@
|
|||||||
|
From ccdde35eb8467a272db1c418e6bd44cc998c57a8 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Beniamino Galvani <bgalvani@redhat.com>
|
||||||
|
Date: Wed, 19 Jun 2024 20:14:14 +0200
|
||||||
|
Subject: [PATCH 1/2] nm-daemon-helper: add "service" argument
|
||||||
|
|
||||||
|
Introduce a new argument to specify a comma-separated list of NSS
|
||||||
|
services to use for the "resolve-address" command. For now only accept
|
||||||
|
"dns" and "files"; the latter can be used to do a lookup into
|
||||||
|
/etc/hosts.
|
||||||
|
|
||||||
|
Note that previously the command failed in presence of extra
|
||||||
|
arguments. Therefore, when downgrading NetworkManager without
|
||||||
|
restarting the service, the previously-installed version of the daemon
|
||||||
|
(newer) would spawn the helper with the extra argument, and the
|
||||||
|
newly-installed version of the helper (older) would fail. This issue
|
||||||
|
only impacts hostname resolution and can be fixed by just restarting
|
||||||
|
the daemon.
|
||||||
|
|
||||||
|
In the upgrade path everything works as before, with the only
|
||||||
|
difference that the helper will use by default both "dns" and "files"
|
||||||
|
services.
|
||||||
|
|
||||||
|
Don't strictly check for the absence of extra arguments, so that in
|
||||||
|
the future we can introduce more arguments without necessarily break
|
||||||
|
the downgrade path.
|
||||||
|
|
||||||
|
(cherry picked from commit 229bebfae95f789018433900868700c16a20a17b)
|
||||||
|
(cherry picked from commit c36a74f698cc31fba20d9fd0a74d5cf74b832071)
|
||||||
|
(cherry picked from commit e86ddd9fc590e3b4462464c0562ab115f654f5d1)
|
||||||
|
(cherry picked from commit 717db10a9de53e875f0d7a603960c5bca427014e)
|
||||||
|
(cherry picked from commit f549bdd9c1d026bd34c68e6c0ec6036f1697ada0)
|
||||||
|
(cherry picked from commit cabef041c8587824875c09675924455f5ca7583c)
|
||||||
|
---
|
||||||
|
src/nm-daemon-helper/nm-daemon-helper.c | 68 +++++++++++++++++--------
|
||||||
|
1 file changed, 47 insertions(+), 21 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/nm-daemon-helper/nm-daemon-helper.c b/src/nm-daemon-helper/nm-daemon-helper.c
|
||||||
|
index a447d63cfe..5faacf43f3 100644
|
||||||
|
--- a/src/nm-daemon-helper/nm-daemon-helper.c
|
||||||
|
+++ b/src/nm-daemon-helper/nm-daemon-helper.c
|
||||||
|
@@ -55,26 +55,31 @@ cmd_version(void)
|
||||||
|
static int
|
||||||
|
cmd_resolve_address(void)
|
||||||
|
{
|
||||||
|
- nm_auto_free char *address = NULL;
|
||||||
|
+ nm_auto_free char *address = NULL;
|
||||||
|
+ nm_auto_free char *services = NULL;
|
||||||
|
union {
|
||||||
|
struct sockaddr_in in;
|
||||||
|
struct sockaddr_in6 in6;
|
||||||
|
} sockaddr;
|
||||||
|
socklen_t sockaddr_size;
|
||||||
|
char name[NI_MAXHOST];
|
||||||
|
+ char *saveptr = NULL;
|
||||||
|
+ char *service;
|
||||||
|
+ char *str;
|
||||||
|
int ret;
|
||||||
|
|
||||||
|
address = read_arg();
|
||||||
|
if (!address)
|
||||||
|
return RETURN_INVALID_ARGS;
|
||||||
|
|
||||||
|
- if (more_args())
|
||||||
|
- return RETURN_INVALID_ARGS;
|
||||||
|
+ services = read_arg();
|
||||||
|
+ if (!services) {
|
||||||
|
+ /* Called by an old NM version which doesn't support the 'services'
|
||||||
|
+ * argument. Use both services. */
|
||||||
|
+ services = strdup("dns,files");
|
||||||
|
+ }
|
||||||
|
|
||||||
|
memset(&sockaddr, 0, sizeof(sockaddr));
|
||||||
|
-#if defined(__GLIBC__)
|
||||||
|
- __nss_configure_lookup("hosts", "dns");
|
||||||
|
-#endif
|
||||||
|
|
||||||
|
if (inet_pton(AF_INET, address, &sockaddr.in.sin_addr) == 1) {
|
||||||
|
sockaddr.in.sin_family = AF_INET;
|
||||||
|
@@ -85,30 +90,51 @@ cmd_resolve_address(void)
|
||||||
|
} else
|
||||||
|
return RETURN_INVALID_ARGS;
|
||||||
|
|
||||||
|
- ret = getnameinfo((struct sockaddr *) &sockaddr,
|
||||||
|
- sockaddr_size,
|
||||||
|
- name,
|
||||||
|
- sizeof(name),
|
||||||
|
- NULL,
|
||||||
|
- 0,
|
||||||
|
- NI_NAMEREQD);
|
||||||
|
- if (ret != 0) {
|
||||||
|
- if (ret == EAI_SYSTEM) {
|
||||||
|
+ for (str = services; (service = strtok_r(str, ",", &saveptr)); str = NULL) {
|
||||||
|
+ if (!NM_IN_STRSET(service, "dns", "files")) {
|
||||||
|
+ fprintf(stderr, "Unsupported resolver service '%s'\n", service);
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+#if defined(__GLIBC__)
|
||||||
|
+ __nss_configure_lookup("hosts", service);
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+ ret = getnameinfo((struct sockaddr *) &sockaddr,
|
||||||
|
+ sockaddr_size,
|
||||||
|
+ name,
|
||||||
|
+ sizeof(name),
|
||||||
|
+ NULL,
|
||||||
|
+ 0,
|
||||||
|
+ NI_NAMEREQD);
|
||||||
|
+
|
||||||
|
+ if (ret == 0) {
|
||||||
|
+ printf("%s", name);
|
||||||
|
+ return RETURN_SUCCESS;
|
||||||
|
+ } else if (ret == EAI_SYSTEM) {
|
||||||
|
+ char buf[1024];
|
||||||
|
+ int errsv = errno;
|
||||||
|
+
|
||||||
|
fprintf(stderr,
|
||||||
|
- "getnameinfo() failed: %d (%s), system error: %d (%s)\n",
|
||||||
|
+ "getnameinfo() via service '%s' failed: %d (%s), system error: %d (%s)\n",
|
||||||
|
+ service,
|
||||||
|
ret,
|
||||||
|
gai_strerror(ret),
|
||||||
|
errno,
|
||||||
|
strerror(errno));
|
||||||
|
} else {
|
||||||
|
- fprintf(stderr, "getnameinfo() failed: %d (%s)\n", ret, gai_strerror(ret));
|
||||||
|
+ fprintf(stderr,
|
||||||
|
+ "getnameinfo() via service '%s' failed: %d (%s)\n",
|
||||||
|
+ service,
|
||||||
|
+ ret,
|
||||||
|
+ gai_strerror(ret));
|
||||||
|
}
|
||||||
|
- return RETURN_ERROR;
|
||||||
|
+#if !defined(__GLIBC__)
|
||||||
|
+ break;
|
||||||
|
+#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
- printf("%s", name);
|
||||||
|
-
|
||||||
|
- return RETURN_SUCCESS;
|
||||||
|
+ return RETURN_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
|
int
|
||||||
|
--
|
||||||
|
2.46.0
|
||||||
|
|
||||||
|
|
||||||
|
From c55a3466cc91b7460f7e81f0879ced041db050e7 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Beniamino Galvani <bgalvani@redhat.com>
|
||||||
|
Date: Wed, 19 Jun 2024 20:29:37 +0200
|
||||||
|
Subject: [PATCH 2/2] core: also use /etc/hosts for hostname resolution
|
||||||
|
|
||||||
|
Before introducing the hostname lookup via nm-daemon-helper and
|
||||||
|
systemd-resolved, we used GLib's GResolver which internally relies on
|
||||||
|
the libc resolver and generally also returns results from /etc/hosts.
|
||||||
|
|
||||||
|
With the new mechanism we only ask to systemd-resolved (with
|
||||||
|
NO_SYNTHESIZE) or perform the lookup via the "dns" NSS module. In both
|
||||||
|
ways, /etc/hosts is not evaluated.
|
||||||
|
|
||||||
|
Since users relied on having the hostname resolved via /etc/hosts,
|
||||||
|
restore that behavior. Now, after trying the resolution via
|
||||||
|
systemd-resolved and the "dns" NSS module, we also try via the "files"
|
||||||
|
NSS module which reads /etc/hosts.
|
||||||
|
|
||||||
|
Fixes: 27eae4043b27 ('device: add a nm_device_resolve_address()')
|
||||||
|
(cherry picked from commit 410afccb32f5814c6aeebec837505e3f94b7408c)
|
||||||
|
(cherry picked from commit cb54fe7ce9a69b1f8abfd6fa5f2bf83e971ff997)
|
||||||
|
(cherry picked from commit e3861be84505d795c34347af84bbf73dc4196586)
|
||||||
|
(cherry picked from commit cfe840784c067981a882fa349f5e8a6704d21c37)
|
||||||
|
(cherry picked from commit 16946905a675c0530437b277925beeb1bd81bdc8)
|
||||||
|
(cherry picked from commit 8aaae05f219a8fb1bebb1b6778acdf459acb6c90)
|
||||||
|
---
|
||||||
|
src/core/devices/nm-device-utils.c | 49 ++++++++++++++++++++++--------
|
||||||
|
1 file changed, 36 insertions(+), 13 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/core/devices/nm-device-utils.c b/src/core/devices/nm-device-utils.c
|
||||||
|
index 170922eba0..ea6ddc36d4 100644
|
||||||
|
--- a/src/core/devices/nm-device-utils.c
|
||||||
|
+++ b/src/core/devices/nm-device-utils.c
|
||||||
|
@@ -231,14 +231,36 @@ resolve_addr_helper_cb(GObject *source, GAsyncResult *result, gpointer user_data
|
||||||
|
resolve_addr_complete(info, g_steal_pointer(&output), g_steal_pointer(&error));
|
||||||
|
}
|
||||||
|
|
||||||
|
+typedef enum {
|
||||||
|
+ RESOLVE_ADDR_SERVICE_NONE = 0x0,
|
||||||
|
+ RESOLVE_ADDR_SERVICE_DNS = 0x1,
|
||||||
|
+ RESOLVE_ADDR_SERVICE_FILES = 0x2,
|
||||||
|
+} ResolveAddrService;
|
||||||
|
+
|
||||||
|
static void
|
||||||
|
-resolve_addr_spawn_helper(ResolveAddrInfo *info)
|
||||||
|
+resolve_addr_spawn_helper(ResolveAddrInfo *info, ResolveAddrService services)
|
||||||
|
{
|
||||||
|
- char addr_str[NM_UTILS_INET_ADDRSTRLEN];
|
||||||
|
+ char addr_str[NM_UTILS_INET_ADDRSTRLEN];
|
||||||
|
+ char str[256];
|
||||||
|
+ char *s = str;
|
||||||
|
+ gsize len = sizeof(str);
|
||||||
|
+ gboolean comma = FALSE;
|
||||||
|
+
|
||||||
|
+ nm_assert(services != RESOLVE_ADDR_SERVICE_NONE);
|
||||||
|
+ nm_assert((services & ~(RESOLVE_ADDR_SERVICE_DNS | RESOLVE_ADDR_SERVICE_FILES)) == 0);
|
||||||
|
+
|
||||||
|
+ if (services & RESOLVE_ADDR_SERVICE_DNS) {
|
||||||
|
+ nm_strbuf_append(&s, &len, "%sdns", comma ? "," : "");
|
||||||
|
+ comma = TRUE;
|
||||||
|
+ }
|
||||||
|
+ if (services & RESOLVE_ADDR_SERVICE_FILES) {
|
||||||
|
+ nm_strbuf_append(&s, &len, "%sfiles", comma ? "," : "");
|
||||||
|
+ comma = TRUE;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
nm_utils_inet_ntop(info->addr_family, &info->address, addr_str);
|
||||||
|
- _LOG2D(info, "start lookup via nm-daemon-helper");
|
||||||
|
- nm_utils_spawn_helper(NM_MAKE_STRV("resolve-address", addr_str),
|
||||||
|
+ _LOG2D(info, "start lookup via nm-daemon-helper using services: %s", str);
|
||||||
|
+ nm_utils_spawn_helper(NM_MAKE_STRV("resolve-address", addr_str, str),
|
||||||
|
g_task_get_cancellable(info->task),
|
||||||
|
resolve_addr_helper_cb,
|
||||||
|
info);
|
||||||
|
@@ -268,27 +290,28 @@ resolve_addr_resolved_cb(NMDnsSystemdResolved *resolved,
|
||||||
|
dbus_error = g_dbus_error_get_remote_error(error);
|
||||||
|
if (NM_STR_HAS_PREFIX(dbus_error, "org.freedesktop.resolve1.")) {
|
||||||
|
/* systemd-resolved is enabled but it couldn't resolve the
|
||||||
|
- * address via DNS. Don't fall back to spawning the helper,
|
||||||
|
- * because the helper will possibly ask again to
|
||||||
|
+ * address via DNS. Spawn again the helper to check if we
|
||||||
|
+ * can find a result in /etc/hosts. Don't enable the 'dns'
|
||||||
|
+ * service otherwise the helper will possibly ask again to
|
||||||
|
* systemd-resolved (via /etc/resolv.conf), potentially using
|
||||||
|
* other protocols than DNS or returning synthetic results.
|
||||||
|
*
|
||||||
|
- * Consider the error as the final indication that the address
|
||||||
|
- * can't be resolved.
|
||||||
|
- *
|
||||||
|
* See: https://www.freedesktop.org/wiki/Software/systemd/resolved/#commonerrors
|
||||||
|
*/
|
||||||
|
- resolve_addr_complete(info, NULL, g_error_copy(error));
|
||||||
|
+ resolve_addr_spawn_helper(info, RESOLVE_ADDR_SERVICE_FILES);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
- resolve_addr_spawn_helper(info);
|
||||||
|
+ /* systemd-resolved couldn't be contacted, use the helper */
|
||||||
|
+ resolve_addr_spawn_helper(info, RESOLVE_ADDR_SERVICE_DNS | RESOLVE_ADDR_SERVICE_FILES);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (names_len == 0) {
|
||||||
|
_LOG2D(info, "systemd-resolved returned no result");
|
||||||
|
- resolve_addr_complete(info, g_strdup(""), NULL);
|
||||||
|
+ /* We passed the NO_SYNTHESIZE flag and so systemd-resolved
|
||||||
|
+ * didn't look into /etc/hosts. Spawn the helper for that. */
|
||||||
|
+ resolve_addr_spawn_helper(info, RESOLVE_ADDR_SERVICE_FILES);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -352,7 +375,7 @@ nm_device_resolve_address(int addr_family,
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
- resolve_addr_spawn_helper(info);
|
||||||
|
+ resolve_addr_spawn_helper(info, RESOLVE_ADDR_SERVICE_DNS | RESOLVE_ADDR_SERVICE_FILES);
|
||||||
|
}
|
||||||
|
|
||||||
|
char *
|
||||||
|
--
|
||||||
|
2.46.0
|
||||||
|
|
@ -0,0 +1,64 @@
|
|||||||
|
From 70557e65436d6906233434d4db490edced586b3a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Gris Ge <fge@redhat.com>
|
||||||
|
Date: Wed, 11 Dec 2024 22:22:59 +0800
|
||||||
|
Subject: [PATCH 1/1] vpn: Place gateway route to table defined in
|
||||||
|
ipvx.route-table
|
||||||
|
|
||||||
|
Previously, NM create direct route to gateway to main(254) route table
|
||||||
|
regardless `ipvx.route-table` value.
|
||||||
|
|
||||||
|
Fixed by setting `NMPlatformIP4Route.table_any` to `TRUE`.
|
||||||
|
|
||||||
|
Resolves: https://issues.redhat.com/browse/RHEL-69901
|
||||||
|
|
||||||
|
Signed-off-by: Gris Ge <fge@redhat.com>
|
||||||
|
(cherry picked from commit 6d06286f1db7421bef1c4dab5fada918c59daf87)
|
||||||
|
(cherry picked from commit 29f23d3519dbb4dcffc9682fbdfb721cfc0b851c)
|
||||||
|
(cherry picked from commit 0dc07c5ca4d32b5ea8e104cbad106da9bb5b096d)
|
||||||
|
(cherry picked from commit 6a04a966c28dbe04e3bd608af06a66cf0af89d21)
|
||||||
|
(cherry picked from commit 70060d84f268250fd0bead2928eba8739e3eb486)
|
||||||
|
(cherry picked from commit b92a07713c17eb55fb3f0cfa4c757e379c432e17)
|
||||||
|
(cherry picked from commit 2aadb5dcb08f2874f153a4e256a893ae5a99ff1e)
|
||||||
|
---
|
||||||
|
src/core/vpn/nm-vpn-connection.c | 4 ++++
|
||||||
|
1 file changed, 4 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/core/vpn/nm-vpn-connection.c b/src/core/vpn/nm-vpn-connection.c
|
||||||
|
index bbb7355016..1607d2013a 100644
|
||||||
|
--- a/src/core/vpn/nm-vpn-connection.c
|
||||||
|
+++ b/src/core/vpn/nm-vpn-connection.c
|
||||||
|
@@ -1239,6 +1239,7 @@ _parent_device_l3cd_add_gateway_route(NML3ConfigData *l3cd,
|
||||||
|
.gateway = parent_gw.addr4,
|
||||||
|
.rt_source = NM_IP_CONFIG_SOURCE_VPN,
|
||||||
|
.metric_any = TRUE,
|
||||||
|
+ .table_any = TRUE,
|
||||||
|
};
|
||||||
|
} else {
|
||||||
|
route.r6 = (NMPlatformIP6Route){
|
||||||
|
@@ -1248,6 +1249,7 @@ _parent_device_l3cd_add_gateway_route(NML3ConfigData *l3cd,
|
||||||
|
.gateway = parent_gw.addr6,
|
||||||
|
.rt_source = NM_IP_CONFIG_SOURCE_VPN,
|
||||||
|
.metric_any = TRUE,
|
||||||
|
+ .table_any = TRUE,
|
||||||
|
};
|
||||||
|
}
|
||||||
|
nm_l3_config_data_add_route(l3cd, addr_family, NULL, &route.rx);
|
||||||
|
@@ -1264,6 +1266,7 @@ _parent_device_l3cd_add_gateway_route(NML3ConfigData *l3cd,
|
||||||
|
.plen = 32,
|
||||||
|
.rt_source = NM_IP_CONFIG_SOURCE_VPN,
|
||||||
|
.metric_any = TRUE,
|
||||||
|
+ .table_any = TRUE,
|
||||||
|
};
|
||||||
|
} else {
|
||||||
|
route.r6 = (NMPlatformIP6Route){
|
||||||
|
@@ -1271,6 +1274,7 @@ _parent_device_l3cd_add_gateway_route(NML3ConfigData *l3cd,
|
||||||
|
.plen = 128,
|
||||||
|
.rt_source = NM_IP_CONFIG_SOURCE_VPN,
|
||||||
|
.metric_any = TRUE,
|
||||||
|
+ .table_any = TRUE,
|
||||||
|
};
|
||||||
|
}
|
||||||
|
nm_l3_config_data_add_route(l3cd, addr_family, NULL, &route.rx);
|
||||||
|
--
|
||||||
|
2.45.0
|
||||||
|
|
@ -0,0 +1,242 @@
|
|||||||
|
From 3fe666c300e9d7022c1e6f583aceeaa1ccc0975e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Wen Liang <wenliang@redhat.com>
|
||||||
|
Date: Fri, 20 Dec 2024 10:10:25 -0500
|
||||||
|
Subject: [PATCH 1/1] vpn: fix routing rules support in vpn conenctions
|
||||||
|
|
||||||
|
This commit introduces the ability to manage routing rules specifically
|
||||||
|
for VPN connections. These rules allow finer control over traffic
|
||||||
|
routing by enabling the specification of policy-based routing for
|
||||||
|
traffic over the VPN.
|
||||||
|
|
||||||
|
- Updated the connection backend to apply rules during VPN activation.
|
||||||
|
- Ensured proper cleanup of routing rules upon VPN deactivation.
|
||||||
|
|
||||||
|
This enhancement improves VPN usability in scenarios requiring advanced
|
||||||
|
routing configurations, such as split tunneling and traffic
|
||||||
|
prioritization.
|
||||||
|
|
||||||
|
Resolves: https://issues.redhat.com/browse/RHEL-70160
|
||||||
|
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2092
|
||||||
|
https://gitlab.freedesktop.org/NetworkManager/NetworkManager-ci/-/merge_requests/1842
|
||||||
|
(cherry picked from commit 308e34a501482d01c1cc6c87c38791ad9f34dc1f)
|
||||||
|
(cherry picked from commit a24b347e93e37b04aa0f5698efcb462c02517c09)
|
||||||
|
(cherry picked from commit b5c46f8a8d644e1c5a6dc07e06d5dab3338e9a91)
|
||||||
|
(cherry picked from commit 7824d5e5ae5db78abdc6fa24453d939198a5d1da)
|
||||||
|
(cherry picked from commit f5e8217f77863742ac17b2ad30134a14125acd40)
|
||||||
|
(cherry picked from commit dcbe04ef5f8bf947d1da4e55a1b9b0ca498d852d)
|
||||||
|
(cherry picked from commit 49a8b0650f2a19c0e16e2912c88b8e74c5aa8feb)
|
||||||
|
---
|
||||||
|
src/core/devices/nm-device.c | 62 +++++++++++++++++++-------------
|
||||||
|
src/core/devices/nm-device.h | 6 ++++
|
||||||
|
src/core/vpn/nm-vpn-connection.c | 7 +++-
|
||||||
|
3 files changed, 50 insertions(+), 25 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/core/devices/nm-device.c b/src/core/devices/nm-device.c
|
||||||
|
index e54942440f..9c4e581e68 100644
|
||||||
|
--- a/src/core/devices/nm-device.c
|
||||||
|
+++ b/src/core/devices/nm-device.c
|
||||||
|
@@ -9577,31 +9577,34 @@ lldp_setup(NMDevice *self, NMTernary enabled)
|
||||||
|
* as externally added ones. Don't restart NetworkManager if
|
||||||
|
* you care about that.
|
||||||
|
*/
|
||||||
|
-static void
|
||||||
|
-_routing_rules_sync(NMDevice *self, NMTernary set_mode)
|
||||||
|
+void
|
||||||
|
+nm_routing_rules_sync(NMConnection *applied_connection,
|
||||||
|
+ NMTernary set_mode,
|
||||||
|
+ GPtrArray *(*get_extra_rules)(NMDevice *self),
|
||||||
|
+ NMDevice *self,
|
||||||
|
+ NMNetns *netns)
|
||||||
|
{
|
||||||
|
- NMDevicePrivate *priv = NM_DEVICE_GET_PRIVATE(self);
|
||||||
|
- NMPGlobalTracker *global_tracker = nm_netns_get_global_tracker(nm_device_get_netns(self));
|
||||||
|
- NMDeviceClass *klass = NM_DEVICE_GET_CLASS(self);
|
||||||
|
+ NMPGlobalTracker *global_tracker = nm_netns_get_global_tracker(netns);
|
||||||
|
gboolean untrack_only_dirty = FALSE;
|
||||||
|
gboolean keep_deleted_rules;
|
||||||
|
gpointer user_tag_1;
|
||||||
|
gpointer user_tag_2;
|
||||||
|
|
||||||
|
- /* take two arbitrary user-tag pointers that belong to @self. */
|
||||||
|
- user_tag_1 = &priv->v4_route_table;
|
||||||
|
- user_tag_2 = &priv->v6_route_table;
|
||||||
|
+ if (self) {
|
||||||
|
+ user_tag_1 = ((guint32 *) self) + 1;
|
||||||
|
+ user_tag_2 = ((guint32 *) self) + 2;
|
||||||
|
+ } else {
|
||||||
|
+ user_tag_1 = ((guint32 *) applied_connection) + 1;
|
||||||
|
+ user_tag_2 = ((guint32 *) applied_connection) + 2;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
if (set_mode == NM_TERNARY_TRUE) {
|
||||||
|
- NMConnection *applied_connection;
|
||||||
|
NMSettingIPConfig *s_ip;
|
||||||
|
guint i, num;
|
||||||
|
int is_ipv4;
|
||||||
|
|
||||||
|
untrack_only_dirty = TRUE;
|
||||||
|
|
||||||
|
- applied_connection = nm_device_get_applied_connection(self);
|
||||||
|
-
|
||||||
|
for (is_ipv4 = 0; applied_connection && is_ipv4 < 2; is_ipv4++) {
|
||||||
|
int addr_family = is_ipv4 ? AF_INET : AF_INET6;
|
||||||
|
|
||||||
|
@@ -9628,10 +9631,10 @@ _routing_rules_sync(NMDevice *self, NMTernary set_mode)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (klass->get_extra_rules) {
|
||||||
|
+ if (get_extra_rules) {
|
||||||
|
gs_unref_ptrarray GPtrArray *extra_rules = NULL;
|
||||||
|
|
||||||
|
- extra_rules = klass->get_extra_rules(self);
|
||||||
|
+ extra_rules = get_extra_rules(self);
|
||||||
|
if (extra_rules) {
|
||||||
|
for (i = 0; i < extra_rules->len; i++) {
|
||||||
|
nmp_global_tracker_track_rule(
|
||||||
|
@@ -9646,7 +9649,7 @@ _routing_rules_sync(NMDevice *self, NMTernary set_mode)
|
||||||
|
}
|
||||||
|
|
||||||
|
nmp_global_tracker_untrack_all(global_tracker, user_tag_1, !untrack_only_dirty, TRUE);
|
||||||
|
- if (klass->get_extra_rules)
|
||||||
|
+ if (get_extra_rules)
|
||||||
|
nmp_global_tracker_untrack_all(global_tracker, user_tag_2, !untrack_only_dirty, TRUE);
|
||||||
|
|
||||||
|
keep_deleted_rules = FALSE;
|
||||||
|
@@ -9706,8 +9709,8 @@ tc_commit(NMDevice *self)
|
||||||
|
static void
|
||||||
|
activate_stage2_device_config(NMDevice *self)
|
||||||
|
{
|
||||||
|
- NMDevicePrivate *priv = NM_DEVICE_GET_PRIVATE(self);
|
||||||
|
- NMDeviceClass *klass;
|
||||||
|
+ NMDevicePrivate *priv = NM_DEVICE_GET_PRIVATE(self);
|
||||||
|
+ NMDeviceClass *klass = NM_DEVICE_GET_CLASS(self);
|
||||||
|
NMActStageReturn ret;
|
||||||
|
NMSettingWired *s_wired;
|
||||||
|
gboolean no_firmware = FALSE;
|
||||||
|
@@ -9730,7 +9733,11 @@ activate_stage2_device_config(NMDevice *self)
|
||||||
|
priv->tc_committed = TRUE;
|
||||||
|
}
|
||||||
|
|
||||||
|
- _routing_rules_sync(self, NM_TERNARY_TRUE);
|
||||||
|
+ nm_routing_rules_sync(nm_device_get_applied_connection(self),
|
||||||
|
+ NM_TERNARY_TRUE,
|
||||||
|
+ klass->get_extra_rules,
|
||||||
|
+ self,
|
||||||
|
+ nm_device_get_netns(self));
|
||||||
|
|
||||||
|
if (!nm_device_sys_iface_state_is_external_or_assume(self)) {
|
||||||
|
if (!nm_device_bring_up_full(self, FALSE, TRUE, &no_firmware)) {
|
||||||
|
@@ -9742,7 +9749,6 @@ activate_stage2_device_config(NMDevice *self)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- klass = NM_DEVICE_GET_CLASS(self);
|
||||||
|
if (klass->act_stage2_config_also_for_external_or_assume
|
||||||
|
|| !nm_device_sys_iface_state_is_external_or_assume(self)) {
|
||||||
|
NMDeviceStateReason failure_reason = NM_DEVICE_STATE_REASON_NONE;
|
||||||
|
@@ -12984,7 +12990,11 @@ check_and_reapply_connection(NMDevice *self,
|
||||||
|
|
||||||
|
nm_device_activate_schedule_stage3_ip_config(self, FALSE);
|
||||||
|
|
||||||
|
- _routing_rules_sync(self, NM_TERNARY_TRUE);
|
||||||
|
+ nm_routing_rules_sync(nm_device_get_applied_connection(self),
|
||||||
|
+ NM_TERNARY_TRUE,
|
||||||
|
+ klass->get_extra_rules,
|
||||||
|
+ self,
|
||||||
|
+ nm_device_get_netns(self));
|
||||||
|
|
||||||
|
reactivate_proxy_config(self);
|
||||||
|
|
||||||
|
@@ -15450,6 +15460,7 @@ static void
|
||||||
|
nm_device_cleanup(NMDevice *self, NMDeviceStateReason reason, CleanupType cleanup_type)
|
||||||
|
{
|
||||||
|
NMDevicePrivate *priv;
|
||||||
|
+ NMDeviceClass *klass = NM_DEVICE_GET_CLASS(self);
|
||||||
|
int ifindex;
|
||||||
|
|
||||||
|
g_return_if_fail(NM_IS_DEVICE(self));
|
||||||
|
@@ -15474,8 +15485,8 @@ nm_device_cleanup(NMDevice *self, NMDeviceStateReason reason, CleanupType cleanu
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Call device type-specific deactivation */
|
||||||
|
- if (NM_DEVICE_GET_CLASS(self)->deactivate)
|
||||||
|
- NM_DEVICE_GET_CLASS(self)->deactivate(self);
|
||||||
|
+ if (klass->deactivate)
|
||||||
|
+ klass->deactivate(self);
|
||||||
|
|
||||||
|
ifindex = nm_device_get_ip_ifindex(self);
|
||||||
|
|
||||||
|
@@ -15497,8 +15508,11 @@ nm_device_cleanup(NMDevice *self, NMDeviceStateReason reason, CleanupType cleanu
|
||||||
|
|
||||||
|
priv->tc_committed = FALSE;
|
||||||
|
|
||||||
|
- _routing_rules_sync(self,
|
||||||
|
- cleanup_type == CLEANUP_TYPE_KEEP ? NM_TERNARY_DEFAULT : NM_TERNARY_FALSE);
|
||||||
|
+ nm_routing_rules_sync(nm_device_get_applied_connection(self),
|
||||||
|
+ cleanup_type == CLEANUP_TYPE_KEEP ? NM_TERNARY_DEFAULT : NM_TERNARY_FALSE,
|
||||||
|
+ klass->get_extra_rules,
|
||||||
|
+ self,
|
||||||
|
+ nm_device_get_netns(self));
|
||||||
|
|
||||||
|
if (ifindex > 0)
|
||||||
|
nm_platform_ip4_dev_route_blacklist_set(nm_device_get_platform(self), ifindex, NULL);
|
||||||
|
@@ -15527,7 +15541,7 @@ nm_device_cleanup(NMDevice *self, NMDeviceStateReason reason, CleanupType cleanu
|
||||||
|
/* for other device states (UNAVAILABLE, DISCONNECTED), allow the
|
||||||
|
* device to overwrite the reset behavior, so that Wi-Fi can set
|
||||||
|
* a randomized MAC address used during scanning. */
|
||||||
|
- NM_DEVICE_GET_CLASS(self)->deactivate_reset_hw_addr(self);
|
||||||
|
+ klass->deactivate_reset_hw_addr(self);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/src/core/devices/nm-device.h b/src/core/devices/nm-device.h
|
||||||
|
index 68387a2149..e58c2088b9 100644
|
||||||
|
--- a/src/core/devices/nm-device.h
|
||||||
|
+++ b/src/core/devices/nm-device.h
|
||||||
|
@@ -821,4 +821,10 @@ nm_device_get_hostname_from_dns_lookup(NMDevice *self, int addr_family, gboolean
|
||||||
|
|
||||||
|
void nm_device_clear_dns_lookup_data(NMDevice *self, const char *reason);
|
||||||
|
|
||||||
|
+void nm_routing_rules_sync(NMConnection *applied_connection,
|
||||||
|
+ NMTernary set_mode,
|
||||||
|
+ GPtrArray *(*get_extra_rules)(NMDevice *self),
|
||||||
|
+ NMDevice *self,
|
||||||
|
+ NMNetns *netns);
|
||||||
|
+
|
||||||
|
#endif /* __NETWORKMANAGER_DEVICE_H__ */
|
||||||
|
diff --git a/src/core/vpn/nm-vpn-connection.c b/src/core/vpn/nm-vpn-connection.c
|
||||||
|
index 1607d2013a..0068b52bc3 100644
|
||||||
|
--- a/src/core/vpn/nm-vpn-connection.c
|
||||||
|
+++ b/src/core/vpn/nm-vpn-connection.c
|
||||||
|
@@ -903,7 +903,8 @@ fw_call_cleanup(NMVpnConnection *self)
|
||||||
|
static void
|
||||||
|
vpn_cleanup(NMVpnConnection *self, NMDevice *parent_dev)
|
||||||
|
{
|
||||||
|
- const char *iface;
|
||||||
|
+ NMVpnConnectionPrivate *priv = NM_VPN_CONNECTION_GET_PRIVATE(self);
|
||||||
|
+ const char *iface;
|
||||||
|
|
||||||
|
/* Remove zone from firewall */
|
||||||
|
iface = nm_vpn_connection_get_ip_iface(self, FALSE);
|
||||||
|
@@ -915,6 +916,8 @@ vpn_cleanup(NMVpnConnection *self, NMDevice *parent_dev)
|
||||||
|
fw_call_cleanup(self);
|
||||||
|
|
||||||
|
_l3cfg_l3cd_clear_all(self);
|
||||||
|
+
|
||||||
|
+ nm_routing_rules_sync(_get_applied_connection(self), NM_TERNARY_FALSE, NULL, NULL, priv->netns);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
@@ -2206,6 +2209,8 @@ _dbus_signal_ip_config_cb(NMVpnConnection *self, int addr_family, GVariant *dict
|
||||||
|
|
||||||
|
_l3cfg_l3cd_set(self, L3CD_TYPE_IP_X(IS_IPv4), l3cd);
|
||||||
|
|
||||||
|
+ nm_routing_rules_sync(_get_applied_connection(self), NM_TERNARY_TRUE, NULL, NULL, priv->netns);
|
||||||
|
+
|
||||||
|
_check_complete(self, TRUE);
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.45.0
|
||||||
|
|
@ -6,7 +6,7 @@
|
|||||||
%global epoch_version 1
|
%global epoch_version 1
|
||||||
%global real_version 1.40.16
|
%global real_version 1.40.16
|
||||||
%global rpm_version %{real_version}
|
%global rpm_version %{real_version}
|
||||||
%global release_version 15
|
%global release_version 18
|
||||||
%global snapshot %{nil}
|
%global snapshot %{nil}
|
||||||
%global git_sha %{nil}
|
%global git_sha %{nil}
|
||||||
%global bcond_default_debug 0
|
%global bcond_default_debug 0
|
||||||
@ -210,6 +210,9 @@ Patch1011: 1011-dispatch-dns-change-event-rhel-10195.patch
|
|||||||
Patch1012: 1012-device-do-not-set-MAC-address-on-iface-with-index-0-rhel-16008.patch
|
Patch1012: 1012-device-do-not-set-MAC-address-on-iface-with-index-0-rhel-16008.patch
|
||||||
Patch1013: 1013-fix-matching-existing-connection-by-UUID-on-restart-rhel-5119.patch
|
Patch1013: 1013-fix-matching-existing-connection-by-UUID-on-restart-rhel-5119.patch
|
||||||
Patch1014: 1014-device-disable-IPv6-in-NetworkManager-when-disabled-rhel-10450.patch
|
Patch1014: 1014-device-disable-IPv6-in-NetworkManager-when-disabled-rhel-10450.patch
|
||||||
|
Patch1015: 1015-use-etc-hosts-for-hostname-resolution-rhel-53200.patch
|
||||||
|
Patch1016: 1016-vpn-place-gateway-route-to-table-defined-in-ipvx-route-table-rhel-73051.patch
|
||||||
|
Patch1017: 1017-vpn-fix-routing-rules-support-in-vpn-conenctions-rhel-73052.patch
|
||||||
|
|
||||||
Requires(post): systemd
|
Requires(post): systemd
|
||||||
%if 0%{?fedora} || 0%{?rhel} >= 8
|
%if 0%{?fedora} || 0%{?rhel} >= 8
|
||||||
@ -1245,6 +1248,16 @@ fi
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Jan 07 2025 Wen Liang <wenliang@redhat.com> - 1:1.40.16-18
|
||||||
|
- vpn: fix routing rules support in vpn conenctions (RHEL-73052)
|
||||||
|
- vpn: Place gateway route to table defined in ipvx.route-table (RHEL-73051)
|
||||||
|
|
||||||
|
* Wed Aug 21 2024 Fernando Fernandez Mancera <ferferna@redhat.com> - 1:1.40.16-17
|
||||||
|
- Rebuild to use the right tag
|
||||||
|
|
||||||
|
* Tue Aug 20 2024 Fernando Fernandez Mancera <ferferna@redhat.com> - 1:1.40.16-16
|
||||||
|
- Use /etc/hosts for hostname resolution (RHEL-53200)
|
||||||
|
|
||||||
* Fri Feb 09 2024 Íñigo Huguet <ihuguet@redhat.com> - 1:1.40.16-15
|
* Fri Feb 09 2024 Íñigo Huguet <ihuguet@redhat.com> - 1:1.40.16-15
|
||||||
- Suppress NetworkManager's harmless warning when IPv6 is disabled at kernel level (RHEL-10450)
|
- Suppress NetworkManager's harmless warning when IPv6 is disabled at kernel level (RHEL-10450)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user