rpms/NetworkManager
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to 1.54.4

Browse Source 
Resolves: RHEL-157391 RHEL-157392 RHEL-154245
This commit is contained in:
Jan Vaclav 2026-05-21 12:47:24 +02:00
parent 3726019733
commit a4a2d2998f
5 changed files with 241 additions and 98 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -487,3 +487,4 @@ network-manager-applet-0.8.1.tar.bz2
/NetworkManager-1.54.1.tar.xz
/NetworkManager-1.54.2.tar.xz
/NetworkManager-1.54.3.tar.xz
/NetworkManager-1.54.4.tar.xz

228
1001-The-valid-range-of-arp_missed_max-according-to-the-k.patch Normal file
View File

@ -0,0 +1,228 @@
From d2c9303908a1078f1bc2555bb7df70660feb777d Mon Sep 17 00:00:00 2001
From: Pradyumn Rahar <pradyumn.rahar@oracle.com>
Date: Tue, 14 Apr 2026 10:20:27 +0530
Subject: [PATCH] The valid range of arp_missed_max according to the kernel is
1-255, while the default value of the same in NM is 0, which causes warnings
to arise, change this default value.
Allow the range in NM to stay 0-255 as 0 is used to indicate arp_missed_max
is unset (for modes that don't support the setting), however do not let it
be set beyond the kernel permissible range for the modes that support it, set
it to the kernel default of 2 instead.
Do not apply or reapply the arp_missed_max setting when it is not
supported.
Signed-off-by: Pradyumn Rahar <pradyumn.rahar@oracle.com>
(cherry picked from commit 921fe6ec68a1cffc18a81752f996578831702ad7)
(cherry picked from commit 467a36c1c07834c0abde70dccf6b48e8d8e89f9c)
---
src/core/devices/nm-device-bond.c | 13 +++++++++----
src/libnm-core-impl/nm-setting-bond.c | 16 +++++++++++++---
src/libnm-core-impl/tests/test-setting.c | 2 +-
src/libnm-platform/nm-linux-platform.c | 10 +++++++---
src/libnm-platform/nm-platform.c | 14 +++++++++++---
src/libnm-platform/nm-platform.h | 1 +
6 files changed, 42 insertions(+), 14 deletions(-)
diff --git a/src/core/devices/nm-device-bond.c b/src/core/devices/nm-device-bond.c
index 39e68e966b..06d41a19f9 100644
--- a/src/core/devices/nm-device-bond.c
+++ b/src/core/devices/nm-device-bond.c
@@ -52,11 +52,12 @@
NM_SETTING_BOND_OPTION_PACKETS_PER_SLAVE, NM_SETTING_BOND_OPTION_PRIMARY_RESELECT, \
NM_SETTING_BOND_OPTION_RESEND_IGMP, NM_SETTING_BOND_OPTION_USE_CARRIER, \
NM_SETTING_BOND_OPTION_XMIT_HASH_POLICY, NM_SETTING_BOND_OPTION_NUM_GRAT_ARP, \
- NM_SETTING_BOND_OPTION_PEER_NOTIF_DELAY, NM_SETTING_BOND_OPTION_ARP_MISSED_MAX
+ NM_SETTING_BOND_OPTION_PEER_NOTIF_DELAY
-#define OPTIONS_REAPPLY_FULL \
- OPTIONS_REAPPLY_SUBSET, NM_SETTING_BOND_OPTION_ACTIVE_SLAVE, \
- NM_SETTING_BOND_OPTION_ARP_IP_TARGET, NM_SETTING_BOND_OPTION_NS_IP6_TARGET
+#define OPTIONS_REAPPLY_FULL \
+ OPTIONS_REAPPLY_SUBSET, NM_SETTING_BOND_OPTION_ACTIVE_SLAVE, \
+ NM_SETTING_BOND_OPTION_ARP_IP_TARGET, NM_SETTING_BOND_OPTION_NS_IP6_TARGET, \
+ NM_SETTING_BOND_OPTION_ARP_MISSED_MAX
/*****************************************************************************/
@@ -501,6 +502,8 @@ _platform_lnk_bond_init_from_setting(NMSettingBond *s_bond, NMPlatformLnkBond *p
props->lp_interval_has = props->lp_interval != 1;
props->tlb_dynamic_lb_has = NM_IN_SET(props->mode, NM_BOND_MODE_TLB, NM_BOND_MODE_ALB);
props->lacp_active_has = NM_IN_SET(props->mode, NM_BOND_MODE_8023AD);
+ props->arp_missed_max_has =
+ !NM_IN_SET(props->mode, NM_BOND_MODE_TLB, NM_BOND_MODE_ALB, NM_BOND_MODE_8023AD);
}
static void
@@ -907,6 +910,8 @@ reapply_connection(NMDevice *device, NMConnection *con_old, NMConnection *con_ne
set_bond_arp_ip_targets(device, s_bond);
set_bond_attrs_or_default(device, s_bond, NM_MAKE_STRV(OPTIONS_REAPPLY_SUBSET));
+ if (!NM_IN_SET(mode, NM_BOND_MODE_TLB, NM_BOND_MODE_ALB, NM_BOND_MODE_8023AD))
+ set_bond_attr_or_default(device, s_bond, NM_SETTING_BOND_OPTION_ARP_MISSED_MAX);
_balance_slb_setup(self, con_new);
}
diff --git a/src/libnm-core-impl/nm-setting-bond.c b/src/libnm-core-impl/nm-setting-bond.c
index 7204df4828..6e39015935 100644
--- a/src/libnm-core-impl/nm-setting-bond.c
+++ b/src/libnm-core-impl/nm-setting-bond.c
@@ -197,7 +197,7 @@ static NM_UTILS_STRING_TABLE_LOOKUP_STRUCT_DEFINE(
{"any", NM_BOND_OPTION_TYPE_BOTH, 0, 1, _option_default_strv_arp_all_targets}},
{NM_SETTING_BOND_OPTION_ARP_INTERVAL, {"0", NM_BOND_OPTION_TYPE_INT, 0, G_MAXINT}},
{NM_SETTING_BOND_OPTION_ARP_IP_TARGET, {"", NM_BOND_OPTION_TYPE_IP}},
- {NM_SETTING_BOND_OPTION_ARP_MISSED_MAX, {"0", NM_BOND_OPTION_TYPE_INT, 0, 255}},
+ {NM_SETTING_BOND_OPTION_ARP_MISSED_MAX, {"2", NM_BOND_OPTION_TYPE_INT, 0, 255}},
{NM_SETTING_BOND_OPTION_ARP_VALIDATE,
{"none", NM_BOND_OPTION_TYPE_BOTH, 0, 6, _option_default_strv_arp_validate}},
{NM_SETTING_BOND_OPTION_BALANCE_SLB, {"0", NM_BOND_OPTION_TYPE_INT, 0, 1}},
@@ -364,6 +364,10 @@ _bond_get_option_normalized(NMSettingBond *self, const char *option, gboolean ge
/* balance-slb implies vlan+srcmac */
return "5";
}
+ } else if (nm_streq(option, NM_SETTING_BOND_OPTION_ARP_MISSED_MAX)) {
+ value = _bond_get_option(self, NM_SETTING_BOND_OPTION_ARP_MISSED_MAX) ?: "0";
+ if (nm_streq(value, "0"))
+ value = _bond_get_option_default(self, option);
} else
value = _bond_get_option(self, option);
@@ -894,13 +898,16 @@ verify(NMSetting *setting, NMConnection *connection, GError **error)
miimon = _atoi(_bond_get_option_or_default(self, NM_SETTING_BOND_OPTION_MIIMON));
arp_interval = _atoi(_bond_get_option_or_default(self, NM_SETTING_BOND_OPTION_ARP_INTERVAL));
- arp_missed_max =
- _atoi(_bond_get_option_or_default(self, NM_SETTING_BOND_OPTION_ARP_MISSED_MAX));
num_grat_arp = _atoi(_bond_get_option_or_default(self, NM_SETTING_BOND_OPTION_NUM_GRAT_ARP));
num_unsol_na = _atoi(_bond_get_option_or_default(self, NM_SETTING_BOND_OPTION_NUM_UNSOL_NA));
peer_notif_delay =
_atoi(_bond_get_option_or_default(self, NM_SETTING_BOND_OPTION_PEER_NOTIF_DELAY));
+ /* "0" is an invalid value in the kernel, but we used to accept it to indicate "default value".
+ * Keep accepting "0" as a valid value, although we'll apply a different value, actually.
+ * Bond modes that don't accept arp_missed_max must just ignore the "0" value, too. */
+ arp_missed_max = _atoi(_bond_get_option(self, NM_SETTING_BOND_OPTION_ARP_MISSED_MAX) ?: "0");
+
/* Option restrictions:
*
* arp_interval conflicts [ alb, tlb ]
@@ -950,6 +957,9 @@ verify(NMSetting *setting, NMConnection *connection, GError **error)
g_prefix_error(error, "%s.%s: ", NM_SETTING_BOND_SETTING_NAME, NM_SETTING_BOND_OPTIONS);
return FALSE;
}
+ }
+
+ if (NM_IN_SET(bond_mode, NM_BOND_MODE_TLB, NM_BOND_MODE_ALB, NM_BOND_MODE_8023AD)) {
if (arp_missed_max > 0) {
g_set_error(error,
NM_CONNECTION_ERROR,
diff --git a/src/libnm-core-impl/tests/test-setting.c b/src/libnm-core-impl/tests/test-setting.c
index 13d9518936..875d0a1127 100644
--- a/src/libnm-core-impl/tests/test-setting.c
+++ b/src/libnm-core-impl/tests/test-setting.c
@@ -5495,7 +5495,7 @@ test_bond_meta(void)
_A(_nm_setting_bond_opt_value_as_u16, set, NM_SETTING_BOND_OPTION_AD_ACTOR_SYS_PRIO, 0, EINVAL);
_A(_nm_setting_bond_opt_value_as_u16, set, NM_SETTING_BOND_OPTION_AD_USER_PORT_KEY, 0, EINVAL);
_A(_nm_setting_bond_opt_value_as_u8, set, NM_SETTING_BOND_OPTION_NUM_GRAT_ARP, 1, 0);
- _A(_nm_setting_bond_opt_value_as_u8, set, NM_SETTING_BOND_OPTION_ARP_MISSED_MAX, 0, 0);
+ _A(_nm_setting_bond_opt_value_as_u8, set, NM_SETTING_BOND_OPTION_ARP_MISSED_MAX, 2, 0);
_A(_nm_setting_bond_opt_value_as_u8, set, NM_SETTING_BOND_OPTION_ALL_SLAVES_ACTIVE, 0, 0);
_A(_nm_setting_bond_opt_value_as_intbool, set, NM_SETTING_BOND_OPTION_USE_CARRIER, 1, 0);
_A(_nm_setting_bond_opt_value_as_intbool,
diff --git a/src/libnm-platform/nm-linux-platform.c b/src/libnm-platform/nm-linux-platform.c
index 93639e284c..d3d330ff5e 100644
--- a/src/libnm-platform/nm-linux-platform.c
+++ b/src/libnm-platform/nm-linux-platform.c
@@ -1765,8 +1765,12 @@ _parse_lnk_bond(const char *kind, struct nlattr *info_data)
props->num_grat_arp = nla_get_u8(tb[IFLA_BOND_NUM_PEER_NOTIF]);
if (tb[IFLA_BOND_ALL_PORTS_ACTIVE])
props->all_ports_active = nla_get_u8(tb[IFLA_BOND_ALL_PORTS_ACTIVE]);
- if (tb[IFLA_BOND_MISSED_MAX])
- props->arp_missed_max = nla_get_u8(tb[IFLA_BOND_MISSED_MAX]);
+ if (tb[IFLA_BOND_MISSED_MAX]) {
+ props->arp_missed_max = nla_get_u8(tb[IFLA_BOND_MISSED_MAX]);
+ props->arp_missed_max_has = TRUE;
+ } else {
+ props->arp_missed_max_has = FALSE;
+ }
if (tb[IFLA_BOND_MIN_LINKS])
props->min_links = nla_get_u32(tb[IFLA_BOND_MIN_LINKS]);
if (tb[IFLA_BOND_LP_INTERVAL])
@@ -5101,7 +5105,7 @@ _nl_msg_new_link_set_linkinfo(struct nl_msg *msg, NMLinkType link_type, gconstpo
&props->ad_actor_system);
if (props->ad_select)
NLA_PUT_U8(msg, IFLA_BOND_AD_SELECT, props->ad_select);
- if (props->arp_missed_max)
+ if (props->arp_missed_max_has)
NLA_PUT_U8(msg, IFLA_BOND_MISSED_MAX, props->arp_missed_max);
NLA_PUT_U8(msg, IFLA_BOND_ALL_PORTS_ACTIVE, props->all_ports_active);
diff --git a/src/libnm-platform/nm-platform.c b/src/libnm-platform/nm-platform.c
index f44ca6a1d8..a1019c779a 100644
--- a/src/libnm-platform/nm-platform.c
+++ b/src/libnm-platform/nm-platform.c
@@ -6387,6 +6387,7 @@ nm_platform_lnk_bond_to_string(const NMPlatformLnkBond *lnk, char *buf, gsize le
char sbuf_resend_igmp[30];
char sbuf_lp_interval[30];
char sbuf_tlb_dynamic_lb[30];
+ char sbuf_arp_missed_max[30];
int i;
if (!nm_utils_to_string_buffer_init_null(lnk, &buf, &len))
@@ -6417,7 +6418,7 @@ nm_platform_lnk_bond_to_string(const NMPlatformLnkBond *lnk, char *buf, gsize le
" xmit_hash_policy %u"
" num_gray_arp %u"
" all_ports_active %u"
- " arp_missed_max %u"
+ "%s" /* arp_missed_max %u */
" lacp_rate %u"
"%s" /* lacp_active */
" ad_select %u"
@@ -6469,7 +6470,12 @@ nm_platform_lnk_bond_to_string(const NMPlatformLnkBond *lnk, char *buf, gsize le
lnk->xmit_hash_policy,
lnk->num_grat_arp,
lnk->all_ports_active,
- lnk->arp_missed_max,
+ lnk->arp_missed_max_has || lnk->arp_missed_max != 0
+ ? nm_sprintf_buf(sbuf_arp_missed_max,
+ " arp_missed_max%s %u",
+ !lnk->arp_missed_max_has ? "?" : "",
+ (int) lnk->arp_missed_max)
+ : "",
lnk->lacp_rate,
lnk->lacp_active_has || lnk->lacp_active != 0
? nm_sprintf_buf(sbuf_lacp_active,
@@ -8398,7 +8404,8 @@ nm_platform_lnk_bond_hash_update(const NMPlatformLnkBond *obj, NMHashState *h)
obj->tlb_dynamic_lb,
obj->tlb_dynamic_lb_has,
obj->updelay_has,
- obj->use_carrier));
+ obj->use_carrier,
+ obj->arp_missed_max_has));
nm_hash_update(h, obj->arp_ip_target, obj->arp_ip_targets_num * sizeof(obj->arp_ip_target[0]));
nm_hash_update(h, obj->ns_ip6_target, obj->ns_ip6_targets_num * sizeof(obj->ns_ip6_target[0]));
@@ -8476,6 +8483,7 @@ nm_platform_lnk_bond_cmp(const NMPlatformLnkBond *a, const NMPlatformLnkBond *b)
NM_CMP_FIELD_BOOL(a, b, tlb_dynamic_lb_has);
NM_CMP_FIELD_BOOL(a, b, updelay_has);
NM_CMP_FIELD_BOOL(a, b, use_carrier);
+ NM_CMP_FIELD_BOOL(a, b, arp_missed_max_has);
return 0;
}
diff --git a/src/libnm-platform/nm-platform.h b/src/libnm-platform/nm-platform.h
index 1d01e230b4..7881d13cf4 100644
--- a/src/libnm-platform/nm-platform.h
+++ b/src/libnm-platform/nm-platform.h
@@ -833,6 +833,7 @@ typedef struct {
bool tlb_dynamic_lb_has : 1;
bool updelay_has : 1;
bool use_carrier : 1;
+ bool arp_missed_max_has : 1;
} _nm_alignas(NMPlatformObject) NMPlatformLnkBond;
typedef struct {
--
2.54.0

93
1001-device-set-bridge-in-supplicant-for-802.1X-ethernet-.patch
View File

@ -1,93 +0,0 @@
From 5723fd5ac2aff927c7f9a0d161af57fceed9005d Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Thu, 16 Oct 2025 15:36:22 +0200
Subject: [PATCH] device: set bridge in supplicant for 802.1X ethernet and
macsec
When authenticating via 802.1X, the supplicant must be made aware of
the bridge the interface is attached to. This was already done for
wifi in commit ae31b4bf4eaa ('wifi: set the BridgeIfname supplicant
property when needed'). When setting the BridgeIfname property, the
supplicant opens an additional socket to listen on the bridge, to
ensure that all incoming EAPOL packets are received.
Without this patch, the initial authentication usually works because
it is started during stage2 (prepare), when the device is not yet
attached to the bridge, but then the re-authentication fails.
Note: I could reproduce the problem only when the bridge is configured
with bridge.group-forward-mask 8.
Resolves: https://issues.redhat.com/browse/RHEL-121153
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2301
(cherry picked from commit 965aa810278b24dd52d21bfcbc41a052767b6070)
---
src/core/devices/nm-device-ethernet.c | 13 +++++++++++++
src/core/devices/nm-device-macsec.c | 13 +++++++++++++
2 files changed, 26 insertions(+)
diff --git a/src/core/devices/nm-device-ethernet.c b/src/core/devices/nm-device-ethernet.c
index 4034fdaad6..eed57e918d 100644
--- a/src/core/devices/nm-device-ethernet.c
+++ b/src/core/devices/nm-device-ethernet.c
@@ -701,6 +701,9 @@ supplicant_iface_start(NMDeviceEthernet *self)
NMDeviceEthernetPrivate *priv = NM_DEVICE_ETHERNET_GET_PRIVATE(self);
gs_unref_object NMSupplicantConfig *config = NULL;
gs_free_error GError *error = NULL;
+ NMActRequest *request;
+ NMActiveConnection *controller_ac;
+ NMDevice *controller;
config = build_supplicant_config(self, &error);
if (!config) {
@@ -715,6 +718,16 @@ supplicant_iface_start(NMDeviceEthernet *self)
}
nm_supplicant_interface_disconnect(priv->supplicant.iface);
+
+ /* Tell the supplicant in which bridge the interface is */
+ if ((request = nm_device_get_act_request(NM_DEVICE(self)))
+ && (controller_ac = nm_active_connection_get_controller(NM_ACTIVE_CONNECTION(request)))
+ && (controller = nm_active_connection_get_device(controller_ac))
+ && nm_device_get_device_type(controller) == NM_DEVICE_TYPE_BRIDGE) {
+ nm_supplicant_interface_set_bridge(priv->supplicant.iface, nm_device_get_iface(controller));
+ } else
+ nm_supplicant_interface_set_bridge(priv->supplicant.iface, NULL);
+
nm_supplicant_interface_assoc(priv->supplicant.iface, config, supplicant_iface_assoc_cb, self);
return TRUE;
}
diff --git a/src/core/devices/nm-device-macsec.c b/src/core/devices/nm-device-macsec.c
index 2ff1eeb30a..5d67081c77 100644
--- a/src/core/devices/nm-device-macsec.c
+++ b/src/core/devices/nm-device-macsec.c
@@ -433,6 +433,9 @@ supplicant_iface_start(NMDeviceMacsec *self)
NMDeviceMacsecPrivate *priv = NM_DEVICE_MACSEC_GET_PRIVATE(self);
gs_unref_object NMSupplicantConfig *config = NULL;
gs_free_error GError *error = NULL;
+ NMActRequest *request;
+ NMActiveConnection *controller_ac;
+ NMDevice *controller;
config = build_supplicant_config(self, &error);
if (!config) {
@@ -445,6 +448,16 @@ supplicant_iface_start(NMDeviceMacsec *self)
}
nm_supplicant_interface_disconnect(priv->supplicant.iface);
+
+ /* Tell the supplicant in which bridge the interface is */
+ if ((request = nm_device_get_act_request(NM_DEVICE(self)))
+ && (controller_ac = nm_active_connection_get_controller(NM_ACTIVE_CONNECTION(request)))
+ && (controller = nm_active_connection_get_device(controller_ac))
+ && nm_device_get_device_type(controller) == NM_DEVICE_TYPE_BRIDGE) {
+ nm_supplicant_interface_set_bridge(priv->supplicant.iface, nm_device_get_iface(controller));
+ } else
+ nm_supplicant_interface_set_bridge(priv->supplicant.iface, NULL);
+
nm_supplicant_interface_assoc(priv->supplicant.iface, config, supplicant_iface_assoc_cb, self);
return TRUE;
}
--
2.53.0

15
NetworkManager.spec
View File

@ -4,10 +4,10 @@
%global glib2_version %(pkg-config --modversion glib-2.0 2>/dev/null || echo bad)
%global epoch_version 1
%global real_version 1.54.3
%global git_tag_version 1.54.3
%global real_version 1.54.4
%global git_tag_version 1.54.4
%global rpm_version %{real_version}
%global release_version 3
%global release_version 1
%global snapshot %{nil}
%global git_sha %{nil}
%global bcond_default_debug 0
@ -190,7 +190,7 @@ Patch0001: 0001-revert-change-default-value-for-ipv4.dad-timeout-from-0-to-200ms
# Bugfixes that are only relevant until next rebase of the package.
# Patch1001: 1001-some.patch
Patch1001: 1001-device-set-bridge-in-supplicant-for-802.1X-ethernet-.patch
Patch1001: 1001-The-valid-range-of-arp_missed_max-according-to-the-k.patch
Requires(post): systemd
Requires(post): systemd-udev
@ -1088,6 +1088,13 @@ fi
%changelog
* Thu May 21 2026 Ján Václav <jvaclav@redhat.com> - 1:1.54.4-1
- Update to 1.54.4
- fix handling onlink route flag for ECMP routes (RHEL-157391)
- Add Geneve support (RHEL-154245)
- Fix arp_missed_max/lacp_active error on reapply (RHEL-157392)
- Removed 802.1x auth patch as it was released upstream
* Thu May 7 2026 Rahul Rajesh <rrajesh@redhat.com> - 1:1.54.3-3
- Fix 802.1x auth for bridge interface (RHEL-151942)

2
sources
View File

@ -1 +1 @@
SHA512 (NetworkManager-1.54.3.tar.xz) = 2525074206d59fd33aefa3e372908e6a38f6cf89a0afbf17558e7099b2ba2cc7cac9494ed69e1faa6c97fc9fbd2b1166cc868f2097a01fece9bc3697256fc2a5
SHA512 (NetworkManager-1.54.4.tar.xz) = b548f883380e27f932877fe3ad5b804414362ac39c373ec4200a204eab352f6b27de850f02ae188e4c255afefa671e90be52376337a7fadd13a98afb33206588