rpms
/
NetworkManager
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import NetworkManager-1.26.0-13.el8_3

This commit is contained in:
CentOS Sources 2021-02-16 02:42:01 -05:00 committed by Andrew Lukoshko
commit afd1609d00
35 changed files with 64826 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.NetworkManager.metadata Normal file
View File

@ -0,0 +1 @@
4f0745b84feefa57ca83d43310860bffa666e0d4 SOURCES/NetworkManager-1.26.0.tar.xz

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
SOURCES/NetworkManager-1.26.0.tar.xz

14
SOURCES/00-server.conf Normal file
View File

@ -0,0 +1,14 @@
# This configuration file changes NetworkManager's behavior to
# what's expected on "traditional UNIX server" type deployments.
#
# See "man NetworkManager.conf" for more information about these
# and other keys.
[main]
# Do not do automatic (DHCP/SLAAC) configuration on ethernet devices
# with no other matching connections.
no-auto-default=*
# Ignore the carrier (cable plugged in) state when attempting to
# activate static-IP connections.
ignore-carrier=*

37
SOURCES/0001-cloud-setup-systemd-unit-rh1791758.patch Normal file
View File

@ -0,0 +1,37 @@
From 6069af3e7a7d506c02f007c71e2a9271b8ef3d09 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Thu, 16 Jan 2020 13:40:26 +0100
Subject: [PATCH 1/1] cloud-setup: avoid unsupported systemd settings in
nm-cloud-setup.service init for rhel-8.2
https://bugzilla.redhat.com/show_bug.cgi?id=1791758
---
clients/cloud-setup/nm-cloud-setup.service.in | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/clients/cloud-setup/nm-cloud-setup.service.in b/clients/cloud-setup/nm-cloud-setup.service.in
index 9866acd8b0ae..a3df3863c4df 100644
--- a/clients/cloud-setup/nm-cloud-setup.service.in
+++ b/clients/cloud-setup/nm-cloud-setup.service.in
@@ -22,15 +22,15 @@ PrivateDevices=yes
PrivateTmp=yes
ProtectControlGroups=yes
ProtectHome=yes
-ProtectHostname=yes
-ProtectKernelLogs=yes
+#ProtectHostname=yes
+#ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=strict
RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
-RestrictSUIDSGID=yes
+#RestrictSUIDSGID=yes
SystemCallFilter=@system-service
[Install]
--
2.26.2

37
SOURCES/1000-team-fix-crash-rh1856723.patch Normal file
View File

@ -0,0 +1,37 @@
From a1198f4f6d95682bc4126fe4f13d8c549394d8b6 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Tue, 14 Jul 2020 22:52:56 +0200
Subject: [PATCH] team: perform cleanup immediately when connecting to teamd
fails
When NM fails to connect to teamd during an activation, it sets the
device state to FAILED. Eventually the device will become DISCONNECTED
and will call the ->deactivate() method that will perform the cleanup
of timers, teamd process and teamdctl instance.
However, in this way, when the device is DISCONNECTED timers are still
armed and can be triggered in the wrong state. Instead, perform the
cleanup immediately on failure.
https://bugzilla.redhat.com/show_bug.cgi?id=1856723
(cherry picked from commit 26e97fcd0d4a70e32a484d3bfc57c1802da10554)
(cherry picked from commit 680c0b88122077101cbfd878a70d54fb7a4afcea)
---
src/devices/team/nm-device-team.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/devices/team/nm-device-team.c b/src/devices/team/nm-device-team.c
index 217c4bdd7c..7ba3034212 100644
--- a/src/devices/team/nm-device-team.c
+++ b/src/devices/team/nm-device-team.c
@@ -371,6 +371,7 @@ teamd_ready (NMDeviceTeam *self)
success = teamd_read_config (self);
if (!success) {
+ teamd_cleanup (self, TRUE);
nm_device_state_changed (device, NM_DEVICE_STATE_FAILED, NM_DEVICE_STATE_REASON_TEAMD_CONTROL_FAILED);
return;
}
--
2.26.2

291
SOURCES/1001-core-fix-generation-of-dependent-rh1857133.patch Normal file
View File

@ -0,0 +1,291 @@
From 7fadadb8f33675d0a12c94f5c0f5c6ecef4a98cf Mon Sep 17 00:00:00 2001
From: Antonio Cardace <acardace@redhat.com>
Date: Tue, 14 Jul 2020 11:35:35 +0200
Subject: [PATCH] core: fix generation of dependent local routes for VRFs
When using VRF devices we must pre-generate dependent local
routes in the VRF's table otherwise they will be incorrectly added
to the local table instead.
https://bugzilla.redhat.com/show_bug.cgi?id=1857133
Fixes: a199cd2a7d92 ('core: add dependent local routes configured by kernel')
(cherry picked from commit d342af1925223cf8d117750c91f35f3041f05570)
(cherry picked from commit ad64da5e85757eeb729fea377bb92ac41c8b92bd)
---
src/devices/nm-device.c | 9 ++++++++-
src/nm-iface-helper.c | 11 ++++++++++-
src/nm-ip4-config.c | 19 +++++++++++--------
src/nm-ip4-config.h | 7 ++++---
src/nm-ip6-config.c | 17 +++++++++++------
src/nm-ip6-config.h | 5 +++--
src/vpn/nm-vpn-connection.c | 19 ++++++++++++++++---
7 files changed, 63 insertions(+), 24 deletions(-)
diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c
index de09e4807..57c32cef8 100644
--- a/src/devices/nm-device.c
+++ b/src/devices/nm-device.c
@@ -68,6 +68,7 @@
#include "nm-device-generic.h"
#include "nm-device-vlan.h"
+#include "nm-device-vrf.h"
#include "nm-device-wireguard.h"
#include "nm-device-logging.h"
@@ -8097,15 +8098,21 @@ ip_config_merge_and_apply (NMDevice *self,
}
if (commit) {
+ gboolean is_vrf;
+
+ is_vrf = priv->master && nm_device_get_device_type (priv->master) == NM_DEVICE_TYPE_VRF;
+
if (IS_IPv4) {
nm_ip4_config_add_dependent_routes (NM_IP4_CONFIG (composite),
nm_device_get_route_table (self, addr_family),
nm_device_get_route_metric (self, addr_family),
+ is_vrf,
&ip4_dev_route_blacklist);
} else {
nm_ip6_config_add_dependent_routes (NM_IP6_CONFIG (composite),
nm_device_get_route_table (self, addr_family),
- nm_device_get_route_metric (self, addr_family));
+ nm_device_get_route_metric (self, addr_family),
+ is_vrf);
}
}
diff --git a/src/nm-iface-helper.c b/src/nm-iface-helper.c
index 6320e722c..c7d65d2a6 100644
--- a/src/nm-iface-helper.c
+++ b/src/nm-iface-helper.c
@@ -41,11 +41,13 @@
static struct {
GMainLoop *main_loop;
int ifindex;
+ gboolean is_vrf_device;
guint dad_failed_id;
CList dad_failed_lst_head;
} gl/*obal*/ = {
.ifindex = -1,
+ .is_vrf_device = FALSE,
};
static struct {
@@ -120,6 +122,7 @@ dhcp4_state_changed (NMDhcpClient *client,
nm_ip4_config_add_dependent_routes (existing,
RT_TABLE_MAIN,
global_opt.priority_v4,
+ gl.is_vrf_device,
&ip4_dev_route_blacklist);
if (!nm_ip4_config_commit (existing,
NM_PLATFORM_GET,
@@ -236,7 +239,8 @@ ndisc_config_changed (NMNDisc *ndisc, const NMNDiscData *rdata, guint changed_in
nm_ip6_config_merge (existing, ndisc_config, NM_IP_CONFIG_MERGE_DEFAULT, 0);
nm_ip6_config_add_dependent_routes (existing,
RT_TABLE_MAIN,
- global_opt.priority_v6);
+ global_opt.priority_v6,
+ gl.is_vrf_device);
if (!nm_ip6_config_commit (existing,
NM_PLATFORM_GET,
NM_IP_ROUTE_TABLE_SYNC_MODE_MAIN,
@@ -480,6 +484,11 @@ main (int argc, char *argv[])
if (pllink) {
hwaddr = nmp_link_address_get_as_bytes (&pllink->l_address);
bcast_hwaddr = nmp_link_address_get_as_bytes (&pllink->l_broadcast);
+
+ if (pllink->master > 0) {
+ gl.is_vrf_device
+ = nm_platform_link_get_type (NM_PLATFORM_GET, pllink->master) == NM_LINK_TYPE_VRF;
+ }
}
if (global_opt.iid_str) {
diff --git a/src/nm-ip4-config.c b/src/nm-ip4-config.c
index 490296c8d..f017a3e80 100644
--- a/src/nm-ip4-config.c
+++ b/src/nm-ip4-config.c
@@ -672,9 +672,11 @@ nm_ip4_config_update_routes_metric (NMIP4Config *self, gint64 metric)
}
static void
-_add_local_route_from_addr4 (NMIP4Config *self,
- const NMPlatformIP4Address *addr,
- int ifindex)
+_add_local_route_from_addr4 (NMIP4Config * self,
+ const NMPlatformIP4Address *addr,
+ int ifindex,
+ guint32 route_table,
+ gboolean is_vrf)
{
nm_auto_nmpobj NMPObject *r = NULL;
NMPlatformIP4Route *route;
@@ -686,18 +688,19 @@ _add_local_route_from_addr4 (NMIP4Config *self,
route->network = addr->address;
route->plen = 32;
route->pref_src = addr->address;
- route->table_coerced = nm_platform_route_table_coerce (RT_TABLE_LOCAL);
route->type_coerced = nm_platform_route_type_coerce (RTN_LOCAL);
route->scope_inv = nm_platform_route_scope_inv (RT_SCOPE_HOST);
+ route->table_coerced = nm_platform_route_table_coerce (is_vrf ? route_table : RT_TABLE_LOCAL);
_add_route (self, r, NULL, NULL);
}
void
nm_ip4_config_add_dependent_routes (NMIP4Config *self,
- guint32 route_table,
- guint32 route_metric,
- GPtrArray **out_ip4_dev_route_blacklist)
+ guint32 route_table,
+ guint32 route_metric,
+ gboolean is_vrf,
+ GPtrArray ** out_ip4_dev_route_blacklist)
{
GPtrArray *ip4_dev_route_blacklist = NULL;
const NMPlatformIP4Address *my_addr;
@@ -729,7 +732,7 @@ nm_ip4_config_add_dependent_routes (NMIP4Config *self,
if (my_addr->external)
continue;
- _add_local_route_from_addr4 (self, my_addr, ifindex);
+ _add_local_route_from_addr4 (self, my_addr, ifindex, route_table, is_vrf);
if (_ipv4_is_zeronet (network)) {
/* Kernel doesn't add device-routes for destinations that
diff --git a/src/nm-ip4-config.h b/src/nm-ip4-config.h
index d4694d936..dc8222fd5 100644
--- a/src/nm-ip4-config.h
+++ b/src/nm-ip4-config.h
@@ -157,9 +157,10 @@ NMDedupMultiIndex *nm_ip4_config_get_multi_idx (const NMIP4Config *self);
NMIP4Config *nm_ip4_config_capture (NMDedupMultiIndex *multi_idx, NMPlatform *platform, int ifindex);
void nm_ip4_config_add_dependent_routes (NMIP4Config *self,
- guint32 route_table,
- guint32 route_metric,
- GPtrArray **out_ip4_dev_route_blacklist);
+ guint32 route_table,
+ guint32 route_metric,
+ gboolean is_vrf,
+ GPtrArray ** out_ip4_dev_route_blacklist);
gboolean nm_ip4_config_commit (const NMIP4Config *self,
NMPlatform *platform,
diff --git a/src/nm-ip6-config.c b/src/nm-ip6-config.c
index 4911ec1d1..1589cad00 100644
--- a/src/nm-ip6-config.c
+++ b/src/nm-ip6-config.c
@@ -475,27 +475,32 @@ _add_multicast_route6 (NMIP6Config *self, int ifindex)
}
static void
-_add_local_route_from_addr6 (NMIP6Config *self, const NMPlatformIP6Address *addr, int ifindex)
+_add_local_route_from_addr6 (NMIP6Config * self,
+ const NMPlatformIP6Address *addr,
+ int ifindex,
+ guint32 route_table,
+ gboolean is_vrf)
{
nm_auto_nmpobj NMPObject *r = NULL;
- NMPlatformIP6Route *route;
+ NMPlatformIP6Route * route;
r = nmp_object_new (NMP_OBJECT_TYPE_IP6_ROUTE, NULL);
route = NMP_OBJECT_CAST_IP6_ROUTE (r);
route->ifindex = ifindex;
route->network = addr->address;
route->plen = 128;
- route->table_coerced = nm_platform_route_table_coerce (RT_TABLE_LOCAL);
route->type_coerced = nm_platform_route_type_coerce (RTN_LOCAL);
route->metric = 0;
+ route->table_coerced = nm_platform_route_table_coerce (is_vrf ? route_table : RT_TABLE_LOCAL);
_add_route (self, r, NULL, NULL);
}
void
nm_ip6_config_add_dependent_routes (NMIP6Config *self,
- guint32 route_table,
- guint32 route_metric)
+ guint32 route_table,
+ guint32 route_metric,
+ gboolean is_vrf)
{
const NMPlatformIP6Address *my_addr;
const NMPlatformIP6Route *my_route;
@@ -524,7 +529,7 @@ nm_ip6_config_add_dependent_routes (NMIP6Config *self,
continue;
/* Pre-generate local route added by kernel */
- _add_local_route_from_addr6 (self, my_addr, ifindex);
+ _add_local_route_from_addr6 (self, my_addr, ifindex, route_table, is_vrf);
if (NM_FLAGS_HAS (my_addr->n_ifa_flags, IFA_F_NOPREFIXROUTE))
continue;
diff --git a/src/nm-ip6-config.h b/src/nm-ip6-config.h
index 36e8518a8..b6f461b29 100644
--- a/src/nm-ip6-config.h
+++ b/src/nm-ip6-config.h
@@ -93,8 +93,9 @@ NMIP6Config *nm_ip6_config_capture (struct _NMDedupMultiIndex *multi_idx, NMPlat
NMSettingIP6ConfigPrivacy use_temporary);
void nm_ip6_config_add_dependent_routes (NMIP6Config *self,
- guint32 route_table,
- guint32 route_metric);
+ guint32 route_table,
+ guint32 route_metric,
+ gboolean is_vrf);
gboolean nm_ip6_config_commit (const NMIP6Config *self,
NMPlatform *platform,
diff --git a/src/vpn/nm-vpn-connection.c b/src/vpn/nm-vpn-connection.c
index 6d995dc48..ff6b8e00c 100644
--- a/src/vpn/nm-vpn-connection.c
+++ b/src/vpn/nm-vpn-connection.c
@@ -1447,6 +1447,20 @@ get_route_table (NMVpnConnection *self,
return route_table ?: (fallback_main ? RT_TABLE_MAIN : 0);
}
+static gboolean
+_is_device_vrf (NMVpnConnection *self)
+{
+ NMDevice *parent;
+ NMDevice *master;
+
+ parent = nm_active_connection_get_device (NM_ACTIVE_CONNECTION (self));
+ if (!parent)
+ return FALSE;
+
+ master = nm_device_get_master (parent);
+ return master && nm_device_get_link_type (master) == NM_LINK_TYPE_VRF;
+}
+
static void
nm_vpn_connection_ip4_config_get (NMVpnConnection *self, GVariant *dict)
{
@@ -1646,6 +1660,7 @@ nm_vpn_connection_ip4_config_get (NMVpnConnection *self, GVariant *dict)
nm_ip4_config_add_dependent_routes (config,
route_table,
nm_vpn_connection_get_ip4_route_metric (self),
+ _is_device_vrf (self),
&priv->ip4_dev_route_blacklist);
if (priv->ip4_config) {
@@ -1840,9 +1855,7 @@ next:
nm_ip6_config_add_route (config, &r, NULL);
}
- nm_ip6_config_add_dependent_routes (config,
- route_table,
- route_metric);
+ nm_ip6_config_add_dependent_routes (config, route_table, route_metric, _is_device_vrf (self));
if (priv->ip6_config) {
nm_ip6_config_replace (priv->ip6_config, config, NULL);
--
2.26.2

46
SOURCES/1002-fix-check-on-master-ac-failure-rh1845018.patch Normal file
View File

@ -0,0 +1,46 @@
From 39e365733bd3c79c5801d4e6c7a32f133b9af678 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Mon, 6 Jul 2020 17:30:05 +0200
Subject: [PATCH] core: fix check on master active-connection failure
The previous check was never satisfied, as the device is assigned to
the active-connection and realized early. Instead, check the
master_ready flag, which tells if the master is ready and, therefore,
if the slave has already been added to the master.
Before this commit, in some cases a device didn't detect that the
master failed and kept waiting forever.
https://bugzilla.redhat.com/show_bug.cgi?id=1845018
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/568
(cherry picked from commit 0911d2a4ee1c317f455c01cbad048b994f69844d)
(cherry picked from commit 223f741810db9e457ec512c7626bf9e65d82a6cb)
---
src/nm-active-connection.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/nm-active-connection.c b/src/nm-active-connection.c
index 08037ebe71..151fb4d939 100644
--- a/src/nm-active-connection.c
+++ b/src/nm-active-connection.c
@@ -810,14 +810,14 @@ master_state_cb (NMActiveConnection *master,
gpointer user_data)
{
NMActiveConnection *self = NM_ACTIVE_CONNECTION (user_data);
+ NMActiveConnectionPrivate *priv = NM_ACTIVE_CONNECTION_GET_PRIVATE (self);
NMActiveConnectionState master_state = nm_active_connection_get_state (master);
- NMDevice *master_device = nm_active_connection_get_device (master);
check_master_ready (self);
if ( master_state == NM_ACTIVE_CONNECTION_STATE_DEACTIVATING
- && (!master_device || !nm_device_is_real (master_device))) {
- /* Master failed without ever creating or realizing its device */
+ && !priv->master_ready) {
+ /* Master disconnected before the slave was added */
if (NM_ACTIVE_CONNECTION_GET_CLASS (self)->master_failed)
NM_ACTIVE_CONNECTION_GET_CLASS (self)->master_failed (self);
}
--
2.26.2

50357
SOURCES/1003-translations-rh1820552.patch Normal file
View File

File diff suppressed because it is too large Load Diff

112
SOURCES/1004-fix-warning-setting-bond-active-slave-rh1858326.patch Normal file
View File

@ -0,0 +1,112 @@
From cb125986922b6e0bd33d68306f1602b19ea1a3de Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Tue, 14 Jul 2020 09:16:51 +0200
Subject: [PATCH 1/1] bond: avoid setting "active_slave" option without
interface enslaved
Kernel will reject setting "active_slave", if the interface is not enslaved or not
up. We already handle that by setting the option whenever we enslave an interface.
However, we also must not set it initially, otherwise we get an ugly error log message:
NetworkManager[939]: <debug> [1594709143.7459] platform-linux: sysctl: setting net:/sys/class/net/bond99/bonding/active_slave to eth1 (current value is )
NetworkManager[939]: <error> [1594709143.7459] platform-linux: sysctl: failed to set bonding/active_slave to eth1: (22) Invalid argument
NetworkManager[939]: <warn> [1594709143.7460] device (bond99): failed to set bonding attribute active_slave to eth1
...
kernel: bond99: (slave eth1): Device is not bonding slave
kernel: bond99: option active_slave: invalid value (eth1)
See-also: https://bugzilla.redhat.com/show_bug.cgi?id=1856640
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/577
(cherry picked from commit f0a39b517e06470c4b176ef0bbd49c2eef1d7ad7)
(cherry picked from commit e48c908e8cb5e0b426a4bf8d99608f73cd7890e4)
---
src/devices/nm-device-bond.c | 43 +++++++++++++++++++++++++++++++-----
1 file changed, 38 insertions(+), 5 deletions(-)
diff --git a/src/devices/nm-device-bond.c b/src/devices/nm-device-bond.c
index 2fedc753f350..e36eba61b0b2 100644
--- a/src/devices/nm-device-bond.c
+++ b/src/devices/nm-device-bond.c
@@ -8,6 +8,7 @@
#include "nm-device-bond.h"
#include <stdlib.h>
+#include <net/if.h>
#include "NetworkManagerUtils.h"
#include "nm-device-private.h"
@@ -261,6 +262,40 @@ set_bond_attr_or_default (NMDevice *device,
_set_bond_attr (device, opt, value);
}
+static void
+set_bond_attr_active_slave (NMDevice *device, NMSettingBond *s_bond)
+{
+ NMDeviceBond *self = NM_DEVICE_BOND (device);
+ const NMPlatformLink *plink;
+ const char *value;
+ const char *error_reason;
+ int ifindex;
+
+ value = nm_setting_bond_get_option_or_default (s_bond, NM_SETTING_BOND_OPTION_ACTIVE_SLAVE);
+ if (!value)
+ return;
+
+ if (!nm_str_is_empty (value)) {
+ ifindex = nm_device_get_ifindex (device);
+ plink = nm_platform_link_get_by_ifname (nm_device_get_platform (device), value);
+ if (!plink)
+ error_reason = "does not exist";
+ else if (plink->master != ifindex)
+ error_reason = "is not yet enslaved";
+ else if (!NM_FLAGS_HAS (plink->n_ifi_flags, IFF_UP))
+ error_reason = "is not up";
+ else
+ error_reason = NULL;
+
+ if (error_reason) {
+ _LOGT (LOGD_BOND, "bond option 'active_slave' not set as device \"%s\" %s", value, error_reason);
+ return;
+ }
+ }
+
+ _set_bond_attr (device, NM_SETTING_BOND_OPTION_ACTIVE_SLAVE, value);
+}
+
static gboolean
apply_bonding_config (NMDeviceBond *self)
{
@@ -300,7 +335,7 @@ apply_bonding_config (NMDeviceBond *self)
nm_setting_bond_get_option_or_default (s_bond, NM_SETTING_BOND_OPTION_ARP_IP_TARGET));
set_bond_attr_or_default (device, s_bond, NM_SETTING_BOND_OPTION_AD_ACTOR_SYSTEM);
- set_bond_attr_or_default (device, s_bond, NM_SETTING_BOND_OPTION_ACTIVE_SLAVE);
+ set_bond_attr_active_slave (device, s_bond);
set_bond_attr_or_default (device, s_bond, NM_SETTING_BOND_OPTION_AD_ACTOR_SYS_PRIO);
set_bond_attr_or_default (device, s_bond, NM_SETTING_BOND_OPTION_AD_SELECT);
set_bond_attr_or_default (device, s_bond, NM_SETTING_BOND_OPTION_AD_USER_PORT_KEY);
@@ -378,7 +413,7 @@ enslave_slave (NMDevice *device,
if (nm_streq0 (active, nm_device_get_iface (slave))) {
nm_platform_sysctl_master_set_option (nm_device_get_platform (device),
nm_device_get_ifindex (device),
- "active_slave",
+ NM_SETTING_BOND_OPTION_ACTIVE_SLAVE,
active);
_LOGD (LOGD_BOND, "setting slave %s as active one for master %s",
active, nm_device_get_iface (device));
@@ -577,10 +612,8 @@ reapply_connection (NMDevice *device, NMConnection *con_old, NMConnection *con_n
mode = _nm_setting_bond_mode_from_string (value);
g_return_if_fail (mode != NM_BOND_MODE_UNKNOWN);
- /* Primary */
set_bond_attr_or_default (device, s_bond, NM_SETTING_BOND_OPTION_PRIMARY);
- /* Active slave */
- set_bond_attr_or_default (device, s_bond, NM_SETTING_BOND_OPTION_ACTIVE_SLAVE);
+ set_bond_attr_active_slave (device, s_bond);
}
/*****************************************************************************/
--
2.26.2

114
SOURCES/1005-fix-managing-devices-after-sleep-rh1855563.patch Normal file
View File

@ -0,0 +1,114 @@
From 66df6ba15a4b394a71c352011eb0915b381b821a Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Thu, 16 Jul 2020 11:57:14 +0200
Subject: [PATCH 1/2] manager: fix race condition when resuming from sleep
If the device state change (to disconnected or unmanaged) triggered by
a sleep event happens after the wake, the devices becomes wrongly
unmanaged and it's necessary to manually manage it again, or restart
NM.
During the wake event we should disconnect the device_sleep_cb()
callback for all devices because we don't want to react to state
changes anymore; in particular we don't need to detect when the device
becomes disconnected to unmanage it.
(cherry picked from commit fe2d93980bd5b61c55a8b65a55f7aad35042e691)
(cherry picked from commit 971897195a8218cb0ec08ae95a7210fce73f0b03)
---
src/nm-manager.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/nm-manager.c b/src/nm-manager.c
index 921125329e..d687fcd7f2 100644
--- a/src/nm-manager.c
+++ b/src/nm-manager.c
@@ -6048,8 +6048,9 @@ do_sleep_wake (NMManager *self, gboolean sleeping_changed)
} else {
_LOGD (LOGD_SUSPEND, "sleep: %s...", waking_from_suspend ? "waking up" : "re-enabling");
+ sleep_devices_clear (self);
+
if (waking_from_suspend) {
- sleep_devices_clear (self);
c_list_for_each_entry (device, &priv->devices_lst_head, devices_lst) {
if (nm_device_is_software (device))
continue;
--
2.26.2
From 29958141b98cd0abba614b15e6f24611382f8f99 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Thu, 16 Jul 2020 11:58:20 +0200
Subject: [PATCH 2/2] policy: block connection from autoconnect in case of
failed dependency
A connection that fails due to dependency-failed is not able to
reconnect until the master connection activates again; when this
happens, the master clears the blocked reason for all its slaves in
activate_slave_connections() and tries to reconnect them. For this to
work, the slave should be marked as blocked when it fails with
dependency-failed.
(cherry picked from commit 725fed01cf7c8508cf426897340b2a4113406aab)
(cherry picked from commit e1755048e35aca682c7d0d233122d4ddaf3bb089)
---
src/nm-policy.c | 33 +++++++++++++++++++++++++--------
1 file changed, 25 insertions(+), 8 deletions(-)
diff --git a/src/nm-policy.c b/src/nm-policy.c
index 62ead24253..e571034bc3 100644
--- a/src/nm-policy.c
+++ b/src/nm-policy.c
@@ -1787,7 +1787,7 @@ device_state_changed (NMDevice *device,
if ( sett_conn
&& old_state >= NM_DEVICE_STATE_PREPARE
&& old_state <= NM_DEVICE_STATE_ACTIVATED) {
- gboolean block_no_secrets = FALSE;
+ gboolean blocked = FALSE;
int tries;
guint64 con_v;
@@ -1807,15 +1807,32 @@ device_state_changed (NMDevice *device,
*/
con_v = nm_settings_connection_get_last_secret_agent_version_id (sett_conn);
if ( con_v == 0
- || con_v == nm_agent_manager_get_agent_version_id (priv->agent_mgr))
- block_no_secrets = TRUE;
+ || con_v == nm_agent_manager_get_agent_version_id (priv->agent_mgr)) {
+ _LOGD (LOGD_DEVICE, "connection '%s' now blocked from autoconnect due to no secrets",
+ nm_settings_connection_get_id (sett_conn));
+ nm_settings_connection_autoconnect_blocked_reason_set (sett_conn,
+ NM_SETTINGS_AUTO_CONNECT_BLOCKED_REASON_NO_SECRETS,
+ TRUE);
+ blocked = TRUE;
+ }
+ } else if (nm_device_state_reason_check (reason) == NM_DEVICE_STATE_REASON_DEPENDENCY_FAILED) {
+ /* A connection that fails due to dependency-failed is not
+ * able to reconnect until the master connection activates
+ * again; when this happens, the master clears the blocked
+ * reason for all its slaves in activate_slave_connections()
+ * and tries to reconnect them. For this to work, the slave
+ * should be marked as blocked when it fails with
+ * dependency-failed.
+ */
+ _LOGD (LOGD_DEVICE, "connection '%s' now blocked from autoconnect due to failed dependency",
+ nm_settings_connection_get_id (sett_conn));
+ nm_settings_connection_autoconnect_blocked_reason_set (sett_conn,
+ NM_SETTINGS_AUTO_CONNECT_BLOCKED_REASON_FAILED,
+ TRUE);
+ blocked = TRUE;
}
- if (block_no_secrets) {
- _LOGD (LOGD_DEVICE, "connection '%s' now blocked from autoconnect due to no secrets",
- nm_settings_connection_get_id (sett_conn));
- nm_settings_connection_autoconnect_blocked_reason_set (sett_conn, NM_SETTINGS_AUTO_CONNECT_BLOCKED_REASON_NO_SECRETS, TRUE);
- } else {
+ if (!blocked) {
tries = nm_settings_connection_autoconnect_retries_get (sett_conn);
if (tries > 0) {
_LOGD (LOGD_DEVICE, "connection '%s' failed to autoconnect; %d tries left",
--
2.26.2

57
SOURCES/1006-n-dhcp4-fix-bpf-for-big-endian-arch-rh1861488.patch Normal file
View File

@ -0,0 +1,57 @@
From ab260205b54bf3ae4862c11a2d47b84ff6cebe24 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Mon, 3 Aug 2020 18:02:08 +0200
Subject: [PATCH 1/1] n-dhcp4: fix BPF filter endianness issue
The BPF filter takes the byte containing IP Flags and performs a
bitwise AND with "ntohs(IP_MF | IP_OFFMASK)".
On little-endian architectures the IP_MF flag (0x20) is ANDed with
0xFF3F and so the presence of the flag is correctly detected ignoring
other flags as IP_DF (0x40) or IP_RF (0x80).
On big-endian, "ntohs(IP_MF | IP_OFFMASK)" is 0x3FFF and so the filter
wrongly checks the presence of *any* flags. Therefore, a packet with
the DF flag set is dropped.
Instead, take the two bytes containing flags and offset:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Version| IHL |Type of Service| Total Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identification |Flags| Fragment Offset |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
and verify that IP_MF and the offset are zero.
Fixes: e43b1791a382 ('Merge commit 'e23b3c9c3ac86b065eef002fa5c4321cc4a87df2' as 'shared/n-dhcp4'')
https://bugzilla.redhat.com/show_bug.cgi?id=1861488
https://github.com/nettools/n-dhcp4/pull/19
(cherry picked from commit 03d38e83e558802a82cb0e4847cb1f1ef75ccd16)
(cherry picked from commit 0024cef23850e6141a15cb02d92551adef3cf4dd)
(cherry picked from commit 80835f8f8991ae8292790826afa3a5fc88b44d1a)
---
shared/n-dhcp4/src/n-dhcp4-socket.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/shared/n-dhcp4/src/n-dhcp4-socket.c b/shared/n-dhcp4/src/n-dhcp4-socket.c
index c7e897726ef8..7291c78036bc 100644
--- a/shared/n-dhcp4/src/n-dhcp4-socket.c
+++ b/shared/n-dhcp4/src/n-dhcp4-socket.c
@@ -50,8 +50,8 @@ int n_dhcp4_c_socket_packet_new(int *sockfdp, int ifindex) {
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, IPPROTO_UDP, 1, 0), /* IP protocol == UDP ? */
BPF_STMT(BPF_RET + BPF_K, 0), /* ignore */
- BPF_STMT(BPF_LD + BPF_B + BPF_ABS, offsetof(struct iphdr, frag_off)), /* A <- Flags */
- BPF_STMT(BPF_ALU + BPF_AND + BPF_K, ntohs(IP_MF | IP_OFFMASK)), /* A <- A & (IP_MF | IP_OFFMASK) */
+ BPF_STMT(BPF_LD + BPF_H + BPF_ABS, offsetof(struct iphdr, frag_off)), /* A <- Flags + Fragment offset */
+ BPF_STMT(BPF_ALU + BPF_AND + BPF_K, IP_MF | IP_OFFMASK), /* A <- A & (IP_MF | IP_OFFMASK) */
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, 0, 1, 0), /* fragmented packet ? */
BPF_STMT(BPF_RET + BPF_K, 0), /* ignore */
--
2.26.2

62
SOURCES/1007-core-no-warn-setting-mtu-with-ipv6-disabled-rh1840989.patch Normal file
View File

@ -0,0 +1,62 @@
From 7aa3b439df293b16597df3a0a2baa6caf3bb1322 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Thu, 23 Jul 2020 17:18:56 +0200
Subject: [PATCH 1/1] device: downgrade warning about IPv6 MTU if IPv6 is
disabled
If IPv6 is disabled, changing the IPv6 MTU fails and NM complains with
a warning. Since this error is expected and doesn't do any harm,
downgrade the logging level to DEBUG.
Since IPv6 kernel support can be built as a module, we have to check
the existence of /proc/sys/net/ipv6 every time. Instead of checking it
and then setting the MTU (adding one /proc access for everyone), just try
to set the MTU; in case of failure, determine the reason for the error.
https://bugzilla.redhat.com/show_bug.cgi?id=1840989
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/585
(cherry picked from commit 9c09dcedafd51da65c04669b830bc9652000d462)
(cherry picked from commit ce3dffd24eb21924a332794bc66705dbd6c052a2)
---
src/devices/nm-device.c | 23 +++++++++++++++++------
1 file changed, 17 insertions(+), 6 deletions(-)
diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c
index 57c32cef8f09..24209c8614f1 100644
--- a/src/devices/nm-device.c
+++ b/src/devices/nm-device.c
@@ -10268,14 +10268,25 @@ _commit_mtu (NMDevice *self, const NMIP4Config *config)
if (!nm_device_sysctl_ip_conf_set (self, AF_INET6, "mtu",
nm_sprintf_buf (sbuf, "%u", (unsigned) ip6_mtu))) {
int errsv = errno;
+ NMLogLevel level = LOGL_WARN;
+ const char *msg = NULL;
- _NMLOG (anticipated_failure && errsv == EINVAL ? LOGL_DEBUG : LOGL_WARN,
- LOGD_DEVICE,
- "mtu: failure to set IPv6 MTU%s",
- anticipated_failure && errsv == EINVAL
- ? ": Is the underlying MTU value successfully set?"
- : "");
success = FALSE;
+
+ if (anticipated_failure && errsv == EINVAL) {
+ level = LOGL_DEBUG;
+ msg = "Is the underlying MTU value successfully set?";
+ } else if (!g_file_test ("/proc/sys/net/ipv6", G_FILE_TEST_IS_DIR)) {
+ level = LOGL_DEBUG;
+ msg = "IPv6 is disabled";
+ success = TRUE;
+ }
+
+ _NMLOG (level,
+ LOGD_DEVICE,
+ "mtu: failure to set IPv6 MTU%s%s",
+ msg ? ": " : "",
+ msg ?: "");
}
priv->carrier_wait_until_ms = nm_utils_get_monotonic_timestamp_msec () + CARRIER_WAIT_TIME_AFTER_MTU_MS;
}
--
2.26.2

87
SOURCES/1008-wifi-avoid-crash-due-to-incomplete-Wi-Fi-API-info-rh1866395.patch Normal file
View File

@ -0,0 +1,87 @@
From c71d29b3dbe13d6ce456200d9e8ce9d0739eb368 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Mon, 3 Aug 2020 09:54:04 +0200
Subject: [PATCH 1/1] wifi: avoid crash due to incomplete Wi-Fi API info
In this case, GetAll failed with "Timeout was reached". We still
create a dummy BSS info, because we kept track of the object to
start with. That way, we don't simply want to ignore the failure,
because NMDeviceWifi might track this NMWifiAP already, and we may
need an update (even if we failed to fetch the requested information).
However, that later leads to a crash, because NMDeviceWifi expect the BSSID
present then.
Avoid that, by don't processing such APs.
#0 g_logv (log_domain=0x7f2ac10a60a9 "NetworkManager", log_level=G_LOG_LEVEL_CRITICAL, format=<optimized out>, args=<optimized out>) at ../glib/gmessages.c:1377
#1 0x00007f2acf152233 in g_log
(log_domain=log_domain@entry=0x7f2ac10a60a9 "NetworkManager", log_level=log_level@entry=G_LOG_LEVEL_CRITICAL, format=format@entry=0x7f2acf1a46ff "%s: assertion '%s' failed")
at ../glib/gmessages.c:1415
#2 0x00007f2acf152a2d in g_return_if_fail_warning
(log_domain=log_domain@entry=0x7f2ac10a60a9 "NetworkManager", pretty_function=pretty_function@entry=0x7f2ac10a9e70 <__func__.50> "try_fill_ssid_for_hidden_ap", expression=expression@entry=0x7f2ac10a86d0 "bssid") at ../glib/gmessages.c:2771
#3 0x00007f2ac108a402 in try_fill_ssid_for_hidden_ap (ap=0x5569978b61c0 [NMWifiAP], self=0x55699786ea00 [NMDeviceWifi]) at src/devices/wifi/nm-device-wifi.c:1883
#4 supplicant_iface_bss_changed_cb (iface=0x556997777260 [NMSupplicantInterface], bss_info=0x7f2ab4028f00, is_present=1, self=0x55699786ea00 [NMDeviceWifi])
at src/devices/wifi/nm-device-wifi.c:1946
#5 0x00007f2ace246af0 in ffi_call_unix64 () at ../src/x86/unix64.S:76
#6 0x00007f2ace2462ab in ffi_call (cif=cif@entry=0x7ffd9c107c90, fn=fn@entry=0x7f2ac1089e80 <supplicant_iface_bss_changed_cb>, rvalue=<optimized out>, avalue=avalue@entry=0x7ffd9c107ba0)
at ../src/x86/ffi64.c:525
#7 0x00007f2acf23e87a in g_cclosure_marshal_generic_va
(closure=<optimized out>, return_value=<optimized out>, instance=<optimized out>, args_list=<optimized out>, marshal_data=<optimized out>, n_params=<optimized out>, param_types=<optimized out>) at ../gobject/gclosure.c:1614
#8 0x00007f2acf23dae6 in _g_closure_invoke_va
(closure=closure@entry=0x5569978a0cc0, return_value=return_value@entry=0x0, instance=instance@entry=0x556997777260, args=args@entry=0x7ffd9c107f00, n_params=2, param_types=0x55699775b990) at ../gobject/gclosure.c:873
#9 0x00007f2acf2566e9 in g_signal_emit_valist (instance=0x556997777260, signal_id=<optimized out>, detail=0, var_args=var_args@entry=0x7ffd9c107f00) at ../gobject/gsignal.c:3407
#10 0x00007f2acf256c63 in g_signal_emit (instance=instance@entry=0x556997777260, signal_id=<optimized out>, detail=detail@entry=0) at ../gobject/gsignal.c:3554
#11 0x00005569972ece61 in _bss_info_changed_emit (self=self@entry=0x556997777260 [NMSupplicantInterface], bss_info=bss_info@entry=0x7f2ab4028f00, is_present=is_present@entry=1)
at src/supplicant/nm-supplicant-interface.c:555
#12 0x00005569972ed3a0 in _bss_info_properties_changed (self=0x556997777260 [NMSupplicantInterface], bss_info=0x7f2ab4028f00, properties=<optimized out>, initial=<optimized out>)
at src/supplicant/nm-supplicant-interface.c:758
#13 0x00005569972f756b in _bss_info_get_all_cb (result=0x0, error=<optimized out>, user_data=0x7f2ab4028f00) at src/supplicant/nm-supplicant-interface.c:784
#14 0x0000556997217bc1 in _nm_dbus_connection_call_default_cb (source=0x5569977480c0 [GDBusConnection], res=<optimized out>, user_data=user_data@entry=0x556997855d50)
at shared/nm-glib-aux/nm-dbus-aux.c:74
#15 0x00007f2acf339e4a in g_task_return_now (task=task@entry=0x7f2ab4003f00 [GTask]) at ../gio/gtask.c:1214
#16 0x00007f2acf33aa3d in g_task_return (task=0x7f2ab4003f00 [GTask], type=<optimized out>) at ../gio/gtask.c:1283
#17 0x00007f2acf33b4fe in g_task_return (type=G_TASK_RETURN_ERROR, task=<optimized out>) at ../gio/gtask.c:1861
#18 g_task_return_error (task=<optimized out>, error=<optimized out>) at ../gio/gtask.c:1867
#19 0x0000556997893f40 in ()
#20 0x3a85d39adfae7f00 in ()
#21 0x00007f2ab4003cc0 in ()
#22 0x00007f2acf396460 in g_dbus_connection_call_done () at ../gio/gdbusconnection.c:2059
#23 0x00007f2ab4003f00 in ()
#24 0x0000000000000086 in ()
#25 0x0000000000000018 in ()
#26 0x00007f2acf339e4a in g_task_return_now (task=0x7f2ab4003f00 [GTask], task@entry=0x7f2ab4003cc0 [GTask]) at ../gio/gtask.c:1214
#27 0x00007f2acf33aa3d in g_task_return (task=0x7f2ab4003cc0 [GTask], type=<optimized out>) at ../gio/gtask.c:1283
#28 0x00007f2acf33b4fe in g_task_return (type=G_TASK_RETURN_ERROR, task=<optimized out>) at ../gio/gtask.c:1861
#29 g_task_return_error (task=<optimized out>, error=<optimized out>) at ../gio/gtask.c:1867
#30 0x0000003000000028 in ()
#31 0x00007ffd9c108290 in ()
Fixes: b83f07916a54 ('supplicant: large rework of wpa_supplicant handling')
(cherry picked from commit 4d878d7012cd9dc031682ef5e5b025081427325b)
(cherry picked from commit 029d07b019ea6532fbf6f8db03efb648f0931625)
---
src/devices/wifi/nm-device-wifi.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/devices/wifi/nm-device-wifi.c b/src/devices/wifi/nm-device-wifi.c
index 2d97f9b117a2..2a3428861737 100644
--- a/src/devices/wifi/nm-device-wifi.c
+++ b/src/devices/wifi/nm-device-wifi.c
@@ -1937,6 +1937,13 @@ supplicant_iface_bss_changed_cb (NMSupplicantInterface *iface,
} else {
gs_unref_object NMWifiAP *ap = NULL;
+ if (!bss_info->bssid_valid) {
+ /* We failed to initialize the info about the AP. This can
+ * happen due to an error in the D-Bus communication. In this case
+ * we ignore the info. */
+ return;
+ }
+
ap = nm_wifi_ap_new_from_properties (bss_info);
/* Let the manager try to fill in the SSID from seen-bssids lists */
--
2.26.2

32
SOURCES/1009-cloud-setup-fix-allocating-buffer-for-GetConfigMetad-rh1866395.patch Normal file
View File

@ -0,0 +1,32 @@
From e8e245f0ce414bbe9b8ef6c13404b73b12dd34ad Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Mon, 29 Jun 2020 09:52:18 +0200
Subject: [PATCH 1/1] cloud-setup: fix allocating buffer for
GetConfigMetadataMac in _get_config_metadata_ready_check()
It's not a severe issue, because the GetConfigMetadataData struct is
larger than GetConfigMetadataMac.
Fixes: 69f048bf0ca3 ('cloud-setup: add tool for automatic IP configuration in cloud')
(cherry picked from commit 460afe6d502f2a8f158739c176302fd7fa072913)
(cherry picked from commit 181fd5c611e070c0563ec2659c8642ffe567e738)
---
clients/cloud-setup/nmcs-provider-ec2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/clients/cloud-setup/nmcs-provider-ec2.c b/clients/cloud-setup/nmcs-provider-ec2.c
index c8db31f97f67..3b5f6d36a82e 100644
--- a/clients/cloud-setup/nmcs-provider-ec2.c
+++ b/clients/cloud-setup/nmcs-provider-ec2.c
@@ -487,7 +487,7 @@ _get_config_metadata_ready_check (long response_code,
if (!response_parsed)
response_parsed = g_hash_table_new_full (nm_str_hash, g_str_equal, g_free, g_free);
- mac_data = g_malloc (sizeof (GetConfigMetadataData) + 1 + p_start_l);
+ mac_data = g_malloc (sizeof (GetConfigMetadataMac) + 1 + p_start_l);
mac_data->iface_idx = iface_idx_counter++;
memcpy (mac_data->path, p_start, p_start_l);
mac_data->path[p_start_l] = '\0';
--
2.26.2

42
SOURCES/1010-shared-extend-NM_IN_STRSET-and-NM_IN_SET-rh1847814.patch Normal file
View File

@ -0,0 +1,42 @@
From 4468cfce13bdbc0ac865ee59722ed0e4f1b537a1 Mon Sep 17 00:00:00 2001
From: Antonio Cardace <acardace@redhat.com>
Date: Tue, 4 Aug 2020 18:36:39 +0200
Subject: [PATCH] shared: extend NM_IN_STRSET and NM_IN_SET to support up to 20
args
https://bugzilla.redhat.com/show_bug.cgi?id=1847814
(cherry picked from commit 2e70391033b5b3414491edcd8656499512342619)
(cherry picked from commit 908d1f6cb79739f3307bfcfd64b338e215f9e4a6)
---
shared/nm-glib-aux/nm-macros-internal.h | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/shared/nm-glib-aux/nm-macros-internal.h b/shared/nm-glib-aux/nm-macros-internal.h
index f56ed8569..15bcd7e58 100644
--- a/shared/nm-glib-aux/nm-macros-internal.h
+++ b/shared/nm-glib-aux/nm-macros-internal.h
@@ -732,6 +732,10 @@ NM_G_ERROR_MSG (GError *error)
#define _NM_IN_SET_EVAL_14(op, _x, y, ...) (_x == (y)) op _NM_IN_SET_EVAL_13 (op, _x, __VA_ARGS__)
#define _NM_IN_SET_EVAL_15(op, _x, y, ...) (_x == (y)) op _NM_IN_SET_EVAL_14 (op, _x, __VA_ARGS__)
#define _NM_IN_SET_EVAL_16(op, _x, y, ...) (_x == (y)) op _NM_IN_SET_EVAL_15 (op, _x, __VA_ARGS__)
+#define _NM_IN_SET_EVAL_17(op, _x, y, ...) (_x == (y)) op _NM_IN_SET_EVAL_16 (op, _x, __VA_ARGS__)
+#define _NM_IN_SET_EVAL_18(op, _x, y, ...) (_x == (y)) op _NM_IN_SET_EVAL_17 (op, _x, __VA_ARGS__)
+#define _NM_IN_SET_EVAL_19(op, _x, y, ...) (_x == (y)) op _NM_IN_SET_EVAL_18 (op, _x, __VA_ARGS__)
+#define _NM_IN_SET_EVAL_20(op, _x, y, ...) (_x == (y)) op _NM_IN_SET_EVAL_19 (op, _x, __VA_ARGS__)
#define _NM_IN_SET_EVAL_N2(op, _x, n, ...) (_NM_IN_SET_EVAL_##n(op, _x, __VA_ARGS__))
#define _NM_IN_SET_EVAL_N(op, type, x, n, ...) \
@@ -798,6 +802,10 @@ _NM_IN_STRSET_streq (const char *x, const char *s)
#define _NM_IN_STRSET_EVAL_14(op, _x, y, ...) _NM_IN_STRSET_streq (_x, y) op _NM_IN_STRSET_EVAL_13 (op, _x, __VA_ARGS__)
#define _NM_IN_STRSET_EVAL_15(op, _x, y, ...) _NM_IN_STRSET_streq (_x, y) op _NM_IN_STRSET_EVAL_14 (op, _x, __VA_ARGS__)
#define _NM_IN_STRSET_EVAL_16(op, _x, y, ...) _NM_IN_STRSET_streq (_x, y) op _NM_IN_STRSET_EVAL_15 (op, _x, __VA_ARGS__)
+#define _NM_IN_STRSET_EVAL_17(op, _x, y, ...) _NM_IN_STRSET_streq (_x, y) op _NM_IN_STRSET_EVAL_16 (op, _x, __VA_ARGS__)
+#define _NM_IN_STRSET_EVAL_18(op, _x, y, ...) _NM_IN_STRSET_streq (_x, y) op _NM_IN_STRSET_EVAL_17 (op, _x, __VA_ARGS__)
+#define _NM_IN_STRSET_EVAL_19(op, _x, y, ...) _NM_IN_STRSET_streq (_x, y) op _NM_IN_STRSET_EVAL_18 (op, _x, __VA_ARGS__)
+#define _NM_IN_STRSET_EVAL_20(op, _x, y, ...) _NM_IN_STRSET_streq (_x, y) op _NM_IN_STRSET_EVAL_19 (op, _x, __VA_ARGS__)
#define _NM_IN_STRSET_EVAL_N2(op, _x, n, ...) (_NM_IN_STRSET_EVAL_##n(op, _x, __VA_ARGS__))
#define _NM_IN_STRSET_EVAL_N(op, x, n, ...) \
--
2.26.2

88
SOURCES/1011-bond-fix-can_reapply_change-rh1847814.patch Normal file
View File

@ -0,0 +1,88 @@
From 957e8465acdb9aaca0fbc797ac6df1efc2270f57 Mon Sep 17 00:00:00 2001
From: Antonio Cardace <acardace@redhat.com>
Date: Tue, 4 Aug 2020 18:19:47 +0200
Subject: [PATCH] bond: fix can_reapply_change() false positives
can_reapply_change() would wrongly return true for
unsupported reapply values because it used 'nm_setting_bond_get_option_default()'
that is ill-named because it returns the overriden option other than
its default value.
https://bugzilla.redhat.com/show_bug.cgi?id=1847814
Fixes: 9bd07336ef16 ('bond: bond options logic rework')
(cherry picked from commit 04d6ca1fb8bdbfffd70a257424f9e8c29fcb8037)
(cherry picked from commit 63b5274dda0c52148ec8e8ca41e94e47b1e7d653)
---
src/devices/nm-device-bond.c | 31 +++++++------------------------
1 file changed, 7 insertions(+), 24 deletions(-)
diff --git a/src/devices/nm-device-bond.c b/src/devices/nm-device-bond.c
index e36eba61b..164f6aaa7 100644
--- a/src/devices/nm-device-bond.c
+++ b/src/devices/nm-device-bond.c
@@ -516,14 +516,12 @@ create_and_realize (NMDevice *device,
static gboolean
check_changed_options (NMSettingBond *s_a, NMSettingBond *s_b, GError **error)
{
- guint i, num;
- const char *name = NULL, *value_a = NULL, *value_b = NULL;
+ const char **option_list;
- /* Check that options in @s_a have compatible changes in @s_b */
+ option_list = nm_setting_bond_get_valid_options (NULL);
- num = nm_setting_bond_get_num_options (s_a);
- for (i = 0; i < num; i++) {
- nm_setting_bond_get_option (s_a, i, &name, &value_a);
+ for (; *option_list; ++option_list) {
+ const char *name = *option_list;
/* We support changes to these */
if (NM_IN_STRSET (name,
@@ -532,15 +530,9 @@ check_changed_options (NMSettingBond *s_a, NMSettingBond *s_b, GError **error)
continue;
}
- /* Missing in @s_b, but has a default value in @s_a */
- value_b = nm_setting_bond_get_option_by_name (s_b, name);
- if ( !value_b
- && nm_streq0 (value_a, nm_setting_bond_get_option_default (s_a, name))) {
- continue;
- }
-
/* Reject any other changes */
- if (!nm_streq0 (value_a, value_b)) {
+ if (!nm_streq0 (nm_setting_bond_get_option_normalized (s_a, name),
+ nm_setting_bond_get_option_normalized (s_b, name))) {
g_set_error (error,
NM_DEVICE_ERROR,
NM_DEVICE_ERROR_INCOMPATIBLE_CONNECTION,
@@ -562,7 +554,6 @@ can_reapply_change (NMDevice *device,
GError **error)
{
NMDeviceClass *device_class;
- NMSettingBond *s_bond_old, *s_bond_new;
/* Only handle bond setting here, delegate other settings to parent class */
if (nm_streq (setting_name, NM_SETTING_BOND_SETTING_NAME)) {
@@ -572,15 +563,7 @@ can_reapply_change (NMDevice *device,
NM_SETTING_BOND_OPTIONS))
return FALSE;
- s_bond_old = NM_SETTING_BOND (s_old);
- s_bond_new = NM_SETTING_BOND (s_new);
-
- if ( !check_changed_options (s_bond_old, s_bond_new, error)
- || !check_changed_options (s_bond_new, s_bond_old, error)) {
- return FALSE;
- }
-
- return TRUE;
+ return check_changed_options (NM_SETTING_BOND (s_old), NM_SETTING_BOND (s_new), error);
}
device_class = NM_DEVICE_CLASS (nm_device_bond_parent_class);
--
2.26.2

216
SOURCES/1012-bond-let-reapply-reapply-rh1847814.patch Normal file
View File

@ -0,0 +1,216 @@
From ff509fd95afb6f5d183eeafcc1ef467d8102181f Mon Sep 17 00:00:00 2001
From: Antonio Cardace <acardace@redhat.com>
Date: Tue, 4 Aug 2020 17:49:04 +0200
Subject: [PATCH] bond: let 'reapply()' reapply all supported options
Reapply now handles all the options supported by kernel and NM, meaning
that some options are simply not allowed to be set while keeping the
bond up, one of those options is the mode for instance.
https://bugzilla.redhat.com/show_bug.cgi?id=1847814
(cherry picked from commit 746dc119a6bceb6a08b4dc9f3798d0b59a4b8575)
(cherry picked from commit 88a399637a5279f43fd8fc7c511547fa1d179295)
---
src/devices/nm-device-bond.c | 141 +++++++++++++++++++++++++----------
1 file changed, 101 insertions(+), 40 deletions(-)
diff --git a/src/devices/nm-device-bond.c b/src/devices/nm-device-bond.c
index 164f6aaa7..71332ba39 100644
--- a/src/devices/nm-device-bond.c
+++ b/src/devices/nm-device-bond.c
@@ -183,7 +183,6 @@ master_update_slave_connection (NMDevice *self,
static void
set_arp_targets (NMDevice *device,
- NMBondMode mode,
const char *cur_arp_ip_target,
const char *new_arp_ip_target)
{
@@ -296,15 +295,39 @@ set_bond_attr_active_slave (NMDevice *device, NMSettingBond *s_bond)
_set_bond_attr (device, NM_SETTING_BOND_OPTION_ACTIVE_SLAVE, value);
}
+static void
+set_bond_attrs_or_default (NMDevice *device, NMSettingBond *s_bond, const char *const *attr_v)
+{
+ nm_assert (NM_IS_DEVICE (device));
+ nm_assert (s_bond);
+ nm_assert (attr_v);
+
+ for ( ; *attr_v ; ++attr_v)
+ set_bond_attr_or_default (device, s_bond, *attr_v);
+}
+
+static void
+set_bond_arp_ip_targets (NMDevice *device, NMSettingBond *s_bond)
+{
+ int ifindex = nm_device_get_ifindex (device);
+ gs_free char *cur_arp_ip_target = NULL;
+
+ /* ARP targets: clear and initialize the list */
+ cur_arp_ip_target = nm_platform_sysctl_master_get_option (nm_device_get_platform (device),
+ ifindex,
+ NM_SETTING_BOND_OPTION_ARP_IP_TARGET);
+ set_arp_targets (device,
+ cur_arp_ip_target,
+ nm_setting_bond_get_option_or_default (s_bond, NM_SETTING_BOND_OPTION_ARP_IP_TARGET));
+}
+
static gboolean
apply_bonding_config (NMDeviceBond *self)
{
NMDevice *device = NM_DEVICE (self);
- int ifindex = nm_device_get_ifindex (device);
NMSettingBond *s_bond;
NMBondMode mode;
const char *mode_str;
- gs_free char *cur_arp_ip_target = NULL;
s_bond = nm_device_get_applied_setting (device, NM_TYPE_SETTING_BOND);
g_return_val_if_fail (s_bond, FALSE);
@@ -318,40 +341,34 @@ apply_bonding_config (NMDeviceBond *self)
*/
set_bond_attr_or_default (device, s_bond, NM_SETTING_BOND_OPTION_MODE);
- set_bond_attr_or_default (device, s_bond, NM_SETTING_BOND_OPTION_MIIMON);
- set_bond_attr_or_default (device, s_bond, NM_SETTING_BOND_OPTION_UPDELAY);
- set_bond_attr_or_default (device, s_bond, NM_SETTING_BOND_OPTION_DOWNDELAY);
- set_bond_attr_or_default (device, s_bond, NM_SETTING_BOND_OPTION_ARP_INTERVAL);
- set_bond_attr_or_default (device, s_bond, NM_SETTING_BOND_OPTION_ARP_VALIDATE);
- set_bond_attr_or_default (device, s_bond, NM_SETTING_BOND_OPTION_PRIMARY);
-
- /* ARP targets: clear and initialize the list */
- cur_arp_ip_target = nm_platform_sysctl_master_get_option (nm_device_get_platform (device),
- ifindex,
- NM_SETTING_BOND_OPTION_ARP_IP_TARGET);
- set_arp_targets (device,
- mode,
- cur_arp_ip_target,
- nm_setting_bond_get_option_or_default (s_bond, NM_SETTING_BOND_OPTION_ARP_IP_TARGET));
-
- set_bond_attr_or_default (device, s_bond, NM_SETTING_BOND_OPTION_AD_ACTOR_SYSTEM);
+ set_bond_arp_ip_targets (device, s_bond);
set_bond_attr_active_slave (device, s_bond);
- set_bond_attr_or_default (device, s_bond, NM_SETTING_BOND_OPTION_AD_ACTOR_SYS_PRIO);
- set_bond_attr_or_default (device, s_bond, NM_SETTING_BOND_OPTION_AD_SELECT);
- set_bond_attr_or_default (device, s_bond, NM_SETTING_BOND_OPTION_AD_USER_PORT_KEY);
- set_bond_attr_or_default (device, s_bond, NM_SETTING_BOND_OPTION_ALL_SLAVES_ACTIVE);
- set_bond_attr_or_default (device, s_bond, NM_SETTING_BOND_OPTION_ARP_ALL_TARGETS);
- set_bond_attr_or_default (device, s_bond, NM_SETTING_BOND_OPTION_FAIL_OVER_MAC);
- set_bond_attr_or_default (device, s_bond, NM_SETTING_BOND_OPTION_LACP_RATE);
- set_bond_attr_or_default (device, s_bond, NM_SETTING_BOND_OPTION_LP_INTERVAL);
- set_bond_attr_or_default (device, s_bond, NM_SETTING_BOND_OPTION_MIN_LINKS);
- set_bond_attr_or_default (device, s_bond, NM_SETTING_BOND_OPTION_PACKETS_PER_SLAVE);
- set_bond_attr_or_default (device, s_bond, NM_SETTING_BOND_OPTION_PRIMARY_RESELECT);
- set_bond_attr_or_default (device, s_bond, NM_SETTING_BOND_OPTION_RESEND_IGMP);
- set_bond_attr_or_default (device, s_bond, NM_SETTING_BOND_OPTION_TLB_DYNAMIC_LB);
- set_bond_attr_or_default (device, s_bond, NM_SETTING_BOND_OPTION_USE_CARRIER);
- set_bond_attr_or_default (device, s_bond, NM_SETTING_BOND_OPTION_XMIT_HASH_POLICY);
- set_bond_attr_or_default (device, s_bond, NM_SETTING_BOND_OPTION_NUM_GRAT_ARP);
+
+ set_bond_attrs_or_default (device,
+ s_bond,
+ NM_MAKE_STRV (NM_SETTING_BOND_OPTION_MIIMON,
+ NM_SETTING_BOND_OPTION_UPDELAY,
+ NM_SETTING_BOND_OPTION_DOWNDELAY,
+ NM_SETTING_BOND_OPTION_ARP_INTERVAL,
+ NM_SETTING_BOND_OPTION_ARP_VALIDATE,
+ NM_SETTING_BOND_OPTION_PRIMARY,
+ NM_SETTING_BOND_OPTION_AD_ACTOR_SYSTEM,
+ NM_SETTING_BOND_OPTION_AD_ACTOR_SYS_PRIO,
+ NM_SETTING_BOND_OPTION_AD_SELECT,
+ NM_SETTING_BOND_OPTION_AD_USER_PORT_KEY,
+ NM_SETTING_BOND_OPTION_ALL_SLAVES_ACTIVE,
+ NM_SETTING_BOND_OPTION_ARP_ALL_TARGETS,
+ NM_SETTING_BOND_OPTION_FAIL_OVER_MAC,
+ NM_SETTING_BOND_OPTION_LACP_RATE,
+ NM_SETTING_BOND_OPTION_LP_INTERVAL,
+ NM_SETTING_BOND_OPTION_MIN_LINKS,
+ NM_SETTING_BOND_OPTION_PACKETS_PER_SLAVE,
+ NM_SETTING_BOND_OPTION_PRIMARY_RESELECT,
+ NM_SETTING_BOND_OPTION_RESEND_IGMP,
+ NM_SETTING_BOND_OPTION_TLB_DYNAMIC_LB,
+ NM_SETTING_BOND_OPTION_USE_CARRIER,
+ NM_SETTING_BOND_OPTION_XMIT_HASH_POLICY,
+ NM_SETTING_BOND_OPTION_NUM_GRAT_ARP));
return TRUE;
}
@@ -525,8 +542,26 @@ check_changed_options (NMSettingBond *s_a, NMSettingBond *s_b, GError **error)
/* We support changes to these */
if (NM_IN_STRSET (name,
- NM_SETTING_BOND_OPTION_ACTIVE_SLAVE,
- NM_SETTING_BOND_OPTION_PRIMARY)) {
+ NM_SETTING_BOND_OPTION_PRIMARY,
+ NM_SETTING_BOND_OPTION_MIIMON,
+ NM_SETTING_BOND_OPTION_UPDELAY,
+ NM_SETTING_BOND_OPTION_DOWNDELAY,
+ NM_SETTING_BOND_OPTION_ARP_INTERVAL,
+ NM_SETTING_BOND_OPTION_ARP_VALIDATE,
+ NM_SETTING_BOND_OPTION_PRIMARY,
+ NM_SETTING_BOND_OPTION_AD_ACTOR_SYSTEM,
+ NM_SETTING_BOND_OPTION_AD_ACTOR_SYS_PRIO,
+ NM_SETTING_BOND_OPTION_ALL_SLAVES_ACTIVE,
+ NM_SETTING_BOND_OPTION_ARP_ALL_TARGETS,
+ NM_SETTING_BOND_OPTION_FAIL_OVER_MAC,
+ NM_SETTING_BOND_OPTION_LP_INTERVAL,
+ NM_SETTING_BOND_OPTION_MIN_LINKS,
+ NM_SETTING_BOND_OPTION_PACKETS_PER_SLAVE,
+ NM_SETTING_BOND_OPTION_PRIMARY_RESELECT,
+ NM_SETTING_BOND_OPTION_RESEND_IGMP,
+ NM_SETTING_BOND_OPTION_USE_CARRIER,
+ NM_SETTING_BOND_OPTION_XMIT_HASH_POLICY,
+ NM_SETTING_BOND_OPTION_NUM_GRAT_ARP)) {
continue;
}
@@ -579,8 +614,8 @@ static void
reapply_connection (NMDevice *device, NMConnection *con_old, NMConnection *con_new)
{
NMDeviceBond *self = NM_DEVICE_BOND (device);
- const char *value;
NMSettingBond *s_bond;
+ const char *value;
NMBondMode mode;
NM_DEVICE_CLASS (nm_device_bond_parent_class)->reapply_connection (device,
@@ -595,8 +630,34 @@ reapply_connection (NMDevice *device, NMConnection *con_old, NMConnection *con_n
mode = _nm_setting_bond_mode_from_string (value);
g_return_if_fail (mode != NM_BOND_MODE_UNKNOWN);
- set_bond_attr_or_default (device, s_bond, NM_SETTING_BOND_OPTION_PRIMARY);
+ /* Below we set only the bond options that kernel allows to modify
+ * while keeping the bond interface up */
+
set_bond_attr_active_slave (device, s_bond);
+ set_bond_arp_ip_targets (device, s_bond);
+
+ set_bond_attrs_or_default (device,
+ s_bond,
+ NM_MAKE_STRV (NM_SETTING_BOND_OPTION_PRIMARY,
+ NM_SETTING_BOND_OPTION_MIIMON,
+ NM_SETTING_BOND_OPTION_UPDELAY,
+ NM_SETTING_BOND_OPTION_DOWNDELAY,
+ NM_SETTING_BOND_OPTION_ARP_INTERVAL,
+ NM_SETTING_BOND_OPTION_ARP_VALIDATE,
+ NM_SETTING_BOND_OPTION_PRIMARY,
+ NM_SETTING_BOND_OPTION_AD_ACTOR_SYSTEM,
+ NM_SETTING_BOND_OPTION_AD_ACTOR_SYS_PRIO,
+ NM_SETTING_BOND_OPTION_ALL_SLAVES_ACTIVE,
+ NM_SETTING_BOND_OPTION_ARP_ALL_TARGETS,
+ NM_SETTING_BOND_OPTION_FAIL_OVER_MAC,
+ NM_SETTING_BOND_OPTION_LP_INTERVAL,
+ NM_SETTING_BOND_OPTION_MIN_LINKS,
+ NM_SETTING_BOND_OPTION_PACKETS_PER_SLAVE,
+ NM_SETTING_BOND_OPTION_PRIMARY_RESELECT,
+ NM_SETTING_BOND_OPTION_RESEND_IGMP,
+ NM_SETTING_BOND_OPTION_USE_CARRIER,
+ NM_SETTING_BOND_OPTION_XMIT_HASH_POLICY,
+ NM_SETTING_BOND_OPTION_NUM_GRAT_ARP));
}
/*****************************************************************************/
--
2.26.2

444
SOURCES/1013-dhcp6-hostname-rh1858344.patch Normal file
View File

@ -0,0 +1,444 @@
From 40422ede3f44f4018377a81db1056fb3439107b2 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Wed, 22 Jul 2020 05:03:47 +0200
Subject: [PATCH 1/4] systemd: dhcp6: remove assertions in
dhcp6_option_parse_domainname()
Assertions are for programming errors; here the input comes directly
from the DHCP response packet.
https://github.com/systemd/systemd/commit/af710b535b4ceacd0aecec6748a4f8ee57742e99
(cherry picked from commit e2248143af0d4ec61e571c4f358d5d7f1044289c)
---
src/systemd/src/libsystemd-network/dhcp6-option.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/systemd/src/libsystemd-network/dhcp6-option.c b/src/systemd/src/libsystemd-network/dhcp6-option.c
index d596752b3b91..717fcdffb815 100644
--- a/src/systemd/src/libsystemd-network/dhcp6-option.c
+++ b/src/systemd/src/libsystemd-network/dhcp6-option.c
@@ -649,8 +649,10 @@ int dhcp6_option_parse_domainname(const uint8_t *optval, uint16_t optlen, char *
_cleanup_strv_free_ char **names = NULL;
int r;
- assert_return(optlen > 1, -ENODATA);
- assert_return(optval[optlen - 1] == '\0', -EINVAL);
+ if (optlen <= 1)
+ return -ENODATA;
+ if (optval[optlen - 1] != '\0')
+ return -EINVAL;
while (pos < optlen) {
_cleanup_free_ char *ret = NULL;
--
2.26.2
From ab72f05d16d641bccaa1b4870bfb91c03661f1c5 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Thu, 6 Aug 2020 10:49:07 +0200
Subject: [PATCH 2/4] systemd: dhcp6: parse the FQDN option
Parse option 39 (Client Fully Qualified Domain Name, RFC 4704) from the DHCP
reply, which specifies the FQDN assigned by the server to the client.
https://github.com/systemd/systemd/commit/c43eea9f2effbb066901a61eafef473558d37b0f
(cherry picked from commit 813fb7d64ee4cb0f935a3a15b9f5b8f5771655da)
---
.../src/libsystemd-network/dhcp6-internal.h | 5 +-
.../libsystemd-network/dhcp6-lease-internal.h | 2 +
.../src/libsystemd-network/dhcp6-option.c | 118 ++++++++++++------
.../src/libsystemd-network/sd-dhcp6-client.c | 7 ++
.../src/libsystemd-network/sd-dhcp6-lease.c | 39 +++++-
src/systemd/src/systemd/sd-dhcp6-lease.h | 1 +
6 files changed, 129 insertions(+), 43 deletions(-)
diff --git a/src/systemd/src/libsystemd-network/dhcp6-internal.h b/src/systemd/src/libsystemd-network/dhcp6-internal.h
index b0d1216eed84..068dcade0583 100644
--- a/src/systemd/src/libsystemd-network/dhcp6-internal.h
+++ b/src/systemd/src/libsystemd-network/dhcp6-internal.h
@@ -109,8 +109,9 @@ int dhcp6_option_parse_ia(DHCP6Option *iaoption, DHCP6IA *ia, uint16_t *ret_stat
int dhcp6_option_parse_ip6addrs(uint8_t *optval, uint16_t optlen,
struct in6_addr **addrs, size_t count,
size_t *allocated);
-int dhcp6_option_parse_domainname(const uint8_t *optval, uint16_t optlen,
- char ***str_arr);
+int dhcp6_option_parse_domainname_list(const uint8_t *optval, uint16_t optlen,
+ char ***str_arr);
+int dhcp6_option_parse_domainname(const uint8_t *optval, uint16_t optlen, char **str);
int dhcp6_network_bind_udp_socket(int index, struct in6_addr *address);
int dhcp6_network_send_udp_socket(int s, struct in6_addr *address,
diff --git a/src/systemd/src/libsystemd-network/dhcp6-lease-internal.h b/src/systemd/src/libsystemd-network/dhcp6-lease-internal.h
index e004f48b4e24..df6c95e0b360 100644
--- a/src/systemd/src/libsystemd-network/dhcp6-lease-internal.h
+++ b/src/systemd/src/libsystemd-network/dhcp6-lease-internal.h
@@ -35,6 +35,7 @@ struct sd_dhcp6_lease {
size_t ntp_allocated;
char **ntp_fqdn;
size_t ntp_fqdn_count;
+ char *fqdn;
};
int dhcp6_lease_ia_rebind_expire(const DHCP6IA *ia, uint32_t *expire);
@@ -57,5 +58,6 @@ int dhcp6_lease_set_domains(sd_dhcp6_lease *lease, uint8_t *optval,
int dhcp6_lease_set_ntp(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen);
int dhcp6_lease_set_sntp(sd_dhcp6_lease *lease, uint8_t *optval,
size_t optlen) ;
+int dhcp6_lease_set_fqdn(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen);
int dhcp6_lease_new(sd_dhcp6_lease **ret);
diff --git a/src/systemd/src/libsystemd-network/dhcp6-option.c b/src/systemd/src/libsystemd-network/dhcp6-option.c
index 717fcdffb815..a6dad9340643 100644
--- a/src/systemd/src/libsystemd-network/dhcp6-option.c
+++ b/src/systemd/src/libsystemd-network/dhcp6-option.c
@@ -644,61 +644,103 @@ int dhcp6_option_parse_ip6addrs(uint8_t *optval, uint16_t optlen,
return count;
}
-int dhcp6_option_parse_domainname(const uint8_t *optval, uint16_t optlen, char ***str_arr) {
- size_t pos = 0, idx = 0;
- _cleanup_strv_free_ char **names = NULL;
+static int parse_domain(const uint8_t **data, uint16_t *len, char **out_domain) {
+ _cleanup_free_ char *ret = NULL;
+ size_t n = 0, allocated = 0;
+ const uint8_t *optval = *data;
+ uint16_t optlen = *len;
+ bool first = true;
int r;
if (optlen <= 1)
return -ENODATA;
- if (optval[optlen - 1] != '\0')
- return -EINVAL;
- while (pos < optlen) {
- _cleanup_free_ char *ret = NULL;
- size_t n = 0, allocated = 0;
- bool first = true;
-
- for (;;) {
- const char *label;
- uint8_t c;
+ for (;;) {
+ const char *label;
+ uint8_t c;
- c = optval[pos++];
+ if (optlen == 0)
+ break;
- if (c == 0)
- /* End of name */
- break;
- if (c > 63)
- return -EBADMSG;
+ c = *optval;
+ optval++;
+ optlen--;
- /* Literal label */
- label = (const char *)&optval[pos];
- pos += c;
- if (pos >= optlen)
- return -EMSGSIZE;
+ if (c == 0)
+ /* End label */
+ break;
+ if (c > 63)
+ return -EBADMSG;
+ if (c > optlen)
+ return -EMSGSIZE;
- if (!GREEDY_REALLOC(ret, allocated, n + !first + DNS_LABEL_ESCAPED_MAX))
- return -ENOMEM;
+ /* Literal label */
+ label = (const char *)optval;
+ optval += c;
+ optlen -= c;
- if (first)
- first = false;
- else
- ret[n++] = '.';
+ if (!GREEDY_REALLOC(ret, allocated, n + !first + DNS_LABEL_ESCAPED_MAX))
+ return -ENOMEM;
- r = dns_label_escape(label, c, ret + n, DNS_LABEL_ESCAPED_MAX);
- if (r < 0)
- return r;
+ if (first)
+ first = false;
+ else
+ ret[n++] = '.';
- n += r;
- }
+ r = dns_label_escape(label, c, ret + n, DNS_LABEL_ESCAPED_MAX);
+ if (r < 0)
+ return r;
- if (n == 0)
- continue;
+ n += r;
+ }
+ if (n) {
if (!GREEDY_REALLOC(ret, allocated, n + 1))
return -ENOMEM;
-
ret[n] = 0;
+ }
+
+ *out_domain = TAKE_PTR(ret);
+ *data = optval;
+ *len = optlen;
+
+ return n;
+}
+
+int dhcp6_option_parse_domainname(const uint8_t *optval, uint16_t optlen, char **str) {
+ _cleanup_free_ char *domain = NULL;
+ int r;
+
+ r = parse_domain(&optval, &optlen, &domain);
+ if (r < 0)
+ return r;
+ if (r == 0)
+ return -ENODATA;
+ if (optlen != 0)
+ return -EINVAL;
+
+ *str = TAKE_PTR(domain);
+ return 0;
+}
+
+int dhcp6_option_parse_domainname_list(const uint8_t *optval, uint16_t optlen, char ***str_arr) {
+ size_t idx = 0;
+ _cleanup_strv_free_ char **names = NULL;
+ int r;
+
+ if (optlen <= 1)
+ return -ENODATA;
+ if (optval[optlen - 1] != '\0')
+ return -EINVAL;
+
+ while (optlen > 0) {
+ _cleanup_free_ char *ret = NULL;
+
+ r = parse_domain(&optval, &optlen, &ret);
+ if (r < 0)
+ return r;
+ if (r == 0)
+ continue;
r = strv_extend(&names, ret);
if (r < 0)
diff --git a/src/systemd/src/libsystemd-network/sd-dhcp6-client.c b/src/systemd/src/libsystemd-network/sd-dhcp6-client.c
index d653b2571c00..b80e4e5406d9 100644
--- a/src/systemd/src/libsystemd-network/sd-dhcp6-client.c
+++ b/src/systemd/src/libsystemd-network/sd-dhcp6-client.c
@@ -1288,6 +1288,13 @@ static int client_parse_message(
break;
+ case SD_DHCP6_OPTION_FQDN:
+ r = dhcp6_lease_set_fqdn(lease, optval, optlen);
+ if (r < 0)
+ return r;
+
+ break;
+
case SD_DHCP6_OPTION_INFORMATION_REFRESH_TIME:
if (optlen != 4)
return -EINVAL;
diff --git a/src/systemd/src/libsystemd-network/sd-dhcp6-lease.c b/src/systemd/src/libsystemd-network/sd-dhcp6-lease.c
index b6dc02791504..5f5a7fe616fa 100644
--- a/src/systemd/src/libsystemd-network/sd-dhcp6-lease.c
+++ b/src/systemd/src/libsystemd-network/sd-dhcp6-lease.c
@@ -238,7 +238,7 @@ int dhcp6_lease_set_domains(sd_dhcp6_lease *lease, uint8_t *optval,
if (!optlen)
return 0;
- r = dhcp6_option_parse_domainname(optval, optlen, &domains);
+ r = dhcp6_option_parse_domainname_list(optval, optlen, &domains);
if (r < 0)
return 0;
@@ -296,8 +296,8 @@ int dhcp6_lease_set_ntp(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen) {
break;
case DHCP6_NTP_SUBOPTION_SRV_FQDN:
- r = dhcp6_option_parse_domainname(subval, sublen,
- &servers);
+ r = dhcp6_option_parse_domainname_list(subval, sublen,
+ &servers);
if (r < 0)
return 0;
@@ -367,6 +367,38 @@ int sd_dhcp6_lease_get_ntp_fqdn(sd_dhcp6_lease *lease, char ***ntp_fqdn) {
return -ENOENT;
}
+int dhcp6_lease_set_fqdn(sd_dhcp6_lease *lease, const uint8_t *optval,
+ size_t optlen) {
+ int r;
+ char *fqdn;
+
+ assert_return(lease, -EINVAL);
+ assert_return(optval, -EINVAL);
+
+ if (optlen < 2)
+ return -ENODATA;
+
+ /* Ignore the flags field, it doesn't carry any useful
+ information for clients. */
+ r = dhcp6_option_parse_domainname(optval + 1, optlen - 1, &fqdn);
+ if (r < 0)
+ return r;
+
+ return free_and_replace(lease->fqdn, fqdn);
+}
+
+int sd_dhcp6_lease_get_fqdn(sd_dhcp6_lease *lease, const char **fqdn) {
+ assert_return(lease, -EINVAL);
+ assert_return(fqdn, -EINVAL);
+
+ if (lease->fqdn) {
+ *fqdn = lease->fqdn;
+ return 0;
+ }
+
+ return -ENOENT;
+}
+
static sd_dhcp6_lease *dhcp6_lease_free(sd_dhcp6_lease *lease) {
assert(lease);
@@ -375,6 +407,7 @@ static sd_dhcp6_lease *dhcp6_lease_free(sd_dhcp6_lease *lease) {
dhcp6_lease_free_ia(&lease->pd);
free(lease->dns);
+ free(lease->fqdn);
lease->domains = strv_free(lease->domains);
diff --git a/src/systemd/src/systemd/sd-dhcp6-lease.h b/src/systemd/src/systemd/sd-dhcp6-lease.h
index 4301c6db878b..240df74af8c5 100644
--- a/src/systemd/src/systemd/sd-dhcp6-lease.h
+++ b/src/systemd/src/systemd/sd-dhcp6-lease.h
@@ -43,6 +43,7 @@ int sd_dhcp6_lease_get_dns(sd_dhcp6_lease *lease, const struct in6_addr **addrs)
int sd_dhcp6_lease_get_domains(sd_dhcp6_lease *lease, char ***domains);
int sd_dhcp6_lease_get_ntp_addrs(sd_dhcp6_lease *lease, const struct in6_addr **addrs);
int sd_dhcp6_lease_get_ntp_fqdn(sd_dhcp6_lease *lease, char ***ntp_fqdn);
+int sd_dhcp6_lease_get_fqdn(sd_dhcp6_lease *lease, const char **fqdn);
sd_dhcp6_lease *sd_dhcp6_lease_ref(sd_dhcp6_lease *lease);
sd_dhcp6_lease *sd_dhcp6_lease_unref(sd_dhcp6_lease *lease);
--
2.26.2
From 98d88e272c9d49876ad2c2b1507a4fda9456531e Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Wed, 22 Jul 2020 13:56:39 +0200
Subject: [PATCH 3/4] dhcp: export the DHCPv6 FQDN option
The dhclient backend already exports all the option passed by
dhclient, including the FDQN. Export it also for the systemd backend.
(cherry picked from commit 1621a6ddb1b3f5c51ad774012150bd56cf65fcea)
(cherry picked from commit c6a7618f2be4236997362db43cf44a3fdee2d9c9)
---
src/dhcp/nm-dhcp-options.c | 1 +
src/dhcp/nm-dhcp-options.h | 2 ++
src/dhcp/nm-dhcp-systemd.c | 8 ++++++++
3 files changed, 11 insertions(+)
diff --git a/src/dhcp/nm-dhcp-options.c b/src/dhcp/nm-dhcp-options.c
index b10635fc674a..d902c77c8c21 100644
--- a/src/dhcp/nm-dhcp-options.c
+++ b/src/dhcp/nm-dhcp-options.c
@@ -183,6 +183,7 @@ const NMDhcpOption _nm_dhcp_option_dhcp6_options[] = {
REQ (NM_DHCP_OPTION_DHCP6_DNS_SERVERS, "dhcp6_name_servers", TRUE ),
REQ (NM_DHCP_OPTION_DHCP6_DOMAIN_LIST, "dhcp6_domain_search", TRUE ),
REQ (NM_DHCP_OPTION_DHCP6_SNTP_SERVERS, "dhcp6_sntp_servers", TRUE ),
+ REQ (NM_DHCP_OPTION_DHCP6_FQDN, "fqdn_fqdn", FALSE ),
REQ (NM_DHCP_OPTION_DHCP6_MUD_URL, "dhcp6_mud_url", FALSE ),
/* Internal values */
diff --git a/src/dhcp/nm-dhcp-options.h b/src/dhcp/nm-dhcp-options.h
index 7c0121702dad..bc3df5acd330 100644
--- a/src/dhcp/nm-dhcp-options.h
+++ b/src/dhcp/nm-dhcp-options.h
@@ -160,7 +160,9 @@ typedef enum {
NM_DHCP_OPTION_DHCP6_DNS_SERVERS = 23,
NM_DHCP_OPTION_DHCP6_DOMAIN_LIST = 24,
NM_DHCP_OPTION_DHCP6_SNTP_SERVERS = 31,
+ NM_DHCP_OPTION_DHCP6_FQDN = 39,
NM_DHCP_OPTION_DHCP6_MUD_URL = 112,
+
/* Internal values */
NM_DHCP_OPTION_DHCP6_NM_IP_ADDRESS = 1026,
NM_DHCP_OPTION_DHCP6_NM_PREFIXLEN = 1027,
diff --git a/src/dhcp/nm-dhcp-systemd.c b/src/dhcp/nm-dhcp-systemd.c
index f65937d8e035..7ee101128b43 100644
--- a/src/dhcp/nm-dhcp-systemd.c
+++ b/src/dhcp/nm-dhcp-systemd.c
@@ -740,6 +740,7 @@ lease_to_ip6_config (NMDedupMultiIndex *multi_idx,
uint32_t lft_pref, lft_valid;
char addr_str[NM_UTILS_INET_ADDRSTRLEN];
char **domains;
+ const char *s;
nm_auto_free_gstring GString *str = NULL;
int num, i;
@@ -808,6 +809,13 @@ lease_to_ip6_config (NMDedupMultiIndex *multi_idx,
str->str);
}
+ if (sd_dhcp6_lease_get_fqdn (lease, &s) >= 0) {
+ nm_dhcp_option_add_option (options,
+ _nm_dhcp_option_dhcp6_options,
+ NM_DHCP_OPTION_DHCP6_FQDN,
+ s);
+ }
+
NM_SET_OUT (out_options, g_steal_pointer (&options));
return g_steal_pointer (&ip6_config);
}
--
2.26.2
From bce988af55e0444a23a4c3881a075ff2387b798a Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Wed, 22 Jul 2020 13:49:42 +0200
Subject: [PATCH 4/4] policy: get the DHCPv6 hostname from the FQDN option
There isn't any 'host-name' option for DHCPv6. Read instead the
'fqdn-fqdn' option that carries the FQDN assigned by the server to the
client.
(cherry picked from commit 1f74ea52f5818c6e7d5cacd1dffdb2e1f5ee1913)
(cherry picked from commit 4e1da002a920888daf5bb3aa4bd21a2d61e3214b)
---
src/nm-policy.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/nm-policy.c b/src/nm-policy.c
index e571034bc345..04cbace6019a 100644
--- a/src/nm-policy.c
+++ b/src/nm-policy.c
@@ -764,7 +764,7 @@ update_system_hostname (NMPolicy *self, const char *msg)
/* Grab a hostname out of the device's DHCP6 config */
dhcp_config = nm_device_get_dhcp_config (get_default_device (self, AF_INET6), AF_INET6);
if (dhcp_config) {
- dhcp_hostname = nm_dhcp_config_get_option (dhcp_config, "host_name");
+ dhcp_hostname = nm_dhcp_config_get_option (dhcp_config, "fqdn_fqdn");
if (dhcp_hostname && dhcp_hostname[0]) {
p = nm_str_skip_leading_spaces (dhcp_hostname);
if (p[0]) {
--
2.26.2

1277
SOURCES/1014-settings-fix-wait-device-timeout-rh1853348.patch Normal file
View File

File diff suppressed because it is too large Load Diff

80
SOURCES/1015-local-route-fixes-rh1868982.patch Normal file
View File

@ -0,0 +1,80 @@
From 09c7c911d702fbe906c5c97435551416d27a2bf9 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Tue, 21 Jul 2020 13:51:17 +0200
Subject: [PATCH 1/2] core: only expose "type unicast" routes on D-Bus
Currently, we would not mark non-unicast routes with their type, so they
would wrongly appear as unicast routes in the D-Bus API.
That is wrong. For now, just hide them.
Fixes: 5d0d13f57010 ('platform: add support for local routes')
(cherry picked from commit 5035687a7be4c67e32b4e08319f2e66c76b42212)
(cherry picked from commit cf3cff4f12e78615c18fd829b1f32eac4f607c0b)
---
src/nm-ip4-config.c | 3 +++
src/nm-ip6-config.c | 3 +++
2 files changed, 6 insertions(+)
diff --git a/src/nm-ip4-config.c b/src/nm-ip4-config.c
index f017a3e809f4..9ad811642317 100644
--- a/src/nm-ip4-config.c
+++ b/src/nm-ip4-config.c
@@ -3227,6 +3227,9 @@ out_addresses_cached:
nm_assert (_route_valid (route));
+ if (route->type_coerced != nm_platform_route_type_coerce (RTN_UNICAST))
+ continue;
+
g_variant_builder_init (&route_builder, G_VARIANT_TYPE ("a{sv}"));
g_variant_builder_add (&route_builder, "{sv}",
"dest",
diff --git a/src/nm-ip6-config.c b/src/nm-ip6-config.c
index 1589cad004af..deb30e77d757 100644
--- a/src/nm-ip6-config.c
+++ b/src/nm-ip6-config.c
@@ -2682,6 +2682,9 @@ out_addresses_cached:
nm_assert (_route_valid (route));
+ if (route->type_coerced != nm_platform_route_type_coerce (RTN_UNICAST))
+ continue;
+
g_variant_builder_init (&route_builder, G_VARIANT_TYPE ("a{sv}"));
g_variant_builder_add (&route_builder, "{sv}",
"dest",
--
2.26.2
From 52fe9dec97eb7d57594141732694453ce2db08d5 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Tue, 21 Jul 2020 18:06:21 +0200
Subject: [PATCH 2/2] core: fix selecting of best-default-route to consider
only unicast routes
Fixes: 5d0d13f57010 ('platform: add support for local routes')
(cherry picked from commit 2a1bac6b8a7d107f33bbdb9d91eaf924fa67b64a)
(cherry picked from commit 99b362c9443591b2b643aa09980f1a5dd42b1f6b)
---
src/nm-ip4-config.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/nm-ip4-config.h b/src/nm-ip4-config.h
index dc8222fd5a7b..ea0617497607 100644
--- a/src/nm-ip4-config.h
+++ b/src/nm-ip4-config.h
@@ -83,7 +83,8 @@ nm_ip_config_best_default_route_is (const NMPObject *obj)
* Note that this only considers the main routing table. */
return r
&& NM_PLATFORM_IP_ROUTE_IS_DEFAULT (r)
- && nm_platform_route_table_is_main (r->table_coerced);
+ && nm_platform_route_table_is_main (r->table_coerced)
+ && r->type_coerced == nm_platform_route_type_coerce (1 /*RTN_UNICAST*/);
}
const NMPObject *_nm_ip_config_best_default_route_find_better (const NMPObject *obj_cur, const NMPObject *obj_cmp);
--
2.26.2

5502
SOURCES/1016-dhcp-implement-dhcp-vendor-class-identifier-option-rh1871042.patch Normal file
View File

File diff suppressed because it is too large Load Diff

432
SOURCES/1017-initrd-parse-rd.net.dhcp.vendor-class-rh1870692.patch Normal file
View File

@ -0,0 +1,432 @@
From d15b8c6c561258eb0e0b92d6176a16ccc8c23be3 Mon Sep 17 00:00:00 2001
From: Antonio Cardace <acardace@redhat.com>
Date: Thu, 27 Aug 2020 18:18:31 +0200
Subject: [PATCH 1/4] core: add 'dhcp-vendor-class-identifier' validation
function
So that it can be reused.
Signed-off-by: Antonio Cardace <acardace@redhat.com>
(cherry picked from commit 5cca669ff39c6909be906e8974e424ffd2ea42c2)
(cherry picked from commit 847488cb2f9f0ba8017938e0876677180c0c91a0)
---
.../nm-libnm-core-utils.c | 55 +++++++++++++++++++
.../nm-libnm-core-utils.h | 2 +
libnm-core/nm-setting-ip4-config.c | 48 +---------------
po/POTFILES.in | 1 +
src/devices/nm-device.c | 11 ++--
5 files changed, 65 insertions(+), 52 deletions(-)
diff --git a/libnm-core/nm-libnm-core-intern/nm-libnm-core-utils.c b/libnm-core/nm-libnm-core-intern/nm-libnm-core-utils.c
index f2c85cc60..8be7d913f 100644
--- a/libnm-core/nm-libnm-core-intern/nm-libnm-core-utils.c
+++ b/libnm-core/nm-libnm-core-intern/nm-libnm-core-utils.c
@@ -6,6 +6,8 @@
#include "nm-common-macros.h"
+#include "nm-errors.h"
+
#include <linux/rtnetlink.h>
/*****************************************************************************/
@@ -257,3 +259,56 @@ NM_UTILS_ENUM2STR_DEFINE (nm_utils_route_type2str, guint8,
NM_UTILS_ENUM2STR (RTN_UNREACHABLE, "unreachable"),
NM_UTILS_ENUM2STR (RTN_UNSPEC, "unspecified"),
);
+
+gboolean
+nm_utils_validate_dhcp4_vendor_class_id (const char *vci, GError **error)
+{
+ const char * bin;
+ gsize unescaped_len;
+ gs_free char *to_free = NULL;
+
+ g_return_val_if_fail (!error || !(*error), FALSE);
+ g_return_val_if_fail (vci, FALSE);
+
+ if (vci[0] == '\0') {
+ g_set_error_literal (error,
+ NM_CONNECTION_ERROR,
+ NM_CONNECTION_ERROR_INVALID_PROPERTY,
+ _ ("property cannot be an empty string"));
+ g_prefix_error (error,
+ "%s.%s: ",
+ NM_SETTING_IP4_CONFIG_SETTING_NAME,
+ NM_SETTING_IP4_CONFIG_DHCP_VENDOR_CLASS_IDENTIFIER);
+ return FALSE;
+ }
+
+ bin = nm_utils_buf_utf8safe_unescape (vci,
+ NM_UTILS_STR_UTF8_SAFE_FLAG_NONE,
+ &unescaped_len,
+ (gpointer *) &to_free);
+ /* a DHCP option cannot be longer than 255 bytes */
+ if (unescaped_len > 255) {
+ g_set_error_literal (error,
+ NM_CONNECTION_ERROR,
+ NM_CONNECTION_ERROR_INVALID_PROPERTY,
+ _ ("property cannot be longer than 255 bytes"));
+ g_prefix_error (error,
+ "%s.%s: ",
+ NM_SETTING_IP4_CONFIG_SETTING_NAME,
+ NM_SETTING_IP4_CONFIG_DHCP_VENDOR_CLASS_IDENTIFIER);
+ return FALSE;
+ }
+ if (strlen (bin) != unescaped_len) {
+ g_set_error_literal (error,
+ NM_CONNECTION_ERROR,
+ NM_CONNECTION_ERROR_INVALID_PROPERTY,
+ _ ("property cannot contain any nul bytes"));
+ g_prefix_error (error,
+ "%s.%s: ",
+ NM_SETTING_IP4_CONFIG_SETTING_NAME,
+ NM_SETTING_IP4_CONFIG_DHCP_VENDOR_CLASS_IDENTIFIER);
+ return FALSE;
+ }
+
+ return TRUE;
+}
diff --git a/libnm-core/nm-libnm-core-intern/nm-libnm-core-utils.h b/libnm-core/nm-libnm-core-intern/nm-libnm-core-utils.h
index bb3fa5fcf..6c1337d88 100644
--- a/libnm-core/nm-libnm-core-intern/nm-libnm-core-utils.h
+++ b/libnm-core/nm-libnm-core-intern/nm-libnm-core-utils.h
@@ -140,4 +140,6 @@ guint8 nm_utils_route_type_by_name (const char *name);
const char *nm_utils_route_type2str (guint8 val, char *buf, gsize len);
+gboolean nm_utils_validate_dhcp4_vendor_class_id (const char *vci, GError **error);
+
#endif /* __NM_LIBNM_SHARED_UTILS_H__ */
diff --git a/libnm-core/nm-setting-ip4-config.c b/libnm-core/nm-setting-ip4-config.c
index 0b8dc89b3..7ffefc25b 100644
--- a/libnm-core/nm-setting-ip4-config.c
+++ b/libnm-core/nm-setting-ip4-config.c
@@ -227,51 +227,9 @@ verify (NMSetting *setting, NMConnection *connection, GError **error)
return FALSE;
}
- if (priv->dhcp_vendor_class_identifier) {
- const char * bin;
- gsize unescaped_len;
- gs_free char *to_free = NULL;
-
- if (priv->dhcp_vendor_class_identifier[0] == '\0') {
- g_set_error_literal (error,
- NM_CONNECTION_ERROR,
- NM_CONNECTION_ERROR_INVALID_PROPERTY,
- _ ("property cannot be an empty string"));
- g_prefix_error (error,
- "%s.%s: ",
- NM_SETTING_IP4_CONFIG_SETTING_NAME,
- NM_SETTING_IP4_CONFIG_DHCP_VENDOR_CLASS_IDENTIFIER);
- return FALSE;
- }
-
- bin = nm_utils_buf_utf8safe_unescape (priv->dhcp_vendor_class_identifier,
- NM_UTILS_STR_UTF8_SAFE_FLAG_NONE,
- &unescaped_len,
- (gpointer *) &to_free);
- /* a DHCP option cannot be longer than 255 bytes */
- if (unescaped_len > 255) {
- g_set_error_literal (error,
- NM_CONNECTION_ERROR,
- NM_CONNECTION_ERROR_INVALID_PROPERTY,
- _ ("property cannot be longer than 255 bytes"));
- g_prefix_error (error,
- "%s.%s: ",
- NM_SETTING_IP4_CONFIG_SETTING_NAME,
- NM_SETTING_IP4_CONFIG_DHCP_VENDOR_CLASS_IDENTIFIER);
- return FALSE;
- }
- if (strlen (bin) != unescaped_len) {
- g_set_error_literal (error,
- NM_CONNECTION_ERROR,
- NM_CONNECTION_ERROR_INVALID_PROPERTY,
- _ ("property cannot contain any nul bytes"));
- g_prefix_error (error,
- "%s.%s: ",
- NM_SETTING_IP4_CONFIG_SETTING_NAME,
- NM_SETTING_IP4_CONFIG_DHCP_VENDOR_CLASS_IDENTIFIER);
- return FALSE;
- }
- }
+ if ( priv->dhcp_vendor_class_identifier
+ && !nm_utils_validate_dhcp4_vendor_class_id (priv->dhcp_vendor_class_identifier, error))
+ return FALSE;
/* Failures from here on are NORMALIZABLE_ERROR... */
diff --git a/po/POTFILES.in b/po/POTFILES.in
index 25cb5c4a6..ea2eafa3f 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -59,6 +59,7 @@ libnm-core/nm-dbus-utils.c
libnm-core/nm-keyfile/nm-keyfile-utils.c
libnm-core/nm-keyfile/nm-keyfile.c
libnm-core/nm-libnm-core-aux/nm-libnm-core-aux.c
+libnm-core/nm-libnm-core-intern/nm-libnm-core-utils.c
libnm-core/nm-setting-6lowpan.c
libnm-core/nm-setting-8021x.c
libnm-core/nm-setting-adsl.c
diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c
index 72a2b1008..012af4d9a 100644
--- a/src/devices/nm-device.c
+++ b/src/devices/nm-device.c
@@ -8754,7 +8754,6 @@ dhcp4_get_vendor_class_identifier (NMDevice *self, NMSettingIP4Config *s_ip4)
{
gs_free char *config_data_prop = NULL;
gs_free char *to_free = NULL;
- gboolean validate = FALSE;
const char *conn_prop;
GBytes *bytes = NULL;
const char *bin;
@@ -8764,12 +8763,14 @@ dhcp4_get_vendor_class_identifier (NMDevice *self, NMSettingIP4Config *s_ip4)
if (!conn_prop) {
/* set in NetworkManager.conf ? */
- validate = TRUE;
config_data_prop = nm_config_data_get_connection_default (
NM_CONFIG_GET_DATA,
NM_CON_DEFAULT ("ipv4.dhcp-vendor-class-identifier"),
self);
- conn_prop = config_data_prop;
+
+ if ( config_data_prop
+ && nm_utils_validate_dhcp4_vendor_class_id (config_data_prop, NULL))
+ conn_prop = config_data_prop;
}
if (conn_prop) {
@@ -8777,10 +8778,6 @@ dhcp4_get_vendor_class_identifier (NMDevice *self, NMSettingIP4Config *s_ip4)
NM_UTILS_STR_UTF8_SAFE_FLAG_NONE,
&len,
(gpointer *) &to_free);
-
- if (validate && (bin[0] == '\0' || len > 255 || strlen (bin) != len))
- return NULL;
-
if (to_free)
bytes = g_bytes_new_take (g_steal_pointer (&to_free), len);
else
--
2.26.2
From a491bad06f7c29b257fd948f2149ef80b179da22 Mon Sep 17 00:00:00 2001
From: Antonio Cardace <acardace@redhat.com>
Date: Thu, 27 Aug 2020 17:43:54 +0200
Subject: [PATCH 2/4] initrd: parse 'rd.net.dhcp.vendor-class' kernel cmdline
arg
This arguments makes NM set the ipv4.dhcp-vendor-class-identifier
property for all connections.
https://bugzilla.redhat.com/show_bug.cgi?id=1872299
Signed-off-by: Antonio Cardace <acardace@redhat.com>
(cherry picked from commit c056cb9306be29a2c194a308b3b6cc639980abe2)
(cherry picked from commit 15856a4fa20feaae6bd073fc2874180b2a1a335d)
---
src/initrd/nmi-cmdline-reader.c | 6 ++++
src/initrd/tests/test-cmdline-reader.c | 47 ++++++++++++++++++++++++++
2 files changed, 53 insertions(+)
diff --git a/src/initrd/nmi-cmdline-reader.c b/src/initrd/nmi-cmdline-reader.c
index be39ef896..ba747b30a 100644
--- a/src/initrd/nmi-cmdline-reader.c
+++ b/src/initrd/nmi-cmdline-reader.c
@@ -28,6 +28,7 @@ typedef struct {
/* Parameters to be set for all connections */
gboolean ignore_auto_dns;
int dhcp_timeout;
+ char *dhcp4_vci;
} Reader;
static Reader *
@@ -52,6 +53,7 @@ reader_destroy (Reader *reader, gboolean free_hash)
g_ptr_array_unref (reader->array);
hash = g_steal_pointer (&reader->hash);
nm_clear_g_free (&reader->hostname);
+ nm_clear_g_free (&reader->dhcp4_vci);
nm_g_slice_free (reader);
if (!free_hash)
return g_steal_pointer (&hash);
@@ -95,6 +97,7 @@ reader_create_connection (Reader *reader,
NM_SETTING_IP_CONFIG_MAY_FAIL, TRUE,
NM_SETTING_IP_CONFIG_IGNORE_AUTO_DNS, reader->ignore_auto_dns,
NM_SETTING_IP_CONFIG_DHCP_TIMEOUT, reader->dhcp_timeout,
+ NM_SETTING_IP4_CONFIG_DHCP_VENDOR_CLASS_IDENTIFIER, reader->dhcp4_vci,
NULL);
setting = nm_setting_ip6_config_new ();
@@ -927,6 +930,9 @@ nmi_cmdline_reader_parse (const char *sysfs_dir, const char *const*argv, char **
else if (nm_streq (tag, "rd.net.timeout.dhcp")) {
reader->dhcp_timeout = _nm_utils_ascii_str_to_int64 (argument,
10, 0, G_MAXINT32, 0);
+ } else if (nm_streq (tag, "rd.net.dhcp.vendor-class")) {
+ if (nm_utils_validate_dhcp4_vendor_class_id (argument, NULL))
+ nm_utils_strdup_reset (&reader->dhcp4_vci, argument);
}
}
diff --git a/src/initrd/tests/test-cmdline-reader.c b/src/initrd/tests/test-cmdline-reader.c
index 7787cf5ea..a909bc380 100644
--- a/src/initrd/tests/test-cmdline-reader.c
+++ b/src/initrd/tests/test-cmdline-reader.c
@@ -1485,6 +1485,52 @@ test_bootif_off (void)
g_assert_cmpstr (hostname, ==, NULL);
}
+static void
+test_dhcp_vendor_class_id (void)
+{
+ gs_unref_hashtable GHashTable *connections = NULL;
+ const char *const*ARGV = NM_MAKE_STRV ("rd.net.dhcp.vendor-class=testvci",
+ "ip=eno1:dhcp");
+ NMConnection *connection;
+ NMSettingIP4Config *s_ip4;
+ gs_free char *hostname = NULL;
+ gs_free char *vci_long = NULL;
+ char vci_arg_long[512] = {0};
+
+ connections = nmi_cmdline_reader_parse (TEST_INITRD_DIR "/sysfs", ARGV, &hostname);
+ g_assert (connections);
+ g_assert_cmpint (g_hash_table_size (connections), ==, 1);
+ g_assert_cmpstr (hostname, ==, NULL);
+
+ connection = g_hash_table_lookup (connections, "eno1");
+ g_assert (connection);
+ nmtst_assert_connection_verifies_without_normalization (connection);
+ s_ip4 = NM_SETTING_IP4_CONFIG (nm_connection_get_setting_ip4_config (connection));
+ g_assert_cmpstr (nm_setting_ip4_config_get_dhcp_vendor_class_identifier (s_ip4), ==, "testvci");
+
+ ARGV = NM_MAKE_STRV ("rd.net.dhcp.vendor-class",
+ "ip=eno1:dhcp");
+ connections = nmi_cmdline_reader_parse (TEST_INITRD_DIR "/sysfs", ARGV, &hostname);
+ connection = g_hash_table_lookup (connections, "eno1");
+ g_assert (connection);
+ nmtst_assert_connection_verifies_without_normalization (connection);
+ s_ip4 = NM_SETTING_IP4_CONFIG (nm_connection_get_setting_ip4_config (connection));
+ g_assert (nm_setting_ip4_config_get_dhcp_vendor_class_identifier (s_ip4) == NULL);
+
+
+
+ memset (vci_arg_long, 'A', 400);
+ vci_long = g_strdup_printf ("rd.net.dhcp.vendor-class=%s", vci_arg_long);
+ ARGV = NM_MAKE_STRV (vci_long,
+ "ip=eno1:dhcp");
+ connections = nmi_cmdline_reader_parse (TEST_INITRD_DIR "/sysfs", ARGV, &hostname);
+ connection = g_hash_table_lookup (connections, "eno1");
+ g_assert (connection);
+ nmtst_assert_connection_verifies_without_normalization (connection);
+ s_ip4 = NM_SETTING_IP4_CONFIG (nm_connection_get_setting_ip4_config (connection));
+ g_assert (nm_setting_ip4_config_get_dhcp_vendor_class_identifier (s_ip4) == NULL);
+}
+
NMTST_DEFINE ();
int main (int argc, char **argv)
@@ -1521,6 +1567,7 @@ int main (int argc, char **argv)
g_test_add_func ("/initrd/cmdline/bootif/hwtype", test_bootif_hwtype);
g_test_add_func ("/initrd/cmdline/bootif/off", test_bootif_off);
g_test_add_func ("/initrd/cmdline/neednet", test_neednet);
+ g_test_add_func ("/initrd/cmdline/dhcp/vendor_class_id", test_dhcp_vendor_class_id);
return g_test_run ();
}
--
2.26.2
From bbd77df8ae1cc2510b1ff2c1c27ddf3d907faec3 Mon Sep 17 00:00:00 2001
From: Antonio Cardace <acardace@redhat.com>
Date: Tue, 1 Sep 2020 18:38:45 +0200
Subject: [PATCH 3/4] initrd: fix memory leak
Signed-off-by: Antonio Cardace <acardace@redhat.com>
Fixes: 9f9609555d1c ('initrd: add configuration generator')
(cherry picked from commit d5c05d07c7aff317284d2d5197d75e0f605b4364)
(cherry picked from commit bba54613eb4255166c921844e8b6d2a2bd0000a1)
---
shared/nm-glib-aux/nm-macros-internal.h | 8 ++++++++
src/initrd/nm-initrd-generator.c | 2 +-
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/shared/nm-glib-aux/nm-macros-internal.h b/shared/nm-glib-aux/nm-macros-internal.h
index 15bcd7e58..57ddee050 100644
--- a/shared/nm-glib-aux/nm-macros-internal.h
+++ b/shared/nm-glib-aux/nm-macros-internal.h
@@ -216,6 +216,14 @@ NM_AUTO_DEFINE_FCN0 (GError *, gs_local_free_error, g_error_free)
#define gs_unref_keyfile nm_auto(gs_local_keyfile_unref)
NM_AUTO_DEFINE_FCN0 (GKeyFile *, gs_local_keyfile_unref, g_key_file_unref)
+/**
+ * gs_free_option_context:
+ *
+ * Call g_option_context_free() on a variable location when it goes out of scope.
+ */
+#define gs_free_option_context nm_auto(gs_local_option_context)
+NM_AUTO_DEFINE_FCN0 (GOptionContext *, gs_local_option_context, g_option_context_free);
+
/*****************************************************************************/
#include "nm-glib.h"
diff --git a/src/initrd/nm-initrd-generator.c b/src/initrd/nm-initrd-generator.c
index f984ed739..5a93480bf 100644
--- a/src/initrd/nm-initrd-generator.c
+++ b/src/initrd/nm-initrd-generator.c
@@ -83,7 +83,7 @@ main (int argc, char *argv[])
{ G_OPTION_REMAINING, '\0', 0, G_OPTION_ARG_STRING_ARRAY, &remaining, NULL, NULL },
{ NULL }
};
- GOptionContext *option_context;
+ gs_free_option_context GOptionContext *option_context = NULL;
gs_free_error GError *error = NULL;
gs_free char *hostname = NULL;
int errsv;
--
2.26.2
From 3dec958f413a4566e97183a522afb27b47a9146e Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Thu, 3 Sep 2020 11:35:40 +0200
Subject: [PATCH 4/4] initrd/tests: fix memleak in test_dhcp_vendor_class_id()
Having leaks in the tests, breaks running the test under valgrind. There
must be no leaks.
Fixes: c056cb9306be ('initrd: parse 'rd.net.dhcp.vendor-class' kernel cmdline arg')
(cherry picked from commit bff23d15d41a42c7b5f43cb3d18d66e7cd289823)
(cherry picked from commit 5bea8db7ca8fd7520fe605b59e29b974e04b4721)
Signed-off-by: Antonio Cardace <acardace@redhat.com>
---
src/initrd/tests/test-cmdline-reader.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/initrd/tests/test-cmdline-reader.c b/src/initrd/tests/test-cmdline-reader.c
index a909bc380..a11b76e01 100644
--- a/src/initrd/tests/test-cmdline-reader.c
+++ b/src/initrd/tests/test-cmdline-reader.c
@@ -1508,6 +1508,8 @@ test_dhcp_vendor_class_id (void)
s_ip4 = NM_SETTING_IP4_CONFIG (nm_connection_get_setting_ip4_config (connection));
g_assert_cmpstr (nm_setting_ip4_config_get_dhcp_vendor_class_identifier (s_ip4), ==, "testvci");
+ nm_clear_pointer (&connections, g_hash_table_unref);
+
ARGV = NM_MAKE_STRV ("rd.net.dhcp.vendor-class",
"ip=eno1:dhcp");
connections = nmi_cmdline_reader_parse (TEST_INITRD_DIR "/sysfs", ARGV, &hostname);
@@ -1517,7 +1519,7 @@ test_dhcp_vendor_class_id (void)
s_ip4 = NM_SETTING_IP4_CONFIG (nm_connection_get_setting_ip4_config (connection));
g_assert (nm_setting_ip4_config_get_dhcp_vendor_class_identifier (s_ip4) == NULL);
-
+ nm_clear_pointer (&connections, g_hash_table_unref);
memset (vci_arg_long, 'A', 400);
vci_long = g_strdup_printf ("rd.net.dhcp.vendor-class=%s", vci_arg_long);
--
2.26.2

374
SOURCES/1018-initrd-accept-mac-ifaces-rh1879795.patch Normal file
View File

@ -0,0 +1,374 @@
From c3b47a965a9b073527e7b71f88de4887fc88ecc9 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Tue, 22 Sep 2020 17:54:18 +0200
Subject: [PATCH 1/2] initrd: accept mac address as interface specifier
The interface can be specified either by name or MAC address:
ip=192.0.2.2:::::eth0
ip=192.0.2.2:::::00-11-22-33-44-55
https://bugzilla.redhat.com/show_bug.cgi?id=1879795
(cherry picked from commit f22364429135f55094fb89879f1fa7bad066727f)
(cherry picked from commit eeef91aa6e8d3eb1510563c413dda19b578a8a6a)
---
src/initrd/nmi-cmdline-reader.c | 85 ++++++++++++++++++--------
src/initrd/tests/test-cmdline-reader.c | 68 +++++++++++++++++++++
2 files changed, 128 insertions(+), 25 deletions(-)
diff --git a/src/initrd/nmi-cmdline-reader.c b/src/initrd/nmi-cmdline-reader.c
index ba747b30ad..8196e9fb78 100644
--- a/src/initrd/nmi-cmdline-reader.c
+++ b/src/initrd/nmi-cmdline-reader.c
@@ -78,6 +78,7 @@ reader_create_connection (Reader *reader,
const char *basename,
const char *id,
const char *ifname,
+ const char *mac,
const char *type_name,
NMConnectionMultiConnect multi_connect)
{
@@ -120,6 +121,14 @@ reader_create_connection (Reader *reader,
NM_SETTING_CONNECTION_MULTI_CONNECT, multi_connect,
NULL);
+ if (mac) {
+ setting = nm_setting_wired_new ();
+ nm_connection_add_setting (connection, setting);
+ g_object_set (setting,
+ NM_SETTING_WIRED_MAC_ADDRESS, mac,
+ NULL);
+ }
+
return connection;
}
@@ -133,6 +142,7 @@ reader_get_default_connection (Reader *reader)
"default_connection",
"Wired Connection",
NULL,
+ NULL,
NM_SETTING_WIRED_SETTING_NAME,
NM_CONNECTION_MULTI_CONNECT_MULTIPLE);
nm_connection_add_setting (con, nm_setting_wired_new ());
@@ -143,14 +153,26 @@ reader_get_default_connection (Reader *reader)
static NMConnection *
reader_get_connection (Reader *reader,
- const char *ifname,
+ const char *iface_spec,
const char *type_name,
gboolean create_if_missing)
{
NMConnection *connection = NULL;
NMSetting *setting;
+ const char *ifname = NULL;
+ gs_free char *mac = NULL;
+
+ if (iface_spec) {
+ if (nm_utils_is_valid_iface_name (iface_spec, NULL))
+ ifname = iface_spec;
+ else {
+ mac = nm_utils_hwaddr_canonical (iface_spec, ETH_ALEN);
+ if (!mac)
+ _LOGW (LOGD_CORE, "invalid interface '%s'", iface_spec);
+ }
+ }
- if (!ifname) {
+ if (!ifname && !mac) {
NMConnection *candidate;
NMSettingConnection *s_con;
guint i;
@@ -178,7 +200,7 @@ reader_get_connection (Reader *reader,
}
}
} else
- connection = g_hash_table_lookup (reader->hash, (gpointer) ifname);
+ connection = g_hash_table_lookup (reader->hash, (gpointer) ifname ?: mac);
if (!connection) {
if (!create_if_missing)
@@ -187,9 +209,9 @@ reader_get_connection (Reader *reader,
if (!type_name)
type_name = NM_SETTING_WIRED_SETTING_NAME;
- connection = reader_create_connection (reader, ifname,
- ifname ?: "Wired Connection",
- ifname, type_name,
+ connection = reader_create_connection (reader, ifname ?: mac,
+ ifname ?: (mac ?: "Wired Connection"),
+ ifname, mac, type_name,
NM_CONNECTION_MULTI_CONNECT_SINGLE);
}
setting = (NMSetting *) nm_connection_get_setting_connection (connection);
@@ -331,7 +353,7 @@ reader_parse_ip (Reader *reader, const char *sysfs_dir, char *argument)
const char *gateway_ip = NULL;
const char *netmask = NULL;
const char *client_hostname = NULL;
- const char *ifname = NULL;
+ const char *iface_spec = NULL;
const char *mtu = NULL;
const char *macaddr = NULL;
int client_ip_family = AF_UNSPEC;
@@ -357,9 +379,9 @@ reader_parse_ip (Reader *reader, const char *sysfs_dir, char *argument)
gateway_ip = get_word (&argument, ':');
netmask = get_word (&argument, ':');
client_hostname = get_word (&argument, ':');
- ifname = get_word (&argument, ':');
+ iface_spec = get_word (&argument, ':');
} else {
- ifname = tmp;
+ iface_spec = tmp;
}
if (client_hostname && !nm_sd_hostname_is_valid (client_hostname, FALSE))
@@ -388,15 +410,15 @@ reader_parse_ip (Reader *reader, const char *sysfs_dir, char *argument)
}
}
- if ( ifname == NULL
+ if ( iface_spec == NULL
&& NM_IN_STRSET (kind, "fw", "ibft")) {
reader_read_all_connections_from_fw (reader, sysfs_dir);
return;
}
/* Parsing done, construct the NMConnection. */
- if (ifname)
- connection = reader_get_connection (reader, ifname, NULL, TRUE);
+ if (iface_spec)
+ connection = reader_get_connection (reader, iface_spec, NULL, TRUE);
else
connection = reader_get_default_connection (reader);
@@ -498,22 +520,36 @@ reader_parse_ip (Reader *reader, const char *sysfs_dir, char *argument)
NULL);
}
} else if (nm_streq0 (kind, "ibft")) {
- gs_free char *address_path = g_build_filename (sysfs_dir, "class", "net", ifname, "address", NULL);
- gs_free char *mac, *mac_up = NULL;
+ NMSettingWired *s_wired;
+ const char *mac = NULL;
+ const char *ifname;
+ gs_free char *mac_free = NULL;
+ gs_free char *address_path = NULL;
GHashTable *nic = NULL;
- if (!g_file_get_contents (address_path, &mac, NULL, &error)) {
- _LOGW (LOGD_CORE, "Can't get a MAC address for %s: %s", ifname, error->message);
- g_clear_error (&error);
+ if ( (s_wired = nm_connection_get_setting_wired (connection))
+ && (mac = nm_setting_wired_get_mac_address (s_wired))) {
+ /* got mac from the connection */
+ } else if ((ifname = nm_connection_get_interface_name (connection))) {
+ /* read it from sysfs */
+ address_path = g_build_filename (sysfs_dir, "class", "net", ifname, "address", NULL);
+ if (g_file_get_contents (address_path, &mac_free, NULL, &error)) {
+ g_strchomp (mac_free);
+ mac = mac_free;
+ } else {
+ _LOGW (LOGD_CORE, "Can't get a MAC address for %s: %s", ifname, error->message);
+ g_clear_error (&error);
+ }
}
if (mac) {
- g_strchomp (mac);
+ gs_free char *mac_up = NULL;
+
mac_up = g_ascii_strup (mac, -1);
ibft = nmi_ibft_read (sysfs_dir);
nic = g_hash_table_lookup (ibft, mac_up);
if (!nic)
- _LOGW (LOGD_CORE, "No iBFT NIC for %s (%s)", ifname, mac_up);
+ _LOGW (LOGD_CORE, "No iBFT NIC for %s (%s)", iface_spec, mac_up);
}
if (nic) {
@@ -1018,15 +1054,14 @@ nmi_cmdline_reader_parse (const char *sysfs_dir, const char *const*argv, char **
"bootif_connection",
"BOOTIF Connection",
NULL,
+ bootif,
NM_SETTING_WIRED_SETTING_NAME,
NM_CONNECTION_MULTI_CONNECT_SINGLE);
- s_wired = (NMSettingWired *) nm_setting_wired_new ();
- nm_connection_add_setting (connection, (NMSetting *) s_wired);
+ } else {
+ g_object_set (s_wired,
+ NM_SETTING_WIRED_MAC_ADDRESS, bootif,
+ NULL);
}
-
- g_object_set (s_wired,
- NM_SETTING_WIRED_MAC_ADDRESS, bootif,
- NULL);
}
if (bootdev) {
diff --git a/src/initrd/tests/test-cmdline-reader.c b/src/initrd/tests/test-cmdline-reader.c
index a11b76e015..4a2f33fc02 100644
--- a/src/initrd/tests/test-cmdline-reader.c
+++ b/src/initrd/tests/test-cmdline-reader.c
@@ -293,6 +293,49 @@ test_if_ip6_manual (void)
g_assert_cmpstr (nm_setting_ip_config_get_dhcp_hostname (s_ip6), ==, "hostname0.example.com");
}
+static void
+test_if_mac_ifname (void)
+{
+ gs_unref_hashtable GHashTable *connections = NULL;
+ const char *const*ARGV = NM_MAKE_STRV ("ip=[2001:0db8::42]/64::[2001:0db8::01]::"
+ "hostname0:00-11-22-33-44-55::[2001:0db8::53]");
+ NMConnection *connection;
+ NMSettingIPConfig *s_ip6;
+ NMSettingWired *s_wired;
+ NMIPAddress *ip_addr;
+ gs_free char *hostname = NULL;
+
+ connections = nmi_cmdline_reader_parse (TEST_INITRD_DIR "/sysfs", ARGV, &hostname);
+ g_assert (connections);
+ g_assert_cmpint (g_hash_table_size (connections), ==, 1);
+ g_assert_cmpstr (hostname, ==, "hostname0");
+
+ connection = g_hash_table_lookup (connections, "00:11:22:33:44:55");
+ g_assert (connection);
+ nmtst_assert_connection_verifies_without_normalization (connection);
+ g_assert_cmpstr (nm_connection_get_id (connection), ==, "00:11:22:33:44:55");
+ g_assert_cmpstr (nm_connection_get_interface_name (connection), ==, NULL);
+
+ s_wired = nm_connection_get_setting_wired (connection);
+ g_assert (s_wired);
+ g_assert_cmpstr (nm_setting_wired_get_mac_address(s_wired), ==, "00:11:22:33:44:55");
+
+ s_ip6 = nm_connection_get_setting_ip6_config (connection);
+ g_assert (s_ip6);
+ g_assert_cmpstr (nm_setting_ip_config_get_method (s_ip6), ==, NM_SETTING_IP6_CONFIG_METHOD_MANUAL);
+ g_assert (!nm_setting_ip_config_get_ignore_auto_dns (s_ip6));
+ g_assert_cmpint (nm_setting_ip_config_get_num_dns (s_ip6), ==, 1);
+ g_assert_cmpstr (nm_setting_ip_config_get_dns (s_ip6, 0), ==, "2001:db8::53");
+ g_assert_cmpint (nm_setting_ip_config_get_num_routes (s_ip6), ==, 0);
+ g_assert_cmpint (nm_setting_ip_config_get_num_addresses (s_ip6), ==, 1);
+ ip_addr = nm_setting_ip_config_get_address (s_ip6, 0);
+ g_assert (ip_addr);
+ g_assert_cmpstr (nm_ip_address_get_address (ip_addr), ==, "2001:db8::42");
+ g_assert_cmpint (nm_ip_address_get_prefix (ip_addr), ==, 64);
+ g_assert_cmpstr (nm_setting_ip_config_get_gateway (s_ip6), ==, "2001:db8::1");
+ g_assert_cmpstr (nm_setting_ip_config_get_dhcp_hostname (s_ip6), ==, "hostname0");
+}
+
static void
test_multiple_merge (void)
{
@@ -1042,6 +1085,29 @@ test_ibft_ip_dev (void)
g_assert_cmpstr (nm_setting_connection_get_interface_name (s_con), ==, NULL);
}
+static void
+test_ibft_ip_dev_mac (void)
+{
+ const char *const*ARGV = NM_MAKE_STRV ("ip=00-53-06-66-ab-01:ibft");
+ gs_unref_hashtable GHashTable *connections = NULL;
+ NMSettingConnection *s_con;
+ NMConnection *connection;
+ gs_free char *hostname = NULL;
+
+ connections = nmi_cmdline_reader_parse (TEST_INITRD_DIR "/sysfs", ARGV, &hostname);
+ g_assert (connections);
+ g_assert_cmpint (g_hash_table_size (connections), ==, 1);
+ g_assert_cmpstr (hostname, ==, NULL);
+
+ connection = g_hash_table_lookup (connections, "00:53:06:66:AB:01");
+ g_assert (connection);
+
+ s_con = nm_connection_get_setting_connection (connection);
+ g_assert (s_con);
+ g_assert_cmpstr (nm_setting_connection_get_connection_type (s_con), ==, NM_SETTING_WIRED_SETTING_NAME);
+ g_assert_cmpstr (nm_setting_connection_get_interface_name (s_con), ==, NULL);
+}
+
static void
_test_ibft_ip (const char *const*ARGV)
{
@@ -1545,6 +1611,7 @@ int main (int argc, char **argv)
g_test_add_func ("/initrd/cmdline/if_auto_with_mtu_and_mac", test_if_auto_with_mtu_and_mac);
g_test_add_func ("/initrd/cmdline/if_ip4_manual", test_if_ip4_manual);
g_test_add_func ("/initrd/cmdline/if_ip6_manual", test_if_ip6_manual);
+ g_test_add_func ("/initrd/cmdline/if_mac_ifname", test_if_mac_ifname);
g_test_add_func ("/initrd/cmdline/multiple/merge", test_multiple_merge);
g_test_add_func ("/initrd/cmdline/multiple/bootdev", test_multiple_bootdev);
g_test_add_func ("/initrd/cmdline/nameserver", test_nameserver);
@@ -1558,6 +1625,7 @@ int main (int argc, char **argv)
g_test_add_func ("/initrd/cmdline/bridge/default", test_bridge_default);
g_test_add_func ("/initrd/cmdline/bridge/ip", test_bridge_ip);
g_test_add_func ("/initrd/cmdline/ibft/ip_dev", test_ibft_ip_dev);
+ g_test_add_func ("/initrd/cmdline/ibft/ip_dev_mac", test_ibft_ip_dev_mac);
g_test_add_func ("/initrd/cmdline/ibft/ip", test_ibft_ip);
g_test_add_func ("/initrd/cmdline/ibft/rd_iscsi_ibft", test_ibft_rd_iscsi_ibft);
g_test_add_func ("/initrd/cmdline/ignore_extra", test_ignore_extra);
--
2.26.2
From a65c364d2cfe7a36f5207f652ec77bb42b532f88 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Wed, 23 Sep 2020 10:58:03 +0200
Subject: [PATCH 2/2] initrd: fix parsing IPv6 prefix length
The generator didn't accept prefix lengths > 32 for IPv6:
$ src/initrd/nm-initrd-generator --stdout -- ip=[fd01::1]:::40::ens0
<warn> [1600851580.7875] cmdline-reader: Invalid IP mask: 40
https://bugzilla.redhat.com/show_bug.cgi?id=1879795
(cherry picked from commit 364c7c278a19959c6e880329533937dbcf7b19a4)
(cherry picked from commit 09804cac6ef2016cfa70d3e63c7d73f2dfc3cf91)
---
src/initrd/nmi-cmdline-reader.c | 5 +++--
src/initrd/tests/test-cmdline-reader.c | 3 ++-
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/initrd/nmi-cmdline-reader.c b/src/initrd/nmi-cmdline-reader.c
index 8196e9fb78..ee3dab2574 100644
--- a/src/initrd/nmi-cmdline-reader.c
+++ b/src/initrd/nmi-cmdline-reader.c
@@ -426,12 +426,13 @@ reader_parse_ip (Reader *reader, const char *sysfs_dir, char *argument)
s_ip6 = nm_connection_get_setting_ip6_config (connection);
if (netmask && *netmask) {
+ gboolean is_ipv4 = client_ip_family == AF_INET;
NMIPAddr addr;
- if (nm_utils_parse_inaddr_bin (AF_INET, netmask, NULL, &addr))
+ if (is_ipv4 && nm_utils_parse_inaddr_bin (AF_INET, netmask, NULL, &addr))
client_ip_prefix = nm_utils_ip4_netmask_to_prefix (addr.addr4);
else
- client_ip_prefix = _nm_utils_ascii_str_to_int64 (netmask, 10, 0, 32, -1);
+ client_ip_prefix = _nm_utils_ascii_str_to_int64 (netmask, 10, 0, is_ipv4 ? 32 : 128, -1);
if (client_ip_prefix == -1)
_LOGW (LOGD_CORE, "Invalid IP mask: %s", netmask);
diff --git a/src/initrd/tests/test-cmdline-reader.c b/src/initrd/tests/test-cmdline-reader.c
index 4a2f33fc02..d67f599337 100644
--- a/src/initrd/tests/test-cmdline-reader.c
+++ b/src/initrd/tests/test-cmdline-reader.c
@@ -341,7 +341,7 @@ test_multiple_merge (void)
{
gs_unref_hashtable GHashTable *connections = NULL;
const char *const*ARGV = NM_MAKE_STRV ("ip=192.0.2.2:::::eth0",
- "ip=[2001:db8::2]:::::eth0");
+ "ip=[2001:db8::2]:::56::eth0");
NMConnection *connection;
NMSettingConnection *s_con;
NMSettingWired *s_wired;
@@ -384,6 +384,7 @@ test_multiple_merge (void)
ip_addr = nm_setting_ip_config_get_address (s_ip6, 0);
g_assert (ip_addr);
g_assert_cmpstr (nm_ip_address_get_address (ip_addr), ==, "2001:db8::2");
+ g_assert_cmpint (nm_ip_address_get_prefix (ip_addr), ==, 56);
}
static void
--
2.26.2

148
SOURCES/1019-initrd-generate-infiniband-connections-rh1883173.patch Normal file
View File

@ -0,0 +1,148 @@
From 566ef706015f01481f9e559c74ea89fc47d9cb6e Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Thu, 15 Oct 2020 09:44:52 +0200
Subject: [PATCH] initrd: generate infiniband connections
Generate infiniband connections based on the interface name or MAC
address length.
https://bugzilla.redhat.com/show_bug.cgi?id=1883173
(cherry picked from commit 317171ed6ed4560bb54191a13f71e1daec7f1ea4)
(cherry picked from commit f091730ebc98342036615176738030cbcd4b3d73)
(cherry picked from commit 7665d9b29e1d977e23d3f9b5016cb385938592f2)
---
src/initrd/nmi-cmdline-reader.c | 30 ++++++++++----
src/initrd/tests/test-cmdline-reader.c | 54 ++++++++++++++++++++++++++
2 files changed, 76 insertions(+), 8 deletions(-)
diff --git a/src/initrd/nmi-cmdline-reader.c b/src/initrd/nmi-cmdline-reader.c
index ee3dab2574..257ba3d7ae 100644
--- a/src/initrd/nmi-cmdline-reader.c
+++ b/src/initrd/nmi-cmdline-reader.c
@@ -121,12 +121,21 @@ reader_create_connection (Reader *reader,
NM_SETTING_CONNECTION_MULTI_CONNECT, multi_connect,
NULL);
- if (mac) {
- setting = nm_setting_wired_new ();
+ if (nm_streq0 (type_name, NM_SETTING_INFINIBAND_SETTING_NAME)) {
+ setting = nm_setting_infiniband_new ();
nm_connection_add_setting (connection, setting);
- g_object_set (setting,
- NM_SETTING_WIRED_MAC_ADDRESS, mac,
- NULL);
+ g_object_set (setting, NM_SETTING_INFINIBAND_TRANSPORT_MODE, "datagram", NULL);
+ }
+
+ if (mac) {
+ if (nm_streq0 (type_name, NM_SETTING_INFINIBAND_SETTING_NAME)) {
+ setting = (NMSetting *) nm_connection_get_setting_infiniband (connection);
+ g_object_set (setting, NM_SETTING_INFINIBAND_MAC_ADDRESS, mac, NULL);
+ } else {
+ setting = nm_setting_wired_new ();
+ nm_connection_add_setting (connection, setting);
+ g_object_set (setting, NM_SETTING_WIRED_MAC_ADDRESS, mac, NULL);
+ }
}
return connection;
@@ -166,7 +175,7 @@ reader_get_connection (Reader *reader,
if (nm_utils_is_valid_iface_name (iface_spec, NULL))
ifname = iface_spec;
else {
- mac = nm_utils_hwaddr_canonical (iface_spec, ETH_ALEN);
+ mac = nm_utils_hwaddr_canonical (iface_spec, -1);
if (!mac)
_LOGW (LOGD_CORE, "invalid interface '%s'", iface_spec);
}
@@ -206,8 +215,13 @@ reader_get_connection (Reader *reader,
if (!create_if_missing)
return NULL;
- if (!type_name)
- type_name = NM_SETTING_WIRED_SETTING_NAME;
+ if (!type_name) {
+ if ( NM_STR_HAS_PREFIX (ifname, "ib")
+ || (mac && nm_utils_hwaddr_valid (mac, INFINIBAND_ALEN)))
+ type_name = NM_SETTING_INFINIBAND_SETTING_NAME;
+ else
+ type_name = NM_SETTING_WIRED_SETTING_NAME;
+ }
connection = reader_create_connection (reader, ifname ?: mac,
ifname ?: (mac ?: "Wired Connection"),
diff --git a/src/initrd/tests/test-cmdline-reader.c b/src/initrd/tests/test-cmdline-reader.c
index d67f599337..d6966023a9 100644
--- a/src/initrd/tests/test-cmdline-reader.c
+++ b/src/initrd/tests/test-cmdline-reader.c
@@ -1600,6 +1600,58 @@ test_dhcp_vendor_class_id (void)
g_assert (nm_setting_ip4_config_get_dhcp_vendor_class_identifier (s_ip4) == NULL);
}
+static void
+test_infiniband_iface (void)
+{
+ gs_unref_hashtable GHashTable *connections = NULL;
+ const char *const *ARGV = NM_MAKE_STRV ("ip=ib1:dhcp");
+ NMConnection *connection;
+ NMSettingInfiniband *s_ib;
+ gs_free char *hostname = NULL;
+
+ connections = nmi_cmdline_reader_parse (TEST_INITRD_DIR "/sysfs", ARGV, &hostname);
+ g_assert (connections);
+ g_assert_cmpint (g_hash_table_size (connections), ==, 1);
+ g_assert_cmpstr (hostname, ==, NULL);
+
+ connection = g_hash_table_lookup (connections, "ib1");
+ g_assert (connection);
+ nmtst_assert_connection_verifies_without_normalization (connection);
+ g_assert_cmpstr (nm_connection_get_connection_type (connection),
+ ==,
+ NM_SETTING_INFINIBAND_SETTING_NAME);
+ s_ib = nm_connection_get_setting_infiniband (connection);
+ g_assert (s_ib);
+}
+
+static void
+test_infiniband_mac (void)
+{
+ gs_unref_hashtable GHashTable *connections = NULL;
+ const char *const *ARGV = NM_MAKE_STRV("ip=00-11-22-33-44-55-66-77-88-99-aa-bb-cc-dd-ee-ff-00-11-22-33:dhcp");
+ NMConnection *connection;
+ NMSettingInfiniband *s_ib;
+ gs_free char *hostname = NULL;
+
+ connections = nmi_cmdline_reader_parse (TEST_INITRD_DIR "/sysfs", ARGV, &hostname);
+ g_assert (connections);
+ g_assert_cmpint (g_hash_table_size (connections), ==, 1);
+ g_assert_cmpstr (hostname, ==, NULL);
+
+ connection = g_hash_table_lookup (connections, "00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33");
+ g_assert (connection);
+ nmtst_assert_connection_verifies_without_normalization (connection);
+ g_assert_cmpstr (nm_connection_get_connection_type (connection),
+ ==,
+ NM_SETTING_INFINIBAND_SETTING_NAME);
+ g_assert_cmpstr (nm_connection_get_interface_name (connection), ==, NULL);
+ s_ib = nm_connection_get_setting_infiniband (connection);
+ g_assert (s_ib);
+ g_assert_cmpstr (nm_setting_infiniband_get_mac_address (s_ib),
+ ==,
+ "00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33");
+}
+
NMTST_DEFINE ();
int main (int argc, char **argv)
@@ -1639,6 +1691,8 @@ int main (int argc, char **argv)
g_test_add_func ("/initrd/cmdline/bootif/off", test_bootif_off);
g_test_add_func ("/initrd/cmdline/neednet", test_neednet);
g_test_add_func ("/initrd/cmdline/dhcp/vendor_class_id", test_dhcp_vendor_class_id);
+ g_test_add_func("/initrd/cmdline/infiniband/iface", test_infiniband_iface);
+ g_test_add_func("/initrd/cmdline/infiniband/mac", test_infiniband_mac);
return g_test_run ();
}
--
2.26.2

42
SOURCES/1020-fix-unauth-user-can-make-nm-crash-rh1890887.patch Normal file
View File

@ -0,0 +1,42 @@
From 62536f5ebddfca3e57f8771c8480a52fc4d558d1 Mon Sep 17 00:00:00 2001
From: Antonio Cardace <acardace@redhat.com>
Date: Thu, 22 Oct 2020 14:40:15 +0200
Subject: [PATCH 1/1] manager: fix very bad usage of
'nm_utils_user_data_unpack'
This results in the args of 'nm_utils_user_data_unpack'
containing random data potentially also from the
previous stack-frame which is really really bad.
Signed-off-by: Antonio Cardace <acardace@redhat.com>
Fixes: b50702775f1b ('device: implement auth-request as async operation nm_manager_device_auth_request()')
(cherry picked from commit b6a18e059302117157971e7c5f551fc40d864e89)
(cherry picked from commit 50adaf7414a62f08a309f11941453eae75c9e0e9)
(cherry picked from commit 72a2e34b42e9f6e38ba2fc5b5db96015930827a2)
---
src/nm-manager.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/nm-manager.c b/src/nm-manager.c
index 778e3b946..57f3e8dd9 100644
--- a/src/nm-manager.c
+++ b/src/nm-manager.c
@@ -2453,7 +2453,14 @@ _device_auth_done_fail_on_idle (gpointer user_data, GCancellable *cancellable)
NMManagerDeviceAuthRequestFunc callback;
gpointer callback_user_data;
- nm_utils_user_data_unpack (&self, &device, &context, &subject, &error_original, &callback, &callback_user_data);
+ nm_utils_user_data_unpack (user_data,
+ &self,
+ &device,
+ &context,
+ &subject,
+ &error_original,
+ &callback,
+ &callback_user_data);
g_cancellable_set_error_if_cancelled (cancellable, &error_cancelled);
--
2.28.0

706
SOURCES/1021-initrd-vlan-fixes-rh1903695-rh1903698.patch Normal file
View File

@ -0,0 +1,706 @@
From 61636ae740e7de1ad75202cd1d2adfd506f7d5c0 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Wed, 22 Jul 2020 12:24:59 +0200
Subject: [PATCH 1/4] shared: add nm_strv_ptrarray_ensure() and
nm_strv_ptrarray_find_first() helpers
(cherry picked from commit 99296d4c6caee60065286210f1f5fb4d653861bd)
(cherry picked from commit 0ae9e9ec5eddbfd34f073a60819e02aa648e312c)
Signed-off-by: Antonio Cardace <acardace@redhat.com>
---
shared/nm-glib-aux/nm-shared-utils.h | 27 +++++++++++++++++++++++++++
1 file changed, 27 insertions(+)
diff --git a/shared/nm-glib-aux/nm-shared-utils.h b/shared/nm-glib-aux/nm-shared-utils.h
index b17c8d1a0..f33949e61 100644
--- a/shared/nm-glib-aux/nm-shared-utils.h
+++ b/shared/nm-glib-aux/nm-shared-utils.h
@@ -1771,6 +1771,17 @@ GSource *nm_utils_g_main_context_create_integrate_source (GMainContext *internal
/*****************************************************************************/
+static inline GPtrArray *
+nm_strv_ptrarray_ensure (GPtrArray **p_arr)
+{
+ nm_assert (p_arr);
+
+ if (G_UNLIKELY (!*p_arr))
+ *p_arr = g_ptr_array_new_with_free_func (g_free);
+
+ return *p_arr;
+}
+
static inline void
nm_strv_ptrarray_add_string_take (GPtrArray *cmd,
char *str)
@@ -1809,6 +1820,22 @@ nm_strv_ptrarray_take_gstring (GPtrArray *cmd,
FALSE));
}
+static inline gssize
+nm_strv_ptrarray_find_first (const GPtrArray *strv,
+ const char *str)
+{
+ if (!strv)
+ return -1;
+ return nm_utils_strv_find_first ((char **) strv->pdata, strv->len, str);
+}
+
+static inline gboolean
+nm_strv_ptrarray_contains (const GPtrArray *strv,
+ const char *str)
+{
+ return nm_strv_ptrarray_find_first (strv, str) >= 0;
+}
+
/*****************************************************************************/
int nm_utils_getpagesize (void);
--
2.28.0
From 2d5322ba201152f41010a4629a659c424520e2be Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Thu, 19 Nov 2020 11:06:04 +0100
Subject: [PATCH 2/4] initrd: add test for prefixed address in ip= argument
(cherry picked from commit 584e9048b3dd7e8c550e56d2da5398516398be0f)
(cherry picked from commit 58a6697e96b19707b0bd07e11c2c646982739e95)
(cherry picked from commit d7361496a207b3476c0da34e7dcc08394914b9a7)
Signed-off-by: Antonio Cardace <acardace@redhat.com>
---
src/initrd/tests/test-cmdline-reader.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/initrd/tests/test-cmdline-reader.c b/src/initrd/tests/test-cmdline-reader.c
index d6966023a..565bb9e8f 100644
--- a/src/initrd/tests/test-cmdline-reader.c
+++ b/src/initrd/tests/test-cmdline-reader.c
@@ -340,7 +340,7 @@ static void
test_multiple_merge (void)
{
gs_unref_hashtable GHashTable *connections = NULL;
- const char *const*ARGV = NM_MAKE_STRV ("ip=192.0.2.2:::::eth0",
+ const char *const*ARGV = NM_MAKE_STRV ("ip=192.0.2.2/16:::::eth0",
"ip=[2001:db8::2]:::56::eth0");
NMConnection *connection;
NMSettingConnection *s_con;
@@ -375,6 +375,7 @@ test_multiple_merge (void)
ip_addr = nm_setting_ip_config_get_address (s_ip4, 0);
g_assert (ip_addr);
g_assert_cmpstr (nm_ip_address_get_address (ip_addr), ==, "192.0.2.2");
+ g_assert_cmpint (nm_ip_address_get_prefix (ip_addr), ==, 16);
s_ip6 = nm_connection_get_setting_ip6_config (connection);
g_assert (s_ip6);
--
2.28.0
From c6668afd87b53521ad574a7876f25a34f6a9b3f5 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Tue, 17 Nov 2020 11:10:54 +0100
Subject: [PATCH 3/4] initrd: fix parsing of ip= argument with dotted interface
name
The command line parser looks for a dot or a colon to determine
whether the first token in a ip= argument is a IPv4 address (dot), an
IPv6 address (colon) or an interface name (none). This strategy
doesn't work for interface names containing a dot (typically VLANs).
Instead, try to parse the IPv4/IPv6 address in the token; if this
fails then consider the token as an interface name.
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/581
(cherry picked from commit 4aa902ecf537fbf14fd483a336b83b2139025681)
(cherry picked from commit f766b3cbae0db7e3b7421bfdffc1d6182717e05c)
(cherry picked from commit a2ce810b87981f586e4acb993f7658c1da06b67e)
Signed-off-by: Antonio Cardace <acardace@redhat.com>
---
src/initrd/nm-initrd-generator.h | 24 ++++++++-----
src/initrd/nmi-cmdline-reader.c | 39 +++++++++-----------
src/initrd/nmi-ibft-reader.c | 4 +--
src/initrd/tests/test-cmdline-reader.c | 49 ++++++++++++++++++++++++++
4 files changed, 82 insertions(+), 34 deletions(-)
diff --git a/src/initrd/nm-initrd-generator.h b/src/initrd/nm-initrd-generator.h
index 8e17f0455..e7647edd7 100644
--- a/src/initrd/nm-initrd-generator.h
+++ b/src/initrd/nm-initrd-generator.h
@@ -11,17 +11,23 @@
#define NMI_WAIT_DEVICE_TIMEOUT_MS 60000
-static inline gboolean
-guess_ip_address_family (const char *str)
+static inline int
+get_ip_address_family (const char *str, gboolean with_prefix)
{
- if (str == NULL)
- return AF_UNSPEC;
- else if (strchr (str, '.'))
- return AF_INET;
- else if (strchr (str, ':'))
- return AF_INET6;
- else
+ int addr_family;
+
+ if (!str)
return AF_UNSPEC;
+
+ if (with_prefix) {
+ if (nm_utils_parse_inaddr_prefix_bin (AF_UNSPEC, str, &addr_family, NULL, NULL))
+ return addr_family;
+ } else {
+ if (nm_utils_parse_inaddr_bin (AF_UNSPEC, str, &addr_family, NULL))
+ return addr_family;
+ }
+
+ return AF_UNSPEC;
}
GHashTable *nmi_ibft_read (const char *sysfs_dir);
diff --git a/src/initrd/nmi-cmdline-reader.c b/src/initrd/nmi-cmdline-reader.c
index 257ba3d7a..1b693758f 100644
--- a/src/initrd/nmi-cmdline-reader.c
+++ b/src/initrd/nmi-cmdline-reader.c
@@ -385,7 +385,7 @@ reader_parse_ip (Reader *reader, const char *sysfs_dir, char *argument)
/* ip={dhcp|on|any|dhcp6|auto6|ibft} */
kind = tmp;
} else {
- client_ip_family = guess_ip_address_family (tmp);
+ client_ip_family = get_ip_address_family (tmp, TRUE);
if (client_ip_family != AF_UNSPEC) {
/* <client-IP>:[<peer>]:<gateway-IP>:<netmask>:<client_hostname>: */
client_ip = tmp;
@@ -411,11 +411,11 @@ reader_parse_ip (Reader *reader, const char *sysfs_dir, char *argument)
kind = get_word (&argument, ':');
tmp = get_word (&argument, ':');
- dns_addr_family[0] = guess_ip_address_family (tmp);
+ dns_addr_family[0] = get_ip_address_family (tmp, FALSE);
if (dns_addr_family[0] != AF_UNSPEC) {
dns[0] = tmp;
dns[1] = get_word (&argument, ':');
- dns_addr_family[1] = guess_ip_address_family (dns[1]);
+ dns_addr_family[1] = get_ip_address_family (dns[1], FALSE);
if (*argument)
_LOGW (LOGD_CORE, "Ignoring extra: '%s'.", argument);
} else {
@@ -475,9 +475,8 @@ reader_parse_ip (Reader *reader, const char *sysfs_dir, char *argument)
_LOGW (LOGD_CORE, "Invalid address '%s': %s", client_ip, error->message);
g_clear_error (&error);
}
- } else {
- _LOGW (LOGD_CORE, "Unrecognized address: %s", client_ip);
- }
+ } else
+ nm_assert_not_reached ();
if (address) {
switch (client_ip_family) {
@@ -496,7 +495,7 @@ reader_parse_ip (Reader *reader, const char *sysfs_dir, char *argument)
nm_setting_ip_config_add_address (s_ip6, address);
break;
default:
- _LOGW (LOGD_CORE, "Unknown address family: %s", client_ip);
+ nm_assert_not_reached ();
break;
}
nm_ip_address_unref (address);
@@ -579,22 +578,16 @@ reader_parse_ip (Reader *reader, const char *sysfs_dir, char *argument)
_LOGW (LOGD_CORE, "Ignoring peer: %s (not implemented)\n", peer);
if (gateway_ip && *gateway_ip) {
- int addr_family = guess_ip_address_family (gateway_ip);
-
- if (nm_utils_ipaddr_is_valid (addr_family, gateway_ip)) {
- switch (addr_family) {
- case AF_INET:
- g_object_set (s_ip4, NM_SETTING_IP_CONFIG_GATEWAY, gateway_ip, NULL);
- break;
- case AF_INET6:
- g_object_set (s_ip6, NM_SETTING_IP_CONFIG_GATEWAY, gateway_ip, NULL);
- break;
- default:
- _LOGW (LOGD_CORE, "Unknown address family: %s", gateway_ip);
- break;
- }
- } else {
+ switch (get_ip_address_family (gateway_ip, FALSE)) {
+ case AF_INET:
+ g_object_set (s_ip4, NM_SETTING_IP_CONFIG_GATEWAY, gateway_ip, NULL);
+ break;
+ case AF_INET6:
+ g_object_set (s_ip6, NM_SETTING_IP_CONFIG_GATEWAY, gateway_ip, NULL);
+ break;
+ default:
_LOGW (LOGD_CORE, "Invalid gateway: %s", gateway_ip);
+ break;
}
}
@@ -893,7 +886,7 @@ reader_add_nameservers (Reader *reader, GPtrArray *nameservers)
for (i = 0; i < nameservers->len; i++) {
ns = nameservers->pdata[i];
- addr_family = guess_ip_address_family (ns);
+ addr_family = get_ip_address_family (ns, FALSE);
if (addr_family == AF_UNSPEC) {
_LOGW (LOGD_CORE, "Unknown address family: %s", ns);
continue;
diff --git a/src/initrd/nmi-ibft-reader.c b/src/initrd/nmi-ibft-reader.c
index fe6f6432a..bdb99e67e 100644
--- a/src/initrd/nmi-ibft-reader.c
+++ b/src/initrd/nmi-ibft-reader.c
@@ -162,9 +162,9 @@ ip_setting_add_from_block (GHashTable *nic,
NULL);
}
- family = guess_ip_address_family (s_ipaddr);
+ family = get_ip_address_family (s_ipaddr, FALSE);
if (family == AF_UNSPEC)
- family = guess_ip_address_family (s_gateway);
+ family = get_ip_address_family (s_gateway, FALSE);
switch (family) {
case AF_INET:
diff --git a/src/initrd/tests/test-cmdline-reader.c b/src/initrd/tests/test-cmdline-reader.c
index 565bb9e8f..53ddccc27 100644
--- a/src/initrd/tests/test-cmdline-reader.c
+++ b/src/initrd/tests/test-cmdline-reader.c
@@ -1064,6 +1064,54 @@ test_team (void)
g_assert_cmpint (nm_setting_connection_get_multi_connect (s_con), ==, NM_CONNECTION_MULTI_CONNECT_SINGLE);
}
+static void
+test_vlan (void)
+{
+ const char *const *ARGV0 = NM_MAKE_STRV ("ip=eth0.100:dhcp", "vlan=eth0.100:eth0");
+ const char *const *ARGV1 = NM_MAKE_STRV ("vlan=eth0.100:eth0", "ip=eth0.100:dhcp");
+ const char *const *ARGV[] = {ARGV0, ARGV1};
+ guint i;
+
+ for (i = 0; i < G_N_ELEMENTS (ARGV); i++) {
+ gs_unref_hashtable GHashTable *connections = NULL;
+ NMConnection *connection;
+ NMSettingIPConfig *s_ip4;
+ NMSettingIPConfig *s_ip6;
+ NMSettingVlan *s_vlan;
+ gs_free char *hostname = NULL;
+
+ connections = nmi_cmdline_reader_parse (TEST_INITRD_DIR "/sysfs", ARGV[i], &hostname);
+ g_assert (connections);
+ g_assert_cmpint (g_hash_table_size (connections), ==, 1);
+ g_assert_cmpstr (hostname, ==, NULL);
+
+ connection = g_hash_table_lookup (connections, "eth0.100");
+ g_assert (connection);
+ nmtst_assert_connection_verifies_without_normalization (connection);
+ g_assert_cmpstr (nm_connection_get_connection_type (connection),
+ ==,
+ NM_SETTING_VLAN_SETTING_NAME);
+ g_assert_cmpstr (nm_connection_get_id (connection), ==, "eth0.100");
+
+ s_vlan = nm_connection_get_setting_vlan (connection);
+ g_assert (s_vlan);
+ g_assert_cmpstr (nm_setting_vlan_get_parent (s_vlan), ==, "eth0");
+ g_assert_cmpint (nm_setting_vlan_get_id (s_vlan), ==, 100);
+
+ s_ip4 = nm_connection_get_setting_ip4_config (connection);
+ g_assert (s_ip4);
+ g_assert_cmpstr (nm_setting_ip_config_get_method (s_ip4),
+ ==,
+ NM_SETTING_IP4_CONFIG_METHOD_AUTO);
+
+ s_ip6 = nm_connection_get_setting_ip6_config (connection);
+ g_assert (s_ip6);
+ g_assert_cmpstr (nm_setting_ip_config_get_method (s_ip6),
+ ==,
+ NM_SETTING_IP6_CONFIG_METHOD_AUTO);
+ }
+}
+
static void
test_ibft_ip_dev (void)
{
@@ -1675,6 +1723,7 @@ int main (int argc, char **argv)
g_test_add_func ("/initrd/cmdline/bond/ip", test_bond_ip);
g_test_add_func ("/initrd/cmdline/bond/default", test_bond_default);
g_test_add_func ("/initrd/cmdline/team", test_team);
+ g_test_add_func ("/initrd/cmdline/vlan", test_vlan);
g_test_add_func ("/initrd/cmdline/bridge", test_bridge);
g_test_add_func ("/initrd/cmdline/bridge/default", test_bridge_default);
g_test_add_func ("/initrd/cmdline/bridge/ip", test_bridge_ip);
--
2.28.0
From d7d342fb3c112513dcd5645603b524700d8e208e Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Wed, 18 Nov 2020 14:27:19 +0100
Subject: [PATCH 4/4] initrd: disable ipv4 and ipv6 by default for vlan parent
connection
Change the generator to disable by default IP configuration for the
parent connection of a VLAN, because that is what a user would expect
and what the legacy module does. Of course if the user explicitly
configures DHCP or an address for the parent interface, that overrides
the default.
Note that now the generator always creates a connection for the parent
interface. Before this commit, it did only when there was an explicit
ip= argument for the parent interface.
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/509
(cherry picked from commit f2e51ace6815bd1bd264101694b8dc65226ddd90)
(cherry picked from commit 4b0007b0370badc2fcefe529a6e680e8ffe2d9e7)
(cherry picked from commit 6e4345baac776a1b715a4173539171d4ecdd07af)
Signed-off-by: Antonio Cardace <acardace@redhat.com>
---
src/initrd/nmi-cmdline-reader.c | 40 ++++-
src/initrd/tests/test-cmdline-reader.c | 196 ++++++++++++++++++++++++-
2 files changed, 231 insertions(+), 5 deletions(-)
diff --git a/src/initrd/nmi-cmdline-reader.c b/src/initrd/nmi-cmdline-reader.c
index 1b693758f..f94cc7db8 100644
--- a/src/initrd/nmi-cmdline-reader.c
+++ b/src/initrd/nmi-cmdline-reader.c
@@ -21,6 +21,8 @@
typedef struct {
GHashTable *hash;
GPtrArray *array;
+ GPtrArray *vlan_parents;
+ GHashTable *explicit_ip_connections;
NMConnection *bootdev_connection; /* connection for bootdev=$ifname */
NMConnection *default_connection; /* connection not bound to any ifname */
char *hostname;
@@ -38,7 +40,9 @@ reader_new (void)
reader = g_slice_new (Reader);
*reader = (Reader) {
- .hash = g_hash_table_new_full (nm_str_hash, g_str_equal, g_free, g_object_unref),
+ .hash = g_hash_table_new_full (nm_str_hash, g_str_equal, g_free, g_object_unref),
+ .explicit_ip_connections = g_hash_table_new_full (nm_direct_hash, NULL, g_object_unref, NULL),
+ .vlan_parents = g_ptr_array_new_with_free_func (g_free),
.array = g_ptr_array_new (),
};
@@ -51,6 +55,8 @@ reader_destroy (Reader *reader, gboolean free_hash)
gs_unref_hashtable GHashTable *hash = NULL;
g_ptr_array_unref (reader->array);
+ g_ptr_array_unref (reader->vlan_parents);
+ g_hash_table_unref (reader->explicit_ip_connections);
hash = g_steal_pointer (&reader->hash);
nm_clear_g_free (&reader->hostname);
nm_clear_g_free (&reader->dhcp4_vci);
@@ -436,6 +442,8 @@ reader_parse_ip (Reader *reader, const char *sysfs_dir, char *argument)
else
connection = reader_get_default_connection (reader);
+ g_hash_table_add (reader->explicit_ip_connections, g_object_ref (connection));
+
s_ip4 = nm_connection_get_setting_ip4_config (connection);
s_ip6 = nm_connection_get_setting_ip6_config (connection);
@@ -789,6 +797,9 @@ reader_parse_vlan (Reader *reader, char *argument)
if (argument && *argument)
_LOGW (LOGD_CORE, "Ignoring extra: '%s'.", argument);
+
+ if (!nm_strv_ptrarray_contains (reader->vlan_parents, phy))
+ g_ptr_array_add (reader->vlan_parents, g_strdup (phy));
}
static void
@@ -1031,6 +1042,33 @@ nmi_cmdline_reader_parse (const char *sysfs_dir, const char *const*argv, char **
}
}
+ for (i = 0; i < reader->vlan_parents->len; i++) {
+ NMConnection *connection;
+ NMSettingIPConfig *s_ip;
+
+ /* Disable IP configuration for parent connections of VLANs,
+ * unless those interfaces were explicitly configured otherwise. */
+
+ connection = reader_get_connection (reader, reader->vlan_parents->pdata[i], NULL, TRUE);
+ if (!g_hash_table_contains (reader->explicit_ip_connections, connection)) {
+ s_ip = nm_connection_get_setting_ip4_config (connection);
+ if (s_ip) {
+ g_object_set (s_ip,
+ NM_SETTING_IP_CONFIG_METHOD,
+ NM_SETTING_IP4_CONFIG_METHOD_DISABLED,
+ NULL);
+ }
+
+ s_ip = nm_connection_get_setting_ip6_config (connection);
+ if (s_ip) {
+ g_object_set (s_ip,
+ NM_SETTING_IP_CONFIG_METHOD,
+ NM_SETTING_IP6_CONFIG_METHOD_DISABLED,
+ NULL);
+ }
+ }
+ }
+
if (ignore_bootif)
nm_clear_g_free (&bootif_val);
if (bootif_val) {
diff --git a/src/initrd/tests/test-cmdline-reader.c b/src/initrd/tests/test-cmdline-reader.c
index 53ddccc27..b9d2acf41 100644
--- a/src/initrd/tests/test-cmdline-reader.c
+++ b/src/initrd/tests/test-cmdline-reader.c
@@ -439,7 +439,7 @@ test_bootdev (void)
connections = nmi_cmdline_reader_parse (TEST_INITRD_DIR "/sysfs", ARGV, &hostname);
g_assert (connections);
- g_assert_cmpint (g_hash_table_size (connections), ==, 2);
+ g_assert_cmpint (g_hash_table_size (connections), ==, 3);
g_assert_cmpstr (hostname, ==, NULL);
connection = g_hash_table_lookup (connections, "ens3");
@@ -462,6 +462,18 @@ test_bootdev (void)
g_assert_cmpstr (nm_setting_connection_get_connection_type (s_con), ==, NM_SETTING_VLAN_SETTING_NAME);
g_assert_cmpstr (nm_setting_connection_get_id (s_con), ==, "vlan2");
g_assert_cmpstr (nm_setting_connection_get_interface_name (s_con), ==, "vlan2");
+
+ connection = g_hash_table_lookup (connections, "ens5");
+ g_assert (connection);
+ nmtst_assert_connection_verifies_without_normalization (connection);
+
+ s_con = nm_connection_get_setting_connection (connection);
+ g_assert (s_con);
+ g_assert_cmpstr (nm_setting_connection_get_connection_type (s_con),
+ ==,
+ NM_SETTING_WIRED_SETTING_NAME);
+ g_assert_cmpstr (nm_setting_connection_get_id (s_con), ==, "ens5");
+ g_assert_cmpstr (nm_setting_connection_get_interface_name (s_con), ==, "ens5");
}
static void
@@ -1082,9 +1094,80 @@ test_vlan (void)
connections = nmi_cmdline_reader_parse (TEST_INITRD_DIR "/sysfs", ARGV[i], &hostname);
g_assert (connections);
- g_assert_cmpint (g_hash_table_size (connections), ==, 1);
+ g_assert_cmpint (g_hash_table_size (connections), ==, 2);
g_assert_cmpstr (hostname, ==, NULL);
+ /* VLAN eth0.100 */
+ connection = g_hash_table_lookup (connections, "eth0.100");
+ g_assert (connection);
+ nmtst_assert_connection_verifies_without_normalization (connection);
+ g_assert_cmpstr (nm_connection_get_connection_type(connection),
+ ==,
+ NM_SETTING_VLAN_SETTING_NAME);
+ g_assert_cmpstr (nm_connection_get_id (connection), ==, "eth0.100");
+
+ s_vlan = nm_connection_get_setting_vlan (connection);
+ g_assert (s_vlan);
+ g_assert_cmpstr (nm_setting_vlan_get_parent (s_vlan), ==, "eth0");
+ g_assert_cmpint (nm_setting_vlan_get_id (s_vlan), ==, 100);
+
+ s_ip4 = nm_connection_get_setting_ip4_config (connection);
+ g_assert (s_ip4);
+ g_assert_cmpstr (nm_setting_ip_config_get_method (s_ip4),
+ ==,
+ NM_SETTING_IP4_CONFIG_METHOD_AUTO);
+
+ s_ip6 = nm_connection_get_setting_ip6_config (connection);
+ g_assert (s_ip6);
+ g_assert_cmpstr (nm_setting_ip_config_get_method (s_ip6),
+ ==,
+ NM_SETTING_IP6_CONFIG_METHOD_AUTO);
+
+ /* Ethernet eth0 */
+ connection = g_hash_table_lookup (connections, "eth0");
+ g_assert (connection);
+ nmtst_assert_connection_verifies_without_normalization (connection);
+ g_assert_cmpstr (nm_connection_get_connection_type (connection),
+ ==,
+ NM_SETTING_WIRED_SETTING_NAME);
+ g_assert_cmpstr (nm_connection_get_id (connection), ==, "eth0");
+
+ s_ip4 = nm_connection_get_setting_ip4_config (connection);
+ g_assert (s_ip4);
+ g_assert_cmpstr (nm_setting_ip_config_get_method (s_ip4),
+ ==,
+ NM_SETTING_IP4_CONFIG_METHOD_DISABLED);
+
+ s_ip6 = nm_connection_get_setting_ip6_config (connection);
+ g_assert (s_ip6);
+ g_assert_cmpstr (nm_setting_ip_config_get_method (s_ip6),
+ ==,
+ NM_SETTING_IP6_CONFIG_METHOD_DISABLED);
+ }
+}
+
+static void
+test_vlan_with_dhcp_on_parent (void)
+{
+ const char *const *ARGV0 = NM_MAKE_STRV ("vlan=eth0.100:eth0", "ip=eth0:dhcp");
+ const char *const *ARGV1 = NM_MAKE_STRV ("ip=eth0:dhcp", "vlan=eth0.100:eth0");
+ const char *const *ARGV[] = {ARGV0, ARGV1};
+ guint i;
+
+ for (i = 0; i < G_N_ELEMENTS (ARGV); i++) {
+ gs_unref_hashtable GHashTable *connections = NULL;
+ NMConnection *connection;
+ NMSettingIPConfig *s_ip4;
+ NMSettingIPConfig *s_ip6;
+ NMSettingVlan *s_vlan;
+ gs_free char *hostname = NULL;
+
+ connections = nmi_cmdline_reader_parse (TEST_INITRD_DIR "/sysfs", ARGV[i], &hostname);
+ g_assert (connections);
+ g_assert_cmpint (g_hash_table_size (connections), ==, 2);
+ g_assert_cmpstr (hostname, ==, NULL);
+
+ /* VLAN eth0.100 */
connection = g_hash_table_lookup (connections, "eth0.100");
g_assert (connection);
nmtst_assert_connection_verifies_without_normalization (connection);
@@ -1093,16 +1176,37 @@ test_vlan (void)
NM_SETTING_VLAN_SETTING_NAME);
g_assert_cmpstr (nm_connection_get_id (connection), ==, "eth0.100");
+ s_ip4 = nm_connection_get_setting_ip4_config (connection);
+ g_assert (s_ip4);
+ g_assert_cmpstr (nm_setting_ip_config_get_method (s_ip4),
+ ==,
+ NM_SETTING_IP4_CONFIG_METHOD_AUTO);
+
+ s_ip6 = nm_connection_get_setting_ip6_config (connection);
+ g_assert (s_ip6);
+ g_assert_cmpstr (nm_setting_ip_config_get_method (s_ip6),
+ ==,
+ NM_SETTING_IP6_CONFIG_METHOD_AUTO);
+
s_vlan = nm_connection_get_setting_vlan (connection);
g_assert (s_vlan);
g_assert_cmpstr (nm_setting_vlan_get_parent (s_vlan), ==, "eth0");
g_assert_cmpint (nm_setting_vlan_get_id (s_vlan), ==, 100);
+ /* Ethernet eth0 */
+ connection = g_hash_table_lookup (connections, "eth0");
+ g_assert (connection);
+ nmtst_assert_connection_verifies_without_normalization (connection);
+ g_assert_cmpstr (nm_connection_get_connection_type (connection),
+ ==,
+ NM_SETTING_WIRED_SETTING_NAME);
+ g_assert_cmpstr (nm_connection_get_id (connection), ==, "eth0");
+
s_ip4 = nm_connection_get_setting_ip4_config (connection);
g_assert (s_ip4);
g_assert_cmpstr (nm_setting_ip_config_get_method (s_ip4),
- ==,
- NM_SETTING_IP4_CONFIG_METHOD_AUTO);
+ ==,
+ NM_SETTING_IP4_CONFIG_METHOD_AUTO);
s_ip6 = nm_connection_get_setting_ip6_config (connection);
g_assert (s_ip6);
@@ -1112,6 +1216,88 @@ test_vlan (void)
}
}
+static void
+test_vlan_over_bond (void)
+{
+ const char *const *ARGV0 = NM_MAKE_STRV ("ip=1.2.3.4:::24::vlan1:none",
+ "bond=bond2:ens3,ens4:mode=active-backup",
+ "vlan=vlan1:bond2");
+ const char *const *ARGV1 = NM_MAKE_STRV ("vlan=vlan1:bond2",
+ "ip=1.2.3.4:::24::vlan1:none",
+ "bond=bond2:ens3,ens4:mode=active-backup");
+ const char *const *ARGV2 = NM_MAKE_STRV ("bond=bond2:ens3,ens4:mode=active-backup",
+ "ip=1.2.3.4:::24::vlan1:none",
+ "vlan=vlan1:bond2");
+ const char *const *ARGV[] = {ARGV0, ARGV1, ARGV2};
+ guint i;
+
+ for (i = 0; i < G_N_ELEMENTS (ARGV); i++) {
+ gs_unref_hashtable GHashTable *connections = NULL;
+ NMConnection *connection;
+ NMSettingIPConfig *s_ip4;
+ NMSettingIPConfig *s_ip6;
+ NMSettingVlan *s_vlan;
+ gs_free char *hostname = NULL;
+
+ connections = nmi_cmdline_reader_parse (TEST_INITRD_DIR "/sysfs", ARGV[i], &hostname);
+ g_assert (connections);
+ g_assert_cmpint (g_hash_table_size (connections), ==, 4);
+ g_assert_cmpstr (hostname, ==, NULL);
+
+ /* VLAN vlan1 */
+ connection = g_hash_table_lookup (connections, "vlan1");
+ g_assert (connection);
+ nmtst_assert_connection_verifies_without_normalization (connection);
+ g_assert_cmpstr (nm_connection_get_connection_type (connection),
+ ==,
+ NM_SETTING_VLAN_SETTING_NAME);
+ g_assert_cmpstr (nm_connection_get_id (connection), ==, "vlan1");
+
+ s_ip4 = nm_connection_get_setting_ip4_config(connection);
+ g_assert (s_ip4);
+ g_assert_cmpstr (nm_setting_ip_config_get_method (s_ip4),
+ ==,
+ NM_SETTING_IP4_CONFIG_METHOD_MANUAL);
+
+ s_ip6 = nm_connection_get_setting_ip6_config (connection);
+ g_assert (s_ip6);
+ g_assert_cmpstr (nm_setting_ip_config_get_method (s_ip6),
+ ==,
+ NM_SETTING_IP6_CONFIG_METHOD_DISABLED);
+ s_vlan = nm_connection_get_setting_vlan (connection);
+ g_assert (s_vlan);
+ g_assert_cmpstr(nm_setting_vlan_get_parent (s_vlan), ==, "bond2");
+ g_assert_cmpint(nm_setting_vlan_get_id (s_vlan), ==, 1);
+
+ /* Bond bond2 */
+ connection = g_hash_table_lookup (connections, "bond2");
+ g_assert (connection);
+ nmtst_assert_connection_verifies_without_normalization (connection);
+ g_assert_cmpstr (nm_connection_get_connection_type (connection),
+ ==,
+ NM_SETTING_BOND_SETTING_NAME);
+ g_assert_cmpstr(nm_connection_get_id (connection), ==, "bond2");
+
+ s_ip4 = nm_connection_get_setting_ip4_config (connection);
+ g_assert (s_ip4);
+ g_assert_cmpstr (nm_setting_ip_config_get_method (s_ip4),
+ ==,
+ NM_SETTING_IP4_CONFIG_METHOD_DISABLED);
+
+ s_ip6 = nm_connection_get_setting_ip6_config (connection);
+ g_assert (s_ip6);
+ g_assert_cmpstr (nm_setting_ip_config_get_method (s_ip6),
+ ==,
+ NM_SETTING_IP6_CONFIG_METHOD_DISABLED);
+
+ /* Ethernet ens3 and ens4 */
+ connection = g_hash_table_lookup (connections, "ens3");
+ g_assert (connection);
+ connection = g_hash_table_lookup (connections, "ens4");
+ g_assert (connection);
+ }
+}
+
static void
test_ibft_ip_dev (void)
{
@@ -1724,6 +1910,8 @@ int main (int argc, char **argv)
g_test_add_func ("/initrd/cmdline/bond/default", test_bond_default);
g_test_add_func ("/initrd/cmdline/team", test_team);
g_test_add_func ("/initrd/cmdline/vlan", test_vlan);
+ g_test_add_func ("/initrd/cmdline/vlan/dhcp-on-parent", test_vlan_with_dhcp_on_parent);
+ g_test_add_func ("/initrd/cmdline/vlan/over-bond", test_vlan_over_bond);
g_test_add_func ("/initrd/cmdline/bridge", test_bridge);
g_test_add_func ("/initrd/cmdline/bridge/default", test_bridge_default);
g_test_add_func ("/initrd/cmdline/bridge/ip", test_bridge_ip);
--
2.28.0

232
SOURCES/1022-initrd-fix-parsing-with-empty-token-rh1902791.patch Normal file
View File

@ -0,0 +1,232 @@
From aaf22cfa2ac38f786faab16d027c29616c9f9385 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Wed, 25 Nov 2020 17:39:48 +0100
Subject: [PATCH 1/1] initrd: fix parsing of ip= arguments with empty first
token
The parser checks if the first token of an ip= argument is an IP
address to determine which of the two possible syntaxes is used:
ip=<interface>:{dhcp|on|any|dhcp6|auto6}[:[<mtu>][:<macaddr>]]
ip=<client-IP>:[<peer>]:<gateway-IP>:<netmask>:<client_hostname>:<interface>:{none|off|dhcp|on|any|dhcp6|auto6|ibft}[:[<mtu>][:<macaddr>]]
This works as long as the first token is not empty, which - according
to the dracut.cmdline man page - seems to be guaranteed.
However, the network-legacy dracut plugin accepts an empty interface
or client IP. Also, if a user needs DHCP and wants to specify a
hostname, the only possible syntax is:
ip=::::<hostname>::dhcp
Change the parser to check the second token instead, similarly to what
the network-legacy module does [1].
[1] https://github.com/dracutdevs/dracut/blob/050/modules.d/40network/net-lib.sh#L490
https://bugzilla.redhat.com/show_bug.cgi?id=1900260
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/693
(cherry picked from commit b0c018830e7884e7457b8ea44553946ff680eb89)
(cherry picked from commit 435d662669cf487abe91c31b94ac71239073ce98)
(cherry picked from commit d67d0a34950fb44d66aea9e45c1d09b82fcaa18b)
Signed-off-by: Antonio Cardace <acardace@redhat.com>
---
src/initrd/nmi-cmdline-reader.c | 37 ++++++---
src/initrd/tests/test-cmdline-reader.c | 100 ++++++++++++++++++++++++-
2 files changed, 126 insertions(+), 11 deletions(-)
diff --git a/src/initrd/nmi-cmdline-reader.c b/src/initrd/nmi-cmdline-reader.c
index f94cc7db8..17e0ce5d4 100644
--- a/src/initrd/nmi-cmdline-reader.c
+++ b/src/initrd/nmi-cmdline-reader.c
@@ -367,6 +367,7 @@ reader_parse_ip (Reader *reader, const char *sysfs_dir, char *argument)
NMSettingIPConfig *s_ip4 = NULL, *s_ip6 = NULL;
gs_unref_hashtable GHashTable *ibft = NULL;
const char *tmp;
+ const char *tmp2;
const char *kind = NULL;
const char *client_ip = NULL;
const char *peer = NULL;
@@ -391,17 +392,37 @@ reader_parse_ip (Reader *reader, const char *sysfs_dir, char *argument)
/* ip={dhcp|on|any|dhcp6|auto6|ibft} */
kind = tmp;
} else {
- client_ip_family = get_ip_address_family (tmp, TRUE);
- if (client_ip_family != AF_UNSPEC) {
- /* <client-IP>:[<peer>]:<gateway-IP>:<netmask>:<client_hostname>: */
+ tmp2 = get_word (&argument, ':');
+ if (NM_IN_STRSET (tmp2,
+ "none",
+ "off",
+ "dhcp",
+ "on"
+ "any",
+ "dhcp6",
+ "auto",
+ "auto6",
+ "ibft")) {
+ /* <ifname>:{none|off|dhcp|on|any|dhcp6|auto|auto6|ibft} */
+ iface_spec = tmp;
+ kind = tmp2;
+ } else {
+ /* <client-IP>:[<peer>]:<gateway-IP>:<netmask>:<client_hostname>:<kind> */
client_ip = tmp;
- peer = get_word (&argument, ':');
+ if (client_ip) {
+ client_ip_family = get_ip_address_family (client_ip, TRUE);
+ if (client_ip_family == AF_UNSPEC) {
+ _LOGW (LOGD_CORE, "Invalid IP address '%s'.", client_ip);
+ return;
+ }
+ }
+
+ peer = tmp2;
gateway_ip = get_word (&argument, ':');
netmask = get_word (&argument, ':');
client_hostname = get_word (&argument, ':');
iface_spec = get_word (&argument, ':');
- } else {
- iface_spec = tmp;
+ kind = get_word (&argument, ':');
}
if (client_hostname && !nm_sd_hostname_is_valid (client_hostname, FALSE))
@@ -412,10 +433,6 @@ reader_parse_ip (Reader *reader, const char *sysfs_dir, char *argument)
reader->hostname = g_strdup (client_hostname);
}
- /* <ifname>:{none|off|dhcp|on|any|dhcp6|auto6|ibft} */
-
- kind = get_word (&argument, ':');
-
tmp = get_word (&argument, ':');
dns_addr_family[0] = get_ip_address_family (tmp, FALSE);
if (dns_addr_family[0] != AF_UNSPEC) {
diff --git a/src/initrd/tests/test-cmdline-reader.c b/src/initrd/tests/test-cmdline-reader.c
index b9d2acf41..f5c1a1422 100644
--- a/src/initrd/tests/test-cmdline-reader.c
+++ b/src/initrd/tests/test-cmdline-reader.c
@@ -75,6 +75,103 @@ test_auto (void)
g_assert (!nm_setting_ip_config_get_gateway (s_ip6));
}
+static void
+test_dhcp_with_hostname (void)
+{
+ gs_unref_hashtable GHashTable *connections = NULL;
+ const char *const *ARGV = NM_MAKE_STRV ("ip=::::host1::dhcp");
+ NMConnection *connection;
+ NMSettingConnection *s_con;
+ NMSettingWired *s_wired;
+ NMSettingIPConfig *s_ip4;
+ NMSettingIPConfig *s_ip6;
+ gs_free char *hostname = NULL;
+
+ connections = nmi_cmdline_reader_parse (TEST_INITRD_DIR "/sysfs", ARGV, &hostname);
+ g_assert (connections);
+ g_assert_cmpint (g_hash_table_size (connections), ==, 1);
+ g_assert_cmpstr (hostname, ==, "host1");
+
+ connection = g_hash_table_lookup (connections, "default_connection");
+ g_assert (connection);
+ nmtst_assert_connection_verifies_without_normalization (connection);
+
+ g_assert (!nm_connection_get_setting_vlan (connection));
+
+ s_con = nm_connection_get_setting_connection (connection);
+ g_assert (s_con);
+ g_assert_cmpstr (nm_setting_connection_get_connection_type (s_con), ==, NM_SETTING_WIRED_SETTING_NAME);
+ g_assert_cmpstr (nm_setting_connection_get_id (s_con), ==, "Wired Connection");
+ g_assert_cmpint (nm_setting_connection_get_timestamp (s_con), ==, 0);
+ g_assert_cmpint (nm_setting_connection_get_multi_connect (s_con), ==, NM_CONNECTION_MULTI_CONNECT_MULTIPLE);
+ g_assert_cmpint (nm_setting_connection_get_wait_device_timeout (s_con), ==, -1);
+
+ g_assert (nm_setting_connection_get_autoconnect (s_con));
+
+ s_wired = nm_connection_get_setting_wired (connection);
+ g_assert (s_wired);
+ g_assert (!nm_setting_wired_get_mac_address (s_wired));
+ g_assert_cmpint (nm_setting_wired_get_mtu (s_wired), ==, 0);
+
+ s_ip4 = nm_connection_get_setting_ip4_config (connection);
+ g_assert (s_ip4);
+ g_assert_cmpstr (nm_setting_ip_config_get_method (s_ip4), ==, NM_SETTING_IP4_CONFIG_METHOD_AUTO);
+
+ s_ip6 = nm_connection_get_setting_ip6_config (connection);
+ g_assert (s_ip6);
+ g_assert_cmpstr (nm_setting_ip_config_get_method (s_ip6), ==, NM_SETTING_IP6_CONFIG_METHOD_AUTO);
+}
+
+static void
+test_dhcp_with_mtu (void)
+{
+ const char *const *ARGV0 = NM_MAKE_STRV ("ip=:dhcp:1499");
+ const char *const *ARGV1 = NM_MAKE_STRV ("ip=::::::dhcp:1499");
+ const char *const *ARGV[] = {ARGV0, ARGV1};
+ guint i;
+
+ for (i = 0; i < G_N_ELEMENTS (ARGV); i++) {
+ gs_unref_hashtable GHashTable *connections = NULL;
+ NMConnection *connection;
+ NMSettingConnection *s_con;
+ NMSettingWired *s_wired;
+ NMSettingIPConfig *s_ip4;
+ NMSettingIPConfig *s_ip6;
+ gs_free char *hostname = NULL;
+
+ connections = nmi_cmdline_reader_parse (TEST_INITRD_DIR "/sysfs", ARGV[i], &hostname);
+ g_assert (connections);
+ g_assert_cmpint (g_hash_table_size (connections), ==, 1);
+ g_assert_cmpstr (hostname, ==, NULL);
+
+ connection = g_hash_table_lookup (connections, "default_connection");
+ g_assert (connection);
+ nmtst_assert_connection_verifies_without_normalization (connection);
+
+ s_con = nm_connection_get_setting_connection (connection);
+ g_assert (s_con);
+ g_assert_cmpstr (nm_setting_connection_get_connection_type (s_con), ==, NM_SETTING_WIRED_SETTING_NAME);
+ g_assert_cmpstr (nm_setting_connection_get_id (s_con), ==, "Wired Connection");
+ g_assert_cmpint (nm_setting_connection_get_timestamp (s_con), ==, 0);
+ g_assert_cmpint (nm_setting_connection_get_multi_connect (s_con), ==, NM_CONNECTION_MULTI_CONNECT_MULTIPLE);
+ g_assert_cmpint (nm_setting_connection_get_wait_device_timeout (s_con), ==, -1);
+
+ g_assert (nm_setting_connection_get_autoconnect (s_con));
+
+ s_wired = nm_connection_get_setting_wired (connection);
+ g_assert (s_wired);
+ g_assert (!nm_setting_wired_get_mac_address (s_wired));
+ g_assert_cmpint (nm_setting_wired_get_mtu (s_wired), ==, 1499);
+
+ s_ip4 = nm_connection_get_setting_ip4_config (connection);
+ g_assert (s_ip4);
+ g_assert_cmpstr (nm_setting_ip_config_get_method (s_ip4), ==, NM_SETTING_IP4_CONFIG_METHOD_AUTO);
+ s_ip6 = nm_connection_get_setting_ip6_config (connection);
+ g_assert (s_ip6);
+ g_assert_cmpstr (nm_setting_ip_config_get_method (s_ip6), ==, NM_SETTING_IP6_CONFIG_METHOD_AUTO);
+ }
+}
+
static void
test_if_auto_with_mtu (void)
{
@@ -111,7 +208,6 @@ test_if_auto_with_mtu (void)
g_assert (!nm_setting_ip_config_get_ignore_auto_dns (s_ip6));
}
-
static void
test_if_dhcp6 (void)
{
@@ -1894,6 +1990,8 @@ int main (int argc, char **argv)
nmtst_init_assert_logging (&argc, &argv, "INFO", "DEFAULT");
g_test_add_func ("/initrd/cmdline/auto", test_auto);
+ g_test_add_func ("/initrd/cmdline/dhcp_with_hostname", test_dhcp_with_hostname);
+ g_test_add_func ("/initrd/cmdline/dhcp_with_mtu", test_dhcp_with_mtu);
g_test_add_func ("/initrd/cmdline/if_auto_with_mtu", test_if_auto_with_mtu);
g_test_add_func ("/initrd/cmdline/if_dhcp6", test_if_dhcp6);
g_test_add_func ("/initrd/cmdline/if_auto_with_mtu_and_mac", test_if_auto_with_mtu_and_mac);
--
2.28.0

30
SOURCES/1023-initrd-fix-failing-unit-test-rh1903698.patch Normal file
View File

@ -0,0 +1,30 @@
From a3564a34043550b1cd176b87cdaa47c739f38341 Mon Sep 17 00:00:00 2001
From: Antonio Cardace <acardace@redhat.com>
Date: Fri, 4 Dec 2020 12:55:32 +0100
Subject: [PATCH] initrd: fix failing unit test
In RHEL 8.3 commit fc7c83cbdd has not been backported as it's a
breaking change thus this test needs adjusting as it assumed the new
behaviour.
Signed-off-by: Antonio Cardace <acardace@redhat.com>
---
src/initrd/tests/test-cmdline-reader.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/initrd/tests/test-cmdline-reader.c b/src/initrd/tests/test-cmdline-reader.c
index f5c1a1422..c4c5c7483 100644
--- a/src/initrd/tests/test-cmdline-reader.c
+++ b/src/initrd/tests/test-cmdline-reader.c
@@ -1359,7 +1359,7 @@ test_vlan_over_bond (void)
g_assert (s_ip6);
g_assert_cmpstr (nm_setting_ip_config_get_method (s_ip6),
==,
- NM_SETTING_IP6_CONFIG_METHOD_DISABLED);
+ NM_SETTING_IP6_CONFIG_METHOD_AUTO);
s_vlan = nm_connection_get_setting_vlan (connection);
g_assert (s_vlan);
g_assert_cmpstr(nm_setting_vlan_get_parent (s_vlan), ==, "bond2");
--
2.28.0

33
SOURCES/1024-device-clean-up-dispatcher-calls-rh1888348.patch Normal file
View File

@ -0,0 +1,33 @@
From bb35124e97fbe524b65bcaac2af649d9d37f3a2a Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Mon, 11 Jan 2021 16:40:21 +0100
Subject: [PATCH] device: clean up dispatcher calls when canceling an
activation
Ensure the callback for dispatcher calls is not executed, or it will
resume the activation chain we want to interrupt.
https://bugzilla.redhat.com/show_bug.cgi?id=1888348
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/723
(cherry picked from commit 8180b0180beba0c492bf172a32069c77e501f884)
(cherry picked from commit 88eb0beb5277da7973bf0f22bfd547abb4396988)
(cherry picked from commit cdbd6bd9e139d11aacd2447994599763ab3624cd)
---
src/devices/nm-device.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c
index 012af4d9a5..0fd3fe2adb 100644
--- a/src/devices/nm-device.c
+++ b/src/devices/nm-device.c
@@ -15527,6 +15527,7 @@ _cancel_activation (NMDevice *self)
priv->fw_state = FIREWALL_STATE_INITIALIZED;
}
+ dispatcher_cleanup (self);
ip_check_gw_ping_cleanup (self);
/* Break the activation chain */
--
2.26.2

9
SOURCES/20-connectivity-fedora.conf Normal file
View File

@ -0,0 +1,9 @@
# Enable connectivity checking for NetworkManager.
# See `man NetworkManager.conf`.
#
# Note that connectivity checking works badly with rp_filter set to
# strict. Check "/proc/sys/net/ipv4/conf/*/rp_filter".
[connectivity]
uri=http://fedoraproject.org/static/hotspot.txt
response=OK
interval=300

9
SOURCES/20-connectivity-redhat.conf Normal file
View File

@ -0,0 +1,9 @@
# Enable connectivity checking for NetworkManager.
# See `man NetworkManager.conf`.
#
# Note that connectivity checking works badly with rp_filter set to
# strict. Check "/proc/sys/net/ipv4/conf/*/rp_filter".
[connectivity]
uri=http://static.redhat.com/test/rhel-networkmanager.txt
response=OK
interval=300

15
SOURCES/70-nm-connectivity.conf Normal file
View File

@ -0,0 +1,15 @@
# The Strict mode of RFC3704 Reverse Path filtering breaks some pretty
# common and reasonable use cases.
#
# Notably, it makes it impossible for NetworkManager to do connectivity
# check on a newly arriving default route (it starts with a higher metric
# and is bumped lower if there's connectivity).
#
# Kernel's default is 0 (no filter), systemd configures a Loose filter since
# commit 230450d4e4f1 ('sysctl.d: switch net.ipv4.conf.all.rp_filter from 1
# to 2'). However, RHEL systemd package happens to default to Strict mode
# for historic reasons. Let's override it if we're doing connectivity
# checking.
# Source route verification
net.ipv4.conf.all.rp_filter = 0

44
SOURCES/9999-fix-pregen-doc.patch Normal file
View File

@ -0,0 +1,44 @@
From ce8ee35cb4e94e85ac1ecb268c6fa1ea14b1ae8d Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Tue, 27 Aug 2019 15:47:32 +0200
Subject: [PATCH 1/1] patch documentation with the proper default values
We don't regenerate the documentation for RHEL builds, but
the docs from the tarball are generated with a certain set
of defaults.
Patch the man pages with the proper values.
---
docs/api/html/NetworkManager.conf.html | 2 +-
man/NetworkManager.conf.5 | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/docs/api/html/NetworkManager.conf.html b/docs/api/html/NetworkManager.conf.html
index 44b25c4cbc9d..1ee9c2fb1e83 100644
--- a/docs/api/html/NetworkManager.conf.html
+++ b/docs/api/html/NetworkManager.conf.html
@@ -574,7 +574,7 @@ unmanaged-devices=mac:00:22:68:1c:59:b1;mac:00:1E:65:30:D1:C4;interface-name:eth
are "<code class="literal">syslog</code>" and "<code class="literal">journal</code>".
When NetworkManager is started with "<code class="literal">--debug</code>"
in addition all messages will be printed to stderr.
- If unspecified, the default is "<code class="literal">syslog</code>".
+ If unspecified, the default is "<code class="literal">journal</code>".
</p></td>
</tr>
<tr>
diff --git a/man/NetworkManager.conf.5 b/man/NetworkManager.conf.5
index 396267e3ec09..7702b84b04fc 100644
--- a/man/NetworkManager.conf.5
+++ b/man/NetworkManager.conf.5
@@ -598,7 +598,7 @@ INFO\&.
.PP
\fIbackend\fR
.RS 4
-The logging backend\&. Supported values are "syslog" and "journal"\&. When NetworkManager is started with "\-\-debug" in addition all messages will be printed to stderr\&. If unspecified, the default is "syslog"\&.
+The logging backend\&. Supported values are "syslog" and "journal"\&. When NetworkManager is started with "\-\-debug" in addition all messages will be printed to stderr\&. If unspecified, the default is "journal"\&.
.RE
.PP
\fIaudit\fR
--
2.26.2

50
SOURCES/NetworkManager.conf Normal file
View File

@ -0,0 +1,50 @@
# Configuration file for NetworkManager.
#
# See "man 5 NetworkManager.conf" for details.
#
# The directories /usr/lib/NetworkManager/conf.d/ and /run/NetworkManager/conf.d/
# can contain additional configuration snippets installed by packages. These files are
# read before NetworkManager.conf and have thus lowest priority.
# The directory /etc/NetworkManager/conf.d/ can contain additional configuration
# snippets. Those snippets are merged last and overwrite the settings from this main
# file.
#
# The files within one conf.d/ directory are read in asciibetical order.
#
# If /etc/NetworkManager/conf.d/ contains a file with the same name as
# /usr/lib/NetworkManager/conf.d/, the latter file is shadowed and thus ignored.
# Hence, to disable loading a file from /usr/lib/NetworkManager/conf.d/ you can
# put an empty file to /etc with the same name. The same applies with respect
# to the directory /run/NetworkManager/conf.d where files in /run shadow
# /usr/lib and are themselves shadowed by files under /etc.
#
# If two files define the same key, the one that is read afterwards will overwrite
# the previous one.
[main]
#plugins=ifcfg-rh
[logging]
# When debugging NetworkManager, enabling debug logging is of great help.
#
# Logfiles contain no passwords and little sensitive information. But please
# check before posting the file online. You can also personally hand over the
# logfile to a NM developer to treat it confidential. Meet us on #nm on freenode.
# Please post full logfiles except minimal modifications of private data.
#
# You can also change the log-level at runtime via
# $ nmcli general logging level TRACE domains ALL
# However, usually it's cleaner to enable debug logging
# in the configuration and restart NetworkManager so that
# debug logging is enabled from the start.
#
# You will find the logfiles in syslog, for example via
# $ journalctl -u NetworkManager
#
# Note that debug logging of NetworkManager can be quite verbose. Some messages
# might be rate-limited by the logging daemon (see RateLimitIntervalSec, RateLimitBurst
# in man journald.conf). Please disable rate-limiting before collecting debug logs.
#
#level=TRACE
#domains=ALL

3805
SPECS/NetworkManager.spec Normal file
View File

File diff suppressed because it is too large Load Diff