diff --git a/.NetworkManager.metadata b/.NetworkManager.metadata deleted file mode 100644 index c2cbe5f..0000000 --- a/.NetworkManager.metadata +++ /dev/null @@ -1 +0,0 @@ -c803db8a3480ed683e8f24424b38b08bb295013d SOURCES/NetworkManager-1.40.16.tar.xz diff --git a/.gitignore b/.gitignore index 911106a..0e642d2 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/NetworkManager-1.40.16.tar.xz +NetworkManager-1.48.10.tar.xz diff --git a/SOURCES/00-server.conf b/00-server.conf similarity index 100% rename from SOURCES/00-server.conf rename to 00-server.conf diff --git a/SOURCES/20-connectivity-fedora.conf b/20-connectivity-fedora.conf similarity index 100% rename from SOURCES/20-connectivity-fedora.conf rename to 20-connectivity-fedora.conf diff --git a/SOURCES/20-connectivity-redhat.conf b/20-connectivity-redhat.conf similarity index 100% rename from SOURCES/20-connectivity-redhat.conf rename to 20-connectivity-redhat.conf diff --git a/22-wifi-mac-addr.conf b/22-wifi-mac-addr.conf new file mode 100644 index 0000000..2e329c8 --- /dev/null +++ b/22-wifi-mac-addr.conf @@ -0,0 +1,31 @@ +# This sets defaults for Wi-Fi profiles to set a generated, stable MAC address. +# +# Do not modify this file. You can hide/overwrite this file by placing a file +# to "/etc/NetworkManager/conf.d/22-wifi-mac-addr.conf". You can also add +# configuration snippets with higher priority that override this setting (see +# `man 5 NetworkManager.conf`). Most importantly, this snippet only sets +# default values for the profile. You can explicitly set the value for each +# profile, so that this default value is not used. +# +# For example, on a particular profile/network set +# +# $ nmcli connection modify "$PROFILE" wifi.cloned-mac-address permanent +# +# to use the hardware MAC address. This prevents the default from this file +# to take effect. +# +# Or +# +# $ nmcli connection modify "$PROFILE" wifi.cloned-mac-address stable connection.stable-id '${NETWORK_SSID}/${BOOT}' +# +# to get a generated MAC address that changes on each boot. Note how setting +# "connection.stable-id" also affects other aspects of the profile. +# +# See `man 5 nm-settings` for "wifi.cloned-mac-address" and "connection.stable-id". + +[connection.22-wifi-mac-addr] +match-device=type:wifi +wifi.cloned-mac-address=stable-ssid + +[.config] +enable=nm-version-min:1.45 diff --git a/SOURCES/70-nm-connectivity.conf b/70-nm-connectivity.conf similarity index 100% rename from SOURCES/70-nm-connectivity.conf rename to 70-nm-connectivity.conf diff --git a/SOURCES/NetworkManager.conf b/NetworkManager.conf similarity index 98% rename from SOURCES/NetworkManager.conf rename to NetworkManager.conf index 2fd5127..287c9d0 100644 --- a/SOURCES/NetworkManager.conf +++ b/NetworkManager.conf @@ -20,7 +20,7 @@ # the previous one. [main] -#plugins=ifcfg-rh +#plugins=keyfile,ifcfg-rh [logging] diff --git a/SPECS/NetworkManager.spec b/NetworkManager.spec similarity index 80% rename from SPECS/NetworkManager.spec rename to NetworkManager.spec index 166feb2..66d18e2 100644 --- a/SPECS/NetworkManager.spec +++ b/NetworkManager.spec @@ -1,21 +1,25 @@ %global wpa_supplicant_version 1:1.1 -%global ppp_version %(sed -n 's/^#define\\s*VERSION\\s*"\\([^\\s]*\\)"$/\\1/p' %{_includedir}/pppd/patchlevel.h 2>/dev/null | grep . || echo bad) +%global ppp_version %(pkg-config --modversion pppd 2>/dev/null || sed -n 's/^#define\\s*VERSION\\s*"\\([^\\s]*\\)"$/\\1/p' %{_includedir}/pppd/patchlevel.h 2>/dev/null | grep . || echo bad) %global glib2_version %(pkg-config --modversion glib-2.0 2>/dev/null || echo bad) %global epoch_version 1 -%global real_version 1.40.16 +%global real_version 1.48.10 %global rpm_version %{real_version} -%global release_version 15 +%global release_version 1 %global snapshot %{nil} %global git_sha %{nil} %global bcond_default_debug 0 +%global bcond_default_lto %{nil} %global bcond_default_test 0 %global obsoletes_device_plugins 1:0.9.9.95-1 %global obsoletes_ppp_plugin 1:1.5.3 %global obsoletes_initscripts_updown 1:1.36.0-0.6 %global obsoletes_ifcfg_rh 1:1.36.2 +%global obsoletes_team 1:1.47.5-3 +%global obsoletes_initscripts_ifcfg_rh 1:1.47.5-3 +%global obsoletes_dispatcher_routing_rules 1:1.47.5-3 %global nmlibdir %{_prefix}/lib/%{name} %global nmplugindir %{_libdir}/%{name}/%{version}-%{release} @@ -33,17 +37,24 @@ %global real_version_major %(printf '%s' '%{real_version}' | sed -n 's/^\\([1-9][0-9]*\\.[0-9][0-9]*\\)\\.[0-9][0-9]*$/\\1/p') -%global systemd_units NetworkManager.service NetworkManager-wait-online.service NetworkManager-dispatcher.service +%global systemd_units NetworkManager.service NetworkManager-wait-online.service NetworkManager-dispatcher.service nm-priv-helper.service %global systemd_units_cloud_setup nm-cloud-setup.service nm-cloud-setup.timer ############################################################################### - -%bcond_with meson +%if 0%{?fedora} > 40 || 0%{?rhel} >= 10 +%bcond_without meson +%else +%bcond_with meson +%endif %bcond_without adsl %bcond_without bluetooth %bcond_without wwan +%if 0%{?rhel} >= 10 +%bcond_with team +%else %bcond_without team +%endif %bcond_without wifi %bcond_without ovs %bcond_without ppp @@ -60,11 +71,19 @@ %else %bcond_with test %endif +%if "%{?bcond_default_lto}" == "" %if 0%{?fedora} >= 33 || 0%{?rhel} >= 9 %bcond_without lto %else %bcond_with lto %endif +%else +%if %{bcond_default_lto} +%bcond_without lto +%else +%bcond_with lto +%endif +%endif %bcond_with sanitizer %if 0%{?fedora} %bcond_without connectivity_fedora @@ -140,18 +159,29 @@ %global config_plugins_default_ifcfg_rh 1 %endif -%if 0%{?fedora} >= 36 || 0%{?rhel} >= 10 +%if 0%{?rhel} >= 10 +%global with_ifcfg_rh 0 +%global split_ifcfg_rh 0 +%elif 0%{?fedora} >= 36 +%global with_ifcfg_rh 1 %global split_ifcfg_rh 1 %else +%global with_ifcfg_rh 1 %global split_ifcfg_rh 0 %endif -%if 0%{?fedora} >= 36 || 0%{?rhel} >= 9 +%if (0%{?fedora} >= 36 && 0%{?fedora} < 39) || 0%{?rhel} == 9 %global ifcfg_warning 1 %else %global ifcfg_warning 0 %endif +%if 0%{?fedora} >= 39 +%global ifcfg_migrate 1 +%else +%global ifcfg_migrate 0 +%endif + %if 0%{?fedora} # Although eBPF would be available on Fedora's kernel, it seems # we often get SELinux denials (rh#1651654). But even aside them, @@ -176,7 +206,7 @@ Epoch: %{epoch_version} Version: %{rpm_version} Release: %{release_version}%{?snap}%{?dist} Group: System Environment/Base -License: GPLv2+ and LGPLv2+ +License: GPL-2.0-or-later AND LGPL-2.1-or-later URL: https://networkmanager.dev/ Source: https://download.gnome.org/sources/NetworkManager/%{real_version_major}/%{name}-%{real_version}.tar.xz @@ -184,32 +214,18 @@ Source1: NetworkManager.conf Source2: 00-server.conf Source4: 20-connectivity-fedora.conf Source5: 20-connectivity-redhat.conf -Source6: 70-nm-connectivity.conf -Source7: readme-ifcfg-rh.txt +Source6: 22-wifi-mac-addr.conf +Source7: 70-nm-connectivity.conf +Source8: readme-ifcfg-rh.txt +Source9: readme-ifcfg-rh-migrated.txt # RHEL downstream patches that change behavior from upstream. # These are not bugfixes, hence they are also relevant after # the next rebase of the source tarball. -Patch1: 0001-cloud-setup-systemd-unit-rh1791758.patch -Patch2: 0002-firewall-Default-to-iptables-backend-to-preserve-behavior.patch -Patch3: 0003-order-ipv6-addresses.patch +# Patch0001: 0001-some.patch # Bugfixes that are only relevant until next rebase of the package. # Patch1001: 1001-some.patch -Patch1001: 1001-cloud-setup-IMDSv2-rh2151987.patch -Patch1002: 1002-dns-add-support-to-no-aaaa-option-rh2144521.patch -Patch1003: 1003-suppport-bond-port-prio-rh1920398.patch -Patch1004: 1004-team-don-t-try-to-connect-to-teamd-in-update_connect-rh2182029.patch -Patch1005: 1005-ipv6ll-don-t-regenerate-the-address-when-removed-rh2209353.patch -Patch1006: 1006-fix-read-infiniband-from-ifcfg-rh2209164.patch -Patch1007: 1007-unblock-autoconnect-on-reapply-rh2207690.patch -Patch1008: 1008-cloud-setup-fix-terminating-in-reconfig-rh2221903.patch -Patch1009: 1009-manager-allow-controller-activation-if-device-is-dea-rhel-5119.patch -Patch1010: 1010-fix-l3cd-comparison-rhel-8423.patch -Patch1011: 1011-dispatch-dns-change-event-rhel-10195.patch -Patch1012: 1012-device-do-not-set-MAC-address-on-iface-with-index-0-rhel-16008.patch -Patch1013: 1013-fix-matching-existing-connection-by-UUID-on-restart-rhel-5119.patch -Patch1014: 1014-device-disable-IPv6-in-NetworkManager-when-disabled-rhel-10450.patch Requires(post): systemd %if 0%{?fedora} || 0%{?rhel} >= 8 @@ -228,7 +244,7 @@ Requires: libndp >= %{libndp_version} %endif Obsoletes: NetworkManager < %{obsoletes_device_plugins} Obsoletes: NetworkManager < %{obsoletes_ppp_plugin} -Obsoletes: NetworkManager-wimax < 1.2 +Obsoletes: NetworkManager-wimax < 1:1.2 %if 0%{?rhel} && 0%{?rhel} == 8 Suggests: NetworkManager-initscripts-updown %endif @@ -242,11 +258,22 @@ Obsoletes: NetworkManager < %{obsoletes_ifcfg_rh} Requires: wpa_supplicant >= 1:1.1 %endif +%if 0%{?rhel} && 0%{?rhel} >= 10 +Obsoletes: NetworkManager-team < %{obsoletes_team} +Obsoletes: NetworkManager-initscripts-ifcfg-rh < %{obsoletes_initscripts_ifcfg_rh} +Obsoletes: NetworkManager-dispatcher-routing-rules < %{obsoletes_dispatcher_routing_rules} +%endif + Conflicts: NetworkManager-vpnc < 1:0.7.0.99-1 Conflicts: NetworkManager-openvpn < 1:0.7.0.99-1 Conflicts: NetworkManager-pptp < 1:0.7.0.99-1 Conflicts: NetworkManager-openconnect < 0:0.7.0.99-1 Conflicts: kde-plasma-networkmanagement < 1:0.9-0.49.20110527git.nm09 +%if 0%{?rhel} && 0%{?rhel} >= 10 +Conflicts: NetworkManager-team <= 1:1.47.5-3 +Conflicts: NetworkManager-initscripts-ifcfg-rh <= 1:1.47.5-3 +Conflicts: NetworkManager-dispatcher-routing-rules <= 1:1.47.5-3 +%endif BuildRequires: make BuildRequires: gcc @@ -271,7 +298,6 @@ BuildRequires: gnutls-devel >= 2.12 %else BuildRequires: nss-devel >= 3.11.7 %endif -BuildRequires: dhclient BuildRequires: readline-devel BuildRequires: audit-libs-devel %if %{with regen_docs} @@ -300,17 +326,10 @@ BuildRequires: mobile-broadband-provider-info-devel BuildRequires: newt-devel %endif BuildRequires: /usr/bin/dbus-launch -%if 0%{?fedora} >= 28 || 0%{?rhel} >= 8 BuildRequires: python3 BuildRequires: python3-gobject-base BuildRequires: python3-dbus BuildRequires: python3-pexpect -%else -BuildRequires: python2 -BuildRequires: pygobject3-base -BuildRequires: dbus-python -BuildRequires: pexpect -%endif BuildRequires: libselinux-devel BuildRequires: polkit-devel BuildRequires: jansson-devel @@ -481,7 +500,7 @@ This package contains NetworkManager support for PPP. Summary: Libraries for adding NetworkManager support to applications. Group: Development/Libraries Conflicts: NetworkManager-glib < 1:1.31.0 -License: LGPLv2+ +License: LGPL-2.1-or-later %description libnm This package contains the libraries that make it easier to use some @@ -494,7 +513,7 @@ Group: Development/Libraries Requires: %{name}-libnm%{?_isa} = %{epoch}:%{version}-%{release} Requires: glib2-devel Requires: pkgconfig -License: LGPLv2+ +License: LGPL-2.1-or-later %description libnm-devel This package contains the header and pkg-config files for development @@ -543,6 +562,7 @@ This package is intended to be installed by default for server deployments. +%if %{?with_ifcfg_rh} %package dispatcher-routing-rules Summary: NetworkManager dispatcher file for advanced routing rules Group: System Environment/Base @@ -557,6 +577,7 @@ Obsoletes: %{name}-config-routing-rules < 1:1.31.0 This adds a NetworkManager dispatcher file to support networking configurations using "/etc/sysconfig/network-scripts/rule-NAME" files (eg, to do policy-based routing). +%endif %if %{with nmtui} @@ -595,11 +616,12 @@ Requires: %{name}-libnm%{?_isa} = %{epoch}:%{version}-%{release} %description cloud-setup Installs a nm-cloud-setup tool that can automatically configure -NetworkManager in cloud setups. Currently only EC2 is supported. -This tool is still experimental. +NetworkManager in cloud environment. Only certain cloud providers +like Aliyun, Azure, EC2, GCP are supported. %endif +%if %{?with_ifcfg_rh} %package initscripts-updown Summary: Legacy ifup/ifdown scripts for NetworkManager that replace initscripts (network-scripts) Group: System Environment/Base @@ -612,7 +634,7 @@ Obsoletes: NetworkManager < %{obsoletes_initscripts_updown} Installs alternative ifup/ifdown scripts that talk to NetworkManager. This is only for backward compatibility with initscripts (network-scripts). Preferably use nmcli instead. - +%endif %prep %autosetup -p1 -n NetworkManager-%{real_version} @@ -626,8 +648,9 @@ Preferably use nmcli instead. %if %{with test} --werror \ %endif - -Dnft=/usr/sbin/nft \ - -Diptables=/usr/sbin/iptables \ + -Dnft=%{_sbindir}/nft \ + -Diptables=%{_sbindir}/iptables \ + -Ddhclient=%{_sbindir}/dhclient \ -Ddhcpcanon=no \ -Ddhcpcd=no \ -Dconfig_dhcp_default=%{dhcp_default} \ @@ -692,6 +715,7 @@ Preferably use nmcli instead. %else -Ddocs=false \ %endif + -Dqt=false \ %if %{with team} -Dteamdctl=true \ %else @@ -719,15 +743,23 @@ Preferably use nmcli instead. %endif -Dsession_tracking=systemd \ -Dsuspend_resume=systemd \ + -Dsystemdsystemunitdir=%{_unitdir} \ -Dsystem_ca_path=/etc/pki/tls/cert.pem \ -Ddbus_conf_dir=%{dbus_sys_dir} \ -Dtests=yes \ -Dvalgrind=no \ +%if %{?with_ifcfg_rh} -Difcfg_rh=true \ +%else + -Difcfg_rh=false \ +%endif -Difupdown=false \ %if %{with ppp} - -Dpppd_plugin_dir=%{_libdir}/pppd/%{ppp_version} \ -Dppp=true \ + -Dpppd="%{_sbindir}/pppd" \ + -Dpppd_plugin_dir="%{_libdir}/pppd/%{ppp_version}" \ +%else + -Dppp=false \ %endif %if %{with firewalld_zone} -Dfirewalld_zone=true \ @@ -737,6 +769,9 @@ Preferably use nmcli instead. -Ddist_version=%{version}-%{release} \ %if %{?config_plugins_default_ifcfg_rh} -Dconfig_plugins_default=ifcfg-rh \ +%endif +%if %{?ifcfg_migrate} + -Dconfig_migrate_ifcfg_rh_default=true \ %endif -Dresolvconf=no \ -Dnetconfig=no \ @@ -755,9 +790,9 @@ autoreconf --install --force --with-runstatedir=%{_rundir} \ --enable-silent-rules=no \ --enable-static=no \ - --with-nft=/usr/sbin/nft \ - --with-iptables=/usr/sbin/iptables \ - --with-dhclient=yes \ + --with-nft=%{_sbindir}/nft \ + --with-iptables=%{_sbindir}/iptables \ + --with-dhclient=%{_sbindir}/dhclient \ --with-dhcpcd=no \ --with-dhcpcanon=no \ --with-config-dhcp-default=%{dhcp_default} \ @@ -855,6 +890,7 @@ autoreconf --install --force --with-ebpf=%{ebpf_enabled} \ --with-session-tracking=systemd \ --with-suspend-resume=systemd \ + --with-systemdsystemunitdir=%{_unitdir} \ --with-system-ca-path=/etc/pki/tls/cert.pem \ --with-dbus-sys-dir=%{dbus_sys_dir} \ --with-tests=yes \ @@ -864,11 +900,18 @@ autoreconf --install --force --enable-more-warnings=yes \ %endif --with-valgrind=no \ +%if %{?with_ifcfg_rh} --enable-ifcfg-rh=yes \ +%else + --enable-ifcfg-rh=no \ +%endif --enable-ifupdown=no \ %if %{with ppp} - --with-pppd-plugin-dir=%{_libdir}/pppd/%{ppp_version} \ --enable-ppp=yes \ + --with-pppd="%{_sbindir}/pppd" \ + --with-pppd-plugin-dir="%{_libdir}/pppd/%{ppp_version}" \ +%else + --enable-ppp=no \ %endif %if %{with firewalld_zone} --enable-firewalld-zone=yes \ @@ -878,11 +921,15 @@ autoreconf --install --force --with-dist-version=%{version}-%{release} \ %if %{?config_plugins_default_ifcfg_rh} --with-config-plugins-default=ifcfg-rh \ +%endif +%if %{?ifcfg_migrate} + --with-config-migrate-ifcfg-rh-default=yes \ %endif --with-resolvconf=no \ --with-netconfig=no \ --with-config-dns-rc-manager-default=%{dns_rc_manager_default} \ - --with-config-logging-backend-default=%{logging_backend_default} + --with-config-logging-backend-default=%{logging_backend_default} \ + --disable-autotools-deprecation %make_build @@ -906,16 +953,25 @@ cp %{SOURCE4} %{buildroot}%{nmlibdir}/conf.d/ %if %{with connectivity_redhat} cp %{SOURCE5} %{buildroot}%{nmlibdir}/conf.d/ mkdir -p %{buildroot}%{_sysctldir} -cp %{SOURCE6} %{buildroot}%{_sysctldir} +cp %{SOURCE7} %{buildroot}%{_sysctldir} +%endif + +%if 0%{?fedora} >= 40 +cp %{SOURCE6} %{buildroot}%{nmlibdir}/conf.d/ %endif %if 0%{?ifcfg_warning} -cp %{SOURCE7} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts +cp %{SOURCE8} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts +%endif +%if 0%{?ifcfg_migrate} +cp %{SOURCE9} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/readme-ifcfg-rh.txt %endif +%if %{?with_ifcfg_rh} cp examples/dispatcher/10-ifcfg-rh-routes.sh %{buildroot}%{nmlibdir}/dispatcher.d/ ln -s ../no-wait.d/10-ifcfg-rh-routes.sh %{buildroot}%{nmlibdir}/dispatcher.d/pre-up.d/ ln -s ../10-ifcfg-rh-routes.sh %{buildroot}%{nmlibdir}/dispatcher.d/no-wait.d/ +%endif %find_lang %{name} @@ -926,14 +982,15 @@ rm -f %{buildroot}%{nmplugindir}/*.la # Ensure the documentation timestamps are constant to avoid multilib conflicts find %{buildroot}%{_datadir}/gtk-doc -exec touch --reference configure.ac '{}' \+ -%if 0%{?__debug_package} +%if 0%{?__debug_package} && ! 0%{?flatpak} mkdir -p %{buildroot}%{_prefix}/src/debug/NetworkManager-%{real_version} cp valgrind.suppressions %{buildroot}%{_prefix}/src/debug/NetworkManager-%{real_version} %endif +%if %{?with_ifcfg_rh} touch %{buildroot}%{_sbindir}/ifup touch %{buildroot}%{_sbindir}/ifdown - +%endif %check %if %{with meson} @@ -976,6 +1033,7 @@ fi %systemd_post %{systemd_units} +%if %{?with_ifcfg_rh} %post initscripts-updown if [ -f %{_sbindir}/ifup -a ! -L %{_sbindir}/ifup ]; then # initscripts package too old, won't let us set an alternative @@ -984,6 +1042,7 @@ else /usr/sbin/update-alternatives --install %{_sbindir}/ifup ifup %{_libexecdir}/nm-ifup 50 \ --slave %{_sbindir}/ifdown ifdown %{_libexecdir}/nm-ifdown fi +%endif %if %{with nm_cloud_setup} @@ -1000,13 +1059,15 @@ if [ $1 -eq 0 ]; then # Don't kill networking entirely just on package remove #/bin/systemctl stop NetworkManager.service >/dev/null 2>&1 || : fi -%systemd_preun NetworkManager-wait-online.service NetworkManager-dispatcher.service +%systemd_preun NetworkManager-wait-online.service NetworkManager-dispatcher.service nm-priv-helper.service +%if %{?with_ifcfg_rh} %preun initscripts-updown if [ $1 -eq 0 ]; then /usr/sbin/update-alternatives --remove ifup %{_libexecdir}/nm-ifup >/dev/null 2>&1 || : fi +%endif %if %{with nm_cloud_setup} @@ -1040,8 +1101,8 @@ fi %files %{dbus_sys_dir}/org.freedesktop.NetworkManager.conf %{dbus_sys_dir}/nm-dispatcher.conf -%exclude %{dbus_sys_dir}/nm-priv-helper.conf -%if 0%{?split_ifcfg_rh} == 0 +%{dbus_sys_dir}/nm-priv-helper.conf +%if %{?with_ifcfg_rh} && 0%{?split_ifcfg_rh} == 0 %{dbus_sys_dir}/nm-ifcfg-rh.conf %endif %{_sbindir}/%{name} @@ -1057,16 +1118,19 @@ fi %dir %{_sysconfdir}/%{name}/dnsmasq-shared.d %dir %{_sysconfdir}/%{name}/system-connections %config(noreplace) %{_sysconfdir}/%{name}/NetworkManager.conf +%if 0%{?fedora} >= 40 +%{nmlibdir}/conf.d/22-wifi-mac-addr.conf +%endif %ghost %{_sysconfdir}/%{name}/VPN %{_bindir}/nm-online %{_libexecdir}/nm-dhcp-helper %{_libexecdir}/nm-dispatcher %{_libexecdir}/nm-initrd-generator %{_libexecdir}/nm-daemon-helper -%exclude %{_libexecdir}/nm-priv-helper +%{_libexecdir}/nm-priv-helper %dir %{_libdir}/%{name} %dir %{nmplugindir} -%if 0%{?split_ifcfg_rh} == 0 +%if %{?with_ifcfg_rh} && 0%{?split_ifcfg_rh} == 0 %{nmplugindir}/libnm-settings-plugin-ifcfg-rh.so %endif %if %{with nmtui} @@ -1083,12 +1147,14 @@ fi %{_mandir}/man1/* %{_mandir}/man5/* %{_mandir}/man7/nmcli-examples.7* -%{_mandir}/man8/nm-initrd-generator.8.gz -%{_mandir}/man8/NetworkManager.8.gz -%{_mandir}/man8/NetworkManager-dispatcher.8.gz -%{_mandir}/man8/NetworkManager-wait-online.service.8.gz +%{_mandir}/man8/nm-initrd-generator.8* +%{_mandir}/man8/NetworkManager.8* +%{_mandir}/man8/NetworkManager-dispatcher.8* +%{_mandir}/man8/NetworkManager-wait-online.service.8* %dir %{_localstatedir}/lib/NetworkManager +%if %{?with_ifcfg_rh} %dir %{_sysconfdir}/sysconfig/network-scripts +%endif %{_datadir}/dbus-1/system-services/org.freedesktop.nm_dispatcher.service %{_datadir}/dbus-1/system-services/org.freedesktop.nm_priv_helper.service %{_datadir}/polkit-1/actions/*.policy @@ -1100,10 +1166,10 @@ fi %{_unitdir}/NetworkManager.service %{_unitdir}/NetworkManager-wait-online.service %{_unitdir}/NetworkManager-dispatcher.service -%exclude %{_unitdir}/nm-priv-helper.service +%{_unitdir}/nm-priv-helper.service %dir %{_datadir}/doc/NetworkManager/examples %{_datadir}/doc/NetworkManager/examples/server.conf -%if 0%{?ifcfg_warning} +%if 0%{?ifcfg_warning} || 0%{?ifcfg_migrate} %{_sysconfdir}/sysconfig/network-scripts/readme-ifcfg-rh.txt %endif %doc NEWS AUTHORS README.md CONTRIBUTING.md @@ -1203,11 +1269,12 @@ fi %{nmlibdir}/conf.d/00-server.conf +%if %{?with_ifcfg_rh} %files dispatcher-routing-rules %{nmlibdir}/dispatcher.d/10-ifcfg-rh-routes.sh %{nmlibdir}/dispatcher.d/no-wait.d/10-ifcfg-rh-routes.sh %{nmlibdir}/dispatcher.d/pre-up.d/10-ifcfg-rh-routes.sh - +%endif %if %{with nmtui} %files tui @@ -1233,697 +1300,510 @@ fi %{_unitdir}/nm-cloud-setup.timer %{nmlibdir}/dispatcher.d/90-nm-cloud-setup.sh %{nmlibdir}/dispatcher.d/no-wait.d/90-nm-cloud-setup.sh +%{nmlibdir}/dispatcher.d/pre-up.d/90-nm-cloud-setup.sh %{_mandir}/man8/nm-cloud-setup.8* %endif +%if %{?with_ifcfg_rh} %files initscripts-updown %{_libexecdir}/nm-ifup %ghost %attr(755, root, root) %{_sbindir}/ifup %{_libexecdir}/nm-ifdown %ghost %attr(755, root, root) %{_sbindir}/ifdown +%endif %changelog -* Fri Feb 09 2024 Íñigo Huguet - 1:1.40.16-15 -- Suppress NetworkManager's harmless warning when IPv6 is disabled at kernel level (RHEL-10450) +* Thu Aug 22 2024 Íñigo Huguet - 1:1.48.10-1 +- Unblock the autoconnect for children when parent is available (RHEL-46904) +- Fix crash produced by malformed LLDP package when debug logging (RHEL-46199) +- Support reapplying bridge-port VLANs (RHEL-26750) +- Add small backoff time before resync (RHEL-29902) -* Tue Dec 12 2023 Wen Liang - 1:1.40.16-14 -- Fix matching existing connection by UUID on restart (RHEL-5119) +* Fri Aug 09 2024 Fernando Fernandez Mancera - 1:1.48.8-1 +- Stop writing offensive terms into keyfiles (RHEL-52597) -* Mon Dec 04 2023 Fernando Fernandez - 1:1.40.16-13 -- device: do not set MAC address on iface with index <=0 (RHEL-16008) +* Fri Jul 05 2024 Stanislas Faye 1:1.48.4-1 +- Update to 1.48.4 release +- Support matching a OVS system interface by MAC address (RHEL-34617) +- When looking up the system hostname from the reverse DNS lookup of + addresses configured on interfaces, NetworkManager now takes into + account the content of /etc/hosts (RHEL-33435) -* Thu Oct 19 2023 Íñigo Huguet - 1:1.40.16-12 -- Dispatch "dns-change" event (RHEL-10195) +* Mon Jun 24 2024 Troy Dawson - 1:1.48.2-1.1 +- Bump release for June 2024 mass rebuild -* Wed Oct 18 2023 Íñigo Huguet - 1:1.40.16-11 -- Correctly update DNS changes retrieved from DHCPv4 (RHEL-8423) +* Mon Jun 24 2024 Beniamino Galvani 1:1.48.2-1 +- Update to 1.48.2 release +- Save connection timestamps when shutting down (RHEL-35539) -* Wed Oct 04 2023 Fernando Fernandez Mancera - 1:1.40.16-10 -- manager: allow controller activation if device is deactivating (RHEL-5119) +* Thu May 30 2024 Lubomir Rintel - 1:1.48.0-1 +- Upgrade to 1.48.0 release -* Wed Jul 19 2023 Beniamino Galvani - 1:1.40.16-9 -- cloud-setup: fix terminating in the middle of reconfiguration (rh #2221903) +* Thu May 16 2024 Lubomir Rintel - 1:1.47.91-1 +- Upgrade to 1.47.91 (rc2) -* Wed Jun 28 2023 Thomas Haller - 1:1.40.16-8 -- unblock autoconnect of profile on reapply (rh #2207690) +* Mon May 06 2024 Ján Václav - 1:1.47.90-2 +- Use meson to build by default for RHEL 10 (from upstream) -* Mon Jun 5 2023 Thomas Haller - 1:1.40.16-7 -- fix reading infiniband p-key from ifcfg files (rh #2209164) +* Fri May 03 2024 Fernando Fernandez Mancera - 1:1.47.90-1 +- Upgrade to 1.47.90 (rc1) -* Wed May 24 2023 Beniamino Galvani - 1:1.40.16-6 -- don't fail when the IPv6 link-local address is removed (rh #2209353) +* Wed Apr 24 2024 Stanislas Faye - 1:1.47.5-2 +- Disable deprecated features (team, ifcfg-rh) on future RHEL versions -* Wed May 17 2023 Fernando Fernandez Mancera - 1:1.40.16-5 -- support bond port prio property (rh #1920398) -- team: don't try to connect to teamd in update_connection() (rh #2182029) +* Fri Apr 19 2024 Íñigo Huguet - 1:1.47.4-1 +- Upgrade to 1.47.5 (development) -* Wed Apr 19 2023 Beniamino Galvani - 1:1.40.16-4 -- support the "no-aaaa" resolv.conf option (rh #2144521) +* Mon Apr 08 2024 Fernando Fernandez Mancera - 1:1.47.4-1 +- Upgrade to 1.47.4 (development) -* Mon Mar 13 2023 Lubomir Rintel - 1:1.40.16-3 -- cloud-setup/ec2: fix regression with IMDSv2 support (rh #2181466) +* Mon Jan 22 2024 Fedora Release Engineering - 1:1.45.9-1.2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild -* Mon Mar 13 2023 Lubomir Rintel - 1:1.40.16-2 -- cloud-setup/ec2: add IMDSv2 support (rh #2151986) +* Fri Jan 19 2024 Fedora Release Engineering - 1:1.45.9-1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild -* Thu Feb 23 2023 Beniamino Galvani - 1:1.40.16-1 -- Update to 1.40.16 release +* Fri Dec 15 2023 Íñigo Huguet - 1:1.45.9-1 +- Update to 1.45.9 release (development) +- Dropped the support to build with Python 2 -* Mon Feb 13 2023 Thomas Haller - 1:1.40.14-1 -- Update to 1.40.14 release +* Thu Nov 2 2023 Íñigo Huguet - 1:1.44.2-2 +- migrated to SPDX license -* Thu Jan 26 2023 Lubomir Rintel - 1:1.40.12-1 -- Update to 1.40.12 release -- core: retry if a rtnetlink socket runs out of buffer space (rh #2154350) +* Tue Oct 3 2023 Beniamino Galvani - 1:1.44.2-1 +- Update to 1.44.2 release -* Wed Jan 11 2023 Beniamino Galvani - 1:1.40.10-1 -- Update to 1.40.10 release -- cloud-setup: preserve addresses added externally (rh #2132754) -- veth: fix detection of existing interface and peer (rh #2129829) -- dns: ensure dnsmasq is stopped after disabling it and a restart (rh #2120763) +* Thu Aug 10 2023 Beniamino Galvani - 1:1.44.0-1 +- Update to 1.44.0 release +- Enable automatic migration of ifcfg profiles to keyfile: + https://fedoraproject.org/wiki/Changes/MigrateIfcfgToKeyfile -* Wed Dec 21 2022 Thomas Haller - 1:1.40.8-2 -- core: avoid infinite autoconnect with multi-connect profiles (rh #2155531) +* Fri Jul 28 2023 Beniamino Galvani - 1:1.43.90-1 +- Update to 1.44-rc1 (1.43.90) (release candidate) -* Fri Dec 16 2022 Lubomir Rintel - 1:1.40.8-1 -- Update to 1.40.8 release -- macsec: fix tracking of parent ifindex (rh #2122564) +* Wed Jul 19 2023 Fedora Release Engineering - 1:1.43.10-1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -* Wed Nov 30 2022 Thomas Haller - 1:1.40.6-1 -- Update to 1.40.6 release -- team: fix configuring empty team port settings (rh #2102375) +* Wed Jun 14 2023 Thomas Haller - 1:1.43.10-1 +- Update to 1.43.10 release (development) -* Fri Nov 18 2022 Thomas Haller - 1:1.40.4-1 -- Update to 1.40.4 release -- ifcfg-rh: fix writing invalid ethtool pause settings (rh #2134569) +* Wed May 17 2023 Beniamino Galvani - 1:1.43.8-1 +- Update to 1.43.8 release (development) -* Tue Oct 11 2022 Beniamino Galvani - 1:1.40.2-1 -- Update to 1.40.2 release -- core: fix persisting Infiniband partition connections (rh #2122703) -- core: wait for carrier before resolving hostname via DNS (rh #2118817) -- core: fix handling of autoconnect-retries with multiconnect (rh #2039734) -- nmcli: allow removing a port connection from a bond (rh #2126262) -- initrd: decrease autoconnect priority for initrd connections (rh #2089707) -- dhcp: wait DAD completion for DHCPv6 addresses (send decline) (rh #2096386, rh #2099794) -- ovs: wait that links disappear during initial cleanup (rh #2060031) +* Thu May 4 2023 Thomas Haller - 1:1.43.7-1 +- Update to 1.43.7 release (development) -* Fri Aug 26 2022 Ana Cabral - 1:1.40.0-1 -- Update to 1.40.0 release +* Thu Apr 20 2023 Beniamino Galvani - 1:1.43.6-1 +- Update to 1.43.6 release (development) + +* Tue Apr 18 2023 Adam Williamson - 1:1.43.5-3 +- Fix ppp version discovery + +* Tue Apr 18 2023 Adam Williamson - 1:1.43.5-2 +- Rebuild for ppp 2.5.0 + +* Wed Apr 5 2023 Lubomir Rintel - 1:1.43.5-1 +- Update to 1.43.5 release (development) + +* Wed Mar 22 2023 Thomas Haller - 1:1.43.4-1 +- Update to 1.43.4 release (development) + +* Wed Mar 8 2023 Lubomir Rintel - 1:1.43.3-1 +- Update to an early 1.44 snapshot + +* Fri Feb 10 2023 Thomas Haller - 1:1.42.0-1 +- Upgrade to 1.42.0 release + +* Thu Jan 26 2023 Lubomir Rintel - 1:1.41.91-1 +- Update to 1.41.91 release (release candidate) + +* Fri Jan 20 2023 Fernando Fernandez Mancera - 1:1.41.90-1 +- Update to 1.42-rc1 (1.41.90) (release candidate) +- Upstream sync specfile + +* Wed Jan 18 2023 Fedora Release Engineering - 1:1.41.8-1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Mon Jan 16 2023 Beniamino Galvani - 1:1.41.8-1 +- Update to 1.41.8 release (development) + +* Thu Dec 15 2022 Lubomir Rintel - 1:1.41.7-1 +- Update to 1.41.7 release (development) + +* Wed Nov 30 2022 Thomas Haller - 1:1.41.6-1 +- Update to 1.41.6 release (development) + +* Fri Nov 18 2022 Thomas Haller - 1:1.41.5-1 +- Update to 1.41.5 release (development) + +* Thu Nov 3 2022 Thomas Haller - 1:1.41.4-2 +- fix generating stable UUIDs for keyfile (gitlab#1130) + +* Wed Nov 2 2022 Wen Liang - 1:1.41.4-1 +- Upgrade to 1.41.4 release + +* Tue Oct 18 2022 Beniamino Galvani - 1:1.41.3-1 +- Upgrade to 1.41.3 release + +* Fri Aug 26 2022 Thomas Haller - 1:1.40.0-1 +- Upgrade to 1.40.0 release * Tue Aug 16 2022 Ana Cabral - 1:1.39.90-1 -- Update to 1.39.90 release (release candidate) -- bridge: fix reapply of non-bridge properties (rh #2092762) -- bridge: fix wired.mtu reapply (rh #2076131) - -* Fri Jul 29 2022 Lubomir Rintel - 1:1.39.12-1 -- Update to 1.39.12 release (development) -- bridge: fix reapply support (rh #2092762) +- Upgrade to 1.40-rc1 (1.39.90) (release candidate) +- Upstream sync * Thu Jul 28 2022 Beniamino Galvani - 1:1.39.11-1 - Update to 1.39.11 release (development) -- dhcp: fix EXTENDED DHCP event to accept lease for dhclient plugin (rh #2109285) -- ovs: honor unmanaged setting also for interfaces that fail (rh #2077950) + +* Wed Jul 20 2022 Fedora Release Engineering - 1:1.39.10-1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Thu Jul 14 2022 Vojtech Bubela - 1:1.39.10-1 - Update to 1.39.10 release (development) -- initrd: set a default carrier timeout of 10 seconds in initrd (rh #2079277) -- dhcp: wait DAD completion for DHCPv6 addresses (rh #2096386) -- libnm: support wait-activation-delay property (rh #2008337) -- veth: fix veth activation on booting (rh #2105956) -- support a ipv6.addr-gen-mode knob in the global config (rh #208268) * Thu Jun 30 2022 Lubomir Rintel - 1:1.39.8-1 - Update to 1.39.8 release (development) -- core: make ipv6.addr-gen-mode default configurable (rh #1743161) (rh #2082682) -- dhcpv6: finish DAD before considering a lease to be good (rh #2096386) -- core: add connection.wait-activation-delay property (rh #2008337) -* Thu Jun 16 2022 Thomas Haller - 1:1.39.7-2 -- fix priority of IPv6 addresses to prefer manual over DHCPv6 over SLAAC (rh #2097270) +* Mon May 30 2022 Ana Cabral - 1:1.38.0-2 +- rpm: include an informational file in ifcfg files directory -* Wed Jun 15 2022 Lubomir Rintel - 1:1.39.7-1 -- Update to 1.39.7 release (development) -- core: cancel the IP check on deactivation (rh #2080928) -- core: ensure DHCP is restarted every time the link goes up (rh #2079406) -- core: fix a leak of L3 configuration memory (rh #2083453) -- ppp: fix a race with pppd when removing addresses (rh #2085382) -- wifi: fix a crash when checking WEP supplicant capability (rh #2092782) +* Fri May 13 2022 Thomas Haller - 1:1.38.0-1 +- Upgrade to 1.38.0 release -* Wed Jun 1 2022 Beniamino Galvani - 1:1.39.6-1 -- Update to 1.39.6 release (development) -- Implement ACD (address conflict detection) for DHCPv4 (rh #1713380) +* Wed May 4 2022 Thomas Haller - 1:1.37.92-1 +- Upgrade to 1.38-rc3 (1.37.92) (release candidate) +- core: change order in which IPv6 addresses are configured. -* Thu May 19 2022 Ana Cabral - 1:1.39.5-1 -- Update to 1.39.5 release (development) -- device: commit l3cfg on link change only when the device is activating (rh #2079054) -- l3cfg: during reapply, also clear IPv6 temporary addresses (rh #2082230) -- dhcp: support overlong DHCP host names (rh #2033643) -- cloud-setup: reorder addresses to honor "primary_ip_address" (rh #2082000) +* Thu Apr 14 2022 Thomas Haller - 1:1.37.91-1 +- Upgrade to 1.38-rc2 (1.37.91) (release candidate) -* Wed May 4 2022 Thomas Haller - 1:1.39.3-1 -- Update to 1.39.3 release (development) -- dhcp: save leases in /run (rh #1943153) -- ovs: use asynchronous attach-port (rh #2052441) -- device: set MTU after attaching bond port (rh #2071985) -- l3cfg: drop NM_L3_CFG_COMMIT_TYPE_ASSUME and assume_config_once (rh #2077605) - -* Thu Apr 21 2022 Thomas Haller - 1:1.39.2-2 -- generate docs during build instead of using pre-generated (2) (rh #1995915) - -* Thu Apr 21 2022 Thomas Haller - 1:1.39.2-1 -- Update to 1.39.2 release (development) -- dhcp: set "src" attribute for DHCP routes (rh #1995372) -- dhcp: drop internal DHCPv4 client based on systemd code (rh #2073067) -- core: delay startup complete for DNS update (rh #2049421) -- nmcli: support offline mode to create and edit keyfiles (rh #1361145) - -* Wed Apr 6 2022 Ana Cabral - 1:1.39.0-1 -- Update to 1.39.0 release (development) -- ovs, dpdk: fix creating ovs-interface when the ovs-bridge is netdev - (rh #2001792) +* Wed Apr 6 2022 Ana Cabral - 1:1.37.90-1 +- Upgrade to 1.38-rc1 (1.37.90) (release candidate) * Thu Mar 24 2022 Lubomir Rintel - 1:1.37.3-1 - Upgrade to 1.37.3 release (development) -- core: allow reapply on autoconnect-slaves property change (rh #2065049) -- wifi: do not advertise channels outside regulatory domain (rh #2062785) -- wifi: warn about WEP being phased out (rh #2030997) -- bond: reject reapply when fail_over_mac was changed (rh #2003214) -* Wed Mar 9 2022 Beniamino Galvani - 1:1.37.2-1 -- Upgrade to 1.37.2 release (development) -- core: preserve external ports during checkpoint rollback (rh #2035519) -- core: fix ovs bridge deletion (rh #1935026) -- core: shorten hostname when too long (rh #2033643) -- nm-online: bump the timeout upper limit to 2073600 seconds (rh #2025617) -- cloud-setup: fix crash when handling sigterm (rh #2027674) +* Tue Mar 22 2022 Beniamino Galvani - 1:1.36.4-1 +- Update to 1.36.4 release -* Mon Feb 28 2022 Beniamino Galvani - 1:1.36.0-2 -- core: fix setting DNS from WWAN and PPP (rh #2059138) +* Mon Mar 7 2022 Beniamino Galvani - 1:1.36.2-1 +- Update to 1.36.2 release +- Split ifcfg-rh settings plugin into subpackage NetworkManager-initscripts-ifcfg-rh * Thu Feb 24 2022 Lubomir Rintel - 1:1.36.0-1 -- Upgrade to 1.36.0 release -- core: avoid losing L3 configuration the second time it's applied (rh #2043514) -- ovs: avoid removing OVSDB entries on daemon shutdown (rh #2055665) -- nmcli: fix defaults for some properties on interactive add (rh #2053603) +- Update to 1.36.0 release -* Sat Feb 19 2022 Lubomir Rintel - 1:1.36.0-0.9 -- revert: generate docs during build instead of using pre-generated (rh #1995915) -- Upgrade to 1.35.92 (release candidate) -- ppp: increase disconnect timeout (rh #2049596) -- core: finish activation after all objects are committed (rh #2043133) -- ipv6: add support for multipath routes (rh #1837254) -- keyfile: do not write empty string list properties (rh #2022623) +* Sat Feb 19 2022 Lubomir Rintel - 1:1.36.0-0.11 +- Update to 1.36-rc3 (1.35.92) (release candidate) -* Fri Feb 04 2022 Lubomir Rintel - 1:1.36.0-0.8 -- Upgrade to 1.35.91 release (release candidate) -- bond: fix duplicate IPv4 address detection (rh #2028751) -- core: add support for blackhole routes (rh #1937823) (rh #2013587) -- core: re-assess IP configuration if one IP family times out (rh #2051904) -- ovs: remove ovsdb entry on interface removal (rh #2047302) -- ovs: properly clean up devices on daemon shutdown (rh #2029937) -- core: avoid losing addresses on handover from initrd to ral root (rh #2047302) -- core: fix a possibe assertion failure in ACD (rh #2047788) +* Thu Feb 10 2022 Lubomir Rintel - 1:1.36.0-0.10 +- Update to 1.36-rc2 (1.35.91) (release candidate) -* Fri Jan 28 2022 Thomas Haller - 1:1.36.0-0.7 -- Upgrade to 1.35.7 release (development) -- core: fix crash related to DHCPv6 leases (rh #2028849) -- wifi: fix stale ActiveAccessPoint in D-Bus (rh #1983747) -- libnm: fix dangling pointer in NMObject (rh #2039331) +* Fri Feb 04 2022 Lubomir Rintel - 1:1.36.0-0.9 +- Update to 1.36-rc1 (1.35.90) (release candidate) + +* Fri Jan 28 2022 Thomas Haller - 1:1.36.0-0.8 +- update to an early 1.36 snapshot (1.35.7) + +* Thu Jan 27 2022 Thomas Haller - 1:1.36.0-0.7 +- Revert rework of DHCP client that causes crash * Wed Jan 26 2022 Thomas Haller - 1:1.36.0-0.6 -- Upgrade to 1.35.6 release (development) -- Move ifup/ifdown scripts to new NetworkManager-initscripts-updown package (rh #2022418) -- wwan: fix assertion failure in modem/ppp code (rh #2028385) -- core: fix performance regression with 500vlans test (rh #2028849) -- core: drop defective BPF filter for netlink sockets that caused hangs (rh #2037411) -- initrd: add support for rd.znet_ifnames (rh #1980387) +- update to an early 1.36 snapshot (1.35.6) +- Move ifup/ifdown scripts to new NetworkManager-initscripts-updown package -* Thu Jan 20 2022 Thomas Haller - 1:1.36.0-0.5 -- generate docs during build instead of using pre-generated (rh #1995915) +* Wed Jan 19 2022 Fedora Release Engineering - 1:1.36.0-0.4.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild -* Wed Jan 12 2022 Wen Liang - 1:1.36.0-0.4 -- Upgrade to 1.35.4 release (development) -- ipv4ll: fix assert on external LL address removal (rh #2028404) -- openvswitch: add DPDK n_rxq configuration option (rh #2001563) -- device: ignore ndisc signal if device has no ifindex (rh #2013266) -- bluetooth: fix invalid assertion in NMBluezManager:dispose() (rh #2028427) -- supplicant: enable SAE-H2E (rh #2019396) +* Thu Jan 13 2022 Thomas Haller - 1:1.36.0-0.4 +- update to an early 1.36 snapshot (1.35.4) * Thu Dec 16 2021 Wen Liang - 1:1.36.0-0.3 -- Upgrade to 1.35.3 release (development) -- device: fix update of the ip-iface property (rh #2027490) -- platform: add bpf filter to ignore routes from routing daemons (rh #1861527) +- update to an early 1.36 snapshot (1.35.3) -* Wed Dec 1 2021 Wen Liang - 1:1.36.0-0.2 -- Upgrade to 1.35.2 release (development) -- initrd: handle ip=dhcp,dhcp6 specially to wait for both IPv4 and IPv6 (rh #1961666) -- bridge: fix ageing_time bridge option (rh #1871950) -- core: make sure Device and AC emit StateChanged a bit later (rh #2006677) -- ovsdb: deactivate removed device if does not have a master (rh #2022275) -- nmcli: fix setting wake-on-lan property on edit mode (rh #2016348) -- core: fix wrong DHCPv6 timeouts due to endianness problem (rh #2027267) +* Thu Dec 2 2021 Wen Liang - 1:1.36.0-0.2 +- update to an early 1.36 snapshot (1.35.2) -* Thu Nov 18 2021 Beniamino Galvani - 1:1.36.0-0.1 -- Upgrade to 1.35.1 release (development) -- core: refactor IP configuration code (rh #1868254) -- core: fix deleting external route during service restart (rh #2010640) +* Fri Nov 19 2021 Beniamino Galvani - 1:1.36.0-0.1 +- update to an early 1.36 snapshot (1.35.1) -* Thu Oct 21 2021 Ana Cabral - 1:1.34.0-0.3 -- Upgrade to 1.33.4 release (development) -- Deprecate "master"/"slave" on bonding and bridge API (rh #1949023) -- core: Fix configuration reload for active devices (rh #1852445) -- Update systemd-udev dependency (rh #2012123) +* Fri Oct 29 2021 Beniamino Galvani - 1:1.32.12-2 +- better handle systemd-resolved errors when resolving hostnames -* Thu Sep 23 2021 Ana Cabral - 1:1.34.0-0.2 -- Upgrade to 1.33.3 release (development) -- platform: don't listen for tc netlink messages (rh #1753677) -- cloud-setup: better handle other route configuration (rh #2006370) -- Fix autoneg advertisement (rh #1897004) +* Wed Sep 22 2021 Beniamino Galvani - 1:1.32.12-1 +- update to 1.32.12 release -* Thu Sep 9 2021 Ana Cabral - 1:1.34.0-0.1 -- Upgrade to 1.33.2 release (development) (rh #1996617) -- Obtain permanent hardware address via netlink or lookup via ethtool (rh #1987286) -- Show more information about routes in nmcli (rh #1870059) -- Add test for creation and activation of new connection via interface (rh #1763054) -- ethtool: fix setting autonegotiation/speed on reactivation (rh #1897004) -- Fix MTU's decrease after the removal of 802-3-ethernet configuration (rh #1973536) +* Thu Aug 19 2021 Thomas Haller - 1:1.32.10-2 +- platform: fix capturing IPv4 addresses from platform for assuming after restart -* Thu Aug 19 2021 Wen Liang - 1:1.32.10-2 -- platform: fix capturing IPv4 addresses from platform for assuming after restart (rh #1988751) - -* Wed Aug 18 2021 Wen Liang - 1:1.32.10-1 +* Thu Aug 19 2021 Wen Liang - 1:1.32.10-1 - update to 1.32.10 release -- nm-initrd-generator: add kernel command line options ethtool autoneg and speed (rh #1940934) -- IP: fix the order of IP addresses during service restart (rh #1988751) -* Tue Aug 10 2021 Fernando Fernandez Mancera - 1:1.32.8-1 -- Upgrade to 1.32.8 release -- firewalld: configure zones on "Reloaded" signal (rh #1982403) -- ethtool: support configuring newer gigabit ethernet speeds (rh #1897004) -- core: fix wrong MTU for bridge interfaces (rh #1973536) -- cloud-setup: fix gateway address for Aliyun cloud (rh #1823315) +* Tue Aug 10 2021 Fernando Fernandez Mancera - 1:1.32.8-1 +- update to 1.32.8 release -* Thu Jul 29 2021 Gris Ge - 1:1.32.6-1 -- Upgrade to 1.32.6 release -- core: fix adding stale local routes when address changes (rh #1979192) -- dhcp: handle filename/bootfile_name DHCP option and write it to device state - file for initrd/kickstart (rh #1979387) -- initrd: add "ib.pkey=" command line option (rh #1805708) -- core: introduce "keep-configuration" device option to forcefully activate a - profile on start (rh #1934122) +* Wed Jul 28 2021 Thomas Haller - 1:1.32.6-1 +- update to 1.32.6 release -* Wed Jul 21 2021 Gris Ge - 1:1.32.4-1 -- Upgrade to 1.32.4 with fixes of: -- nmcli: show DNS SEARCH field in device information. (rh #1852317) -- device: avoid crash setting VPN config during unrealize. (rh #1912423) -- core: send ARP announcements when there is carrier. (rh #1956793) -- core: add ipv[46].required-timeout option to wait for IP configuration while activating. (rh #1961666) -- core: start DHCPv6 when a prefix delegation is needed for shared mode. (rh #1973199) -- ifcfg: log warning about invalid keys in ifcfg files. (rh #1959656) -- cloud-setup: add support for Aliyun cloud. (rh #1823315) +* Wed Jul 21 2021 Fedora Release Engineering - 1:1.32.4-1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild -* Thu Jul 1 2021 Wen Liang - 1:1.32.2-1 -- update to 1.32.2 release -- device: prefer IPv6 not-deprecated addresses for hostname lookup (rh #1820770) -- docs: describe qdiscs and tfilters in nm-settings manpage (rh #1847894) -- cloud-setup: preserve IPv4 addresses/routes/rules from profile (rh #1971527) -- daemon: performance improvements (rh #1847125) -- dhcp/systemd: ignore FORCERENEW requests for DHCPV4 (rh #1961251, CVE-2020-13529) -- Add bridge_role in 802-3-ethernet.s390-options using nmcli (rh #1935842) +* Tue Jul 20 2021 Thomas Haller - 1:1.32.4-1 +- update to 1.32.4 release +- default to "nftables" firewall-backend for shared mode. -* Fri Jun 18 2021 Wen Liang - 1:1.32.0-1 +* Wed Jun 16 2021 Thomas Haller - 1:1.32.0-1 - update to 1.32.0 release -- veth: fix null error when deleting the device (rh #1915278) -- veth: fix crash when deleting the device profile (rh #1915276) -- firewall: add new "nftables" firewall-backend (rh #1548825) -- DNS: fix lookup of hostname via DNS (rh #1970335) +- default to "iptables" firewall-backend due to SELinux bug rh #1972911. -* Mon Jun 7 2021 Thomas Haller - 1:1.32.0-0.5 +* Fri Jun 4 2021 Thomas Haller - 1:1.32.0-0.4 - update to 1.32-rc1 (1.31.90) (release candidate) -- core: allow to preserved external TFilter and QDisc settings (rh #1928078) -- bond: support "tlb_dynamic_lb" in "balance-alb" mode (rh #1959934) - -* Thu May 20 2021 Wen Liang - 1:1.32.0-0.4 -- Update to 1.31.5 (development) -- core: configure MTU early before DHCP completes (rh #1890234) -- core: fix activation handling for ports (rh #1955101, rh #1959961) -- core: add support for ethtool pause parameters (rh #1899372) -- dhcp: support option 249 (Microsoft Classless Static Route) (rh #1959461) * Wed May 5 2021 Beniamino Galvani - 1:1.32.0-0.3 -- Update to 1.31.4 (development) -- core: fix assertion failure in activation handling (rh #1933719) +- update to an early 1.32 snapshot (1.31.4) -* Thu Apr 22 2021 Beniamino Galvani - 1:1.32.0-0.2 -- Update to 1.31.3 (development) +* Fri Apr 23 2021 Beniamino Galvani - 1:1.32.0-0.2 +- update to an early 1.32 snapshot (1.31.3) * Thu Mar 25 2021 Beniamino Galvani - 1:1.32.0-0.1 -- Update to 1.31.2 (development) +- update to an early 1.32 snapshot (1.31.2) -* Tue Mar 23 2021 Beniamino Galvani - 1:1.30.0-5 -- bond: restore MAC on release only when there is a cloned MAC address (rh #1933292) - -* Fri Mar 12 2021 Beniamino Galvani - 1:1.30.0-4 -- initrd: apply the MTU from bond= argument to the bond connection (rh #1936610) - -* Fri Mar 12 2021 Thomas Haller - 1:1.30.0-3 -- Increase LimitNOFILE to allow more than 1024 file descriptors (rh #1926599). - This requires a suitable libndp version that can handle many file descriptors (rh #1933041). - -* Tue Feb 23 2021 Thomas Haller - 1:1.30.0-2 -- Avoid logging warning setting bond ad_actor_system (rh #1923999) +* Fri Mar 12 2021 Beniamino Galvani - 1:1.30.2-1 +- update to 1.30.2 release * Thu Feb 18 2021 Thomas Haller - 1:1.30.0-1 -- Update to 1.30.0 release +- update to 1.30.0 release -* Thu Feb 11 2021 Thomas Haller - 1:1.30.0-0.10 -- Update to 1.30-rc1 (1.29.90-dev) (development) -- cloud-setup: fix removing IPv4 address (rh #1920838) +* Thu Feb 11 2021 Thomas Haller - 1:1.30.0-0.5 +- update to 1.30-rc1 (1.29.90-dev) snapshot -* Mon Feb 8 2021 Antonio Cardace - 1:1.30.0-0.9 -- Update to 1.29.11 (development) -- bond: fix changing mode when the device is created externally (rh #1870691) -- ovs: fix firewalld configuration for ovs-ports (rh #1921107) -- ovs: avoid race condition when system interface is removed from ovsdb (rh #1923248) -- doc: mention NETMASK as alternative to PREFIX for addresses in `man nm-settings-ifcfg-rh` (rh #1925123) +* Tue Feb 9 2021 Thomas Haller - 1:1.30.0-0.4 +- update to 1.29.11-dev snapshot -* Wed Jan 27 2021 Beniamino Galvani - 1:1.30.0-0.8 -- Update to 1.29.10 (development) -- bond: introduce new 'vlan+srcmac' xmit_hash_policy option (rh #1915457) -- ovs: clean up interfaces from ovsdb at startup (rh #1861296) +* Mon Jan 25 2021 Fedora Release Engineering - 1:1.30.0-0.3.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild -* Tue Jan 19 2021 Thomas Haller - 1:1.30.0-0.7 -- Update to 1.29.9 (development) -- By default check all devices for hostname reverse DNS lookup (rh #1766944) +* Tue Jan 19 2021 Thomas Haller - 1:1.30.0-0.3 +- update to 1.29.9-dev snapshot -* Thu Jan 14 2021 Thomas Haller - 1:1.30.0-0.6 -- Update to 1.29.8 (development) -- initrd: accept zero-byte prefix for BOOTIF MAC address (rh #1904099) -- core: fix bond port wrongly detached by dispather call (rh #1888348) -- cloud-setup: add manual page (rh #1867997) -- core: fix handling timeout for IPv6 RDNSS,DNSSL option in RA (rh #1874743) +* Fri Jan 15 2021 Peter Robinson 1:1.30.0-0.2 +- Require wireless-regdb for wifi support so WiFi region is set -* Wed Dec 23 2020 Beniamino Galvani - 1:1.30.0-0.5 -- Update to 1.29.7 (development) -- Add WPA3-Enterprise support (rh #1883024) +* Thu Jan 14 2021 Thomas Haller - 1:1.30.0-0.1 +- update to 1.29.8-dev snapshot -* Mon Dec 14 2020 Beniamino Galvani - 1:1.30.0-0.4 -- Update to 1.29.6 (development) -- initrd: disable ipv4 and ipv6 by default for vlan parent connection (rh #1903175) -- initrd: fix parsing of ip= argument with dotted interface name (rh #1898294) +* Wed Jan 06 2021 Mohan Boddu - 1:1.28.0-2 +- Rebuild for ppp-2.4.9-1 -* Fri Nov 27 2020 Beniamino Galvani - 1:1.30.0-0.3 -- Update to 1.29.3 (development) -- Support changing external-ids of OVS bridges and interfaces (rh #1866227) -- Add a hostname setting (rh #1766944) -- Support creating veth interfaces (rh #1901523) -- initrd: fix parsing of ip= arguments with empty first token (rh #1900260) +* Sun Dec 6 2020 Thomas Haller - 1:1.28.0-1 +- update to 1.28.0 -* Mon Nov 9 2020 Beniamino Galvani - 1:1.30.0-0.2 -- device: fix crash in nm_device_reactivate_ip_config() -- dns: fix crash in systemd-resolved DNS plugin (rh #1894839) +* Tue Oct 20 2020 Beniamino Galvani - 1:1.28.0-0.2 +- update to 1.28-rc2 (1.27.91) -* Mon Nov 2 2020 Antonio Cardace - 1:1.30.0-0.1 -- Update to 1.29.1 (development) -- add library for handling profiles in keyfile format (rh #1813334) -- initrd: allow disabling NICs during boot (rh #1883958) -- allow `NM.Device.get_applied_connection_async()` to run by non-privilege user (rh #1882380) -- nmcli ignores /etc/terminal-colors.d/nmcli.scheme (rh #1886336) -- pass bridge master to wpa_supplicant when Wlan is part of bridge (rh #1888051) -- add infiniband support in initrd (rh #1883173) +* Tue Oct 6 2020 Thomas Haller - 1:1.28.0-0.1 +- update to 1.28-rc1 (1.27.90) -* Fri Sep 18 2020 Beniamino Galvani - 1:1.28.0-0.1 -- Update to 1.27.3 (development) -- device: enforce the absence of a master during activation (rh #1869079) -- bond: fix race condition setting the "active_slave" option (rh #1856640) +* Sat Sep 19 2020 Yaroslav Fedevych - 1:1.26.2-2 +- fix build failure due to generating invalid XML documentation -* Tue Sep 1 2020 Antonio Cardace - 1:1.26.0-7 -- dhcp: add dhcp-vendor-class-identifier option (rh #1871042) -- initrd: parse 'rd.net.dhcp.vendor-class' kernel cmdline arg (rh #1872299) +* Wed Aug 19 2020 Thomas Haller - 1:1.26.2-1 +- update to 1.26.2 +- enable link time optimization (LTO). -* Mon Aug 17 2020 Thomas Haller - 1:1.26.0-6 -- core: fix handling of local routes as default route and on D-Bus (rh #1868982) +* Mon Jul 27 2020 Fedora Release Engineering - 1:1.26.0-2.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild -* Thu Aug 13 2020 Thomas Haller - 1:1.26.0-5 -- core: fix wait-device-timeout race and support general device matches (rh #1853348) - -* Tue Aug 11 2020 Antonio Cardace - 1:1.26.0-4 -- bond: fix Reapply does not update bond options (rh #1847814) -- dhcp: support DHCPv6 fqdn_fqdn option for hostname (rh #1858344) - -* Thu Aug 6 2020 Thomas Haller - 1:1.26.0-3 -- core: fix managing devices after resuming from sleep (rh #1855563) -- dhcp: fix BPF filter for internal client on big endian arch (rh #1861488) -- core: support warning log setting IPv6 MTU with IPv6 disabled (rh #1840989) -- wifi: fix crash parsing incomplete BSS info (rh #1866395) - -* Fri Jul 17 2020 Antonio Cardace - 1:1.26.0-2 -- core: fix generation of local routes for VRF devices (rh #1857133) -- team: fix crash on failure to connect to teamd (rh #1856723) -- core: fix detecting failure of master active-connection (rh #1845018) -- core: fix warning about setting active_slave of bond when activating master (rh #1858326) -- import translations (rh #1820552) +* Mon Jul 13 2020 Thomas Haller - 1:1.26.0-2 +- prefer keyfile settings plugin over ifcfg-rh (rh #1857391) * Mon Jul 13 2020 Thomas Haller - 1:1.26.0-1 - update to 1.26.0 -- device: reset SR-IOV parameters on activation failure (rh #1819587) -- initrd: enable ipv6.method=auto with ip=dhcp6 (rh #1854323) -- core: add "nm-shared" zone for firewalld for shared mode (rh #1834907) -- ppp: fix taking control of link (rh #1849386) - -* Mon Jul 6 2020 Beniamino Galvani - 1:1.26.0-0.2.1 -- device: restart DHCP only for devices that are active or activating (rh #1852612) -- initrd: fix generating default BOOTIF= connection (rh #1853277) -- ovs: fix race condition when setting MAC address for ovs interfaces (rh #1852106) - -* Sun Jun 28 2020 Beniamino Galvani - 1:1.26.0-0.2 -- update to 1.26-rc2 (1.25.91) -- initrd: set ipv6.method=auto when using IPv4 static configuration (rh #1848943) -- cloud-setup: add support for Google Cloud load-balancing routes (rh #1821787) * Mon Jun 15 2020 Thomas Haller - 1:1.26.0-0.1 - update to 1.26-rc1 (1.25.90) -- core: support more tc qdiscs (tbf and sfq) (rh #1546802) -- core: support match devices for connection profile by PCI address (ID_PATH) (rh #1673321) -- ovs: fix peer property for OVS patch interface (rh #1845216) -- doc: add manual pages nm-settings-dbus and nm-settings-nmcli (rh #1614726) -- wifi: don't block autoconnect for profiles that never succeeded to connect (rh #1781253) -- dbus,nmcli: highlight externally managed devices (rh #1816202) -* Fri May 29 2020 Beniamino Galvani - 1:1.25.2-1 -- update to 1.25.2 (development) -- support ethtool coalesce and ring options (rh #1614700) -- core: improve synchronization of qdiscs with kernel (rh #1815875) -- team: support running without D-Bus (rh #1784363) -- core: fix potential crash when autoactivating child connections (rh #1778073) -- ethernet: reset original autonegotiation/speed/duplex settings on deactivation (rh #1807171) -- core: fix setting IPv6 token in kernel (rh #1819680) +* Fri May 29 2020 Thomas Haller - 1:1.24.2-1 +- Update to 1.24.2 release +- ifcfg-rh: handle "802-1x.{,phase2-}ca-path" (rh #1841395, CVE-2020-10754) -* Fri May 8 2020 Thomas Haller - 1:1.25.1-1 -- update to 1.25.1 (development) -- improve documentation (rh #1651594, rh #1819259) -- vrf: add support (rh #1773908) -- bond: improve setting default options for miimon and updelay (rh #1805184, rh #1806549) -- bluetooth: fix crash handling DUN modem (rh #1826635) -- core: fix potential infinite loop with prefix delegation (rh #1488030) -- initrd: fixes for running NetworkManager in initrd (rh #1627820, #1710935, #1744935, #1771792) -- core: prevent multiple attempts to create default wired connection (rh #1687937) -- bridge: support more options (rh #1755768) -- libnm,dbus: expose HwAddress for all device types (rh #1786937) -- core: fix route priority for IPv6 (rh #1814557) -- core: fix crash during reapply (rh #1816067) -- core: clear IP address from bridge slave (rh #1816517) -- ovs: support changing MTU of OVS interfaces (rh #1820052) -- nm-online: support setting timeout for NetworkManager-wait-online (rh #1828458) +* Fri May 8 2020 Thomas Haller - 1:1.22.8-4 -- core: fix leaking device state files in /run (rh #1810153) -- dhcp: fix crash in nettools client when leaking GSource (rh #1810188) +* Sat May 2 2020 Thomas Haller - 1:1.22.8-3 -- dhcp: keep trying after a send failure (rh #1806516) -- ovs: fail port enslavement when the bridge is not found (rh #1797696) +* Sat Apr 11 2020 Thomas Haller - 1:1.22.8-2 -- bond: fix setting arp_validate option for other bonding modes (rh #1789437) +* Thu Apr 02 2020 Björn Esser - 1:1.22.10-1.1 +- Fix string quoting for rpm >= 4.16 + +* Thu Mar 12 2020 Thomas Haller - 1:1.22.8-2 +- Rebuild for new ppp * Tue Feb 18 2020 Antonio Cardace - 1:1.22.8-1 - Update to 1.22.8 -- Added configuration option to customize IPv6 RA timeout (rh #1801158) -- Removed length limitation for OVS Bridge, Patches and Interfaces (only Patch types) names (rh #1788432) -- Reworked asynchronous deactivation of OVS interfaces (rh #1787989, rh #1782701) -- Fixed failure when creating team interfaces (rh #1798947) -- ifcfg-rh: fix clearing ovs slave type from ifcfg-rh file (rh #1804167) -- Fixed bug causing virtual devices to not be available after AddConnection()/Update() (rh #1804350) -* Fri Jan 31 2020 Antonio Cardace - 1:1.22.6-1 +* Mon Feb 3 2020 Beniamino Galvani - 1:1.22.6-2 +- Fix build with GCC 10 + +* Mon Feb 3 2020 Beniamino Galvani - 1:1.22.6-1 - Update to 1.22.6 -- nm-device: add new pending action to keep the device busy when in between states (rh #1759956) -- cloud-setup: avoid unsupported settings in systemd service unit (rh #1791758) -- do not create virtual device if master is not present (rh #1795919) -- allow IPv6 RA timeout to be set to a value higher than 120 seconds (rh #1795957) -- fix behaviour when 'ipv4.dhcp-timeout' option is set to 'infinity' (rh #1791378) + +* Tue Jan 28 2020 Fedora Release Engineering - 1:1.22.4-1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Fri Jan 10 2020 Beniamino Galvani - 1:1.22.4-1 - Update to 1.22.4 -- dhcp: fix behavior of internal DHCP client when the server sends a NAK (rh #1787219) -* Sat Dec 28 2019 Thomas Haller - 1:1.22.2-1 +* Wed Dec 25 2019 Thomas Haller - 1:1.22.2-1 - Update to 1.22.2 -- core,libnm: expose capability for OVS support (rh #1785147) -- dhcp: various bugfixes for nettools n-dhcp4 plugin - -* Tue Dec 17 2019 Thomas Haller - 1:1.22.0-2 -- dhcp: fix parsing of DNS search domain with nettools plugin (rh #1783981) * Tue Dec 17 2019 Thomas Haller - 1:1.22.0-1 - Update to 1.22.0 -- support main.auth-polkit=root-only setting to allow root only (rh #1762011) -* Fri Nov 29 2019 Thomas Haller - 1:1.22.0-0.2 -- Update to 1.22-rc1 (1.21.90) -- large internal rework of libnm's NMClient -- dhcp: switch implementation of "internal" DHCP to nettools' n-dhcp4 -- add support for carrier state of devices on D-Bus/libnm (rh #1722024) -- cloud-setup: add initial and experimental tool for configuring in cloud (rh #1642461) -- dhcp: support configuring FQDN hostname flags (rh #1649368) +* Fri Nov 29 2019 Thomas Haller - 1:1.21.0-0.2 +- Update to 1.21.90 (1.22-rc1) -* Wed Nov 13 2019 Beniamino Galvani - 1:1.22.0-0.1 -- Update to 1.21.3, a development snapshot of NetworkManager 1.22 -- support configuring default route as a regular, static route (rh #1714438) +* Sun Nov 03 2019 Lubomir Rintel - 1:1.21.0-0.1 +- Update to an early 1.22.0 snapshot -* Tue Oct 01 2019 Lubomir Rintel - 1:1.20.0-4 -- initrd: re-enable the generator (rh #1626348) +* Mon Sep 30 2019 Thomas Haller - 1:1.20.4-1 +- Update to 1.20.4 release +- wifi: fix crash related to Wi-Fi P2P +- initrd: handle rd.znet parameter for s390 (rh #1753975) +- core: don't generate default-wired-connection if profile exists (rh #1727909) -* Tue Aug 27 2019 Thomas Haller - 1:1.20.0-3 -- wifi: detect FT support per device to fix issues with driver support (rh #1743730) -- doc: fix default values in pre-generated documentation (rh #1737945) +* Sat Sep 07 2019 Lubomir Rintel - 1:1.20.2-3 +- Actually fix the boolean dep for the wireless daemon -* Thu Aug 15 2019 Lubomir Rintel - 1:1.20.0-2 -- Import translations (rh #1689999) +* Fri Sep 06 2019 Lubomir Rintel - 1:1.20.2-2 +- Bring back the boolean dep for the wireless daemon + +* Thu Sep 05 2019 Lubomir Rintel - 1:1.20.2-1 +- Update to 1.20.2 release +- Bring back the hard wpa_supplicant dependency (rh #1743585) + +* Fri Aug 23 2019 Lubomir Rintel - 1:1.20.0-3 +- install our dispatcher scripts into /usr/lib/NetworkManager +- wifi: detect FT support per interface and avoid enabling it + +* Thu Aug 15 2019 Lubomir Rintel - 1:1.20.0-2 +- Enable iwd support * Tue Aug 6 2019 Thomas Haller - 1:1.20.0-1 - Update to 1.20.0 release -- fix license comments for RPM package (rh #1723395) -- dhcp: disable experimental nettools DHCP plugin -* Fri Jul 26 2019 Thomas Haller - 1:1.20.0-0.4 -- Update to 1.20-rc1 snapshot -- settings: support read-only directory for keyfile profiles (rh #1674545) -- settings: add AddConnection2 D-Bus API to suppress autoconnect (rh #1677068) -- settings: add no-reapply flat to Update2 D-Bus API (rh #1677070) -- openvswitch: don't release slaves on quit (rh #1733709) -- dhcp: expose private options for internal DHCP plugin (rh #1663253) -- device: fix route table setting when re-activating device (rh #1719318) -- man: clarify example in nm-openvswitch manual page (rh #1638038) -- man: various improvements of manual pages (rh #1612554) +* Mon Jul 29 2019 Thomas Haller - 1:1.20.0-0.5 +- Update to 1.20-rc1 upstream release candidate -* Thu Jun 20 2019 Lubomir Rintel - 1:1.20.0-0.3 -- initrd: disable the generator again +* Wed Jul 24 2019 Fedora Release Engineering - 1:1.20.0-0.4.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild -* Fri Jun 14 2019 Lubomir Rintel - 1:1.20.0-0.2 -- Update to a newer 1.20 snapshot -- ovs: support dpdk interfaces (rh #1612503) -- libnm-core: change unsupported modes for arp_ip_targets bond option (rh #1718173) -- ipv6: add 'disabled' method (rh #1643841) -- device: fix matching parent device by connection UUID (rh #1716438) -- cli: fix default value for team.runner-min-ports (rh #1716987) -- initrd: re-enable the generator (rh #1626348) +* Mon Jul 08 2019 Lubomir Rintel - 1:1.20.0-0.4 +- settings: fix a reversed conditional in have_connection_for_device() (rh #1727411) -* Wed Jun 5 2019 Lubomir Rintel - 1:1.20.0-0.1 -- Update to a 1.20 snapshot -- core: fix a possible crash on device removal (rh #1659790) -- core: fix automatic activation of software deviecs (rh #1667874) -- team: use strict JSON parsing for configuration (rh #1691619) -- team: don't kill teamd for external devices (rh #1693142) -- logging: don't misuse SYSLOG_FACILITY field in journal (rh #1709741) +* Wed Jul 03 2019 Lubomir Rintel - 1:1.20.0-0.3 +- Update the 1.20.0 snapshot +- initrd: skip ethernet hwtype in BOOTIF (rh #1726240) +- initrd: allow specifying the net mask in form of a prefix (rh #1725872) -* Fri Feb 8 2019 Beniamino Galvani - 1:1.14.0-14 -- clients: fix string list setter (rh #1671200) +* Tue Jun 04 2019 Lubomir Rintel - 1:1.20.0-0.2 +- Update the 1.20.0 snapshot +- Re-enable the initrd generator -* Thu Jan 10 2019 Francesco Giudici - 1:1.14.0-13 -- device: improve assuming bridges on startup (rh #1593939) +* Fri May 03 2019 Lubomir Rintel - 1:1.20.0-0.1 +- Update to an early 1.20.0 snapshot -* Wed Jan 9 2019 Thomas Haller - 1:1.14.0-12 -- dhcp: fix client-id and DUID for infiniband (2) (rh #1658057) +* Fri Apr 26 2019 Lubomir Rintel - 1:1.18.0-1 +- Update to 1.18.0 release -* Tue Jan 8 2019 Beniamino Galvani - 1:1.14.0-11 -- device: ensure IP configuration is restored when link goes up (rh #1636715) -- dhcp: fix client-id and DUID for infiniband (rh #1658057) -- dhcp: change internal DHCP plugin's ipv4.dhcp-client-id setting to "mac" (rh #1661165) +* Fri Mar 15 2019 Thomas Haller - 1:1.16.0-1 +- Update to 1.16.0 release -* Fri Dec 14 2018 Beniamino Galvani - 1:1.14.0-10 -- ifcfg-rh: fix reading SR-IOV settings -- dhcp: support client-id and DUID for infiniband (rh #1658057) +* Mon Mar 11 2019 Thomas Haller - 1:1.16.0-0.3 +- Fix compilation error on rawhide for gettid() compat implementation -* Thu Dec 13 2018 Thomas Haller - 1:1.14.0-9 -- dhcp: fix default client-id for NetworkManager-config-server (rh #1658057) -- connectivity: fix crash and portal detection (rh #1658217) -- core: combine secret-key with machine-id for host identity (rh #1642023) -- SR-IOV related fixes (rh #1651578, rh #1651576, rh #1651979) -- core: fix updating agent-owned secrets (rh #1658771) -- core: no longer set rp_filter sysctl (rh #1651097) -- device: don't take device down when changing MAC address (rh #1659063) -- doc: use pregenerated manual pages and gtk-doc from source tarball +* Mon Mar 11 2019 Thomas Haller - 1:1.16.0-0.2 +- Update to 1.15.91 release (1.16-rc2) -* Mon Dec 10 2018 Lubomir Rintel - 1:1.14.0-8 -- Update translations (rh #1608323) +* Sat Feb 23 2019 Thomas Haller - 1:1.16.0-0.1 +- Update to 1.15.90 release (1.16-rc1) -* Sat Nov 17 2018 Thomas Haller - 1:1.14.0-7 -- device: improve auto selection of device when activating profile (rh #1639254) +* Sun Feb 17 2019 Igor Gnatenko - 1:1.14.4-2.3 +- Rebuild for readline 8.0 -* Fri Nov 16 2018 Thomas Haller - 1:1.14.0-6 +* Mon Feb 04 2019 Kalev Lember - 1:1.14.4-2.2 +- Update BRs for vala packaging changes + +* Thu Jan 31 2019 Fedora Release Engineering - 1:1.14.4-2.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Mon Oct 29 2018 Thomas Haller - 1:1.14.4-2 - dhcp: fix out-of-bounds heap write for DHCPv6 with internal plugin (CVE-2018-15688) -- dhcp: revert letting internal DHCP generate default client-id based on MAC address (rh #1640464) -- dhcp: support "duid" setting for ipv4.dhcp-client-id -- dhcp: support "${MAC}" identifier for connection.stable-id -- dhcp: support dhcp-plugin device spec for matching devices in NetworkManager.conf -- dhcp: install configuration snippet in config-server package for ipv4.dhcp-client-id=mac (rh #1640494) -- dns: remove limitation for six DNS search entries (rh #1649704) -- libnm: fix crash cancelling activation from within callback (rh #1643085) -* Tue Oct 16 2018 Lubomir Rintel - 1:1.14.0-5 -- Update translations (rh #1608323) +* Wed Oct 24 2018 Lubomir Rintel - 1:1.14.4-1 +- Update to 1.14.4 release +- Temporarily disable the initrd generator (rh #1641832) -* Mon Oct 8 2018 Beniamino Galvani - 1:1.14.0-4 -- Don't depend on openvswitch (rh #1629178) -- device: don't remove routes when the interface is down (rh #1636715) +* Tue Oct 23 2018 Thomas Haller - 1:1.14.2-2 +- device: fix crash in nm_device_generate_connection() +- dhcp: dhclient: fix memory leak -* Tue Sep 18 2018 Thomas Haller - 1:1.14.0-3 -- dhcp: let internal DHCP generate default client-id based on MAC address (2) +* Fri Oct 19 2018 Lubomir Rintel - 1:1.14.2-1 +- Update to 1.14.2 release -* Tue Sep 18 2018 Thomas Haller - 1:1.14.0-2 -- dhcp: let internal DHCP generate default client-id based on MAC address - -* Fri Sep 14 2018 Thomas Haller - 1:1.14.0-1 +* Tue Sep 18 2018 Thomas Haller - 1:1.14.0-1 - Update to 1.14.0 release -* Tue Sep 4 2018 Thomas Haller - 1:1.14.0-0.4 -- dhcp: switch default DHCP plugin from dhclient to internal (rh #1571655) +* Sat Aug 11 2018 Lubomir Rintel - 1:1.12.2-2 +- fix compile error due to NM_AVAILABLE_IN_1_12_2 -* Mon Aug 13 2018 Thomas Haller - 1:1.14.0-0.3 -- Update to 1.13.3, a development snapshot of NetworkManager 1.14 +* Wed Jul 25 2018 Lubomir Rintel - 1:1.12.2-1 +- Update to 1.12.2 release -* Thu Jul 26 2018 Lubomir Rintel - 1:1.14.0-0.2 -- Update to 1.13.2, a development snapshot of NetworkManager 1.14 +* Thu Jul 12 2018 Fedora Release Engineering - 1:1.12.0-1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild -* Tue Jun 19 2018 Thomas Haller - 1:1.14.0-0.1 -- Update to 1.13.0, a development snapshot of NetworkManager 1.14 +* Fri Jun 29 2018 Thomas Haller - 1:1.12.0-1 +- Update to 1.12.0 release -* Thu May 31 2018 Lubomir Rintel - 1:1.12.0-0.4 -- Update to 1.11.4, a development snapshot of NetworkManager 1.12 +* Sat Jun 16 2018 Thomas Haller - 1:1.12.0-0.1 +- Update to 1.12-rc1 pre-release + +* Thu May 31 2018 Lubomir Rintel - 1:1.11.4-1 +- Update to a development snapshot of NetworkManager 1.12 +- Switch crypto to gnutls +- Add dispatcher-routing-rules subpackage - Switch to Python 3-only build root -* Thu May 3 2018 Thomas Haller - 1:1.12.0-0.3 -- core: use gnutls crypto library instead of nss (rh #1581693) +* Fri May 11 2018 Beniamino Galvani - 1:1.10.8-1 +- Update to 1.10.8 release -* Thu May 3 2018 Thomas Haller - 1:1.12.0-0.2 -- core: fix error destroying checkpoints (rh#1574565) +* Sun May 6 2018 Beniamino Galvani - 1:1.10.6-3 +- dhcp: better handle expiry and nacks (rh #1575370) -* Mon Apr 23 2018 Thomas Haller - 1:1.12.0-0.1 -- Update to 1.11.3 release +* Tue Apr 17 2018 Beniamino Galvani - 1:1.10.6-2 +- device: fix setting 'rp_filter' value (rh #1565529) + +* Wed Mar 14 2018 Iryna Shcherbina - 1:1.10.6-1.1 +- Update Python 2 dependency declarations to new packaging standards + (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) + +* Mon Mar 12 2018 Thomas Haller - 1:1.10.6-1 +- Update to 1.10.6 release + +* Fri Mar 9 2018 Thomas Haller - 1:1.10.4-2 +- policy: fix blocking autoconnect for no-secrets (rh #1553773) + +* Mon Feb 5 2018 Lubomir Rintel - 1:1.10.4-1 +- Update to 1.10.4 release * Fri Dec 15 2017 Thomas Haller - 1:1.10.2-1 - Update to 1.10.2 release diff --git a/SOURCES/0001-cloud-setup-systemd-unit-rh1791758.patch b/SOURCES/0001-cloud-setup-systemd-unit-rh1791758.patch deleted file mode 100644 index 83c2455..0000000 --- a/SOURCES/0001-cloud-setup-systemd-unit-rh1791758.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 45f33b5379c41f34fb1a27452e5f62e2d571e85e Mon Sep 17 00:00:00 2001 -From: Thomas Haller -Date: Thu, 16 Jan 2020 13:40:26 +0100 -Subject: [PATCH] cloud-setup: avoid unsupported systemd settings in - nm-cloud-setup.service init for rhel-8.2 - -https://bugzilla.redhat.com/show_bug.cgi?id=1791758 ---- - src/nm-cloud-setup/nm-cloud-setup.service.in | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/nm-cloud-setup/nm-cloud-setup.service.in b/src/nm-cloud-setup/nm-cloud-setup.service.in -index f4b0e2638f14..c59bd47574ba 100644 ---- a/src/nm-cloud-setup/nm-cloud-setup.service.in -+++ b/src/nm-cloud-setup/nm-cloud-setup.service.in -@@ -28,15 +28,15 @@ PrivateDevices=yes - PrivateTmp=yes - ProtectControlGroups=yes - ProtectHome=yes --ProtectHostname=yes --ProtectKernelLogs=yes -+#ProtectHostname=yes -+#ProtectKernelLogs=yes - ProtectKernelModules=yes - ProtectKernelTunables=yes - ProtectSystem=strict - RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 - RestrictNamespaces=yes - RestrictRealtime=yes --RestrictSUIDSGID=yes -+#RestrictSUIDSGID=yes - SystemCallFilter=@system-service - - [Install] --- -2.31.1 - diff --git a/SOURCES/0002-firewall-Default-to-iptables-backend-to-preserve-behavior.patch b/SOURCES/0002-firewall-Default-to-iptables-backend-to-preserve-behavior.patch deleted file mode 100644 index 40aea35..0000000 --- a/SOURCES/0002-firewall-Default-to-iptables-backend-to-preserve-behavior.patch +++ /dev/null @@ -1,34 +0,0 @@ -From af25d85a43eb2aa59a80c13aa214cbc5509b6815 Mon Sep 17 00:00:00 2001 -From: Wen Liang -Date: Wed, 16 Jun 2021 22:43:32 +0200 -Subject: [PATCH] firewall: Default to iptables backend to preserve behavior - -For upsteam, the default is "nftables" (if nft is installed). On RHEL8, we will -always default to "iptables" to preserve behavior. ---- - src/core/nm-firewall-utils.c | 9 +++------ - 1 file changed, 3 insertions(+), 6 deletions(-) - -diff --git a/src/core/nm-firewall-utils.c b/src/core/nm-firewall-utils.c -index 1311f5039910..3284b5ebaa4b 100644 ---- a/src/core/nm-firewall-utils.c -+++ b/src/core/nm-firewall-utils.c -@@ -743,12 +743,9 @@ nm_firewall_config_apply(NMFirewallConfig *self, gboolean shared) - static NMFirewallBackend - _firewall_backend_detect(void) - { -- if (g_file_test(NFT_PATH, G_FILE_TEST_IS_EXECUTABLE)) -- return NM_FIREWALL_BACKEND_NFTABLES; -- if (g_file_test(IPTABLES_PATH, G_FILE_TEST_IS_EXECUTABLE)) -- return NM_FIREWALL_BACKEND_IPTABLES; -- -- return NM_FIREWALL_BACKEND_NFTABLES; -+ /* For upsteam, the default is "nftables" (if nft is installed). On RHEL8, we will -+ * always default to "iptables" to preserve behavior. */ -+ return NM_FIREWALL_BACKEND_IPTABLES; - } - - NMFirewallBackend --- -2.31.1 - diff --git a/SOURCES/0003-order-ipv6-addresses.patch b/SOURCES/0003-order-ipv6-addresses.patch deleted file mode 100644 index 73c44b1..0000000 --- a/SOURCES/0003-order-ipv6-addresses.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 94933a67129ea9d38010b58e4928ff41aa204692 Mon Sep 17 00:00:00 2001 -From: Thomas Haller -Date: Wed, 4 May 2022 15:22:33 +0200 -Subject: [PATCH 1/1] Revert changes to order of static IPv6 addresses - -Upstream 1.38.0 and newer changed behavior so that static addresses in -"ipv6.addresses" are sorted with most important first. That is then -consistent with "ipv4.addresses". - -Revert this change for downstream RHEL. - -https://bugzilla.redhat.com/show_bug.cgi?id=2097270 ---- - src/core/nm-l3-config-data.c | 3 ++- - src/libnm-core-impl/nm-setting-ip6-config.c | 2 +- - src/libnmc-setting/settings-docs.h.in | 2 +- - src/nmcli/generate-docs-nm-settings-nmcli.xml.in | 2 +- - 4 files changed, 5 insertions(+), 4 deletions(-) - -diff --git a/src/core/nm-l3-config-data.c b/src/core/nm-l3-config-data.c -index bcd0b62a8488..4640acad3796 100644 ---- a/src/core/nm-l3-config-data.c -+++ b/src/core/nm-l3-config-data.c -@@ -2753,7 +2753,8 @@ _init_from_connection_ip(NML3ConfigData *self, int addr_family, NMConnection *co - - naddresses = nm_setting_ip_config_get_num_addresses(s_ip); - for (i = 0; i < naddresses; i++) { -- NMIPAddress *s_addr = nm_setting_ip_config_get_address(s_ip, i); -+ const guint addr_idx = IS_IPv4 ? i : (naddresses - i - 1); -+ NMIPAddress *s_addr = nm_setting_ip_config_get_address(s_ip, addr_idx); - NMPlatformIPXAddress a; - NMIPAddr addr_bin; - GVariant *label; -diff --git a/src/libnm-core-impl/nm-setting-ip6-config.c b/src/libnm-core-impl/nm-setting-ip6-config.c -index 8b593b97336a..0356888da324 100644 ---- a/src/libnm-core-impl/nm-setting-ip6-config.c -+++ b/src/libnm-core-impl/nm-setting-ip6-config.c -@@ -998,7 +998,7 @@ nm_setting_ip6_config_class_init(NMSettingIP6ConfigClass *klass) - * format: a comma separated list of addresses - * description: A list of IPv6 addresses and their prefix length. Multiple addresses - * can be separated by comma. For example "2001:db8:85a3::8a2e:370:7334/64, 2001:db8:85a3::5/64". -- * The addresses are listed in decreasing priority, meaning the first address will -+ * The addresses are listed in increasing priority, meaning the last address will - * be the primary address. This can make a difference with IPv6 source address selection - * (RFC 6724, section 5). - * ---end--- -diff --git a/src/libnmc-setting/settings-docs.h.in b/src/libnmc-setting/settings-docs.h.in -index 1ed2f134196b..18e1ed28fc39 100644 ---- a/src/libnmc-setting/settings-docs.h.in -+++ b/src/libnmc-setting/settings-docs.h.in -@@ -184,7 +184,7 @@ - #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_ROUTES N_("A list of IPv4 destination addresses, prefix length, optional IPv4 next hop addresses, optional route metric, optional attribute. The valid syntax is: \"ip[/prefix] [next-hop] [metric] [attribute=val]...[,ip[/prefix]...]\". For example \"192.0.2.0/24 10.1.1.1 77, 198.51.100.0/24\".") - #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_ROUTING_RULES N_("A comma separated list of routing rules for policy routing.") - #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_ADDR_GEN_MODE N_("Configure method for creating the address for use with RFC4862 IPv6 Stateless Address Autoconfiguration. The permitted values are: NM_SETTING_IP6_CONFIG_ADDR_GEN_MODE_EUI64 (0), NM_SETTING_IP6_CONFIG_ADDR_GEN_MODE_STABLE_PRIVACY (1). NM_SETTING_IP6_CONFIG_ADDR_GEN_MODE_DEFAULT_OR_EUI64 (2) or NM_SETTING_IP6_CONFIG_ADDR_GEN_MODE_DEFAULT (3). If the property is set to EUI64, the addresses will be generated using the interface tokens derived from hardware address. This makes the host part of the address to stay constant, making it possible to track host's presence when it changes networks. The address changes when the interface hardware is replaced. The value of stable-privacy enables use of cryptographically secure hash of a secret host-specific key along with the connection's stable-id and the network address as specified by RFC7217. This makes it impossible to use the address track host's presence, and makes the address stable when the network interface hardware is replaced. The special values \"default\" and \"default-or-eui64\" will fallback to the global connection default in as documented in NetworkManager.conf(5) manual. If the global default is not specified, the fallback value is \"stable-privacy\" or \"eui64\", respectively. For libnm, the property defaults to \"default\" since 1.40. Previously it defaulted to \"stable-privacy\". On D-Bus, the absence of an addr-gen-mode setting equals \"default\". For keyfile plugin, the absence of the setting on disk means \"default-or-eui64\" so that the property doesn't change on upgrade from older versions. Note that this setting is distinct from the Privacy Extensions as configured by \"ip6-privacy\" property and it does not affect the temporary addresses configured with this option.") --#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_ADDRESSES N_("A list of IPv6 addresses and their prefix length. Multiple addresses can be separated by comma. For example \"2001:db8:85a3::8a2e:370:7334/64, 2001:db8:85a3::5/64\". The addresses are listed in decreasing priority, meaning the first address will be the primary address. This can make a difference with IPv6 source address selection (RFC 6724, section 5).") -+#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_ADDRESSES N_("A list of IPv6 addresses and their prefix length. Multiple addresses can be separated by comma. For example \"2001:db8:85a3::8a2e:370:7334/64, 2001:db8:85a3::5/64\". The addresses are listed in increasing priority, meaning the last address will be the primary address. This can make a difference with IPv6 source address selection (RFC 6724, section 5).") - #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DAD_TIMEOUT N_("Timeout in milliseconds used to check for the presence of duplicate IP addresses on the network. If an address conflict is detected, the activation will fail. A zero value means that no duplicate address detection is performed, -1 means the default value (either configuration ipvx.dad-timeout override or zero). A value greater than zero is a timeout in milliseconds. The property is currently implemented only for IPv4.") - #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DHCP_DUID N_("A string containing the DHCPv6 Unique Identifier (DUID) used by the dhcp client to identify itself to DHCPv6 servers (RFC 3315). The DUID is carried in the Client Identifier option. If the property is a hex string ('aa:bb:cc') it is interpreted as a binary DUID and filled as an opaque value in the Client Identifier option. The special value \"lease\" will retrieve the DUID previously used from the lease file belonging to the connection. If no DUID is found and \"dhclient\" is the configured dhcp client, the DUID is searched in the system-wide dhclient lease file. If still no DUID is found, or another dhcp client is used, a global and permanent DUID-UUID (RFC 6355) will be generated based on the machine-id. The special values \"llt\" and \"ll\" will generate a DUID of type LLT or LL (see RFC 3315) based on the current MAC address of the device. In order to try providing a stable DUID-LLT, the time field will contain a constant timestamp that is used globally (for all profiles) and persisted to disk. The special values \"stable-llt\", \"stable-ll\" and \"stable-uuid\" will generate a DUID of the corresponding type, derived from the connection's stable-id and a per-host unique key. You may want to include the \"${DEVICE}\" or \"${MAC}\" specifier in the stable-id, in case this profile gets activated on multiple devices. So, the link-layer address of \"stable-ll\" and \"stable-llt\" will be a generated address derived from the stable id. The DUID-LLT time value in the \"stable-llt\" option will be picked among a static timespan of three years (the upper bound of the interval is the same constant timestamp used in \"llt\"). When the property is unset, the global value provided for \"ipv6.dhcp-duid\" is used. If no global value is provided, the default \"lease\" value is assumed.") - #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DHCP_HOSTNAME N_("If the \"dhcp-send-hostname\" property is TRUE, then the specified name will be sent to the DHCP server when acquiring a lease. This property and \"dhcp-fqdn\" are mutually exclusive and cannot be set at the same time.") -diff --git a/src/nmcli/generate-docs-nm-settings-nmcli.xml.in b/src/nmcli/generate-docs-nm-settings-nmcli.xml.in -index 371081b0e0da..5c036ab60149 100644 ---- a/src/nmcli/generate-docs-nm-settings-nmcli.xml.in -+++ b/src/nmcli/generate-docs-nm-settings-nmcli.xml.in -@@ -718,7 +718,7 @@ - description="DNS servers priority. The relative priority for DNS servers specified by this setting. A lower numerical value is better (higher priority). Negative values have the special effect of excluding other configurations with a greater numerical priority value; so in presence of at least one negative priority, only DNS servers from connections with the lowest priority value will be used. To avoid all DNS leaks, set the priority of the profile that should be used to the most negative value of all active connections profiles. Zero selects a globally configured default value. If the latter is missing or zero too, it defaults to 50 for VPNs (including WireGuard) and 100 for other connections. Note that the priority is to order DNS settings for multiple active connections. It does not disambiguate multiple DNS servers within the same connection profile. When multiple devices have configurations with the same priority, VPNs will be considered first, then devices with the best (lowest metric) default route and then all other devices. When using dns=default, servers with higher priority will be on top of resolv.conf. To prioritize a given server over another one within the same connection, just specify them in the desired order. Note that commonly the resolver tries name servers in /etc/resolv.conf in the order listed, proceeding with the next server in the list on failure. See for example the "rotate" option of the dns-options setting. If there are any negative DNS priorities, then only name servers from the devices with that lowest priority will be considered. When using a DNS resolver that supports Conditional Forwarding or Split DNS (with dns=dnsmasq or dns=systemd-resolved settings), each connection is used to query domains in its search list. The search domains determine which name servers to ask, and the DNS priority is used to prioritize name servers based on the domain. Queries for domains not present in any search list are routed through connections having the '~.' special wildcard domain, which is added automatically to connections with the default route (or can be added manually). When multiple connections specify the same domain, the one with the best priority (lowest numerical value) wins. If a sub domain is configured on another interface it will be accepted regardless the priority, unless parent domain on the other interface has a negative priority, which causes the sub domain to be shadowed. With Split DNS one can avoid undesired DNS leaks by properly configuring DNS priorities and the search domains, so that only name servers of the desired interface are configured." /> - -+ description="A list of IPv6 addresses and their prefix length. Multiple addresses can be separated by comma. For example "2001:db8:85a3::8a2e:370:7334/64, 2001:db8:85a3::5/64". The addresses are listed in increasing priority, meaning the last address will be the primary address. This can make a difference with IPv6 source address selection (RFC 6724, section 5)." /> - --- -2.36.1 - diff --git a/SOURCES/1001-cloud-setup-IMDSv2-rh2151987.patch b/SOURCES/1001-cloud-setup-IMDSv2-rh2151987.patch deleted file mode 100644 index eefa70a..0000000 --- a/SOURCES/1001-cloud-setup-IMDSv2-rh2151987.patch +++ /dev/null @@ -1,1490 +0,0 @@ -From 89a6ce575d52bbaa1b928275c39517a071449da7 Mon Sep 17 00:00:00 2001 -From: Thomas Haller -Date: Mon, 27 Feb 2023 09:14:10 +0100 -Subject: [PATCH 1/7] cloud-setup: use nm_strv_dup_packed() in - nm_http_client_poll_get() - -No need to do a deep clone. The strv array is not ever modified and we -pack it together in one memory allocation. - -(cherry picked from commit 599fe234ea4864396eb70530513b2646aa97f576) -(cherry picked from commit 3787eacac9c1fc9ff9b423f9d9cea9907e209ebb) -(cherry picked from commit 89a6ce575d52bbaa1b928275c39517a071449da7) ---- - src/nm-cloud-setup/nm-http-client.c | 9 +++++++-- - 1 file changed, 7 insertions(+), 2 deletions(-) - -diff --git a/src/nm-cloud-setup/nm-http-client.c b/src/nm-cloud-setup/nm-http-client.c -index a0964e2165..98ede1e403 100644 ---- a/src/nm-cloud-setup/nm-http-client.c -+++ b/src/nm-cloud-setup/nm-http-client.c -@@ -419,7 +419,7 @@ _poll_get_data_free(gpointer data) - g_free(poll_get_data->uri); - - nm_clear_pointer(&poll_get_data->response_data, g_bytes_unref); -- g_strfreev((char **) poll_get_data->http_headers); -+ g_free((gpointer) poll_get_data->http_headers); - - nm_g_slice_free(poll_get_data); - } -@@ -552,9 +552,14 @@ nm_http_client_poll_get(NMHttpClient *self, - .check_fcn = check_fcn, - .check_user_data = check_user_data, - .response_code = -1, -- .http_headers = NM_CAST_STRV_CC(g_strdupv((char **) http_headers)), -+ .http_headers = NULL, - }; - -+ if (http_headers) { -+ poll_get_data->http_headers = -+ nm_strv_dup_packed(http_headers, -1) ?: g_new(const char *, 1); -+ } -+ - nmcs_wait_for_objects_register(poll_get_data->task); - - g_task_set_task_data(poll_get_data->task, poll_get_data, _poll_get_data_free); --- -2.39.2 - - -From 36d417af60a2a09863e00cae869899883265ee8c Mon Sep 17 00:00:00 2001 -From: Lubomir Rintel -Date: Mon, 27 Feb 2023 00:09:13 +0100 -Subject: [PATCH 2/7] cloud_setup: unexport nm_http_client_get() - -It's not used anywhere. - -(cherry picked from commit ce225b2c06089adc402277f2b80afacb9da8cc5f) -(cherry picked from commit 23b9514080c0c578ec5a8e023081837240f41896) -(cherry picked from commit 36d417af60a2a09863e00cae869899883265ee8c) ---- - src/nm-cloud-setup/nm-http-client.c | 4 ++-- - src/nm-cloud-setup/nm-http-client.h | 15 --------------- - 2 files changed, 2 insertions(+), 17 deletions(-) - -diff --git a/src/nm-cloud-setup/nm-http-client.c b/src/nm-cloud-setup/nm-http-client.c -index 98ede1e403..e6cc20fa75 100644 ---- a/src/nm-cloud-setup/nm-http-client.c -+++ b/src/nm-cloud-setup/nm-http-client.c -@@ -256,7 +256,7 @@ _get_cancelled_cb(GObject *object, gpointer user_data) - _ehandle_complete(edata, error); - } - --void -+static void - nm_http_client_get(NMHttpClient *self, - const char *url, - int timeout_msec, -@@ -366,7 +366,7 @@ nm_http_client_get(NMHttpClient *self, - * - * Returns: %TRUE on success or %FALSE with an error code. - */ --gboolean -+static gboolean - nm_http_client_get_finish(NMHttpClient *self, - GAsyncResult *result, - long *out_response_code, -diff --git a/src/nm-cloud-setup/nm-http-client.h b/src/nm-cloud-setup/nm-http-client.h -index 0a7052ae25..6cc08ba97c 100644 ---- a/src/nm-cloud-setup/nm-http-client.h -+++ b/src/nm-cloud-setup/nm-http-client.h -@@ -27,21 +27,6 @@ GMainContext *nm_http_client_get_main_context(NMHttpClient *self); - - /*****************************************************************************/ - --void nm_http_client_get(NMHttpClient *self, -- const char *uri, -- int timeout_msec, -- gssize max_data, -- const char *const *http_headers, -- GCancellable *cancellable, -- GAsyncReadyCallback callback, -- gpointer user_data); -- --gboolean nm_http_client_get_finish(NMHttpClient *self, -- GAsyncResult *result, -- long *out_response_code, -- GBytes **out_response_data, -- GError **error); -- - typedef gboolean (*NMHttpClientPollGetCheckFcn)(long response_code, - GBytes *response_data, - gpointer check_user_data, --- -2.39.2 - - -From 20cd11ee4974bb1690d523d5700492ad9c618688 Mon Sep 17 00:00:00 2001 -From: Lubomir Rintel -Date: Mon, 27 Feb 2023 00:09:40 +0100 -Subject: [PATCH 3/7] cloud-setup: rename get/Get identifiers to req and Req - -We're going to extend those to issue methods other than GET. -Also, "request" would've been too long, "req" looks nicer. - -(cherry picked from commit 85ce088616aae3d61c9bc51eb395d1f59ed9a503) -(cherry picked from commit 6e8cfbae32e22ba75693146039b53b516a4147e1) -(cherry picked from commit 20cd11ee4974bb1690d523d5700492ad9c618688) ---- - src/nm-cloud-setup/nm-http-client.c | 142 +++++++++++----------- - src/nm-cloud-setup/nm-http-client.h | 8 +- - src/nm-cloud-setup/nmcs-provider-aliyun.c | 20 +-- - src/nm-cloud-setup/nmcs-provider-azure.c | 24 ++-- - src/nm-cloud-setup/nmcs-provider-ec2.c | 14 +-- - src/nm-cloud-setup/nmcs-provider-gcp.c | 20 +-- - 6 files changed, 114 insertions(+), 114 deletions(-) - -diff --git a/src/nm-cloud-setup/nm-http-client.c b/src/nm-cloud-setup/nm-http-client.c -index e6cc20fa75..ed7914df8f 100644 ---- a/src/nm-cloud-setup/nm-http-client.c -+++ b/src/nm-cloud-setup/nm-http-client.c -@@ -104,12 +104,12 @@ typedef struct { - } GetResult; - - static void --_get_result_free(gpointer data) -+_req_result_free(gpointer data) - { -- GetResult *get_result = data; -+ GetResult *req_result = data; - -- g_bytes_unref(get_result->response_data); -- nm_g_slice_free(get_result); -+ g_bytes_unref(req_result->response_data); -+ nm_g_slice_free(req_result); - } - - typedef struct { -@@ -154,7 +154,7 @@ _ehandle_free(EHandleData *edata) - static void - _ehandle_complete(EHandleData *edata, GError *error_take) - { -- GetResult *get_result; -+ GetResult *req_result; - gs_free char *str_tmp_1 = NULL; - long response_code = -1; - -@@ -200,15 +200,15 @@ _ehandle_complete(EHandleData *edata, GError *error_take) - - _ehandle_free_ehandle(edata); - -- get_result = g_slice_new(GetResult); -- *get_result = (GetResult){ -+ req_result = g_slice_new(GetResult); -+ *req_result = (GetResult){ - .response_code = response_code, - /* This ensures that response_data is always NUL terminated. This is an important guarantee - * that NMHttpClient makes. */ - .response_data = nm_str_buf_finalize_to_gbytes(&edata->recv_data), - }; - -- g_task_return_pointer(edata->task, get_result, _get_result_free); -+ g_task_return_pointer(edata->task, req_result, _req_result_free); - - _ehandle_free(edata); - } -@@ -257,7 +257,7 @@ _get_cancelled_cb(GObject *object, gpointer user_data) - } - - static void --nm_http_client_get(NMHttpClient *self, -+nm_http_client_req(NMHttpClient *self, - const char *url, - int timeout_msec, - gssize max_data, -@@ -280,7 +280,7 @@ nm_http_client_get(NMHttpClient *self, - - edata = g_slice_new(EHandleData); - *edata = (EHandleData){ -- .task = nm_g_task_new(self, cancellable, nm_http_client_get, callback, user_data), -+ .task = nm_g_task_new(self, cancellable, nm_http_client_req, callback, user_data), - .recv_data = NM_STR_BUF_INIT(0, FALSE), - .max_data = max_data, - .url = g_strdup(url), -@@ -352,7 +352,7 @@ nm_http_client_get(NMHttpClient *self, - } - - /** -- * nm_http_client_get_finish: -+ * nm_http_client_req_finish: - * @self: the #NMHttpClient instance - * @result: the #GAsyncResult which to complete. - * @out_response_code: (allow-none) (out): the HTTP response code or -1 on other error. -@@ -367,33 +367,33 @@ nm_http_client_get(NMHttpClient *self, - * Returns: %TRUE on success or %FALSE with an error code. - */ - static gboolean --nm_http_client_get_finish(NMHttpClient *self, -+nm_http_client_req_finish(NMHttpClient *self, - GAsyncResult *result, - long *out_response_code, - GBytes **out_response_data, - GError **error) - { -- GetResult *get_result; -+ GetResult *req_result; - - g_return_val_if_fail(NM_IS_HTTP_CLIENT(self), FALSE); -- g_return_val_if_fail(nm_g_task_is_valid(result, self, nm_http_client_get), FALSE); -+ g_return_val_if_fail(nm_g_task_is_valid(result, self, nm_http_client_req), FALSE); - -- get_result = g_task_propagate_pointer(G_TASK(result), error); -+ req_result = g_task_propagate_pointer(G_TASK(result), error); - -- nm_assert(!error || (!!get_result) == (!*error)); -+ nm_assert(!error || (!!req_result) == (!*error)); - -- if (!get_result) { -+ if (!req_result) { - NM_SET_OUT(out_response_code, -1); - NM_SET_OUT(out_response_data, NULL); - return FALSE; - } - -- NM_SET_OUT(out_response_code, get_result->response_code); -+ NM_SET_OUT(out_response_code, req_result->response_code); - - /* response_data is binary, but is also guaranteed to be NUL terminated! */ -- NM_SET_OUT(out_response_data, g_steal_pointer(&get_result->response_data)); -+ NM_SET_OUT(out_response_data, g_steal_pointer(&req_result->response_data)); - -- _get_result_free(get_result); -+ _req_result_free(req_result); - return TRUE; - } - -@@ -403,63 +403,63 @@ typedef struct { - GTask *task; - char *uri; - const char *const *http_headers; -- NMHttpClientPollGetCheckFcn check_fcn; -+ NMHttpClientPollReqCheckFcn check_fcn; - gpointer check_user_data; - GBytes *response_data; - gsize request_max_data; - long response_code; - int request_timeout_ms; --} PollGetData; -+} PollReqData; - - static void --_poll_get_data_free(gpointer data) -+_poll_req_data_free(gpointer data) - { -- PollGetData *poll_get_data = data; -+ PollReqData *poll_req_data = data; - -- g_free(poll_get_data->uri); -+ g_free(poll_req_data->uri); - -- nm_clear_pointer(&poll_get_data->response_data, g_bytes_unref); -- g_free((gpointer) poll_get_data->http_headers); -+ nm_clear_pointer(&poll_req_data->response_data, g_bytes_unref); -+ g_free((gpointer) poll_req_data->http_headers); - -- nm_g_slice_free(poll_get_data); -+ nm_g_slice_free(poll_req_data); - } - - static void --_poll_get_probe_start_fcn(GCancellable *cancellable, -+_poll_req_probe_start_fcn(GCancellable *cancellable, - gpointer probe_user_data, - GAsyncReadyCallback callback, - gpointer user_data) - { -- PollGetData *poll_get_data = probe_user_data; -+ PollReqData *poll_req_data = probe_user_data; - -- /* balanced by _poll_get_probe_finish_fcn() */ -- g_object_ref(poll_get_data->task); -+ /* balanced by _poll_req_probe_finish_fcn() */ -+ g_object_ref(poll_req_data->task); - -- nm_http_client_get(g_task_get_source_object(poll_get_data->task), -- poll_get_data->uri, -- poll_get_data->request_timeout_ms, -- poll_get_data->request_max_data, -- poll_get_data->http_headers, -+ nm_http_client_req(g_task_get_source_object(poll_req_data->task), -+ poll_req_data->uri, -+ poll_req_data->request_timeout_ms, -+ poll_req_data->request_max_data, -+ poll_req_data->http_headers, - cancellable, - callback, - user_data); - } - - static gboolean --_poll_get_probe_finish_fcn(GObject *source, -+_poll_req_probe_finish_fcn(GObject *source, - GAsyncResult *result, - gpointer probe_user_data, - GError **error) - { -- PollGetData *poll_get_data = probe_user_data; -+ PollReqData *poll_req_data = probe_user_data; - _nm_unused gs_unref_object GTask *task = -- poll_get_data->task; /* balance ref from _poll_get_probe_start_fcn() */ -+ poll_req_data->task; /* balance ref from _poll_req_probe_start_fcn() */ - gboolean success; - gs_free_error GError *local_error = NULL; - gs_unref_bytes GBytes *response_data = NULL; - long response_code = -1; - -- success = nm_http_client_get_finish(g_task_get_source_object(poll_get_data->task), -+ success = nm_http_client_req_finish(g_task_get_source_object(poll_req_data->task), - result, - &response_code, - &response_data, -@@ -476,10 +476,10 @@ _poll_get_probe_finish_fcn(GObject *source, - return FALSE; - } - -- if (poll_get_data->check_fcn) { -- success = poll_get_data->check_fcn(response_code, -+ if (poll_req_data->check_fcn) { -+ success = poll_req_data->check_fcn(response_code, - response_data, -- poll_get_data->check_user_data, -+ poll_req_data->check_user_data, - &local_error); - } else - success = (response_code == 200); -@@ -494,15 +494,15 @@ _poll_get_probe_finish_fcn(GObject *source, - return FALSE; - } - -- poll_get_data->response_code = response_code; -- poll_get_data->response_data = g_steal_pointer(&response_data); -+ poll_req_data->response_code = response_code; -+ poll_req_data->response_data = g_steal_pointer(&response_data); - return TRUE; - } - - static void --_poll_get_done_cb(GObject *source, GAsyncResult *result, gpointer user_data) -+_poll_req_done_cb(GObject *source, GAsyncResult *result, gpointer user_data) - { -- PollGetData *poll_get_data = user_data; -+ PollReqData *poll_req_data = user_data; - gs_free_error GError *error = NULL; - gboolean success; - -@@ -511,15 +511,15 @@ _poll_get_done_cb(GObject *source, GAsyncResult *result, gpointer user_data) - nm_assert((!!success) == (!error)); - - if (error) -- g_task_return_error(poll_get_data->task, g_steal_pointer(&error)); -+ g_task_return_error(poll_req_data->task, g_steal_pointer(&error)); - else -- g_task_return_boolean(poll_get_data->task, TRUE); -+ g_task_return_boolean(poll_req_data->task, TRUE); - -- g_object_unref(poll_get_data->task); -+ g_object_unref(poll_req_data->task); - } - - void --nm_http_client_poll_get(NMHttpClient *self, -+nm_http_client_poll_req(NMHttpClient *self, - const char *uri, - int request_timeout_ms, - gssize request_max_data, -@@ -527,13 +527,13 @@ nm_http_client_poll_get(NMHttpClient *self, - int ratelimit_timeout_ms, - const char *const *http_headers, - GCancellable *cancellable, -- NMHttpClientPollGetCheckFcn check_fcn, -+ NMHttpClientPollReqCheckFcn check_fcn, - gpointer check_user_data, - GAsyncReadyCallback callback, - gpointer user_data) - { - nm_auto_pop_gmaincontext GMainContext *context = NULL; -- PollGetData *poll_get_data; -+ PollReqData *poll_req_data; - - g_return_if_fail(NM_IS_HTTP_CLIENT(self)); - g_return_if_fail(uri && uri[0]); -@@ -543,9 +543,9 @@ nm_http_client_poll_get(NMHttpClient *self, - g_return_if_fail(ratelimit_timeout_ms >= -1); - g_return_if_fail(!cancellable || G_CANCELLABLE(cancellable)); - -- poll_get_data = g_slice_new(PollGetData); -- *poll_get_data = (PollGetData){ -- .task = nm_g_task_new(self, cancellable, nm_http_client_poll_get, callback, user_data), -+ poll_req_data = g_slice_new(PollReqData); -+ *poll_req_data = (PollReqData){ -+ .task = nm_g_task_new(self, cancellable, nm_http_client_poll_req, callback, user_data), - .uri = g_strdup(uri), - .request_timeout_ms = request_timeout_ms, - .request_max_data = request_max_data, -@@ -556,13 +556,13 @@ nm_http_client_poll_get(NMHttpClient *self, - }; - - if (http_headers) { -- poll_get_data->http_headers = -+ poll_req_data->http_headers = - nm_strv_dup_packed(http_headers, -1) ?: g_new(const char *, 1); - } - -- nmcs_wait_for_objects_register(poll_get_data->task); -+ nmcs_wait_for_objects_register(poll_req_data->task); - -- g_task_set_task_data(poll_get_data->task, poll_get_data, _poll_get_data_free); -+ g_task_set_task_data(poll_req_data->task, poll_req_data, _poll_req_data_free); - - context = - nm_g_main_context_push_thread_default_if_necessary(nm_http_client_get_main_context(self)); -@@ -570,28 +570,28 @@ nm_http_client_poll_get(NMHttpClient *self, - nmcs_utils_poll(poll_timeout_ms, - ratelimit_timeout_ms, - 0, -- _poll_get_probe_start_fcn, -- _poll_get_probe_finish_fcn, -- poll_get_data, -+ _poll_req_probe_start_fcn, -+ _poll_req_probe_finish_fcn, -+ poll_req_data, - cancellable, -- _poll_get_done_cb, -- poll_get_data); -+ _poll_req_done_cb, -+ poll_req_data); - } - - gboolean --nm_http_client_poll_get_finish(NMHttpClient *self, -+nm_http_client_poll_req_finish(NMHttpClient *self, - GAsyncResult *result, - long *out_response_code, - GBytes **out_response_data, - GError **error) - { -- PollGetData *poll_get_data; -+ PollReqData *poll_req_data; - GTask *task; - gboolean success; - gs_free_error GError *local_error = NULL; - - g_return_val_if_fail(NM_HTTP_CLIENT(self), FALSE); -- g_return_val_if_fail(nm_g_task_is_valid(result, self, nm_http_client_poll_get), FALSE); -+ g_return_val_if_fail(nm_g_task_is_valid(result, self, nm_http_client_poll_req), FALSE); - - task = G_TASK(result); - -@@ -606,10 +606,10 @@ nm_http_client_poll_get_finish(NMHttpClient *self, - return FALSE; - } - -- poll_get_data = g_task_get_task_data(task); -+ poll_req_data = g_task_get_task_data(task); - -- NM_SET_OUT(out_response_code, poll_get_data->response_code); -- NM_SET_OUT(out_response_data, g_steal_pointer(&poll_get_data->response_data)); -+ NM_SET_OUT(out_response_code, poll_req_data->response_code); -+ NM_SET_OUT(out_response_data, g_steal_pointer(&poll_req_data->response_data)); - return TRUE; - } - -diff --git a/src/nm-cloud-setup/nm-http-client.h b/src/nm-cloud-setup/nm-http-client.h -index 6cc08ba97c..c8d3ffb458 100644 ---- a/src/nm-cloud-setup/nm-http-client.h -+++ b/src/nm-cloud-setup/nm-http-client.h -@@ -27,12 +27,12 @@ GMainContext *nm_http_client_get_main_context(NMHttpClient *self); - - /*****************************************************************************/ - --typedef gboolean (*NMHttpClientPollGetCheckFcn)(long response_code, -+typedef gboolean (*NMHttpClientPollReqCheckFcn)(long response_code, - GBytes *response_data, - gpointer check_user_data, - GError **error); - --void nm_http_client_poll_get(NMHttpClient *self, -+void nm_http_client_poll_req(NMHttpClient *self, - const char *uri, - int request_timeout_ms, - gssize request_max_data, -@@ -40,12 +40,12 @@ void nm_http_client_poll_get(NMHttpClient *self, - int ratelimit_timeout_ms, - const char *const *http_headers, - GCancellable *cancellable, -- NMHttpClientPollGetCheckFcn check_fcn, -+ NMHttpClientPollReqCheckFcn check_fcn, - gpointer check_user_data, - GAsyncReadyCallback callback, - gpointer user_data); - --gboolean nm_http_client_poll_get_finish(NMHttpClient *self, -+gboolean nm_http_client_poll_req_finish(NMHttpClient *self, - GAsyncResult *result, - long *out_response_code, - GBytes **out_response_data, -diff --git a/src/nm-cloud-setup/nmcs-provider-aliyun.c b/src/nm-cloud-setup/nmcs-provider-aliyun.c -index 34ab5ecc87..93f26e7505 100644 ---- a/src/nm-cloud-setup/nmcs-provider-aliyun.c -+++ b/src/nm-cloud-setup/nmcs-provider-aliyun.c -@@ -77,7 +77,7 @@ _detect_get_meta_data_done_cb(GObject *source, GAsyncResult *result, gpointer us - gs_free_error GError *get_error = NULL; - gs_free_error GError *error = NULL; - -- nm_http_client_poll_get_finish(NM_HTTP_CLIENT(source), result, NULL, NULL, &get_error); -+ nm_http_client_poll_req_finish(NM_HTTP_CLIENT(source), result, NULL, NULL, &get_error); - - if (nm_utils_error_is_cancelled(get_error)) { - g_task_return_error(task, g_steal_pointer(&get_error)); -@@ -104,7 +104,7 @@ detect(NMCSProvider *provider, GTask *task) - - http_client = nmcs_provider_get_http_client(provider); - -- nm_http_client_poll_get(http_client, -+ nm_http_client_poll_req(http_client, - (uri = _aliyun_uri_concat(NM_ALIYUN_API_VERSION "/meta-data/")), - HTTP_TIMEOUT_MS, - 256 * 1024, -@@ -144,7 +144,7 @@ _get_config_fetch_done_cb(NMHttpClient *http_client, - gsize i; - gsize len; - -- nm_http_client_poll_get_finish(http_client, result, NULL, &response, &error); -+ nm_http_client_poll_req_finish(http_client, result, NULL, &response, &error); - - if (nm_utils_error_is_cancelled(error)) - return; -@@ -308,7 +308,7 @@ _get_config_metadata_ready_cb(GObject *source, GAsyncResult *result, gpointer us - GHashTableIter h_iter; - NMHttpClient *http_client; - -- nm_http_client_poll_get_finish(NM_HTTP_CLIENT(source), result, NULL, NULL, &error); -+ nm_http_client_poll_req_finish(NM_HTTP_CLIENT(source), result, NULL, NULL, &error); - - if (nm_utils_error_is_cancelled(error)) - return; -@@ -362,7 +362,7 @@ _get_config_metadata_ready_cb(GObject *source, GAsyncResult *result, gpointer us - v_mac_data->path); - - get_config_data->n_pending++; -- nm_http_client_poll_get( -+ nm_http_client_poll_req( - http_client, - (uri1 = _aliyun_uri_interfaces(v_mac_data->path, - NM_STR_HAS_SUFFIX(v_mac_data->path, "/") ? "" : "/", -@@ -379,7 +379,7 @@ _get_config_metadata_ready_cb(GObject *source, GAsyncResult *result, gpointer us - config_iface_data); - - get_config_data->n_pending++; -- nm_http_client_poll_get( -+ nm_http_client_poll_req( - http_client, - (uri2 = _aliyun_uri_interfaces(v_mac_data->path, - NM_STR_HAS_SUFFIX(v_mac_data->path, "/") ? "" : "/", -@@ -396,7 +396,7 @@ _get_config_metadata_ready_cb(GObject *source, GAsyncResult *result, gpointer us - config_iface_data); - - get_config_data->n_pending++; -- nm_http_client_poll_get( -+ nm_http_client_poll_req( - http_client, - (uri3 = _aliyun_uri_interfaces(v_mac_data->path, - NM_STR_HAS_SUFFIX(v_mac_data->path, "/") ? "" : "/", -@@ -413,7 +413,7 @@ _get_config_metadata_ready_cb(GObject *source, GAsyncResult *result, gpointer us - config_iface_data); - - get_config_data->n_pending++; -- nm_http_client_poll_get( -+ nm_http_client_poll_req( - http_client, - (uri4 = _aliyun_uri_interfaces(v_mac_data->path, - NM_STR_HAS_SUFFIX(v_mac_data->path, "/") ? "" : "/", -@@ -430,7 +430,7 @@ _get_config_metadata_ready_cb(GObject *source, GAsyncResult *result, gpointer us - config_iface_data); - - get_config_data->n_pending++; -- nm_http_client_poll_get( -+ nm_http_client_poll_req( - http_client, - (uri5 = _aliyun_uri_interfaces(v_mac_data->path, - NM_STR_HAS_SUFFIX(v_mac_data->path, "/") ? "" : "/", -@@ -530,7 +530,7 @@ get_config(NMCSProvider *provider, NMCSProviderGetConfigTaskData *get_config_dat - * MAC addresses, then we poll until we see them. They might not yet be - * around from the start... - */ -- nm_http_client_poll_get(nmcs_provider_get_http_client(provider), -+ nm_http_client_poll_req(nmcs_provider_get_http_client(provider), - (uri = _aliyun_uri_interfaces()), - HTTP_TIMEOUT_MS, - 256 * 1024, -diff --git a/src/nm-cloud-setup/nmcs-provider-azure.c b/src/nm-cloud-setup/nmcs-provider-azure.c -index 9b27af288a..b1f48f5c18 100644 ---- a/src/nm-cloud-setup/nmcs-provider-azure.c -+++ b/src/nm-cloud-setup/nmcs-provider-azure.c -@@ -42,7 +42,7 @@ _detect_get_meta_data_done_cb(GObject *source, GAsyncResult *result, gpointer us - gs_free_error GError *get_error = NULL; - gs_free_error GError *error = NULL; - -- nm_http_client_poll_get_finish(NM_HTTP_CLIENT(source), result, NULL, NULL, &get_error); -+ nm_http_client_poll_req_finish(NM_HTTP_CLIENT(source), result, NULL, NULL, &get_error); - - if (nm_utils_error_is_cancelled(get_error)) { - g_task_return_error(task, g_steal_pointer(&get_error)); -@@ -69,7 +69,7 @@ detect(NMCSProvider *provider, GTask *task) - - http_client = nmcs_provider_get_http_client(provider); - -- nm_http_client_poll_get(http_client, -+ nm_http_client_poll_req(http_client, - (uri = _azure_uri_concat("/metadata/instance")), - HTTP_TIMEOUT_MS, - 256 * 1024, -@@ -121,7 +121,7 @@ _get_config_fetch_done_cb(NMHttpClient *http_client, - in_addr_t tmp_addr; - int tmp_prefix = -1; - -- nm_http_client_poll_get_finish(http_client, result, NULL, &response, &error); -+ nm_http_client_poll_req_finish(http_client, result, NULL, &response, &error); - - if (nm_utils_error_is_cancelled(error)) - return; -@@ -241,7 +241,7 @@ _get_config_ips_prefix_list_cb(GObject *source, GAsyncResult *result, gpointer u - gsize line_len; - char iface_idx_str[30]; - -- nm_http_client_poll_get_finish(NM_HTTP_CLIENT(source), result, NULL, &response, &error); -+ nm_http_client_poll_req_finish(NM_HTTP_CLIENT(source), result, NULL, &response, &error); - - if (nm_utils_error_is_cancelled(error)) - return; -@@ -283,7 +283,7 @@ _get_config_ips_prefix_list_cb(GObject *source, GAsyncResult *result, gpointer u - - iface_data->n_iface_data_pending++; - -- nm_http_client_poll_get( -+ nm_http_client_poll_req( - NM_HTTP_CLIENT(source), - (uri = _azure_uri_interfaces(iface_idx_str, - "/ipv4/ipAddress/", -@@ -308,7 +308,7 @@ _get_config_ips_prefix_list_cb(GObject *source, GAsyncResult *result, gpointer u - gs_free char *uri = NULL; - - iface_data->n_iface_data_pending++; -- nm_http_client_poll_get( -+ nm_http_client_poll_req( - NM_HTTP_CLIENT(source), - (uri = _azure_uri_interfaces(iface_idx_str, "/ipv4/subnet/0/address/")), - HTTP_TIMEOUT_MS, -@@ -325,7 +325,7 @@ _get_config_ips_prefix_list_cb(GObject *source, GAsyncResult *result, gpointer u - nm_clear_g_free(&uri); - - iface_data->n_iface_data_pending++; -- nm_http_client_poll_get( -+ nm_http_client_poll_req( - NM_HTTP_CLIENT(source), - (uri = _azure_uri_interfaces(iface_idx_str, "/ipv4/subnet/0/prefix/")), - HTTP_TIMEOUT_MS, -@@ -357,7 +357,7 @@ _get_config_iface_cb(GObject *source, GAsyncResult *result, gpointer user_data) - gs_free const char *uri = NULL; - char buf[100]; - -- nm_http_client_poll_get_finish(NM_HTTP_CLIENT(source), result, NULL, &response, &error); -+ nm_http_client_poll_req_finish(NM_HTTP_CLIENT(source), result, NULL, &response, &error); - - if (nm_utils_error_is_cancelled(error)) - return; -@@ -408,7 +408,7 @@ _get_config_iface_cb(GObject *source, GAsyncResult *result, gpointer user_data) - - nm_sprintf_buf(buf, "%" G_GSSIZE_FORMAT "/ipv4/ipAddress/", iface_data->intern_iface_idx); - -- nm_http_client_poll_get(NM_HTTP_CLIENT(source), -+ nm_http_client_poll_req(NM_HTTP_CLIENT(source), - (uri = _azure_uri_interfaces(buf)), - HTTP_TIMEOUT_MS, - 512 * 1024, -@@ -441,7 +441,7 @@ _get_net_ifaces_list_cb(GObject *source, GAsyncResult *result, gpointer user_dat - guint i; - gssize extern_iface_idx_cnt = 0; - -- nm_http_client_poll_get_finish(NM_HTTP_CLIENT(source), result, NULL, &response, &error); -+ nm_http_client_poll_req_finish(NM_HTTP_CLIENT(source), result, NULL, &response, &error); - - if (nm_utils_error_is_cancelled(error)) - return; -@@ -508,7 +508,7 @@ _get_net_ifaces_list_cb(GObject *source, GAsyncResult *result, gpointer user_dat - nm_sprintf_buf(buf, "%" G_GSSIZE_FORMAT "/macAddress", iface_data->intern_iface_idx); - - get_config_data->n_pending++; -- nm_http_client_poll_get(NM_HTTP_CLIENT(source), -+ nm_http_client_poll_req(NM_HTTP_CLIENT(source), - (uri = _azure_uri_interfaces(buf)), - HTTP_TIMEOUT_MS, - 512 * 1024, -@@ -531,7 +531,7 @@ get_config(NMCSProvider *provider, NMCSProviderGetConfigTaskData *get_config_dat - { - gs_free const char *uri = NULL; - -- nm_http_client_poll_get(nmcs_provider_get_http_client(provider), -+ nm_http_client_poll_req(nmcs_provider_get_http_client(provider), - (uri = _azure_uri_interfaces()), - HTTP_TIMEOUT_MS, - 256 * 1024, -diff --git a/src/nm-cloud-setup/nmcs-provider-ec2.c b/src/nm-cloud-setup/nmcs-provider-ec2.c -index d6fa03118d..35f7176c4d 100644 ---- a/src/nm-cloud-setup/nmcs-provider-ec2.c -+++ b/src/nm-cloud-setup/nmcs-provider-ec2.c -@@ -72,7 +72,7 @@ _detect_get_meta_data_done_cb(GObject *source, GAsyncResult *result, gpointer us - gs_free_error GError *get_error = NULL; - gs_free_error GError *error = NULL; - -- nm_http_client_poll_get_finish(NM_HTTP_CLIENT(source), result, NULL, NULL, &get_error); -+ nm_http_client_poll_req_finish(NM_HTTP_CLIENT(source), result, NULL, NULL, &get_error); - - if (nm_utils_error_is_cancelled(get_error)) { - g_task_return_error(task, g_steal_pointer(&get_error)); -@@ -99,7 +99,7 @@ detect(NMCSProvider *provider, GTask *task) - - http_client = nmcs_provider_get_http_client(provider); - -- nm_http_client_poll_get(http_client, -+ nm_http_client_poll_req(http_client, - (uri = _ec2_uri_concat("latest/meta-data/")), - HTTP_TIMEOUT_MS, - 256 * 1024, -@@ -126,7 +126,7 @@ _get_config_fetch_done_cb(NMHttpClient *http_client, - in_addr_t tmp_addr; - int tmp_prefix; - -- nm_http_client_poll_get_finish(http_client, result, NULL, &response, &error); -+ nm_http_client_poll_req_finish(http_client, result, NULL, &response, &error); - - if (nm_utils_error_is_cancelled(error)) - return; -@@ -204,7 +204,7 @@ _get_config_metadata_ready_cb(GObject *source, GAsyncResult *result, gpointer us - GHashTableIter h_iter; - NMHttpClient *http_client; - -- nm_http_client_poll_get_finish(NM_HTTP_CLIENT(source), result, NULL, NULL, &error); -+ nm_http_client_poll_req_finish(NM_HTTP_CLIENT(source), result, NULL, NULL, &error); - - if (nm_utils_error_is_cancelled(error)) - return; -@@ -254,7 +254,7 @@ _get_config_metadata_ready_cb(GObject *source, GAsyncResult *result, gpointer us - v_mac_data->path); - - get_config_data->n_pending++; -- nm_http_client_poll_get( -+ nm_http_client_poll_req( - http_client, - (uri1 = _ec2_uri_interfaces(v_mac_data->path, - NM_STR_HAS_SUFFIX(v_mac_data->path, "/") ? "" : "/", -@@ -271,7 +271,7 @@ _get_config_metadata_ready_cb(GObject *source, GAsyncResult *result, gpointer us - config_iface_data); - - get_config_data->n_pending++; -- nm_http_client_poll_get( -+ nm_http_client_poll_req( - http_client, - (uri2 = _ec2_uri_interfaces(v_mac_data->path, - NM_STR_HAS_SUFFIX(v_mac_data->path, "/") ? "" : "/", -@@ -371,7 +371,7 @@ get_config(NMCSProvider *provider, NMCSProviderGetConfigTaskData *get_config_dat - * MAC addresses, then we poll until we see them. They might not yet be - * around from the start... - */ -- nm_http_client_poll_get(nmcs_provider_get_http_client(provider), -+ nm_http_client_poll_req(nmcs_provider_get_http_client(provider), - (uri = _ec2_uri_interfaces()), - HTTP_TIMEOUT_MS, - 256 * 1024, -diff --git a/src/nm-cloud-setup/nmcs-provider-gcp.c b/src/nm-cloud-setup/nmcs-provider-gcp.c -index a325f31a17..571c0fb826 100644 ---- a/src/nm-cloud-setup/nmcs-provider-gcp.c -+++ b/src/nm-cloud-setup/nmcs-provider-gcp.c -@@ -45,7 +45,7 @@ _detect_get_meta_data_done_cb(GObject *source, GAsyncResult *result, gpointer us - gs_free_error GError *get_error = NULL; - gs_free_error GError *error = NULL; - -- nm_http_client_poll_get_finish(NM_HTTP_CLIENT(source), result, NULL, NULL, &get_error); -+ nm_http_client_poll_req_finish(NM_HTTP_CLIENT(source), result, NULL, NULL, &get_error); - - if (nm_utils_error_is_cancelled(get_error)) { - g_task_return_error(task, g_steal_pointer(&get_error)); -@@ -72,7 +72,7 @@ detect(NMCSProvider *provider, GTask *task) - - http_client = nmcs_provider_get_http_client(provider); - -- nm_http_client_poll_get(http_client, -+ nm_http_client_poll_req(http_client, - (uri = _gcp_uri_concat("id")), - HTTP_TIMEOUT_MS, - 256 * 1024, -@@ -114,7 +114,7 @@ _get_config_fip_cb(GObject *source, GAsyncResult *result, gpointer user_data) - NMIPRoute **routes_arr; - NMIPRoute *route_new; - -- nm_http_client_poll_get_finish(NM_HTTP_CLIENT(source), result, NULL, &response, &error); -+ nm_http_client_poll_req_finish(NM_HTTP_CLIENT(source), result, NULL, &response, &error); - - if (nm_utils_error_is_cancelled(error)) - return; -@@ -171,7 +171,7 @@ _get_config_ips_list_cb(GObject *source, GAsyncResult *result, gpointer user_dat - gsize line_len; - guint i; - -- nm_http_client_poll_get_finish(NM_HTTP_CLIENT(source), result, NULL, &response, &error); -+ nm_http_client_poll_req_finish(NM_HTTP_CLIENT(source), result, NULL, &response, &error); - - if (nm_utils_error_is_cancelled(error)) - return; -@@ -220,7 +220,7 @@ _get_config_ips_list_cb(GObject *source, GAsyncResult *result, gpointer user_dat - const char *str = uri_arr->pdata[i]; - gs_free const char *uri = NULL; - -- nm_http_client_poll_get(NM_HTTP_CLIENT(source), -+ nm_http_client_poll_req(NM_HTTP_CLIENT(source), - (uri = _gcp_uri_interfaces(str)), - HTTP_TIMEOUT_MS, - HTTP_REQ_MAX_DATA, -@@ -252,7 +252,7 @@ _get_config_iface_cb(GObject *source, GAsyncResult *result, gpointer user_data) - NMCSProviderGetConfigTaskData *get_config_data; - gboolean is_requested; - -- nm_http_client_poll_get_finish(NM_HTTP_CLIENT(source), result, NULL, &response, &error); -+ nm_http_client_poll_req_finish(NM_HTTP_CLIENT(source), result, NULL, &response, &error); - - if (nm_utils_error_is_cancelled(error)) - return; -@@ -306,7 +306,7 @@ _get_config_iface_cb(GObject *source, GAsyncResult *result, gpointer user_data) - - nm_sprintf_buf(sbuf, "%" G_GSSIZE_FORMAT "/forwarded-ips/", iface_data->intern_iface_idx); - -- nm_http_client_poll_get(NM_HTTP_CLIENT(source), -+ nm_http_client_poll_req(NM_HTTP_CLIENT(source), - (uri = _gcp_uri_interfaces(sbuf)), - HTTP_TIMEOUT_MS, - HTTP_REQ_MAX_DATA, -@@ -339,7 +339,7 @@ _get_net_ifaces_list_cb(GObject *source, GAsyncResult *result, gpointer user_dat - guint i; - gssize extern_iface_idx_cnt = 0; - -- nm_http_client_poll_get_finish(NM_HTTP_CLIENT(source), result, NULL, &response, &error); -+ nm_http_client_poll_req_finish(NM_HTTP_CLIENT(source), result, NULL, &response, &error); - - if (nm_utils_error_is_cancelled(error)) - return; -@@ -405,7 +405,7 @@ _get_net_ifaces_list_cb(GObject *source, GAsyncResult *result, gpointer user_dat - nm_sprintf_buf(sbuf, "%" G_GSSIZE_FORMAT "/mac", data->intern_iface_idx); - - get_config_data->n_pending++; -- nm_http_client_poll_get(NM_HTTP_CLIENT(source), -+ nm_http_client_poll_req(NM_HTTP_CLIENT(source), - (uri = _gcp_uri_interfaces(sbuf)), - HTTP_TIMEOUT_MS, - HTTP_REQ_MAX_DATA, -@@ -428,7 +428,7 @@ get_config(NMCSProvider *provider, NMCSProviderGetConfigTaskData *get_config_dat - { - gs_free const char *uri = NULL; - -- nm_http_client_poll_get(nmcs_provider_get_http_client(provider), -+ nm_http_client_poll_req(nmcs_provider_get_http_client(provider), - (uri = _gcp_uri_interfaces()), - HTTP_TIMEOUT_MS, - HTTP_REQ_MAX_DATA, --- -2.39.2 - - -From aaf66e9174eb04d2df1f45530ebdca16e77a6ec5 Mon Sep 17 00:00:00 2001 -From: Lubomir Rintel -Date: Mon, 27 Feb 2023 00:13:31 +0100 -Subject: [PATCH 4/7] cloud-setup: make nm_http_client_req() accept a method - argument - -We'll need to be able to issue PUT calls. - -(cherry picked from commit cd74d75002783a79d1a4fca24b2fbe99ced933a8) -(cherry picked from commit eff4372045290ad380bddf03e5075ab671a7cff6) -(cherry picked from commit aaf66e9174eb04d2df1f45530ebdca16e77a6ec5) ---- - src/nm-cloud-setup/nm-http-client.c | 7 +++++++ - src/nm-cloud-setup/nm-http-client.h | 1 + - src/nm-cloud-setup/nmcs-provider-aliyun.c | 7 +++++++ - src/nm-cloud-setup/nmcs-provider-azure.c | 7 +++++++ - src/nm-cloud-setup/nmcs-provider-ec2.c | 4 ++++ - src/nm-cloud-setup/nmcs-provider-gcp.c | 5 +++++ - 6 files changed, 31 insertions(+) - -diff --git a/src/nm-cloud-setup/nm-http-client.c b/src/nm-cloud-setup/nm-http-client.c -index ed7914df8f..b3db93e058 100644 ---- a/src/nm-cloud-setup/nm-http-client.c -+++ b/src/nm-cloud-setup/nm-http-client.c -@@ -262,6 +262,7 @@ nm_http_client_req(NMHttpClient *self, - int timeout_msec, - gssize max_data, - const char *const *http_headers, -+ const char *http_method, - GCancellable *cancellable, - GAsyncReadyCallback callback, - gpointer user_data) -@@ -328,6 +329,9 @@ nm_http_client_req(NMHttpClient *self, - curl_easy_setopt(edata->ehandle, CURLOPT_HTTPHEADER, edata->headers); - } - -+ if (http_method) -+ curl_easy_setopt(edata->ehandle, CURLOPT_CUSTOMREQUEST, http_method); -+ - if (timeout_msec > 0) { - edata->timeout_source = _source_attach(self, - nm_g_timeout_source_new(timeout_msec, -@@ -403,6 +407,7 @@ typedef struct { - GTask *task; - char *uri; - const char *const *http_headers; -+ const char *http_method; - NMHttpClientPollReqCheckFcn check_fcn; - gpointer check_user_data; - GBytes *response_data; -@@ -440,6 +445,7 @@ _poll_req_probe_start_fcn(GCancellable *cancellable, - poll_req_data->request_timeout_ms, - poll_req_data->request_max_data, - poll_req_data->http_headers, -+ poll_req_data->http_method, - cancellable, - callback, - user_data); -@@ -526,6 +532,7 @@ nm_http_client_poll_req(NMHttpClient *self, - int poll_timeout_ms, - int ratelimit_timeout_ms, - const char *const *http_headers, -+ const char *http_method, - GCancellable *cancellable, - NMHttpClientPollReqCheckFcn check_fcn, - gpointer check_user_data, -diff --git a/src/nm-cloud-setup/nm-http-client.h b/src/nm-cloud-setup/nm-http-client.h -index c8d3ffb458..641efb1f47 100644 ---- a/src/nm-cloud-setup/nm-http-client.h -+++ b/src/nm-cloud-setup/nm-http-client.h -@@ -39,6 +39,7 @@ void nm_http_client_poll_req(NMHttpClient *self, - int poll_timeout_ms, - int ratelimit_timeout_ms, - const char *const *http_headers, -+ const char *http_method, - GCancellable *cancellable, - NMHttpClientPollReqCheckFcn check_fcn, - gpointer check_user_data, -diff --git a/src/nm-cloud-setup/nmcs-provider-aliyun.c b/src/nm-cloud-setup/nmcs-provider-aliyun.c -index 93f26e7505..0500922058 100644 ---- a/src/nm-cloud-setup/nmcs-provider-aliyun.c -+++ b/src/nm-cloud-setup/nmcs-provider-aliyun.c -@@ -111,6 +111,7 @@ detect(NMCSProvider *provider, GTask *task) - 7000, - 1000, - NULL, -+ NULL, - g_task_get_cancellable(task), - NULL, - NULL, -@@ -372,6 +373,7 @@ _get_config_metadata_ready_cb(GObject *source, GAsyncResult *result, gpointer us - 10000, - 1000, - NULL, -+ NULL, - get_config_data->intern_cancellable, - NULL, - NULL, -@@ -389,6 +391,7 @@ _get_config_metadata_ready_cb(GObject *source, GAsyncResult *result, gpointer us - 10000, - 1000, - NULL, -+ NULL, - get_config_data->intern_cancellable, - NULL, - NULL, -@@ -406,6 +409,7 @@ _get_config_metadata_ready_cb(GObject *source, GAsyncResult *result, gpointer us - 10000, - 1000, - NULL, -+ NULL, - get_config_data->intern_cancellable, - NULL, - NULL, -@@ -423,6 +427,7 @@ _get_config_metadata_ready_cb(GObject *source, GAsyncResult *result, gpointer us - 10000, - 1000, - NULL, -+ NULL, - get_config_data->intern_cancellable, - NULL, - NULL, -@@ -440,6 +445,7 @@ _get_config_metadata_ready_cb(GObject *source, GAsyncResult *result, gpointer us - 10000, - 1000, - NULL, -+ NULL, - get_config_data->intern_cancellable, - NULL, - NULL, -@@ -537,6 +543,7 @@ get_config(NMCSProvider *provider, NMCSProviderGetConfigTaskData *get_config_dat - 15000, - 1000, - NULL, -+ NULL, - get_config_data->intern_cancellable, - _get_config_metadata_ready_check, - get_config_data, -diff --git a/src/nm-cloud-setup/nmcs-provider-azure.c b/src/nm-cloud-setup/nmcs-provider-azure.c -index b1f48f5c18..e74d042026 100644 ---- a/src/nm-cloud-setup/nmcs-provider-azure.c -+++ b/src/nm-cloud-setup/nmcs-provider-azure.c -@@ -76,6 +76,7 @@ detect(NMCSProvider *provider, GTask *task) - 7000, - 1000, - NM_MAKE_STRV(NM_AZURE_METADATA_HEADER), -+ NULL, - g_task_get_cancellable(task), - NULL, - NULL, -@@ -294,6 +295,7 @@ _get_config_ips_prefix_list_cb(GObject *source, GAsyncResult *result, gpointer u - 10000, - 1000, - NM_MAKE_STRV(NM_AZURE_METADATA_HEADER), -+ NULL, - get_config_data->intern_cancellable, - NULL, - NULL, -@@ -316,6 +318,7 @@ _get_config_ips_prefix_list_cb(GObject *source, GAsyncResult *result, gpointer u - 10000, - 1000, - NM_MAKE_STRV(NM_AZURE_METADATA_HEADER), -+ NULL, - get_config_data->intern_cancellable, - NULL, - NULL, -@@ -333,6 +336,7 @@ _get_config_ips_prefix_list_cb(GObject *source, GAsyncResult *result, gpointer u - 10000, - 1000, - NM_MAKE_STRV(NM_AZURE_METADATA_HEADER), -+ NULL, - get_config_data->intern_cancellable, - NULL, - NULL, -@@ -415,6 +419,7 @@ _get_config_iface_cb(GObject *source, GAsyncResult *result, gpointer user_data) - 10000, - 1000, - NM_MAKE_STRV(NM_AZURE_METADATA_HEADER), -+ NULL, - get_config_data->intern_cancellable, - NULL, - NULL, -@@ -515,6 +520,7 @@ _get_net_ifaces_list_cb(GObject *source, GAsyncResult *result, gpointer user_dat - 10000, - 1000, - NM_MAKE_STRV(NM_AZURE_METADATA_HEADER), -+ NULL, - get_config_data->intern_cancellable, - NULL, - NULL, -@@ -538,6 +544,7 @@ get_config(NMCSProvider *provider, NMCSProviderGetConfigTaskData *get_config_dat - 15000, - 1000, - NM_MAKE_STRV(NM_AZURE_METADATA_HEADER), -+ NULL, - get_config_data->intern_cancellable, - NULL, - NULL, -diff --git a/src/nm-cloud-setup/nmcs-provider-ec2.c b/src/nm-cloud-setup/nmcs-provider-ec2.c -index 35f7176c4d..c3c527cfd4 100644 ---- a/src/nm-cloud-setup/nmcs-provider-ec2.c -+++ b/src/nm-cloud-setup/nmcs-provider-ec2.c -@@ -106,6 +106,7 @@ detect(NMCSProvider *provider, GTask *task) - 7000, - 1000, - NULL, -+ NULL, - g_task_get_cancellable(task), - _detect_get_meta_data_check_cb, - NULL, -@@ -264,6 +265,7 @@ _get_config_metadata_ready_cb(GObject *source, GAsyncResult *result, gpointer us - 10000, - 1000, - NULL, -+ NULL, - get_config_data->intern_cancellable, - NULL, - NULL, -@@ -281,6 +283,7 @@ _get_config_metadata_ready_cb(GObject *source, GAsyncResult *result, gpointer us - 10000, - 1000, - NULL, -+ NULL, - get_config_data->intern_cancellable, - NULL, - NULL, -@@ -378,6 +381,7 @@ get_config(NMCSProvider *provider, NMCSProviderGetConfigTaskData *get_config_dat - 15000, - 1000, - NULL, -+ NULL, - get_config_data->intern_cancellable, - _get_config_metadata_ready_check, - get_config_data, -diff --git a/src/nm-cloud-setup/nmcs-provider-gcp.c b/src/nm-cloud-setup/nmcs-provider-gcp.c -index 571c0fb826..ca354865dd 100644 ---- a/src/nm-cloud-setup/nmcs-provider-gcp.c -+++ b/src/nm-cloud-setup/nmcs-provider-gcp.c -@@ -79,6 +79,7 @@ detect(NMCSProvider *provider, GTask *task) - 7000, - 1000, - NM_MAKE_STRV(NM_GCP_METADATA_HEADER), -+ NULL, - g_task_get_cancellable(task), - NULL, - NULL, -@@ -227,6 +228,7 @@ _get_config_ips_list_cb(GObject *source, GAsyncResult *result, gpointer user_dat - HTTP_POLL_TIMEOUT_MS, - HTTP_RATE_LIMIT_MS, - NM_MAKE_STRV(NM_GCP_METADATA_HEADER), -+ NULL, - get_config_data->intern_cancellable, - NULL, - NULL, -@@ -313,6 +315,7 @@ _get_config_iface_cb(GObject *source, GAsyncResult *result, gpointer user_data) - HTTP_POLL_TIMEOUT_MS, - HTTP_RATE_LIMIT_MS, - NM_MAKE_STRV(NM_GCP_METADATA_HEADER), -+ NULL, - get_config_data->intern_cancellable, - NULL, - NULL, -@@ -412,6 +415,7 @@ _get_net_ifaces_list_cb(GObject *source, GAsyncResult *result, gpointer user_dat - HTTP_POLL_TIMEOUT_MS, - HTTP_RATE_LIMIT_MS, - NM_MAKE_STRV(NM_GCP_METADATA_HEADER), -+ NULL, - get_config_data->intern_cancellable, - NULL, - NULL, -@@ -435,6 +439,7 @@ get_config(NMCSProvider *provider, NMCSProviderGetConfigTaskData *get_config_dat - HTTP_POLL_TIMEOUT_MS, - HTTP_RATE_LIMIT_MS, - NM_MAKE_STRV(NM_GCP_METADATA_HEADER), -+ NULL, - get_config_data->intern_cancellable, - NULL, - NULL, --- -2.39.2 - - -From 06fc0ef35dc7e5e6295ab9beecba6071e556d55e Mon Sep 17 00:00:00 2001 -From: Lubomir Rintel -Date: Tue, 7 Mar 2023 13:51:57 +0100 -Subject: [PATCH 5/7] cloud-setup: document detect() and get_config() methods - -Clarify that detect() needs to succeed before get_config(). - -I thought it's sort of common sense, but it's better to be explicit as -we're going to rely on that. - -(cherry picked from commit 088bfd817ab5eb8aa0fb9cffe52fa3f456030ecc) -(cherry picked from commit d99864ccba6d7c9bac66dcbbcc49c01be0ddd719) -(cherry picked from commit 06fc0ef35dc7e5e6295ab9beecba6071e556d55e) ---- - src/nm-cloud-setup/nmcs-provider.h | 28 ++++++++++++++++++++++++++++ - 1 file changed, 28 insertions(+) - -diff --git a/src/nm-cloud-setup/nmcs-provider.h b/src/nm-cloud-setup/nmcs-provider.h -index 502f1d0323..3662fbe391 100644 ---- a/src/nm-cloud-setup/nmcs-provider.h -+++ b/src/nm-cloud-setup/nmcs-provider.h -@@ -152,8 +152,36 @@ typedef struct { - const char *_name; - const char *_env_provider_enabled; - -+ /** -+ * detect: -+ * @self: the #NMCSProvider -+ * @task: a #GTask that's completed when the detection finishes. -+ * -+ * Checks whether the metadata of a particular cloud provider is -+ * accessible on the host machine. The check runs asynchronously. -+ * -+ * When the check finishes, @task is completed. If the check was -+ * successful, @task returns a gboolean of %TRUE. Otherwise -+ * a %FALSE value or an error is returned. -+ * -+ * The routine has to be called before the get_config() can be -+ * used. -+ */ - void (*detect)(NMCSProvider *self, GTask *task); - -+ /** -+ * get_config: -+ * @self: the #NMCSProvider -+ * @get_config_data: encapsulates a #GTask and network configuration data -+ * -+ * Collects the network configuration from metadata service of a -+ * particular cloud provider. The metadata is traversed and checked -+ * asynchronously, completing a task encapsulated in @get_config_data -+ * upon finishing. -+ * -+ * Call to detect() with a successful result is necessary before -+ * using this routine. -+ */ - void (*get_config)(NMCSProvider *self, NMCSProviderGetConfigTaskData *get_config_data); - - } NMCSProviderClass; --- -2.39.2 - - -From e3ac982b32361105708d489a73eaed2bc4dc5f9f Mon Sep 17 00:00:00 2001 -From: Lubomir Rintel -Date: Mon, 27 Feb 2023 00:15:11 +0100 -Subject: [PATCH 6/7] cloud-setup/ec2: start with requesting a IMDSv2 token - -The present version of the EC2 metadata API (IMDSv2) requires a header -with a token to be present in all requests. The token is essentially a -cookie that's not actually a cookie that's obtained with a PUT call that -doesn't put anything. Apparently it's too easy to trick someone into -calling a GET method. - -EC2 now supports IMDSv2 everywhere with IMDSv1 being optional, so let's -just use IMDSv2 unconditionally. Also, the presence of a token API can -be used to detect the AWS EC2 cloud. - -https://bugzilla.redhat.com/show_bug.cgi?id=2151986 -(cherry picked from commit 8b7e12c2d631c47292258c29429cd565715ea186) -(cherry picked from commit 429f36cd81ddbe337f04c09a352fd78cd29e394d) -(cherry picked from commit e3ac982b32361105708d489a73eaed2bc4dc5f9f) ---- - src/nm-cloud-setup/nmcs-provider-ec2.c | 74 +++++++++++++++++++------- - 1 file changed, 54 insertions(+), 20 deletions(-) - -diff --git a/src/nm-cloud-setup/nmcs-provider-ec2.c b/src/nm-cloud-setup/nmcs-provider-ec2.c -index c3c527cfd4..3a27a30e68 100644 ---- a/src/nm-cloud-setup/nmcs-provider-ec2.c -+++ b/src/nm-cloud-setup/nmcs-provider-ec2.c -@@ -16,6 +16,11 @@ - #define NM_EC2_METADATA_URL_BASE /* $NM_EC2_BASE/$NM_EC2_API_VERSION */ \ - "/meta-data/network/interfaces/macs/" - -+/* Token TTL of 180 seconds is chosen abitrarily, in hope that it is -+ * surely more than enough to read all relevant metadata. */ -+#define NM_EC2_TOKEN_TTL_HEADER "X-aws-ec2-metadata-token-ttl-seconds: 180" -+#define NM_EC2_TOKEN_HEADER "X-aws-ec2-metadata-token: " -+ - static const char * - _ec2_base(void) - { -@@ -44,8 +49,15 @@ again: - - /*****************************************************************************/ - -+enum { -+ NM_EC2_HTTP_HEADER_TOKEN, -+ NM_EC2_HTTP_HEADER_SENTINEL, -+ _NM_EC2_HTTP_HEADER_NUM, -+}; -+ - struct _NMCSProviderEC2 { - NMCSProvider parent; -+ char *token; - }; - - struct _NMCSProviderEC2Class { -@@ -56,23 +68,18 @@ G_DEFINE_TYPE(NMCSProviderEC2, nmcs_provider_ec2, NMCS_TYPE_PROVIDER); - - /*****************************************************************************/ - --static gboolean --_detect_get_meta_data_check_cb(long response_code, -- GBytes *response, -- gpointer check_user_data, -- GError **error) --{ -- return response_code == 200 && nmcs_utils_parse_get_full_line(response, "ami-id"); --} -- - static void --_detect_get_meta_data_done_cb(GObject *source, GAsyncResult *result, gpointer user_data) -+_detect_get_token_done_cb(GObject *source, GAsyncResult *result, gpointer user_data) - { - gs_unref_object GTask *task = user_data; -+ NMCSProviderEC2 *self = NMCS_PROVIDER_EC2(g_task_get_source_object(task)); -+ gs_unref_bytes GBytes *response = NULL; - gs_free_error GError *get_error = NULL; - gs_free_error GError *error = NULL; - -- nm_http_client_poll_req_finish(NM_HTTP_CLIENT(source), result, NULL, NULL, &get_error); -+ nm_clear_g_free(&self->token); -+ -+ nm_http_client_poll_req_finish(NM_HTTP_CLIENT(source), result, NULL, &response, &get_error); - - if (nm_utils_error_is_cancelled(get_error)) { - g_task_return_error(task, g_steal_pointer(&get_error)); -@@ -88,6 +95,12 @@ _detect_get_meta_data_done_cb(GObject *source, GAsyncResult *result, gpointer us - return; - } - -+ /* We use the token as-is. Special characters can cause confusion (e.g. -+ * response splitting), but we're not crossing a security boundary. -+ * None of the examples in AWS documentation does any sort of -+ * sanitization either. */ -+ self->token = g_strconcat(NM_EC2_TOKEN_HEADER, g_bytes_get_data(response, NULL), NULL); -+ - g_task_return_boolean(task, TRUE); - } - -@@ -100,17 +113,17 @@ detect(NMCSProvider *provider, GTask *task) - http_client = nmcs_provider_get_http_client(provider); - - nm_http_client_poll_req(http_client, -- (uri = _ec2_uri_concat("latest/meta-data/")), -+ (uri = _ec2_uri_concat("latest/api/token")), - HTTP_TIMEOUT_MS, - 256 * 1024, - 7000, - 1000, -- NULL, -- NULL, -+ NM_MAKE_STRV(NM_EC2_TOKEN_TTL_HEADER), -+ "PUT", - g_task_get_cancellable(task), -- _detect_get_meta_data_check_cb, - NULL, -- _detect_get_meta_data_done_cb, -+ NULL, -+ _detect_get_token_done_cb, - task); - } - -@@ -198,6 +211,7 @@ static void - _get_config_metadata_ready_cb(GObject *source, GAsyncResult *result, gpointer user_data) - { - NMCSProviderGetConfigTaskData *get_config_data; -+ NMCSProviderEC2 *self; - gs_unref_hashtable GHashTable *response_parsed = NULL; - gs_free_error GError *error = NULL; - GetConfigMetadataMac *v_mac_data; -@@ -211,6 +225,7 @@ _get_config_metadata_ready_cb(GObject *source, GAsyncResult *result, gpointer us - return; - - get_config_data = user_data; -+ self = NMCS_PROVIDER_EC2(get_config_data->self); - - response_parsed = g_steal_pointer(&get_config_data->extra_data); - get_config_data->extra_data_destroy = NULL; -@@ -264,7 +279,7 @@ _get_config_metadata_ready_cb(GObject *source, GAsyncResult *result, gpointer us - 512 * 1024, - 10000, - 1000, -- NULL, -+ NM_MAKE_STRV(self->token), - NULL, - get_config_data->intern_cancellable, - NULL, -@@ -282,7 +297,7 @@ _get_config_metadata_ready_cb(GObject *source, GAsyncResult *result, gpointer us - 512 * 1024, - 10000, - 1000, -- NULL, -+ NM_MAKE_STRV(self->token), - NULL, - get_config_data->intern_cancellable, - NULL, -@@ -368,7 +383,13 @@ _get_config_metadata_ready_check(long response_code, - static void - get_config(NMCSProvider *provider, NMCSProviderGetConfigTaskData *get_config_data) - { -- gs_free char *uri = NULL; -+ NMCSProviderEC2 *self = NMCS_PROVIDER_EC2(provider); -+ gs_free char *uri = NULL; -+ -+ /* This can be called only if detect() succeeded, which implies -+ * there must be a token. -+ */ -+ nm_assert(self->token); - - /* First we fetch the "macs/". If the caller requested some particular - * MAC addresses, then we poll until we see them. They might not yet be -@@ -380,7 +401,7 @@ get_config(NMCSProvider *provider, NMCSProviderGetConfigTaskData *get_config_dat - 256 * 1024, - 15000, - 1000, -- NULL, -+ NM_MAKE_STRV(self->token), - NULL, - get_config_data->intern_cancellable, - _get_config_metadata_ready_check, -@@ -395,11 +416,24 @@ static void - nmcs_provider_ec2_init(NMCSProviderEC2 *self) - {} - -+static void -+dispose(GObject *object) -+{ -+ NMCSProviderEC2 *self = NMCS_PROVIDER_EC2(object); -+ -+ nm_clear_g_free(&self->token); -+ -+ G_OBJECT_CLASS(nmcs_provider_ec2_parent_class)->dispose(object); -+} -+ - static void - nmcs_provider_ec2_class_init(NMCSProviderEC2Class *klass) - { -+ GObjectClass *object_class = G_OBJECT_CLASS(klass); - NMCSProviderClass *provider_class = NMCS_PROVIDER_CLASS(klass); - -+ object_class->dispose = dispose; -+ - provider_class->_name = "ec2"; - provider_class->_env_provider_enabled = NMCS_ENV_VARIABLE("NM_CLOUD_SETUP_EC2"); - provider_class->detect = detect; --- -2.39.2 - - -From 6abbdaaa64bad00acb65ba7049dcea6bb7ae1084 Mon Sep 17 00:00:00 2001 -From: Lubomir Rintel -Date: Tue, 21 Mar 2023 22:47:27 +0100 -Subject: [PATCH 7/7] cloud-setup: actually pass the HTTP method in - nm_http_client_poll_req() - -https://bugzilla.redhat.com/show_bug.cgi?id=2179718 -https://bugzilla.redhat.com/show_bug.cgi?id=2181466 - -Fixes: 8b7e12c2d631 ('cloud-setup/ec2: start with requesting a IMDSv2 token') -Fixes: cd74d7500278 ('cloud-setup: make nm_http_client_req() accept a method argument') -(cherry picked from commit f07da04cd9f16ac9e90d3d57d970ac935ad87b4d) -(cherry picked from commit d787c0c59dce57dfacc6602a4f1d5f8d8ed3b193) -(cherry picked from commit 6abbdaaa64bad00acb65ba7049dcea6bb7ae1084) ---- - src/nm-cloud-setup/nm-http-client.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/nm-cloud-setup/nm-http-client.c b/src/nm-cloud-setup/nm-http-client.c -index b3db93e058..db123f1033 100644 ---- a/src/nm-cloud-setup/nm-http-client.c -+++ b/src/nm-cloud-setup/nm-http-client.c -@@ -290,7 +290,7 @@ nm_http_client_req(NMHttpClient *self, - - nmcs_wait_for_objects_register(edata->task); - -- _LOG2D(edata, "start get ..."); -+ _LOG2D(edata, "start %s ...", http_method ?: "get"); - - edata->ehandle = curl_easy_init(); - if (!edata->ehandle) { -@@ -560,6 +560,7 @@ nm_http_client_poll_req(NMHttpClient *self, - .check_user_data = check_user_data, - .response_code = -1, - .http_headers = NULL, -+ .http_method = http_method, - }; - - if (http_headers) { --- -2.39.2 - diff --git a/SOURCES/1002-dns-add-support-to-no-aaaa-option-rh2144521.patch b/SOURCES/1002-dns-add-support-to-no-aaaa-option-rh2144521.patch deleted file mode 100644 index e6a42a4..0000000 --- a/SOURCES/1002-dns-add-support-to-no-aaaa-option-rh2144521.patch +++ /dev/null @@ -1,104 +0,0 @@ -From 53a9c6027f739daf8f49e2180e4ac51f73eae697 Mon Sep 17 00:00:00 2001 -From: Fernando Fernandez Mancera -Date: Tue, 21 Mar 2023 16:39:38 +0000 -Subject: [PATCH] dns: add support to no-aaaa option - -Users can set `no-aaaa` DNS option to suppress AAAA queries made by the -stub resolver, including AAAA lookups triggered by NSS-based interfaces -such as getaddrinfo. Only DNS lookups are affected. - -(cherry picked from commit 9d4bbf78f0b3a80eec9115663bd9db2c6460b369) -(cherry picked from commit f71cd2eb72d97ee9119e812bba7bbd581c587114) -(cherry picked from commit 920ab658b259d940072c61ae43f7013bbb431440) ---- - src/libnm-core-impl/nm-setting-ip-config.c | 8 +++++--- - src/libnm-core-public/nm-setting-ip-config.h | 1 + - src/libnmc-setting/settings-docs.h.in | 4 ++-- - src/nmcli/generate-docs-nm-settings-nmcli.xml.in | 4 ++-- - 4 files changed, 10 insertions(+), 7 deletions(-) - -diff --git a/src/libnm-core-impl/nm-setting-ip-config.c b/src/libnm-core-impl/nm-setting-ip-config.c -index c8fc461396..0e163094f5 100644 ---- a/src/libnm-core-impl/nm-setting-ip-config.c -+++ b/src/libnm-core-impl/nm-setting-ip-config.c -@@ -51,6 +51,7 @@ const NMUtilsDNSOptionDesc _nm_utils_dns_option_descs[] = { - {NM_SETTING_DNS_OPTION_USE_VC, FALSE, FALSE}, - {NM_SETTING_DNS_OPTION_NO_RELOAD, FALSE, FALSE}, - {NM_SETTING_DNS_OPTION_TRUST_AD, FALSE, FALSE}, -+ {NM_SETTING_DNS_OPTION_NO_AAAA, FALSE, FALSE}, - {NULL, FALSE, FALSE}}; - - static char * -@@ -6202,9 +6203,10 @@ nm_setting_ip_config_class_init(NMSettingIPConfigClass *klass) - * distinct from an empty list of properties. - * - * The currently supported options are "attempts", "debug", "edns0", -- * "inet6", "ip6-bytestring", "ip6-dotint", "ndots", "no-check-names", -- * "no-ip6-dotint", "no-reload", "no-tld-query", "rotate", "single-request", -- * "single-request-reopen", "timeout", "trust-ad", "use-vc". -+ * "inet6", "ip6-bytestring", "ip6-dotint", "ndots", "no-aaaa", -+ * "no-check-names", "no-ip6-dotint", "no-reload", "no-tld-query", -+ * "rotate", "single-request", "single-request-reopen", "timeout", -+ * "trust-ad", "use-vc". - * - * The "trust-ad" setting is only honored if the profile contributes - * name servers to resolv.conf, and if all contributing profiles have -diff --git a/src/libnm-core-public/nm-setting-ip-config.h b/src/libnm-core-public/nm-setting-ip-config.h -index acbdec0f61..b42c56a8f3 100644 ---- a/src/libnm-core-public/nm-setting-ip-config.h -+++ b/src/libnm-core-public/nm-setting-ip-config.h -@@ -359,6 +359,7 @@ char *nm_ip_routing_rule_to_string(const NMIPRoutingRule *self, - #define NM_SETTING_DNS_OPTION_USE_VC "use-vc" - #define NM_SETTING_DNS_OPTION_NO_RELOAD "no-reload" - #define NM_SETTING_DNS_OPTION_TRUST_AD "trust-ad" -+#define NM_SETTING_DNS_OPTION_NO_AAAA "no-aaaa" - - typedef struct _NMSettingIPConfigClass NMSettingIPConfigClass; - -diff --git a/src/libnmc-setting/settings-docs.h.in b/src/libnmc-setting/settings-docs.h.in -index 35dfa49f00..62edc77f6b 100644 ---- a/src/libnmc-setting/settings-docs.h.in -+++ b/src/libnmc-setting/settings-docs.h.in -@@ -168,7 +168,7 @@ - #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DHCP_TIMEOUT N_("A timeout for a DHCP transaction in seconds. If zero (the default), a globally configured default is used. If still unspecified, a device specific timeout is used (usually 45 seconds). Set to 2147483647 (MAXINT32) for infinity.") - #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DHCP_VENDOR_CLASS_IDENTIFIER N_("The Vendor Class Identifier DHCP option (60). Special characters in the data string may be escaped using C-style escapes, nevertheless this property cannot contain nul bytes. If the per-profile value is unspecified (the default), a global connection default gets consulted. If still unspecified, the DHCP option is not sent to the server.") - #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DNS N_("Array of IP addresses of DNS servers.") --#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DNS_OPTIONS N_("Array of DNS options as described in man 5 resolv.conf. NULL means that the options are unset and left at the default. In this case NetworkManager will use default options. This is distinct from an empty list of properties. The currently supported options are \"attempts\", \"debug\", \"edns0\", \"inet6\", \"ip6-bytestring\", \"ip6-dotint\", \"ndots\", \"no-check-names\", \"no-ip6-dotint\", \"no-reload\", \"no-tld-query\", \"rotate\", \"single-request\", \"single-request-reopen\", \"timeout\", \"trust-ad\", \"use-vc\". The \"trust-ad\" setting is only honored if the profile contributes name servers to resolv.conf, and if all contributing profiles have \"trust-ad\" enabled. When using a caching DNS plugin (dnsmasq or systemd-resolved in NetworkManager.conf) then \"edns0\" and \"trust-ad\" are automatically added.") -+#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DNS_OPTIONS N_("Array of DNS options as described in man 5 resolv.conf. NULL means that the options are unset and left at the default. In this case NetworkManager will use default options. This is distinct from an empty list of properties. The currently supported options are \"attempts\", \"debug\", \"edns0\", \"inet6\", \"ip6-bytestring\", \"ip6-dotint\", \"ndots\", \"no-aaaa\", \"no-check-names\", \"no-ip6-dotint\", \"no-reload\", \"no-tld-query\", \"rotate\", \"single-request\", \"single-request-reopen\", \"timeout\", \"trust-ad\", \"use-vc\". The \"trust-ad\" setting is only honored if the profile contributes name servers to resolv.conf, and if all contributing profiles have \"trust-ad\" enabled. When using a caching DNS plugin (dnsmasq or systemd-resolved in NetworkManager.conf) then \"edns0\" and \"trust-ad\" are automatically added.") - #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DNS_PRIORITY N_("DNS servers priority. The relative priority for DNS servers specified by this setting. A lower numerical value is better (higher priority). Negative values have the special effect of excluding other configurations with a greater numerical priority value; so in presence of at least one negative priority, only DNS servers from connections with the lowest priority value will be used. To avoid all DNS leaks, set the priority of the profile that should be used to the most negative value of all active connections profiles. Zero selects a globally configured default value. If the latter is missing or zero too, it defaults to 50 for VPNs (including WireGuard) and 100 for other connections. Note that the priority is to order DNS settings for multiple active connections. It does not disambiguate multiple DNS servers within the same connection profile. When multiple devices have configurations with the same priority, VPNs will be considered first, then devices with the best (lowest metric) default route and then all other devices. When using dns=default, servers with higher priority will be on top of resolv.conf. To prioritize a given server over another one within the same connection, just specify them in the desired order. Note that commonly the resolver tries name servers in /etc/resolv.conf in the order listed, proceeding with the next server in the list on failure. See for example the \"rotate\" option of the dns-options setting. If there are any negative DNS priorities, then only name servers from the devices with that lowest priority will be considered. When using a DNS resolver that supports Conditional Forwarding or Split DNS (with dns=dnsmasq or dns=systemd-resolved settings), each connection is used to query domains in its search list. The search domains determine which name servers to ask, and the DNS priority is used to prioritize name servers based on the domain. Queries for domains not present in any search list are routed through connections having the '~.' special wildcard domain, which is added automatically to connections with the default route (or can be added manually). When multiple connections specify the same domain, the one with the best priority (lowest numerical value) wins. If a sub domain is configured on another interface it will be accepted regardless the priority, unless parent domain on the other interface has a negative priority, which causes the sub domain to be shadowed. With Split DNS one can avoid undesired DNS leaks by properly configuring DNS priorities and the search domains, so that only name servers of the desired interface are configured.") - #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DNS_SEARCH N_("List of DNS search domains. Domains starting with a tilde ('~') are considered 'routing' domains and are used only to decide the interface over which a query must be forwarded; they are not used to complete unqualified host names. When using a DNS plugin that supports Conditional Forwarding or Split DNS, then the search domains specify which name servers to query. This makes the behavior different from running with plain /etc/resolv.conf. For more information see also the dns-priority setting. When set on a profile that also enabled DHCP, the DNS search list received automatically (option 119 for DHCPv4 and option 24 for DHCPv6) gets merged with the manual list. This can be prevented by setting \"ignore-auto-dns\". Note that if no DNS searches are configured, the fallback will be derived from the domain from DHCP (option 15).") - #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_GATEWAY N_("The gateway associated with this configuration. This is only meaningful if \"addresses\" is also set. Setting the gateway causes NetworkManager to configure a standard default route with the gateway as next hop. This is ignored if \"never-default\" is set. An alternative is to configure the default route explicitly with a manual route and /0 as prefix length. Note that the gateway usually conflicts with routing that NetworkManager configures for WireGuard interfaces, so usually it should not be set in that case. See \"ip4-auto-default-route\".") -@@ -194,7 +194,7 @@ - #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DHCP_SEND_HOSTNAME N_("If TRUE, a hostname is sent to the DHCP server when acquiring a lease. Some DHCP servers use this hostname to update DNS databases, essentially providing a static hostname for the computer. If the \"dhcp-hostname\" property is NULL and this property is TRUE, the current persistent hostname of the computer is sent.") - #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DHCP_TIMEOUT N_("A timeout for a DHCP transaction in seconds. If zero (the default), a globally configured default is used. If still unspecified, a device specific timeout is used (usually 45 seconds). Set to 2147483647 (MAXINT32) for infinity.") - #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DNS N_("Array of IP addresses of DNS servers.") --#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DNS_OPTIONS N_("Array of DNS options as described in man 5 resolv.conf. NULL means that the options are unset and left at the default. In this case NetworkManager will use default options. This is distinct from an empty list of properties. The currently supported options are \"attempts\", \"debug\", \"edns0\", \"inet6\", \"ip6-bytestring\", \"ip6-dotint\", \"ndots\", \"no-check-names\", \"no-ip6-dotint\", \"no-reload\", \"no-tld-query\", \"rotate\", \"single-request\", \"single-request-reopen\", \"timeout\", \"trust-ad\", \"use-vc\". The \"trust-ad\" setting is only honored if the profile contributes name servers to resolv.conf, and if all contributing profiles have \"trust-ad\" enabled. When using a caching DNS plugin (dnsmasq or systemd-resolved in NetworkManager.conf) then \"edns0\" and \"trust-ad\" are automatically added.") -+#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DNS_OPTIONS N_("Array of DNS options as described in man 5 resolv.conf. NULL means that the options are unset and left at the default. In this case NetworkManager will use default options. This is distinct from an empty list of properties. The currently supported options are \"attempts\", \"debug\", \"edns0\", \"inet6\", \"ip6-bytestring\", \"ip6-dotint\", \"ndots\", \"no-aaaa\", \"no-check-names\", \"no-ip6-dotint\", \"no-reload\", \"no-tld-query\", \"rotate\", \"single-request\", \"single-request-reopen\", \"timeout\", \"trust-ad\", \"use-vc\". The \"trust-ad\" setting is only honored if the profile contributes name servers to resolv.conf, and if all contributing profiles have \"trust-ad\" enabled. When using a caching DNS plugin (dnsmasq or systemd-resolved in NetworkManager.conf) then \"edns0\" and \"trust-ad\" are automatically added.") - #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DNS_PRIORITY N_("DNS servers priority. The relative priority for DNS servers specified by this setting. A lower numerical value is better (higher priority). Negative values have the special effect of excluding other configurations with a greater numerical priority value; so in presence of at least one negative priority, only DNS servers from connections with the lowest priority value will be used. To avoid all DNS leaks, set the priority of the profile that should be used to the most negative value of all active connections profiles. Zero selects a globally configured default value. If the latter is missing or zero too, it defaults to 50 for VPNs (including WireGuard) and 100 for other connections. Note that the priority is to order DNS settings for multiple active connections. It does not disambiguate multiple DNS servers within the same connection profile. When multiple devices have configurations with the same priority, VPNs will be considered first, then devices with the best (lowest metric) default route and then all other devices. When using dns=default, servers with higher priority will be on top of resolv.conf. To prioritize a given server over another one within the same connection, just specify them in the desired order. Note that commonly the resolver tries name servers in /etc/resolv.conf in the order listed, proceeding with the next server in the list on failure. See for example the \"rotate\" option of the dns-options setting. If there are any negative DNS priorities, then only name servers from the devices with that lowest priority will be considered. When using a DNS resolver that supports Conditional Forwarding or Split DNS (with dns=dnsmasq or dns=systemd-resolved settings), each connection is used to query domains in its search list. The search domains determine which name servers to ask, and the DNS priority is used to prioritize name servers based on the domain. Queries for domains not present in any search list are routed through connections having the '~.' special wildcard domain, which is added automatically to connections with the default route (or can be added manually). When multiple connections specify the same domain, the one with the best priority (lowest numerical value) wins. If a sub domain is configured on another interface it will be accepted regardless the priority, unless parent domain on the other interface has a negative priority, which causes the sub domain to be shadowed. With Split DNS one can avoid undesired DNS leaks by properly configuring DNS priorities and the search domains, so that only name servers of the desired interface are configured.") - #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DNS_SEARCH N_("List of DNS search domains. Domains starting with a tilde ('~') are considered 'routing' domains and are used only to decide the interface over which a query must be forwarded; they are not used to complete unqualified host names. When using a DNS plugin that supports Conditional Forwarding or Split DNS, then the search domains specify which name servers to query. This makes the behavior different from running with plain /etc/resolv.conf. For more information see also the dns-priority setting. When set on a profile that also enabled DHCP, the DNS search list received automatically (option 119 for DHCPv4 and option 24 for DHCPv6) gets merged with the manual list. This can be prevented by setting \"ignore-auto-dns\". Note that if no DNS searches are configured, the fallback will be derived from the domain from DHCP (option 15).") - #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_GATEWAY N_("The gateway associated with this configuration. This is only meaningful if \"addresses\" is also set. Setting the gateway causes NetworkManager to configure a standard default route with the gateway as next hop. This is ignored if \"never-default\" is set. An alternative is to configure the default route explicitly with a manual route and /0 as prefix length. Note that the gateway usually conflicts with routing that NetworkManager configures for WireGuard interfaces, so usually it should not be set in that case. See \"ip4-auto-default-route\".") -diff --git a/src/nmcli/generate-docs-nm-settings-nmcli.xml.in b/src/nmcli/generate-docs-nm-settings-nmcli.xml.in -index 9acb76481e..03e6c0b54b 100644 ---- a/src/nmcli/generate-docs-nm-settings-nmcli.xml.in -+++ b/src/nmcli/generate-docs-nm-settings-nmcli.xml.in -@@ -656,7 +656,7 @@ - - -+ description="Array of DNS options as described in man 5 resolv.conf. NULL means that the options are unset and left at the default. In this case NetworkManager will use default options. This is distinct from an empty list of properties. The currently supported options are "attempts", "debug", "edns0", "inet6", "ip6-bytestring", "ip6-dotint", "ndots", "no-aaaa", "no-check-names", "no-ip6-dotint", "no-reload", "no-tld-query", "rotate", "single-request", "single-request-reopen", "timeout", "trust-ad", "use-vc". The "trust-ad" setting is only honored if the profile contributes name servers to resolv.conf, and if all contributing profiles have "trust-ad" enabled. When using a caching DNS plugin (dnsmasq or systemd-resolved in NetworkManager.conf) then "edns0" and "trust-ad" are automatically added." /> - - - -+ description="Array of DNS options as described in man 5 resolv.conf. NULL means that the options are unset and left at the default. In this case NetworkManager will use default options. This is distinct from an empty list of properties. The currently supported options are "attempts", "debug", "edns0", "inet6", "ip6-bytestring", "ip6-dotint", "ndots", "no-aaaa", "no-check-names", "no-ip6-dotint", "no-reload", "no-tld-query", "rotate", "single-request", "single-request-reopen", "timeout", "trust-ad", "use-vc". The "trust-ad" setting is only honored if the profile contributes name servers to resolv.conf, and if all contributing profiles have "trust-ad" enabled. When using a caching DNS plugin (dnsmasq or systemd-resolved in NetworkManager.conf) then "edns0" and "trust-ad" are automatically added." /> - - -Date: Fri, 17 Mar 2023 15:59:27 +0100 -Subject: [PATCH 1/8] libnm: fix ifcfg variable documentation at queue-id - property - -The correct variable for queue-id in ifcfg is BOND_PORT_QUEUE_ID. - -(cherry picked from commit 762cd06ffa4ff56b096128c26c931843429dc8c5) -(cherry picked from commit 87316737f36202902df76e5da6ba130e7bec4dfe) -(cherry picked from commit 40c523cd78ff322954f7b696afee8baee37da810) ---- - src/libnm-core-impl/nm-setting-bond-port.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/libnm-core-impl/nm-setting-bond-port.c b/src/libnm-core-impl/nm-setting-bond-port.c -index 7ea82a763e..d1656a31ac 100644 ---- a/src/libnm-core-impl/nm-setting-bond-port.c -+++ b/src/libnm-core-impl/nm-setting-bond-port.c -@@ -148,7 +148,7 @@ nm_setting_bond_port_class_init(NMSettingBondPortClass *klass) - **/ - /* ---ifcfg-rh--- - * property: queue-id -- * variable: BONDING_OPTS: queue-id= -+ * variable: BOND_PORT_QUEUE_ID(+) - * values: 0 - 65535 - * default: 0 - * description: Queue ID. --- -2.40.1 - - -From 495f3f1918bcde6105b74482613c51fd3b9185b0 Mon Sep 17 00:00:00 2001 -From: Beniamino Galvani -Date: Mon, 27 Feb 2023 10:55:29 +0100 -Subject: [PATCH 2/8] platform: rename link_change() to link_change_extra() - -There are many functions to replace properties of a link -(link_set_address, link_set_mtu, link_set_name, link_change, -etc.). Eventually, they will be replaced by a function that does -everything and removes all the code duplication. - -That function will be named link_change(); rename the current -link_change() to link_change_extra(). - -(cherry picked from commit babe2bacd3e23e03d5066b82ac0bb57c60b9db6f) -(cherry picked from commit 9ae85f6541505300ac811dff4671fe56a6d11ab7) -(cherry picked from commit 0a158141d3423173df0ba6983caed5d3aea8a9c8) ---- - src/libnm-platform/nm-linux-platform.c | 8 ++++---- - src/libnm-platform/nm-platform.c | 7 +++++-- - src/libnm-platform/nm-platform.h | 17 ++++++++++------- - 3 files changed, 19 insertions(+), 13 deletions(-) - -diff --git a/src/libnm-platform/nm-linux-platform.c b/src/libnm-platform/nm-linux-platform.c -index b798d12d2a..527d509498 100644 ---- a/src/libnm-platform/nm-linux-platform.c -+++ b/src/libnm-platform/nm-linux-platform.c -@@ -7984,7 +7984,7 @@ out: - } - - static int --link_change(NMPlatform *platform, NMLinkType type, int ifindex, gconstpointer extra_data) -+link_change_extra(NMPlatform *platform, NMLinkType type, int ifindex, gconstpointer extra_data) - { - nm_auto_nlmsg struct nl_msg *nlmsg = NULL; - -@@ -10824,9 +10824,9 @@ nm_linux_platform_class_init(NMLinuxPlatformClass *klass) - platform_class->sysctl_set_async = sysctl_set_async; - platform_class->sysctl_get = sysctl_get; - -- platform_class->link_add = link_add; -- platform_class->link_change = link_change; -- platform_class->link_delete = link_delete; -+ platform_class->link_add = link_add; -+ platform_class->link_change_extra = link_change_extra; -+ platform_class->link_delete = link_delete; - - platform_class->link_refresh = link_refresh; - -diff --git a/src/libnm-platform/nm-platform.c b/src/libnm-platform/nm-platform.c -index 198e5f0afb..ab98491b45 100644 ---- a/src/libnm-platform/nm-platform.c -+++ b/src/libnm-platform/nm-platform.c -@@ -1388,7 +1388,10 @@ nm_platform_link_add(NMPlatform *self, - } - - int --nm_platform_link_change(NMPlatform *self, NMLinkType type, int ifindex, gconstpointer extra_data) -+nm_platform_link_change_extra(NMPlatform *self, -+ NMLinkType type, -+ int ifindex, -+ gconstpointer extra_data) - { - char buf[512]; - const char *name = nm_platform_link_get_name(self, ifindex); -@@ -1429,7 +1432,7 @@ nm_platform_link_change(NMPlatform *self, NMLinkType type, int ifindex, gconstpo - buf; - })); - -- return klass->link_change(self, type, ifindex, extra_data); -+ return klass->link_change_extra(self, type, ifindex, extra_data); - } - - /** -diff --git a/src/libnm-platform/nm-platform.h b/src/libnm-platform/nm-platform.h -index 30d0b5067c..d87eba3a63 100644 ---- a/src/libnm-platform/nm-platform.h -+++ b/src/libnm-platform/nm-platform.h -@@ -1222,9 +1222,10 @@ typedef struct { - guint32 mtu, - gconstpointer extra_data, - const NMPlatformLink **out_link); -- -- int (*link_change)(NMPlatform *self, NMLinkType type, int ifindex, gconstpointer extra_data); -- -+ int (*link_change_extra)(NMPlatform *self, -+ NMLinkType type, -+ int ifindex, -+ gconstpointer extra_data); - gboolean (*link_delete)(NMPlatform *self, int ifindex); - gboolean (*link_refresh)(NMPlatform *self, int ifindex); - gboolean (*link_set_netns)(NMPlatform *self, int ifindex, int netns_fd); -@@ -1749,8 +1750,10 @@ int nm_platform_link_add(NMPlatform *self, - gconstpointer extra_data, - const NMPlatformLink **out_link); - --int --nm_platform_link_change(NMPlatform *self, NMLinkType type, int ifindex, gconstpointer extra_data); -+int nm_platform_link_change_extra(NMPlatform *self, -+ NMLinkType type, -+ int ifindex, -+ gconstpointer extra_data); - - static inline int - nm_platform_link_veth_add(NMPlatform *self, -@@ -1790,13 +1793,13 @@ nm_platform_link_bridge_add(NMPlatform *self, - static inline int - nm_platform_link_bridge_change(NMPlatform *self, int ifindex, const NMPlatformLnkBridge *props) - { -- return nm_platform_link_change(self, NM_LINK_TYPE_BRIDGE, ifindex, props); -+ return nm_platform_link_change_extra(self, NM_LINK_TYPE_BRIDGE, ifindex, props); - } - - static inline int - nm_platform_link_bond_change(NMPlatform *self, int ifindex, const NMPlatformLnkBond *props) - { -- return nm_platform_link_change(self, NM_LINK_TYPE_BOND, ifindex, props); -+ return nm_platform_link_change_extra(self, NM_LINK_TYPE_BOND, ifindex, props); - } - - static inline int --- -2.40.1 - - -From b58c3ee56f67c6e6e1e4fe0358d95df57537e6b0 Mon Sep 17 00:00:00 2001 -From: Lubomir Rintel -Date: Fri, 30 Sep 2022 22:40:03 +0200 -Subject: [PATCH 3/8] bond,bridge,team: use uuid for con.master when generating - connection - -If we're generating a connection for an externally configured slave, -refer the master by the UUID instead of the device name. - -This doesn't matter most of the time. However, on a checkpoint restore -we need to make sure that a connection that is unambiguously the original -master is up. - -Otherwise it could happen that a different connection was activated on the -same master device and the slaves being restored don't agree on which master -connection to bring up. - -I can't think of any thing that would rely on this but I've been wrong -about more serious things before. - -Fixes-test: @libnm_snapshot_reattach_unmanaged_ports_to_bridge - -https://bugzilla.redhat.com/show_bug.cgi?id=2125615 -(cherry picked from commit dc254f90e2b306700a0b81f7194e9b0438c62f4c) -(cherry picked from commit 836d7511e8b7d9660b18ee9876c635b8512f6966) ---- - src/core/devices/nm-device-bond.c | 9 +++++---- - src/core/devices/nm-device-bridge.c | 9 +++++---- - src/core/devices/team/nm-device-team.c | 9 +++++---- - 3 files changed, 15 insertions(+), 12 deletions(-) - -diff --git a/src/core/devices/nm-device-bond.c b/src/core/devices/nm-device-bond.c -index 10765b609c..9556c57321 100644 ---- a/src/core/devices/nm-device-bond.c -+++ b/src/core/devices/nm-device-bond.c -@@ -224,9 +224,10 @@ controller_update_port_connection(NMDevice *self, - GError **error) - { - NMSettingBondPort *s_port; -- int ifindex_port = nm_device_get_ifindex(port); -- uint queue_id = NM_BOND_PORT_QUEUE_ID_DEF; -- gs_free char *queue_id_str = NULL; -+ int ifindex_port = nm_device_get_ifindex(port); -+ NMConnection *applied_connection = nm_device_get_applied_connection(self); -+ uint queue_id = NM_BOND_PORT_QUEUE_ID_DEF; -+ gs_free char *queue_id_str = NULL; - - g_return_val_if_fail(ifindex_port > 0, FALSE); - -@@ -243,7 +244,7 @@ controller_update_port_connection(NMDevice *self, - - g_object_set(nm_connection_get_setting_connection(connection), - NM_SETTING_CONNECTION_MASTER, -- nm_device_get_iface(self), -+ nm_connection_get_uuid(applied_connection), - NM_SETTING_CONNECTION_SLAVE_TYPE, - NM_SETTING_BOND_SETTING_NAME, - NULL); -diff --git a/src/core/devices/nm-device-bridge.c b/src/core/devices/nm-device-bridge.c -index 31cf361e8e..d8f1337058 100644 ---- a/src/core/devices/nm-device-bridge.c -+++ b/src/core/devices/nm-device-bridge.c -@@ -679,9 +679,10 @@ master_update_slave_connection(NMDevice *device, - NMDeviceBridge *self = NM_DEVICE_BRIDGE(device); - NMSettingConnection *s_con; - NMSettingBridgePort *s_port; -- int ifindex_slave = nm_device_get_ifindex(slave); -- const char *iface = nm_device_get_iface(device); -- const Option *option; -+ int ifindex_slave = nm_device_get_ifindex(slave); -+ NMConnection *applied_connection = nm_device_get_applied_connection(device); -+ -+ const Option *option; - - g_return_val_if_fail(ifindex_slave > 0, FALSE); - -@@ -717,7 +718,7 @@ master_update_slave_connection(NMDevice *device, - - g_object_set(s_con, - NM_SETTING_CONNECTION_MASTER, -- iface, -+ nm_connection_get_uuid(applied_connection), - NM_SETTING_CONNECTION_SLAVE_TYPE, - NM_SETTING_BRIDGE_SETTING_NAME, - NULL); -diff --git a/src/core/devices/team/nm-device-team.c b/src/core/devices/team/nm-device-team.c -index 9eca008a10..b745158ef8 100644 ---- a/src/core/devices/team/nm-device-team.c -+++ b/src/core/devices/team/nm-device-team.c -@@ -258,9 +258,10 @@ master_update_slave_connection(NMDevice *device, - gs_free_error GError *connect_error = NULL; - int err = 0; - struct teamdctl *tdc; -- const char *team_port_config = NULL; -- const char *iface = nm_device_get_iface(device); -- const char *iface_slave = nm_device_get_iface(slave); -+ const char *team_port_config = NULL; -+ const char *iface = nm_device_get_iface(device); -+ const char *iface_slave = nm_device_get_iface(slave); -+ NMConnection *applied_connection = nm_device_get_applied_connection(device); - - tdc = _tdc_connect_new(self, iface, &connect_error); - if (!tdc) { -@@ -299,7 +300,7 @@ master_update_slave_connection(NMDevice *device, - - g_object_set(nm_connection_get_setting_connection(connection), - NM_SETTING_CONNECTION_MASTER, -- iface, -+ nm_connection_get_uuid(applied_connection), - NM_SETTING_CONNECTION_SLAVE_TYPE, - NM_SETTING_TEAM_SETTING_NAME, - NULL); --- -2.40.1 - - -From 8a02a950e1e23f584e5f3750ceb8a69efd7b3328 Mon Sep 17 00:00:00 2001 -From: Fernando Fernandez Mancera -Date: Fri, 3 Mar 2023 16:36:23 +0100 -Subject: [PATCH 4/8] platform: add netlink support for bond port options - -sysfs is deprecated and kernel will not add new bond port options to -sysfs. Netlink is a stable API and therefore is the right method to -communicate with kernel in order to set the link options. - -(cherry picked from commit bb435674b56e876084d4c31138ea95cb3174759f) -(cherry picked from commit 1bce7f0dec6c558fff8c6689d79cb7839eb925fe) -(cherry picked from commit ee592c02dd42ccf6bd45b8927716df5715fa45f8) ---- - src/core/devices/nm-device-bond.c | 42 ++++-------- - src/core/platform/nm-fake-platform.c | 24 +++++++ - src/core/platform/tests/test-link.c | 15 +++++ - src/libnm-glib-aux/nm-shared-utils.h | 8 +++ - src/libnm-platform/nm-linux-platform.c | 79 +++++++++++++++++++++- - src/libnm-platform/nm-platform.c | 90 ++++++++++++++++++++++++++ - src/libnm-platform/nm-platform.h | 25 +++++++ - 7 files changed, 250 insertions(+), 33 deletions(-) - -diff --git a/src/core/devices/nm-device-bond.c b/src/core/devices/nm-device-bond.c -index 9556c57321..0485689d10 100644 ---- a/src/core/devices/nm-device-bond.c -+++ b/src/core/devices/nm-device-bond.c -@@ -223,24 +223,18 @@ controller_update_port_connection(NMDevice *self, - NMConnection *connection, - GError **error) - { -- NMSettingBondPort *s_port; -- int ifindex_port = nm_device_get_ifindex(port); -- NMConnection *applied_connection = nm_device_get_applied_connection(self); -- uint queue_id = NM_BOND_PORT_QUEUE_ID_DEF; -- gs_free char *queue_id_str = NULL; -+ NMSettingBondPort *s_port; -+ int ifindex_port = nm_device_get_ifindex(port); -+ NMConnection *applied_connection = nm_device_get_applied_connection(self); -+ const NMPlatformLink *pllink; - - g_return_val_if_fail(ifindex_port > 0, FALSE); - - s_port = _nm_connection_ensure_setting(connection, NM_TYPE_SETTING_BOND_PORT); -+ pllink = nm_platform_link_get(nm_device_get_platform(port), ifindex_port); - -- queue_id_str = -- nm_platform_sysctl_slave_get_option(nm_device_get_platform(self), ifindex_port, "queue_id"); -- if (queue_id_str) { -- queue_id = -- _nm_utils_ascii_str_to_int64(queue_id_str, 10, 0, 65535, NM_BOND_PORT_QUEUE_ID_DEF); -- g_object_set(s_port, NM_SETTING_BOND_PORT_QUEUE_ID, queue_id, NULL); -- } else -- _LOGW(LOGD_BOND, "failed to read bond port setting '%s'", NM_SETTING_BOND_PORT_QUEUE_ID); -+ if (pllink && pllink->port_kind == NM_PORT_KIND_BOND) -+ g_object_set(s_port, NM_SETTING_BOND_PORT_QUEUE_ID, pllink->port_data.bond.queue_id, NULL); - - g_object_set(nm_connection_get_setting_connection(connection), - NM_SETTING_CONNECTION_MASTER, -@@ -501,23 +495,11 @@ act_stage1_prepare(NMDevice *device, NMDeviceStateReason *out_failure_reason) - static void - commit_port_options(NMDevice *bond_device, NMDevice *port, NMSettingBondPort *s_port) - { -- char queue_id_str[IFNAMSIZ + NM_STRLEN(":") + 5 + 100]; -- -- /* -- * The queue-id of bond port is read only, we should modify bond interface using: -- * echo "eth1:2" > /sys/class/net/bond0/bonding/queue_id -- * Kernel allows parital editing, so no need to care about other bond ports. -- */ -- g_snprintf(queue_id_str, -- sizeof(queue_id_str), -- "%s:%" G_GUINT32_FORMAT, -- nm_device_get_iface(port), -- s_port ? nm_setting_bond_port_get_queue_id(s_port) : NM_BOND_PORT_QUEUE_ID_DEF); -- -- nm_platform_sysctl_master_set_option(nm_device_get_platform(bond_device), -- nm_device_get_ifindex(bond_device), -- "queue_id", -- queue_id_str); -+ nm_platform_link_change( -+ nm_device_get_platform(port), -+ nm_device_get_ifindex(port), -+ &((NMPlatformLinkBondPort){.queue_id = s_port ? nm_setting_bond_port_get_queue_id(s_port) -+ : NM_BOND_PORT_QUEUE_ID_DEF})); - } - - static NMTernary -diff --git a/src/core/platform/nm-fake-platform.c b/src/core/platform/nm-fake-platform.c -index a1ca5434cb..c39c45e586 100644 ---- a/src/core/platform/nm-fake-platform.c -+++ b/src/core/platform/nm-fake-platform.c -@@ -667,6 +667,29 @@ link_supports_sriov(NMPlatform *platform, int ifindex) - } - } - -+static gboolean -+link_change(NMPlatform *platform, -+ int ifindex, -+ NMPortKind port_kind, -+ const NMPlatformLinkPortData *port_data) -+{ -+ NMFakePlatformLink *device = link_get(platform, ifindex); -+ nm_auto_nmpobj NMPObject *obj_tmp = NULL; -+ -+ switch (port_kind) { -+ case NM_PORT_KIND_BOND: -+ obj_tmp = nmp_object_clone(device->obj, FALSE); -+ obj_tmp->link.port_kind = NM_PORT_KIND_BOND; -+ obj_tmp->link.port_data.bond.queue_id = port_data->bond.queue_id; -+ link_set_obj(platform, device, obj_tmp); -+ return TRUE; -+ case NM_PORT_KIND_NONE: -+ return TRUE; -+ } -+ -+ return nm_assert_unreachable_val(TRUE); -+} -+ - static gboolean - link_enslave(NMPlatform *platform, int master, int slave) - { -@@ -1322,6 +1345,7 @@ nm_fake_platform_class_init(NMFakePlatformClass *klass) - platform_class->link_set_address = link_set_address; - platform_class->link_set_mtu = link_set_mtu; - -+ platform_class->link_change = link_change; - platform_class->link_change_flags = link_change_flags; - - platform_class->link_get_driver_info = link_get_driver_info; -diff --git a/src/core/platform/tests/test-link.c b/src/core/platform/tests/test-link.c -index b72bcb65b2..bdbfbea34f 100644 ---- a/src/core/platform/tests/test-link.c -+++ b/src/core/platform/tests/test-link.c -@@ -257,6 +257,21 @@ test_slave(int master, int type, SignalData *master_changed) - else - g_assert(!nm_platform_link_is_up(NM_PLATFORM_GET, ifindex)); - -+ if (NM_IN_SET(link_type, NM_LINK_TYPE_BOND)) { -+ const NMPlatformLink *link; -+ NMPlatformLinkBondPort bond_port; -+ -+ bond_port = (NMPlatformLinkBondPort){ -+ .queue_id = 5, -+ }; -+ g_assert(nm_platform_link_change(NM_PLATFORM_GET, ifindex, &bond_port)); -+ accept_signals(link_changed, 1, 3); -+ -+ link = nmtstp_link_get(NM_PLATFORM_GET, ifindex, SLAVE_NAME); -+ g_assert(link); -+ g_assert_cmpint(link->port_data.bond.queue_id, ==, 5); -+ } -+ - test_link_changed_signal_arg1 = FALSE; - test_link_changed_signal_arg2 = FALSE; - g_signal_connect(NM_PLATFORM_GET, -diff --git a/src/libnm-glib-aux/nm-shared-utils.h b/src/libnm-glib-aux/nm-shared-utils.h -index 53cf7f3e57..b6cbf95504 100644 ---- a/src/libnm-glib-aux/nm-shared-utils.h -+++ b/src/libnm-glib-aux/nm-shared-utils.h -@@ -93,6 +93,14 @@ G_STATIC_ASSERT(sizeof(int) == sizeof(gint32)); - - /*****************************************************************************/ - -+typedef enum _nm_packed { -+ /* No type, empty value */ -+ NM_PORT_KIND_NONE, -+ NM_PORT_KIND_BOND, -+} NMPortKind; -+ -+/*****************************************************************************/ -+ - typedef enum { - - /* No type, used as error value */ -diff --git a/src/libnm-platform/nm-linux-platform.c b/src/libnm-platform/nm-linux-platform.c -index 527d509498..8158f364d2 100644 ---- a/src/libnm-platform/nm-linux-platform.c -+++ b/src/libnm-platform/nm-linux-platform.c -@@ -3241,9 +3241,11 @@ _new_from_nl_link(NMPlatform *platform, - - if (tb[IFLA_LINKINFO]) { - static const struct nla_policy policy_link_info[] = { -- [IFLA_INFO_KIND] = {.type = NLA_STRING}, -- [IFLA_INFO_DATA] = {.type = NLA_NESTED}, -- [IFLA_INFO_XSTATS] = {.type = NLA_NESTED}, -+ [IFLA_INFO_KIND] = {.type = NLA_STRING}, -+ [IFLA_INFO_DATA] = {.type = NLA_NESTED}, -+ [IFLA_INFO_XSTATS] = {.type = NLA_NESTED}, -+ [IFLA_INFO_SLAVE_KIND] = {.type = NLA_STRING}, -+ [IFLA_INFO_SLAVE_DATA] = {.type = NLA_NESTED}, - }; - struct nlattr *li[G_N_ELEMENTS(policy_link_info)]; - -@@ -3254,6 +3256,33 @@ _new_from_nl_link(NMPlatform *platform, - nl_info_kind = nla_get_string(li[IFLA_INFO_KIND]); - - nl_info_data = li[IFLA_INFO_DATA]; -+ -+ if (li[IFLA_INFO_SLAVE_KIND]) { -+ const char *s = nla_get_string(li[IFLA_INFO_SLAVE_KIND]); -+ -+ if (nm_streq(s, "bond")) -+ obj->link.port_kind = NM_PORT_KIND_BOND; -+ } -+ -+ if (li[IFLA_INFO_SLAVE_DATA]) { -+ static const struct nla_policy policy_bond_port[] = { -+ [IFLA_BOND_SLAVE_QUEUE_ID] = {.type = NLA_U16}, -+ }; -+ struct nlattr *bp[G_N_ELEMENTS(policy_bond_port)]; -+ -+ switch (obj->link.port_kind) { -+ case NM_PORT_KIND_BOND: -+ if (nla_parse_nested_arr(bp, li[IFLA_INFO_SLAVE_DATA], policy_bond_port) < 0) -+ return NULL; -+ -+ if (bp[IFLA_BOND_SLAVE_QUEUE_ID]) -+ obj->link.port_data.bond.queue_id = nla_get_u16(bp[IFLA_BOND_SLAVE_QUEUE_ID]); -+ -+ break; -+ case NM_PORT_KIND_NONE: -+ break; -+ } -+ } - } - - if (tb[IFLA_STATS64]) { -@@ -8061,6 +8090,48 @@ link_delete(NMPlatform *platform, int ifindex) - return do_delete_object(platform, &obj_id, nlmsg); - } - -+static gboolean -+link_change(NMPlatform *platform, -+ int ifindex, -+ NMPortKind port_kind, -+ const NMPlatformLinkPortData *port_data) -+{ -+ nm_auto_nlmsg struct nl_msg *nlmsg = NULL; -+ struct nlattr *nl_info; -+ struct nlattr *nl_port_data; -+ -+ nlmsg = _nl_msg_new_link(RTM_NEWLINK, 0, ifindex, NULL); -+ if (!nlmsg) -+ return FALSE; -+ -+ switch (port_kind) { -+ case NM_PORT_KIND_BOND: -+ -+ nm_assert(port_data); -+ -+ if (!(nl_info = nla_nest_start(nlmsg, IFLA_LINKINFO))) -+ goto nla_put_failure; -+ -+ nm_assert(nm_streq0("bond", nm_link_type_to_rtnl_type_string(NM_LINK_TYPE_BOND))); -+ NLA_PUT_STRING(nlmsg, IFLA_INFO_SLAVE_KIND, "bond"); -+ -+ if (!(nl_port_data = nla_nest_start(nlmsg, IFLA_INFO_SLAVE_DATA))) -+ goto nla_put_failure; -+ -+ NLA_PUT_U16(nlmsg, IFLA_BOND_SLAVE_QUEUE_ID, port_data->bond.queue_id); -+ -+ nla_nest_end(nlmsg, nl_port_data); -+ nla_nest_end(nlmsg, nl_info); -+ break; -+ case NM_PORT_KIND_NONE: -+ break; -+ } -+ -+ return do_change_link(platform, CHANGE_LINK_TYPE_UNSPEC, ifindex, nlmsg, NULL) == 0; -+nla_put_failure: -+ g_return_val_if_reached(FALSE); -+} -+ - static gboolean - link_refresh(NMPlatform *platform, int ifindex) - { -@@ -10828,6 +10899,8 @@ nm_linux_platform_class_init(NMLinuxPlatformClass *klass) - platform_class->link_change_extra = link_change_extra; - platform_class->link_delete = link_delete; - -+ platform_class->link_change = link_change; -+ - platform_class->link_refresh = link_refresh; - - platform_class->link_set_netns = link_set_netns; -diff --git a/src/libnm-platform/nm-platform.c b/src/libnm-platform/nm-platform.c -index ab98491b45..01568243a3 100644 ---- a/src/libnm-platform/nm-platform.c -+++ b/src/libnm-platform/nm-platform.c -@@ -61,6 +61,31 @@ G_STATIC_ASSERT(sizeof(((NMPlatformLink *) NULL)->l_address.data) == _NM_UTILS_H - G_STATIC_ASSERT(sizeof(((NMPlatformLink *) NULL)->l_perm_address.data) == _NM_UTILS_HWADDR_LEN_MAX); - G_STATIC_ASSERT(sizeof(((NMPlatformLink *) NULL)->l_broadcast.data) == _NM_UTILS_HWADDR_LEN_MAX); - -+static const char * -+_nmp_link_port_data_to_string(NMPortKind port_kind, -+ const NMPlatformLinkPortData *port_data, -+ char *sbuf, -+ gsize sbuf_len) -+{ -+ const char *sbuf0 = sbuf; -+ -+ nm_assert(port_data); -+ -+ switch (port_kind) { -+ case NM_PORT_KIND_NONE: -+ nm_strbuf_append_c(&sbuf, &sbuf_len, '\0'); -+ goto out; -+ case NM_PORT_KIND_BOND: -+ nm_strbuf_append(&sbuf, &sbuf_len, "port bond queue-id %u", port_data->bond.queue_id); -+ goto out; -+ } -+ -+ nm_strbuf_append(&sbuf, &sbuf_len, "invalid-port-type %d", (int) port_kind); -+ -+out: -+ return sbuf0; -+} -+ - static const char * - _nmp_link_address_to_string(const NMPLinkAddress *addr, - char buf[static(_NM_UTILS_HWADDR_LEN_MAX * 3)]) -@@ -2092,6 +2117,31 @@ nm_platform_link_set_name(NMPlatform *self, int ifindex, const char *name) - return klass->link_set_name(self, ifindex, name); - } - -+gboolean -+nm_platform_link_change(NMPlatform *self, int ifindex, NMPlatformLinkBondPort *bond_port) -+{ -+ _CHECK_SELF(self, klass, FALSE); -+ -+ g_return_val_if_fail(ifindex >= 0, FALSE); -+ -+ if (_LOGD_ENABLED()) { -+ nm_auto_free_gstring GString *str = g_string_new(""); -+ -+ if (bond_port) -+ g_string_append_printf(str, "bond-port queue-id %d", bond_port->queue_id); -+ -+ if (str->len > 0 && str->str[str->len - 1] == ' ') -+ g_string_truncate(str, str->len - 1); -+ -+ _LOG3D("link: change: %s", str->str); -+ } -+ -+ return klass->link_change(self, -+ ifindex, -+ bond_port ? NM_PORT_KIND_BOND : NM_PORT_KIND_NONE, -+ (const NMPlatformLinkPortData *) bond_port); -+} -+ - /** - * nm_platform_link_get_physical_port_id: - * @self: platform instance -@@ -5893,6 +5943,7 @@ nm_platform_link_to_string(const NMPlatformLink *link, char *buf, gsize len) - char *s; - gsize l; - char str_addrmode[30]; -+ char str_port_data[200]; - char str_address[_NM_UTILS_HWADDR_LEN_MAX * 3]; - char str_perm_address[_NM_UTILS_HWADDR_LEN_MAX * 3]; - char str_broadcast[_NM_UTILS_HWADDR_LEN_MAX * 3]; -@@ -5936,6 +5987,11 @@ nm_platform_link_to_string(const NMPlatformLink *link, char *buf, gsize len) - _nmp_link_address_to_string(&link->l_perm_address, str_perm_address); - _nmp_link_address_to_string(&link->l_broadcast, str_broadcast); - -+ _nmp_link_port_data_to_string(link->port_kind, -+ &link->port_data, -+ str_port_data, -+ sizeof(str_port_data)); -+ - str_link_type = nm_link_type_to_string(link->type); - - g_snprintf( -@@ -5957,6 +6013,7 @@ nm_platform_link_to_string(const NMPlatformLink *link, char *buf, gsize len) - "%s%s" /* l_broadcast */ - "%s%s" /* inet6_token */ - "%s%s" /* driver */ -+ "%s%s" /* port_data */ - " rx:%" G_GUINT64_FORMAT ",%" G_GUINT64_FORMAT " tx:%" G_GUINT64_FORMAT - ",%" G_GUINT64_FORMAT, - link->ifindex, -@@ -5989,6 +6046,7 @@ nm_platform_link_to_string(const NMPlatformLink *link, char *buf, gsize len) - : "", - link->driver ? " driver " : "", - link->driver ?: "", -+ NM_PRINT_FMT_QUOTED2(str_port_data[0] != '\0', " ", str_port_data, ""), - link->rx_packets, - link->rx_bytes, - link->tx_packets, -@@ -7927,6 +7985,7 @@ nm_platform_link_hash_update(const NMPlatformLink *obj, NMHashState *h) - obj->arptype, - obj->inet6_addr_gen_mode_inv, - obj->inet6_token, -+ obj->port_kind, - obj->rx_packets, - obj->rx_bytes, - obj->tx_packets, -@@ -7945,6 +8004,20 @@ nm_platform_link_hash_update(const NMPlatformLink *obj, NMHashState *h) - nm_hash_update_mem(h, - obj->l_broadcast.data, - NM_MIN(obj->l_broadcast.len, sizeof(obj->l_broadcast.data))); -+ -+ switch (obj->port_kind) { -+ case NM_PORT_KIND_NONE: -+ break; -+ case NM_PORT_KIND_BOND: -+ nm_platform_link_bond_port_hash_update(&obj->port_data.bond, h); -+ break; -+ } -+} -+ -+void -+nm_platform_link_bond_port_hash_update(const NMPlatformLinkBondPort *obj, NMHashState *h) -+{ -+ nm_hash_update_vals(h, obj->queue_id); - } - - int -@@ -7974,6 +8047,14 @@ nm_platform_link_cmp(const NMPlatformLink *a, const NMPlatformLink *b) - if (a->l_broadcast.len) - NM_CMP_FIELD_MEMCMP_LEN(a, b, l_broadcast.data, a->l_broadcast.len); - NM_CMP_FIELD_MEMCMP(a, b, inet6_token); -+ NM_CMP_FIELD(a, b, port_kind); -+ switch (a->port_kind) { -+ case NM_PORT_KIND_NONE: -+ break; -+ case NM_PORT_KIND_BOND: -+ NM_CMP_RETURN(nm_platform_link_bond_port_cmp(&a->port_data.bond, &b->port_data.bond)); -+ break; -+ } - NM_CMP_FIELD(a, b, rx_packets); - NM_CMP_FIELD(a, b, rx_bytes); - NM_CMP_FIELD(a, b, tx_packets); -@@ -8053,6 +8134,15 @@ nm_platform_lnk_bond_hash_update(const NMPlatformLnkBond *obj, NMHashState *h) - nm_hash_update(h, obj->arp_ip_target, obj->arp_ip_targets_num * sizeof(obj->arp_ip_target[0])); - } - -+int -+nm_platform_link_bond_port_cmp(const NMPlatformLinkBondPort *a, const NMPlatformLinkBondPort *b) -+{ -+ NM_CMP_SELF(a, b); -+ NM_CMP_FIELD(a, b, queue_id); -+ -+ return 0; -+} -+ - int - nm_platform_lnk_bond_cmp(const NMPlatformLnkBond *a, const NMPlatformLnkBond *b) - { -diff --git a/src/libnm-platform/nm-platform.h b/src/libnm-platform/nm-platform.h -index d87eba3a63..f48662d900 100644 ---- a/src/libnm-platform/nm-platform.h -+++ b/src/libnm-platform/nm-platform.h -@@ -216,6 +216,14 @@ struct _NMPlatformObjWithIfindex { - __NMPlatformObjWithIfindex_COMMON; - }; - -+typedef struct { -+ guint16 queue_id; -+} NMPlatformLinkBondPort; -+ -+typedef union { -+ NMPlatformLinkBondPort bond; -+} NMPlatformLinkPortData; -+ - struct _NMPlatformLink { - __NMPlatformObjWithIfindex_COMMON; - char name[NMP_IFNAMSIZ]; -@@ -266,6 +274,12 @@ struct _NMPlatformLink { - guint64 tx_packets; - guint64 tx_bytes; - -+ /* IFLA_INFO_SLAVE_KIND */ -+ NMPortKind port_kind; -+ -+ /* an interface can only hold IFLA_INFO_SLAVE_DATA for one link type */ -+ NMPlatformLinkPortData port_data; -+ - /* @connected is mostly identical to (@n_ifi_flags & IFF_UP). Except for bridge/bond masters, - * where we coerce the link as disconnect if it has no slaves. */ - bool connected : 1; -@@ -1226,6 +1240,10 @@ typedef struct { - NMLinkType type, - int ifindex, - gconstpointer extra_data); -+ gboolean (*link_change)(NMPlatform *self, -+ int ifindex, -+ NMPortKind port_kind, -+ const NMPlatformLinkPortData *port_data); - gboolean (*link_delete)(NMPlatform *self, int ifindex); - gboolean (*link_refresh)(NMPlatform *self, int ifindex); - gboolean (*link_set_netns)(NMPlatform *self, int ifindex, int netns_fd); -@@ -2073,6 +2091,8 @@ nm_platform_link_change_flags(NMPlatform *self, int ifindex, unsigned value, gbo - return nm_platform_link_change_flags_full(self, ifindex, value, set ? value : 0u); - } - -+gboolean nm_platform_link_change(NMPlatform *self, int ifindex, NMPlatformLinkBondPort *bond_port); -+ - gboolean nm_platform_link_get_udev_property(NMPlatform *self, - int ifindex, - const char *name, -@@ -2563,6 +2583,11 @@ int nm_platform_tfilter_cmp(const NMPlatformTfilter *a, const NMPlatformTfilter - int nm_platform_mptcp_addr_cmp(const NMPlatformMptcpAddr *a, const NMPlatformMptcpAddr *b); - - void nm_platform_link_hash_update(const NMPlatformLink *obj, NMHashState *h); -+ -+void nm_platform_link_bond_port_hash_update(const NMPlatformLinkBondPort *obj, NMHashState *h); -+int nm_platform_link_bond_port_cmp(const NMPlatformLinkBondPort *a, -+ const NMPlatformLinkBondPort *b); -+ - void nm_platform_ip4_address_hash_update(const NMPlatformIP4Address *obj, NMHashState *h); - void nm_platform_ip6_address_hash_update(const NMPlatformIP6Address *obj, NMHashState *h); - void nm_platform_ip4_route_hash_update(const NMPlatformIP4Route *obj, --- -2.40.1 - - -From 2ed620bce381b612cff7a14871b8939b48fdaca3 Mon Sep 17 00:00:00 2001 -From: Fernando Fernandez Mancera -Date: Thu, 9 Mar 2023 12:18:14 +0100 -Subject: [PATCH 5/8] platform: add support to prio property in bond ports - -(cherry picked from commit e200b162914d3bda4c03a19652124330a99bb3ae) -(cherry picked from commit 84f17a2fbb73d592a29645003d7d76a9e8b332ca) -(cherry picked from commit c787d22fc8194dc6d07c6b842b5a8a5944f42dc7) ---- - src/core/platform/nm-fake-platform.c | 2 ++ - src/core/platform/tests/test-link.c | 23 +++++++++++++++--- - src/libnm-platform/nm-linux-platform.c | 21 +++++++++++++++++ - src/libnm-platform/nm-platform.c | 32 ++++++++++++++++++++++---- - src/libnm-platform/nm-platform.h | 10 +++++--- - 5 files changed, 78 insertions(+), 10 deletions(-) - -diff --git a/src/core/platform/nm-fake-platform.c b/src/core/platform/nm-fake-platform.c -index c39c45e586..46f374d95c 100644 ---- a/src/core/platform/nm-fake-platform.c -+++ b/src/core/platform/nm-fake-platform.c -@@ -681,6 +681,8 @@ link_change(NMPlatform *platform, - obj_tmp = nmp_object_clone(device->obj, FALSE); - obj_tmp->link.port_kind = NM_PORT_KIND_BOND; - obj_tmp->link.port_data.bond.queue_id = port_data->bond.queue_id; -+ obj_tmp->link.port_data.bond.prio_has = port_data->bond.prio_has; -+ obj_tmp->link.port_data.bond.prio = port_data->bond.prio; - link_set_obj(platform, device, obj_tmp); - return TRUE; - case NM_PORT_KIND_NONE: -diff --git a/src/core/platform/tests/test-link.c b/src/core/platform/tests/test-link.c -index bdbfbea34f..ac1f0d6ff6 100644 ---- a/src/core/platform/tests/test-link.c -+++ b/src/core/platform/tests/test-link.c -@@ -112,7 +112,7 @@ software_add(NMLinkType link_type, const char *name) - gboolean bond0_exists = !!nm_platform_link_get_by_ifname(NM_PLATFORM_GET, "bond0"); - int r; - const NMPlatformLnkBond nm_platform_lnk_bond_default = { -- .mode = 3, -+ .mode = nmtst_rand_select(3, 1), - }; - - r = nm_platform_link_bond_add(NM_PLATFORM_GET, name, &nm_platform_lnk_bond_default, NULL); -@@ -258,18 +258,35 @@ test_slave(int master, int type, SignalData *master_changed) - g_assert(!nm_platform_link_is_up(NM_PLATFORM_GET, ifindex)); - - if (NM_IN_SET(link_type, NM_LINK_TYPE_BOND)) { -- const NMPlatformLink *link; -- NMPlatformLinkBondPort bond_port; -+ NMPlatformLinkBondPort bond_port; -+ gboolean prio_has; -+ gboolean prio_supported; -+ const NMPlatformLink *link; -+ const NMPlatformLnkBond *lnk; -+ -+ link = nmtstp_link_get_typed(NM_PLATFORM_GET, 0, SLAVE_NAME, NM_LINK_TYPE_DUMMY); -+ g_assert(link); -+ -+ lnk = nm_platform_link_get_lnk_bond(NM_PLATFORM_GET, master, NULL); -+ g_assert(lnk); -+ -+ g_assert(NM_IN_SET(lnk->mode, 3, 1)); -+ prio_supported = (lnk->mode == 1); -+ prio_has = nmtst_get_rand_bool() && prio_supported; - - bond_port = (NMPlatformLinkBondPort){ - .queue_id = 5, -+ .prio_has = prio_has, -+ .prio = prio_has ? 6 : 0, - }; -+ - g_assert(nm_platform_link_change(NM_PLATFORM_GET, ifindex, &bond_port)); - accept_signals(link_changed, 1, 3); - - link = nmtstp_link_get(NM_PLATFORM_GET, ifindex, SLAVE_NAME); - g_assert(link); - g_assert_cmpint(link->port_data.bond.queue_id, ==, 5); -+ g_assert(link->port_data.bond.prio_has || link->port_data.bond.prio == 0); - } - - test_link_changed_signal_arg1 = FALSE; -diff --git a/src/libnm-platform/nm-linux-platform.c b/src/libnm-platform/nm-linux-platform.c -index 8158f364d2..19ccb09a86 100644 ---- a/src/libnm-platform/nm-linux-platform.c -+++ b/src/libnm-platform/nm-linux-platform.c -@@ -177,6 +177,8 @@ G_STATIC_ASSERT(RTA_MAX == (__RTA_MAX - 1)); - - /*****************************************************************************/ - -+#define IFLA_BOND_SLAVE_PRIO 9 -+ - #define IFLA_BOND_PEER_NOTIF_DELAY 28 - - #undef IFLA_BOND_MAX -@@ -3267,6 +3269,7 @@ _new_from_nl_link(NMPlatform *platform, - if (li[IFLA_INFO_SLAVE_DATA]) { - static const struct nla_policy policy_bond_port[] = { - [IFLA_BOND_SLAVE_QUEUE_ID] = {.type = NLA_U16}, -+ [IFLA_BOND_SLAVE_PRIO] = {.type = NLA_S32}, - }; - struct nlattr *bp[G_N_ELEMENTS(policy_bond_port)]; - -@@ -3278,6 +3281,21 @@ _new_from_nl_link(NMPlatform *platform, - if (bp[IFLA_BOND_SLAVE_QUEUE_ID]) - obj->link.port_data.bond.queue_id = nla_get_u16(bp[IFLA_BOND_SLAVE_QUEUE_ID]); - -+ if (bp[IFLA_BOND_SLAVE_PRIO]) { -+ obj->link.port_data.bond.prio = nla_get_s32(bp[IFLA_BOND_SLAVE_PRIO]); -+ obj->link.port_data.bond.prio_has = TRUE; -+ if (!_nm_platform_kernel_support_detected( -+ NM_PLATFORM_KERNEL_SUPPORT_TYPE_IFLA_BOND_SLAVE_PRIO)) { -+ /* support for IFLA_BOND_SLAVE_PRIO was added in 0a2ff7cc8ad48a86939a91bd3457f38e59e741a1, -+ * kernel 6.0, 2 October 2022. -+ * -+ * We can only detect support if the attribute is present. A missing attribute -+ * is not conclusive. */ -+ _nm_platform_kernel_support_init( -+ NM_PLATFORM_KERNEL_SUPPORT_TYPE_IFLA_BOND_SLAVE_PRIO, -+ 1); -+ } -+ } - break; - case NM_PORT_KIND_NONE: - break; -@@ -8120,6 +8138,9 @@ link_change(NMPlatform *platform, - - NLA_PUT_U16(nlmsg, IFLA_BOND_SLAVE_QUEUE_ID, port_data->bond.queue_id); - -+ if (port_data->bond.prio_has) -+ NLA_PUT_S32(nlmsg, IFLA_BOND_SLAVE_PRIO, port_data->bond.prio); -+ - nla_nest_end(nlmsg, nl_port_data); - nla_nest_end(nlmsg, nl_info); - break; -diff --git a/src/libnm-platform/nm-platform.c b/src/libnm-platform/nm-platform.c -index 01568243a3..d64c85674a 100644 ---- a/src/libnm-platform/nm-platform.c -+++ b/src/libnm-platform/nm-platform.c -@@ -68,6 +68,7 @@ _nmp_link_port_data_to_string(NMPortKind port_kind, - gsize sbuf_len) - { - const char *sbuf0 = sbuf; -+ char s0[120]; - - nm_assert(port_data); - -@@ -76,7 +77,16 @@ _nmp_link_port_data_to_string(NMPortKind port_kind, - nm_strbuf_append_c(&sbuf, &sbuf_len, '\0'); - goto out; - case NM_PORT_KIND_BOND: -- nm_strbuf_append(&sbuf, &sbuf_len, "port bond queue-id %u", port_data->bond.queue_id); -+ nm_strbuf_append(&sbuf, -+ &sbuf_len, -+ "port bond queue-id %u%s", -+ port_data->bond.queue_id, -+ port_data->bond.prio_has || port_data->bond.prio != 0 -+ ? nm_sprintf_buf(s0, -+ " prio%s %u", -+ port_data->bond.prio_has ? "" : "?", -+ port_data->bond.prio) -+ : ""); - goto out; - } - -@@ -2120,6 +2130,8 @@ nm_platform_link_set_name(NMPlatform *self, int ifindex, const char *name) - gboolean - nm_platform_link_change(NMPlatform *self, int ifindex, NMPlatformLinkBondPort *bond_port) - { -+ char sbuf_prio[100]; -+ - _CHECK_SELF(self, klass, FALSE); - - g_return_val_if_fail(ifindex >= 0, FALSE); -@@ -2127,8 +2139,18 @@ nm_platform_link_change(NMPlatform *self, int ifindex, NMPlatformLinkBondPort *b - if (_LOGD_ENABLED()) { - nm_auto_free_gstring GString *str = g_string_new(""); - -- if (bond_port) -- g_string_append_printf(str, "bond-port queue-id %d", bond_port->queue_id); -+ if (bond_port) { -+ nm_assert(bond_port->prio_has || bond_port->prio == 0); -+ g_string_append_printf(str, -+ "bond-port queue-id %d %s", -+ bond_port->queue_id, -+ bond_port->prio_has || bond_port->prio != 0 -+ ? nm_sprintf_buf(sbuf_prio, -+ "prio%s %" G_GINT32_FORMAT, -+ !bond_port->prio_has ? "?" : "", -+ bond_port->prio) -+ : ""); -+ } - - if (str->len > 0 && str->str[str->len - 1] == ' ') - g_string_truncate(str, str->len - 1); -@@ -8017,7 +8039,7 @@ nm_platform_link_hash_update(const NMPlatformLink *obj, NMHashState *h) - void - nm_platform_link_bond_port_hash_update(const NMPlatformLinkBondPort *obj, NMHashState *h) - { -- nm_hash_update_vals(h, obj->queue_id); -+ nm_hash_update_vals(h, obj->prio, obj->queue_id, NM_HASH_COMBINE_BOOLS(guint8, obj->prio_has)); - } - - int -@@ -8139,6 +8161,8 @@ nm_platform_link_bond_port_cmp(const NMPlatformLinkBondPort *a, const NMPlatform - { - NM_CMP_SELF(a, b); - NM_CMP_FIELD(a, b, queue_id); -+ NM_CMP_FIELD(a, b, prio); -+ NM_CMP_FIELD_BOOL(a, b, prio_has); - - return 0; - } -diff --git a/src/libnm-platform/nm-platform.h b/src/libnm-platform/nm-platform.h -index f48662d900..611f50f901 100644 ---- a/src/libnm-platform/nm-platform.h -+++ b/src/libnm-platform/nm-platform.h -@@ -217,7 +217,9 @@ struct _NMPlatformObjWithIfindex { - }; - - typedef struct { -+ gint32 prio; - guint16 queue_id; -+ bool prio_has : 1; - } NMPlatformLinkBondPort; - - typedef union { -@@ -274,12 +276,12 @@ struct _NMPlatformLink { - guint64 tx_packets; - guint64 tx_bytes; - -- /* IFLA_INFO_SLAVE_KIND */ -- NMPortKind port_kind; -- - /* an interface can only hold IFLA_INFO_SLAVE_DATA for one link type */ - NMPlatformLinkPortData port_data; - -+ /* IFLA_INFO_SLAVE_KIND */ -+ NMPortKind port_kind; -+ - /* @connected is mostly identical to (@n_ifi_flags & IFF_UP). Except for bridge/bond masters, - * where we coerce the link as disconnect if it has no slaves. */ - bool connected : 1; -@@ -1140,6 +1142,8 @@ typedef enum { - * were added at the same time. */ - NM_PLATFORM_KERNEL_SUPPORT_TYPE_FRA_IP_PROTO, - -+ NM_PLATFORM_KERNEL_SUPPORT_TYPE_IFLA_BOND_SLAVE_PRIO, -+ - _NM_PLATFORM_KERNEL_SUPPORT_NUM, - } NMPlatformKernelSupportType; - --- -2.40.1 - - -From 17badd932a2422a1d493ec3ad962d811f3854136 Mon Sep 17 00:00:00 2001 -From: Fernando Fernandez Mancera -Date: Tue, 9 May 2023 12:46:09 +0200 -Subject: [PATCH 6/8] libnm: add NM_VERSION_1_40_20 - -(cherry picked from commit 4fd186bbf6cf9f791c7166a04c9ef4b7ec101a80) ---- - src/libnm-core-public/nm-version-macros.h.in | 1 + - src/libnm-core-public/nm-version.h | 6 ++++++ - 2 files changed, 7 insertions(+) - -diff --git a/src/libnm-core-public/nm-version-macros.h.in b/src/libnm-core-public/nm-version-macros.h.in -index fc854aef86..cb3350f19c 100644 ---- a/src/libnm-core-public/nm-version-macros.h.in -+++ b/src/libnm-core-public/nm-version-macros.h.in -@@ -73,6 +73,7 @@ - #define NM_VERSION_1_38 (NM_ENCODE_VERSION (1, 38, 0)) - #define NM_VERSION_1_40 (NM_ENCODE_VERSION (1, 40, 0)) - #define NM_VERSION_1_40_4 (NM_ENCODE_VERSION (1, 40, 4)) -+#define NM_VERSION_1_40_20 (NM_ENCODE_VERSION (1, 40, 20)) - - /* For releases, NM_API_VERSION is equal to NM_VERSION. - * -diff --git a/src/libnm-core-public/nm-version.h b/src/libnm-core-public/nm-version.h -index d9f9a12121..5b924ce620 100644 ---- a/src/libnm-core-public/nm-version.h -+++ b/src/libnm-core-public/nm-version.h -@@ -347,6 +347,12 @@ - #define NM_AVAILABLE_IN_1_40_4 - #endif - -+#if NM_VERSION_MAX_ALLOWED < NM_VERSION_1_40_20 -+#define NM_AVAILABLE_IN_1_40_20 G_UNAVAILABLE(1, 40.20) -+#else -+#define NM_AVAILABLE_IN_1_40_20 -+#endif -+ - /* - * Synchronous API for calling D-Bus in libnm is deprecated. See - * https://networkmanager.dev/docs/libnm/latest/usage.html#sync-api --- -2.40.1 - - -From 7f3f3f50cf7d71c16c532dd73e0d4a2d6ffc129f Mon Sep 17 00:00:00 2001 -From: Fernando Fernandez Mancera -Date: Thu, 9 Mar 2023 12:18:14 +0100 -Subject: [PATCH 7/8] bonding: add support to prio property in bond ports - -Add per port priority support for bond active port re-selection during -failover. A higher number means a higher priority in selection. The -primary port still has the highest priority. This option is only -compatible with active-backup, balance-tlb and balance-alb modes. - -(cherry picked from commit 2f0571f1930ff2c11de4f48b4433ca5fe6c897a0) -(cherry picked from commit 748f6388aa0217b2c1c8bf879697ce48bcba8317) -(cherry picked from commit d36620e654b20146e49209c191b7230936cc1596) ---- - src/core/devices/nm-device-bond.c | 58 +++++++++++++++++-- - .../plugins/ifcfg-rh/nms-ifcfg-rh-reader.c | 23 ++++++-- - .../plugins/ifcfg-rh/nms-ifcfg-rh-utils.c | 1 + - .../plugins/ifcfg-rh/nms-ifcfg-rh-utils.h | 2 +- - .../plugins/ifcfg-rh/nms-ifcfg-rh-writer.c | 4 +- - .../plugins/ifcfg-rh/tests/test-ifcfg-rh.c | 1 + - src/libnm-base/nm-base.h | 1 + - src/libnm-client-impl/libnm.ver | 5 ++ - src/libnm-client-impl/tests/test-gir.py | 4 +- - src/libnm-core-impl/nm-setting-bond-port.c | 48 ++++++++++++++- - src/libnm-core-public/nm-setting-bond-port.h | 4 ++ - src/libnmc-setting/nm-meta-setting-desc.c | 6 ++ - src/libnmc-setting/settings-docs.h.in | 1 + - .../generate-docs-nm-settings-nmcli.xml.in | 3 + - 14 files changed, 146 insertions(+), 15 deletions(-) - -diff --git a/src/core/devices/nm-device-bond.c b/src/core/devices/nm-device-bond.c -index 0485689d10..9ecb2ac7ae 100644 ---- a/src/core/devices/nm-device-bond.c -+++ b/src/core/devices/nm-device-bond.c -@@ -234,7 +234,12 @@ controller_update_port_connection(NMDevice *self, - pllink = nm_platform_link_get(nm_device_get_platform(port), ifindex_port); - - if (pllink && pllink->port_kind == NM_PORT_KIND_BOND) -- g_object_set(s_port, NM_SETTING_BOND_PORT_QUEUE_ID, pllink->port_data.bond.queue_id, NULL); -+ g_object_set(s_port, -+ NM_SETTING_BOND_PORT_QUEUE_ID, -+ pllink->port_data.bond.queue_id, -+ NM_SETTING_BOND_PORT_PRIO, -+ pllink->port_data.bond.prio, -+ NULL); - - g_object_set(nm_connection_get_setting_connection(connection), - NM_SETTING_CONNECTION_MASTER, -@@ -495,11 +500,52 @@ act_stage1_prepare(NMDevice *device, NMDeviceStateReason *out_failure_reason) - static void - commit_port_options(NMDevice *bond_device, NMDevice *port, NMSettingBondPort *s_port) - { -- nm_platform_link_change( -- nm_device_get_platform(port), -- nm_device_get_ifindex(port), -- &((NMPlatformLinkBondPort){.queue_id = s_port ? nm_setting_bond_port_get_queue_id(s_port) -- : NM_BOND_PORT_QUEUE_ID_DEF})); -+ NMBondMode mode = NM_BOND_MODE_UNKNOWN; -+ const char *value; -+ NMSettingBond *s_bond; -+ gint32 prio; -+ gboolean prio_has; -+ -+ s_bond = nm_device_get_applied_setting(bond_device, NM_TYPE_SETTING_BOND); -+ if (s_bond) { -+ value = nm_setting_bond_get_option_normalized(s_bond, NM_SETTING_BOND_OPTION_MODE); -+ mode = _nm_setting_bond_mode_from_string(value); -+ } -+ -+ prio = s_port ? nm_setting_bond_port_get_prio(s_port) : NM_BOND_PORT_PRIO_DEF; -+ -+ if (prio != 0) { -+ /* The profile explicitly sets the priority. No matter what, we try to set it -+ * in netlink. */ -+ prio_has = TRUE; -+ } else if (!NM_IN_SET(mode, NM_BOND_MODE_ACTIVEBACKUP, NM_BOND_MODE_TLB, NM_BOND_MODE_ALB)) { -+ /* The priority only is configurable with certain modes. If we don't have -+ * one of those modes, don't try to set the priority explicitly to zero. */ -+ prio_has = FALSE; -+ } else if (nm_platform_kernel_support_get_full( -+ NM_PLATFORM_KERNEL_SUPPORT_TYPE_IFLA_BOND_SLAVE_PRIO, -+ FALSE) -+ == NM_OPTION_BOOL_TRUE) { -+ /* We can only detect support if we have it. We cannot detect lack of support if -+ * we don't have it. -+ * -+ * But we did explicitly detect support, so explicitly set the prio to zero. */ -+ prio_has = TRUE; -+ } else { -+ /* We either have an unsuitable mode or didn't detect kernel support for the -+ * priority. Don't explicitly set priority to zero. It is already the default, -+ * so it shouldn't be necessary. */ -+ prio_has = FALSE; -+ } -+ -+ nm_platform_link_change(nm_device_get_platform(port), -+ nm_device_get_ifindex(port), -+ &((NMPlatformLinkBondPort){ -+ .queue_id = s_port ? nm_setting_bond_port_get_queue_id(s_port) -+ : NM_BOND_PORT_QUEUE_ID_DEF, -+ .prio = prio_has ? prio : 0, -+ .prio_has = prio_has, -+ })); - } - - static NMTernary -diff --git a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c -index 4d8e7bd69b..02ba843201 100644 ---- a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c -+++ b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c -@@ -5557,6 +5557,7 @@ make_bond_port_setting(shvarFile *ifcfg) - gs_free char *value_to_free = NULL; - const char *value; - guint queue_id; -+ gint32 prio; - - g_return_val_if_fail(ifcfg != NULL, FALSE); - -@@ -5565,11 +5566,23 @@ make_bond_port_setting(shvarFile *ifcfg) - s_port = nm_setting_bond_port_new(); - queue_id = - _nm_utils_ascii_str_to_uint64(value, 10, 0, G_MAXUINT16, NM_BOND_PORT_QUEUE_ID_DEF); -- if (errno != 0) { -- PARSE_WARNING("Invalid bond port queue_id value '%s'", value); -- return s_port; -- } -- g_object_set(G_OBJECT(s_port), NM_SETTING_BOND_PORT_QUEUE_ID, queue_id, NULL); -+ if (errno != 0) -+ PARSE_WARNING("Invalid bond port queue_id value BOND_PORT_QUEUE_ID '%s'", value); -+ else -+ g_object_set(G_OBJECT(s_port), NM_SETTING_BOND_PORT_QUEUE_ID, queue_id, NULL); -+ } -+ -+ nm_clear_g_free(&value_to_free); -+ value = svGetValue(ifcfg, "BOND_PORT_PRIO", &value_to_free); -+ if (value) { -+ if (!s_port) -+ s_port = nm_setting_bond_port_new(); -+ prio = -+ _nm_utils_ascii_str_to_int64(value, 10, G_MININT32, G_MAXINT32, NM_BOND_PORT_PRIO_DEF); -+ if (errno != 0) -+ PARSE_WARNING("Invalid bond port prio value BOND_PORT_PRIO '%s'", value); -+ else -+ g_object_set(G_OBJECT(s_port), NM_SETTING_BOND_PORT_PRIO, prio, NULL); - } - - return s_port; -diff --git a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.c b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.c -index e1ef817478..ef4276da73 100644 ---- a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.c -+++ b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.c -@@ -827,6 +827,7 @@ const NMSIfcfgKeyTypeInfo nms_ifcfg_well_known_keys[] = { - _KEY_TYPE("BAND", NMS_IFCFG_KEY_TYPE_IS_PLAIN), - _KEY_TYPE("BONDING_MASTER", NMS_IFCFG_KEY_TYPE_IS_PLAIN), - _KEY_TYPE("BONDING_OPTS", NMS_IFCFG_KEY_TYPE_IS_PLAIN), -+ _KEY_TYPE("BOND_PORT_PRIO", NMS_IFCFG_KEY_TYPE_IS_PLAIN), - _KEY_TYPE("BOND_PORT_QUEUE_ID", NMS_IFCFG_KEY_TYPE_IS_PLAIN), - _KEY_TYPE("BOOTPROTO", NMS_IFCFG_KEY_TYPE_IS_PLAIN), - _KEY_TYPE("BRIDGE", NMS_IFCFG_KEY_TYPE_IS_PLAIN), -diff --git a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.h b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.h -index d1f8dbad9c..e3d3d87321 100644 ---- a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.h -+++ b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.h -@@ -33,7 +33,7 @@ typedef struct { - NMSIfcfgKeyTypeFlags key_flags; - } NMSIfcfgKeyTypeInfo; - --extern const NMSIfcfgKeyTypeInfo nms_ifcfg_well_known_keys[256]; -+extern const NMSIfcfgKeyTypeInfo nms_ifcfg_well_known_keys[257]; - - const NMSIfcfgKeyTypeInfo *nms_ifcfg_well_known_key_find_info(const char *key, gssize *out_idx); - -diff --git a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c -index e8948c3dd0..e340c9fe13 100644 ---- a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c -+++ b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c -@@ -1910,8 +1910,10 @@ write_bond_port_setting(NMConnection *connection, shvarFile *ifcfg) - NMSettingBondPort *s_port; - - s_port = _nm_connection_get_setting(connection, NM_TYPE_SETTING_BOND_PORT); -- if (s_port) -+ if (s_port) { - svSetValueInt64(ifcfg, "BOND_PORT_QUEUE_ID", nm_setting_bond_port_get_queue_id(s_port)); -+ svSetValueInt64(ifcfg, "BOND_PORT_PRIO", nm_setting_bond_port_get_prio(s_port)); -+ } - } - - static gboolean -diff --git a/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c b/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c -index 886a605fb2..d2ac2b29db 100644 ---- a/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c -+++ b/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c -@@ -8325,6 +8325,7 @@ test_write_bond_port(void) - - s_bond_port = _nm_connection_new_setting(connection, NM_TYPE_SETTING_BOND_PORT); - g_object_set(s_bond_port, NM_SETTING_BOND_PORT_QUEUE_ID, 1, NULL); -+ g_object_set(s_bond_port, NM_SETTING_BOND_PORT_PRIO, 10, NULL); - - nmtst_assert_connection_verifies(connection); - -diff --git a/src/libnm-base/nm-base.h b/src/libnm-base/nm-base.h -index 28feb48429..b9161c7680 100644 ---- a/src/libnm-base/nm-base.h -+++ b/src/libnm-base/nm-base.h -@@ -392,6 +392,7 @@ typedef struct { - /****************************************************************************/ - - #define NM_BOND_PORT_QUEUE_ID_DEF 0 -+#define NM_BOND_PORT_PRIO_DEF 0 - - /*****************************************************************************/ - -diff --git a/src/libnm-client-impl/libnm.ver b/src/libnm-client-impl/libnm.ver -index 2478defa34..7c98646253 100644 ---- a/src/libnm-client-impl/libnm.ver -+++ b/src/libnm-client-impl/libnm.ver -@@ -1878,3 +1878,8 @@ global: - nm_utils_ip_routes_to_variant; - nm_vpn_plugin_info_supports_multiple; - } libnm_1_40_0; -+ -+libnm_1_40_20_bondp { -+global: -+ nm_setting_bond_port_get_prio; -+} libnm_1_40_0; -diff --git a/src/libnm-client-impl/tests/test-gir.py b/src/libnm-client-impl/tests/test-gir.py -index d91849b8fe..84919dd533 100755 ---- a/src/libnm-client-impl/tests/test-gir.py -+++ b/src/libnm-client-impl/tests/test-gir.py -@@ -97,8 +97,10 @@ def syms_from_ver(verfile): - ): - c_syms[str_removesuffix(line, ";")] = version - -- # This one is... messy. -+ # These are exceptions and we cannot know the version for the symbol so we -+ # harcode it. - c_syms["nm_ethtool_optname_is_feature"] = "1.20" -+ c_syms["nm_setting_bond_port_get_prio"] = "1.44" - - return c_syms - -diff --git a/src/libnm-core-impl/nm-setting-bond-port.c b/src/libnm-core-impl/nm-setting-bond-port.c -index d1656a31ac..a6daad8b19 100644 ---- a/src/libnm-core-impl/nm-setting-bond-port.c -+++ b/src/libnm-core-impl/nm-setting-bond-port.c -@@ -22,9 +22,10 @@ - - /*****************************************************************************/ - --NM_GOBJECT_PROPERTIES_DEFINE(NMSettingBondPort, PROP_QUEUE_ID, ); -+NM_GOBJECT_PROPERTIES_DEFINE(NMSettingBondPort, PROP_QUEUE_ID, PROP_PRIO, ); - - typedef struct { -+ gint32 prio; - guint32 queue_id; - } NMSettingBondPortPrivate; - -@@ -65,6 +66,22 @@ nm_setting_bond_port_get_queue_id(NMSettingBondPort *setting) - return NM_SETTING_BOND_PORT_GET_PRIVATE(setting)->queue_id; - } - -+/** -+ * nm_setting_bond_port_get_prio: -+ * @setting: the #NMSettingBondPort -+ * -+ * Returns: the #NMSettingBondPort:prio property of the setting -+ * -+ * Since: 1.44, 1.42.8, 1.40.20, rhel-8.9 -+ **/ -+gint32 -+nm_setting_bond_port_get_prio(NMSettingBondPort *setting) -+{ -+ g_return_val_if_fail(NM_IS_SETTING_BOND_PORT(setting), 0); -+ -+ return NM_SETTING_BOND_PORT_GET_PRIVATE(setting)->prio; -+} -+ - /*****************************************************************************/ - - static gboolean -@@ -165,6 +182,35 @@ nm_setting_bond_port_class_init(NMSettingBondPortClass *klass) - NMSettingBondPort, - _priv.queue_id); - -+ /** -+ * NMSettingBondPort:prio: -+ * -+ * The port priority for bond active port re-selection during failover. A -+ * higher number means a higher priority in selection. The primary port has -+ * the highest priority. This option is only compatible with active-backup, -+ * balance-tlb and balance-alb modes. -+ * -+ * Since: 1.44, 1.42.8, 1.40.20, rhel-8.9 -+ **/ -+ /* ---ifcfg-rh--- -+ * property: prio -+ * variable: BOND_PORT_PRIO(+) -+ * values: -2147483648 - 2147483647 -+ * default: 0 -+ * description: Port priority. -+ * ---end--- -+ */ -+ _nm_setting_property_define_direct_int32(properties_override, -+ obj_properties, -+ NM_SETTING_BOND_PORT_PRIO, -+ PROP_PRIO, -+ G_MININT32, -+ G_MAXINT32, -+ NM_BOND_PORT_PRIO_DEF, -+ NM_SETTING_PARAM_INFERRABLE, -+ NMSettingBondPort, -+ _priv.prio); -+ - g_object_class_install_properties(object_class, _PROPERTY_ENUMS_LAST, obj_properties); - - _nm_setting_class_commit(setting_class, -diff --git a/src/libnm-core-public/nm-setting-bond-port.h b/src/libnm-core-public/nm-setting-bond-port.h -index 0b20e4a8cb..abaedfcd6d 100644 ---- a/src/libnm-core-public/nm-setting-bond-port.h -+++ b/src/libnm-core-public/nm-setting-bond-port.h -@@ -29,6 +29,7 @@ G_BEGIN_DECLS - #define NM_SETTING_BOND_PORT_SETTING_NAME "bond-port" - - #define NM_SETTING_BOND_PORT_QUEUE_ID "queue-id" -+#define NM_SETTING_BOND_PORT_PRIO "prio" - - typedef struct _NMSettingBondPortClass NMSettingBondPortClass; - -@@ -41,6 +42,9 @@ NMSetting *nm_setting_bond_port_new(void); - NM_AVAILABLE_IN_1_34 - guint32 nm_setting_bond_port_get_queue_id(NMSettingBondPort *setting); - -+NM_AVAILABLE_IN_1_40_20 -+gint32 nm_setting_bond_port_get_prio(NMSettingBondPort *setting); -+ - G_END_DECLS - - #endif /* __NM_SETTING_BOND_PORT_H__ */ -diff --git a/src/libnmc-setting/nm-meta-setting-desc.c b/src/libnmc-setting/nm-meta-setting-desc.c -index 31beb65ef9..5714722de2 100644 ---- a/src/libnmc-setting/nm-meta-setting-desc.c -+++ b/src/libnmc-setting/nm-meta-setting-desc.c -@@ -5154,6 +5154,12 @@ static const NMMetaPropertyInfo *const property_infos_BOND_PORT[] = { - .prompt = N_("Queue ID"), - .property_type = &_pt_gobject_int, - ), -+ PROPERTY_INFO_WITH_DESC (NM_SETTING_BOND_PORT_PRIO, -+ .is_cli_option = TRUE, -+ .property_alias = "prio", -+ .prompt = N_("Port Priority"), -+ .property_type= &_pt_gobject_int, -+ ), - NULL - }; - -diff --git a/src/libnmc-setting/settings-docs.h.in b/src/libnmc-setting/settings-docs.h.in -index 62edc77f6b..6a5f416348 100644 ---- a/src/libnmc-setting/settings-docs.h.in -+++ b/src/libnmc-setting/settings-docs.h.in -@@ -426,6 +426,7 @@ - #define DESCRIBE_DOC_NM_SETTING_WPAN_PAGE N_("IEEE 802.15.4 channel page. A positive integer or -1, meaning \"do not set, use whatever the device is already set to\".") - #define DESCRIBE_DOC_NM_SETTING_WPAN_PAN_ID N_("IEEE 802.15.4 Personal Area Network (PAN) identifier.") - #define DESCRIBE_DOC_NM_SETTING_WPAN_SHORT_ADDRESS N_("Short IEEE 802.15.4 address to be used within a restricted environment.") -+#define DESCRIBE_DOC_NM_SETTING_BOND_PORT_PRIO N_("The port priority for bond active port re-selection during failover. A higher number means a higher priority in selection. The primary port has the highest priority. This option is only compatible with active-backup, balance-tlb and balance-alb modes.") - #define DESCRIBE_DOC_NM_SETTING_BOND_PORT_QUEUE_ID N_("The queue ID of this bond port. The maximum value of queue ID is the number of TX queues currently active in device.") - #define DESCRIBE_DOC_NM_SETTING_HOSTNAME_FROM_DHCP N_("Whether the system hostname can be determined from DHCP on this connection. When set to NM_TERNARY_DEFAULT (-1), the value from global configuration is used. If the property doesn't have a value in the global configuration, NetworkManager assumes the value to be NM_TERNARY_TRUE (1).") - #define DESCRIBE_DOC_NM_SETTING_HOSTNAME_FROM_DNS_LOOKUP N_("Whether the system hostname can be determined from reverse DNS lookup of addresses on this device. When set to NM_TERNARY_DEFAULT (-1), the value from global configuration is used. If the property doesn't have a value in the global configuration, NetworkManager assumes the value to be NM_TERNARY_TRUE (1).") -diff --git a/src/nmcli/generate-docs-nm-settings-nmcli.xml.in b/src/nmcli/generate-docs-nm-settings-nmcli.xml.in -index 03e6c0b54b..adf7895f0d 100644 ---- a/src/nmcli/generate-docs-nm-settings-nmcli.xml.in -+++ b/src/nmcli/generate-docs-nm-settings-nmcli.xml.in -@@ -271,6 +271,9 @@ - -+ - - - -Date: Wed, 10 May 2023 18:18:18 +0200 -Subject: [PATCH 8/8] tests: adjust test-gir.py to allow extra elements in - section name - -(cherry picked from commit 9b8220c9fa6c26257fe809171355b29219efe26a) -(cherry picked from commit 56e19bdf685ebc152eaf0cc8d2571387b8ea669b) -(cherry picked from commit ca41be98a075e03e61dc7e898d772792c0a65619) ---- - src/libnm-client-impl/tests/test-gir.py | 18 +++++------------- - 1 file changed, 5 insertions(+), 13 deletions(-) - -diff --git a/src/libnm-client-impl/tests/test-gir.py b/src/libnm-client-impl/tests/test-gir.py -index 84919dd533..50b2fade6b 100755 ---- a/src/libnm-client-impl/tests/test-gir.py -+++ b/src/libnm-client-impl/tests/test-gir.py -@@ -7,6 +7,7 @@ - from __future__ import print_function - import xml.etree.ElementTree as ET - import argparse -+import re - import sys - - C_NS = "http://www.gtk.org/introspection/c/1.0" -@@ -60,17 +61,6 @@ def str_removesuffix(string, suffix): - return string - - --# Older Python doesn't have str.removeprefix() --def str_removeprefix(string, prefix): -- try: -- return string.removeprefix(prefix) -- except AttributeError: -- if string.startswith(prefix): -- return string[len(prefix) :] -- else: -- return string -- -- - def syms_from_ver(verfile): - c_syms = {} - for line in open(verfile).readlines(): -@@ -78,8 +68,10 @@ def syms_from_ver(verfile): - - if line.endswith("{"): - line = str_removesuffix(line, " {") -- line = str_removeprefix(line, "libnm_") -- (major, minor, micro) = line.split("_") -+ m = re.search(r"^libnm_([0-9]+)_([0-9]+)_([0-9]+)$", line) -+ if not m: -+ continue -+ (major, minor, micro) = m.groups() - if int(major) > 1 or int(minor) > 0: - if int(micro) > 0: - # Snap to next major version. Perhaps not --- -2.40.1 - diff --git a/SOURCES/1004-team-don-t-try-to-connect-to-teamd-in-update_connect-rh2182029.patch b/SOURCES/1004-team-don-t-try-to-connect-to-teamd-in-update_connect-rh2182029.patch deleted file mode 100644 index 48a3c92..0000000 --- a/SOURCES/1004-team-don-t-try-to-connect-to-teamd-in-update_connect-rh2182029.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 4a9d5b23ab513f0ee0b8f490e522f60d4ef3e4cd Mon Sep 17 00:00:00 2001 -From: Beniamino Galvani -Date: Thu, 4 May 2023 15:11:49 +0200 -Subject: [PATCH] team: don't try to connect to teamd in update_connection() - -In constructed(), NMDevice starts watching the D-Bus name owner or -monitoring the unix socket, and so it is always aware if teamd is -running. When it is, NMDevice connects to it and initializes -priv->tdc. - -It is not useful to try to connect to teamd in update_connection() -because warnings will be generated by NM and by libteam if teamd is -not running. As explained above the connection is always initialized -when teamd is available, and so we can just check priv->tdc. - -Fixes: ab586236e36b ('core: implement update_connection() for Team') - -https://bugzilla.redhat.com/show_bug.cgi?id=2182029 -https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1631 -(cherry picked from commit 93430627c245a0b33b873edca329fa716ccfb7d6) -(cherry picked from commit b60f0dd0a20db232c7edc01faa4562ce510ed107) -(cherry picked from commit f6f1a44559990765a5cbc940a74f54df5d8a30d0) ---- - src/core/devices/team/nm-device-team.c | 9 +-------- - 1 file changed, 1 insertion(+), 8 deletions(-) - -diff --git a/src/core/devices/team/nm-device-team.c b/src/core/devices/team/nm-device-team.c -index b745158ef8..1d2beb5e8a 100644 ---- a/src/core/devices/team/nm-device-team.c -+++ b/src/core/devices/team/nm-device-team.c -@@ -228,17 +228,10 @@ update_connection(NMDevice *device, NMConnection *connection) - NMDeviceTeam *self = NM_DEVICE_TEAM(device); - NMSettingTeam *s_team = _nm_connection_ensure_setting(connection, NM_TYPE_SETTING_TEAM); - NMDeviceTeamPrivate *priv = NM_DEVICE_TEAM_GET_PRIVATE(self); -- struct teamdctl *tdc = priv->tdc; - - /* Read the configuration only if not already set */ -- if (!priv->config && ensure_teamd_connection(device)) -+ if (!priv->config && priv->tdc) { - teamd_read_config(self); -- -- /* Restore previous tdc state */ -- if (priv->tdc && !tdc) { -- teamdctl_disconnect(priv->tdc); -- teamdctl_free(priv->tdc); -- priv->tdc = NULL; - } - - g_object_set(G_OBJECT(s_team), NM_SETTING_TEAM_CONFIG, _get_config(self), NULL); --- -2.40.1 - diff --git a/SOURCES/1005-ipv6ll-don-t-regenerate-the-address-when-removed-rh2209353.patch b/SOURCES/1005-ipv6ll-don-t-regenerate-the-address-when-removed-rh2209353.patch deleted file mode 100644 index b322c77..0000000 --- a/SOURCES/1005-ipv6ll-don-t-regenerate-the-address-when-removed-rh2209353.patch +++ /dev/null @@ -1,140 +0,0 @@ -From 3fcb1a072f230b53c6fdf6e106e0972293a2f742 Mon Sep 17 00:00:00 2001 -From: Beniamino Galvani -Date: Thu, 11 May 2023 13:32:13 +0200 -Subject: [PATCH] ipv6ll: don't regenerate the address when it's removed - externally - -Currently if the IPv6 link-local address is removed after it passed -DAD, NetworkManager tries to generate a new link-local address. If -this fails, which is always the case for EUI64, ipv6ll is considered -as failed and the connection can go down (depending on may-fail). - -This is particularly bad for virtual interfaces because if somebody -removes the link-local address, the activation can fail and destroy -the interface, breaking all services that require it. Also, it's a -change in behavior introduced in 1.36.0. - -It seems that a better approach here is to re-add the address that was -removed externally. - -[bgalvani@redhat.com: since the branch is missing commit 7ca95cee15b3 -('platform: always reconfigure IP routes even if removed externally'), -we need to set flag NM_L3CFG_CONFIG_FLAGS_FORCE_ONCE when committing -the address, otherwise it's not re-added] - -Fixes: aa070fb82190 ('core: add NML3IPv6LL helper') -https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1622 -(cherry picked from commit 53ba9f4701f30b12637df2c7215a0b7da845b34c) -(cherry picked from commit 2976e4c3b7fcee06051ce83c9a7fa911ad192dc4) -(cherry picked from commit 4a13b5f52217c81ddf2329ba343796bfa4ed5ef9) ---- - src/core/nm-l3-ipv6ll.c | 34 ++++++++++++++++++++++------------ - 1 file changed, 22 insertions(+), 12 deletions(-) - -diff --git a/src/core/nm-l3-ipv6ll.c b/src/core/nm-l3-ipv6ll.c -index 2640c07554..6e5e460258 100644 ---- a/src/core/nm-l3-ipv6ll.c -+++ b/src/core/nm-l3-ipv6ll.c -@@ -391,7 +391,7 @@ _pladdr_find_ll(NML3IPv6LL *self, gboolean *out_cur_addr_failed) - /*****************************************************************************/ - - static void --_lladdr_handle_changed(NML3IPv6LL *self) -+_lladdr_handle_changed(NML3IPv6LL *self, gboolean force_commit) - { - const NML3ConfigData *l3cd; - gboolean changed = FALSE; -@@ -420,7 +420,9 @@ _lladdr_handle_changed(NML3IPv6LL *self) - NM_DNS_PRIORITY_DEFAULT_NORMAL, - NM_L3_ACD_DEFEND_TYPE_ALWAYS, - 0, -- NM_L3CFG_CONFIG_FLAGS_NONE, -+ /* Even if the address was removed from platform, it must -+ * be re-added, hence FORCE_ONCE. */ -+ NM_L3CFG_CONFIG_FLAGS_FORCE_ONCE, - NM_L3_CONFIG_MERGE_FLAGS_NONE)) - changed = TRUE; - } else { -@@ -434,7 +436,7 @@ _lladdr_handle_changed(NML3IPv6LL *self) - self->l3cfg_commit_handle, - "ipv6ll"); - -- if (changed) -+ if (changed || force_commit) - nm_l3cfg_commit_on_idle_schedule(self->l3cfg, NM_L3_CFG_COMMIT_TYPE_AUTO); - - if (!self->emit_changed_idle_source) { -@@ -515,6 +517,7 @@ _check(NML3IPv6LL *self) - const NMPlatformIP6Address *pladdr; - char sbuf[INET6_ADDRSTRLEN]; - gboolean cur_addr_failed; -+ gboolean restarted = FALSE; - struct in6_addr lladdr; - - pladdr = _pladdr_find_ll(self, &cur_addr_failed); -@@ -526,14 +529,14 @@ _check(NML3IPv6LL *self) - if (_set_cur_lladdr_obj(self, NM_L3_IPV6LL_STATE_DAD_IN_PROGRESS, pladdr)) { - _LOGT("changed: waiting for address %s to complete DAD", - _nm_utils_inet6_ntop(&self->cur_lladdr, sbuf)); -- _lladdr_handle_changed(self); -+ _lladdr_handle_changed(self, FALSE); - } - return; - } - - if (_set_cur_lladdr_obj(self, NM_L3_IPV6LL_STATE_READY, pladdr)) { - _LOGT("changed: address %s is ready", _nm_utils_inet6_ntop(&self->cur_lladdr, sbuf)); -- _lladdr_handle_changed(self); -+ _lladdr_handle_changed(self, FALSE); - } - return; - } -@@ -543,11 +546,17 @@ _check(NML3IPv6LL *self) - * Prematurely abort DAD to generate a new address below. */ - nm_assert( - NM_IN_SET(self->state, NM_L3_IPV6LL_STATE_DAD_IN_PROGRESS, NM_L3_IPV6LL_STATE_READY)); -- if (self->state == NM_L3_IPV6LL_STATE_DAD_IN_PROGRESS) -- _LOGT("changed: address %s did not complete DAD", -- _nm_utils_inet6_ntop(&self->cur_lladdr, sbuf)); -- else { -+ -+ if (cur_addr_failed) { -+ /* On DAD failure, we always try to regenerate a new address. */ -+ _LOGT("changed: address %s failed", _nm_utils_inet6_ntop(&self->cur_lladdr, sbuf)); -+ } else { - _LOGT("changed: address %s is gone", _nm_utils_inet6_ntop(&self->cur_lladdr, sbuf)); -+ /* When the address is removed, we always try to re-add it. */ -+ nm_clear_g_source_inst(&self->wait_for_addr_source); -+ lladdr = self->cur_lladdr; -+ restarted = TRUE; -+ goto commit; - } - - /* reset the state here, so that we are sure that the following -@@ -569,19 +578,20 @@ _check(NML3IPv6LL *self) - if (_set_cur_lladdr_bin(self, NM_L3_IPV6LL_STATE_DAD_FAILED, NULL)) { - _LOGW("changed: no IPv6 link local address to retry after Duplicate Address Detection " - "failures (back off)"); -- _lladdr_handle_changed(self); -+ _lladdr_handle_changed(self, FALSE); - } - return; - } - -+commit: - /* we give NML3Cfg 2 seconds to configure the address on the interface. We - * thus very soon expect to see this address configured (and kernel started DAD). - * If that does not happen within timeout, we assume that this address failed DAD. */ - self->wait_for_addr_source = nm_g_timeout_add_source(2000, _wait_for_addr_timeout_cb, self); -- if (_set_cur_lladdr_bin(self, NM_L3_IPV6LL_STATE_DAD_IN_PROGRESS, &lladdr)) { -+ if (_set_cur_lladdr_bin(self, NM_L3_IPV6LL_STATE_DAD_IN_PROGRESS, &lladdr) || restarted) { - _LOGT("changed: starting DAD for address %s", - _nm_utils_inet6_ntop(&self->cur_lladdr, sbuf)); -- _lladdr_handle_changed(self); -+ _lladdr_handle_changed(self, restarted); - } - return; - } --- -2.39.2 - diff --git a/SOURCES/1006-fix-read-infiniband-from-ifcfg-rh2209164.patch b/SOURCES/1006-fix-read-infiniband-from-ifcfg-rh2209164.patch deleted file mode 100644 index 78fe54f..0000000 --- a/SOURCES/1006-fix-read-infiniband-from-ifcfg-rh2209164.patch +++ /dev/null @@ -1,1299 +0,0 @@ -From 651cdebe373603ec14d7268452d6661acfdc413f Mon Sep 17 00:00:00 2001 -From: Thomas Haller -Date: Wed, 24 May 2023 09:44:59 +0200 -Subject: [PATCH 1/8] Revert "infiniband: avoid normalizing the p-key when - reading from ifcfg" - -Historically, initscripts' ifup-ib would set the highest bit of -PKEY_ID=. That changed and needs to be restored. - -Note that it probably makes little sense to ever configure p-keys -without the highest bit set, because that flag indicates full membership -and kernel will automatically add it. At least, kernel will add the flag -for the p-key, but not for the automatically chosen interface name. - -Meaning, writing 0x00f0 to create_child sysctl, results in an interface -"$parent.00f0", but `ip -d link` shows pkey 0x80f0. - -As NetworkManager otherwise supports p-keys without the highest bit set, -and since that high bit is honored for the interface name, we cannot -just always add the high bit. NetworkManager always assuming the highest -bit is set, would change the interface names of existing configuration. - -With this revert, when a user configures a small p-key and the profile -is stored in ifcfg-rh format, the settings backend will automatically -mangle the profile and set 0x8000. That is different from when the -profile is stored in keyfile format. Since using small p-keys is -probably an odd case, we don't try to workaround that any other way -(like that ifcfg format could represent the orignal value of the profile -and not doing such mangling, or to add the high bit throughout -NetworkManager to the p-key). It's an inconsistency, but given the -existing behaviors it seems best to stick (revert) to it. - -This reverts commit a4fe16a426097eee263cb3ef831dcea468b1ca26. - -Affected versions were 1.42.2+ and 1.40.2+. - -See-also: https://src.fedoraproject.org/rpms/rdma/blob/05333c3602aa3c1d82a6363521bdd5a498eac6d0/f/rdma.ifup-ib#_75 - -https://bugzilla.redhat.com/show_bug.cgi?id=2209164 -(cherry picked from commit f8e5e07355e23b6d59b1b1c9cd2387c6b40b214b) -(cherry picked from commit a1b73d823f5ec30c240418137d62d183b6ff8ca7) ---- - .../plugins/ifcfg-rh/nms-ifcfg-rh-reader.c | 18 ++++++ - .../plugins/ifcfg-rh/tests/test-ifcfg-rh.c | 57 ++++++++++++++----- - 2 files changed, 60 insertions(+), 15 deletions(-) - -diff --git a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c -index 02ba84320134..533379c67868 100644 ---- a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c -+++ b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c -@@ -5387,6 +5387,24 @@ parse_infiniband_p_key(shvarFile *ifcfg, int *out_p_key, char **out_parent, GErr - return FALSE; - } - -+ /* The highest bit 0x8000 indicates full membership, which kernel always -+ * automatically sets. -+ * -+ * NetworkManager supports p-keys without the high bit set. That affects -+ * the interface name (nmp_utils_new_infiniband_name()) and is what -+ * we write to "create_child"/"delete_child" sysctl. Kernel will honor -+ * such p-keys for the interface name, but for other purposes it adds the -+ * highest bit. That makes using p-keys without the highest bit odd. -+ * -+ * Historically, /etc/sysconfig/network-scripts/ifup-ib would always add "|=0x8000". -+ * The reader does that too. -+ * -+ * Note that this means ifcfg cannot handle p-keys without the highest bit set, -+ * and when trying to store that to ifcfg format, the profile will be mangled/modified -+ * by the ifcg plugin (unlike keyfile backend, which preserves the original p-key value). -+ */ -+ id |= 0x8000; -+ - *out_p_key = id; - *out_parent = g_steal_pointer(&physdev); - return TRUE; -diff --git a/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c b/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c -index d2ac2b29dbc8..01eb24216aec 100644 ---- a/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c -+++ b/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c -@@ -8383,21 +8383,21 @@ test_read_ipoib(void) - s_infiniband = nmtst_connection_assert_setting(connection, NM_TYPE_SETTING_INFINIBAND); - - pkey = nm_setting_infiniband_get_p_key(s_infiniband); -- g_assert(pkey); -- g_assert_cmpint(pkey, ==, 12); -+ g_assert_cmpint(pkey, ==, 0x800c); - - transport_mode = nm_setting_infiniband_get_transport_mode(s_infiniband); -- g_assert(transport_mode); - g_assert_cmpstr(transport_mode, ==, "connected"); - } - - static void - test_write_infiniband(gconstpointer test_data) - { -- const int TEST_IDX = GPOINTER_TO_INT(test_data); -- nmtst_auto_unlinkfile char *testfile = NULL; -- gs_unref_object NMConnection *connection = NULL; -- gs_unref_object NMConnection *reread = NULL; -+ const int TEST_IDX = GPOINTER_TO_INT(test_data); -+ nmtst_auto_unlinkfile char *testfile = NULL; -+ gs_unref_object NMConnection *connection = NULL; -+ gs_unref_object NMConnection *expected = NULL; -+ gs_unref_object NMConnection *reread = NULL; -+ gboolean reread_same = FALSE; - NMSettingConnection *s_con; - NMSettingInfiniband *s_infiniband; - NMSettingIPConfig *s_ip4; -@@ -8407,6 +8407,7 @@ test_write_infiniband(gconstpointer test_data) - NMIPAddress *addr; - GError *error = NULL; - const char *interface_name = NULL; -+ int p_key; - - connection = nm_simple_connection_new(); - -@@ -8422,14 +8423,21 @@ test_write_infiniband(gconstpointer test_data) - NM_SETTING_INFINIBAND_SETTING_NAME, - NULL); - -- if (NM_IN_SET(TEST_IDX, 1, 3)) -- interface_name = "ib0.000c"; -+ if (NM_IN_SET(TEST_IDX, 1, 2)) -+ p_key = nmtst_get_rand_bool() ? 0x000c : 0x800c; -+ else -+ p_key = -1; -+ -+ if (NM_IN_SET(TEST_IDX, 1, 3)) { -+ if (p_key >= 0x8000) -+ interface_name = "ib0.800c"; -+ } - - g_object_set(s_con, NM_SETTING_CONNECTION_INTERFACE_NAME, interface_name, NULL); - - s_infiniband = _nm_connection_new_setting(connection, NM_TYPE_SETTING_INFINIBAND); - g_object_set(s_infiniband, NM_SETTING_INFINIBAND_TRANSPORT_MODE, "connected", NULL); -- if (NM_IN_SET(TEST_IDX, 1, 2)) { -+ if (p_key == -1) { - g_object_set(s_infiniband, - NM_SETTING_INFINIBAND_MAC_ADDRESS, - mac, -@@ -8439,7 +8447,7 @@ test_write_infiniband(gconstpointer test_data) - } else { - g_object_set(s_infiniband, - NM_SETTING_INFINIBAND_P_KEY, -- 12, -+ p_key, - NM_SETTING_INFINIBAND_PARENT, - "ib0", - NULL); -@@ -8468,13 +8476,32 @@ test_write_infiniband(gconstpointer test_data) - - nmtst_assert_connection_verifies(connection); - -- _writer_new_connection(connection, TEST_SCRATCH_DIR, &testfile); -- -- reread = _connection_from_file(testfile, NULL, TYPE_INFINIBAND, NULL); -+ if (p_key != -1 && p_key < 0x8000) { -+ expected = nm_simple_connection_new_clone(connection); -+ g_object_set(nm_connection_get_setting(expected, NM_TYPE_SETTING_INFINIBAND), -+ NM_SETTING_INFINIBAND_P_KEY, -+ (int) (p_key | 0x8000), -+ NULL); -+ } else -+ expected = g_object_ref(connection); - -- nmtst_assert_connection_equals(connection, TRUE, reread, FALSE); -+ _writer_new_connection_reread(connection, -+ TEST_SCRATCH_DIR, -+ &testfile, -+ NO_EXPECTED, -+ &reread, -+ &reread_same); -+ _assert_reread_same(expected, reread); -+ if (p_key == -1 || p_key > 0x8000) -+ g_assert(reread_same); -+ else -+ g_assert(!reread_same); - - g_assert_cmpstr(interface_name, ==, nm_connection_get_interface_name(reread)); -+ g_assert_cmpint(nm_setting_infiniband_get_p_key( -+ _nm_connection_get_setting(reread, NM_TYPE_SETTING_INFINIBAND)), -+ ==, -+ p_key == -1 ? -1 : (p_key | 0x8000)); - } - - static void --- -2.40.1 - - -From 9f0fe4115af06f434443e2f9a7409011f09bd383 Mon Sep 17 00:00:00 2001 -From: Thomas Haller -Date: Wed, 24 May 2023 10:44:58 +0200 -Subject: [PATCH 2/8] libnm/docs: clarify behavior of infiniband.p-key property - -(cherry picked from commit ea18e66ef657b55eca941dca3de4949b950e656b) -(cherry picked from commit 1e014d466a7008725e0b2c7cb41b1e00cb7868de) ---- - src/libnm-core-impl/nm-setting-infiniband.c | 19 ++++++++++++++++--- - src/libnmc-setting/settings-docs.h.in | 2 +- - .../generate-docs-nm-settings-nmcli.xml.in | 2 +- - 3 files changed, 18 insertions(+), 5 deletions(-) - -diff --git a/src/libnm-core-impl/nm-setting-infiniband.c b/src/libnm-core-impl/nm-setting-infiniband.c -index 787b838b7694..df296becbaae 100644 ---- a/src/libnm-core-impl/nm-setting-infiniband.c -+++ b/src/libnm-core-impl/nm-setting-infiniband.c -@@ -448,9 +448,20 @@ nm_setting_infiniband_class_init(NMSettingInfinibandClass *klass) - * NMSettingInfiniband:p-key: - * - * The InfiniBand P_Key to use for this device. A value of -1 means to use -- * the default P_Key (aka "the P_Key at index 0"). Otherwise, it is a 16-bit -- * unsigned integer, whose high bit is set if it is a "full membership" -- * P_Key. -+ * the default P_Key (aka "the P_Key at index 0"). Otherwise, it is a -+ * 16-bit unsigned integer, whose high bit 0x8000 is set if it is a "full -+ * membership" P_Key. The values 0 and 0x8000 are not allowed. -+ * -+ * With the p-key set, the interface name is always "$parent.$p_key". -+ * Setting "connection.interface-name" to another name is not supported. -+ * -+ * Note that kernel will internally always set the full membership bit, -+ * although the interface name does not reflect that. Thus, not setting -+ * the high bit is probably not useful. -+ * -+ * If the profile is stored in ifcfg-rh format, then the full membership -+ * bit is automatically added. To get consistent behavior, it is -+ * best to only use p-key values with the full membership bit set. - **/ - /* ---ifcfg-rh--- - * property: p-key -@@ -459,6 +470,8 @@ nm_setting_infiniband_class_init(NMSettingInfinibandClass *klass) - * description: InfiniBand P_Key. The value can be a hex number prefixed with "0x" - * or a decimal number. - * When PKEY_ID is specified, PHYSDEV and DEVICE also must be specified. -+ * Note that ifcfg-rh format will always automatically set the full membership -+ * bit 0x8000. Other p-key cannot be stored. - * example: PKEY=yes PKEY_ID=2 PHYSDEV=mlx4_ib0 DEVICE=mlx4_ib0.8002 - * ---end--- - */ -diff --git a/src/libnmc-setting/settings-docs.h.in b/src/libnmc-setting/settings-docs.h.in -index 6a5f4163485d..172f9b15bb98 100644 ---- a/src/libnmc-setting/settings-docs.h.in -+++ b/src/libnmc-setting/settings-docs.h.in -@@ -153,7 +153,7 @@ - #define DESCRIBE_DOC_NM_SETTING_GSM_USERNAME N_("The username used to authenticate with the network, if required. Many providers do not require a username, or accept any username. But if a username is required, it is specified here.") - #define DESCRIBE_DOC_NM_SETTING_INFINIBAND_MAC_ADDRESS N_("If specified, this connection will only apply to the IPoIB device whose permanent MAC address matches. This property does not change the MAC address of the device (i.e. MAC spoofing).") - #define DESCRIBE_DOC_NM_SETTING_INFINIBAND_MTU N_("If non-zero, only transmit packets of the specified size or smaller, breaking larger packets up into multiple frames.") --#define DESCRIBE_DOC_NM_SETTING_INFINIBAND_P_KEY N_("The InfiniBand P_Key to use for this device. A value of -1 means to use the default P_Key (aka \"the P_Key at index 0\"). Otherwise, it is a 16-bit unsigned integer, whose high bit is set if it is a \"full membership\" P_Key.") -+#define DESCRIBE_DOC_NM_SETTING_INFINIBAND_P_KEY N_("The InfiniBand P_Key to use for this device. A value of -1 means to use the default P_Key (aka \"the P_Key at index 0\"). Otherwise, it is a 16-bit unsigned integer, whose high bit 0x8000 is set if it is a \"full membership\" P_Key. The values 0 and 0x8000 are not allowed. With the p-key set, the interface name is always \"$parent.$p_key\". Setting \"connection.interface-name\" to another name is not supported. Note that kernel will internally always set the full membership bit, although the interface name does not reflect that. Thus, not setting the high bit is probably not useful. If the profile is stored in ifcfg-rh format, then the full membership bit is automatically added. To get consistent behavior, it is best to only use p-key values with the full membership bit set.") - #define DESCRIBE_DOC_NM_SETTING_INFINIBAND_PARENT N_("The interface name of the parent device of this device. Normally NULL, but if the \"p_key\" property is set, then you must specify the base device by setting either this property or \"mac-address\".") - #define DESCRIBE_DOC_NM_SETTING_INFINIBAND_TRANSPORT_MODE N_("The IP-over-InfiniBand transport mode. Either \"datagram\" or \"connected\".") - #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_ADDRESSES N_("A list of IPv4 addresses and their prefix length. Multiple addresses can be separated by comma. For example \"192.168.1.5/24, 10.1.0.5/24\". The addresses are listed in decreasing priority, meaning the first address will be the primary address.") -diff --git a/src/nmcli/generate-docs-nm-settings-nmcli.xml.in b/src/nmcli/generate-docs-nm-settings-nmcli.xml.in -index adf7895f0d02..a59dacf2430d 100644 ---- a/src/nmcli/generate-docs-nm-settings-nmcli.xml.in -+++ b/src/nmcli/generate-docs-nm-settings-nmcli.xml.in -@@ -614,7 +614,7 @@ - description="The IP-over-InfiniBand transport mode. Either "datagram" or "connected"." /> - -+ description="The InfiniBand P_Key to use for this device. A value of -1 means to use the default P_Key (aka "the P_Key at index 0"). Otherwise, it is a 16-bit unsigned integer, whose high bit 0x8000 is set if it is a "full membership" P_Key. The values 0 and 0x8000 are not allowed. With the p-key set, the interface name is always "$parent.$p_key". Setting "connection.interface-name" to another name is not supported. Note that kernel will internally always set the full membership bit, although the interface name does not reflect that. Thus, not setting the high bit is probably not useful. If the profile is stored in ifcfg-rh format, then the full membership bit is automatically added. To get consistent behavior, it is best to only use p-key values with the full membership bit set." /> - --- -2.40.1 - - -From 703b0cf4eb355844821b9e6463458dcada692a65 Mon Sep 17 00:00:00 2001 -From: Thomas Haller -Date: Wed, 24 May 2023 17:32:19 +0200 -Subject: [PATCH 3/8] libnm: normalize interface-name for infiniband profiles - -NetworkManager does not support changing the interface name for -infiniband interfaces. Consequently, we verify that -"connection.interface-name" is either unset or set to the expected -"$parent.$p_key". Anything else wouldn't work anyway and is rejected as -invalid configuration. That brings problems however. - -Rejecting invalid configuration seems fine at first: - - $ nmcli --offline connection add type infiniband infiniband.parent ib0 infiniband.p-key 0x8010 connection.interface-name xxx - Error: Error writing connection: connection.interface-name: interface name of software infiniband device must be 'ib0.8010' or unset (instead it is 'xxx') - -However, when we modify the p-key, we also get an error message: - - $ nmcli --offline connection add type infiniband infiniband.parent ib0 infiniband.p-key 0x8010 connection.interface-name ib0.8010 | - nmcli --offline connection modify infiniband.p-key 5 - Error: Error writing connection: connection.interface-name: interface name of software infiniband device must be 'ib0.0005' or unset (instead it is 'ib0.8010') - -It's worse, because ifcfg-rh reader will mangle the PKEY_ID with |=0x8000 to set -the full membership flag. That means, if you add a profile like - - $ nmcli --offline connection add type infiniband infiniband.parent ib0 infiniband.p-key 0x0010 connection.interface-name ib0.0010 - -it gets written to ifcfg-rh file. Then upon reload it's invalid (as the -interface name mismatches). - -There are multiple solutions for this. For example, ifcfg-rh reader could also -mangle the connection.interface-name, so that the overall result is valid. Or -we could just not validate at all, and accept any bogus interface-name. - -With this patch instead we will just normalize the invalid configuration to -make it right. - - $ nmcli --offline connection add type infiniband infiniband.parent ib0 infiniband.p-key 0x8010 connection.interface-name ib0.8010 | - nmcli --offline connection modify infiniband.p-key 5 - ... - -The downside is that this happens silently, so a user doesn't -notice that configuration is ignored: - - $ nmcli --offline connection add type infiniband infiniband.parent ib0 infiniband.p-key 0x8010 connection.interface-name foo - ... - interface-name=ib0.8010 - -This approach still seems preferable, because setting -"connection.interface-name" for infiniband profiles makes little sense, -so what we care here is to avoid problems. - -(cherry picked from commit 4610fd67e6e795131a358b292ec3fc1ba2a2250f) -(cherry picked from commit 8b2612bfe630cdb676566a8249a14900910f82c5) ---- - src/libnm-core-impl/nm-connection.c | 39 ++++++++++++++++----- - src/libnm-core-impl/nm-setting-infiniband.c | 14 ++++---- - src/libnm-core-impl/tests/test-general.c | 30 +++++++++++++--- - 3 files changed, 63 insertions(+), 20 deletions(-) - -diff --git a/src/libnm-core-impl/nm-connection.c b/src/libnm-core-impl/nm-connection.c -index 2f5bf3570935..67a9034dccba 100644 ---- a/src/libnm-core-impl/nm-connection.c -+++ b/src/libnm-core-impl/nm-connection.c -@@ -1358,18 +1358,41 @@ _normalize_ip_config(NMConnection *self, GHashTable *parameters) - } - - static gboolean --_normalize_infiniband_mtu(NMConnection *self) -+_normalize_infiniband(NMConnection *self) - { - NMSettingInfiniband *s_infini = nm_connection_get_setting_infiniband(self); -+ gboolean changed = FALSE; -+ const char *interface_name; -+ int p_key; - -- if (!s_infini || nm_setting_infiniband_get_mtu(s_infini) <= NM_INFINIBAND_MAX_MTU -- || !NM_IN_STRSET(nm_setting_infiniband_get_transport_mode(s_infini), -- "datagram", -- "connected")) -+ if (!s_infini) - return FALSE; - -- g_object_set(s_infini, NM_SETTING_INFINIBAND_MTU, (guint) NM_INFINIBAND_MAX_MTU, NULL); -- return TRUE; -+ if (nm_setting_infiniband_get_mtu(s_infini) > NM_INFINIBAND_MAX_MTU) { -+ if (NM_IN_STRSET(nm_setting_infiniband_get_transport_mode(s_infini), -+ "datagram", -+ "connected")) { -+ g_object_set(s_infini, NM_SETTING_INFINIBAND_MTU, (guint) NM_INFINIBAND_MAX_MTU, NULL); -+ changed = TRUE; -+ } -+ } -+ -+ if ((p_key = nm_setting_infiniband_get_p_key(s_infini)) != -1 -+ && (interface_name = nm_connection_get_interface_name(self))) { -+ const char *virtual_iface_name; -+ -+ virtual_iface_name = nm_setting_infiniband_get_virtual_interface_name(s_infini); -+ -+ if (!nm_streq0(interface_name, virtual_iface_name)) { -+ g_object_set(nm_connection_get_setting_connection(self), -+ NM_SETTING_CONNECTION_INTERFACE_NAME, -+ virtual_iface_name, -+ NULL); -+ changed = TRUE; -+ } -+ } -+ -+ return changed; - } - - static gboolean -@@ -2000,7 +2023,7 @@ _connection_normalize(NMConnection *connection, - was_modified |= _normalize_invalid_slave_port_settings(connection); - was_modified |= _normalize_ip_config(connection, parameters); - was_modified |= _normalize_ethernet_link_neg(connection); -- was_modified |= _normalize_infiniband_mtu(connection); -+ was_modified |= _normalize_infiniband(connection); - was_modified |= _normalize_bond_mode(connection); - was_modified |= _normalize_bond_options(connection); - was_modified |= _normalize_wireless_mac_address_randomization(connection); -diff --git a/src/libnm-core-impl/nm-setting-infiniband.c b/src/libnm-core-impl/nm-setting-infiniband.c -index df296becbaae..7b242a539314 100644 ---- a/src/libnm-core-impl/nm-setting-infiniband.c -+++ b/src/libnm-core-impl/nm-setting-infiniband.c -@@ -181,8 +181,8 @@ nm_setting_infiniband_get_virtual_interface_name(NMSettingInfiniband *setting) - static gboolean - verify(NMSetting *setting, NMConnection *connection, GError **error) - { -- NMSettingConnection *s_con = NULL; -- NMSettingInfinibandPrivate *priv = NM_SETTING_INFINIBAND_GET_PRIVATE(setting); -+ NMSettingConnection *s_con; -+ NMSettingInfinibandPrivate *priv = NM_SETTING_INFINIBAND_GET_PRIVATE(setting); - - if (priv->mac_address && !nm_utils_hwaddr_valid(priv->mac_address, INFINIBAND_ALEN)) { - g_set_error_literal(error, -@@ -251,8 +251,10 @@ verify(NMSetting *setting, NMConnection *connection, GError **error) - } - } - -- if (connection) -- s_con = nm_connection_get_setting_connection(connection); -+ /* *** errors above here should be always fatal, below NORMALIZABLE_ERROR *** */ -+ -+ s_con = connection ? nm_connection_get_setting_connection(connection) : NULL; -+ - if (s_con) { - const char *interface_name = nm_setting_connection_get_interface_name(s_con); - -@@ -287,13 +289,11 @@ verify(NMSetting *setting, NMConnection *connection, GError **error) - "%s.%s: ", - NM_SETTING_CONNECTION_SETTING_NAME, - NM_SETTING_CONNECTION_INTERFACE_NAME); -- return FALSE; -+ return NM_SETTING_VERIFY_NORMALIZABLE_ERROR; - } - } - } - -- /* *** errors above here should be always fatal, below NORMALIZABLE_ERROR *** */ -- - if (priv->mtu > NM_INFINIBAND_MAX_MTU) { - /* Traditionally, MTU for "datagram" mode was limited to 2044 - * and for "connected" mode it was 65520. -diff --git a/src/libnm-core-impl/tests/test-general.c b/src/libnm-core-impl/tests/test-general.c -index 1ff3b972a7a0..1feaae3ff5a7 100644 ---- a/src/libnm-core-impl/tests/test-general.c -+++ b/src/libnm-core-impl/tests/test-general.c -@@ -6149,16 +6149,17 @@ test_connection_normalize_slave_type_2(void) - } - - static void --test_connection_normalize_infiniband_mtu(void) -+test_connection_normalize_infiniband(void) - { - gs_unref_object NMConnection *con = NULL; - NMSettingInfiniband *s_infini; -+ NMSettingConnection *s_con; - guint mtu_regular = nmtst_rand_select(2044, 2045, 65520); - -- con = nmtst_create_minimal_connection("test_connection_normalize_infiniband_mtu", -+ con = nmtst_create_minimal_connection("test_connection_normalize_infiniband", - NULL, - NM_SETTING_INFINIBAND_SETTING_NAME, -- NULL); -+ &s_con); - - s_infini = nm_connection_get_setting_infiniband(con); - g_object_set(s_infini, NM_SETTING_INFINIBAND_TRANSPORT_MODE, "connected", NULL); -@@ -6206,6 +6207,25 @@ test_connection_normalize_infiniband_mtu(void) - NM_CONNECTION_ERROR_INVALID_PROPERTY); - nmtst_connection_normalize(con); - g_assert_cmpint(65520, ==, nm_setting_infiniband_get_mtu(s_infini)); -+ -+ g_object_set(s_infini, -+ NM_SETTING_INFINIBAND_PARENT, -+ "foo", -+ NM_SETTING_INFINIBAND_P_KEY, -+ 0x005c, -+ NULL); -+ nmtst_assert_connection_verifies_without_normalization(con); -+ -+ g_object_set(s_con, NM_SETTING_CONNECTION_INTERFACE_NAME, "foo.005c", NULL); -+ nmtst_assert_connection_verifies_without_normalization(con); -+ -+ g_object_set(s_con, NM_SETTING_CONNECTION_INTERFACE_NAME, "foo", NULL); -+ nmtst_assert_connection_verifies_after_normalization(con, -+ NM_CONNECTION_ERROR, -+ NM_CONNECTION_ERROR_INVALID_PROPERTY); -+ -+ nmtst_connection_normalize(con); -+ g_assert_cmpstr(nm_connection_get_interface_name(con), ==, "foo.005c"); - } - - static void -@@ -11109,8 +11129,8 @@ main(int argc, char **argv) - test_connection_normalize_slave_type_1); - g_test_add_func("/core/general/test_connection_normalize_slave_type_2", - test_connection_normalize_slave_type_2); -- g_test_add_func("/core/general/test_connection_normalize_infiniband_mtu", -- test_connection_normalize_infiniband_mtu); -+ g_test_add_func("/core/general/test_connection_normalize_infiniband", -+ test_connection_normalize_infiniband); - g_test_add_func("/core/general/test_connection_normalize_gateway_never_default", - test_connection_normalize_gateway_never_default); - g_test_add_func("/core/general/test_connection_normalize_may_fail", --- -2.40.1 - - -From 72e6cbce4a8cbd5060edc5503214dab5cd46ba88 Mon Sep 17 00:00:00 2001 -From: Thomas Haller -Date: Wed, 24 May 2023 21:33:57 +0200 -Subject: [PATCH 4/8] libnm: add - nm_setting_infiniband_create_virtual_interface_name() helper - -(cherry picked from commit fa05d1c1695aacd2d7144a71795463a1f793288a) -(cherry picked from commit e0ed06edefc3eac268f347a9c5aa6208bb9abb77) ---- - src/libnm-core-impl/nm-setting-infiniband.c | 9 ++++++++- - src/libnm-core-intern/nm-core-internal.h | 2 ++ - 2 files changed, 10 insertions(+), 1 deletion(-) - -diff --git a/src/libnm-core-impl/nm-setting-infiniband.c b/src/libnm-core-impl/nm-setting-infiniband.c -index 7b242a539314..6d2ed7fb4828 100644 ---- a/src/libnm-core-impl/nm-setting-infiniband.c -+++ b/src/libnm-core-impl/nm-setting-infiniband.c -@@ -144,6 +144,12 @@ nm_setting_infiniband_get_parent(NMSettingInfiniband *setting) - return NM_SETTING_INFINIBAND_GET_PRIVATE(setting)->parent; - } - -+char * -+nm_setting_infiniband_create_virtual_interface_name(const char *parent, int p_key) -+{ -+ return g_strdup_printf("%s.%04x", parent, p_key); -+} -+ - /** - * nm_setting_infiniband_get_virtual_interface_name: - * @setting: the #NMSettingInfiniband -@@ -172,7 +178,8 @@ nm_setting_infiniband_get_virtual_interface_name(NMSettingInfiniband *setting) - priv->virtual_iface_name_p_key = priv->p_key; - priv->virtual_iface_name_parent_length = len; - g_free(priv->virtual_iface_name); -- priv->virtual_iface_name = g_strdup_printf("%s.%04x", priv->parent, priv->p_key); -+ priv->virtual_iface_name = -+ nm_setting_infiniband_create_virtual_interface_name(priv->parent, priv->p_key); - } - - return priv->virtual_iface_name; -diff --git a/src/libnm-core-intern/nm-core-internal.h b/src/libnm-core-intern/nm-core-internal.h -index 4e1bab4723df..1857e03bbd60 100644 ---- a/src/libnm-core-intern/nm-core-internal.h -+++ b/src/libnm-core-intern/nm-core-internal.h -@@ -321,6 +321,8 @@ typedef gpointer (*NMUtilsCopyFunc)(gpointer); - const char ** - _nm_ip_address_get_attribute_names(const NMIPAddress *addr, gboolean sorted, guint *out_length); - -+char *nm_setting_infiniband_create_virtual_interface_name(const char *parent, int p_key); -+ - #define NM_SETTING_WIRED_S390_OPTION_MAX_LEN 200u - - void _nm_setting_wired_clear_s390_options(NMSettingWired *setting); --- -2.40.1 - - -From 0bbaa344c57468a57b9f83887fd755fd67701f75 Mon Sep 17 00:00:00 2001 -From: Thomas Haller -Date: Wed, 24 May 2023 21:38:27 +0200 -Subject: [PATCH 5/8] libnm: truncate too long interface name in - nm_setting_infiniband_create_virtual_interface_name() - -This is the same what kernel does, when the parent name is so long -that it would result in a too long overall name. - -We need that the result is still a valid interface name. - -(cherry picked from commit 1009f1f11f991e41f856f2616c0972652f812a85) -(cherry picked from commit 37994cef357506c246f3061d50474c14e425d9a9) ---- - src/libnm-core-impl/nm-setting-infiniband.c | 9 +++++- - src/libnm-core-impl/tests/test-general.c | 32 +++++++++++++++++++++ - 2 files changed, 40 insertions(+), 1 deletion(-) - -diff --git a/src/libnm-core-impl/nm-setting-infiniband.c b/src/libnm-core-impl/nm-setting-infiniband.c -index 6d2ed7fb4828..0753a8db2d81 100644 ---- a/src/libnm-core-impl/nm-setting-infiniband.c -+++ b/src/libnm-core-impl/nm-setting-infiniband.c -@@ -8,8 +8,10 @@ - #include "nm-setting-infiniband.h" - - #include -+#include - #include - -+#include "libnm-platform/nmp-base.h" - #include "nm-utils.h" - #include "nm-utils-private.h" - #include "nm-setting-private.h" -@@ -147,7 +149,12 @@ nm_setting_infiniband_get_parent(NMSettingInfiniband *setting) - char * - nm_setting_infiniband_create_virtual_interface_name(const char *parent, int p_key) - { -- return g_strdup_printf("%s.%04x", parent, p_key); -+ char *s; -+ -+ s = g_strdup_printf("%s.%04x", parent, (guint) p_key); -+ if (strlen(s) >= IFNAMSIZ) -+ s[IFNAMSIZ - 1] = '\0'; -+ return s; - } - - /** -diff --git a/src/libnm-core-impl/tests/test-general.c b/src/libnm-core-impl/tests/test-general.c -index 1feaae3ff5a7..fe070c3ea1f3 100644 ---- a/src/libnm-core-impl/tests/test-general.c -+++ b/src/libnm-core-impl/tests/test-general.c -@@ -6226,6 +6226,38 @@ test_connection_normalize_infiniband(void) - - nmtst_connection_normalize(con); - g_assert_cmpstr(nm_connection_get_interface_name(con), ==, "foo.005c"); -+ -+ g_object_set(s_infini, -+ NM_SETTING_INFINIBAND_PARENT, -+ "x234567890123", -+ NM_SETTING_INFINIBAND_P_KEY, -+ 0x005c, -+ NULL); -+ nmtst_assert_connection_verifies_after_normalization(con, -+ NM_CONNECTION_ERROR, -+ NM_CONNECTION_ERROR_INVALID_PROPERTY); -+ -+ nmtst_connection_normalize(con); -+ g_assert_cmpstr(nm_connection_get_interface_name(con), ==, "x234567890123.0"); -+ -+#define iface_name(parent, p_key, expected) \ -+ G_STMT_START \ -+ { \ -+ gs_free char *_s = nm_setting_infiniband_create_virtual_interface_name((parent), (p_key)); \ -+ \ -+ g_assert(nm_utils_ifname_valid_kernel(_s, NULL)); \ -+ g_assert_cmpstr(_s, ==, (expected)); \ -+ } \ -+ G_STMT_END -+ -+ iface_name("foo", 15, "foo.000f"); -+ iface_name("x23456789012345", 15, "x23456789012345"); -+ iface_name("x2345678901234", 15, "x2345678901234."); -+ iface_name("x234567890123", 15, "x234567890123.0"); -+ iface_name("x23456789012", 15, "x23456789012.00"); -+ iface_name("x2345678901", 15, "x2345678901.000"); -+ iface_name("x234567890", 15, "x234567890.000f"); -+ iface_name("x23456789", 15, "x23456789.000f"); - } - - static void --- -2.40.1 - - -From 15cb222ac1acfa0e40bcfb15747c32211337c76c Mon Sep 17 00:00:00 2001 -From: Thomas Haller -Date: Wed, 24 May 2023 21:34:00 +0200 -Subject: [PATCH 6/8] ifcfg-rh: adjust infiniband p-key for later normalization - when writing to file - -(cherry picked from commit 82f5bff882a58226c22df1b735d4b434af883102) -(cherry picked from commit a6316c61f09ab2cd169040815faae007077dcbe8) ---- - .../plugins/ifcfg-rh/nms-ifcfg-rh-writer.c | 36 +++++++++++++++---- - 1 file changed, 29 insertions(+), 7 deletions(-) - -diff --git a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c -index e340c9fe1374..9610cd647114 100644 ---- a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c -+++ b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c -@@ -1023,7 +1023,10 @@ write_wireless_setting(NMConnection *connection, - } - - static gboolean --write_infiniband_setting(NMConnection *connection, shvarFile *ifcfg, GError **error) -+write_infiniband_setting(NMConnection *connection, -+ shvarFile *ifcfg, -+ char **out_interface_name, -+ GError **error) - { - NMSettingInfiniband *s_infiniband; - const char *mac, *transport_mode, *parent; -@@ -1051,12 +1054,28 @@ write_infiniband_setting(NMConnection *connection, shvarFile *ifcfg, GError **er - - p_key = nm_setting_infiniband_get_p_key(s_infiniband); - if (p_key != -1) { -+ /* The reader normalizes KKEY_ID with |=0x8000. Also do that when -+ * writing the profile so that what we write, is consistent with what -+ * we would read. */ -+ p_key |= 0x8000; -+ - svSetValueStr(ifcfg, "PKEY", "yes"); - svSetValueInt64(ifcfg, "PKEY_ID", p_key); - - parent = nm_setting_infiniband_get_parent(s_infiniband); -- if (parent) -- svSetValueStr(ifcfg, "PHYSDEV", parent); -+ svSetValueStr(ifcfg, "PHYSDEV", parent); -+ -+ if (parent && nm_connection_get_interface_name(connection)) { -+ /* The connection.interface-name depends on the p-key. Also, -+ * nm_connection_normalize() will automatically adjust the -+ * interface-name to match the p-key. -+ * -+ * As we patched the p-key above, also anticipate that change, and -+ * don't write a DEVICE= to the file, which would we normalize -+ * differently, when reading it back. */ -+ *out_interface_name = -+ nm_setting_infiniband_create_virtual_interface_name(parent, p_key); -+ } - } - - svSetValueStr(ifcfg, "TYPE", TYPE_INFINIBAND); -@@ -2094,7 +2113,7 @@ write_dcb_setting(NMConnection *connection, shvarFile *ifcfg, GError **error) - } - - static void --write_connection_setting(NMSettingConnection *s_con, shvarFile *ifcfg) -+write_connection_setting(NMSettingConnection *s_con, shvarFile *ifcfg, const char *interface_name) - { - guint32 n, i; - nm_auto_free_gstring GString *str = NULL; -@@ -2111,7 +2130,9 @@ write_connection_setting(NMSettingConnection *s_con, shvarFile *ifcfg) - svSetValueStr(ifcfg, "NAME", nm_setting_connection_get_id(s_con)); - svSetValueStr(ifcfg, "UUID", nm_setting_connection_get_uuid(s_con)); - svSetValueStr(ifcfg, "STABLE_ID", nm_setting_connection_get_stable_id(s_con)); -- svSetValueStr(ifcfg, "DEVICE", nm_setting_connection_get_interface_name(s_con)); -+ svSetValueStr(ifcfg, -+ "DEVICE", -+ interface_name ?: nm_setting_connection_get_interface_name(s_con)); - svSetValueBoolean(ifcfg, "ONBOOT", nm_setting_connection_get_autoconnect(s_con)); - - vint = nm_setting_connection_get_autoconnect_priority(s_con); -@@ -3294,6 +3315,7 @@ do_write_construct(NMConnection *connection, - nm_auto_shvar_file_close shvarFile *route_content_svformat = NULL; - nm_auto_free_gstring GString *route_content = NULL; - nm_auto_free_gstring GString *route6_content = NULL; -+ gs_free char *interface_name = NULL; - - nm_assert(NM_IS_CONNECTION(connection)); - nm_assert(_nm_connection_verify(connection, NULL) == NM_SETTING_VERIFY_SUCCESS); -@@ -3399,7 +3421,7 @@ do_write_construct(NMConnection *connection, - if (!write_wireless_setting(connection, ifcfg, secrets, &no_8021x, error)) - return FALSE; - } else if (!strcmp(type, NM_SETTING_INFINIBAND_SETTING_NAME)) { -- if (!write_infiniband_setting(connection, ifcfg, error)) -+ if (!write_infiniband_setting(connection, ifcfg, &interface_name, error)) - return FALSE; - } else if (!strcmp(type, NM_SETTING_BOND_SETTING_NAME)) { - if (!write_bond_setting(connection, ifcfg, &wired, error)) -@@ -3504,7 +3526,7 @@ do_write_construct(NMConnection *connection, - - write_ip_routing_rules(connection, ifcfg, route_ignore); - -- write_connection_setting(s_con, ifcfg); -+ write_connection_setting(s_con, ifcfg, interface_name); - - NM_SET_OUT(out_ifcfg, g_steal_pointer(&ifcfg)); - NM_SET_OUT(out_blobs, g_steal_pointer(&blobs)); --- -2.40.1 - - -From fe3789da37f394112bdb07ffc7935d935449e17a Mon Sep 17 00:00:00 2001 -From: Thomas Haller -Date: Mon, 5 Jun 2023 08:52:09 +0200 -Subject: [PATCH 7/8] ifcfg-rh/tests: add test for infiniband profile with - PKEY_ID in ifcfg format - -https://bugzilla.redhat.com/show_bug.cgi?id=2209164 -(cherry picked from commit 0d0704eaa02c45e10917ce503f50b4ca885285aa) -(cherry picked from commit 0b56618b198c6cb3f99e84554487dc6eea66d468) -(cherry picked from commit 2cc34244e1d53b4f2ca8efa59755aa68cd663365) ---- - Makefile.am | 4 +- - ...test-infiniband => ifcfg-test-infiniband0} | 0 - .../network-scripts/ifcfg-test-infiniband1 | 12 ++++++ - .../network-scripts/ifcfg-test-infiniband2 | 12 ++++++ - .../plugins/ifcfg-rh/tests/test-ifcfg-rh.c | 38 ++++++++++++++++--- - 5 files changed, 59 insertions(+), 7 deletions(-) - rename src/core/settings/plugins/ifcfg-rh/tests/network-scripts/{ifcfg-test-infiniband => ifcfg-test-infiniband0} (100%) - create mode 100644 src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-infiniband1 - create mode 100644 src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-infiniband2 - -diff --git a/Makefile.am b/Makefile.am -index 7cdb1120ccc3..a42474b714be 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -3457,7 +3457,9 @@ EXTRA_DIST += \ - src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-fcoe-fabric \ - src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-fcoe-vn2vn \ - src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-ibft \ -- src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-infiniband \ -+ src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-infiniband0 \ -+ src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-infiniband1 \ -+ src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-infiniband2 \ - src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-ip6-disabled.cexpected \ - src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-ipoib \ - src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-link_local \ -diff --git a/src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-infiniband b/src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-infiniband0 -similarity index 100% -rename from src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-infiniband -rename to src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-infiniband0 -diff --git a/src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-infiniband1 b/src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-infiniband1 -new file mode 100644 -index 000000000000..dcb7758e6ed9 ---- /dev/null -+++ b/src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-infiniband1 -@@ -0,0 +1,12 @@ -+TYPE=InfiniBand -+HWADDR=80:00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22 -+CONNECTED_MODE=yes -+MTU=65520 -+IPADDR=192.168.2.2 -+NETMASK=255.255.255.0 -+GATEWAY=192.168.2.1 -+ -+DEVICE=ib0.80c1 -+PKEY=yes -+PKEY_ID=0x00c1 -+PHYSDEV=ib0 -diff --git a/src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-infiniband2 b/src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-infiniband2 -new file mode 100644 -index 000000000000..2e6d9edf3ac4 ---- /dev/null -+++ b/src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-infiniband2 -@@ -0,0 +1,12 @@ -+TYPE=InfiniBand -+HWADDR=80:00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22 -+CONNECTED_MODE=yes -+MTU=65520 -+IPADDR=192.168.2.2 -+NETMASK=255.255.255.0 -+GATEWAY=192.168.2.1 -+ -+DEVICE=ib0.00c1 -+PKEY=yes -+PKEY_ID=0x00c1 -+PHYSDEV=ib0 -diff --git a/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c b/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c -index 01eb24216aec..b391aa2392a8 100644 ---- a/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c -+++ b/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c -@@ -8337,8 +8337,9 @@ test_write_bond_port(void) - } - - static void --test_read_infiniband(void) -+test_read_infiniband(gconstpointer test_data) - { -+ const guint TEST_IDX = GPOINTER_TO_UINT(test_data); - gs_unref_object NMConnection *connection = NULL; - NMSettingInfiniband *s_infiniband; - char *unmanaged = NULL; -@@ -8347,11 +8348,15 @@ test_read_infiniband(void) - 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, - 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22}; - const char *transport_mode; -+ const char *test_files[] = { -+ TEST_IFCFG_DIR "/ifcfg-test-infiniband0", -+ TEST_IFCFG_DIR "/ifcfg-test-infiniband1", -+ TEST_IFCFG_DIR "/ifcfg-test-infiniband2", -+ }; - -- connection = _connection_from_file(TEST_IFCFG_DIR "/ifcfg-test-infiniband", -- NULL, -- TYPE_INFINIBAND, -- &unmanaged); -+ g_assert(TEST_IDX < G_N_ELEMENTS(test_files)); -+ -+ connection = _connection_from_file(test_files[TEST_IDX], NULL, TYPE_INFINIBAND, &unmanaged); - g_assert(!unmanaged); - - s_infiniband = nmtst_connection_assert_setting(connection, NM_TYPE_SETTING_INFINIBAND); -@@ -8363,6 +8368,25 @@ test_read_infiniband(void) - transport_mode = nm_setting_infiniband_get_transport_mode(s_infiniband); - g_assert(transport_mode); - g_assert_cmpstr(transport_mode, ==, "connected"); -+ -+ nmtst_assert_connection_verifies_without_normalization(connection); -+ -+ switch (TEST_IDX) { -+ case 0: -+ g_assert_cmpint(nm_setting_infiniband_get_p_key(s_infiniband), ==, -1); -+ g_assert_cmpstr(nm_setting_infiniband_get_parent(s_infiniband), ==, NULL); -+ g_assert_cmpstr(nm_connection_get_interface_name(connection), ==, "ib0"); -+ break; -+ case 1: -+ case 2: -+ g_assert_cmpint(nm_setting_infiniband_get_p_key(s_infiniband), ==, 0x80c1); -+ g_assert_cmpstr(nm_setting_infiniband_get_parent(s_infiniband), ==, "ib0"); -+ g_assert_cmpstr(nm_connection_get_interface_name(connection), ==, "ib0.80c1"); -+ break; -+ default: -+ g_assert_not_reached(); -+ break; -+ } - } - - static void -@@ -10673,7 +10697,9 @@ main(int argc, char **argv) - - g_test_add_func(TPATH "wifi/read/wep-no-keys", test_read_wifi_wep_no_keys); - g_test_add_func(TPATH "wifi/read/wep-agent-keys", test_read_wifi_wep_agent_keys); -- g_test_add_func(TPATH "infiniband/read", test_read_infiniband); -+ g_test_add_data_func(TPATH "infiniband/read/0", GUINT_TO_POINTER(0), test_read_infiniband); -+ g_test_add_data_func(TPATH "infiniband/read/1", GUINT_TO_POINTER(1), test_read_infiniband); -+ g_test_add_data_func(TPATH "infiniband/read/2", GUINT_TO_POINTER(2), test_read_infiniband); - g_test_add_func(TPATH "ipoib/read", test_read_ipoib); - g_test_add_func(TPATH "vlan/read", test_read_vlan_interface); - g_test_add_func(TPATH "vlan/read-flags-1", test_read_vlan_flags_1); --- -2.40.1 - - -From 5263adc4c930edb9b0a7e7e38d4fa5682c63fe2d Mon Sep 17 00:00:00 2001 -From: Thomas Haller -Date: Tue, 30 May 2023 17:51:02 +0200 -Subject: [PATCH 8/8] ifcfg: better handle non-full-membership PKEY_ID with new - PKEY_ID_NM variable - -Infiniband profiles can have a p-key set. Both in kernel API -("create_child" sysctl) and in NetworkManager API, that key can range -from 0x0001 to 0xFFFF (0x8000 excluded). NetworkManager does not support -renaming the interface, so kernel always assigns the interface name -"$PHYSDEV.$PKEY_ID" (with $PKEY_ID as 4 character hex digits). - -Note that the highest bit in the p-key (0x8000) is the full-membership -flag. Internally, kernel only supports full-membership so when we create -for example "ib0.00c1" and "ib0.80c1" interfaces, their actually used -p-key is in both cases 0x80c1 and you can see it with `ip -d link`. -Nonetheless, kernel and NetworkManager allow to configure the p-key -without the highest bit set, and the result differs in the interface -name. - -Note that initscripts' ifup-ib0 would always internally coerce the -PKEY_ID variable to have the high bit set ([1]). It also would require -that the `DEVICE=` variable is specified and matches the expected -interface name. So both these configurations are identical and valid: - - DEVICE=ib0.80c1 - PHYSDEV=ib0 - PKEY_ID=0x80c1 - -and - - DEVICE=ib0.80c1 - PHYSDEV=ib0 - PKEY_ID=0x00c1 - -Historically, NetworkManager would also implement the same restrictions -([2], [3], [4]). That meant, not all valid NetworkManager infiniband -profiles could be expressed as ifcfg file. For example, NetworkManager -allows to have "connection.interface-name" (`DEVICE=`) unset (which -ifup-ib and ifcfg reader did not allow). Also, NetworkManager would -allow configuring a "infiniband.p-key" without full membership flag, and -the reader would mangle that. - -This caused various problems to the point that when you configure an -infiniband.p-key with a non-full-membership key, the ifcfg-rh written by -NetworkManager was invalid. Either, you could leave -"connection.interface-name" unset, but then the reader would complain -about missing `DEVICE=`. Or, we could write `DEVICE=ib0.00c1; -PKEY_ID=0x00c1`, which was invalid as we expected `DEVICE=ib0.80c1`. - -This was addressed by rhbz 2122703 ([5]). The fix was to - - - not require a `DEVICE=` ([6]). - - don't mangle the `PKEY_ID=` in the reader ([7]). - -which happened in 1.41.2 and 1.40.2 (rhel-8.8). - -With this change, we could persist any valid infiniband profile to ifcfg -format. We also could read back any valid ifcfg file that NetworkManager -would have written in the past (note that it could not write valid ifcfg -files previously, if the p-key didn't have the full-membership key set). - -The problem is, that users were used to edit ifcfg files by hand, and -users would have files with: - - DEVICE=ib0.80c1 - PHYSDEV=ib0 - PKEY_ID=0x00c1 - -This files had worked before, but now failed to verify as we would -expect `DEVICE=ib0.00c1`. Also, there was a change in behavior that -PKEY_ID is now interpreted without the high bit set. This is reported as -rhbz 2209164 ([8]). - -We will do several things to fix that: - -1) we now normalize the "connection.interface-name" to be valid. It was - not useful to set it anyway, as it was redundant. Complaining about a - redundant setting, which makes little sense to configure, is not useful. - This is done by [9]. - -2) we now again treat PKEY_ID= as if it had 0x8000 flag set. This was done by - [10]. - -With step 1) and 2), we are able to read any existing ifcfg files out -there in the way we did before 1.41.2. - -There is however one piece missing. When we now create a profile using -nmcli/libnm/D-Bus, which has a non-full-membership p-key, then the -profile gets mangled in the process. - -If the user uses NetworkManager API to configure an interface and -chooses a non-full-membership p-key, then this should work the same as -with keyfile plugin (or on rhel-9, where keyfile is the default). Note -that before 1.41.2 it didn't work at all, when the user used ifcfg-rh -backend. Likely(?) there are no users who rely on creating such a profile -with nmcli/libnm/D-Bus and expect to automatically have the p-key -normalized. That didn't work before 1.41.2 and didn't behave that way -between 1.41.2 and now. - -This patch fixes that by introducing a new key PKEY_ID_NM= for holding -the real p-key. Now ifcfg backend is consistent with handling infiniband -profiles, and old, hand-written ifcfg files still work as before. - -There is of course change in behavior, that ifcfg files between 1.41.2 -and now were interpreted differently. But that is bug 2209164 ([8]) and -what we fix here. - -For now strong reasons, we keep writing the PKEY_ID to file too. It's -redundant, but that is what a human might expect there. - -[1] https://src.fedoraproject.org/rpms/rdma/blob/05333c3602aa3c1d82a6363521bdd5a498eac6d0/f/rdma.ifup-ib#_75 -[2] https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/1.40.0/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c#L5386 -[3] https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/cb5606cf1c7a1638fea2858ddd3493a7364f5738#a7a78fccb2c8c945fd09038656ae734c1b0349ab_3493_3532 -[4] https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/cb5606cf1c7a1638fea2858ddd3493a7364f5738#a7a78fccb2c8c945fd09038656ae734c1b0349ab_3493_3506 -[5] https://bugzilla.redhat.com/show_bug.cgi?id=2122703 -[6] https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/4c32dd9d252959b9bab5de6277418939b64d1bb1 -[7] https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/a4fe16a426097eee263cb3ef831dcea468b1ca26 -[8] https://bugzilla.redhat.com/show_bug.cgi?id=2209164 -[9] https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/4610fd67e6e795131a358b292ec3fc1ba2a2250f -[10] https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/f8e5e07355e23b6d59b1b1c9cd2387c6b40b214b - -(cherry picked from commit 5e3e38f291a5bb1499602721401335b1cb585cab) -(cherry picked from commit d8f7fec9e0d395461eab58185398557dc476c716) -(cherry picked from commit cb73ae3f0bbc2a7e083f79f2a0c64a503dc85510) ---- - .../plugins/ifcfg-rh/nms-ifcfg-rh-reader.c | 28 +++++++---------- - .../plugins/ifcfg-rh/nms-ifcfg-rh-utils.c | 1 + - .../plugins/ifcfg-rh/nms-ifcfg-rh-utils.h | 2 +- - .../plugins/ifcfg-rh/nms-ifcfg-rh-writer.c | 30 ++++++++----------- - .../plugins/ifcfg-rh/tests/test-ifcfg-rh.c | 19 ++---------- - src/libnm-core-impl/nm-setting-infiniband.c | 24 +++++++-------- - src/libnmc-setting/settings-docs.h.in | 2 +- - .../generate-docs-nm-settings-nmcli.xml.in | 2 +- - 8 files changed, 42 insertions(+), 66 deletions(-) - -diff --git a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c -index 533379c67868..ad14209a3c94 100644 ---- a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c -+++ b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c -@@ -5358,6 +5358,7 @@ parse_infiniband_p_key(shvarFile *ifcfg, int *out_p_key, char **out_parent, GErr - gs_free char *physdev = NULL; - gs_free char *pkey_id = NULL; - int id; -+ int fixup_id = 0; - - physdev = svGetValueStr_cp(ifcfg, "PHYSDEV"); - if (!physdev) { -@@ -5368,7 +5369,14 @@ parse_infiniband_p_key(shvarFile *ifcfg, int *out_p_key, char **out_parent, GErr - return FALSE; - } - -- pkey_id = svGetValueStr_cp(ifcfg, "PKEY_ID"); -+ pkey_id = svGetValueStr_cp(ifcfg, "PKEY_ID_NM"); -+ if (!pkey_id) { -+ /* Only check for "$PKEY_ID". That key is interpreted as having the -+ * full membership flag set ("fixup_id"). */ -+ fixup_id = 0x8000; -+ pkey_id = svGetValueStr_cp(ifcfg, "PKEY_ID"); -+ } -+ - if (!pkey_id) { - g_set_error(error, - NM_SETTINGS_ERROR, -@@ -5387,23 +5395,7 @@ parse_infiniband_p_key(shvarFile *ifcfg, int *out_p_key, char **out_parent, GErr - return FALSE; - } - -- /* The highest bit 0x8000 indicates full membership, which kernel always -- * automatically sets. -- * -- * NetworkManager supports p-keys without the high bit set. That affects -- * the interface name (nmp_utils_new_infiniband_name()) and is what -- * we write to "create_child"/"delete_child" sysctl. Kernel will honor -- * such p-keys for the interface name, but for other purposes it adds the -- * highest bit. That makes using p-keys without the highest bit odd. -- * -- * Historically, /etc/sysconfig/network-scripts/ifup-ib would always add "|=0x8000". -- * The reader does that too. -- * -- * Note that this means ifcfg cannot handle p-keys without the highest bit set, -- * and when trying to store that to ifcfg format, the profile will be mangled/modified -- * by the ifcg plugin (unlike keyfile backend, which preserves the original p-key value). -- */ -- id |= 0x8000; -+ id |= fixup_id; - - *out_p_key = id; - *out_parent = g_steal_pointer(&physdev); -diff --git a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.c b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.c -index ef4276da7377..7fc33967acb0 100644 ---- a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.c -+++ b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.c -@@ -1028,6 +1028,7 @@ const NMSIfcfgKeyTypeInfo nms_ifcfg_well_known_keys[] = { - _KEY_TYPE("PHYSDEV", NMS_IFCFG_KEY_TYPE_IS_PLAIN), - _KEY_TYPE("PKEY", NMS_IFCFG_KEY_TYPE_IS_PLAIN), - _KEY_TYPE("PKEY_ID", NMS_IFCFG_KEY_TYPE_IS_PLAIN), -+ _KEY_TYPE("PKEY_ID_NM", NMS_IFCFG_KEY_TYPE_IS_PLAIN), - _KEY_TYPE("PMF", NMS_IFCFG_KEY_TYPE_IS_PLAIN), - _KEY_TYPE("PORTNAME", NMS_IFCFG_KEY_TYPE_IS_PLAIN), - _KEY_TYPE("POWERSAVE", NMS_IFCFG_KEY_TYPE_IS_PLAIN), -diff --git a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.h b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.h -index e3d3d8732103..7302625cc13b 100644 ---- a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.h -+++ b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.h -@@ -33,7 +33,7 @@ typedef struct { - NMSIfcfgKeyTypeFlags key_flags; - } NMSIfcfgKeyTypeInfo; - --extern const NMSIfcfgKeyTypeInfo nms_ifcfg_well_known_keys[257]; -+extern const NMSIfcfgKeyTypeInfo nms_ifcfg_well_known_keys[258]; - - const NMSIfcfgKeyTypeInfo *nms_ifcfg_well_known_key_find_info(const char *key, gssize *out_idx); - -diff --git a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c -index 9610cd647114..b78bbe416655 100644 ---- a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c -+++ b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c -@@ -1054,28 +1054,24 @@ write_infiniband_setting(NMConnection *connection, - - p_key = nm_setting_infiniband_get_p_key(s_infiniband); - if (p_key != -1) { -- /* The reader normalizes KKEY_ID with |=0x8000. Also do that when -- * writing the profile so that what we write, is consistent with what -- * we would read. */ -- p_key |= 0x8000; -- - svSetValueStr(ifcfg, "PKEY", "yes"); -- svSetValueInt64(ifcfg, "PKEY_ID", p_key); - -- parent = nm_setting_infiniband_get_parent(s_infiniband); -- svSetValueStr(ifcfg, "PHYSDEV", parent); -+ svSetValueInt64(ifcfg, "PKEY_ID", p_key); - -- if (parent && nm_connection_get_interface_name(connection)) { -- /* The connection.interface-name depends on the p-key. Also, -- * nm_connection_normalize() will automatically adjust the -- * interface-name to match the p-key. -+ if (!NM_FLAGS_HAS(p_key, 0x8000)) { -+ /* initscripts' ifup-ib used to always interpret the PKEY_ID with -+ * the full membership flag (0x8000) set. For compatibility, we do -+ * interpret PKEY_ID as having that flag set. - * -- * As we patched the p-key above, also anticipate that change, and -- * don't write a DEVICE= to the file, which would we normalize -- * differently, when reading it back. */ -- *out_interface_name = -- nm_setting_infiniband_create_virtual_interface_name(parent, p_key); -+ * However, now we want to persist a p-key which doesn't have the -+ * flag. Use a NetworkManager specific variable for that. This configuration -+ * is not supported by initscripts' ifup-ib. -+ */ -+ svSetValueInt64(ifcfg, "PKEY_ID_NM", p_key); - } -+ -+ parent = nm_setting_infiniband_get_parent(s_infiniband); -+ svSetValueStr(ifcfg, "PHYSDEV", parent); - } - - svSetValueStr(ifcfg, "TYPE", TYPE_INFINIBAND); -diff --git a/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c b/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c -index b391aa2392a8..b5f830c8660a 100644 ---- a/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c -+++ b/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c -@@ -8419,7 +8419,6 @@ test_write_infiniband(gconstpointer test_data) - const int TEST_IDX = GPOINTER_TO_INT(test_data); - nmtst_auto_unlinkfile char *testfile = NULL; - gs_unref_object NMConnection *connection = NULL; -- gs_unref_object NMConnection *expected = NULL; - gs_unref_object NMConnection *reread = NULL; - gboolean reread_same = FALSE; - NMSettingConnection *s_con; -@@ -8500,32 +8499,20 @@ test_write_infiniband(gconstpointer test_data) - - nmtst_assert_connection_verifies(connection); - -- if (p_key != -1 && p_key < 0x8000) { -- expected = nm_simple_connection_new_clone(connection); -- g_object_set(nm_connection_get_setting(expected, NM_TYPE_SETTING_INFINIBAND), -- NM_SETTING_INFINIBAND_P_KEY, -- (int) (p_key | 0x8000), -- NULL); -- } else -- expected = g_object_ref(connection); -- - _writer_new_connection_reread(connection, - TEST_SCRATCH_DIR, - &testfile, - NO_EXPECTED, - &reread, - &reread_same); -- _assert_reread_same(expected, reread); -- if (p_key == -1 || p_key > 0x8000) -- g_assert(reread_same); -- else -- g_assert(!reread_same); -+ _assert_reread_same(connection, reread); -+ g_assert(reread_same); - - g_assert_cmpstr(interface_name, ==, nm_connection_get_interface_name(reread)); - g_assert_cmpint(nm_setting_infiniband_get_p_key( - _nm_connection_get_setting(reread, NM_TYPE_SETTING_INFINIBAND)), - ==, -- p_key == -1 ? -1 : (p_key | 0x8000)); -+ p_key); - } - - static void -diff --git a/src/libnm-core-impl/nm-setting-infiniband.c b/src/libnm-core-impl/nm-setting-infiniband.c -index 0753a8db2d81..6df92ceb4777 100644 ---- a/src/libnm-core-impl/nm-setting-infiniband.c -+++ b/src/libnm-core-impl/nm-setting-infiniband.c -@@ -461,31 +461,31 @@ nm_setting_infiniband_class_init(NMSettingInfinibandClass *klass) - /** - * NMSettingInfiniband:p-key: - * -- * The InfiniBand P_Key to use for this device. A value of -1 means to use -- * the default P_Key (aka "the P_Key at index 0"). Otherwise, it is a -+ * The InfiniBand p-key to use for this device. A value of -1 means to use -+ * the default p-key (aka "the p-key at index 0"). Otherwise, it is a - * 16-bit unsigned integer, whose high bit 0x8000 is set if it is a "full -- * membership" P_Key. The values 0 and 0x8000 are not allowed. -+ * membership" p-key. The values 0 and 0x8000 are not allowed. - * - * With the p-key set, the interface name is always "$parent.$p_key". - * Setting "connection.interface-name" to another name is not supported. - * - * Note that kernel will internally always set the full membership bit, -- * although the interface name does not reflect that. Thus, not setting -- * the high bit is probably not useful. -- * -- * If the profile is stored in ifcfg-rh format, then the full membership -- * bit is automatically added. To get consistent behavior, it is -- * best to only use p-key values with the full membership bit set. -+ * although the interface name does not reflect that. Usually the user -+ * would want to configure a full membership p-key with 0x8000 flag set. - **/ - /* ---ifcfg-rh--- - * property: p-key -- * variable: PKEY_ID (and PKEY=yes) -+ * variable: PKEY_ID or PKEY_ID_NM(*) (requires PKEY=yes) - * default: PKEY=no - * description: InfiniBand P_Key. The value can be a hex number prefixed with "0x" - * or a decimal number. -- * When PKEY_ID is specified, PHYSDEV and DEVICE also must be specified. -+ * When PKEY_ID is specified, PHYSDEV must be specified. - * Note that ifcfg-rh format will always automatically set the full membership -- * bit 0x8000. Other p-key cannot be stored. -+ * flag 0x8000 for the PKEY_ID variable. To express IDs without the full membership -+ * flag, use PKEY_ID_NM. Note that kernel internally treats the interface as -+ * having the full membership flag set, this mainly affects the interface name. -+ * For the ifcfg file to be supported by initscripts' ifup-ib, the DEVICE= -+ * must always be set. NetworkManager does not require that. - * example: PKEY=yes PKEY_ID=2 PHYSDEV=mlx4_ib0 DEVICE=mlx4_ib0.8002 - * ---end--- - */ -diff --git a/src/libnmc-setting/settings-docs.h.in b/src/libnmc-setting/settings-docs.h.in -index 172f9b15bb98..c3fa316cf65a 100644 ---- a/src/libnmc-setting/settings-docs.h.in -+++ b/src/libnmc-setting/settings-docs.h.in -@@ -153,7 +153,7 @@ - #define DESCRIBE_DOC_NM_SETTING_GSM_USERNAME N_("The username used to authenticate with the network, if required. Many providers do not require a username, or accept any username. But if a username is required, it is specified here.") - #define DESCRIBE_DOC_NM_SETTING_INFINIBAND_MAC_ADDRESS N_("If specified, this connection will only apply to the IPoIB device whose permanent MAC address matches. This property does not change the MAC address of the device (i.e. MAC spoofing).") - #define DESCRIBE_DOC_NM_SETTING_INFINIBAND_MTU N_("If non-zero, only transmit packets of the specified size or smaller, breaking larger packets up into multiple frames.") --#define DESCRIBE_DOC_NM_SETTING_INFINIBAND_P_KEY N_("The InfiniBand P_Key to use for this device. A value of -1 means to use the default P_Key (aka \"the P_Key at index 0\"). Otherwise, it is a 16-bit unsigned integer, whose high bit 0x8000 is set if it is a \"full membership\" P_Key. The values 0 and 0x8000 are not allowed. With the p-key set, the interface name is always \"$parent.$p_key\". Setting \"connection.interface-name\" to another name is not supported. Note that kernel will internally always set the full membership bit, although the interface name does not reflect that. Thus, not setting the high bit is probably not useful. If the profile is stored in ifcfg-rh format, then the full membership bit is automatically added. To get consistent behavior, it is best to only use p-key values with the full membership bit set.") -+#define DESCRIBE_DOC_NM_SETTING_INFINIBAND_P_KEY N_("The InfiniBand p-key to use for this device. A value of -1 means to use the default p-key (aka \"the p-key at index 0\"). Otherwise, it is a 16-bit unsigned integer, whose high bit 0x8000 is set if it is a \"full membership\" p-key. The values 0 and 0x8000 are not allowed. With the p-key set, the interface name is always \"$parent.$p_key\". Setting \"connection.interface-name\" to another name is not supported. Note that kernel will internally always set the full membership bit, although the interface name does not reflect that. Usually the user would want to configure a full membership p-key with 0x8000 flag set.") - #define DESCRIBE_DOC_NM_SETTING_INFINIBAND_PARENT N_("The interface name of the parent device of this device. Normally NULL, but if the \"p_key\" property is set, then you must specify the base device by setting either this property or \"mac-address\".") - #define DESCRIBE_DOC_NM_SETTING_INFINIBAND_TRANSPORT_MODE N_("The IP-over-InfiniBand transport mode. Either \"datagram\" or \"connected\".") - #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_ADDRESSES N_("A list of IPv4 addresses and their prefix length. Multiple addresses can be separated by comma. For example \"192.168.1.5/24, 10.1.0.5/24\". The addresses are listed in decreasing priority, meaning the first address will be the primary address.") -diff --git a/src/nmcli/generate-docs-nm-settings-nmcli.xml.in b/src/nmcli/generate-docs-nm-settings-nmcli.xml.in -index a59dacf2430d..373d39a60b9d 100644 ---- a/src/nmcli/generate-docs-nm-settings-nmcli.xml.in -+++ b/src/nmcli/generate-docs-nm-settings-nmcli.xml.in -@@ -614,7 +614,7 @@ - description="The IP-over-InfiniBand transport mode. Either "datagram" or "connected"." /> - -+ description="The InfiniBand p-key to use for this device. A value of -1 means to use the default p-key (aka "the p-key at index 0"). Otherwise, it is a 16-bit unsigned integer, whose high bit 0x8000 is set if it is a "full membership" p-key. The values 0 and 0x8000 are not allowed. With the p-key set, the interface name is always "$parent.$p_key". Setting "connection.interface-name" to another name is not supported. Note that kernel will internally always set the full membership bit, although the interface name does not reflect that. Usually the user would want to configure a full membership p-key with 0x8000 flag set." /> - --- -2.40.1 - diff --git a/SOURCES/1007-unblock-autoconnect-on-reapply-rh2207690.patch b/SOURCES/1007-unblock-autoconnect-on-reapply-rh2207690.patch deleted file mode 100644 index 9349998..0000000 --- a/SOURCES/1007-unblock-autoconnect-on-reapply-rh2207690.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 04c0fffdc3a24b66fcfd2e55714bc1308c219c24 Mon Sep 17 00:00:00 2001 -From: Gris Ge -Date: Tue, 27 Jun 2023 15:02:54 +0800 -Subject: [PATCH 1/1] setting-connection: Unblock autoconnect upon finish of - `Reapply` - -The activation of a connection will clear the block of autoconnect, -we should do the same for reapply. - -Signed-off-by: Gris Ge -(cherry picked from commit 0486efd3584c70179072f611e63b9c0ff6851b80) -(cherry picked from commit 18ce5f43bd16b3cc394424619652c782cb3795c3) -(cherry picked from commit 2695396939d2a867145f7db569aaf5cc6b0d742c) ---- - src/core/devices/nm-device.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/src/core/devices/nm-device.c b/src/core/devices/nm-device.c -index 31acc1c1fe6b..2ac55fa83cbe 100644 ---- a/src/core/devices/nm-device.c -+++ b/src/core/devices/nm-device.c -@@ -12826,6 +12826,7 @@ check_and_reapply_connection(NMDevice *self, - NMConnection *con_old; - NMConnection *con_new; - GHashTableIter iter; -+ NMSettingsConnection *sett_conn; - - if (priv->state < NM_DEVICE_STATE_PREPARE || priv->state > NM_DEVICE_STATE_ACTIVATED) { - g_set_error_literal(error, -@@ -12998,6 +12999,14 @@ check_and_reapply_connection(NMDevice *self, - if (priv->state >= NM_DEVICE_STATE_ACTIVATED) - nm_device_update_metered(self); - -+ sett_conn = nm_device_get_settings_connection(self); -+ if (sett_conn) { -+ nm_settings_connection_autoconnect_blocked_reason_set( -+ sett_conn, -+ NM_SETTINGS_AUTO_CONNECT_BLOCKED_REASON_USER_REQUEST, -+ FALSE); -+ } -+ - return TRUE; - } - --- -2.40.1 - diff --git a/SOURCES/1008-cloud-setup-fix-terminating-in-reconfig-rh2221903.patch b/SOURCES/1008-cloud-setup-fix-terminating-in-reconfig-rh2221903.patch deleted file mode 100644 index a9f7b86..0000000 --- a/SOURCES/1008-cloud-setup-fix-terminating-in-reconfig-rh2221903.patch +++ /dev/null @@ -1,190 +0,0 @@ -From 1e74f06a69d0f01753d6f2f071202a41b92239bc Mon Sep 17 00:00:00 2001 -From: Thomas Haller -Date: Wed, 31 May 2023 13:06:22 +0200 -Subject: [PATCH 1/2] cloud-setup: fix terminating in the middle of - reconfiguring the system - -Once we start reconfiguring the system, we need to finish on all -interfaces. Otherwise, we might reconfigure some interfaces, abort -and leave the network broken. When that happens, a subsequent run -might also be unable to recover, because we are unable to reach the -HTTP meta data service. - -https://bugzilla.redhat.com/show_bug.cgi?id=2207812 - -Fixes: 69f048bf0ca3 ('cloud-setup: add tool for automatic IP configuration in cloud') -(cherry picked from commit dab114f038f39e07080f71426d70e84449890088) -(cherry picked from commit 0a033798ac646c80669ab5d8a15362583f4d8ba4) -(cherry picked from commit fe243025e5751dda2e5a3694953f92c87372e008) ---- - src/nm-cloud-setup/main.c | 49 ++++++++++++++++++++++++++------------- - 1 file changed, 33 insertions(+), 16 deletions(-) - -diff --git a/src/nm-cloud-setup/main.c b/src/nm-cloud-setup/main.c -index e1cbd1d4d8..01e41bd72e 100644 ---- a/src/nm-cloud-setup/main.c -+++ b/src/nm-cloud-setup/main.c -@@ -15,6 +15,12 @@ - - /*****************************************************************************/ - -+typedef struct { -+ GCancellable *cancellable; -+ gboolean enabled; -+ gboolean signal_received; -+} SigTermData; -+ - typedef struct { - GMainLoop *main_loop; - GCancellable *cancellable; -@@ -444,7 +450,7 @@ _nmc_mangle_connection(NMDevice *device, - /*****************************************************************************/ - - static gboolean --_config_one(GCancellable *sigterm_cancellable, -+_config_one(SigTermData *sigterm_data, - NMClient *nmc, - const NMCSProviderGetConfigResult *result, - guint idx) -@@ -464,7 +470,7 @@ _config_one(GCancellable *sigterm_cancellable, - - g_main_context_iteration(NULL, FALSE); - -- if (g_cancellable_is_cancelled(sigterm_cancellable)) -+ if (g_cancellable_is_cancelled(sigterm_data->cancellable)) - return FALSE; - - device = nm_g_object_ref(_nmc_get_device_by_hwaddr(nmc, hwaddr)); -@@ -498,7 +504,7 @@ try_again: - g_clear_error(&error); - - applied_connection = nmcs_device_get_applied_connection(device, -- sigterm_cancellable, -+ sigterm_data->cancellable, - &applied_version_id, - &error); - if (!applied_connection) { -@@ -560,8 +566,12 @@ try_again: - * during package upgrade. */ - maybe_no_preserved_external_ip = TRUE; - -+ /* Once we start reconfiguring the system, we cannot abort in the middle. From now on, -+ * any SIGTERM gets ignored until we are done. */ -+ sigterm_data->enabled = FALSE; -+ - if (!nmcs_device_reapply(device, -- sigterm_cancellable, -+ NULL, - applied_connection, - applied_version_id, - maybe_no_preserved_external_ip, -@@ -592,15 +602,13 @@ try_again: - } - - static gboolean --_config_all(GCancellable *sigterm_cancellable, -- NMClient *nmc, -- const NMCSProviderGetConfigResult *result) -+_config_all(SigTermData *sigterm_data, NMClient *nmc, const NMCSProviderGetConfigResult *result) - { - gboolean any_changes = FALSE; - guint i; - - for (i = 0; i < result->n_iface_datas; i++) { -- if (_config_one(sigterm_cancellable, nmc, result, i)) -+ if (_config_one(sigterm_data, nmc, result, i)) - any_changes = TRUE; - } - -@@ -612,13 +620,16 @@ _config_all(GCancellable *sigterm_cancellable, - static gboolean - sigterm_handler(gpointer user_data) - { -- GCancellable *sigterm_cancellable = user_data; -+ SigTermData *sigterm_data = user_data; - -- if (!g_cancellable_is_cancelled(sigterm_cancellable)) { -- _LOGD("SIGTERM received"); -- g_cancellable_cancel(user_data); -- } else -- _LOGD("SIGTERM received (again)"); -+ _LOGD("SIGTERM received (%s) (%s)", -+ sigterm_data->signal_received ? "first time" : "again", -+ sigterm_data->enabled ? "cancel operation" : "ignore"); -+ -+ sigterm_data->signal_received = TRUE; -+ -+ if (sigterm_data->enabled) -+ g_cancellable_cancel(sigterm_data->cancellable); - return G_SOURCE_CONTINUE; - } - -@@ -633,6 +644,7 @@ main(int argc, const char *const *argv) - gs_unref_object NMClient *nmc = NULL; - nm_auto_free_nmcs_provider_get_config_result NMCSProviderGetConfigResult *result = NULL; - gs_free_error GError *error = NULL; -+ SigTermData sigterm_data; - - _nm_logging_enabled_init(g_getenv(NMCS_ENV_VARIABLE("NM_CLOUD_SETUP_LOG"))); - -@@ -645,7 +657,12 @@ main(int argc, const char *const *argv) - - sigterm_cancellable = g_cancellable_new(); - -- sigterm_source = nm_g_unix_signal_add_source(SIGTERM, sigterm_handler, sigterm_cancellable); -+ sigterm_data = (SigTermData){ -+ .cancellable = sigterm_cancellable, -+ .enabled = TRUE, -+ .signal_received = FALSE, -+ }; -+ sigterm_source = nm_g_unix_signal_add_source(SIGTERM, sigterm_handler, &sigterm_data); - - provider = _provider_detect(sigterm_cancellable); - if (!provider) -@@ -676,7 +693,7 @@ main(int argc, const char *const *argv) - if (!result) - goto done; - -- if (_config_all(sigterm_cancellable, nmc, result)) -+ if (_config_all(&sigterm_data, nmc, result)) - _LOGI("some changes were applied for provider %s", nmcs_provider_get_name(provider)); - else - _LOGD("no changes were applied for provider %s", nmcs_provider_get_name(provider)); --- -2.40.1 - -From 1d148ee9592e1292a62f1d932c85d4ca94e9d642 Mon Sep 17 00:00:00 2001 -From: Thomas Haller -Date: Mon, 5 Jun 2023 13:04:53 +0200 -Subject: [PATCH 2/2] cloud-setup: clear error variable in - nmcs_device_reapply() - -This is rather bad, because if we reach the "goto again" case, -the error variable is not cleared. Subsequently passing the -error location to nm_device_reapply_finish() will trigger a glib -warning. - -Fixes: 29b0420be72f ('nm-cloud-setup: set preserve-external-ip flag during reapply') -(cherry picked from commit c70a5470be034c660b426ebdbef9e8e67609ece7) -(cherry picked from commit 98be3dd5acafa88e7477dcbb9d6420cb2e73ec01) -(cherry picked from commit 5cc38d1c6b1d76b1fa93cba021cf6a5472f12fa4) ---- - src/nm-cloud-setup/nm-cloud-setup-utils.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/nm-cloud-setup/nm-cloud-setup-utils.c b/src/nm-cloud-setup/nm-cloud-setup-utils.c -index 7cf7959241..1410ecf7c1 100644 ---- a/src/nm-cloud-setup/nm-cloud-setup-utils.c -+++ b/src/nm-cloud-setup/nm-cloud-setup-utils.c -@@ -833,6 +833,8 @@ nmcs_device_reapply(NMDevice *device, - NMDeviceReapplyFlags reapply_flags = NM_DEVICE_REAPPLY_FLAGS_PRESERVE_EXTERNAL_IP; - - again: -+ g_clear_error(&data.error); -+ - nm_device_reapply_async(device, - connection, - version_id, --- -2.40.1 - diff --git a/SOURCES/1009-manager-allow-controller-activation-if-device-is-dea-rhel-5119.patch b/SOURCES/1009-manager-allow-controller-activation-if-device-is-dea-rhel-5119.patch deleted file mode 100644 index f6c1921..0000000 --- a/SOURCES/1009-manager-allow-controller-activation-if-device-is-dea-rhel-5119.patch +++ /dev/null @@ -1,50 +0,0 @@ -From a5826caf0607ca3c490bdc76d1d453226ca2e191 Mon Sep 17 00:00:00 2001 -From: Fernando Fernandez Mancera -Date: Tue, 18 Jul 2023 13:46:30 +0200 -Subject: [PATCH] manager: allow controller activation if device is - deactivating - -When activating a port connection it will require the controller -connection is active or a valid controller device candidate is available -for activation. - -One of the conditions we consider for a controller device to be a valid -candidate for the connection is that it is not active, therefore we -should also consider as valid a device that is currently deactivating. -Otherwise, we could fail during the port activation just because the -deactivation of the controller device candidate didn't finish yet. - -https://bugzilla.redhat.com/show_bug.cgi?id=2125615 - -https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1693 -(cherry picked from commit fb362e0583fe9b75269220c7c8b966e2247084ea) -(cherry picked from commit 43f244ef2e4c4052fe708b77244444ee7eff238c) -(cherry picked from commit 401f153dfb52d12495bb39899f2b4dde7dfb72ce) ---- - src/core/nm-manager.c | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/src/core/nm-manager.c b/src/core/nm-manager.c -index 822df7ad3b..4ef87a5d83 100644 ---- a/src/core/nm-manager.c -+++ b/src/core/nm-manager.c -@@ -4608,11 +4608,11 @@ ensure_master_active_connection(NMManager *self, - NULL)) - continue; - -- if (!nm_device_is_software(candidate)) { -- master_state = nm_device_get_state(candidate); -- if (nm_device_is_real(candidate) && master_state != NM_DEVICE_STATE_DISCONNECTED) -- continue; -- } -+ if (nm_device_is_real(candidate) -+ && !NM_IN_SET(nm_device_get_state(candidate), -+ NM_DEVICE_STATE_DISCONNECTED, -+ NM_DEVICE_STATE_DEACTIVATING)) -+ continue; - - master_ac = nm_manager_activate_connection( - self, --- -2.41.0 - diff --git a/SOURCES/1010-fix-l3cd-comparison-rhel-8423.patch b/SOURCES/1010-fix-l3cd-comparison-rhel-8423.patch deleted file mode 100644 index e4c9326..0000000 --- a/SOURCES/1010-fix-l3cd-comparison-rhel-8423.patch +++ /dev/null @@ -1,90 +0,0 @@ -From a7005248bbd8d563962c6a68ed7f1ead58e9df26 Mon Sep 17 00:00:00 2001 -From: Beniamino Galvani -Date: Tue, 28 Mar 2023 09:32:13 +0200 -Subject: [PATCH] core: fix l3cd comparison - -NM_CMP_SELF(a, b) returns immediately if the objects are the same. - -Fixes: cb29244552af ('core: support compare flags in nm_l3_config_data_cmp_full()') -Fixes-test: @dracut_NM_iSCSI_ibft_table - -https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1583 -(cherry picked from commit 0a02995175e06e62924705393121a1c5efc3822d) -(cherry picked from commit 5d95c20787077a91d684259d67f2e0ff3a1d7a1a) -(cherry picked from commit 1395171326e84eafbf2f372c232bf27a4ed79481) ---- - src/core/nm-l3-config-data.c | 55 ++++++++++++++++++------------------ - 1 file changed, 28 insertions(+), 27 deletions(-) - -diff --git a/src/core/nm-l3-config-data.c b/src/core/nm-l3-config-data.c -index d4c7f0c5fb..afdd53920d 100644 ---- a/src/core/nm-l3-config-data.c -+++ b/src/core/nm-l3-config-data.c -@@ -2278,36 +2278,37 @@ nm_l3_config_data_cmp_full(const NML3ConfigData *a, - const NMPObject *def_route_a = a->best_default_route_x[IS_IPv4]; - const NMPObject *def_route_b = b->best_default_route_x[IS_IPv4]; - -- NM_CMP_SELF(def_route_a, def_route_b); -- -- if (NM_FLAGS_HAS(flags, NM_L3_CONFIG_CMP_FLAGS_ROUTES)) { -- NM_CMP_RETURN(nmp_object_cmp_full(def_route_a, -- def_route_b, -- NM_FLAGS_HAS(flags, NM_L3_CONFIG_CMP_FLAGS_IFINDEX) -- ? NMP_OBJECT_CMP_FLAGS_NONE -- : NMP_OBJECT_CMP_FLAGS_IGNORE_IFINDEX)); -- } else if (NM_FLAGS_HAS(flags, NM_L3_CONFIG_CMP_FLAGS_ROUTES_ID)) { -- if (NM_FLAGS_HAS(flags, NM_L3_CONFIG_CMP_FLAGS_IFINDEX)) { -- NM_CMP_DIRECT(def_route_a->obj_with_ifindex.ifindex, -- def_route_b->obj_with_ifindex.ifindex); -- } -+ if (def_route_a != def_route_b) { -+ if (NM_FLAGS_HAS(flags, NM_L3_CONFIG_CMP_FLAGS_ROUTES)) { -+ NM_CMP_RETURN( -+ nmp_object_cmp_full(def_route_a, -+ def_route_b, -+ NM_FLAGS_HAS(flags, NM_L3_CONFIG_CMP_FLAGS_IFINDEX) -+ ? NMP_OBJECT_CMP_FLAGS_NONE -+ : NMP_OBJECT_CMP_FLAGS_IGNORE_IFINDEX)); -+ } else if (NM_FLAGS_HAS(flags, NM_L3_CONFIG_CMP_FLAGS_ROUTES_ID)) { -+ if (NM_FLAGS_HAS(flags, NM_L3_CONFIG_CMP_FLAGS_IFINDEX)) { -+ NM_CMP_DIRECT(def_route_a->obj_with_ifindex.ifindex, -+ def_route_b->obj_with_ifindex.ifindex); -+ } - -- if (IS_IPv4) { -- NMPlatformIP4Route ra = def_route_a->ip4_route; -- NMPlatformIP4Route rb = def_route_b->ip4_route; -+ if (IS_IPv4) { -+ NMPlatformIP4Route ra = def_route_a->ip4_route; -+ NMPlatformIP4Route rb = def_route_b->ip4_route; - -- NM_CMP_DIRECT(ra.metric, rb.metric); -- NM_CMP_DIRECT(ra.plen, rb.plen); -- NM_CMP_RETURN_DIRECT( -- nm_utils_ip4_address_same_prefix_cmp(ra.network, rb.network, ra.plen)); -- } else { -- NMPlatformIP6Route ra = def_route_a->ip6_route; -- NMPlatformIP6Route rb = def_route_b->ip6_route; -+ NM_CMP_DIRECT(ra.metric, rb.metric); -+ NM_CMP_DIRECT(ra.plen, rb.plen); -+ NM_CMP_RETURN_DIRECT( -+ nm_utils_ip4_address_same_prefix_cmp(ra.network, rb.network, ra.plen)); -+ } else { -+ NMPlatformIP6Route ra = def_route_a->ip6_route; -+ NMPlatformIP6Route rb = def_route_b->ip6_route; - -- NM_CMP_DIRECT(ra.metric, rb.metric); -- NM_CMP_DIRECT(ra.plen, rb.plen); -- NM_CMP_RETURN_DIRECT( -- nm_utils_ip6_address_same_prefix_cmp(&ra.network, &rb.network, ra.plen)); -+ NM_CMP_DIRECT(ra.metric, rb.metric); -+ NM_CMP_DIRECT(ra.plen, rb.plen); -+ NM_CMP_RETURN_DIRECT( -+ nm_utils_ip6_address_same_prefix_cmp(&ra.network, &rb.network, ra.plen)); -+ } - } - } - --- -2.41.0 - diff --git a/SOURCES/1011-dispatch-dns-change-event-rhel-10195.patch b/SOURCES/1011-dispatch-dns-change-event-rhel-10195.patch deleted file mode 100644 index d4432bf..0000000 --- a/SOURCES/1011-dispatch-dns-change-event-rhel-10195.patch +++ /dev/null @@ -1,299 +0,0 @@ -From 818352a0342358f4c62465aa5b3590b8e5fb924d Mon Sep 17 00:00:00 2001 -From: Gris Ge -Date: Tue, 26 Sep 2023 15:00:32 +0800 -Subject: [PATCH 1/2] emit DNS CONFIG_CHANGED signal even dns=none - -Instruct the `NMDnsManager` to emit `CONFIG_CHANGED` signal even -`dns=none` or failed to modify `/etc/resolv.conf`. - -The `NMPolicy` will only update hostname when DNS is managed. - -Signed-off-by: Gris Ge -(cherry picked from commit a847ba807572c3ef3682e833432f2f93e9d519a0) -(cherry picked from commit d10f20fd01a7bb3225c7e38ed80449e19156344b) -(cherry picked from commit e0f3a91a95d45f729bd42956617aafb84e26a47b) -(cherry picked from commit cd9ebfd2bb76b99b861af1272f5ef9bb0d279008) ---- - src/core/dns/nm-dns-manager.c | 12 +++++++++++- - src/core/dns/nm-dns-manager.h | 2 ++ - src/core/nm-policy.c | 10 ++++++---- - 3 files changed, 19 insertions(+), 5 deletions(-) - -diff --git a/src/core/dns/nm-dns-manager.c b/src/core/dns/nm-dns-manager.c -index 416a9bf915..2d5f1245b3 100644 ---- a/src/core/dns/nm-dns-manager.c -+++ b/src/core/dns/nm-dns-manager.c -@@ -1907,7 +1907,7 @@ plugin_skip:; - } - - /* signal that DNS resolution configs were changed */ -- if ((do_update || caching || force_emit) && result == SR_SUCCESS) -+ if ((caching || force_emit) && result == SR_SUCCESS) - g_signal_emit(self, signals[CONFIG_CHANGED], 0); - - nm_clear_pointer(&priv->config_variant, g_variant_unref); -@@ -1923,6 +1923,16 @@ plugin_skip:; - return TRUE; - } - -+gboolean -+nm_dns_manager_is_unmanaged(NMDnsManager *self) -+{ -+ NMDnsManagerPrivate *priv = NM_DNS_MANAGER_GET_PRIVATE(self); -+ -+ return NM_IN_SET(priv->rc_manager, -+ NM_DNS_MANAGER_RESOLV_CONF_MAN_UNMANAGED, -+ NM_DNS_MANAGER_RESOLV_CONF_MAN_IMMUTABLE); -+} -+ - /*****************************************************************************/ - - gboolean -diff --git a/src/core/dns/nm-dns-manager.h b/src/core/dns/nm-dns-manager.h -index b41bf1ccf2..b697b3e380 100644 ---- a/src/core/dns/nm-dns-manager.h -+++ b/src/core/dns/nm-dns-manager.h -@@ -148,4 +148,6 @@ char *nmtst_dns_create_resolv_conf(const char *const *searches, - const char *const *nameservers, - const char *const *options); - -+gboolean nm_dns_manager_is_unmanaged(NMDnsManager *self); -+ - #endif /* __NETWORKMANAGER_DNS_MANAGER_H__ */ -diff --git a/src/core/nm-policy.c b/src/core/nm-policy.c -index 0b7c9eddca..d9e7643fa2 100644 ---- a/src/core/nm-policy.c -+++ b/src/core/nm-policy.c -@@ -2563,11 +2563,13 @@ dns_config_changed(NMDnsManager *dns_manager, gpointer user_data) - if (priv->updating_dns) - return; - -- nm_manager_for_each_device (priv->manager, device, tmp_lst) { -- nm_device_clear_dns_lookup_data(device, "DNS configuration changed"); -- } -+ if (!nm_dns_manager_is_unmanaged(dns_manager)) { -+ nm_manager_for_each_device (priv->manager, device, tmp_lst) { -+ nm_device_clear_dns_lookup_data(device, "DNS configuration changed"); -+ } - -- update_system_hostname(self, "DNS configuration changed"); -+ update_system_hostname(self, "DNS configuration changed"); -+ } - } - - static void --- -2.41.0 - - -From 206d974bfbd3f0496d2263ec8a12ee58ce085b0e Mon Sep 17 00:00:00 2001 -From: Gris Ge -Date: Wed, 18 Oct 2023 15:03:13 +0800 -Subject: [PATCH 2/2] dispatch `dns-change` dispatcher event - -Introducing new dispatcher event -- `dns-change` which will be emitted when -DNS configuration changed(even in `dns=none` mode). This is to solve two -use cases: - * Invoke dispatch script for DNS changes triggered by the global DNS - API. - - * Do not invoke [OpenShift resolv-prepender][1] for non-DNS changes. - -Bug reference: https://issues.redhat.com/browse/RHEL-1671 - -[1]: https://github.com/openshift/machine-config-operator/blob/master/templates/common/on-prem/files/resolv-prepender.yaml - -Signed-off-by: Gris Ge -(cherry picked from commit a1db61ebc9712d1faf2ef8f1b2cb14cd819346d3) -(cherry picked from commit 3cdce71b95cea11bf409d9353c35a4dea6f33984) -(cherry picked from commit 9ae535c61a5116179ba2f775458427b93518ac49) -(cherry picked from commit e74a349e1e88e06436a6809b92faa249910daabd) ---- - man/NetworkManager-dispatcher.xml | 5 +- - src/core/nm-dispatcher.c | 51 ++++++++++++++++--- - src/core/nm-dispatcher.h | 5 +- - src/core/nm-policy.c | 2 + - src/libnm-core-aux-extern/nm-dispatcher-api.h | 1 + - src/nm-dispatcher/nm-dispatcher-utils.c | 8 ++- - 6 files changed, 60 insertions(+), 12 deletions(-) - -diff --git a/man/NetworkManager-dispatcher.xml b/man/NetworkManager-dispatcher.xml -index 4a603b1566..8a3c0b46ed 100644 ---- a/man/NetworkManager-dispatcher.xml -+++ b/man/NetworkManager-dispatcher.xml -@@ -68,8 +68,9 @@ - device an operation just happened on, and second the action. For device actions, - the interface is the name of the kernel interface suitable for IP configuration. - Thus it is either VPN_IP_IFACE, DEVICE_IP_IFACE, or DEVICE_IFACE, as applicable. -- For the hostname action the device name is always "none" -- and for connectivity-change it is empty. -+ For the hostname action the device name is always "none". -+ For connectivity-change it is empty. -+ For dns-change it is empty. - - The actions are: - -diff --git a/src/core/nm-dispatcher.c b/src/core/nm-dispatcher.c -index d3529ee4de..a0ce4de80d 100644 ---- a/src/core/nm-dispatcher.c -+++ b/src/core/nm-dispatcher.c -@@ -49,6 +49,8 @@ - } \ - G_STMT_END - -+static gboolean nm_dispatcher_need_device(NMDispatcherAction action); -+ - /*****************************************************************************/ - - struct NMDispatcherCallId { -@@ -465,7 +467,8 @@ static const char *action_table[] = {[NM_DISPATCHER_ACTION_HOSTNAME] = NMD_ - [NM_DISPATCHER_ACTION_DHCP_CHANGE_4] = NMD_ACTION_DHCP4_CHANGE, - [NM_DISPATCHER_ACTION_DHCP_CHANGE_6] = NMD_ACTION_DHCP6_CHANGE, - [NM_DISPATCHER_ACTION_CONNECTIVITY_CHANGE] = -- NMD_ACTION_CONNECTIVITY_CHANGE}; -+ NMD_ACTION_CONNECTIVITY_CHANGE, -+ [NM_DISPATCHER_ACTION_DNS_CHANGE] = NMD_ACTION_DNS_CHANGE}; - - static const char * - action_to_string(NMDispatcherAction action) -@@ -526,9 +529,7 @@ _dispatcher_call(NMDispatcherAction action, - if (G_UNLIKELY(!request_id)) - request_id = ++gl.request_id_counter; - -- /* All actions except 'hostname' and 'connectivity-change' require a device */ -- if (action == NM_DISPATCHER_ACTION_HOSTNAME -- || action == NM_DISPATCHER_ACTION_CONNECTIVITY_CHANGE) { -+ if (!nm_dispatcher_need_device(action)) { - _LOG2D(request_id, - log_ifname, - log_con_uuid, -@@ -588,9 +589,8 @@ _dispatcher_call(NMDispatcherAction action, - g_variant_builder_init(&vpn_ip4_props, G_VARIANT_TYPE_VARDICT); - g_variant_builder_init(&vpn_ip6_props, G_VARIANT_TYPE_VARDICT); - -- /* hostname and connectivity-change actions don't send device data */ -- if (action != NM_DISPATCHER_ACTION_HOSTNAME -- && action != NM_DISPATCHER_ACTION_CONNECTIVITY_CHANGE) { -+ /* hostname, DNS and connectivity-change actions don't send device data */ -+ if (nm_dispatcher_need_device(action)) { - fill_device_props(device, - &device_props, - &device_proxy_props, -@@ -921,6 +921,30 @@ nm_dispatcher_call_connectivity(NMConnectivityState connectivity_state, - out_call_id); - } - -+/** -+ * nm_dispatcher_call_dns_change(): -+ * -+ * This method does not block the caller. -+ * -+ * Returns: %TRUE if the action was dispatched, %FALSE on failure -+ */ -+gboolean -+nm_dispatcher_call_dns_change(void) -+{ -+ return _dispatcher_call(NM_DISPATCHER_ACTION_DNS_CHANGE, -+ FALSE, -+ NULL, -+ NULL, -+ NULL, -+ FALSE, -+ NM_CONNECTIVITY_UNKNOWN, -+ NULL, -+ NULL, -+ NULL, -+ NULL, -+ NULL); -+} -+ - void - nm_dispatcher_call_cancel(NMDispatcherCallId *call_id) - { -@@ -933,3 +957,16 @@ nm_dispatcher_call_cancel(NMDispatcherCallId *call_id) - _LOG3D(call_id, "cancelling dispatcher callback action"); - call_id->callback = NULL; - } -+ -+/* All actions except 'hostname', 'connectivity-change' and 'dns-change' require -+ * a device */ -+static gboolean -+nm_dispatcher_need_device(NMDispatcherAction action) -+{ -+ if (action == NM_DISPATCHER_ACTION_HOSTNAME -+ || action == NM_DISPATCHER_ACTION_CONNECTIVITY_CHANGE -+ || action == NM_DISPATCHER_ACTION_DNS_CHANGE) { -+ return FALSE; -+ } -+ return TRUE; -+} -diff --git a/src/core/nm-dispatcher.h b/src/core/nm-dispatcher.h -index 73e0599a75..50d50e9a6a 100644 ---- a/src/core/nm-dispatcher.h -+++ b/src/core/nm-dispatcher.h -@@ -21,7 +21,8 @@ typedef enum { - NM_DISPATCHER_ACTION_VPN_DOWN, - NM_DISPATCHER_ACTION_DHCP_CHANGE_4, - NM_DISPATCHER_ACTION_DHCP_CHANGE_6, -- NM_DISPATCHER_ACTION_CONNECTIVITY_CHANGE -+ NM_DISPATCHER_ACTION_CONNECTIVITY_CHANGE, -+ NM_DISPATCHER_ACTION_DNS_CHANGE, - } NMDispatcherAction; - - #define NM_DISPATCHER_ACTION_DHCP_CHANGE_X(IS_IPv4) \ -@@ -68,6 +69,8 @@ gboolean nm_dispatcher_call_connectivity(NMConnectivityState state, - gpointer user_data, - NMDispatcherCallId **out_call_id); - -+gboolean nm_dispatcher_call_dns_change(void); -+ - void nm_dispatcher_call_cancel(NMDispatcherCallId *call_id); - - #endif /* __NM_DISPATCHER_H__ */ -diff --git a/src/core/nm-policy.c b/src/core/nm-policy.c -index d9e7643fa2..9316325c68 100644 ---- a/src/core/nm-policy.c -+++ b/src/core/nm-policy.c -@@ -2570,6 +2570,8 @@ dns_config_changed(NMDnsManager *dns_manager, gpointer user_data) - - update_system_hostname(self, "DNS configuration changed"); - } -+ -+ nm_dispatcher_call_dns_change(); - } - - static void -diff --git a/src/libnm-core-aux-extern/nm-dispatcher-api.h b/src/libnm-core-aux-extern/nm-dispatcher-api.h -index 7776c84f9a..d19caa0bb5 100644 ---- a/src/libnm-core-aux-extern/nm-dispatcher-api.h -+++ b/src/libnm-core-aux-extern/nm-dispatcher-api.h -@@ -33,6 +33,7 @@ - #define NMD_ACTION_DHCP4_CHANGE "dhcp4-change" - #define NMD_ACTION_DHCP6_CHANGE "dhcp6-change" - #define NMD_ACTION_CONNECTIVITY_CHANGE "connectivity-change" -+#define NMD_ACTION_DNS_CHANGE "dns-change" - - typedef enum { - DISPATCH_RESULT_UNKNOWN = 0, -diff --git a/src/nm-dispatcher/nm-dispatcher-utils.c b/src/nm-dispatcher/nm-dispatcher-utils.c -index 74ea4e4001..f8a4c28000 100644 ---- a/src/nm-dispatcher/nm-dispatcher-utils.c -+++ b/src/nm-dispatcher/nm-dispatcher-utils.c -@@ -453,8 +453,12 @@ nm_dispatcher_utils_construct_envp(const char *action, - - items = g_ptr_array_new_with_free_func(g_free); - -- /* Hostname and connectivity changes don't require a device nor contain a connection */ -- if (NM_IN_STRSET(action, NMD_ACTION_HOSTNAME, NMD_ACTION_CONNECTIVITY_CHANGE)) -+ /* Hostname, dns and connectivity changes don't require a device nor contain -+ * a connection */ -+ if (NM_IN_STRSET(action, -+ NMD_ACTION_HOSTNAME, -+ NMD_ACTION_CONNECTIVITY_CHANGE, -+ NMD_ACTION_DNS_CHANGE)) - goto done; - - /* Connection properties */ --- -2.41.0 - diff --git a/SOURCES/1012-device-do-not-set-MAC-address-on-iface-with-index-0-rhel-16008.patch b/SOURCES/1012-device-do-not-set-MAC-address-on-iface-with-index-0-rhel-16008.patch deleted file mode 100644 index 9ea7525..0000000 --- a/SOURCES/1012-device-do-not-set-MAC-address-on-iface-with-index-0-rhel-16008.patch +++ /dev/null @@ -1,51 +0,0 @@ -From c62f49f07ed84b266427feb53469109d8878c496 Mon Sep 17 00:00:00 2001 -From: Gris Ge -Date: Wed, 12 Jul 2023 16:22:03 +0800 -Subject: [PATCH] device: do not set MAC address on iface with index <=0 - -The `nm_device_hw_addr_reset()` should only set MAC address on NIC -with valid(>0) interface index. - -The failure was found by `ovs_mtu` test of NMCI, failed to reproduce -the original problem (`ovs_mtu` test of NMCI) with 100 times retry. -And no trace log found for original test failure, hence cannot tell why -`nm_device_hw_addr_reset()` been invoked with iface index 0. - -Signed-off-by: Gris Ge -(cherry picked from commit 215bc1525501b22325c2a17090a5f911e01f06a9) -(cherry picked from commit 21f1e5cdc7d72376cdaa63112d8a134b714b2002) -(cherry picked from commit 37bd70034f7f43becf2cc64468143c5ea2666762) ---- - src/core/devices/nm-device.c | 9 ++++++++- - 1 file changed, 8 insertions(+), 1 deletion(-) - -diff --git a/src/core/devices/nm-device.c b/src/core/devices/nm-device.c -index 2ac55fa83c..5748d80393 100644 ---- a/src/core/devices/nm-device.c -+++ b/src/core/devices/nm-device.c -@@ -16859,6 +16859,7 @@ nm_device_hw_addr_reset(NMDevice *self, const char *detail) - { - NMDevicePrivate *priv; - const char *addr; -+ int ifindex; - - g_return_val_if_fail(NM_IS_DEVICE(self), FALSE); - -@@ -16868,7 +16869,13 @@ nm_device_hw_addr_reset(NMDevice *self, const char *detail) - return TRUE; - - priv->hw_addr_type = HW_ADDR_TYPE_UNSET; -- addr = nm_device_get_initial_hw_address(self); -+ -+ ifindex = nm_device_get_ip_ifindex(self); -+ if (ifindex <= 0) { -+ return TRUE; -+ } -+ -+ addr = nm_device_get_initial_hw_address(self); - if (!addr) { - /* as hw_addr_type is not UNSET, we expect that we can get an - * initial address to which to reset. */ --- -2.41.0 - diff --git a/SOURCES/1013-fix-matching-existing-connection-by-UUID-on-restart-rhel-5119.patch b/SOURCES/1013-fix-matching-existing-connection-by-UUID-on-restart-rhel-5119.patch deleted file mode 100644 index 063f944..0000000 --- a/SOURCES/1013-fix-matching-existing-connection-by-UUID-on-restart-rhel-5119.patch +++ /dev/null @@ -1,822 +0,0 @@ -From e49026b4856fd492eb6e30a18133414841eeb609 Mon Sep 17 00:00:00 2001 -From: Thomas Haller -Date: Wed, 3 May 2023 11:43:33 +0200 -Subject: [PATCH 1/5] libnm/trivial: rename internal connection-get-setting - methods - -This function will be exposed on the internal header. Rename to -_nm_connection_get_setting_by_metatype(). - -(cherry picked from commit 27cbf584bdb7451e196b03b706c4c4dfa266ba3e) -(cherry picked from commit c194db5755f18b3fd55a9a7b4b4d25882f05ce05) -(cherry picked from commit 39227612384c08da845a7d97a87de3b10277320a) ---- - src/libnm-core-impl/nm-connection.c | 81 ++++++++++++++--------------- - 1 file changed, 40 insertions(+), 41 deletions(-) - -diff --git a/src/libnm-core-impl/nm-connection.c b/src/libnm-core-impl/nm-connection.c -index 67a9034dcc..fc4bc51c17 100644 ---- a/src/libnm-core-impl/nm-connection.c -+++ b/src/libnm-core-impl/nm-connection.c -@@ -339,7 +339,7 @@ _connection_get_setting_check(NMConnection *connection, GType setting_type) - } - - static gpointer --_connection_get_setting_by_meta_type_check(NMConnection *connection, NMMetaSettingType meta_type) -+_nm_connection_get_setting_by_metatype(NMConnection *connection, NMMetaSettingType meta_type) - { - g_return_val_if_fail(NM_IS_CONNECTION(connection), NULL); - -@@ -3231,7 +3231,7 @@ nm_connection_get_virtual_device_description(NMConnection *connection) - NMSetting8021x * - nm_connection_get_setting_802_1x(NMConnection *connection) - { -- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_802_1X); -+ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_802_1X); - } - - /** -@@ -3245,7 +3245,7 @@ nm_connection_get_setting_802_1x(NMConnection *connection) - NMSettingBluetooth * - nm_connection_get_setting_bluetooth(NMConnection *connection) - { -- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_BLUETOOTH); -+ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_BLUETOOTH); - } - - /** -@@ -3259,7 +3259,7 @@ nm_connection_get_setting_bluetooth(NMConnection *connection) - NMSettingBond * - nm_connection_get_setting_bond(NMConnection *connection) - { -- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_BOND); -+ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_BOND); - } - - /** -@@ -3273,7 +3273,7 @@ nm_connection_get_setting_bond(NMConnection *connection) - NMSettingTeam * - nm_connection_get_setting_team(NMConnection *connection) - { -- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_TEAM); -+ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_TEAM); - } - - /** -@@ -3287,7 +3287,7 @@ nm_connection_get_setting_team(NMConnection *connection) - NMSettingTeamPort * - nm_connection_get_setting_team_port(NMConnection *connection) - { -- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_TEAM_PORT); -+ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_TEAM_PORT); - } - - /** -@@ -3301,7 +3301,7 @@ nm_connection_get_setting_team_port(NMConnection *connection) - NMSettingBridge * - nm_connection_get_setting_bridge(NMConnection *connection) - { -- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_BRIDGE); -+ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_BRIDGE); - } - - /** -@@ -3315,7 +3315,7 @@ nm_connection_get_setting_bridge(NMConnection *connection) - NMSettingCdma * - nm_connection_get_setting_cdma(NMConnection *connection) - { -- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_CDMA); -+ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_CDMA); - } - - /** -@@ -3329,7 +3329,7 @@ nm_connection_get_setting_cdma(NMConnection *connection) - NMSettingConnection * - nm_connection_get_setting_connection(NMConnection *connection) - { -- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_CONNECTION); -+ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_CONNECTION); - } - - /** -@@ -3343,7 +3343,7 @@ nm_connection_get_setting_connection(NMConnection *connection) - NMSettingDcb * - nm_connection_get_setting_dcb(NMConnection *connection) - { -- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_DCB); -+ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_DCB); - } - - /** -@@ -3359,7 +3359,7 @@ nm_connection_get_setting_dcb(NMConnection *connection) - NMSettingDummy * - nm_connection_get_setting_dummy(NMConnection *connection) - { -- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_DUMMY); -+ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_DUMMY); - } - - /** -@@ -3373,7 +3373,7 @@ nm_connection_get_setting_dummy(NMConnection *connection) - NMSettingGeneric * - nm_connection_get_setting_generic(NMConnection *connection) - { -- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_GENERIC); -+ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_GENERIC); - } - - /** -@@ -3387,7 +3387,7 @@ nm_connection_get_setting_generic(NMConnection *connection) - NMSettingGsm * - nm_connection_get_setting_gsm(NMConnection *connection) - { -- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_GSM); -+ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_GSM); - } - - /** -@@ -3401,7 +3401,7 @@ nm_connection_get_setting_gsm(NMConnection *connection) - NMSettingInfiniband * - nm_connection_get_setting_infiniband(NMConnection *connection) - { -- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_INFINIBAND); -+ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_INFINIBAND); - } - - /** -@@ -3420,7 +3420,7 @@ nm_connection_get_setting_infiniband(NMConnection *connection) - NMSettingIPConfig * - nm_connection_get_setting_ip4_config(NMConnection *connection) - { -- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_IP4_CONFIG); -+ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_IP4_CONFIG); - } - - /** -@@ -3436,7 +3436,7 @@ nm_connection_get_setting_ip4_config(NMConnection *connection) - NMSettingIPTunnel * - nm_connection_get_setting_ip_tunnel(NMConnection *connection) - { -- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_IP_TUNNEL); -+ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_IP_TUNNEL); - } - - /** -@@ -3455,7 +3455,7 @@ nm_connection_get_setting_ip_tunnel(NMConnection *connection) - NMSettingIPConfig * - nm_connection_get_setting_ip6_config(NMConnection *connection) - { -- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_IP6_CONFIG); -+ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_IP6_CONFIG); - } - - /** -@@ -3471,7 +3471,7 @@ nm_connection_get_setting_ip6_config(NMConnection *connection) - NMSettingMacsec * - nm_connection_get_setting_macsec(NMConnection *connection) - { -- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_MACSEC); -+ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_MACSEC); - } - - /** -@@ -3487,7 +3487,7 @@ nm_connection_get_setting_macsec(NMConnection *connection) - NMSettingMacvlan * - nm_connection_get_setting_macvlan(NMConnection *connection) - { -- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_MACVLAN); -+ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_MACVLAN); - } - - /** -@@ -3501,7 +3501,7 @@ nm_connection_get_setting_macvlan(NMConnection *connection) - NMSettingOlpcMesh * - nm_connection_get_setting_olpc_mesh(NMConnection *connection) - { -- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_OLPC_MESH); -+ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_OLPC_MESH); - } - - /** -@@ -3517,7 +3517,7 @@ nm_connection_get_setting_olpc_mesh(NMConnection *connection) - NMSettingOvsBridge * - nm_connection_get_setting_ovs_bridge(NMConnection *connection) - { -- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_OVS_BRIDGE); -+ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_OVS_BRIDGE); - } - - /** -@@ -3533,8 +3533,7 @@ nm_connection_get_setting_ovs_bridge(NMConnection *connection) - NMSettingOvsInterface * - nm_connection_get_setting_ovs_interface(NMConnection *connection) - { -- return _connection_get_setting_by_meta_type_check(connection, -- NM_META_SETTING_TYPE_OVS_INTERFACE); -+ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_OVS_INTERFACE); - } - - /** -@@ -3550,7 +3549,7 @@ nm_connection_get_setting_ovs_interface(NMConnection *connection) - NMSettingOvsPatch * - nm_connection_get_setting_ovs_patch(NMConnection *connection) - { -- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_OVS_PATCH); -+ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_OVS_PATCH); - } - - /** -@@ -3566,7 +3565,7 @@ nm_connection_get_setting_ovs_patch(NMConnection *connection) - NMSettingOvsPort * - nm_connection_get_setting_ovs_port(NMConnection *connection) - { -- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_OVS_PORT); -+ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_OVS_PORT); - } - - /** -@@ -3580,7 +3579,7 @@ nm_connection_get_setting_ovs_port(NMConnection *connection) - NMSettingPpp * - nm_connection_get_setting_ppp(NMConnection *connection) - { -- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_PPP); -+ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_PPP); - } - - /** -@@ -3594,7 +3593,7 @@ nm_connection_get_setting_ppp(NMConnection *connection) - NMSettingPppoe * - nm_connection_get_setting_pppoe(NMConnection *connection) - { -- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_PPPOE); -+ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_PPPOE); - } - - /** -@@ -3610,7 +3609,7 @@ nm_connection_get_setting_pppoe(NMConnection *connection) - NMSettingProxy * - nm_connection_get_setting_proxy(NMConnection *connection) - { -- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_PROXY); -+ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_PROXY); - } - - /** -@@ -3624,7 +3623,7 @@ nm_connection_get_setting_proxy(NMConnection *connection) - NMSettingSerial * - nm_connection_get_setting_serial(NMConnection *connection) - { -- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_SERIAL); -+ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_SERIAL); - } - - /** -@@ -3640,7 +3639,7 @@ nm_connection_get_setting_serial(NMConnection *connection) - NMSettingTCConfig * - nm_connection_get_setting_tc_config(NMConnection *connection) - { -- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_TC_CONFIG); -+ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_TC_CONFIG); - } - - /** -@@ -3656,7 +3655,7 @@ nm_connection_get_setting_tc_config(NMConnection *connection) - NMSettingTun * - nm_connection_get_setting_tun(NMConnection *connection) - { -- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_TUN); -+ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_TUN); - } - - /** -@@ -3670,7 +3669,7 @@ nm_connection_get_setting_tun(NMConnection *connection) - NMSettingVpn * - nm_connection_get_setting_vpn(NMConnection *connection) - { -- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_VPN); -+ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_VPN); - } - - /** -@@ -3686,7 +3685,7 @@ nm_connection_get_setting_vpn(NMConnection *connection) - NMSettingVxlan * - nm_connection_get_setting_vxlan(NMConnection *connection) - { -- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_VXLAN); -+ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_VXLAN); - } - - /** -@@ -3700,7 +3699,7 @@ nm_connection_get_setting_vxlan(NMConnection *connection) - NMSettingWimax * - nm_connection_get_setting_wimax(NMConnection *connection) - { -- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_WIMAX); -+ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_WIMAX); - } - - /** -@@ -3714,7 +3713,7 @@ nm_connection_get_setting_wimax(NMConnection *connection) - NMSettingWired * - nm_connection_get_setting_wired(NMConnection *connection) - { -- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_WIRED); -+ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_WIRED); - } - - /** -@@ -3728,7 +3727,7 @@ nm_connection_get_setting_wired(NMConnection *connection) - NMSettingAdsl * - nm_connection_get_setting_adsl(NMConnection *connection) - { -- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_ADSL); -+ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_ADSL); - } - - /** -@@ -3742,7 +3741,7 @@ nm_connection_get_setting_adsl(NMConnection *connection) - NMSettingWireless * - nm_connection_get_setting_wireless(NMConnection *connection) - { -- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_WIRELESS); -+ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_WIRELESS); - } - - /** -@@ -3756,8 +3755,8 @@ nm_connection_get_setting_wireless(NMConnection *connection) - NMSettingWirelessSecurity * - nm_connection_get_setting_wireless_security(NMConnection *connection) - { -- return _connection_get_setting_by_meta_type_check(connection, -- NM_META_SETTING_TYPE_WIRELESS_SECURITY); -+ return _nm_connection_get_setting_by_metatype(connection, -+ NM_META_SETTING_TYPE_WIRELESS_SECURITY); - } - - /** -@@ -3771,7 +3770,7 @@ nm_connection_get_setting_wireless_security(NMConnection *connection) - NMSettingBridgePort * - nm_connection_get_setting_bridge_port(NMConnection *connection) - { -- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_BRIDGE_PORT); -+ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_BRIDGE_PORT); - } - - /** -@@ -3785,7 +3784,7 @@ nm_connection_get_setting_bridge_port(NMConnection *connection) - NMSettingVlan * - nm_connection_get_setting_vlan(NMConnection *connection) - { -- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_VLAN); -+ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_VLAN); - } - - NMSettingBluetooth * --- -2.41.0 - - -From 15f0394acf2b0866190a3f603150a7e1ee96833c Mon Sep 17 00:00:00 2001 -From: Thomas Haller -Date: Thu, 4 May 2023 11:34:58 +0200 -Subject: [PATCH 2/5] libnm: cleanup redundant nm_connection_get_setting - functions - -Refactor and cleanup the functions to get a setting from a connection. - -As the NMConnection tracks the settings in an array indexed by -NMMetaSettingType, the most direct and efficient way is to look up via -that enum. - -Previously, nm_connection_get_setting_by_name() would first look up the GType -(which already involved looking up the NMMetaSettingInfo), then based on the -GType it would look up the NMMetaSettingInfo again to get the meta_type. That -is unnecessary. Directly look up the NMMetaSettingInfo, which directly -gives the meta_type. - -(cherry picked from commit c60a4649b80e03f5b50e5d94f3d8c7c71c079af9) -(cherry picked from commit eebbd362701abb52d29a84f02ab57d81742e97ea) -(cherry picked from commit 58fd65c37e4eb2516faec22ea345457a59cfa9d7) ---- - src/libnm-core-impl/nm-connection.c | 76 +++++++++++++---------------- - src/libnm-core-impl/nm-setting.c | 4 ++ - 2 files changed, 37 insertions(+), 43 deletions(-) - -diff --git a/src/libnm-core-impl/nm-connection.c b/src/libnm-core-impl/nm-connection.c -index fc4bc51c17..08eab900d8 100644 ---- a/src/libnm-core-impl/nm-connection.c -+++ b/src/libnm-core-impl/nm-connection.c -@@ -302,26 +302,7 @@ nm_connection_remove_setting(NMConnection *connection, GType setting_type) - } - - static gpointer --_connection_get_setting(NMConnection *connection, GType setting_type) --{ -- NMSetting *setting; -- const NMMetaSettingInfo *setting_info; -- -- nm_assert(NM_IS_CONNECTION(connection)); -- nm_assert(g_type_is_a(setting_type, NM_TYPE_SETTING)); -- -- setting_info = _nm_meta_setting_info_from_gtype(setting_type); -- if (!setting_info) -- g_return_val_if_reached(NULL); -- -- setting = NM_CONNECTION_GET_PRIVATE(connection)->settings[setting_info->meta_type]; -- -- nm_assert(!setting || G_TYPE_CHECK_INSTANCE_TYPE(setting, setting_type)); -- return setting; --} -- --static gpointer --_connection_get_setting_by_meta_type(NMConnectionPrivate *priv, NMMetaSettingType meta_type) -+_get_setting_by_metatype(NMConnectionPrivate *priv, NMMetaSettingType meta_type) - { - nm_assert(priv); - nm_assert(_NM_INT_NOT_NEGATIVE(meta_type)); -@@ -330,20 +311,12 @@ _connection_get_setting_by_meta_type(NMConnectionPrivate *priv, NMMetaSettingTyp - return priv->settings[meta_type]; - } - --static gpointer --_connection_get_setting_check(NMConnection *connection, GType setting_type) --{ -- g_return_val_if_fail(NM_IS_CONNECTION(connection), NULL); -- -- return _connection_get_setting(connection, setting_type); --} -- - static gpointer - _nm_connection_get_setting_by_metatype(NMConnection *connection, NMMetaSettingType meta_type) - { - g_return_val_if_fail(NM_IS_CONNECTION(connection), NULL); - -- return _connection_get_setting_by_meta_type(NM_CONNECTION_GET_PRIVATE(connection), meta_type); -+ return _get_setting_by_metatype(NM_CONNECTION_GET_PRIVATE(connection), meta_type); - } - - /** -@@ -360,19 +333,34 @@ _nm_connection_get_setting_by_metatype(NMConnection *connection, NMMetaSettingTy - NMSetting * - nm_connection_get_setting(NMConnection *connection, GType setting_type) - { -- g_return_val_if_fail(g_type_is_a(setting_type, NM_TYPE_SETTING), NULL); -+ NMSetting *setting; -+ const NMMetaSettingInfo *setting_info; -+ -+ g_return_val_if_fail(NM_IS_CONNECTION(connection), NULL); -+ -+ setting_info = _nm_meta_setting_info_from_gtype(setting_type); -+ -+ if (!setting_info) -+ g_return_val_if_reached(NULL); -+ -+ setting = NM_CONNECTION_GET_PRIVATE(connection)->settings[setting_info->meta_type]; -+ -+ nm_assert(!setting || G_TYPE_CHECK_INSTANCE_TYPE(setting, setting_type)); - -- return _connection_get_setting_check(connection, setting_type); -+ return setting; - } - - NMSettingIPConfig * - nm_connection_get_setting_ip_config(NMConnection *connection, int addr_family) - { -+ g_return_val_if_fail(NM_IS_CONNECTION(connection), NULL); -+ - nm_assert_addr_family(addr_family); - -- return NM_SETTING_IP_CONFIG(_connection_get_setting( -- connection, -- (addr_family == AF_INET) ? NM_TYPE_SETTING_IP4_CONFIG : NM_TYPE_SETTING_IP6_CONFIG)); -+ return NM_SETTING_IP_CONFIG(_get_setting_by_metatype(NM_CONNECTION_GET_PRIVATE(connection), -+ (addr_family == AF_INET) -+ ? NM_META_SETTING_TYPE_IP4_CONFIG -+ : NM_META_SETTING_TYPE_IP6_CONFIG)); - } - - /** -@@ -389,12 +377,14 @@ nm_connection_get_setting_ip_config(NMConnection *connection, int addr_family) - NMSetting * - nm_connection_get_setting_by_name(NMConnection *connection, const char *name) - { -- GType type; -+ const NMMetaSettingInfo *setting_info; - - g_return_val_if_fail(NM_IS_CONNECTION(connection), NULL); - -- type = nm_setting_lookup_type(name); -- return type ? _connection_get_setting(connection, type) : NULL; -+ setting_info = nm_meta_setting_infos_by_name(name); -+ return setting_info ? _get_setting_by_metatype(NM_CONNECTION_GET_PRIVATE(connection), -+ setting_info->meta_type) -+ : NULL; - } - - /*****************************************************************************/ -@@ -1672,8 +1662,8 @@ _normalize_802_1x_empty_strings(NMConnection *self) - NMSetting8021x *s_8021x; - gboolean changed = FALSE; - -- s_8021x = _connection_get_setting_by_meta_type(NM_CONNECTION_GET_PRIVATE(self), -- NM_META_SETTING_TYPE_802_1X); -+ s_8021x = -+ _get_setting_by_metatype(NM_CONNECTION_GET_PRIVATE(self), NM_META_SETTING_TYPE_802_1X); - if (!s_8021x) - return FALSE; - -@@ -1823,7 +1813,7 @@ _nm_connection_verify(NMConnection *connection, GError **error) - - priv = NM_CONNECTION_GET_PRIVATE(connection); - -- if (!_connection_get_setting_by_meta_type(priv, NM_META_SETTING_TYPE_CONNECTION)) { -+ if (!_get_setting_by_metatype(priv, NM_META_SETTING_TYPE_CONNECTION)) { - g_set_error_literal(error, - NM_CONNECTION_ERROR, - NM_CONNECTION_ERROR_MISSING_SETTING, -@@ -1868,9 +1858,9 @@ _nm_connection_verify(NMConnection *connection, GError **error) - g_clear_error(&verify_error); - } - -- s_ip4 = _connection_get_setting_by_meta_type(priv, NM_META_SETTING_TYPE_IP4_CONFIG); -- s_ip6 = _connection_get_setting_by_meta_type(priv, NM_META_SETTING_TYPE_IP6_CONFIG); -- s_proxy = _connection_get_setting_by_meta_type(priv, NM_META_SETTING_TYPE_PROXY); -+ s_ip4 = _get_setting_by_metatype(priv, NM_META_SETTING_TYPE_IP4_CONFIG); -+ s_ip6 = _get_setting_by_metatype(priv, NM_META_SETTING_TYPE_IP6_CONFIG); -+ s_proxy = _get_setting_by_metatype(priv, NM_META_SETTING_TYPE_PROXY); - - nm_assert(normalizable_error_type != NM_SETTING_VERIFY_ERROR); - if (NM_IN_SET(normalizable_error_type, -diff --git a/src/libnm-core-impl/nm-setting.c b/src/libnm-core-impl/nm-setting.c -index b6f721371f..a4404ba87b 100644 ---- a/src/libnm-core-impl/nm-setting.c -+++ b/src/libnm-core-impl/nm-setting.c -@@ -110,6 +110,10 @@ nm_setting_lookup_type(const char *name) - { - const NMMetaSettingInfo *setting_info; - -+ /* various callers check whether the result is valid with plain `if (gtype)`. -+ * Assert that G_TYPE_INVALID is zero. */ -+ G_STATIC_ASSERT(G_TYPE_INVALID == 0); -+ - g_return_val_if_fail(name, G_TYPE_INVALID); - - setting_info = nm_meta_setting_infos_by_name(name); --- -2.41.0 - - -From fdf8ad3fdd8ddf03f8acd85a3e8eb4af67722699 Mon Sep 17 00:00:00 2001 -From: Thomas Haller -Date: Wed, 3 May 2023 12:01:14 +0200 -Subject: [PATCH 3/5] libnm: expose _nm_connection_get_setting_by_metatype() in - internal header - -We have several variants to get the NMSetting from an NMConnection. Some -of them are public API (nm_connection_get_setting(), nm_connection_get_setting_by_name()). - -The most efficient way is lookup by NMMetaSettingType. Expose that as -internal API, so it can be used. The NMMetaSettingType is internal, but -it exists because it's a very useful enum. Allow others to make use of -it. - -Also, add a static assert which prevents various wrong uses at compile -time, for example - - _nm_connection_get_setting_by_metatype(connection, NM_TYPE_SETTING_CONNECTION) - -(cherry picked from commit db5946ac2fc349269835b18c37f1df35ac326cda) -(cherry picked from commit 50b6c2d622f66d2fef187c6da1498b091f34df20) -(cherry picked from commit 1cd4f675c888a7d01f4920a07b4eab838fed8a2f) ---- - src/libnm-core-impl/nm-connection.c | 7 +++++-- - src/libnm-core-intern/nm-core-internal.h | 14 ++++++++++++++ - 2 files changed, 19 insertions(+), 2 deletions(-) - -diff --git a/src/libnm-core-impl/nm-connection.c b/src/libnm-core-impl/nm-connection.c -index 08eab900d8..9d94cf56cc 100644 ---- a/src/libnm-core-impl/nm-connection.c -+++ b/src/libnm-core-impl/nm-connection.c -@@ -311,8 +311,11 @@ _get_setting_by_metatype(NMConnectionPrivate *priv, NMMetaSettingType meta_type) - return priv->settings[meta_type]; - } - --static gpointer --_nm_connection_get_setting_by_metatype(NMConnection *connection, NMMetaSettingType meta_type) -+/* The "unsafe" part here is that _nm_connection_get_setting_by_metatype() has a compile -+ * time check that meta_type is valid. With the unsafe variant, the caller must ensure that, -+ * and we only get an nm_assert() check -- which is basically nothing. */ -+gpointer -+_nm_connection_get_setting_by_metatype_unsafe(NMConnection *connection, NMMetaSettingType meta_type) - { - g_return_val_if_fail(NM_IS_CONNECTION(connection), NULL); - -diff --git a/src/libnm-core-intern/nm-core-internal.h b/src/libnm-core-intern/nm-core-internal.h -index 1857e03bbd..695cd75c04 100644 ---- a/src/libnm-core-intern/nm-core-internal.h -+++ b/src/libnm-core-intern/nm-core-internal.h -@@ -479,6 +479,20 @@ _nm_connection_get_setting(NMConnection *connection, GType type) - return (gpointer) nm_connection_get_setting(connection, type); - } - -+gpointer _nm_connection_get_setting_by_metatype_unsafe(NMConnection *connection, -+ NMMetaSettingType meta_type); -+ -+/* This variant is the most efficient one, because it does not require resolving a -+ * name/GType first. The NMMetaSettingType enum allows for a direct lookup. */ -+#define _nm_connection_get_setting_by_metatype(connection, meta_type) \ -+ ({ \ -+ /* Static assert that meta_type is in the valid range. If you don't want that, -+ * because the argument is no a compile time constant, use _nm_connection_get_setting_by_metatype_unsafe(). */ \ -+ G_STATIC_ASSERT((meta_type) < _NM_META_SETTING_TYPE_NUM && ((int) meta_type) >= 0); \ -+ \ -+ _nm_connection_get_setting_by_metatype_unsafe((connection), (meta_type)); \ -+ }) -+ - NMSettingIPConfig *nm_connection_get_setting_ip_config(NMConnection *connection, int addr_family); - - /*****************************************************************************/ --- -2.41.0 - - -From 0a8007057e5075df95a5dfc7ebb35269a2e99266 Mon Sep 17 00:00:00 2001 -From: Thomas Haller -Date: Wed, 3 May 2023 12:15:47 +0200 -Subject: [PATCH 4/5] core: add nm_settings_connection_get_setting() helper - -For efficiently and conveniently lookup an NMSetting from the -NMConnection inside the NMSettingsConnection. - -Note that this uses the NMMetaSettingType as lookup key. That is a novel -approach, compared to lookup by name (nm_connection_get_setting_by_name()) -or GType (nm_connection_get_setting()). - -Using the NMMetaSettingType enum is however faster, because it does not -require resolving the name/GType first. This is perfecly fine internal API, -we should use it. - -(cherry picked from commit 429cf416fd12f14d3a5639d7890f0d334c5e9328) -(cherry picked from commit 10e493bbe82ce06bd217a148fb0a6e531c8ee0a6) -(cherry picked from commit c2cf898c19627f7ec6ea645206d76a19b5821a07) ---- - src/core/settings/nm-settings-connection.c | 14 ++++++++++++++ - src/core/settings/nm-settings-connection.h | 4 ++++ - 2 files changed, 18 insertions(+) - -diff --git a/src/core/settings/nm-settings-connection.c b/src/core/settings/nm-settings-connection.c -index 1638efcd7e..c0137637ab 100644 ---- a/src/core/settings/nm-settings-connection.c -+++ b/src/core/settings/nm-settings-connection.c -@@ -361,6 +361,20 @@ nm_settings_connection_get_connection(NMSettingsConnection *self) - return NM_SETTINGS_CONNECTION_GET_PRIVATE(self)->connection; - } - -+gpointer -+nm_settings_connection_get_setting(NMSettingsConnection *self, NMMetaSettingType meta_type) -+{ -+ NMConnection *connection; -+ -+ nm_assert(NM_IS_SETTINGS_CONNECTION(self)); -+ -+ connection = NM_SETTINGS_CONNECTION_GET_PRIVATE(self)->connection; -+ -+ nm_assert(NM_IS_SIMPLE_CONNECTION(connection)); -+ -+ return _nm_connection_get_setting_by_metatype_unsafe(connection, meta_type); -+} -+ - void - _nm_settings_connection_set_connection(NMSettingsConnection *self, - NMConnection *new_connection, -diff --git a/src/core/settings/nm-settings-connection.h b/src/core/settings/nm-settings-connection.h -index 893b0d7b74..68d75ab6f4 100644 ---- a/src/core/settings/nm-settings-connection.h -+++ b/src/core/settings/nm-settings-connection.h -@@ -7,6 +7,8 @@ - #ifndef __NETWORKMANAGER_SETTINGS_CONNECTION_H__ - #define __NETWORKMANAGER_SETTINGS_CONNECTION_H__ - -+#include "libnm-core-intern/nm-meta-setting-base.h" -+ - #include "nm-dbus-object.h" - #include "nm-connection.h" - -@@ -218,6 +220,8 @@ GType nm_settings_connection_get_type(void); - NMSettingsConnection *nm_settings_connection_new(void); - - NMConnection *nm_settings_connection_get_connection(NMSettingsConnection *self); -+gpointer nm_settings_connection_get_setting(NMSettingsConnection *self, -+ NMMetaSettingType meta_type); - - void _nm_settings_connection_set_connection(NMSettingsConnection *self, - NMConnection *new_connection, --- -2.41.0 - - -From 3608f7e2bbdd0e49450c55a7fbf882d360edfd74 Mon Sep 17 00:00:00 2001 -From: Fernando Fernandez Mancera -Date: Tue, 4 Jul 2023 12:50:29 +0200 -Subject: [PATCH 5/5] utils: extend connection matching function for UUID in - controller - -When matching two connections one might be using UUID and the other one -could be using interface-name for the controller property. When -recovering from a fresh start NM does not have any context and when -generating a connection we are using UUID as the controller. - -It is always hard to guess what is the right candidate to pick but at -least something NM can do is checking if the UUID matches a connection -with the same controller interface-name. If there are no other -conflicts, then we can assume that is a good canditate to activate. - -This is a follow up to `dc254f90e2b306700a0b81f7194e9b0438c62f4c`. - -https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1684 -(cherry picked from commit 5b8fdd25ab431dd1318eff00e725448f7c699a30) -(cherry picked from commit 5ca93db6928d7bbeb5ae378512843877359f06ba) -(cherry picked from commit 8c0f262549d5ab34fd06ec0594d0e8fab58fef70) ---- - src/core/NetworkManagerUtils.c | 51 ++++++++++++++++++++++++++++++++++ - 1 file changed, 51 insertions(+) - -diff --git a/src/core/NetworkManagerUtils.c b/src/core/NetworkManagerUtils.c -index f5b7666b0e..c58433e76d 100644 ---- a/src/core/NetworkManagerUtils.c -+++ b/src/core/NetworkManagerUtils.c -@@ -23,6 +23,7 @@ - #include "nm-setting-connection.h" - #include "nm-setting-ip4-config.h" - #include "nm-setting-ip6-config.h" -+#include "settings/nm-settings.h" - #include "libnm-core-intern/nm-core-internal.h" - #include "libnm-platform/nmp-object.h" - -@@ -683,6 +684,53 @@ check_connection_cloned_mac_address(NMConnection *orig, - return FALSE; - } - -+static gboolean -+check_connection_controller(NMConnection *orig, NMConnection *candidate, GHashTable *settings) -+{ -+ GHashTable *props; -+ const char *orig_controller = NULL, *cand_controller = NULL; -+ NMSettingConnection *s_con_orig, *s_con_cand, *s_con_controller; -+ NMSettingsConnection *con_controller; -+ -+ props = check_property_in_hash(settings, -+ NM_SETTING_CONNECTION_SETTING_NAME, -+ NM_SETTING_CONNECTION_MASTER); -+ if (!props) -+ return TRUE; -+ -+ s_con_orig = nm_connection_get_setting_connection(orig); -+ s_con_cand = nm_connection_get_setting_connection(candidate); -+ orig_controller = nm_setting_connection_get_master(s_con_orig); -+ cand_controller = nm_setting_connection_get_master(s_con_cand); -+ -+ /* A generated connection uses the UUID to specify the controller. Accept -+ * candidates that specify as controller an interface name matching that -+ * UUID */ -+ if (orig_controller && cand_controller) { -+ if (nm_utils_is_uuid(orig_controller)) { -+ con_controller = nm_settings_get_connection_by_uuid(NM_SETTINGS_GET, orig_controller); -+ /* no connection found for that uuid */ -+ if (!con_controller) -+ return FALSE; -+ -+ s_con_controller = -+ nm_settings_connection_get_setting(con_controller, NM_META_SETTING_TYPE_CONNECTION); -+ if (nm_streq0(nm_setting_connection_get_interface_name(s_con_controller), -+ cand_controller)) { -+ remove_from_hash(settings, -+ props, -+ NM_SETTING_CONNECTION_SETTING_NAME, -+ NM_SETTING_CONNECTION_MASTER); -+ return TRUE; -+ } else { -+ return FALSE; -+ } -+ } -+ } -+ -+ return FALSE; -+} -+ - static gboolean - check_connection_s390_props(NMConnection *orig, NMConnection *candidate, GHashTable *settings) - { -@@ -764,6 +812,9 @@ check_possible_match(NMConnection *orig, - if (!check_connection_cloned_mac_address(orig, candidate, settings)) - return NULL; - -+ if (!check_connection_controller(orig, candidate, settings)) -+ return NULL; -+ - if (!check_connection_s390_props(orig, candidate, settings)) - return NULL; - --- -2.41.0 - diff --git a/SOURCES/1014-device-disable-IPv6-in-NetworkManager-when-disabled-rhel-10450.patch b/SOURCES/1014-device-disable-IPv6-in-NetworkManager-when-disabled-rhel-10450.patch deleted file mode 100644 index ac0f5d7..0000000 --- a/SOURCES/1014-device-disable-IPv6-in-NetworkManager-when-disabled-rhel-10450.patch +++ /dev/null @@ -1,130 +0,0 @@ -From f240f3d6d901b78fd50b945f08aa4f9d39625c4e Mon Sep 17 00:00:00 2001 -From: Yuki Inoguchi -Date: Tue, 10 Oct 2023 17:50:37 +0900 -Subject: [PATCH] device: disable IPv6 in NetworkManager when disabled in - kernel - -When IPv6 is disabled in kernel but ipv6.method is set to auto, NetworkManager repeatedly attempts -IPv6 configuration internally, resulting in unnecessary warning messages being output infinitely. - - platform-linux: do-add-ip6-address[2: fe80::5054:ff:fe7c:4293]: failure 95 (Operation not supported) - ipv6ll[e898db403d9b5099,ifindex=2]: changed: no IPv6 link local address to retry after Duplicate Address Detection failures (back off) - platform-linux: do-add-ip6-address[2: fe80::5054:ff:fe7c:4293]: failure 95 (Operation not supported) - ipv6ll[e898db403d9b5099,ifindex=2]: changed: no IPv6 link local address to retry after Duplicate Address Detection failures (back off) - platform-linux: do-add-ip6-address[2: fe80::5054:ff:fe7c:4293]: failure 95 (Operation not supported) - ipv6ll[e898db403d9b5099,ifindex=2]: changed: no IPv6 link local address to retry after Duplicate Address Detection failures (back off) - -To prevent this issue, let's disable IPv6 in NetworkManager when it is disabled in the kernel. - -In order to do it in activate_stage3_ip_config() only once during activation, -the firewall initialization needed to be moved earlier. Otherwise, the IPv6 disablement could occur -twice during activation because activate_stage3_ip_config() is also executed from subsequent of fw_change_zone(). - -(cherry picked from commit 50a6386c3ba6ae9b0501e56bd78fd141636770a7) -(cherry picked from commit 4a9cf4c1dd972de11a2d7c6b0dd8328b2dc24f69) -(cherry picked from commit ffef5a47489ee65122a0c532fffdc77707d68231) -Solved some conflicts due to missing 61e1027cc783 ('device: preserve the DHCP lease during reapply') -(cherry picked from commit f407868ee25c06f9a41c72ecd54e83dd4317b4fe) ---- - src/core/devices/nm-device.c | 63 +++++++++++++++++++----------------- - 1 file changed, 33 insertions(+), 30 deletions(-) - -diff --git a/src/core/devices/nm-device.c b/src/core/devices/nm-device.c -index 5748d80393..e54942440f 100644 ---- a/src/core/devices/nm-device.c -+++ b/src/core/devices/nm-device.c -@@ -11556,16 +11556,8 @@ _dev_ipac6_start(NMDevice *self) - NMUtilsIPv6IfaceId iid; - gboolean is_token; - -- if (priv->ipac6_data.state == NM_DEVICE_IP_STATE_NONE) { -- if (!g_file_test("/proc/sys/net/ipv6", G_FILE_TEST_IS_DIR)) { -- _LOGI_ipac6("addrconf6: kernel does not support IPv6"); -- _dev_ipac6_set_state(self, NM_DEVICE_IP_STATE_FAILED); -- _dev_ip_state_check_async(self, AF_INET6); -- return; -- } -- -+ if (priv->ipac6_data.state == NM_DEVICE_IP_STATE_NONE) - _dev_ipac6_set_state(self, NM_DEVICE_IP_STATE_PENDING); -- } - - if (NM_IN_SET(priv->ipll_data_6.state, NM_DEVICE_IP_STATE_NONE, NM_DEVICE_IP_STATE_PENDING)) { - _dev_ipac6_grace_period_start(self, 30, TRUE); -@@ -12092,15 +12084,6 @@ activate_stage3_ip_config(NMDevice *self) - - ifindex = nm_device_get_ip_ifindex(self); - -- if (priv->ip_data_4.do_reapply) { -- _LOGD_ip(AF_INET, "reapply..."); -- _cleanup_ip_pre(self, AF_INET, CLEANUP_TYPE_DECONFIGURE, TRUE); -- } -- if (priv->ip_data_6.do_reapply) { -- _LOGD_ip(AF_INET6, "reapply..."); -- _cleanup_ip_pre(self, AF_INET6, CLEANUP_TYPE_DECONFIGURE, TRUE); -- } -- - /* Add the interface to the specified firewall zone */ - switch (priv->fw_state) { - case FIREWALL_STATE_UNMANAGED: -@@ -12125,6 +12108,38 @@ activate_stage3_ip_config(NMDevice *self) - } - nm_assert(ifindex <= 0 || priv->fw_state == FIREWALL_STATE_INITIALIZED); - -+ ipv4_method = nm_device_get_effective_ip_config_method(self, AF_INET); -+ if (nm_streq(ipv4_method, NM_SETTING_IP4_CONFIG_METHOD_AUTO)) { -+ /* "auto" usually means DHCPv4 or autoconf6, but it doesn't have to be. Subclasses -+ * can overwrite it. For example, you cannot run DHCPv4 on PPP/WireGuard links. */ -+ ipv4_method = klass->get_ip_method_auto(self, AF_INET); -+ } -+ -+ ipv6_method = nm_device_get_effective_ip_config_method(self, AF_INET6); -+ if (!g_file_test("/proc/sys/net/ipv6", G_FILE_TEST_IS_DIR)) { -+ _NMLOG_ip((nm_device_sys_iface_state_is_external(self) -+ || NM_IN_STRSET(ipv6_method, -+ NM_SETTING_IP6_CONFIG_METHOD_AUTO, -+ NM_SETTING_IP6_CONFIG_METHOD_DISABLED, -+ NM_SETTING_IP6_CONFIG_METHOD_IGNORE)) -+ ? LOGL_DEBUG -+ : LOGL_WARN, -+ AF_INET6, -+ "IPv6 not supported by kernel resulting in \"ipv6.method=disabled\""); -+ ipv6_method = NM_SETTING_IP6_CONFIG_METHOD_DISABLED; -+ } else if (nm_streq(ipv6_method, NM_SETTING_IP6_CONFIG_METHOD_AUTO)) { -+ ipv6_method = klass->get_ip_method_auto(self, AF_INET6); -+ } -+ -+ if (priv->ip_data_4.do_reapply) { -+ _LOGD_ip(AF_INET, "reapply..."); -+ _cleanup_ip_pre(self, AF_INET, CLEANUP_TYPE_DECONFIGURE, TRUE); -+ } -+ if (priv->ip_data_6.do_reapply) { -+ _LOGD_ip(AF_INET6, "reapply..."); -+ _cleanup_ip_pre(self, AF_INET6, CLEANUP_TYPE_DECONFIGURE, TRUE); -+ } -+ - if (priv->state < NM_DEVICE_STATE_IP_CONFIG) { - _dev_ip_state_req_timeout_schedule(self, AF_INET); - _dev_ip_state_req_timeout_schedule(self, AF_INET6); -@@ -12150,18 +12165,6 @@ activate_stage3_ip_config(NMDevice *self) - * let's do it! */ - _commit_mtu(self); - -- ipv4_method = nm_device_get_effective_ip_config_method(self, AF_INET); -- if (nm_streq(ipv4_method, NM_SETTING_IP4_CONFIG_METHOD_AUTO)) { -- /* "auto" usually means DHCPv4 or autoconf6, but it doesn't have to be. Subclasses -- * can overwrite it. For example, you cannot run DHCPv4 on PPP/WireGuard links. */ -- ipv4_method = klass->get_ip_method_auto(self, AF_INET); -- } -- -- ipv6_method = nm_device_get_effective_ip_config_method(self, AF_INET6); -- if (nm_streq(ipv6_method, NM_SETTING_IP6_CONFIG_METHOD_AUTO)) { -- ipv6_method = klass->get_ip_method_auto(self, AF_INET6); -- } -- - if (!nm_device_sys_iface_state_is_external(self) - && (!klass->ready_for_ip_config || klass->ready_for_ip_config(self, TRUE))) { - if (priv->ipmanual_data.state_6 == NM_DEVICE_IP_STATE_NONE --- -2.43.0 - diff --git a/readme-ifcfg-rh-migrated.txt b/readme-ifcfg-rh-migrated.txt new file mode 100644 index 0000000..aabbcc8 --- /dev/null +++ b/readme-ifcfg-rh-migrated.txt @@ -0,0 +1,84 @@ +NetworkManager was built to automatically migrate connection profiles in +this directory to equivalent ones in keyfile format in directory +/etc/NetworkManager/system-connections. + +You can check whether the migration is enabled via: + + $ NetworkManager --print-config | grep migrate-ifcfg-rh + +In case it is enabled, all files in this directory are migrated at startup. + +To inspect where your connection files are currently stored use: + + $ nmcli -f name,uuid,filename connection + +Background +========== + +The ifcfg format is deprecated and will be removed in future releases. For +more information see: + +https://lists.freedesktop.org/archives/networkmanager/2023-May/000103.html + +Connection profiles in keyfile format have many benefits. For example, this +format is INI file-based and can easily be parsed and generated. + +Each section in NetworkManager keyfiles corresponds to a NetworkManager +setting name as described in the nm-settings(5) and nm-settings-keyfile(5) +man pages. Each key-value pair in a section is one of the properties listed +in the settings specification of the man page. + +How to keep using ifcfg +======================= + +If you want to keep using connection profiles in ifcfg format, you need to: + + - disable the automatic migration to keyfile by setting + "migrate-ifcfg-rh=false" in the [main] section of NetworkManager + configuration; + + - optionally, set "plugins=ifcfg-rh" in the [main] section of + NetworkManager configuration so that new profiles are created in ifcfg + format. + +At this point, you can migrate all your files back via + + nmcli connection migrate --plugin ifcfg-rh + +Or, if you prefer to migrate only specific connections: + + nmcli connection migrate --plugin ifcfg-rh + +Note that some connection types are not supported by the ifcfg plugin. + +Interface renaming +================== + +Connection profiles stored in ifcfg-rh format support the renaming of +interfaces via udev. This is done via a helper tool +/usr/lib/udev/rename_device that is invoked by udev to parse the files +in /etc/sysconfig/network-scripts; when the HWADDR and DEVICE +variables are set, the interface that matches the MAC address in +HWADDR is renamed to the name specified in DEVICE. + +Connections in keyfile format don't provide the same integration with +udev. The renaming of interfaces must be configured directly in udev, +for example by creating a file: + + /etc/systemd/network/70-rename.link + +with content: + + [Match] + MACAddress=00:11:22:33:44:56 + + [Link] + Name=ethernet1 + +Alternatively, a udev rule can also be used, such as: + + /etc/udev/rules.d/70-interface-names.rules + +with content: + + SUBSYSTEM=="net",ACTION=="add",ATTR{address}=="00:11:22:33:44:56",ATTR{type}=="1",NAME="ethernet1" diff --git a/SOURCES/readme-ifcfg-rh.txt b/readme-ifcfg-rh.txt similarity index 57% rename from SOURCES/readme-ifcfg-rh.txt rename to readme-ifcfg-rh.txt index b69a681..56c373d 100644 --- a/SOURCES/readme-ifcfg-rh.txt +++ b/readme-ifcfg-rh.txt @@ -29,3 +29,35 @@ Alternatively, to migrate only a specific profile, enter: For further details, see: * nm-settings-keyfile(5) * nmcli(1) + +Interface renaming +================== + +Connection profiles stored in ifcfg-rh format support the renaming of +interfaces via udev. This is done via a helper tool +/usr/lib/udev/rename_device that is invoked by udev to parse the files +in /etc/sysconfig/network-scripts; when the HWADDR and DEVICE +variables are set, the interface that matches the MAC address in +HWADDR is renamed to the name specified in DEVICE. + +Connections in keyfile format don't provide the same integration with +udev. The renaming of interfaces must be configured directly in udev, +for example by creating a file: + + /etc/systemd/network/70-rename.link + +with content: + + [Match] + MACAddress=00:11:22:33:44:56 + + [Link] + Name=ethernet1 + +Alternatively, a udev rule can also be used, such as: + + /etc/udev/rules.d/70-interface-names.rules + +with content: + + SUBSYSTEM=="net",ACTION=="add",ATTR{address}=="00:11:22:33:44:56",ATTR{type}=="1",NAME="ethernet1" diff --git a/sources b/sources new file mode 100644 index 0000000..abced56 --- /dev/null +++ b/sources @@ -0,0 +1 @@ +SHA512 (NetworkManager-1.48.10.tar.xz) = baef2ecc7da5c2f00278e8596f47c9304321896f1b79a6f304e27365c89a5fbaac6fbb68433a8fad94eeeffa56561968d0afee1adb24df6a8e6f2dba978cc620