import NetworkManager-1.36.0-4.el9_0
This commit is contained in:
commit
e2baef0495
1
.NetworkManager.metadata
Normal file
1
.NetworkManager.metadata
Normal file
@ -0,0 +1 @@
|
|||||||
|
adbe8e9eef649ac73c4fbaefd71a1335d4d016cd SOURCES/NetworkManager-1.36.0.tar.xz
|
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
SOURCES/NetworkManager-1.36.0.tar.xz
|
14
SOURCES/00-server.conf
Normal file
14
SOURCES/00-server.conf
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
# This configuration file changes NetworkManager's behavior to
|
||||||
|
# what's expected on "traditional UNIX server" type deployments.
|
||||||
|
#
|
||||||
|
# See "man NetworkManager.conf" for more information about these
|
||||||
|
# and other keys.
|
||||||
|
|
||||||
|
[main]
|
||||||
|
# Do not do automatic (DHCP/SLAAC) configuration on ethernet devices
|
||||||
|
# with no other matching connections.
|
||||||
|
no-auto-default=*
|
||||||
|
|
||||||
|
# Ignore the carrier (cable plugged in) state when attempting to
|
||||||
|
# activate static-IP connections.
|
||||||
|
ignore-carrier=*
|
62
SOURCES/1001-wwan-dns-fix-rh2059138.patch
Normal file
62
SOURCES/1001-wwan-dns-fix-rh2059138.patch
Normal file
@ -0,0 +1,62 @@
|
|||||||
|
From 7ba52fdcfeeb1e5400bcecb9fa93b3099dcccb47 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Beniamino Galvani <bgalvani@redhat.com>
|
||||||
|
Date: Fri, 25 Feb 2022 10:06:48 +0100
|
||||||
|
Subject: [PATCH] core: initialize l3cd dns-priority for ppp and wwan
|
||||||
|
|
||||||
|
For devices that configure IP by themselves (by returning
|
||||||
|
"->ready_for_ip_config() = TRUE" and implementing
|
||||||
|
->act_stage3_ip_config()), we skip manual configuration. Currently,
|
||||||
|
manual configuration is the only one that sets flag HAS_DNS_PRIORITY
|
||||||
|
into the resulting l3cd.
|
||||||
|
|
||||||
|
So, the merged l3cd for such devices misses a dns-priority and is
|
||||||
|
ignored by the DNS manager.
|
||||||
|
|
||||||
|
Explicitly initialize the priority to 0; in this way, the default
|
||||||
|
value for the device will be set in the final l3cd during the merge.
|
||||||
|
|
||||||
|
Fixes: 58287cbcc0c8 ('core: rework IP configuration in NetworkManager using layer 3 configuration')
|
||||||
|
|
||||||
|
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/931
|
||||||
|
(cherry picked from commit b2e559fab2fa5adbf4e159fc1c2cadd3d965b01b)
|
||||||
|
(cherry picked from commit bfd3216584e9fe1eb0b6f3f81e3eb75a40877775)
|
||||||
|
---
|
||||||
|
src/core/devices/wwan/nm-modem-broadband.c | 2 ++
|
||||||
|
src/core/ppp/nm-ppp-manager.c | 1 +
|
||||||
|
2 files changed, 3 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/core/devices/wwan/nm-modem-broadband.c b/src/core/devices/wwan/nm-modem-broadband.c
|
||||||
|
index f5336d3750..b585652e5d 100644
|
||||||
|
--- a/src/core/devices/wwan/nm-modem-broadband.c
|
||||||
|
+++ b/src/core/devices/wwan/nm-modem-broadband.c
|
||||||
|
@@ -1032,6 +1032,7 @@ stage3_ip_config_start(NMModem *modem, int addr_family, NMModemIPMethod ip_metho
|
||||||
|
l3cd = nm_l3_config_data_new(nm_platform_get_multi_idx(NM_PLATFORM_GET),
|
||||||
|
ifindex,
|
||||||
|
NM_IP_CONFIG_SOURCE_WWAN);
|
||||||
|
+ nm_l3_config_data_set_dns_priority(l3cd, AF_INET, 0);
|
||||||
|
|
||||||
|
address = (NMPlatformIP4Address){
|
||||||
|
.address = address_network,
|
||||||
|
@@ -1118,6 +1119,7 @@ stage3_ip_config_start(NMModem *modem, int addr_family, NMModemIPMethod ip_metho
|
||||||
|
l3cd = nm_l3_config_data_new(nm_platform_get_multi_idx(NM_PLATFORM_GET),
|
||||||
|
ifindex,
|
||||||
|
NM_IP_CONFIG_SOURCE_WWAN);
|
||||||
|
+ nm_l3_config_data_set_dns_priority(l3cd, AF_INET6, 0);
|
||||||
|
|
||||||
|
do_auto = TRUE;
|
||||||
|
|
||||||
|
diff --git a/src/core/ppp/nm-ppp-manager.c b/src/core/ppp/nm-ppp-manager.c
|
||||||
|
index dd6b1bc7f0..5761d59d39 100644
|
||||||
|
--- a/src/core/ppp/nm-ppp-manager.c
|
||||||
|
+++ b/src/core/ppp/nm-ppp-manager.c
|
||||||
|
@@ -545,6 +545,7 @@ impl_ppp_manager_set_ip4_config(NMDBusObject *obj,
|
||||||
|
NM_IP_CONFIG_SOURCE_PPP);
|
||||||
|
|
||||||
|
nm_l3_config_data_set_mtu(l3cd, mtu);
|
||||||
|
+ nm_l3_config_data_set_dns_priority(l3cd, AF_INET, 0);
|
||||||
|
|
||||||
|
address = (NMPlatformIP4Address){
|
||||||
|
.plen = 32,
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
@ -0,0 +1,332 @@
|
|||||||
|
From b55842ac0803b59fe8675464191180e44634ce1f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Thomas Haller <thaller@redhat.com>
|
||||||
|
Date: Tue, 22 Feb 2022 22:08:18 +0100
|
||||||
|
Subject: [PATCH 1/2] core: reject unsupported flags for CheckpointCreate D-Bus
|
||||||
|
request
|
||||||
|
|
||||||
|
(cherry picked from commit df6ee44fb2b96cf05aaeeee500c75d7d91b37404)
|
||||||
|
(cherry picked from commit 4cfc2245d382b0b869bd52238eecd17f1c10af1c)
|
||||||
|
---
|
||||||
|
src/core/nm-manager.c | 34 +++++++++++++++++++++++++---------
|
||||||
|
1 file changed, 25 insertions(+), 9 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/core/nm-manager.c b/src/core/nm-manager.c
|
||||||
|
index b440b22457f2..53ef1754bb72 100644
|
||||||
|
--- a/src/core/nm-manager.c
|
||||||
|
+++ b/src/core/nm-manager.c
|
||||||
|
@@ -7453,15 +7453,30 @@ impl_manager_checkpoint_create(NMDBusObject *obj,
|
||||||
|
GDBusMethodInvocation *invocation,
|
||||||
|
GVariant *parameters)
|
||||||
|
{
|
||||||
|
- NMManager *self = NM_MANAGER(obj);
|
||||||
|
- NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE(self);
|
||||||
|
- NMAuthChain *chain;
|
||||||
|
- char **devices;
|
||||||
|
- guint32 rollback_timeout;
|
||||||
|
- guint32 flags;
|
||||||
|
+ NMManager *self = NM_MANAGER(obj);
|
||||||
|
+ NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE(self);
|
||||||
|
+ NMAuthChain *chain;
|
||||||
|
+ gs_strfreev char **devices = NULL;
|
||||||
|
+ guint32 rollback_timeout;
|
||||||
|
+ guint32 flags;
|
||||||
|
|
||||||
|
G_STATIC_ASSERT_EXPR(sizeof(flags) <= sizeof(NMCheckpointCreateFlags));
|
||||||
|
|
||||||
|
+ g_variant_get(parameters, "(^aouu)", &devices, &rollback_timeout, &flags);
|
||||||
|
+
|
||||||
|
+ if ((NMCheckpointCreateFlags) flags != flags
|
||||||
|
+ || NM_FLAGS_ANY(flags,
|
||||||
|
+ ~((guint32) (NM_CHECKPOINT_CREATE_FLAG_DESTROY_ALL
|
||||||
|
+ | NM_CHECKPOINT_CREATE_FLAG_DELETE_NEW_CONNECTIONS
|
||||||
|
+ | NM_CHECKPOINT_CREATE_FLAG_DISCONNECT_NEW_DEVICES
|
||||||
|
+ | NM_CHECKPOINT_CREATE_FLAG_ALLOW_OVERLAPPING)))) {
|
||||||
|
+ g_dbus_method_invocation_return_error_literal(invocation,
|
||||||
|
+ NM_MANAGER_ERROR,
|
||||||
|
+ NM_MANAGER_ERROR_INVALID_ARGUMENTS,
|
||||||
|
+ "Invalid flags");
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
chain = nm_auth_chain_new_context(invocation, checkpoint_auth_done_cb, self);
|
||||||
|
if (!chain) {
|
||||||
|
g_dbus_method_invocation_return_error_literal(invocation,
|
||||||
|
@@ -7471,11 +7486,12 @@ impl_manager_checkpoint_create(NMDBusObject *obj,
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
- g_variant_get(parameters, "(^aouu)", &devices, &rollback_timeout, &flags);
|
||||||
|
-
|
||||||
|
c_list_link_tail(&priv->auth_lst_head, nm_auth_chain_parent_lst_list(chain));
|
||||||
|
nm_auth_chain_set_data(chain, "audit-op", NM_AUDIT_OP_CHECKPOINT_CREATE, NULL);
|
||||||
|
- nm_auth_chain_set_data(chain, "devices", devices, (GDestroyNotify) g_strfreev);
|
||||||
|
+ nm_auth_chain_set_data(chain,
|
||||||
|
+ "devices",
|
||||||
|
+ g_steal_pointer(&devices),
|
||||||
|
+ (GDestroyNotify) g_strfreev);
|
||||||
|
nm_auth_chain_set_data(chain, "flags", GUINT_TO_POINTER(flags), NULL);
|
||||||
|
nm_auth_chain_set_data(chain, "timeout", GUINT_TO_POINTER(rollback_timeout), NULL);
|
||||||
|
nm_auth_chain_add_call(chain, NM_AUTH_PERMISSION_CHECKPOINT_ROLLBACK, TRUE);
|
||||||
|
--
|
||||||
|
2.35.1
|
||||||
|
|
||||||
|
|
||||||
|
From 3c417c8338bf44292d4869763587286c7d492c0c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Thomas Haller <thaller@redhat.com>
|
||||||
|
Date: Tue, 22 Feb 2022 21:55:57 +0100
|
||||||
|
Subject: [PATCH 2/2] core: preserve external ports during checkpoint rollback
|
||||||
|
|
||||||
|
When we have a bridge interface with ports attached externally (that is,
|
||||||
|
not by NetworkManager itself), then it can make sense that during
|
||||||
|
checkpoint rollback we want to keep those ports attached.
|
||||||
|
|
||||||
|
During rollback, we may need to deactivate the bridge device and
|
||||||
|
re-activate it. Implement this, by setting a flag before deactivating,
|
||||||
|
which prevents external ports to be detached. The flag gets cleared,
|
||||||
|
when the device state changes to activated (the following activation)
|
||||||
|
or unmanaged.
|
||||||
|
|
||||||
|
This is an ugly solution, for several reasons.
|
||||||
|
|
||||||
|
For one, NMDevice tracks its ports in the "slaves" list. But what
|
||||||
|
it does is ugly. There is no clear concept to understand what it
|
||||||
|
actually tacks. For example, it tracks externally added interfaces
|
||||||
|
(nm_device_sys_iface_state_is_external()) that are attached while
|
||||||
|
not being connected. But it also tracks interfaces that we want to attach
|
||||||
|
during activation (but which are not yet actually enslaved). It also tracks
|
||||||
|
slaves that have no actual netdev device (OVS). So it's not clear what this
|
||||||
|
list contains and what it should contain at any point in time. When we skip
|
||||||
|
the change of the slaves states during nm_device_master_release_slaves_all(),
|
||||||
|
it's not really clear what the effects are. It's ugly, but probably correct
|
||||||
|
enough. What would be better, if we had a clear purpose of what the
|
||||||
|
lists (or several lists) mean. E.g. a list of all ports that are
|
||||||
|
currently, physically attached vs. a list of ports we want to attach vs.
|
||||||
|
a list of OVS slaves that have no actual netdev device.
|
||||||
|
|
||||||
|
Another problem is that we attach state on the device
|
||||||
|
("activation_state_preserve_external_ports"), which should linger there
|
||||||
|
during the deactivation and reactivation. How can we be sure that we don't
|
||||||
|
leave that flag dangling there, and that the desired following activation
|
||||||
|
is the one we cared about? If the follow-up activation fails short (e.g. an
|
||||||
|
unmanaged command comes first), will we properly disconnect the slaves?
|
||||||
|
Should we even? In practice, it might be correct enough.
|
||||||
|
|
||||||
|
Also, we only implement this for bridges. I think this is where it makes
|
||||||
|
the most sense. And after all, it's an odd thing to preserve unknown,
|
||||||
|
external things during a rollback -- unknown, because we have no knowledge
|
||||||
|
about why these ports are attached and what to do with them.
|
||||||
|
|
||||||
|
Also, the change doesn't remember the ports that were attached when the
|
||||||
|
checkpoint was created. Instead, we preserve all ports that are attached
|
||||||
|
during rollback. That seems more useful and easier to implement. So we
|
||||||
|
don't actually rollback to the configuration when the checkpoint was
|
||||||
|
created. Instead, we rollback, but keep external devices.
|
||||||
|
|
||||||
|
Also, we do this now by default and introduce a flag to get the previous
|
||||||
|
behavior.
|
||||||
|
|
||||||
|
https://bugzilla.redhat.com/show_bug.cgi?id=2035519
|
||||||
|
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/ # 909
|
||||||
|
(cherry picked from commit 98b3056604fc565f273c264b892086a75a4db0e9)
|
||||||
|
(cherry picked from commit 351ca13358f62f85af675672c3399141bec092cd)
|
||||||
|
---
|
||||||
|
src/core/devices/nm-device.c | 71 ++++++++++++++++++++++-
|
||||||
|
src/core/devices/nm-device.h | 2 +
|
||||||
|
src/core/nm-checkpoint.c | 5 ++
|
||||||
|
src/core/nm-manager.c | 3 +-
|
||||||
|
src/libnm-core-public/nm-dbus-interface.h | 16 +++--
|
||||||
|
5 files changed, 90 insertions(+), 7 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/core/devices/nm-device.c b/src/core/devices/nm-device.c
|
||||||
|
index 35360ceebb7b..a11486d54be3 100644
|
||||||
|
--- a/src/core/devices/nm-device.c
|
||||||
|
+++ b/src/core/devices/nm-device.c
|
||||||
|
@@ -76,6 +76,7 @@
|
||||||
|
#include "nm-hostname-manager.h"
|
||||||
|
|
||||||
|
#include "nm-device-generic.h"
|
||||||
|
+#include "nm-device-bridge.h"
|
||||||
|
#include "nm-device-vlan.h"
|
||||||
|
#include "nm-device-vrf.h"
|
||||||
|
#include "nm-device-wireguard.h"
|
||||||
|
@@ -483,9 +484,12 @@ typedef struct _NMDevicePrivate {
|
||||||
|
|
||||||
|
NMUtilsStableType current_stable_id_type : 3;
|
||||||
|
|
||||||
|
+ bool activation_state_preserve_external_ports : 1;
|
||||||
|
+
|
||||||
|
bool nm_owned : 1; /* whether the device is a device owned and created by NM */
|
||||||
|
|
||||||
|
- bool assume_state_guess_assume : 1;
|
||||||
|
+ bool assume_state_guess_assume : 1;
|
||||||
|
+
|
||||||
|
char *assume_state_connection_uuid;
|
||||||
|
|
||||||
|
guint64 udi_id;
|
||||||
|
@@ -7666,8 +7670,19 @@ nm_device_master_release_slaves(NMDevice *self)
|
||||||
|
c_list_for_each_safe (iter, safe, &priv->slaves) {
|
||||||
|
SlaveInfo *info = c_list_entry(iter, SlaveInfo, lst_slave);
|
||||||
|
|
||||||
|
+ if (priv->activation_state_preserve_external_ports
|
||||||
|
+ && nm_device_sys_iface_state_is_external(info->slave)) {
|
||||||
|
+ _LOGT(LOGD_DEVICE,
|
||||||
|
+ "master: preserve external port %s",
|
||||||
|
+ nm_device_get_iface(info->slave));
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
nm_device_master_release_one_slave(self, info->slave, TRUE, FALSE, reason);
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+ /* We only need this flag for a short time. It served its purpose. Clear
|
||||||
|
+ * it again. */
|
||||||
|
+ nm_device_activation_state_set_preserve_external_ports(self, FALSE);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
@@ -15386,6 +15401,16 @@ _set_state_full(NMDevice *self, NMDeviceState state, NMDeviceStateReason reason,
|
||||||
|
if (state > NM_DEVICE_STATE_DISCONNECTED)
|
||||||
|
nm_device_assume_state_reset(self);
|
||||||
|
|
||||||
|
+ if (state < NM_DEVICE_STATE_UNAVAILABLE
|
||||||
|
+ || (state >= NM_DEVICE_STATE_IP_CONFIG && state < NM_DEVICE_STATE_ACTIVATED)) {
|
||||||
|
+ /* preserve-external-ports is used by NMCheckpoint to activate a master
|
||||||
|
+ * device, and preserve already attached ports. This means, this state is only
|
||||||
|
+ * relevant during the deactivation and the following activation of the
|
||||||
|
+ * right profile. Once we are sufficiently far in the activation of the
|
||||||
|
+ * intended profile, we clear the state again. */
|
||||||
|
+ nm_device_activation_state_set_preserve_external_ports(self, FALSE);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (state <= NM_DEVICE_STATE_UNAVAILABLE) {
|
||||||
|
if (available_connections_del_all(self))
|
||||||
|
_notify(self, PROP_AVAILABLE_CONNECTIONS);
|
||||||
|
@@ -15790,6 +15815,50 @@ nm_device_get_state(NMDevice *self)
|
||||||
|
return NM_DEVICE_GET_PRIVATE(self)->state;
|
||||||
|
}
|
||||||
|
|
||||||
|
+/*****************************************************************************/
|
||||||
|
+
|
||||||
|
+/**
|
||||||
|
+ * nm_device_activation_state_set_preserve_external_ports:
|
||||||
|
+ * @self: the NMDevice.
|
||||||
|
+ * @flag: whether to set or clear the the flag.
|
||||||
|
+ *
|
||||||
|
+ * This sets an internal flag to true, which does something specific.
|
||||||
|
+ * For non-master devices, it has no effect. For master devices, this
|
||||||
|
+ * will prevent to detach all external ports, until the next activation
|
||||||
|
+ * completes.
|
||||||
|
+ *
|
||||||
|
+ * This is used during checkpoint/rollback. We may want to preserve
|
||||||
|
+ * externally attached ports during the restore. NMCheckpoint will
|
||||||
|
+ * call this before doing a re-activation. By setting the flag,
|
||||||
|
+ * we basically preserve such ports.
|
||||||
|
+ *
|
||||||
|
+ * Once we reach again ACTIVATED state, the flag gets cleared. This
|
||||||
|
+ * only has effect for the next activation cycle. */
|
||||||
|
+void
|
||||||
|
+nm_device_activation_state_set_preserve_external_ports(NMDevice *self, gboolean flag)
|
||||||
|
+{
|
||||||
|
+ NMDevicePrivate *priv;
|
||||||
|
+
|
||||||
|
+ g_return_if_fail(NM_IS_DEVICE(self));
|
||||||
|
+
|
||||||
|
+ priv = NM_DEVICE_GET_PRIVATE(self);
|
||||||
|
+
|
||||||
|
+ if (!NM_IS_DEVICE_BRIDGE(self)) {
|
||||||
|
+ /* This is actually only implemented for bridge devices. While it might
|
||||||
|
+ * make sense for bond/team or OVS, it's not clear that it is actually
|
||||||
|
+ * useful or desirable. */
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (priv->activation_state_preserve_external_ports == flag)
|
||||||
|
+ return;
|
||||||
|
+
|
||||||
|
+ priv->activation_state_preserve_external_ports = flag;
|
||||||
|
+ _LOGD(LOGD_DEVICE,
|
||||||
|
+ "activation-state: preserve-external-ports %s",
|
||||||
|
+ flag ? "enabled" : "disabled");
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
/*****************************************************************************/
|
||||||
|
/* NMConfigDevice interface related stuff */
|
||||||
|
|
||||||
|
diff --git a/src/core/devices/nm-device.h b/src/core/devices/nm-device.h
|
||||||
|
index cfcd4ade6d80..a7badb861087 100644
|
||||||
|
--- a/src/core/devices/nm-device.h
|
||||||
|
+++ b/src/core/devices/nm-device.h
|
||||||
|
@@ -444,6 +444,8 @@ NMDeviceType nm_device_get_device_type(NMDevice *dev);
|
||||||
|
NMLinkType nm_device_get_link_type(NMDevice *dev);
|
||||||
|
NMMetered nm_device_get_metered(NMDevice *dev);
|
||||||
|
|
||||||
|
+void nm_device_activation_state_set_preserve_external_ports(NMDevice *self, gboolean flag);
|
||||||
|
+
|
||||||
|
guint32 nm_device_get_route_table(NMDevice *self, int addr_family);
|
||||||
|
guint32 nm_device_get_route_metric(NMDevice *dev, int addr_family);
|
||||||
|
|
||||||
|
diff --git a/src/core/nm-checkpoint.c b/src/core/nm-checkpoint.c
|
||||||
|
index 0153af970de7..5b48f91aa515 100644
|
||||||
|
--- a/src/core/nm-checkpoint.c
|
||||||
|
+++ b/src/core/nm-checkpoint.c
|
||||||
|
@@ -282,6 +282,11 @@ restore_and_activate_connection(NMCheckpoint *self, DeviceCheckpoint *dev_checkp
|
||||||
|
* an internal subject. */
|
||||||
|
if (nm_device_get_state(dev_checkpoint->device) > NM_DEVICE_STATE_DISCONNECTED
|
||||||
|
&& nm_device_get_state(dev_checkpoint->device) < NM_DEVICE_STATE_DEACTIVATING) {
|
||||||
|
+ if (!NM_FLAGS_HAS(priv->flags, NM_CHECKPOINT_CREATE_FLAG_NO_PRESERVE_EXTERNAL_PORTS)) {
|
||||||
|
+ nm_device_activation_state_set_preserve_external_ports(dev_checkpoint->device,
|
||||||
|
+ TRUE);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
nm_device_state_changed(dev_checkpoint->device,
|
||||||
|
NM_DEVICE_STATE_DEACTIVATING,
|
||||||
|
NM_DEVICE_STATE_REASON_NEW_ACTIVATION);
|
||||||
|
diff --git a/src/core/nm-manager.c b/src/core/nm-manager.c
|
||||||
|
index 53ef1754bb72..6c73d237c845 100644
|
||||||
|
--- a/src/core/nm-manager.c
|
||||||
|
+++ b/src/core/nm-manager.c
|
||||||
|
@@ -7469,7 +7469,8 @@ impl_manager_checkpoint_create(NMDBusObject *obj,
|
||||||
|
~((guint32) (NM_CHECKPOINT_CREATE_FLAG_DESTROY_ALL
|
||||||
|
| NM_CHECKPOINT_CREATE_FLAG_DELETE_NEW_CONNECTIONS
|
||||||
|
| NM_CHECKPOINT_CREATE_FLAG_DISCONNECT_NEW_DEVICES
|
||||||
|
- | NM_CHECKPOINT_CREATE_FLAG_ALLOW_OVERLAPPING)))) {
|
||||||
|
+ | NM_CHECKPOINT_CREATE_FLAG_ALLOW_OVERLAPPING
|
||||||
|
+ | NM_CHECKPOINT_CREATE_FLAG_NO_PRESERVE_EXTERNAL_PORTS)))) {
|
||||||
|
g_dbus_method_invocation_return_error_literal(invocation,
|
||||||
|
NM_MANAGER_ERROR,
|
||||||
|
NM_MANAGER_ERROR_INVALID_ARGUMENTS,
|
||||||
|
diff --git a/src/libnm-core-public/nm-dbus-interface.h b/src/libnm-core-public/nm-dbus-interface.h
|
||||||
|
index fe2a6c09db58..0d23c7d7a793 100644
|
||||||
|
--- a/src/libnm-core-public/nm-dbus-interface.h
|
||||||
|
+++ b/src/libnm-core-public/nm-dbus-interface.h
|
||||||
|
@@ -959,17 +959,23 @@ typedef enum {
|
||||||
|
* overlapping younger checkpoints. This opts-in that the
|
||||||
|
* checkpoint can be automatically destroyed by the rollback
|
||||||
|
* of an older checkpoint. Since: 1.12.
|
||||||
|
+ * @NM_CHECKPOINT_CREATE_FLAG_NO_PRESERVE_EXTERNAL_PORTS: during rollback,
|
||||||
|
+ * by default externally added ports attached to bridge devices are preserved.
|
||||||
|
+ * With this flag, the rollback detaches all external ports.
|
||||||
|
+ * This only has an effect for bridge ports. Before 1.38, 1.36.2, this was the default
|
||||||
|
+ * behavior. Since: 1.38, 1.36.2.
|
||||||
|
*
|
||||||
|
* The flags for CheckpointCreate call
|
||||||
|
*
|
||||||
|
* Since: 1.4 (gi flags generated since 1.12)
|
||||||
|
*/
|
||||||
|
typedef enum { /*< flags >*/
|
||||||
|
- NM_CHECKPOINT_CREATE_FLAG_NONE = 0,
|
||||||
|
- NM_CHECKPOINT_CREATE_FLAG_DESTROY_ALL = 0x01,
|
||||||
|
- NM_CHECKPOINT_CREATE_FLAG_DELETE_NEW_CONNECTIONS = 0x02,
|
||||||
|
- NM_CHECKPOINT_CREATE_FLAG_DISCONNECT_NEW_DEVICES = 0x04,
|
||||||
|
- NM_CHECKPOINT_CREATE_FLAG_ALLOW_OVERLAPPING = 0x08,
|
||||||
|
+ NM_CHECKPOINT_CREATE_FLAG_NONE = 0,
|
||||||
|
+ NM_CHECKPOINT_CREATE_FLAG_DESTROY_ALL = 0x01,
|
||||||
|
+ NM_CHECKPOINT_CREATE_FLAG_DELETE_NEW_CONNECTIONS = 0x02,
|
||||||
|
+ NM_CHECKPOINT_CREATE_FLAG_DISCONNECT_NEW_DEVICES = 0x04,
|
||||||
|
+ NM_CHECKPOINT_CREATE_FLAG_ALLOW_OVERLAPPING = 0x08,
|
||||||
|
+ NM_CHECKPOINT_CREATE_FLAG_NO_PRESERVE_EXTERNAL_PORTS = 0x10,
|
||||||
|
} NMCheckpointCreateFlags;
|
||||||
|
|
||||||
|
/**
|
||||||
|
--
|
||||||
|
2.35.1
|
||||||
|
|
52
SOURCES/1003-fix-ovsdb-removal-ports-rhbz1935026.patch
Normal file
52
SOURCES/1003-fix-ovsdb-removal-ports-rhbz1935026.patch
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
From 482f9671c69800de2077d2dab9352a9b385115d3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Lubomir Rintel <lkundrak@v3.sk>
|
||||||
|
Date: Tue, 22 Feb 2022 16:18:40 +0100
|
||||||
|
Subject: [PATCH] ovs-port: fix removal of ovsdb entry if the interface goes
|
||||||
|
away
|
||||||
|
|
||||||
|
Hope third time is the charm.
|
||||||
|
|
||||||
|
The idea here is to remove the OVSDB entry if the device actually went away
|
||||||
|
violently (like, the it was actually removed from the platform), but keep it if
|
||||||
|
we're shutting down.
|
||||||
|
|
||||||
|
Fixes-test: @ovs_nmstate
|
||||||
|
Fixes: 966413e78f14 ('ovs-port: avoid removing the OVSDB entry if we're shutting down')
|
||||||
|
Fixes: ecc73eb239e6 ('ovs-port: always remove the OVSDB entry on slave release')
|
||||||
|
|
||||||
|
https://bugzilla.redhat.com/show_bug.cgi?id=2055665
|
||||||
|
(cherry picked from commit 65fdfb25006acc3c67059792579dd7a770d04768)
|
||||||
|
(cherry picked from commit fee7328c86e5fe8171f8382492f147e7d263891b)
|
||||||
|
---
|
||||||
|
src/core/devices/ovs/nm-device-ovs-port.c | 8 +++++---
|
||||||
|
1 file changed, 5 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/core/devices/ovs/nm-device-ovs-port.c b/src/core/devices/ovs/nm-device-ovs-port.c
|
||||||
|
index 8406c3648cef..116f58c43ace 100644
|
||||||
|
--- a/src/core/devices/ovs/nm-device-ovs-port.c
|
||||||
|
+++ b/src/core/devices/ovs/nm-device-ovs-port.c
|
||||||
|
@@ -188,8 +188,10 @@ del_iface_cb(GError *error, gpointer user_data)
|
||||||
|
static void
|
||||||
|
release_slave(NMDevice *device, NMDevice *slave, gboolean configure)
|
||||||
|
{
|
||||||
|
- NMDeviceOvsPort *self = NM_DEVICE_OVS_PORT(device);
|
||||||
|
- bool slave_removed = nm_device_sys_iface_state_get(slave) == NM_DEVICE_SYS_IFACE_STATE_REMOVED;
|
||||||
|
+ NMDeviceOvsPort *self = NM_DEVICE_OVS_PORT(device);
|
||||||
|
+ bool slave_not_managed = !NM_IN_SET(nm_device_sys_iface_state_get(slave),
|
||||||
|
+ NM_DEVICE_SYS_IFACE_STATE_MANAGED,
|
||||||
|
+ NM_DEVICE_SYS_IFACE_STATE_ASSUME);
|
||||||
|
|
||||||
|
_LOGI(LOGD_DEVICE, "releasing ovs interface %s", nm_device_get_ip_iface(slave));
|
||||||
|
|
||||||
|
@@ -197,7 +199,7 @@ release_slave(NMDevice *device, NMDevice *slave, gboolean configure)
|
||||||
|
* removed and thus we're called with configure=FALSE), we still need
|
||||||
|
* to make sure its OVSDB entry is gone.
|
||||||
|
*/
|
||||||
|
- if (configure || slave_removed) {
|
||||||
|
+ if (configure || slave_not_managed) {
|
||||||
|
nm_ovsdb_del_interface(nm_ovsdb_get(),
|
||||||
|
nm_device_get_iface(slave),
|
||||||
|
del_iface_cb,
|
||||||
|
--
|
||||||
|
2.35.1
|
||||||
|
|
@ -0,0 +1,82 @@
|
|||||||
|
From 118561e284ff7f28421b19530d4471075b89645c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Beniamino Galvani <bgalvani@redhat.com>
|
||||||
|
Date: Thu, 10 Mar 2022 12:07:49 +0100
|
||||||
|
Subject: [PATCH] n-dhcp4: discard NAKs from other servers in SELECTING
|
||||||
|
|
||||||
|
I got a report of a scenario where multiple servers reply to a REQUEST
|
||||||
|
in SELECTING, and all servers send NAKs except the one which sent the
|
||||||
|
offer, which replies with a ACK. In that scenario, n-dhcp4 is not able
|
||||||
|
to obtain a lease because it restarts from INIT as soon as the first
|
||||||
|
NAK is received. For comparison, dhclient can get a lease because it
|
||||||
|
ignores all NAKs in SELECTING.
|
||||||
|
|
||||||
|
Arguably, the network is misconfigured there, but it would be great if
|
||||||
|
n-dhcp4 could still work in such scenario.
|
||||||
|
|
||||||
|
According to RFC 2131, ACK and NAK messages from server must contain a
|
||||||
|
server-id option. The RFC doesn't explicitly say that the client
|
||||||
|
should check the option, but I think it's a reasonable thing to do, at
|
||||||
|
least for NAKs.
|
||||||
|
|
||||||
|
This patch stores the server-id of the REQUEST in SELECTING, and
|
||||||
|
compares it with the server-id from NAKs, to discard other servers'
|
||||||
|
replies.
|
||||||
|
|
||||||
|
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1144
|
||||||
|
---
|
||||||
|
src/n-dhcp4/src/n-dhcp4-c-connection.c | 19 +++++++++++++++++++
|
||||||
|
src/n-dhcp4/src/n-dhcp4-private.h | 1 +
|
||||||
|
2 files changed, 20 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/n-dhcp4/src/n-dhcp4-c-connection.c b/src/n-dhcp4/src/n-dhcp4-c-connection.c
|
||||||
|
index 4aba97393d..2f660e3b30 100644
|
||||||
|
--- a/src/n-dhcp4/src/n-dhcp4-c-connection.c
|
||||||
|
+++ b/src/n-dhcp4/src/n-dhcp4-c-connection.c
|
||||||
|
@@ -705,6 +705,7 @@ int n_dhcp4_c_connection_select_new(NDhcp4CConnection *connection,
|
||||||
|
message->userdata.start_time = offer->userdata.start_time;
|
||||||
|
message->userdata.base_time = offer->userdata.base_time;
|
||||||
|
message->userdata.client_addr = client.s_addr;
|
||||||
|
+ message->userdata.server_id = server.s_addr;
|
||||||
|
n_dhcp4_incoming_get_xid(offer, &xid);
|
||||||
|
n_dhcp4_outgoing_set_xid(message, xid);
|
||||||
|
|
||||||
|
@@ -1224,6 +1225,24 @@ int n_dhcp4_c_connection_dispatch_io(NDhcp4CConnection *connection,
|
||||||
|
serv_addr, sizeof(serv_addr)));
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if (type == N_DHCP4_MESSAGE_NAK &&
|
||||||
|
+ connection->request->userdata.server_id != INADDR_ANY) {
|
||||||
|
+ struct in_addr server;
|
||||||
|
+
|
||||||
|
+ r = n_dhcp4_incoming_query_server_identifier(message, &server);
|
||||||
|
+ if (r)
|
||||||
|
+ return N_DHCP4_E_AGAIN;
|
||||||
|
+
|
||||||
|
+ if (connection->request->userdata.server_id != server.s_addr) {
|
||||||
|
+ n_dhcp4_log(connection->log_queue,
|
||||||
|
+ LOG_DEBUG,
|
||||||
|
+ "discarded NAK with wrong server-id %s",
|
||||||
|
+ inet_ntop(AF_INET, &server,
|
||||||
|
+ serv_addr, sizeof(serv_addr)));
|
||||||
|
+ return N_DHCP4_E_AGAIN;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
switch (type) {
|
||||||
|
case N_DHCP4_MESSAGE_OFFER:
|
||||||
|
case N_DHCP4_MESSAGE_ACK:
|
||||||
|
diff --git a/src/n-dhcp4/src/n-dhcp4-private.h b/src/n-dhcp4/src/n-dhcp4-private.h
|
||||||
|
index db7b24ff7d..191e946e70 100644
|
||||||
|
--- a/src/n-dhcp4/src/n-dhcp4-private.h
|
||||||
|
+++ b/src/n-dhcp4/src/n-dhcp4-private.h
|
||||||
|
@@ -202,6 +202,7 @@ struct NDhcp4Outgoing {
|
||||||
|
uint8_t type;
|
||||||
|
uint8_t message_type;
|
||||||
|
uint32_t client_addr;
|
||||||
|
+ uint32_t server_id;
|
||||||
|
uint64_t start_time;
|
||||||
|
uint64_t base_time;
|
||||||
|
uint64_t send_time;
|
||||||
|
--
|
||||||
|
2.35.1
|
||||||
|
|
10
SOURCES/20-connectivity-fedora.conf
Normal file
10
SOURCES/20-connectivity-fedora.conf
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# Enable connectivity checking for NetworkManager.
|
||||||
|
# See `man NetworkManager.conf`.
|
||||||
|
#
|
||||||
|
# Note that connectivity checking works badly with rp_filter set to
|
||||||
|
# strict. Check "/proc/sys/net/ipv4/conf/*/rp_filter".
|
||||||
|
[connectivity]
|
||||||
|
enabled=true
|
||||||
|
uri=http://fedoraproject.org/static/hotspot.txt
|
||||||
|
response=OK
|
||||||
|
interval=300
|
10
SOURCES/20-connectivity-redhat.conf
Normal file
10
SOURCES/20-connectivity-redhat.conf
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# Enable connectivity checking for NetworkManager.
|
||||||
|
# See `man NetworkManager.conf`.
|
||||||
|
#
|
||||||
|
# Note that connectivity checking works badly with rp_filter set to
|
||||||
|
# strict. Check "/proc/sys/net/ipv4/conf/*/rp_filter".
|
||||||
|
[connectivity]
|
||||||
|
enabled=true
|
||||||
|
uri=http://static.redhat.com/test/rhel-networkmanager.txt
|
||||||
|
response=OK
|
||||||
|
interval=300
|
15
SOURCES/70-nm-connectivity.conf
Normal file
15
SOURCES/70-nm-connectivity.conf
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
# The Strict mode of RFC3704 Reverse Path filtering breaks some pretty
|
||||||
|
# common and reasonable use cases.
|
||||||
|
#
|
||||||
|
# Notably, it makes it impossible for NetworkManager to do connectivity
|
||||||
|
# check on a newly arriving default route (it starts with a higher metric
|
||||||
|
# and is bumped lower if there's connectivity).
|
||||||
|
#
|
||||||
|
# Kernel's default is 0 (no filter), systemd configures a Loose filter since
|
||||||
|
# commit 230450d4e4f1 ('sysctl.d: switch net.ipv4.conf.all.rp_filter from 1
|
||||||
|
# to 2'). However, RHEL systemd package happens to default to Strict mode
|
||||||
|
# for historic reasons. Let's override it if we're doing connectivity
|
||||||
|
# checking.
|
||||||
|
|
||||||
|
# Source route verification
|
||||||
|
net.ipv4.conf.all.rp_filter = 0
|
52
SOURCES/NetworkManager.conf
Normal file
52
SOURCES/NetworkManager.conf
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
# Configuration file for NetworkManager.
|
||||||
|
#
|
||||||
|
# See "man 5 NetworkManager.conf" for details.
|
||||||
|
#
|
||||||
|
# The directories /usr/lib/NetworkManager/conf.d/ and /run/NetworkManager/conf.d/
|
||||||
|
# can contain additional .conf snippets installed by packages. These files are
|
||||||
|
# read before NetworkManager.conf and have thus lowest priority.
|
||||||
|
# The directory /etc/NetworkManager/conf.d/ can contain additional .conf
|
||||||
|
# snippets. Those snippets are merged last and overwrite the settings from this main
|
||||||
|
# file.
|
||||||
|
#
|
||||||
|
# The files within one conf.d/ directory are read in asciibetical order.
|
||||||
|
#
|
||||||
|
# You can prevent loading a file /usr/lib/NetworkManager/conf.d/NAME.conf
|
||||||
|
# by having a file NAME.conf in either /run/NetworkManager/conf.d/ or /etc/NetworkManager/conf.d/.
|
||||||
|
# Likewise, snippets from /run can be prevented from loading by placing
|
||||||
|
# a file with the same name in /etc/NetworkManager/conf.d/.
|
||||||
|
#
|
||||||
|
# If two files define the same key, the one that is read afterwards will overwrite
|
||||||
|
# the previous one.
|
||||||
|
|
||||||
|
[main]
|
||||||
|
#plugins=keyfile,ifcfg-rh
|
||||||
|
|
||||||
|
|
||||||
|
[logging]
|
||||||
|
# When debugging NetworkManager, enabling debug logging is of great help.
|
||||||
|
#
|
||||||
|
# Logfiles contain no passwords and little sensitive information. But please
|
||||||
|
# check before posting the file online. You can also personally hand over the
|
||||||
|
# logfile to a NM developer to treat it confidential. Meet us on #nm on Libera.Chat.
|
||||||
|
#
|
||||||
|
# You can also change the log-level at runtime via
|
||||||
|
# $ nmcli general logging level TRACE domains ALL
|
||||||
|
# However, usually it's cleaner to enable debug logging
|
||||||
|
# in the configuration and restart NetworkManager so that
|
||||||
|
# debug logging is enabled from the start.
|
||||||
|
#
|
||||||
|
# You will find the logfiles in syslog, for example via
|
||||||
|
# $ journalctl -u NetworkManager
|
||||||
|
#
|
||||||
|
# Please post full logfiles for bug reports without pre-filtering or truncation.
|
||||||
|
# Also, for debugging the entire `journalctl` output can be interesting. Don't
|
||||||
|
# limit unnecessarily with `journalctl -u`. Exceptions are if you are worried
|
||||||
|
# about private data. Check before posting logfiles!
|
||||||
|
#
|
||||||
|
# Note that debug logging of NetworkManager can be quite verbose. Some messages
|
||||||
|
# might be rate-limited by the logging daemon (see RateLimitIntervalSec, RateLimitBurst
|
||||||
|
# in man journald.conf). Please disable rate-limiting before collecting debug logs!
|
||||||
|
#
|
||||||
|
#level=TRACE
|
||||||
|
#domains=ALL
|
3937
SPECS/NetworkManager.spec
Normal file
3937
SPECS/NetworkManager.spec
Normal file
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user