From 1f99a810ac9e94787008dfee2e9f726f4dfb6ae7 Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Wed, 3 Apr 2024 03:08:20 +0300 Subject: [PATCH] import NetworkManager-1.40.16-15.el8_9 --- .../1013-fix-l3cd-comparison-rhel-20600.patch | 90 ++++++++++++ ...workManager-when-disabled-rhel-24968.patch | 130 ++++++++++++++++++ SPECS/NetworkManager.spec | 10 +- 3 files changed, 229 insertions(+), 1 deletion(-) create mode 100644 SOURCES/1013-fix-l3cd-comparison-rhel-20600.patch create mode 100644 SOURCES/1014-device-disable-IPv6-in-NetworkManager-when-disabled-rhel-24968.patch diff --git a/SOURCES/1013-fix-l3cd-comparison-rhel-20600.patch b/SOURCES/1013-fix-l3cd-comparison-rhel-20600.patch new file mode 100644 index 0000000..9861b76 --- /dev/null +++ b/SOURCES/1013-fix-l3cd-comparison-rhel-20600.patch @@ -0,0 +1,90 @@ +From 23544ebaa6873350edad13c1e2c3e1f5efe490c3 Mon Sep 17 00:00:00 2001 +From: Beniamino Galvani +Date: Tue, 28 Mar 2023 09:32:13 +0200 +Subject: [PATCH] core: fix l3cd comparison + +NM_CMP_SELF(a, b) returns immediately if the objects are the same. + +Fixes: cb29244552af ('core: support compare flags in nm_l3_config_data_cmp_full()') +Fixes-test: @dracut_NM_iSCSI_ibft_table + +https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1583 +(cherry picked from commit 0a02995175e06e62924705393121a1c5efc3822d) +(cherry picked from commit 5d95c20787077a91d684259d67f2e0ff3a1d7a1a) +(cherry picked from commit 1395171326e84eafbf2f372c232bf27a4ed79481) +--- + src/core/nm-l3-config-data.c | 55 ++++++++++++++++++------------------ + 1 file changed, 28 insertions(+), 27 deletions(-) + +diff --git a/src/core/nm-l3-config-data.c b/src/core/nm-l3-config-data.c +index d4c7f0c5fb..afdd53920d 100644 +--- a/src/core/nm-l3-config-data.c ++++ b/src/core/nm-l3-config-data.c +@@ -2278,36 +2278,37 @@ nm_l3_config_data_cmp_full(const NML3ConfigData *a, + const NMPObject *def_route_a = a->best_default_route_x[IS_IPv4]; + const NMPObject *def_route_b = b->best_default_route_x[IS_IPv4]; + +- NM_CMP_SELF(def_route_a, def_route_b); +- +- if (NM_FLAGS_HAS(flags, NM_L3_CONFIG_CMP_FLAGS_ROUTES)) { +- NM_CMP_RETURN(nmp_object_cmp_full(def_route_a, +- def_route_b, +- NM_FLAGS_HAS(flags, NM_L3_CONFIG_CMP_FLAGS_IFINDEX) +- ? NMP_OBJECT_CMP_FLAGS_NONE +- : NMP_OBJECT_CMP_FLAGS_IGNORE_IFINDEX)); +- } else if (NM_FLAGS_HAS(flags, NM_L3_CONFIG_CMP_FLAGS_ROUTES_ID)) { +- if (NM_FLAGS_HAS(flags, NM_L3_CONFIG_CMP_FLAGS_IFINDEX)) { +- NM_CMP_DIRECT(def_route_a->obj_with_ifindex.ifindex, +- def_route_b->obj_with_ifindex.ifindex); +- } ++ if (def_route_a != def_route_b) { ++ if (NM_FLAGS_HAS(flags, NM_L3_CONFIG_CMP_FLAGS_ROUTES)) { ++ NM_CMP_RETURN( ++ nmp_object_cmp_full(def_route_a, ++ def_route_b, ++ NM_FLAGS_HAS(flags, NM_L3_CONFIG_CMP_FLAGS_IFINDEX) ++ ? NMP_OBJECT_CMP_FLAGS_NONE ++ : NMP_OBJECT_CMP_FLAGS_IGNORE_IFINDEX)); ++ } else if (NM_FLAGS_HAS(flags, NM_L3_CONFIG_CMP_FLAGS_ROUTES_ID)) { ++ if (NM_FLAGS_HAS(flags, NM_L3_CONFIG_CMP_FLAGS_IFINDEX)) { ++ NM_CMP_DIRECT(def_route_a->obj_with_ifindex.ifindex, ++ def_route_b->obj_with_ifindex.ifindex); ++ } + +- if (IS_IPv4) { +- NMPlatformIP4Route ra = def_route_a->ip4_route; +- NMPlatformIP4Route rb = def_route_b->ip4_route; ++ if (IS_IPv4) { ++ NMPlatformIP4Route ra = def_route_a->ip4_route; ++ NMPlatformIP4Route rb = def_route_b->ip4_route; + +- NM_CMP_DIRECT(ra.metric, rb.metric); +- NM_CMP_DIRECT(ra.plen, rb.plen); +- NM_CMP_RETURN_DIRECT( +- nm_utils_ip4_address_same_prefix_cmp(ra.network, rb.network, ra.plen)); +- } else { +- NMPlatformIP6Route ra = def_route_a->ip6_route; +- NMPlatformIP6Route rb = def_route_b->ip6_route; ++ NM_CMP_DIRECT(ra.metric, rb.metric); ++ NM_CMP_DIRECT(ra.plen, rb.plen); ++ NM_CMP_RETURN_DIRECT( ++ nm_utils_ip4_address_same_prefix_cmp(ra.network, rb.network, ra.plen)); ++ } else { ++ NMPlatformIP6Route ra = def_route_a->ip6_route; ++ NMPlatformIP6Route rb = def_route_b->ip6_route; + +- NM_CMP_DIRECT(ra.metric, rb.metric); +- NM_CMP_DIRECT(ra.plen, rb.plen); +- NM_CMP_RETURN_DIRECT( +- nm_utils_ip6_address_same_prefix_cmp(&ra.network, &rb.network, ra.plen)); ++ NM_CMP_DIRECT(ra.metric, rb.metric); ++ NM_CMP_DIRECT(ra.plen, rb.plen); ++ NM_CMP_RETURN_DIRECT( ++ nm_utils_ip6_address_same_prefix_cmp(&ra.network, &rb.network, ra.plen)); ++ } + } + } + +-- +2.43.0 + diff --git a/SOURCES/1014-device-disable-IPv6-in-NetworkManager-when-disabled-rhel-24968.patch b/SOURCES/1014-device-disable-IPv6-in-NetworkManager-when-disabled-rhel-24968.patch new file mode 100644 index 0000000..4f564db --- /dev/null +++ b/SOURCES/1014-device-disable-IPv6-in-NetworkManager-when-disabled-rhel-24968.patch @@ -0,0 +1,130 @@ +From f06345c2ef66cc3df639019026ba46d0795376e8 Mon Sep 17 00:00:00 2001 +From: Yuki Inoguchi +Date: Tue, 10 Oct 2023 17:50:37 +0900 +Subject: [PATCH] device: disable IPv6 in NetworkManager when disabled in + kernel + +When IPv6 is disabled in kernel but ipv6.method is set to auto, NetworkManager repeatedly attempts +IPv6 configuration internally, resulting in unnecessary warning messages being output infinitely. + + platform-linux: do-add-ip6-address[2: fe80::5054:ff:fe7c:4293]: failure 95 (Operation not supported) + ipv6ll[e898db403d9b5099,ifindex=2]: changed: no IPv6 link local address to retry after Duplicate Address Detection failures (back off) + platform-linux: do-add-ip6-address[2: fe80::5054:ff:fe7c:4293]: failure 95 (Operation not supported) + ipv6ll[e898db403d9b5099,ifindex=2]: changed: no IPv6 link local address to retry after Duplicate Address Detection failures (back off) + platform-linux: do-add-ip6-address[2: fe80::5054:ff:fe7c:4293]: failure 95 (Operation not supported) + ipv6ll[e898db403d9b5099,ifindex=2]: changed: no IPv6 link local address to retry after Duplicate Address Detection failures (back off) + +To prevent this issue, let's disable IPv6 in NetworkManager when it is disabled in the kernel. + +In order to do it in activate_stage3_ip_config() only once during activation, +the firewall initialization needed to be moved earlier. Otherwise, the IPv6 disablement could occur +twice during activation because activate_stage3_ip_config() is also executed from subsequent of fw_change_zone(). + +(cherry picked from commit 50a6386c3ba6ae9b0501e56bd78fd141636770a7) +(cherry picked from commit 4a9cf4c1dd972de11a2d7c6b0dd8328b2dc24f69) +(cherry picked from commit ffef5a47489ee65122a0c532fffdc77707d68231) +Solved some conflicts due to missing 61e1027cc783 ('device: preserve the DHCP lease during reapply') +(cherry picked from commit f407868ee25c06f9a41c72ecd54e83dd4317b4fe) +--- + src/core/devices/nm-device.c | 63 +++++++++++++++++++----------------- + 1 file changed, 33 insertions(+), 30 deletions(-) + +diff --git a/src/core/devices/nm-device.c b/src/core/devices/nm-device.c +index 5748d80393..e54942440f 100644 +--- a/src/core/devices/nm-device.c ++++ b/src/core/devices/nm-device.c +@@ -11556,16 +11556,8 @@ _dev_ipac6_start(NMDevice *self) + NMUtilsIPv6IfaceId iid; + gboolean is_token; + +- if (priv->ipac6_data.state == NM_DEVICE_IP_STATE_NONE) { +- if (!g_file_test("/proc/sys/net/ipv6", G_FILE_TEST_IS_DIR)) { +- _LOGI_ipac6("addrconf6: kernel does not support IPv6"); +- _dev_ipac6_set_state(self, NM_DEVICE_IP_STATE_FAILED); +- _dev_ip_state_check_async(self, AF_INET6); +- return; +- } +- ++ if (priv->ipac6_data.state == NM_DEVICE_IP_STATE_NONE) + _dev_ipac6_set_state(self, NM_DEVICE_IP_STATE_PENDING); +- } + + if (NM_IN_SET(priv->ipll_data_6.state, NM_DEVICE_IP_STATE_NONE, NM_DEVICE_IP_STATE_PENDING)) { + _dev_ipac6_grace_period_start(self, 30, TRUE); +@@ -12092,15 +12084,6 @@ activate_stage3_ip_config(NMDevice *self) + + ifindex = nm_device_get_ip_ifindex(self); + +- if (priv->ip_data_4.do_reapply) { +- _LOGD_ip(AF_INET, "reapply..."); +- _cleanup_ip_pre(self, AF_INET, CLEANUP_TYPE_DECONFIGURE, TRUE); +- } +- if (priv->ip_data_6.do_reapply) { +- _LOGD_ip(AF_INET6, "reapply..."); +- _cleanup_ip_pre(self, AF_INET6, CLEANUP_TYPE_DECONFIGURE, TRUE); +- } +- + /* Add the interface to the specified firewall zone */ + switch (priv->fw_state) { + case FIREWALL_STATE_UNMANAGED: +@@ -12125,6 +12108,38 @@ activate_stage3_ip_config(NMDevice *self) + } + nm_assert(ifindex <= 0 || priv->fw_state == FIREWALL_STATE_INITIALIZED); + ++ ipv4_method = nm_device_get_effective_ip_config_method(self, AF_INET); ++ if (nm_streq(ipv4_method, NM_SETTING_IP4_CONFIG_METHOD_AUTO)) { ++ /* "auto" usually means DHCPv4 or autoconf6, but it doesn't have to be. Subclasses ++ * can overwrite it. For example, you cannot run DHCPv4 on PPP/WireGuard links. */ ++ ipv4_method = klass->get_ip_method_auto(self, AF_INET); ++ } ++ ++ ipv6_method = nm_device_get_effective_ip_config_method(self, AF_INET6); ++ if (!g_file_test("/proc/sys/net/ipv6", G_FILE_TEST_IS_DIR)) { ++ _NMLOG_ip((nm_device_sys_iface_state_is_external(self) ++ || NM_IN_STRSET(ipv6_method, ++ NM_SETTING_IP6_CONFIG_METHOD_AUTO, ++ NM_SETTING_IP6_CONFIG_METHOD_DISABLED, ++ NM_SETTING_IP6_CONFIG_METHOD_IGNORE)) ++ ? LOGL_DEBUG ++ : LOGL_WARN, ++ AF_INET6, ++ "IPv6 not supported by kernel resulting in \"ipv6.method=disabled\""); ++ ipv6_method = NM_SETTING_IP6_CONFIG_METHOD_DISABLED; ++ } else if (nm_streq(ipv6_method, NM_SETTING_IP6_CONFIG_METHOD_AUTO)) { ++ ipv6_method = klass->get_ip_method_auto(self, AF_INET6); ++ } ++ ++ if (priv->ip_data_4.do_reapply) { ++ _LOGD_ip(AF_INET, "reapply..."); ++ _cleanup_ip_pre(self, AF_INET, CLEANUP_TYPE_DECONFIGURE, TRUE); ++ } ++ if (priv->ip_data_6.do_reapply) { ++ _LOGD_ip(AF_INET6, "reapply..."); ++ _cleanup_ip_pre(self, AF_INET6, CLEANUP_TYPE_DECONFIGURE, TRUE); ++ } ++ + if (priv->state < NM_DEVICE_STATE_IP_CONFIG) { + _dev_ip_state_req_timeout_schedule(self, AF_INET); + _dev_ip_state_req_timeout_schedule(self, AF_INET6); +@@ -12150,18 +12165,6 @@ activate_stage3_ip_config(NMDevice *self) + * let's do it! */ + _commit_mtu(self); + +- ipv4_method = nm_device_get_effective_ip_config_method(self, AF_INET); +- if (nm_streq(ipv4_method, NM_SETTING_IP4_CONFIG_METHOD_AUTO)) { +- /* "auto" usually means DHCPv4 or autoconf6, but it doesn't have to be. Subclasses +- * can overwrite it. For example, you cannot run DHCPv4 on PPP/WireGuard links. */ +- ipv4_method = klass->get_ip_method_auto(self, AF_INET); +- } +- +- ipv6_method = nm_device_get_effective_ip_config_method(self, AF_INET6); +- if (nm_streq(ipv6_method, NM_SETTING_IP6_CONFIG_METHOD_AUTO)) { +- ipv6_method = klass->get_ip_method_auto(self, AF_INET6); +- } +- + if (!nm_device_sys_iface_state_is_external(self) + && (!klass->ready_for_ip_config || klass->ready_for_ip_config(self, TRUE))) { + if (priv->ipmanual_data.state_6 == NM_DEVICE_IP_STATE_NONE +-- +2.43.0 + diff --git a/SPECS/NetworkManager.spec b/SPECS/NetworkManager.spec index fa99207..9f932a1 100644 --- a/SPECS/NetworkManager.spec +++ b/SPECS/NetworkManager.spec @@ -6,7 +6,7 @@ %global epoch_version 1 %global real_version 1.40.16 %global rpm_version %{real_version} -%global release_version 13 +%global release_version 15 %global snapshot %{nil} %global git_sha %{nil} %global bcond_default_debug 0 @@ -208,6 +208,8 @@ Patch1009: 1009-manager-allow-controller-activation-if-device-is-dea-rhel-5119.p Patch1010: 1010-better-dispatch-way-for-dns-changes-RHEL-14886.patch Patch1011: 1011-device-do-not-set-MAC-address-on-iface-with-index-0-RHEL-17839.patch Patch1012: 1012-fix-matching-existing-connection-by-UUID-on-restart-rhel-5122.patch +Patch1013: 1013-fix-l3cd-comparison-rhel-20600.patch +Patch1014: 1014-device-disable-IPv6-in-NetworkManager-when-disabled-rhel-24968.patch Requires(post): systemd %if 0%{?fedora} || 0%{?rhel} >= 8 @@ -1243,6 +1245,12 @@ fi %changelog +* Thu Feb 15 2024 Íñigo Huguet - 1:1.40.16-14 +- Fix l3cd comparison (RHEL-20600) + * Fri Dec 08 2023 Wen Liang - 1:1.40.16-13 - Fix matching existing connection by UUID on restart (RHEL-5122)