import NetworkManager-1.40.16-18.el8_10

c8 imports/c8/NetworkManager-1.40.16-18.el8_10
MSVSphere Packaging Team 2 weeks ago
parent 1f99a810ac
commit 6a27082542
Signed by: sys_gitsync
GPG Key ID: B2B0B9F29E528FE8

@ -1,4 +1,4 @@
From 23544ebaa6873350edad13c1e2c3e1f5efe490c3 Mon Sep 17 00:00:00 2001 From a7005248bbd8d563962c6a68ed7f1ead58e9df26 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com> From: Beniamino Galvani <bgalvani@redhat.com>
Date: Tue, 28 Mar 2023 09:32:13 +0200 Date: Tue, 28 Mar 2023 09:32:13 +0200
Subject: [PATCH] core: fix l3cd comparison Subject: [PATCH] core: fix l3cd comparison
@ -86,5 +86,5 @@ index d4c7f0c5fb..afdd53920d 100644
} }
-- --
2.43.0 2.41.0

@ -1,4 +1,4 @@
From 5b8d8494f9c00de2fd1c7f30aafef4e19566bf6b Mon Sep 17 00:00:00 2001 From 818352a0342358f4c62465aa5b3590b8e5fb924d Mon Sep 17 00:00:00 2001
From: Gris Ge <fge@redhat.com> From: Gris Ge <fge@redhat.com>
Date: Tue, 26 Sep 2023 15:00:32 +0800 Date: Tue, 26 Sep 2023 15:00:32 +0800
Subject: [PATCH 1/2] emit DNS CONFIG_CHANGED signal even dns=none Subject: [PATCH 1/2] emit DNS CONFIG_CHANGED signal even dns=none
@ -86,7 +86,7 @@ index 0b7c9eddca..d9e7643fa2 100644
2.41.0 2.41.0
From a2c92e569d7bf99365dc809529f863f03d426241 Mon Sep 17 00:00:00 2001 From 206d974bfbd3f0496d2263ec8a12ee58ce085b0e Mon Sep 17 00:00:00 2001
From: Gris Ge <fge@redhat.com> From: Gris Ge <fge@redhat.com>
Date: Wed, 18 Oct 2023 15:03:13 +0800 Date: Wed, 18 Oct 2023 15:03:13 +0800
Subject: [PATCH 2/2] dispatch `dns-change` dispatcher event Subject: [PATCH 2/2] dispatch `dns-change` dispatcher event

@ -1,4 +1,4 @@
From 51901a2266d7d1ffd3465906c55064c512cb075d Mon Sep 17 00:00:00 2001 From c62f49f07ed84b266427feb53469109d8878c496 Mon Sep 17 00:00:00 2001
From: Gris Ge <fge@redhat.com> From: Gris Ge <fge@redhat.com>
Date: Wed, 12 Jul 2023 16:22:03 +0800 Date: Wed, 12 Jul 2023 16:22:03 +0800
Subject: [PATCH] device: do not set MAC address on iface with index <=0 Subject: [PATCH] device: do not set MAC address on iface with index <=0

@ -1,4 +1,4 @@
From a55f8f9151878f8a0c634316713abd2c77dfaea9 Mon Sep 17 00:00:00 2001 From e49026b4856fd492eb6e30a18133414841eeb609 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com> From: Thomas Haller <thaller@redhat.com>
Date: Wed, 3 May 2023 11:43:33 +0200 Date: Wed, 3 May 2023 11:43:33 +0200
Subject: [PATCH 1/5] libnm/trivial: rename internal connection-get-setting Subject: [PATCH 1/5] libnm/trivial: rename internal connection-get-setting
@ -376,7 +376,7 @@ index 67a9034dcc..fc4bc51c17 100644
2.41.0 2.41.0
From 91bae3c3bd5a80cab7950f8d85a9669ca1f721fe Mon Sep 17 00:00:00 2001 From 15f0394acf2b0866190a3f603150a7e1ee96833c Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com> From: Thomas Haller <thaller@redhat.com>
Date: Thu, 4 May 2023 11:34:58 +0200 Date: Thu, 4 May 2023 11:34:58 +0200
Subject: [PATCH 2/5] libnm: cleanup redundant nm_connection_get_setting Subject: [PATCH 2/5] libnm: cleanup redundant nm_connection_get_setting
@ -566,7 +566,7 @@ index b6f721371f..a4404ba87b 100644
2.41.0 2.41.0
From d78c89ef0a031fde52107d88ce4a0600be16323f Mon Sep 17 00:00:00 2001 From fdf8ad3fdd8ddf03f8acd85a3e8eb4af67722699 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com> From: Thomas Haller <thaller@redhat.com>
Date: Wed, 3 May 2023 12:01:14 +0200 Date: Wed, 3 May 2023 12:01:14 +0200
Subject: [PATCH 3/5] libnm: expose _nm_connection_get_setting_by_metatype() in Subject: [PATCH 3/5] libnm: expose _nm_connection_get_setting_by_metatype() in
@ -640,7 +640,7 @@ index 1857e03bbd..695cd75c04 100644
2.41.0 2.41.0
From 5c2b3730d8ab5ece5aba1ca23adf2e4f624233da Mon Sep 17 00:00:00 2001 From 0a8007057e5075df95a5dfc7ebb35269a2e99266 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com> From: Thomas Haller <thaller@redhat.com>
Date: Wed, 3 May 2023 12:15:47 +0200 Date: Wed, 3 May 2023 12:15:47 +0200
Subject: [PATCH 4/5] core: add nm_settings_connection_get_setting() helper Subject: [PATCH 4/5] core: add nm_settings_connection_get_setting() helper
@ -715,7 +715,7 @@ index 893b0d7b74..68d75ab6f4 100644
2.41.0 2.41.0
From 3e68288800dd1e9499edcc3b32b8d8f61f588b15 Mon Sep 17 00:00:00 2001 From 3608f7e2bbdd0e49450c55a7fbf882d360edfd74 Mon Sep 17 00:00:00 2001
From: Fernando Fernandez Mancera <ffmancera@riseup.net> From: Fernando Fernandez Mancera <ffmancera@riseup.net>
Date: Tue, 4 Jul 2023 12:50:29 +0200 Date: Tue, 4 Jul 2023 12:50:29 +0200
Subject: [PATCH 5/5] utils: extend connection matching function for UUID in Subject: [PATCH 5/5] utils: extend connection matching function for UUID in

@ -1,4 +1,4 @@
From f06345c2ef66cc3df639019026ba46d0795376e8 Mon Sep 17 00:00:00 2001 From f240f3d6d901b78fd50b945f08aa4f9d39625c4e Mon Sep 17 00:00:00 2001
From: Yuki Inoguchi <inoguchi.yuki@fujitsu.com> From: Yuki Inoguchi <inoguchi.yuki@fujitsu.com>
Date: Tue, 10 Oct 2023 17:50:37 +0900 Date: Tue, 10 Oct 2023 17:50:37 +0900
Subject: [PATCH] device: disable IPv6 in NetworkManager when disabled in Subject: [PATCH] device: disable IPv6 in NetworkManager when disabled in

@ -0,0 +1,272 @@
From ccdde35eb8467a272db1c418e6bd44cc998c57a8 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Wed, 19 Jun 2024 20:14:14 +0200
Subject: [PATCH 1/2] nm-daemon-helper: add "service" argument
Introduce a new argument to specify a comma-separated list of NSS
services to use for the "resolve-address" command. For now only accept
"dns" and "files"; the latter can be used to do a lookup into
/etc/hosts.
Note that previously the command failed in presence of extra
arguments. Therefore, when downgrading NetworkManager without
restarting the service, the previously-installed version of the daemon
(newer) would spawn the helper with the extra argument, and the
newly-installed version of the helper (older) would fail. This issue
only impacts hostname resolution and can be fixed by just restarting
the daemon.
In the upgrade path everything works as before, with the only
difference that the helper will use by default both "dns" and "files"
services.
Don't strictly check for the absence of extra arguments, so that in
the future we can introduce more arguments without necessarily break
the downgrade path.
(cherry picked from commit 229bebfae95f789018433900868700c16a20a17b)
(cherry picked from commit c36a74f698cc31fba20d9fd0a74d5cf74b832071)
(cherry picked from commit e86ddd9fc590e3b4462464c0562ab115f654f5d1)
(cherry picked from commit 717db10a9de53e875f0d7a603960c5bca427014e)
(cherry picked from commit f549bdd9c1d026bd34c68e6c0ec6036f1697ada0)
(cherry picked from commit cabef041c8587824875c09675924455f5ca7583c)
---
src/nm-daemon-helper/nm-daemon-helper.c | 68 +++++++++++++++++--------
1 file changed, 47 insertions(+), 21 deletions(-)
diff --git a/src/nm-daemon-helper/nm-daemon-helper.c b/src/nm-daemon-helper/nm-daemon-helper.c
index a447d63cfe..5faacf43f3 100644
--- a/src/nm-daemon-helper/nm-daemon-helper.c
+++ b/src/nm-daemon-helper/nm-daemon-helper.c
@@ -55,26 +55,31 @@ cmd_version(void)
static int
cmd_resolve_address(void)
{
- nm_auto_free char *address = NULL;
+ nm_auto_free char *address = NULL;
+ nm_auto_free char *services = NULL;
union {
struct sockaddr_in in;
struct sockaddr_in6 in6;
} sockaddr;
socklen_t sockaddr_size;
char name[NI_MAXHOST];
+ char *saveptr = NULL;
+ char *service;
+ char *str;
int ret;
address = read_arg();
if (!address)
return RETURN_INVALID_ARGS;
- if (more_args())
- return RETURN_INVALID_ARGS;
+ services = read_arg();
+ if (!services) {
+ /* Called by an old NM version which doesn't support the 'services'
+ * argument. Use both services. */
+ services = strdup("dns,files");
+ }
memset(&sockaddr, 0, sizeof(sockaddr));
-#if defined(__GLIBC__)
- __nss_configure_lookup("hosts", "dns");
-#endif
if (inet_pton(AF_INET, address, &sockaddr.in.sin_addr) == 1) {
sockaddr.in.sin_family = AF_INET;
@@ -85,30 +90,51 @@ cmd_resolve_address(void)
} else
return RETURN_INVALID_ARGS;
- ret = getnameinfo((struct sockaddr *) &sockaddr,
- sockaddr_size,
- name,
- sizeof(name),
- NULL,
- 0,
- NI_NAMEREQD);
- if (ret != 0) {
- if (ret == EAI_SYSTEM) {
+ for (str = services; (service = strtok_r(str, ",", &saveptr)); str = NULL) {
+ if (!NM_IN_STRSET(service, "dns", "files")) {
+ fprintf(stderr, "Unsupported resolver service '%s'\n", service);
+ continue;
+ }
+
+#if defined(__GLIBC__)
+ __nss_configure_lookup("hosts", service);
+#endif
+
+ ret = getnameinfo((struct sockaddr *) &sockaddr,
+ sockaddr_size,
+ name,
+ sizeof(name),
+ NULL,
+ 0,
+ NI_NAMEREQD);
+
+ if (ret == 0) {
+ printf("%s", name);
+ return RETURN_SUCCESS;
+ } else if (ret == EAI_SYSTEM) {
+ char buf[1024];
+ int errsv = errno;
+
fprintf(stderr,
- "getnameinfo() failed: %d (%s), system error: %d (%s)\n",
+ "getnameinfo() via service '%s' failed: %d (%s), system error: %d (%s)\n",
+ service,
ret,
gai_strerror(ret),
errno,
strerror(errno));
} else {
- fprintf(stderr, "getnameinfo() failed: %d (%s)\n", ret, gai_strerror(ret));
+ fprintf(stderr,
+ "getnameinfo() via service '%s' failed: %d (%s)\n",
+ service,
+ ret,
+ gai_strerror(ret));
}
- return RETURN_ERROR;
+#if !defined(__GLIBC__)
+ break;
+#endif
}
- printf("%s", name);
-
- return RETURN_SUCCESS;
+ return RETURN_ERROR;
}
int
--
2.46.0
From c55a3466cc91b7460f7e81f0879ced041db050e7 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Wed, 19 Jun 2024 20:29:37 +0200
Subject: [PATCH 2/2] core: also use /etc/hosts for hostname resolution
Before introducing the hostname lookup via nm-daemon-helper and
systemd-resolved, we used GLib's GResolver which internally relies on
the libc resolver and generally also returns results from /etc/hosts.
With the new mechanism we only ask to systemd-resolved (with
NO_SYNTHESIZE) or perform the lookup via the "dns" NSS module. In both
ways, /etc/hosts is not evaluated.
Since users relied on having the hostname resolved via /etc/hosts,
restore that behavior. Now, after trying the resolution via
systemd-resolved and the "dns" NSS module, we also try via the "files"
NSS module which reads /etc/hosts.
Fixes: 27eae4043b27 ('device: add a nm_device_resolve_address()')
(cherry picked from commit 410afccb32f5814c6aeebec837505e3f94b7408c)
(cherry picked from commit cb54fe7ce9a69b1f8abfd6fa5f2bf83e971ff997)
(cherry picked from commit e3861be84505d795c34347af84bbf73dc4196586)
(cherry picked from commit cfe840784c067981a882fa349f5e8a6704d21c37)
(cherry picked from commit 16946905a675c0530437b277925beeb1bd81bdc8)
(cherry picked from commit 8aaae05f219a8fb1bebb1b6778acdf459acb6c90)
---
src/core/devices/nm-device-utils.c | 49 ++++++++++++++++++++++--------
1 file changed, 36 insertions(+), 13 deletions(-)
diff --git a/src/core/devices/nm-device-utils.c b/src/core/devices/nm-device-utils.c
index 170922eba0..ea6ddc36d4 100644
--- a/src/core/devices/nm-device-utils.c
+++ b/src/core/devices/nm-device-utils.c
@@ -231,14 +231,36 @@ resolve_addr_helper_cb(GObject *source, GAsyncResult *result, gpointer user_data
resolve_addr_complete(info, g_steal_pointer(&output), g_steal_pointer(&error));
}
+typedef enum {
+ RESOLVE_ADDR_SERVICE_NONE = 0x0,
+ RESOLVE_ADDR_SERVICE_DNS = 0x1,
+ RESOLVE_ADDR_SERVICE_FILES = 0x2,
+} ResolveAddrService;
+
static void
-resolve_addr_spawn_helper(ResolveAddrInfo *info)
+resolve_addr_spawn_helper(ResolveAddrInfo *info, ResolveAddrService services)
{
- char addr_str[NM_UTILS_INET_ADDRSTRLEN];
+ char addr_str[NM_UTILS_INET_ADDRSTRLEN];
+ char str[256];
+ char *s = str;
+ gsize len = sizeof(str);
+ gboolean comma = FALSE;
+
+ nm_assert(services != RESOLVE_ADDR_SERVICE_NONE);
+ nm_assert((services & ~(RESOLVE_ADDR_SERVICE_DNS | RESOLVE_ADDR_SERVICE_FILES)) == 0);
+
+ if (services & RESOLVE_ADDR_SERVICE_DNS) {
+ nm_strbuf_append(&s, &len, "%sdns", comma ? "," : "");
+ comma = TRUE;
+ }
+ if (services & RESOLVE_ADDR_SERVICE_FILES) {
+ nm_strbuf_append(&s, &len, "%sfiles", comma ? "," : "");
+ comma = TRUE;
+ }
nm_utils_inet_ntop(info->addr_family, &info->address, addr_str);
- _LOG2D(info, "start lookup via nm-daemon-helper");
- nm_utils_spawn_helper(NM_MAKE_STRV("resolve-address", addr_str),
+ _LOG2D(info, "start lookup via nm-daemon-helper using services: %s", str);
+ nm_utils_spawn_helper(NM_MAKE_STRV("resolve-address", addr_str, str),
g_task_get_cancellable(info->task),
resolve_addr_helper_cb,
info);
@@ -268,27 +290,28 @@ resolve_addr_resolved_cb(NMDnsSystemdResolved *resolved,
dbus_error = g_dbus_error_get_remote_error(error);
if (NM_STR_HAS_PREFIX(dbus_error, "org.freedesktop.resolve1.")) {
/* systemd-resolved is enabled but it couldn't resolve the
- * address via DNS. Don't fall back to spawning the helper,
- * because the helper will possibly ask again to
+ * address via DNS. Spawn again the helper to check if we
+ * can find a result in /etc/hosts. Don't enable the 'dns'
+ * service otherwise the helper will possibly ask again to
* systemd-resolved (via /etc/resolv.conf), potentially using
* other protocols than DNS or returning synthetic results.
*
- * Consider the error as the final indication that the address
- * can't be resolved.
- *
* See: https://www.freedesktop.org/wiki/Software/systemd/resolved/#commonerrors
*/
- resolve_addr_complete(info, NULL, g_error_copy(error));
+ resolve_addr_spawn_helper(info, RESOLVE_ADDR_SERVICE_FILES);
return;
}
- resolve_addr_spawn_helper(info);
+ /* systemd-resolved couldn't be contacted, use the helper */
+ resolve_addr_spawn_helper(info, RESOLVE_ADDR_SERVICE_DNS | RESOLVE_ADDR_SERVICE_FILES);
return;
}
if (names_len == 0) {
_LOG2D(info, "systemd-resolved returned no result");
- resolve_addr_complete(info, g_strdup(""), NULL);
+ /* We passed the NO_SYNTHESIZE flag and so systemd-resolved
+ * didn't look into /etc/hosts. Spawn the helper for that. */
+ resolve_addr_spawn_helper(info, RESOLVE_ADDR_SERVICE_FILES);
return;
}
@@ -352,7 +375,7 @@ nm_device_resolve_address(int addr_family,
return;
}
- resolve_addr_spawn_helper(info);
+ resolve_addr_spawn_helper(info, RESOLVE_ADDR_SERVICE_DNS | RESOLVE_ADDR_SERVICE_FILES);
}
char *
--
2.46.0

@ -0,0 +1,64 @@
From 70557e65436d6906233434d4db490edced586b3a Mon Sep 17 00:00:00 2001
From: Gris Ge <fge@redhat.com>
Date: Wed, 11 Dec 2024 22:22:59 +0800
Subject: [PATCH 1/1] vpn: Place gateway route to table defined in
ipvx.route-table
Previously, NM create direct route to gateway to main(254) route table
regardless `ipvx.route-table` value.
Fixed by setting `NMPlatformIP4Route.table_any` to `TRUE`.
Resolves: https://issues.redhat.com/browse/RHEL-69901
Signed-off-by: Gris Ge <fge@redhat.com>
(cherry picked from commit 6d06286f1db7421bef1c4dab5fada918c59daf87)
(cherry picked from commit 29f23d3519dbb4dcffc9682fbdfb721cfc0b851c)
(cherry picked from commit 0dc07c5ca4d32b5ea8e104cbad106da9bb5b096d)
(cherry picked from commit 6a04a966c28dbe04e3bd608af06a66cf0af89d21)
(cherry picked from commit 70060d84f268250fd0bead2928eba8739e3eb486)
(cherry picked from commit b92a07713c17eb55fb3f0cfa4c757e379c432e17)
(cherry picked from commit 2aadb5dcb08f2874f153a4e256a893ae5a99ff1e)
---
src/core/vpn/nm-vpn-connection.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/core/vpn/nm-vpn-connection.c b/src/core/vpn/nm-vpn-connection.c
index bbb7355016..1607d2013a 100644
--- a/src/core/vpn/nm-vpn-connection.c
+++ b/src/core/vpn/nm-vpn-connection.c
@@ -1239,6 +1239,7 @@ _parent_device_l3cd_add_gateway_route(NML3ConfigData *l3cd,
.gateway = parent_gw.addr4,
.rt_source = NM_IP_CONFIG_SOURCE_VPN,
.metric_any = TRUE,
+ .table_any = TRUE,
};
} else {
route.r6 = (NMPlatformIP6Route){
@@ -1248,6 +1249,7 @@ _parent_device_l3cd_add_gateway_route(NML3ConfigData *l3cd,
.gateway = parent_gw.addr6,
.rt_source = NM_IP_CONFIG_SOURCE_VPN,
.metric_any = TRUE,
+ .table_any = TRUE,
};
}
nm_l3_config_data_add_route(l3cd, addr_family, NULL, &route.rx);
@@ -1264,6 +1266,7 @@ _parent_device_l3cd_add_gateway_route(NML3ConfigData *l3cd,
.plen = 32,
.rt_source = NM_IP_CONFIG_SOURCE_VPN,
.metric_any = TRUE,
+ .table_any = TRUE,
};
} else {
route.r6 = (NMPlatformIP6Route){
@@ -1271,6 +1274,7 @@ _parent_device_l3cd_add_gateway_route(NML3ConfigData *l3cd,
.plen = 128,
.rt_source = NM_IP_CONFIG_SOURCE_VPN,
.metric_any = TRUE,
+ .table_any = TRUE,
};
}
nm_l3_config_data_add_route(l3cd, addr_family, NULL, &route.rx);
--
2.45.0

@ -0,0 +1,242 @@
From 3fe666c300e9d7022c1e6f583aceeaa1ccc0975e Mon Sep 17 00:00:00 2001
From: Wen Liang <wenliang@redhat.com>
Date: Fri, 20 Dec 2024 10:10:25 -0500
Subject: [PATCH 1/1] vpn: fix routing rules support in vpn conenctions
This commit introduces the ability to manage routing rules specifically
for VPN connections. These rules allow finer control over traffic
routing by enabling the specification of policy-based routing for
traffic over the VPN.
- Updated the connection backend to apply rules during VPN activation.
- Ensured proper cleanup of routing rules upon VPN deactivation.
This enhancement improves VPN usability in scenarios requiring advanced
routing configurations, such as split tunneling and traffic
prioritization.
Resolves: https://issues.redhat.com/browse/RHEL-70160
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2092
https://gitlab.freedesktop.org/NetworkManager/NetworkManager-ci/-/merge_requests/1842
(cherry picked from commit 308e34a501482d01c1cc6c87c38791ad9f34dc1f)
(cherry picked from commit a24b347e93e37b04aa0f5698efcb462c02517c09)
(cherry picked from commit b5c46f8a8d644e1c5a6dc07e06d5dab3338e9a91)
(cherry picked from commit 7824d5e5ae5db78abdc6fa24453d939198a5d1da)
(cherry picked from commit f5e8217f77863742ac17b2ad30134a14125acd40)
(cherry picked from commit dcbe04ef5f8bf947d1da4e55a1b9b0ca498d852d)
(cherry picked from commit 49a8b0650f2a19c0e16e2912c88b8e74c5aa8feb)
---
src/core/devices/nm-device.c | 62 +++++++++++++++++++-------------
src/core/devices/nm-device.h | 6 ++++
src/core/vpn/nm-vpn-connection.c | 7 +++-
3 files changed, 50 insertions(+), 25 deletions(-)
diff --git a/src/core/devices/nm-device.c b/src/core/devices/nm-device.c
index e54942440f..9c4e581e68 100644
--- a/src/core/devices/nm-device.c
+++ b/src/core/devices/nm-device.c
@@ -9577,31 +9577,34 @@ lldp_setup(NMDevice *self, NMTernary enabled)
* as externally added ones. Don't restart NetworkManager if
* you care about that.
*/
-static void
-_routing_rules_sync(NMDevice *self, NMTernary set_mode)
+void
+nm_routing_rules_sync(NMConnection *applied_connection,
+ NMTernary set_mode,
+ GPtrArray *(*get_extra_rules)(NMDevice *self),
+ NMDevice *self,
+ NMNetns *netns)
{
- NMDevicePrivate *priv = NM_DEVICE_GET_PRIVATE(self);
- NMPGlobalTracker *global_tracker = nm_netns_get_global_tracker(nm_device_get_netns(self));
- NMDeviceClass *klass = NM_DEVICE_GET_CLASS(self);
+ NMPGlobalTracker *global_tracker = nm_netns_get_global_tracker(netns);
gboolean untrack_only_dirty = FALSE;
gboolean keep_deleted_rules;
gpointer user_tag_1;
gpointer user_tag_2;
- /* take two arbitrary user-tag pointers that belong to @self. */
- user_tag_1 = &priv->v4_route_table;
- user_tag_2 = &priv->v6_route_table;
+ if (self) {
+ user_tag_1 = ((guint32 *) self) + 1;
+ user_tag_2 = ((guint32 *) self) + 2;
+ } else {
+ user_tag_1 = ((guint32 *) applied_connection) + 1;
+ user_tag_2 = ((guint32 *) applied_connection) + 2;
+ }
if (set_mode == NM_TERNARY_TRUE) {
- NMConnection *applied_connection;
NMSettingIPConfig *s_ip;
guint i, num;
int is_ipv4;
untrack_only_dirty = TRUE;
- applied_connection = nm_device_get_applied_connection(self);
-
for (is_ipv4 = 0; applied_connection && is_ipv4 < 2; is_ipv4++) {
int addr_family = is_ipv4 ? AF_INET : AF_INET6;
@@ -9628,10 +9631,10 @@ _routing_rules_sync(NMDevice *self, NMTernary set_mode)
}
}
- if (klass->get_extra_rules) {
+ if (get_extra_rules) {
gs_unref_ptrarray GPtrArray *extra_rules = NULL;
- extra_rules = klass->get_extra_rules(self);
+ extra_rules = get_extra_rules(self);
if (extra_rules) {
for (i = 0; i < extra_rules->len; i++) {
nmp_global_tracker_track_rule(
@@ -9646,7 +9649,7 @@ _routing_rules_sync(NMDevice *self, NMTernary set_mode)
}
nmp_global_tracker_untrack_all(global_tracker, user_tag_1, !untrack_only_dirty, TRUE);
- if (klass->get_extra_rules)
+ if (get_extra_rules)
nmp_global_tracker_untrack_all(global_tracker, user_tag_2, !untrack_only_dirty, TRUE);
keep_deleted_rules = FALSE;
@@ -9706,8 +9709,8 @@ tc_commit(NMDevice *self)
static void
activate_stage2_device_config(NMDevice *self)
{
- NMDevicePrivate *priv = NM_DEVICE_GET_PRIVATE(self);
- NMDeviceClass *klass;
+ NMDevicePrivate *priv = NM_DEVICE_GET_PRIVATE(self);
+ NMDeviceClass *klass = NM_DEVICE_GET_CLASS(self);
NMActStageReturn ret;
NMSettingWired *s_wired;
gboolean no_firmware = FALSE;
@@ -9730,7 +9733,11 @@ activate_stage2_device_config(NMDevice *self)
priv->tc_committed = TRUE;
}
- _routing_rules_sync(self, NM_TERNARY_TRUE);
+ nm_routing_rules_sync(nm_device_get_applied_connection(self),
+ NM_TERNARY_TRUE,
+ klass->get_extra_rules,
+ self,
+ nm_device_get_netns(self));
if (!nm_device_sys_iface_state_is_external_or_assume(self)) {
if (!nm_device_bring_up_full(self, FALSE, TRUE, &no_firmware)) {
@@ -9742,7 +9749,6 @@ activate_stage2_device_config(NMDevice *self)
}
}
- klass = NM_DEVICE_GET_CLASS(self);
if (klass->act_stage2_config_also_for_external_or_assume
|| !nm_device_sys_iface_state_is_external_or_assume(self)) {
NMDeviceStateReason failure_reason = NM_DEVICE_STATE_REASON_NONE;
@@ -12984,7 +12990,11 @@ check_and_reapply_connection(NMDevice *self,
nm_device_activate_schedule_stage3_ip_config(self, FALSE);
- _routing_rules_sync(self, NM_TERNARY_TRUE);
+ nm_routing_rules_sync(nm_device_get_applied_connection(self),
+ NM_TERNARY_TRUE,
+ klass->get_extra_rules,
+ self,
+ nm_device_get_netns(self));
reactivate_proxy_config(self);
@@ -15450,6 +15460,7 @@ static void
nm_device_cleanup(NMDevice *self, NMDeviceStateReason reason, CleanupType cleanup_type)
{
NMDevicePrivate *priv;
+ NMDeviceClass *klass = NM_DEVICE_GET_CLASS(self);
int ifindex;
g_return_if_fail(NM_IS_DEVICE(self));
@@ -15474,8 +15485,8 @@ nm_device_cleanup(NMDevice *self, NMDeviceStateReason reason, CleanupType cleanu
}
/* Call device type-specific deactivation */
- if (NM_DEVICE_GET_CLASS(self)->deactivate)
- NM_DEVICE_GET_CLASS(self)->deactivate(self);
+ if (klass->deactivate)
+ klass->deactivate(self);
ifindex = nm_device_get_ip_ifindex(self);
@@ -15497,8 +15508,11 @@ nm_device_cleanup(NMDevice *self, NMDeviceStateReason reason, CleanupType cleanu
priv->tc_committed = FALSE;
- _routing_rules_sync(self,
- cleanup_type == CLEANUP_TYPE_KEEP ? NM_TERNARY_DEFAULT : NM_TERNARY_FALSE);
+ nm_routing_rules_sync(nm_device_get_applied_connection(self),
+ cleanup_type == CLEANUP_TYPE_KEEP ? NM_TERNARY_DEFAULT : NM_TERNARY_FALSE,
+ klass->get_extra_rules,
+ self,
+ nm_device_get_netns(self));
if (ifindex > 0)
nm_platform_ip4_dev_route_blacklist_set(nm_device_get_platform(self), ifindex, NULL);
@@ -15527,7 +15541,7 @@ nm_device_cleanup(NMDevice *self, NMDeviceStateReason reason, CleanupType cleanu
/* for other device states (UNAVAILABLE, DISCONNECTED), allow the
* device to overwrite the reset behavior, so that Wi-Fi can set
* a randomized MAC address used during scanning. */
- NM_DEVICE_GET_CLASS(self)->deactivate_reset_hw_addr(self);
+ klass->deactivate_reset_hw_addr(self);
}
}
diff --git a/src/core/devices/nm-device.h b/src/core/devices/nm-device.h
index 68387a2149..e58c2088b9 100644
--- a/src/core/devices/nm-device.h
+++ b/src/core/devices/nm-device.h
@@ -821,4 +821,10 @@ nm_device_get_hostname_from_dns_lookup(NMDevice *self, int addr_family, gboolean
void nm_device_clear_dns_lookup_data(NMDevice *self, const char *reason);
+void nm_routing_rules_sync(NMConnection *applied_connection,
+ NMTernary set_mode,
+ GPtrArray *(*get_extra_rules)(NMDevice *self),
+ NMDevice *self,
+ NMNetns *netns);
+
#endif /* __NETWORKMANAGER_DEVICE_H__ */
diff --git a/src/core/vpn/nm-vpn-connection.c b/src/core/vpn/nm-vpn-connection.c
index 1607d2013a..0068b52bc3 100644
--- a/src/core/vpn/nm-vpn-connection.c
+++ b/src/core/vpn/nm-vpn-connection.c
@@ -903,7 +903,8 @@ fw_call_cleanup(NMVpnConnection *self)
static void
vpn_cleanup(NMVpnConnection *self, NMDevice *parent_dev)
{
- const char *iface;
+ NMVpnConnectionPrivate *priv = NM_VPN_CONNECTION_GET_PRIVATE(self);
+ const char *iface;
/* Remove zone from firewall */
iface = nm_vpn_connection_get_ip_iface(self, FALSE);
@@ -915,6 +916,8 @@ vpn_cleanup(NMVpnConnection *self, NMDevice *parent_dev)
fw_call_cleanup(self);
_l3cfg_l3cd_clear_all(self);
+
+ nm_routing_rules_sync(_get_applied_connection(self), NM_TERNARY_FALSE, NULL, NULL, priv->netns);
}
static void
@@ -2206,6 +2209,8 @@ _dbus_signal_ip_config_cb(NMVpnConnection *self, int addr_family, GVariant *dict
_l3cfg_l3cd_set(self, L3CD_TYPE_IP_X(IS_IPv4), l3cd);
+ nm_routing_rules_sync(_get_applied_connection(self), NM_TERNARY_TRUE, NULL, NULL, priv->netns);
+
_check_complete(self, TRUE);
}
--
2.45.0

@ -6,7 +6,7 @@
%global epoch_version 1 %global epoch_version 1
%global real_version 1.40.16 %global real_version 1.40.16
%global rpm_version %{real_version} %global rpm_version %{real_version}
%global release_version 15 %global release_version 18
%global snapshot %{nil} %global snapshot %{nil}
%global git_sha %{nil} %global git_sha %{nil}
%global bcond_default_debug 0 %global bcond_default_debug 0
@ -205,11 +205,14 @@ Patch1006: 1006-fix-read-infiniband-from-ifcfg-rh2209164.patch
Patch1007: 1007-unblock-autoconnect-on-reapply-rh2207690.patch Patch1007: 1007-unblock-autoconnect-on-reapply-rh2207690.patch
Patch1008: 1008-cloud-setup-fix-terminating-in-reconfig-rh2221903.patch Patch1008: 1008-cloud-setup-fix-terminating-in-reconfig-rh2221903.patch
Patch1009: 1009-manager-allow-controller-activation-if-device-is-dea-rhel-5119.patch Patch1009: 1009-manager-allow-controller-activation-if-device-is-dea-rhel-5119.patch
Patch1010: 1010-better-dispatch-way-for-dns-changes-RHEL-14886.patch Patch1010: 1010-fix-l3cd-comparison-rhel-8423.patch
Patch1011: 1011-device-do-not-set-MAC-address-on-iface-with-index-0-RHEL-17839.patch Patch1011: 1011-dispatch-dns-change-event-rhel-10195.patch
Patch1012: 1012-fix-matching-existing-connection-by-UUID-on-restart-rhel-5122.patch Patch1012: 1012-device-do-not-set-MAC-address-on-iface-with-index-0-rhel-16008.patch
Patch1013: 1013-fix-l3cd-comparison-rhel-20600.patch Patch1013: 1013-fix-matching-existing-connection-by-UUID-on-restart-rhel-5119.patch
Patch1014: 1014-device-disable-IPv6-in-NetworkManager-when-disabled-rhel-24968.patch Patch1014: 1014-device-disable-IPv6-in-NetworkManager-when-disabled-rhel-10450.patch
Patch1015: 1015-use-etc-hosts-for-hostname-resolution-rhel-53200.patch
Patch1016: 1016-vpn-place-gateway-route-to-table-defined-in-ipvx-route-table-rhel-73051.patch
Patch1017: 1017-vpn-fix-routing-rules-support-in-vpn-conenctions-rhel-73052.patch
Requires(post): systemd Requires(post): systemd
%if 0%{?fedora} || 0%{?rhel} >= 8 %if 0%{?fedora} || 0%{?rhel} >= 8
@ -393,7 +396,7 @@ Obsoletes: NetworkManager < %{obsoletes_device_plugins}
# Team was split from main NM binary between 0.9.10 and 1.0 # Team was split from main NM binary between 0.9.10 and 1.0
# We need this Obsoletes in addition to the one above # We need this Obsoletes in addition to the one above
# (git:3aede801521ef7bff039e6e3f1b3c7b566b4338d). # (git:3aede801521ef7bff039e6e3f1b3c7b566b4338d).
Obsoletes: NetworkManager < 1.0.0 Obsoletes: NetworkManager < 1:1.0.0
%endif %endif
%description team %description team
@ -1245,20 +1248,30 @@ fi
%changelog %changelog
* Thu Feb 15 2024 Íñigo Huguet <ihuguet@redhat.com - 1:1.40.16-15 * Tue Jan 07 2025 Wen Liang <wenliang@redhat.com> - 1:1.40.16-18
- Disable IPv6 in NetworkManager when disabled in kernel (RHEL-24968) - vpn: fix routing rules support in vpn conenctions (RHEL-73052)
- vpn: Place gateway route to table defined in ipvx.route-table (RHEL-73051)
* Mon Jan 15 2024 Fernando Fernandez Mancera <ferferna@redhat.com> - 1:1.40.16-14 * Wed Aug 21 2024 Fernando Fernandez Mancera <ferferna@redhat.com> - 1:1.40.16-17
- Fix l3cd comparison (RHEL-20600) - Rebuild to use the right tag
* Fri Dec 08 2023 Wen Liang <wenliang@redhat.com> - 1:1.40.16-13 * Tue Aug 20 2024 Fernando Fernandez Mancera <ferferna@redhat.com> - 1:1.40.16-16
- Fix matching existing connection by UUID on restart (RHEL-5122) - Use /etc/hosts for hostname resolution (RHEL-53200)
* Mon Dec 04 2023 Fernando Fernandez Mancera <ferferna@redhat.com> - 1:1.40.16-12 * Fri Feb 09 2024 Íñigo Huguet <ihuguet@redhat.com> - 1:1.40.16-15
- device: do not set MAC address on iface with index <=0 (RHEL-17839) - Suppress NetworkManager's harmless warning when IPv6 is disabled at kernel level (RHEL-10450)
* Thu Nov 16 2023 Íñigo Huguet <ihuguet@redhat.com> - 1:1.40.16-11 * Tue Dec 12 2023 Wen Liang <wenliang@redhat.com> - 1:1.40.16-14
- New dispatcher event 'dns-change' (RHEL-14886) - Fix matching existing connection by UUID on restart (RHEL-5119)
* Mon Dec 04 2023 Fernando Fernandez <ferferna@redhat.com> - 1:1.40.16-13
- device: do not set MAC address on iface with index <=0 (RHEL-16008)
* Thu Oct 19 2023 Íñigo Huguet <ihuguet@redhat.com> - 1:1.40.16-12
- Dispatch "dns-change" event (RHEL-10195)
* Wed Oct 18 2023 Íñigo Huguet <ihuguet@redhat.com> - 1:1.40.16-11
- Correctly update DNS changes retrieved from DHCPv4 (RHEL-8423)
* Wed Oct 04 2023 Fernando Fernandez Mancera <ferferna@redhat.com> - 1:1.40.16-10 * Wed Oct 04 2023 Fernando Fernandez Mancera <ferferna@redhat.com> - 1:1.40.16-10
- manager: allow controller activation if device is deactivating (RHEL-5119) - manager: allow controller activation if device is deactivating (RHEL-5119)

Loading…
Cancel
Save