parent
e7a0aa413a
commit
7209e53faa
@ -1 +1 @@
|
||||
83eaa880bb7d4d8f178e426c30d17895e117fb79 SOURCES/NetworkManager-1.42.2.tar.xz
|
||||
b3d857c8fdfae1dd36d6bd833cd84a85fcf71880 SOURCES/NetworkManager-1.44.0.tar.xz
|
||||
|
@ -1 +1 @@
|
||||
SOURCES/NetworkManager-1.42.2.tar.xz
|
||||
SOURCES/NetworkManager-1.44.0.tar.xz
|
||||
|
@ -1,138 +0,0 @@
|
||||
From 8848568653c686aec4b9edd2deaa630588533b49 Mon Sep 17 00:00:00 2001
|
||||
From: Beniamino Galvani <bgalvani@redhat.com>
|
||||
Date: Thu, 11 May 2023 13:32:13 +0200
|
||||
Subject: [PATCH] ipv6ll: don't regenerate the address when it's removed
|
||||
externally
|
||||
|
||||
Currently if the IPv6 link-local address is removed after it passed
|
||||
DAD, NetworkManager tries to generate a new link-local address. If
|
||||
this fails, which is always the case for EUI64, ipv6ll is considered
|
||||
as failed and the connection can go down (depending on may-fail).
|
||||
|
||||
This is particularly bad for virtual interfaces because if somebody
|
||||
removes the link-local address, the activation can fail and destroy
|
||||
the interface, breaking all services that require it. Also, it's a
|
||||
change in behavior introduced in 1.36.0.
|
||||
|
||||
It seems that a better approach here is to re-add the address that was
|
||||
removed externally.
|
||||
|
||||
[bgalvani@redhat.com: since the branch is missing commit 7ca95cee15b3
|
||||
('platform: always reconfigure IP routes even if removed externally'),
|
||||
we need to set flag NM_L3CFG_CONFIG_FLAGS_FORCE_ONCE when committing
|
||||
the address, otherwise it's not re-added]
|
||||
|
||||
Fixes: aa070fb82190 ('core: add NML3IPv6LL helper')
|
||||
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1622
|
||||
(cherry picked from commit 53ba9f4701f30b12637df2c7215a0b7da845b34c)
|
||||
(cherry picked from commit 2976e4c3b7fcee06051ce83c9a7fa911ad192dc4)
|
||||
---
|
||||
src/core/nm-l3-ipv6ll.c | 34 ++++++++++++++++++++++------------
|
||||
1 file changed, 22 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/src/core/nm-l3-ipv6ll.c b/src/core/nm-l3-ipv6ll.c
|
||||
index 2e2a6a0a5a..0133ebe6dd 100644
|
||||
--- a/src/core/nm-l3-ipv6ll.c
|
||||
+++ b/src/core/nm-l3-ipv6ll.c
|
||||
@@ -391,7 +391,7 @@ _pladdr_find_ll(NML3IPv6LL *self, gboolean *out_cur_addr_failed)
|
||||
/*****************************************************************************/
|
||||
|
||||
static void
|
||||
-_lladdr_handle_changed(NML3IPv6LL *self)
|
||||
+_lladdr_handle_changed(NML3IPv6LL *self, gboolean force_commit)
|
||||
{
|
||||
const NML3ConfigData *l3cd;
|
||||
gboolean changed = FALSE;
|
||||
@@ -420,7 +420,9 @@ _lladdr_handle_changed(NML3IPv6LL *self)
|
||||
NM_DNS_PRIORITY_DEFAULT_NORMAL,
|
||||
NM_L3_ACD_DEFEND_TYPE_ALWAYS,
|
||||
0,
|
||||
- NM_L3CFG_CONFIG_FLAGS_NONE,
|
||||
+ /* Even if the address was removed from platform, it must
|
||||
+ * be re-added, hence FORCE_ONCE. */
|
||||
+ NM_L3CFG_CONFIG_FLAGS_FORCE_ONCE,
|
||||
NM_L3_CONFIG_MERGE_FLAGS_NONE))
|
||||
changed = TRUE;
|
||||
} else {
|
||||
@@ -434,7 +436,7 @@ _lladdr_handle_changed(NML3IPv6LL *self)
|
||||
self->l3cfg_commit_handle,
|
||||
"ipv6ll");
|
||||
|
||||
- if (changed)
|
||||
+ if (changed || force_commit)
|
||||
nm_l3cfg_commit_on_idle_schedule(self->l3cfg, NM_L3_CFG_COMMIT_TYPE_AUTO);
|
||||
|
||||
if (!self->emit_changed_idle_source) {
|
||||
@@ -515,6 +517,7 @@ _check(NML3IPv6LL *self)
|
||||
const NMPlatformIP6Address *pladdr;
|
||||
char sbuf[INET6_ADDRSTRLEN];
|
||||
gboolean cur_addr_failed;
|
||||
+ gboolean restarted = FALSE;
|
||||
struct in6_addr lladdr;
|
||||
|
||||
pladdr = _pladdr_find_ll(self, &cur_addr_failed);
|
||||
@@ -526,14 +529,14 @@ _check(NML3IPv6LL *self)
|
||||
if (_set_cur_lladdr_obj(self, NM_L3_IPV6LL_STATE_DAD_IN_PROGRESS, pladdr)) {
|
||||
_LOGT("changed: waiting for address %s to complete DAD",
|
||||
nm_inet6_ntop(&self->cur_lladdr, sbuf));
|
||||
- _lladdr_handle_changed(self);
|
||||
+ _lladdr_handle_changed(self, FALSE);
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
if (_set_cur_lladdr_obj(self, NM_L3_IPV6LL_STATE_READY, pladdr)) {
|
||||
_LOGT("changed: address %s is ready", nm_inet6_ntop(&self->cur_lladdr, sbuf));
|
||||
- _lladdr_handle_changed(self);
|
||||
+ _lladdr_handle_changed(self, FALSE);
|
||||
}
|
||||
return;
|
||||
}
|
||||
@@ -543,11 +546,17 @@ _check(NML3IPv6LL *self)
|
||||
* Prematurely abort DAD to generate a new address below. */
|
||||
nm_assert(
|
||||
NM_IN_SET(self->state, NM_L3_IPV6LL_STATE_DAD_IN_PROGRESS, NM_L3_IPV6LL_STATE_READY));
|
||||
- if (self->state == NM_L3_IPV6LL_STATE_DAD_IN_PROGRESS)
|
||||
- _LOGT("changed: address %s did not complete DAD",
|
||||
- nm_inet6_ntop(&self->cur_lladdr, sbuf));
|
||||
- else {
|
||||
+
|
||||
+ if (cur_addr_failed) {
|
||||
+ /* On DAD failure, we always try to regenerate a new address. */
|
||||
+ _LOGT("changed: address %s failed", nm_inet6_ntop(&self->cur_lladdr, sbuf));
|
||||
+ } else {
|
||||
_LOGT("changed: address %s is gone", nm_inet6_ntop(&self->cur_lladdr, sbuf));
|
||||
+ /* When the address is removed, we always try to re-add it. */
|
||||
+ nm_clear_g_source_inst(&self->wait_for_addr_source);
|
||||
+ lladdr = self->cur_lladdr;
|
||||
+ restarted = TRUE;
|
||||
+ goto commit;
|
||||
}
|
||||
|
||||
/* reset the state here, so that we are sure that the following
|
||||
@@ -569,18 +578,19 @@ _check(NML3IPv6LL *self)
|
||||
if (_set_cur_lladdr_bin(self, NM_L3_IPV6LL_STATE_DAD_FAILED, NULL)) {
|
||||
_LOGW("changed: no IPv6 link local address to retry after Duplicate Address Detection "
|
||||
"failures (back off)");
|
||||
- _lladdr_handle_changed(self);
|
||||
+ _lladdr_handle_changed(self, FALSE);
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
+commit:
|
||||
/* we give NML3Cfg 2 seconds to configure the address on the interface. We
|
||||
* thus very soon expect to see this address configured (and kernel started DAD).
|
||||
* If that does not happen within timeout, we assume that this address failed DAD. */
|
||||
self->wait_for_addr_source = nm_g_timeout_add_source(2000, _wait_for_addr_timeout_cb, self);
|
||||
- if (_set_cur_lladdr_bin(self, NM_L3_IPV6LL_STATE_DAD_IN_PROGRESS, &lladdr)) {
|
||||
+ if (_set_cur_lladdr_bin(self, NM_L3_IPV6LL_STATE_DAD_IN_PROGRESS, &lladdr) || restarted) {
|
||||
_LOGT("changed: starting DAD for address %s", nm_inet6_ntop(&self->cur_lladdr, sbuf));
|
||||
- _lladdr_handle_changed(self);
|
||||
+ _lladdr_handle_changed(self, restarted);
|
||||
}
|
||||
return;
|
||||
}
|
||||
--
|
||||
2.39.2
|
||||
|
@ -0,0 +1,54 @@
|
||||
From 6302c2ea52c6c28d36b6006b29823c469e171e2a Mon Sep 17 00:00:00 2001
|
||||
From: Wen Liang <liangwen12year@gmail.com>
|
||||
Date: Thu, 3 Aug 2023 10:16:42 -0400
|
||||
Subject: [PATCH] nm-manager: ensure device is exported on D-Bus in
|
||||
authentication request
|
||||
|
||||
The device authentication request is an async process, it can not know
|
||||
the answer right away, it is not guarantee that device is still
|
||||
exported on D-Bus when authentication finishes. Thus, do not return
|
||||
SUCCESS and abort the authentication request when device is not alive.
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=2210271
|
||||
(cherry picked from commit b341161e2a4988403ae4a6ef7653e01567da36a0)
|
||||
(cherry picked from commit 0e27e84247ed824b27d105292d7bf42dc0341cbb)
|
||||
---
|
||||
src/core/nm-manager.c | 15 +++++++++++++++
|
||||
1 file changed, 15 insertions(+)
|
||||
|
||||
diff --git a/src/core/nm-manager.c b/src/core/nm-manager.c
|
||||
index 9c7212202b..937acbba1e 100644
|
||||
--- a/src/core/nm-manager.c
|
||||
+++ b/src/core/nm-manager.c
|
||||
@@ -3222,6 +3222,13 @@ device_auth_done_cb(NMAuthChain *chain, GDBusMethodInvocation *context, gpointer
|
||||
nm_assert(error || (result == NM_AUTH_CALL_RESULT_YES));
|
||||
}
|
||||
|
||||
+ if (!error && !nm_dbus_object_is_exported(NM_DBUS_OBJECT(device))) {
|
||||
+ g_set_error(&error,
|
||||
+ NM_MANAGER_ERROR,
|
||||
+ NM_MANAGER_ERROR_UNKNOWN_DEVICE,
|
||||
+ "device no longer exists");
|
||||
+ }
|
||||
+
|
||||
callback(device, context, subject, error, nm_auth_chain_get_data(chain, "user-data"));
|
||||
}
|
||||
|
||||
@@ -3287,6 +3294,14 @@ nm_manager_device_auth_request(NMManager *self,
|
||||
&error))
|
||||
goto fail_on_idle;
|
||||
|
||||
+ if (!nm_dbus_object_is_exported(NM_DBUS_OBJECT(device))) {
|
||||
+ g_set_error(&error,
|
||||
+ NM_MANAGER_ERROR,
|
||||
+ NM_MANAGER_ERROR_UNKNOWN_DEVICE,
|
||||
+ "device no longer exists");
|
||||
+ goto fail_on_idle;
|
||||
+ }
|
||||
+
|
||||
chain = nm_auth_chain_new_subject(subject, context, device_auth_done_cb, self);
|
||||
if (cancellable)
|
||||
nm_auth_chain_set_cancellable(chain, cancellable);
|
||||
--
|
||||
2.41.0
|
||||
|
@ -1,270 +0,0 @@
|
||||
From 0ad139d4f8c49ec1c0e511776fc62c415ec5910c Mon Sep 17 00:00:00 2001
|
||||
From: Thomas Haller <thaller@redhat.com>
|
||||
Date: Wed, 24 May 2023 09:44:59 +0200
|
||||
Subject: [PATCH 1/2] Revert "infiniband: avoid normalizing the p-key when
|
||||
reading from ifcfg"
|
||||
|
||||
Historically, initscripts' ifup-ib would set the highest bit of
|
||||
PKEY_ID=. That changed and needs to be restored.
|
||||
|
||||
Note that it probably makes little sense to ever configure p-keys
|
||||
without the highest bit set, because that flag indicates full membership
|
||||
and kernel will automatically add it. At least, kernel will add the flag
|
||||
for the p-key, but not for the automatically chosen interface name.
|
||||
|
||||
Meaning, writing 0x00f0 to create_child sysctl, results in an interface
|
||||
"$parent.00f0", but `ip -d link` shows pkey 0x80f0.
|
||||
|
||||
As NetworkManager otherwise supports p-keys without the highest bit set,
|
||||
and since that high bit is honored for the interface name, we cannot
|
||||
just always add the high bit. NetworkManager always assuming the highest
|
||||
bit is set, would change the interface names of existing configuration.
|
||||
|
||||
With this revert, when a user configures a small p-key and the profile
|
||||
is stored in ifcfg-rh format, the settings backend will automatically
|
||||
mangle the profile and set 0x8000. That is different from when the
|
||||
profile is stored in keyfile format. Since using small p-keys is
|
||||
probably an odd case, we don't try to workaround that any other way
|
||||
(like that ifcfg format could represent the orignal value of the profile
|
||||
and not doing such mangling, or to add the high bit throughout
|
||||
NetworkManager to the p-key). It's an inconsistency, but given the
|
||||
existing behaviors it seems best to stick (revert) to it.
|
||||
|
||||
This reverts commit a4fe16a426097eee263cb3ef831dcea468b1ca26.
|
||||
|
||||
Affected versions were 1.42.2+ and 1.40.2+.
|
||||
|
||||
See-also: https://src.fedoraproject.org/rpms/rdma/blob/05333c3602aa3c1d82a6363521bdd5a498eac6d0/f/rdma.ifup-ib#_75
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=2209164
|
||||
(cherry picked from commit f8e5e07355e23b6d59b1b1c9cd2387c6b40b214b)
|
||||
(cherry picked from commit 76de1b7ec29729af901e7e246387af9fda56f6ac)
|
||||
---
|
||||
.../plugins/ifcfg-rh/nms-ifcfg-rh-reader.c | 18 ++++++
|
||||
.../plugins/ifcfg-rh/tests/test-ifcfg-rh.c | 57 ++++++++++++++-----
|
||||
2 files changed, 60 insertions(+), 15 deletions(-)
|
||||
|
||||
diff --git a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
|
||||
index aa593331c5..c8150782ec 100644
|
||||
--- a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
|
||||
+++ b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
|
||||
@@ -5406,6 +5406,24 @@ parse_infiniband_p_key(shvarFile *ifcfg, int *out_p_key, char **out_parent, GErr
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
+ /* The highest bit 0x8000 indicates full membership, which kernel always
|
||||
+ * automatically sets.
|
||||
+ *
|
||||
+ * NetworkManager supports p-keys without the high bit set. That affects
|
||||
+ * the interface name (nmp_utils_new_infiniband_name()) and is what
|
||||
+ * we write to "create_child"/"delete_child" sysctl. Kernel will honor
|
||||
+ * such p-keys for the interface name, but for other purposes it adds the
|
||||
+ * highest bit. That makes using p-keys without the highest bit odd.
|
||||
+ *
|
||||
+ * Historically, /etc/sysconfig/network-scripts/ifup-ib would always add "|=0x8000".
|
||||
+ * The reader does that too.
|
||||
+ *
|
||||
+ * Note that this means ifcfg cannot handle p-keys without the highest bit set,
|
||||
+ * and when trying to store that to ifcfg format, the profile will be mangled/modified
|
||||
+ * by the ifcg plugin (unlike keyfile backend, which preserves the original p-key value).
|
||||
+ */
|
||||
+ id |= 0x8000;
|
||||
+
|
||||
*out_p_key = id;
|
||||
*out_parent = g_steal_pointer(&physdev);
|
||||
return TRUE;
|
||||
diff --git a/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c b/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c
|
||||
index 40ff7c670e..8714f19682 100644
|
||||
--- a/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c
|
||||
+++ b/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c
|
||||
@@ -8409,21 +8409,21 @@ test_read_ipoib(void)
|
||||
s_infiniband = nmtst_connection_assert_setting(connection, NM_TYPE_SETTING_INFINIBAND);
|
||||
|
||||
pkey = nm_setting_infiniband_get_p_key(s_infiniband);
|
||||
- g_assert(pkey);
|
||||
- g_assert_cmpint(pkey, ==, 12);
|
||||
+ g_assert_cmpint(pkey, ==, 0x800c);
|
||||
|
||||
transport_mode = nm_setting_infiniband_get_transport_mode(s_infiniband);
|
||||
- g_assert(transport_mode);
|
||||
g_assert_cmpstr(transport_mode, ==, "connected");
|
||||
}
|
||||
|
||||
static void
|
||||
test_write_infiniband(gconstpointer test_data)
|
||||
{
|
||||
- const int TEST_IDX = GPOINTER_TO_INT(test_data);
|
||||
- nmtst_auto_unlinkfile char *testfile = NULL;
|
||||
- gs_unref_object NMConnection *connection = NULL;
|
||||
- gs_unref_object NMConnection *reread = NULL;
|
||||
+ const int TEST_IDX = GPOINTER_TO_INT(test_data);
|
||||
+ nmtst_auto_unlinkfile char *testfile = NULL;
|
||||
+ gs_unref_object NMConnection *connection = NULL;
|
||||
+ gs_unref_object NMConnection *expected = NULL;
|
||||
+ gs_unref_object NMConnection *reread = NULL;
|
||||
+ gboolean reread_same = FALSE;
|
||||
NMSettingConnection *s_con;
|
||||
NMSettingInfiniband *s_infiniband;
|
||||
NMSettingIPConfig *s_ip4;
|
||||
@@ -8433,6 +8433,7 @@ test_write_infiniband(gconstpointer test_data)
|
||||
NMIPAddress *addr;
|
||||
GError *error = NULL;
|
||||
const char *interface_name = NULL;
|
||||
+ int p_key;
|
||||
|
||||
connection = nm_simple_connection_new();
|
||||
|
||||
@@ -8448,14 +8449,21 @@ test_write_infiniband(gconstpointer test_data)
|
||||
NM_SETTING_INFINIBAND_SETTING_NAME,
|
||||
NULL);
|
||||
|
||||
- if (NM_IN_SET(TEST_IDX, 1, 3))
|
||||
- interface_name = "ib0.000c";
|
||||
+ if (NM_IN_SET(TEST_IDX, 1, 2))
|
||||
+ p_key = nmtst_get_rand_bool() ? 0x000c : 0x800c;
|
||||
+ else
|
||||
+ p_key = -1;
|
||||
+
|
||||
+ if (NM_IN_SET(TEST_IDX, 1, 3)) {
|
||||
+ if (p_key >= 0x8000)
|
||||
+ interface_name = "ib0.800c";
|
||||
+ }
|
||||
|
||||
g_object_set(s_con, NM_SETTING_CONNECTION_INTERFACE_NAME, interface_name, NULL);
|
||||
|
||||
s_infiniband = _nm_connection_new_setting(connection, NM_TYPE_SETTING_INFINIBAND);
|
||||
g_object_set(s_infiniband, NM_SETTING_INFINIBAND_TRANSPORT_MODE, "connected", NULL);
|
||||
- if (NM_IN_SET(TEST_IDX, 1, 2)) {
|
||||
+ if (p_key == -1) {
|
||||
g_object_set(s_infiniband,
|
||||
NM_SETTING_INFINIBAND_MAC_ADDRESS,
|
||||
mac,
|
||||
@@ -8465,7 +8473,7 @@ test_write_infiniband(gconstpointer test_data)
|
||||
} else {
|
||||
g_object_set(s_infiniband,
|
||||
NM_SETTING_INFINIBAND_P_KEY,
|
||||
- 12,
|
||||
+ p_key,
|
||||
NM_SETTING_INFINIBAND_PARENT,
|
||||
"ib0",
|
||||
NULL);
|
||||
@@ -8494,13 +8502,32 @@ test_write_infiniband(gconstpointer test_data)
|
||||
|
||||
nmtst_assert_connection_verifies(connection);
|
||||
|
||||
- _writer_new_connection(connection, TEST_SCRATCH_DIR, &testfile);
|
||||
-
|
||||
- reread = _connection_from_file(testfile, NULL, TYPE_INFINIBAND, NULL);
|
||||
+ if (p_key != -1 && p_key < 0x8000) {
|
||||
+ expected = nm_simple_connection_new_clone(connection);
|
||||
+ g_object_set(nm_connection_get_setting(expected, NM_TYPE_SETTING_INFINIBAND),
|
||||
+ NM_SETTING_INFINIBAND_P_KEY,
|
||||
+ (int) (p_key | 0x8000),
|
||||
+ NULL);
|
||||
+ } else
|
||||
+ expected = g_object_ref(connection);
|
||||
|
||||
- nmtst_assert_connection_equals(connection, TRUE, reread, FALSE);
|
||||
+ _writer_new_connection_reread(connection,
|
||||
+ TEST_SCRATCH_DIR,
|
||||
+ &testfile,
|
||||
+ NO_EXPECTED,
|
||||
+ &reread,
|
||||
+ &reread_same);
|
||||
+ _assert_reread_same(expected, reread);
|
||||
+ if (p_key == -1 || p_key > 0x8000)
|
||||
+ g_assert(reread_same);
|
||||
+ else
|
||||
+ g_assert(!reread_same);
|
||||
|
||||
g_assert_cmpstr(interface_name, ==, nm_connection_get_interface_name(reread));
|
||||
+ g_assert_cmpint(nm_setting_infiniband_get_p_key(
|
||||
+ _nm_connection_get_setting(reread, NM_TYPE_SETTING_INFINIBAND)),
|
||||
+ ==,
|
||||
+ p_key == -1 ? -1 : (p_key | 0x8000));
|
||||
}
|
||||
|
||||
static void
|
||||
--
|
||||
2.38.1
|
||||
|
||||
|
||||
From 13156501fb6f214eccf22fe6b7447dae9b052b8d Mon Sep 17 00:00:00 2001
|
||||
From: Thomas Haller <thaller@redhat.com>
|
||||
Date: Wed, 24 May 2023 10:44:58 +0200
|
||||
Subject: [PATCH 2/2] libnm/docs: clarify behavior of infiniband.p-key property
|
||||
|
||||
(cherry picked from commit ea18e66ef657b55eca941dca3de4949b950e656b)
|
||||
(cherry picked from commit 2945254e29c58839410127e695e0216763a3dd01)
|
||||
---
|
||||
src/libnm-core-impl/nm-setting-infiniband.c | 19 ++++++++++++++++---
|
||||
src/libnmc-setting/settings-docs.h.in | 2 +-
|
||||
.../gen-metadata-nm-settings-nmcli.xml.in | 2 +-
|
||||
3 files changed, 18 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/src/libnm-core-impl/nm-setting-infiniband.c b/src/libnm-core-impl/nm-setting-infiniband.c
|
||||
index 410f1f0687..7ba5720619 100644
|
||||
--- a/src/libnm-core-impl/nm-setting-infiniband.c
|
||||
+++ b/src/libnm-core-impl/nm-setting-infiniband.c
|
||||
@@ -449,9 +449,20 @@ nm_setting_infiniband_class_init(NMSettingInfinibandClass *klass)
|
||||
* NMSettingInfiniband:p-key:
|
||||
*
|
||||
* The InfiniBand P_Key to use for this device. A value of -1 means to use
|
||||
- * the default P_Key (aka "the P_Key at index 0"). Otherwise, it is a 16-bit
|
||||
- * unsigned integer, whose high bit is set if it is a "full membership"
|
||||
- * P_Key.
|
||||
+ * the default P_Key (aka "the P_Key at index 0"). Otherwise, it is a
|
||||
+ * 16-bit unsigned integer, whose high bit 0x8000 is set if it is a "full
|
||||
+ * membership" P_Key. The values 0 and 0x8000 are not allowed.
|
||||
+ *
|
||||
+ * With the p-key set, the interface name is always "$parent.$p_key".
|
||||
+ * Setting "connection.interface-name" to another name is not supported.
|
||||
+ *
|
||||
+ * Note that kernel will internally always set the full membership bit,
|
||||
+ * although the interface name does not reflect that. Thus, not setting
|
||||
+ * the high bit is probably not useful.
|
||||
+ *
|
||||
+ * If the profile is stored in ifcfg-rh format, then the full membership
|
||||
+ * bit is automatically added. To get consistent behavior, it is
|
||||
+ * best to only use p-key values with the full membership bit set.
|
||||
**/
|
||||
/* ---ifcfg-rh---
|
||||
* property: p-key
|
||||
@@ -460,6 +471,8 @@ nm_setting_infiniband_class_init(NMSettingInfinibandClass *klass)
|
||||
* description: InfiniBand P_Key. The value can be a hex number prefixed with "0x"
|
||||
* or a decimal number.
|
||||
* When PKEY_ID is specified, PHYSDEV and DEVICE also must be specified.
|
||||
+ * Note that ifcfg-rh format will always automatically set the full membership
|
||||
+ * bit 0x8000. Other p-key cannot be stored.
|
||||
* example: PKEY=yes PKEY_ID=2 PHYSDEV=mlx4_ib0 DEVICE=mlx4_ib0.8002
|
||||
* ---end---
|
||||
*/
|
||||
diff --git a/src/libnmc-setting/settings-docs.h.in b/src/libnmc-setting/settings-docs.h.in
|
||||
index cd5b231bb9..00532df93c 100644
|
||||
--- a/src/libnmc-setting/settings-docs.h.in
|
||||
+++ b/src/libnmc-setting/settings-docs.h.in
|
||||
@@ -153,7 +153,7 @@
|
||||
#define DESCRIBE_DOC_NM_SETTING_GSM_USERNAME N_("The username used to authenticate with the network, if required. Many providers do not require a username, or accept any username. But if a username is required, it is specified here.")
|
||||
#define DESCRIBE_DOC_NM_SETTING_INFINIBAND_MAC_ADDRESS N_("If specified, this connection will only apply to the IPoIB device whose permanent MAC address matches. This property does not change the MAC address of the device (i.e. MAC spoofing).")
|
||||
#define DESCRIBE_DOC_NM_SETTING_INFINIBAND_MTU N_("If non-zero, only transmit packets of the specified size or smaller, breaking larger packets up into multiple frames.")
|
||||
-#define DESCRIBE_DOC_NM_SETTING_INFINIBAND_P_KEY N_("The InfiniBand P_Key to use for this device. A value of -1 means to use the default P_Key (aka \"the P_Key at index 0\"). Otherwise, it is a 16-bit unsigned integer, whose high bit is set if it is a \"full membership\" P_Key.")
|
||||
+#define DESCRIBE_DOC_NM_SETTING_INFINIBAND_P_KEY N_("The InfiniBand P_Key to use for this device. A value of -1 means to use the default P_Key (aka \"the P_Key at index 0\"). Otherwise, it is a 16-bit unsigned integer, whose high bit 0x8000 is set if it is a \"full membership\" P_Key. The values 0 and 0x8000 are not allowed. With the p-key set, the interface name is always \"$parent.$p_key\". Setting \"connection.interface-name\" to another name is not supported. Note that kernel will internally always set the full membership bit, although the interface name does not reflect that. Thus, not setting the high bit is probably not useful. If the profile is stored in ifcfg-rh format, then the full membership bit is automatically added. To get consistent behavior, it is best to only use p-key values with the full membership bit set.")
|
||||
#define DESCRIBE_DOC_NM_SETTING_INFINIBAND_PARENT N_("The interface name of the parent device of this device. Normally NULL, but if the \"p_key\" property is set, then you must specify the base device by setting either this property or \"mac-address\".")
|
||||
#define DESCRIBE_DOC_NM_SETTING_INFINIBAND_TRANSPORT_MODE N_("The IP-over-InfiniBand transport mode. Either \"datagram\" or \"connected\".")
|
||||
#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_ADDRESSES N_("A list of IPv4 addresses and their prefix length. Multiple addresses can be separated by comma. For example \"192.168.1.5/24, 10.1.0.5/24\". The addresses are listed in decreasing priority, meaning the first address will be the primary address.")
|
||||
diff --git a/src/nmcli/gen-metadata-nm-settings-nmcli.xml.in b/src/nmcli/gen-metadata-nm-settings-nmcli.xml.in
|
||||
index dfea3c3440..3d2bb5186b 100644
|
||||
--- a/src/nmcli/gen-metadata-nm-settings-nmcli.xml.in
|
||||
+++ b/src/nmcli/gen-metadata-nm-settings-nmcli.xml.in
|
||||
@@ -611,7 +611,7 @@
|
||||
description="The IP-over-InfiniBand transport mode. Either "datagram" or "connected"." />
|
||||
<property name="p-key"
|
||||
alias="p-key"
|
||||
- description="The InfiniBand P_Key to use for this device. A value of -1 means to use the default P_Key (aka "the P_Key at index 0"). Otherwise, it is a 16-bit unsigned integer, whose high bit is set if it is a "full membership" P_Key." />
|
||||
+ description="The InfiniBand P_Key to use for this device. A value of -1 means to use the default P_Key (aka "the P_Key at index 0"). Otherwise, it is a 16-bit unsigned integer, whose high bit 0x8000 is set if it is a "full membership" P_Key. The values 0 and 0x8000 are not allowed. With the p-key set, the interface name is always "$parent.$p_key". Setting "connection.interface-name" to another name is not supported. Note that kernel will internally always set the full membership bit, although the interface name does not reflect that. Thus, not setting the high bit is probably not useful. If the profile is stored in ifcfg-rh format, then the full membership bit is automatically added. To get consistent behavior, it is best to only use p-key values with the full membership bit set." />
|
||||
<property name="parent"
|
||||
alias="parent"
|
||||
description="The interface name of the parent device of this device. Normally NULL, but if the "p_key" property is set, then you must specify the base device by setting either this property or "mac-address"." />
|
||||
--
|
||||
2.38.1
|
||||
|
@ -0,0 +1,67 @@
|
||||
From d9b3114b6ef8e0f4d50a8d56d750a698d85fa984 Mon Sep 17 00:00:00 2001
|
||||
From: Gris Ge <fge@redhat.com>
|
||||
Date: Tue, 29 Aug 2023 08:25:23 +0800
|
||||
Subject: [PATCH] checkpoint: Fix segfault crash when rollback
|
||||
|
||||
When rolling back a checkpoint, NM will crash due to dereference a NULL
|
||||
pointer of `priv->removed_devices->len`.
|
||||
|
||||
To fix it, we just place a NULL check before that code block.
|
||||
|
||||
Fixes: 1f1b71ad9f8a ('checkpoint: preserve devices that were removed and
|
||||
readded')
|
||||
|
||||
Reference: https://issues.redhat.com/browse/RHEL-1526
|
||||
|
||||
Signed-off-by: Gris Ge <fge@redhat.com>
|
||||
(cherry picked from commit 3162507d6ca381cfbe02ceba2d80ba0f3ba3e5f7)
|
||||
(cherry picked from commit e5600d4c5a33749939b984184f27fbe4159a2b65)
|
||||
---
|
||||
src/core/nm-checkpoint.c | 23 +++++++++++++----------
|
||||
1 file changed, 13 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/src/core/nm-checkpoint.c b/src/core/nm-checkpoint.c
|
||||
index 5c4d4e53d6..74adf48477 100644
|
||||
--- a/src/core/nm-checkpoint.c
|
||||
+++ b/src/core/nm-checkpoint.c
|
||||
@@ -460,24 +460,27 @@ next_dev:
|
||||
NMDeviceState state;
|
||||
|
||||
nm_manager_for_each_device (priv->manager, device, tmp_lst) {
|
||||
- gboolean found = FALSE;
|
||||
-
|
||||
if (g_hash_table_contains(priv->devices, device))
|
||||
continue;
|
||||
|
||||
/* Also ignore devices that were in the checkpoint initially and
|
||||
* were moved to 'removed_devices' because they got removed from
|
||||
* the system. */
|
||||
- for (i = 0; i < priv->removed_devices->len; i++) {
|
||||
- dev_checkpoint = priv->removed_devices->pdata[i];
|
||||
- if (dev_checkpoint->dev_type == nm_device_get_device_type(device)
|
||||
- && nm_streq0(dev_checkpoint->original_dev_name, nm_device_get_iface(device))) {
|
||||
- found = TRUE;
|
||||
- break;
|
||||
+ if (priv->removed_devices) {
|
||||
+ gboolean found = FALSE;
|
||||
+
|
||||
+ for (i = 0; i < priv->removed_devices->len; i++) {
|
||||
+ dev_checkpoint = priv->removed_devices->pdata[i];
|
||||
+ if (dev_checkpoint->dev_type == nm_device_get_device_type(device)
|
||||
+ && nm_streq0(dev_checkpoint->original_dev_name,
|
||||
+ nm_device_get_iface(device))) {
|
||||
+ found = TRUE;
|
||||
+ break;
|
||||
+ }
|
||||
}
|
||||
+ if (found)
|
||||
+ continue;
|
||||
}
|
||||
- if (found)
|
||||
- continue;
|
||||
|
||||
state = nm_device_get_state(device);
|
||||
if (state > NM_DEVICE_STATE_DISCONNECTED && state < NM_DEVICE_STATE_DEACTIVATING) {
|
||||
--
|
||||
2.41.0
|
||||
|
@ -1,45 +0,0 @@
|
||||
From 18ce5f43bd16b3cc394424619652c782cb3795c3 Mon Sep 17 00:00:00 2001
|
||||
From: Gris Ge <fge@redhat.com>
|
||||
Date: Tue, 27 Jun 2023 15:02:54 +0800
|
||||
Subject: [PATCH] setting-connection: Unblock autoconnect upon finish of
|
||||
`Reapply`
|
||||
|
||||
The activation of a connection will clear the block of autoconnect,
|
||||
we should do the same for reapply.
|
||||
|
||||
Signed-off-by: Gris Ge <fge@redhat.com>
|
||||
(cherry picked from commit 0486efd3584c70179072f611e63b9c0ff6851b80)
|
||||
---
|
||||
src/core/devices/nm-device.c | 9 +++++++++
|
||||
1 file changed, 9 insertions(+)
|
||||
|
||||
diff --git a/src/core/devices/nm-device.c b/src/core/devices/nm-device.c
|
||||
index c168fa045d..62a9ff1e84 100644
|
||||
--- a/src/core/devices/nm-device.c
|
||||
+++ b/src/core/devices/nm-device.c
|
||||
@@ -12902,6 +12902,7 @@ check_and_reapply_connection(NMDevice *self,
|
||||
NMConnection *con_old;
|
||||
NMConnection *con_new;
|
||||
GHashTableIter iter;
|
||||
+ NMSettingsConnection *sett_conn;
|
||||
|
||||
if (priv->state < NM_DEVICE_STATE_PREPARE || priv->state > NM_DEVICE_STATE_ACTIVATED) {
|
||||
g_set_error_literal(error,
|
||||
@@ -13074,6 +13075,14 @@ check_and_reapply_connection(NMDevice *self,
|
||||
if (priv->state >= NM_DEVICE_STATE_ACTIVATED)
|
||||
nm_device_update_metered(self);
|
||||
|
||||
+ sett_conn = nm_device_get_settings_connection(self);
|
||||
+ if (sett_conn) {
|
||||
+ nm_settings_connection_autoconnect_blocked_reason_set(
|
||||
+ sett_conn,
|
||||
+ NM_SETTINGS_AUTO_CONNECT_BLOCKED_REASON_USER_REQUEST,
|
||||
+ FALSE);
|
||||
+ }
|
||||
+
|
||||
/* Notify dispatcher when re-applied */
|
||||
_LOGD(LOGD_DEVICE, "Notifying re-apply complete");
|
||||
nm_dispatcher_call_device(NM_DISPATCHER_ACTION_REAPPLY, self, NULL, NULL, NULL, NULL);
|
||||
--
|
||||
2.39.3
|
||||
|
@ -1,88 +0,0 @@
|
||||
From d6f13aefda85ea06985e7fe2f776abd8ee0406cf Mon Sep 17 00:00:00 2001
|
||||
From: Beniamino Galvani <bgalvani@redhat.com>
|
||||
Date: Fri, 24 Mar 2023 17:42:45 +0100
|
||||
Subject: [PATCH] core: fix l3cd comparison
|
||||
|
||||
NM_CMP_SELF(a, b) returns immediately if the objects are the same.
|
||||
|
||||
Fixes: cb29244552af ('core: support compare flags in nm_l3_config_data_cmp_full()')
|
||||
Fixes-test: @dracut_NM_iSCSI_ibft_table
|
||||
|
||||
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1583
|
||||
(cherry picked from commit 0a02995175e06e62924705393121a1c5efc3822d)
|
||||
(cherry picked from commit 5d95c20787077a91d684259d67f2e0ff3a1d7a1a)
|
||||
---
|
||||
src/core/nm-l3-config-data.c | 54 +++++++++++++++++++-----------------
|
||||
1 file changed, 28 insertions(+), 26 deletions(-)
|
||||
|
||||
diff --git a/src/core/nm-l3-config-data.c b/src/core/nm-l3-config-data.c
|
||||
index 17bb9db87d..d5dedb9c8a 100644
|
||||
--- a/src/core/nm-l3-config-data.c
|
||||
+++ b/src/core/nm-l3-config-data.c
|
||||
@@ -2297,35 +2297,37 @@ nm_l3_config_data_cmp_full(const NML3ConfigData *a,
|
||||
const NMPObject *def_route_a = a->best_default_route_x[IS_IPv4];
|
||||
const NMPObject *def_route_b = b->best_default_route_x[IS_IPv4];
|
||||
|
||||
- NM_CMP_SELF(def_route_a, def_route_b);
|
||||
-
|
||||
- if (NM_FLAGS_HAS(flags, NM_L3_CONFIG_CMP_FLAGS_ROUTES)) {
|
||||
- NM_CMP_RETURN(nmp_object_cmp_full(def_route_a,
|
||||
- def_route_b,
|
||||
- NM_FLAGS_HAS(flags, NM_L3_CONFIG_CMP_FLAGS_IFINDEX)
|
||||
- ? NMP_OBJECT_CMP_FLAGS_NONE
|
||||
- : NMP_OBJECT_CMP_FLAGS_IGNORE_IFINDEX));
|
||||
- } else if (NM_FLAGS_HAS(flags, NM_L3_CONFIG_CMP_FLAGS_ROUTES_ID)) {
|
||||
- if (NM_FLAGS_HAS(flags, NM_L3_CONFIG_CMP_FLAGS_IFINDEX)) {
|
||||
- NM_CMP_DIRECT(def_route_a->obj_with_ifindex.ifindex,
|
||||
- def_route_b->obj_with_ifindex.ifindex);
|
||||
- }
|
||||
+ if (def_route_a != def_route_b) {
|
||||
+ if (NM_FLAGS_HAS(flags, NM_L3_CONFIG_CMP_FLAGS_ROUTES)) {
|
||||
+ NM_CMP_RETURN(
|
||||
+ nmp_object_cmp_full(def_route_a,
|
||||
+ def_route_b,
|
||||
+ NM_FLAGS_HAS(flags, NM_L3_CONFIG_CMP_FLAGS_IFINDEX)
|
||||
+ ? NMP_OBJECT_CMP_FLAGS_NONE
|
||||
+ : NMP_OBJECT_CMP_FLAGS_IGNORE_IFINDEX));
|
||||
+ } else if (NM_FLAGS_HAS(flags, NM_L3_CONFIG_CMP_FLAGS_ROUTES_ID)) {
|
||||
+ if (NM_FLAGS_HAS(flags, NM_L3_CONFIG_CMP_FLAGS_IFINDEX)) {
|
||||
+ NM_CMP_DIRECT(def_route_a->obj_with_ifindex.ifindex,
|
||||
+ def_route_b->obj_with_ifindex.ifindex);
|
||||
+ }
|
||||
|
||||
- if (IS_IPv4) {
|
||||
- NMPlatformIP4Route ra = def_route_a->ip4_route;
|
||||
- NMPlatformIP4Route rb = def_route_b->ip4_route;
|
||||
+ if (IS_IPv4) {
|
||||
+ NMPlatformIP4Route ra = def_route_a->ip4_route;
|
||||
+ NMPlatformIP4Route rb = def_route_b->ip4_route;
|
||||
|
||||
- NM_CMP_DIRECT(ra.metric, rb.metric);
|
||||
- NM_CMP_DIRECT(ra.plen, rb.plen);
|
||||
- NM_CMP_RETURN_DIRECT(nm_ip4_addr_same_prefix_cmp(ra.network, rb.network, ra.plen));
|
||||
- } else {
|
||||
- NMPlatformIP6Route ra = def_route_a->ip6_route;
|
||||
- NMPlatformIP6Route rb = def_route_b->ip6_route;
|
||||
+ NM_CMP_DIRECT(ra.metric, rb.metric);
|
||||
+ NM_CMP_DIRECT(ra.plen, rb.plen);
|
||||
+ NM_CMP_RETURN_DIRECT(
|
||||
+ nm_ip4_addr_same_prefix_cmp(ra.network, rb.network, ra.plen));
|
||||
+ } else {
|
||||
+ NMPlatformIP6Route ra = def_route_a->ip6_route;
|
||||
+ NMPlatformIP6Route rb = def_route_b->ip6_route;
|
||||
|
||||
- NM_CMP_DIRECT(ra.metric, rb.metric);
|
||||
- NM_CMP_DIRECT(ra.plen, rb.plen);
|
||||
- NM_CMP_RETURN_DIRECT(
|
||||
- nm_ip6_addr_same_prefix_cmp(&ra.network, &rb.network, ra.plen));
|
||||
+ NM_CMP_DIRECT(ra.metric, rb.metric);
|
||||
+ NM_CMP_DIRECT(ra.plen, rb.plen);
|
||||
+ NM_CMP_RETURN_DIRECT(
|
||||
+ nm_ip6_addr_same_prefix_cmp(&ra.network, &rb.network, ra.plen));
|
||||
+ }
|
||||
}
|
||||
}
|
||||
|
||||
--
|
||||
2.38.1
|
||||
|
@ -1,530 +0,0 @@
|
||||
From c00002b12d34c12d418f5753e03df43ecb6ef67d Mon Sep 17 00:00:00 2001
|
||||
From: Thomas Haller <thaller@redhat.com>
|
||||
Date: Wed, 10 May 2023 08:37:06 +0200
|
||||
Subject: [PATCH 1/5] glib-aux: add
|
||||
NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_DOUBLE_QUOTE flag to escape double quotes
|
||||
|
||||
This is useful when printing a string for debugging. Then we can
|
||||
printf("v=\"%s\"", utf8safe_escaped_text), which can be safely unescaped
|
||||
with `echo -e`.
|
||||
|
||||
(cherry picked from commit c26a94e95551021d86cae6fc0e6aafb97b1363f6)
|
||||
(cherry picked from commit 18848c77c7a44b179ad0c582ac60cee7602d1786)
|
||||
---
|
||||
src/libnm-glib-aux/nm-shared-utils.c | 21 +++++++++++++--------
|
||||
src/libnm-glib-aux/nm-shared-utils.h | 8 ++++++--
|
||||
2 files changed, 19 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/src/libnm-glib-aux/nm-shared-utils.c b/src/libnm-glib-aux/nm-shared-utils.c
|
||||
index 702a63e9f6..49f2c93e35 100644
|
||||
--- a/src/libnm-glib-aux/nm-shared-utils.c
|
||||
+++ b/src/libnm-glib-aux/nm-shared-utils.c
|
||||
@@ -2755,13 +2755,16 @@ nm_utils_buf_utf8safe_escape(gconstpointer buf,
|
||||
if (g_utf8_validate(str, buflen, &p) && nul_terminated) {
|
||||
/* note that g_utf8_validate() does not allow NUL character inside @str. Good.
|
||||
* We can treat @str like a NUL terminated string. */
|
||||
- if (!NM_STRCHAR_ANY(str,
|
||||
- ch,
|
||||
- (ch == '\\'
|
||||
- || (NM_FLAGS_HAS(flags, NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_CTRL)
|
||||
- && nm_ascii_is_ctrl_or_del(ch))
|
||||
- || (NM_FLAGS_HAS(flags, NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_NON_ASCII)
|
||||
- && nm_ascii_is_non_ascii(ch)))))
|
||||
+ if (!NM_STRCHAR_ANY(
|
||||
+ str,
|
||||
+ ch,
|
||||
+ (ch == '\\'
|
||||
+ || (NM_FLAGS_HAS(flags, NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_CTRL)
|
||||
+ && nm_ascii_is_ctrl_or_del(ch))
|
||||
+ || (NM_FLAGS_HAS(flags, NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_NON_ASCII)
|
||||
+ && nm_ascii_is_non_ascii(ch))
|
||||
+ || (NM_FLAGS_HAS(flags, NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_DOUBLE_QUOTE)
|
||||
+ && ch == '"'))))
|
||||
return str;
|
||||
}
|
||||
|
||||
@@ -2781,7 +2784,9 @@ nm_utils_buf_utf8safe_escape(gconstpointer buf,
|
||||
else if ((NM_FLAGS_HAS(flags, NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_CTRL)
|
||||
&& nm_ascii_is_ctrl_or_del(ch))
|
||||
|| (NM_FLAGS_HAS(flags, NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_NON_ASCII)
|
||||
- && nm_ascii_is_non_ascii(ch)))
|
||||
+ && nm_ascii_is_non_ascii(ch))
|
||||
+ || (NM_FLAGS_HAS(flags, NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_DOUBLE_QUOTE)
|
||||
+ && ch == '"'))
|
||||
_str_buf_append_c_escape_octal(&strbuf, ch);
|
||||
else
|
||||
nm_str_buf_append_c(&strbuf, ch);
|
||||
diff --git a/src/libnm-glib-aux/nm-shared-utils.h b/src/libnm-glib-aux/nm-shared-utils.h
|
||||
index 083ed137ee..ad24e7c427 100644
|
||||
--- a/src/libnm-glib-aux/nm-shared-utils.h
|
||||
+++ b/src/libnm-glib-aux/nm-shared-utils.h
|
||||
@@ -1243,12 +1243,16 @@ typedef enum {
|
||||
* It will backslash escape ascii characters according to nm_ascii_is_non_ascii(). */
|
||||
NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_NON_ASCII = 0x0002,
|
||||
|
||||
+ /* Escape '"' as ASCII "\\042". This is useful when escaping a string so that
|
||||
+ * it can be unescaped with `echo -e $PASTE_TEXT`. */
|
||||
+ NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_DOUBLE_QUOTE = 0x0004,
|
||||
+
|
||||
/* This flag only has an effect during escaping to ensure we
|
||||
* don't leak secrets in memory. Note that during unescape we
|
||||
* know the maximum result size from the beginning, and no
|
||||
* reallocation happens. Thus, unescape always avoids leaking
|
||||
* secrets already. */
|
||||
- NM_UTILS_STR_UTF8_SAFE_FLAG_SECRET = 0x0004,
|
||||
+ NM_UTILS_STR_UTF8_SAFE_FLAG_SECRET = 0x0008,
|
||||
|
||||
/* This flag only has an effect during unescaping. It means
|
||||
* that non-escaped whitespaces (g_ascii_isspace()) will be
|
||||
@@ -1256,7 +1260,7 @@ typedef enum {
|
||||
* this flag is only useful for gracefully accepting user input
|
||||
* with spaces. With this flag, escape and unescape may no longer
|
||||
* yield the original input. */
|
||||
- NM_UTILS_STR_UTF8_SAFE_UNESCAPE_STRIP_SPACES = 0x0008,
|
||||
+ NM_UTILS_STR_UTF8_SAFE_UNESCAPE_STRIP_SPACES = 0x0010,
|
||||
} NMUtilsStrUtf8SafeFlags;
|
||||
|
||||
const char *nm_utils_buf_utf8safe_escape(gconstpointer buf,
|
||||
--
|
||||
2.41.0
|
||||
|
||||
|
||||
From 668d8caff3b0a8ea45a63ef9676f05d87428825d Mon Sep 17 00:00:00 2001
|
||||
From: Thomas Haller <thaller@redhat.com>
|
||||
Date: Wed, 10 May 2023 08:41:00 +0200
|
||||
Subject: [PATCH 2/5] glib-aux: add nmtst_assert_cmpmem() helper
|
||||
|
||||
g_assert_cmpmem() exists, but it does not print the actual buffer
|
||||
content on test failure. It is useful to see what actually failed in
|
||||
the test output.
|
||||
|
||||
Also, nmtst_assert_cmpmem() prints a backslash escaped output, that you
|
||||
can unescape in the terminal with `echo -e`. You can also directly copy
|
||||
and paste the output to C source code.
|
||||
|
||||
(cherry picked from commit 3c3938406dd825f6a0d9e6e55319f0f68a6e2f83)
|
||||
(cherry picked from commit 4ec00efca9154029f377f8498ef4bd3bd9b4cfa9)
|
||||
---
|
||||
src/libnm-glib-aux/nm-test-utils.h | 48 ++++++++++++++++++++++++++++++
|
||||
1 file changed, 48 insertions(+)
|
||||
|
||||
diff --git a/src/libnm-glib-aux/nm-test-utils.h b/src/libnm-glib-aux/nm-test-utils.h
|
||||
index b65818e00a..a55977d1ce 100644
|
||||
--- a/src/libnm-glib-aux/nm-test-utils.h
|
||||
+++ b/src/libnm-glib-aux/nm-test-utils.h
|
||||
@@ -203,6 +203,54 @@
|
||||
} \
|
||||
G_STMT_END
|
||||
|
||||
+#define nmtst_assert_cmpmem(m1, l1, m2, l2) \
|
||||
+ G_STMT_START \
|
||||
+ { \
|
||||
+ const guint8 *const _m1 = (gpointer) (m1); \
|
||||
+ const guint8 *const _m2 = (gpointer) (m2); \
|
||||
+ const gsize _l1 = (l1); \
|
||||
+ const gsize _l2 = (l2); \
|
||||
+ \
|
||||
+ /* This is like g_assert_cmpmem(), however on failure it actually
|
||||
+ * prints the compared buffer contents, which is useful for debugging
|
||||
+ * the test failure. */ \
|
||||
+ \
|
||||
+ g_assert(_l1 == 0 || _m1); \
|
||||
+ g_assert(_l2 == 0 || _m2); \
|
||||
+ \
|
||||
+ if (_l1 != _l2 || (_l1 > 0 && memcmp(_m1, _m2, _l1) != 0)) { \
|
||||
+ gs_free char *_s1 = NULL; \
|
||||
+ gs_free char *_s2 = NULL; \
|
||||
+ \
|
||||
+ g_error( \
|
||||
+ "ERROR: %s:%d : buffer [\"%s\" (%s, %zu bytes)] differs from [\"%s\" (%s, %zu " \
|
||||
+ "bytes)]:\n" \
|
||||
+ " a=[ \"%s\" ]\n" \
|
||||
+ " b=[ \"%s\" ]\n", \
|
||||
+ __FILE__, \
|
||||
+ (int) __LINE__, \
|
||||
+ #m1, \
|
||||
+ #l1, \
|
||||
+ _l1, \
|
||||
+ #m2, \
|
||||
+ #l2, \
|
||||
+ _l2, \
|
||||
+ (_s1 = nm_utils_buf_utf8safe_escape_cp( \
|
||||
+ _m1, \
|
||||
+ _l1, \
|
||||
+ NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_CTRL \
|
||||
+ | NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_DOUBLE_QUOTE)) \
|
||||
+ ?: "", \
|
||||
+ (_s2 = nm_utils_buf_utf8safe_escape_cp( \
|
||||
+ _m2, \
|
||||
+ _l2, \
|
||||
+ NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_CTRL \
|
||||
+ | NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_DOUBLE_QUOTE)) \
|
||||
+ ?: ""); \
|
||||
+ } \
|
||||
+ } \
|
||||
+ G_STMT_END
|
||||
+
|
||||
/*****************************************************************************/
|
||||
|
||||
/* Our nm-error error numbers use negative values to signal failure.
|
||||
--
|
||||
2.41.0
|
||||
|
||||
|
||||
From 90b9aa2be6ec9ee3527edf146d6fce74cb2d9926 Mon Sep 17 00:00:00 2001
|
||||
From: Thomas Haller <thaller@redhat.com>
|
||||
Date: Wed, 10 May 2023 07:44:52 +0200
|
||||
Subject: [PATCH 3/5] bond: don't configure "counter" on nft rules for
|
||||
slb-bonding/mlag
|
||||
|
||||
Counters are convenient for debugging, but have a performance overhead.
|
||||
Configure them only when debug logging in NetworkManager is enabled.
|
||||
|
||||
(cherry picked from commit 2c716f04f9b75ed8df70314920a705b48c36c8eb)
|
||||
(cherry picked from commit 7bb285abb70d76dff33517252b71d0b8f96adc41)
|
||||
---
|
||||
src/core/nm-bond-manager.c | 8 ++++++-
|
||||
src/core/nm-firewall-utils.c | 43 +++++++++++++++++++++---------------
|
||||
src/core/nm-firewall-utils.h | 3 ++-
|
||||
3 files changed, 34 insertions(+), 20 deletions(-)
|
||||
|
||||
diff --git a/src/core/nm-bond-manager.c b/src/core/nm-bond-manager.c
|
||||
index 2d15b0b5a0..9985fccf11 100644
|
||||
--- a/src/core/nm-bond-manager.c
|
||||
+++ b/src/core/nm-bond-manager.c
|
||||
@@ -438,6 +438,7 @@ _nft_call(NMBondManager *self,
|
||||
{
|
||||
gs_unref_bytes GBytes *stdin_buf = NULL;
|
||||
gs_free const char *const *previous_members_strv = NULL;
|
||||
+ gboolean with_counters;
|
||||
|
||||
if (up) {
|
||||
gs_unref_ptrarray GPtrArray *arr = NULL;
|
||||
@@ -480,11 +481,16 @@ _nft_call(NMBondManager *self,
|
||||
}
|
||||
}
|
||||
|
||||
+ /* counters in the nft rules are convenient for debugging, but have a performance overhead.
|
||||
+ * Enable counters based on whether NM logging is enabled. */
|
||||
+ with_counters = _NMLOG_ENABLED(LOGL_TRACE);
|
||||
+
|
||||
stdin_buf = nm_firewall_nft_stdio_mlag(up,
|
||||
bond_ifname,
|
||||
bond_ifnames_down,
|
||||
active_members,
|
||||
- previous_members_strv);
|
||||
+ previous_members_strv,
|
||||
+ with_counters);
|
||||
|
||||
nm_clear_g_cancellable(&self->cancellable);
|
||||
self->cancellable = g_cancellable_new();
|
||||
diff --git a/src/core/nm-firewall-utils.c b/src/core/nm-firewall-utils.c
|
||||
index f231583a21..b8ae4397bf 100644
|
||||
--- a/src/core/nm-firewall-utils.c
|
||||
+++ b/src/core/nm-firewall-utils.c
|
||||
@@ -763,13 +763,15 @@ nm_firewall_nft_stdio_mlag(gboolean up,
|
||||
const char *bond_ifname,
|
||||
const char *const *bond_ifnames_down,
|
||||
const char *const *active_members,
|
||||
- const char *const *previous_members)
|
||||
+ const char *const *previous_members,
|
||||
+ gboolean with_counters)
|
||||
{
|
||||
nm_auto_str_buf NMStrBuf strbuf_table_name =
|
||||
NM_STR_BUF_INIT_A(NM_UTILS_GET_NEXT_REALLOC_SIZE_32, FALSE);
|
||||
nm_auto_str_buf NMStrBuf strbuf = NM_STR_BUF_INIT(NM_UTILS_GET_NEXT_REALLOC_SIZE_1000, FALSE);
|
||||
const char *table_name;
|
||||
gsize i;
|
||||
+ const char *const s_counter = with_counters ? " counter" : "";
|
||||
|
||||
if (NM_MORE_ASSERTS > 10 && active_members) {
|
||||
/* No duplicates. We make certain assumptions here, and we don't
|
||||
@@ -876,9 +878,10 @@ nm_firewall_nft_stdio_mlag(gboolean up,
|
||||
_append(&strbuf,
|
||||
"add rule netdev %s %s pkttype {"
|
||||
" broadcast, multicast "
|
||||
- "} counter drop",
|
||||
+ "}%s drop",
|
||||
table_name,
|
||||
- chain_name);
|
||||
+ chain_name,
|
||||
+ s_counter);
|
||||
}
|
||||
|
||||
/* OVS SLB rule 2
|
||||
@@ -905,15 +908,17 @@ nm_firewall_nft_stdio_mlag(gboolean up,
|
||||
table_name,
|
||||
bond_ifname);
|
||||
_append(&strbuf,
|
||||
- "add rule netdev %s tx-snoop-source-mac set update ether saddr . vlan id"
|
||||
- " timeout 5s @macset-tagged counter return"
|
||||
+ "add rule netdev %s tx-snoop-source-mac set update ether saddr . vlan id "
|
||||
+ "timeout 5s @macset-tagged%s return"
|
||||
"", /* tagged */
|
||||
- table_name);
|
||||
+ table_name,
|
||||
+ s_counter);
|
||||
_append(&strbuf,
|
||||
- "add rule netdev %s tx-snoop-source-mac set update ether saddr"
|
||||
- " timeout 5s @macset-untagged counter"
|
||||
+ "add rule netdev %s tx-snoop-source-mac set update ether saddr timeout 5s "
|
||||
+ "@macset-untagged%s"
|
||||
"", /* untagged*/
|
||||
- table_name);
|
||||
+ table_name,
|
||||
+ s_counter);
|
||||
|
||||
_append(&strbuf,
|
||||
"add chain netdev %s rx-drop-looped-packets {"
|
||||
@@ -921,18 +926,20 @@ nm_firewall_nft_stdio_mlag(gboolean up,
|
||||
"}",
|
||||
table_name,
|
||||
bond_ifname);
|
||||
+ _append(
|
||||
+ &strbuf,
|
||||
+ "add rule netdev %s rx-drop-looped-packets ether saddr . vlan id @macset-tagged%s drop",
|
||||
+ table_name,
|
||||
+ s_counter);
|
||||
_append(&strbuf,
|
||||
- "add rule netdev %s rx-drop-looped-packets ether saddr . vlan id"
|
||||
- " @macset-tagged counter drop",
|
||||
- table_name);
|
||||
- _append(&strbuf,
|
||||
- "add rule netdev %s rx-drop-looped-packets ether type vlan counter return"
|
||||
+ "add rule netdev %s rx-drop-looped-packets ether type vlan%s return"
|
||||
"", /* avoid looking up tagged packets in untagged table */
|
||||
- table_name);
|
||||
+ table_name,
|
||||
+ s_counter);
|
||||
_append(&strbuf,
|
||||
- "add rule netdev %s rx-drop-looped-packets ether saddr @macset-untagged"
|
||||
- " counter drop",
|
||||
- table_name);
|
||||
+ "add rule netdev %s rx-drop-looped-packets ether saddr @macset-untagged%s drop",
|
||||
+ table_name,
|
||||
+ s_counter);
|
||||
}
|
||||
|
||||
out:
|
||||
diff --git a/src/core/nm-firewall-utils.h b/src/core/nm-firewall-utils.h
|
||||
index ca138ccf78..9f13a5127e 100644
|
||||
--- a/src/core/nm-firewall-utils.h
|
||||
+++ b/src/core/nm-firewall-utils.h
|
||||
@@ -39,6 +39,7 @@ GBytes *nm_firewall_nft_stdio_mlag(gboolean up,
|
||||
const char *bond_ifname,
|
||||
const char *const *bond_ifnames_down,
|
||||
const char *const *active_members,
|
||||
- const char *const *previous_members);
|
||||
+ const char *const *previous_members,
|
||||
+ gboolean with_counters);
|
||||
|
||||
#endif /* __NM_FIREWALL_UTILS_H__ */
|
||||
--
|
||||
2.41.0
|
||||
|
||||
|
||||
From 863171b69d72053d0b6bfafe510af62098c218d8 Mon Sep 17 00:00:00 2001
|
||||
From: Thomas Haller <thaller@redhat.com>
|
||||
Date: Wed, 10 May 2023 08:42:49 +0200
|
||||
Subject: [PATCH 4/5] core/tests: add test for nm_firewall_nft_stdio_mlag()
|
||||
|
||||
If only to hit some of the code paths in our test, and to have valgrind
|
||||
check (some of) the code paths.
|
||||
|
||||
(cherry picked from commit a20d4a7a912a7e7a535318bc7294ebd8b6bb6655)
|
||||
(cherry picked from commit 8e7d94b10c50a4ce963ddf441752522183b35ab3)
|
||||
---
|
||||
src/core/tests/test-core.c | 122 +++++++++++++++++++++++++++++++++++++
|
||||
1 file changed, 122 insertions(+)
|
||||
|
||||
diff --git a/src/core/tests/test-core.c b/src/core/tests/test-core.c
|
||||
index 887803bffe..d90e44f04f 100644
|
||||
--- a/src/core/tests/test-core.c
|
||||
+++ b/src/core/tests/test-core.c
|
||||
@@ -18,6 +18,7 @@
|
||||
|
||||
#include "dns/nm-dns-manager.h"
|
||||
#include "nm-connectivity.h"
|
||||
+#include "nm-firewall-utils.h"
|
||||
|
||||
#include "nm-test-utils-core.h"
|
||||
|
||||
@@ -2580,6 +2581,125 @@ test_connectivity_state_cmp(void)
|
||||
|
||||
/*****************************************************************************/
|
||||
|
||||
+static void
|
||||
+test_nm_firewall_nft_stdio_mlag(void)
|
||||
+{
|
||||
+#define _T(up, \
|
||||
+ bond_ifname, \
|
||||
+ bond_ifnames_down, \
|
||||
+ active_members, \
|
||||
+ previous_members, \
|
||||
+ with_counters, \
|
||||
+ expected) \
|
||||
+ G_STMT_START \
|
||||
+ { \
|
||||
+ gs_unref_bytes GBytes *_b = NULL; \
|
||||
+ \
|
||||
+ _b = nm_firewall_nft_stdio_mlag((up), \
|
||||
+ (bond_ifname), \
|
||||
+ (bond_ifnames_down), \
|
||||
+ (active_members), \
|
||||
+ (previous_members), \
|
||||
+ (with_counters)); \
|
||||
+ \
|
||||
+ g_assert(_b); \
|
||||
+ nmtst_assert_cmpmem(expected, \
|
||||
+ NM_STRLEN(expected), \
|
||||
+ g_bytes_get_data(_b, NULL), \
|
||||
+ g_bytes_get_size(_b)); \
|
||||
+ } \
|
||||
+ G_STMT_END
|
||||
+
|
||||
+ _T(TRUE,
|
||||
+ "bond0",
|
||||
+ NM_MAKE_STRV("eth0"),
|
||||
+ NM_MAKE_STRV("eth1"),
|
||||
+ NM_MAKE_STRV("eth2"),
|
||||
+ TRUE,
|
||||
+ "add table netdev nm-mlag-eth0\012delete table netdev nm-mlag-eth0\012add table netdev "
|
||||
+ "nm-mlag-bond0\012flush table netdev nm-mlag-bond0\012add chain netdev nm-mlag-bond0 "
|
||||
+ "rx-drop-bc-mc-eth2 { type filter hook ingress device eth2 priority filter; }\012delete "
|
||||
+ "chain netdev nm-mlag-bond0 rx-drop-bc-mc-eth2\012add chain netdev nm-mlag-bond0 "
|
||||
+ "rx-drop-bc-mc-eth1 { type filter hook ingress device eth1 priority filter; }\012delete "
|
||||
+ "chain netdev nm-mlag-bond0 rx-drop-bc-mc-eth1\012add set netdev nm-mlag-bond0 "
|
||||
+ "macset-tagged { typeof ether saddr . vlan id; flags dynamic,timeout; }\012add set netdev "
|
||||
+ "nm-mlag-bond0 macset-untagged { typeof ether saddr; flags dynamic,timeout; }\012add chain "
|
||||
+ "netdev nm-mlag-bond0 tx-snoop-source-mac { type filter hook egress device bond0 priority "
|
||||
+ "filter; }\012add rule netdev nm-mlag-bond0 tx-snoop-source-mac set update ether saddr . "
|
||||
+ "vlan id timeout 5s @macset-tagged counter return\012add rule netdev nm-mlag-bond0 "
|
||||
+ "tx-snoop-source-mac set update ether saddr timeout 5s @macset-untagged counter\012add "
|
||||
+ "chain netdev nm-mlag-bond0 rx-drop-looped-packets { type filter hook ingress device bond0 "
|
||||
+ "priority filter; }\012add rule netdev nm-mlag-bond0 rx-drop-looped-packets ether saddr . "
|
||||
+ "vlan id @macset-tagged counter drop\012add rule netdev nm-mlag-bond0 "
|
||||
+ "rx-drop-looped-packets ether type vlan counter return\012add rule netdev nm-mlag-bond0 "
|
||||
+ "rx-drop-looped-packets ether saddr @macset-untagged counter drop\012");
|
||||
+
|
||||
+ _T(TRUE,
|
||||
+ "bond0",
|
||||
+ NM_MAKE_STRV("eth0"),
|
||||
+ NM_MAKE_STRV("eth1"),
|
||||
+ NM_MAKE_STRV("eth2"),
|
||||
+ FALSE,
|
||||
+ "add table netdev nm-mlag-eth0\012delete table netdev nm-mlag-eth0\012add table netdev "
|
||||
+ "nm-mlag-bond0\012flush table netdev nm-mlag-bond0\012add chain netdev nm-mlag-bond0 "
|
||||
+ "rx-drop-bc-mc-eth2 { type filter hook ingress device eth2 priority filter; }\012delete "
|
||||
+ "chain netdev nm-mlag-bond0 rx-drop-bc-mc-eth2\012add chain netdev nm-mlag-bond0 "
|
||||
+ "rx-drop-bc-mc-eth1 { type filter hook ingress device eth1 priority filter; }\012delete "
|
||||
+ "chain netdev nm-mlag-bond0 rx-drop-bc-mc-eth1\012add set netdev nm-mlag-bond0 "
|
||||
+ "macset-tagged { typeof ether saddr . vlan id; flags dynamic,timeout; }\012add set netdev "
|
||||
+ "nm-mlag-bond0 macset-untagged { typeof ether saddr; flags dynamic,timeout; }\012add chain "
|
||||
+ "netdev nm-mlag-bond0 tx-snoop-source-mac { type filter hook egress device bond0 priority "
|
||||
+ "filter; }\012add rule netdev nm-mlag-bond0 tx-snoop-source-mac set update ether saddr . "
|
||||
+ "vlan id timeout 5s @macset-tagged return\012add rule netdev nm-mlag-bond0 "
|
||||
+ "tx-snoop-source-mac set update ether saddr timeout 5s @macset-untagged\012add chain netdev "
|
||||
+ "nm-mlag-bond0 rx-drop-looped-packets { type filter hook ingress device bond0 priority "
|
||||
+ "filter; }\012add rule netdev nm-mlag-bond0 rx-drop-looped-packets ether saddr . vlan id "
|
||||
+ "@macset-tagged drop\012add rule netdev nm-mlag-bond0 rx-drop-looped-packets ether type "
|
||||
+ "vlan return\012add rule netdev nm-mlag-bond0 rx-drop-looped-packets ether saddr "
|
||||
+ "@macset-untagged drop\012");
|
||||
+
|
||||
+ _T(TRUE,
|
||||
+ "bond0",
|
||||
+ NM_MAKE_STRV("eth0", "eth1"),
|
||||
+ NM_MAKE_STRV("eth2", "eth3"),
|
||||
+ NM_MAKE_STRV("eth4", "eth5"),
|
||||
+ FALSE,
|
||||
+ "add table netdev nm-mlag-eth0\012delete table netdev nm-mlag-eth0\012add table netdev "
|
||||
+ "nm-mlag-eth1\012delete table netdev nm-mlag-eth1\012add table netdev "
|
||||
+ "nm-mlag-bond0\012flush table netdev nm-mlag-bond0\012add chain netdev nm-mlag-bond0 "
|
||||
+ "rx-drop-bc-mc-eth4 { type filter hook ingress device eth4 priority filter; }\012delete "
|
||||
+ "chain netdev nm-mlag-bond0 rx-drop-bc-mc-eth4\012add chain netdev nm-mlag-bond0 "
|
||||
+ "rx-drop-bc-mc-eth5 { type filter hook ingress device eth5 priority filter; }\012delete "
|
||||
+ "chain netdev nm-mlag-bond0 rx-drop-bc-mc-eth5\012add chain netdev nm-mlag-bond0 "
|
||||
+ "rx-drop-bc-mc-eth2 { type filter hook ingress device eth2 priority filter; }\012delete "
|
||||
+ "chain netdev nm-mlag-bond0 rx-drop-bc-mc-eth2\012add chain netdev nm-mlag-bond0 "
|
||||
+ "rx-drop-bc-mc-eth3 { type filter hook ingress device eth3 priority filter; }\012add rule "
|
||||
+ "netdev nm-mlag-bond0 rx-drop-bc-mc-eth3 pkttype { broadcast, multicast } drop\012add set "
|
||||
+ "netdev nm-mlag-bond0 macset-tagged { typeof ether saddr . vlan id; flags dynamic,timeout; "
|
||||
+ "}\012add set netdev nm-mlag-bond0 macset-untagged { typeof ether saddr; flags "
|
||||
+ "dynamic,timeout; }\012add chain netdev nm-mlag-bond0 tx-snoop-source-mac { type filter "
|
||||
+ "hook egress device bond0 priority filter; }\012add rule netdev nm-mlag-bond0 "
|
||||
+ "tx-snoop-source-mac set update ether saddr . vlan id timeout 5s @macset-tagged "
|
||||
+ "return\012add rule netdev nm-mlag-bond0 tx-snoop-source-mac set update ether saddr timeout "
|
||||
+ "5s @macset-untagged\012add chain netdev nm-mlag-bond0 rx-drop-looped-packets { type filter "
|
||||
+ "hook ingress device bond0 priority filter; }\012add rule netdev nm-mlag-bond0 "
|
||||
+ "rx-drop-looped-packets ether saddr . vlan id @macset-tagged drop\012add rule netdev "
|
||||
+ "nm-mlag-bond0 rx-drop-looped-packets ether type vlan return\012add rule netdev "
|
||||
+ "nm-mlag-bond0 rx-drop-looped-packets ether saddr @macset-untagged drop\012");
|
||||
+
|
||||
+ _T(FALSE,
|
||||
+ "bond0",
|
||||
+ NM_MAKE_STRV("eth0", "eth1"),
|
||||
+ NM_MAKE_STRV("eth2", "eth3"),
|
||||
+ NM_MAKE_STRV("eth4", "eth5"),
|
||||
+ FALSE,
|
||||
+ "add table netdev nm-mlag-eth0\012delete table netdev nm-mlag-eth0\012add table netdev "
|
||||
+ "nm-mlag-eth1\012delete table netdev nm-mlag-eth1\012add table netdev "
|
||||
+ "nm-mlag-bond0\012delete table netdev nm-mlag-bond0\012");
|
||||
+}
|
||||
+
|
||||
+/*****************************************************************************/
|
||||
+
|
||||
NMTST_DEFINE();
|
||||
|
||||
int
|
||||
@@ -2654,5 +2774,7 @@ main(int argc, char **argv)
|
||||
g_test_add_func("/core/general/test_kernel_cmdline_match_check",
|
||||
test_kernel_cmdline_match_check);
|
||||
|
||||
+ g_test_add_func("/core/test_nm_firewall_nft_stdio_mlag", test_nm_firewall_nft_stdio_mlag);
|
||||
+
|
||||
return g_test_run();
|
||||
}
|
||||
--
|
||||
2.41.0
|
||||
|
||||
|
||||
From e981987cd4315c0d37f980b28c02c35340d81a2f Mon Sep 17 00:00:00 2001
|
||||
From: Thomas Haller <thaller@redhat.com>
|
||||
Date: Tue, 2 May 2023 08:54:21 +0200
|
||||
Subject: [PATCH 5/5] firewall: create "dynamic" sets for nft rules for
|
||||
slb-bonding
|
||||
|
||||
A workaround for a nftables issue ([1]). I don't know why that matters.
|
||||
|
||||
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2177667
|
||||
|
||||
Fixes: e9268e392418 ('firewall: add mlag firewall utils for multi chassis link aggregation (MLAG) for bonding-slb')
|
||||
|
||||
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1614
|
||||
(cherry picked from commit d3b54963622f242db1ebeda21dedd9558b484355)
|
||||
(cherry picked from commit 0d9d753523bc30bfd42519e1716a2d7e447f011e)
|
||||
---
|
||||
src/core/nm-firewall-utils.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/core/nm-firewall-utils.c b/src/core/nm-firewall-utils.c
|
||||
index b8ae4397bf..ac12d3e432 100644
|
||||
--- a/src/core/nm-firewall-utils.c
|
||||
+++ b/src/core/nm-firewall-utils.c
|
||||
@@ -892,12 +892,12 @@ nm_firewall_nft_stdio_mlag(gboolean up,
|
||||
*/
|
||||
_append(&strbuf,
|
||||
"add set netdev %s macset-tagged {"
|
||||
- " typeof ether saddr . vlan id; flags timeout; "
|
||||
+ " typeof ether saddr . vlan id; flags dynamic,timeout; "
|
||||
"}",
|
||||
table_name);
|
||||
_append(&strbuf,
|
||||
"add set netdev %s macset-untagged {"
|
||||
- " typeof ether saddr; flags timeout;"
|
||||
+ " typeof ether saddr; flags dynamic,timeout; "
|
||||
"}",
|
||||
table_name);
|
||||
|
||||
--
|
||||
2.41.0
|
||||
|
@ -1,42 +0,0 @@
|
||||
From 72fc1ef4c365cfda7fc0a86afd3ce124d57e8d5c Mon Sep 17 00:00:00 2001
|
||||
From: Wen Liang <liangwen12year@gmail.com>
|
||||
Date: Mon, 17 Jul 2023 14:09:04 -0400
|
||||
Subject: [PATCH] assume: change IPv6 method from "ignore" and "disabled" into
|
||||
"auto"
|
||||
|
||||
IPv6 method "disabled" and "ignore" are not supported for loopback
|
||||
device, when generating the assume connection, the generated connection
|
||||
will fail verification. Therefore, change the IPv6 method into "auto",
|
||||
as a result, for loopback external connection, NM will not toggle the
|
||||
`disable_ipv6` sysctl setting when `systemd-sysctl` sets it into 1.
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=2207878
|
||||
|
||||
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1694
|
||||
(cherry picked from commit e8a2306afbcd3e328f62004af92cd21b2477f0ac)
|
||||
(cherry picked from commit 832e8df0c17f44be2c62485c19a0b20f6d3efa07)
|
||||
---
|
||||
src/core/NetworkManagerUtils.c | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/src/core/NetworkManagerUtils.c b/src/core/NetworkManagerUtils.c
|
||||
index 6f4c60f876..84ee6c3a0d 100644
|
||||
--- a/src/core/NetworkManagerUtils.c
|
||||
+++ b/src/core/NetworkManagerUtils.c
|
||||
@@ -1748,6 +1748,13 @@ nm_utils_platform_capture_ip_setting(NMPlatform *platform,
|
||||
method = maybe_ipv6_disabled ? NM_SETTING_IP6_CONFIG_METHOD_DISABLED
|
||||
: NM_SETTING_IP6_CONFIG_METHOD_IGNORE;
|
||||
}
|
||||
+
|
||||
+ /* The IPv6 method "ignore" and "disabled" are not supported for loopback */
|
||||
+ if (ifindex == 1
|
||||
+ && NM_IN_STRSET(method,
|
||||
+ NM_SETTING_IP6_CONFIG_METHOD_DISABLED,
|
||||
+ NM_SETTING_IP6_CONFIG_METHOD_IGNORE))
|
||||
+ method = NM_SETTING_IP6_CONFIG_METHOD_AUTO;
|
||||
g_object_set(s_ip, NM_SETTING_IP_CONFIG_METHOD, method, NULL);
|
||||
|
||||
nmp_lookup_init_object_by_ifindex(&lookup, NMP_OBJECT_TYPE_IP_ROUTE(IS_IPv4), ifindex);
|
||||
--
|
||||
2.41.0
|
||||
|
@ -1,89 +0,0 @@
|
||||
From 895ed1ef14c49a94fb665e519bad409adf53c80f Mon Sep 17 00:00:00 2001
|
||||
From: Beniamino Galvani <bgalvani@redhat.com>
|
||||
Date: Mon, 27 Feb 2023 09:10:34 +0100
|
||||
Subject: [PATCH] settings: preserve existing connection flags on update
|
||||
|
||||
We are passing to the plugin only 'sett_flags', which is the bitmask
|
||||
of flags to change and works together with 'sett_mask'; however,
|
||||
plugins interpret that value as the new flags value. The result is
|
||||
that if there is no change needed (0/0), the existing flags are lost.
|
||||
Simple reproducer:
|
||||
|
||||
ip link add dummy1 type dummy
|
||||
ip link set dummy1 up
|
||||
ip addr add dev dummy1 fd01::12/64
|
||||
sleep 1
|
||||
|
||||
# now, a external connection is created by NM
|
||||
|
||||
echo "BEFORE:"
|
||||
cat /run/NetworkManager/system-connections/dummy1.nmconnection | grep "nm-generated\|volatile\|external"
|
||||
|
||||
# just add a new address to the interface to make it lose
|
||||
# the external flag
|
||||
|
||||
ip addr add dev dummy1 172.25.42.1/24
|
||||
sleep 1
|
||||
|
||||
echo "AFTER:"
|
||||
cat /run/NetworkManager/system-connections/dummy1.nmconnection | grep "nm-generated\|volatile\|external"
|
||||
|
||||
Output:
|
||||
|
||||
BEFORE:
|
||||
nm-generated=true
|
||||
volatile=true
|
||||
external=true
|
||||
AFTER:
|
||||
|
||||
Fixes: d35d3c468a30 ('settings: rework tracking settings connections and settings plugins')
|
||||
|
||||
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1548
|
||||
(cherry picked from commit 86b922695f18566132980bd23516038b6ca4c0f4)
|
||||
(cherry picked from commit 4353f842303d0d905c92e8e497e22f8440261381)
|
||||
---
|
||||
src/core/settings/nm-settings.c | 8 ++++++--
|
||||
1 file changed, 6 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/core/settings/nm-settings.c b/src/core/settings/nm-settings.c
|
||||
index 63476c3c94..9995b490d2 100644
|
||||
--- a/src/core/settings/nm-settings.c
|
||||
+++ b/src/core/settings/nm-settings.c
|
||||
@@ -2009,6 +2009,7 @@ nm_settings_update_connection(NMSettings *self,
|
||||
const char *uuid;
|
||||
gboolean tombstone_in_memory = FALSE;
|
||||
gboolean tombstone_on_disk = FALSE;
|
||||
+ NMSettingsConnectionIntFlags new_flags;
|
||||
|
||||
g_return_val_if_fail(NM_IS_SETTINGS(self), FALSE);
|
||||
g_return_val_if_fail(NM_IS_SETTINGS_CONNECTION(sett_conn), FALSE);
|
||||
@@ -2228,13 +2229,16 @@ nm_settings_update_connection(NMSettings *self,
|
||||
}
|
||||
}
|
||||
|
||||
+ new_flags = nm_settings_connection_get_flags(sett_conn);
|
||||
+ new_flags = NM_FLAGS_ASSIGN_MASK(new_flags, sett_mask, sett_flags);
|
||||
+
|
||||
if (!update_storage) {
|
||||
success = _add_connection_to_first_plugin(self,
|
||||
plugin_name,
|
||||
sett_conn_entry,
|
||||
connection,
|
||||
new_in_memory,
|
||||
- sett_flags,
|
||||
+ new_flags,
|
||||
new_shadowed_storage_filename,
|
||||
new_shadowed_owned,
|
||||
&new_storage,
|
||||
@@ -2245,7 +2249,7 @@ nm_settings_update_connection(NMSettings *self,
|
||||
success = _update_connection_to_plugin(self,
|
||||
update_storage,
|
||||
connection,
|
||||
- sett_flags,
|
||||
+ new_flags,
|
||||
update_reason,
|
||||
new_shadowed_storage_filename,
|
||||
new_shadowed_owned,
|
||||
--
|
||||
2.41.0
|
||||
|
Loading…
Reference in new issue