import NetworkManager-1.46.0-4.el9_4

c9 imports/c9/NetworkManager-1.46.0-4.el9_4
MSVSphere Packaging Team 9 months ago
parent cd5be1860f
commit 86259b3bd9

@ -1 +1 @@
b3d857c8fdfae1dd36d6bd833cd84a85fcf71880 SOURCES/NetworkManager-1.44.0.tar.xz 3c11d700a2e81a7abce285ab94d015ac966f59d3 SOURCES/NetworkManager-1.46.0.tar.xz

2
.gitignore vendored

@ -1 +1 @@
SOURCES/NetworkManager-1.44.0.tar.xz SOURCES/NetworkManager-1.46.0.tar.xz

@ -0,0 +1,61 @@
diff --git a/src/core/devices/nm-device.c b/src/core/devices/nm-device.c
index 16f8e1f261..036233e668 100644
--- a/src/core/devices/nm-device.c
+++ b/src/core/devices/nm-device.c
@@ -1661,7 +1661,7 @@ _prop_get_ipv4_dad_timeout(NMDevice *self)
self,
0,
NM_SETTING_IP_CONFIG_DAD_TIMEOUT_MAX,
- 200);
+ 0);
}
static guint32
diff --git a/src/libnm-core-impl/nm-setting-ip-config.c b/src/libnm-core-impl/nm-setting-ip-config.c
index bfebe7d13d..de56ed74ea 100644
--- a/src/libnm-core-impl/nm-setting-ip-config.c
+++ b/src/libnm-core-impl/nm-setting-ip-config.c
@@ -6655,7 +6655,7 @@ nm_setting_ip_config_class_init(NMSettingIPConfigClass *klass)
*
* A zero value means that no duplicate address detection is performed, -1 means
* the default value (either the value configured globally in NetworkManger.conf
- * or 200ms). A value greater than zero is a timeout in milliseconds. Note that
+ * or zero). A value greater than zero is a timeout in milliseconds. Note that
* the time intervals are subject to randomization as per RFC 5227 and so the
* actual duration can be between half and the full time specified in this
* property.
diff --git a/src/libnmc-setting/settings-docs.h.in b/src/libnmc-setting/settings-docs.h.in
index 77cde6620e..e42cb74e7f 100644
--- a/src/libnmc-setting/settings-docs.h.in
+++ b/src/libnmc-setting/settings-docs.h.in
@@ -162,7 +162,7 @@
#define DESCRIBE_DOC_NM_SETTING_INFINIBAND_TRANSPORT_MODE N_("The IP-over-InfiniBand transport mode. Either \"datagram\" or \"connected\".")
#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_ADDRESSES N_("A list of IPv4 addresses and their prefix length. Multiple addresses can be separated by comma. For example \"192.168.1.5/24, 10.1.0.5/24\". The addresses are listed in decreasing priority, meaning the first address will be the primary address.")
#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_AUTO_ROUTE_EXT_GW N_("VPN connections will default to add the route automatically unless this setting is set to FALSE. For other connection types, adding such an automatic route is currently not supported and setting this to TRUE has no effect.")
-#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DAD_TIMEOUT N_("Maximum timeout in milliseconds used to check for the presence of duplicate IP addresses on the network. If an address conflict is detected, the activation will fail. The property is currently implemented only for IPv4. A zero value means that no duplicate address detection is performed, -1 means the default value (either the value configured globally in NetworkManger.conf or 200ms). A value greater than zero is a timeout in milliseconds. Note that the time intervals are subject to randomization as per RFC 5227 and so the actual duration can be between half and the full time specified in this property.")
+#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DAD_TIMEOUT N_("Maximum timeout in milliseconds used to check for the presence of duplicate IP addresses on the network. If an address conflict is detected, the activation will fail. The property is currently implemented only for IPv4. A zero value means that no duplicate address detection is performed, -1 means the default value (either the value configured globally in NetworkManger.conf or zero). A value greater than zero is a timeout in milliseconds. Note that the time intervals are subject to randomization as per RFC 5227 and so the actual duration can be between half and the full time specified in this property.")
#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DHCP_CLIENT_ID N_("A string sent to the DHCP server to identify the local machine which the DHCP server may use to customize the DHCP lease and options. When the property is a hex string ('aa:bb:cc') it is interpreted as a binary client ID, in which case the first byte is assumed to be the 'type' field as per RFC 2132 section 9.14 and the remaining bytes may be an hardware address (e.g. '01:xx:xx:xx:xx:xx:xx' where 1 is the Ethernet ARP type and the rest is a MAC address). If the property is not a hex string it is considered as a non-hardware-address client ID and the 'type' field is set to 0. The special values \"mac\" and \"perm-mac\" are supported, which use the current or permanent MAC address of the device to generate a client identifier with type ethernet (01). Currently, these options only work for ethernet type of links. The special value \"ipv6-duid\" uses the DUID from \"ipv6.dhcp-duid\" property as an RFC4361-compliant client identifier. As IAID it uses \"ipv4.dhcp-iaid\" and falls back to \"ipv6.dhcp-iaid\" if unset. The special value \"duid\" generates a RFC4361-compliant client identifier based on \"ipv4.dhcp-iaid\" and uses a DUID generated by hashing /etc/machine-id. The special value \"stable\" is supported to generate a type 0 client identifier based on the stable-id (see connection.stable-id) and a per-host key. If you set the stable-id, you may want to include the \"${DEVICE}\" or \"${MAC}\" specifier to get a per-device key. The special value \"none\" prevents any client identifier from being sent. Note that this is normally not recommended. If unset, a globally configured default from NetworkManager.conf is used. If still unset, the default depends on the DHCP plugin. The internal dhcp client will default to \"mac\" and the dhclient plugin will try to use one from its config file if present, or won't sent any client-id otherwise.")
#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DHCP_DSCP N_("Specifies the value for the DSCP field (traffic class) of the IP header. When empty, the global default value is used; if no global default is specified, it is assumed to be \"CS0\". Allowed values are: \"CS0\", \"CS4\" and \"CS6\". The property is currently valid only for IPv4, and it is supported only by the \"internal\" DHCP plugin.")
#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DHCP_FQDN N_("If the \"dhcp-send-hostname\" property is TRUE, then the specified FQDN will be sent to the DHCP server when acquiring a lease. This property and \"dhcp-hostname\" are mutually exclusive and cannot be set at the same time.")
@@ -192,7 +192,7 @@
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_ADDR_GEN_MODE N_("Configure method for creating the IPv6 interface identifer of addresses with RFC4862 IPv6 Stateless Address Autoconfiguration and Link Local addresses. The permitted values are: \"eui64\" (0), \"stable-privacy\" (1), \"default\" (3) or \"default-or-eui64\" (2). If the property is set to \"eui64\", the addresses will be generated using the interface token derived from hardware address. This makes the host part of the address to stay constant, making it possible to track the host's presence when it changes networks. The address changes when the interface hardware is replaced. If a duplicate address is detected, there is also no fallback to generate another address. When configured, the \"ipv6.token\" is used instead of the MAC address to generate addresses for stateless autoconfiguration. If the property is set to \"stable-privacy\", the interface identifier is generated as specified by RFC7217. This works by hashing a host specific key (see NetworkManager(8) manual), the interface name, the connection's \"connection.stable-id\" property and the address prefix. This improves privacy by making it harder to use the address to track the host's presence and the address is stable when the network interface hardware is replaced. The special values \"default\" and \"default-or-eui64\" will fallback to the global connection default as documented in the NetworkManager.conf(5) manual. If the global default is not specified, the fallback value is \"stable-privacy\" or \"eui64\", respectively. If not specified, when creating a new profile the default is \"default\". Note that this setting is distinct from the Privacy Extensions as configured by \"ip6-privacy\" property and it does not affect the temporary addresses configured with this option.")
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_ADDRESSES N_("A list of IPv6 addresses and their prefix length. Multiple addresses can be separated by comma. For example \"2001:db8:85a3::8a2e:370:7334/64, 2001:db8:85a3::5/64\". The addresses are listed in decreasing priority, meaning the first address will be the primary address. This can make a difference with IPv6 source address selection (RFC 6724, section 5).")
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_AUTO_ROUTE_EXT_GW N_("VPN connections will default to add the route automatically unless this setting is set to FALSE. For other connection types, adding such an automatic route is currently not supported and setting this to TRUE has no effect.")
-#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DAD_TIMEOUT N_("Maximum timeout in milliseconds used to check for the presence of duplicate IP addresses on the network. If an address conflict is detected, the activation will fail. The property is currently implemented only for IPv4. A zero value means that no duplicate address detection is performed, -1 means the default value (either the value configured globally in NetworkManger.conf or 200ms). A value greater than zero is a timeout in milliseconds. Note that the time intervals are subject to randomization as per RFC 5227 and so the actual duration can be between half and the full time specified in this property.")
+#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DAD_TIMEOUT N_("Maximum timeout in milliseconds used to check for the presence of duplicate IP addresses on the network. If an address conflict is detected, the activation will fail. The property is currently implemented only for IPv4. A zero value means that no duplicate address detection is performed, -1 means the default value (either the value configured globally in NetworkManger.conf or zero). A value greater than zero is a timeout in milliseconds. Note that the time intervals are subject to randomization as per RFC 5227 and so the actual duration can be between half and the full time specified in this property.")
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DHCP_DSCP N_("Specifies the value for the DSCP field (traffic class) of the IP header. When empty, the global default value is used; if no global default is specified, it is assumed to be \"CS0\". Allowed values are: \"CS0\", \"CS4\" and \"CS6\". The property is currently valid only for IPv4, and it is supported only by the \"internal\" DHCP plugin.")
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DHCP_DUID N_("A string containing the DHCPv6 Unique Identifier (DUID) used by the dhcp client to identify itself to DHCPv6 servers (RFC 3315). The DUID is carried in the Client Identifier option. If the property is a hex string ('aa:bb:cc') it is interpreted as a binary DUID and filled as an opaque value in the Client Identifier option. The special value \"lease\" will retrieve the DUID previously used from the lease file belonging to the connection. If no DUID is found and \"dhclient\" is the configured dhcp client, the DUID is searched in the system-wide dhclient lease file. If still no DUID is found, or another dhcp client is used, a global and permanent DUID-UUID (RFC 6355) will be generated based on the machine-id. The special values \"llt\" and \"ll\" will generate a DUID of type LLT or LL (see RFC 3315) based on the current MAC address of the device. In order to try providing a stable DUID-LLT, the time field will contain a constant timestamp that is used globally (for all profiles) and persisted to disk. The special values \"stable-llt\", \"stable-ll\" and \"stable-uuid\" will generate a DUID of the corresponding type, derived from the connection's stable-id and a per-host unique key. You may want to include the \"${DEVICE}\" or \"${MAC}\" specifier in the stable-id, in case this profile gets activated on multiple devices. So, the link-layer address of \"stable-ll\" and \"stable-llt\" will be a generated address derived from the stable id. The DUID-LLT time value in the \"stable-llt\" option will be picked among a static timespan of three years (the upper bound of the interval is the same constant timestamp used in \"llt\"). When the property is unset, the global value provided for \"ipv6.dhcp-duid\" is used. If no global value is provided, the default \"lease\" value is assumed.")
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DHCP_HOSTNAME N_("If the \"dhcp-send-hostname\" property is TRUE, then the specified name will be sent to the DHCP server when acquiring a lease. This property and \"dhcp-fqdn\" are mutually exclusive and cannot be set at the same time.")
diff --git a/src/nmcli/gen-metadata-nm-settings-nmcli.xml.in b/src/nmcli/gen-metadata-nm-settings-nmcli.xml.in
index 8806bf2550..09648f3ff8 100644
--- a/src/nmcli/gen-metadata-nm-settings-nmcli.xml.in
+++ b/src/nmcli/gen-metadata-nm-settings-nmcli.xml.in
@@ -1337,7 +1337,7 @@
values="-1 - 2147483647"
special-values="default (-1), infinity (2147483647)" />
<property name="dad-timeout"
- nmcli-description="Maximum timeout in milliseconds used to check for the presence of duplicate IP addresses on the network. If an address conflict is detected, the activation will fail. The property is currently implemented only for IPv4. A zero value means that no duplicate address detection is performed, -1 means the default value (either the value configured globally in NetworkManger.conf or 200ms). A value greater than zero is a timeout in milliseconds. Note that the time intervals are subject to randomization as per RFC 5227 and so the actual duration can be between half and the full time specified in this property."
+ nmcli-description="Maximum timeout in milliseconds used to check for the presence of duplicate IP addresses on the network. If an address conflict is detected, the activation will fail. The property is currently implemented only for IPv4. A zero value means that no duplicate address detection is performed, -1 means the default value (either the value configured globally in NetworkManger.conf or zero). A value greater than zero is a timeout in milliseconds. Note that the time intervals are subject to randomization as per RFC 5227 and so the actual duration can be between half and the full time specified in this property."
format="integer"
values="-1 - 30000"
special-values="default (-1), off (0)" />

@ -0,0 +1,25 @@
From 6e84d852487f070ab3f61c24d78fc05338f171f6 Mon Sep 17 00:00:00 2001
From: Fernando Fernandez Mancera <ffmancera@riseup.net>
Date: Wed, 20 Mar 2024 19:10:45 +0100
Subject: [PATCH] cloud: drop PrivateUsers directive from nm-cloud-setup
https://issues.redhat.com/browse/RHEL-27503
---
src/nm-cloud-setup/nm-cloud-setup.service.in | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/nm-cloud-setup/nm-cloud-setup.service.in b/src/nm-cloud-setup/nm-cloud-setup.service.in
index e73654d892..4aa6017e48 100644
--- a/src/nm-cloud-setup/nm-cloud-setup.service.in
+++ b/src/nm-cloud-setup/nm-cloud-setup.service.in
@@ -28,7 +28,6 @@ MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
PrivateDevices=yes
PrivateTmp=yes
-PrivateUsers=yes
ProtectClock=yes
ProtectControlGroups=yes
ProtectHome=yes
--
2.44.0

@ -1,54 +0,0 @@
From 6302c2ea52c6c28d36b6006b29823c469e171e2a Mon Sep 17 00:00:00 2001
From: Wen Liang <liangwen12year@gmail.com>
Date: Thu, 3 Aug 2023 10:16:42 -0400
Subject: [PATCH] nm-manager: ensure device is exported on D-Bus in
authentication request
The device authentication request is an async process, it can not know
the answer right away, it is not guarantee that device is still
exported on D-Bus when authentication finishes. Thus, do not return
SUCCESS and abort the authentication request when device is not alive.
https://bugzilla.redhat.com/show_bug.cgi?id=2210271
(cherry picked from commit b341161e2a4988403ae4a6ef7653e01567da36a0)
(cherry picked from commit 0e27e84247ed824b27d105292d7bf42dc0341cbb)
---
src/core/nm-manager.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/src/core/nm-manager.c b/src/core/nm-manager.c
index 9c7212202b..937acbba1e 100644
--- a/src/core/nm-manager.c
+++ b/src/core/nm-manager.c
@@ -3222,6 +3222,13 @@ device_auth_done_cb(NMAuthChain *chain, GDBusMethodInvocation *context, gpointer
nm_assert(error || (result == NM_AUTH_CALL_RESULT_YES));
}
+ if (!error && !nm_dbus_object_is_exported(NM_DBUS_OBJECT(device))) {
+ g_set_error(&error,
+ NM_MANAGER_ERROR,
+ NM_MANAGER_ERROR_UNKNOWN_DEVICE,
+ "device no longer exists");
+ }
+
callback(device, context, subject, error, nm_auth_chain_get_data(chain, "user-data"));
}
@@ -3287,6 +3294,14 @@ nm_manager_device_auth_request(NMManager *self,
&error))
goto fail_on_idle;
+ if (!nm_dbus_object_is_exported(NM_DBUS_OBJECT(device))) {
+ g_set_error(&error,
+ NM_MANAGER_ERROR,
+ NM_MANAGER_ERROR_UNKNOWN_DEVICE,
+ "device no longer exists");
+ goto fail_on_idle;
+ }
+
chain = nm_auth_chain_new_subject(subject, context, device_auth_done_cb, self);
if (cancellable)
nm_auth_chain_set_cancellable(chain, cancellable);
--
2.41.0

@ -0,0 +1,235 @@
From ba47f23b08bb59ec2daf6bce73a94182d8028c82 Mon Sep 17 00:00:00 2001
From: Gris Ge <fge@redhat.com>
Date: Wed, 13 Mar 2024 20:52:37 +0800
Subject: [PATCH] checkpoint: Allow rollback on internal global DNS
With `NM_CHECKPOINT_CREATE_FLAG_TRACK_INTERNAL_GLOBAL_DNS` flag set on
checkpoint creation, the checkpoint rollback will restore the
global DNS in internal configure file
`/var/lib/NetworkManager/NetworkManager-intern.conf`.
If user has set global DNS in /etc folder, this flag will not take any
effect.
Resolves: https://issues.redhat.com/browse/RHEL-23446
Signed-off-by: Gris Ge <fge@redhat.com>
(cherry picked from commit 86d67da28dd047a08a01687d8154b377d1c25b4c)
(cherry picked from commit 69d5761fa87bb85df037ad9044c03dd1922d3ee4)
---
src/core/nm-checkpoint.c | 28 ++++++++++++++
src/core/nm-config-data.c | 47 +++++++++++++++++++++++
src/core/nm-config-data.h | 3 +-
src/core/nm-manager.c | 11 +++++-
src/core/nm-manager.h | 3 ++
src/libnm-core-public/nm-dbus-interface.h | 6 +++
6 files changed, 96 insertions(+), 2 deletions(-)
diff --git a/src/core/nm-checkpoint.c b/src/core/nm-checkpoint.c
index 74adf48477..cc5c189bf9 100644
--- a/src/core/nm-checkpoint.c
+++ b/src/core/nm-checkpoint.c
@@ -13,6 +13,7 @@
#include "nm-core-utils.h"
#include "nm-dbus-interface.h"
#include "devices/nm-device.h"
+#include "nm-config.h"
#include "nm-manager.h"
#include "settings/nm-settings.h"
#include "settings/nm-settings-connection.h"
@@ -55,6 +56,8 @@ struct _NMCheckpointPrivate {
NMCheckpointTimeoutCallback timeout_cb;
gpointer timeout_data;
+
+ NMGlobalDnsConfig *global_dns_config;
};
struct _NMCheckpointClass {
@@ -491,6 +494,17 @@ next_dev:
}
}
}
+ if (NM_FLAGS_HAS(priv->flags, NM_CHECKPOINT_CREATE_FLAG_TRACK_INTERNAL_GLOBAL_DNS)
+ && priv->global_dns_config) {
+ gs_free_error GError *error = NULL;
+ NMConfig *config;
+
+ config = nm_manager_get_config(priv->manager);
+ nm_assert(config);
+ if (!nm_config_set_global_dns(config, priv->global_dns_config, &error)) {
+ _LOGE("set global DNS failed with error: %s", error->message);
+ }
+ }
return g_variant_new("(a{su})", &builder);
}
@@ -742,6 +756,19 @@ nm_checkpoint_new(NMManager *manager,
NM_MANAGER_DEVICE_REMOVED,
G_CALLBACK(_device_removed),
self);
+ if (NM_FLAGS_HAS(flags, NM_CHECKPOINT_CREATE_FLAG_TRACK_INTERNAL_GLOBAL_DNS)) {
+ NMConfigData *config_data;
+ NMGlobalDnsConfig *dns_config = NULL;
+
+ config_data = nm_config_get_data(nm_manager_get_config(manager));
+ if (config_data) {
+ dns_config = nm_config_data_get_global_dns_config(config_data);
+ if (!dns_config || nm_global_dns_config_is_internal(dns_config)) {
+ priv->global_dns_config = nm_global_dns_config_clone(dns_config);
+ }
+ }
+ }
+
return self;
}
@@ -756,6 +783,7 @@ dispose(GObject *object)
nm_clear_pointer(&priv->devices, g_hash_table_unref);
nm_clear_pointer(&priv->connection_uuids, g_hash_table_unref);
nm_clear_pointer(&priv->removed_devices, g_ptr_array_unref);
+ nm_global_dns_config_free(priv->global_dns_config);
nm_clear_g_signal_handler(priv->manager, &priv->dev_removed_id);
g_clear_object(&priv->manager);
diff --git a/src/core/nm-config-data.c b/src/core/nm-config-data.c
index 468e56b821..d4498edd88 100644
--- a/src/core/nm-config-data.c
+++ b/src/core/nm-config-data.c
@@ -2436,3 +2436,50 @@ nm_config_data_class_init(NMConfigDataClass *config_class)
g_object_class_install_properties(object_class, _PROPERTY_ENUMS_LAST, obj_properties);
}
+
+static NMGlobalDnsDomain *
+nm_global_dns_domain_clone(NMGlobalDnsDomain *old_domain)
+{
+ if (old_domain) {
+ NMGlobalDnsDomain *new_domain = g_malloc0(sizeof(NMGlobalDnsDomain));
+ new_domain->name = g_strdup(old_domain->name);
+ new_domain->servers = (char **) nm_strv_dup(old_domain->servers, -1, TRUE);
+ new_domain->options = (char **) nm_strv_dup(old_domain->options, -1, TRUE);
+ return new_domain;
+ } else {
+ return NULL;
+ }
+}
+
+NMGlobalDnsConfig *
+nm_global_dns_config_clone(NMGlobalDnsConfig *old_dns_config)
+{
+ NMGlobalDnsConfig *new_dns_config;
+ gpointer key, value;
+ NMGlobalDnsDomain *old_domain;
+ GHashTableIter iter;
+
+ new_dns_config = g_malloc0(sizeof(NMGlobalDnsConfig));
+ new_dns_config->internal = TRUE;
+
+ if (old_dns_config) {
+ new_dns_config->internal = old_dns_config->internal;
+ new_dns_config->searches = nm_strv_dup(old_dns_config->searches, -1, TRUE);
+ new_dns_config->options = nm_strv_dup(old_dns_config->options, -1, TRUE);
+ new_dns_config->domains = g_hash_table_new_full(nm_str_hash,
+ g_str_equal,
+ g_free,
+ (GDestroyNotify) global_dns_domain_free);
+ if (old_dns_config->domains) {
+ g_hash_table_iter_init(&iter, old_dns_config->domains);
+ while (g_hash_table_iter_next(&iter, &key, &value)) {
+ old_domain = value;
+ g_hash_table_insert(new_dns_config->domains,
+ g_strdup(key),
+ nm_global_dns_domain_clone(old_domain));
+ }
+ }
+ global_dns_config_seal_domains(new_dns_config);
+ }
+ return new_dns_config;
+}
diff --git a/src/core/nm-config-data.h b/src/core/nm-config-data.h
index 9e7a50fc24..0344ce9055 100644
--- a/src/core/nm-config-data.h
+++ b/src/core/nm-config-data.h
@@ -280,7 +280,8 @@ int nm_global_dns_config_cmp(const NMGlobalDnsConfig *a,
const NMGlobalDnsConfig *b,
gboolean check_internal);
void nm_global_dns_config_update_checksum(const NMGlobalDnsConfig *dns_config, GChecksum *sum);
-void nm_global_dns_config_free(NMGlobalDnsConfig *dns_config);
+NMGlobalDnsConfig *nm_global_dns_config_clone(NMGlobalDnsConfig *dns_config);
+void nm_global_dns_config_free(NMGlobalDnsConfig *dns_config);
NMGlobalDnsConfig *nm_global_dns_config_from_dbus(const GValue *value, GError **error);
void nm_global_dns_config_to_dbus(const NMGlobalDnsConfig *dns_config, GValue *value);
diff --git a/src/core/nm-manager.c b/src/core/nm-manager.c
index 730ba4763b..6739e5599e 100644
--- a/src/core/nm-manager.c
+++ b/src/core/nm-manager.c
@@ -8458,7 +8458,8 @@ impl_manager_checkpoint_create(NMDBusObject *obj,
| NM_CHECKPOINT_CREATE_FLAG_DELETE_NEW_CONNECTIONS
| NM_CHECKPOINT_CREATE_FLAG_DISCONNECT_NEW_DEVICES
| NM_CHECKPOINT_CREATE_FLAG_ALLOW_OVERLAPPING
- | NM_CHECKPOINT_CREATE_FLAG_NO_PRESERVE_EXTERNAL_PORTS)))) {
+ | NM_CHECKPOINT_CREATE_FLAG_NO_PRESERVE_EXTERNAL_PORTS
+ | NM_CHECKPOINT_CREATE_FLAG_TRACK_INTERNAL_GLOBAL_DNS)))) {
g_dbus_method_invocation_return_error_literal(invocation,
NM_MANAGER_ERROR,
NM_MANAGER_ERROR_INVALID_ARGUMENTS,
@@ -9765,3 +9766,11 @@ nm_manager_class_init(NMManagerClass *manager_class)
1,
NM_TYPE_DEVICE);
}
+
+NMConfig *
+nm_manager_get_config(NMManager *self)
+{
+ NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE(self);
+
+ return priv->config;
+}
diff --git a/src/core/nm-manager.h b/src/core/nm-manager.h
index 3028eb7ebe..3c5213c4f2 100644
--- a/src/core/nm-manager.h
+++ b/src/core/nm-manager.h
@@ -10,6 +10,7 @@
#include "settings/nm-settings-connection.h"
#include "c-list/src/c-list.h"
#include "nm-dbus-manager.h"
+#include "nm-config-data.h"
#define NM_TYPE_MANAGER (nm_manager_get_type())
#define NM_MANAGER(obj) (_NM_G_TYPE_CHECK_INSTANCE_CAST((obj), NM_TYPE_MANAGER, NMManager))
@@ -266,4 +267,6 @@ gboolean nm_manager_devcon_autoconnect_blocked_reason_set(NMManager *
NMSettingsAutoconnectBlockedReason value,
gboolean set);
+NMConfig *nm_manager_get_config(NMManager *self);
+
#endif /* __NETWORKMANAGER_MANAGER_H__ */
diff --git a/src/libnm-core-public/nm-dbus-interface.h b/src/libnm-core-public/nm-dbus-interface.h
index 66cd590d6c..ab94244c21 100644
--- a/src/libnm-core-public/nm-dbus-interface.h
+++ b/src/libnm-core-public/nm-dbus-interface.h
@@ -991,6 +991,11 @@ typedef enum {
* With this flag, the rollback detaches all external ports.
* This only has an effect for bridge ports. Before 1.38, this was the default
* behavior. Since: 1.38.
+ * @NM_CHECKPOINT_CREATE_FLAG_TRACK_INTERNAL_GLOBAL_DNS: during rollback,
+ * by default changes to global DNS via D-BUS interface are preserved.
+ * With this flag, the rollback reverts the global DNS changes made via D-Bus
+ * interface. Global DNS defined in [global-dns] section of
+ * NetworkManager.conf is not impacted by this flag. Since: 1.48.
*
* The flags for CheckpointCreate call
*
@@ -1003,6 +1008,7 @@ typedef enum /*< flags >*/ {
NM_CHECKPOINT_CREATE_FLAG_DISCONNECT_NEW_DEVICES = 0x04,
NM_CHECKPOINT_CREATE_FLAG_ALLOW_OVERLAPPING = 0x08,
NM_CHECKPOINT_CREATE_FLAG_NO_PRESERVE_EXTERNAL_PORTS = 0x10,
+ NM_CHECKPOINT_CREATE_FLAG_TRACK_INTERNAL_GLOBAL_DNS = 0x20,
} NMCheckpointCreateFlags;
/**
--
2.44.0

@ -1,67 +0,0 @@
From d9b3114b6ef8e0f4d50a8d56d750a698d85fa984 Mon Sep 17 00:00:00 2001
From: Gris Ge <fge@redhat.com>
Date: Tue, 29 Aug 2023 08:25:23 +0800
Subject: [PATCH] checkpoint: Fix segfault crash when rollback
When rolling back a checkpoint, NM will crash due to dereference a NULL
pointer of `priv->removed_devices->len`.
To fix it, we just place a NULL check before that code block.
Fixes: 1f1b71ad9f8a ('checkpoint: preserve devices that were removed and
readded')
Reference: https://issues.redhat.com/browse/RHEL-1526
Signed-off-by: Gris Ge <fge@redhat.com>
(cherry picked from commit 3162507d6ca381cfbe02ceba2d80ba0f3ba3e5f7)
(cherry picked from commit e5600d4c5a33749939b984184f27fbe4159a2b65)
---
src/core/nm-checkpoint.c | 23 +++++++++++++----------
1 file changed, 13 insertions(+), 10 deletions(-)
diff --git a/src/core/nm-checkpoint.c b/src/core/nm-checkpoint.c
index 5c4d4e53d6..74adf48477 100644
--- a/src/core/nm-checkpoint.c
+++ b/src/core/nm-checkpoint.c
@@ -460,24 +460,27 @@ next_dev:
NMDeviceState state;
nm_manager_for_each_device (priv->manager, device, tmp_lst) {
- gboolean found = FALSE;
-
if (g_hash_table_contains(priv->devices, device))
continue;
/* Also ignore devices that were in the checkpoint initially and
* were moved to 'removed_devices' because they got removed from
* the system. */
- for (i = 0; i < priv->removed_devices->len; i++) {
- dev_checkpoint = priv->removed_devices->pdata[i];
- if (dev_checkpoint->dev_type == nm_device_get_device_type(device)
- && nm_streq0(dev_checkpoint->original_dev_name, nm_device_get_iface(device))) {
- found = TRUE;
- break;
+ if (priv->removed_devices) {
+ gboolean found = FALSE;
+
+ for (i = 0; i < priv->removed_devices->len; i++) {
+ dev_checkpoint = priv->removed_devices->pdata[i];
+ if (dev_checkpoint->dev_type == nm_device_get_device_type(device)
+ && nm_streq0(dev_checkpoint->original_dev_name,
+ nm_device_get_iface(device))) {
+ found = TRUE;
+ break;
+ }
}
+ if (found)
+ continue;
}
- if (found)
- continue;
state = nm_device_get_state(device);
if (state > NM_DEVICE_STATE_DISCONNECTED && state < NM_DEVICE_STATE_DEACTIVATING) {
--
2.41.0

@ -1,310 +0,0 @@
From a3e39a3bf9667bb69fb2f37b605caffbd969889a Mon Sep 17 00:00:00 2001
From: Gris Ge <fge@redhat.com>
Date: Tue, 26 Sep 2023 15:00:32 +0800
Subject: [PATCH 1/2] emit DNS CONFIG_CHANGED signal even dns=none
Instruct the `NMDnsManager` to emit `CONFIG_CHANGED` signal even
`dns=none` or failed to modify `/etc/resolv.conf`.
The `NMPolicy` will only update hostname when DNS is managed.
Signed-off-by: Gris Ge <fge@redhat.com>
(cherry picked from commit a847ba807572c3ef3682e833432f2f93e9d519a0)
(cherry picked from commit d10f20fd01a7bb3225c7e38ed80449e19156344b)
---
src/core/dns/nm-dns-manager.c | 12 +++++++++++-
src/core/dns/nm-dns-manager.h | 2 ++
src/core/nm-policy.c | 10 ++++++----
3 files changed, 19 insertions(+), 5 deletions(-)
diff --git a/src/core/dns/nm-dns-manager.c b/src/core/dns/nm-dns-manager.c
index 535646930c..231ef72f49 100644
--- a/src/core/dns/nm-dns-manager.c
+++ b/src/core/dns/nm-dns-manager.c
@@ -1948,7 +1948,7 @@ plugin_skip:;
}
/* signal that DNS resolution configs were changed */
- if ((do_update || caching || force_emit) && result == SR_SUCCESS)
+ if ((caching || force_emit) && result == SR_SUCCESS)
g_signal_emit(self, signals[CONFIG_CHANGED], 0);
nm_clear_pointer(&priv->config_variant, g_variant_unref);
@@ -1964,6 +1964,16 @@ plugin_skip:;
return TRUE;
}
+gboolean
+nm_dns_manager_is_unmanaged(NMDnsManager *self)
+{
+ NMDnsManagerPrivate *priv = NM_DNS_MANAGER_GET_PRIVATE(self);
+
+ return NM_IN_SET(priv->rc_manager,
+ NM_DNS_MANAGER_RESOLV_CONF_MAN_UNMANAGED,
+ NM_DNS_MANAGER_RESOLV_CONF_MAN_IMMUTABLE);
+}
+
/*****************************************************************************/
gboolean
diff --git a/src/core/dns/nm-dns-manager.h b/src/core/dns/nm-dns-manager.h
index 42f9dec588..9b8c2972b4 100644
--- a/src/core/dns/nm-dns-manager.h
+++ b/src/core/dns/nm-dns-manager.h
@@ -148,4 +148,6 @@ char *nmtst_dns_create_resolv_conf(const char *const *searches,
const char *const *nameservers,
const char *const *options);
+gboolean nm_dns_manager_is_unmanaged(NMDnsManager *self);
+
#endif /* __NETWORKMANAGER_DNS_MANAGER_H__ */
diff --git a/src/core/nm-policy.c b/src/core/nm-policy.c
index efdb06360f..1cf6b3398d 100644
--- a/src/core/nm-policy.c
+++ b/src/core/nm-policy.c
@@ -2635,11 +2635,13 @@ dns_config_changed(NMDnsManager *dns_manager, gpointer user_data)
if (priv->updating_dns)
return;
- nm_manager_for_each_device (priv->manager, device, tmp_lst) {
- nm_device_clear_dns_lookup_data(device, "DNS configuration changed");
- }
+ if (!nm_dns_manager_is_unmanaged(dns_manager)) {
+ nm_manager_for_each_device (priv->manager, device, tmp_lst) {
+ nm_device_clear_dns_lookup_data(device, "DNS configuration changed");
+ }
- update_system_hostname(self, "DNS configuration changed");
+ update_system_hostname(self, "DNS configuration changed");
+ }
}
static void
--
2.41.0
From de4c05300e25b49bf077ac7929622f2721815b29 Mon Sep 17 00:00:00 2001
From: Gris Ge <fge@redhat.com>
Date: Tue, 26 Sep 2023 17:14:58 +0800
Subject: [PATCH 2/2] dispatch `dns-change` dispatcher event
Introducing new dispatcher event -- `dns-change` which will be emitted when
DNS configuration changed(even in `dns=none` mode). This is to solve two
use cases:
* Invoke dispatch script for DNS changes triggered by the global DNS
API.
* Do not invoke [OpenShift resolv-prepender][1] for non-DNS changes.
Bug reference: https://issues.redhat.com/browse/RHEL-1671
[1]: https://github.com/openshift/machine-config-operator/blob/master/templates/common/on-prem/files/resolv-prepender.yaml
Signed-off-by: Gris Ge <fge@redhat.com>
(cherry picked from commit a1db61ebc9712d1faf2ef8f1b2cb14cd819346d3)
(cherry picked from commit 3cdce71b95cea11bf409d9353c35a4dea6f33984)
---
man/NetworkManager-dispatcher.xml | 15 +++++-
src/core/nm-dispatcher.c | 51 ++++++++++++++++---
src/core/nm-dispatcher.h | 3 ++
src/core/nm-policy.c | 2 +
src/libnm-core-aux-extern/nm-dispatcher-api.h | 1 +
src/nm-dispatcher/nm-dispatcher-utils.c | 8 ++-
6 files changed, 69 insertions(+), 11 deletions(-)
diff --git a/man/NetworkManager-dispatcher.xml b/man/NetworkManager-dispatcher.xml
index 036b3c8dcc..e87226d05e 100644
--- a/man/NetworkManager-dispatcher.xml
+++ b/man/NetworkManager-dispatcher.xml
@@ -68,8 +68,9 @@
device an operation just happened on, and second the action. For device actions,
the interface is the name of the kernel interface suitable for IP configuration.
Thus it is either VPN_IP_IFACE, DEVICE_IP_IFACE, or DEVICE_IFACE, as applicable.
- For the <varname>hostname</varname> action the device name is always <literal>"none"</literal>
- and for <varname>connectivity-change</varname> it is empty.
+ For the <varname>hostname</varname> action the device name is always <literal>"none"</literal>.
+ For <varname>connectivity-change</varname> it is empty.
+ For <varname>dns-change</varname> it is empty.
</para>
<para>The actions are:</para>
<variablelist class="dispatcher-options">
@@ -170,6 +171,16 @@
The connection was reapplied on the device.
</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>dns-change</varname></term>
+ <listitem><para>
+ The DNS configuration has changed. This action is raised even if
+ NetworkManager is configured to not manage resolv.conf (for example,
+ via dns=none). In such case, the dispatch script can discover the
+ DNS configuration provided by currently active connections by
+ looking at file /run/NetworkManager/resolv.conf
+ </para></listitem>
+ </varlistentry>
</variablelist>
<para>
The environment contains more information about the interface and the connection.
diff --git a/src/core/nm-dispatcher.c b/src/core/nm-dispatcher.c
index cdc07dd60e..9aa4194e83 100644
--- a/src/core/nm-dispatcher.c
+++ b/src/core/nm-dispatcher.c
@@ -50,6 +50,8 @@
} \
G_STMT_END
+static gboolean nm_dispatcher_need_device(NMDispatcherAction action);
+
/*****************************************************************************/
struct NMDispatcherCallId {
@@ -469,7 +471,8 @@ static const char *action_table[] = {[NM_DISPATCHER_ACTION_HOSTNAME] = NMD_
[NM_DISPATCHER_ACTION_DHCP_CHANGE_6] = NMD_ACTION_DHCP6_CHANGE,
[NM_DISPATCHER_ACTION_CONNECTIVITY_CHANGE] =
NMD_ACTION_CONNECTIVITY_CHANGE,
- [NM_DISPATCHER_ACTION_REAPPLY] = NMD_ACTION_REAPPLY};
+ [NM_DISPATCHER_ACTION_REAPPLY] = NMD_ACTION_REAPPLY,
+ [NM_DISPATCHER_ACTION_DNS_CHANGE] = NMD_ACTION_DNS_CHANGE};
static const char *
action_to_string(NMDispatcherAction action)
@@ -530,9 +533,7 @@ _dispatcher_call(NMDispatcherAction action,
if (G_UNLIKELY(!request_id))
request_id = ++gl.request_id_counter;
- /* All actions except 'hostname' and 'connectivity-change' require a device */
- if (action == NM_DISPATCHER_ACTION_HOSTNAME
- || action == NM_DISPATCHER_ACTION_CONNECTIVITY_CHANGE) {
+ if (!nm_dispatcher_need_device(action)) {
_LOG2D(request_id,
log_ifname,
log_con_uuid,
@@ -592,9 +593,8 @@ _dispatcher_call(NMDispatcherAction action,
g_variant_builder_init(&vpn_ip4_props, G_VARIANT_TYPE_VARDICT);
g_variant_builder_init(&vpn_ip6_props, G_VARIANT_TYPE_VARDICT);
- /* hostname and connectivity-change actions don't send device data */
- if (action != NM_DISPATCHER_ACTION_HOSTNAME
- && action != NM_DISPATCHER_ACTION_CONNECTIVITY_CHANGE) {
+ /* hostname, DNS and connectivity-change actions don't send device data */
+ if (nm_dispatcher_need_device(action)) {
fill_device_props(device,
&device_props,
&device_proxy_props,
@@ -925,6 +925,30 @@ nm_dispatcher_call_connectivity(NMConnectivityState connectivity_state,
out_call_id);
}
+/**
+ * nm_dispatcher_call_dns_change():
+ *
+ * This method does not block the caller.
+ *
+ * Returns: %TRUE if the action was dispatched, %FALSE on failure
+ */
+gboolean
+nm_dispatcher_call_dns_change(void)
+{
+ return _dispatcher_call(NM_DISPATCHER_ACTION_DNS_CHANGE,
+ FALSE,
+ NULL,
+ NULL,
+ NULL,
+ FALSE,
+ NM_CONNECTIVITY_UNKNOWN,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL);
+}
+
void
nm_dispatcher_call_cancel(NMDispatcherCallId *call_id)
{
@@ -937,3 +961,16 @@ nm_dispatcher_call_cancel(NMDispatcherCallId *call_id)
_LOG3D(call_id, "cancelling dispatcher callback action");
call_id->callback = NULL;
}
+
+/* All actions except 'hostname', 'connectivity-change' and 'dns-change' require
+ * a device */
+static gboolean
+nm_dispatcher_need_device(NMDispatcherAction action)
+{
+ if (action == NM_DISPATCHER_ACTION_HOSTNAME
+ || action == NM_DISPATCHER_ACTION_CONNECTIVITY_CHANGE
+ || action == NM_DISPATCHER_ACTION_DNS_CHANGE) {
+ return FALSE;
+ }
+ return TRUE;
+}
diff --git a/src/core/nm-dispatcher.h b/src/core/nm-dispatcher.h
index 3071639922..a1cb96b798 100644
--- a/src/core/nm-dispatcher.h
+++ b/src/core/nm-dispatcher.h
@@ -23,6 +23,7 @@ typedef enum {
NM_DISPATCHER_ACTION_DHCP_CHANGE_6,
NM_DISPATCHER_ACTION_CONNECTIVITY_CHANGE,
NM_DISPATCHER_ACTION_REAPPLY,
+ NM_DISPATCHER_ACTION_DNS_CHANGE,
} NMDispatcherAction;
#define NM_DISPATCHER_ACTION_DHCP_CHANGE_X(IS_IPv4) \
@@ -69,6 +70,8 @@ gboolean nm_dispatcher_call_connectivity(NMConnectivityState state,
gpointer user_data,
NMDispatcherCallId **out_call_id);
+gboolean nm_dispatcher_call_dns_change(void);
+
void nm_dispatcher_call_cancel(NMDispatcherCallId *call_id);
#endif /* __NM_DISPATCHER_H__ */
diff --git a/src/core/nm-policy.c b/src/core/nm-policy.c
index 1cf6b3398d..2873847df3 100644
--- a/src/core/nm-policy.c
+++ b/src/core/nm-policy.c
@@ -2642,6 +2642,8 @@ dns_config_changed(NMDnsManager *dns_manager, gpointer user_data)
update_system_hostname(self, "DNS configuration changed");
}
+
+ nm_dispatcher_call_dns_change();
}
static void
diff --git a/src/libnm-core-aux-extern/nm-dispatcher-api.h b/src/libnm-core-aux-extern/nm-dispatcher-api.h
index 56da5fba7a..7cb370a92e 100644
--- a/src/libnm-core-aux-extern/nm-dispatcher-api.h
+++ b/src/libnm-core-aux-extern/nm-dispatcher-api.h
@@ -34,6 +34,7 @@
#define NMD_ACTION_DHCP6_CHANGE "dhcp6-change"
#define NMD_ACTION_CONNECTIVITY_CHANGE "connectivity-change"
#define NMD_ACTION_REAPPLY "reapply"
+#define NMD_ACTION_DNS_CHANGE "dns-change"
typedef enum {
DISPATCH_RESULT_UNKNOWN = 0,
diff --git a/src/nm-dispatcher/nm-dispatcher-utils.c b/src/nm-dispatcher/nm-dispatcher-utils.c
index 74ea4e4001..f8a4c28000 100644
--- a/src/nm-dispatcher/nm-dispatcher-utils.c
+++ b/src/nm-dispatcher/nm-dispatcher-utils.c
@@ -453,8 +453,12 @@ nm_dispatcher_utils_construct_envp(const char *action,
items = g_ptr_array_new_with_free_func(g_free);
- /* Hostname and connectivity changes don't require a device nor contain a connection */
- if (NM_IN_STRSET(action, NMD_ACTION_HOSTNAME, NMD_ACTION_CONNECTIVITY_CHANGE))
+ /* Hostname, dns and connectivity changes don't require a device nor contain
+ * a connection */
+ if (NM_IN_STRSET(action,
+ NMD_ACTION_HOSTNAME,
+ NMD_ACTION_CONNECTIVITY_CHANGE,
+ NMD_ACTION_DNS_CHANGE))
goto done;
/* Connection properties */
--
2.41.0

@ -0,0 +1,127 @@
From cf230074965216c94bb25bc3c3fff7f1d698c250 Mon Sep 17 00:00:00 2001
From: Gris Ge <fge@redhat.com>
Date: Fri, 15 Mar 2024 15:46:02 +0800
Subject: [PATCH] ovs: Do not allow OVS bridge and port to be parent
When creating VLAN over OVS internal interface which holding the same
name as its controller OVS bridge, NetworkManager will fail with error:
Error: Connection activation failed: br0.101 failed to create
resources: cannot retrieve ifindex of interface br0 (Open vSwitch
Bridge)
Expanded the `find_device_by_iface()` with additional argument
`child: NmConnection *` which will validate whether candidate is
suitable to be parent device.
In `nm_device_check_parent_connection_compatible()`, we only not allow OVS
bridge and OVS port being parent.
Resolves: https://issues.redhat.com/browse/RHEL-26753
Signed-off-by: Gris Ge <fge@redhat.com>
(cherry picked from commit 7096f52a5967ef053a4cf8e5ca8a71c1495578f9)
(cherry picked from commit d3329f0599f5fdfc2ef9f2c1395b5eb7bcc3c2a5)
---
src/core/devices/nm-device.c | 11 +++++++++++
src/core/devices/nm-device.h | 1 +
src/core/nm-manager.c | 14 +++++++++-----
3 files changed, 21 insertions(+), 5 deletions(-)
diff --git a/src/core/devices/nm-device.c b/src/core/devices/nm-device.c
index 30c38ba990..78b0e618be 100644
--- a/src/core/devices/nm-device.c
+++ b/src/core/devices/nm-device.c
@@ -9508,6 +9508,17 @@ nm_device_check_slave_connection_compatible(NMDevice *self, NMConnection *slave)
return nm_streq(connection_type, slave_type);
}
+gboolean
+nm_device_can_be_parent(NMDevice *self)
+{
+ NMDeviceType device_type = nm_device_get_device_type(self);
+
+ if ((device_type == NM_DEVICE_TYPE_OVS_BRIDGE) || (device_type == NM_DEVICE_TYPE_OVS_PORT))
+ return FALSE;
+ else
+ return TRUE;
+}
+
/**
* nm_device_can_assume_connections:
* @self: #NMDevice instance
diff --git a/src/core/devices/nm-device.h b/src/core/devices/nm-device.h
index b096d23ac1..7353a3f327 100644
--- a/src/core/devices/nm-device.h
+++ b/src/core/devices/nm-device.h
@@ -550,6 +550,7 @@ gboolean nm_device_check_connection_compatible(NMDevice *device,
GError **error);
gboolean nm_device_check_slave_connection_compatible(NMDevice *device, NMConnection *connection);
+gboolean nm_device_can_be_parent(NMDevice *device);
gboolean nm_device_can_assume_connections(NMDevice *self);
gboolean nm_device_unmanage_on_quit(NMDevice *self);
diff --git a/src/core/nm-manager.c b/src/core/nm-manager.c
index 6739e5599e..7f94f7cd9c 100644
--- a/src/core/nm-manager.c
+++ b/src/core/nm-manager.c
@@ -1914,7 +1914,8 @@ find_device_by_ip_iface(NMManager *self, const char *iface)
* is given, this function will only return master devices and will ensure
* @slave, when activated, can be a slave of the returned master device. If
* @connection is given, this function will only consider devices that are
- * compatible with @connection.
+ * compatible with @connection. If @child is given, this function will only
+ * return parent device.
*
* Returns: the matching #NMDevice
*/
@@ -1922,7 +1923,8 @@ static NMDevice *
find_device_by_iface(NMManager *self,
const char *iface,
NMConnection *connection,
- NMConnection *slave)
+ NMConnection *slave,
+ NMConnection *child)
{
NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE(self);
NMDevice *fallback = NULL;
@@ -1941,6 +1943,8 @@ find_device_by_iface(NMManager *self,
if (!nm_device_check_slave_connection_compatible(candidate, slave))
continue;
}
+ if (child && !nm_device_can_be_parent(candidate))
+ continue;
if (nm_device_is_real(candidate))
return candidate;
@@ -2405,7 +2409,7 @@ find_parent_device_for_connection(NMManager *self,
NM_SET_OUT(out_parent_spec, parent_name);
/* Try as an interface name of a parent device */
- parent = find_device_by_iface(self, parent_name, NULL, NULL);
+ parent = find_device_by_iface(self, parent_name, NULL, NULL, connection);
if (parent)
return parent;
@@ -5003,7 +5007,7 @@ find_master(NMManager *self,
}
if (!master_connection) {
- master_device = find_device_by_iface(self, master, NULL, connection);
+ master_device = find_device_by_iface(self, master, NULL, connection, NULL);
if (!master_device) {
g_set_error(error,
NM_MANAGER_ERROR,
@@ -6445,7 +6449,7 @@ validate_activation_request(NMManager *self,
if (!iface)
return NULL;
- device = find_device_by_iface(self, iface, connection, NULL);
+ device = find_device_by_iface(self, iface, connection, NULL, NULL);
if (!device) {
g_set_error_literal(error,
NM_MANAGER_ERROR,
--
2.44.0

@ -1,270 +0,0 @@
From 8f8845484ee74b1934cbd5f0cca997ba0504d543 Mon Sep 17 00:00:00 2001
From: Gris Ge <fge@redhat.com>
Date: Thu, 8 Feb 2024 23:36:34 +0800
Subject: [PATCH] bridge: skip VLAN filtering resetting in reapply if no vlan
change changed
When doing reapply on linux bridge interface, NetworkManager will reset
the VLAN filtering and default PVID which cause PVID been readded to all
bridge ports regardless they are managed by NetworkManager.
This is because Linux kernel will re-add PVID to bridge port upon the
changes of bridge default-pvid value.
To fix the issue, this patch introduce netlink parsing code for
`vlan_filtering` and `default_pvid` of NMPlatformLnkBridge, and use that
to compare desired VLAN filtering settings, skip the reset of VLAN
filter if `default_pvid` and `vlan_filtering` are unchanged.
Signed-off-by: Gris Ge <fge@redhat.com>
(cherry picked from commit 02c34d538c6a2b22bd09318496ba104eb43246b4)
(cherry picked from commit f990f9b4e4ffb5195fc89c4a8c6f251c0e01b501)
(cherry picked from commit c448e225198f7f8851fc01a8394529e7cbe25d4d)
---
src/core/devices/nm-device-bridge.c | 79 +++++++++++++++++---------
src/core/platform/tests/test-link.c | 2 +
src/libnm-platform/nm-linux-platform.c | 6 ++
src/libnm-platform/nm-platform.c | 13 ++++-
src/libnm-platform/nm-platform.h | 2 +
5 files changed, 72 insertions(+), 30 deletions(-)
diff --git a/src/core/devices/nm-device-bridge.c b/src/core/devices/nm-device-bridge.c
index 9a45dbf3fc..73effc50b4 100644
--- a/src/core/devices/nm-device-bridge.c
+++ b/src/core/devices/nm-device-bridge.c
@@ -712,7 +712,27 @@ master_update_slave_connection(NMDevice *device,
}
static gboolean
-bridge_set_vlan_options(NMDevice *device, NMSettingBridge *s_bridge)
+is_bridge_pvid_changed(NMDevice *device, NMSettingBridge *s_bridge)
+{
+ int ifindex = nm_device_get_ifindex(device);
+ const NMPlatformLnkBridge *nmp_link_br;
+ NMPlatform *platform = nm_device_get_platform(device);
+ bool desired_vlan_filtering = nm_setting_bridge_get_vlan_filtering(s_bridge);
+ guint16 desired_pvid = nm_setting_bridge_get_vlan_default_pvid(s_bridge);
+
+ nm_platform_link_refresh(platform, ifindex);
+ nmp_link_br = nm_platform_link_get_lnk_bridge(platform, ifindex, NULL);
+
+ if (nmp_link_br) {
+ return desired_vlan_filtering != nmp_link_br->vlan_filtering
+ || desired_pvid != nmp_link_br->default_pvid;
+ } else {
+ return TRUE;
+ }
+}
+
+static gboolean
+bridge_set_vlan_options(NMDevice *device, NMSettingBridge *s_bridge, gboolean is_reapply)
{
NMDeviceBridge *self = NM_DEVICE_BRIDGE(device);
gconstpointer hwaddr;
@@ -753,31 +773,37 @@ bridge_set_vlan_options(NMDevice *device, NMSettingBridge *s_bridge)
self->vlan_configured = TRUE;
- /* Filtering must be disabled to change the default PVID.
- * Clear the default PVID so that we later can force the re-creation of
- * default PVID VLANs by writing the option again. */
-
- nm_platform_link_set_bridge_info(
- plat,
- ifindex,
- &((NMPlatformLinkSetBridgeInfoData){.vlan_filtering_has = TRUE,
- .vlan_filtering_val = FALSE,
- .vlan_default_pvid_has = TRUE,
- .vlan_default_pvid_val = 0}));
+ if (!is_reapply || is_bridge_pvid_changed(device, s_bridge)) {
+ /* Filtering must be disabled to change the default PVID.
+ * Clear the default PVID so that we later can force the re-creation of
+ * default PVID VLANs by writing the option again. */
- /* Clear all existing VLANs */
- if (!nm_platform_link_set_bridge_vlans(plat, ifindex, FALSE, NULL))
- return FALSE;
+ if (is_reapply) {
+ _LOGD(LOGD_BRIDGE, "default_pvid is changed, resetting bridge VLAN filtering");
+ }
- /* Now set the default PVID. After this point the kernel creates
- * a PVID VLAN on each port, including the bridge itself. */
- pvid = nm_setting_bridge_get_vlan_default_pvid(s_bridge);
- if (pvid) {
nm_platform_link_set_bridge_info(
plat,
ifindex,
- &((NMPlatformLinkSetBridgeInfoData){.vlan_default_pvid_has = TRUE,
- .vlan_default_pvid_val = pvid}));
+ &((NMPlatformLinkSetBridgeInfoData){.vlan_filtering_has = TRUE,
+ .vlan_filtering_val = FALSE,
+ .vlan_default_pvid_has = TRUE,
+ .vlan_default_pvid_val = 0}));
+
+ /* Clear all existing VLANs */
+ if (!nm_platform_link_set_bridge_vlans(plat, ifindex, FALSE, NULL))
+ return FALSE;
+
+ /* Now set the default PVID. After this point the kernel creates
+ * a PVID VLAN on each port, including the bridge itself. */
+ pvid = nm_setting_bridge_get_vlan_default_pvid(s_bridge);
+ if (pvid) {
+ nm_platform_link_set_bridge_info(
+ plat,
+ ifindex,
+ &((NMPlatformLinkSetBridgeInfoData){.vlan_default_pvid_has = TRUE,
+ .vlan_default_pvid_val = pvid}));
+ }
}
/* Create VLANs only after setting the default PVID, so that
@@ -836,7 +862,7 @@ _platform_lnk_bridge_init_from_setting(NMSettingBridge *s_bridge, NMPlatformLnkB
}
static gboolean
-link_config(NMDevice *device, NMConnection *connection)
+link_config(NMDevice *device, NMConnection *connection, gboolean is_reapply)
{
int ifindex = nm_device_get_ifindex(device);
NMSettingBridge *s_bridge;
@@ -850,7 +876,7 @@ link_config(NMDevice *device, NMConnection *connection)
if (nm_platform_link_bridge_change(nm_device_get_platform(device), ifindex, &props) < 0)
return FALSE;
- return bridge_set_vlan_options(device, s_bridge);
+ return bridge_set_vlan_options(device, s_bridge, is_reapply);
}
static NMActStageReturn
@@ -861,7 +887,7 @@ act_stage1_prepare(NMDevice *device, NMDeviceStateReason *out_failure_reason)
connection = nm_device_get_applied_connection(device);
g_return_val_if_fail(connection, NM_ACT_STAGE_RETURN_FAILURE);
- if (!link_config(device, connection)) {
+ if (!link_config(device, connection, FALSE)) {
NM_SET_OUT(out_failure_reason, NM_DEVICE_STATE_REASON_CONFIG_FAILED);
return NM_ACT_STAGE_RETURN_FAILURE;
}
@@ -1003,7 +1029,7 @@ attach_port(NMDevice *device,
s_port = nm_connection_get_setting_bridge_port(connection);
if (!nm_device_sys_iface_state_is_external(device))
- bridge_set_vlan_options(device, s_bridge);
+ bridge_set_vlan_options(device, s_bridge, FALSE);
if (nm_setting_bridge_get_vlan_filtering(s_bridge)) {
gs_free const NMPlatformBridgeVlan **plat_vlans = NULL;
@@ -1218,8 +1244,7 @@ reapply_connection(NMDevice *device, NMConnection *con_old, NMConnection *con_ne
/* Make sure bridge_set_vlan_options() called by link_config()
* sets vlan_filtering and default_pvid anew. */
self->vlan_configured = FALSE;
-
- link_config(device, con_new);
+ link_config(device, con_new, TRUE);
}
/*****************************************************************************/
diff --git a/src/core/platform/tests/test-link.c b/src/core/platform/tests/test-link.c
index 8a54ac4853..fdece007bc 100644
--- a/src/core/platform/tests/test-link.c
+++ b/src/core/platform/tests/test-link.c
@@ -1403,6 +1403,8 @@ test_software_detect(gconstpointer user_data)
lnk_bridge.mcast_query_interval = 12000;
lnk_bridge.mcast_query_response_interval = 5200;
lnk_bridge.mcast_startup_query_interval = 3000;
+ lnk_bridge.vlan_filtering = FALSE;
+ lnk_bridge.default_pvid = 1;
if (!nmtstp_link_bridge_add(NULL, ext, DEVICE_NAME, &lnk_bridge))
g_error("Failed adding Bridge interface");
diff --git a/src/libnm-platform/nm-linux-platform.c b/src/libnm-platform/nm-linux-platform.c
index 99eab9c784..9b4ac14024 100644
--- a/src/libnm-platform/nm-linux-platform.c
+++ b/src/libnm-platform/nm-linux-platform.c
@@ -1515,6 +1515,8 @@ _parse_lnk_bridge(const char *kind, struct nlattr *info_data)
[IFLA_BR_MCAST_QUERY_INTVL] = {.type = NLA_U64},
[IFLA_BR_MCAST_QUERY_RESPONSE_INTVL] = {.type = NLA_U64},
[IFLA_BR_MCAST_STARTUP_QUERY_INTVL] = {.type = NLA_U64},
+ [IFLA_BR_VLAN_FILTERING] = {.type = NLA_U8},
+ [IFLA_BR_VLAN_DEFAULT_PVID] = {.type = NLA_U16},
};
NMPlatformLnkBridge *props;
struct nlattr *tb[G_N_ELEMENTS(policy)];
@@ -1585,6 +1587,10 @@ _parse_lnk_bridge(const char *kind, struct nlattr *info_data)
props->mcast_query_response_interval = nla_get_u64(tb[IFLA_BR_MCAST_QUERY_RESPONSE_INTVL]);
if (tb[IFLA_BR_MCAST_STARTUP_QUERY_INTVL])
props->mcast_startup_query_interval = nla_get_u64(tb[IFLA_BR_MCAST_STARTUP_QUERY_INTVL]);
+ if (tb[IFLA_BR_VLAN_FILTERING])
+ props->vlan_filtering = !!nla_get_u8(tb[IFLA_BR_VLAN_FILTERING]);
+ if (tb[IFLA_BR_VLAN_DEFAULT_PVID])
+ props->default_pvid = nla_get_u16(tb[IFLA_BR_VLAN_DEFAULT_PVID]);
return obj;
}
diff --git a/src/libnm-platform/nm-platform.c b/src/libnm-platform/nm-platform.c
index 041354cf44..3b61375bad 100644
--- a/src/libnm-platform/nm-platform.c
+++ b/src/libnm-platform/nm-platform.c
@@ -6086,7 +6086,8 @@ nm_platform_lnk_bridge_to_string(const NMPlatformLnkBridge *lnk, char *buf, gsiz
" mcast_querier_interval %" G_GUINT64_FORMAT
" mcast_query_interval %" G_GUINT64_FORMAT
" mcast_query_response_interval %" G_GUINT64_FORMAT
- " mcast_startup_query_interval %" G_GUINT64_FORMAT "",
+ " mcast_startup_query_interval %" G_GUINT64_FORMAT " vlan_filtering %d"
+ " default_pvid %" G_GUINT16_FORMAT "",
lnk->forward_delay,
lnk->hello_time,
lnk->max_age,
@@ -6109,7 +6110,9 @@ nm_platform_lnk_bridge_to_string(const NMPlatformLnkBridge *lnk, char *buf, gsiz
lnk->mcast_querier_interval,
lnk->mcast_query_interval,
lnk->mcast_query_response_interval,
- lnk->mcast_startup_query_interval);
+ lnk->mcast_startup_query_interval,
+ lnk->vlan_filtering,
+ lnk->default_pvid);
return buf;
}
@@ -7978,12 +7981,14 @@ nm_platform_lnk_bridge_hash_update(const NMPlatformLnkBridge *obj, NMHashState *
obj->mcast_router,
obj->mcast_query_response_interval,
obj->mcast_startup_query_interval,
+ obj->default_pvid,
NM_HASH_COMBINE_BOOLS(guint8,
obj->stp_state,
obj->mcast_querier,
obj->mcast_query_use_ifaddr,
obj->mcast_snooping,
- obj->vlan_stats_enabled));
+ obj->vlan_stats_enabled,
+ obj->vlan_filtering));
}
void
@@ -8124,6 +8129,8 @@ nm_platform_lnk_bridge_cmp(const NMPlatformLnkBridge *a, const NMPlatformLnkBrid
NM_CMP_FIELD(a, b, mcast_query_interval);
NM_CMP_FIELD(a, b, mcast_query_response_interval);
NM_CMP_FIELD(a, b, mcast_startup_query_interval);
+ NM_CMP_FIELD_BOOL(a, b, vlan_filtering);
+ NM_CMP_FIELD(a, b, default_pvid);
return 0;
}
diff --git a/src/libnm-platform/nm-platform.h b/src/libnm-platform/nm-platform.h
index aeea5c42db..a4410b0a7c 100644
--- a/src/libnm-platform/nm-platform.h
+++ b/src/libnm-platform/nm-platform.h
@@ -765,6 +765,8 @@ typedef struct {
bool mcast_snooping : 1;
bool stp_state : 1;
bool vlan_stats_enabled : 1;
+ bool vlan_filtering;
+ guint16 default_pvid;
} _nm_alignas(NMPlatformObject) NMPlatformLnkBridge;
extern const NMPlatformLnkBridge nm_platform_lnk_bridge_default;
--
2.43.0

@ -0,0 +1,50 @@
From e4fb80046cf36a7e210e8660ef50c93ef8971a5e Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Wed, 13 Mar 2024 10:47:31 +0100
Subject: [PATCH 1/2] nm-dispatcher: fix crash when parsing output dictionary
'stdout' is NULL when the script didn't write anything or failed.
Fixes the following crash detected by NMCI in test
'dispatcher_device_handler_dummy'.
nm-dispatcher[936339]: g_strsplit: assertion 'string != NULL' failed
build_result_options (nm-dispatcher)
complete_request (nm-dispatcher)
complete_script (nm-dispatcher)
script_watch_cb (nm-dispatcher)
g_child_watch_dispatch (libglib-2.0.so.0)
g_main_dispatch (libglib-2.0.so.0)
g_main_context_iterate (libglib-2.0.so.0)
g_main_context_iteration (libglib-2.0.so.0)
main (nm-dispatcher)
__libc_start_main (libc.so.6)
_start (nm-dispatcher)
Fixes: d72f26b87528 ('dispatcher: read device-handler's stdout into a dictionary')
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1889
(cherry picked from commit e5c2c5f1c2f55c139f39830651df2c901c3a0bf9)
(cherry picked from commit 669bf33de38a8a15e77662daadf94d6395838eee)
---
src/nm-dispatcher/nm-dispatcher.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/nm-dispatcher/nm-dispatcher.c b/src/nm-dispatcher/nm-dispatcher.c
index efb4ec0087..ce252b92bf 100644
--- a/src/nm-dispatcher/nm-dispatcher.c
+++ b/src/nm-dispatcher/nm-dispatcher.c
@@ -306,6 +306,9 @@ build_result_options(char *stdout)
char *key;
char *value;
+ if (!stdout)
+ return NULL;
+
lines = g_strsplit(stdout, "\n", 65);
for (i = 0; lines[i] && i < 64; i++) {
--
2.41.0

@ -0,0 +1,66 @@
From 8ff08068342d1d8efe1e6d6c9a241e3395641a76 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Thu, 21 Mar 2024 09:45:15 +0100
Subject: [PATCH 2/2] manager: fix race condition while enumerating devices at
startup
While enumerating devices at startup, we take a snapshot of existing
links from platform and we start creating device instances for
them. It's possible that in the meantime, while processing netlink
events in platform_link_added(), a link gets renamed. If that happens,
then we have two different views of the same ifindex: the cached link
from `links` and the link in platform.
This can cause issues: in platform_link_added() we create the device
with the cached name; then in NMDevice's constructor(), we look up
from platform the ifindex for the given name. Because of the rename,
this lookup can match a newly created, different link.
The end result is that the ifindex from the initial snapshot doesn't
get a NMDevice and is not handled by NetworkManager.
Fix this problem by fetching the latest version of the link from
platform to make sure we have a consistent view of the state.
https://issues.redhat.com/browse/RHEL-25808
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1897
(cherry picked from commit de130df3e2207dc015c4fa82ecf766be2851532c)
(cherry picked from commit 6f3739e76f1f31d71bc3fbd7a4b0955071d59cc4)
---
src/core/nm-manager.c | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
diff --git a/src/core/nm-manager.c b/src/core/nm-manager.c
index 7f94f7cd9c..a77ba9d3b1 100644
--- a/src/core/nm-manager.c
+++ b/src/core/nm-manager.c
@@ -4438,10 +4438,25 @@ platform_query_devices(NMManager *self)
links = nm_platform_link_get_all(priv->platform);
if (!links)
return;
+
for (i = 0; i < links->len; i++) {
- const NMPlatformLink *link = NMP_OBJECT_CAST_LINK(links->pdata[i]);
+ const NMPlatformLink *elem = NMP_OBJECT_CAST_LINK(links->pdata[i]);
+ const NMPlatformLink *link;
const NMConfigDeviceStateData *dev_state;
+ /*
+ * @links is an immutable snapshot of the platform links captured before
+ * the loop was started. It's possible that in the meantime, while
+ * processing netlink events in platform_link_added(), a link was
+ * renamed. If that happens, we have 2 different views of the same
+ * ifindex: the one from @links and the one from platform. This can
+ * cause race conditions; make sure to use the latest known version of
+ * the link.
+ */
+ link = nm_platform_link_get(priv->platform, elem->ifindex);
+ if (!link)
+ continue;
+
dev_state = nm_config_device_state_get(priv->config, link->ifindex);
platform_link_added(self,
link->ifindex,
--
2.41.0

@ -0,0 +1,31 @@
# This sets defaults for Wi-Fi profiles to set a generated, stable MAC address.
#
# Do not modify this file. You can hide/overwrite this file by placing a file
# to "/etc/NetworkManager/conf.d/22-wifi-mac-addr.conf". You can also add
# configuration snippets with higher priority that override this setting (see
# `man 5 NetworkManager.conf`). Most importantly, this snippet only sets
# default values for the profile. You can explicitly set the value for each
# profile, so that this default value is not used.
#
# For example, on a particular profile/network set
#
# $ nmcli connection modify "$PROFILE" wifi.cloned-mac-address permanent
#
# to use the hardware MAC address. This prevents the default from this file
# to take effect.
#
# Or
#
# $ nmcli connection modify "$PROFILE" wifi.cloned-mac-address stable connection.stable-id '${NETWORK_SSID}/${BOOT}'
#
# to get a generated MAC address that changes on each boot. Note how setting
# "connection.stable-id" also affects other aspects of the profile.
#
# See `man 5 nm-settings` for "wifi.cloned-mac-address" and "connection.stable-id".
[connection.22-wifi-mac-addr]
match-device=type:wifi
wifi.cloned-mac-address=stable-ssid
[.config]
enable=nm-version-min:1.45

@ -0,0 +1,84 @@
NetworkManager was built to automatically migrate connection profiles in
this directory to equivalent ones in keyfile format in directory
/etc/NetworkManager/system-connections.
You can check whether the migration is enabled via:
$ NetworkManager --print-config | grep migrate-ifcfg-rh
In case it is enabled, all files in this directory are migrated at startup.
To inspect where your connection files are currently stored use:
$ nmcli -f name,uuid,filename connection
Background
==========
The ifcfg format is deprecated and will be removed in future releases. For
more information see:
https://lists.freedesktop.org/archives/networkmanager/2023-May/000103.html
Connection profiles in keyfile format have many benefits. For example, this
format is INI file-based and can easily be parsed and generated.
Each section in NetworkManager keyfiles corresponds to a NetworkManager
setting name as described in the nm-settings(5) and nm-settings-keyfile(5)
man pages. Each key-value pair in a section is one of the properties listed
in the settings specification of the man page.
How to keep using ifcfg
=======================
If you want to keep using connection profiles in ifcfg format, you need to:
- disable the automatic migration to keyfile by setting
"migrate-ifcfg-rh=false" in the [main] section of NetworkManager
configuration;
- optionally, set "plugins=ifcfg-rh" in the [main] section of
NetworkManager configuration so that new profiles are created in ifcfg
format.
At this point, you can migrate all your files back via
nmcli connection migrate --plugin ifcfg-rh
Or, if you prefer to migrate only specific connections:
nmcli connection migrate --plugin ifcfg-rh <profile_name|UUID>
Note that some connection types are not supported by the ifcfg plugin.
Interface renaming
==================
Connection profiles stored in ifcfg-rh format support the renaming of
interfaces via udev. This is done via a helper tool
/usr/lib/udev/rename_device that is invoked by udev to parse the files
in /etc/sysconfig/network-scripts; when the HWADDR and DEVICE
variables are set, the interface that matches the MAC address in
HWADDR is renamed to the name specified in DEVICE.
Connections in keyfile format don't provide the same integration with
udev. The renaming of interfaces must be configured directly in udev,
for example by creating a file:
/etc/systemd/network/70-rename.link
with content:
[Match]
MACAddress=00:11:22:33:44:56
[Link]
Name=ethernet1
Alternatively, a udev rule can also be used, such as:
/etc/udev/rules.d/70-interface-names.rules
with content:
SUBSYSTEM=="net",ACTION=="add",ATTR{address}=="00:11:22:33:44:56",ATTR{type}=="1",NAME="ethernet1"

@ -1,12 +1,13 @@
%global wpa_supplicant_version 1:1.1 %global wpa_supplicant_version 1:1.1
%global ppp_version %(pkg-config --modversion pppd 2>/dev/null || sed -n 's/^#define\\s*VERSION\\s*"\\([^\\s]*\\)"$/\\1/p' %{_includedir}/pppd/patchlevel.h 2>/dev/null | grep . || echo bad) %global ppp_version %(pkg-config --modversion pppd 2>/dev/null || sed -n 's/^#define\\s*VERSION\\s*"\\([^\\s]*\\)"$/\\1/p' %{_includedir}/pppd/patchlevel.h 2>/dev/null | grep . || echo bad)
%global glib2_version %(pkg-config --modversion glib-2.0 2>/dev/null || echo bad) %global glib2_version %(pkg-config --modversion glib-2.0 2>/dev/null || echo bad)
%global epoch_version 1 %global epoch_version 1
%global real_version 1.44.0 %global real_version 1.46.0
%global rpm_version %{real_version} %global rpm_version %{real_version}
%global release_version 5 %global release_version 4
%global snapshot %{nil} %global snapshot %{nil}
%global git_sha %{nil} %global git_sha %{nil}
%global bcond_default_debug 0 %global bcond_default_debug 0
@ -155,12 +156,18 @@
%global split_ifcfg_rh 0 %global split_ifcfg_rh 0
%endif %endif
%if 0%{?fedora} >= 36 || 0%{?rhel} >= 9 %if (0%{?fedora} >= 36 && 0%{?fedora} < 39) || 0%{?rhel} >= 9
%global ifcfg_warning 1 %global ifcfg_warning 1
%else %else
%global ifcfg_warning 0 %global ifcfg_warning 0
%endif %endif
%if 0%{?fedora} >= 39
%global ifcfg_migrate 1
%else
%global ifcfg_migrate 0
%endif
%if 0%{?fedora} %if 0%{?fedora}
# Although eBPF would be available on Fedora's kernel, it seems # Although eBPF would be available on Fedora's kernel, it seems
# we often get SELinux denials (rh#1651654). But even aside them, # we often get SELinux denials (rh#1651654). But even aside them,
@ -185,7 +192,7 @@ Epoch: %{epoch_version}
Version: %{rpm_version} Version: %{rpm_version}
Release: %{release_version}%{?snap}%{?dist} Release: %{release_version}%{?snap}%{?dist}
Group: System Environment/Base Group: System Environment/Base
License: GPLv2+ and LGPLv2+ License: GPL-2.0-or-later AND LGPL-2.1-or-later
URL: https://networkmanager.dev/ URL: https://networkmanager.dev/
Source: https://download.gnome.org/sources/NetworkManager/%{real_version_major}/%{name}-%{real_version}.tar.xz Source: https://download.gnome.org/sources/NetworkManager/%{real_version_major}/%{name}-%{real_version}.tar.xz
@ -193,19 +200,24 @@ Source1: NetworkManager.conf
Source2: 00-server.conf Source2: 00-server.conf
Source4: 20-connectivity-fedora.conf Source4: 20-connectivity-fedora.conf
Source5: 20-connectivity-redhat.conf Source5: 20-connectivity-redhat.conf
Source6: 70-nm-connectivity.conf Source6: 22-wifi-mac-addr.conf
Source7: readme-ifcfg-rh.txt Source7: 70-nm-connectivity.conf
Source8: readme-ifcfg-rh.txt
Source9: readme-ifcfg-rh-migrated.txt
# RHEL downstream patches that change behavior from upstream. # RHEL downstream patches that change behavior from upstream.
# These are not bugfixes, hence they are also relevant after # These are not bugfixes, hence they are also relevant after
# the next rebase of the source tarball. # the next rebase of the source tarball.
# Patch0001: 0001-some.patch # Patch0001: 0001-some.patch
Patch0001: 0001-revert-change-default-value-for-ipv4.dad-timeout-from-0-to-200ms.patch
# Bugfixes that are only relevant until next rebase of the package. # Bugfixes that are only relevant until next rebase of the package.
Patch1001: 1001-nm-manager-ensure-device-is-exported-on-D-Bus-in-aut-rhbz2210271.patch # Patch1001: 1001-some.patch
Patch1002: 1002-checkpoint-Fix-segfault-crash-when-rollback-rhel-1526.patch Patch1001: 1001-drop-privateusers-directive-from-nm-cloud-setup-rhel27053.patch
Patch1003: 1003-better-way-for-dns-changes-RHEL-14889.patch Patch1002: 1002-allow-rollback-on-internal-global-dns-rhel-29725.patch
Patch1004: 1004-bridge-skip-VLAN-filtering-resetting-in-reapply-RHEL-25061.patch Patch1003: 1003-do-not-allow-ovs-bridge-and-port-to-be-parent-rhel-28545.patch
Patch1004: 1004-nm-dispatcher-fix-crash-rhel28973.patch
Patch1005: 1005-fix-race-condition-while-enumerating-devices-rhel25808.patch
Requires(post): systemd Requires(post): systemd
%if 0%{?fedora} || 0%{?rhel} >= 8 %if 0%{?fedora} || 0%{?rhel} >= 8
@ -224,7 +236,7 @@ Requires: libndp >= %{libndp_version}
%endif %endif
Obsoletes: NetworkManager < %{obsoletes_device_plugins} Obsoletes: NetworkManager < %{obsoletes_device_plugins}
Obsoletes: NetworkManager < %{obsoletes_ppp_plugin} Obsoletes: NetworkManager < %{obsoletes_ppp_plugin}
Obsoletes: NetworkManager-wimax < 1.2 Obsoletes: NetworkManager-wimax < 1:1.2
%if 0%{?rhel} && 0%{?rhel} == 8 %if 0%{?rhel} && 0%{?rhel} == 8
Suggests: NetworkManager-initscripts-updown Suggests: NetworkManager-initscripts-updown
%endif %endif
@ -295,21 +307,10 @@ BuildRequires: mobile-broadband-provider-info-devel
BuildRequires: newt-devel BuildRequires: newt-devel
%endif %endif
BuildRequires: /usr/bin/dbus-launch BuildRequires: /usr/bin/dbus-launch
%if 0%{?fedora} >= 28 || 0%{?rhel} >= 8
BuildRequires: python3 BuildRequires: python3
BuildRequires: python3-gobject-base BuildRequires: python3-gobject-base
BuildRequires: python3-dbus BuildRequires: python3-dbus
BuildRequires: python3-pexpect BuildRequires: python3-pexpect
%else
BuildRequires: python2
BuildRequires: pygobject3-base
BuildRequires: dbus-python
BuildRequires: pexpect
%if 0%{?rhel} >= 7 && %{with meson}
BuildRequires: python36-dbus
BuildRequires: python36-gobject
%endif
%endif
BuildRequires: libselinux-devel BuildRequires: libselinux-devel
BuildRequires: polkit-devel BuildRequires: polkit-devel
BuildRequires: jansson-devel BuildRequires: jansson-devel
@ -392,7 +393,7 @@ Obsoletes: NetworkManager < %{obsoletes_device_plugins}
# Team was split from main NM binary between 0.9.10 and 1.0 # Team was split from main NM binary between 0.9.10 and 1.0
# We need this Obsoletes in addition to the one above # We need this Obsoletes in addition to the one above
# (git:3aede801521ef7bff039e6e3f1b3c7b566b4338d). # (git:3aede801521ef7bff039e6e3f1b3c7b566b4338d).
Obsoletes: NetworkManager < 1.0.0 Obsoletes: NetworkManager < 1:1.0.0
%endif %endif
%description team %description team
@ -480,7 +481,7 @@ This package contains NetworkManager support for PPP.
Summary: Libraries for adding NetworkManager support to applications. Summary: Libraries for adding NetworkManager support to applications.
Group: Development/Libraries Group: Development/Libraries
Conflicts: NetworkManager-glib < 1:1.31.0 Conflicts: NetworkManager-glib < 1:1.31.0
License: LGPLv2+ License: LGPL-2.1-or-later
%description libnm %description libnm
This package contains the libraries that make it easier to use some This package contains the libraries that make it easier to use some
@ -493,7 +494,7 @@ Group: Development/Libraries
Requires: %{name}-libnm%{?_isa} = %{epoch}:%{version}-%{release} Requires: %{name}-libnm%{?_isa} = %{epoch}:%{version}-%{release}
Requires: glib2-devel Requires: glib2-devel
Requires: pkgconfig Requires: pkgconfig
License: LGPLv2+ License: LGPL-2.1-or-later
%description libnm-devel %description libnm-devel
This package contains the header and pkg-config files for development This package contains the header and pkg-config files for development
@ -742,6 +743,9 @@ Preferably use nmcli instead.
-Ddist_version=%{version}-%{release} \ -Ddist_version=%{version}-%{release} \
%if %{?config_plugins_default_ifcfg_rh} %if %{?config_plugins_default_ifcfg_rh}
-Dconfig_plugins_default=ifcfg-rh \ -Dconfig_plugins_default=ifcfg-rh \
%endif
%if %{?ifcfg_migrate}
-Dconfig_migrate_ifcfg_rh_default=true \
%endif %endif
-Dresolvconf=no \ -Dresolvconf=no \
-Dnetconfig=no \ -Dnetconfig=no \
@ -887,6 +891,9 @@ autoreconf --install --force
--with-dist-version=%{version}-%{release} \ --with-dist-version=%{version}-%{release} \
%if %{?config_plugins_default_ifcfg_rh} %if %{?config_plugins_default_ifcfg_rh}
--with-config-plugins-default=ifcfg-rh \ --with-config-plugins-default=ifcfg-rh \
%endif
%if %{?ifcfg_migrate}
--with-config-migrate-ifcfg-rh-default=yes \
%endif %endif
--with-resolvconf=no \ --with-resolvconf=no \
--with-netconfig=no \ --with-netconfig=no \
@ -915,11 +922,18 @@ cp %{SOURCE4} %{buildroot}%{nmlibdir}/conf.d/
%if %{with connectivity_redhat} %if %{with connectivity_redhat}
cp %{SOURCE5} %{buildroot}%{nmlibdir}/conf.d/ cp %{SOURCE5} %{buildroot}%{nmlibdir}/conf.d/
mkdir -p %{buildroot}%{_sysctldir} mkdir -p %{buildroot}%{_sysctldir}
cp %{SOURCE6} %{buildroot}%{_sysctldir} cp %{SOURCE7} %{buildroot}%{_sysctldir}
%endif
%if 0%{?fedora} >= 40
cp %{SOURCE6} %{buildroot}%{nmlibdir}/conf.d/
%endif %endif
%if 0%{?ifcfg_warning} %if 0%{?ifcfg_warning}
cp %{SOURCE7} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts cp %{SOURCE8} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts
%endif
%if 0%{?ifcfg_migrate}
cp %{SOURCE9} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/readme-ifcfg-rh.txt
%endif %endif
cp examples/dispatcher/10-ifcfg-rh-routes.sh %{buildroot}%{nmlibdir}/dispatcher.d/ cp examples/dispatcher/10-ifcfg-rh-routes.sh %{buildroot}%{nmlibdir}/dispatcher.d/
@ -1066,6 +1080,9 @@ fi
%dir %{_sysconfdir}/%{name}/dnsmasq-shared.d %dir %{_sysconfdir}/%{name}/dnsmasq-shared.d
%dir %{_sysconfdir}/%{name}/system-connections %dir %{_sysconfdir}/%{name}/system-connections
%config(noreplace) %{_sysconfdir}/%{name}/NetworkManager.conf %config(noreplace) %{_sysconfdir}/%{name}/NetworkManager.conf
%if 0%{?fedora} >= 40
%{nmlibdir}/conf.d/22-wifi-mac-addr.conf
%endif
%ghost %{_sysconfdir}/%{name}/VPN %ghost %{_sysconfdir}/%{name}/VPN
%{_bindir}/nm-online %{_bindir}/nm-online
%{_libexecdir}/nm-dhcp-helper %{_libexecdir}/nm-dhcp-helper
@ -1112,7 +1129,7 @@ fi
%{_unitdir}/nm-priv-helper.service %{_unitdir}/nm-priv-helper.service
%dir %{_datadir}/doc/NetworkManager/examples %dir %{_datadir}/doc/NetworkManager/examples
%{_datadir}/doc/NetworkManager/examples/server.conf %{_datadir}/doc/NetworkManager/examples/server.conf
%if 0%{?ifcfg_warning} %if 0%{?ifcfg_warning} || 0%{?ifcfg_migrate}
%{_sysconfdir}/sysconfig/network-scripts/readme-ifcfg-rh.txt %{_sysconfdir}/sysconfig/network-scripts/readme-ifcfg-rh.txt
%endif %endif
%doc NEWS AUTHORS README.md CONTRIBUTING.md %doc NEWS AUTHORS README.md CONTRIBUTING.md
@ -1255,11 +1272,81 @@ fi
%changelog %changelog
* Wed Feb 21 2024 Fernando Fernandez Mancera <ferferna@redhat.com> - 1:1.44.0-5 * Tue Mar 26 2024 Beniamino Galvani <bgalvani@redhat.com> - 1:1.46.0-4
- skip VLAN filtering resetting in reapply if no vlan change changed (RHEL-25061) - Fix nm-dispatcher crash (RHEL-28973)
- Fix race condition while enumerating devices (RHEL-25808)
* Fri Nov 17 2023 Íñigo Huguet <ihuguet@redhat.com> - 1:1.44.0-4
- Add 'dns-change' dispatch event (RHEL-14889) * Fri Mar 22 2024 Fernando Fernandez Mancera <ferferna@redhat.com> - 1:1.46.0-3
- Upgrade release number to build with the right target
* Wed Mar 20 2024 Fernando Fernandez Mancera <ferferna@redhat.com> - 1.46.0-2
- Drop PrivateUser directive from nm-cloud-setup service (RHEL-27503)
- Support rollback on global DNS (RHEL-29725)
- Do not allow OVS bridge or port to be parent (RHEL-28545)
* Thu Feb 22 2024 Stanislas FAYE <sfaye@redhat.com> - 1.46.0-1
- Update to 1.46.0 release
- Fix DHCPv4 lease can't be renewed after it expires (RHEL-24127)
- Support the MACsec offload mode (RHEL-24337)
- Support creating generic devices via external "device-handler" dispatcher (RHEL-1567)
- Support changing the eswitch mode (RHEL-1441)
* Fri Feb 09 2024 Íñigo Huguet <ihuguet@redhat.com> - 1.45.91-1
- Update to 1.45.91 release (release candidate)
- Support changing the DSCP header field for DHCP packets, and set the default to CS0 (RHEL-16040)
- Deprecate connection.autoconnect-slaves in favour of autoconnect-ports (RHEL-17621)
- Don't reset bridge's PVID in reapply if it didn't change (RHEL-21576)
* Thu Jan 25 2024 Stanislas FAYE <sfaye@redhat.com> - 1.45.90-1
- Update to 1.45.90 release (release candidate)
- Deprecate and Replace connection.slave-type in libnm-core and libnm (RHEL-17620)
- [RFE] Support assigning IPv4 static route to interface without IPv4 address (RHEL-5098)
* Mon Jan 15 2024 Stanislas FAYE <sfaye@redhat.com> - 1.45.10-1
- Update to 1.45.10 (development)
- Deprecate and Replace connection.master in libnm-core and libnm (RHEL-17619)
* Thu Dec 14 2023 Ján Václav <jvaclav@redhat.com> - 1.45.9-1
- Update to 1.45.9 (development)
- Add support for PRP/HSR interface (RHEL-5852)
- Drop support for the 'slaves-order' option in NetworkManager.conf (RHEL-19437)
- Return error when setting invalid IP addresses or properties via D-Bus (RHEL-19315)
- Fix extra route being created besides ECMP route (RHEL-1682)
* Wed Nov 29 2023 Beniamino Galvani <bgalvani@redhat.com> - 1.45.8-1
- Update to 1.45.8 (development)
- Introduce "stable-ssid" option for wifi.cloned-mac-address property (RHEL-16470)
* Thu Nov 16 2023 Íñigo Huguet <ihuguet@redhat.com> - 1.45.7-1
- Update to 1.45.7 release (development)
- Migrate to SPDX license
* Wed Nov 1 2023 Beniamino Galvani <bgalvani@redhat.com> - 1.45.6-1
- Update to 1.45.6 release (development)
- Fix ovs activation with netdev datapath and cloned MAC (RHEL-5886)
* Wed Oct 18 2023 Íñigo Huguet <ihuguet@redhat.com> - 1.45.5-1
- Update to 1.45.5 release (development)
- Various fixes to Duplicate Address Detection (DAD) (RHEL-1581, RHEL-1411)
- New option to avoid sending the DHCPv4 client-identifier (RHEL-1469)
- Support setting channels in ethtool options (RHEL-1471)
* Wed Oct 04 2023 Íñigo Huguet <ihuguet@redhat.com> - 1.45.4-1
- Update to 1.45.4 release (development)
- Add 'dns-change' dispatcher event (RHEL-1671)
* Fri Sep 22 2023 Beniamino Galvani <bgalvani@redhat.com> - 1.45.3-1
- Update to 1.45.3 release (development)
- Improve explanation of the format and routes properties in keyfile man page (RHEL-1407)
- Improve nm-settings-nmcli manpage to show format and valid values of properties (RHEL-2465)
- Honor the autoactivate priority for port connections (RHEL-2202)
- Properly document valid values for ip-tunnel properties (RHEL-1459)
* Wed Sep 6 2023 Beniamino Galvani <bgalvani@redhat.com> - 1.45.2-1
- update to 1.45.2 release (development)
* Mon Sep 04 2023 Gris Ge <fge@redhat.com> - 1.44.0-4
- Rebuild for RHEL 9.4
* Wed Aug 30 2023 Fernando Fernandez Mancera <ferferna@redhat.com> - 1:1.44.0-3 * Wed Aug 30 2023 Fernando Fernandez Mancera <ferferna@redhat.com> - 1:1.44.0-3
- checkpoint: Fix segfault crash when rollback (rhel-1526) - checkpoint: Fix segfault crash when rollback (rhel-1526)

Loading…
Cancel
Save