diff --git a/.NetworkManager.metadata b/.NetworkManager.metadata index 51191f7..0241921 100644 --- a/.NetworkManager.metadata +++ b/.NetworkManager.metadata @@ -1 +1 @@ -3c11d700a2e81a7abce285ab94d015ac966f59d3 SOURCES/NetworkManager-1.46.0.tar.xz +6423adef5f4bb2c0cc20c2173e03a7ac8b8565ca SOURCES/NetworkManager-1.48.10.tar.xz diff --git a/.gitignore b/.gitignore index 32f1f94..81fa116 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/NetworkManager-1.46.0.tar.xz +SOURCES/NetworkManager-1.48.10.tar.xz diff --git a/SOURCES/1001-cloud-setup-allow-bigger-restart-bursts-rhel-56740.patch b/SOURCES/1001-cloud-setup-allow-bigger-restart-bursts-rhel-56740.patch new file mode 100644 index 0000000..fb9876b --- /dev/null +++ b/SOURCES/1001-cloud-setup-allow-bigger-restart-bursts-rhel-56740.patch @@ -0,0 +1,45 @@ +From 065584036f8072c994a8bdab210bcfd0ff483960 Mon Sep 17 00:00:00 2001 +From: Lubomir Rintel +Date: Tue, 27 Aug 2024 00:29:17 +0200 +Subject: [PATCH] cloud-setup: allow bigger restart bursts + +On daemon startup, we may end up enqueueing many nm-cloud-setup.service +restarts in very a short time. That is perfectly fine, just bump the +thresholds so that systemd doesn't get in the way too quickly. + +100 requests in 1 seconds seem like a fair choice -- little bit on the +conservative side, yet still giving the service manager some room to +interfere on a chance things really go awry. + +https://issues.redhat.com/browse/RHEL-49694 +(cherry picked from commit 927cff9f178911b2a146259a89bfcc9727cbd8c3) +(cherry picked from commit 4dc35c72744f8820575ab0ea4638c4ddd880547d) +--- + src/nm-cloud-setup/nm-cloud-setup.service.in | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/src/nm-cloud-setup/nm-cloud-setup.service.in b/src/nm-cloud-setup/nm-cloud-setup.service.in +index e73654d892..ecb70e1c8e 100644 +--- a/src/nm-cloud-setup/nm-cloud-setup.service.in ++++ b/src/nm-cloud-setup/nm-cloud-setup.service.in +@@ -8,6 +8,17 @@ After=NetworkManager.service + Type=oneshot + ExecStart=@libexecdir@/nm-cloud-setup + ++# The service restart gets triggered from dispatcher script ++# (pre-up and dhcp4-change actions), possibly ending up with many ++# restart requests at the same time (e.g. on initial daemon startup ++# on a machine with multiple NICs). The systemd handles multiple ++# concurrent restart requests gracefully (the newer requests supersede ++# older, which wait for them to finish), but the default limits are way ++# too low: 5 restarts in 10 seconds. Raise that high enough for us to ++# be on the safe side. ++StartLimitIntervalSec=1 ++StartLimitBurst=100 ++ + #Environment=NM_CLOUD_SETUP_LOG=TRACE + + # Cloud providers are disabled by default. You need to +-- +2.46.0 + diff --git a/SOURCES/1001-drop-privateusers-directive-from-nm-cloud-setup-rhel27053.patch b/SOURCES/1001-drop-privateusers-directive-from-nm-cloud-setup-rhel27053.patch deleted file mode 100644 index 372b0f4..0000000 --- a/SOURCES/1001-drop-privateusers-directive-from-nm-cloud-setup-rhel27053.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 6e84d852487f070ab3f61c24d78fc05338f171f6 Mon Sep 17 00:00:00 2001 -From: Fernando Fernandez Mancera -Date: Wed, 20 Mar 2024 19:10:45 +0100 -Subject: [PATCH] cloud: drop PrivateUsers directive from nm-cloud-setup - -https://issues.redhat.com/browse/RHEL-27503 ---- - src/nm-cloud-setup/nm-cloud-setup.service.in | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/src/nm-cloud-setup/nm-cloud-setup.service.in b/src/nm-cloud-setup/nm-cloud-setup.service.in -index e73654d892..4aa6017e48 100644 ---- a/src/nm-cloud-setup/nm-cloud-setup.service.in -+++ b/src/nm-cloud-setup/nm-cloud-setup.service.in -@@ -28,7 +28,6 @@ MemoryDenyWriteExecute=yes - NoNewPrivileges=yes - PrivateDevices=yes - PrivateTmp=yes --PrivateUsers=yes - ProtectClock=yes - ProtectControlGroups=yes - ProtectHome=yes --- -2.44.0 - diff --git a/SOURCES/1002-allow-rollback-on-internal-global-dns-rhel-29725.patch b/SOURCES/1002-allow-rollback-on-internal-global-dns-rhel-29725.patch deleted file mode 100644 index 49d3107..0000000 --- a/SOURCES/1002-allow-rollback-on-internal-global-dns-rhel-29725.patch +++ /dev/null @@ -1,235 +0,0 @@ -From ba47f23b08bb59ec2daf6bce73a94182d8028c82 Mon Sep 17 00:00:00 2001 -From: Gris Ge -Date: Wed, 13 Mar 2024 20:52:37 +0800 -Subject: [PATCH] checkpoint: Allow rollback on internal global DNS - -With `NM_CHECKPOINT_CREATE_FLAG_TRACK_INTERNAL_GLOBAL_DNS` flag set on -checkpoint creation, the checkpoint rollback will restore the -global DNS in internal configure file -`/var/lib/NetworkManager/NetworkManager-intern.conf`. - -If user has set global DNS in /etc folder, this flag will not take any -effect. - -Resolves: https://issues.redhat.com/browse/RHEL-23446 - -Signed-off-by: Gris Ge -(cherry picked from commit 86d67da28dd047a08a01687d8154b377d1c25b4c) -(cherry picked from commit 69d5761fa87bb85df037ad9044c03dd1922d3ee4) ---- - src/core/nm-checkpoint.c | 28 ++++++++++++++ - src/core/nm-config-data.c | 47 +++++++++++++++++++++++ - src/core/nm-config-data.h | 3 +- - src/core/nm-manager.c | 11 +++++- - src/core/nm-manager.h | 3 ++ - src/libnm-core-public/nm-dbus-interface.h | 6 +++ - 6 files changed, 96 insertions(+), 2 deletions(-) - -diff --git a/src/core/nm-checkpoint.c b/src/core/nm-checkpoint.c -index 74adf48477..cc5c189bf9 100644 ---- a/src/core/nm-checkpoint.c -+++ b/src/core/nm-checkpoint.c -@@ -13,6 +13,7 @@ - #include "nm-core-utils.h" - #include "nm-dbus-interface.h" - #include "devices/nm-device.h" -+#include "nm-config.h" - #include "nm-manager.h" - #include "settings/nm-settings.h" - #include "settings/nm-settings-connection.h" -@@ -55,6 +56,8 @@ struct _NMCheckpointPrivate { - - NMCheckpointTimeoutCallback timeout_cb; - gpointer timeout_data; -+ -+ NMGlobalDnsConfig *global_dns_config; - }; - - struct _NMCheckpointClass { -@@ -491,6 +494,17 @@ next_dev: - } - } - } -+ if (NM_FLAGS_HAS(priv->flags, NM_CHECKPOINT_CREATE_FLAG_TRACK_INTERNAL_GLOBAL_DNS) -+ && priv->global_dns_config) { -+ gs_free_error GError *error = NULL; -+ NMConfig *config; -+ -+ config = nm_manager_get_config(priv->manager); -+ nm_assert(config); -+ if (!nm_config_set_global_dns(config, priv->global_dns_config, &error)) { -+ _LOGE("set global DNS failed with error: %s", error->message); -+ } -+ } - - return g_variant_new("(a{su})", &builder); - } -@@ -742,6 +756,19 @@ nm_checkpoint_new(NMManager *manager, - NM_MANAGER_DEVICE_REMOVED, - G_CALLBACK(_device_removed), - self); -+ if (NM_FLAGS_HAS(flags, NM_CHECKPOINT_CREATE_FLAG_TRACK_INTERNAL_GLOBAL_DNS)) { -+ NMConfigData *config_data; -+ NMGlobalDnsConfig *dns_config = NULL; -+ -+ config_data = nm_config_get_data(nm_manager_get_config(manager)); -+ if (config_data) { -+ dns_config = nm_config_data_get_global_dns_config(config_data); -+ if (!dns_config || nm_global_dns_config_is_internal(dns_config)) { -+ priv->global_dns_config = nm_global_dns_config_clone(dns_config); -+ } -+ } -+ } -+ - return self; - } - -@@ -756,6 +783,7 @@ dispose(GObject *object) - nm_clear_pointer(&priv->devices, g_hash_table_unref); - nm_clear_pointer(&priv->connection_uuids, g_hash_table_unref); - nm_clear_pointer(&priv->removed_devices, g_ptr_array_unref); -+ nm_global_dns_config_free(priv->global_dns_config); - - nm_clear_g_signal_handler(priv->manager, &priv->dev_removed_id); - g_clear_object(&priv->manager); -diff --git a/src/core/nm-config-data.c b/src/core/nm-config-data.c -index 468e56b821..d4498edd88 100644 ---- a/src/core/nm-config-data.c -+++ b/src/core/nm-config-data.c -@@ -2436,3 +2436,50 @@ nm_config_data_class_init(NMConfigDataClass *config_class) - - g_object_class_install_properties(object_class, _PROPERTY_ENUMS_LAST, obj_properties); - } -+ -+static NMGlobalDnsDomain * -+nm_global_dns_domain_clone(NMGlobalDnsDomain *old_domain) -+{ -+ if (old_domain) { -+ NMGlobalDnsDomain *new_domain = g_malloc0(sizeof(NMGlobalDnsDomain)); -+ new_domain->name = g_strdup(old_domain->name); -+ new_domain->servers = (char **) nm_strv_dup(old_domain->servers, -1, TRUE); -+ new_domain->options = (char **) nm_strv_dup(old_domain->options, -1, TRUE); -+ return new_domain; -+ } else { -+ return NULL; -+ } -+} -+ -+NMGlobalDnsConfig * -+nm_global_dns_config_clone(NMGlobalDnsConfig *old_dns_config) -+{ -+ NMGlobalDnsConfig *new_dns_config; -+ gpointer key, value; -+ NMGlobalDnsDomain *old_domain; -+ GHashTableIter iter; -+ -+ new_dns_config = g_malloc0(sizeof(NMGlobalDnsConfig)); -+ new_dns_config->internal = TRUE; -+ -+ if (old_dns_config) { -+ new_dns_config->internal = old_dns_config->internal; -+ new_dns_config->searches = nm_strv_dup(old_dns_config->searches, -1, TRUE); -+ new_dns_config->options = nm_strv_dup(old_dns_config->options, -1, TRUE); -+ new_dns_config->domains = g_hash_table_new_full(nm_str_hash, -+ g_str_equal, -+ g_free, -+ (GDestroyNotify) global_dns_domain_free); -+ if (old_dns_config->domains) { -+ g_hash_table_iter_init(&iter, old_dns_config->domains); -+ while (g_hash_table_iter_next(&iter, &key, &value)) { -+ old_domain = value; -+ g_hash_table_insert(new_dns_config->domains, -+ g_strdup(key), -+ nm_global_dns_domain_clone(old_domain)); -+ } -+ } -+ global_dns_config_seal_domains(new_dns_config); -+ } -+ return new_dns_config; -+} -diff --git a/src/core/nm-config-data.h b/src/core/nm-config-data.h -index 9e7a50fc24..0344ce9055 100644 ---- a/src/core/nm-config-data.h -+++ b/src/core/nm-config-data.h -@@ -280,7 +280,8 @@ int nm_global_dns_config_cmp(const NMGlobalDnsConfig *a, - const NMGlobalDnsConfig *b, - gboolean check_internal); - void nm_global_dns_config_update_checksum(const NMGlobalDnsConfig *dns_config, GChecksum *sum); --void nm_global_dns_config_free(NMGlobalDnsConfig *dns_config); -+NMGlobalDnsConfig *nm_global_dns_config_clone(NMGlobalDnsConfig *dns_config); -+void nm_global_dns_config_free(NMGlobalDnsConfig *dns_config); - - NMGlobalDnsConfig *nm_global_dns_config_from_dbus(const GValue *value, GError **error); - void nm_global_dns_config_to_dbus(const NMGlobalDnsConfig *dns_config, GValue *value); -diff --git a/src/core/nm-manager.c b/src/core/nm-manager.c -index 730ba4763b..6739e5599e 100644 ---- a/src/core/nm-manager.c -+++ b/src/core/nm-manager.c -@@ -8458,7 +8458,8 @@ impl_manager_checkpoint_create(NMDBusObject *obj, - | NM_CHECKPOINT_CREATE_FLAG_DELETE_NEW_CONNECTIONS - | NM_CHECKPOINT_CREATE_FLAG_DISCONNECT_NEW_DEVICES - | NM_CHECKPOINT_CREATE_FLAG_ALLOW_OVERLAPPING -- | NM_CHECKPOINT_CREATE_FLAG_NO_PRESERVE_EXTERNAL_PORTS)))) { -+ | NM_CHECKPOINT_CREATE_FLAG_NO_PRESERVE_EXTERNAL_PORTS -+ | NM_CHECKPOINT_CREATE_FLAG_TRACK_INTERNAL_GLOBAL_DNS)))) { - g_dbus_method_invocation_return_error_literal(invocation, - NM_MANAGER_ERROR, - NM_MANAGER_ERROR_INVALID_ARGUMENTS, -@@ -9765,3 +9766,11 @@ nm_manager_class_init(NMManagerClass *manager_class) - 1, - NM_TYPE_DEVICE); - } -+ -+NMConfig * -+nm_manager_get_config(NMManager *self) -+{ -+ NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE(self); -+ -+ return priv->config; -+} -diff --git a/src/core/nm-manager.h b/src/core/nm-manager.h -index 3028eb7ebe..3c5213c4f2 100644 ---- a/src/core/nm-manager.h -+++ b/src/core/nm-manager.h -@@ -10,6 +10,7 @@ - #include "settings/nm-settings-connection.h" - #include "c-list/src/c-list.h" - #include "nm-dbus-manager.h" -+#include "nm-config-data.h" - - #define NM_TYPE_MANAGER (nm_manager_get_type()) - #define NM_MANAGER(obj) (_NM_G_TYPE_CHECK_INSTANCE_CAST((obj), NM_TYPE_MANAGER, NMManager)) -@@ -266,4 +267,6 @@ gboolean nm_manager_devcon_autoconnect_blocked_reason_set(NMManager * - NMSettingsAutoconnectBlockedReason value, - gboolean set); - -+NMConfig *nm_manager_get_config(NMManager *self); -+ - #endif /* __NETWORKMANAGER_MANAGER_H__ */ -diff --git a/src/libnm-core-public/nm-dbus-interface.h b/src/libnm-core-public/nm-dbus-interface.h -index 66cd590d6c..ab94244c21 100644 ---- a/src/libnm-core-public/nm-dbus-interface.h -+++ b/src/libnm-core-public/nm-dbus-interface.h -@@ -991,6 +991,11 @@ typedef enum { - * With this flag, the rollback detaches all external ports. - * This only has an effect for bridge ports. Before 1.38, this was the default - * behavior. Since: 1.38. -+ * @NM_CHECKPOINT_CREATE_FLAG_TRACK_INTERNAL_GLOBAL_DNS: during rollback, -+ * by default changes to global DNS via D-BUS interface are preserved. -+ * With this flag, the rollback reverts the global DNS changes made via D-Bus -+ * interface. Global DNS defined in [global-dns] section of -+ * NetworkManager.conf is not impacted by this flag. Since: 1.48. - * - * The flags for CheckpointCreate call - * -@@ -1003,6 +1008,7 @@ typedef enum /*< flags >*/ { - NM_CHECKPOINT_CREATE_FLAG_DISCONNECT_NEW_DEVICES = 0x04, - NM_CHECKPOINT_CREATE_FLAG_ALLOW_OVERLAPPING = 0x08, - NM_CHECKPOINT_CREATE_FLAG_NO_PRESERVE_EXTERNAL_PORTS = 0x10, -+ NM_CHECKPOINT_CREATE_FLAG_TRACK_INTERNAL_GLOBAL_DNS = 0x20, - } NMCheckpointCreateFlags; - - /** --- -2.44.0 - diff --git a/SOURCES/1002-cloud-setup-ensure-azure-places-primary-address-first-rhel-56387.patch b/SOURCES/1002-cloud-setup-ensure-azure-places-primary-address-first-rhel-56387.patch new file mode 100644 index 0000000..af46e00 --- /dev/null +++ b/SOURCES/1002-cloud-setup-ensure-azure-places-primary-address-first-rhel-56387.patch @@ -0,0 +1,140 @@ +From 7183fbf6f35572f9fb0c2eeef5c155a3b9c82a54 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=C3=8D=C3=B1igo=20Huguet?= +Date: Tue, 27 Aug 2024 12:08:16 +0200 +Subject: [PATCH] cloud-setup: azure: ensure that primary address is placed + first + +The primary address is that placed at position 0 of all the IP Addresses +of the interface. Sometimes we put it in a different position in the +ipv4s array because we insert them in the order we receive, but it might +happen that the HTTP responses comes back in wrong order. + +In order to solve this, we pass the index of the IPv4 address to the +callback and the address is added in the right position directly. + +Co-authored-by: Fernando Fernandez Mancera +(cherry picked from commit 72014db629cff33611ade58190d45a714efa1bbf) +(cherry picked from commit c976e212372da9683a1e2f8618e3bcfdf21d5e25) +--- + src/nm-cloud-setup/nmcs-provider-azure.c | 43 ++++++++++++++++-------- + 1 file changed, 29 insertions(+), 14 deletions(-) + +diff --git a/src/nm-cloud-setup/nmcs-provider-azure.c b/src/nm-cloud-setup/nmcs-provider-azure.c +index 771c43d9ad..78eda16cbb 100644 +--- a/src/nm-cloud-setup/nmcs-provider-azure.c ++++ b/src/nm-cloud-setup/nmcs-provider-azure.c +@@ -102,6 +102,11 @@ typedef struct { + guint n_iface_data_pending; + } AzureIfaceData; + ++typedef struct { ++ AzureIfaceData *iface_data; ++ guint64 ipaddress_idx; ++} AzureIpAddressReqData; ++ + static void + _azure_iface_data_destroy(AzureIfaceData *iface_data) + { +@@ -112,7 +117,8 @@ static void + _get_config_fetch_done_cb(NMHttpClient *http_client, + GAsyncResult *result, + AzureIfaceData *iface_data, +- GetConfigFetchType fetch_type) ++ GetConfigFetchType fetch_type, ++ guint64 ipaddress_idx) + { + NMCSProviderGetConfigTaskData *get_config_data; + NMCSProviderGetConfigIfaceData *iface_get_config; +@@ -149,9 +155,7 @@ _get_config_fetch_done_cb(NMHttpClient *http_client, + _LOGD("interface[%" G_GSSIZE_FORMAT "]: received address %s", + iface_data->intern_iface_idx, + nm_inet4_ntop(tmp_addr, tmp_addr_str)); +- iface_get_config->ipv4s_arr[iface_get_config->ipv4s_len] = tmp_addr; +- iface_get_config->has_ipv4s = TRUE; +- iface_get_config->ipv4s_len++; ++ iface_get_config->ipv4s_arr[ipaddress_idx] = tmp_addr; + break; + + case GET_CONFIG_FETCH_TYPE_IPV4_SUBNET_0_ADDRESS: +@@ -203,10 +207,14 @@ _get_config_fetch_done_cb_ipv4_ipaddress_x_privateipaddress(GObject *source + GAsyncResult *result, + gpointer user_data) + { ++ AzureIpAddressReqData *ipaddress_req_data = user_data; ++ + _get_config_fetch_done_cb(NM_HTTP_CLIENT(source), + result, +- user_data, +- GET_CONFIG_FETCH_TYPE_IPV4_IPADDRESS_X_PRIVATEIPADDRESS); ++ ipaddress_req_data->iface_data, ++ GET_CONFIG_FETCH_TYPE_IPV4_IPADDRESS_X_PRIVATEIPADDRESS, ++ ipaddress_req_data->ipaddress_idx); ++ g_free(ipaddress_req_data); + } + + static void +@@ -217,7 +225,8 @@ _get_config_fetch_done_cb_ipv4_subnet_0_address(GObject *source, + _get_config_fetch_done_cb(NM_HTTP_CLIENT(source), + result, + user_data, +- GET_CONFIG_FETCH_TYPE_IPV4_SUBNET_0_ADDRESS); ++ GET_CONFIG_FETCH_TYPE_IPV4_SUBNET_0_ADDRESS, ++ 0); + } + + static void +@@ -228,7 +237,8 @@ _get_config_fetch_done_cb_ipv4_subnet_0_prefix(GObject *source, + _get_config_fetch_done_cb(NM_HTTP_CLIENT(source), + result, + user_data, +- GET_CONFIG_FETCH_TYPE_IPV4_SUBNET_0_PREFIX); ++ GET_CONFIG_FETCH_TYPE_IPV4_SUBNET_0_PREFIX, ++ 0); + } + + static void +@@ -265,9 +275,10 @@ _get_config_ips_prefix_list_cb(GObject *source, GAsyncResult *result, gpointer u + nm_sprintf_buf(iface_idx_str, "%" G_GSSIZE_FORMAT, iface_data->intern_iface_idx); + + while (nm_utils_parse_next_line(&response_str, &response_len, &line, &line_len)) { +- gint64 ips_prefix_idx; +- gs_free char *uri = NULL; +- char buf[100]; ++ AzureIpAddressReqData *ipaddress_req_data; ++ gint64 ips_prefix_idx; ++ gs_free char *uri = NULL; ++ char buf[100]; + + if (line_len == 0) + continue; +@@ -284,8 +295,11 @@ _get_config_ips_prefix_list_cb(GObject *source, GAsyncResult *result, gpointer u + if (ips_prefix_idx < 0) + continue; + +- iface_data->n_iface_data_pending++; ++ ipaddress_req_data = g_new(AzureIpAddressReqData, 1); ++ ipaddress_req_data->iface_data = iface_data; ++ ipaddress_req_data->ipaddress_idx = ips_prefix_idx; + ++ iface_data->n_iface_data_pending++; + nm_http_client_poll_req( + NM_HTTP_CLIENT(source), + (uri = _azure_uri_interfaces(iface_idx_str, +@@ -302,11 +316,12 @@ _get_config_ips_prefix_list_cb(GObject *source, GAsyncResult *result, gpointer u + NULL, + NULL, + _get_config_fetch_done_cb_ipv4_ipaddress_x_privateipaddress, +- iface_data); ++ ipaddress_req_data); + } + +- iface_data->iface_get_config->ipv4s_len = 0; + iface_data->iface_get_config->ipv4s_arr = g_new(in_addr_t, iface_data->n_iface_data_pending); ++ iface_data->iface_get_config->has_ipv4s = TRUE; ++ iface_data->iface_get_config->ipv4s_len = iface_data->n_iface_data_pending; + + { + gs_free char *uri = NULL; +-- +2.46.0 + diff --git a/SOURCES/1003-do-not-allow-ovs-bridge-and-port-to-be-parent-rhel-28545.patch b/SOURCES/1003-do-not-allow-ovs-bridge-and-port-to-be-parent-rhel-28545.patch deleted file mode 100644 index 013905f..0000000 --- a/SOURCES/1003-do-not-allow-ovs-bridge-and-port-to-be-parent-rhel-28545.patch +++ /dev/null @@ -1,127 +0,0 @@ -From cf230074965216c94bb25bc3c3fff7f1d698c250 Mon Sep 17 00:00:00 2001 -From: Gris Ge -Date: Fri, 15 Mar 2024 15:46:02 +0800 -Subject: [PATCH] ovs: Do not allow OVS bridge and port to be parent - -When creating VLAN over OVS internal interface which holding the same -name as its controller OVS bridge, NetworkManager will fail with error: - - Error: Connection activation failed: br0.101 failed to create - resources: cannot retrieve ifindex of interface br0 (Open vSwitch - Bridge) - -Expanded the `find_device_by_iface()` with additional argument -`child: NmConnection *` which will validate whether candidate is -suitable to be parent device. - -In `nm_device_check_parent_connection_compatible()`, we only not allow OVS -bridge and OVS port being parent. - -Resolves: https://issues.redhat.com/browse/RHEL-26753 - -Signed-off-by: Gris Ge -(cherry picked from commit 7096f52a5967ef053a4cf8e5ca8a71c1495578f9) -(cherry picked from commit d3329f0599f5fdfc2ef9f2c1395b5eb7bcc3c2a5) ---- - src/core/devices/nm-device.c | 11 +++++++++++ - src/core/devices/nm-device.h | 1 + - src/core/nm-manager.c | 14 +++++++++----- - 3 files changed, 21 insertions(+), 5 deletions(-) - -diff --git a/src/core/devices/nm-device.c b/src/core/devices/nm-device.c -index 30c38ba990..78b0e618be 100644 ---- a/src/core/devices/nm-device.c -+++ b/src/core/devices/nm-device.c -@@ -9508,6 +9508,17 @@ nm_device_check_slave_connection_compatible(NMDevice *self, NMConnection *slave) - return nm_streq(connection_type, slave_type); - } - -+gboolean -+nm_device_can_be_parent(NMDevice *self) -+{ -+ NMDeviceType device_type = nm_device_get_device_type(self); -+ -+ if ((device_type == NM_DEVICE_TYPE_OVS_BRIDGE) || (device_type == NM_DEVICE_TYPE_OVS_PORT)) -+ return FALSE; -+ else -+ return TRUE; -+} -+ - /** - * nm_device_can_assume_connections: - * @self: #NMDevice instance -diff --git a/src/core/devices/nm-device.h b/src/core/devices/nm-device.h -index b096d23ac1..7353a3f327 100644 ---- a/src/core/devices/nm-device.h -+++ b/src/core/devices/nm-device.h -@@ -550,6 +550,7 @@ gboolean nm_device_check_connection_compatible(NMDevice *device, - GError **error); - - gboolean nm_device_check_slave_connection_compatible(NMDevice *device, NMConnection *connection); -+gboolean nm_device_can_be_parent(NMDevice *device); - - gboolean nm_device_can_assume_connections(NMDevice *self); - gboolean nm_device_unmanage_on_quit(NMDevice *self); -diff --git a/src/core/nm-manager.c b/src/core/nm-manager.c -index 6739e5599e..7f94f7cd9c 100644 ---- a/src/core/nm-manager.c -+++ b/src/core/nm-manager.c -@@ -1914,7 +1914,8 @@ find_device_by_ip_iface(NMManager *self, const char *iface) - * is given, this function will only return master devices and will ensure - * @slave, when activated, can be a slave of the returned master device. If - * @connection is given, this function will only consider devices that are -- * compatible with @connection. -+ * compatible with @connection. If @child is given, this function will only -+ * return parent device. - * - * Returns: the matching #NMDevice - */ -@@ -1922,7 +1923,8 @@ static NMDevice * - find_device_by_iface(NMManager *self, - const char *iface, - NMConnection *connection, -- NMConnection *slave) -+ NMConnection *slave, -+ NMConnection *child) - { - NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE(self); - NMDevice *fallback = NULL; -@@ -1941,6 +1943,8 @@ find_device_by_iface(NMManager *self, - if (!nm_device_check_slave_connection_compatible(candidate, slave)) - continue; - } -+ if (child && !nm_device_can_be_parent(candidate)) -+ continue; - - if (nm_device_is_real(candidate)) - return candidate; -@@ -2405,7 +2409,7 @@ find_parent_device_for_connection(NMManager *self, - NM_SET_OUT(out_parent_spec, parent_name); - - /* Try as an interface name of a parent device */ -- parent = find_device_by_iface(self, parent_name, NULL, NULL); -+ parent = find_device_by_iface(self, parent_name, NULL, NULL, connection); - if (parent) - return parent; - -@@ -5003,7 +5007,7 @@ find_master(NMManager *self, - } - - if (!master_connection) { -- master_device = find_device_by_iface(self, master, NULL, connection); -+ master_device = find_device_by_iface(self, master, NULL, connection, NULL); - if (!master_device) { - g_set_error(error, - NM_MANAGER_ERROR, -@@ -6445,7 +6449,7 @@ validate_activation_request(NMManager *self, - if (!iface) - return NULL; - -- device = find_device_by_iface(self, iface, connection, NULL); -+ device = find_device_by_iface(self, iface, connection, NULL, NULL); - if (!device) { - g_set_error_literal(error, - NM_MANAGER_ERROR, --- -2.44.0 - diff --git a/SOURCES/1003-only-validate-sriov-capability-when-enabled-rhel-58397.patch b/SOURCES/1003-only-validate-sriov-capability-when-enabled-rhel-58397.patch new file mode 100644 index 0000000..4a0a962 --- /dev/null +++ b/SOURCES/1003-only-validate-sriov-capability-when-enabled-rhel-58397.patch @@ -0,0 +1,74 @@ +From d9dd0aeff8ba2e1a0005c2e5751907c453927c5c Mon Sep 17 00:00:00 2001 +From: Gris Ge +Date: Mon, 21 Oct 2024 21:13:29 +0800 +Subject: [PATCH] sriov: only valid sriov capacity when enabled + +NetworkManager current code will refuse to activate a connection if its +interface has no SRIOV capacity but holding a empty SRIOV settings. + +This patch only valid SRIOV capacity when it is enabled(total_vfs > 0). + +Resolves: https://issues.redhat.com/browse/RHEL-58397 + +Signed-off-by: Gris Ge +(cherry picked from commit 421ccf8b4cb85c96db3bf1cb6a860e41a784c950) +(cherry picked from commit c9e31e70cbf62c65cec460dc198712a61351e9f4) +(cherry picked from commit 90a3b014683c3c98c9fb4bbe2add65510e7f1b31) +--- + src/core/devices/nm-device.c | 19 ++++++++++--------- + 1 file changed, 10 insertions(+), 9 deletions(-) + +diff --git a/src/core/devices/nm-device.c b/src/core/devices/nm-device.c +index 4780003a0a..e86c32a902 100644 +--- a/src/core/devices/nm-device.c ++++ b/src/core/devices/nm-device.c +@@ -9468,6 +9468,7 @@ check_connection_compatible(NMDevice *self, + NMSettingMatch *s_match; + const GSList *specs; + gboolean has_match = FALSE; ++ NMSettingSriov *s_sriov = NULL; + + klass = NM_DEVICE_GET_CLASS(self); + if (klass->connection_type_check_compatible) { +@@ -9485,12 +9486,14 @@ check_connection_compatible(NMDevice *self, + return FALSE; + } + +- if (!nm_device_has_capability(self, NM_DEVICE_CAP_SRIOV) +- && nm_connection_get_setting(connection, NM_TYPE_SETTING_SRIOV)) { +- nm_utils_error_set_literal(error, +- NM_UTILS_ERROR_CONNECTION_AVAILABLE_TEMPORARY, +- "device does not support SR-IOV"); +- return FALSE; ++ if (!nm_device_has_capability(self, NM_DEVICE_CAP_SRIOV)) { ++ s_sriov = (NMSettingSriov *) nm_connection_get_setting(connection, NM_TYPE_SETTING_SRIOV); ++ if (s_sriov && nm_setting_sriov_get_total_vfs(s_sriov)) { ++ nm_utils_error_set_literal(error, ++ NM_UTILS_ERROR_CONNECTION_AVAILABLE_TEMPORARY, ++ "device does not support SR-IOV"); ++ return FALSE; ++ } + } + + conn_iface = nm_manager_get_connection_iface(NM_MANAGER_GET, connection, NULL, NULL, &local); +@@ -10101,7 +10104,7 @@ activate_stage1_device_prepare(NMDevice *self) + s_sriov = nm_device_get_applied_setting(self, NM_TYPE_SETTING_SRIOV); + } + +- if (s_sriov) { ++ if (s_sriov && nm_device_has_capability(self, NM_DEVICE_CAP_SRIOV)) { + nm_auto_freev NMPlatformVF **plat_vfs = NULL; + gs_free_error GError *error = NULL; + NMSriovVF *vf; +@@ -10109,8 +10112,6 @@ activate_stage1_device_prepare(NMDevice *self) + guint num; + guint i; + +- nm_assert(nm_device_has_capability(self, NM_DEVICE_CAP_SRIOV)); +- + autoprobe = nm_setting_sriov_get_autoprobe_drivers(s_sriov); + if (autoprobe == NM_TERNARY_DEFAULT) { + autoprobe = nm_config_data_get_connection_default_int64( +-- +2.45.2 + diff --git a/SOURCES/1004-fix-bug-when-deactivating-port-connections-rhel-50747.patch b/SOURCES/1004-fix-bug-when-deactivating-port-connections-rhel-50747.patch new file mode 100644 index 0000000..7c5b319 --- /dev/null +++ b/SOURCES/1004-fix-bug-when-deactivating-port-connections-rhel-50747.patch @@ -0,0 +1,136 @@ +From 3b1181dc02172033d8e2bb7fd2336b2ea0355a87 Mon Sep 17 00:00:00 2001 +From: Beniamino Galvani +Date: Mon, 23 Sep 2024 17:28:03 +0200 +Subject: [PATCH] device: fix bug when deactivating port connections + asynchronously + +When the attach_port()/detach_port() methods do not return immediately +(currently, only for OVS ports), the following situation can arise: + + - nm_device_controller_attach_port() starts the attachment by sending + the command to ovsdb. Note that here we don't set + `PortInfo->port_is_attached` to TRUE yet; that happens only after + the asynchronous command returns; + + - the activation of the port gets interrupted because the connection + is deleted; + + - the port device enters the deactivating state, triggering function + port_state_changed() + + - the function calls nm_device_controller_release_port() which checks + whether the port is already attached; since + `PortInfo->port_is_attached` is not set yet, it assumes the port + doesn't need to be detached; + + - in the meantime, the ovsdb operation succeeds. As a consequence, + the kernel link is created even if the connection no longer exists. + +Fix this by turning `port_is_attached` into a tri-state variable that +also tracks when the port is attaching. When it is, we need to perform +an explicit detach during deactivation. + +Fixes: 9fcbc6b37dec ('device: make attach_port() asynchronous') + +https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2043 + +Resolves: https://issues.redhat.com/browse/RHEL-58026 +(cherry picked from commit a8329587c8bdd53e2bc4513a4e82529727cfa5ef) +(cherry picked from commit d809ca6db24b5145fcc1857b962afb7ae17d07a5) +(cherry picked from commit ca6ca684b21235f706b02cee42075f2ee3cb1795) +--- + src/core/devices/nm-device.c | 27 ++++++++++++++++++++++----- + 1 file changed, 22 insertions(+), 5 deletions(-) + +diff --git a/src/core/devices/nm-device.c b/src/core/devices/nm-device.c +index e86c32a902..f9a2e7e8fe 100644 +--- a/src/core/devices/nm-device.c ++++ b/src/core/devices/nm-device.c +@@ -126,12 +126,18 @@ typedef enum _nm_packed { + ADDR_METHOD_STATE_FAILED, + } AddrMethodState; + ++typedef enum { ++ PORT_STATE_NOT_ATTACHED, ++ PORT_STATE_ATTACHED, ++ PORT_STATE_ATTACHING, ++} PortState; ++ + typedef struct { + CList lst_port; + NMDevice *port; + GCancellable *cancellable; + gulong watch_id; +- bool port_is_attached; ++ PortState port_state; + bool configure; + } PortInfo; + +@@ -6693,7 +6699,7 @@ attach_port_done(NMDevice *self, NMDevice *port, gboolean success) + if (!info) + return; + +- info->port_is_attached = success; ++ info->port_state = (success ? PORT_STATE_ATTACHED : PORT_STATE_NOT_ATTACHED); + + nm_device_port_notify_attach_as_port(info->port, success); + +@@ -6756,7 +6762,7 @@ nm_device_controller_attach_port(NMDevice *self, NMDevice *port, NMConnection *c + if (!info) + return; + +- if (info->port_is_attached) ++ if (info->port_state == PORT_STATE_ATTACHED) + success = TRUE; + else { + configure = (info->configure && connection != NULL); +@@ -6765,6 +6771,7 @@ nm_device_controller_attach_port(NMDevice *self, NMDevice *port, NMConnection *c + + nm_clear_g_cancellable(&info->cancellable); + info->cancellable = g_cancellable_new(); ++ info->port_state = PORT_STATE_ATTACHING; + success = NM_DEVICE_GET_CLASS(self)->attach_port(self, + port, + connection, +@@ -6819,6 +6826,7 @@ nm_device_controller_release_port(NMDevice *self, + PortInfo *info; + gs_unref_object NMDevice *self_free = NULL; + gs_unref_object NMDevice *port_free = NULL; ++ const char *port_state_str; + + g_return_if_fail(NM_DEVICE(self)); + g_return_if_fail(NM_DEVICE(port)); +@@ -6830,11 +6838,20 @@ nm_device_controller_release_port(NMDevice *self, + + info = find_port_info(self, port); + ++ if (info->port_state == PORT_STATE_ATTACHED) ++ port_state_str = "(attached)"; ++ else if (info->port_state == PORT_STATE_NOT_ATTACHED) ++ port_state_str = "(not attached)"; ++ else { ++ nm_assert(info->port_state == PORT_STATE_ATTACHING); ++ port_state_str = "(attaching)"; ++ } ++ + _LOGT(LOGD_CORE, + "controller: release one port " NM_HASH_OBFUSCATE_PTR_FMT "/%s %s%s", + NM_HASH_OBFUSCATE_PTR(port), + nm_device_get_iface(port), +- !info ? "(not registered)" : (info->port_is_attached ? "(attached)" : "(not attached)"), ++ !info ? "(not registered)" : port_state_str, + release_type == RELEASE_PORT_TYPE_CONFIG_FORCE + ? " (force-configure)" + : (release_type == RELEASE_PORT_TYPE_CONFIG ? " (configure)" : "(no-config)")); +@@ -6850,7 +6867,7 @@ nm_device_controller_release_port(NMDevice *self, + nm_clear_g_cancellable(&info->cancellable); + + /* first, let subclasses handle the release ... */ +- if (info->port_is_attached || nm_device_sys_iface_state_is_external(port) ++ if (info->port_state != PORT_STATE_NOT_ATTACHED || nm_device_sys_iface_state_is_external(port) + || release_type >= RELEASE_PORT_TYPE_CONFIG_FORCE) { + NMTernary ret; + +-- +2.45.2 + diff --git a/SOURCES/1004-nm-dispatcher-fix-crash-rhel28973.patch b/SOURCES/1004-nm-dispatcher-fix-crash-rhel28973.patch deleted file mode 100644 index 87f0d68..0000000 --- a/SOURCES/1004-nm-dispatcher-fix-crash-rhel28973.patch +++ /dev/null @@ -1,50 +0,0 @@ -From e4fb80046cf36a7e210e8660ef50c93ef8971a5e Mon Sep 17 00:00:00 2001 -From: Beniamino Galvani -Date: Wed, 13 Mar 2024 10:47:31 +0100 -Subject: [PATCH 1/2] nm-dispatcher: fix crash when parsing output dictionary - -'stdout' is NULL when the script didn't write anything or failed. - -Fixes the following crash detected by NMCI in test -'dispatcher_device_handler_dummy'. - - nm-dispatcher[936339]: g_strsplit: assertion 'string != NULL' failed - - build_result_options (nm-dispatcher) - complete_request (nm-dispatcher) - complete_script (nm-dispatcher) - script_watch_cb (nm-dispatcher) - g_child_watch_dispatch (libglib-2.0.so.0) - g_main_dispatch (libglib-2.0.so.0) - g_main_context_iterate (libglib-2.0.so.0) - g_main_context_iteration (libglib-2.0.so.0) - main (nm-dispatcher) - __libc_start_main (libc.so.6) - _start (nm-dispatcher) - -Fixes: d72f26b87528 ('dispatcher: read device-handler's stdout into a dictionary') - -https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1889 -(cherry picked from commit e5c2c5f1c2f55c139f39830651df2c901c3a0bf9) -(cherry picked from commit 669bf33de38a8a15e77662daadf94d6395838eee) ---- - src/nm-dispatcher/nm-dispatcher.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/nm-dispatcher/nm-dispatcher.c b/src/nm-dispatcher/nm-dispatcher.c -index efb4ec0087..ce252b92bf 100644 ---- a/src/nm-dispatcher/nm-dispatcher.c -+++ b/src/nm-dispatcher/nm-dispatcher.c -@@ -306,6 +306,9 @@ build_result_options(char *stdout) - char *key; - char *value; - -+ if (!stdout) -+ return NULL; -+ - lines = g_strsplit(stdout, "\n", 65); - - for (i = 0; lines[i] && i < 64; i++) { --- -2.41.0 - diff --git a/SOURCES/1005-fix-race-condition-while-enumerating-devices-rhel25808.patch b/SOURCES/1005-fix-race-condition-while-enumerating-devices-rhel25808.patch deleted file mode 100644 index 48d6cc5..0000000 --- a/SOURCES/1005-fix-race-condition-while-enumerating-devices-rhel25808.patch +++ /dev/null @@ -1,66 +0,0 @@ -From 8ff08068342d1d8efe1e6d6c9a241e3395641a76 Mon Sep 17 00:00:00 2001 -From: Beniamino Galvani -Date: Thu, 21 Mar 2024 09:45:15 +0100 -Subject: [PATCH 2/2] manager: fix race condition while enumerating devices at - startup - -While enumerating devices at startup, we take a snapshot of existing -links from platform and we start creating device instances for -them. It's possible that in the meantime, while processing netlink -events in platform_link_added(), a link gets renamed. If that happens, -then we have two different views of the same ifindex: the cached link -from `links` and the link in platform. - -This can cause issues: in platform_link_added() we create the device -with the cached name; then in NMDevice's constructor(), we look up -from platform the ifindex for the given name. Because of the rename, -this lookup can match a newly created, different link. - -The end result is that the ifindex from the initial snapshot doesn't -get a NMDevice and is not handled by NetworkManager. - -Fix this problem by fetching the latest version of the link from -platform to make sure we have a consistent view of the state. - -https://issues.redhat.com/browse/RHEL-25808 -https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1897 -(cherry picked from commit de130df3e2207dc015c4fa82ecf766be2851532c) -(cherry picked from commit 6f3739e76f1f31d71bc3fbd7a4b0955071d59cc4) ---- - src/core/nm-manager.c | 17 ++++++++++++++++- - 1 file changed, 16 insertions(+), 1 deletion(-) - -diff --git a/src/core/nm-manager.c b/src/core/nm-manager.c -index 7f94f7cd9c..a77ba9d3b1 100644 ---- a/src/core/nm-manager.c -+++ b/src/core/nm-manager.c -@@ -4438,10 +4438,25 @@ platform_query_devices(NMManager *self) - links = nm_platform_link_get_all(priv->platform); - if (!links) - return; -+ - for (i = 0; i < links->len; i++) { -- const NMPlatformLink *link = NMP_OBJECT_CAST_LINK(links->pdata[i]); -+ const NMPlatformLink *elem = NMP_OBJECT_CAST_LINK(links->pdata[i]); -+ const NMPlatformLink *link; - const NMConfigDeviceStateData *dev_state; - -+ /* -+ * @links is an immutable snapshot of the platform links captured before -+ * the loop was started. It's possible that in the meantime, while -+ * processing netlink events in platform_link_added(), a link was -+ * renamed. If that happens, we have 2 different views of the same -+ * ifindex: the one from @links and the one from platform. This can -+ * cause race conditions; make sure to use the latest known version of -+ * the link. -+ */ -+ link = nm_platform_link_get(priv->platform, elem->ifindex); -+ if (!link) -+ continue; -+ - dev_state = nm_config_device_state_get(priv->config, link->ifindex); - platform_link_added(self, - link->ifindex, --- -2.41.0 - diff --git a/SOURCES/1005-fix-validation-of-ovs-dpdk-interface-name-rhel-60022.patch b/SOURCES/1005-fix-validation-of-ovs-dpdk-interface-name-rhel-60022.patch new file mode 100644 index 0000000..34a5b77 --- /dev/null +++ b/SOURCES/1005-fix-validation-of-ovs-dpdk-interface-name-rhel-60022.patch @@ -0,0 +1,57 @@ +From fd2768da4c3f966a215f01f09f8b5d7d534d0193 Mon Sep 17 00:00:00 2001 +From: Beniamino Galvani +Date: Tue, 24 Sep 2024 16:25:03 +0200 +Subject: [PATCH] libnm-core: fix validation of ovs-dpdk interface name + +An ovs-dpdk interface doesn't have a kernel link and doesn't have the +15-character limit on the name. + +Fixes: 3efe070dfc7a ('libnm: validate "connection.interface-name" at one place only') + +Resolves: https://issues.redhat.com/browse/RHEL-60233 + +https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2044 +(cherry picked from commit fda05b0af085d9f7e4cc5691075dae63e7bf02a6) +(cherry picked from commit f6e4e537757a414cc896bc1b402da8c9c9e32eaa) +(cherry picked from commit c7035db5b43beff7ad7e91685ff17982a540d8e2) +--- + src/libnm-core-impl/nm-setting-connection.c | 4 ++-- + src/libnm-core-impl/tests/test-general.c | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/libnm-core-impl/nm-setting-connection.c b/src/libnm-core-impl/nm-setting-connection.c +index b51cd46bdd..3298dce60a 100644 +--- a/src/libnm-core-impl/nm-setting-connection.c ++++ b/src/libnm-core-impl/nm-setting-connection.c +@@ -1379,13 +1379,13 @@ verify(NMSetting *setting, NMConnection *connection, GError **error) + if (connection) + goto after_interface_name; + iface_type = NMU_IFACE_ANY; +- } else if (NM_IN_STRSET(ovs_iface_type, "patch")) { ++ } else if (NM_IN_STRSET(ovs_iface_type, "patch", "dpdk")) { + /* this interface type is internal to OVS. */ + iface_type = NMU_IFACE_OVS; + } else { + /* This interface type also requires a netdev. We need to validate + * for both OVS and KERNEL. */ +- nm_assert(NM_IN_STRSET(ovs_iface_type, "internal", "system", "dpdk")); ++ nm_assert(NM_IN_STRSET(ovs_iface_type, "internal", "system")); + iface_type = NMU_IFACE_OVS_AND_KERNEL; + } + } else +diff --git a/src/libnm-core-impl/tests/test-general.c b/src/libnm-core-impl/tests/test-general.c +index 0a39010c11..8d4ea069c5 100644 +--- a/src/libnm-core-impl/tests/test-general.c ++++ b/src/libnm-core-impl/tests/test-general.c +@@ -10832,7 +10832,7 @@ test_connection_ovs_ifname(gconstpointer test_data) + /* good if bridge, port, or patch interface */ + g_object_set(s_con, NM_SETTING_CONNECTION_INTERFACE_NAME, "ovs123123123123130123123", NULL); + +- if (!ovs_iface_type || nm_streq(ovs_iface_type, "patch")) ++ if (!ovs_iface_type || NM_IN_STRSET(ovs_iface_type, "patch", "dpdk")) + nmtst_assert_connection_verifies(con); + else { + nmtst_assert_connection_unnormalizable(con, +-- +2.45.2 + diff --git a/SOURCES/1006-fix-lldp-for-ovs-bridge-ports-rhel31766.patch b/SOURCES/1006-fix-lldp-for-ovs-bridge-ports-rhel31766.patch deleted file mode 100644 index 914288c..0000000 --- a/SOURCES/1006-fix-lldp-for-ovs-bridge-ports-rhel31766.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 6394c2b262d86824a41ca82ad76288c06bfd1989 Mon Sep 17 00:00:00 2001 -From: Fernando Fernandez Mancera -Date: Tue, 26 Mar 2024 12:53:27 +0100 -Subject: [PATCH] libnm-lldp: use ETH_P_ALL instead of NM_ETHERTYPE_LLDP for - the socket - -When creating the socket for listening to LLDP frames we are setting -NM_ETHERTYPE_LLDP (0x88cc) as protocol. In most of the cases, that is -correct but when the interface is attached as a port to a OVS bridge, -kernel is not matching the protocol correctly. The reason might be that -some metadata is added to the packet, but we are not completely sure -about it. - -Instead, we should use ETH_P_ALL to match all the protocols. Later, we -have a eBPF filter to drop the packet by multicast MAC address or -protocol. This is how lldpd is doing it for example. - -https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1903 -(cherry picked from commit 9ac1d6e22bfac7f576dec034a26ac7c9012e5b80) -(cherry picked from commit 2fac176986f3afaa84242e069613cc543bfcc58c) ---- - src/libnm-lldp/nm-lldp-network.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/libnm-lldp/nm-lldp-network.c b/src/libnm-lldp/nm-lldp-network.c -index 811c3a7291..28cc745249 100644 ---- a/src/libnm-lldp/nm-lldp-network.c -+++ b/src/libnm-lldp/nm-lldp-network.c -@@ -46,7 +46,7 @@ nm_lldp_network_bind_raw_socket(int ifindex) - - assert(ifindex > 0); - -- fd = socket(AF_PACKET, SOCK_RAW | SOCK_CLOEXEC | SOCK_NONBLOCK, htobe16(NM_ETHERTYPE_LLDP)); -+ fd = socket(AF_PACKET, SOCK_RAW | SOCK_CLOEXEC | SOCK_NONBLOCK, htobe16(ETH_P_ALL)); - if (fd < 0) - return -errno; - --- -2.44.0 - diff --git a/SOURCES/1007-platform-avoid-routes-resync-rhel36162.patch b/SOURCES/1007-platform-avoid-routes-resync-rhel36162.patch deleted file mode 100644 index 91ebcc4..0000000 --- a/SOURCES/1007-platform-avoid-routes-resync-rhel36162.patch +++ /dev/null @@ -1,210 +0,0 @@ -From ed5cbbc5847527ed0cfc33f521f7c724975c846b Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?=C3=8D=C3=B1igo=20Huguet?= -Date: Tue, 30 Apr 2024 12:45:04 +0200 -Subject: [PATCH] platform: avoid routes resync for routes that we don't track - -When we recibe a Netlink message with a "route change" event, normally -we just ignore it if it's a route that we don't track (i.e. because of -the route protocol). - -However, it's not that easy if it has the NLM_F_REPLACE flag because -that means that it might be replacing another route. If the kernel has -similar routes which are candidates for the replacement, it's hard for -NM to guess which one of those is being replaced (as the kernel doesn't -have a "route ID" or similar field to indicate it). Moreover, the kernel -might choose to replace a route that we don't have on cache, so we know -nothing about it. - -It is important to note that we cannot just discard Netlink messages of -routes that we don't track if they has the NLM_F_REPLACE. For example, -if we are tracking a route with proto=static, we might receive a replace -message, changing that route to proto=other_proto_that_we_dont_track. We -need to process that message and remove the route from our cache. - -As NM doesn't know what route is being replaced, trying to guess will -lead to errors that will leave the cache in an inconsistent state. -Because of that, it just do a cache resync for the routes. - -For IPv4 there was an optimization to this: if we don't have in the -cache any route candidate for the replacement there are only 2 possible -options: either add the new route to the cache or discard it if we are -not interested on it. We don't need a resync for that. - -This commit is extending that optimization to IPv6 routes. There is no -reason why it shouldn't work in the same way than with IPv4. This -optimization will only work well as long as we find potential candidate -routes in the same way than the kernel (comparing the same fields). NM -calls to this "comparing by WEAK_ID". But this can also happen with IPv4 -routes. - -It is worth it to enable this optimization because there are routing -daemons using custom routing protocols that makes tens or hundreds of -updates per second. If they use NLM_F_REPLACE, this caused NM to do a -resync hundreds of times per second leading to a 100% CPU usage: -https://issues.redhat.com/browse/RHEL-26195 - -An additional but smaller optimization is done in this commit: if we -receive a route message for routes that we don't track AND doesn't have -the NLM_F_REPLACE flag, we can ignore the entire message, thus avoiding -the memory allocation of the nmp_object. That nmp_object was going to be -ignored later, anyway, so better to avoid these allocations that, with -the routing daemon of the above's example, can happen hundreds of times -per second. - -With this changes, the CPU usage doing `ip route replace` 300 times/s -drops from 100% to 1%. Doing `ip route replace` as fast as possible, -without any rate limitting, still keeps NM with a 3% CPU usage in the -system that I have used to test. - -(cherry picked from commit 4d426f581de402e0aebd2ab273ff6649a0a6fee6) -(cherry picked from commit 15ffa8ec6ff7bf43ed1eb123c0d419d6fab8b268) ---- - src/libnm-platform/nm-linux-platform.c | 69 ++++++++++++++++---------- - src/libnm-platform/nmp-object.c | 22 +++++--- - 2 files changed, 57 insertions(+), 34 deletions(-) - -diff --git a/src/libnm-platform/nm-linux-platform.c b/src/libnm-platform/nm-linux-platform.c -index 9ecac2d9b3..5b595a9b71 100644 ---- a/src/libnm-platform/nm-linux-platform.c -+++ b/src/libnm-platform/nm-linux-platform.c -@@ -3903,6 +3903,34 @@ _new_from_nl_addr(const struct nlmsghdr *nlh, gboolean id_only) - return g_steal_pointer(&obj); - } - -+static gboolean -+ip_route_is_tracked(guint8 proto, guint8 type) -+{ -+ if (proto > RTPROT_STATIC && !NM_IN_SET(proto, RTPROT_DHCP, RTPROT_RA)) { -+ /* We ignore certain rtm_protocol, because NetworkManager would only ever -+ * configure certain protocols. Other routes are not configured by NetworkManager -+ * and we don't track them in the platform cache. -+ * -+ * This is to help with the performance overhead of a huge number of -+ * routes, for example with the bird BGP software, that adds routes -+ * with RTPROT_BIRD protocol. */ -+ return FALSE; -+ } -+ -+ if (!NM_IN_SET(type, -+ RTN_UNICAST, -+ RTN_LOCAL, -+ RTN_BLACKHOLE, -+ RTN_UNREACHABLE, -+ RTN_PROHIBIT, -+ RTN_THROW)) { -+ /* Certain route types are ignored and not placed into the cache. */ -+ return FALSE; -+ } -+ -+ return TRUE; -+} -+ - /* Copied and heavily modified from libnl3's rtnl_route_parse() and parse_multipath(). */ - static NMPObject * - _new_from_nl_route(const struct nlmsghdr *nlh, gboolean id_only, ParseNlmsgIter *parse_nlmsg_iter) -@@ -3963,6 +3991,16 @@ _new_from_nl_route(const struct nlmsghdr *nlh, gboolean id_only, ParseNlmsgIter - * only handle ~supported~ routes. - *****************************************************************/ - -+ /* If it's a route that we don't need to track, abort here to avoid unnecessary -+ * memory allocations to create the nmp_object. However, if the message has the -+ * NLM_F_REPLACE flag, it might be replacing a route that we were tracking so we -+ * have to stop tracking it. That means that we have to process all messages with -+ * NLM_F_REPLACE. See nmp_cache_update_netlink_route(). -+ */ -+ if (!ip_route_is_tracked(rtm->rtm_protocol, rtm->rtm_type) -+ && !(nlh->nlmsg_flags & NLM_F_REPLACE)) -+ return NULL; -+ - addr_family = rtm->rtm_family; - - if (addr_family == AF_INET) -@@ -5519,39 +5557,18 @@ ip_route_get_lock_flag(const NMPlatformIPRoute *route) - static gboolean - ip_route_is_alive(const NMPlatformIPRoute *route) - { -- guint8 prot; -+ guint8 proto, type; - - nm_assert(route); - nm_assert(route->rt_source >= NM_IP_CONFIG_SOURCE_RTPROT_UNSPEC - && route->rt_source <= _NM_IP_CONFIG_SOURCE_RTPROT_LAST); - -- prot = route->rt_source - 1; -- -- nm_assert(nmp_utils_ip_config_source_from_rtprot(prot) == route->rt_source); -- -- if (prot > RTPROT_STATIC && !NM_IN_SET(prot, RTPROT_DHCP, RTPROT_RA)) { -- /* We ignore certain rtm_protocol, because NetworkManager would only ever -- * configure certain protocols. Other routes are not configured by NetworkManager -- * and we don't track them in the platform cache. -- * -- * This is to help with the performance overhead of a huge number of -- * routes, for example with the bird BGP software, that adds routes -- * with RTPROT_BIRD protocol. */ -- return FALSE; -- } -+ proto = route->rt_source - 1; -+ type = nm_platform_route_type_uncoerce(route->type_coerced); - -- if (!NM_IN_SET(nm_platform_route_type_uncoerce(route->type_coerced), -- RTN_UNICAST, -- RTN_LOCAL, -- RTN_BLACKHOLE, -- RTN_UNREACHABLE, -- RTN_PROHIBIT, -- RTN_THROW)) { -- /* Certain route types are ignored and not placed into the cache. */ -- return FALSE; -- } -+ nm_assert(nmp_utils_ip_config_source_from_rtprot(proto) == route->rt_source); - -- return TRUE; -+ return ip_route_is_tracked(proto, type); - } - - /* Copied and modified from libnl3's build_route_msg() and rtnl_route_build_msg(). */ -diff --git a/src/libnm-platform/nmp-object.c b/src/libnm-platform/nmp-object.c -index 4090da71a3..cb4e9764d1 100644 ---- a/src/libnm-platform/nmp-object.c -+++ b/src/libnm-platform/nmp-object.c -@@ -2988,6 +2988,13 @@ nmp_cache_update_netlink_route(NMPCache *cache, - * Since we don't cache all routes (see "route_is_alive"), we cannot know - * with certainty which route was replaced. - * -+ * For example, the kernel might have 3 similar routes (same WEAK_ID), one -+ * of which is not tracked by us so we don't have it into the cache. If we -+ * receive a route replace message, we don't know to what of the 3 routes -+ * it affects (one of the 3 we don't even know that exists). Moreover, if -+ * we only have one route on cache, we don't know if the replace is for a -+ * different one that we don't track. -+ * - * Even if we would cache *all* routes (which we cannot, if kernel adds new - * routing features that modify the known nmp_object_id_equal()), it would - * be hard to find the right route that was replaced. Well, probably we -@@ -3002,15 +3009,14 @@ nmp_cache_update_netlink_route(NMPCache *cache, - * [2] https://bugzilla.redhat.com/show_bug.cgi?id=1337860 - * - * We need to resync. -+ * -+ * However, a resync is expensive. Think of a routing daemon that updates -+ * hundreds of routes per second, the performance penalty is huge. We can -+ * optimize it: if we don't have any matching route on cache (by WEAK_ID), -+ * we don't have anything to replace and we don't need a full resync, but -+ * only to add or discard the new route as usual. - */ -- if (NMP_OBJECT_GET_TYPE(obj_hand_over) == NMP_OBJECT_TYPE_IP4_ROUTE -- && !nmp_cache_lookup_all(cache, NMP_CACHE_ID_TYPE_ROUTES_BY_WEAK_ID, obj_hand_over)) { -- /* For IPv4, we can do a small optimization. We skip the resync, if we have -- * no conflicting routes (by weak-id). -- * -- * This optimization does not work for IPv6 (maybe should be fixed). -- */ -- } else { -+ if (nmp_cache_lookup_all(cache, NMP_CACHE_ID_TYPE_ROUTES_BY_WEAK_ID, obj_hand_over)) { - entry_replace = NULL; - resync_required = TRUE; - goto out; --- -2.44.0 - diff --git a/SOURCES/1008-checkpoint-preserve-in-memory-state-rhel32493.patch b/SOURCES/1008-checkpoint-preserve-in-memory-state-rhel32493.patch deleted file mode 100644 index e61ee26..0000000 --- a/SOURCES/1008-checkpoint-preserve-in-memory-state-rhel32493.patch +++ /dev/null @@ -1,487 +0,0 @@ -From d6837f0bd30da069d327099cb555854630cd4584 Mon Sep 17 00:00:00 2001 -From: Beniamino Galvani -Date: Thu, 2 May 2024 16:40:26 +0200 -Subject: [PATCH 1/2] settings: add - nm_settings_connection_persist_mode_to_string() - -(cherry picked from commit a48b7fe7b9d8adf4902c7b3cfcc4d89bc46cbbef) -(cherry picked from commit e5837aa1d3960b743adcff0a5041445ccd65fb93) ---- - src/core/settings/nm-settings-connection.c | 23 ++++++++++++++++++++++ - src/core/settings/nm-settings-connection.h | 4 ++++ - 2 files changed, 27 insertions(+) - -diff --git a/src/core/settings/nm-settings-connection.c b/src/core/settings/nm-settings-connection.c -index 176cc2c252..459c60ad1e 100644 ---- a/src/core/settings/nm-settings-connection.c -+++ b/src/core/settings/nm-settings-connection.c -@@ -226,6 +226,29 @@ static guint _get_seen_bssids(NMSettingsConnection *self, - - /*****************************************************************************/ - -+char * -+nm_settings_connection_persist_mode_to_string(NMSettingsConnectionPersistMode mode) -+{ -+ switch (mode) { -+ case NM_SETTINGS_CONNECTION_PERSIST_MODE_IN_MEMORY: -+ return "in-memory"; -+ case NM_SETTINGS_CONNECTION_PERSIST_MODE_IN_MEMORY_DETACHED: -+ return "in-memory-detached"; -+ case NM_SETTINGS_CONNECTION_PERSIST_MODE_IN_MEMORY_ONLY: -+ return "in-memory-only"; -+ case NM_SETTINGS_CONNECTION_PERSIST_MODE_KEEP: -+ return "keep"; -+ case NM_SETTINGS_CONNECTION_PERSIST_MODE_NO_PERSIST: -+ return "no-persist"; -+ case NM_SETTINGS_CONNECTION_PERSIST_MODE_TO_DISK: -+ return "to-disk"; -+ } -+ -+ return nm_assert_unreachable_val(NULL); -+} -+ -+/*****************************************************************************/ -+ - NMSettings * - nm_settings_connection_get_settings(NMSettingsConnection *self) - { -diff --git a/src/core/settings/nm-settings-connection.h b/src/core/settings/nm-settings-connection.h -index 835a978e40..d15a75b749 100644 ---- a/src/core/settings/nm-settings-connection.h -+++ b/src/core/settings/nm-settings-connection.h -@@ -379,4 +379,8 @@ void _nm_settings_connection_emit_signal_updated_internal( - - void _nm_settings_connection_cleanup_after_remove(NMSettingsConnection *self); - -+/*****************************************************************************/ -+ -+char *nm_settings_connection_persist_mode_to_string(NMSettingsConnectionPersistMode mode); -+ - #endif /* __NETWORKMANAGER_SETTINGS_CONNECTION_H__ */ --- -2.41.0 - -From c6f9d0a6d5c864ba0141b6e985727cd69c5560fa Mon Sep 17 00:00:00 2001 -From: Beniamino Galvani -Date: Mon, 15 Apr 2024 10:51:24 +0200 -Subject: [PATCH 2/2] checkpoint: preserve in-memory state of connections - -If a connection is in-memory (i.e. has flag "unsaved"), after a -checkpoint and rollback it can be wrongly persisted to disk: - - - if the connection was modified and written to disk after the - rollback, during the rollback we update it again with persist mode - "keep", which keeps it on disk; - - - if the connection was deleted after the rollback, during the - rollback we add it again with persist mode "to-disk". - -Instead, remember whether the connection had the "unsaved" flag set -and try to restore the previous state. - -However, this is not straightforward as there are 4 different possible -states for the settings connection: persistent; in-memory only; -in-memory shadowing a persistent file; in-memory shadowing a detached -persistent file (i.e. the deletion of the connection doesn't delete -the persistent file). Handle all those cases. - -Fixes: 3e09aed2a09f ('checkpoint: add create, rollback and destroy D-Bus API') -(cherry picked from commit c979bfeb8b0d3bed19bac2ad01a6a6ed899f924e) -(cherry picked from commit ebf25794d9cd89190775ac401c36d63aa1c108f7) ---- - NEWS | 8 ++ - src/core/nm-checkpoint.c | 242 ++++++++++++++++++++++++++++++++------- - 2 files changed, 211 insertions(+), 39 deletions(-) - -diff --git a/NEWS b/NEWS -index 6ac3118db9..e33152c6f4 100644 ---- a/NEWS -+++ b/NEWS -@@ -1,3 +1,11 @@ -+=============================================== -+NetworkManager-1.46.2 -+Overview of changes since NetworkManager-1.46.0 -+=============================================== -+ -+* Properly restore in-memory connection profiles during the rollback -+ of a checkpoint. -+ - ============================================= - NetworkManager-1.46 - Overview of changes since NetworkManager-1.44 -diff --git a/src/core/nm-checkpoint.c b/src/core/nm-checkpoint.c -index cc5c189bf9..ffcf6e3aad 100644 ---- a/src/core/nm-checkpoint.c -+++ b/src/core/nm-checkpoint.c -@@ -10,6 +10,7 @@ - #include "nm-active-connection.h" - #include "nm-act-request.h" - #include "libnm-core-aux-intern/nm-auth-subject.h" -+#include "libnm-core-intern/nm-keyfile-internal.h" - #include "nm-core-utils.h" - #include "nm-dbus-interface.h" - #include "devices/nm-device.h" -@@ -17,6 +18,7 @@ - #include "nm-manager.h" - #include "settings/nm-settings.h" - #include "settings/nm-settings-connection.h" -+#include "settings/plugins/keyfile/nms-keyfile-storage.h" - #include "nm-simple-connection.h" - #include "nm-utils.h" - -@@ -29,11 +31,14 @@ typedef struct { - NMDevice *device; - NMConnection *applied_connection; - NMConnection *settings_connection; -+ NMConnection *settings_connection_shadowed; - guint64 ac_version_id; - NMDeviceState state; - bool is_software : 1; - bool realized : 1; - bool activation_lifetime_bound_to_profile_visibility : 1; -+ bool settings_connection_is_unsaved : 1; -+ bool settings_connection_is_shadowed_owned : 1; - NMUnmanFlagOp unmanaged_explicit; - NMActivationReason activation_reason; - gulong dev_exported_change_id; -@@ -150,37 +155,111 @@ nm_checkpoint_includes_devices_of(NMCheckpoint *self, NMCheckpoint *cp_for_devic - return NULL; - } - -+static NMConnection * -+parse_connection_from_shadowed_file(const char *path, GError **error) -+{ -+ nm_auto_unref_keyfile GKeyFile *keyfile = NULL; -+ gs_free char *base_dir = NULL; -+ char *sep; -+ -+ keyfile = g_key_file_new(); -+ if (!g_key_file_load_from_file(keyfile, path, G_KEY_FILE_NONE, error)) -+ return NULL; -+ -+ sep = strrchr(path, '/'); -+ base_dir = g_strndup(path, sep - path); -+ -+ return nm_keyfile_read(keyfile, base_dir, NM_KEYFILE_HANDLER_FLAGS_NONE, NULL, NULL, error); -+} -+ - static NMSettingsConnection * --find_settings_connection(NMCheckpoint *self, -- DeviceCheckpoint *dev_checkpoint, -- gboolean *need_update, -- gboolean *need_activation) -+find_settings_connection(NMCheckpoint *self, -+ DeviceCheckpoint *dev_checkpoint, -+ gboolean *need_update, -+ gboolean *need_update_shadowed, -+ gboolean *need_activation, -+ NMSettingsConnectionPersistMode *persist_mode) - { - NMCheckpointPrivate *priv = NM_CHECKPOINT_GET_PRIVATE(self); - NMActiveConnection *active; - NMSettingsConnection *sett_conn; -+ const char *shadowed_file; -+ NMConnection *shadowed_connection = NULL; - const char *uuid, *ac_uuid; - const CList *tmp_clist; -- -- *need_activation = FALSE; -- *need_update = FALSE; -+ gboolean sett_conn_unsaved; -+ NMSettingsStorage *storage; -+ -+ *need_activation = FALSE; -+ *need_update = FALSE; -+ *need_update_shadowed = FALSE; -+ -+ /* With regard to storage, there are 4 different possible states for the settings -+ * connection: 1) persistent; 2) in-memory only; 3) in-memory shadowing a persistent -+ * file; 4) in-memory shadowing a detached persistent file (i.e. the deletion of -+ * the connection doesn't delete the persistent file). -+ */ -+ if (dev_checkpoint->settings_connection_is_unsaved) { -+ if (dev_checkpoint->settings_connection_shadowed) { -+ if (dev_checkpoint->settings_connection_is_shadowed_owned) -+ *persist_mode = NM_SETTINGS_CONNECTION_PERSIST_MODE_IN_MEMORY; -+ else -+ *persist_mode = NM_SETTINGS_CONNECTION_PERSIST_MODE_IN_MEMORY_DETACHED; -+ } else -+ *persist_mode = NM_SETTINGS_CONNECTION_PERSIST_MODE_IN_MEMORY_ONLY; -+ } else { -+ *persist_mode = NM_SETTINGS_CONNECTION_PERSIST_MODE_TO_DISK; -+ } - - uuid = nm_connection_get_uuid(dev_checkpoint->settings_connection); - sett_conn = nm_settings_get_connection_by_uuid(NM_SETTINGS_GET, uuid); - -- if (!sett_conn) -- return NULL; -- -- /* Now check if the connection changed, ... */ -- if (!nm_connection_compare(dev_checkpoint->settings_connection, -- nm_settings_connection_get_connection(sett_conn), -- NM_SETTING_COMPARE_FLAG_EXACT)) { -+ /* Check if the connection changed */ -+ if (sett_conn -+ && !nm_connection_compare(dev_checkpoint->settings_connection, -+ nm_settings_connection_get_connection(sett_conn), -+ NM_SETTING_COMPARE_FLAG_IGNORE_TIMESTAMP)) { - _LOGT("rollback: settings connection %s changed", uuid); - *need_update = TRUE; - *need_activation = TRUE; - } - -- /* ... is active, ... */ -+ storage = sett_conn ? nm_settings_connection_get_storage(sett_conn) : NULL; -+ shadowed_file = storage ? nm_settings_storage_get_shadowed_storage(storage, NULL) : NULL; -+ shadowed_connection = -+ shadowed_file ? parse_connection_from_shadowed_file(shadowed_file, NULL) : NULL; -+ -+ if (dev_checkpoint->settings_connection_shadowed) { -+ if (!shadowed_connection -+ || !nm_connection_compare(dev_checkpoint->settings_connection_shadowed, -+ shadowed_connection, -+ NM_SETTING_COMPARE_FLAG_IGNORE_TIMESTAMP)) { -+ _LOGT("rollback: shadowed connection changed for %s", uuid); -+ *need_update_shadowed = TRUE; -+ *need_update = TRUE; -+ } -+ } else { -+ if (shadowed_connection) { -+ _LOGT("rollback: shadowed connection changed for %s", uuid); -+ *need_update = TRUE; -+ } -+ } -+ -+ if (!sett_conn) -+ return NULL; -+ -+ /* Check if the connection unsaved flag changed */ -+ sett_conn_unsaved = NM_FLAGS_HAS(nm_settings_connection_get_flags(sett_conn), -+ NM_SETTINGS_CONNECTION_INT_FLAGS_UNSAVED); -+ if (sett_conn_unsaved != dev_checkpoint->settings_connection_is_unsaved) { -+ _LOGT("rollback: storage changed for settings connection %s: unsaved (%d -> %d)", -+ uuid, -+ dev_checkpoint->settings_connection_is_unsaved, -+ sett_conn_unsaved); -+ *need_update = TRUE; -+ } -+ -+ /* Check if the active state changed */ - nm_manager_for_each_active_connection (priv->manager, active, tmp_clist) { - ac_uuid = - nm_settings_connection_get_uuid(nm_active_connection_get_settings_connection(active)); -@@ -196,7 +275,7 @@ find_settings_connection(NMCheckpoint *self, - return sett_conn; - } - -- /* ... or if the connection was reactivated/reapplied */ -+ /* Check if the connection was reactivated/reapplied */ - if (nm_active_connection_version_id_get(active) != dev_checkpoint->ac_version_id) { - _LOGT("rollback: active connection version id of %s changed", uuid); - *need_activation = TRUE; -@@ -212,12 +291,19 @@ restore_and_activate_connection(NMCheckpoint *self, DeviceCheckpoint *dev_checkp - NMSettingsConnection *connection; - gs_unref_object NMAuthSubject *subject = NULL; - GError *local_error = NULL; -- gboolean need_update, need_activation; -+ gboolean need_update; -+ gboolean need_update_shadowed; -+ gboolean need_activation; - NMSettingsConnectionPersistMode persist_mode; - NMSettingsConnectionIntFlags sett_flags; - NMSettingsConnectionIntFlags sett_mask; - -- connection = find_settings_connection(self, dev_checkpoint, &need_update, &need_activation); -+ connection = find_settings_connection(self, -+ dev_checkpoint, -+ &need_update, -+ &need_update_shadowed, -+ &need_activation, -+ &persist_mode); - - /* FIXME: we need to ensure to re-create/update the profile for the - * same settings plugin. E.g. if it was a keyfile in /run or /etc, -@@ -229,9 +315,26 @@ restore_and_activate_connection(NMCheckpoint *self, DeviceCheckpoint *dev_checkp - sett_mask = NM_SETTINGS_CONNECTION_INT_FLAGS_NONE; - - if (connection) { -+ if (need_update_shadowed) { -+ _LOGD("rollback: updating shadowed file for connection %s", -+ nm_connection_get_uuid(dev_checkpoint->settings_connection)); -+ nm_settings_connection_update( -+ connection, -+ NULL, -+ dev_checkpoint->settings_connection_shadowed, -+ NM_SETTINGS_CONNECTION_PERSIST_MODE_TO_DISK, -+ sett_flags, -+ sett_mask, -+ NM_SETTINGS_CONNECTION_UPDATE_REASON_RESET_SYSTEM_SECRETS -+ | NM_SETTINGS_CONNECTION_UPDATE_REASON_UPDATE_NON_SECRET, -+ "checkpoint-rollback", -+ NULL); -+ } -+ - if (need_update) { -- _LOGD("rollback: updating connection %s", nm_settings_connection_get_uuid(connection)); -- persist_mode = NM_SETTINGS_CONNECTION_PERSIST_MODE_KEEP; -+ _LOGD("rollback: updating connection %s with persist mode \"%s\"", -+ nm_connection_get_uuid(dev_checkpoint->settings_connection), -+ nm_settings_connection_persist_mode_to_string(persist_mode)); - nm_settings_connection_update( - connection, - NULL, -@@ -246,21 +349,54 @@ restore_and_activate_connection(NMCheckpoint *self, DeviceCheckpoint *dev_checkp - } - } else { - /* The connection was deleted, recreate it */ -- _LOGD("rollback: adding connection %s again", -- nm_connection_get_uuid(dev_checkpoint->settings_connection)); -- -- persist_mode = NM_SETTINGS_CONNECTION_PERSIST_MODE_TO_DISK; -- if (!nm_settings_add_connection(NM_SETTINGS_GET, -- NULL, -- dev_checkpoint->settings_connection, -- persist_mode, -- NM_SETTINGS_CONNECTION_ADD_REASON_NONE, -- sett_flags, -- &connection, -- &local_error)) { -- _LOGD("rollback: connection add failure: %s", local_error->message); -- g_clear_error(&local_error); -- return FALSE; -+ if (need_update_shadowed) { -+ _LOGD("rollback: adding back shadowed file for connection %s", -+ nm_connection_get_uuid(dev_checkpoint->settings_connection)); -+ -+ if (!nm_settings_add_connection(NM_SETTINGS_GET, -+ NULL, -+ dev_checkpoint->settings_connection_shadowed, -+ NM_SETTINGS_CONNECTION_PERSIST_MODE_TO_DISK, -+ NM_SETTINGS_CONNECTION_ADD_REASON_NONE, -+ sett_flags, -+ &connection, -+ &local_error)) { -+ _LOGD("rollback: connection add failure: %s", local_error->message); -+ g_clear_error(&local_error); -+ return FALSE; -+ } -+ -+ _LOGD("rollback: updating connection %s with persist mode \"%s\"", -+ nm_connection_get_uuid(dev_checkpoint->settings_connection), -+ nm_settings_connection_persist_mode_to_string(persist_mode)); -+ -+ nm_settings_connection_update( -+ connection, -+ NULL, -+ dev_checkpoint->settings_connection, -+ persist_mode, -+ sett_flags, -+ sett_mask, -+ NM_SETTINGS_CONNECTION_UPDATE_REASON_RESET_SYSTEM_SECRETS -+ | NM_SETTINGS_CONNECTION_UPDATE_REASON_UPDATE_NON_SECRET, -+ "checkpoint-rollback", -+ NULL); -+ } else { -+ _LOGD("rollback: adding back connection %s with persist mode \"%s\"", -+ nm_connection_get_uuid(dev_checkpoint->settings_connection), -+ nm_settings_connection_persist_mode_to_string(persist_mode)); -+ if (!nm_settings_add_connection(NM_SETTINGS_GET, -+ NULL, -+ dev_checkpoint->settings_connection, -+ persist_mode, -+ NM_SETTINGS_CONNECTION_ADD_REASON_NONE, -+ sett_flags, -+ &connection, -+ &local_error)) { -+ _LOGD("rollback: connection add failure: %s", local_error->message); -+ g_clear_error(&local_error); -+ return FALSE; -+ } - } - need_activation = TRUE; - } -@@ -362,11 +498,15 @@ nm_checkpoint_rollback(NMCheckpoint *self) - while (g_hash_table_iter_next(&iter, (gpointer *) &device, (gpointer *) &dev_checkpoint)) { - guint32 result = NM_ROLLBACK_RESULT_OK; - -- _LOGD("rollback: restoring device %s (state %d, realized %d, explicitly unmanaged %d)", -+ _LOGD("rollback: restoring device %s (state %d, realized %d, explicitly unmanaged %d, " -+ "connection-unsaved %d, connection-shadowed %d, connection-shadowed-owned %d)", - dev_checkpoint->original_dev_name, - (int) dev_checkpoint->state, - dev_checkpoint->realized, -- dev_checkpoint->unmanaged_explicit); -+ dev_checkpoint->unmanaged_explicit, -+ dev_checkpoint->settings_connection_is_unsaved, -+ !!dev_checkpoint->settings_connection_shadowed, -+ dev_checkpoint->settings_connection_is_shadowed_owned); - - if (nm_device_is_real(device)) { - if (!dev_checkpoint->realized) { -@@ -518,6 +658,7 @@ device_checkpoint_destroy(gpointer data) - g_clear_object(&dev_checkpoint->applied_connection); - g_clear_object(&dev_checkpoint->settings_connection); - g_clear_object(&dev_checkpoint->device); -+ g_clear_object(&dev_checkpoint->settings_connection_shadowed); - g_free(dev_checkpoint->original_dev_path); - g_free(dev_checkpoint->original_dev_name); - -@@ -555,7 +696,7 @@ _dev_exported_changed(NMDBusObject *obj, NMCheckpoint *checkpoint) - } - - static DeviceCheckpoint * --device_checkpoint_create(NMCheckpoint *checkpoint, NMDevice *device) -+device_checkpoint_create(NMCheckpoint *self, NMDevice *device) - { - DeviceCheckpoint *dev_checkpoint; - NMConnection *applied_connection; -@@ -579,7 +720,7 @@ device_checkpoint_create(NMCheckpoint *checkpoint, NMDevice *device) - dev_checkpoint->dev_exported_change_id = g_signal_connect(device, - NM_DBUS_OBJECT_EXPORTED_CHANGED, - G_CALLBACK(_dev_exported_changed), -- checkpoint); -+ self); - - if (nm_device_get_unmanaged_mask(device, NM_UNMANAGED_USER_EXPLICIT)) { - dev_checkpoint->unmanaged_explicit = -@@ -589,6 +730,11 @@ device_checkpoint_create(NMCheckpoint *checkpoint, NMDevice *device) - - act_request = nm_device_get_act_request(device); - if (act_request) { -+ NMSettingsStorage *storage; -+ gboolean shadowed_owned = FALSE; -+ const char *shadowed_file; -+ gs_free_error GError *error = NULL; -+ - settings_connection = nm_act_request_get_settings_connection(act_request); - applied_connection = nm_act_request_get_applied_connection(act_request); - -@@ -602,6 +748,24 @@ device_checkpoint_create(NMCheckpoint *checkpoint, NMDevice *device) - dev_checkpoint->activation_lifetime_bound_to_profile_visibility = - NM_FLAGS_HAS(nm_active_connection_get_state_flags(NM_ACTIVE_CONNECTION(act_request)), - NM_ACTIVATION_STATE_FLAG_LIFETIME_BOUND_TO_PROFILE_VISIBILITY); -+ -+ dev_checkpoint->settings_connection_is_unsaved = -+ NM_FLAGS_HAS(nm_settings_connection_get_flags(settings_connection), -+ NM_SETTINGS_CONNECTION_INT_FLAGS_UNSAVED); -+ -+ storage = nm_settings_connection_get_storage(settings_connection); -+ shadowed_file = -+ storage ? nm_settings_storage_get_shadowed_storage(storage, &shadowed_owned) : NULL; -+ if (shadowed_file) { -+ dev_checkpoint->settings_connection_is_shadowed_owned = shadowed_owned; -+ dev_checkpoint->settings_connection_shadowed = -+ parse_connection_from_shadowed_file(shadowed_file, &error); -+ if (!dev_checkpoint->settings_connection_shadowed) { -+ _LOGW("error reading shadowed connection file for %s: %s", -+ nm_device_get_iface(device), -+ error->message); -+ } -+ } - } - - return dev_checkpoint; --- -2.41.0 - diff --git a/SOURCES/1010-allow-ip-configurations-without-addresses-rhel28544.patch b/SOURCES/1010-allow-ip-configurations-without-addresses-rhel28544.patch deleted file mode 100644 index 33a6ac5..0000000 --- a/SOURCES/1010-allow-ip-configurations-without-addresses-rhel28544.patch +++ /dev/null @@ -1,398 +0,0 @@ -From 3806d476ab8c45a8ea534be064515744ccea16e2 Mon Sep 17 00:00:00 2001 -From: Beniamino Galvani -Date: Tue, 7 May 2024 17:51:19 +0200 -Subject: [PATCH 1/4] vpn: allow IP configurations without addresses - -An IPv4-over-IPv6 (or vice-versa) IPsec VPN can return IP -configurations with routes and without addresses. For example, in this -scenario: - - +---------------+ +---------------+ - | fd01::10/64 <-- VPN --> fd02::20/64 | - | host1 | | host2 | - +-------^-------+ +-------^-------+ - | | - +-------v-------+ +-------v-------+ - | subnet1 | | subnet2 | - | 172.16.1.0/24 | | 172.16.2.0/24 | - +---------------+ +---------------+ - -host1 and host2 establish a IPv6 tunnel which encapsulates packets -between the two IPv4 subnets. Therefore, in routed mode, host1 will -need to configure a route like "172.16.2.0/24 via ipsec1" even if the -host doesn't have any IPv4 address on the VPN interface. - -Accept IP configurations without address from the VPN; only check that -the address and prefix are sane if they are provided. - -(cherry picked from commit 97f185e1f8e5a60d770711d8bce8bd12a205590f) -(cherry picked from commit 518b7c5bd51d3f652c8179594a522f6ddf93f449) -(cherry picked from commit 476a9553f61c4bd6f0c8dec476b3179de6cf2293) ---- - src/core/vpn/nm-vpn-connection.c | 44 ++++++++++++++++++++------------ - 1 file changed, 27 insertions(+), 17 deletions(-) - -diff --git a/src/core/vpn/nm-vpn-connection.c b/src/core/vpn/nm-vpn-connection.c -index 3dba9ff6c8..62aecbd286 100644 ---- a/src/core/vpn/nm-vpn-connection.c -+++ b/src/core/vpn/nm-vpn-connection.c -@@ -1988,6 +1988,12 @@ _dbus_signal_ip_config_cb(NMVpnConnection *self, int addr_family, GVariant *dict - - nm_l3_config_data_set_dns_priority(l3cd, AF_INET, NM_DNS_PRIORITY_DEFAULT_VPN); - -+ _vardict_to_addr(addr_family, -+ dict, -+ IS_IPv4 ? NM_VPN_PLUGIN_IP4_CONFIG_INT_GATEWAY -+ : NM_VPN_PLUGIN_IP6_CONFIG_INT_GATEWAY, -+ &priv->ip_data_x[IS_IPv4].gw_internal); -+ - if (IS_IPv4) { - address.a4 = (NMPlatformIP4Address){ - .plen = 24, -@@ -1998,16 +2004,17 @@ _dbus_signal_ip_config_cb(NMVpnConnection *self, int addr_family, GVariant *dict - }; - } - -- _vardict_to_addr(addr_family, -- dict, -- IS_IPv4 ? NM_VPN_PLUGIN_IP4_CONFIG_INT_GATEWAY -- : NM_VPN_PLUGIN_IP6_CONFIG_INT_GATEWAY, -- &priv->ip_data_x[IS_IPv4].gw_internal); -- -- _vardict_to_addr(addr_family, -- dict, -- IS_IPv4 ? NM_VPN_PLUGIN_IP4_CONFIG_ADDRESS : NM_VPN_PLUGIN_IP6_CONFIG_ADDRESS, -- address.ax.address_ptr); -+ if (_vardict_to_addr(addr_family, -+ dict, -+ IS_IPv4 ? NM_VPN_PLUGIN_IP4_CONFIG_ADDRESS -+ : NM_VPN_PLUGIN_IP6_CONFIG_ADDRESS, -+ address.ax.address_ptr) -+ && nm_ip_addr_is_null(addr_family, &address.ax.address_ptr)) { -+ _LOGW("invalid IP%c config received: address is zero", -+ nm_utils_addr_family_to_char(addr_family)); -+ _check_complete(self, FALSE); -+ return; -+ } - - if (!_vardict_to_addr(addr_family, - dict, -@@ -2024,17 +2031,20 @@ _dbus_signal_ip_config_cb(NMVpnConnection *self, int addr_family, GVariant *dict - &u32)) - address.ax.plen = u32; - -- if (address.ax.plen > 0 && address.ax.plen <= (IS_IPv4 ? 32 : 128) -- && !nm_ip_addr_is_null(addr_family, &address.ax.address_ptr)) { -- address.ax.addr_source = NM_IP_CONFIG_SOURCE_VPN; -- nm_l3_config_data_add_address(l3cd, addr_family, NULL, &address.ax); -- } else { -- _LOGW("invalid IP%c config received: no valid IP address/prefix", -- nm_utils_addr_family_to_char(addr_family)); -+ if (!nm_ip_addr_is_null(addr_family, &address.ax.address_ptr) -+ && (address.ax.plen == 0 || address.ax.plen > (IS_IPv4 ? 32 : 128))) { -+ _LOGW("invalid IP%c config received: invalid prefix %u", -+ nm_utils_addr_family_to_char(addr_family), -+ address.ax.plen); - _check_complete(self, FALSE); - return; - } - -+ if (!nm_ip_addr_is_null(addr_family, &address.ax.address_ptr)) { -+ address.ax.addr_source = NM_IP_CONFIG_SOURCE_VPN; -+ nm_l3_config_data_add_address(l3cd, addr_family, NULL, &address.ax); -+ } -+ - if (IS_IPv4) { - if (g_variant_lookup(dict, NM_VPN_PLUGIN_IP4_CONFIG_DNS, "au", &var_iter)) { - while (g_variant_iter_next(var_iter, "u", &u32)) --- -2.45.2 - - -From 044f85613f09861d908045feda6d6f3b499d75b5 Mon Sep 17 00:00:00 2001 -From: Beniamino Galvani -Date: Wed, 8 May 2024 10:49:27 +0200 -Subject: [PATCH 2/4] core: rename l3cd's "dhcp_enabled" to - "allow_routes_without_address" - -The name "dhcp_enabled" is misleading because the flag is set for -method=auto, which doesn't necessarily imply DHCP. Also, it doesn't -convey what the flag is used for. Rename it to -"allow_routes_without_address". - -(cherry picked from commit b31febea22485d3dd063cfff8fc61c1e3901a7ca) -(cherry picked from commit 6897b6ecfdd5ed2e50c7db45a4ea3c7c7998d908) -(cherry picked from commit ea731bba9b1f5a22e48c0a6c1881bc91c3cf1032) ---- - src/core/nm-l3-config-data.c | 68 +++++++++++++++++++----------------- - src/core/nm-l3-config-data.h | 3 +- - src/core/nm-l3cfg.c | 9 +++-- - 3 files changed, 41 insertions(+), 39 deletions(-) - -diff --git a/src/core/nm-l3-config-data.c b/src/core/nm-l3-config-data.c -index a4647116a9..fbee1bf7e8 100644 ---- a/src/core/nm-l3-config-data.c -+++ b/src/core/nm-l3-config-data.c -@@ -157,8 +157,8 @@ struct _NML3ConfigData { - bool has_routes_with_type_local_6_set : 1; - bool has_routes_with_type_local_4_val : 1; - bool has_routes_with_type_local_6_val : 1; -- bool dhcp_enabled_4 : 1; -- bool dhcp_enabled_6 : 1; -+ bool allow_routes_without_address_4 : 1; -+ bool allow_routes_without_address_6 : 1; - - bool ndisc_hop_limit_set : 1; - bool ndisc_reachable_time_msec_set : 1; -@@ -678,26 +678,28 @@ nm_l3_config_data_new(NMDedupMultiIndex *multi_idx, int ifindex, NMIPConfigSourc - - self = g_slice_new(NML3ConfigData); - *self = (NML3ConfigData){ -- .ref_count = 1, -- .ifindex = ifindex, -- .multi_idx = nm_dedup_multi_index_ref(multi_idx), -- .mdns = NM_SETTING_CONNECTION_MDNS_DEFAULT, -- .llmnr = NM_SETTING_CONNECTION_LLMNR_DEFAULT, -- .dns_over_tls = NM_SETTING_CONNECTION_DNS_OVER_TLS_DEFAULT, -- .flags = NM_L3_CONFIG_DAT_FLAGS_NONE, -- .metered = NM_TERNARY_DEFAULT, -- .proxy_browser_only = NM_TERNARY_DEFAULT, -- .proxy_method = NM_PROXY_CONFIG_METHOD_UNKNOWN, -- .route_table_sync_4 = NM_IP_ROUTE_TABLE_SYNC_MODE_NONE, -- .route_table_sync_6 = NM_IP_ROUTE_TABLE_SYNC_MODE_NONE, -- .never_default_6 = NM_OPTION_BOOL_DEFAULT, -- .never_default_4 = NM_OPTION_BOOL_DEFAULT, -- .source = source, -- .ip6_privacy = NM_SETTING_IP6_CONFIG_PRIVACY_UNKNOWN, -- .mptcp_flags = NM_MPTCP_FLAGS_NONE, -- .ndisc_hop_limit_set = FALSE, -- .ndisc_reachable_time_msec_set = FALSE, -- .ndisc_retrans_timer_msec_set = FALSE, -+ .ref_count = 1, -+ .ifindex = ifindex, -+ .multi_idx = nm_dedup_multi_index_ref(multi_idx), -+ .mdns = NM_SETTING_CONNECTION_MDNS_DEFAULT, -+ .llmnr = NM_SETTING_CONNECTION_LLMNR_DEFAULT, -+ .dns_over_tls = NM_SETTING_CONNECTION_DNS_OVER_TLS_DEFAULT, -+ .flags = NM_L3_CONFIG_DAT_FLAGS_NONE, -+ .metered = NM_TERNARY_DEFAULT, -+ .proxy_browser_only = NM_TERNARY_DEFAULT, -+ .proxy_method = NM_PROXY_CONFIG_METHOD_UNKNOWN, -+ .route_table_sync_4 = NM_IP_ROUTE_TABLE_SYNC_MODE_NONE, -+ .route_table_sync_6 = NM_IP_ROUTE_TABLE_SYNC_MODE_NONE, -+ .never_default_6 = NM_OPTION_BOOL_DEFAULT, -+ .never_default_4 = NM_OPTION_BOOL_DEFAULT, -+ .source = source, -+ .ip6_privacy = NM_SETTING_IP6_CONFIG_PRIVACY_UNKNOWN, -+ .mptcp_flags = NM_MPTCP_FLAGS_NONE, -+ .ndisc_hop_limit_set = FALSE, -+ .ndisc_reachable_time_msec_set = FALSE, -+ .ndisc_retrans_timer_msec_set = FALSE, -+ .allow_routes_without_address_4 = TRUE, -+ .allow_routes_without_address_6 = TRUE, - }; - - _idx_type_init(&self->idx_addresses_4, NMP_OBJECT_TYPE_IP4_ADDRESS); -@@ -1936,15 +1938,15 @@ nm_l3_config_data_set_mptcp_flags(NML3ConfigData *self, NMMptcpFlags mptcp_flags - } - - gboolean --nm_l3_config_data_get_dhcp_enabled(const NML3ConfigData *self, int addr_family) -+nm_l3_config_data_get_allow_routes_without_address(const NML3ConfigData *self, int addr_family) - { - const int IS_IPv4 = NM_IS_IPv4(addr_family); - - nm_assert(_NM_IS_L3_CONFIG_DATA(self, TRUE)); - if (IS_IPv4) { -- return self->dhcp_enabled_4; -+ return self->allow_routes_without_address_4; - } else { -- return self->dhcp_enabled_6; -+ return self->allow_routes_without_address_6; - } - } - -@@ -2758,18 +2760,18 @@ _init_from_connection_ip(NML3ConfigData *self, int addr_family, NMConnection *co - method = nm_setting_ip_config_get_method(s_ip); - if (IS_IPv4) { - if (nm_streq(method, NM_SETTING_IP4_CONFIG_METHOD_AUTO)) { -- self->dhcp_enabled_4 = TRUE; -+ self->allow_routes_without_address_4 = FALSE; - } else { -- self->dhcp_enabled_4 = FALSE; -+ self->allow_routes_without_address_4 = TRUE; - } - } else { - method = nm_setting_ip_config_get_method(s_ip); - if (NM_IN_STRSET(method, - NM_SETTING_IP6_CONFIG_METHOD_AUTO, - NM_SETTING_IP6_CONFIG_METHOD_DHCP)) { -- self->dhcp_enabled_6 = TRUE; -+ self->allow_routes_without_address_6 = FALSE; - } else { -- self->dhcp_enabled_6 = FALSE; -+ self->allow_routes_without_address_6 = TRUE; - } - } - -@@ -3456,11 +3458,11 @@ nm_l3_config_data_merge(NML3ConfigData *self, - self->dhcp_lease_x[0] = nm_dhcp_lease_ref(self->dhcp_lease_x[0]); - self->dhcp_lease_x[1] = nm_dhcp_lease_ref(self->dhcp_lease_x[1]); - } -- if (src->dhcp_enabled_4) -- self->dhcp_enabled_4 = TRUE; -+ if (!src->allow_routes_without_address_4) -+ self->allow_routes_without_address_4 = FALSE; - -- if (src->dhcp_enabled_6) -- self->dhcp_enabled_6 = TRUE; -+ if (!src->allow_routes_without_address_6) -+ self->allow_routes_without_address_6 = FALSE; - } - - NML3ConfigData * -diff --git a/src/core/nm-l3-config-data.h b/src/core/nm-l3-config-data.h -index b55b2f4194..5c8491a704 100644 ---- a/src/core/nm-l3-config-data.h -+++ b/src/core/nm-l3-config-data.h -@@ -554,7 +554,8 @@ NMSettingIP6ConfigPrivacy nm_l3_config_data_get_ip6_privacy(const NML3ConfigData - gboolean nm_l3_config_data_set_ip6_privacy(NML3ConfigData *self, - NMSettingIP6ConfigPrivacy ip6_privacy); - --gboolean nm_l3_config_data_get_dhcp_enabled(const NML3ConfigData *self, int addr_family); -+gboolean nm_l3_config_data_get_allow_routes_without_address(const NML3ConfigData *self, -+ int addr_family); - - NMProxyConfigMethod nm_l3_config_data_get_proxy_method(const NML3ConfigData *self); - -diff --git a/src/core/nm-l3cfg.c b/src/core/nm-l3cfg.c -index f428d04cc6..ab9844d642 100644 ---- a/src/core/nm-l3cfg.c -+++ b/src/core/nm-l3cfg.c -@@ -1301,7 +1301,6 @@ _commit_collect_routes(NML3Cfg *self, - const int IS_IPv4 = NM_IS_IPv4(addr_family); - const NMDedupMultiHeadEntry *head_entry; - const NMDedupMultiEntry *entry; -- gboolean is_dhcp_enabled; - - nm_assert(routes && !*routes); - nm_assert(routes_nodev && !*routes_nodev); -@@ -1321,10 +1320,10 @@ _commit_collect_routes(NML3Cfg *self, - else { - nm_assert(NMP_OBJECT_CAST_IP_ROUTE(obj)->ifindex == self->priv.ifindex); - -- is_dhcp_enabled = -- nm_l3_config_data_get_dhcp_enabled(self->priv.p->combined_l3cd_commited, -- addr_family); -- if (!any_addrs && is_dhcp_enabled) { -+ if (!any_addrs -+ && !nm_l3_config_data_get_allow_routes_without_address( -+ self->priv.p->combined_l3cd_commited, -+ addr_family)) { - /* This is a unicast route (or a similar route, which has an - * ifindex). - * --- -2.45.2 - - -From 66f8dfc453eda98a77c9a85c2b6110955f02b5c7 Mon Sep 17 00:00:00 2001 -From: Beniamino Galvani -Date: Wed, 8 May 2024 11:02:20 +0200 -Subject: [PATCH 3/4] core: add - nm_l3_config_data_set_allow_routes_without_address() - -Add a function to set the allow-routes-without-address flag for -l3cds. It will be used in the next commit. - -(cherry picked from commit a3ce13c947e6eda71fa07de273ede55b806e8d45) -(cherry picked from commit 5fa063f90d443044ca1dba71478c701ce7b62b94) -(cherry picked from commit e008ec734553f7b065714025e6f3628cac10f314) ---- - src/core/nm-l3-config-data.c | 15 +++++++++++++++ - src/core/nm-l3-config-data.h | 4 ++++ - 2 files changed, 19 insertions(+) - -diff --git a/src/core/nm-l3-config-data.c b/src/core/nm-l3-config-data.c -index fbee1bf7e8..908c4d65d5 100644 ---- a/src/core/nm-l3-config-data.c -+++ b/src/core/nm-l3-config-data.c -@@ -1950,6 +1950,21 @@ nm_l3_config_data_get_allow_routes_without_address(const NML3ConfigData *self, i - } - } - -+void -+nm_l3_config_data_set_allow_routes_without_address(NML3ConfigData *self, -+ int addr_family, -+ gboolean value) -+{ -+ const int IS_IPv4 = NM_IS_IPv4(addr_family); -+ -+ nm_assert(_NM_IS_L3_CONFIG_DATA(self, FALSE)); -+ if (IS_IPv4) { -+ self->allow_routes_without_address_4 = value; -+ } else { -+ self->allow_routes_without_address_6 = value; -+ } -+} -+ - NMProxyConfigMethod - nm_l3_config_data_get_proxy_method(const NML3ConfigData *self) - { -diff --git a/src/core/nm-l3-config-data.h b/src/core/nm-l3-config-data.h -index 5c8491a704..faf4f0bfa9 100644 ---- a/src/core/nm-l3-config-data.h -+++ b/src/core/nm-l3-config-data.h -@@ -557,6 +557,10 @@ gboolean nm_l3_config_data_set_ip6_privacy(NML3ConfigData *self, - gboolean nm_l3_config_data_get_allow_routes_without_address(const NML3ConfigData *self, - int addr_family); - -+void nm_l3_config_data_set_allow_routes_without_address(NML3ConfigData *self, -+ int addr_family, -+ gboolean value); -+ - NMProxyConfigMethod nm_l3_config_data_get_proxy_method(const NML3ConfigData *self); - - gboolean nm_l3_config_data_set_proxy_method(NML3ConfigData *self, NMProxyConfigMethod value); --- -2.45.2 - - -From 1d041a7ada56c27dcd155ff67a1bf02f0b00e35e Mon Sep 17 00:00:00 2001 -From: Beniamino Galvani -Date: Wed, 8 May 2024 11:04:04 +0200 -Subject: [PATCH 4/4] vpn: allow IP configurations with routes and without - addresses - -Usually, when the method is "auto" we want to avoid configuring routes -until the automatic method completes. To achieve that, we clear the -"allow_routes_without_address" flag of l3cds when the method is "auto". - -For VPNs, IP configurations with only routes are perfectly valid, -therefore set the flag. - -(cherry picked from commit d1ffdb28ebaf3af23ac76b59c35fe7e4672cb5bc) -(cherry picked from commit 5b4ed809cc458504f01a02e908a91f2625613787) -(cherry picked from commit 83847cc621aaa5ee6130e4088582875fcd98dd64) ---- - src/core/vpn/nm-vpn-connection.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/core/vpn/nm-vpn-connection.c b/src/core/vpn/nm-vpn-connection.c -index 62aecbd286..f26f4c42e0 100644 ---- a/src/core/vpn/nm-vpn-connection.c -+++ b/src/core/vpn/nm-vpn-connection.c -@@ -1433,6 +1433,10 @@ _check_complete(NMVpnConnection *self, gboolean success) - l3cd = nm_l3_config_data_new_from_connection(nm_netns_get_multi_idx(priv->netns), - nm_vpn_connection_get_ip_ifindex(self, TRUE), - connection); -+ -+ nm_l3_config_data_set_allow_routes_without_address(l3cd, AF_INET, TRUE); -+ nm_l3_config_data_set_allow_routes_without_address(l3cd, AF_INET6, TRUE); -+ - _l3cfg_l3cd_set(self, L3CD_TYPE_STATIC, l3cd); - - _l3cfg_l3cd_gw_extern_update(self); --- -2.45.2 - diff --git a/SOURCES/1011-vpn-handle-hint-tags-in-the-daemon-rhel44712.patch b/SOURCES/1011-vpn-handle-hint-tags-in-the-daemon-rhel44712.patch deleted file mode 100644 index cfa84e1..0000000 --- a/SOURCES/1011-vpn-handle-hint-tags-in-the-daemon-rhel44712.patch +++ /dev/null @@ -1,241 +0,0 @@ -From 4a31371e834057712c33678b249127062b250a33 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?=C3=8D=C3=B1igo=20Huguet?= -Date: Mon, 3 Jun 2024 14:29:15 +0200 -Subject: [PATCH 1/2] vpn: handle hint tags in the daemon - -Commit 345bd1b18731 ('libnmc: fix secrets request on 2nd stage of 2FA -authentication') and commit 27c701ebfbc9 ('libnmc: allow user input in -ECHO mode for 2FA challenges') introduced 2 new tags that hints for the -secret agents can have as prefix. - -These tags were processed (and removed) in the secret agents, not in the -daemon. This is wrong because a system with an updated VPN plugin but a -not yet updated secret agent (like nm-plasma) will fail: it won't remove -the prefix and the daemon will save the secret with the prefix, i.e. -"x-dynamic-challenge:challenge-response" instead of just -"challenge-response". Then, VPN plugins doesn't recognize it, failing the -profile's activation. This is, in fact, an API break. - -Also, if the VPN connection already existed before updating NM and the -VPN plugin, the secret flags are not added to the profile (they are only -added when the profile is created or modified). This causes the user's -first time response is saved to the profile, so the activation fails the -second and next times. - -See: -- https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1536 -- https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/issues/142 - -Anyway, in a good design the daemon should contain almost all the logic -and the clients should keep as simple as possible. Fix above's problems -by letting the daemon to receive the secret names with the prefix -already included. The daemon will strip it and will know what it means. - -Note that this is done only in the functions that saves the secrets from -the data received via D-Bus. For example, nm_setting_vpn_add_secret -doesn't need to do it because this value shouldn't come from VPN -plugin's hints. - -(cherry picked from commit 0583e1f8436e4c8a4e462a643c711b69d157b938) -(cherry picked from commit 574741783c34fc62e8df78544b619d8281ddc85d) -(cherry picked from commit bdbcda1e22c2eba9a51fb476b79fb680a99be84f) ---- - src/libnm-core-impl/nm-setting-vpn.c | 55 ++++++++++++++++++++++++++-- - 1 file changed, 52 insertions(+), 3 deletions(-) - -diff --git a/src/libnm-core-impl/nm-setting-vpn.c b/src/libnm-core-impl/nm-setting-vpn.c -index b867d01860..65a14866c8 100644 ---- a/src/libnm-core-impl/nm-setting-vpn.c -+++ b/src/libnm-core-impl/nm-setting-vpn.c -@@ -577,14 +577,48 @@ verify(NMSetting *setting, NMConnection *connection, GError **error) - return TRUE; - } - -+static gboolean -+_parse_secret_hint_tag(const char *secret_name, -+ const char **out_secret_name, -+ NMSettingSecretFlags *out_implied_flags) -+{ -+ NMSettingSecretFlags implied_flags = NM_SETTING_SECRET_FLAG_NONE; -+ gboolean ret = FALSE; -+ -+ nm_assert(secret_name); -+ -+ if (g_str_has_prefix(secret_name, NM_SECRET_TAG_DYNAMIC_CHALLENGE)) { -+ secret_name += NM_STRLEN(NM_SECRET_TAG_DYNAMIC_CHALLENGE); -+ implied_flags |= NM_SETTING_SECRET_FLAG_NOT_SAVED; -+ ret = TRUE; -+ } else if (g_str_has_prefix(secret_name, NM_SECRET_TAG_DYNAMIC_CHALLENGE_ECHO)) { -+ secret_name += NM_STRLEN(NM_SECRET_TAG_DYNAMIC_CHALLENGE_ECHO); -+ implied_flags |= NM_SETTING_SECRET_FLAG_NOT_SAVED; -+ ret = TRUE; -+ } -+ -+ NM_SET_OUT(out_secret_name, secret_name); -+ NM_SET_OUT(out_implied_flags, implied_flags); -+ return ret; -+} -+ - static NMSettingUpdateSecretResult - update_secret_string(NMSetting *setting, const char *key, const char *value, GError **error) - { - NMSettingVpnPrivate *priv = NM_SETTING_VPN_GET_PRIVATE(setting); -+ NMSettingSecretFlags hint_implied_flags, flags; - - g_return_val_if_fail(key && key[0], NM_SETTING_UPDATE_SECRET_ERROR); - g_return_val_if_fail(value, NM_SETTING_UPDATE_SECRET_ERROR); - -+ /* If the name is prefixed with a hint tag, process it before saving: -+ * remove the prefix and apply the flags that it implies */ -+ _parse_secret_hint_tag(key, &key, &hint_implied_flags); -+ if (hint_implied_flags) { -+ nm_setting_get_secret_flags(setting, key, &flags, NULL); -+ nm_setting_set_secret_flags(setting, key, flags | hint_implied_flags, NULL); -+ } -+ - if (nm_streq0(nm_g_hash_table_lookup(priv->secrets, key), value)) - return NM_SETTING_UPDATE_SECRET_SUCCESS_UNCHANGED; - -@@ -599,6 +633,7 @@ update_secret_dict(NMSetting *setting, GVariant *secrets, GError **error) - GVariantIter iter; - const char *name, *value; - NMSettingUpdateSecretResult result = NM_SETTING_UPDATE_SECRET_SUCCESS_UNCHANGED; -+ NMSettingSecretFlags hint_implied_flags, flags; - - g_return_val_if_fail(secrets != NULL, NM_SETTING_UPDATE_SECRET_ERROR); - -@@ -618,6 +653,14 @@ update_secret_dict(NMSetting *setting, GVariant *secrets, GError **error) - /* Now add the items to the settings' secrets list */ - g_variant_iter_init(&iter, secrets); - while (g_variant_iter_next(&iter, "{&s&s}", &name, &value)) { -+ /* If the name is prefixed with a hint tag, process it before saving: -+ * remove the prefix and apply the flags that it implies */ -+ _parse_secret_hint_tag(name, &name, &hint_implied_flags); -+ if (hint_implied_flags) { -+ nm_setting_get_secret_flags(setting, name, &flags, NULL); -+ nm_setting_set_secret_flags(setting, name, flags | hint_implied_flags, NULL); -+ } -+ - if (nm_streq0(nm_g_hash_table_lookup(priv->secrets, name), value)) - continue; - -@@ -727,6 +770,7 @@ get_secret_flags(NMSetting *setting, - GError **error) - { - NMSettingVpnPrivate *priv = NM_SETTING_VPN_GET_PRIVATE(setting); -+ NMSettingSecretFlags implied_flags = NM_SETTING_SECRET_FLAG_NONE; - gs_free char *flags_key_free = NULL; - const char *flags_key; - const char *flags_val; -@@ -734,6 +778,10 @@ get_secret_flags(NMSetting *setting, - - nm_assert(secret_name); - -+ /* Secrets received via D-Bus from VPN plugins might be prefixed by a hint tag. If -+ * that's the case, process it first: remove the tag and get the flags that it implies */ -+ _parse_secret_hint_tag(secret_name, &secret_name, &implied_flags); -+ - if (!secret_name[0]) { - g_set_error(error, - NM_CONNECTION_ERROR, -@@ -746,7 +794,7 @@ get_secret_flags(NMSetting *setting, - - if (!priv->data - || !g_hash_table_lookup_extended(priv->data, flags_key, NULL, (gpointer *) &flags_val)) { -- NM_SET_OUT(out_flags, NM_SETTING_SECRET_FLAG_NONE); -+ NM_SET_OUT(out_flags, implied_flags); - - /* having no secret flag for the secret is fine, as long as there - * is the secret itself... */ -@@ -772,7 +820,7 @@ get_secret_flags(NMSetting *setting, - return TRUE; - } - -- NM_SET_OUT(out_flags, (NMSettingSecretFlags) i64); -+ NM_SET_OUT(out_flags, (NMSettingSecretFlags) i64 | implied_flags); - return TRUE; - } - -@@ -783,7 +831,8 @@ set_secret_flags(NMSetting *setting, - GError **error) - { - nm_assert(secret_name); -- -+ nm_assert(!_parse_secret_hint_tag(secret_name, NULL, NULL)); /* Accept hint tags only via D-Bus, -+ saved by update_one_secret */ - if (!secret_name[0]) { - g_set_error(error, - NM_CONNECTION_ERROR, --- -2.44.0 - - -From ef781d957db80d1e628098dab2cbb1da70558511 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?=C3=8D=C3=B1igo=20Huguet?= -Date: Wed, 29 May 2024 16:50:10 +0200 -Subject: [PATCH 2/2] libnmc: don't strip prefix tags from secret names - -The daemon is now capable of understanding and removing these prefix -tags by itself. It is better than this is not a responsibility of the -secret agent because it requires changes in all secret agents to work -properly (see https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1536). - -If the secret agent knows what these prefix tags are, it can remove them -only in the text that is displayed in the UI, but maintaining the -original string as the secret name that is returned to the daemon. - -Secret agents that doesn't know what these prefix tags are won't do -anything with them, and they will also return the same string as secret -name, as expected. The only drawback is that they might display the full -string to the user, which is not a nice UX but it will at least work. - -Also, allow to translate the secret name for the UI in libnmc. - -(cherry picked from commit 18240bb72d191c987afe150d3a5023fe79d994dd) -(cherry picked from commit e217ec040d04835450c2de92cd2cf408e22f3fcd) -(cherry picked from commit a8a59e3e0af2f0922c1e6f0e18f00fe195c2d026) ---- - src/libnmc-base/nm-secret-agent-simple.c | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/src/libnmc-base/nm-secret-agent-simple.c b/src/libnmc-base/nm-secret-agent-simple.c -index 4bb77c9802..9d1a2ae962 100644 ---- a/src/libnmc-base/nm-secret-agent-simple.c -+++ b/src/libnmc-base/nm-secret-agent-simple.c -@@ -431,7 +431,7 @@ add_vpn_secrets(RequestData *request, GPtrArray *secrets, char **msg) - const NmcVpnPasswordName *p; - const char *vpn_msg = NULL; - char **iter; -- char *secret_name; -+ char *ui_name; - bool is_challenge = FALSE; - bool force_echo; - -@@ -442,19 +442,19 @@ add_vpn_secrets(RequestData *request, GPtrArray *secrets, char **msg) - vpn_msg = &(*iter)[NM_STRLEN(NM_SECRET_TAG_VPN_MSG)]; - } else { - if (NM_STR_HAS_PREFIX(*iter, NM_SECRET_TAG_DYNAMIC_CHALLENGE)) { -- secret_name = &(*iter)[NM_STRLEN(NM_SECRET_TAG_DYNAMIC_CHALLENGE)]; -+ ui_name = &(*iter)[NM_STRLEN(NM_SECRET_TAG_DYNAMIC_CHALLENGE)]; - is_challenge = TRUE; - force_echo = FALSE; - } else if (NM_STR_HAS_PREFIX(*iter, NM_SECRET_TAG_DYNAMIC_CHALLENGE_ECHO)) { -- secret_name = &(*iter)[NM_STRLEN(NM_SECRET_TAG_DYNAMIC_CHALLENGE_ECHO)]; -+ ui_name = &(*iter)[NM_STRLEN(NM_SECRET_TAG_DYNAMIC_CHALLENGE_ECHO)]; - is_challenge = TRUE; - force_echo = TRUE; - } else { -- secret_name = *iter; -- force_echo = FALSE; -+ ui_name = *iter; -+ force_echo = FALSE; - } - -- add_vpn_secret_helper(secrets, s_vpn, secret_name, secret_name, force_echo); -+ add_vpn_secret_helper(secrets, s_vpn, *iter, ui_name, force_echo); - } - } - } --- -2.44.0 - diff --git a/SPECS/NetworkManager.spec b/SPECS/NetworkManager.spec index 618eba0..7ea3a91 100644 --- a/SPECS/NetworkManager.spec +++ b/SPECS/NetworkManager.spec @@ -5,9 +5,9 @@ %global glib2_version %(pkg-config --modversion glib-2.0 2>/dev/null || echo bad) %global epoch_version 1 -%global real_version 1.46.0 +%global real_version 1.48.10 %global rpm_version %{real_version} -%global release_version 19 +%global release_version 3 %global snapshot %{nil} %global git_sha %{nil} %global bcond_default_debug 0 @@ -220,25 +220,11 @@ Source1000: 20-connectivity-msvsphere.conf Patch0001: 0001-revert-change-default-value-for-ipv4.dad-timeout-from-0-to-200ms.patch # Bugfixes that are only relevant until next rebase of the package. -# Patch1001: 1001-some.patch -Patch1001: 1001-drop-privateusers-directive-from-nm-cloud-setup-rhel27053.patch -Patch1002: 1002-allow-rollback-on-internal-global-dns-rhel-29725.patch -Patch1003: 1003-do-not-allow-ovs-bridge-and-port-to-be-parent-rhel-28545.patch -Patch1004: 1004-nm-dispatcher-fix-crash-rhel28973.patch -Patch1005: 1005-fix-race-condition-while-enumerating-devices-rhel25808.patch -Patch1006: 1006-fix-lldp-for-ovs-bridge-ports-rhel31766.patch -Patch1007: 1007-platform-avoid-routes-resync-rhel36162.patch -Patch1008: 1008-checkpoint-preserve-in-memory-state-rhel32493.patch -Patch1010: 1010-allow-ip-configurations-without-addresses-rhel28544.patch -Patch1011: 1011-vpn-handle-hint-tags-in-the-daemon-rhel44712.patch -Patch1013: 1013-ovs-wait-for-the-link-to-be-ready-before-activating-rhel-49799.patch -Patch1014: 1014-ovs-fix-triggering-stage3-without-dhcp-client-rhel-49799.patch -Patch1015: 1015-policy-unblock-the-autoconnect-for-children-when-parent-is-available-rhel-53344.patch -Patch1016: 1016-fix-lldp-crash-dereferencing-null-pointer-rhel-46200.patch -Patch1017: 1017-use-etc-hosts-for-hostname-resolution-rhel-53202.patch -Patch1018: 1018-retry-hostname-resolution-when-it-fails-rhel-55397.patch -Patch1019: 1019-cloud-setup-allow-bigger-restart-bursts-rhel-56739.patch -Patch1020: 1020-cloud-setup-ensure-azure-places-primary-address-first-rhel-56386.patch +Patch1001: 1001-cloud-setup-allow-bigger-restart-bursts-rhel-56740.patch +Patch1002: 1002-cloud-setup-ensure-azure-places-primary-address-first-rhel-56387.patch +Patch1003: 1003-only-validate-sriov-capability-when-enabled-rhel-58397.patch +Patch1004: 1004-fix-bug-when-deactivating-port-connections-rhel-50747.patch +Patch1005: 1005-fix-validation-of-ovs-dpdk-interface-name-rhel-60022.patch Requires(post): systemd %if 0%{?fedora} || 0%{?rhel} >= 8 @@ -931,7 +917,8 @@ autoreconf --install --force --with-resolvconf=no \ --with-netconfig=no \ --with-config-dns-rc-manager-default=%{dns_rc_manager_default} \ - --with-config-logging-backend-default=%{logging_backend_default} + --with-config-logging-backend-default=%{logging_backend_default} \ + --disable-autotools-deprecation %make_build @@ -1318,74 +1305,84 @@ fi %changelog -* Fri Aug 30 2024 Fernando Fernandez Mancera - 1:1.46.0-19 -- Retry hostname resolutions when it fails (RHEL-55397) -- cloud-setup: allow bigger restart bursts (RHEL-56739) -- cloud-setup: Fix Azure primary and secondary address swap (RHEL-56386) - -* Tue Aug 20 2024 Fernando Fernandez Mancera - 1:1.46.0-18 -- Fix crash dereferencing NULL pointer during debug logging (RHEL-46200) -- Use /etc/hosts for hostname reesolution (RHEL-53202) - -* Tue Aug 13 2024 Wen Liang - 1:1.46.0-17 -- Unblock the autoconnect for children when parent is available (RHEL-53344) - -* Wed Jul 31 2024 Fernando Fernandez Mancera - 1:1.46.0-16 -- Revert OVS checkpoint rollback patches. -- Fix OVS stage3 activation without DHCP client initialized (RHEL-49799) - -* Thu Jul 25 2024 Fernando Fernandez Mancera - 1:1.46.0-15 -- Wait for link to be ready before activating ovs-interface (RHEL-49799) - -* Tue Jul 23 2024 Fernando Fernandez Mancera - 1:1.46.0-14 -- Fix OVS checkpoint rollback (RHEL-32646) - -* Fri Jun 28 2024 Beniamino Galvani - 1:1.46.0-13 -- Revert "Fix port reactivation when controller is deactivating" (RHEL-32646) - -* Thu Jun 27 2024 Íñigo Huguet - 1:1.46.0-12 -- Add ipcalc as dependency of NetworkManager-dispatcher-routing-rules (RHEL-43583) - -* Mon Jun 24 2024 Íñigo Huguet - 1:1.46.0-11 -- Handle hint's tags from VPN secrets in the daemon (RHEL-44712) - -* Mon Jun 17 2024 Fernando Fernandez Mancera - 1:1.46.0-10 -- Support IPv6 in IPSec VPN (RHEL-28544) +* Thu Dec 26 2024 Sergey Cherevko - 1:1.48.10-3.inferit +- Update to 1.48.10-3 + +* Tue Nov 12 2024 Beniamino Galvani - 1:1.48.10-3 +- Only validate the SR-IOV device capability when SR-IOV is enabled (RHEL-58397) +- Fix bug when deactivating port connections (RHEL-50747) +- Fix validation of ovs-dpdk interface name (RHEL-60022) + +* Fri Aug 30 2024 Fernando Fernandez Mancera - 1:1.48.10-2 +- cloud-setup: Allow bigger restart bursts (RHEL-56740) +- cloud-setup: Fix Azure swap of primary and secondary IP addresses (RHEL-56387) + +* Thu Aug 22 2024 Íñigo Huguet - 1:1.48.10-1 +- Unblock the autoconnect for children when parent is available (RHEL-46904) +- Fix crash produced by malformed LLDP package when debug logging (RHEL-46199) +- Support reapplying bridge-port VLANs (RHEL-26750) +- Add small backoff time before resync (RHEL-29902) + +* Fri Aug 09 2024 Fernando Fernandez Mancera - 1:1.46.8-1 +- Stop writing offensive terms into keyfiles (RHEL-52597) +- Remove offensive words (RHEL-33368) +- Fix cloned-mac-address race condition with DHCP on ovs-interfaces (RHEL-49796) + +* Fri Jul 26 2024 Fernando Fernandez Mancera - 1:1.48.6-1 +- Wait until link is ready before activating for ovs-interface (RHEL-49796) +- Fix rollback on OVS checkpoint (RHEL-31972) +- Assert that the auto-activate list is empty on dispose (RHEL-44345) + +* Fri Jul 05 2024 Stanislas Faye 1:1.48.4-1 +- Update to 1.48.4 release +- Support matching a OVS system interface by MAC address (RHEL-34617) +- When looking up the system hostname from the reverse DNS lookup of + addresses configured on interfaces, NetworkManager now takes into + account the content of /etc/hosts (RHEL-33435) + +* Thu Jun 27 2024 Íñigo Huguet 1:1.48.2-2 +- Add ipcalc as dependency of NetworkManager-dispatcher-routing-rules (RHEL-36648) + +* Mon Jun 24 2024 Beniamino Galvani 1:1.48.2-1 +- Update to 1.48.2 release +- Save connection timestamps when shutting down (RHEL-35539) +- Fix regression with OpenVPN dynamic challenge (RHEL-43720) * Thu Jun 13 2024 Sergey Cherevko - 1:1.46.0-8.inferit - Update to 1:1.46.0-8 -* Sat Jun 01 2024 Fernando Fernandez Mancera - 1:1.46.0-9 -- Fix port reactivation when controller is deactivating (RHEL-32646) +* Thu May 30 2024 Lubomir Rintel - 1:1.48.0-1 +- Upgrade to 1.48.0 release -* Thu May 23 2024 Beniamino Galvani - 1:1.46.0-8 -- Preserve in-memory state of connections after checkpoint/rollback (RHEL-32493) +* Thu May 16 2024 Lubomir Rintel - 1:1.47.91-1 +- Upgrade to 1.47.91 (rc2) -* Tue May 14 2024 Íñigo Huguet - 1:1.46.0-7 -- Fix CPU usage of 100% when updating routes cache (RHEL-36162) +* Fri May 03 2024 Fernando Fernandez Mancera - 1:1.47.90-1 +- Upgrade to 1.47.90 (rc1) * Wed May 1 2024 Arkady L. Shane - 1:1.46.0-4.inferit - Implemented connectivity checking via MSVSphere infrastructur -* Mon Apr 08 2024 Fernando Fernandez Mancera - 1:1.46.0-6 -- Rebuild because build must go on 0day not 9.4.0 +* Fri Apr 19 2024 Íñigo Huguet - 1:1.47.5-1 +- Fix a crash during shutdown (RHEL-29856) -* Fri Apr 05 2024 Fernando Fernandez Mancera - 1:1.46.0-5 -- Fix LLDP for OVS Bridge ports (RHEL-31766) +* Fri Apr 05 2024 Fernando Fernandez Mancera - 1:1.47.4-1 +- Fix LLDP support for interfaces attached to OVS bridges. (RHEL-1418) +- Fix NMCI crashes on ovs_mtu and bond tests. (RHEL-30348) -* Tue Mar 26 2024 Beniamino Galvani - 1:1.46.0-4 -- Fix nm-dispatcher crash (RHEL-28973) -- Fix race condition while enumerating devices (RHEL-25808) +* Wed Apr 03 2024 Fernando Fernandez Mancera - 1.47.3-2 +- Rebuild for CI gating -* Fri Mar 22 2024 Fernando Fernandez Mancera - 1:1.46.0-3 -- Upgrade release number to build with the right target +* Tue Mar 26 2024 Gris Ge - 1.47.3-1 +- Upgrade to 1.47.3 release (development) +- Support rollback on global DNS (RHEL-23446) +- Support VLAN over OVS interface which holds the same name as OVS bridge (RHEL-26753) -* Wed Mar 20 2024 Fernando Fernandez Mancera - 1.46.0-2 -- Drop PrivateUser directive from nm-cloud-setup service (RHEL-27503) -- Support rollback on global DNS (RHEL-29725) -- Do not allow OVS bridge or port to be parent (RHEL-28545) +* Fri Mar 08 2024 Íñigo Huguet +- Update to 1.47.2 release (development) +- Support sending DHCPRELEASE (RHEL-17310) -* Thu Feb 22 2024 Stanislas FAYE - 1.46.0-1 +* Thu Feb 22 2024 Stanislas FAYE - Update to 1.46.0 release - Fix DHCPv4 lease can't be renewed after it expires (RHEL-24127) - Support the MACsec offload mode (RHEL-24337)