Derived classes should not modify or overwrite this essential behavior
of can_auto_connect(). It doesn't belong to the virtual function.
(cherry picked from commit 715aebe08a)
Currently the ifcfg-rh plugin doesn't explicitly store the connection
type for team slaves and is only able to read back ethernet and vlan
connections.
Leave this unchanged for ethernet and vlan slaves, but store the TYPE
variable for other connection types (Wi-Fi and Infiniband) so that we
can properly determine their type when the connection is read.
(cherry picked from commit 29a576496e)
Insert the new gateway at the end when it has the least preference.
Fixes the following runtime error:
src/ndisc/nm-ndisc.c:204:_ASSERT_data_gateways: assertion failed:
(_preference_to_priority (item_prev->preference) >=
_preference_to_priority (item->preference))
Change the activation procedure for connections that require secrets
in the following way:
- nmcli creates a secret-agent and leaves it disabled so that
incoming requests are queued
- nmcli calls ActivateConnection()
- when the method returns success, the secret-agent gets enabled and
all queued requests are processed
When the user activates a connection which is already auto-activating,
NM will deactivate the current active-connection and will call
CancelGetSecrets() for it before the new ActivateConnection()
returns. In this way, when the secret-agent is enabled by nmcli, we
have the guarantee that there aren't any queued requests for
the deactivating connections.
https://bugzilla.redhat.com/show_bug.cgi?id=1438476
`systemctl start network-online.target` should suffice to start
"NetworkManager.service".
That would work because
- "network-online.target" has "Wants=NetworkManager-wait-online.service"
- "NetworkManager-wait-online.service" has "Require=NetworkManager.service".
But previously, "NetworkManager-wait-online.service" would just
fail with missing dependency.
See also https://github.com/systemd/systemd/pull/6065 which does the
same for networkd's wait-online serice, and see rh#1452866 for a
use-case.
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1452866
Don't compile ovs support when the RPM is built --without=ovs, to fix
the following error:
error: Installed (but unpackaged) file(s) found:
/usr/lib/systemd/system/NetworkManager.service.d/NetworkManager-ovs.conf
/usr/lib64/NetworkManager/libnm-device-plugin-ovs.so
/usr/share/man/man7/nm-openvswitch.7.gz
Fixes: 830a5a14cb
The number of authentication retires is useful also for passwords aside
802-1x settings. For example, src/devices/wifi/nm-device-wifi.c also has
a retry counter and uses a hard-coded value of 3.
Move the setting, so that it can be used in general. Although it is still
not implemented for other settings.
This is an API and ABI break.
Some cleanup of handling autoconnect behavior.
The introduction of NMSetting8021x:auth-retries property,
changes behavior in that password retries are no longer
controlled by NMSettingConnection:autoconnect-retries property.
https://bugzilla.redhat.com/show_bug.cgi?id=1401515
Only NMPolicy should be concerned with handling autoconnect, and
blocking it.
Move the code. Note that there is a slight possible change in
behavior, as the order of when the connection is blocked changes,
based on the different times when the device changed signal gets
executed. But that shouldn't be a problem.
Since commit 4a6fd0e83e (device: honor the
connection.autoconnect-retries for 802.1X) and the related bug bgo#723084,
we reuse the autoconnect-retries setting to control the retry count
for requesting passwords.
I think that is wrong. These are two different settings, we should not
reuse the autoconnect retry counter while the device is still active.
For example, the user might wish to set autoconnect-retries to infinity
(zero). In that case, we would retry indefinitly to request a password.
That could be problematic, if there is a different issue with the
connection, that makes it appear tha the password is wrong.
A full re-activation might succeed, but we would never stop retrying
to authenticate. Instead, we should have two different settings for
retrying to authenticate and to autoconnect.
This is a change in behavior compared to 1.8.
It has almost no callers, and it is a bit of a strange API. Let's
not cache the last accessed value inside NMConfigData. Instead, free
it right after use. It was not reused anyway, it only hangs around
as convenience for the caller.
Names like
- nm_settings_connection_get_autoconnect_retries
- nm_settings_connection_set_autoconnect_retries
- nm_settings_connection_reset_autoconnect_retries
are about the same thing, but they are cumbersome to grep
because they share not a common prefix.
Rename them from SUBJECT_VERB_OBJECT to SUBJECT_OBJECT_VERB,
which sounds odd in English, but seems preferred to me.
Now you can grep for "nm_settings_connection_autoconnect_retries_" to
get all accessors of the retry count, or "nm_settings_connection_autoconnect_"
to get all accessors related to autoconnect in general.
Since 32b3eb1181 [core: merge IPv4 and IPv6 implementation of
nm_utils_ip4_property_path()], nm_utils_sysctl_ip_conf_path() introduced
in cd271d5cb1 [core: add nm_utils_sysctl_ip_conf_is_path() util] is used to
cunstruct sysctl paths and it is way less tolerant towards using something
that is not an interface name in the path.
It's always been incorrect to assume the ifname is a linux link name and
it resulted it ugly, if benign, sysctl access attempts such as
"/sys/class/net/28:B2:BD:5D:23:AB/phys_port_id" etc.
Now it triggers an assertion failure. Let's guard all such accesses.
Fixes: 32b3eb1181
Fixes: cd271d5cb1
When the ifcfg-rh plugin writes a 802-1x setting it currently ignores
the password-raw property and so the password disappears when the
connection is saved. Add support for the property.
Normalizing can be complicated, as settings depend on each other and possibly
conflict.
That is, because verify() must exactly anticipate whether normalization will
succeed and how the result will look like. That is because we only want to
modify the connection, if we are sure that the result will verify.
Hence, verify() and normalize() are strongly related. The implementation
should not be spread out between NMSettingOvsInterface:verify(),
NMSettingOvsPatch:verify() and _normalize_ovs_interface_type().
Also, add some unit-tests.
