This patch adds the settings code (NMSettingAdsl) and the initial
"scaffolding" i.e., a tiny stub version of NMDeviceAdsl and the
udev handler code to get the device detected.
With this patch you should be able to see an atm device being detected
by networkmanager in the logs, although of course it doesn't
do anything useful yet.
Extract from the logs:
[1304668252.341354] [nm-udev-manager.c:562] adsl_add(): adsl_add: ATM Device detected from udev. Adding ..
(ueagle-atm0): failed to look up interface index
(ueagle-atm0): new ADSL device (driver: 'ueagle-atm' ifindex: -1)
(ueagle-atm0): exported as /org/freedesktop/NetworkManager/Devices/2
(ueagle-atm0): now managed
(ueagle-atm0): device state change: unmanaged -> unavailable (reason 'managed') [10 20 2]
(ueagle-atm0): deactivating device (reason: 2).
[1304668252.345102] [nm-system.c:1349] flush_routes(): (ueagle-atm0) failed to lookup interface index
[1304668252.347821] [nm-device.c:3912] nm_device_state_changed(): (ueagle-atm0): device is available,
In this version, we hack the nm-device.c:nm_device_get_priority() to get better priority
instead of changing the DeviceType enum.
Signed-off-by: Pantelis Koukousoulas <pktoss@gmail.com>
Since the options are a hash table now there wasn't any way to
determine what options were allowed and what their default values
are. Add some functions to do that.
Add documentation so the API spec generator can do something
for the VLAN setting. Also enforce validation of the ingress
and egress priority maps; 802.1D priorities are limited to
values from 0 - 7 and Linux SKB values are 32 bits.
Also, the 'slave' property is a duplicate of the 'master'
property added to NMSettingConnection in the bonding work
so we can get rid of it and use 'master' instead.
Removes all bonding options properties and adds a "options" dict to hold
them all. Accessible via accessor functions. ifcfg interface is
unchanged.
Signed-off-by: Thomas Graf <tgraf@redhat.com>
Rather than generating enum classes by hand (and complaining in each
file that "this should really be standard"), use glib-mkenums.
Unfortunately, we need a very new version of glib-mkenums in order to
deal with NM's naming conventions and to fix a few other bugs, so just
import that into the source tree temporarily.
Also, to simplify the use of glib-mkenums, import Makefile.glib from
https://bugzilla.gnome.org/654395.
To avoid having to run glib-mkenums for every subdirectory of src/,
add a new "generated" directory, and put the generated enums files
there.
Finally, use Makefile.glib for marshallers too, and generate separate
ones for libnm-glib and NetworkManager.
Some connection types such as bonding, bridging and VLAN require
specific virtual kernel interfaces identified by name to be auto
connected to the connection.
The function nm_connection_get_virtual_iface_name() returns the name
of the kernel interface if the connection type requires this
functionatlity.
Each connection base type settings class can implement the function
get_virtual_iface_name() if the connection needs to be auto connected
to a specific kernel interface.
Signed-off-by: Thomas Graf <tgraf@redhat.com>
In cases where the actual password is non-ASCII, it may not be
possible to deliver the 802.1x password as a D-Bus string. Instead
provide an alternate field holding the password as a byte array.
In cases where both a password and password-raw are supplied,
password is preferred.
nm_utils_hwaddr_ntoa() and nm_utils_hwaddr_aton() are like
ether_ntoa()/ether_aton(), but handle IPoIB too.
nm_utils_hwaddr_atoba() is like _aton() but returns a GByteArray,
since that's what's wanted in many places.
Also remove nm_ether_ntop() and replace uses of it with
nm_utils_hwaddr_ntoa().
Adds a MASTER= directive to ifcfg-rh allowing a connection to define
itself as bonding slave.
Adds a connection property "master" which contains the in-kernel device
name or UUID of the master connection.
Adds a connection property "slave-type" which defines the type of slave
this connection represents. Currently this is only set by bonding but
eventually this will be used by VLAN and bridging.
Enforces that no bonding slave connection has any IPv4 or IPv6
configuration set.
Changes make_ip4_setting() to take a universal flag indicating whether
to allow disabling ip4 config or not and use it for both, ip6 and
bonding special case.
Signed-off-by: Thomas Graf <tgraf@redhat.com>
Introduced a new TYPE=bond for ifcfg-rh configuration files.
Alternatively BONDING_MASTER=yes can be specified instead of
setting the type explicitely to maintain backwards compatibility
with existing configuration files.
Bonding device files require a DEVICE= line to be present which
specifies the virtual bonding interface in the kernel. We do not
allow auto-generation of the name in order to keep confusion to
a minimum when reusing existing bonding interfaces.
The BONDING_OPTS= parameter can be used to specify various bonding
related options, such as:
- mode
- miimon
- updelay
- downdelay
- arp_interval
- arp_ip_target
By default, the NMSettingBond class uses a miimon value of 100 which
seems like a sensible default value for 99% of all configurations.
If this is not suitable, an arp_ip_target needs to be specified
manually.
A writer is not yet implemented.
Changes v2:
- renamed DeviceName property to InterfaceName
- moved code to validate device name to dev_valid_name() for future use
Signed-off-by: Thomas Graf <tgraf@redhat.com>
Adds a helper nm_connection_is_type(connection, type) which returns TRUE
if a connection is of specified type.
Signed-off-by: Thomas Graf <tgraf@redhat.com>
Includes subject_match and phase2_subject_match (string) parameters,
and altsubject_matches and phase2_altsubject_matches (list of string)
parameters.
subject_match is matched against a substring of the subject from the
certificate presented by the remote authentication server. If this
option is unset, no subject verification is performed.
altsubject_matches are each tested against the alternate subject name
(altSubjectName) of the certificate presented by the remote
authentication server. If this option is unset, no verification of the
altSubjectName is performed.
What we want to do here is keep separate caches of system and
agent secrets. For system secrets, we cache them because NM
periodically clears secrets using nm_connection_clear_secrets() to
ensure they don't stay around in memory, and that transient secrets
get requested again when they are needed. For agent secrets, we
only want them during activation, but a connection read from disk
will not include agent secrets becuase by definition they aren't
stored in system settings along with the connection. Thus we need
to keep the agent/transient secrets somewhere for the duration of
the activation to ensure they don't get deleted.
This removes the copy-back hack in update_auth_cb() which copied
agent/transient secrets back into the connection over top of the
transient secrets that had been copied back in
nm_settings_connection_replace_settings(). No reason to copy
them twice if we keep an agent/transient secrets hash and do
the right thing with it.
"mac-address-blacklist" property is added to the ethernet and WiFi connections.
It is the MAC addresses list of devices on which the connection won't be
activated.
Original patch (NM_0_8 branch) from Thomas Bechtold <thomasbechtold@jpberlin.de>
The current check caught stuff in the .ver file that was outdated, but
didn't quite get stuff that was supposed to be exported but wasn't,
in some cases. Update the regex to ensure that symbols that are
not exported, but that start with "nm_" (and aren't GObject
boilerplate) get flagged during the check.
Update internal code to return to a previous pattern of treating symbols
that start with "_" internal, and expecting symbols that start with
"nm_" to be exported.
Also fixes cases where random glibc symbols would get flagged:
00040ff4 l O *ABS* 00000000 .hidden _GLOBAL_OFFSET_TABLE_
00041380 l O .data 00000000 .hidden __dso_handle
000406e8 l O .dtors 00000000 .hidden __DTOR_END__
0000fbe4 l F .text 00000000 .hidden __i686.get_pc_thunk.cx
0002f980 l F .text 00000014 .hidden __stack_chk_fail_local
0000b1e7 l F .text 00000000 .hidden __i686.get_pc_thunk.bx
00040e60 l O *ABS* 00000000 .hidden _DYNAMIC
This allows the necessary flexibility when handling secrets; otherwise
it wouldn't be known when NM should save secrets returned from agents
to backing storage, or when the agents should store the secrets. We
can't simply use lack of a secret in persistent storage as the indicator
of this, as (for example) when creating a new connection without
secrets the storage method would be abmiguous.
At the same time, fold in "always ask" functionality for OTP tokens
so user agents don't have to store that attribute themselves out-of-band.
Add the necessary annotations (the mininum required, that is those
on return values. NULL parameters or container types may require
more), and the Autotools stuff to get a NetworkManager GIR for
libnm-util and a NMClient for libnm-glib.
Presently, when automatic connecting fails, the connection is marked
as invalid and is not retried again. This commit adds a configuration
parameter to specify how many times the connection should be re-tried.
Groups may come later, but they are also quite a bit more complicated
because getting the groups a user is in may require network access
if that user is backed by LDAP. And it gets worse because you have
no idea that the glibc calls like getgrouplist(3) are backed by
the network and may take an arbitrary amount of time to complete.
Punt that.
Remove code related to "connection scope" and such. Later, we will also
do lots of code flattening and simplification that's possible now that
user settings are gone.
There are so many... so handle them as a table of key/value pairs
instead of having separate functions for each one. At the moment
nothing but subchannels is used internally, but this allows plugins
to preserve options that NM doesn't care about when reading/writing
system configuration.
