Some connection types such as bonding, bridging and VLAN require
specific virtual kernel interfaces identified by name to be auto
connected to the connection.
The function nm_connection_get_virtual_iface_name() returns the name
of the kernel interface if the connection type requires this
functionatlity.
Each connection base type settings class can implement the function
get_virtual_iface_name() if the connection needs to be auto connected
to a specific kernel interface.
Signed-off-by: Thomas Graf <tgraf@redhat.com>
ether_aton() allows addresses like "0:1:2:3:4:5" which was casusing
some problems when reading connections after switching callers of
ether_aton() to nm_utils_hwaddr_aton().
In cases where the actual password is non-ASCII, it may not be
possible to deliver the 802.1x password as a D-Bus string. Instead
provide an alternate field holding the password as a byte array.
In cases where both a password and password-raw are supplied,
password is preferred.
nm_utils_hwaddr_ntoa() and nm_utils_hwaddr_aton() are like
ether_ntoa()/ether_aton(), but handle IPoIB too.
nm_utils_hwaddr_atoba() is like _aton() but returns a GByteArray,
since that's what's wanted in many places.
Also remove nm_ether_ntop() and replace uses of it with
nm_utils_hwaddr_ntoa().
Adds a MASTER= directive to ifcfg-rh allowing a connection to define
itself as bonding slave.
Adds a connection property "master" which contains the in-kernel device
name or UUID of the master connection.
Adds a connection property "slave-type" which defines the type of slave
this connection represents. Currently this is only set by bonding but
eventually this will be used by VLAN and bridging.
Enforces that no bonding slave connection has any IPv4 or IPv6
configuration set.
Changes make_ip4_setting() to take a universal flag indicating whether
to allow disabling ip4 config or not and use it for both, ip6 and
bonding special case.
Signed-off-by: Thomas Graf <tgraf@redhat.com>
Introduced a new TYPE=bond for ifcfg-rh configuration files.
Alternatively BONDING_MASTER=yes can be specified instead of
setting the type explicitely to maintain backwards compatibility
with existing configuration files.
Bonding device files require a DEVICE= line to be present which
specifies the virtual bonding interface in the kernel. We do not
allow auto-generation of the name in order to keep confusion to
a minimum when reusing existing bonding interfaces.
The BONDING_OPTS= parameter can be used to specify various bonding
related options, such as:
- mode
- miimon
- updelay
- downdelay
- arp_interval
- arp_ip_target
By default, the NMSettingBond class uses a miimon value of 100 which
seems like a sensible default value for 99% of all configurations.
If this is not suitable, an arp_ip_target needs to be specified
manually.
A writer is not yet implemented.
Changes v2:
- renamed DeviceName property to InterfaceName
- moved code to validate device name to dev_valid_name() for future use
Signed-off-by: Thomas Graf <tgraf@redhat.com>
Adds a helper nm_connection_is_type(connection, type) which returns TRUE
if a connection is of specified type.
Signed-off-by: Thomas Graf <tgraf@redhat.com>
Includes subject_match and phase2_subject_match (string) parameters,
and altsubject_matches and phase2_altsubject_matches (list of string)
parameters.
subject_match is matched against a substring of the subject from the
certificate presented by the remote authentication server. If this
option is unset, no subject verification is performed.
altsubject_matches are each tested against the alternate subject name
(altSubjectName) of the certificate presented by the remote
authentication server. If this option is unset, no verification of the
altSubjectName is performed.
What we want to do here is keep separate caches of system and
agent secrets. For system secrets, we cache them because NM
periodically clears secrets using nm_connection_clear_secrets() to
ensure they don't stay around in memory, and that transient secrets
get requested again when they are needed. For agent secrets, we
only want them during activation, but a connection read from disk
will not include agent secrets becuase by definition they aren't
stored in system settings along with the connection. Thus we need
to keep the agent/transient secrets somewhere for the duration of
the activation to ensure they don't get deleted.
This removes the copy-back hack in update_auth_cb() which copied
agent/transient secrets back into the connection over top of the
transient secrets that had been copied back in
nm_settings_connection_replace_settings(). No reason to copy
them twice if we keep an agent/transient secrets hash and do
the right thing with it.
The core problem was that the Update would trigger a write to
disk to save the connection's new settings, which called
nm_settings_connection_replace_settings(). Which saved existing
transient (agent/unsaved) secrets, replaced settings with the
new ones from Update(), then copied back the old transient
secrets. This was to ensure that changes triggered from getting
agent secrets during activation (which might write the connection
out to disk if new system secrets were provided, which triggered
an inotify read-back of the connection, which blew away the
transient secrets just returned from the agent) didn't blow away
transient secrets. Unfortunately that fix was too general.
As a quick hack for now, copy the new secrets and re-apply them
after nm_connection_replace_settings() has run. We'll do the
actual fix later, but it's more involved and needs more testing
so we don't want to apply it this close to release.
Allow IPv6 connections to fail by changing the default value of the may-fail
property for ipv6 settings to TRUE.
This makes sure connections created manually using nm-connection-editor
will default to having the "Require ..." checkbox unchecked; in other words,
IPv6 timing out will still allow the interface to be configured if
IPv4 succeeds.
The export check looks for symbols that begin with "nm_" (except
for GObject class stuff) which indicate that the symbol should be
exported. If the symbols is 'l' (local) as reported by objdump
that probably means we forgot to add it to the .ver file and it
really should be exported. nm_gvalue_dup() shouldn't be exported
though, so rename it such that it's obviously internal.
