libnl3 wants a destination address when setting a route, so just hand
it '::' with a address len of 0 so we don't get -NLE_MISSING_ATTR
when trying to set the IPv6 default route.
We need to set the interface's firewall zone before we kick off
any sort of IP configuration, so that rules for stuff like
DHCP are already handled by the time that these services are started.
Bindings (like GObject Introspection) almost always create objects
using g_object_new() by default and don't use our helper functions
like nm_client_new(). Thus we need to make sure that if the
object is created in that way, any property accesses or functions
that return properties ensure that the object is fully initialized,
which is what the _new() functions were supposed to do. In one
case in NMClient that was missing (getting active connections)
and wasn't happening at all in NMRemoteSettings, which are our two
entry points into libnm-glib.
This allows this python+GI sequence to return the expected active
connection list:
from gi.repository import NMClient
nmclient = NMClient.Client(dbus_path='/org/freedesktop/NetworkManager')
active = nmclient.get_active_connections()
print(active)
where previously it returned an empty list because the NMClient
wasn't fully initialized by the time nm_client_get_active_connections()
was called.
With the switch to IPv4 being allowed to fail by default we need
to clean up this old code a bit. PPP failure during IP config
should trigger a timeout, and the core code will handle whether
to fail the device completely or not. But if we got a valid IPv4
config and PPP failed later, the device gets failed. Previously
the device would just sit in IP_CONFIG state because now IPv4
defaults may-fail to TRUE, and when PPP failed the
nm_device_ip_config_should_fail() check would obviously not pass.
This should fix the warning "failed to allocate link cache" when a
new device is added. It doesn't affect WiFi operation, and the
code would fall back to non-nl80211 mechanisms of detecting whether
a device was wifi or not, so it corrects this check and quiets the
error message.
The kernel is broken for Ad-Hoc WPA, and creates the connections
as open connections instead. Yeah, eventually we can use
wpa_supplicant with RSN support, but for now we just have to
disable Ad-Hoc WPA because it's a problem to say we're creating
a protected network but then have the kernel not do that for
us. Will be re-enabled once all the necessary bits have been
fixed.
Note that Ad-Hoc WPA has been broken since at least 2.6.32 with
mac80211-based drivers, which is what most users will be using.
It is currently not possible to create a connection where the
connection-type-specific NMSetting has all default values. This hasn't
been a problem in the past because each type had at least one property
that either had no default value or had a default value that didn't
pass verify(). But NMSettingInfiniband didn't have that property, so
it's impossible to create an InfiniBand connection unless you change
the value of at least InfiniBand-specific setting.
Work around this for now by making the default value of
NMSettingInfiniband:transport-mode be NULL, so it needs to be
overridden.
Like IPv4, if the connection contains no IPv6 setting, perform
IPv6 addressing. Since may-fail defaults to TRUE for IPv6, failure
should have no consequence.
Add nm_device_connection_compatible() that returns an error when it fails.
nm_device_connection_valid() does the same work except it doesn't set GError.
This will allow DNSSEC data to be visible in browsers, which would otherwise
not be the case by default because of dnsmasq acting as a middle-man for
resolution.
Otherwise, we have a regression from the libc resolver behavior.
When using the either DHCP or STATIC IpMethods the modem manager
or device itself negotiates the PPP session so we need to pass
the authentication preferences through to MM.
Notes:
1/ Using a bitfield now that happens to match the Ericsson
in the lower orders so that it's far more tidy.
2/ Devices that wish to utilise this should observe the
following:
If the bitfield doesn't exist in the dict, then MM uses the
modem default, if it does, MM tries to fulfill the request. If the
modem can only accept one value (Qualcomm-type devices accept only
None, PAP or CHAP with AT$QCPDPP) then MM picks the appropriate one
from the dict if only one of PAP or CHAP was given, otherwise we
default to PAP.
(dcbw: make enum a bitfield instead of the bit position)
(comments by dcbw)
This allows out-of-the-box connectivity on IPv6-only networks.
Once caveat is that connections where the user currently
expects no IPv4 connectivity to terminate the connection and
retry will no longer do so until IPv6 also times out, and if
that network where IPv4 is expected to fail also has an IPv6
router sending advertisements, the connection will succeed
instead of failing. That can be resolved by setting the
right bit in the connection's config file; and it's expected
that the number of users who expect IPv4 failure on a
network with usable IPv6 connectivity is quite small
compared to the benefit of OOB IPv6 connectivity.
Make the meaning of done actually reflect what's happening,
and make sure that when we get an error in the error handler,
that the processing loop breaks out and returns that error.
This wasn't happening for Ad-Hoc connections, which apparently
return various errors for things, leading to blocking in
recv() in the kernel waiting for more data that would never
come, because we'd already gotten an error.
Since all.xml is a built file these days, and will contain paths
relative to $(top_srcdir)/introspection even though it's not in
that directory, it seems we need to clue xsltproc into where the
other API XML files really are.
Carrier checking can be synchronous, like when bringing up the device.
If the carrier changes as a result of the sync carrier state checking,
the code might change state. Unfortunately brining up a device
happens in response to a state change already, and we can't change
state from within handlers for the device state change signal, so
we need to queue up the new state change that results from a
carrier change.
First: object creation requests get triggered each time a property
that refers to the object is read. That can happen from a couple
of places around the same time (like initialization) and to be
expected. But when those requests are processed (after we've
determined the type of object to create) a previous request may
have already created the object. If that's the case don't create
a duplicate.
Second: properties can also be updated from a few places which
don't know about each other (from both regular code and the
"pseudo property" signal handlers) so when adding objects to
array properties, make sure the object hasn't already been
added to that array.
The crash happens with ipw2200, kernel 3.2.0 when a user tries to connect
to a hidden network using nm-applet.
g_assert (have_ap); is hit in 'case NMU_SEC_STATIC_WEP:' branch.
Reported by Mathieu Trudel-Lapierre.
See also:
(lp:908516)
(lp:908380)
Active Device objects held a reference to their ActiveConnection
which also held a reference back to the Device. Ensure that's
broken so everyone can get disposed correctly.
When NM was registering all of its enum types by hand, it was using
NamesLikeThis rather than the default names-like-this for the "nick"
values. When we switched to using glib-mkenums, this resulted in
dbus-glib using different strings for the D-Bus error names, causing
compatibility problems.
Fix this by using glib-mkenums annotations to manually fix all the
enum values back to what they were before. (This can't be done in a
more automated way, because the old names aren't 100% consistent. Eg,
"UNKNOWN" frequently becomes "UnknownError" rather than just
"Unknown".)
Ifnet currently does not deal with user agent service. Any connection
that comes with flagged secrets or is not system connection will be
ignored by the plugin. Thanks to David Narvaez for his great help on
this problem.
Would affect non-nl80211 drivers since all nl80211 drivers have the
phyX link in sysfs and thus this code wouldn't get run for them.
Found by Dmitri <mitya@mageia.org>
Clarify how we're supposed to break out of the nl_recvmsgs() loop
and also break out if we get an error from nl_recvmsgs(). What's
supposed to happen is that one of the callbacks we've registered
figures out that we're done and sets the 'done' flag, which then
breaks out of the recvmsgs() loop. Using 'err' there previously
was pretty unclear.
This reverts commit 84403ab84a.
It appears we want to loop until one of the callback says we're
done, while this patch would exit too early (possibly before we'd
received a reply) since nl_recvmsgs() returns 0 on success. What
we really want do do here is wait for one of the callbacks we've
registered to tell us that they've successfully handled the message
and gotten a reply.
