The carrier signal might be delayed a bit, so if we're creating
the device as a result of activating a connection, make sure the
carrier is up-to-date so we can proceed with activation.
Single quotes ensure we don't break initscripts (bash processing) when the
string contains special characters. Special handling is necessary for single
quotes characters. They have to be escaped and the whole string has to be
prepended with '$' character so that bash is happy.
This change also filters out CR and LF characters as they break WPA_PSK
variable and could pose security issues.
"InfiniBand" has a capital "B". Fix that everywhere it's being used as
a human-readable string.
In particular, the RH initscripts recognize "TYPE=infiniband" and
"TYPE=InfiniBand", but not "TYPE=Infiniband", which is what we were
writing before.
For virtual interfaces and other cases we won't necessarily have
a device path, which means clients will be passing "/" instead.
Fix that up the same way we fix up the specific object.
We can't guarantee the ordering of devices that udev sends to us
on startup. Thus, a VLAN interface could be sent before its
parent is, and we won't be able to find the parent in the device
list. But that's fine; all parents will be detected during the
first pass, and we silently fail the VLAN interface. Then we
do a second pass where any remaining VLAN interfaces will be
created because we found the parents during the first pass.
There's both nl_addr_set_prefixlen() to set the binary address's
prefix length and rtnl_addr_set_prefixlen() to set the container
RTNL address's prefix length. When the addresses come in from
the kernel these are the same, but when sending addresses to
the kernel, NM wasn't setting them to the same thing. Do that,
since apparently libnl wants that when matching addresses in
nm-system.c:sync_addresses() here:
if (addrs[i] && nl_object_identical (match, (struct nl_object *) addrs[i]))
break;
otherwise the kernel addres (match) doesn't match the NM-derived
address (addrs[i]) that we got from the IP6Manager when reading
back kernel IPv6 addresses in response to netlink events.
Because the supplicant doesn't have a BSS property for "last seen"
we have to fake that by listening to PropertiesChanged events for
stuff like signal strength, which usually changes a bit from scan
to scan. But in case it doesn't change, we'll never get that PC
signal, and thus we'll never update our internal 'last seen'
timestamp, and thus the AP will get removed from the NM scan list
even if it was in the supplicant's last scan results.
So, if the AP if we haven't receieved a BssRemoved signal for the
AP yet don't remove it from the NM scan list. One caveat is that
if the supplicant's DEFAULT_BSS_EXPIRATION_AGE value is greater
than NM's AP expiration age, NM will by consequence use the
supplicant's value instead. At the moment the supplicant sets
DEFAULT_BSS_EXPIRATION_AGE to 180 seconds while NM's is 360.
The function documents that it returns FALSE if idx is out of range,
so don't g_return_val_if_fail() in that case.
Also, free the return value from g_hash_table_get_keys().
When we want to change the zone an interface belongs to
we can't use firewalld's addInterface() because this one
doesn't allow to add interface to zone when it already
has been part of some other/same zone.
We need to use changeZone() method instead - hopefuly
this is the final name of this method.
Drop --strict-order; dnsmasq is intelligent enough to ask nameservers in
an order that makes the best of possibly slow nameservers (or broken ones),
and interrogating them in strict order breaks this.
Add --no-hosts: by default dnsmasq will read /etc/hosts as a list of things
to resolve statically; this is something we want to avoid as nsswitch.conf
already lists files as the first data store to look at; where the entries
in /etc/hosts will already have been returned if that's what the user wants
to see. If the /etc/hosts file then changes, dnsmasq would have to be restarted
before the user would get the new value resolved externally. Avoid this, let
/etc/hosts override DNS entries normally through the resolver and show
changes as soon as the file is updated.
Otherwise if another connection was subsequently activated on a
bond interface, and didn't specify all options, ones set for the
previous connection could stay set for the new connection.
Since the options are a hash table now there wasn't any way to
determine what options were allowed and what their default values
are. Add some functions to do that.
We already have the master device kept in the active connection, so
we can just use that instead of having the Policy determine and set
it manually. This also should allow slaves to auto-activate their
master connections if the master is able to activate.
Virtual devices that we might create when their slave is started
(like bonds) have a virtual carrier that often isn't set on when
until the device is brought up. The device is brought up during
creation, but the initial carrier check happens before the device
is up, so the initial carrier state from the constructor isn't
quite accurate in some cases.
Since we want to use virtual interfaces that we create right after
we create them, we want them to be available too, and that usually
requires the carrier to be on. So recheck the carrier right after
bringing the interface up, so that the carrier state is accurate
immediately after the device is created.
Track a master active connection and emit wait/ready/fail when
it changes state. This signal is intended for devices to
delay their activation until a master device is ready.
This function used to be used only from activation paths, so it
was fine to assert there because we always expected that there
would be an activation request. These days we'd like to use it
in more places, so just return NULL if there's no connection.
They are the basic class that tracks active connections, and we're
going to use them for connection dependencies. So use the fact that
both NMVPNConnection and NMActRequest have the same base class
instead of using object paths.
Many different interface types can support VLANs, including
Infiniband, WiFi, etc. So we have to create a new device class
for them instead of keeping the support in NMDeviceEthernet.
We'll want to eventually match (for VLAN) a given hardware address
that's not the device's hardware address. Only the device itself
knows which NMSetting should contain it's hardware address (ie
the 'wired' setting for NMDeviceEthernet, 'infiniband' for
NMDeviceInfiniband, etc) and VLANs take their hardware address
from the parent interface. So eventually we'll have VLAN
interfaces use these new arguments to ask their parent interface
to match the VLAN hardware address in a connection, since the
VLAN doesn't know (or need to know) what kind of interface it
really is underneath.
