In cases where the actual password is non-ASCII, it may not be
possible to deliver the 802.1x password as a D-Bus string. Instead
provide an alternate field holding the password as a byte array.
In cases where both a password and password-raw are supplied,
password is preferred.
The 802.1x password for MS-CHAPv2 can be up to 256 UCS-2 characters,
so we need to validate the password as UTF-8 to make sure we don't
reject valid passwords containing non-ASCII characters
Currently slaves only wait for the master device to be present. This is
insufficient, we want to wait for the master connection to be activated.
Signed-off-by: Thomas Graf <tgraf@redhat.com>
I only install libnl-3.2.3 on my system, and I met an error:
In file included from ../../src/nm-netlink-monitor.h:93:0,
from nm-vpn-connection.c:48:
../../src/nm-netlink-compat.h:210:5: error: "HAVE_LIBNL1" is not defined
../../src/nm-netlink-compat.h:210:20: error: "HAVE_LIBNL2" is not defined
make[5]: *** [libvpn_manager_la-nm-vpn-connection.lo] Error 1
Signed-off-by: Weiping Pan <wpan@redhat.com>
Revert the DEVICE and suffix bits for the connection name; there's
a few problems with this. It adds the DEVICE value for connections
regardless of what type they, even in cases where it's not hugely
useful (ie basic wired). We used to do this, but stopped doing it
because it has zero relevance to a large number of users. Instead,
the UI itself should do this where appropriate. That probably means
that 'nmcli' and other tools should give more information about
the components of a connection (like a slave device's master) and
GUI tools would show that in detailed connection information but
not in the at-a-glance status or tooltips. Second, if more
more advanced users wish this information to show up in the name
they can always set the name themselves, or name the ifcfg file
something like "ifcfg-bond1-slave-of-eth0" too.
nm_utils_hwaddr_ntoa() and nm_utils_hwaddr_aton() are like
ether_ntoa()/ether_aton(), but handle IPoIB too.
nm_utils_hwaddr_atoba() is like _aton() but returns a GByteArray,
since that's what's wanted in many places.
Also remove nm_ether_ntop() and replace uses of it with
nm_utils_hwaddr_ntoa().
We have to send agent-owned secrets to agents via SaveSecrets() D-Bus call for
newly created connections, the same way we do for connection updates.
Without the change secrets aren't saved for new created VPN connections,
only after a connection update.
Based on a patch for iw by Johannes Berg <johannes.berg@intel.com>
This simplifies the code quite a bit since we don't need
an nl_cache or nl_family anymore.
genl_ctrl_resolve() is available in libnl1.1, libnl2 and libnl3.
Cc: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Thomas Graf <tgraf@redhat.com>
Moves the logic of naming connections into its own function. Allows each
connection type to provide a "hard" prefix which will always be used.
Bonding uses this to prefix all bonding connections with "Bond".
If a DEVICE= line is available, append it to the end of connection name
for easier identification of the real device behind it.
Appends the suffix "[slave-of <MASTER>]" to all connections which are
configured as a slave of a bond.
Examples:
myName -> myName (eth0)
System eth0 -> System eth0
myName2 -> Bond myName2 (bond0)
System bond0 -> Bond bond0
myName -> myName (eth0) [slave-of bond0]
System eth0 -> System eth0 [slave-of bond0]
Signed-off-by: Thomas Graf <tgraf@redhat.com>
If the device's permanent MAC address is 'locally administered'
(ie, first byte | 0x02 != 0) then we don't want to lock the
connection to the device because it's likely a device that changes
it's MAC every hotplug due to driver bugs or the fact that some
devices don't store their MAC in EEPROM anyway.
If the interface has no IP configuration (bond slave, etc) then
it still needs to get activated too. Previously the code would
only move to ACTIVATED when the first IP method completed, but
since slaves don't do IP config, they never got to ACTIVATED
state.
Adds a new function nm_system_apply_bonding_config() which applies
the parameters specified in the NMSettingBond object via sysfs.
Calls that function after creating/updating the bonding master
device.
If a parameter is not specified in the ifcfg the parameter will be
re-initialized to the default value. This may overwrite changes
which have been done manually via sysfs but it is the only reliable
way of setting up the bond.
Supported parameters for now:
- mode (default: balance-rr)
- miimon (default: 100)
- updelay (default: 0)
- downdelay (default: 0)
- arp_interval (default: 0)
- arp_ip_target (default: none)
Thomas Graf <tgraf@redhat.com>
Kills the strdup() and avoids having the caller free the memory. Also renames
the function to nm_system_get_iface_type() since "link" is not a common term
in NM.
Signed-off-by: Thomas Graf <tgraf@redhat.com>
If the IP config is missing, we just don't do any IP config, instead
of treating it as DHCP as happens for all other interface types.
Signed-off-by: Thomas Graf <tgraf@redhat.com>
Code is written generic enough to allow easy addition of further master/slave
relationships such as bridging relations.
Signed-off-by: Thomas Graf <tgraf@redhat.com>
(whitespace cleanups and libnl compat by dcbw)
For a slave to be activatetable the master connection must be present.
Activation of the slave is postponed until this condition is met.
Once the slave is being activated, a reference to the master connection
is acquired and held for the lifetime of the bond.
Changes v2:
- Made check_master_dependency() return TRUE/FALSE
Signed-off-by: Thomas Graf <tgraf@redhat.com>
Adds a MASTER= directive to ifcfg-rh allowing a connection to define
itself as bonding slave.
Adds a connection property "master" which contains the in-kernel device
name or UUID of the master connection.
Adds a connection property "slave-type" which defines the type of slave
this connection represents. Currently this is only set by bonding but
eventually this will be used by VLAN and bridging.
Enforces that no bonding slave connection has any IPv4 or IPv6
configuration set.
Changes make_ip4_setting() to take a universal flag indicating whether
to allow disabling ip4 config or not and use it for both, ip6 and
bonding special case.
Signed-off-by: Thomas Graf <tgraf@redhat.com>
A bonding device is like a virtual ethernet device. We therefore reuse
nm-device-ethernet and add some special handling to detect bonding
connections.
Changes v2:
- Fixed memory leak
Signed-off-by: Thomas Graf <tgraf@redhat.com>
Creates virtual kernel devices as needed. Since the manager is
initialized after the connections have been loaded no
CONNECTIONS_ADDED notification is received for connections parsed
at startup.
Therefore walks the loaded connections looking for bonding
connections.
Connections added on the fly are handled via the notifications.
Connection renaming and deleting is not supported yet.
Signed-off-by: Thomas Graf <tgraf@redhat.com>
Introduced a new TYPE=bond for ifcfg-rh configuration files.
Alternatively BONDING_MASTER=yes can be specified instead of
setting the type explicitely to maintain backwards compatibility
with existing configuration files.
Bonding device files require a DEVICE= line to be present which
specifies the virtual bonding interface in the kernel. We do not
allow auto-generation of the name in order to keep confusion to
a minimum when reusing existing bonding interfaces.
The BONDING_OPTS= parameter can be used to specify various bonding
related options, such as:
- mode
- miimon
- updelay
- downdelay
- arp_interval
- arp_ip_target
By default, the NMSettingBond class uses a miimon value of 100 which
seems like a sensible default value for 99% of all configurations.
If this is not suitable, an arp_ip_target needs to be specified
manually.
A writer is not yet implemented.
Changes v2:
- renamed DeviceName property to InterfaceName
- moved code to validate device name to dev_valid_name() for future use
Signed-off-by: Thomas Graf <tgraf@redhat.com>
src/firewall-manager tracks whether firewall is on the bus or not.
In nm-device.c at stage5 (ip-config-commit) before we actually
apply the IP configuration to the interface, we send the
IP interface name and zone to firewall and asynchronously wait
for a D-Bus reply. Then after we get the reply
(or if the firewall isn't running) we proceed with
applying the IP configuration to the interface.
Since both RA and DHCP may be run at the same time, we want to
make sure to merge both configs into a final config when either
RA or DHCP changes. Previously this only happened when RA changed,
but not when DHCP changed or completed. This caused the config
applied when DHCP completed to not contain the RA-derived address,
which was then removed from the device, which then regressed the
IPv6 RA state, causing a device failure.
Found by Tore Anderson
Oct 18 18:35:00 wrath dhclient[13782]: RCV: Reply message on eth0 from fe80::ca6c:87ff:feab:da5f.
Oct 18 18:35:00 wrath NetworkManager[12390]: <info> (eth0): DHCPv6 state changed nbi -> renew6
Oct 18 18:35:00 wrath NetworkManager[12390]: <debug> [1318955700.642273] [nm-device.c:1582] dhcp6_state_changed(): (eth0): new DHCPv6 client state 7
Oct 18 18:35:00 wrath NetworkManager[12390]: <debug> [1318955700.642282] [nm-dhcp-client.c:1211] ip6_options_to_config(): (eth0): option 'interface'=>'eth0'
Oct 18 18:35:00 wrath NetworkManager[12390]: <debug> [1318955700.642288] [nm-dhcp-client.c:1211] ip6_options_to_config(): (eth0): option 'new_dhcp6_client_id'=>'0:3:0:1:0:30:1b:bc:7f:23'
Oct 18 18:35:00 wrath NetworkManager[12390]: <debug> [1318955700.642294] [nm-dhcp-client.c:1211] ip6_options_to_config(): (eth0): option 'reason'=>'RENEW6'
Oct 18 18:35:00 wrath NetworkManager[12390]: <debug> [1318955700.642300] [nm-dhcp-client.c:1211] ip6_options_to_config(): (eth0): option 'new_dhcp6_name_servers'=>'2001:840:100:: 2001:840:200::'
Oct 18 18:35:00 wrath NetworkManager[12390]: <debug> [1318955700.642305] [nm-dhcp-client.c:1211] ip6_options_to_config(): (eth0): option 'new_dhcp6_server_id'=>'0:3:0:1:c8:6c:87🆎da:5f'
Oct 18 18:35:00 wrath NetworkManager[12390]: <debug> [1318955700.642311] [nm-dhcp-client.c:1211] ip6_options_to_config(): (eth0): option 'pid'=>'13782'
Oct 18 18:35:00 wrath NetworkManager[12390]: <info> Activation (eth0) Stage 5 of 5 (IPv6 Commit) scheduled...
Oct 18 18:35:00 wrath NetworkManager[12390]: <info> Activation (eth0) Stage 5 of 5 (IPv6 Commit) started...
Oct 18 18:35:00 wrath NetworkManager[12390]: <debug> [1318955700.643641] [nm-system.c:182] sync_addresses(): (eth0): syncing addresses (family 10)
Oct 18 18:35:00 wrath NetworkManager[12390]: <debug> [1318955700.643655] [nm-system.c:235] sync_addresses(): (eth0): removing address '2001:840:3033:20:230:1bff:febc:7f23/64'
Oct 18 18:35:00 wrath NetworkManager[12390]: <debug> [1318955700.643702] [nm-system.c:218] sync_addresses(): (eth0): ignoring IPv6 link-local address
Oct 18 18:35:01 wrath NetworkManager[12390]: <info> Policy set 'Wired connection 1' (eth0) as default for IPv4 routing and DNS.
Oct 18 18:35:01 wrath NetworkManager[12390]: <info> Activation (eth0) Stage 5 of 5 (IPv6 Commit) complete.
Oct 18 18:35:01 wrath NetworkManager[12390]: <debug> [1318955701.656335] [nm-ip6-manager.c:1041] netlink_notification(): netlink notificate type 21
Oct 18 18:35:01 wrath NetworkManager[12390]: <debug> [1318955701.656345] [nm-ip6-manager.c:542] process_addr(): processing netlink new/del address message
Oct 18 18:35:01 wrath NetworkManager[12390]: <debug> [1318955701.656359] [nm-ip6-manager.c:1069] netlink_notification(): (eth0): syncing device with netlink changes
Oct 18 18:35:01 wrath NetworkManager[12390]: <debug> [1318955701.656367] [nm-ip6-manager.c:419] nm_ip6_device_sync_from_netlink(): (eth0): syncing with netlink (ra_flags 0x800000B0) (state/target 'got-address'/'got-address')
Oct 18 18:35:01 wrath NetworkManager[12390]: <debug> [1318955701.656376] [nm-ip6-manager.c:438] nm_ip6_device_sync_from_netlink(): (eth0): netlink address: fe80::230:1bff:febc:7f23
Oct 18 18:35:01 wrath NetworkManager[12390]: <debug> [1318955701.656382] [nm-ip6-manager.c:460] nm_ip6_device_sync_from_netlink(): (eth0): addresses synced (state got-address)
Oct 18 18:35:01 wrath NetworkManager[12390]: <debug> [1318955701.656388] [nm-ip6-manager.c:474] nm_ip6_device_sync_from_netlink(): router advertisement requests parallel DHCPv6
Oct 18 18:35:01 wrath NetworkManager[12390]: <debug> [1318955701.656393] [nm-ip6-manager.c:512] nm_ip6_device_sync_from_netlink(): (eth0): RA-provided address no longer valid
Oct 18 18:35:01 wrath NetworkManager[12390]: <info> (eth0): DHCPv6 client pid 13782 exited with status 0
Oct 18 18:35:01 wrath NetworkManager[12390]: <debug> [1318955701.656448] [nm-device.c:1582] dhcp6_state_changed(): (eth0): new DHCPv6 client state 23
Oct 18 18:35:01 wrath NetworkManager[12390]: <info> (eth0): device state change: activated -> failed (reason 'ip-config-unavailable') [100 120 5]
