The BPF filter takes the byte containing IP Flags and performs a
bitwise AND with "ntohs(IP_MF | IP_OFFMASK)".
On little-endian architectures the IP_MF flag (0x20) is ANDed with
0xFF3F and so the presence of the flag is correctly detected ignoring
other flags as IP_DF (0x40) or IP_RF (0x80).
On big-endian, "ntohs(IP_MF | IP_OFFMASK)" is 0x3FFF and so the filter
wrongly checks the presence of *any* flags. Therefore, a packet with
the DF flag set is dropped.
Instead, take the two bytes containing flags and offset:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Version| IHL |Type of Service| Total Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identification |Flags| Fragment Offset |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
and verify that IP_MF and the offset are zero.
Fixes: e43b1791a3 ('Merge commit 'e23b3c9c3ac86b065eef002fa5c4321cc4a87df2' as 'shared/n-dhcp4'')
https://bugzilla.redhat.com/show_bug.cgi?id=1861488https://github.com/nettools/n-dhcp4/pull/19
(cherry picked from commit 03d38e83e558802a82cb0e4847cb1f1ef75ccd16)
In this case, GetAll failed with "Timeout was reached". We still
create a dummy BSS info, because we kept track of the object to
start with. That way, we don't simply want to ignore the failure,
because NMDeviceWifi might track this NMWifiAP already, and we may
need an update (even if we failed to fetch the requested information).
However, that later leads to a crash, because NMDeviceWifi expect the BSSID
present then.
Avoid that, by don't processing such APs.
#0 g_logv (log_domain=0x7f2ac10a60a9 "NetworkManager", log_level=G_LOG_LEVEL_CRITICAL, format=<optimized out>, args=<optimized out>) at ../glib/gmessages.c:1377
#1 0x00007f2acf152233 in g_log
(log_domain=log_domain@entry=0x7f2ac10a60a9 "NetworkManager", log_level=log_level@entry=G_LOG_LEVEL_CRITICAL, format=format@entry=0x7f2acf1a46ff "%s: assertion '%s' failed")
at ../glib/gmessages.c:1415
#2 0x00007f2acf152a2d in g_return_if_fail_warning
(log_domain=log_domain@entry=0x7f2ac10a60a9 "NetworkManager", pretty_function=pretty_function@entry=0x7f2ac10a9e70 <__func__.50> "try_fill_ssid_for_hidden_ap", expression=expression@entry=0x7f2ac10a86d0 "bssid") at ../glib/gmessages.c:2771
#3 0x00007f2ac108a402 in try_fill_ssid_for_hidden_ap (ap=0x5569978b61c0 [NMWifiAP], self=0x55699786ea00 [NMDeviceWifi]) at src/devices/wifi/nm-device-wifi.c:1883
#4 supplicant_iface_bss_changed_cb (iface=0x556997777260 [NMSupplicantInterface], bss_info=0x7f2ab4028f00, is_present=1, self=0x55699786ea00 [NMDeviceWifi])
at src/devices/wifi/nm-device-wifi.c:1946
#5 0x00007f2ace246af0 in ffi_call_unix64 () at ../src/x86/unix64.S:76
#6 0x00007f2ace2462ab in ffi_call (cif=cif@entry=0x7ffd9c107c90, fn=fn@entry=0x7f2ac1089e80 <supplicant_iface_bss_changed_cb>, rvalue=<optimized out>, avalue=avalue@entry=0x7ffd9c107ba0)
at ../src/x86/ffi64.c:525
#7 0x00007f2acf23e87a in g_cclosure_marshal_generic_va
(closure=<optimized out>, return_value=<optimized out>, instance=<optimized out>, args_list=<optimized out>, marshal_data=<optimized out>, n_params=<optimized out>, param_types=<optimized out>) at ../gobject/gclosure.c:1614
#8 0x00007f2acf23dae6 in _g_closure_invoke_va
(closure=closure@entry=0x5569978a0cc0, return_value=return_value@entry=0x0, instance=instance@entry=0x556997777260, args=args@entry=0x7ffd9c107f00, n_params=2, param_types=0x55699775b990) at ../gobject/gclosure.c:873
#9 0x00007f2acf2566e9 in g_signal_emit_valist (instance=0x556997777260, signal_id=<optimized out>, detail=0, var_args=var_args@entry=0x7ffd9c107f00) at ../gobject/gsignal.c:3407
#10 0x00007f2acf256c63 in g_signal_emit (instance=instance@entry=0x556997777260, signal_id=<optimized out>, detail=detail@entry=0) at ../gobject/gsignal.c:3554
#11 0x00005569972ece61 in _bss_info_changed_emit (self=self@entry=0x556997777260 [NMSupplicantInterface], bss_info=bss_info@entry=0x7f2ab4028f00, is_present=is_present@entry=1)
at src/supplicant/nm-supplicant-interface.c:555
#12 0x00005569972ed3a0 in _bss_info_properties_changed (self=0x556997777260 [NMSupplicantInterface], bss_info=0x7f2ab4028f00, properties=<optimized out>, initial=<optimized out>)
at src/supplicant/nm-supplicant-interface.c:758
#13 0x00005569972f756b in _bss_info_get_all_cb (result=0x0, error=<optimized out>, user_data=0x7f2ab4028f00) at src/supplicant/nm-supplicant-interface.c:784
#14 0x0000556997217bc1 in _nm_dbus_connection_call_default_cb (source=0x5569977480c0 [GDBusConnection], res=<optimized out>, user_data=user_data@entry=0x556997855d50)
at shared/nm-glib-aux/nm-dbus-aux.c:74
#15 0x00007f2acf339e4a in g_task_return_now (task=task@entry=0x7f2ab4003f00 [GTask]) at ../gio/gtask.c:1214
#16 0x00007f2acf33aa3d in g_task_return (task=0x7f2ab4003f00 [GTask], type=<optimized out>) at ../gio/gtask.c:1283
#17 0x00007f2acf33b4fe in g_task_return (type=G_TASK_RETURN_ERROR, task=<optimized out>) at ../gio/gtask.c:1861
#18 g_task_return_error (task=<optimized out>, error=<optimized out>) at ../gio/gtask.c:1867
#19 0x0000556997893f40 in ()
#20 0x3a85d39adfae7f00 in ()
#21 0x00007f2ab4003cc0 in ()
#22 0x00007f2acf396460 in g_dbus_connection_call_done () at ../gio/gdbusconnection.c:2059
#23 0x00007f2ab4003f00 in ()
#24 0x0000000000000086 in ()
#25 0x0000000000000018 in ()
#26 0x00007f2acf339e4a in g_task_return_now (task=0x7f2ab4003f00 [GTask], task@entry=0x7f2ab4003cc0 [GTask]) at ../gio/gtask.c:1214
#27 0x00007f2acf33aa3d in g_task_return (task=0x7f2ab4003cc0 [GTask], type=<optimized out>) at ../gio/gtask.c:1283
#28 0x00007f2acf33b4fe in g_task_return (type=G_TASK_RETURN_ERROR, task=<optimized out>) at ../gio/gtask.c:1861
#29 g_task_return_error (task=<optimized out>, error=<optimized out>) at ../gio/gtask.c:1867
#30 0x0000003000000028 in ()
#31 0x00007ffd9c108290 in ()
Fixes: b83f07916a ('supplicant: large rework of wpa_supplicant handling')
We want to allow the user to externally remove IP addresses
and routes, and NetworkManager not re-adding them until a full reapply
happens. For that, we need to keep track of IP addresses that were
present, but no longer are.
It doesn't yet do anything. More is needed. In particular, we need to
keep track of routes that were externally deleted, then we can merge
that with routes that are known to be currently unavailable.
NML3Cfg is supposed to manage an interface (by ifindex).
As such, it later will itself implement DHCP and similar addressing
methods.
However, in various cases we get additional IP configuration from
external (e.g. from a VPN connection). To support that, let NML3Cfg
track any number of NML3ConfigData instances.
This parameter really affects whether a candidate in @addresses_prune will be
considered or not. Since we already construct the prune list separately, this
parameter is at the wrong place.
This requires us to re-implement nm_platform_lookup_clone(). While the
function has a predicate callback that we could use for this purpose,
I will later add a separate predicate argument to
nm_platform_ip_address_get_prune_list(). When that happens, it would
be cumbersome to chain the two function pointers. Instead, reimplement
nm_platform_lookup_clone().
Follow the pattern of nm_platform_ip_route_sync(), which also accepts
the list of addresses that are potential candidates for removal.
This allows the caller to carefully construct the list of addresses
which are possibly removed, so that sync (possibly) only adds new
addresses.
It is beneficial to have both address families side by side.
A lot of operations are exactly the same, so it's preferable to see
that. Especially in the cases where they differ, it's preferable to see
how they differ (and why).
In this case, the functions are only called once. Having a helper
function that has no clear, unique purpose does not necessarily make the
code simpler.
Also, NMIP[46]Config is going to change completely. It will thereby move
this code (and change it). Doing that is simpler, if we see all the
relevant parts in one place.
Make the error handling similar to the other provider implementations.
- only actually return once all callbacks completed.
- cache the first error and report it.
- drop AzureData.success field. It is redundant to have AzureData.error set.
Also it was actually unused.
- ensure that we keep the first error passed during
_get_config_maybe_task_return(). Once we set an error, that error gets
returned. There is a twist here, that we prefer cancellation errors
over other error reasons.
- drop GCPData.success field. It is redundant to have GCPData.error set.
Also, it's meaningless to indicate failure, if we don't have an error
at hand.
- ensure that we keep the first error passed during
_get_config_maybe_task_return(). Once we set an error, that error gets
returned. There is a twist here, that we prefer cancellation errors
over other error reasons.
- in _get_config_fip_cb(), ensure to call _get_config_maybe_task_return()
even if we are not yet ready. That is useful to record a potential
error.
The systemd DHCPv6 client requires a hardware address only to
determine the IAID; NM always overrides the IAID with its own and
therefore the hwaddr is not used.
Removing such requirement allows DHCPv6 to run over PPP, which is
useful with DHCPv6-PD to get a prefix from the ISP.
To test this, I set up a server with pppoe-server, radvd and the Wide
DHCPv6 server providing an address and a prefix. On the client, NM was
able to obtain a prefix using both dhcp=dhclient and dhcp=systemd.
Note that if there is no hardware address and you specify
ipv6.dhcp-duid=ll or ipv6.dhcp-iaid=mac, a warning will be emitted and
NM will use a random DUID/IAID.
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/478
NML3ConfigData is supposed to be used as immutable, ref-counted type.
You create it once, initialize it, seal it, and pass (immutable) references
around.
In such a scheme, having ref/unref functions not operate on const pointers
is a major inconvenience.
NML3ConfigData tracks IP addresses and routes. In their current form, these
types (NMPObject) always have an ifindex and there is no sensible way to have
an NMPObject (for routes or addresses) that have a wildcard ifindex.
Honor that by also tying NML3ConfigData to an ifindex. In most cases, the
user knows the ifindex before and can create it. On the unlikely case where
the user doesn't know the ifindex, we should add a new nm_l3_config_data_clone()
function, which allows migrating the setting from one ifindex to another.
