The policy listens to signals from shared devices that need subnets and
requesting devices that provide prefixes. Whenever a subnet is needed,
policy tries to obtain a subnets from all of default6 device's prefixes.
When it fails to get any, it asks for more prefixes.
This way we make it possible for the delegating router to either
provide us with a /64 for each of our shared interfaces, or provide a
larger prefix that we could subnet.
The policy also updates the shared device's DNS information to keep it in sync
with the best requesting device changes.
There's two parts of the configuration involved: the subnet addresses
and the DNS information.
For the addressing, the shared (downlink) device signals the policy needs for a
/64 subnet. When it gets one, it merges it into the autoconf configuration and
forwards to the NDisc. When more prefixes are needed, the (uplink) device asks
the DHCP manager and eventually signals delegation (reception) of a prefix.
The NMDevice only provides the mechanism, the actual subnetting needs to
be done by the NMPolicy.
For the DNS configuration, the shared device just copies it from
whichever device the policy deems suitable.
Utilizes RFC 3633 prefix option in role of requesting router to ask the
delegating router for prefixes. In future we'll be able to use the
addresses from those prefixes on ipv6.method=shared connections.
It will make sense to log the options even if we're not creating an
ip6_config (e.g. we got a prefix option, not an address).
Also, guard it with a logging enable conditional. That way we save
precious microseconds so that we'll feel less guilty about the demise of
mankind and universe.
This esentially causes us to announce the prefixes of the addresses we
own and the DNS configuration.
Currently the only way to get the IPv6 configuration on such device is
manual setting in the connection. This will change with IPv6 prefix
delegation.
IPv4 already allows setting an address, reusing its prefix for the network
it shares connection with. Additionally, for IPv6, the NDP can also share
the DNS configuration.
The ndisc config can now be changed by NMDevice as well when the NDisc
is in ROUTER mode. But what we're really interested in is when we
receive a new one from the outside.
We'll soon not only do the router discovery, but announce ourselves as a
reouter. "Neighbor discovery" sounds to be a more appropriate name for
the class than "Router discovery".
Also, be a bit more careful about the layers of errors. Just don't do this:
(process:236): nmcli-CRITICAL **: Error: Could not create NMClient object:
Permissions request failed: Authorization check failed:
The name org.freedesktop.PolicyKit1 was not provided by any .service files.
We use the lifetime of 0 to indicate permanent addresses while
DHCP uses that lifetime to indicate the addresses should be removed.
Use the presence of a timestamp to differentiate the two.
dhclient[10867]: XMT: Rebind on wls1, interval 1030ms.
dhclient[10867]: RCV: Reply message on wls1 from fe80::21e:8cff:feec:3ca2.
NetworkManager[10481]: <info> [1478020967.7634] dhcp6 (wls1): valid_lft 0
NetworkManager[10481]: <info> [1478020967.7634] dhcp6 (wls1): preferred_lft 0
NetworkManager[10481]: <info> [1478020967.7636] dhcp6 (wls1): address fd25:d463:2f14::927
NetworkManager[10481]: <info> [1478020967.7636] dhcp6 (wls1): nameserver 'fe80::21e:8cff:feec:3ca2'
NetworkManager[10481]: <info> [1478020967.7637] dhcp (wls1): domain search 'venom.'
NetworkManager[10481]: <info> [1478020967.7637] dhcp6 (wls1): state changed unknown -> bound, event ID="fa💿2c:86|1478020967"
NetworkManager[10481]: ((src/nm-core-utils.c:3521)): assertion '<dropped>' failed
I don't think that the compiler is able to optimize
strchr($SET_AS_STR, $CHAR)
Use NM_IN_SET() which expands to something that should be
easy for the compiler to optimize.
Now we could parse simple shell variable assignment properly, but old versions
of svEscape() wrote invalid double-quoted strings.
Add a hack to restore the broken behavior for that case only.
When introducing the macro _svGetValue_check() we replace
the call to svGetValueString() with svGetValue().
That makes a difference only when asserting against a %NULL
value. It's fair to assume that in such case we actually want
to assert that the value is unset, and not possibly empty.
svUnescape() can return a pointer to the input argument
(if the input argument requires no unescaping or truncation).
That is actually the predominant case because most often we
store values that don't require escaping.
Optimize for that case.
This is especially important because we don't support
line continuation. Thus, with
FOO='val
bar=3'
wrong line
F2=b
F3='b
XXX=adf'
XXX2=val2
'
we now write
FOO=
#NM: FOO='val
bar=
#NM: bar=3'
#NM: wrong line
F2=b
F3=
#NM: F3='b
XXX=
#NM: XXX=adf'
XXX2=val2
#NM: '
Basically, the writer will comment out any line that is
- not all-whitespace
- not a '#' comment (possibly proceeded by whitespace)
- not a valid variable assignment
This avoids that writer writes lines that are not understood by
ifcfg-rh plugin, but interferes with initscripts. E.g.
NAME=old-name'
rm -rf /
'
becomes
NAME=new-name
#NM: rm -rf /
#NM: '
'\'', '~': must not be escaped with backslash.
Also, within double quotes the backslash escape character is only
removed before special caracters like '$' or '`'. Not in general.
Yes, it means that older versions of svEscape produced invalid escape
sequences that we now treat differently. But that is not realy
avoidable, it was a bug that needs to be fixed.
This is especially important for the team config JSON, which is expected
to contain newlines.
ANSI C quotation is bash specific, but initscripts already use #!/bin/bash.
Unfortunately, g_strescape() doesn't escape '\'' and can thus not be
used.
Also add a test that svEscape() and svUnescape() do a round-trip.
Not only consider \r and \n as candidates for ANSI C quotation, but all
ANSI control characters.
Better support parsing of shell. Now we support:
- combining values, like
FOO=a"b"
FOO=$'\n'b
- bash style ANSI C quotation ($''). This will allow us to properly
handle newlines in string values.
- comments at the end of a line (after whitespace)
FOO=val #comment
Note that this is different from a # without space
FOO=val#with#hashes
- trailing spaces are ignored like
FOO=a[space]
FOR=[space]
- history expansion via ! is not done (this is not new).
We don't support:
- line continuation like
FOO='
'
FOO=a\
b
- any form of shell expansion via $, ``.
FOO="$a"
Such values are recognized to name a variable FOO, but with an
empty value, like
FOO=%{nil}
which is not the same as a valid empty value
FOO=
- any other form of (unquoted) shell meta characters, like ; < > ( ).
This especially means, that the command invocations are invalid, like
ls -1
LANG=C ls -1
FOO1=a; FOO2=b
This also means, that spaces immidiately after the assignment are invalid:
FOO= val
Also, svUnescape() can now return %NULL to signal an invalid line like
FOO='
When
- reading a key that is defined multiple times, accept
the last occurrence.
- when deleting such a key, delete all occurrences.
- when overwriting such a key, overwrite the last occurrence
and delete any previous definitions.
