The D-Bus configuration already ensures that only root can do that;
enforcing the permission at policy level seems better than doing it in
the daemon itself because it allows users to change the policy and
also because callers can exit immediately after issuing the request.
(cherry picked from commit 4c7fa8dfdc)
The error returned to users when a load_connection(s)/set_logging call
fails due to D-Bus policy denial is a bit obscure:
$ nmcli general logging level debug
Error: failed to set logging: Rejected send message, 4 matched rules;
type="method_call", sender=":1.233" (uid=1001 pid=27225 comm="nmcli
general logging level debug ")
interface="org.freedesktop.NetworkManager" member="SetLogging" error
name="(unset)" requested_reply="0" destination=":1.207" (uid=0
pid=25793 comm="/usr/sbin/NetworkManager --no-daemon ")
Convert it to a more comprehensible:
$ nmcli general logging level debug
Error: failed to set logging: access denied
https://bugzilla.redhat.com/show_bug.cgi?id=1362542
The D-Bus configuration already ensures that only root can do that;
enforcing the permission at policy level seems better than doing it in
the daemon itself because it allows users to change the policy and
also because callers can exit immediately after issuing the request.
When a assumed software device is brought down externally, it becomes
UNMANAGED_EXTERNAL_DOWN and its state goes from ACTIVATED directly to
UNMANAGED. In such case, we shouldn't flush the IP configuration
(addresses and routes) present on the device.
To fix this, clean up the device with CLEANUP_TYPE_KEEP and modify
nm_device_cleanup() not to flush addresses and devices with such flag.
https://bugzilla.redhat.com/show_bug.cgi?id=1363995
(cherry picked from commit 45cd3302dc)
When a assumed software device is brought down externally, it becomes
UNMANAGED_EXTERNAL_DOWN and its state goes from ACTIVATED directly to
UNMANAGED. In such case, we shouldn't flush the IP configuration
(addresses and routes) present on the device.
To fix this, clean up the device with CLEANUP_TYPE_KEEP and modify
nm_device_cleanup() not to flush addresses and devices with such flag.
https://bugzilla.redhat.com/show_bug.cgi?id=1363995
Previously, we logged also the location (file:line func). nm-logging.c
supported format flags to control the timestamp, the location, and alignment
of the timestamp.
We want that all our logging backends log the same messages. That is,
both syslog and journal should have our ~default~ logging format, that
is with timestamp but without location.
Drop the unused code.
(cherry picked from commit cc828431b8)
Previously, we logged also the location (file:line func). nm-logging.c
supported format flags to control the timestamp, the location, and alignment
of the timestamp.
We want that all our logging backends log the same messages. That is,
both syslog and journal should have our ~default~ logging format, that
is with timestamp but without location.
Drop the unused code.
Even if we know that the new hostname being set is equal to the cached
old one, the user may have manually changed the kernel hostname in the
meanwhile. For example:
# hostname
host123
# hostname localhost
# nmcli connection up eth1
# (now NM receives 'host123' from DHCP, but
# believes it's already set and doesn't update it)
# hostname
localhost
Let's always try to update the kernel (transient) hostname, unless it
is really already set (as returned by gethostname()).
https://bugzilla.redhat.com/show_bug.cgi?id=1356015
(cherry picked from commit 51b2cef04f)
Even if we know that the new hostname being set is equal to the cached
old one, the user may have manually changed the kernel hostname in the
meanwhile. For example:
# hostname
host123
# hostname localhost
# nmcli connection up eth1
# (now NM receives 'host123' from DHCP, but
# believes it's already set and doesn't update it)
# hostname
localhost
Let's always try to update the kernel (transient) hostname, unless it
is really already set (as returned by gethostname()).
https://bugzilla.redhat.com/show_bug.cgi?id=1356015
It's not clear why a route should be suppressed if it is contained
in the subnet of one of the interface's addresses.
I think it is wrong to do this. For example, imagine an ethernet
and a Wi-Fi device both connected to the same subnet 10.0.0.0/8. By
default, ethernet gets higher priority and a better metric of 100.
If the user wants to configure a route "10.0.0.1/32 metric 99"
to reach a certain host explicitly via Wi-Fi, this check will
forbid that.
This condition was added a long time ago (38dbdae266),
but it's unclear what the original intent was.
See also commit 4f7b1cabc0, which
already relaxed this suppression of routes for non-direct routes.
(cherry picked from commit ac5dc1a951)
It's not clear why a route should be suppressed if it is contained
in the subnet of one of the interface's addresses.
I think it is wrong to do this. For example, imagine an ethernet
and a Wi-Fi device both connected to the same subnet 10.0.0.0/8. By
default, ethernet gets higher priority and a better metric of 100.
If the user wants to configure a route "10.0.0.1/32 metric 99"
to reach a certain host explicitly via Wi-Fi, this check will
forbid that.
This condition was added a long time ago (38dbdae266),
but it's unclear what the original intent was.
See also commit 4f7b1cabc0, which
already relaxed this suppression of routes for non-direct routes.
- don't include "nm-default.h" in header files. Every source file must
include as first header "nm-default.h", thus our headers get the
default include already implicitly.
- we don't support compiling NetworkManager itself with a C++ compiler. Remove
G_BEGIN_DECLS/G_END_DECLS from internal headers. We do however support
users of libnm to use C++, thus they stay in public headers.
(cherry picked from commit f19aff8909)
- don't include "nm-default.h" in header files. Every source file must
include as first header "nm-default.h", thus our headers get the
default include already implicitly.
- we don't support compiling NetworkManager itself with a C++ compiler. Remove
G_BEGIN_DECLS/G_END_DECLS from internal headers. We do however support
users of libnm to use C++, thus they stay in public headers.
Instead of updating the device-statistic counters only periodically as
we refresh the link, update them on every link-changed event from
platform.
That means, also for devices that have RefreshRateMs at zero, the values
will be updated at random times when the link information changes.
The difference is, that previously the counters would be zero unless
RefreshRateMs was set. Now, they have some (probably stale) values
which however are not guaranteed to be kept up-to-date.
Also, now we refresh more often then promised by RefreshRateMs. But the API
technically doesn't specify that, so if we find there is a problem with
this, we may revert it later.
Originally, "nm-device-statistics.c" contained code to fetch the device
counters via netlink. As now the netlink part is handled by NMPlatform,
the code can be simplified by merging it back to NMDevice.
Technically, this is not needed because glib requires that
int is at least 32 bits. Thus, uint32 will be safely promoted
to uint.
Just do the cast to be explict about the expected type.
nm_platform_link_cmp() shall first compare the ifindex, otherwise
the sort-order first considers rather unimportant fields instead
of the primary key: the ifindex.
Fixes: a3185f22e55484b819859cb4cef8f54385dac1a9
Add statistics interface to all device instances. When active, the
properties of this interface are refreshed whenever there is network
activity for the device.
Activation is performed by changing RefreshRateMs property. If set to
zero, the interface is deactivated. If set to other value, the rest of
the interface properties are refreshed whenever the related network
metric changes, being RefreshRateMs the minimum time between property
changes, in milliseconds.
We might be already handling a state change:
Aug 17 05:26:34 dacan.local NetworkManager[618]: (devices/nm-device.c:10982):
_set_state_full: runtime check failed: (priv->in_state_changed == FALSE)
(gdb) bt
#0 0x00007fc218dad643 in g_logv (log_domain=0x7fc21c0db3c3 "NetworkManager", log_level=G_LOG_LEVEL_WARNING, format=<optimized out>, args=args@entry=0x7ffe6f0b30d0) at gmessages.c:1086
#1 0x00007fc218dad7bf in g_log (log_domain=log_domain@entry=0x7fc21c0db3c3 "NetworkManager", log_level=log_level@entry=G_LOG_LEVEL_WARNING, format=format@entry=0x7fc218e1b70f "%s") at gmessages.c:1119
#2 0x00007fc218dadb16 in g_warn_message (domain=domain@entry=0x7fc21c0db3c3 "NetworkManager", file=file@entry=0x7fc21c0d6597 "devices/nm-device.c", line=line@entry=10982, func=func@entry=0x7fc21c0dabf0 <__FUNCTION__.42233> "_set_state_full", warnexpr=warnexpr@entry=0x7fc21c0d95a0 "priv->in_state_changed == FALSE") at gmessages.c:1152
#3 0x00007fc21bf79bd6 in _set_state_full (self=0x7fc21ccd88b0 [NMDeviceEthernet], state=NM_DEVICE_STATE_FAILED, reason=NM_DEVICE_STATE_REASON_DEPENDENCY_FAILED, quitting=0) at devices/nm-device.c:10982
#7 0x00007fc2190bdd9f in <emit signal notify:master on instance 0x7fc21ccd88b0 [NMDeviceEthernet]> (instance=instance@entry=0x7fc21ccd88b0, signal_id=<optimized out>, detail=<optimized out>) at gsignal.c:3439
#4 0x00007fc2190a3908 in g_closure_invoke (closure=0x7fc21cd009e0, return_value=return_value@entry=0x0, n_param_values=2, param_values=param_values@entry=0x7ffe6f0b34b0, invocation_hint=invocation_hint@entry=0x7ffe6f0b3450) at gclosure.c:801
#5 0x00007fc2190b5a1d in signal_emit_unlocked_R (node=node@entry=0x7fc21cb66500, detail=detail@entry=588, instance=instance@entry=0x7fc21ccd88b0, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7ffe6f0b34b0)
at gsignal.c:3627
#6 0x00007fc2190bdab1 in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7ffe6f0b3640) at gsignal.c:3383
#8 0x00007fc2190a7fd4 in g_object_dispatch_properties_changed (object=0x7fc21ccd88b0 [NMDeviceEthernet], n_pspecs=<optimized out>, pspecs=<optimized out>) at gobject.c:1061
#9 0x00007fc2190aa619 in g_object_notify_by_pspec (pspec=<optimized out>, object=0x7fc21ccd88b0 [NMDeviceEthernet]) at gobject.c:1155
#10 0x00007fc2190aa619 in g_object_notify_by_pspec (object=object@entry=0x7fc21ccd88b0 [NMDeviceEthernet], pspec=<optimized out>) at gobject.c:1264
#11 0x00007fc21bf7de3f in nm_device_master_enslave_slave (prop=PROP_MASTER, obj=0x7fc21ccd88b0 [NMDeviceEthernet]) at devices/nm-device.c:103
#12 0x00007fc21bf7de3f in nm_device_master_enslave_slave (success=1, self=0x7fc21ccd88b0 [NMDeviceEthernet]) at devices/nm-device.c:2757
#13 0x00007fc21bf7de3f in nm_device_master_enslave_slave (self=0x7fc21cd42810 [NMDeviceBond], slave=0x7fc21ccd88b0 [NMDeviceEthernet], connection=<optimized out>) at devices/nm-device.c:1300
#14 0x00007fc2167c8dcc in ffi_call_unix64 () at ../src/x86/unix64.S:76
#15 0x00007fc2167c86f5 in ffi_call (cif=cif@entry=0x7ffe6f0b3a10, fn=<optimized out>, rvalue=0x7ffe6f0b3980, avalue=avalue@entry=0x7ffe6f0b3900) at ../src/x86/ffi64.c:522
#20 0x00007fc2190be2e8 in <emit signal 0x7fc21c0ea3d5 "state-changed" on instance 0x7fc21ccd88b0 [NMDeviceEthernet]> (instance=instance@entry=0x7fc21ccd88b0, detailed_signal=detailed_signal@entry=0x7fc21c0ea3d5 "state-changed") at gsignal.c:3479
#16 0x00007fc2190a4148 in g_cclosure_marshal_generic (closure=0x7fc21cc84de0, return_gvalue=0x0, n_param_values=<optimized out>, param_values=<optimized out>, invocation_hint=<optimized out>, marshal_data=0x0) at gclosure.c:1487
#17 0x00007fc2190a3908 in g_closure_invoke (closure=0x7fc21cc84de0, return_value=return_value@entry=0x0, n_param_values=4, param_values=param_values@entry=0x7ffe6f0b3c10, invocation_hint=invocation_hint@entry=0x7ffe6f0b3bb0) at gclosure.c:801
#18 0x00007fc2190b5a1d in signal_emit_unlocked_R (node=node@entry=0x7fc21cbeef20, detail=detail@entry=0, instance=instance@entry=0x7fc21ccd88b0, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7ffe6f0b3c10) at gsignal.c:3627
#19 0x00007fc2190bdab1 in g_signal_emit_valist (instance=instance@entry=0x7fc21ccd88b0, signal_id=signal_id@entry=112, detail=detail@entry=0, var_args=var_args@entry=0x7ffe6f0b3e48) at gsignal.c:3383
#21 0x00007fc21bf79e3d in _set_state_full (self=self@entry=0x7fc21ccd88b0 [NMDeviceEthernet], state=state@entry=NM_DEVICE_STATE_IP_CONFIG, reason=reason@entry=NM_DEVICE_STATE_REASON_NONE, quitting=quitting@entry=0) at devices/nm-device.c:11123
#22 0x00007fc21bf7a707 in nm_device_state_changed (self=self@entry=0x7fc21ccd88b0 [NMDeviceEthernet], state=state@entry=NM_DEVICE_STATE_IP_CONFIG, reason=reason@entry=NM_DEVICE_STATE_REASON_NONE) at devices/nm-device.c:11308
#23 0x00007fc21bf7e92f in activate_stage3_ip_config_start (self=0x7fc21ccd88b0 [NMDeviceEthernet]) at devices/nm-device.c:6759
#24 0x00007fc21bf68dac in activation_source_handle_cb (self=0x7fc21ccd88b0 [NMDeviceEthernet], family=family@entry=2) at devices/nm-device.c:3627
#25 0x00007fc21bf68e6e in activation_source_handle_cb4 (user_data=<optimized out>) at devices/nm-device.c:3564
#26 0x00007fc218da6d7a in g_main_context_dispatch (context=0x7fc21cb6e000) at gmain.c:3152
#27 0x00007fc218da6d7a in g_main_context_dispatch (context=context@entry=0x7fc21cb6e000) at gmain.c:3767
#28 0x00007fc218da70b8 in g_main_context_iterate (context=0x7fc21cb6e000, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3838
#29 0x00007fc218da738a in g_main_loop_run (loop=0x7fc21cb6c8c0) at gmain.c:4032
#30 0x00007fc21bf4a23e in main (argc=1, argv=0x7ffe6f0b43e8) at main.c:411
(gdb)
https://bugzilla.redhat.com/show_bug.cgi?id=1367702
Example:
$ nmcli -a con up test-conn
Passwords or encryption keys are required to access the wireless network 'kkk'.
Username (802-1x.identity): cimrman
Password (802-1x.password):
https://bugzilla.redhat.com/show_bug.cgi?id=1351272
