When using siphash24(), the hash value depends on the hashed input
and the key from _get_hash_key(). If the input is static, so is also
the result of siphash24(), albeit the bits are scrabbled more.
Add a nm_hash_static() to get such a static key, but without actually
doing siphash24(). The static key is also xored with a static_seed.
For that, also mangle the first byte of the hash key using siphash24()
itself. That is, because nm_hash_static() only uses the first guint of the
random key. Hence, we want that this first guint has all the entropy
of the entire key. We use siphash24() itself, to mangle all bits
of the 16 byte key into the first guint.
CC src/systemd/src/basic/src_libsystemd_nm_la-string-table.lo
../../src/systemd/src/basic/parse-util.c:30:10: fatal error: 'errno-list.h' file not found
#include "errno-list.h"
^~~~~~~~~~~~~~
Fixes: 1a2419a0c9
Comparing @secrets_keys indicates to coverity that it might be NULL.
Below, we access @secrets_keys without check, and coverity doesn't realize
that this cannot crash, because secrets_keys_n would be zero too.
Anyway, this way we safe the sorting, in case we only have
one element.
Currently there are multiple features that require Jansson support,
but WITH_JANSSON=1 is set only when configuring with
--enable-json-validation. Therefore a build with
"--disable-json-validation --enable-ovs" fails.
The availability of Jansson (WITH_JANSSON) should only be used:
- to check if dependent features can be enabled
- to determine compiler and linker flags in the Makefile
- in nm-jansson.h to define compatibility functions if needed
Everything else must be controlled by a configure switch.
https://bugzilla.gnome.org/show_bug.cgi?id=790233
The file descriptor is owned by the netlink socket instance,
which we close in finalize. We most not close it when destroying
the IO channel, otherwise the file descriptor gets closed twice.
Closing an invalid file descriptor (or a descriptor that is already closed)
is a serious bug, because the integer values are re-used, so there is a race
that the close might affect an innocent file descriptor instead of just
failing with EBADF.
The nm_close() wrapper should behave exactly the same as calling
close() directly. This is well known, documented behavior.
The only addition on top of that, should be the nm_assert() to catch
double-closing.
Prevously, when passing a negative file descriptor, we wouldn't properly
set errno. Also, the call would not show up in strace, which it should
(at least, if libc's close actually makes the syscall).
I would argue, that passing a negative file descriptor is a bug already
and we should never do that. Maybe we should even assert non-negative
fds. I don't do that now, because I am not sufficiently confident.
Anyway, the change should have not practical effect, because we
shouldn't actually pass negative fds already.
When a master connection is deactivated by user, we set the
autoconnect-blocked reason 'user-request' for the connection and we
propagate the same reason to slaves. Doing so prevents the
autoactivation of slaves when the master is manually activated again,
because the only way to override the 'user-request' blocked reason is
through manual activation of slaves.
Instead what should happen is that the manual deactivation of a master
marks slaves as blocked for failed dependencies. When the master
becomes available again, slaves can autoactivate if the profile allows
it.
https://bugzilla.redhat.com/show_bug.cgi?id=1437598
After 1.10.0 is released, merge it back into master so that
1.10.0 is part of the history of master. That means,
$ git log --first-parent master
will also traverse 1.10.0 and 1.10-rc*.
Also bump the micro version to 1.11.1-dev to indicate that this is
after 1.10.0 is out.
Kernel doesn't support it for IPv6.
This is especially useful, if you combine static routes
with DHCP. In that case, you might want to get the device-route
to the gateway automatically, but add a static-route for it.
The "onlink" flag for IPv4 routes is part of the route ID.
Consider it in nm_platform_ip4_route_cmp().
Also, allow configuring the flag when adding a route.
Note that for IPv6, the onlink flag is still ignored.
Pretty much like kernel does.
There is still a fallback detection in "shared/nm-utils/nm-macros-internal.h",
so that VPN-plugins and applet don't need to bother about adding these
configure checks.
The _NM_GET_PRIVATE() macro already preserved and propagated
the constness of @self to the resulting private pointer.
_NM_GET_PRIVATE_PTR() didn't do that. Extend the macro,
to make that possible.
Fix the following warning:
src/devices/nm-device.c: In function ‘activation_source_schedule’:
src/devices/nm-device.c:4995:9: error: ‘source_func’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
new_id = g_idle_add (source_func, self);
~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(cherry picked from commit bdfa7d882e)
Fix the following warning:
src/devices/nm-device.c: In function ‘activation_source_schedule’:
src/devices/nm-device.c:4995:9: error: ‘source_func’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
new_id = g_idle_add (source_func, self);
~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Don't necessarily fail the entire connection if a duplicate IPv4
address is detected, but instead look at the may-fail property and at
the outcome of IPv6.
https://bugzilla.redhat.com/show_bug.cgi?id=1508001
(cherry picked from commit 14ad1d0cd1)
