Commit Graph

9413 Commits

Author SHA1 Message Date
Jiří Klimeš
cb680c5b54 ifcfg-rh: add missing functionality for reading/writing subject matches
subject-match              - IEEE_8021X_SUBJECT_MATCH
altsubject-matches         - IEEE_8021X_ALTSUBJECT_MATCHES
phase2-subject-match       - IEEE_8021X_PHASE2_SUBJECT_MATCH
phase2-altsubject-matches  - IEEE_8021X_PHASE2_ALTSUBJECT_MATCHES

And a testcase of course.
2014-02-28 10:17:40 +01:00
Dan Winship
10a4df690c devices: propagate the hop limit from an IPv6 RA to the kernel config
If we set accept_ra_defrtr=0 then the kernel will ignore the "hop
limit" too. So parse it out of the RA and set it manually.
2014-02-27 15:28:11 -05:00
Dan Winship
10b699c51f rdisc: expose the "hop limit" from the RA 2014-02-27 15:28:11 -05:00
Dan Winship
c04db133fc devices: be more precise about kernel IPv6 RA handling
We don't want the kernel to do IPv6 addrconf, but we do want it to
notice the non-router-related fields in the RA (eg, Retrans Timer) and
update the interface state to reflect them. So instead of turning off
accept_ra, we leave it turned on, and turn off accept_ra_defrtr,
accept_ra_rtr_pref, and accept_ra_pinfo instead.
2014-02-27 15:28:11 -05:00
Dan Winship
6136630163 devices: abstract the handling of IPv6 sysfs properties
We're about to start using a bunch more IPv6 sysfs properties, so
let's start by making the code more extensible.
2014-02-27 15:28:11 -05:00
Dan Winship
5fe94852ef platform: change sysctl_get/set error logging
Remove the "silent_on_error" flag from nm_platform_sysctl_get(), and
make both get() and set() log at debug level on ENOENT and error level
on all other errors, always.

Also ensure that we don't sometimes write "failed to set 'x' to 'y':
Success" when a partial write occurs.
2014-02-27 15:28:11 -05:00
Thomas Haller
0332850627 core: default route should stay on the current active device
get_best_ip4_device() and get_best_ip6_device() iterate over
the list of devices to find the device with the default route.
The order of iteration is arbitrarly choosen.

Before, if two devices had the same priority, it would choose
the first one. Change it so that the device which currently has
the default route keeps it -- until it gets deactivated or a higher
priorty device gets connected.

Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-02-27 20:00:20 +01:00
Dan Williams
39ab68481c core: fix ActiveConnection handling of device disconnected state after e19f48ec (rh #1058843)
e19f48ec was incomplete; it failed to handle device disconnections.
NMDevice will clear its internal activation request *before*
emitting the state change, which meant that when the
NMActRequest processes the DISCONNECTED state change, the:

if (NM_ACTIVE_CONNECTION (nm_device_get_act_request (device)) != active)
    return;

statement triggered and the DISCONNECTED state change was not
processed.

Instead of having NMDevice keep the activation request alive over
the entire DISCONNECTED state transition, which may have much
greater implications, handle the special-case locally in the
NMActRequest code itself.
2014-02-27 12:57:59 -06:00
Dan Winship
16cd4f6892 trivial: fix variable name in declaration 2014-02-27 13:39:20 -05:00
Thomas Haller
7d73ee75df trivial: more wrong compiler warnings
connection_parser.c: In function 'make_ip4_setting':
  connection_parser.c:660:33: error: 'method' may be used uninitialized in this function [-Werror=maybe-uninitialized]
    if (!is_static_block && strstr (method, "dhcp")) {

  connections.c: In function ‘load_cmd_line_edit_lib’:
  connections.c:5744:17: error: ‘module’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
    g_module_close (module);

Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-02-27 18:31:07 +01:00
Thomas Haller
0550a14fbe trivial: omit wrong compiler warning in ifcfg-rh reader about uninitialized use
reader.c: In function 'parse_infiniband_p_key':
  reader.c:3947:5: error: 'id' may be used uninitialized in this function [-Werror=maybe-uninitialized]
    id = (id | 0x8000);
       ^

Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-02-27 18:26:28 +01:00
Manoj Kumar Giri
fbaaedf926 po: updated Oriya (Odia) (or) translation (bgo #725304)
https://bugzilla.gnome.org/show_bug.cgi?id=725304

Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-02-27 13:39:19 +01:00
Glaucia Freitas
8900bb688b po: updated Brazilian Portuguese (pt_BR) translation (bgo #725302)
https://bugzilla.gnome.org/show_bug.cgi?id=725302

Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-02-27 13:36:57 +01:00
Thomas Haller
f0a8b3a76d core: fix alignment of logging timestamp
Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-02-26 19:06:00 +01:00
Dan Williams
834c6f32b3 build: clean 0.9.8 generated files
Makes it easier to switch between 0.9.8 and git master.
2014-02-26 09:58:15 -06:00
Glaucia Freitas
4edae526c1 po: updated Brazilian Portuguese (pt_BR) translation (bgo #725182)
https://bugzilla.gnome.org/show_bug.cgi?id=725182

Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-02-26 15:52:34 +01:00
Dan Williams
53720c3837 merge: really implement DEACTIVATING state and fix re-activation crash (rh #1058843)
Really implement the DEACTIVATING state this time.  This now allows easy
"pre-down" hooks whenever we choose to implement that.

Next, fix a crash during re-activation where a pending activation request
mis-interpreted device state changes from a previous activation request
that was deactivating.
2014-02-25 18:05:55 -06:00
Dan Williams
e19f48ec26 core: better ignore deactivations before a new activation starts (rh #1058843)
When a new activation request comes in and the device is already
activated, two NMActRequests will exist for the device in parallel.
The old one handles de-activation of the device and is then disposed,
while the new one waits until the device is de-activated and then
takes over and starts the new activation.

Both requests are watching device state, and the new request may
mis-interpret the de-activation states and clean up its device pointer,
leading to assertion failures when the new activation starts.

To fix this (and because NMVPNConnection *does* always want to see
de-activation events from the device) remove the code that tries to
ignore de-activation from NMActiveConnection's device state handler.

Instead, have NMActRequest skip any reaction to device state changes
unless it is the current activation request on the device.  The VPN
code always wants to see the device's state, so it doesn't need this
check.
2014-02-25 18:03:03 -06:00
Dan Williams
4040198b47 core: queue re-activations to allow DEACTIVATING state
If a device is already activated, queue the new activation to allow
the transition through the DEACTIVATING state.

---

Also remove the "HACK" bits in nm_device_deactivate(). This hack was
added on 2007-09-25 in commit 9c2848d.  At the time, with user settings
services, if a client created a connection and requested that NM
activate it, NM may not have read the connection from the client over
D-Bus yet.  So NM created a "deferred" activation request which waited
until the connection was read from the client, and then began activation.

The Policy watched for device state changes and other events (like
it does now) and activated a new device if the old one was no longer
valid.  It specifically checked for deferred activations and then
did nothing.  However, when the client's connection was read, then
nm-device.c cleared the deferred activation bit, leading to a short
period of time where the device was in DISCONNECTED state but there
was no deferred activation, because the device only changes state to
PREPARE from the idle handler for stage1.  If other events happened
during this time, the policy would tear down the device that was
about to be activated. This early state transition to PREPARE
worked around that.

We need to remove it now though, because (a) the reason for its
existence is no longer valid, and (b) _device_activate() may now
be called from inside nm_device_state_changed() and thus it cannot
change to a new state inside the function.
2014-02-25 18:03:02 -06:00
Dan Williams
037c67f471 firewall: ignore UNKNOWN_INTERFACE errors
If the firewall didn't know about the interface, don't log errors
about it because there's nothing NM can do.  Also, sometimes NM
sends the not-IP interface, like when disconnecting WWAN when the
PPP interface is already gone.
2014-02-25 17:22:08 -06:00
Jiří Klimeš
3789412160 libnm-util: fix adding values to 'phase2-altsubject-matches'
It was mixed up with 'altsubject-matches'.
2014-02-25 18:42:24 +01:00
Thomas Haller
72f5542488 platform: downgrade error logging about NLE_DUMP_INTR on event socket
Such a failure can happen easily, because we now request an initial dump
to get AF_INET6 addresses in order to check for extended ifa flags support.

This is not critical, so downgrade the error log.

Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-02-25 16:31:53 +01:00
Jiří Klimeš
68066b40f2 libnm-util: fix verify_identity() in '802-1x' setting
We need to return FALSE on error, otherwise we pile GErrors and assert in
nm_setting_verify().
2014-02-25 15:57:54 +01:00
Jiří Klimeš
4141e69b3a settings: free memory in finalize(), not in dispose() in NMSecretAgent (rh #1061911)
Even if the code changed in master compared to the bug report, the issues would
still occur when we freed members in dispose.

https://bugzilla.redhat.com/show_bug.cgi?id=1061911
2014-02-25 14:27:48 +01:00
Thomas Haller
79f0f72b84 trivial: rename function in platform
To make the name analog to init_ip4_address, etc. which start with
init_*.

Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-02-24 22:06:07 +01:00
Thomas Haller
8b294541d8 platform: share the static buffer for platform to_string functions
Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-02-24 21:58:51 +01:00
Thomas Haller
0024c72586 trivial: fix whitespace
Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-02-24 21:35:33 +01:00
Thomas Haller
d3a2219cee replace snprintf by g_snprintf
Use the glib wrapper for snprintf.

Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-02-24 21:35:33 +01:00
Thomas Haller
6c0db3107e platform: align debugging output in platform signals
Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-02-24 18:29:25 +01:00
Thomas Haller
184d93ea60 rdisc: print gateway for routes in rdisc debugging output
Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-02-24 18:29:25 +01:00
Thomas Haller
076ca1e3e2 rdisc: fix invalid cast when printing addresses in config_changed()
Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-02-24 18:29:25 +01:00
Jiří Klimeš
c2a1cb1a44 docs: use %TRUE, %FALSE macros instead of plain TRUE, FALSE values for gtkdoc 2014-02-24 17:00:39 +01:00
Thomas Haller
8a67713e9e cli: allow resetting the connection.master to NULL
Without this patch, the following two commands fail:
  nmcli connection modify em1 connection.master
  nmcli connection modify em1 connection.master ""

Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-02-24 09:44:29 +01:00
Thomas Haller
93e4e0f8a1 core: minor fix to ensure we call platform functions with positive ifindex
Actually, get_ip_ifindex() should always return 0 or > 0. Just in case,
be extra careful and modify the conditions.

Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-02-23 22:31:49 +01:00
Thomas Haller
dd2ce3dfbc core: fix waiting for bringing up/taking down device
This fixes a regression introduced in 5074898591.
The while loop did only refetch the cached value (because the glib main loop
was blocked and only the cached device flags were checked).

Also, instead on relying of g_usleep(), wait until a maximum time of waiting
is expired. The duration of g_usleep() might not be very accurate.

Also, do no longer check the cached device state before setting the
device flag. The cache might be out of date, so we just set the flag.

https://bugzilla.gnome.org/show_bug.cgi?id=724363

Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-02-23 22:31:49 +01:00
Thomas Haller
66f5256b94 core: add nm_platform_link_refresh() function to refresh the libnl cache for links
Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-02-23 22:31:42 +01:00
Dan Winship
eac0573d5e platform: log warnings if macvlan/gre property reads fail 2014-02-21 13:54:02 -05:00
Dan Winship
4e273c4be8 platform: fix macvlan flags checking
You can't do an #ifdef on an enum value, so we were actually never
requesting IFLA_MACVLAN_FLAGS.
2014-02-21 13:54:02 -05:00
Dan Winship
95cf36fa8b platform: sanitize a boolean property
Make sure NMPlatformGreProperties->path_mtu_discovery is always TRUE
or FALSE, even if the value from the kernel is "2" or "16" or
something. (This makes it consistent with what we do for other boolean
netlink properties.)
2014-02-21 13:54:02 -05:00
Dan Williams
255cc3f707 merge: various WWAN fixes 2014-02-21 09:45:40 -06:00
Dan Williams
19089fb960 mobile: use gateway returned from ModemManager
If we get a gateway, use it.
2014-02-21 09:45:06 -06:00
Dan Williams
9d50e9dbd9 mobile: fix removal of ethernet interfaces owned by modems
If the kernel doesn't tag a modem's ethernet interface with
DEVTYPE=wwan then NetworkManager has no idea that's a modem
(and cannot be used until connected via the control port).
Since DEVTYPE=wwan devices get ignored by NM, so should these
interfaces when NM knows they are modems.

That got broken at some point for ModemManager1, because the
data port isn't read until the modem is connected.  NM only
looked for and removed the data-port-as-ethernet-device when
the modem was added, long before the MM1 data port was found.

ModemManager does provide a list of ports owned by the modem
though, which we can use at modem addition time to remove
an ethernet device that is controled by the modem.
2014-02-21 09:45:06 -06:00
Dan Williams
5c1dee10cd mobile: only change state to NEED_AUTH during activation (rh #1058308)
Auth requests only happen during activation and there's no need to
request secrets at any other time.  Ensure that the device state
won't change to NEED_AUTH except when activating.

(There's a case in NMModemBroadband where set_mm_enabled()
when the modem is locked may cause this, but we'll solve this
a different way later.)

https://bugzilla.redhat.com/show_bug.cgi?id=1058308
2014-02-21 09:45:06 -06:00
Dan Williams
4611aec5c2 mobile: consolidate secrets requests into NMDeviceModem
Both old and new ModemManager classes were doing the same thing, so
consolidate that into the superclass and save some LoC.
2014-02-21 09:45:06 -06:00
Dan Williams
12787f8565 mobile: fix disconnection on deactivation
When c4fc72c7 began using the DEACTIVATING state, the modem code
wasn't updated to handle this.  Because it only checked for
activating or ACTIVATED states to determine whether the modem was
previously connected, and thus when an MM disconnect was needed,
when the device enters the DISCONNECTED state it was no longer
considered previously active, and not disconnected.

Also, remove the NEED_AUTH handling from the modem code's device
state switch, because it does not appear to be needed.  The
modem will only enter NEED_AUTH when it requires PAP/CHAP secrets
during the connection attempt or when a PIN is required before
enabling the modem.  In both cases the modem won't yet be connected,
so this code will never be hit.
2014-02-21 09:45:06 -06:00
Thomas Haller
f8dcab53d9 libnm-glib: take reference in NMRemoteConnection before calling DBUS
We always have to take a reference to the NMRemoteConnection
before calling to DBUS, because the connection might be deleted
in the meantime.

https://bugzilla.gnome.org/show_bug.cgi?id=723168

Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-02-21 16:20:29 +01:00
Thomas Haller
9968895e19 libnm-glib: accept omitting callback in nm_remote_connection_*
The functions nm_remote_connection_save(), nm_remote_connection_commit_changes(),
and nm_remote_connection_commit_changes_unsaved() indicate in the documentation,
that they allow omitting the callback argument. Remove invalid checks
for callback.

Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-02-21 16:20:29 +01:00
Dan Winship
932aa29026 trivial: fix configure.ac comment 2014-02-19 13:43:10 -05:00
Thomas Haller
31483e23d1 test: add valgrind suppressions
`make check` failed on fc20.armv7hl

Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-02-18 20:33:10 +01:00
Thomas Haller
a6767f215e platform: refactor address_to_string() to return device as numeric if ifname is unknown
Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-02-18 13:21:47 +01:00