fixes segfault with iwd backend after upgrade to NetworkManager 1.30.0
Signed-off-by: Jan Palus <jpalus@fastmail.com>
Fixes: 43fd93d8f4 ('iwd: Order objects from g_dbus_object_manager_get_objects')
Before this commit, in AP mode, WPS is started by default and there is no
possibility to disable it. The methods provided as WPS sources seem to
differ from device to device. With some Wifi USB sticks running in AP mode,
the WPS config methods contain "Keypad". Then, I get a pin entry dialog on
Windows machines, even if no pin is configured.
This merge request wires the existing 802-11-wireless-security.wps-method
with wpa_supplicant's configuration to allow disabling WPS.
glib requires G_LOG_DOMAIN defined so that log messages are labeled
to belong to NetworkManager or libnm.
However, we don't actually want to use glib logging. Our library libnm
MUST not log anything, because it spams the user's stdout/stderr.
Instead, a library must report notable events via its API. Note that
there is also LIBNM_CLIENT_DEBUG to explicitly enable debug logging,
but that doesn't use glib logging either.
Also, the daemon does not use glib logging instead it logs to syslog.
When run with `--debug`.
Hence, it's not useful for us to define different G_LOG_DOMAIN per
library/application, because none of our libraries/applications should
use glib logging.
It also gets slightly confusing, because we have the static library like
`src/libnm-core-impl`, which is both linked into `libnm` (the library)
and `NetworkManager` (the daemon). Which logging domain should they use?
Set the G_LOG_DOMAIN to "nm" everywhere. But no longer do it via `-D`
arguments to the compiler.
See-also: https://developer.gnome.org/glib/stable/glib-Message-Logging.html#G-LOG-DOMAIN:CAPS
"libnm-core/" is rather complicated. It provides a static library that
is linked into libnm.so and NetworkManager. It also contains public
headers (like "nm-setting.h") which are part of public libnm API.
Then we have helper libraries ("libnm-core/nm-libnm-core-*/") which
only rely on public API of libnm-core, but are themself static
libraries that can be used by anybody who uses libnm-core. And
"libnm-core/nm-libnm-core-intern" is used by libnm-core itself.
Move "libnm-core/" to "src/". But also split it in different
directories so that they have a clearer purpose.
The goal is to have a flat directory hierarchy. The "src/libnm-core*/"
directories correspond to the different modules (static libraries and set
of headers that we have). We have different kinds of such modules because
of how we combine various code together. The directory layout now reflects
this.
/route/ip6: NMPlatformSignalAssert: ../src/core/platform/tests/test-route.c:449, test_ip6_route(): failure to accept signal one time: 'ip6-route-changed-added' ifindex 0 (2 times received)
(cherry picked from commit 39c3eacb7d)
/route/ip6: NMPlatformSignalAssert: ../src/core/platform/tests/test-route.c:449, test_ip6_route(): failure to accept signal one time: 'ip6-route-changed-added' ifindex 0 (2 times received)
Since we always set autoconnect-retries=1, use the value of
rd.net.dhcp.retry as a multiplier for the DHCP timeout.
(cherry picked from commit 099ce63888)
By default a connection is retried 4 times before it is blocked from
autoconnecting. This means that if a user specifies an explicit DHCP
timeout in the initrd command line, NM will wait up to 4 times more.
Instead, set the "connection.autoconnect-retries" property of
connections always to 1, so that NM only waits for the time
specified.
Before this commit a default DHCP connection would take at most (45 x
4) seconds. Since the multiplier is now only 1, also increase the DHCP
timeout to have a total time of (90 x 1) seconds, which is the half
than before.
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/559
(cherry picked from commit 7e126fe898)
By default a connection is retried 4 times before it is blocked from
autoconnecting. This means that if a user specifies an explicit DHCP
timeout in the initrd command line, NM will wait up to 4 times more.
Instead, set the "connection.autoconnect-retries" property of
connections always to 1, so that NM only waits for the time
specified.
Before this commit a default DHCP connection would take at most (45 x
4) seconds. Since the multiplier is now only 1, also increase the DHCP
timeout to have a total time of (90 x 1) seconds, which is the half
than before.
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/559
We periodically re-resolve the DNS name for entpoints. Since WireGuard
has no concept of being connected, we want to eventually pick up
if the DNS name resolves to a different IP address.
However, on resolution failure, we will never clear the endpoint we
already have. Thus, resolving names can only give a better endpoint,
not remove an IP address entirely.
DNS names might do Round-Robin load distribution and the name of the
endpoint might resolve to multiple IP addresses. Improve to stick to
the IP address that we already have -- provided that the IP address
is still among the new resolution result. Otherwise, we continue to
pick the first IP address that was resolved.
(cherry picked from commit 98348ee539)
In C, initialization of a union does not define that excess memory
is initialized. Ensure that, by initializing the largest member of the
NMSockAddrUnion union.
(cherry picked from commit 7bf2ddf73f)
We periodically re-resolve the DNS name for entpoints. Since WireGuard
has no concept of being connected, we want to eventually pick up
if the DNS name resolves to a different IP address.
However, on resolution failure, we will never clear the endpoint we
already have. Thus, resolving names can only give a better endpoint,
not remove an IP address entirely.
DNS names might do Round-Robin load distribution and the name of the
endpoint might resolve to multiple IP addresses. Improve to stick to
the IP address that we already have -- provided that the IP address
is still among the new resolution result. Otherwise, we continue to
pick the first IP address that was resolved.
In C, initialization of a union does not define that excess memory
is initialized. Ensure that, by initializing the largest member of the
NMSockAddrUnion union.
Under restricted permissions (like inside a podman container) opening
"/proc/self/ns/net" fails with Permission denied. Consequently we cannot
create our bottom NMPNetns instance. That is mostly fine, however we
would log an error message with severity <error>.
Note that test "src/core/platform/tests/test-platform-general" asserts
that no <warn> and <error> messages get logged. Hence, the test will
fail.
That is undesirable. Downgrade the message to <debug> so that the test
passes. Also, it's not clear that this error message is useful here.
Being unable to open a netns fd is fine and not necessarily an error
condition.
(cherry picked from commit 0213300dce)
We should always register the GArray stack with pthread
for cleanup the thread local storage. Do that first, before
creating the NMPNetns instance at the bottom of the stack.
(cherry picked from commit f9636080ac)
Inside a podman container (without `--priviledged`) we don't have
permissions for "unshare(CLONE_NEWNET|CLONE_NEWNS)".
It's not useful to fail tests in environments where they cannot run.
Skip them.
(cherry picked from commit ecdbb1ab84)
Under restricted permissions (like inside a podman container) opening
"/proc/self/ns/net" fails with Permission denied. Consequently we cannot
create our bottom NMPNetns instance. That is mostly fine, however we
would log an error message with severity <error>.
Note that test "src/core/platform/tests/test-platform-general" asserts
that no <warn> and <error> messages get logged. Hence, the test will
fail.
That is undesirable. Downgrade the message to <debug> so that the test
passes. Also, it's not clear that this error message is useful here.
Being unable to open a netns fd is fine and not necessarily an error
condition.
We should always register the GArray stack with pthread
for cleanup the thread local storage. Do that first, before
creating the NMPNetns instance at the bottom of the stack.
Inside a podman container (without `--priviledged`) we don't have
permissions for "unshare(CLONE_NEWNET|CLONE_NEWNS)".
It's not useful to fail tests in environments where they cannot run.
Skip them.
We call `tc` from iproute2, which commonly is at "/sbin/tc".
That might not be in the "$PATH" of a regular user, and consequently
we fail to run the test.
Work around that by always adding "/bin" and "/sbin" to the $PATH.
(cherry picked from commit f591aa41c6)
We call `tc` from iproute2, which commonly is at "/sbin/tc".
That might not be in the "$PATH" of a regular user, and consequently
we fail to run the test.
Work around that by always adding "/bin" and "/sbin" to the $PATH.
