settings: add ipv4.link-local flag

Introduction of a new setting ipv4.link-local, which enables
link-local IP addresses concurrently with other IP address assignment
implementations such as dhcp or manually.
No way is implemented to obtain a link-local address as a fallback when
dhcp does not respond (as dhcpd does, for example). This could be be
added later.

To maintain backward compatibility with ipv4.method ipv4.link-local has
lower priority than ipv4.method. This results in:
* method=link-local overrules link-local=disabled
* method=disabled overrules link-local=enabled

Furthermore, link-local=auto means that method defines whether
link-local is enabled or disabled:
* method=link-local --> link-local=enabled
* else --> link-local=disabled

The upside is, that this implementation requires no normalization.
Normalization is confusing to implement, because to get it really
right, we probably should support normalizing link-local based on
method, but also vice versa. And since the method affects how other
properties validate/normalize, it's hard to normalize that one, so that
the result makes sense. Normalization is also often not great to the
user, because it basically means to modify the profile based on other
settings.

The downside is that the auto flag becomes API and exists because
we need backward compatibility with ipv4.method.
We would never add this flag, if we would redesign "ipv4.method"
(by replacing by per-method-specific settings).

Defining a default setting for ipv4.link-local in the global
configuration is also supported.
The default setting for the new property can be "default", since old
users upgrading to a new version that supports ipv4.link-local will not
have configured the global default in NetworkManager.conf. Therefore,
they will always use the expected "auto" default unless they change
their configuration.

Co-Authored-By: Thomas Haller <thaller@redhat.com>

man/NetworkManager.conf.xml

@@ -922,6 +922,10 @@ ipv6.ip6-privacy=0
         <varlistentry>
           <term><varname>ipv4.required-timeout</varname></term>
         </varlistentry>
+        <varlistentry>
+          <term><varname>ipv4.link-local</varname></term>
+          <listitem><para>If left unspecified, fallback to "auto" which makes it dependent on "ipv4.method" setting.</para></listitem>
+        </varlistentry>
         <varlistentry>
           <term><varname>ipv4.route-metric</varname></term>
         </varlistentry>

src/core/devices/nm-device.c

@@ -1510,6 +1510,53 @@ _prop_get_connection_lldp(NMDevice *self)
     return lldp == NM_SETTING_CONNECTION_LLDP_ENABLE_RX;
 }
 
+static NMSettingIP4LinkLocal
+_prop_get_ipv4_link_local(NMDevice *self)
+{
+    NMSettingIP4Config   *s_ip4;
+    NMSettingIP4LinkLocal link_local;
+
+    s_ip4 = nm_device_get_applied_setting(self, NM_TYPE_SETTING_IP4_CONFIG);
+    if (!s_ip4)
+        return NM_SETTING_IP4_LL_DISABLED;
+
+    link_local = nm_setting_ip4_config_get_link_local(s_ip4);
+
+    if (link_local == NM_SETTING_IP4_LL_DEFAULT) {
+        /* For connections without a ipv4.link-local property configured the global configuration
+           might defines the default value for ipv4.link-local. */
+        link_local = nm_config_data_get_connection_default_int64(NM_CONFIG_GET_DATA,
+                                                                 NM_CON_DEFAULT("ipv4.link-local"),
+                                                                 self,
+                                                                 NM_SETTING_IP4_LL_AUTO,
+                                                                 NM_SETTING_IP4_LL_ENABLED,
+                                                                 NM_SETTING_IP4_LL_DEFAULT);
+        if (link_local == NM_SETTING_IP4_LL_DEFAULT) {
+            /* If there is no global configuration for ipv4.link-local assume auto */
+            link_local = NM_SETTING_IP4_LL_AUTO;
+        } else if (link_local == NM_SETTING_IP4_LL_ENABLED
+                   && nm_streq(nm_setting_ip_config_get_method((NMSettingIPConfig *) s_ip4),
+                               NM_SETTING_IP4_CONFIG_METHOD_DISABLED)) {
+            /* ipv4.method=disabled has higher priority than the global ipv4.link-local=enabled */
+            link_local = NM_SETTING_IP4_LL_DISABLED;
+        } else if (link_local == NM_SETTING_IP4_LL_DISABLED
+                   && nm_streq(nm_setting_ip_config_get_method((NMSettingIPConfig *) s_ip4),
+                               NM_SETTING_IP4_CONFIG_METHOD_LINK_LOCAL)) {
+            /* ipv4.method=link-local has higher priority than the global ipv4.link-local=disabled */
+            link_local = NM_SETTING_IP4_LL_ENABLED;
+        }
+    }
+
+    if (link_local == NM_SETTING_IP4_LL_AUTO) {
+        link_local = nm_streq(nm_setting_ip_config_get_method((NMSettingIPConfig *) s_ip4),
+                              NM_SETTING_IP4_CONFIG_METHOD_LINK_LOCAL)
+                         ? NM_SETTING_IP4_LL_ENABLED
+                         : NM_SETTING_IP4_LL_DISABLED;
+    }
+
+    return link_local;
+}
+
 static guint32
 _prop_get_ipv4_dad_timeout(NMDevice *self)
 {
@@ -11699,11 +11746,14 @@ activate_stage3_ip_config_for_addr_family(NMDevice *self, int addr_family, const
         goto out_devip;
 
     if (IS_IPv4) {
+        if (_prop_get_ipv4_link_local(self) == NM_SETTING_IP4_LL_ENABLED)
+            _dev_ipll4_start(self);
+
         if (nm_streq(method, NM_SETTING_IP4_CONFIG_METHOD_AUTO))
             _dev_ipdhcpx_start(self, AF_INET);
-        else if (nm_streq(method, NM_SETTING_IP4_CONFIG_METHOD_LINK_LOCAL))
-            _dev_ipll4_start(self);
-        else if (nm_streq(method, NM_SETTING_IP4_CONFIG_METHOD_SHARED))
+        else if (nm_streq(method, NM_SETTING_IP4_CONFIG_METHOD_LINK_LOCAL)) {
+            /* pass */
+        } else if (nm_streq(method, NM_SETTING_IP4_CONFIG_METHOD_SHARED))
             _dev_ipshared4_start(self);
         else if (nm_streq(method, NM_SETTING_IP4_CONFIG_METHOD_DISABLED))
             priv->ip_data_x[IS_IPv4].is_disabled = TRUE;

src/libnm-client-impl/libnm.ver

@@ -1826,4 +1826,9 @@ libnm_1_38_0 {
 global:
 	nm_client_get_radio_flags;
 	nm_radio_flags_get_type;
-} libnm_1_36_0;
+} libnm_1_36_0;
+
+libnm_1_40_0 {
+global:
+	nm_setting_ip4_link_local_get_type;
+} libnm_1_38_0;

src/libnm-core-impl/nm-setting-ip4-config.c

@@ -38,14 +38,16 @@
 
 NM_GOBJECT_PROPERTIES_DEFINE_BASE(PROP_DHCP_CLIENT_ID,
                                   PROP_DHCP_FQDN,
-                                  PROP_DHCP_VENDOR_CLASS_IDENTIFIER, );
+                                  PROP_DHCP_VENDOR_CLASS_IDENTIFIER,
+                                  PROP_LINK_LOCAL, );
 
 typedef struct {
     NMSettingIPConfigPrivate parent;
 
-    char *dhcp_client_id;
-    char *dhcp_fqdn;
-    char *dhcp_vendor_class_identifier;
+    char  *dhcp_client_id;
+    char  *dhcp_fqdn;
+    char  *dhcp_vendor_class_identifier;
+    gint32 link_local;
 } NMSettingIP4ConfigPrivate;
 
 /**
@@ -127,6 +129,25 @@ nm_setting_ip4_config_get_dhcp_vendor_class_identifier(NMSettingIP4Config *setti
     return NM_SETTING_IP4_CONFIG_GET_PRIVATE(setting)->dhcp_vendor_class_identifier;
 }
 
+/**
+ * nm_setting_ip4_config_get_link_local:
+ * @setting: the #NMSettingIP4Config
+ *
+ * Returns the value contained in the #NMSettingIP4Config:link_local
+ * property.
+ *
+ * Returns: the link-local configuration
+ *
+ * Since: 1.40
+ **/
+NMSettingIP4LinkLocal
+nm_setting_ip4_config_get_link_local(NMSettingIP4Config *setting)
+{
+    g_return_val_if_fail(NM_IS_SETTING_IP4_CONFIG(setting), NM_SETTING_IP4_LL_DEFAULT);
+
+    return NM_SETTING_IP4_CONFIG_GET_PRIVATE(setting)->link_local;
+}
+
 static gboolean
 verify(NMSetting *setting, NMConnection *connection, GError **error)
 {
@@ -218,6 +239,46 @@ verify(NMSetting *setting, NMConnection *connection, GError **error)
         return FALSE;
     }
 
+    if (!NM_IN_SET(priv->link_local,
+                   NM_SETTING_IP4_LL_AUTO,
+                   NM_SETTING_IP4_LL_DEFAULT,
+                   NM_SETTING_IP4_LL_DISABLED,
+                   NM_SETTING_IP4_LL_ENABLED)) {
+        g_set_error(error,
+                    NM_CONNECTION_ERROR,
+                    NM_CONNECTION_ERROR_INVALID_PROPERTY,
+                    _("property is invalid"));
+        g_prefix_error(error,
+                       "%s.%s: ",
+                       NM_SETTING_IP4_CONFIG_SETTING_NAME,
+                       NM_SETTING_IP4_CONFIG_LINK_LOCAL);
+        return FALSE;
+    }
+    if (priv->link_local == NM_SETTING_IP4_LL_ENABLED
+        && nm_streq(method, NM_SETTING_IP4_CONFIG_METHOD_DISABLED)) {
+        g_set_error_literal(error,
+                            NM_CONNECTION_ERROR,
+                            NM_CONNECTION_ERROR_INVALID_PROPERTY,
+                            _("cannot enable ipv4.link-local with ipv4.method=disabled"));
+        g_prefix_error(error,
+                       "%s.%s: ",
+                       NM_SETTING_IP4_CONFIG_SETTING_NAME,
+                       NM_SETTING_IP4_CONFIG_LINK_LOCAL);
+        return FALSE;
+    }
+    if (priv->link_local == NM_SETTING_IP4_LL_DISABLED
+        && nm_streq(method, NM_SETTING_IP4_CONFIG_METHOD_LINK_LOCAL)) {
+        g_set_error_literal(error,
+                            NM_CONNECTION_ERROR,
+                            NM_CONNECTION_ERROR_INVALID_PROPERTY,
+                            _("cannot disable ipv4.link-local with ipv4.method=link-local"));
+        g_prefix_error(error,
+                       "%s.%s: ",
+                       NM_SETTING_IP4_CONFIG_SETTING_NAME,
+                       NM_SETTING_IP4_CONFIG_LINK_LOCAL);
+        return FALSE;
+    }
+
     if (priv->dhcp_client_id && !priv->dhcp_client_id[0]) {
         g_set_error_literal(error,
                             NM_CONNECTION_ERROR,
@@ -854,6 +915,32 @@ nm_setting_ip4_config_class_init(NMSettingIP4ConfigClass *klass)
                                               NMSettingIP4ConfigPrivate,
                                               dhcp_vendor_class_identifier);
 
+    /**
+     * NMSettingIP4Config:link-local:
+     *
+     * Enable and disable the IPv4 link-local configuration independently of the
+     * ipv4.method configuration. This allows a link-local address (169.254.x.y/16)
+     * to be obtained in addition to other addresses, such as those manually
+     * configured or obtained from a DHCP server.
+     *
+     * When set to "auto", the value is dependent on "ipv4.method".
+     * When set to "default", it honors the global connection default, before
+     * falling back to "auto". Note that if "ipv4.method" is "disabled", then
+     * link local addressing is always disabled too. The default is "default".
+     *
+     * Since 1.40
+     */
+    _nm_setting_property_define_direct_int32(properties_override,
+                                             obj_properties,
+                                             NM_SETTING_IP4_CONFIG_LINK_LOCAL,
+                                             PROP_LINK_LOCAL,
+                                             G_MININT32,
+                                             G_MAXINT32,
+                                             NM_SETTING_IP4_LL_DEFAULT,
+                                             NM_SETTING_PARAM_NONE,
+                                             NMSettingIP4ConfigPrivate,
+                                             link_local);
+
     /* IP4-specific property overrides */
 
     /* ---dbus---

src/libnm-core-impl/tests/test-general.c

@@ -3872,6 +3872,7 @@ test_connection_diff_a_only(void)
              {NM_SETTING_IP_CONFIG_DHCP_IAID, NM_SETTING_DIFF_RESULT_IN_A},
              {NM_SETTING_IP4_CONFIG_DHCP_VENDOR_CLASS_IDENTIFIER, NM_SETTING_DIFF_RESULT_IN_A},
              {NM_SETTING_IP_CONFIG_DHCP_REJECT_SERVERS, NM_SETTING_DIFF_RESULT_IN_A},
+             {NM_SETTING_IP4_CONFIG_LINK_LOCAL, NM_SETTING_DIFF_RESULT_IN_A},
              {NULL, NM_SETTING_DIFF_RESULT_UNKNOWN},
          }},
     };

src/libnm-core-public/nm-setting-ip4-config.h

@@ -32,6 +32,7 @@ G_BEGIN_DECLS
 #define NM_SETTING_IP4_CONFIG_DHCP_CLIENT_ID               "dhcp-client-id"
 #define NM_SETTING_IP4_CONFIG_DHCP_FQDN                    "dhcp-fqdn"
 #define NM_SETTING_IP4_CONFIG_DHCP_VENDOR_CLASS_IDENTIFIER "dhcp-vendor-class-identifier"
+#define NM_SETTING_IP4_CONFIG_LINK_LOCAL                   "link-local"
 
 /**
  * NM_SETTING_IP4_CONFIG_METHOD_AUTO:
@@ -77,6 +78,28 @@ G_BEGIN_DECLS
  */
 #define NM_SETTING_IP4_CONFIG_METHOD_DISABLED "disabled"
 
+/**
+ * NMSettingIP4LinkLocal:
+ * @NM_SETTING_IP4_LL_DEFAULT: Allow fallback to a globally configured default. If unspecified,
+ *   fallback to "auto". Note that if "ipv4.method" is "disabled", this always implies link-local
+ *   addresses disabled too.
+ * @NM_SETTING_IP4_LL_AUTO: Special value which enables LL if "ipv4.method" is set to
+ *   "link-local".
+ * @NM_SETTING_IP4_LL_DISABLED: Disable IPv4 link-local protocol.
+ * @NM_SETTING_IP4_LL_ENABLED: Enable the IPv4 link-local protocol regardless what other protocols
+ * such as DHCP or manually assigned IP addresses might be active.
+ *
+ * #NMSettingIP4LinkLocal values indicate whether IPv4 link-local address protocol should be enabled.
+ *
+ * Since: 1.40
+ */
+typedef enum {
+    NM_SETTING_IP4_LL_DEFAULT  = 0,
+    NM_SETTING_IP4_LL_AUTO     = 1,
+    NM_SETTING_IP4_LL_DISABLED = 2,
+    NM_SETTING_IP4_LL_ENABLED  = 3,
+} NMSettingIP4LinkLocal;
+
 typedef struct _NMSettingIP4ConfigClass NMSettingIP4ConfigClass;
 
 GType nm_setting_ip4_config_get_type(void);
@@ -90,6 +113,9 @@ const char *nm_setting_ip4_config_get_dhcp_fqdn(NMSettingIP4Config *setting);
 NM_AVAILABLE_IN_1_28
 const char *nm_setting_ip4_config_get_dhcp_vendor_class_identifier(NMSettingIP4Config *setting);
 
+NM_AVAILABLE_IN_1_40
+NMSettingIP4LinkLocal nm_setting_ip4_config_get_link_local(NMSettingIP4Config *setting);
+
 G_END_DECLS
 
 #endif /* __NM_SETTING_IP4_CONFIG_H__ */

src/libnmc-setting/nm-meta-setting-desc.c

@@ -6133,6 +6133,14 @@ static const NMMetaPropertyInfo *const property_infos_IP4_CONFIG[] = {
     PROPERTY_INFO_WITH_DESC (NM_SETTING_IP4_CONFIG_DHCP_VENDOR_CLASS_IDENTIFIER,
         .property_type =                &_pt_gobject_string,
     ),
+    PROPERTY_INFO_WITH_DESC (NM_SETTING_IP4_CONFIG_LINK_LOCAL,
+        .property_type =                &_pt_gobject_enum,
+        .property_typ_data = DEFINE_PROPERTY_TYP_DATA (
+            PROPERTY_TYP_DATA_SUBTYPE (gobject_enum,
+                .get_gtype =            nm_setting_ip4_link_local_get_type,
+            ),
+        ),
+    ),
     PROPERTY_INFO (NM_SETTING_IP_CONFIG_DHCP_REJECT_SERVERS, DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DHCP_REJECT_SERVERS,
         .property_type =                &_pt_multilist,
         .property_typ_data = DEFINE_PROPERTY_TYP_DATA (

src/libnmc-setting/settings-docs.h.in

@@ -246,6 +246,7 @@
 #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_GATEWAY N_("The gateway associated with this configuration. This is only meaningful if \"addresses\" is also set. The gateway's main purpose is to control the next hop of the standard default route on the device. Hence, the gateway property conflicts with \"never-default\" and will be automatically dropped if the IP configuration is set to never-default. As an alternative to set the gateway, configure a static default route with /0 as prefix length.")
 #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_IGNORE_AUTO_DNS N_("When \"method\" is set to \"auto\" and this property to TRUE, automatically configured name servers and search domains are ignored and only name servers and search domains specified in the \"dns\" and \"dns-search\" properties, if any, are used.")
 #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_IGNORE_AUTO_ROUTES N_("When \"method\" is set to \"auto\" and this property to TRUE, automatically configured routes are ignored and only routes specified in the \"routes\" property, if any, are used.")
+#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_LINK_LOCAL N_("Enable and disable the IPv4 link-local configuration independently of the ipv4.method configuration. This allows a link-local address (169.254.x.y/16) to be obtained in addition to other addresses, such as those manually configured or obtained from a DHCP server. When set to \"auto\", the value is dependent on \"ipv4.method\". When set to \"default\", it honors the global connection default, before falling back to \"auto\". Note that if \"ipv4.method\" is \"disabled\", then link local addressing is always disabled too. The default is \"default\". Since 1.40")
 #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_MAY_FAIL N_("If TRUE, allow overall network configuration to proceed even if the configuration specified by this property times out.  Note that at least one IP configuration must succeed or overall network configuration will still fail.  For example, in IPv6-only networks, setting this property to TRUE on the NMSettingIP4Config allows the overall network configuration to succeed if IPv4 configuration fails but IPv6 configuration completes successfully.")
 #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_METHOD N_("IP configuration method. NMSettingIP4Config and NMSettingIP6Config both support \"disabled\", \"auto\", \"manual\", and \"link-local\". See the subclass-specific documentation for other values. In general, for the \"auto\" method, properties such as \"dns\" and \"routes\" specify information that is added on to the information returned from automatic configuration.  The \"ignore-auto-routes\" and \"ignore-auto-dns\" properties modify this behavior. For methods that imply no upstream network, such as \"shared\" or \"link-local\", these properties must be empty. For IPv4 method \"shared\", the IP subnet can be configured by adding one manual IPv4 address or otherwise 10.42.x.0/24 is chosen. Note that the shared method must be configured on the interface which shares the internet to a subnet, not on the uplink which is shared.")
 #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_NEVER_DEFAULT N_("If TRUE, this connection will never be the default connection for this IP type, meaning it will never be assigned the default route by NetworkManager.")

src/nmcli/generate-docs-nm-settings-nmcli.xml.in

@@ -696,6 +696,8 @@
                   description="Timeout in milliseconds used to check for the presence of duplicate IP addresses on the network.  If an address conflict is detected, the activation will fail.  A zero value means that no duplicate address detection is performed, -1 means the default value (either configuration ipvx.dad-timeout override or zero).  A value greater than zero is a timeout in milliseconds. The property is currently implemented only for IPv4." />
         <property name="dhcp-vendor-class-identifier"
                   description="The Vendor Class Identifier DHCP option (60). Special characters in the data string may be escaped using C-style escapes, nevertheless this property cannot contain nul bytes. If the per-profile value is unspecified (the default), a global connection default gets consulted. If still unspecified, the DHCP option is not sent to the server. Since 1.28" />
+        <property name="link-local"
+                  description="Enable and disable the IPv4 link-local configuration independently of the ipv4.method configuration. This allows a link-local address (169.254.x.y/16) to be obtained in addition to other addresses, such as those manually configured or obtained from a DHCP server. When set to &quot;auto&quot;, the value is dependent on &quot;ipv4.method&quot;. When set to &quot;default&quot;, it honors the global connection default, before falling back to &quot;auto&quot;. Note that if &quot;ipv4.method&quot; is &quot;disabled&quot;, then link local addressing is always disabled too. The default is &quot;default&quot;. Since 1.40" />
         <property name="dhcp-reject-servers"
                   description="Array of servers from which DHCP offers must be rejected. This property is useful to avoid getting a lease from misconfigured or rogue servers. For DHCPv4, each element must be an IPv4 address, optionally followed by a slash and a prefix length (e.g. &quot;192.168.122.0/24&quot;). This property is currently not implemented for DHCPv6." />
     </setting>