nm_platform_ip4_address_sync() tries to apply the new configuration
with the minimum effort and doesn't delete addresses if they are
already present on the interface. This can break the ordering, as an
existing address would be promoted by kernel to primary, even if it
was last in our configuration.
Add some logic to ensure the correct order of addresses is always
enforced. This fixes situations like:
# nmcli connection add type ethernet ifname eth0 con-name t \
ipv4.method manual \
ipv4.addresses "1.1.1.1/24,1.1.1.2/24,1.1.1.5/24"
# nmcli connection up t
=> addresses are applied in the right order:
inet 1.1.1.1/24 brd 1.1.1.255 scope global eth0
inet 1.1.1.2/24 brd 1.1.1.255 scope global secondary eth0
inet 1.1.1.5/24 brd 1.1.1.255 scope global secondary eth0
# nmcli connection mod t ipv4.addresses "1.1.1.5/24,1.1.1.2/24,1.1.1.1/24"
# nmcli device reapply eth0
=> order is wrong:
inet 1.1.1.2/24 brd 1.1.1.255 scope global eth0
inet 1.1.1.5/24 brd 1.1.1.255 scope global secondary eth0
inet 1.1.1.1/24 brd 1.1.1.255 scope global secondary eth0
Co-Authored-By: Thomas Haller <thaller@redhat.com>
When multiple address are assigned to an interface and the kernel must
decide which one should be used to communicate with a given IP, it
chooses the most specific one in the same subnet as the
destination. In case there are multiple addresses in the same subnet,
the primary address is choosen, which is basically the first one that
was added.
With commit 7197425137 ("device: expose NMIP4Config:addresses in
stable/defined sort order") we sorted all the addresses before
committing the configuration, with the side effect that the order no
longer respected the one in the user configuration.
Instead, change the sort function to keep the subnet order unchanged.
Since commit 9fafb382db, we would
explicitly set libnl's socket buffer size to 4*getpagesize().
That is also the default of libnl itself. Additionally, we would
workaround too small buffers by increasing the buffer size up to 512K.
A too small buffer causes messages to be lost. Usually, that only
results in a cache-resync, which isn't too bad. Lost messages are however
a problem if the lost message was an ACK that we were waiting for.
However, it is rather unlikely to happen, because it's expected that
the buffer size gets adjusted already when the cache is filled initially,
before any other requests are pending.
Still, let's increase the default buffer size to 32K, hoping that this
initial value is already large enough to avoid the problem altogether.
Note that iproute2 also uses a buffer size of 32K [1] [2].
Alternatively, we could use MSG_PEEK like systemd does [3]. However,
that requires two syscalls per message.
[1] https://patchwork.ozlabs.org/patch/592178/
[2] https://git.kernel.org/cgit/linux/kernel/git/shemminger/iproute2.git/tree/lib/libnetlink.c?id=f5f760b81250630da23a4021c30e802695be79d2#n274
[3] cd66af2274/src/libsystemd/sd-netlink/netlink-socket.c (L323)
When disabling link autonegotiation and setting speed and duplex manually,
the user is alone: no check is performed against supplied values.
So, the user is supposed to check that the device supports those values.
Explicit this in nm-settings man page.
[fgiudici@redhat.com: added the commit message]
We don't want to enable MSG_PEEK due to the overhead. But when we detect
that we just lost a message due to MSG_TRUNC, increase the buffer size and
retry.
See-also: 55ea6e6b6c
A new DNS may have different data for us. So tell dnsmasq to
automatically clear the cache when servers change.
Signed-off-by: Christian Hesse <mail@eworm.de>
When going to sleep, we unmanage devices setting the unmanaged flags
immediately but delaying the state transition (because we do it from
another state transition). The signal handler can be executed after
the wake and, especially, after we have already re-managed the device,
making the device unmanaged again.
Detect such situation and force the state to UNMANAGED (which will
also clear any pending state change), so that later we manage the
device again and it will try to activate any available connection.
Fixes: 81ea812362https://bugzilla.redhat.com/show_bug.cgi?id=1382526
- `make dist` requires --enable-gtk-doc --enable-introspection --with-libnm-glib
- --enable-gtk-doc requires --enable-introspection
- --with-nmcli requires either --enable-introspection or pregenerated
settings-docs.c files from the dist tarball. It does not require
--enable-gtk-doc.
There is a bit of a problem in that --enable-introspection requires
now xsltproc. However, gobject-introspection does itself not depend
on xsltproc. So, more correct might be a special --enable-doc argument,
that combines --enable-introspection --with-xsltproc. Anyway, that
seems to make it more complicated then it already is so just implicitly
(and surprisingly?) require xsltproc with --enable-introspection.
https://bugzilla.gnome.org/show_bug.cgi?id=775003
declassify bad combinations of auto-negotiate, duplex and speed
properties values from _VERIFY_NORMALIZABLE_ERRORS to
_VERIFY_NORMALIZABLE. This would preserve compatibility with legacy
nm-connection-editors.
Also, ifnet plugin would read the configuration value, which is just wrong
because:
- the configuration might not be set and ifnet would fail to fallback
to the compile time default.
- the configuration only is in effect if the plugin is also available.
Otherwise, we fallback to the next plugin.
Only the dhcp-manager knows which DHCP plugin is in use.
Since commit fb2ca0ce3d we would no longer pre-set the main.plugins
value in NMConfig's keyfile to recognize unset default settings.
This breaks with
[main]
plugins+=foo
which now results in
main.plgin=foo
while previously it would have extended the compile time default.
https://bugzilla.redhat.com/show_bug.cgi?id=1397938
Fixes: fb2ca0ce3d
Instead of having the caller do the fallback to the compile time default
plugins, let it be handled by nm_config_get_plugins().
The knowledge of fallback to a compile time default (and how to do that
properly) should be inside NMConfig/NMConfigData alone.
Also, as this function is only called once, let NMConfig not cache
the string list but create it once as needed.
From valgrind:
==21921== Invalid free() / delete / delete[] / realloc()
==21921== at 0x4C2CD5A: free (vg_replace_malloc.c:530)
==21921== by 0x81C4F2D: g_free (gmem.c:189)
==21921== by 0x81AB021: g_error_free (gerror.c:491)
==21921== by 0x81AB325: g_clear_error (gerror.c:674)
==21921== by 0x767B555: reg_request_cb (nm-secret-agent-old.c:616)
==21921== by 0x7A211F2: g_task_return_now (gtask.c:1107)
==21921== by 0x7A21228: complete_in_idle_cb (gtask.c:1121)
==21921== by 0x81BF6B9: g_main_dispatch (gmain.c:3154)
==21921== by 0x81BF6B9: g_main_context_dispatch (gmain.c:3769)
==21921== by 0x81BFA6F: g_main_context_iterate.isra.29 (gmain.c:3840)
==21921== by 0x81BFB1B: g_main_context_iteration (gmain.c:3901)
==21921== by 0x7A4748C: g_application_run (gapplication.c:2381)
==21921== by 0x118AEF: main (main.c:81)
It caused memory corruption and may result in strange nm-applet crashes.
If auto-negotiate is switched off, enforce that both speed and duplex
are set or unset (which would mean "ignore"): if only one is set, reset
both silently and ignore link configuration.
Need to pass --path to xsltproc to find common.ent in the
build-directory.
$ git clean -fdx && NMTST_MAKE='V=1 -d' ./tools/test-build.sh man/nm-settings-ifcfg-rh.xml