"NMSTATEDIR" is "nmstatedir" is "'${localstatedir}'/lib/$PACKAGE" is
usually "/var/lib/NetworkManager".
The "install-data-hook" in "src/Makefile.am" properly installs the
directory with permissions 700. When creating the directory at startup,
we must also use those permissions.
It does more than intended; apart from denying messages to that particular
interface it also denies all messages non-qualified with an
interface globally.
This blocks messages completely unrelated to wpa_supplicant, such as
NetworkManager communication with the VPN plugins.
From the dbus-daemon manual:
Be careful with send_interface/receive_interface, because the
interface field in messages is optional. In particular, do NOT
specify <deny send_interface="org.foo.Bar"/>! This will cause
no-interface messages to be blocked for all services, which is
almost certainly not what you intended. Always use rules of the form:
<deny send_interface="org.foo.Bar" send_destination="org.foo.Service"/>
We can just safely remove those rules, since we're sufficiently protected
by the send_destination matches and method calls are disallowed by default
anyway.
https://bugzilla.gnome.org/show_bug.cgi?id=763880
No point ins storing "TRUE" as value in the @shared_ips hash
table. That forces glib to allocate a separate storage for the
value. Just use g_hash_table_add() instead.
The macro _LOGx_ENABLED() is defined with a default implementation
that depends on _NMLOG_DOMAIN. Although that default does not
check for LOGD_DHCP4 vs. LOGD_DHCP6, still provide it.
Determining the correct domain might involve a larger performance
impact that what we would safe.
We're expecting four callbacks: a client::devices change,
client::active-connections change, client::activate callback,
and a device::active-connection change.
We only hook the second one in the callback to the first one, and
only if client::active-connections is not set already. If it is
(when running slowly in valgrind), we just decrement the counter.
However, as the counter is one less than it should be, it would
underflow and we wait forever* instead.
For the value of forever=20s, given that's the timeout of the
mockup service.
The fields in the neighbor variant should have a defined order.
Instead of sorting the hash table entries while constructing the
variant in lldp_neighbor_to_variant(), refactor the management of
the TLV attributes.
As we only support known attributes, we can
store them in an array at a known index instead of putting them
in a hash table.
An alternative would be to have explict fields for every known
attribute. That would be even more efficient, but requires more
work when adding new attributes.
We register the callback early on, so we get notified about
every single neighbor as they show up. No need to iterate over
them explicitly -- and probably, at that early state, there are
no neighbors yet.
The systemd event tells which neighbor changed. Make use
of this information and don't rebuild all the neighbors
all the time.
That means, we must also change our rate limiting. Instead of
rate limiting the processing of all neighbors, we process neighbors
right away but limit the notification that gobject property changed.
When we receive an update for a certain neighbor, the update
might be invalid and we want to reject it. However, we still
must create an invalid object to compare whether the update
causes a remove of a previously valid neighbor.
Let lldp_neighbor_new() create an instance as long as the
id fields are present.
Instead of replacing the whole hash with a new one (and all new by a new one,
LldpNeighbor instances), update the existing hash.
One point of this is that our process-all function requires less
comparisons and avoids duplicate work right earlier. E.g. if a neighbor
didn't change, we don't have to put it into a hash to compare later for
equality.
But more importantly, we preserve our LldpNeighbor instance instead
of recreating them all the time. Later, the LldpNeighbor will cache
the GVariant.
lldp_start_timer() was only called during sd_lldp_get_neighbors().
Ensure that the timer is (re-)started when a new neighbor appears.
Otherwise, the timer is not started when relying on the events alone.
https://github.com/systemd/systemd/pull/2826
For some properties as *subject-match and *domain-suffix-match an
empty string means that we don't want to do any filtering and should
be stored as NULL.
The new domain-suffix-match and phase2-domain-suffix-match properties
can be used to match against a given server domain suffix in the
dNSName elements or in the SubjectName CN of the server certificate.
Also, add a comment to the old subject-match properties documentation
to suggest that they are deprecated and should not be used anymore.
Otherwise the connection wouldn't verify:
<error> [1458066126.2270] device (eth10): Generated connection does not verify:
connection.type: property type should be set to '802-3-ethernet'
<debug> [1458066126.2271] manager: (eth10): can't assume; no connection
(cherry picked from commit 4b71939e9ac3df93bfe72af0eac42b4ebaf94e15)
nm_connection_replace_settings_from_connection() can safely be used
to copy an invalid connection. The return value only says, whether
the connection is valid after the fact.
We used to pad the lifetime since the beginning (commit
f121995fad).
However, there is not race involved, since our platform cache
is in sync with the messages from kernel (which didn't used to
be the case).
Also, when receiving a RA with a zero preferred time, we must
not extend the address lifetime by 5 seconds, but instead deprecate
the address immediately.
https://bugzilla.gnome.org/show_bug.cgi?id=763513
The prune list is for elements that must be deleted from the list of
available connections. So, when processing all the existing
connections an element must be deleted from the prune list iff it's
available.
Fixes: 8b2abe0e2chttps://bugzilla.redhat.com/show_bug.cgi?id=1316488
Previously, the push/pop API to switch between namespaces would always
switch both the net and mount namespace together.
There are situations, where we want to only switch one namespace.
For example, the function nmp_netns_bind_to_path() introduced next
only wants to switch the net namespace to get /proc/self/ns/net,
but must not switch the mount namespace as it bind-mounds in the
namespace of the caller.
Make the test helper independent from the platform singleton instance.
That way, we can also use them for other platform instances (e.g. in a
different namespace).
