1. 16 Jul, 2019 1 commit
    • Thomas Haller's avatar
      settings: rework tracking settings connections and settings plugins · d35d3c46
      Thomas Haller authored
      Completely rework how settings plugin handle connections and how
      NMSettings tracks the list of connections.
      
      Previously, settings plugins would return objects of (a subtype of) type
      NMSettingsConnection. The NMSettingsConnection was tightly coupled with
      the settings plugin. That has a lot of downsides.
      
      Change that. When changing this basic relation how settings connections
      are tracked, everything falls appart. That's why this is a huge change.
      Also, since I have to largely rewrite the settings plugins, I also
      added support for multiple keyfile directories, handle in-memory
      connections only by keyfile plugin and (partly) use copy-on-write NMConnection
      instances. I don't want to spend effort rewriting large parts while
      preserving the old way, that anyway should change. E.g. while rewriting ifcfg-rh,
      I don't want to let it handle in-memory connections because that's not right
      long-term.
      
      --
      
      If the settings plugins themself create subtypes of NMSettingsConnection
      instances, then a lot of knowledge about tracking connections moves
      to the plugins.
      Just try to follow the code what happend during nm_settings_add_connection().
      Note how the logic is spread out:
       - nm_settings_add_connection() calls plugin's add_connection()
       - add_connection() creates a NMSettingsConnection subtype
       - the plugin has to know that it's called during add-connection and
         not emit NM_SETTINGS_PLUGIN_CONNECTION_ADDED signal
       - NMSettings calls claim_connection() which hocks up the new
         NMSettingsConnection instance and configures the instance
         (like calling nm_settings_connection_added()).
      This summary does not sound like a lot, but try to follow that code. The logic
      is all over the place.
      
      Instead, settings plugins should have a very simple API for adding, modifying,
      deleting, loading and reloading connections. All the plugin does is to return a
      NMSettingsStorage handle. The storage instance is a handle to identify a profile
      in storage (e.g. a particular file). The settings plugin is free to subtype
      NMSettingsStorage, but it's not necessary.
      There are no more events raised, and the settings plugin implements the small
      API in a straightforward manner.
      NMSettings now drives all of this. Even NMSettingsConnection has now
      very little concern about how it's tracked and delegates only to NMSettings.
      
      This should make settings plugins simpler. Currently settings plugins
      are so cumbersome to implement, that we avoid having them. It should not be
      like that and it should be easy, beneficial and lightweight to create a new
      settings plugin.
      
      Note also how the settings plugins no longer care about duplicate UUIDs.
      Duplicated UUIDs are a fact of life and NMSettings must handle them. No
      need to overly concern settings plugins with that.
      
      --
      
      NMSettingsConnection is exposed directly on D-Bus (being a subtype of
      NMDBusObject) but it was also a GObject type provided by the settings
      plugin. Hence, it was not possible to migrate a profile from one plugin to
      another.
      However that would be useful when one profile does not support a
      connection type (like ifcfg-rh not supporting VPN). Currently such
      migration is not implemented except for migrating them to/from keyfile's
      run directory. The problem is that migrating profiles in general is
      complicated but in some cases it is important to do.
      
      For example checkpoint rollback should recreate the profile in the right
      settings plugin, not just add it to persistent storage. This is not yet
      properly implemented.
      
      --
      
      Previously, both keyfile and ifcfg-rh plugin implemented in-memory (unsaved)
      profiles, while ifupdown plugin cannot handle them. That meant duplication of code
      and a ifupdown profile could not be modified or made unsaved.
      This is now unified and only keyfile plugin handles in-memory profiles (bgo #744711).
      Also, NMSettings is aware of such profiles and treats them specially.
      In particular, NMSettings drives the migration between persistent and non-persistent
      storage.
      
      Note that a settings plugins may create truly generated, in-memory profiles.
      The settings plugin is free to generate and persist the profiles in any way it
      wishes. But the concept of "unsaved" profiles is now something explicitly handled
      by keyfile plugin. Also, these "unsaved" keyfile profiles are persisted to file system
      too, to the /run directory. This is great for two reasons: first of all, all
      profiles from keyfile storage in fact have a backing file -- even the
      unsaved ones. It also means you can create "unsaved" profiles in /run
      and load them with `nmcli connection load`, meaning there is a file
      based API for creating unsaved profiles.
      The other advantage is that these profiles now survive restarting
      NetworkManager. It's paramount that restarting the daemon is as
      non-disruptive as possible. Persisting unsaved files to /run improves
      here significantly.
      
      --
      
      In the past, NMSettingsConnection also implemented NMConnection interface.
      That was already changed a while ago and instead users call now
      nm_settings_connection_get_connection() to delegate to a
      NMSimpleConnection. What however still happened was that the NMConnection
      instance gets never swapped but instead the instance was modified with
      nm_connection_replace_settings_from_connection(), clear-secrets, etc.
      Change that and treat the NMConnection instance immutable. Instead of modifying
      it, reference/clone a new instance. This changes that previously when somebody
      wanted to keep a reference to an NMConnection, then the profile would be cloned.
      Now, it is supposed to be safe to reference the instance directly and everybody
      must ensure not to modify the instance. nmtst_connection_assert_unchanging()
      should help with that.
      The point is that the settings plugins may keep references to the
      NMConnection instance, and so does the NMSettingsConnection. We want
      to avoid cloning the instances as long as they are the same.
      Likewise, the device's applied connection can now also be referenced
      instead of cloning it. This is not yet done, and possibly there are
      further improvements possible.
      
      --
      
      Also implement multiple keyfile directores /usr/lib, /etc, /run (rh #1674545,
      bgo #772414).
      
      It was always the case that multiple files could provide the same UUID
      (both in case of keyfile and ifcfg-rh). For keyfile plugin, if a profile in
      read-only storage in /usr/lib gets modified, then it gets actually stored in
      /etc (or /run, if the profile is unsaved).
      
      --
      
      While at it, make /etc/network/interfaces profiles for ifupdown plugin reloadable.
      
      --
      
      https://bugzilla.gnome.org/show_bug.cgi?id=772414
      https://bugzilla.gnome.org/show_bug.cgi?id=744711
      https://bugzilla.redhat.com/show_bug.cgi?id=1674545
      d35d3c46
  2. 05 Jul, 2019 2 commits
    • Francesco Giudici's avatar
    • Tom Gundersen's avatar
      dhcp: add nettools dhcp4 client · 6adade6f
      Tom Gundersen authored
      This is inspired by the existing systemd integration, with a few differences:
      
      * This parses the WPAD option, which systemd requested, but did not use.
      * We hook into the DAD handling, only making use of the configured address
        once DAD has completed successfully, and declining the lease if it fails.
      
      There are still many areas of possible improvement. In particular, we need
      to ensure the parsing of all options are compliant, as n-dhcp4 treats all
      options as opaque, unlike sd-dhcp4. We probably also need to look at how
      to handle failures and retries (in particular if we decline a lease).
      
      We need to query the current MTU at client startu, as well as the hardware
      broadcast address. Both these are provided by the kernel over netlink, so
      it should simply be a matter of hooking that up with NM's netlink layer.
      
      Contribution under LGPL2.0+, in addition to stated licenses.
      6adade6f
  3. 14 May, 2019 1 commit
  4. 18 Apr, 2019 2 commits
  5. 14 Apr, 2019 4 commits
    • Thomas Haller's avatar
      Squashed 'shared/n-acd/' changes from 9eb7bf7173..5470816839 · 90a0edce
      Thomas Haller authored
      5470816839 test: increase timeout on test-veth
      d44dfa1ba7 build: update c-stdaux
      26b10b6514 build: pull in submodule updates
      7817fc0a95 n-acd: switch to c-stdaux
      5033b2ecdd n-acd: include dependency headers
      aaf2a66788 build: update README
      b9448eff98 build: pull in c-stdaux
      8ac364e9a3 test: raise MEMLOCK if possible
      3cd197162e ci: drop root
      0289a33412 test: allow running without root
      67a343fe87 build: update email address
      3c364ba95f build: bump version
      d0f7d71fa1 build: document build configuration options
      014b00cd27 build: fill in NEWS
      180990288a n-acd: document API
      79904585df build: update submodules
      8185e6ed89 build: reduce boilerplate
      
      git-subtree-dir: shared/n-acd
      git-subtree-split: 54708168399f1662c652b5931608e5077ef462f6
      90a0edce
    • Thomas Haller's avatar
      Squashed 'shared/c-siphash/' changes from 211cfc5abc..7c42c59258 · 085b4e03
      Thomas Haller authored
      7c42c59258 build: use c-stdaux
      d81d68ff83 build: sync with c-util
      e858efbc45 build: pull in c-stdaux
      
      git-subtree-dir: shared/c-siphash
      git-subtree-split: 7c42c592581906fef19458372b8db2b643278211
      085b4e03
    • Thomas Haller's avatar
      Squashed 'shared/c-rbtree/' changes from bf627e0c32..b46392d25d · 7d5c09c3
      Thomas Haller authored
      b46392d25d build: use c-stdaux
      61f21750be build: pull in c-stdaux
      31fcf75afe build: sync with c-util
      fec7b8f2da ci: add run with -DNDEBUG
      
      git-subtree-dir: shared/c-rbtree
      git-subtree-split: b46392d25de7a7bab67d48ef18bf8350b429cff5
      7d5c09c3
    • Thomas Haller's avatar
      Squashed 'shared/c-stdaux/' content from commit 11930d2592 · 21141429
      Thomas Haller authored
      git-subtree-dir: shared/c-stdaux
      git-subtree-split: 11930d259212605a15430523472ef54e0c7654ee
      21141429
  6. 13 Mar, 2019 1 commit
    • Thomas Haller's avatar
      platform: add NMPRulesManager for syncing routing rules · b8398b9e
      Thomas Haller authored
      Routing rules are unlike addresses or routes not tied to an interface.
      NetworkManager thinks in terms of connection profiles. That works well
      for addresses and routes, as one profile configures addresses and routes
      for one device. For example, when activating a profile on a device, the
      configuration does not interfere with the addresses/routes of other
      devices. That is not the case for routing rules, which are global, netns-wide
      entities.
      
      When one connection profile specifies rules, then this per-device configuration
      must be merged with the global configuration. And when a device disconnects later,
      the rules must be removed.
      
      Add a new NMPRulesManager API to track/untrack routing rules. Devices can
      register/add there the routing rules they require. And the sync method will
      apply the configuration. This is be implemented on top of NMPlatform's
      caching API.
      b8398b9e
  7. 06 Feb, 2019 2 commits
  8. 05 Feb, 2019 1 commit
    • Thomas Haller's avatar
      build/meson: add intermediate shared/nm-utils base library · c67ebc8a
      Thomas Haller authored
      Like also done for autotools, create and use intermediate libraries
      from "shared/nm-utils/".
      
      Also, replace "shared_dep" by "shared_nm_utils_base_dep". We don't
      need super fine-grained selection of what we link. We can always
      link in "shared/libnm-utils-base.a", and let the linker throw away
      unsed parts.
      c67ebc8a
  9. 02 Jan, 2019 1 commit
    • Thomas Haller's avatar
      systemd: move basic systemd library to shared/nm-utils · 2c537b9d
      Thomas Haller authored
      For better or worse, we already pull in large parts of systemd sources.
      
      I need a base64 decode implementation (because glib's g_base64_decode()
      cannot reject invalid encodings). Instead of coming up with my own or
      copy-paste if from somewhere, reuse systemd's unbase64mem().
      
      But for that, make systemd's basic bits an independent static library
      first because I will need it in libnm-core.
      
      This doesn't really change anything except making "libnm-systemd-core.la"
      an indpendent static library that could be used from "libnm-core". We
      shall still be mindful about which internal code of systemd we use, and only
      access functionality that is exposed via "systemd/nm-sd-utils-shared.h".
      2c537b9d
  10. 20 Dec, 2018 1 commit
  11. 01 Dec, 2018 1 commit
  12. 17 Nov, 2018 1 commit
    • Benjamin Berg's avatar
      core: Introduce helper class to track connection keep alive · 37e8c53e
      Benjamin Berg authored
      For P2P connections it makes sense to bind the connection to the status
      of the operation that is being done. One example is that a wifi display
      (miracast) P2P connection should be shut down when streaming fails for
      some reason.
      
      This new helper class allows binding a connection to the presence of a
      DBus path meaning that it will be torn down if the process disappears.
      37e8c53e
  13. 22 Oct, 2018 1 commit
  14. 18 Oct, 2018 1 commit
  15. 19 Sep, 2018 2 commits
    • Beniamino Galvani's avatar
      initrd: enable meson builds · 470c5c0a
      Beniamino Galvani authored
      470c5c0a
    • Beniamino Galvani's avatar
      build: meson: fix computing NM exported symbols · 19a718bc
      Beniamino Galvani authored
      The script didn't include all the symbols needed by plugins because
      libNetworkManager.a, as built by meson, doesn't include symbols from
      other static libraries that are linked in. Since we used
      libNetworkManager.a to know which symbols are potentiall available
      from NM, the result was an incomplete list.
      
      Unfortunately, the only way to include the whole static library is to
      create a dependency object and use 'link_whole', but this is only
      available in meson >= 0.46. Since 'link_whole' is available for
      executables in meson >= 0.40, create a fake executable and use that to
      enumerate symbols.
      
      Also add tests to check that plugins can be loaded correctly.
      
      Fixes: dfa2a2b4
      19a718bc
  16. 18 Sep, 2018 2 commits
    • Beniamino Galvani's avatar
      Squashed 'shared/n-acd/' changes from a68b55992..a40949267 · 1361ede0
      Beniamino Galvani authored
      a40949267 build: add CI run without ebpf
      044db2056 n-acd: drop redundant headers
      6a391cd83 n-acd: fix build without eBPF
      bb194cf09 n-acd/config: make transport mandatory
      ec2865743 build: drop unused c-sundry
      721d9d84f n-acd: inline c_container_of()
      1a7ee317c util/timer: fix coding-style
      6c96f926b util/timer: fall back to CLOCK_MONOTONIC if necessary
      4ea3165fc n-acd: only use CLOCK_BOOTTIME if really necessary
      c1b853c6c util/timer: cleanup headers
      b1d6ad272 n-acd: add destructors that return void
      185be55b6 test-bpf: skip test in case of unsufficient privs
      84a40e8fa build: add NEWS file
      bf11443ff build: mention mailinglist in readme
      e2797984a test-bpf: drop bpf-filter.h
      668ed3c82 subprojects: pull in updates
      dd8cab3f0 test-veth: reduce parallel execution to 9
      68b09ba2b build: update AUTHORS
      3f77e3e88 test: make function headers valid C
      5275a5120 test: get rid of spurious tab
      037df412c n-acd: make struct initializers valid C
      346ec0c67 build: upgrade CI
      38682a36d n-acd: fix signed vs unsigned comparison
      5e7578b33 bpf: properly zero out trailing bpf_attr space
      ee1e432ae probe: fix coding-style
      a143540f9 build: use lower-case build options
      835533e7d build: minor style fixes
      2bd6d1d29 build: get rid of tabs
      b14979934 eBPF: make compile-time optional
      6f13c27ee n-acd: filter out invalid packets
      4e6a169a0 build: sync with c-util repositories
      6c4a9117b build: document eBPF kernel requirement
      3ef08394d n-acd: don't remember dropped defense attempts
      4dff8771f n-acd: fix coding-style
      b11fb9706 n-acd/config: default to the RFC-specified timeout
      d885bb3b7 n-acd/event: don't expose the type of operation that caused a conflict
      e2f87e047 TODO: drop remaining items
      f06993856 test/veth: reduce the number of probed addresses
      8b4f7ed64 test/veth: bump the timeout a bit
      14e4606f6 n-acd/probe: don't cap the jitter at 4s
      a0247b86f test/veth: fix stackvariable corruption
      a64ac8389 n-acd/probe: update comments
      aa9c25bc1 n-acd/handle_timeout: update comments
      b6c2df3a9 timer: rename timer_pop() to timer_pop_timeout()
      47c657a8d test: fix handling of child addresses
      27168ba9e timer: move timer_read() from n-acd.c to util/timer.c
      21a1e37aa timer: require timer to be explicitly rearmed
      ee1080820 bpf/map: make key/value sizes self-documenting
      fd444353e test/veth: rework test
      ba2bc433c test: rework child_ip() helper
      07881b8da test: silence a warning
      38da00b0a test/bpf: make tests for map modifications more comprehensive
      6a2ffd23a test/timerfd: for documentation purposes verify the kernel API
      01a9cf54b probe: move from ms to ns internally
      4fe438dd9 n-acd: move to use the Timer utility library
      e098cfc79 util: add a timer utility helper
      8ea196e5b subprojects: pull in c-sundry
      0c0b3c29f acd/probe: do not subscribe to packets in FAILED state
      9c922ea3d acd/probe: introduce probe_{un,}link() helpers
      024a830e6 acd/probe: use unschedule() helper in free()
      b098a3bcc tests/veth: minor fixes to the test
      fe3d9578a acd/packet: consider unexpected packets a fatal error
      34d7656d7 acd: stop state-machine after USED or CONFLICT events
      7d9e5ec6b acd: don't declare iovec entries inline
      7afd8d8a3 tests: add veth test
      26a737b42 tests/veth: add helper for adding IP addresses to child device
      e73a37a11 probe: store a userdata pointer in the probe object
      327e82625 test: introduce loopback helper
      0682b15f8 acd: reduce default map size
      afead881f tests: reinstate loopback test
      4527d2f71 BPF: move and document the eBPF helpers
      88bacc022 socket filter: move to the new eBPF helpers
      245104d5c tests: skip tests if lacking permissions
      195d9ff5a n-acd: rework API to support many probes on a context
      ab440eb99 eBPF: never return packets that userspace should unconditionally drop
      ac933f412 eBPF: add eBPF helper functions
      
      git-subtree-dir: shared/n-acd
      git-subtree-split: a40949267923c45cb232fa4c1d60eafacee4b36e
      1361ede0
    • Beniamino Galvani's avatar
      Squashed 'shared/c-rbtree/' content from commit bf627e0c3 · 4f4e9665
      Beniamino Galvani authored
      git-subtree-dir: shared/c-rbtree
      git-subtree-split: bf627e0c32241915108f66ad9738444e4d045b45
      4f4e9665
  17. 13 Sep, 2018 2 commits
  18. 27 Aug, 2018 1 commit
    • Thomas Haller's avatar
      build: cleanup build defines for session-tracking · 1a9bc224
      Thomas Haller authored
      - always define the SESSION_TRACKING_* defines to replace
        "#ifdef" with "#if".
      
      - drop defining the consolekit database path CKDB_PATH in
        config.h. The path was not customizable via configure/meson.
      
      - fix meson build to enable consolekit support for session tracking
        without also enabling logind/elogind session tracking.
        logind/elogind is mutually exclusive, but consolekit session tracking
        goes together just fine.
      1a9bc224
  19. 06 Aug, 2018 1 commit
  20. 17 Jul, 2018 1 commit
    • Thomas Haller's avatar
      build: create "config-extra.h" header instead of passing directory variables via CFLAGS · a75ab799
      Thomas Haller authored
      1) the command line gets shorter. I frequently run `make V=1` to see
         the command line arguments for the compiler, and there is a lot
         of noise.
      
      2) define each of these variables at one place. This makes it easy
         to verify that for all compilation units, a particular
         define has the same value. Previously that was not obvious or
         even not the case (see commit e5d1a713
         and commit d63cf1ef).
         The point is to avoid redundancy.
      
      3) not all compilation units need all defines. In fact, most modules
         would only need a few of these defines. We aimed to pass the necessary
         minium of defines to each compilation unit, but that was non-obvious
         to get right and often we set a define that wasn't used. See for example
         "src_settings_plugins_ibft_cppflags" which needlessly had "-DSYSCONFDIR".
         This question is now entirely avoided by just defining all variables in
         a header. We don't care to find the minimum, because every component
         gets anyway all defines from the header.
      
      4) this also avoids the situation, where a module that previously did
         not use a particular define gets modified to require it. Previously,
         that would have required to identify the missing define, and add
         it to the CFLAGS of the complation unit. Since every compilation
         now includes "config-extra.h", all defines are available everywhere.
      
      5) the fact that each define is now available in all compilation units
         could be perceived as a downside. But it isn't, because these defines
         should have a unique name and one specific value. Defining the same
         name with different values, or refer to the same value by different
         names is a bug, not a desirable feature. Since these defines should
         be unique accross the entire tree, there is no problem in providing
         them to every compilation unit.
      
      6) the reason why we generate "config-extra.h" this way, instead of using
         AC_DEFINE() in configure.ac, is due to the particular handling of
         autoconf for directory variables. See [1].
         With meson, it would be trivial to put them into "config.h.meson".
         While that is not easy with autoconf, the "config-extra.h" workaround
         seems still preferable to me.
      
      [1] https://www.gnu.org/software/autoconf/manual/autoconf-2.63/html_node/Installation-Directory-Variables.html
      a75ab799
  21. 26 Jun, 2018 4 commits
  22. 09 May, 2018 1 commit
  23. 18 Apr, 2018 5 commits
  24. 19 Mar, 2018 1 commit
    • Thomas Haller's avatar
      connectivity: always build nm-connectivity.c source · c1054ec8
      Thomas Haller authored
      We already do conditional build with "#if WITH_CONCHECK".
      Get rid of the conditional in the makefile and instead do
      conditional compilating inside the source file "nm-connectivity.c".
      
      The advantage is, now if you want to know which parts are build,
      you only need to grep for the WITH_CONCHECK preprocessor define
      instead of also caring about the conditional in Makefile.am and
      meson.build.
      
      It doesn't change the fact of conditional compilation. But it
      consistently uses one mechanism to achieve it.
      c1054ec8