1. 18 Sep, 2018 20 commits
    • Lubomir Rintel's avatar
      dbus: don't even bother connecting in configure-and-quit mode · e03d9ad1
      Lubomir Rintel authored
      It makes no sense, results in unnecessary complexity both in code and in
      code comments.
    • Lubomir Rintel's avatar
      keyfile: write in-memory connections to /run · ce4dbd7d
      Lubomir Rintel authored
      This is useful for in-memory connections to persist NetworkManager
      restarts (as opposed to machine restarts).
      Perhaps most improtantly, this allows generating in-memory connections outside
      NetworkManager, e.g. passing configuration from early boot firmware in initrd.
      Note that this does *not* aspire to do more than it says on the tin:
      Notably, it doesn't touch the problem of provisioning connections in multiple
      persistent connection directories and thus doesn't have to deal with the
      problem of deleting or overlaying the connections tha (rh #772414) deals
    • Lubomir Rintel's avatar
      manager: don't save deactivating connections in the state file · e98ebc7e
      Lubomir Rintel authored
      Especially with configure-and-quit, it's easy to encounter a condition,
      where the device reached a failed state, policy decides to quit, but the
      active connection is not yet torn down from the device.
      Upon the next start NetworkManager would think the connection succeeded
    • Lubomir Rintel's avatar
      dns: don't let the plugins assert the bus manager has a connection · e1fc0052
      Lubomir Rintel authored
      Make them just ask for connections from GDBus, as other D-Bus clients
      do. GDBus anyway reuses the connection if it has one, but allows us to
      deal with errors in a more civilized manner.
    • Lubomir Rintel's avatar
      devices: make sure the generated connections are normalized · 89d1c9fb
      Lubomir Rintel authored
      Using these unormalized was wrong all along, but by chance didn't hit
      paths that needed normalized connections. This may change if we
      actually write in memory connections to /run with the keyfile plugin,
      because that one wants them normalized.
      This also saves some work, because normalization does boring things for
      us, such as adding default ipv4/ipv6/proxy settings everywhere.
    • Lubomir Rintel's avatar
      core/setting: don't assume we have a connection when synthesizing a property · c39b134d
      Lubomir Rintel authored
      nm_setting_to_string() operates on the setting alone, without a
      connection. Tolerate that.
      This fixed nm_connection_dump(vlan_connection).
    • Lubomir Rintel's avatar
      build: drop unused SBINDIR · acbeda57
      Lubomir Rintel authored
    • Lubomir Rintel's avatar
      config: change formatting for no reason · 639a45f6
      Lubomir Rintel authored
    • Lubomir Rintel's avatar
      device: don't leave dhclient running upon device removal · 47b877a7
      Lubomir Rintel authored
      Leaving processes behind is a no-no for early boot, but probably a wrong
      thing to do in any other cases either.
    • Lubomir Rintel's avatar
      dhcp: save root-path in the state file · 55d24ba9
      Lubomir Rintel authored
      On networked boot we need to somehow communicate this to the early boot
      machinery. Sadly, no DBus there and we're running in configure-and-quit
      Abusing the state file for this sounds almost reasonable and is
      reasonably straightforward thing to do.
    • Beniamino Galvani's avatar
    • Beniamino Galvani's avatar
      build: allow disabling eBPF support in n-acd · 691c71a7
      Beniamino Galvani authored
      Add a configure option to disable eBPF support in n-acd.
      Note that, even if eBPF is not supported, n-acd requires a kernel >
      3.19, which means that the setsockopt(..., SO_ATTACH_BPF) option must
      be defined. To allow building on older kernels without modifying the
      n-acd code, we inject the SO_ATTACH_BPF value as a preprocessor define
      in the compiler the command line.
    • Beniamino Galvani's avatar
      acd: adapt NM code and build options · d9a4b59c
      Beniamino Galvani authored
      Adapt the nm-acd-manager.c code to the new API and also tweak build
      options to the new project structure.
    • Beniamino Galvani's avatar
      build: compile the c-rbtree library · 88072c66
      Beniamino Galvani authored
    • Beniamino Galvani's avatar
      build: don't change CFLAGS from configure.ac · 51776b29
      Beniamino Galvani authored
      If configure.ac automatically adds compiler flags to CFLAGS, it
      becomes hard to override one of them for a specific target because
      CFLAGS is added last. It is better to use AM_CFLAGS. See [1].
      [1] https://www.gnu.org/software/automake/manual/html_node/Flag-Variables-Ordering.html
    • Beniamino Galvani's avatar
      Merge commit '1361ede0' into bg/n-acd-update · d0c32a15
      Beniamino Galvani authored
      git subtree pull --prefix shared/n-acd git@github.com:nettools/n-acd.git master --squash
    • Beniamino Galvani's avatar
      Squashed 'shared/n-acd/' changes from a68b55992..a40949267 · 1361ede0
      Beniamino Galvani authored
      a40949267 build: add CI run without ebpf
      044db2056 n-acd: drop redundant headers
      6a391cd83 n-acd: fix build without eBPF
      bb194cf09 n-acd/config: make transport mandatory
      ec2865743 build: drop unused c-sundry
      721d9d84f n-acd: inline c_container_of()
      1a7ee317c util/timer: fix coding-style
      6c96f926b util/timer: fall back to CLOCK_MONOTONIC if necessary
      4ea3165fc n-acd: only use CLOCK_BOOTTIME if really necessary
      c1b853c6c util/timer: cleanup headers
      b1d6ad272 n-acd: add destructors that return void
      185be55b6 test-bpf: skip test in case of unsufficient privs
      84a40e8fa build: add NEWS file
      bf11443ff build: mention mailinglist in readme
      e2797984a test-bpf: drop bpf-filter.h
      668ed3c82 subprojects: pull in updates
      dd8cab3f0 test-veth: reduce parallel execution to 9
      68b09ba2b build: update AUTHORS
      3f77e3e88 test: make function headers valid C
      5275a5120 test: get rid of spurious tab
      037df412c n-acd: make struct initializers valid C
      346ec0c67 build: upgrade CI
      38682a36d n-acd: fix signed vs unsigned comparison
      5e7578b33 bpf: properly zero out trailing bpf_attr space
      ee1e432ae probe: fix coding-style
      a143540f9 build: use lower-case build options
      835533e7d build: minor style fixes
      2bd6d1d29 build: get rid of tabs
      b14979934 eBPF: make compile-time optional
      6f13c27ee n-acd: filter out invalid packets
      4e6a169a0 build: sync with c-util repositories
      6c4a9117b build: document eBPF kernel requirement
      3ef08394d n-acd: don't remember dropped defense attempts
      4dff8771f n-acd: fix coding-style
      b11fb9706 n-acd/config: default to the RFC-specified timeout
      d885bb3b7 n-acd/event: don't expose the type of operation that caused a conflict
      e2f87e047 TODO: drop remaining items
      f06993856 test/veth: reduce the number of probed addresses
      8b4f7ed64 test/veth: bump the timeout a bit
      14e4606f6 n-acd/probe: don't cap the jitter at 4s
      a0247b86f test/veth: fix stackvariable corruption
      a64ac8389 n-acd/probe: update comments
      aa9c25bc1 n-acd/handle_timeout: update comments
      b6c2df3a9 timer: rename timer_pop() to timer_pop_timeout()
      47c657a8d test: fix handling of child addresses
      27168ba9e timer: move timer_read() from n-acd.c to util/timer.c
      21a1e37aa timer: require timer to be explicitly rearmed
      ee1080820 bpf/map: make key/value sizes self-documenting
      fd444353e test/veth: rework test
      ba2bc433c test: rework child_ip() helper
      07881b8da test: silence a warning
      38da00b0a test/bpf: make tests for map modifications more comprehensive
      6a2ffd23a test/timerfd: for documentation purposes verify the kernel API
      01a9cf54b probe: move from ms to ns internally
      4fe438dd9 n-acd: move to use the Timer utility library
      e098cfc79 util: add a timer utility helper
      8ea196e5b subprojects: pull in c-sundry
      0c0b3c29f acd/probe: do not subscribe to packets in FAILED state
      9c922ea3d acd/probe: introduce probe_{un,}link() helpers
      024a830e6 acd/probe: use unschedule() helper in free()
      b098a3bcc tests/veth: minor fixes to the test
      fe3d9578a acd/packet: consider unexpected packets a fatal error
      34d7656d7 acd: stop state-machine after USED or CONFLICT events
      7d9e5ec6b acd: don't declare iovec entries inline
      7afd8d8a3 tests: add veth test
      26a737b42 tests/veth: add helper for adding IP addresses to child device
      e73a37a11 probe: store a userdata pointer in the probe object
      327e82625 test: introduce loopback helper
      0682b15f8 acd: reduce default map size
      afead881f tests: reinstate loopback test
      4527d2f71 BPF: move and document the eBPF helpers
      88bacc022 socket filter: move to the new eBPF helpers
      245104d5c tests: skip tests if lacking permissions
      195d9ff5a n-acd: rework API to support many probes on a context
      ab440eb99 eBPF: never return packets that userspace should unconditionally drop
      ac933f412 eBPF: add eBPF helper functions
      git-subtree-dir: shared/n-acd
      git-subtree-split: a40949267923c45cb232fa4c1d60eafacee4b36e
    • Beniamino Galvani's avatar
      Merge commit '4f4e9665' as 'shared/c-rbtree' · ba4452fe
      Beniamino Galvani authored
      Imported c-rbtree code with command:
        git subtree add --prefix shared/c-rbtree git@github.com:c-util/c-rbtree.git bf627e0c32241915108f66ad9738444e4d045b45 --squash
      To update the library use:
        git subtree pull --prefix shared/c-rbtree git@github.com:c-util/c-rbtree.git master --squash
    • Beniamino Galvani's avatar
      Squashed 'shared/c-rbtree/' content from commit bf627e0c3 · 4f4e9665
      Beniamino Galvani authored
      git-subtree-dir: shared/c-rbtree
      git-subtree-split: bf627e0c32241915108f66ad9738444e4d045b45
    • Thomas Haller's avatar
      shared: relax assertion in nm_utils_parse_inaddr()/nm_utils_parse_inaddr_prefix() · 9ad60ad0
      Thomas Haller authored
      The assertion fails in nmtui's ip_route_transform_from_dest_string(),
      which does not initialize the address output argument to %NULL.
      There are three possibilities how the API could work:
       - assert/require the user to pass in arguments which pre-initialized
         to NULL or unset.
       - always set the output arguments, even if the function fails.
       - don't bother and leave output values untouched, if function fails.
      It's not clear which approach is the best. Not to bother possibliy
      leaves uninitialized values, which could be error prone. Still, do
      just that.
      Fixes: 0b3197a3
  2. 17 Sep, 2018 3 commits
    • Thomas Haller's avatar
      connectivity: fix crash when removing easy-handle from curl callback · fa40fc6d
      Thomas Haller authored
      libcurl does not allow removing easy-handles from within a curl
      That was already partly avoided for one handle alone. That is, when
      a handle completed inside a libcurl callback, it would only invoke the
      callback, but not yet delete it. However, that is not enough, because
      from within a callback another handle can be cancelled, leading to
      the removal of (the other) handle and a crash:
        ==24572==    at 0x40319AB: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
        ==24572==    by 0x52DDAE5: Curl_close (url.c:392)
        ==24572==    by 0x52EC02C: curl_easy_cleanup (easy.c:825)
        ==24572==    by 0x5FDCD2: cb_data_free (nm-connectivity.c:215)
        ==24572==    by 0x5FF6DE: nm_connectivity_check_cancel (nm-connectivity.c:585)
        ==24572==    by 0x55F7F9: concheck_handle_complete (nm-device.c:2601)
        ==24572==    by 0x574C12: concheck_cb (nm-device.c:2725)
        ==24572==    by 0x5FD887: cb_data_invoke_callback (nm-connectivity.c:167)
        ==24572==    by 0x5FD959: easy_header_cb (nm-connectivity.c:435)
        ==24572==    by 0x52D73CB: chop_write (sendf.c:612)
        ==24572==    by 0x52D73CB: Curl_client_write (sendf.c:668)
        ==24572==    by 0x52D54ED: Curl_http_readwrite_headers (http.c:3904)
        ==24572==    by 0x52E9EA7: readwrite_data (transfer.c:548)
        ==24572==    by 0x52E9EA7: Curl_readwrite (transfer.c:1161)
        ==24572==    by 0x52F4193: multi_runsingle (multi.c:1915)
        ==24572==    by 0x52F5531: multi_socket (multi.c:2607)
        ==24572==    by 0x52F5804: curl_multi_socket_action (multi.c:2771)
      Fix that, by never invoking any callbacks when we are inside a libcurl
      callback. Instead, the handle is marked for completion and queued. Later,
      we complete all queue handles separately.
      While at it, drop the @Error argument from NMConnectivityCheckCallback.
      It was only used to signal cancellation. Let's instead signal that via
      Fixes: d8a31794
    • Thomas Haller's avatar
      shared: let nm_utils_parse_inaddr_bin() return the detected address family · 0b3197a3
      Thomas Haller authored
      As we accept addr_family %AF_UNSPEC to detect the address family,
      we also need to return it. Just returning the binary address without
      the address family makes no sense.
    • luz.paz's avatar
      docs: misc. typos pt2 · 58510ed5
      luz.paz authored
      Remainder of typos found using `codespell -q 3 --skip="./shared,./src/systemd,*.po" -I ../NetworkManager-word-whitelist.txt` whereby whitelist consists of:
  3. 15 Sep, 2018 1 commit
  4. 14 Sep, 2018 16 commits