delta/NetworkManager.git/src/platform/nmp-rules-manager.c, branch th/fix-python-test gitlab.freedesktop.org: NetworkManager/NetworkManager.git all: SPDX header conversion 2019-09-10T09:19:56+00:00 Lubomir Rintel lkundrak@v3.sk 2019-09-10T09:19:01+00:00 24028a22467275671df71cc6a8054036b37d8f03 $ find * -type f |xargs perl contrib/scripts/spdx.pl $ git rm contrib/scripts/spdx.pl 
  $ find * -type f |xargs perl contrib/scripts/spdx.pl
  $ git rm contrib/scripts/spdx.pl
all: codespell fixes 2019-07-24T09:30:19+00:00 Lubomir Rintel lkundrak@v3.sk 2019-03-11T11:00:32+00:00 3c6644db32969daedb6d7a582d4b3177dea36137 Codespel run with the same arguments as described in commit 58510ed56679 ('docs: misc. typos pt2'). 
Codespel run with the same arguments as described in
commit 58510ed56679 ('docs: misc. typos pt2').
policy-routing: take ownership of externally configured rules 2019-07-16T08:16:07+00:00 Thomas Haller thaller@redhat.com 2019-07-12T09:19:43+00:00 15b1304477ed64a10f2be01760d6837ffaaba002 IP addresses, routes, TC and QDiscs are all tied to a certain interface. So when NetworkManager manages an interface, it can be confident that all related entires should be managed, deleted and modified by NetworkManager. Routing policy rules are global. For that we have NMPRulesManager which keeps track of whether NetworkManager owns a rule. This allows multiple connection profiles to specify the same rule, and NMPRulesManager can consolidate this information to know whether to add or remove the rule. NMPRulesManager would also support to explicitly block a rule by tracking it with negative priority. However that is still unused at the moment. All that devices do is to add rules (track with positive priority) and remove them (untrack) once the profile gets deactivated. As rules are not exclusively owned by NetworkManager, NetworkManager tries not to interfere with rules that it knows nothing about. That means in particular, when NetworkManager starts it will "weakly track" all rules that are present. "weakly track" is mostly interesting for two cases: - when NMPRulesManager had the same rule explicitly tracked (added) by a device, then deactivating the device will leave the rule in place. - when NMPRulesManager had the same rule explicitly blocked (tracked with negative priority), then it would restore the rule when that block gets removed (as said, currently nobody actually does this). Note that when restarting NetworkManager, then the device may stay and the rules kept. However after restart, NetworkManager no longer knows that it previously added this route, so it would weakly track it and never remove them again. That is a problem. Avoid that, by whenever explicitly tracking a rule we also make sure to no longer weakly track it. Most likely this rule was indeed previously managed by NetworkManager. If this was really a rule added by externally, then the user really should choose distinct rule priorities to avoid such conflicts altogether. 
IP addresses, routes, TC and QDiscs are all tied to a certain interface.
So when NetworkManager manages an interface, it can be confident that
all related entires should be managed, deleted and modified by NetworkManager.

Routing policy rules are global. For that we have NMPRulesManager which
keeps track of whether NetworkManager owns a rule. This allows multiple
connection profiles to specify the same rule, and NMPRulesManager can
consolidate this information to know whether to add or remove the rule.

NMPRulesManager would also support to explicitly block a rule by
tracking it with negative priority. However that is still unused at
the moment. All that devices do is to add rules (track with positive
priority) and remove them (untrack) once the profile gets deactivated.

As rules are not exclusively owned by NetworkManager, NetworkManager
tries not to interfere with rules that it knows nothing about. That
means in particular, when NetworkManager starts it will "weakly track"
all rules that are present. "weakly track" is mostly interesting for two
cases:

  - when NMPRulesManager had the same rule explicitly tracked (added) by a
    device, then deactivating the device will leave the rule in place.

  - when NMPRulesManager had the same rule explicitly blocked (tracked
    with negative priority), then it would restore the rule when that
    block gets removed (as said, currently nobody actually does this).

Note that when restarting NetworkManager, then the device may stay and
the rules kept. However after restart, NetworkManager no longer knows
that it previously added this route, so it would weakly track it and
never remove them again.

That is a problem. Avoid that, by whenever explicitly tracking a rule we
also make sure to no longer weakly track it. Most likely this rule was
indeed previously managed by NetworkManager. If this was really a rule
added by externally, then the user really should choose distinct
rule priorities to avoid such conflicts altogether.
shared: split C-only helper "shared/nm-std-aux" utils out of "shared/nm-utils" 2019-04-18T17:17:23+00:00 Thomas Haller thaller@redhat.com 2019-04-14T11:36:32+00:00 0a6f21fb8d0f5450c6bc2f55188b5b1db92e0d1c "shared/nm-utils" contains general purpose utility functions that only depend on glib (and extend glib with some helper functions). We will also add code that does not use glib, hence it would be good if the part of "shared/nm-utils" that does not depend on glib, could be used by these future projects. Also, we use the term "utils" everywhere. While that covers the purpose and content well, having everything called "nm-something-utils" is not great. Instead, call this "nm-std-aux", inspired by "c-util/c-stdaux". (cherry picked from commit b434b9ec0794fc62a2469445d17debf645ba24cc) 
"shared/nm-utils" contains general purpose utility functions that only
depend on glib (and extend glib with some helper functions).

We will also add code that does not use glib, hence it would be good
if the part of "shared/nm-utils" that does not depend on glib, could be
used by these future projects.

Also, we use the term "utils" everywhere. While that covers the purpose
and content well, having everything called "nm-something-utils" is not
great. Instead, call this "nm-std-aux", inspired by "c-util/c-stdaux".

(cherry picked from commit b434b9ec0794fc62a2469445d17debf645ba24cc)
platform: support weakly tracked routing rules in NMPRulesManager 2019-04-13T16:22:58+00:00 Thomas Haller thaller@redhat.com 2019-04-10T11:47:52+00:00 f41b4cacd4572f1c46a56d550650b0d407e87fe9 Policy routing rules are global, and unlike routes not tied to an interface by ifindex. That means, while we take full control over all routes of an interface during a sync, we need to consider that multiple parties can contribute to the global set of rules. That might be muliple connection profiles providing the same rule, or rules that are added externally by the user. NMPRulesManager mediates for that. This is done by NMPRulesManager "tracking" rules. Rules that are not tracked by NMPRulesManager are completely ignored (and considered externally added). When tracking a rule, the caller provides a track-priority. If multiple parties track a rule, then the highest (absolute value of the) priority wins. If the highest track-priority is positive, NMPRulesManager will add the rule if it's not present. When the highest track-priority is negative, then NMPRulesManager will remove the rule if it's present (enforce its absence). The complicated part is, when a rule that was previously tracked becomes no longer tracked. In that case, we need to restore the previous state. If NetworkManager added the rule earlier, then untracking the rule NMPRulesManager will remove the rule again (restore its previous absent state). By default, if NetworkManager had a negative tracking-priority and removed the rule earlier (enforced it to be absent), then when the rule becomes no longer tracked, NetworkManager will not restore the rule. Consider: the user adds a rule externally, and then activates a profile that enforces the absence of the rule (causing NetworkManager to remove it). When deactivating the profile, by default NetworkManager will not restore such a rule! It's unclear whether that is a good idea, but it's also unclear why the rule is there and whether NetworkManager should really restore it. Add weakly tracked rules to account for that. A tracking-priority of zero indicates such weakly tracked rules. The only difference between an untracked rule and a weakly tracked rule is, that when NetworkManager earlier removed the rule (due to a negative tracking-priority), it *will* restore weakly tracked rules when the rules becomes no longer (negatively) tracked. And it attmpts to do that only once. Likewise, if the rule is weakly tracked and already exists when NMPRulesManager starts posively tracking the rule, then it would not remove again, when no longer positively tracking it. 
Policy routing rules are global, and unlike routes not tied to an interface by ifindex.
That means, while we take full control over all routes of an interface during a sync,
we need to consider that multiple parties can contribute to the global set of rules.
That might be muliple connection profiles providing the same rule, or rules that are added
externally by the user. NMPRulesManager mediates for that.

This is done by NMPRulesManager "tracking" rules.

Rules that are not tracked by NMPRulesManager are completely ignored (and
considered externally added).

When tracking a rule, the caller provides a track-priority. If multiple
parties track a rule, then the highest (absolute value of the) priority
wins.

If the highest track-priority is positive, NMPRulesManager will add the rule if
it's not present.

When the highest track-priority is negative, then NMPRulesManager will remove the
rule if it's present (enforce its absence).

The complicated part is, when a rule that was previously tracked becomes no
longer tracked. In that case, we need to restore the previous state.

If NetworkManager added the rule earlier, then untracking the rule
NMPRulesManager will remove the rule again (restore its previous absent
state).

By default, if NetworkManager had a negative tracking-priority and removed the
rule earlier (enforced it to be absent), then when the rule becomes no
longer tracked, NetworkManager will not restore the rule.
Consider: the user adds a rule externally, and then activates a profile that
enforces the absence of the rule (causing NetworkManager to remove it).
When deactivating the profile, by default NetworkManager will not
restore such a rule! It's unclear whether that is a good idea, but it's
also unclear why the rule is there and whether NetworkManager should
really restore it.

Add weakly tracked rules to account for that. A tracking-priority of
zero indicates such weakly tracked rules. The only difference between an untracked
rule and a weakly tracked rule is, that when NetworkManager earlier removed the
rule (due to a negative tracking-priority), it *will* restore weakly
tracked rules when the rules becomes no longer (negatively) tracked.
And it attmpts to do that only once.

Likewise, if the rule is weakly tracked and already exists when
NMPRulesManager starts posively tracking the rule, then it would not
remove again, when no longer positively tracking it.
platform: add nmp_rules_manager_track_from_platform() 2019-04-13T16:17:16+00:00 Thomas Haller thaller@redhat.com 2019-04-10T11:08:23+00:00 e18c92ee28825f9d67f6c7a32592d2d12b8c106c Track all the rules that are currenlty in platform. 
Track all the rules that are currenlty in platform.
platform: minor fixes in NMPRuleManager (assert and types) 2019-04-13T16:17:16+00:00 Thomas Haller thaller@redhat.com 2019-04-10T11:25:10+00:00 dd9e646306b640bff3294dea3b56be1cc77a954e - fix the argument type to be "gint32" and not "int". - assert in nmp_rules_manager_track_default() for the input arguments. - use boolean bitfield in private data. 
- fix the argument type to be "gint32" and not "int".

- assert in nmp_rules_manager_track_default() for the input
  arguments.

- use boolean bitfield in private data.
platform/trivial: rename priority in NMPRuleManager to track_priority 2019-04-13T16:17:16+00:00 Thomas Haller thaller@redhat.com 2019-04-10T11:21:24+00:00 563894be8c5a3bee86708a1101cbe85f11e78a0d The name "priority" is overused. Also rules have a "priority", but that' something else. Rename the priority of how rules are tracked by NMPRuleManager to "track_priority". 
The name "priority" is overused. Also rules have a "priority", but that'
something else.

Rename the priority of how rules are tracked by NMPRuleManager to
"track_priority".
platform: drop track_default argument from nmp_rules_manager_new() 2019-04-13T16:17:16+00:00 Thomas Haller thaller@redhat.com 2019-04-10T10:52:56+00:00 f281c62e53b5aa9d753d8bb4e31b755e031cf9cb All that setting track-default does, is calling nmp_rules_manager_track_default() when the rules are first accessed. That is not right API. Since nmp_rules_manager_track_default() is already public API (good), every caller that wishes this behavior should track these routes explicitly. 
All that setting track-default does, is calling nmp_rules_manager_track_default()
when the rules are first accessed.

That is not right API. Since nmp_rules_manager_track_default() is already public
API (good), every caller that wishes this behavior should track these routes explicitly.
core: add handling of IP routing rules to NMDevice 2019-03-27T15:23:30+00:00 Thomas Haller thaller@redhat.com 2019-03-23T14:09:29+00:00 3f9347745b30e6182c3b3c768f78295d72c47a93