libnm-core: allow speed and duplex values when auto-negotiate=yesfg/auto_neg_specmodes-rh1487477

When link auto-negotiation is enabled, by default the network device
advertises all the supported speed and duplex modes in order to
negotiate the fastest link speed with the remote endpoint.
It is possible anyway to configure the device to just advertise and
accept a subset of supported modes.
This could be useful to properly enforce gigabit speeds on Ethernet:
as stated in IEEE 802.3 specification, auto-negotiation is mandatory
for 1000Base-T and 10GBase-T standards.
Allow specific values to 802-3-ethernet.speed and 802-3-ethernet.duplex
properties also when 802-3-ethernet.auto-negotiate=yes: this will
result in link auto-negotiation advertising the specified speed/duplex
mode as the only one available.

3 files changed, 43 insertions, 40 deletions

diff --git a/clients/common/settings-docs.h.in b/clients/common/settings-docs.h.in
index 86447af267..8f19274157 100644
--- a/clients/common/settings-docs.h.in
+++ b/clients/common/settings-docs.h.in
@@ -88,9 +88,9 @@
 #define DESCRIBE_DOC_NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD_FLAGS N_("Flags indicating how to handle the \"private-key-password\" property.")
 #define DESCRIBE_DOC_NM_SETTING_802_1X_SUBJECT_MATCH N_("Substring to be matched against the subject of the certificate presented by the authentication server. When unset, no verification of the authentication server certificate's subject is performed.  This property provides little security, if any, and its use is deprecated in favor of NMSetting8021x:domain-suffix-match.")
 #define DESCRIBE_DOC_NM_SETTING_802_1X_SYSTEM_CA_CERTS N_("When TRUE, overrides the \"ca-path\" and \"phase2-ca-path\" properties using the system CA directory specified at configure time with the --system-ca-path switch.  The certificates in this directory are added to the verification chain in addition to any certificates specified by the \"ca-cert\" and \"phase2-ca-cert\" properties. If the path provided with --system-ca-path is rather a file name (bundle of trusted CA certificates), it overrides \"ca-cert\" and \"phase2-ca-cert\" properties instead (sets ca_cert/ca_cert2 options for wpa_supplicant).")
-#define DESCRIBE_DOC_NM_SETTING_WIRED_AUTO_NEGOTIATE N_("If TRUE, enforce auto-negotiation of port speed and duplex mode.  If FALSE, \"speed\" and \"duplex\" properties should be both set or link configuration will be skipped.")
+#define DESCRIBE_DOC_NM_SETTING_WIRED_AUTO_NEGOTIATE N_("When TRUE, enforce auto-negotiation of speed and duplex mode. If \"speed\" and \"duplex\" properties are both specified, only that single mode will be advertised and accepted during the link auto-negotiation process: this works only for BASE-T 802.3 specifications and is useful for enforcing gigabits modes, as in these cases link negotiation is mandatory. When FALSE, \"speed\" and \"duplex\" properties should be both set or link configuration will be skipped.")
 #define DESCRIBE_DOC_NM_SETTING_WIRED_CLONED_MAC_ADDRESS N_("If specified, request that the device use this MAC address instead. This is known as MAC cloning or spoofing. Beside explicitly specifying a MAC address, the special values \"preserve\", \"permanent\", \"random\" and \"stable\" are supported. \"preserve\" means not to touch the MAC address on activation. \"permanent\" means to use the permanent hardware address if the device has one (otherwise this is treated as \"preserve\"). \"random\" creates a random MAC address on each connect. \"stable\" creates a hashed MAC address based on connection.stable-id and a machine dependent key. If unspecified, the value can be overwritten via global defaults, see manual of NetworkManager.conf. If still unspecified, it defaults to \"preserve\" (older versions of NetworkManager may use a different default value). On D-Bus, this field is expressed as \"assigned-mac-address\" or the deprecated \"cloned-mac-address\".")
-#define DESCRIBE_DOC_NM_SETTING_WIRED_DUPLEX N_("Can be specified only when \"auto-negotiate\" is \"off\". In that case, statically configures the device to use that specified duplex mode, either \"half\" or \"full\". Must be set together with the \"speed\" property if specified. Before specifying a duplex mode be sure your device supports it.")
+#define DESCRIBE_DOC_NM_SETTING_WIRED_DUPLEX N_("When a value is set, either \"half\" or \"full\", configures the device to use the specified duplex mode. If \"auto-negotiate\" is \"yes\" the specified duplex mode will be the only one advertised during link negotiation: this works only for BASE-T 802.3 specifications and is useful for enforcing gigabits modes, as in these cases link negotiation is mandatory. If the value is unset (the default), the link configuration will be either skipped (if \"auto-negotiate\" is \"no\", the default) or will be auto-negotiated (if \"auto-negotiate\" is \"yes\") and the local device will advertise all the supported duplex modes. Must be set together with the \"speed\" property if specified. Before specifying a duplex mode be sure your device supports it.")
 #define DESCRIBE_DOC_NM_SETTING_WIRED_GENERATE_MAC_ADDRESS_MASK N_("With \"cloned-mac-address\" setting \"random\" or \"stable\", by default all bits of the MAC address are scrambled and a locally-administered, unicast MAC address is created. This property allows to specify that certain bits are fixed. Note that the least significant bit of the first MAC address will always be unset to create a unicast MAC address. If the property is NULL, it is eligible to be overwritten by a default connection setting. If the value is still NULL or an empty string, the default is to create a locally-administered, unicast MAC address. If the value contains one MAC address, this address is used as mask. The set bits of the mask are to be filled with the current MAC address of the device, while the unset bits are subject to randomization. Setting \"FE:FF:FF:00:00:00\" means to preserve the OUI of the current MAC address and only randomize the lower 3 bytes using the \"random\" or \"stable\" algorithm. If the value contains one additional MAC address after the mask, this address is used instead of the current MAC address to fill the bits that shall not be randomized. For example, a value of \"FE:FF:FF:00:00:00 68:F7:28:00:00:00\" will set the OUI of the MAC address to 68:F7:28, while the lower bits are randomized. A value of \"02:00:00:00:00:00 00:00:00:00:00:00\" will create a fully scrambled globally-administered, burned-in MAC address. If the value contains more than one additional MAC addresses, one of them is chosen randomly. For example, \"02:00:00:00:00:00 00:00:00:00:00:00 02:00:00:00:00:00\" will create a fully scrambled MAC address, randomly locally or globally administered.")
 #define DESCRIBE_DOC_NM_SETTING_WIRED_MAC_ADDRESS N_("If specified, this connection will only apply to the Ethernet device whose permanent MAC address matches. This property does not change the MAC address of the device (i.e. MAC spoofing).")
 #define DESCRIBE_DOC_NM_SETTING_WIRED_MAC_ADDRESS_BLACKLIST N_("If specified, this connection will never apply to the Ethernet device whose permanent MAC address matches an address in the list.  Each MAC address is in the standard hex-digits-and-colons notation (00:11:22:33:44:55).")
@@ -100,7 +100,7 @@
 #define DESCRIBE_DOC_NM_SETTING_WIRED_S390_NETTYPE N_("s390 network device type; one of \"qeth\", \"lcs\", or \"ctc\", representing the different types of virtual network devices available on s390 systems.")
 #define DESCRIBE_DOC_NM_SETTING_WIRED_S390_OPTIONS N_("Dictionary of key/value pairs of s390-specific device options.  Both keys and values must be strings.  Allowed keys include \"portno\", \"layer2\", \"portname\", \"protocol\", among others.  Key names must contain only alphanumeric characters (ie, [a-zA-Z0-9]).")
 #define DESCRIBE_DOC_NM_SETTING_WIRED_S390_SUBCHANNELS N_("Identifies specific subchannels that this network device uses for communication with z/VM or s390 host.  Like the \"mac-address\" property for non-z/VM devices, this property can be used to ensure this connection only applies to the network device that uses these subchannels.  The list should contain exactly 3 strings, and each string may only be composed of hexadecimal characters and the period (.) character.")
-#define DESCRIBE_DOC_NM_SETTING_WIRED_SPEED N_("Can be set to a value greater than zero only when \"auto-negotiate\" is \"off\". In that case, statically configures the device to use that specified speed. In Mbit/s, ie 100 == 100Mbit/s. Must be set together with the \"duplex\" property when non-zero. Before specifying a speed value be sure your device supports it.")
+#define DESCRIBE_DOC_NM_SETTING_WIRED_SPEED N_("When a value grater than 0 is set, configures the device to use the specified speed. If \"auto-negotiate\" is \"yes\" the specified speed will be the only one advertised during link negotiation: this works only for BASE-T 802.3 specifications and is useful for enforcing gigabit speeds, as in this case link negotiation is mandatory. If the value is unset (0, the default), the link configuration will be either skipped (if \"auto-negotiate\" is \"no\", the default) or will be auto-negotiated (if \"auto-negotiate\" is \"yes\") and the local device will advertise all the supported speeds. In Mbit/s, ie 100 == 100Mbit/s. Must be set together with the \"duplex\" property when non-zero. Before specifying a speed value be sure your device supports it.")
 #define DESCRIBE_DOC_NM_SETTING_WIRED_WAKE_ON_LAN N_("The NMSettingWiredWakeOnLan options to enable. Not all devices support all options. May be any combination of NM_SETTING_WIRED_WAKE_ON_LAN_PHY (0x2), NM_SETTING_WIRED_WAKE_ON_LAN_UNICAST (0x4), NM_SETTING_WIRED_WAKE_ON_LAN_MULTICAST (0x8), NM_SETTING_WIRED_WAKE_ON_LAN_BROADCAST (0x10), NM_SETTING_WIRED_WAKE_ON_LAN_ARP (0x20), NM_SETTING_WIRED_WAKE_ON_LAN_MAGIC (0x40) or the special values NM_SETTING_WIRED_WAKE_ON_LAN_DEFAULT (0x1) (to use global settings) and NM_SETTING_WIRED_WAKE_ON_LAN_IGNORE (0x8000) (to disable management of Wake-on-LAN in NetworkManager).")
 #define DESCRIBE_DOC_NM_SETTING_WIRED_WAKE_ON_LAN_PASSWORD N_("If specified, the password used with magic-packet-based Wake-on-LAN, represented as an Ethernet MAC address.  If NULL, no password will be required.")
 #define DESCRIBE_DOC_NM_SETTING_ADSL_ENCAPSULATION N_("Encapsulation of ADSL connection.  Can be \"vcmux\" or \"llc\".")
diff --git a/libnm-core/nm-connection.c b/libnm-core/nm-connection.c
index 790e98b800..0c4d7ce18c 100644
--- a/libnm-core/nm-connection.c
+++ b/libnm-core/nm-connection.c
@@ -791,13 +791,11 @@ _normalize_ethernet_link_neg (NMConnection *self)
 	NMSettingWired *s_wired = nm_connection_get_setting_wired (self);
 
 	if (s_wired) {
-		gboolean autoneg = nm_setting_wired_get_auto_negotiate (s_wired);
 		guint32 speed = nm_setting_wired_get_speed (s_wired);
 		const char *duplex = nm_setting_wired_get_duplex (s_wired);
 
-		if (   (autoneg && (speed || duplex))
-		    || (!autoneg && (   (speed && !duplex)
-		                     || (!speed && duplex)))) {
+		if (   (speed && !duplex)
+		    || (!speed && duplex)) {
 			speed = 0;
 			duplex = NULL;
 			g_object_set (s_wired,
diff --git a/libnm-core/nm-setting-wired.c b/libnm-core/nm-setting-wired.c
index 3ad312e599..5da9ce7d7f 100644
--- a/libnm-core/nm-setting-wired.c
+++ b/libnm-core/nm-setting-wired.c
@@ -762,32 +762,16 @@ verify (NMSetting *setting, NMConnection *connection, GError **error)
 	 * with legacy nm-connection-editor which used to save "full" duplex connection as default
 	 */
 
-	if (priv->auto_negotiate) {
-		if (priv->duplex) {
-			g_set_error_literal (error,
-			                     NM_CONNECTION_ERROR,
-			                     NM_CONNECTION_ERROR_INVALID_PROPERTY,
-			                     _("when link autonegotiation is enabled no duplex value is accepted"));
-			g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRED_SETTING_NAME, NM_SETTING_WIRED_DUPLEX);
-			return NM_SETTING_VERIFY_NORMALIZABLE;
-		}
-		if (priv->speed) {
-			g_set_error_literal (error,
-			                     NM_CONNECTION_ERROR,
-			                     NM_CONNECTION_ERROR_INVALID_PROPERTY,
-			                     _("when link autonegotiation is enabled speed should be 0"));
-			g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRED_SETTING_NAME, NM_SETTING_WIRED_SPEED);
-			return NM_SETTING_VERIFY_NORMALIZABLE;
-		}
-	} else {
-		if (   ((priv->speed) && (!priv->duplex))
-		    || ((!priv->speed) && (priv->duplex))) {
-			g_set_error_literal (error,
-			                     NM_CONNECTION_ERROR,
-			                     NM_CONNECTION_ERROR_INVALID_PROPERTY,
-			                     _("both speed and duplex are required for static link configuration"));
-			return NM_SETTING_VERIFY_NORMALIZABLE;
-		}
+	if (   ((priv->speed) && (!priv->duplex))
+	    || ((!priv->speed) && (priv->duplex))) {
+
+		g_set_error_literal (error,
+				     NM_CONNECTION_ERROR,
+				     NM_CONNECTION_ERROR_INVALID_PROPERTY,
+		                     priv->auto_negotiate ?
+		                       _("both speed and duplex should have a valid value or both should be unset")
+		                     : _("both speed and duplex are required for static link configuration"));
+		return NM_SETTING_VERIFY_NORMALIZABLE;
 	}
 
 	return TRUE;
@@ -1033,8 +1017,16 @@ nm_setting_wired_class_init (NMSettingWiredClass *setting_wired_class)
 	/**
 	 * NMSettingWired:speed:
 	 *
-	 * Can be set to a value greater than zero only when "auto-negotiate" is "off".
-	 * In that case, statically configures the device to use that specified speed.
+	 * When a value grater than 0 is set, configures the device to use
+	 * the specified speed. If "auto-negotiate" is "yes" the specified
+	 * speed will be the only one advertised during link negotiation:
+	 * this works only for BASE-T 802.3 specifications and is useful for
+	 * enforcing gigabit speeds, as in this case link negotiation is
+	 * mandatory.
+	 * If the value is unset (0, the default), the link configuration will be
+	 * either skipped (if "auto-negotiate" is "no", the default) or will
+	 * be auto-negotiated (if "auto-negotiate" is "yes") and the local device
+	 * will advertise all the supported speeds.
 	 * In Mbit/s, ie 100 == 100Mbit/s.
 	 * Must be set together with the "duplex" property when non-zero.
 	 * Before specifying a speed value be sure your device supports it.
@@ -1057,8 +1049,16 @@ nm_setting_wired_class_init (NMSettingWiredClass *setting_wired_class)
 	/**
 	 * NMSettingWired:duplex:
 	 *
-	 * Can be specified only when "auto-negotiate" is "off". In that case, statically
-	 * configures the device to use that specified duplex mode, either "half" or "full".
+	 * When a value is set, either "half" or "full", configures the device
+	 * to use the specified duplex mode. If "auto-negotiate" is "yes" the
+	 * specified duplex mode will be the only one advertised during link
+	 * negotiation: this works only for BASE-T 802.3 specifications and is
+	 * useful for enforcing gigabits modes, as in these cases link negotiation
+	 * is mandatory.
+	 * If the value is unset (the default), the link configuration will be
+	 * either skipped (if "auto-negotiate" is "no", the default) or will
+	 * be auto-negotiated (if "auto-negotiate" is "yes") and the local device
+	 * will advertise all the supported duplex modes.
 	 * Must be set together with the "speed" property if specified.
 	 * Before specifying a duplex mode be sure your device supports it.
 	 **/
@@ -1079,9 +1079,14 @@ nm_setting_wired_class_init (NMSettingWiredClass *setting_wired_class)
 	/**
 	 * NMSettingWired:auto-negotiate:
 	 *
-	 * If %TRUE, enforce auto-negotiation of port speed and duplex mode.  If
-	 * %FALSE, "speed" and "duplex" properties should be both set or link configuration
-	 * will be skipped.
+	 * When %TRUE, enforce auto-negotiation of speed and duplex mode.
+	 * If "speed" and "duplex" properties are both specified, only that
+	 * single mode will be advertised and accepted during the link
+	 * auto-negotiation process: this works only for BASE-T 802.3 specifications
+	 * and is useful for enforcing gigabits modes, as in these cases link
+	 * negotiation is mandatory.
+	 * When %FALSE, "speed" and "duplex" properties should be both set or
+	 * link configuration will be skipped.
 	 **/
 	/* ---ifcfg-rh---
 	 * property: auto-negotiate