settings: add match for proc cmdline

Add a new "kernel-command-line" match option to nm-settings. It allows
to disable a network connection configuration if a pattern is found or
is not found in /proc/cmdline.

1 files changed, 54 insertions, 1 deletions

diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c
index 27b1b600b1..272bf25336 100644
--- a/src/devices/nm-device.c
+++ b/src/devices/nm-device.c
@@ -5999,7 +5999,6 @@ check_connection_compatible (NMDevice *self, NMConnection *connection, GError **
 	gs_free_error GError *local = NULL;
 	gs_free char *conn_iface = NULL;
 	NMDeviceClass *klass;
-	const char *const *patterns;
 	NMSettingMatch *s_match;
 
 	klass = NM_DEVICE_GET_CLASS (self);
@@ -6042,14 +6041,68 @@ check_connection_compatible (NMDevice *self, NMConnection *connection, GError **
 	s_match = (NMSettingMatch *) nm_connection_get_setting (connection,
 	                                                        NM_TYPE_SETTING_MATCH);
 	if (s_match) {
+		const char *const *patterns;
 		guint num_patterns = 0;
 
+		/* interface_names */
 		patterns = nm_setting_match_get_interface_names (s_match, &num_patterns);
 		if (!nm_wildcard_match_check (device_iface, patterns, num_patterns)) {
 			nm_utils_error_set_literal (error, NM_UTILS_ERROR_CONNECTION_AVAILABLE_TEMPORARY,
 			                            "device does not satisfy match.interface-name property");
 			return FALSE;
 		}
+
+		{ /* kernel_command_line */
+			const char *const*proc_cmdline;
+			const char *const*proc_cmdline_i;
+			unsigned i;
+			gboolean pos_patterns = FALSE;
+
+			patterns = nm_setting_match_get_kernel_command_lines (s_match, &num_patterns);
+			proc_cmdline = nm_utils_proc_cmdline_split ();
+			for(i=0; i<num_patterns; i++) {
+				gboolean found = FALSE;
+				gboolean negative = FALSE;
+				const char *equal;
+				const char *patterns_i = patterns[i];
+
+				if(patterns_i[0] == '!') {
+					++patterns_i;
+					negative = TRUE;
+				} else {
+					pos_patterns = TRUE;
+				}
+				equal = strchr(patterns_i, '=');
+
+				proc_cmdline_i = proc_cmdline;
+				while (*proc_cmdline_i) {
+					if (equal) {  /* if pattern contains = compare full key=value */
+						found = nm_streq0(*proc_cmdline_i, patterns_i);
+					} else {      /* otherwise consider pattern as key only */
+						size_t l = strlen(patterns_i);
+						if (strncmp(*proc_cmdline_i, patterns_i, l) == 0) {
+							if((*proc_cmdline_i)[l] == 0 || (*proc_cmdline_i)[l] == '=') {
+								found = TRUE;
+							}
+						}
+					}
+					if(found && negative) {
+						nm_utils_error_set (error, NM_UTILS_ERROR_CONNECTION_AVAILABLE_TEMPORARY,
+						                    "device does not satisfy match.kernel-command-line property %s",
+						                    patterns[i]);
+						return FALSE;  /* first negative match */
+					}
+					proc_cmdline_i++;
+				}
+
+				if (pos_patterns == TRUE && found == FALSE) {  /* positive patterns configured but no match */
+					nm_utils_error_set (error, NM_UTILS_ERROR_CONNECTION_AVAILABLE_TEMPORARY,
+					                    "device does not satisfy any match.kernel-command-line property %s...",
+					                    patterns[0]);
+					return FALSE;
+				}
+			}
+		}
 	}
 
 	return TRUE;