In libnetplan v0.102 we introduced a regression, by breaking the ABI compatibility with netplan.io v0.101 (https://pad.lv/1922898)
This happened by introducing two new settings to the NetplanNetDefinition struct (char* filename and guint tunnel.ttl), modifying the memory layout, thus breaking applications linked against older versions of libnetplan0.

For char* filename, we can fix the problem by moving the new field to the end of the NetplanNetDefinition struct, thus not modifying the existing data layout, but only appending to it for the newer version.

For guint netdef->tunnels.ttl we cannot easily fix the problem easily, as this is a struct inside a struct and there seems to be only one byte left (at least on x86_64) before we hit the memory boundary, while this new guint field needs 4 bytes. So we rename that field as tunnel_ttl and append it to the end of the net_definition struct.

COMMITS:
* Revert "Added TTL option for tunnels (LP: #1846783) (#194)"
This reverts commit 6c8ed65d.
* parse.h: move new 'filename' pointer to the end to avoid changes in the memory layout
* Revert "Revert "Added TTL option for tunnels (LP: #1846783) (#194)""
This reverts commit 97d7d35704f3c3b80ba63e4f054fd8ac6303ba37.
* parse: fix ABI compatibility with tunnel.ttl
* doc: update tunnel_ttl documentation

Co-authored-by: Lukas Märdian <slyon@ubuntu.com>

Move the new activation_mode struct member to the end of the struct and bump the netplan minimum version for the feature.

Improve test coverage and handle additional error cases.

This is a follow-up for #208 wrt. snapcore/snapd#10212

Proxy the 'netplan generate' CLI via DBus, if called from within a snap,
to work around the strict AppArmor confinement.

see: snapcore/snapd#10212

COMMITS:
* dbus:cli: implement io.netplan.Netplan.Generate()
Proxy the 'netplan generate' CLI via DBus, if called from within a snap,
to work around the strict AppArmor confinement.
see: https://github.com/snapcore/snapd/pull/10212
* doc: mention Netplan.Generate() DBus method

Using os.replace() leads to "Invalid cross-device link" errors on Core20 setups, due to having different mounts.
Use shutil.copy2() & os.remove() instead.

* cli:set: Fix netplan-set on Core20
* cli:set: use shutil.copy2()

Fixes the parse error for dict values that include ":"

COMMITS:
* Fix parsing of values with colons
* Update test_ovs.py
Fix pycodestyle pipeline
* Update ovs.py
One more pycodestyle error
* Update test_ovs.py
Add raw string to cure PEP8 fail
* tests:ovs: improve coverage for colon values

Co-authored-by: Pete MacKinnon <pmackinnon@nvidia.com>
Co-authored-by: Lukas Märdian <lukas.maerdian@canonical.com>

COMMITS:
* cli:apply: cleanup formatting
* cli:apply:utils: use networkctl reload/reconfigure
* utils: consolidate methods
* test:utils: improve coverage
* cli:utils: Review improvement for list handling
make use of list.extend() instead of individual list.append()s
Co-authored-by: Łukasz Zemczak <sil2100@vexillium.org>

This PR builds upon some functionality from #193, so that one should be merged first. It extends the existing CLI functionality of netplan set to auto-detect the filename of the corresponding YAML config which contains the original definition of this netdef. If, for example, there is a config file /etc/netplan/00-my-manual-config.yaml containing a definition for eth0 and we're calling netplan set network.ethernets.eth0.dhcp4=false, that setting will be overridden in 00-my-manual-config.yaml instead of masking it via 70-netplan-set.yaml.

If the set command contains multiple netdefs (e.g. netplan set network="{ethernets:{eth0:{dhcp4: true}}, bridges:{br0:{dhcp6: true}}}"), each will be checked individually and written to its corresponding file. If there is no prior definition of a given netdef, it will be written to 70-netplan-set.yaml by default.

Additionally, this PR introduces a small bug-fix to make netplan get network work, returning the full YAML tree, except for the top level network key.

In the C library libnetplan a new netplan_get_filename_by_id() API is introduced, parsing the current set of YAML configs and checking the resulting hashtable for the filename of the highest priority netdef.

fix match.original_name vs netdef->id shortcut (it shall be the same value, but not same reference/pointer)
Tracking of filename per netdef in the YAML parser
Improve wake-on-lan handling
Use NM aliases for wifi/ethernet keyfile groups
Refactoring NetworkManager keyfile generator to use GKeyFile instead of GString
Adding a NetworkManager keyfile parser
Adding a netplan YAML generator
New APIs introduced:

// YAML generator
void write_netplan_conf(const NetplanNetDefinition* def, const char* rootdir);
// NM keyfile parser
gboolean netplan_parse_keyfile(const char* filename, GError** error);
// general & utils
guint netplan_clear_netdefs();
gboolean netplan_delete_connection(const char* id, const char* rootdir);
gboolean netplan_generate(const char* rootdir);
gchar* netplan_get_id_from_nm_filename(const char* filename, const char* ssid);


== COMMITS: ==

* Prepare for NetworkManager YAML backend functionality (#181)

This is the first in a series of pull request to be prepared for setting up the functionality for a NetworkManager YAML/netplan backend, to be merged into slyon/networkmanager-yaml-backend before it will collectively be merged into master.

This PR refactors some of the YAML processing logic into libnetplan (from the generate binary), keeps track of the filename (absolute path) of the YAML file for each NetplanNetDefinition and implements a first additional library function netplan_get_id_from_nm_filename, which will output the NetplanNetDefinition ID given a path to a netplan generated .nmconnection keyfile in /run/NetworkManager/system-connections/.

The netplan ID is not stored inside NM's data structures, therefore we need a way to gain netplan's identifier for any given connection profile.

Commits:
* parse:generate: refactor process_yaml_hierarchy
* parse: track filename of netdefs
* parse: add netplan_get_id_from_filename library function
* parse: fix typo
* generate: some stylistic cleanup
* util: move netplan_get_id_from_nm_filename from parse.c

* Implement netplan_generate and netplan_delete_connection APIs (#182)

This is 2nd in a series of pull request implementing the functionality in libnetplan to provide a NetworkManager YAML backend. It builds upon #181

* It improves the netplan set CLI a bit, to delete a file, if only network: {version: 2} is left.
* It implements a netplan_generate function, which will call netplan generate in the background by spawning another process.
  * At some point the generate binary should be refactored, to call functions of libnetplan instead, so we could use this same (refactored) functionality inside the library directly
  * But for now this is as good as it gets...
* It implements a netplan_delete_connection function, which will delete a connection from the YAML structure of a file (or potentially the whole file, if it is empty afterwards), by utilizing the netplan set network.TYPE.IFNAME=NULL functionality by spawning another process.
  * At some point we should get rid of this Python/C split of the YAML parsers, to have all the functionality available inside the C library.
  * But for now this is as good as it gets, without duplicating any logic...

* NM: refactor keyfile generator, by using GLib's keyfile writer instead of custom writer (#184)

This is the 3rd in a series of pull requests to enable the implementation of a YAML/netplan backend for NetworkManager.

In this PR netplan's current keyfile generation code (in nm.c) is refactored to make use of GLib's keyfile writer, instead of using a custom, home grown approach. This way the keyfile settings can easily be read, written and overwritten (e.g. by the keyfile passthrough/fallback settings in #183) and it should be more robust overall.

While on it: Clean up the usage of keyfile alias for ethernet, wifi and wifi-security, which NetworkManager writes by default since a long time.

Commits:
* nm: refactoring to use GKeyFile writer, instead of home grown
* nm: uses alias for 'ethernet', 'wifi' and 'wifi-security'
NetworkManager writes the alias for 'ethernet' (802-3-ethernet), 'wifi' (802-11-wireless) and 'wifi-security' (802-11-wireless-security) settings by default since a long time, we should do so as well. Especially we should not mix and match.
see:
https://bugzilla.gnome.org/show_bug.cgi?id=696940 https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/c36200a225aefb2a3919618e75682646899b82c0


nm_keyfile_plugin_kf_set* from nm-keyfile-utils.c (libnm-core)

* Prepare passthrough mode for NM backend and YAML serializer (#187)

This is 4th in a series of pull requests. It enables parsing of the passthrough keyword inside the networkmanager backend settings, inside any netdef or wifi AP. Furthermore, it add a new serialize.c/h module, which can take a single netdef and render it into a YAML file. Testing is implemented by rendering a given YAML file into a new YAML file, and comparing the 1:1 match.

The YAML serializer does (by far) not yet support all supported netplan settings, but only the minimal set to enable the NetworkManager backend via passthrough mode.

The NM backend settings need to be available in every wifi AP definition (in addition to the netdef itself), as in the NetworkManager world, each wifi connection is a separate connection profile, while in the netplan world the wifi networks/AP are combined under a single device/netdef. But the settings passthrough (i.e. fallback mode) needs to be available for each individual NM connection profile, therefore we need them in the AP struct.

The passthrough setting is a mapping inside backend specific settings of key-value pairs, where the keys are separated by a dot in the format KEYFILE_GROUP.KEYFILE_KEY. Those values are passed through to the keyfile as is, and can be used as a fallback mechanism, where a specific feature is not yet implemented.

* Implement NM keyfile passthrough mode as a fallback mechanism (#183)

This is 5th in a series of pull requests to prepare for the NetworkManager YAML backend. It builds upon #187

It introduces a new (undocumented) top level type others, which needs to be used when a NM connection of unsupported type needs to be written. If used the connection.type needs to be specified by a passthrough setting, e.g.:

network:
  version: 2
  others:
    renderer: NetworkManager
    networkmanager:
      uuid: ...
      passthrough:
        connection.type: vxlan
        ipv4.method: auto
        ...
others is undocumented on purpose, as this is not supposed to be used in regular netplan configs, but can be used as a fallback mechanism, if a given network connection type is not yet implemented in netplan. It can then still be used via passthrough mode.
Furthermore, this PR introduced a new module nm-keyfile to libnetplan, which contains some logic to help with integration of the NetworkManager YAML settings backend. Especially the netplan_render_yaml_from_nm_keyfile function, which transforms a given GKeyFile* structure into a valid NetplanNetDefinition* structure and uses the serializer to transform this into a valid netplan YAML and save it to disk. For now this makes heavy use the the passthrough fallback mechanism, but it will be extended to place keyfile settings into the correct netplan schema in the future, step by step.

The nm.c module was extended to make use of the passthrough fallback mechanism, to render a valid NetworkManager keyfile out of this data and write it to disk. It uses the internal netplan data structure to generate the keyfile as usual, but allows to extend (or override) specified settings via passthrough if they are not (yet/fully) supported.

As discussed in #181, the netplan_get_id_from_nm_filename function is moved into this new nm-keyfile module from utils as this might be a better place for keyfile specific functionality.

Currently this PR is based upon the slyon/nm-4 branch. It will be rebased once PR #187 is merged, but the underlying base shouldn't change too much, so it should be fine to review this already.

Commits:
* nm-keyfile: Add netplan_render_yaml_from_nm_keyfile API
* configmanager: handle 'others' key
* nm: Implement fallback/passthrough mode
* nm-keyfile: support wifis, modems, bridges in addition to ethernets (and others)
* nm-keyfile: cleanup
* nm-keyfile: support bonds, vlans, tunnels
* validation: check others vs passthrough
* nm: fallback generator: allow dotted groups (i.e. wireguard-peer)
* nm: Update copyright
* nm-keyfile: handle connection-type alias
* WIP: nm: fallback integration
* nm-keyfile: modularize and clear handled fallback keys
* WIP: nm: fallback wifi_mode & interface_name
* WIP: netplan-yaml: draft YAML export
* NM: split into keyfile parser and YAML serializer
* nm-keyfile: cleanup
* nm: cleanup
* parse: cleanup
* nm: mention overriden settings in keyfile comment
* nm: allow to specify name (NM id) from backend_settings
* nm: simplify connection.type error handling
* test_nm_backend: adopt tests
* nm-keyfile: move netplan_get_id_from_nm_filename from util
* tests: move generator tests into generator/test_passthrough.py
* nm-keyfile: clear netdefs and improve docs
* nm: improve comments/docs
* nm-keyfile: support canonical names in addition to alias
* nm-keyfile: improve formatting
* doc: mention the  device type

* Improvements for the NetworkManager YAML backend integration (#189)

This PR is 6th in a series of pull requests to prepare for the NetworkManager YAML backend. It builds upon #183 and contains a few improvements and fixes, enabling the NetworkManager test-suite (i.e. make check) to fully pass, especially the tests in the patched keyfile plugin (src/settings/plugins/keyfile/tests/test-keyfile-settings).

It implements the following functionality:

Adding some basic support for the modems YAML schema, to allow matching of (physical) modem interfaces and enable the detection of GSM vs CDMA connections, which are distinct in NM while using the same definition in Netplan.
Switching the passthrough key-value pairs to a DataList (instead of HashTable), to keep order of the keyfile elements, which is relevant in some cases (e.g. for tc.qdiscs)
Avoid parsing and serialization of type other connections, as they might not contain the relevant handlers. Use full passthrough mode for those connections, to avoid parsing failures.
Allow independent modification of Netdef ID & match.name, to enable changing the connection.interface-name from nmcli, while keeping the netdef ID equal to a previously existing ID. This enables overriding of existing netdef ID by 90-NM-... YAML file, keeping the same Netdef ID.
Implement handling of keyfile UUIDs for each NM connection profile
Implement handling of empty keyfile groups (i.e. relevant for [bridge])

Commits:
* nm:nm-keyfile: allow to define empty Keyfile groups, like [bridge] or [proxy]
* passthrough: switch from GHashTable to GDataList, as some of the keyfile values need to be ordered, like tc.qdisks or tc.filters
* nm: special handling for [tc] group, where keys can contain dots
* serialize: write match stanza only for physical devices
* parse: modems are physical links and can have a 'match' stanza
* parse: improve clearing of netdefs
* nm: improve annotation of passthrouh settings
* nm-keyfile: improve removal of supported keys
Also, removes the group, if all of its keys were removed
* nm: improve detection of GSM connection
GSM/CDMA can also be defined on a type=bluetooth connection – not just
on MODEMS connections
* nm:nm-keyfile:serialize: set wakeonlan only for ethernet devices
* nm-keyfile:serialize: some modem stanzas
* nm-keyfile:serialize: handle OTHER type via full passthrough mode
* nm:nm-keyfile:serialize: improve interface-name/match handling
* nm: improve handling of NM uuid
* nm: improve passthrough.connection.type handling
* nm: improve handling of wifi.mode
* tests: add and adopt test cases
* nm-keyfile: allow to pass a previously known netdef ID, to enable overrides
* parse: allow changing match.name independenly of netdef ID
* nm-keyfile: update GSM vs CDMA comment
* parse: avoid creation of 'netdefs' hashmap in netplan_parse_yaml

* NM Integration: API update & Parser/Generator split (#191)

This is 7th in a series of pull requests to provide the API needed for implementation of a NetworkManager YAML backend. It builds upon #189

Changes contained in this PR:

*    Split the code/modules into a YAML/netplan generator (netplan.o in addition to nm.o, networkd.o, openvswitch.o, ...)
*    Split the code/modules into a keyfile/NM parser (parse-nm.o in addition to our YAML/netplan parser in parse.o)
*    Rename others top-level device type/stanza to nm-devices to make it more explicit and print a warning when using it
*    Move netplan_get_id_from_nm_filename back to utils.o, as it does not fit into the parse-nm.o module anymore (it is no parser specific functionality). Apply a small improvement to detect netplan_ids in testing scenario, where rootdir is provided.
*    Unify the new netplan generator module API with the other generators: void write_netplan_conf(const NetplanNetDefinition* def, const char* rootdir)
*    Unify the new keyfile parser module API with the other parser: gboolean netplan_parse_keyfile(const char* filename, GError** error)

* cleanup

Co-authored-by: Łukasz Zemczak <sil2100@vexillium.org>

Using arp-ip-targets as below is generating 10-netplan-bond0.netdev file which contains ARPIPTargets property with duplicated values;

arp-ip-targets:
- 10.10.10.10
- 20.20.20.20

ARPIPTargets=10.10.10.10 20.20.20.20 10.10.10.10 20.20.20.20

Duplicate values in ARPIPTargets prevents systemd-networkd to process the netdev file due to a validation error in Ubuntu 18.04LTS.

Commits:
* Prevent to have duplicate values set to ARPIPTargets in NetDev files (LP: #1915837)
* Added a test case to check ARPIPTargets value in NetDev files (LP: #1915837) (#199)
* Improved the test case to trigger multiple pass on the YAML config (LP: #1915837) (#199)
* Reduced the test case content to the required base minimum configuration items (LP: #1915837) (#199)
Co-authored-by: Kivanc Sunkar <kivanc@linxa.com>

Encapsulate wifi tests into own test class (requiring modprobe, i.e. isolation-machine level).
Make sure the management always stays up an connected (incl. DNS), independently of netplan

* tests: refactor WiFi parts into own class
* tests: keep management network up at all times during integration tests

Enable Github's CodeQL code scanning feature for periodic security checks.

* Enable CodeQL
* install build-dep to fix autobuild

Some protocols set the TTL field of the packet to 1; when passing through the tunnel, the packet is discarded. To solve the problem, the tunnel has the TTL option, but it was not in netplan.

According to https://bugs.launchpad.net/netplan/+bug/1846783

 this is required for IPIP/SIT/GRE tunnels.

Co-authored-by: kev1989 <krupenevev@gmail.com>

Add possibility to set initcwnd/initrwnd options on routes.

Commits:
* Added per route initcwnd/initrwnd option
* fixed integration test
* fixed integration test
* Update doc/netplan.md
Co-authored-by: Lukas Märdian <luk@slyon.de>
* Update doc/netplan.md
Co-authored-by: Lukas Märdian <luk@slyon.de>
* Update doc/netplan.md
Co-authored-by: Lukas Märdian <luk@slyon.de>
* Update src/parse.c
Co-authored-by: Lukas Märdian <luk@slyon.de>
* Update doc/netplan.md
Co-authored-by: Lukas Märdian <luk@slyon.de>
* Fixed formating and indentation
* Update tests/integration/routing.py
Co-authored-by: Lukas Märdian <luk@slyon.de>
* parse: rename congestion-window & advertised-receive-window
Co-authored-by: Marcin Matląg <mmatlag@sitel.net.pl>
Co-authored-by: Lukas Märdian <luk@slyon.de>
Co-authored-by: Lukas Märdian <lukas.maerdian@canonical.com>

In some cases the netifaces.ifaddresses() method returns an empty dict. Accessing this dict throws a KeyError, because there is no netifaces.AF_LINK (= 17) link layer address data.

Closes: #979266 (Debian)
systemd-resolve was renamed to resolvectl as of v239

Added information about the other accepted scalar duid which can be specified or is assumed if the option is omitted entirely.

Co-authored-by: Lukas Märdian <lukas.maerdian@canonical.com>

Co-authored-by: Lukas Märdian <lukas.maerdian@canonical.com>

Co-authored-by: Lukas Märdian <lukas.maerdian@canonical.com>