[NetworkManager-openconnect/explicit-split-default: 4/4] Handle default routes in split excludes
- From: David Woodhouse <dwmw2 src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [NetworkManager-openconnect/explicit-split-default: 4/4] Handle default routes in split excludes
- Date: Wed, 27 Apr 2022 13:27:05 +0000 (UTC)
commit 09623c726a0ff8d2f93dec4fe24a78d9706e6494
Author: David Woodhouse <dwmw2 infradead org>
Date: Mon Apr 25 10:34:35 2022 +0100
Handle default routes in split excludes
We attempted to 'fix' OpenConnect not to send these and to set the netmask
on the interface to 0 instead, but that caused compatibility problems which
we had to work around in commit 84e279cb7 ("src/helper: handle openconnect
8.20 netmask values.")
We want to revert that from the OpenConnect side as it's a regression, so
let's find a better way to achieve the original objective. Scan the split
includes to see if they include a default route. If they *do*, drop it from
the list we pass to NM explicitly, but *don't* set the never-default flag.
That should allow NM to honour the 'Use only for resources on this
connection' setting while still doing the right thing in other cases.
src/nm-openconnect-service-openconnect-helper.c | 23 +++++++++++++++++++----
1 file changed, 19 insertions(+), 4 deletions(-)
---
diff --git a/src/nm-openconnect-service-openconnect-helper.c b/src/nm-openconnect-service-openconnect-helper.c
index 6dd069f..69bcb49 100644
--- a/src/nm-openconnect-service-openconnect-helper.c
+++ b/src/nm-openconnect-service-openconnect-helper.c
@@ -305,7 +305,7 @@ split_dns_list_to_gvariant (const char *str)
}
static GVariant *
-get_ip4_routes (void)
+get_ip4_routes (gboolean *defaultroute)
{
GVariantBuilder builder;
GVariant *value;
@@ -362,6 +362,14 @@ get_ip4_routes (void)
prefix = nm_utils_ip4_netmask_to_prefix (netmask.s_addr);
}
+ /* If there is an explicit default route in the includes, let the
+ * caller know now to set the 'never default' flag. */
+ if (!prefix) {
+ *defaultroute = true;
+ continue;
+ }
+
+
g_variant_builder_init (&array, G_VARIANT_TYPE ("au"));
g_variant_builder_add_value (&array, g_variant_new_uint32 (network.s_addr));
g_variant_builder_add_value (&array, g_variant_new_uint32 (prefix));
@@ -380,7 +388,7 @@ get_ip4_routes (void)
}
static GVariant *
-get_ip6_routes (void)
+get_ip6_routes (gboolean *defaultroute)
{
GVariant *value = NULL;
GPtrArray *routes;
@@ -429,6 +437,13 @@ get_ip6_routes (void)
continue;
}
+ /* If there is an explicit default route in the includes, let the
+ * caller know now to set the 'never default' flag. */
+ if (!prefix) {
+ *defaultroute = true;
+ continue;
+ }
+
route = nm_ip_route_new (AF_INET6, network, prefix, NULL, -1, &error);
if (!route) {
_LOGW ("Ignoring a route: %s", error->message);
@@ -647,7 +662,7 @@ main (int argc, char *argv[])
}
/* Routes */
- val = get_ip4_routes ();
+ val = get_ip4_routes (¬_ipv4_never_default);
if (val) {
g_variant_builder_add (&ip4builder, "{sv}", NM_VPN_PLUGIN_IP4_CONFIG_ROUTES, val);
/* If routes-to-include were provided, that means no default route, unless it was set as
netmask */
@@ -698,7 +713,7 @@ main (int argc, char *argv[])
}
/* Routes */
- val = get_ip6_routes ();
+ val = get_ip6_routes (¬_ipv6_never_default);
if (val) {
g_variant_builder_add (&ip6builder, "{sv}", NM_VPN_PLUGIN_IP6_CONFIG_ROUTES, val);
/* If routes-to-include were provided, that means no default route, unless it was set as
netmask */
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
