vpn: Use nm_device_create_l3_config_data_from_connection if possible

Using nm_device_create_l3_config_data_from_connection in favor of nm_l3_config_data_new_from_connection allows the connection properties: connection.mdns, connection.llmnr, connection.dns-over-tls, connection.dnssec, connection.mptcp-flags, and ipv6.ip6-privacy to be read from the vpn's connection settings allowing them to be applied to vpn connections.
2025-12-20 04:40:04 +01:00 · 2025-09-03 15:41:29 +02:00 · 2025-09-03 15:41:29 +02:00 · 306f9c490b
commit 306f9c490b
parent 441e77a44c
4 changed files with 27 additions and 7 deletions
--- a/3
+++ b/3
@ -29,6 +29,9 @@ USE AT YOUR OWN RISK.  NOT RECOMMENDED FOR PRODUCTION USE!
  per-connection via the "connection.dnssec" connection property.
 * Support configuring the HSR interlink port via the
  "hsr.interlink" property.
+* Fix some connection properties not being applied to vpn connections
+  (connection.mdns, connection.llmnr, connection.dns-over-tls,
+   connection.mptcp-flags, ipv6.ip6-privacy)

 =============================================
 NetworkManager-1.54
--- a/src/core/devices/nm-device-private.h
+++ b/src/core/devices/nm-device-private.h
@ -115,9 +115,6 @@ gboolean nm_device_sysctl_ip_conf_set(NMDevice   *self,

 NML3ConfigData *nm_device_create_l3_config_data(NMDevice *self, NMIPConfigSource source);

-NML3ConfigData *nm_device_create_l3_config_data_from_connection(NMDevice     *self,
-                                                                NMConnection *connection);
-
 void nm_device_ip_method_dhcp4_start(NMDevice *self);

 void nm_device_ip_method_autoconf6_start(NMDevice *self);
--- a/src/core/devices/nm-device.h
+++ b/src/core/devices/nm-device.h
@ -853,4 +853,7 @@ void nm_routing_rules_sync(NMConnection *applied_connection,
                           NMDevice *self,
                           NMNetns  *netns);

+NML3ConfigData *nm_device_create_l3_config_data_from_connection(NMDevice     *self,
+                                                                NMConnection *connection);
+
 #endif /* __NETWORKMANAGER_DEVICE_H__ */
--- a/src/core/vpn/nm-vpn-connection.c
+++ b/src/core/vpn/nm-vpn-connection.c
@ -26,10 +26,12 @@
 #include "nm-active-connection.h"
 #include "nm-config.h"
 #include "nm-dbus-manager.h"
+#include "devices/nm-device.h"
 #include "nm-dispatcher.h"
 #include "nm-firewalld-manager.h"
 #include "nm-ip-config.h"
 #include "nm-l3-config-data.h"
+#include "nm-manager.h"
 #include "nm-netns.h"
 #include "nm-pacrunner-manager.h"
 #include "nm-vpn-manager.h"
@ -1409,9 +1411,11 @@ _check_complete(NMVpnConnection *self, gboolean success)
    NMVpnConnectionPrivate                 *priv = NM_VPN_CONNECTION_GET_PRIVATE(self);
    nm_auto_unref_l3cd_init NML3ConfigData *l3cd = NULL;
    NMConnection                           *connection;
+    NMDevice                               *device;
    NMSettingConnection                    *s_con;
    const char                             *zone;
    const char                             *iface;
+    int                                     ifindex;

    if (priv->vpn_state < STATE_IP_CONFIG_GET || priv->vpn_state > STATE_ACTIVATED)
        return;
@ -1437,10 +1441,23 @@ _check_complete(NMVpnConnection *self, gboolean success)
    }

    connection = _get_applied_connection(self);
-
-    l3cd = nm_l3_config_data_new_from_connection(nm_netns_get_multi_idx(priv->netns),
-                                                 nm_vpn_connection_get_ip_ifindex(self, TRUE),
-                                                 connection);
+    ifindex    = nm_vpn_connection_get_ip_ifindex(self, FALSE);
+    /* Use nm_device_create_l3_config_data_from_connection here if possible. This ensures that
+     * connection properties like mdns, llmnr, dns-over-tls or dnssec are applied to vpn connections
+     * If this vpn connection does not have its own device resort to nm_l3_config_data_new_from_connection
+     * since we can't properly apply these properties anyway
+     */
+    if (ifindex > 0) {
+        device = nm_manager_get_device_by_ifindex(NM_MANAGER_GET, ifindex);
+        nm_assert(device);
+        l3cd = nm_device_create_l3_config_data_from_connection(device, connection);
+    } else {
+        l3cd = nm_l3_config_data_new_from_connection(nm_netns_get_multi_idx(priv->netns),
+                                                     nm_vpn_connection_get_ip_ifindex(self, TRUE),
+                                                     connection);
+        _LOGD("VPN connection does not have its own device. Some connection properties won't be "
+              "supported.");
+    }

    nm_l3_config_data_set_allow_routes_without_address(l3cd, AF_INET, TRUE);
    nm_l3_config_data_set_allow_routes_without_address(l3cd, AF_INET6, TRUE);