diff --git a/NEWS b/NEWS index 0443da7082..b8d5976c10 100644 --- a/NEWS +++ b/NEWS @@ -29,6 +29,9 @@ USE AT YOUR OWN RISK. NOT RECOMMENDED FOR PRODUCTION USE! per-connection via the "connection.dnssec" connection property. * Support configuring the HSR interlink port via the "hsr.interlink" property. +* Fix some connection properties not being applied to vpn connections + (connection.mdns, connection.llmnr, connection.dns-over-tls, + connection.mptcp-flags, ipv6.ip6-privacy) ============================================= NetworkManager-1.54 diff --git a/src/core/devices/nm-device-private.h b/src/core/devices/nm-device-private.h index 2f73a01bac..2b4793eb38 100644 --- a/src/core/devices/nm-device-private.h +++ b/src/core/devices/nm-device-private.h @@ -115,9 +115,6 @@ gboolean nm_device_sysctl_ip_conf_set(NMDevice *self, NML3ConfigData *nm_device_create_l3_config_data(NMDevice *self, NMIPConfigSource source); -NML3ConfigData *nm_device_create_l3_config_data_from_connection(NMDevice *self, - NMConnection *connection); - void nm_device_ip_method_dhcp4_start(NMDevice *self); void nm_device_ip_method_autoconf6_start(NMDevice *self); diff --git a/src/core/devices/nm-device.h b/src/core/devices/nm-device.h index 8632944a2d..2f287953eb 100644 --- a/src/core/devices/nm-device.h +++ b/src/core/devices/nm-device.h @@ -853,4 +853,7 @@ void nm_routing_rules_sync(NMConnection *applied_connection, NMDevice *self, NMNetns *netns); +NML3ConfigData *nm_device_create_l3_config_data_from_connection(NMDevice *self, + NMConnection *connection); + #endif /* __NETWORKMANAGER_DEVICE_H__ */ diff --git a/src/core/vpn/nm-vpn-connection.c b/src/core/vpn/nm-vpn-connection.c index 22364ef9dc..0b36459cf7 100644 --- a/src/core/vpn/nm-vpn-connection.c +++ b/src/core/vpn/nm-vpn-connection.c @@ -26,10 +26,12 @@ #include "nm-active-connection.h" #include "nm-config.h" #include "nm-dbus-manager.h" +#include "devices/nm-device.h" #include "nm-dispatcher.h" #include "nm-firewalld-manager.h" #include "nm-ip-config.h" #include "nm-l3-config-data.h" +#include "nm-manager.h" #include "nm-netns.h" #include "nm-pacrunner-manager.h" #include "nm-vpn-manager.h" @@ -1409,9 +1411,11 @@ _check_complete(NMVpnConnection *self, gboolean success) NMVpnConnectionPrivate *priv = NM_VPN_CONNECTION_GET_PRIVATE(self); nm_auto_unref_l3cd_init NML3ConfigData *l3cd = NULL; NMConnection *connection; + NMDevice *device; NMSettingConnection *s_con; const char *zone; const char *iface; + int ifindex; if (priv->vpn_state < STATE_IP_CONFIG_GET || priv->vpn_state > STATE_ACTIVATED) return; @@ -1437,10 +1441,23 @@ _check_complete(NMVpnConnection *self, gboolean success) } connection = _get_applied_connection(self); - - l3cd = nm_l3_config_data_new_from_connection(nm_netns_get_multi_idx(priv->netns), - nm_vpn_connection_get_ip_ifindex(self, TRUE), - connection); + ifindex = nm_vpn_connection_get_ip_ifindex(self, FALSE); + /* Use nm_device_create_l3_config_data_from_connection here if possible. This ensures that + * connection properties like mdns, llmnr, dns-over-tls or dnssec are applied to vpn connections + * If this vpn connection does not have its own device resort to nm_l3_config_data_new_from_connection + * since we can't properly apply these properties anyway + */ + if (ifindex > 0) { + device = nm_manager_get_device_by_ifindex(NM_MANAGER_GET, ifindex); + nm_assert(device); + l3cd = nm_device_create_l3_config_data_from_connection(device, connection); + } else { + l3cd = nm_l3_config_data_new_from_connection(nm_netns_get_multi_idx(priv->netns), + nm_vpn_connection_get_ip_ifindex(self, TRUE), + connection); + _LOGD("VPN connection does not have its own device. Some connection properties won't be " + "supported."); + } nm_l3_config_data_set_allow_routes_without_address(l3cd, AF_INET, TRUE); nm_l3_config_data_set_allow_routes_without_address(l3cd, AF_INET6, TRUE);