From 441e77a44c6c02be611d2034dba86880b5582643 Mon Sep 17 00:00:00 2001 From: Robin Ebert Date: Wed, 3 Sep 2025 20:30:26 +0200 Subject: [PATCH 1/2] core: Make nm_device_create_l3_config_data_from_connection behave as expected Currently nm_device_create_l3_config_data_from_connection uses the connection applied to the given device for some properties. Altough this currently works since all users of nm_device_create_l3_config_data_from_connection provide the applied connection as parameter, it behaves unexpectedly when another connection is given. --- src/core/devices/nm-device.c | 40 +++++++++++++----------------------- 1 file changed, 14 insertions(+), 26 deletions(-) diff --git a/src/core/devices/nm-device.c b/src/core/devices/nm-device.c index 69f4ddb6c9..04850fbecf 100644 --- a/src/core/devices/nm-device.c +++ b/src/core/devices/nm-device.c @@ -1411,14 +1411,12 @@ _prop_get_ipvx_routed_dns(NMDevice *self, int addr_family) } static NMSettingConnectionMdns -_prop_get_connection_mdns(NMDevice *self) +_prop_get_connection_mdns(NMDevice *self, NMConnection *connection) { - NMConnection *connection; NMSettingConnectionMdns mdns = NM_SETTING_CONNECTION_MDNS_DEFAULT; g_return_val_if_fail(NM_IS_DEVICE(self), NM_SETTING_CONNECTION_MDNS_DEFAULT); - connection = nm_device_get_applied_connection(self); if (connection) mdns = nm_setting_connection_get_mdns(nm_connection_get_setting_connection(connection)); if (mdns != NM_SETTING_CONNECTION_MDNS_DEFAULT) @@ -1453,14 +1451,12 @@ _prop_get_sriov_preserve_on_down(NMDevice *self, NMSettingSriov *s_sriov) } static NMSettingConnectionLlmnr -_prop_get_connection_llmnr(NMDevice *self) +_prop_get_connection_llmnr(NMDevice *self, NMConnection *connection) { - NMConnection *connection; NMSettingConnectionLlmnr llmnr = NM_SETTING_CONNECTION_LLMNR_DEFAULT; g_return_val_if_fail(NM_IS_DEVICE(self), NM_SETTING_CONNECTION_LLMNR_DEFAULT); - connection = nm_device_get_applied_connection(self); if (connection) llmnr = nm_setting_connection_get_llmnr(nm_connection_get_setting_connection(connection)); if (llmnr != NM_SETTING_CONNECTION_LLMNR_DEFAULT) @@ -1475,14 +1471,12 @@ _prop_get_connection_llmnr(NMDevice *self) } static NMSettingConnectionDnsOverTls -_prop_get_connection_dns_over_tls(NMDevice *self) +_prop_get_connection_dns_over_tls(NMDevice *self, NMConnection *connection) { - NMConnection *connection; NMSettingConnectionDnsOverTls dns_over_tls = NM_SETTING_CONNECTION_DNS_OVER_TLS_DEFAULT; g_return_val_if_fail(NM_IS_DEVICE(self), NM_SETTING_CONNECTION_DNS_OVER_TLS_DEFAULT); - connection = nm_device_get_applied_connection(self); if (connection) dns_over_tls = nm_setting_connection_get_dns_over_tls( nm_connection_get_setting_connection(connection)); @@ -1498,14 +1492,12 @@ _prop_get_connection_dns_over_tls(NMDevice *self) } static NMSettingConnectionDnssec -_prop_get_connection_dnssec(NMDevice *self) +_prop_get_connection_dnssec(NMDevice *self, NMConnection *connection) { - NMConnection *connection; NMSettingConnectionDnssec dnssec = NM_SETTING_CONNECTION_DNSSEC_DEFAULT; g_return_val_if_fail(NM_IS_DEVICE(self), NM_SETTING_CONNECTION_DNSSEC_DEFAULT); - connection = nm_device_get_applied_connection(self); if (connection) dnssec = nm_setting_connection_get_dnssec(nm_connection_get_setting_connection(connection)); if (dnssec != NM_SETTING_CONNECTION_DNSSEC_DEFAULT) @@ -1520,14 +1512,12 @@ _prop_get_connection_dnssec(NMDevice *self) } static NMMptcpFlags -_prop_get_connection_mptcp_flags(NMDevice *self) +_prop_get_connection_mptcp_flags(NMDevice *self, NMConnection *connection) { - NMConnection *connection; - NMMptcpFlags mptcp_flags = NM_MPTCP_FLAGS_NONE; + NMMptcpFlags mptcp_flags = NM_MPTCP_FLAGS_NONE; g_return_val_if_fail(NM_IS_DEVICE(self), NM_MPTCP_FLAGS_DISABLED); - connection = nm_device_get_applied_connection(self); if (connection) { mptcp_flags = nm_setting_connection_get_mptcp_flags(nm_connection_get_setting_connection(connection)); @@ -2493,16 +2483,14 @@ _prop_get_ipv4_dhcp_vendor_class_identifier(NMDevice *self, NMSettingIP4Config * } static NMSettingIP6ConfigPrivacy -_prop_get_ipv6_ip6_privacy(NMDevice *self) +_prop_get_ipv6_ip6_privacy(NMDevice *self, NMConnection *connection) { NMSettingIP6ConfigPrivacy ip6_privacy; - NMConnection *connection; g_return_val_if_fail(self, NM_SETTING_IP6_CONFIG_PRIVACY_UNKNOWN); /* 1.) First look at the per-connection setting. If it is not -1 (unknown), * use it. */ - connection = nm_device_get_applied_connection(self); if (connection) { NMSettingIPConfig *s_ip6 = nm_connection_get_setting_ip6_config(connection); @@ -3635,12 +3623,12 @@ nm_device_create_l3_config_data_from_connection(NMDevice *self, NMConnection *co l3cd = nm_l3_config_data_new_from_connection(nm_device_get_multi_index(self), ifindex, connection); - nm_l3_config_data_set_mdns(l3cd, _prop_get_connection_mdns(self)); - nm_l3_config_data_set_llmnr(l3cd, _prop_get_connection_llmnr(self)); - nm_l3_config_data_set_dns_over_tls(l3cd, _prop_get_connection_dns_over_tls(self)); - nm_l3_config_data_set_dnssec(l3cd, _prop_get_connection_dnssec(self)); - nm_l3_config_data_set_ip6_privacy(l3cd, _prop_get_ipv6_ip6_privacy(self)); - nm_l3_config_data_set_mptcp_flags(l3cd, _prop_get_connection_mptcp_flags(self)); + nm_l3_config_data_set_mdns(l3cd, _prop_get_connection_mdns(self, connection)); + nm_l3_config_data_set_llmnr(l3cd, _prop_get_connection_llmnr(self, connection)); + nm_l3_config_data_set_dns_over_tls(l3cd, _prop_get_connection_dns_over_tls(self, connection)); + nm_l3_config_data_set_dnssec(l3cd, _prop_get_connection_dnssec(self, connection)); + nm_l3_config_data_set_ip6_privacy(l3cd, _prop_get_ipv6_ip6_privacy(self, connection)); + nm_l3_config_data_set_mptcp_flags(l3cd, _prop_get_connection_mptcp_flags(self, connection)); return l3cd; } @@ -12891,7 +12879,7 @@ _dev_ipac6_start(NMDevice *self) .router_solicitations = router_solicitations, .router_solicitation_interval = router_solicitation_interval, .ra_timeout = ra_timeout, - .ip6_privacy = _prop_get_ipv6_ip6_privacy(self), + .ip6_privacy = _prop_get_ipv6_ip6_privacy(self, connection), }; priv->ipac6_data.ndisc = nm_lndp_ndisc_new(&config); From 306f9c490b2adc4915c57c37bc4b44d7c85038b7 Mon Sep 17 00:00:00 2001 From: Robin Ebert Date: Wed, 3 Sep 2025 15:41:29 +0200 Subject: [PATCH 2/2] vpn: Use nm_device_create_l3_config_data_from_connection if possible Using nm_device_create_l3_config_data_from_connection in favor of nm_l3_config_data_new_from_connection allows the connection properties: connection.mdns, connection.llmnr, connection.dns-over-tls, connection.dnssec, connection.mptcp-flags, and ipv6.ip6-privacy to be read from the vpn's connection settings allowing them to be applied to vpn connections. --- NEWS | 3 +++ src/core/devices/nm-device-private.h | 3 --- src/core/devices/nm-device.h | 3 +++ src/core/vpn/nm-vpn-connection.c | 25 +++++++++++++++++++++---- 4 files changed, 27 insertions(+), 7 deletions(-) diff --git a/NEWS b/NEWS index 0443da7082..b8d5976c10 100644 --- a/NEWS +++ b/NEWS @@ -29,6 +29,9 @@ USE AT YOUR OWN RISK. NOT RECOMMENDED FOR PRODUCTION USE! per-connection via the "connection.dnssec" connection property. * Support configuring the HSR interlink port via the "hsr.interlink" property. +* Fix some connection properties not being applied to vpn connections + (connection.mdns, connection.llmnr, connection.dns-over-tls, + connection.mptcp-flags, ipv6.ip6-privacy) ============================================= NetworkManager-1.54 diff --git a/src/core/devices/nm-device-private.h b/src/core/devices/nm-device-private.h index 2f73a01bac..2b4793eb38 100644 --- a/src/core/devices/nm-device-private.h +++ b/src/core/devices/nm-device-private.h @@ -115,9 +115,6 @@ gboolean nm_device_sysctl_ip_conf_set(NMDevice *self, NML3ConfigData *nm_device_create_l3_config_data(NMDevice *self, NMIPConfigSource source); -NML3ConfigData *nm_device_create_l3_config_data_from_connection(NMDevice *self, - NMConnection *connection); - void nm_device_ip_method_dhcp4_start(NMDevice *self); void nm_device_ip_method_autoconf6_start(NMDevice *self); diff --git a/src/core/devices/nm-device.h b/src/core/devices/nm-device.h index 8632944a2d..2f287953eb 100644 --- a/src/core/devices/nm-device.h +++ b/src/core/devices/nm-device.h @@ -853,4 +853,7 @@ void nm_routing_rules_sync(NMConnection *applied_connection, NMDevice *self, NMNetns *netns); +NML3ConfigData *nm_device_create_l3_config_data_from_connection(NMDevice *self, + NMConnection *connection); + #endif /* __NETWORKMANAGER_DEVICE_H__ */ diff --git a/src/core/vpn/nm-vpn-connection.c b/src/core/vpn/nm-vpn-connection.c index 22364ef9dc..0b36459cf7 100644 --- a/src/core/vpn/nm-vpn-connection.c +++ b/src/core/vpn/nm-vpn-connection.c @@ -26,10 +26,12 @@ #include "nm-active-connection.h" #include "nm-config.h" #include "nm-dbus-manager.h" +#include "devices/nm-device.h" #include "nm-dispatcher.h" #include "nm-firewalld-manager.h" #include "nm-ip-config.h" #include "nm-l3-config-data.h" +#include "nm-manager.h" #include "nm-netns.h" #include "nm-pacrunner-manager.h" #include "nm-vpn-manager.h" @@ -1409,9 +1411,11 @@ _check_complete(NMVpnConnection *self, gboolean success) NMVpnConnectionPrivate *priv = NM_VPN_CONNECTION_GET_PRIVATE(self); nm_auto_unref_l3cd_init NML3ConfigData *l3cd = NULL; NMConnection *connection; + NMDevice *device; NMSettingConnection *s_con; const char *zone; const char *iface; + int ifindex; if (priv->vpn_state < STATE_IP_CONFIG_GET || priv->vpn_state > STATE_ACTIVATED) return; @@ -1437,10 +1441,23 @@ _check_complete(NMVpnConnection *self, gboolean success) } connection = _get_applied_connection(self); - - l3cd = nm_l3_config_data_new_from_connection(nm_netns_get_multi_idx(priv->netns), - nm_vpn_connection_get_ip_ifindex(self, TRUE), - connection); + ifindex = nm_vpn_connection_get_ip_ifindex(self, FALSE); + /* Use nm_device_create_l3_config_data_from_connection here if possible. This ensures that + * connection properties like mdns, llmnr, dns-over-tls or dnssec are applied to vpn connections + * If this vpn connection does not have its own device resort to nm_l3_config_data_new_from_connection + * since we can't properly apply these properties anyway + */ + if (ifindex > 0) { + device = nm_manager_get_device_by_ifindex(NM_MANAGER_GET, ifindex); + nm_assert(device); + l3cd = nm_device_create_l3_config_data_from_connection(device, connection); + } else { + l3cd = nm_l3_config_data_new_from_connection(nm_netns_get_multi_idx(priv->netns), + nm_vpn_connection_get_ip_ifindex(self, TRUE), + connection); + _LOGD("VPN connection does not have its own device. Some connection properties won't be " + "supported."); + } nm_l3_config_data_set_allow_routes_without_address(l3cd, AF_INET, TRUE); nm_l3_config_data_set_allow_routes_without_address(l3cd, AF_INET6, TRUE);