From b84faaefc9516b83c0f3a63224e063795a974ba7 Mon Sep 17 00:00:00 2001 From: Beniamino Galvani Date: Thu, 10 Nov 2022 18:33:49 +0100 Subject: [PATCH 1/2] vpn: remove unused variable --- src/core/vpn/nm-vpn-connection.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/src/core/vpn/nm-vpn-connection.c b/src/core/vpn/nm-vpn-connection.c index b538c4c473..b81e19e27a 100644 --- a/src/core/vpn/nm-vpn-connection.c +++ b/src/core/vpn/nm-vpn-connection.c @@ -110,11 +110,6 @@ typedef struct { /* Whether this address family is enabled. If not, then we won't have a l3cd instance, * but the activation for this address family is still complete. */ bool enabled : 1; - - /* Whether this address family is ready. This means we received the IP configuration. - * Usually this implies we also have a corresponding l3cd, but that might not be the - * case if this address family is disabled. */ - bool conf_ready : 1; } IPData; typedef struct { From c4a7d6a06f3e94c38e1adbf1c22812cac258f940 Mon Sep 17 00:00:00 2001 From: Beniamino Galvani Date: Fri, 11 Nov 2022 09:56:22 +0100 Subject: [PATCH 2/2] vpn: honor the ipvX.method connection property Currently VPNs always apply the configuration sent by the server for both address families. So, even if users set e.g. ipv6.method=disabled, they might end up with IPv6 configured. Change that and apply the automatic configuration only when the method is "auto". This is a change in behavior and as such it might be disruptive for users that had a method different from "auto" and expected to have the interface configured. However, that scenario seems unlikely and can be easily fixed by setting the right method. --- src/core/vpn/nm-vpn-connection.c | 34 +++++++++++++++++++++++++++----- 1 file changed, 29 insertions(+), 5 deletions(-) diff --git a/src/core/vpn/nm-vpn-connection.c b/src/core/vpn/nm-vpn-connection.c index b81e19e27a..297ed1af8d 100644 --- a/src/core/vpn/nm-vpn-connection.c +++ b/src/core/vpn/nm-vpn-connection.c @@ -107,8 +107,14 @@ typedef struct { NMIPAddr gw_internal; NMIPAddr gw_external; - /* Whether this address family is enabled. If not, then we won't have a l3cd instance, - * but the activation for this address family is still complete. */ + /* Whether VPN auto-configuration is enabled in the connection profile for + * this address family. */ + bool method_auto : 1; + + /* Whether VPN auto-configuration is enabled, in the connection profile AND + * in the configuration reported by the VPN. If not, then we won't have a + * l3cd instance, but the activation for this address family is still + * complete. */ bool enabled : 1; } IPData; @@ -1865,9 +1871,16 @@ _dbus_signal_config_cb(NMVpnConnection *self, GVariant *dict) else priv->ip_data_6.enabled = FALSE; - _LOGD("config: reply received (IPv4:%s, IPv6:%s)", + _LOGD("config: reply received (IPv4:%s(%s), IPv6:%s(%s))", priv->ip_data_4.enabled ? "on" : "off", - priv->ip_data_6.enabled ? "on" : "off"); + priv->ip_data_4.method_auto ? "auto" : "disabled", + priv->ip_data_4.enabled ? "on" : "off", + priv->ip_data_6.method_auto ? "auto" : "disabled"); + + if (!priv->ip_data_4.method_auto) + priv->ip_data_4.enabled = FALSE; + if (!priv->ip_data_6.method_auto) + priv->ip_data_6.enabled = FALSE; if (priv->vpn_state == STATE_CONNECT) _set_vpn_state(self, STATE_IP_CONFIG_GET, NM_ACTIVE_CONNECTION_STATE_REASON_NONE, FALSE); @@ -1931,7 +1944,8 @@ _dbus_signal_ip_config_cb(NMVpnConnection *self, int addr_family, GVariant *dict return; } - priv->ip_data_4.enabled = TRUE; + if (priv->ip_data_4.method_auto) + priv->ip_data_4.enabled = TRUE; priv->ip_data_6.enabled = FALSE; } } else { @@ -1948,6 +1962,11 @@ _dbus_signal_ip_config_cb(NMVpnConnection *self, int addr_family, GVariant *dict _set_vpn_state(self, STATE_IP_CONFIG_GET, NM_ACTIVE_CONNECTION_STATE_REASON_NONE, FALSE); } + if (!priv->ip_data_x[IS_IPv4].enabled) { + _check_complete(self, TRUE); + return; + } + ip_ifindex = nm_vpn_connection_get_ip_ifindex(self, TRUE); if (ip_ifindex <= 0) g_return_if_reached(); @@ -2753,6 +2772,11 @@ nm_vpn_connection_activate(NMVpnConnection *self, NMVpnPluginInfo *plugin_info) _LOGI("starting %s", nm_vpn_plugin_info_get_name(plugin_info)); + priv->ip_data_4.method_auto = nm_streq0(nm_utils_get_ip_config_method(connection, AF_INET), + NM_SETTING_IP4_CONFIG_METHOD_AUTO); + priv->ip_data_6.method_auto = nm_streq0(nm_utils_get_ip_config_method(connection, AF_INET6), + NM_SETTING_IP6_CONFIG_METHOD_AUTO); + priv->connection_can_persist = nm_setting_vpn_get_persistent(s_vpn); priv->plugin_info = g_object_ref(plugin_info);