fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-05-05 23:58:24 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

policy: set default routes for VPN via NMDefaultRouteManager

Browse source 
Signed-off-by: Thomas Haller <thaller@redhat.com>
This commit is contained in:
Thomas Haller 2014-11-04 15:05:24 +01:00
parent ff40ccf899
commit eb61cdc6c5
3 changed files with 17 additions and 93 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
src/nm-default-route-manager.c
View file

@ -523,10 +523,6 @@ _ipx_update_default_route (const VTableIP *vtable, NMDefaultRouteManager *self,
} }
} }
} }
/* FIXME: for now, only track the default route for VPN.
* Enable actual configuration of the route later. */
never_default = TRUE;
} }
} }
g_assert (!default_route || default_route->plen == 0); g_assert (!default_route || default_route->plen == 0);
@ -790,7 +786,6 @@ _ipx_get_best_config (const VTableIP *vtable,
gboolean ignore_never_default, gboolean ignore_never_default,
NMDevice *preferred_device, NMDevice *preferred_device,
const char **out_ip_iface, const char **out_ip_iface,
int *out_ip_ifindex,
NMActiveConnection **out_ac, NMActiveConnection **out_ac,
NMDevice **out_device, NMDevice **out_device,
NMVpnConnection **out_vpn) NMVpnConnection **out_vpn)
@ -803,6 +798,15 @@ _ipx_get_best_config (const VTableIP *vtable,
g_return_val_if_fail (NM_IS_DEFAULT_ROUTE_MANAGER (self), NULL); g_return_val_if_fail (NM_IS_DEFAULT_ROUTE_MANAGER (self), NULL);
if (out_ip_iface)
*out_ip_iface = NULL;
if (out_ac)
*out_ac = NULL;
if (out_device)
*out_device = NULL;
if (out_vpn)
*out_vpn = NULL;
priv = NM_DEFAULT_ROUTE_MANAGER_GET_PRIVATE (self); priv = NM_DEFAULT_ROUTE_MANAGER_GET_PRIVATE (self);
/* If a VPN connection is active, it is preferred */ /* If a VPN connection is active, it is preferred */
@ -855,8 +859,6 @@ _ipx_get_best_config (const VTableIP *vtable,
*out_ac = active; *out_ac = active;
if (out_ip_iface) if (out_ip_iface)
*out_ip_iface = nm_vpn_connection_get_ip_iface (candidate); *out_ip_iface = nm_vpn_connection_get_ip_iface (candidate);
if (out_ip_ifindex)
*out_ip_ifindex = nm_vpn_connection_get_ip_ifindex (candidate);
break; break;
} }
@ -878,8 +880,6 @@ _ipx_get_best_config (const VTableIP *vtable,
*out_ac = NM_ACTIVE_CONNECTION (req); *out_ac = NM_ACTIVE_CONNECTION (req);
if (out_ip_iface) if (out_ip_iface)
*out_ip_iface = nm_device_get_ip_iface (device); *out_ip_iface = nm_device_get_ip_iface (device);
if (out_ip_ifindex)
*out_ip_ifindex = nm_device_get_ip_ifindex (device);
} }
} }
@ -892,7 +892,6 @@ nm_default_route_manager_ip4_get_best_config (NMDefaultRouteManager *self,
gboolean ignore_never_default, gboolean ignore_never_default,
NMDevice *preferred_device, NMDevice *preferred_device,
const char **out_ip_iface, const char **out_ip_iface,
int *out_ip_ifindex,
NMActiveConnection **out_ac, NMActiveConnection **out_ac,
NMDevice **out_device, NMDevice **out_device,
NMVpnConnection **out_vpn) NMVpnConnection **out_vpn)
@ -903,7 +902,6 @@ nm_default_route_manager_ip4_get_best_config (NMDefaultRouteManager *self,
ignore_never_default, ignore_never_default,
preferred_device, preferred_device,
out_ip_iface, out_ip_iface,
out_ip_ifindex,
out_ac, out_ac,
out_device, out_device,
out_vpn); out_vpn);
@ -915,7 +913,6 @@ nm_default_route_manager_ip6_get_best_config (NMDefaultRouteManager *self,
gboolean ignore_never_default, gboolean ignore_never_default,
NMDevice *preferred_device, NMDevice *preferred_device,
const char **out_ip_iface, const char **out_ip_iface,
int *out_ip_ifindex,
NMActiveConnection **out_ac, NMActiveConnection **out_ac,
NMDevice **out_device, NMDevice **out_device,
NMVpnConnection **out_vpn) NMVpnConnection **out_vpn)
@ -926,7 +923,6 @@ nm_default_route_manager_ip6_get_best_config (NMDefaultRouteManager *self,
ignore_never_default, ignore_never_default,
preferred_device, preferred_device,
out_ip_iface, out_ip_iface,
out_ip_ifindex,
out_ac, out_ac,
out_device, out_device,
out_vpn); out_vpn);

2
src/nm-default-route-manager.h
View file

@ -65,7 +65,6 @@ NMIP4Config *nm_default_route_manager_ip4_get_best_config (NMDefaultRouteManager
gboolean ignore_never_default, gboolean ignore_never_default,
NMDevice *preferred_device, NMDevice *preferred_device,
const char **out_ip_iface, const char **out_ip_iface,
int *out_ip_ifindex,
NMActiveConnection **out_ac, NMActiveConnection **out_ac,
NMDevice **out_device, NMDevice **out_device,
NMVpnConnection **out_vpn); NMVpnConnection **out_vpn);
@ -74,7 +73,6 @@ NMIP6Config *nm_default_route_manager_ip6_get_best_config (NMDefaultRouteManager
gboolean ignore_never_default, gboolean ignore_never_default,
NMDevice *preferred_device, NMDevice *preferred_device,
const char **out_ip_iface, const char **out_ip_iface,
int *out_ip_ifindex,
NMActiveConnection **out_ac, NMActiveConnection **out_ac,
NMDevice **out_device, NMDevice **out_device,
NMVpnConnection **out_vpn); NMVpnConnection **out_vpn);

86
src/nm-policy.c
View file

@ -382,7 +382,6 @@ static NMIP4Config *
get_best_ip4_config (NMPolicy *self, get_best_ip4_config (NMPolicy *self,
gboolean ignore_never_default, gboolean ignore_never_default,
const char **out_ip_iface, const char **out_ip_iface,
int *out_ip_ifindex,
NMActiveConnection **out_ac, NMActiveConnection **out_ac,
NMDevice **out_device, NMDevice **out_device,
NMVpnConnection **out_vpn) NMVpnConnection **out_vpn)
@ -394,7 +393,6 @@ get_best_ip4_config (NMPolicy *self,
ignore_never_default, ignore_never_default,
priv->default_device4, priv->default_device4,
out_ip_iface, out_ip_iface,
out_ip_ifindex,
out_ac, out_ac,
out_device, out_device,
out_vpn); out_vpn);
@ -408,7 +406,7 @@ update_ip4_dns (NMPolicy *policy, NMDnsManager *dns_mgr)
NMVpnConnection *vpn = NULL; NMVpnConnection *vpn = NULL;
NMDnsIPConfigType dns_type = NM_DNS_IP_CONFIG_TYPE_BEST_DEVICE; NMDnsIPConfigType dns_type = NM_DNS_IP_CONFIG_TYPE_BEST_DEVICE;
ip4_config = get_best_ip4_config (policy, TRUE, &ip_iface, NULL, NULL, NULL, &vpn); ip4_config = get_best_ip4_config (policy, TRUE, &ip_iface, NULL, NULL, &vpn);
if (ip4_config) { if (ip4_config) {
if (vpn) if (vpn)
dns_type = NM_DNS_IP_CONFIG_TYPE_VPN; dns_type = NM_DNS_IP_CONFIG_TYPE_VPN;
@ -428,16 +426,12 @@ update_ip4_routing (NMPolicy *policy, gboolean force_update)
NMConnection *connection = NULL; NMConnection *connection = NULL;
NMVpnConnection *vpn = NULL; NMVpnConnection *vpn = NULL;
NMActiveConnection *best_ac = NULL; NMActiveConnection *best_ac = NULL;
NMIP4Config *ip4_config = NULL;
const char *ip_iface = NULL; const char *ip_iface = NULL;
int ip_ifindex = -1;
guint32 gw_addr = 0;
/* Note that we might have an IPv4 VPN tunneled over an IPv6-only device, /* Note that we might have an IPv4 VPN tunneled over an IPv6-only device,
* so we can get (vpn != NULL && best == NULL). * so we can get (vpn != NULL && best == NULL).
*/ */
ip4_config = get_best_ip4_config (policy, FALSE, &ip_iface, &ip_ifindex, &best_ac, &best, &vpn); if (!get_best_ip4_config (policy, FALSE, &ip_iface, &best_ac, &best, &vpn)) {
if (!ip4_config) {
gboolean changed; gboolean changed;
changed = (priv->default_device4 != NULL); changed = (priv->default_device4 != NULL);
@ -452,8 +446,6 @@ update_ip4_routing (NMPolicy *policy, gboolean force_update)
if (!force_update && best && (best == priv->default_device4)) if (!force_update && best && (best == priv->default_device4))
return; return;
gw_addr = nm_ip4_config_get_gateway (ip4_config);
if (best) { if (best) {
const GSList *connections, *iter; const GSList *connections, *iter;
@ -468,32 +460,9 @@ update_ip4_routing (NMPolicy *policy, gboolean force_update)
} }
} }
if (vpn) { if (vpn)
in_addr_t int_gw = nm_vpn_connection_get_ip4_internal_gateway (vpn);
int mss = nm_ip4_config_get_mss (ip4_config);
guint32 route_metric = nm_vpn_connection_get_ip4_route_metric (vpn);
/* If no VPN interface, use the parent interface */
if (ip_ifindex <= 0)
ip_ifindex = nm_device_get_ip_ifindex (nm_active_connection_get_device (NM_ACTIVE_CONNECTION (vpn)));
if (!nm_platform_ip4_route_add (ip_ifindex, NM_IP_CONFIG_SOURCE_VPN,
0, 0, int_gw,
route_metric, mss)) {
if (int_gw) {
(void) nm_platform_ip4_route_add (ip_ifindex, NM_IP_CONFIG_SOURCE_VPN,
int_gw, 32, 0,
route_metric, mss);
if (!nm_platform_ip4_route_add (ip_ifindex, NM_IP_CONFIG_SOURCE_VPN,
0, 0, int_gw,
route_metric, mss))
nm_log_err (LOGD_IP4 | LOGD_VPN, "Failed to set IPv4 default route via VPN.");
} else
nm_log_err (LOGD_IP4 | LOGD_VPN, "Failed to set IPv4 default route via VPN.");
}
default_device = nm_active_connection_get_device (NM_ACTIVE_CONNECTION (vpn)); default_device = nm_active_connection_get_device (NM_ACTIVE_CONNECTION (vpn));
} else else
default_device = best; default_device = best;
update_default_ac (policy, best_ac, nm_active_connection_set_default); update_default_ac (policy, best_ac, nm_active_connection_set_default);
@ -512,7 +481,6 @@ static NMIP6Config *
get_best_ip6_config (NMPolicy *self, get_best_ip6_config (NMPolicy *self,
gboolean ignore_never_default, gboolean ignore_never_default,
const char **out_ip_iface, const char **out_ip_iface,
int *out_ip_ifindex,
NMActiveConnection **out_ac, NMActiveConnection **out_ac,
NMDevice **out_device, NMDevice **out_device,
NMVpnConnection **out_vpn) NMVpnConnection **out_vpn)
@ -524,7 +492,6 @@ get_best_ip6_config (NMPolicy *self,
ignore_never_default, ignore_never_default,
priv->default_device6, priv->default_device6,
out_ip_iface, out_ip_iface,
out_ip_ifindex,
out_ac, out_ac,
out_device, out_device,
out_vpn); out_vpn);
@ -538,7 +505,7 @@ update_ip6_dns (NMPolicy *policy, NMDnsManager *dns_mgr)
NMVpnConnection *vpn = NULL; NMVpnConnection *vpn = NULL;
NMDnsIPConfigType dns_type = NM_DNS_IP_CONFIG_TYPE_BEST_DEVICE; NMDnsIPConfigType dns_type = NM_DNS_IP_CONFIG_TYPE_BEST_DEVICE;
ip6_config = get_best_ip6_config (policy, TRUE, &ip_iface, NULL, NULL, NULL, &vpn); ip6_config = get_best_ip6_config (policy, TRUE, &ip_iface, NULL, NULL, &vpn);
if (ip6_config) { if (ip6_config) {
if (vpn) if (vpn)
dns_type = NM_DNS_IP_CONFIG_TYPE_VPN; dns_type = NM_DNS_IP_CONFIG_TYPE_VPN;
@ -558,16 +525,12 @@ update_ip6_routing (NMPolicy *policy, gboolean force_update)
NMConnection *connection = NULL; NMConnection *connection = NULL;
NMVpnConnection *vpn = NULL; NMVpnConnection *vpn = NULL;
NMActiveConnection *best_ac = NULL; NMActiveConnection *best_ac = NULL;
NMIP6Config *ip6_config = NULL;
const char *ip_iface = NULL; const char *ip_iface = NULL;
int ip_ifindex = -1;
const struct in6_addr *gw_addr;
/* Note that we might have an IPv6 VPN tunneled over an IPv4-only device, /* Note that we might have an IPv6 VPN tunneled over an IPv4-only device,
* so we can get (vpn != NULL && best == NULL). * so we can get (vpn != NULL && best == NULL).
*/ */
ip6_config = get_best_ip6_config (policy, FALSE, &ip_iface, &ip_ifindex, &best_ac, &best, &vpn); if (!get_best_ip6_config (policy, FALSE, &ip_iface, &best_ac, &best, &vpn)) {
if (!ip6_config) {
gboolean changed; gboolean changed;
changed = (priv->default_device6 != NULL); changed = (priv->default_device6 != NULL);
@ -582,13 +545,6 @@ update_ip6_routing (NMPolicy *policy, gboolean force_update)
if (!force_update && best && (best == priv->default_device6)) if (!force_update && best && (best == priv->default_device6))
return; return;
/* If no better gateway is found, use ::; not all configurations will
* have a gateway, especially WWAN/Point-to-Point connections.
*/
gw_addr = nm_ip6_config_get_gateway (ip6_config);
if (!gw_addr)
gw_addr = &in6addr_any;
if (best) { if (best) {
const GSList *connections, *iter; const GSList *connections, *iter;
@ -603,35 +559,9 @@ update_ip6_routing (NMPolicy *policy, gboolean force_update)
} }
} }
if (vpn) { if (vpn)
const struct in6_addr *int_gw = nm_vpn_connection_get_ip6_internal_gateway (vpn);
int mss = nm_ip6_config_get_mss (ip6_config);
guint32 route_metric = nm_vpn_connection_get_ip6_route_metric (vpn);
if (!int_gw)
int_gw = &in6addr_any;
/* If no VPN interface, use the parent interface */
if (ip_ifindex <= 0)
ip_ifindex = nm_device_get_ip_ifindex (nm_active_connection_get_device (NM_ACTIVE_CONNECTION (vpn)));
if (!nm_platform_ip6_route_add (ip_ifindex, NM_IP_CONFIG_SOURCE_VPN,
in6addr_any, 0, *int_gw,
route_metric, mss)) {
if (!IN6_IS_ADDR_UNSPECIFIED (int_gw)) {
(void) nm_platform_ip6_route_add (ip_ifindex, NM_IP_CONFIG_SOURCE_VPN,
*int_gw, 128, in6addr_any,
route_metric, mss);
if (!nm_platform_ip6_route_add (ip_ifindex, NM_IP_CONFIG_SOURCE_VPN,
in6addr_any, 0, *int_gw,
route_metric, mss))
nm_log_err (LOGD_IP6 | LOGD_VPN, "Failed to set IPv6 default route via VPN.");
} else
nm_log_err (LOGD_IP6 | LOGD_VPN, "Failed to set IPv6 default route via VPN.");
}
default_device6 = nm_active_connection_get_device (NM_ACTIVE_CONNECTION (vpn)); default_device6 = nm_active_connection_get_device (NM_ACTIVE_CONNECTION (vpn));
} else else
default_device6 = best; default_device6 = best;
update_default_ac (policy, best_ac, nm_active_connection_set_default6); update_default_ac (policy, best_ac, nm_active_connection_set_default6);