From eb96ffda5d870451e9d5814901f9f73dd0a51589 Mon Sep 17 00:00:00 2001 From: Dan Williams Date: Fri, 28 Aug 2009 10:35:38 -0500 Subject: [PATCH] vpn: ignore VPN-provided gateway host route (bgo #583323) Since NM adds the gateway host route in the manner that's correct for the current routing situation, we don't really want random gateway host routes from the VPN server getting added instead. --- src/vpn-manager/nm-vpn-connection.c | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/src/vpn-manager/nm-vpn-connection.c b/src/vpn-manager/nm-vpn-connection.c index a4521e0e13..3ae30940b1 100644 --- a/src/vpn-manager/nm-vpn-connection.c +++ b/src/vpn-manager/nm-vpn-connection.c @@ -396,6 +396,7 @@ nm_vpn_connection_ip4_config_get (DBusGProxy *proxy, NMIP4Config *config; GValue *val; int i; + guint32 vpn_ext_gw = 0; nm_info ("VPN connection '%s' (IP Config Get) reply received.", nm_vpn_connection_get_name (connection)); @@ -423,8 +424,10 @@ nm_vpn_connection_ip4_config_get (DBusGProxy *proxy, /* External world-visible address of the VPN server */ val = (GValue *) g_hash_table_lookup (config_hash, NM_VPN_PLUGIN_IP4_CONFIG_EXT_GATEWAY); - if (val) + if (val) { nm_ip4_address_set_gateway (addr, g_value_get_uint (val)); + vpn_ext_gw = g_value_get_uint (val); + } val = (GValue *) g_hash_table_lookup (config_hash, NM_VPN_PLUGIN_IP4_CONFIG_ADDRESS); if (val) @@ -487,8 +490,22 @@ nm_vpn_connection_ip4_config_get (DBusGProxy *proxy, GSList *iter; routes = nm_utils_ip4_routes_from_gvalue (val); - for (iter = routes; iter; iter = iter->next) - nm_ip4_config_take_route (config, (NMIP4Route *) iter->data); + for (iter = routes; iter; iter = iter->next) { + NMIP4Route *route = iter->data; + + /* Ignore host routes to the VPN gateway since NM adds one itself + * below. Since NM knows more about the routing situation than + * the VPN server, we want to use the NM created route instead of + * whatever the server provides. + */ + if ( vpn_ext_gw + && nm_ip4_route_get_dest (route) == vpn_ext_gw + && nm_ip4_route_get_prefix (route) == 32) + continue; + + /* Otherwise accept the VPN-provided route */ + nm_ip4_config_take_route (config, route); + } g_slist_free (routes); }