2006-01-03 Robert Love <rml@novell.com>

Patch by Preggna S: * src/NetworkManagerSystem.c, src/vpn-manager/nm-vpn-connection.c: IPsec does not require that a VPN client be bound to an interface, due to the use of the in-kernel IPSec bits. So make the tunnel device optional. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@1258 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2025-12-28 11:00:09 +01:00 · 2006-01-03 20:58:07 +00:00 · 2006-01-03 20:58:07 +00:00 · ebe118b3ff
commit ebe118b3ff
parent c9a7797a60
3 changed files with 66 additions and 55 deletions
--- a/8
+++ b/8
@ -1,3 +1,11 @@
+2006-01-03  Robert Love  <rml@novell.com>
+
+	Patch by Preggna S:
+	* src/NetworkManagerSystem.c, src/vpn-manager/nm-vpn-connection.c:
+	  IPsec does not require that a VPN client be bound to an interface,
+	  due to the use of the in-kernel IPSec bits.  So make the tunnel
+	  device optional.
+
 2006-01-03  Dan Williams  <dcbw@redhat.com>

 	* src/NetworkManagerAP.c
--- a/src/NetworkManagerSystem.c
+++ b/src/NetworkManagerSystem.c
@ -269,71 +269,73 @@ gboolean nm_system_vpn_device_set_from_ip4_config (NMNamedManager *named, NMDevi
 	struct rtnl_addr *	addr = NULL;
 	struct rtnl_link *	request = NULL;

-	g_return_val_if_fail (iface != NULL, FALSE);
 	g_return_val_if_fail (config != NULL, FALSE);

 	/* Set up a route to the VPN gateway through the real network device */
 	if (active_device && (ad_config = nm_device_get_ip4_config (active_device)))
 		nm_system_device_set_ip4_route (active_device, nm_ip4_config_get_gateway (ad_config), nm_ip4_config_get_gateway (config), 0xFFFFFFFF);

-	nm_system_device_set_up_down_with_iface (NULL, iface, TRUE);
-
-	nlh = new_nl_handle ();
-
-	if ((addr = nm_ip4_config_to_rtnl_addr (config, NM_RTNL_ADDR_PTP_DEFAULT)))
+	if (iface != NULL)
 	{
-		int err = 0;
-		iface_to_rtnl_index (iface, nlh, addr);
-		if ((err = rtnl_addr_add (nlh, addr, 0)) < 0)
-			nm_warning ("nm_system_device_set_from_ip4_config(): error %d returned from rtnl_addr_add().\n", err);
-		rtnl_addr_put (addr);
-	}
-	else
-		nm_warning ("nm_system_vpn_device_set_from_ip4_config(): couldn't create rtnl address!\n");
+		nm_system_device_set_up_down_with_iface (NULL, iface, TRUE);

-	/* Set the MTU */
-	if ((request = rtnl_link_alloc ()))
-	{
-		struct rtnl_link * old;
+		nlh = new_nl_handle ();

-		old = iface_to_rtnl_link (iface, nlh);
-		rtnl_link_set_mtu (request, 1412);
-		rtnl_link_change (nlh, old, request, 0);
-
-		rtnl_link_put (old);
-		rtnl_link_put (request);
-	}
-
-	nl_close (nlh);
-	nl_handle_destroy (nlh);
-
-	sleep (1);
-
-	nm_system_device_flush_routes_with_iface (iface);
-	if (num_routes <= 0)
-	{
-		nm_system_delete_default_route ();
-		nm_system_device_add_default_route_via_device_with_iface (iface);
-	}
-	else
-	{
-		int i;
-		for (i = 0; i < num_routes; i++)
+		if ((addr = nm_ip4_config_to_rtnl_addr (config, NM_RTNL_ADDR_PTP_DEFAULT)))
 		{
-			char *valid_ip4_route;
+			int err = 0;
+			iface_to_rtnl_index (iface, nlh, addr);
+			if ((err = rtnl_addr_add (nlh, addr, 0)) < 0)
+				nm_warning ("nm_system_device_set_from_ip4_config(): error %d returned from rtnl_addr_add().\n", err);
+			rtnl_addr_put (addr);
+		}
+		else
+			nm_warning ("nm_system_vpn_device_set_from_ip4_config(): couldn't create rtnl address!\n");

-			/* Make sure the route is valid, otherwise it's a security risk as the route
-			 * text is simply taken from the user, and passed directly to system().  If
-			 * we did not check the route, think of:
-			 *
-			 *     system("/sbin/ip route add `rm -rf /` dev eth0")
-			 *
-			 * where `rm -rf /` was the route text.  As UID 0 (root), we have to be careful.
-			 */
-			if ((valid_ip4_route = validate_ip4_route (routes[i])))
+		/* Set the MTU */
+		if ((request = rtnl_link_alloc ()))
+		{
+			struct rtnl_link * old;
+
+			old = iface_to_rtnl_link (iface, nlh);
+			rtnl_link_set_mtu (request, 1412);
+			rtnl_link_change (nlh, old, request, 0);
+
+			rtnl_link_put (old);
+			rtnl_link_put (request);
+		}
+
+		nl_close (nlh);
+		nl_handle_destroy (nlh);
+
+		sleep (1);
+
+		nm_system_device_flush_routes_with_iface (iface);
+		if (num_routes <= 0)
+		{
+			nm_system_delete_default_route ();
+			nm_system_device_add_default_route_via_device_with_iface (iface);
+		}
+		else
+		{
+			int i;
+			for (i = 0; i < num_routes; i++)
 			{
-				nm_system_device_add_route_via_device_with_iface (iface, valid_ip4_route);
-				g_free (valid_ip4_route);
+				char *valid_ip4_route;
+
+				/* Make sure the route is valid, otherwise it's a security risk as the route
+				 * text is simply taken from the user, and passed directly to system().  If
+				 * we did not check the route, think of:
+				 *
+				 *     system("/sbin/ip route add `rm -rf /` dev eth0")
+				 *
+				 * where `rm -rf /` was the route text.  As UID 0 (root), we have to be careful.
+				 */
+				if ((valid_ip4_route = validate_ip4_route (routes[i])))
+				{
+					nm_system_device_add_route_via_device_with_iface (iface, valid_ip4_route);
+					g_free (valid_ip4_route);
+				}
 			}
 		}
 	}
--- a/src/vpn-manager/nm-vpn-connection.c
+++ b/src/vpn-manager/nm-vpn-connection.c
@ -124,11 +124,12 @@ gboolean nm_vpn_connection_set_config (NMVPNConnection *connection, const char *
 	char **	routes;

 	g_return_val_if_fail (connection != NULL, FALSE);
-	g_return_val_if_fail (vpn_iface != NULL, FALSE);
 	g_return_val_if_fail (dev != NULL, FALSE);
 	g_return_val_if_fail (ip4_config != NULL, FALSE);

-	nm_vpn_connection_set_vpn_iface (connection, vpn_iface);
+	/* IPsec VPNs will not have tunnel device */
+	if (vpn_iface != NULL)
+		nm_vpn_connection_set_vpn_iface (connection, vpn_iface);
 	nm_vpn_connection_set_parent_device (connection, dev);
 	nm_vpn_connection_set_ip4_config (connection, ip4_config);