From ebe118b3fff38f62b0a730a191cd771a3cfdab9b Mon Sep 17 00:00:00 2001 From: Robert Love Date: Tue, 3 Jan 2006 20:58:07 +0000 Subject: [PATCH] 2006-01-03 Robert Love Patch by Preggna S: * src/NetworkManagerSystem.c, src/vpn-manager/nm-vpn-connection.c: IPsec does not require that a VPN client be bound to an interface, due to the use of the in-kernel IPSec bits. So make the tunnel device optional. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@1258 4912f4e0-d625-0410-9fb7-b9a5a253dbdc --- ChangeLog | 8 +++ src/NetworkManagerSystem.c | 108 ++++++++++++++-------------- src/vpn-manager/nm-vpn-connection.c | 5 +- 3 files changed, 66 insertions(+), 55 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4590d37b99..fc89ade67c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2006-01-03 Robert Love + + Patch by Preggna S: + * src/NetworkManagerSystem.c, src/vpn-manager/nm-vpn-connection.c: + IPsec does not require that a VPN client be bound to an interface, + due to the use of the in-kernel IPSec bits. So make the tunnel + device optional. + 2006-01-03 Dan Williams * src/NetworkManagerAP.c diff --git a/src/NetworkManagerSystem.c b/src/NetworkManagerSystem.c index f32f5868e4..057a5349ad 100644 --- a/src/NetworkManagerSystem.c +++ b/src/NetworkManagerSystem.c @@ -269,71 +269,73 @@ gboolean nm_system_vpn_device_set_from_ip4_config (NMNamedManager *named, NMDevi struct rtnl_addr * addr = NULL; struct rtnl_link * request = NULL; - g_return_val_if_fail (iface != NULL, FALSE); g_return_val_if_fail (config != NULL, FALSE); /* Set up a route to the VPN gateway through the real network device */ if (active_device && (ad_config = nm_device_get_ip4_config (active_device))) nm_system_device_set_ip4_route (active_device, nm_ip4_config_get_gateway (ad_config), nm_ip4_config_get_gateway (config), 0xFFFFFFFF); - nm_system_device_set_up_down_with_iface (NULL, iface, TRUE); - - nlh = new_nl_handle (); - - if ((addr = nm_ip4_config_to_rtnl_addr (config, NM_RTNL_ADDR_PTP_DEFAULT))) + if (iface != NULL) { - int err = 0; - iface_to_rtnl_index (iface, nlh, addr); - if ((err = rtnl_addr_add (nlh, addr, 0)) < 0) - nm_warning ("nm_system_device_set_from_ip4_config(): error %d returned from rtnl_addr_add().\n", err); - rtnl_addr_put (addr); - } - else - nm_warning ("nm_system_vpn_device_set_from_ip4_config(): couldn't create rtnl address!\n"); + nm_system_device_set_up_down_with_iface (NULL, iface, TRUE); - /* Set the MTU */ - if ((request = rtnl_link_alloc ())) - { - struct rtnl_link * old; + nlh = new_nl_handle (); - old = iface_to_rtnl_link (iface, nlh); - rtnl_link_set_mtu (request, 1412); - rtnl_link_change (nlh, old, request, 0); - - rtnl_link_put (old); - rtnl_link_put (request); - } - - nl_close (nlh); - nl_handle_destroy (nlh); - - sleep (1); - - nm_system_device_flush_routes_with_iface (iface); - if (num_routes <= 0) - { - nm_system_delete_default_route (); - nm_system_device_add_default_route_via_device_with_iface (iface); - } - else - { - int i; - for (i = 0; i < num_routes; i++) + if ((addr = nm_ip4_config_to_rtnl_addr (config, NM_RTNL_ADDR_PTP_DEFAULT))) { - char *valid_ip4_route; + int err = 0; + iface_to_rtnl_index (iface, nlh, addr); + if ((err = rtnl_addr_add (nlh, addr, 0)) < 0) + nm_warning ("nm_system_device_set_from_ip4_config(): error %d returned from rtnl_addr_add().\n", err); + rtnl_addr_put (addr); + } + else + nm_warning ("nm_system_vpn_device_set_from_ip4_config(): couldn't create rtnl address!\n"); - /* Make sure the route is valid, otherwise it's a security risk as the route - * text is simply taken from the user, and passed directly to system(). If - * we did not check the route, think of: - * - * system("/sbin/ip route add `rm -rf /` dev eth0") - * - * where `rm -rf /` was the route text. As UID 0 (root), we have to be careful. - */ - if ((valid_ip4_route = validate_ip4_route (routes[i]))) + /* Set the MTU */ + if ((request = rtnl_link_alloc ())) + { + struct rtnl_link * old; + + old = iface_to_rtnl_link (iface, nlh); + rtnl_link_set_mtu (request, 1412); + rtnl_link_change (nlh, old, request, 0); + + rtnl_link_put (old); + rtnl_link_put (request); + } + + nl_close (nlh); + nl_handle_destroy (nlh); + + sleep (1); + + nm_system_device_flush_routes_with_iface (iface); + if (num_routes <= 0) + { + nm_system_delete_default_route (); + nm_system_device_add_default_route_via_device_with_iface (iface); + } + else + { + int i; + for (i = 0; i < num_routes; i++) { - nm_system_device_add_route_via_device_with_iface (iface, valid_ip4_route); - g_free (valid_ip4_route); + char *valid_ip4_route; + + /* Make sure the route is valid, otherwise it's a security risk as the route + * text is simply taken from the user, and passed directly to system(). If + * we did not check the route, think of: + * + * system("/sbin/ip route add `rm -rf /` dev eth0") + * + * where `rm -rf /` was the route text. As UID 0 (root), we have to be careful. + */ + if ((valid_ip4_route = validate_ip4_route (routes[i]))) + { + nm_system_device_add_route_via_device_with_iface (iface, valid_ip4_route); + g_free (valid_ip4_route); + } } } } diff --git a/src/vpn-manager/nm-vpn-connection.c b/src/vpn-manager/nm-vpn-connection.c index 3311246fd2..93a081bbf1 100644 --- a/src/vpn-manager/nm-vpn-connection.c +++ b/src/vpn-manager/nm-vpn-connection.c @@ -124,11 +124,12 @@ gboolean nm_vpn_connection_set_config (NMVPNConnection *connection, const char * char ** routes; g_return_val_if_fail (connection != NULL, FALSE); - g_return_val_if_fail (vpn_iface != NULL, FALSE); g_return_val_if_fail (dev != NULL, FALSE); g_return_val_if_fail (ip4_config != NULL, FALSE); - nm_vpn_connection_set_vpn_iface (connection, vpn_iface); + /* IPsec VPNs will not have tunnel device */ + if (vpn_iface != NULL) + nm_vpn_connection_set_vpn_iface (connection, vpn_iface); nm_vpn_connection_set_parent_device (connection, dev); nm_vpn_connection_set_ip4_config (connection, ip4_config);