diff options
author | Thomas Haller <thaller@redhat.com> | 2014-11-04 15:05:24 +0100 |
---|---|---|
committer | Thomas Haller <thaller@redhat.com> | 2014-11-06 00:36:31 +0100 |
commit | 3d3df2bfd22c137952ed924bbbe09f8ed79ce33b (patch) | |
tree | cddf219a78de18fc9c29056bd106d8ab76c31cf0 | |
parent | 769eece353ed11c643cbd888b962a7fdae218b96 (diff) | |
download | NetworkManager-3d3df2bfd22c137952ed924bbbe09f8ed79ce33b.tar.gz |
policy: set default routes for VPN via NMDefaultRouteManager
Signed-off-by: Thomas Haller <thaller@redhat.com>
-rw-r--r-- | src/nm-default-route-manager.c | 22 | ||||
-rw-r--r-- | src/nm-default-route-manager.h | 2 | ||||
-rw-r--r-- | src/nm-policy.c | 86 |
3 files changed, 17 insertions, 93 deletions
diff --git a/src/nm-default-route-manager.c b/src/nm-default-route-manager.c index 251421df02..cb4a6c40f6 100644 --- a/src/nm-default-route-manager.c +++ b/src/nm-default-route-manager.c @@ -623,10 +623,6 @@ _ipx_update_default_route (const VTableIP *vtable, NMDefaultRouteManager *self, } } } - - /* FIXME: for now, only track the default route for VPN. - * Enable actual configuration of the route later. */ - never_default = TRUE; } } g_assert (!default_route || default_route->plen == 0); @@ -895,7 +891,6 @@ _ipx_get_best_config (const VTableIP *vtable, gboolean ignore_never_default, NMDevice *preferred_device, const char **out_ip_iface, - int *out_ip_ifindex, NMActiveConnection **out_ac, NMDevice **out_device, NMVpnConnection **out_vpn) @@ -908,6 +903,15 @@ _ipx_get_best_config (const VTableIP *vtable, g_return_val_if_fail (NM_IS_DEFAULT_ROUTE_MANAGER (self), NULL); + if (out_ip_iface) + *out_ip_iface = NULL; + if (out_ac) + *out_ac = NULL; + if (out_device) + *out_device = NULL; + if (out_vpn) + *out_vpn = NULL; + priv = NM_DEFAULT_ROUTE_MANAGER_GET_PRIVATE (self); /* If a VPN connection is active, it is preferred */ @@ -978,8 +982,6 @@ _ipx_get_best_config (const VTableIP *vtable, *out_ac = active; if (out_ip_iface) *out_ip_iface = nm_vpn_connection_get_ip_iface (candidate); - if (out_ip_ifindex) - *out_ip_ifindex = nm_vpn_connection_get_ip_ifindex (candidate); break; } @@ -1001,8 +1003,6 @@ _ipx_get_best_config (const VTableIP *vtable, *out_ac = NM_ACTIVE_CONNECTION (req); if (out_ip_iface) *out_ip_iface = nm_device_get_ip_iface (device); - if (out_ip_ifindex) - *out_ip_ifindex = nm_device_get_ip_ifindex (device); } } @@ -1015,7 +1015,6 @@ nm_default_route_manager_ip4_get_best_config (NMDefaultRouteManager *self, gboolean ignore_never_default, NMDevice *preferred_device, const char **out_ip_iface, - int *out_ip_ifindex, NMActiveConnection **out_ac, NMDevice **out_device, NMVpnConnection **out_vpn) @@ -1026,7 +1025,6 @@ nm_default_route_manager_ip4_get_best_config (NMDefaultRouteManager *self, ignore_never_default, preferred_device, out_ip_iface, - out_ip_ifindex, out_ac, out_device, out_vpn); @@ -1038,7 +1036,6 @@ nm_default_route_manager_ip6_get_best_config (NMDefaultRouteManager *self, gboolean ignore_never_default, NMDevice *preferred_device, const char **out_ip_iface, - int *out_ip_ifindex, NMActiveConnection **out_ac, NMDevice **out_device, NMVpnConnection **out_vpn) @@ -1049,7 +1046,6 @@ nm_default_route_manager_ip6_get_best_config (NMDefaultRouteManager *self, ignore_never_default, preferred_device, out_ip_iface, - out_ip_ifindex, out_ac, out_device, out_vpn); diff --git a/src/nm-default-route-manager.h b/src/nm-default-route-manager.h index 6321fe64a6..1059630635 100644 --- a/src/nm-default-route-manager.h +++ b/src/nm-default-route-manager.h @@ -67,7 +67,6 @@ NMIP4Config *nm_default_route_manager_ip4_get_best_config (NMDefaultRouteManager gboolean ignore_never_default, NMDevice *preferred_device, const char **out_ip_iface, - int *out_ip_ifindex, NMActiveConnection **out_ac, NMDevice **out_device, NMVpnConnection **out_vpn); @@ -76,7 +75,6 @@ NMIP6Config *nm_default_route_manager_ip6_get_best_config (NMDefaultRouteManager gboolean ignore_never_default, NMDevice *preferred_device, const char **out_ip_iface, - int *out_ip_ifindex, NMActiveConnection **out_ac, NMDevice **out_device, NMVpnConnection **out_vpn); diff --git a/src/nm-policy.c b/src/nm-policy.c index 0794477e53..fbda0bf794 100644 --- a/src/nm-policy.c +++ b/src/nm-policy.c @@ -382,7 +382,6 @@ static NMIP4Config * get_best_ip4_config (NMPolicy *self, gboolean ignore_never_default, const char **out_ip_iface, - int *out_ip_ifindex, NMActiveConnection **out_ac, NMDevice **out_device, NMVpnConnection **out_vpn) @@ -394,7 +393,6 @@ get_best_ip4_config (NMPolicy *self, ignore_never_default, priv->default_device4, out_ip_iface, - out_ip_ifindex, out_ac, out_device, out_vpn); @@ -408,7 +406,7 @@ update_ip4_dns (NMPolicy *policy, NMDnsManager *dns_mgr) NMVpnConnection *vpn = NULL; NMDnsIPConfigType dns_type = NM_DNS_IP_CONFIG_TYPE_BEST_DEVICE; - ip4_config = get_best_ip4_config (policy, TRUE, &ip_iface, NULL, NULL, NULL, &vpn); + ip4_config = get_best_ip4_config (policy, TRUE, &ip_iface, NULL, NULL, &vpn); if (ip4_config) { if (vpn) dns_type = NM_DNS_IP_CONFIG_TYPE_VPN; @@ -428,16 +426,12 @@ update_ip4_routing (NMPolicy *policy, gboolean force_update) NMConnection *connection = NULL; NMVpnConnection *vpn = NULL; NMActiveConnection *best_ac = NULL; - NMIP4Config *ip4_config = NULL; const char *ip_iface = NULL; - int ip_ifindex = -1; - guint32 gw_addr = 0; /* Note that we might have an IPv4 VPN tunneled over an IPv6-only device, * so we can get (vpn != NULL && best == NULL). */ - ip4_config = get_best_ip4_config (policy, FALSE, &ip_iface, &ip_ifindex, &best_ac, &best, &vpn); - if (!ip4_config) { + if (!get_best_ip4_config (policy, FALSE, &ip_iface, &best_ac, &best, &vpn)) { gboolean changed; changed = (priv->default_device4 != NULL); @@ -452,34 +446,9 @@ update_ip4_routing (NMPolicy *policy, gboolean force_update) if (!force_update && best && (best == priv->default_device4)) return; - gw_addr = nm_ip4_config_get_gateway (ip4_config); - - if (vpn) { - in_addr_t int_gw = nm_vpn_connection_get_ip4_internal_gateway (vpn); - int mss = nm_ip4_config_get_mss (ip4_config); - guint32 route_metric = nm_vpn_connection_get_ip4_route_metric (vpn); - - /* If no VPN interface, use the parent interface */ - if (ip_ifindex <= 0) - ip_ifindex = nm_device_get_ip_ifindex (nm_active_connection_get_device (NM_ACTIVE_CONNECTION (vpn))); - - if (!nm_platform_ip4_route_add (ip_ifindex, NM_IP_CONFIG_SOURCE_VPN, - 0, 0, int_gw, - route_metric, mss)) { - if (int_gw) { - (void) nm_platform_ip4_route_add (ip_ifindex, NM_IP_CONFIG_SOURCE_VPN, - int_gw, 32, 0, - route_metric, mss); - if (!nm_platform_ip4_route_add (ip_ifindex, NM_IP_CONFIG_SOURCE_VPN, - 0, 0, int_gw, - route_metric, mss)) - nm_log_err (LOGD_IP4 | LOGD_VPN, "Failed to set IPv4 default route via VPN."); - } else - nm_log_err (LOGD_IP4 | LOGD_VPN, "Failed to set IPv4 default route via VPN."); - } - + if (vpn) default_device = nm_active_connection_get_device (NM_ACTIVE_CONNECTION (vpn)); - } else + else default_device = best; update_default_ac (policy, best_ac, nm_active_connection_set_default); @@ -498,7 +467,6 @@ static NMIP6Config * get_best_ip6_config (NMPolicy *self, gboolean ignore_never_default, const char **out_ip_iface, - int *out_ip_ifindex, NMActiveConnection **out_ac, NMDevice **out_device, NMVpnConnection **out_vpn) @@ -510,7 +478,6 @@ get_best_ip6_config (NMPolicy *self, ignore_never_default, priv->default_device6, out_ip_iface, - out_ip_ifindex, out_ac, out_device, out_vpn); @@ -524,7 +491,7 @@ update_ip6_dns (NMPolicy *policy, NMDnsManager *dns_mgr) NMVpnConnection *vpn = NULL; NMDnsIPConfigType dns_type = NM_DNS_IP_CONFIG_TYPE_BEST_DEVICE; - ip6_config = get_best_ip6_config (policy, TRUE, &ip_iface, NULL, NULL, NULL, &vpn); + ip6_config = get_best_ip6_config (policy, TRUE, &ip_iface, NULL, NULL, &vpn); if (ip6_config) { if (vpn) dns_type = NM_DNS_IP_CONFIG_TYPE_VPN; @@ -544,16 +511,12 @@ update_ip6_routing (NMPolicy *policy, gboolean force_update) NMConnection *connection = NULL; NMVpnConnection *vpn = NULL; NMActiveConnection *best_ac = NULL; - NMIP6Config *ip6_config = NULL; const char *ip_iface = NULL; - int ip_ifindex = -1; - const struct in6_addr *gw_addr; /* Note that we might have an IPv6 VPN tunneled over an IPv4-only device, * so we can get (vpn != NULL && best == NULL). */ - ip6_config = get_best_ip6_config (policy, FALSE, &ip_iface, &ip_ifindex, &best_ac, &best, &vpn); - if (!ip6_config) { + if (!get_best_ip6_config (policy, FALSE, &ip_iface, &best_ac, &best, &vpn)) { gboolean changed; changed = (priv->default_device6 != NULL); @@ -568,42 +531,9 @@ update_ip6_routing (NMPolicy *policy, gboolean force_update) if (!force_update && best && (best == priv->default_device6)) return; - /* If no better gateway is found, use ::; not all configurations will - * have a gateway, especially WWAN/Point-to-Point connections. - */ - gw_addr = nm_ip6_config_get_gateway (ip6_config); - if (!gw_addr) - gw_addr = &in6addr_any; - - if (vpn) { - const struct in6_addr *int_gw = nm_vpn_connection_get_ip6_internal_gateway (vpn); - int mss = nm_ip6_config_get_mss (ip6_config); - guint32 route_metric = nm_vpn_connection_get_ip6_route_metric (vpn); - - if (!int_gw) - int_gw = &in6addr_any; - - /* If no VPN interface, use the parent interface */ - if (ip_ifindex <= 0) - ip_ifindex = nm_device_get_ip_ifindex (nm_active_connection_get_device (NM_ACTIVE_CONNECTION (vpn))); - - if (!nm_platform_ip6_route_add (ip_ifindex, NM_IP_CONFIG_SOURCE_VPN, - in6addr_any, 0, *int_gw, - route_metric, mss)) { - if (!IN6_IS_ADDR_UNSPECIFIED (int_gw)) { - (void) nm_platform_ip6_route_add (ip_ifindex, NM_IP_CONFIG_SOURCE_VPN, - *int_gw, 128, in6addr_any, - route_metric, mss); - if (!nm_platform_ip6_route_add (ip_ifindex, NM_IP_CONFIG_SOURCE_VPN, - in6addr_any, 0, *int_gw, - route_metric, mss)) - nm_log_err (LOGD_IP6 | LOGD_VPN, "Failed to set IPv6 default route via VPN."); - } else - nm_log_err (LOGD_IP6 | LOGD_VPN, "Failed to set IPv6 default route via VPN."); - } - + if (vpn) default_device6 = nm_active_connection_get_device (NM_ACTIVE_CONNECTION (vpn)); - } else + else default_device6 = best; update_default_ac (policy, best_ac, nm_active_connection_set_default6); |