colin/NetworkManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

vpn: honor the ipvX.method connection property

Browse Source 
Currently VPNs always apply the configuration sent by the server for
both address families. So, even if users set e.g. ipv6.method=disabled,
they might end up with IPv6 configured.

Change that and apply the automatic configuration only when the method
is "auto".

This is a change in behavior and as such it might be disruptive for
users that had a method different from "auto" and expected to have the
interface configured. However, that scenario seems unlikely and can be
easily fixed by setting the right method.
This commit is contained in:
Beniamino Galvani
2022-11-11 09:56:22 +01:00
parent b84faaefc9
commit c4a7d6a06f
1 changed files with 29 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
src/core/vpn/nm-vpn-connection.c
View File

@@ -107,8 +107,14 @@ typedef struct {
NMIPAddr gw_internal;
NMIPAddr gw_external;
/* Whether this address family is enabled. If not, then we won't have a l3cd instance,
* but the activation for this address family is still complete. */
/* Whether VPN auto-configuration is enabled in the connection profile for
* this address family. */
bool method_auto : 1;
/* Whether VPN auto-configuration is enabled, in the connection profile AND
* in the configuration reported by the VPN. If not, then we won't have a
* l3cd instance, but the activation for this address family is still
* complete. */
bool enabled : 1;
} IPData;
@@ -1865,9 +1871,16 @@ _dbus_signal_config_cb(NMVpnConnection *self, GVariant *dict)
else
priv->ip_data_6.enabled = FALSE;
_LOGD("config: reply received (IPv4:%s, IPv6:%s)",
_LOGD("config: reply received (IPv4:%s(%s), IPv6:%s(%s))",
priv->ip_data_4.enabled ? "on" : "off",
priv->ip_data_6.enabled ? "on" : "off");
priv->ip_data_4.method_auto ? "auto" : "disabled",
priv->ip_data_4.enabled ? "on" : "off",
priv->ip_data_6.method_auto ? "auto" : "disabled");
if (!priv->ip_data_4.method_auto)
priv->ip_data_4.enabled = FALSE;
if (!priv->ip_data_6.method_auto)
priv->ip_data_6.enabled = FALSE;
if (priv->vpn_state == STATE_CONNECT)
_set_vpn_state(self, STATE_IP_CONFIG_GET, NM_ACTIVE_CONNECTION_STATE_REASON_NONE, FALSE);
@@ -1931,7 +1944,8 @@ _dbus_signal_ip_config_cb(NMVpnConnection *self, int addr_family, GVariant *dict
return;
}
priv->ip_data_4.enabled = TRUE;
if (priv->ip_data_4.method_auto)
priv->ip_data_4.enabled = TRUE;
priv->ip_data_6.enabled = FALSE;
}
} else {
@@ -1948,6 +1962,11 @@ _dbus_signal_ip_config_cb(NMVpnConnection *self, int addr_family, GVariant *dict
_set_vpn_state(self, STATE_IP_CONFIG_GET, NM_ACTIVE_CONNECTION_STATE_REASON_NONE, FALSE);
}
if (!priv->ip_data_x[IS_IPv4].enabled) {
_check_complete(self, TRUE);
return;
}
ip_ifindex = nm_vpn_connection_get_ip_ifindex(self, TRUE);
if (ip_ifindex <= 0)
g_return_if_reached();
@@ -2753,6 +2772,11 @@ nm_vpn_connection_activate(NMVpnConnection *self, NMVpnPluginInfo *plugin_info)
_LOGI("starting %s", nm_vpn_plugin_info_get_name(plugin_info));
priv->ip_data_4.method_auto = nm_streq0(nm_utils_get_ip_config_method(connection, AF_INET),
NM_SETTING_IP4_CONFIG_METHOD_AUTO);
priv->ip_data_6.method_auto = nm_streq0(nm_utils_get_ip_config_method(connection, AF_INET6),
NM_SETTING_IP6_CONFIG_METHOD_AUTO);
priv->connection_can_persist = nm_setting_vpn_get_persistent(s_vpn);
priv->plugin_info = g_object_ref(plugin_info);