merge: branch 'bg/vpn-ipv6-route-prefsrc'

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1834
2024-01-29 08:58:41 +01:00
parent c3acd38645 c415eaca76
commit f1761c0184
1 changed files with 77 additions and 43 deletions
--- a/src/core/vpn/nm-vpn-connection.c
+++ b/src/core/vpn/nm-vpn-connection.c
@@ -2099,20 +2099,12 @@ _dbus_signal_ip_config_cb(NMVpnConnection *self, int addr_family, GVariant *dict
                                                 NMP_OBJECT_TYPE_IP_ROUTE(IS_IPv4))
                nm_l3_config_data_add_route(l3cd, addr_family, route, NULL);
        }
-    } else if (IS_IPv4 ? g_variant_lookup(dict, NM_VPN_PLUGIN_IP4_CONFIG_ROUTES, "aau", &var_iter)
+    } else if (IS_IPv4) {
-                       : g_variant_lookup(dict,
+        if (g_variant_lookup(dict, NM_VPN_PLUGIN_IP4_CONFIG_ROUTES, "aau", &var_iter)) {
-                                          NM_VPN_PLUGIN_IP6_CONFIG_ROUTES,
+            _nm_unused nm_auto_free_variant_iter GVariantIter *var_iter_ref_owner = var_iter;
-                                          "a(ayuayu)",
+            NMPlatformIPXRoute                                 route              = {};
-                                          &var_iter)) {
+            guint32                                            plen;
        _nm_unused nm_auto_free_variant_iter GVariantIter *var_iter_ref_owner = var_iter;
        NMPlatformIPXRoute                                 route              = {};
        guint32                                            plen;
        GVariant                                          *next_hop;
        GVariant                                          *dest;
        guint32                                            prefix;
        guint32                                            metric;
        if (IS_IPv4) {
            while (g_variant_iter_next(var_iter, "@au", &v)) {
                _nm_unused gs_unref_variant GVariant *v_ref_owner = v;
@@ -2151,42 +2143,84 @@ _dbus_signal_ip_config_cb(NMVpnConnection *self, int addr_family, GVariant *dict
                    break;
                }
            }
-        } else {
+        }
-            while (
+    } else {
-                g_variant_iter_next(var_iter, "(@ayu@ayu)", &dest, &prefix, &next_hop, &metric)) {
+        _nm_unused nm_auto_free_variant_iter GVariantIter *var_iter_ref_owner = NULL;
-                _nm_unused gs_unref_variant GVariant *next_hop_ref_owner = next_hop;
+        NMPlatformIPXRoute                                 route              = {};
-                _nm_unused gs_unref_variant GVariant *dest_ref_owner     = dest;
+        guint32                                            prefix;
        guint32                                            metric;
        NMOptionBool                                       new_signature = NM_OPTION_BOOL_DEFAULT;
-                if (prefix > 128)
+        /* IPv6 and no "preserve-routes" */
                    continue;
-                route.r6 = (NMPlatformIP6Route){
+        if (g_variant_lookup(dict, NM_VPN_PLUGIN_IP6_CONFIG_ROUTES, "a(ayuayu)", &var_iter))
-                    .plen       = prefix,
+            new_signature = FALSE;
-                    .table_any  = TRUE,
+        else if (g_variant_lookup(dict, NM_VPN_PLUGIN_IP6_CONFIG_ROUTES, "a(ayuayuay)", &var_iter))
-                    .metric_any = TRUE,
+            new_signature = TRUE;
-                    .rt_source  = NM_IP_CONFIG_SOURCE_VPN,
+        else
-                };
+            var_iter = NULL;
-                if (!nm_ip_addr_set_from_variant(AF_INET6, &route.r6.network, dest, NULL))
+        var_iter_ref_owner = var_iter;
                    continue;
-                nm_ip_addr_set_from_variant(AF_INET6, &route.r6.gateway, next_hop, NULL);
+        while (TRUE) {
            gs_unref_variant GVariant *next_hop = NULL;
            gs_unref_variant GVariant *dest     = NULL;
            gs_unref_variant GVariant *pref_src = NULL;
-                nm_ip6_addr_clear_host_address(&route.r6.network, &route.r6.network, route.r6.plen);
+            if (new_signature == NM_OPTION_BOOL_DEFAULT) {
-
+                break;
-                if (!IN6_IS_ADDR_UNSPECIFIED(&priv->ip_data_6.gw_external.addr6)
+            } else if (new_signature) {
-                    && IN6_ARE_ADDR_EQUAL(&route.r6.network, &priv->ip_data_6.gw_external.addr6)
+                if (!g_variant_iter_next(var_iter,
-                    && route.r6.plen == 128) {
+                                         "(@ayu@ayu@ay)",
-                    /* Ignore host routes to the VPN gateway since NM adds one itself.
+                                         &dest,
-                     * Since NM knows more about the routing situation than the VPN
+                                         &prefix,
-                     * server, we want to use the NM created route instead of whatever
+                                         &next_hop,
-                     * the server provides.
+                                         &metric,
-                     */
+                                         &pref_src))
-                    continue;
+                    break;
-                }
+            } else {
-
+                if (!g_variant_iter_next(var_iter,
-                nm_l3_config_data_add_route_6(l3cd, &route.r6);
+                                         "(@ayu@ayu)",
                                         &dest,
                                         &prefix,
                                         &next_hop,
                                         &metric))
                    break;
            }
            if (prefix > 128)
                continue;
            route.r6 = (NMPlatformIP6Route){
                .plen       = prefix,
                .table_any  = TRUE,
                .metric_any = TRUE,
                .rt_source  = NM_IP_CONFIG_SOURCE_VPN,
            };
            if (!nm_ip_addr_set_from_variant(AF_INET6, &route.r6.network, dest, NULL))
                continue;
            if (pref_src
                && !nm_ip_addr_set_from_variant(AF_INET6, &route.r6.pref_src, pref_src, NULL))
                continue;
            nm_ip_addr_set_from_variant(AF_INET6, &route.r6.gateway, next_hop, NULL);
            nm_ip6_addr_clear_host_address(&route.r6.network, &route.r6.network, route.r6.plen);
            if (!IN6_IS_ADDR_UNSPECIFIED(&priv->ip_data_6.gw_external.addr6)
                && IN6_ARE_ADDR_EQUAL(&route.r6.network, &priv->ip_data_6.gw_external.addr6)
                && route.r6.plen == 128) {
                /* Ignore host routes to the VPN gateway since NM adds one itself.
                 * Since NM knows more about the routing situation than the VPN
                 * server, we want to use the NM created route instead of whatever
                 * the server provides.
                 */
                continue;
            }
            nm_l3_config_data_add_route_6(l3cd, &route.r6);
        }
    }