[network-manager-vpnc/NETWORKMANAGER_0_7] core: add "Force NAT-T" option (bgo #611027)
- From: Dan Williams <dcbw src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [network-manager-vpnc/NETWORKMANAGER_0_7] core: add "Force NAT-T" option (bgo #611027)
- Date: Thu, 25 Feb 2010 21:45:10 +0000 (UTC)
commit 761c1117d3809e9a7794e75289319e6f91c2e60a
Author: Huzaifa S. Sidhpurwala <huzaifas redhat com>
Date: Thu Feb 25 13:43:02 2010 -0800
core: add "Force NAT-T" option (bgo #611027)
properties/nm-vpnc.c | 40 ++++++++++++++++++++++++-----
properties/tests/pcf/force-natt.pcf | 39 ++++++++++++++++++++++++++++
properties/tests/test-import-export.c | 45 +++++++++++++++++++++++++++++++++
src/nm-vpnc-service.c | 4 +++
src/nm-vpnc-service.h | 7 +++--
5 files changed, 125 insertions(+), 10 deletions(-)
---
diff --git a/properties/nm-vpnc.c b/properties/nm-vpnc.c
index 339c4a9..b0286ed 100644
--- a/properties/nm-vpnc.c
+++ b/properties/nm-vpnc.c
@@ -468,24 +468,31 @@ init_plugin_ui (VpncPluginUiWidget *self, NMConnection *connection, GError **err
natt_mode = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_NAT_TRAVERSAL_MODE);
gtk_list_store_append (store, &iter);
- gtk_list_store_set (store, &iter, 0, _("NAT-T (default)"), 1, NM_VPNC_NATT_MODE_NATT, -1);
+ gtk_list_store_set (store, &iter, 0, _("NAT-T when available (default)"), 1, NM_VPNC_NATT_MODE_NATT, -1);
if ((active < 0) && natt_mode) {
if (!strcmp (natt_mode, NM_VPNC_NATT_MODE_NATT))
active = 0;
}
gtk_list_store_append (store, &iter);
+ gtk_list_store_set (store, &iter, 0, _("NAT-T always"), 1, NM_VPNC_NATT_MODE_NATT_ALWAYS, -1);
+ if ((active < 0) && natt_mode) {
+ if (!strcmp (natt_mode, NM_VPNC_NATT_MODE_NATT_ALWAYS))
+ active = 1;
+ }
+
+ gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("Cisco UDP"), 1, NM_VPNC_NATT_MODE_CISCO, -1);
if ((active < 0) && natt_mode) {
if (!strcmp (natt_mode, NM_VPNC_NATT_MODE_CISCO))
- active = 1;
+ active = 2;
}
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("Disabled"), 1, NM_VPNC_NATT_MODE_NONE, -1);
if ((active < 0) && natt_mode) {
if (!strcmp (natt_mode, NM_VPNC_NATT_MODE_NONE))
- active = 2;
+ active = 3;
}
widget = glade_xml_get_widget (priv->xml, "natt_combo");
@@ -1063,7 +1070,9 @@ import (NMVpnPluginUiInterface *iface, const char *path, GError **error)
/* Disable all NAT Traversal if explicit EnableNat=0 exists, otherwise
* default to NAT-T which is newer and standardized. If EnableNat=1, then
* use Cisco-UDP like always; but if the key "X-NM-Use-NAT-T" is set, then
- * use NAT-T.
+ * use NAT-T. If the key "X-NM-Force-NAT-T" is set then force NAT-T always
+ * on. See vpnc documentation for more information on what the different
+ * NAT modes are.
*/
nm_setting_vpn_add_data_item (s_vpn,
NM_VPNC_KEY_NAT_TRAVERSAL_MODE,
@@ -1071,9 +1080,19 @@ import (NMVpnPluginUiInterface *iface, const char *path, GError **error)
if (pcf_file_lookup_bool (pcf, "main", "EnableNat", &bool_value)) {
if (bool_value) {
- bool_value = FALSE;
- if ( pcf_file_lookup_bool (pcf, "main", "X-NM-Use-NAT-T", &bool_value)
- && bool_value) {
+ gboolean natt = FALSE, force_natt = FALSE;
+
+ if (!pcf_file_lookup_bool (pcf, "main", "X-NM-Use-NAT-T", &natt))
+ natt = FALSE;
+ if (!pcf_file_lookup_bool (pcf, "main", "X-NM-Force-NAT-T", &force_natt))
+ force_natt = FALSE;
+
+ /* force-natt takes precence over plain natt */
+ if (force_natt) {
+ nm_setting_vpn_add_data_item (s_vpn,
+ NM_VPNC_KEY_NAT_TRAVERSAL_MODE,
+ NM_VPNC_NATT_MODE_NATT_ALWAYS);
+ } else if (natt) {
nm_setting_vpn_add_data_item (s_vpn,
NM_VPNC_KEY_NAT_TRAVERSAL_MODE,
NM_VPNC_NATT_MODE_NATT);
@@ -1154,6 +1173,7 @@ export (NMVpnPluginUiInterface *iface,
guint32 routes_count = 0;
gboolean save_password = FALSE;
gboolean use_natt = FALSE;
+ gboolean use_force_natt = FALSE;
s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION));
s_ip4 = (NMSettingIP4Config *) nm_connection_get_setting (connection, NM_TYPE_SETTING_IP4_CONFIG);
@@ -1202,6 +1222,10 @@ export (NMVpnPluginUiInterface *iface,
} else if (!strcmp (value, NM_VPNC_NATT_MODE_NATT)) {
enablenat = TRUE;
use_natt = TRUE;
+ } else if (!strcmp (value, NM_VPNC_NATT_MODE_NATT_ALWAYS)) {
+ enablenat = TRUE;
+ use_natt = TRUE;
+ use_force_natt = TRUE;
}
}
@@ -1282,6 +1306,7 @@ export (NMVpnPluginUiInterface *iface,
"SingleDES=%s\n"
"SPPhonebook=\n"
"X-NM-Use-NAT-T=%s\n"
+ "X-NM-Force-NAT-T=%s\n"
"%s\n",
/* Description */ nm_setting_connection_get_id (s_con),
/* Host */ gateway,
@@ -1294,6 +1319,7 @@ export (NMVpnPluginUiInterface *iface,
/* PeerTimeout */ peertimeout != NULL ? peertimeout : "0",
/* SingleDES */ singledes ? "1" : "0",
/* X-NM-Use-NAT-T */ use_natt ? "1" : "0",
+ /* X-NM-Force-NAT-T */ use_force_natt ? "1" : "0",
/* X-NM-Routes */ (routes && routes->str) ? routes->str : "");
success = TRUE;
diff --git a/properties/tests/pcf/force-natt.pcf b/properties/tests/pcf/force-natt.pcf
new file mode 100644
index 0000000..468c8cc
--- /dev/null
+++ b/properties/tests/pcf/force-natt.pcf
@@ -0,0 +1,39 @@
+[main]
+Description=Force NAT-T
+!Host=10.20.30.40
+!AuthType=1
+!GroupName=blahblah
+!GroupPwd=my-group-password
+!enc_GroupPwd=
+EnableISPConnect=0
+ISPConnectType=0
+ISPConnect=
+ISPCommand=
+Username=bsmith
+SaveUserPassword=1
+UserPassword=my-user-password
+enc_UserPassword=
+!NTDomain=COMPANY
+!EnableBackup=0
+!BackupServer=
+!EnableMSLogon=1
+!MSLogonType=0
+EnableNat=1
+!TunnelingMode=0
+!TcpTunnelingPort=10000
+CertStore=0
+CertName=
+CertPath=
+CertSubjectName=
+CertSerialHash=00000000000000000000000000000000
+SendCertChain=0
+VerifyCertDN=
+DHGroup=2
+ForceKeepAlives=1
+PeerTimeout=90
+!EnableLocalLAN=1
+!EnableSplitDNS=1
+ISPPhonebook=
+X-NM-Routes=10.0.0.0/8 172.16.0.0/16
+X-NM-Force-NAT-T=1
+
diff --git a/properties/tests/test-import-export.c b/properties/tests/test-import-export.c
index ef2ce5a..b1da23b 100644
--- a/properties/tests/test-import-export.c
+++ b/properties/tests/test-import-export.c
@@ -520,6 +520,49 @@ test_nat_natt (NMVpnPluginUiInterface *plugin, const char *dir)
}
static void
+test_nat_force_natt (NMVpnPluginUiInterface *plugin, const char *dir)
+{
+ NMConnection *connection;
+ NMSettingConnection *s_con;
+ NMSettingVPN *s_vpn;
+ GError *error = NULL;
+ char *pcf;
+ const char *expected_id = "Force NAT-T";
+ const char *value;
+
+ pcf = g_build_path ("/", dir, "force-natt.pcf", NULL);
+ ASSERT (pcf != NULL,
+ "force-natt", "failed to create pcf path");
+
+ connection = nm_vpn_plugin_ui_interface_import (plugin, pcf, &error);
+ if (error)
+ FAIL ("force-natt", "error importing %s: %s", pcf, error->message);
+ ASSERT (connection != NULL,
+ "force-natt", "error importing %s: (unknown)", pcf);
+
+ /* Connection setting */
+ s_con = (NMSettingConnection *) nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION);
+ ASSERT (s_con != NULL,
+ "force-natt", "missing 'connection' setting");
+
+ ASSERT (strcmp (nm_setting_connection_get_id (s_con), expected_id) == 0,
+ "force-natt", "unexpected connection ID");
+
+ /* VPN setting */
+ s_vpn = (NMSettingVPN *) nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN);
+ ASSERT (s_vpn != NULL,
+ "force-natt", "missing 'vpn' setting");
+
+ value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_NAT_TRAVERSAL_MODE);
+ ASSERT (value != NULL,
+ "force-natt", "unexpected missing value for item %s", NM_VPNC_KEY_NAT_TRAVERSAL_MODE);
+ ASSERT (strcmp (value, NM_VPNC_NATT_MODE_NATT_ALWAYS) == 0,
+ "force-natt", "unexpected value for item %s", NM_VPNC_KEY_NAT_TRAVERSAL_MODE);
+
+ g_free (pcf);
+}
+
+static void
test_always_ask (NMVpnPluginUiInterface *plugin, const char *dir)
{
NMConnection *connection;
@@ -624,12 +667,14 @@ int main (int argc, char **argv)
test_no_natt (plugin, argv[1]);
test_nat_cisco (plugin, argv[1]);
test_nat_natt (plugin, argv[1]);
+ test_nat_force_natt (plugin, argv[1]);
test_always_ask (plugin, argv[1]);
test_non_utf8_import (plugin, argv[1]);
test_basic_export (plugin, argv[1]);
test_nat_export (plugin, argv[1], NM_VPNC_NATT_MODE_CISCO);
test_nat_export (plugin, argv[1], NM_VPNC_NATT_MODE_NATT);
+ test_nat_export (plugin, argv[1], NM_VPNC_NATT_MODE_NATT_ALWAYS);
g_object_unref (plugin);
diff --git a/src/nm-vpnc-service.c b/src/nm-vpnc-service.c
index ddf1bdb..3cf288a 100644
--- a/src/nm-vpnc-service.c
+++ b/src/nm-vpnc-service.c
@@ -432,6 +432,10 @@ nm_vpnc_config_write (gint vpnc_fd,
write_config_option (vpnc_fd,
NM_VPNC_KEY_NAT_TRAVERSAL_MODE " %s\n",
NM_VPNC_NATT_MODE_CISCO);
+ } else if (props_natt_mode && (!strcmp (props_natt_mode, NM_VPNC_NATT_MODE_NATT_ALWAYS))) {
+ write_config_option (vpnc_fd,
+ NM_VPNC_KEY_NAT_TRAVERSAL_MODE " %s\n",
+ NM_VPNC_NATT_MODE_NATT_ALWAYS);
}
info = g_malloc0 (sizeof (WriteConfigInfo));
diff --git a/src/nm-vpnc-service.h b/src/nm-vpnc-service.h
index d8d6891..da4c2b7 100644
--- a/src/nm-vpnc-service.h
+++ b/src/nm-vpnc-service.h
@@ -55,9 +55,10 @@
#define NM_VPNC_KEY_DPD_IDLE_TIMEOUT "DPD idle timeout (our side)"
#define NM_VPNC_KEY_CISCO_UDP_ENCAPS_PORT "Cisco UDP Encapsulation Port"
-#define NM_VPNC_NATT_MODE_NATT "natt"
-#define NM_VPNC_NATT_MODE_NONE "none"
-#define NM_VPNC_NATT_MODE_CISCO "cisco-udp"
+#define NM_VPNC_NATT_MODE_NATT "natt"
+#define NM_VPNC_NATT_MODE_NONE "none"
+#define NM_VPNC_NATT_MODE_NATT_ALWAYS "force-natt"
+#define NM_VPNC_NATT_MODE_CISCO "cisco-udp"
#define NM_VPNC_PW_TYPE_SAVE "save"
#define NM_VPNC_PW_TYPE_ASK "ask"
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
