[NetworkManager-openvpn/bg/ipv6-addr] helper: fix parsing of IPv6 configuration
- From: Beniamino Galvani <bgalvani src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [NetworkManager-openvpn/bg/ipv6-addr] helper: fix parsing of IPv6 configuration
- Date: Thu, 3 Jun 2021 16:21:29 +0000 (UTC)
commit 7ca562f660600666615dacd94d8956ccf512fe31
Author: Beniamino Galvani <bgalvani redhat com>
Date: Thu Jun 3 18:19:39 2021 +0200
helper: fix parsing of IPv6 configuration
If the server pushes, for example:
ifconfig-ipv6 2001:db8:f00:bebe::1003/64 2001:db8:f00:bebe::1
NetworkManager considers the first argument as the subnet and the
second as the peer, and so it does something equivalent to:
ip addr add dev tun0 2001:db8:f00:bebe::1003/64 peer 2001:db8:f00:bebe::1
which appears in the "ip -6 addr" output as:
inet6 2001:db8:f00:bebe::1003 peer 2001:db8:f00:bebe::1/128 scope global
valid_lft forever preferred_lft forever
Instead, according to 'man openvpn', NM should simply add address
2001:db8:f00:bebe::1003/64 and use the second argument as a fallback
gateway for the routes specified by '--route-ipv6':
--ifconfig-ipv6 ipv6addr/bits ipv6remote
configure IPv6 address ipv6addr/bits on the ``tun'' device. The
second parameter is used as route target for --route-ipv6 if no
gateway is specified.
--route-ipv6 ipv6addr/bits [gateway] [metric]
setup IPv6 routing in the system to send the specified IPv6 net-
work into OpenVPN's ``tun''. The gateway parameter is only used
for IPv6 routes across ``tap'' devices, and if missing, the
``ipv6remote'' field from --ifconfig-ipv6 is used.
https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/issues/71
https://mail.gnome.org/archives/networkmanager-list/2021-June/msg00000.html
src/nm-openvpn-service-openvpn-helper.c | 19 ++++++-------------
1 file changed, 6 insertions(+), 13 deletions(-)
---
diff --git a/src/nm-openvpn-service-openvpn-helper.c b/src/nm-openvpn-service-openvpn-helper.c
index 6197f97..e047782 100644
--- a/src/nm-openvpn-service-openvpn-helper.c
+++ b/src/nm-openvpn-service-openvpn-helper.c
@@ -296,7 +296,7 @@ get_ip4_routes (void)
}
static GVariant *
-get_ip6_routes (void)
+get_ip6_routes (const char *fallback_gateway)
{
gs_unref_ptrarray GPtrArray *routes = NULL;
guint i;
@@ -325,7 +325,7 @@ get_ip6_routes (void)
nm_sprintf_buf (key_name, "route_ipv6_gateway_%u", i);
tmp = getenv (key_name);
- route = nm_ip_route_new (AF_INET6, dst, prefix, tmp, -1, &error);
+ route = nm_ip_route_new (AF_INET6, dst, prefix, tmp ?: fallback_gateway, -1, &error);
if (!route) {
_LOGW ("Ignoring route#%u: %s", i, error->message);
g_error_free (error);
@@ -639,16 +639,6 @@ main (int argc, char *argv[])
helper_failed (proxy, "IP6 Address");
}
- /* IPv6 remote address */
- tmp = getenv ("ifconfig_ipv6_remote");
- if (tmp && strlen (tmp)) {
- val = addr6_to_gvariant (tmp);
- if (val)
- g_variant_builder_add (&ip6builder, "{sv}", NM_VPN_PLUGIN_IP6_CONFIG_PTP, val);
- else
- helper_failed (proxy, "IP6 PTP Address");
- }
-
/* IPv6 netbits */
tmp = getenv ("ifconfig_ipv6_netbits");
if (tmp && strlen (tmp)) {
@@ -664,7 +654,10 @@ main (int argc, char *argv[])
}
}
- val = get_ip6_routes ();
+ /* Note: for IPv6 'ifconfig_ipv6_remote' is not used as the peer
+ * address but as fallback gateway for routes.
+ */
+ val = get_ip6_routes (getenv ("ifconfig_ipv6_remote"));
if (val)
g_variant_builder_add (&ip6builder, "{sv}", NM_VPN_PLUGIN_IP6_CONFIG_ROUTES, val);
else if (is_restart) {
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]