[NetworkManager-openvpn/bg/ipv6-addr: 6/6] helper: fix parsing of IPv6 configuration




commit f9286da94dbfa1d585f0dc8d2f57640d467e2193
Author: Beniamino Galvani <bgalvani redhat com>
Date:   Thu Jun 3 18:19:39 2021 +0200

    helper: fix parsing of IPv6 configuration
    
    If the server pushes, for example:
    
      ifconfig-ipv6 2001:db8:f00:bebe::1003/64 2001:db8:f00:bebe::1
    
    NetworkManager considers the first argument as the subnet and the
    second as the peer, and so it does something equivalent to:
    
      ip addr add dev tun0 2001:db8:f00:bebe::1003/64 peer 2001:db8:f00:bebe::1
    
    which appears in the "ip -6 addr" output as:
    
        inet6 2001:db8:f00:bebe::1003 peer 2001:db8:f00:bebe::1/128 scope global
           valid_lft forever preferred_lft forever
    
    Instead, according to 'man openvpn', NM should simply add address
    2001:db8:f00:bebe::1003/64 and use the second argument as a fallback
    gateway for the routes specified by '--route-ipv6':
    
          --ifconfig-ipv6 ipv6addr/bits ipv6remote
                configure IPv6 address ipv6addr/bits on the ``tun'' device.  The
                second parameter is used as route target for --route-ipv6 if  no
                gateway is specified.
    
         --route-ipv6 ipv6addr/bits [gateway] [metric]
                setup IPv6 routing in the system to send the specified IPv6 net-
                work into OpenVPN's ``tun''.  The gateway parameter is only used
                for  IPv6  routes  across  ``tap''  devices, and if missing, the
                ``ipv6remote'' field from --ifconfig-ipv6 is used.
    
    https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/issues/71
    https://mail.gnome.org/archives/networkmanager-list/2021-June/msg00000.html

 src/nm-openvpn-service-openvpn-helper.c | 19 ++++++-------------
 1 file changed, 6 insertions(+), 13 deletions(-)
---
diff --git a/src/nm-openvpn-service-openvpn-helper.c b/src/nm-openvpn-service-openvpn-helper.c
index 6197f97..e047782 100644
--- a/src/nm-openvpn-service-openvpn-helper.c
+++ b/src/nm-openvpn-service-openvpn-helper.c
@@ -296,7 +296,7 @@ get_ip4_routes (void)
 }
 
 static GVariant *
-get_ip6_routes (void)
+get_ip6_routes (const char *fallback_gateway)
 {
        gs_unref_ptrarray GPtrArray *routes = NULL;
        guint i;
@@ -325,7 +325,7 @@ get_ip6_routes (void)
                nm_sprintf_buf (key_name, "route_ipv6_gateway_%u", i);
                tmp = getenv (key_name);
 
-               route = nm_ip_route_new (AF_INET6, dst, prefix, tmp, -1, &error);
+               route = nm_ip_route_new (AF_INET6, dst, prefix, tmp ?: fallback_gateway, -1, &error);
                if (!route) {
                        _LOGW ("Ignoring route#%u: %s", i, error->message);
                        g_error_free (error);
@@ -639,16 +639,6 @@ main (int argc, char *argv[])
                        helper_failed (proxy, "IP6 Address");
        }
 
-       /* IPv6 remote address */
-       tmp = getenv ("ifconfig_ipv6_remote");
-       if (tmp && strlen (tmp)) {
-               val = addr6_to_gvariant (tmp);
-               if (val)
-                       g_variant_builder_add (&ip6builder, "{sv}", NM_VPN_PLUGIN_IP6_CONFIG_PTP, val);
-               else
-                       helper_failed (proxy, "IP6 PTP Address");
-       }
-
        /* IPv6 netbits */
        tmp = getenv ("ifconfig_ipv6_netbits");
        if (tmp && strlen (tmp)) {
@@ -664,7 +654,10 @@ main (int argc, char *argv[])
                }
        }
 
-       val = get_ip6_routes ();
+       /* Note: for IPv6 'ifconfig_ipv6_remote' is not used as the peer
+        * address but as fallback gateway for routes.
+        */
+       val = get_ip6_routes (getenv ("ifconfig_ipv6_remote"));
        if (val)
                g_variant_builder_add (&ip6builder, "{sv}", NM_VPN_PLUGIN_IP6_CONFIG_ROUTES, val);
        else if (is_restart) {


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]