Novell VPN support

From: "Preggna S" <spreggna novell com>
To: <networkmanager-list gnome org>
Cc:
Subject: Novell VPN support
Date: Tue, 20 Dec 2005 08:32:06 -0700

Hi all:

Novell has a IPsecTools based VPN client. We are trying to integrate
that with Network Manager. We will start sending in the patches for
vpn-daemon soon.

The attached first patch makes the tunnel device optional in the core
NetworkManager code. This is because, the IPsec based VPNs do not depend
on  tunnel device.

Appreciate any comments on this..

thanks & regards,
Preggna

diff -Naur NetworkManager/src/NetworkManagerSystem.c modified/NetworkManager/src/NetworkManagerSystem.c
--- NetworkManager/src/NetworkManagerSystem.c	2005-12-20 20:22:27.000000000 +0530
+++ modified/NetworkManager/src/NetworkManagerSystem.c	2005-12-20 20:33:34.000000000 +0530
@@ -269,73 +269,75 @@
 	struct rtnl_addr *	addr = NULL;
 	struct rtnl_link *	request = NULL;
 
-	g_return_val_if_fail (iface != NULL, FALSE);
 	g_return_val_if_fail (config != NULL, FALSE);
 
 	/* Set up a route to the VPN gateway through the real network device */
 	if (active_device && (ad_config = nm_device_get_ip4_config (active_device)))
 		nm_system_device_set_ip4_route (active_device, nm_ip4_config_get_gateway (ad_config), nm_ip4_config_get_gateway (config), 0xFFFFFFFF);
 
-	nm_system_device_set_up_down_with_iface (NULL, iface, TRUE);
+	if (iface != NULL)
+	{
+			nm_system_device_set_up_down_with_iface (NULL, iface, TRUE);
 
-	nlh = new_nl_handle ();
+			nlh = new_nl_handle ();
 
-	if ((addr = nm_ip4_config_to_rtnl_addr (config, NM_RTNL_ADDR_PTP_DEFAULT)))
-	{
-		int err = 0;
-		iface_to_rtnl_index (iface, nlh, addr);
-		if ((err = rtnl_addr_add (nlh, addr, 0)) < 0)
-			nm_warning ("nm_system_device_set_from_ip4_config(): error %d returned from rtnl_addr_add().\n", err);
-		rtnl_addr_put (addr);
-	}
-	else
-		nm_warning ("nm_system_vpn_device_set_from_ip4_config(): couldn't create rtnl address!\n");
+			if ((addr = nm_ip4_config_to_rtnl_addr (config, NM_RTNL_ADDR_PTP_DEFAULT)))
+			{
+				int err = 0;
+				iface_to_rtnl_index (iface, nlh, addr);
+				if ((err = rtnl_addr_add (nlh, addr, 0)) < 0)
+					nm_warning ("nm_system_device_set_from_ip4_config(): error %d returned from rtnl_addr_add().\n", err);
+				rtnl_addr_put (addr);
+			}
+			else
+				nm_warning ("nm_system_vpn_device_set_from_ip4_config(): couldn't create rtnl address!\n");
 
-	/* Set the MTU */
-	if ((request = rtnl_link_alloc ()))
-	{
-		struct rtnl_link * old;
+			/* Set the MTU */
+			if ((request = rtnl_link_alloc ()))
+			{
+				struct rtnl_link * old;
 
-		old = iface_to_rtnl_link (iface, nlh);
-		rtnl_link_set_mtu (request, 1412);
-		rtnl_link_change (nlh, old, request, 0);
+				old = iface_to_rtnl_link (iface, nlh);
+				rtnl_link_set_mtu (request, 1412);
+				rtnl_link_change (nlh, old, request, 0);
 
-		rtnl_link_put (old);
-		rtnl_link_put (request);
-	}
+				rtnl_link_put (old);
+				rtnl_link_put (request);
+			}
 
-	nl_close (nlh);
-	nl_handle_destroy (nlh);
+			nl_close (nlh);
+			nl_handle_destroy (nlh);
 
-	sleep (1);
+			sleep (1);
 
-	nm_system_device_flush_routes_with_iface (iface);
-	if (num_routes <= 0)
-	{
-		nm_system_delete_default_route ();
-		nm_system_device_add_default_route_via_device_with_iface (iface);
-	}
-	else
-	{
-		int i;
-		for (i = 0; i < num_routes; i++)
-		{
-			char *valid_ip4_route;
-
-			/* Make sure the route is valid, otherwise it's a security risk as the route
-			 * text is simply taken from the user, and passed directly to system().  If
-			 * we did not check the route, think of:
-			 *
-			 *     system("/sbin/ip route add `rm -rf /` dev eth0")
-			 *
-			 * where `rm -rf /` was the route text.  As UID 0 (root), we have to be careful.
-			 */
-			if ((valid_ip4_route = validate_ip4_route (routes[i])))
+			nm_system_device_flush_routes_with_iface (iface);
+			if (num_routes <= 0)
 			{
-				nm_system_device_add_route_via_device_with_iface (iface, valid_ip4_route);
-				g_free (valid_ip4_route);
+				nm_system_delete_default_route ();
+				nm_system_device_add_default_route_via_device_with_iface (iface);
+			}
+			else
+			{
+				int i;
+				for (i = 0; i < num_routes; i++)
+				{
+					char *valid_ip4_route;
+
+					/* Make sure the route is valid, otherwise it's a security risk as the route
+					 * text is simply taken from the user, and passed directly to system().  If
+					 * we did not check the route, think of:
+					 *
+					 *     system("/sbin/ip route add `rm -rf /` dev eth0")
+					 *
+					 * where `rm -rf /` was the route text.  As UID 0 (root), we have to be careful.
+					 */
+					if ((valid_ip4_route = validate_ip4_route (routes[i])))
+					{
+						nm_system_device_add_route_via_device_with_iface (iface, valid_ip4_route);
+						g_free (valid_ip4_route);
+					}
+				}
 			}
-		}
 	}
 
 	nm_named_manager_add_ip4_config (named, config);
diff -Naur NetworkManager/src/vpn-manager/nm-vpn-connection.c modified/NetworkManager/src/vpn-manager/nm-vpn-connection.c
--- NetworkManager/src/vpn-manager/nm-vpn-connection.c	2005-12-20 20:22:28.000000000 +0530
+++ modified/NetworkManager/src/vpn-manager/nm-vpn-connection.c	2005-12-20 20:29:14.000000000 +0530
@@ -124,11 +124,12 @@
 	char **	routes;
 
 	g_return_val_if_fail (connection != NULL, FALSE);
-	g_return_val_if_fail (vpn_iface != NULL, FALSE);
 	g_return_val_if_fail (dev != NULL, FALSE);
 	g_return_val_if_fail (ip4_config != NULL, FALSE);
 
-	nm_vpn_connection_set_vpn_iface (connection, vpn_iface);
+	/* IPsec VPNs will not have tunnel device */
+	if (vpn_iface != NULL)
+		nm_vpn_connection_set_vpn_iface (connection, vpn_iface);
 	nm_vpn_connection_set_parent_device (connection, dev);
 	nm_vpn_connection_set_ip4_config (connection, ip4_config);

Follow-Ups:
- Re: Novell VPN support
  - From: Robert Love

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]