Re: Novell VPN support
- From: Robert Love <rml novell com>
- To: Preggna S <spreggna novell com>
- Cc: networkmanager-list gnome org
- Subject: Re: Novell VPN support
- Date: Tue, 20 Dec 2005 14:08:56 -0500
On Tue, 2005-12-20 at 08:32 -0700, Preggna S wrote:
> The attached first patch makes the tunnel device optional in the core
> NetworkManager code. This is because, the IPsec based VPNs do not depend
> on tunnel device.
Looks fine to me. The vpnc client required an interface to be bound as
the "tunnel device," but IPsec does not have this requirement (due to
in-kernel use of the IPsec interface). This seems an easy way to
rectify the situation.
Dan? Okay for you?
I attached a version of the patch with a couple of coding style changes,
rediffed against HEAD.
Robert Love
Index: src/NetworkManagerSystem.c
===================================================================
RCS file: /cvs/gnome/NetworkManager/src/NetworkManagerSystem.c,v
retrieving revision 1.26
diff -u -u -r1.26 NetworkManagerSystem.c
--- src/NetworkManagerSystem.c 1 Dec 2005 21:42:41 -0000 1.26
+++ src/NetworkManagerSystem.c 20 Dec 2005 19:03:37 -0000
@@ -269,71 +269,73 @@
struct rtnl_addr * addr = NULL;
struct rtnl_link * request = NULL;
- g_return_val_if_fail (iface != NULL, FALSE);
g_return_val_if_fail (config != NULL, FALSE);
/* Set up a route to the VPN gateway through the real network device */
if (active_device && (ad_config = nm_device_get_ip4_config (active_device)))
nm_system_device_set_ip4_route (active_device, nm_ip4_config_get_gateway (ad_config), nm_ip4_config_get_gateway (config), 0xFFFFFFFF);
- nm_system_device_set_up_down_with_iface (NULL, iface, TRUE);
+ if (iface != NULL)
+ {
+ nm_system_device_set_up_down_with_iface (NULL, iface, TRUE);
- nlh = new_nl_handle ();
+ nlh = new_nl_handle ();
- if ((addr = nm_ip4_config_to_rtnl_addr (config, NM_RTNL_ADDR_PTP_DEFAULT)))
- {
- int err = 0;
- iface_to_rtnl_index (iface, nlh, addr);
- if ((err = rtnl_addr_add (nlh, addr, 0)) < 0)
- nm_warning ("nm_system_device_set_from_ip4_config(): error %d returned from rtnl_addr_add().\n", err);
- rtnl_addr_put (addr);
- }
- else
- nm_warning ("nm_system_vpn_device_set_from_ip4_config(): couldn't create rtnl address!\n");
+ if ((addr = nm_ip4_config_to_rtnl_addr (config, NM_RTNL_ADDR_PTP_DEFAULT)))
+ {
+ int err = 0;
+ iface_to_rtnl_index (iface, nlh, addr);
+ if ((err = rtnl_addr_add (nlh, addr, 0)) < 0)
+ nm_warning ("nm_system_device_set_from_ip4_config(): error %d returned from rtnl_addr_add().\n", err);
+ rtnl_addr_put (addr);
+ }
+ else
+ nm_warning ("nm_system_vpn_device_set_from_ip4_config(): couldn't create rtnl address!\n");
- /* Set the MTU */
- if ((request = rtnl_link_alloc ()))
- {
- struct rtnl_link * old;
+ /* Set the MTU */
+ if ((request = rtnl_link_alloc ()))
+ {
+ struct rtnl_link * old;
- old = iface_to_rtnl_link (iface, nlh);
- rtnl_link_set_mtu (request, 1412);
- rtnl_link_change (nlh, old, request, 0);
+ old = iface_to_rtnl_link (iface, nlh);
+ rtnl_link_set_mtu (request, 1412);
+ rtnl_link_change (nlh, old, request, 0);
- rtnl_link_put (old);
- rtnl_link_put (request);
- }
+ rtnl_link_put (old);
+ rtnl_link_put (request);
+ }
- nl_close (nlh);
- nl_handle_destroy (nlh);
+ nl_close (nlh);
+ nl_handle_destroy (nlh);
- sleep (1);
+ sleep (1);
- nm_system_device_flush_routes_with_iface (iface);
- if (num_routes <= 0)
- {
- nm_system_delete_default_route ();
- nm_system_device_add_default_route_via_device_with_iface (iface);
- }
- else
- {
- int i;
- for (i = 0; i < num_routes; i++)
+ nm_system_device_flush_routes_with_iface (iface);
+ if (num_routes <= 0)
{
- char *valid_ip4_route;
-
- /* Make sure the route is valid, otherwise it's a security risk as the route
- * text is simply taken from the user, and passed directly to system(). If
- * we did not check the route, think of:
- *
- * system("/sbin/ip route add `rm -rf /` dev eth0")
- *
- * where `rm -rf /` was the route text. As UID 0 (root), we have to be careful.
- */
- if ((valid_ip4_route = validate_ip4_route (routes[i])))
+ nm_system_delete_default_route ();
+ nm_system_device_add_default_route_via_device_with_iface (iface);
+ }
+ else
+ {
+ int i;
+ for (i = 0; i < num_routes; i++)
{
- nm_system_device_add_route_via_device_with_iface (iface, valid_ip4_route);
- g_free (valid_ip4_route);
+ char *valid_ip4_route;
+
+ /* Make sure the route is valid, otherwise it's a security risk as the route
+ * text is simply taken from the user, and passed directly to system(). If
+ * we did not check the route, think of:
+ *
+ * system("/sbin/ip route add `rm -rf /` dev eth0")
+ *
+ * where `rm -rf /` was the route text. As UID 0 (root), we have to be careful.
+ */
+ if ((valid_ip4_route = validate_ip4_route (routes[i])))
+ {
+ nm_system_device_add_route_via_device_with_iface (iface, valid_ip4_route);
+ g_free (valid_ip4_route);
+ }
}
}
}
Index: src/vpn-manager/nm-vpn-connection.c
===================================================================
RCS file: /cvs/gnome/NetworkManager/src/vpn-manager/nm-vpn-connection.c,v
retrieving revision 1.3
diff -u -u -r1.3 nm-vpn-connection.c
--- src/vpn-manager/nm-vpn-connection.c 28 Sep 2005 14:42:57 -0000 1.3
+++ src/vpn-manager/nm-vpn-connection.c 20 Dec 2005 19:03:37 -0000
@@ -124,11 +124,12 @@
char ** routes;
g_return_val_if_fail (connection != NULL, FALSE);
- g_return_val_if_fail (vpn_iface != NULL, FALSE);
g_return_val_if_fail (dev != NULL, FALSE);
g_return_val_if_fail (ip4_config != NULL, FALSE);
- nm_vpn_connection_set_vpn_iface (connection, vpn_iface);
+ /* IPsec VPNs will not have tunnel device */
+ if (vpn_iface != NULL)
+ nm_vpn_connection_set_vpn_iface (connection, vpn_iface);
nm_vpn_connection_set_parent_device (connection, dev);
nm_vpn_connection_set_ip4_config (connection, ip4_config);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
