[PATCH] Accept VPN IPv4 configs without a tundevice

From: Martin Willi <martin strongswan org>
To: networkmanager-list gnome org
Subject: [PATCH] Accept VPN IPv4 configs without a tundevice
Date: Wed, 07 Sep 2011 15:18:48 +0200

---

I'm migrating our strongSwan VPN plugin [1] to NetworkManager 0.9.
We use the native Linux IPsec stack. It doesn't use any tundev or ipsec
network devices, but handles encryption transparently in the networking
stack.

Unfortunately, the new release (d2d1f2e9, actually) explicitly requires
a tunnel device, making the Linux XFRM IPsec stack unusable with
NetworkManager. The trick I used previously by passing an invalid device
does not work anymore.

The patch below leverages the requirements for a VPN specific device. It works
fine here, but I'm not sure if it is the best way to handle VPN
connections without a networking device.

Best regards
Martin

[1]http://git.strongswan.org/?p=strongswan.git;a=tree;f=src/frontends/gnome

 src/vpn-manager/nm-vpn-connection.c |   19 +++++++------------
 1 files changed, 7 insertions(+), 12 deletions(-)

diff --git a/src/vpn-manager/nm-vpn-connection.c b/src/vpn-manager/nm-vpn-connection.c
index 75ba645..e278266 100644
--- a/src/vpn-manager/nm-vpn-connection.c
+++ b/src/vpn-manager/nm-vpn-connection.c
@@ -419,18 +419,12 @@ nm_vpn_connection_ip4_config_get (DBusGProxy *proxy,
 	config = nm_ip4_config_new ();
 
 	val = (GValue *) g_hash_table_lookup (config_hash, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV);
-	if (val)
+	if (val) {
 		priv->ip_iface = g_strdup (g_value_get_string (val));
-	else {
-		nm_log_err (LOGD_VPN, "invalid or missing tunnel device received!");
-		goto error;
-	}
-
-	/* Grab the interface index for address/routing operations */
-	priv->ip_ifindex = nm_netlink_iface_to_index (priv->ip_iface);
-	if (!priv->ip_ifindex) {
-		nm_log_err (LOGD_VPN, "(%s): failed to look up VPN interface index", priv->ip_iface);
-		goto error;
+		/* Grab the interface index for address/routing operations */
+		priv->ip_ifindex = nm_netlink_iface_to_index (priv->ip_iface);
+		if (!priv->ip_ifindex)
+			nm_log_err (LOGD_VPN, "(%s): failed to look up VPN interface index", priv->ip_iface);
 	}
 
 	addr = nm_ip4_address_new ();
@@ -540,7 +534,8 @@ nm_vpn_connection_ip4_config_get (DBusGProxy *proxy,
 
 	nm_system_iface_set_up (priv->ip_ifindex, TRUE, NULL);
 
-	if (nm_system_apply_ip4_config (priv->ip_ifindex, config, 0, NM_IP4_COMPARE_FLAG_ALL)) {
+	if (priv->ip_ifindex == 0 ||
+		nm_system_apply_ip4_config (priv->ip_ifindex, config, 0, NM_IP4_COMPARE_FLAG_ALL)) {
 		NMDnsManager *dns_mgr;
 
 		/* Add any explicit route to the VPN gateway through the parent device */
-- 
1.7.5.4

Follow-Ups:
- Re: [PATCH] Accept VPN IPv4 configs without a tundevice
  - From: Dan Williams

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]