You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
138 lines
4.8 KiB
138 lines
4.8 KiB
From 09ee8838162cb6ea097375fb7d8b698566bb1c4d Mon Sep 17 00:00:00 2001
|
|
From: Beniamino Galvani <bgalvani@redhat.com>
|
|
Date: Wed, 10 Jan 2024 09:29:50 +0100
|
|
Subject: [PATCH 2/5] service: use new API to send configuration to NM
|
|
|
|
Instead of emitting the "Ip4Config" signal that contains both generic
|
|
and IPv4 configurations, use the more recent API and send two signals:
|
|
"Config" for the generic configuration and "Ip4Config" for IPv4
|
|
configuration.
|
|
|
|
In this way, it will be possible in the next commit to return no IPv4
|
|
configuration at all.
|
|
---
|
|
src/nm-libreswan-service.c | 61 +++++++++++++++++++++++++-------------
|
|
1 file changed, 40 insertions(+), 21 deletions(-)
|
|
|
|
diff --git a/src/nm-libreswan-service.c b/src/nm-libreswan-service.c
|
|
index 874f767..2aca78f 100644
|
|
--- a/src/nm-libreswan-service.c
|
|
+++ b/src/nm-libreswan-service.c
|
|
@@ -1270,16 +1270,14 @@ handle_callback (NMDBusLibreswanHelper *object,
|
|
goto out;
|
|
}
|
|
|
|
+ /* First build and send the generic config */
|
|
g_variant_builder_init (&config, G_VARIANT_TYPE_VARDICT);
|
|
|
|
- /* Right peer (or Gateway) */
|
|
- val = addr4_to_gvariant (lookup_string (env, "PLUTO_PEER"));
|
|
- if (val)
|
|
- g_variant_builder_add (&config, "{sv}", NM_VPN_PLUGIN_IP4_CONFIG_GATEWAY, val);
|
|
- else {
|
|
- _LOGW ("IPsec/Pluto Right Peer (VPN Gateway)");
|
|
- goto out;
|
|
- }
|
|
+ /*
|
|
+ * Enabled address families
|
|
+ */
|
|
+ g_variant_builder_add (&config, "{sv}", NM_VPN_PLUGIN_CONFIG_HAS_IP4, g_variant_new_boolean (TRUE));
|
|
+ g_variant_builder_add (&config, "{sv}", NM_VPN_PLUGIN_CONFIG_HAS_IP6, g_variant_new_boolean (FALSE));
|
|
|
|
/*
|
|
* Tunnel device
|
|
@@ -1290,15 +1288,43 @@ handle_callback (NMDBusLibreswanHelper *object,
|
|
} else {
|
|
val = g_variant_new_string (NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV_NONE);
|
|
}
|
|
+ g_variant_builder_add (&config, "{sv}", NM_VPN_PLUGIN_CONFIG_TUNDEV, val);
|
|
+
|
|
+ /* Banner */
|
|
+ val = str_to_gvariant (lookup_string (env, "PLUTO_PEER_BANNER"), TRUE);
|
|
+ if (val)
|
|
+ g_variant_builder_add (&config, "{sv}", NM_VPN_PLUGIN_CONFIG_BANNER, val);
|
|
+
|
|
+ /* Right peer (or Gateway) */
|
|
+ val = addr4_to_gvariant (lookup_string (env, "PLUTO_PEER"));
|
|
+ if (val)
|
|
+ g_variant_builder_add (&config, "{sv}", NM_VPN_PLUGIN_CONFIG_EXT_GATEWAY, val);
|
|
+ else {
|
|
+ _LOGW ("IPsec/Pluto Right Peer (VPN Gateway) is missing");
|
|
+ goto out;
|
|
+ }
|
|
+
|
|
+ nm_vpn_service_plugin_set_config (NM_VPN_SERVICE_PLUGIN (user_data),
|
|
+ g_variant_builder_end (&config));
|
|
|
|
- g_variant_builder_add (&config, "{sv}", NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV, val);
|
|
+ /* Then build and send the IPv4 config */
|
|
+ g_variant_builder_init (&config, G_VARIANT_TYPE_VARDICT);
|
|
+
|
|
+ /* Right peer (or Gateway) */
|
|
+ val = addr4_to_gvariant (lookup_string (env, "PLUTO_PEER"));
|
|
+ if (val)
|
|
+ g_variant_builder_add (&config, "{sv}", NM_VPN_PLUGIN_IP4_CONFIG_GATEWAY, val);
|
|
+ else {
|
|
+ _LOGW ("IPsec/Pluto Right Peer (VPN Gateway) is missing");
|
|
+ goto out;
|
|
+ }
|
|
|
|
/* IP address */
|
|
val = addr4_to_gvariant (lookup_string (env, "PLUTO_MY_SOURCEIP"));
|
|
if (val)
|
|
g_variant_builder_add (&config, "{sv}", NM_VPN_PLUGIN_IP4_CONFIG_ADDRESS, val);
|
|
else {
|
|
- _LOGW ("IP4 Address");
|
|
+ _LOGW ("IP4 Address is missing");
|
|
goto out;
|
|
}
|
|
|
|
@@ -1307,7 +1333,7 @@ handle_callback (NMDBusLibreswanHelper *object,
|
|
if (val)
|
|
g_variant_builder_add (&config, "{sv}", NM_VPN_PLUGIN_IP4_CONFIG_PTP, val);
|
|
else {
|
|
- _LOGW ("IP4 PTP Address");
|
|
+ _LOGW ("IP4 PTP Address is missing");
|
|
goto out;
|
|
}
|
|
|
|
@@ -1324,7 +1350,6 @@ handle_callback (NMDBusLibreswanHelper *object,
|
|
if (val)
|
|
g_variant_builder_add (&config, "{sv}", NM_VPN_PLUGIN_IP4_CONFIG_DNS, val);
|
|
|
|
-
|
|
/* Default domain */
|
|
val = str_to_gvariant (lookup_string (env, "PLUTO_CISCO_DOMAIN_INFO"), TRUE);
|
|
if (!val) {
|
|
@@ -1334,11 +1359,6 @@ handle_callback (NMDBusLibreswanHelper *object,
|
|
if (val)
|
|
g_variant_builder_add (&config, "{sv}", NM_VPN_PLUGIN_IP4_CONFIG_DOMAIN, val);
|
|
|
|
- /* Banner */
|
|
- val = str_to_gvariant (lookup_string (env, "PLUTO_PEER_BANNER"), TRUE);
|
|
- if (val)
|
|
- g_variant_builder_add (&config, "{sv}", NM_VPN_PLUGIN_IP4_CONFIG_BANNER, val);
|
|
-
|
|
/* Indicates whether the VPN is using a XFRM interface (via option ipsec-interface=) */
|
|
is_xfrmi = nm_streq0 (lookup_string (env, "PLUTO_XFRMI_ROUTE"), "yes");
|
|
|
|
@@ -1369,12 +1389,11 @@ handle_callback (NMDBusLibreswanHelper *object,
|
|
g_variant_builder_add (&config, "{sv}", NM_VPN_PLUGIN_IP4_CONFIG_NEVER_DEFAULT, g_variant_new_boolean (TRUE));
|
|
|
|
success = TRUE;
|
|
+ nm_vpn_service_plugin_set_ip4_config (NM_VPN_SERVICE_PLUGIN (user_data),
|
|
+ g_variant_builder_end (&config));
|
|
|
|
out:
|
|
- if (success) {
|
|
- nm_vpn_service_plugin_set_ip4_config (NM_VPN_SERVICE_PLUGIN (user_data),
|
|
- g_variant_builder_end (&config));
|
|
- } else {
|
|
+ if (!success) {
|
|
connect_failed (NM_LIBRESWAN_PLUGIN (user_data), NULL,
|
|
NM_VPN_PLUGIN_FAILURE_CONNECT_FAILED);
|
|
}
|
|
--
|
|
2.43.0
|
|
|