ims-volte-vowifi
/
strongswan-epdg
9
0
Fork 0
Code Pull Requests Releases Activity

charon-nm: Allow configurable remote traffic selectors 

This change allows to customize the previously hard-coded remote traffic
selectors.

This does not actually write the newly added "remote-ts" configuration option
into NetworkManager's configuration file, but will use an existing value.
Exposing the config setting in the GUI could be done later if this is a
desired change.

Use case:  remote firewall appliance wrongly accepts the `0.0.0.0/0` TS but
does not actually route external traffic, leaving the user with a partially
working internet connection.

Closes strongswan/strongswan#173.
This commit is contained in:
Thomas 2020-05-24 13:54:31 +02:00 committed by Tobias Brunner
parent 3a54206c08
commit 04db34a3a7
1 changed files with 28 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
src/charon-nm/nm/nm_service.c
View File

@ -839,10 +839,34 @@ static gboolean connect_(NMVpnServicePlugin *plugin, NMConnection *connection,
}
ts = traffic_selector_create_dynamic(0, 0, 65535);
child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
ts = traffic_selector_create_from_cidr("0.0.0.0/0", 0, 0, 65535);
child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
ts = traffic_selector_create_from_cidr("::/0", 0, 0, 65535);
child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
str = nm_setting_vpn_get_data_item(vpn, "remote-ts");
if (str && strlen(str))
{
enumerator = enumerator_create_token(str, ";", "");
while (enumerator->enumerate(enumerator, &str))
{
ts = traffic_selector_create_from_cidr((char*)str, 0, 0, 65535);
if (!ts)
{
g_set_error(err, NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED,
"Invalid remote traffic selector.");
enumerator->destroy(enumerator);
child_cfg->destroy(child_cfg);
peer_cfg->destroy(peer_cfg);
return FALSE;
}
child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
}
enumerator->destroy(enumerator);
}
else
{
ts = traffic_selector_create_from_cidr("0.0.0.0/0", 0, 0, 65535);
child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
ts = traffic_selector_create_from_cidr("::/0", 0, 0, 65535);
child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
}
peer_cfg->add_child_cfg(peer_cfg, child_cfg);
/**