/**
* signal IPv4 config to NM, set connection as established
*/
static void signal_ipv4_config(NMVPNPlugin *plugin,
ike_sa_t *ike_sa, child_sa_t *child_sa)
{
NMStrongswanPluginPrivate *priv = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin);
GValue *val;
GHashTable *config;
enumerator_t *enumerator;
host_t *me;
nm_handler_t *handler;
config = g_hash_table_new(g_str_hash, g_str_equal);
handler = priv->handler;
/* NM requires a tundev, but netkey does not use one. Passing the physical
* interface does not work, as NM fiddles around with it. So we pass a dummy
* TUN device along for NM to play with... */
val = g_slice_new0 (GValue);
g_value_init (val, G_TYPE_STRING);
g_value_set_string (val, priv->tun->get_name(priv->tun));
g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV, val);
/* NM installs this IP address on the interface above, so we use the VIP if
* we got one.
*/
enumerator = ike_sa->create_virtual_ip_enumerator(ike_sa, TRUE);
if (!enumerator->enumerate(enumerator, &me))
{
me = ike_sa->get_my_host(ike_sa);
}
enumerator->destroy(enumerator);
val = g_slice_new0(GValue);
g_value_init(val, G_TYPE_UINT);
g_value_set_uint(val, *(u_int32_t*)me->get_address(me).ptr);
g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_ADDRESS, val);
val = g_slice_new0(GValue);
g_value_init(val, G_TYPE_UINT);
g_value_set_uint(val, me->get_address(me).len * 8);
g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_PREFIX, val);
/* prevent NM from changing the default route. we set our own route in our
* own routing table
*/
val = g_slice_new0(GValue);
g_value_init(val, G_TYPE_BOOLEAN);
g_value_set_boolean(val, TRUE);
g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_NEVER_DEFAULT, val);
val = handler_to_val(handler, INTERNAL_IP4_DNS);
g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_DNS, val);
val = handler_to_val(handler, INTERNAL_IP4_NBNS);
g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_NBNS, val);
handler->reset(handler);
nm_vpn_plugin_set_ip4_config(plugin, config);
}
/**
* signal IPv4 config to NM, set connection as established
*/
static void signal_ipv4_config(NMVPNPlugin *plugin,
ike_sa_t *ike_sa, child_sa_t *child_sa)
{
NMStrongswanPluginPrivate *priv = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin);
GValue *val;
GHashTable *config;
enumerator_t *enumerator;
host_t *me, *other;
nm_handler_t *handler;
config = g_hash_table_new(g_str_hash, g_str_equal);
handler = priv->handler;
/* NM apparently requires to know the gateway */
val = g_slice_new0 (GValue);
g_value_init (val, G_TYPE_UINT);
other = ike_sa->get_other_host(ike_sa);
g_value_set_uint (val, *(uint32_t*)other->get_address(other).ptr);
g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_EXT_GATEWAY, val);
/* NM installs this IP address on the interface above, so we use the VIP if
* we got one.
*/
enumerator = ike_sa->create_virtual_ip_enumerator(ike_sa, TRUE);
if (!enumerator->enumerate(enumerator, &me))
{
me = ike_sa->get_my_host(ike_sa);
}
enumerator->destroy(enumerator);
val = g_slice_new0(GValue);
g_value_init(val, G_TYPE_UINT);
g_value_set_uint(val, *(uint32_t*)me->get_address(me).ptr);
g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_ADDRESS, val);
val = g_slice_new0(GValue);
g_value_init(val, G_TYPE_UINT);
g_value_set_uint(val, me->get_address(me).len * 8);
g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_PREFIX, val);
/* prevent NM from changing the default route. we set our own route in our
* own routing table
*/
val = g_slice_new0(GValue);
g_value_init(val, G_TYPE_BOOLEAN);
g_value_set_boolean(val, TRUE);
g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_NEVER_DEFAULT, val);
val = handler_to_val(handler, INTERNAL_IP4_DNS);
g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_DNS, val);
val = handler_to_val(handler, INTERNAL_IP4_NBNS);
g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_NBNS, val);
handler->reset(handler);
nm_vpn_plugin_set_ip4_config(plugin, config);
}
/**
* signal failure to NM, connecting failed
*/
static void signal_failure(NMVPNPlugin *plugin, NMVPNPluginFailure failure)
{
nm_handler_t *handler = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin)->handler;
handler->reset(handler);
/* TODO: NM does not handle this failure!? */
nm_vpn_plugin_failure(plugin, failure);
nm_vpn_plugin_set_state(plugin, NM_VPN_SERVICE_STATE_STOPPED);
}
/**
* signal IPv4 config to NM, set connection as established
*/
static void signal_ipv4_config(NMVPNPlugin *plugin,
ike_sa_t *ike_sa, child_sa_t *child_sa)
{
GValue *val;
GHashTable *config;
host_t *me;
nm_handler_t *handler;
config = g_hash_table_new(g_str_hash, g_str_equal);
me = ike_sa->get_my_host(ike_sa);
handler = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin)->handler;
/* NM requires a tundev, but netkey does not use one. Passing the physical
* interface does not work, as NM fiddles around with it. Passing the
* loopback seems to work, though... */
val = g_slice_new0 (GValue);
g_value_init (val, G_TYPE_STRING);
g_value_set_string (val, "lo");
g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV, val);
val = g_slice_new0(GValue);
g_value_init(val, G_TYPE_UINT);
g_value_set_uint(val, *(u_int32_t*)me->get_address(me).ptr);
g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_ADDRESS, val);
val = g_slice_new0(GValue);
g_value_init(val, G_TYPE_UINT);
g_value_set_uint(val, me->get_address(me).len * 8);
g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_PREFIX, val);
val = handler_to_val(handler, INTERNAL_IP4_DNS);
g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_DNS, val);
val = handler_to_val(handler, INTERNAL_IP4_NBNS);
g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_NBNS, val);
handler->reset(handler);
nm_vpn_plugin_set_ip4_config(plugin, config);
}
/**
* signal IPv4 config to NM, set connection as established
*/
static void signal_ipv4_config(NMVPNPlugin *plugin,
ike_sa_t *ike_sa, child_sa_t *child_sa)
{
GValue *val;
GHashTable *config;
host_t *me, *other;
nm_handler_t *handler;
config = g_hash_table_new(g_str_hash, g_str_equal);
me = ike_sa->get_my_host(ike_sa);
other = ike_sa->get_other_host(ike_sa);
handler = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin)->handler;
/* NM requires a tundev, but netkey does not use one. Passing an invalid
* iface makes NM complain, but it accepts it without fiddling on eth0. */
val = g_slice_new0 (GValue);
g_value_init (val, G_TYPE_STRING);
g_value_set_string (val, "none");
g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV, val);
val = g_slice_new0(GValue);
g_value_init(val, G_TYPE_UINT);
g_value_set_uint(val, *(u_int32_t*)me->get_address(me).ptr);
g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_ADDRESS, val);
val = g_slice_new0(GValue);
g_value_init(val, G_TYPE_UINT);
g_value_set_uint(val, me->get_address(me).len * 8);
g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_PREFIX, val);
val = handler_to_val(handler, INTERNAL_IP4_DNS);
g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_DNS, val);
val = handler_to_val(handler, INTERNAL_IP4_NBNS);
g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_NBNS, val);
handler->reset(handler);
nm_vpn_plugin_set_ip4_config(plugin, config);
}
