diff options
| author | Thomas Haller <thaller@redhat.com> | 2014-11-19 20:54:37 +0100 |
|---|---|---|
| committer | Thomas Haller <thaller@redhat.com> | 2014-11-19 22:55:33 +0100 |
| commit | a0f81f266bac2a65385ef0b252c461ac152e85b9 (patch) | |
| tree | deca8cdcc8eb37c2fe28fc8d179841d08447a33f | |
| parent | 308a5e7953c74869ab385338a4a3d0500811c1a5 (diff) | |
| download | NetworkManager-a0f81f266bac2a65385ef0b252c461ac152e85b9.tar.gz | |
policy: enforce absence of default route on never-default VPN connections
Signed-off-by: Thomas Haller <thaller@redhat.com>
| -rw-r--r-- | src/nm-default-route-manager.c | 20 |
1 files changed, 4 insertions, 16 deletions
diff --git a/src/nm-default-route-manager.c b/src/nm-default-route-manager.c index c006cff4df..4dec5853dd 100644 --- a/src/nm-default-route-manager.c +++ b/src/nm-default-route-manager.c @@ -119,14 +119,10 @@ typedef struct { * (synced && never_default) entires the absence of the default route * is enforced. NMDefaultRouteManager will actively remove any default * route on such ifindexes. - * This combination makes only sense for device sources. + * Also, for VPN sources in addition we track them so that a never-default + * VPN connection can be choosen by get_best_config() to receive the DNS configuration. * - * (!synced && never_default): this combination makes only sense for VPN sources. - * If a VPN gets no default route, we still track it so that we can choose - * it for DNS configuration. - * Effectively, we ignore any default routes on such ifindexes and don't configure - * them ourselfes. The VPN is tracked with its configured priority (regardless - * of whether any default routes are actually present on the interface). + * (!synced && never_default): this combination makes no sense. */ gboolean synced; gboolean never_default; @@ -302,10 +298,6 @@ _platform_route_sync_flush (const VTableIP *vtable, NMDefaultRouteManager *self, for (j = 0; j < entries->len; j++) { Entry *e = g_ptr_array_index (entries, j); - if ( e->never_default - && !NM_IS_DEVICE (e->source.object)) - continue; - if ( e->route.rx.ifindex == route->ifindex && e->synced) { has_ifindex_synced = TRUE; @@ -400,10 +392,6 @@ _get_assumed_interface_metrics (const VTableIP *vtable, NMDefaultRouteManager *s for (j = 0; j < entries->len; j++) { Entry *e = g_ptr_array_index (entries, j); - if ( e->never_default - && !NM_IS_DEVICE (e->source.object)) - continue; - if ( e->synced && e->route.rx.ifindex == route->ifindex) { ifindex_has_synced_entry = TRUE; @@ -765,7 +753,7 @@ _ipx_update_default_route (const VTableIP *vtable, NMDefaultRouteManager *self, } } } - synced = default_route && !never_default; + synced = TRUE; } } g_assert (!default_route || default_route->plen == 0); |