diff options
| author | Thomas Haller <thaller@redhat.com> | 2014-11-13 14:55:47 +0100 |
|---|---|---|
| committer | Thomas Haller <thaller@redhat.com> | 2014-11-14 16:14:35 +0100 |
| commit | c2a6f368a4eb40370cd83f83adcdb0d989edee96 (patch) | |
| tree | 6b62010a1e4f837524d0a03b855504d9bf6f60af | |
| parent | a43c8d7aab68120c0ca0123ae98e33358429cadd (diff) | |
| download | NetworkManager-c2a6f368a4eb40370cd83f83adcdb0d989edee96.tar.gz | |
firewall: don't set firewall zone for assumed devices
https://bugzilla.redhat.com/show_bug.cgi?id=1098281
Signed-off-by: Thomas Haller <thaller@redhat.com>
| -rw-r--r-- | src/devices/nm-device.c | 29 | ||||
| -rw-r--r-- | src/nm-policy.c | 6 |
2 files changed, 32 insertions, 3 deletions
diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c index b3944372db..85f0bf0402 100644 --- a/src/devices/nm-device.c +++ b/src/devices/nm-device.c @@ -259,6 +259,7 @@ typedef struct { gulong dnsmasq_state_id; /* Firewall */ + guint fw_call_idle; NMFirewallPendingCall fw_call; /* avahi-autoipd stuff */ @@ -4546,6 +4547,18 @@ fw_change_zone_cb (GError *error, gpointer user_data) _LOGI (LOGD_DEVICE, "Activation: Stage 3 of 5 (IP Configure Start) scheduled."); } +static gboolean +fw_change_zone_idle_cb (gpointer user_data) +{ + NMDevice *self = NM_DEVICE (user_data); + + NM_DEVICE_GET_PRIVATE (self)->fw_call_idle = 0; + + activation_source_schedule (self, nm_device_activate_stage3_ip_config_start, 0); + _LOGI (LOGD_DEVICE, "Activation: Stage 3 of 5 (IP Configure Start) scheduled."); + return G_SOURCE_REMOVE; +} + /* * nm_device_activate_schedule_stage3_ip_config_start * @@ -4565,6 +4578,7 @@ nm_device_activate_schedule_stage3_ip_config_start (NMDevice *self) g_return_if_fail (priv->act_request); g_return_if_fail (!priv->fw_call); + g_return_if_fail (!priv->fw_call_idle); /* Add the interface to the specified firewall zone */ connection = nm_device_get_connection (self); @@ -4572,6 +4586,13 @@ nm_device_activate_schedule_stage3_ip_config_start (NMDevice *self) s_con = nm_connection_get_setting_connection (connection); zone = nm_setting_connection_get_zone (s_con); + + if (nm_device_uses_assumed_connection (self)) { + _LOGD (LOGD_DEVICE, "Activation: skip setting firewall zone '%s' for assumed device", zone ? zone : "default"); + priv->fw_call_idle = g_idle_add (fw_change_zone_idle_cb, self); + return; + } + _LOGD (LOGD_DEVICE, "Activation: setting firewall zone '%s'", zone ? zone : "default"); priv->fw_call = nm_firewall_manager_add_or_change_zone (nm_firewall_manager_get (), nm_device_get_ip_iface (self), @@ -6867,9 +6888,15 @@ _cleanup_generic_pre (NMDevice *self, gboolean deconfigure) nm_firewall_manager_cancel_call (nm_firewall_manager_get (), priv->fw_call); priv->fw_call = NULL; } + if (priv->fw_call_idle) { + g_source_remove (priv->fw_call_idle); + priv->fw_call_idle = 0; + } connection = nm_device_get_connection (self); - if (deconfigure && connection) { + if ( deconfigure + && connection + && !nm_device_uses_assumed_connection (self)) { nm_firewall_manager_remove_from_zone (nm_firewall_manager_get (), nm_device_get_ip_iface (self), NULL); diff --git a/src/nm-policy.c b/src/nm-policy.c index 963be3099b..ec11e17895 100644 --- a/src/nm-policy.c +++ b/src/nm-policy.c @@ -1575,7 +1575,8 @@ firewall_update_zone (NMPolicy *policy, NMConnection *connection) NMDevice *dev = NM_DEVICE (iter->data); if ( (nm_device_get_connection (dev) == connection) - && (nm_device_get_state (dev) == NM_DEVICE_STATE_ACTIVATED)) { + && (nm_device_get_state (dev) == NM_DEVICE_STATE_ACTIVATED) + && !nm_device_uses_assumed_connection (dev)) { nm_firewall_manager_add_or_change_zone (nm_firewall_manager_get (), nm_device_get_ip_iface (dev), nm_setting_connection_get_zone (s_con), @@ -1605,7 +1606,8 @@ firewall_started (NMFirewallManager *manager, continue; s_con = nm_connection_get_setting_connection (connection); - if (nm_device_get_state (dev) == NM_DEVICE_STATE_ACTIVATED) { + if ( nm_device_get_state (dev) == NM_DEVICE_STATE_ACTIVATED + && !nm_device_uses_assumed_connection (dev)) { nm_firewall_manager_add_or_change_zone (nm_firewall_manager_get (), nm_device_get_ip_iface (dev), nm_setting_connection_get_zone (s_con), |