-
Notifications
You must be signed in to change notification settings - Fork 320
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
set up routes correctly (pull request for #94) #95
Conversation
I just noticed that the comments which I have placed on the individual commits all showed up in a pile above, which didn't make much sense. So I have removed them. So maybe I should just rebase and squash? |
Thanks @mrbaseman, this looks good! Yes it's better to squash and have one commit for one logical change, but I would do it anyway before merging. Most importantly, you need to explain the change in the commit message itself, so it is possible to understand why code changed by looking at the git history. This allows busting bugs more efficiently, avoid mistakes, enable useful About #88: do as you prefer, either include it as a separated commit here or wait for #88 to be merged. |
This issue has been discussed in adrienverge#94 (set up routes correctly when ppp0 interface is already there) as a follow-up for adrienverge#90 which implemented that a new ppp device is used when ppp0 is already there. - in ipv4_set_split_routes: add a host route to the gateway (basically copy&paste code from ipv4_set_default_routes) - in ipv4_set_split_routes: merge in the two fixes for issue adrienverge#25 from adrienverge#88: 1) add the gateway flag to the routes received from the remote side. Without the gateway flag the destination is directly connected (over the vpn tunnel), which is not always the case. There might be more hops behind the remote gateway to reach the network to which this route points. 2) correct the test if the route has already a gateway set or not: -1 casted to an unsigned int would result in UINT_MAX which is 255.255.255.255 in IP notation. Routes without a gateway however carry the gateway IP 0.0.0.0 which is 0 written as uint. - in ipv4_set_default_routes: change the route flag to host instead of gateway for the route to the Fortigate. This is important when the existing default route is over a ppp device, because in that case the gateway flag can not be set on linux. Moreover, the gateway flag is not needed here at all, because the vpn traffic is not routed via this ip as a gateway in the sense of a routing instance. The traffic is sent through the vpn channel and the encrypted packages are sent to the remote IP which can be seen as a single host that unpacks the encrypted traffic afterwards. - in ipv4_restore_routes: remove the host route to the gateway which is now added in gateway mode, and properly free resources
Hi @adrienverge, I have rebased and squashed the pull request and added the above explanations to the commit message. I have also inserted a few comments from #90. I have kept the changes of #88 in this pull request because it is also part of the fix for the routing issues. I have also included my comments from there in the commit message. |
Thanks! |
This is a larger rework of the routing code, here a summary of the changes (for a detailed discussion see in issue #94 ):