static int gpst_parse_config_xml(struct openconnect_info *vpninfo, xmlNode *xml_node, void *cb_data)
{
xmlNode *member;
- char *s = NULL, *deferred_netmask = NULL;
- struct oc_split_include *inc;
- int split_route_is_default_route = 0;
int n_dns = 0, esp_keys = 0, esp_v4 = 0, esp_v6 = 0;
int ret = 0;
+ char *s = NULL;
int ii;
uint32_t esp_magic = 0;
else if (!xmlnode_get_val(xml_node, "ip-address-v6", &s)) {
if (!vpninfo->disable_ipv6)
new_ip_info.addr6 = add_option_steal(&new_opts, "ipaddr6", &s);
- } else if (!xmlnode_get_val(xml_node, "netmask", &deferred_netmask)) {
- /* XX: GlobalProtect servers always (almost always?) send 255.255.255.255 as their netmask
- * (a /32 host route), and if they want to include an actual default route (0.0.0.0/0)
- * they instead put it under <access-routes/>. We defer saving the netmask until later.
- */
+ } else if (!xmlnode_get_val(xml_node, "netmask", &s)) {
+ new_ip_info.netmask = add_option_steal(&new_opts, "netmask", &s);
} else if (!xmlnode_get_val(xml_node, "mtu", &s))
new_ip_info.mtu = atoi(s);
else if (!xmlnode_get_val(xml_node, "lifetime", &s))
xmlnode_is_named(xml_node, "access-routes") || xmlnode_is_named(xml_node, "exclude-access-routes")) {
for (member = xml_node->children; member; member=member->next) {
if (!xmlnode_get_val(member, "member", &s)) {
- int is_inc = (xml_node->name[0] == 'a');
-
- /* XX: if this is a default Legacy IP route jammed into the split-include
- * routes, just mark it for now.
- */
- if (is_inc && !strcmp(s, "0.0.0.0/0")) {
- split_route_is_default_route = 1;
- continue;
- }
-
- inc = malloc(sizeof(*inc));
+ struct oc_split_include *inc = malloc(sizeof(*inc));
if (!inc) {
ret = -ENOMEM;
goto err;
}
- if (is_inc) {
+ if (xmlnode_is_named(xml_node, "access-routes")) {
inc->route = add_option_steal(&new_opts, "split-include", &s);
inc->next = new_ip_info.split_includes;
new_ip_info.split_includes = inc;
}
}
- /* Fix the issue of a 0.0.0.0/0 "split"-include route by swapping the "split" route with the default netmask. */
- if (split_route_is_default_route) {
- char *original_netmask = deferred_netmask;
-
- if ((deferred_netmask = strdup("0.0.0.0")) == NULL)
- return -ENOMEM;
-
- /* If the original netmask wasn't /32, add it as a split route */
- if (new_ip_info.addr && original_netmask) {
- uint32_t nm_bits = inet_addr(original_netmask);
- if (nm_bits != 0xffffffff) { /* 255.255.255.255 */
- struct in_addr net_addr;
- inet_aton(new_ip_info.addr, &net_addr);
- net_addr.s_addr &= nm_bits; /* clear host bits */
-
- char abuf[INET_ADDRSTRLEN];
- if ((inc = malloc(sizeof(*inc))) == NULL ||
- asprintf(&s, "%s/%s", inet_ntop(AF_INET, &net_addr, abuf, sizeof(abuf)), original_netmask) <= 0)
- return -ENOMEM;
- inc->route = add_option_steal(&new_opts, "split-include", &s);
- inc->next = new_ip_info.split_includes;
- new_ip_info.split_includes = inc;
- }
- }
- free(original_netmask);
- }
- if (deferred_netmask)
- new_ip_info.netmask = add_option_steal(&new_opts, "netmask", &deferred_netmask);
-
/* Set 10-second DPD/keepalive (same as Windows client) unless
* overridden with --force-dpd */
if (!vpninfo->ssl_times.dpd)
projects / users / dwmw2 / openconnect.git / commitdiff