Handle default Legacy IP route specified as a "split"-include route for oNCP or Pulse (!198) · Merge requests · OpenConnect VPN projects / OpenConnect

Daniel Lenski requested to merge oNCP_allow_default_route_as_split_route into master May 20, 2021

This addresses #245. In the case presented there, the oNCP/Pulse server sends a Legacy IP netmask ("default route") of 255.255.255.255, and a "split"-include route of 0.0.0.0/0.0.0.0:

Received split include route 0.0.0.0/0.0.0.0
Received netmask 255.255.255.255

Ever since support for oNCP split-includes was originally added in ee445d90, we've ignored 0.0.0.0/0.0.0.0 as a split-include route (but printed it in the debug log, which is very confusing).

First, this MR fixes the issue of ignoring this route entirely. Secondly, it modifies oNCP and Pulse to handle such cases exactly as we do for GlobalProtect, as of !118 (merged). That is:

replace the original netmask with the /0.0.0.0 sent as a "split"-include
remove that /0.0.0.0 from the list of split-includes
add the original netmask as a split-include unless it was 255.255.255.255 (in which case it's unnecessary)

The function finalize_netmask_fixing_default_route_as_split() is factored out in gpst.c, and made an internal global function, so that the mechanism to do this can be shared across protocols.

Edited May 20, 2021 by Daniel Lenski

Admin message

Handle default Legacy IP route specified as a "split"-include route for oNCP or Pulse

Merge request reports