[PATCH] write CISCO_SPLIT_INC in order
Corey Hickey
bugfood-ml at fatooh.org
Fri Jul 21 17:23:41 PDT 2017
On 2017-07-21 15:33, Daniel Lenski wrote:
> On Fri, Jul 21, 2017 at 10:15 AM, Kevin Cernekee <cernekee at gmail.com> wrote:
>> On Mon, Jul 10, 2017 at 3:44 PM, Corey Hickey <bugfood-ml at fatooh.org> wrote:
>>> The linked list implementation results in routes being queued in
>>> reverse of the order in which they were received. So, when dequeuing
>>> them, write to the buffer backwards.
>>
>> Unfortunately it is not clear to me which parameter you would like to
>> reorder: search domains (from the GitHub bug), split DNS (from the
>> patch), or included routes (from the subject line)?
>>
>> Search domains are sensitive to ordering, so that makes the most sense
>> to me. AIUI routing should use the longest prefix match + metric; and
>> split DNS should not be sensitive to ordering since it is a whitelist.
>
> I believe that search domains are the intended case that needs fixing.
>
> It seems that OpenConnect's current behavior is to send *all of these
> lists* to the vpnc-script in the opposite order from which they are
> sent by the VPN gateway, and that Corey's patch will — if nothing else
> — make script debugging a bit more intuitive by showing them all in
> the same order in which OpenConnect receives them from the server.
The above is correct with regard to my intent, with the addition that
sometimes the order of search domains does matter from an
administrator/user perspective, so my ultimate goal is to correct that.
I wrote about this in a bit more detail here:
https://github.com/dlenski/openconnect/issues/40#issuecomment-313792933
As far as I know, this particular patch is actually a no-op for users
because vpnc-scripts does not actually use CISCO_SPLIT_DNS--but if this
patch gets accepted, I intend to submit a patch for vpnc-scripts as well:
https://github.com/bugfood/vpnc-scripts/commit/19b0357349f3cede6d93245d8373be4ef7239866
Thanks,
Corey
More information about the openconnect-devel
mailing list