| Message ID | 20180523192802.31611-1-a@unstable.cc |
|---|---|
| State | Changes Requested |
| Delegated to: | Gert Doering |
| Headers | show |
| Series | [Openvpn-devel] do not push route-ipv6 entries that are also in the iroute-ipv6 list | expand |
On Mittwoch, 23. Mai 2018 21:28:02 CEST Antonio Quartulli wrote: > - if (o && o->push_list.head && o->iroutes) > + if (o && o->push_list.head && (o->iroutes || o->iroutes_ipv6)) [...] > + else if (p[0] && !strcmp(p[0], "route-ipv6") && !p[2]) I think it would make sense to check for o->iroutes_ipv6 here again, so that the address string parsing only happens if there's v6 iroute(s). And then also add a check for o->iroutes to the "route" if statement above. That might save a few cycles, but no big issue. Besides that: ACK Heiko
Hi, On 27/06/2022 23:52, Heiko Hund wrote: > On Mittwoch, 23. Mai 2018 21:28:02 CEST Antonio Quartulli wrote: >> - if (o && o->push_list.head && o->iroutes) >> + if (o && o->push_list.head && (o->iroutes || o->iroutes_ipv6)) > [...] >> + else if (p[0] && !strcmp(p[0], "route-ipv6") && !p[2]) > > I think it would make sense to check for o->iroutes_ipv6 here again, so that > the address string parsing only happens if there's v6 iroute(s). And then also > add a check for o->iroutes to the "route" if statement above. That might save > a few cycles, but no big issue. Yeah, I think it makes sense. v2 incoming! Cheers, > > Besides that: ACK > > Heiko > > > > > _______________________________________________ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel >
diff --git a/src/openvpn/push.c b/src/openvpn/push.c index 6a30e479..9199e1f0 100644 --- a/src/openvpn/push.c +++ b/src/openvpn/push.c @@ -776,7 +776,7 @@ process_incoming_push_msg(struct context *c, void remove_iroutes_from_push_route_list(struct options *o) { - if (o && o->push_list.head && o->iroutes) + if (o && o->push_list.head && (o->iroutes || o->iroutes_ipv6)) { struct gc_arena gc = gc_new(); struct push_entry *e = o->push_list.head; @@ -816,6 +816,29 @@ remove_iroutes_from_push_route_list(struct options *o) } } } + else if (p[0] && !strcmp(p[0], "route-ipv6") && !p[2]) + { + /* get route parameters */ + struct in6_addr network; + unsigned int netbits; + + /* parse route-ipv6 arguments */ + if (get_ipv6_addr(p[1], &network, &netbits, D_ROUTE_DEBUG)) + { + struct iroute_ipv6 *ir; + + /* does this route-ipv6 match an iroute-ipv6? */ + for (ir = o->iroutes_ipv6; ir != NULL; ir = ir->next) + { + if (!memcmp(&network, &ir->network, sizeof(network)) + && netbits == ir->netbits) + { + enable = false; + break; + } + } + } + } /* should we copy the push item? */ e->enable = enable;
A server should push a route to a client only if there is no matching iroute for the same client. While this logic works fine for IPv4, there is no IPv6 counterpart. Implement the same check for IPv6 routes and discard matching ones from the push list. Trac: #354 Cc: Gert Doering <gert@greenie.muc.de> Signed-off-by: Antonio Quartulli <a@unstable.cc> --- Apparently this patch has been pending in Gert's endless TODO list since a while. I thought it could be nice to help him to get rid of some items :) src/openvpn/push.c | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-)