diff mbox series

[Openvpn-devel,v11] Automatically enable ifconfig-exec/route-exec behaviour for afunix tun/tap

Message ID 20240924131437.22294-1-gert@greenie.muc.de
State Accepted
Headers show
Series [Openvpn-devel,v11] Automatically enable ifconfig-exec/route-exec behaviour for afunix tun/tap | expand

Commit Message

Gert Doering Sept. 24, 2024, 1:14 p.m. UTC 
From: Arne Schwabe <arne@rfc2549.org>

Change-Id: I0a2957699757665d70514ba7cafe833443018ad6
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/750
This mail reflects revision 11 of this Change.

Acked-by according to Gerrit (reflected above):
Gert Doering <gert@greenie.muc.de>

Comments

Gert Doering Sept. 24, 2024, 1:27 p.m. UTC | #1 
This is basically just a convenience, to avoid having to explicitly add
--ifconfig-noexec --route-noexec to the options whenever using --dev null
or --dev-node af_unix: ("because there is no device to be configured"),
and as such does not change anything for all other cases.

Your patch has been applied to the master branch.

commit 5c4a0b71abecf1ccfff4c2ddadf0db9818b40f36
Author: Arne Schwabe
Date:   Tue Sep 24 15:14:37 2024 +0200

     Automatically enable ifconfig-exec/route-exec behaviour for afunix tun/tap

     Signed-off-by: Arne Schwabe <arne@rfc2549.org>
     Acked-by: Gert Doering <gert@greenie.muc.de>
     Message-Id: <20240924131437.22294-1-gert@greenie.muc.de>
     URL: https://www.mail-archive.com/search?l=mid&q=20240924131437.22294-1-gert@greenie.muc.de
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering
diff mbox series

Patch

diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index cd9203a..876edad 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -1679,6 +1679,18 @@ 
 #endif /* ifdef ENABLE_MANAGEMENT */
 }
 
+/**
+ * Determine if external route commands should be executed based on
+ * configured options and backend driver
+ */
+static bool
+route_noexec_enabled(const struct options *o, const struct tuntap *tt)
+{
+    return o->route_noexec
+           || (tt && tt->backend_driver == DRIVER_AFUNIX)
+           || (tt && tt->backend_driver == DRIVER_NULL);
+}
+
 /*
  * Possibly add routes and/or call route-up script
  * based on options.
@@ -1693,7 +1705,7 @@ 
          openvpn_net_ctx_t *ctx)
 {
     bool ret = true;
-    if (!options->route_noexec && ( route_list || route_ipv6_list ) )
+    if (!route_noexec_enabled(options, tt) && ( route_list || route_ipv6_list ) )
     {
         ret = add_routes(route_list, route_ipv6_list, tt, ROUTE_OPTION_FLAGS(options),
                          es, ctx);
@@ -1858,6 +1870,19 @@ 
 #endif
 }
 
+/**
+ * Determines if ifconfig execution should be disabled because of a
+ * @param c
+ * @return
+ */
+static bool
+ifconfig_noexec_enabled(const struct context *c)
+{
+    return c->options.ifconfig_noexec
+           || (c->c1.tuntap && c->c1.tuntap->backend_driver == DRIVER_AFUNIX)
+           || (c->c1.tuntap && c->c1.tuntap->backend_driver == DRIVER_NULL);
+}
+
 static void
 open_tun_backend(struct context *c)
 {
@@ -1937,7 +1962,7 @@ 
         }
 
         /* do ifconfig */
-        if (!c->options.ifconfig_noexec
+        if (!ifconfig_noexec_enabled(c)
             && ifconfig_order(c->c1.tuntap) == IFCONFIG_BEFORE_TUN_OPEN)
         {
             /* guess actual tun/tap unit number that will be returned
@@ -1978,7 +2003,7 @@ 
         }
 
         /* do ifconfig */
-        if (!c->options.ifconfig_noexec
+        if (!ifconfig_noexec_enabled(c)
             && ifconfig_order(c->c1.tuntap) == IFCONFIG_AFTER_TUN_OPEN)
         {
             do_ifconfig(c->c1.tuntap, c->c1.tuntap->actual_name,
@@ -2061,7 +2086,7 @@ 
 
     if (c->c1.tuntap)
     {
-        if (!c->options.ifconfig_noexec)
+        if (!ifconfig_noexec_enabled(c))
         {
             undo_ifconfig(c->c1.tuntap, &c->net_ctx);
         }
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 206ddc0..85fe01a 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -1744,7 +1744,7 @@ 
 void
 undo_ifconfig(struct tuntap *tt, openvpn_net_ctx_t *ctx)
 {
-    if (tt->backend_driver != DRIVER_NULL)
+    if (tt->backend_driver != DRIVER_NULL && tt->backend_driver != DRIVER_AFUNIX)
     {
         if (tt->did_ifconfig_setup)
         {