From patchwork Tue Jul 29 10:40:50 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4338 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:b86:b0:671:5a2c:6455 with SMTP id mw6csp103352mab; Tue, 29 Jul 2025 03:41:15 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVRQ+d//qc6Qr5L7mVTP//dHUvpy1p2sBA3dIc+EU2fRDH31s5J0fRCdQBVl1XZmI7ou+mZzzVfiBs=@openvpn.net X-Google-Smtp-Source: AGHT+IFtbrYVWnsVNKEGhoyYQmrRRyOGwNTatA0UOJU0xOxiuyPQxW9buBAkDrSfe18PimNwUnzL X-Received: by 2002:a05:6871:9f24:b0:2ff:a7a8:faea with SMTP id 586e51a60fabf-307015eb837mr9437964fac.0.1753785674845; Tue, 29 Jul 2025 03:41:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1753785674; cv=none; d=google.com; s=arc-20240605; b=e3JnvBwSW5RePSs88SbsPzg/jfLT/fyKKkPzZDQhp/yFeduV1NjEmfAou0wNoa2Hzf Ek5zX4lSdq9paH/OIVAZhqITtC5nx8eAG0+KK4xfOGvZYZwsQrAbDhSh97Pm5huJU0Up KICqEDrn7cI/+6pGyuqE2WJkf2gbTyxTcV3/uDy5ZXPBHfLRFUenACgNYO4HoNr6EtAO dGmHRlzgNMk46FqzkZ0p8OMR57AqyPShnxKc1ClOgpDMyZ7G8xWMBi5VN7bxxqWXd71F z7bTwFpoZrRyCNfNTHPByfnNM9y9eu2afhsq3OjC+PTDgWdPz5tzupcINoa7oZzTzFmR LlKQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=afLZmW/L3hPORoysSWRv7JPU1Rp8mXMut30pGaTM5Ms=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=HY+pWpR4foT/14FqhT6dsj03BLjKL8J02S9DVi8NbeinEFai8V+IBTXU6x8L2A1c/2 5giUXNVWUtnrvUsPUlFDBVWeSmvqD7OGYjPuE4j8YsM0h6oOPTAKW/ZgWF/vMd0+L85a N9D0pku6kqQ653LOIt1RWImTW0KUGLW5mUfXItRzOEgUCjq0QKZ5itVfD1hwLKIGqJc+ /g/IuG+dhIMBsdSElMHCSgWU0E8hUxQZ5Hc5ZQYCJiN0yPeACbM49c1wnJjNk3F6EgP8 MbE+mcAGlBJX8zMW7ibmSvAEERFrDIn89drMv2LDql9iau01b75a1Mg9xNwrBVyXKIso Uy1g==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=LVtd44Vp; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=Bz0kFime; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=ZJJrlv7j; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 46e09a7af769-7414831303fsi3148900a34.267.2025.07.29.03.41.14 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 29 Jul 2025 03:41:14 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=LVtd44Vp; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=Bz0kFime; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=ZJJrlv7j; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=afLZmW/L3hPORoysSWRv7JPU1Rp8mXMut30pGaTM5Ms=; b=LVtd44VpCyj6tHxwLS2tnKmhHL l3CuKn8Sf3bes+r1RJ7VpaUGkz8fDZ0jjTNGyPKazyRit8M2iNRPt7VNMDfYEFwovVJlpaBpTA5Y1 Mm1vE+w/2LAqYXMH0UDFusKHbikD7aI3w6VLfodDSUFDD4AJyUZF791aEMSqv3gZf7Og=; Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1ughlg-0005yB-62; Tue, 29 Jul 2025 10:41:12 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1ughle-0005y2-1y for openvpn-devel@lists.sourceforge.net; Tue, 29 Jul 2025 10:41:10 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=yunkcjsYe0CilXW+nQ2qc2LJKnqhEJjwd5xtbe1EnlM=; b=Bz0kFimeQfPbGSK7WVGv87uAYK AQ+9pdSS25xu8xFgc3jemaxEiiyidDaIN/kkwsLZUMgkY8aCmy+vcLulGzqifnIl1V/3hXERpZiCb bp309zSXRhH+u4ivuGDXim7ed6ezfHL8vVgHftplLztVgxcVFh8YOV57GS087FNFmOls=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=yunkcjsYe0CilXW+nQ2qc2LJKnqhEJjwd5xtbe1EnlM=; b=ZJJrlv7j7RS66YGEhQqwf83EWm 0wmcev54ii21iWxyLBpsNu++nKWCZlacsp4jjXxuQfRErvIwV3d+e0AqLuNvN7qi8ifUvlzNIRdvH FiaSfi+BadGNoTd6BuWbxSkRglg3VRYlZL49FSA/KzPumecYRBl0cuDVSPjaNAl+BoB4=; Received: from [193.149.48.143] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1ughlc-0003Zk-DQ for openvpn-devel@lists.sourceforge.net; Tue, 29 Jul 2025 10:41:09 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 56TAeulg027681 for ; Tue, 29 Jul 2025 12:40:56 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 56TAeukS027680 for openvpn-devel@lists.sourceforge.net; Tue, 29 Jul 2025 12:40:56 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Tue, 29 Jul 2025 12:40:50 +0200 Message-ID: <20250729104056.27634-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Marco Baffo * Added remove_option() function and some utility functions to remove options at runtime following the push-update logic. * Added do_update() function to close and reopen the tun and apply option upda [...] Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1ughlc-0003Zk-DQ Subject: [Openvpn-devel] [PATCH v23] PUSH_UPDATE: Added remove_option() and do_update(). X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1838977568219332677?= X-GMAIL-MSGID: =?utf-8?q?1838977568219332677?= From: Marco Baffo * Added remove_option() function and some utility functions to remove options at runtime following the push-update logic. * Added do_update() function to close and reopen the tun and apply option updates. Change-Id: I507180d7397b6959844a30908010132bc3411067 Signed-off-by: Marco Baffo Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/809 This mail reflects revision 23 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/src/openvpn/init.c b/src/openvpn/init.c index ba1dda4..3254cc6 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -2470,7 +2470,7 @@ if (pulled_options) { - if (!do_deferred_options(c, option_types_found)) + if (!do_deferred_options(c, option_types_found, false)) { msg(D_PUSH_ERRORS, "ERROR: Failed to apply push options"); return false; @@ -2594,6 +2594,55 @@ return true; } +bool +do_update(struct context *c, unsigned int option_types_found) +{ + /* Not necessary since to receive the update the openvpn + * instance must be up and running but just in case + */ + if (!c->c2.do_up_ran) + { + return false; + } + + bool tt_dco_win = tuntap_is_dco_win(c->c1.tuntap); + if (tt_dco_win) + { + msg(M_NONFATAL, "dco-win doesn't yet support reopening TUN device"); + return false; + } + + if (!do_deferred_options(c, option_types_found, true)) + { + msg(D_PUSH_ERRORS, "ERROR: Failed to apply push options"); + return false; + } + + do_close_tun(c, true); + + management_sleep(1); + int error_flags = 0; + c->c2.did_open_tun = do_open_tun(c, &error_flags); + update_time(); + + if (c->c2.did_open_tun) + { + /* if --route-delay was specified, start timer */ + if ((route_order(c->c1.tuntap) == ROUTE_AFTER_TUN) && c->options.route_delay_defined) + { + event_timeout_init(&c->c2.route_wakeup, c->options.route_delay, now); + event_timeout_init(&c->c2.route_wakeup_expire, c->options.route_delay + c->options.route_delay_window, now); + tun_standby_init(c->c1.tuntap); + } + + initialization_sequence_completed(c, error_flags); + } + + CLEAR(c->c1.pulled_options_digest_save); + + return true; +} + /* * These are the option categories which will be accepted by pull. */ @@ -2672,11 +2721,8 @@ return true; } -/* - * Handle non-tun-related pulled options. - */ bool -do_deferred_options(struct context *c, const unsigned int found) +do_deferred_options(struct context *c, const unsigned int found, const bool is_update) { if (found & OPT_P_MESSAGES) { @@ -2784,7 +2830,10 @@ /* process (potentially) pushed options */ if (c->options.pull) { - if (!check_pull_client_ncp(c, found)) + /* On PUSH_UPDATE, NCP related flags are never updated, and so the code + * would assume "no cipher pushed = NCP failed" - so, don't call it on + * updates */ + if (!is_update && !check_pull_client_ncp(c, found)) { return false; } diff --git a/src/openvpn/init.h b/src/openvpn/init.h index 5c6b9c1..25078a6 100644 --- a/src/openvpn/init.h +++ b/src/openvpn/init.h @@ -86,13 +86,29 @@ bool pulled_options, unsigned int option_types_found); +/** + * @brief A simplified version of the do_up() function. This function is called + * after receiving a successful PUSH_UPDATE message. It closes and reopens + * the TUN device to apply the updated options. + * + * @param c The context structure. + * @param option_types_found The options found in the PUSH_UPDATE message. + * @return true on success. + * @return false on error. + */ +bool do_update(struct context *c, unsigned int option_types_found); + unsigned int pull_permission_mask(const struct context *c); const char *format_common_name(struct context *c, struct gc_arena *gc); void reset_coarse_timers(struct context *c); -bool do_deferred_options(struct context *c, const unsigned int found); +/* + * Handle non-tun-related pulled options. + * Set `is_update` param to true to skip NCP check. + */ +bool do_deferred_options(struct context *c, const unsigned int found, const bool is_update); void inherit_context_child(struct context *dest, const struct context *src, diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index b2d2b6c..68b4da6 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -2424,7 +2424,7 @@ /* * Process sourced options. */ - do_deferred_options(&mi->context, option_types_found); + do_deferred_options(&mi->context, option_types_found, false); /* * make sure we got ifconfig settings from somewhere diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 2083eae..3a8ce86 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -1086,6 +1086,40 @@ gc_free(&gc); } } + +static void +delete_all_dhcp_fo(struct options *o, struct env_item **list) +{ + struct env_item *current, *prev; + + ASSERT(list); + + for (current = *list, prev = NULL; current != NULL; current = current->next) + { + char *tmp_value = NULL; + if (!strncmp(current->string, "foreign_option_", sizeof("foreign_option_")-1)) + { + tmp_value = strchr(current->string, '='); + if (tmp_value && ++tmp_value) + { + if (!strncmp(tmp_value, "dhcp-option ", sizeof("dhcp-option ")-1)) + { + if (prev) + { + prev->next = current->next; + } + else + { + *list = current->next; + } + o->foreign_option_index--; + } + } + } + prev = current; + } +} + #endif /* ifndef _WIN32 */ static in_addr_t @@ -3091,7 +3125,7 @@ opt->routes->flags |= RG_DEF1; } } -#endif +#endif /* ifdef _WIN32 */ /* * Save/Restore certain option defaults before --pull is applied. @@ -5326,6 +5360,18 @@ struct env_set *es); static void +remove_option(struct context *c, + struct options *options, + char *p[], + bool is_inline, + const char *file, + int line, + const int msglevel, + const unsigned int permission_mask, + unsigned int *option_types_found, + struct env_set *es); + +static void read_config_file(struct options *options, const char *file, int level, @@ -5551,6 +5597,11 @@ add_option(options, p, false, file, line_num, 0, msglevel, permission_mask, option_types_found, es); } + else if (push_update_option_flags & PUSH_OPT_TO_REMOVE) + { + remove_option(c, options, p, false, file, line_num, msglevel, + permission_mask, option_types_found, es); + } } } return true; @@ -5689,6 +5740,199 @@ return options->forward_compatible ? M_WARN : msglevel; } +/** + * @brief Resets options found in the PUSH_UPDATE message that are preceded by the `-` flag. + * This function is used in push-updates to reset specified options. + * The number of parameters `p` must always be 1. If the permission is verified, + * all related options are erased or reset to their default values. + * Upon successful permission verification (by VERIFY_PERMISSION()), + * `option_types_found` is filled with the flag corresponding to the option. + * + * @param c The context structure. + * @param options A pointer to the options structure. + * @param p An array of strings containing the options and their parameters. + * @param is_inline A boolean indicating if the option is inline. + * @param file The file where the function is called. + * @param line The line number where the function is called. + * @param msglevel The message level. + * @param permission_mask The permission mask used by VERIFY_PERMISSION(). + * @param option_types_found A pointer to the variable where the flags corresponding to the options found are stored. + * @param es The environment set structure. + */ +static void +remove_option(struct context *c, + struct options *options, + char *p[], + bool is_inline, + const char *file, + int line, + const int msglevel, + const unsigned int permission_mask, + unsigned int *option_types_found, + struct env_set *es) +{ + int msglevel_fc = msglevel_forward_compatible(options, msglevel); + + if (streq(p[0], "ifconfig") && !p[1]) + { + VERIFY_PERMISSION(OPT_P_UP); + options->ifconfig_local = NULL; + options->ifconfig_remote_netmask = NULL; + } + else if (streq(p[0], "ifconfig-ipv6") && !p[1]) + { + VERIFY_PERMISSION(OPT_P_UP); + options->ifconfig_ipv6_local = NULL; + options->ifconfig_ipv6_netbits = 0; + options->ifconfig_ipv6_remote = NULL; + } + else if (streq(p[0], "route") && !p[1]) + { + VERIFY_PERMISSION(OPT_P_ROUTE); + if (c->c1.route_list) + { + delete_routes_v4(c->c1.route_list, c->c1.tuntap, + ROUTE_OPTION_FLAGS(&c->options), + es, &c->net_ctx); + if (options->routes) + { + options->routes->routes = NULL; + options->routes->flags = 0; + } + } + } + else if (streq(p[0], "route-ipv6") && !p[1]) + { + VERIFY_PERMISSION(OPT_P_ROUTE); + if (c->c1.route_ipv6_list) + { + delete_routes_v6(c->c1.route_ipv6_list, c->c1.tuntap, + ROUTE_OPTION_FLAGS(&c->options), + es, &c->net_ctx); + if (options->routes_ipv6) + { + options->routes_ipv6->routes_ipv6 = NULL; + options->routes_ipv6->flags = 0; + } + } + } + else if (streq(p[0], "route-gateway") && !p[1]) + { + VERIFY_PERMISSION(OPT_P_ROUTE_EXTRAS); + options->route_gateway_via_dhcp = false; + options->route_default_gateway = NULL; + } + else if (streq(p[0], "route-metric") && !p[1]) + { + VERIFY_PERMISSION(OPT_P_ROUTE); + options->route_default_metric = 0; + } + else if (streq(p[0], "push-continuation") && !p[1]) + { + VERIFY_PERMISSION(OPT_P_PULL_MODE); + options->push_continuation = 0; + } + else if ((streq(p[0], "redirect-gateway") || streq(p[0], "redirect-private")) && !p[1]) + { + VERIFY_PERMISSION(OPT_P_ROUTE); + if (options->routes) + { + options->routes->flags = 0; + } + if (options->routes_ipv6) + { + options->routes_ipv6->flags = 0; + } + } + else if (streq(p[0], "dns") && !p[1]) + { + VERIFY_PERMISSION(OPT_P_DHCPDNS); + gc_free(&options->dns_options.gc); + CLEAR(options->dns_options); + } + else if (streq(p[0], "topology") && !p[1]) + { + VERIFY_PERMISSION(OPT_P_UP); + options->topology = TOP_UNDEF; + helper_setdefault_topology(options); + } + else if (streq(p[0], "tun-mtu") && !p[1]) + { + VERIFY_PERMISSION(OPT_P_PUSH_MTU|OPT_P_CONNECTION); + options->ce.tun_mtu = TUN_MTU_DEFAULT; + options->ce.tun_mtu_defined = false; + options->ce.occ_mtu = 0; + } + else if (streq(p[0], "block-ipv6") && !p[1]) + { + VERIFY_PERMISSION(OPT_P_ROUTE); + options->block_ipv6 = false; + } +#if defined(_WIN32) || defined(TARGET_ANDROID) + else if (streq(p[0], "dhcp-option") && !p[1]) + { + struct tuntap_options *o = &options->tuntap_options; + VERIFY_PERMISSION(OPT_P_DHCPDNS); + + o->domain = NULL; + o->netbios_scope = NULL; + o->netbios_node_type = 0; + o->dns6_len = 0; + memset(o->dns6, 0, sizeof(o->dns6)); + o->dns_len = 0; + memset(o->dns, 0, sizeof(o->dns)); + o->wins_len = 0; + memset(o->wins, 0, sizeof(o->wins)); + o->ntp_len = 0; + memset(o->ntp, 0, sizeof(o->ntp)); + o->nbdd_len = 0; + memset(o->nbdd, 0, sizeof(o->nbdd)); + while (o->domain_search_list_len-- > 0) + { + o->domain_search_list[o->domain_search_list_len] = NULL; + } + o->disable_nbt = 0; + o->dhcp_options = 0; +#if defined(TARGET_ANDROID) + o->http_proxy_port = 0; + o->http_proxy = NULL; +#endif + } +#endif /* if defined(_WIN32) || defined(TARGET_ANDROID) */ +#ifdef _WIN32 + else if (streq(p[0], "block-outside-dns") && !p[1]) + { + VERIFY_PERMISSION(OPT_P_DHCPDNS); + options->block_outside_dns = false; + } +#else /* ifdef _WIN32 */ + else if (streq(p[0], "dhcp-option") && !p[1]) + { + VERIFY_PERMISSION(OPT_P_DHCPDNS); + delete_all_dhcp_fo(options, &es->list); + } +#endif + else + { + int i; + int msglevel_unknown = msglevel_fc; + /* Check if an option is in --ignore-unknown-option and + * set warning level to non fatal */ + for (i = 0; options->ignore_unknown_option && options->ignore_unknown_option[i]; i++) + { + if (streq(p[0], options->ignore_unknown_option[i])) + { + msglevel_unknown = M_WARN; + break; + } + } + msg(msglevel_unknown, "Unrecognized option or missing or extra parameter(s) in %s:%d: -%s (%s)", file, line, p[0], PACKAGE_VERSION); + } + return; +err: + msg(msglevel, "Error occurred trying to remove %s option", p[0]); +} + static void set_user_script(struct options *options, const char **script, diff --git a/src/openvpn/push.c b/src/openvpn/push.c index 858b821..22082a9 100644 --- a/src/openvpn/push.c +++ b/src/openvpn/push.c @@ -542,6 +542,11 @@ { msg(M_WARN, "No updatable options found in incoming PUSH_UPDATE message"); } + else if (!do_update(c, option_types_found)) + { + msg(D_PUSH_ERRORS, "Failed to update options"); + goto error; + } } } event_timeout_clear(&c->c2.push_request_interval); diff --git a/src/openvpn/route.c b/src/openvpn/route.c index 156262a..89ebaee 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -1265,7 +1265,16 @@ const struct tuntap *tt, unsigned int flags, const struct env_set *es, openvpn_net_ctx_t *ctx) { - if (rl && rl->iflags & RL_ROUTES_ADDED) + delete_routes_v4(rl, tt, flags, es, ctx); + delete_routes_v6(rl6, tt, flags, es, ctx); +} + +void +delete_routes_v4(struct route_list *rl, const struct tuntap *tt, + unsigned int flags, const struct env_set *es, + openvpn_net_ctx_t *ctx) +{ + if (rl && (rl->iflags & RL_ROUTES_ADDED)) { struct route_ipv4 *r; for (r = rl->routes; r; r = r->next) @@ -1281,8 +1290,14 @@ { clear_route_list(rl); } +} - if (rl6 && (rl6->iflags & RL_ROUTES_ADDED) ) +void +delete_routes_v6(struct route_ipv6_list *rl6, const struct tuntap *tt, + unsigned int flags, const struct env_set *es, + openvpn_net_ctx_t *ctx) +{ + if (rl6 && (rl6->iflags & RL_ROUTES_ADDED)) { struct route_ipv6 *r6; for (r6 = rl6->routes_ipv6; r6; r6 = r6->next) diff --git a/src/openvpn/route.h b/src/openvpn/route.h index 237375c..b89ec9f 100644 --- a/src/openvpn/route.h +++ b/src/openvpn/route.h @@ -335,6 +335,16 @@ const struct env_set *es, openvpn_net_ctx_t *ctx); +void +delete_routes_v4(struct route_list *rl, const struct tuntap *tt, + unsigned int flags, const struct env_set *es, + openvpn_net_ctx_t *ctx); + +void +delete_routes_v6(struct route_ipv6_list *rl6, const struct tuntap *tt, + unsigned int flags, const struct env_set *es, + openvpn_net_ctx_t *ctx); + void setenv_routes(struct env_set *es, const struct route_list *rl); void setenv_routes_ipv6(struct env_set *es, const struct route_ipv6_list *rl6);