From patchwork Wed Nov 22 05:58:22 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Matter X-Patchwork-Id: 90 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director3.mail.ord1d.rsapps.net ([172.28.255.1]) by backend31.mail.ord1d.rsapps.net (Dovecot) with LMTP id qy21BuysFVqJcQAAgoeIoA for ; Wed, 22 Nov 2017 11:59:24 -0500 Received: from director4.mail.ord1c.rsapps.net ([172.28.255.1]) by director3.mail.ord1d.rsapps.net (Dovecot) with LMTP id i51CBuysFVrPdwAAkXNnRw ; Wed, 22 Nov 2017 11:59:24 -0500 Received: from smtp48.gate.ord1c ([172.28.255.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by director4.mail.ord1c.rsapps.net (Dovecot) with LMTP id 8NuhGeysFVqDPAAAsEL7Xg ; Wed, 22 Nov 2017 11:59:24 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.34.181.88] Authentication-Results: smtp48.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.34.181.88"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=invoca.ch X-Classification-ID: 7caaec50-cfa6-11e7-898f-b8ca3a5fc420-1-1 Received: from [216.34.181.88] ([216.34.181.88:36108] helo=lists.sourceforge.net) by smtp48.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id B9/E2-44524-AECA51A5; Wed, 22 Nov 2017 11:59:22 -0500 Received: from localhost ([127.0.0.1] helo=sfs-ml-1.v29.ch3.sourceforge.com) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.89) (envelope-from ) id 1eHYM7-00033S-Oo; Wed, 22 Nov 2017 16:58:35 +0000 Received: from sfi-mx-3.v28.ch3.sourceforge.com ([172.29.28.193] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from ) id 1eHYM6-00033K-J2 for openvpn-devel@lists.sourceforge.net; Wed, 22 Nov 2017 16:58:34 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:MIME-Version:To:From:Subject:Date: Message-ID:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=S37w3LmTGpx1r/UYGwf2QxQDSLSNH07BC1Asledu6gU=; b=CSbEJ6H0coQ2PIzeZPG6GRwHG6 gHLta4zzITIfUGrrpKNyi4rSSjkMXcC5RDdA/hmUCRDZJoRsFETOccSxyI0XUp0EgfnclVUuU7bNZ J5Xg+bUTUWD2Jf5gTE5DRm+QnCTpj3VCQAWo3HPhkk0BUr+Ao02/TYWjlvD8BBtqgeBg=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:MIME-Version:To:From:Subject:Date:Message-ID:Sender:Reply-To :Cc:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=S37w3LmTGpx1r/UYGwf2QxQDSLSNH07BC1Asledu6gU=; b=D yOSwB2nF+VC1+FGm7duimALAkH9Pr2oJIrVdFRJ4iw9SvsJ3/daEiUWT00aDjQODSv1ggsy0N/0j0 rY5qaYrXA2OPemHBk63D0IJw/povNaUs0jui9o/HzcShiS4HcS1vX8Zht5I1Kik7JpypJ8pUdT90Z BfJEjTO6eTfXTR4M=; Received: from mx1.invoca.ch ([157.161.91.34] helo=ns1.invoca.ch) by sfi-mx-3.v28.ch3.sourceforge.com with esmtp (Exim 4.89) id 1eHYM2-0000xU-Kb for openvpn-devel@lists.sourceforge.net; Wed, 22 Nov 2017 16:58:34 +0000 Received: from xxl.bi.corp.invoca.ch (pub151248199086.dh-hfc.datazug.ch [151.248.199.86]) by ns1.invoca.ch (Postfix) with ESMTP id CE6C46181 for ; Wed, 22 Nov 2017 17:58:22 +0100 (CET) Received: from webmail.bi.invoca.ch (localhost [127.0.0.1]) by xxl.bi.corp.invoca.ch (Postfix) with ESMTP id 9909B5AF97 for ; Wed, 22 Nov 2017 17:58:22 +0100 (CET) Received: from 157.161.91.32 (SquirrelMail authenticated user simix) by webmail.bi.invoca.ch with HTTP; Wed, 22 Nov 2017 17:58:22 +0100 Message-ID: <84a29b8afab02733064c2cf715ae0b8c.squirrel@webmail.bi.invoca.ch> Date: Wed, 22 Nov 2017 17:58:22 +0100 From: "Simon Matter" To: openvpn-devel@lists.sourceforge.net User-Agent: SquirrelMail/1.4.22 MIME-Version: 1.0 X-Priority: 3 (Normal) Importance: Normal X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [157.161.91.34 listed in list.dnswl.org] -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain X-Headers-End: 1eHYM2-0000xU-Kb Subject: [Openvpn-devel] Add --up-pre with the same functionality as --down-pre X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Hi, In our situation we have the requirement to run scripts before tun/tap is opened, not after. While this could be hacked into the init script, the proper way seems to add it to openvpn as --up-pre option. That's independent from any init scripts / systemd service file and works the same way as --down-pre, only for the up status. My initial feature wish, posted 5 years ago, was turned down as won't fix: https://community.openvpn.net/openvpn/ticket/284 But there are people who wish it and they have good reasons to wish it. Just yesterday someone asked again: https://community.openvpn.net/openvpn/ticket/284#comment:10 Without going into much details just one thing why --up + --up-pre is better than hacking around outside of openvpn: the command called with --up also gets additional run time information from openvpn by parameters and environmental variables. You don't get all those information when calling anything from outside of openvpn before openvpn actually starts. If you feel there are good reasons to still refuse this patch, please let me know. Regards, Simon ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot diff -Naur openvpn-2.4.0.orig/doc/openvpn.8 openvpn-2.4.0/doc/openvpn.8 --- openvpn-2.4.0.orig/doc/openvpn.8 2016-12-26 14:01:34.000000000 +0100 +++ openvpn-2.4.0/doc/openvpn.8 2016-12-30 11:45:16.000000000 +0100 @@ -1845,6 +1845,12 @@ .B route add \-net 10.0.0.0 netmask 255.255.255.0 gw $5 .\"********************************************************* .TP +.B \-\-up\-pre +Call +.B \-\-up +cmd/script before, rather than after, TUN/TAP open. +.\"********************************************************* +.TP .B \-\-up\-delay Delay TUN/TAP open and possible .B \-\-up diff -Naur openvpn-2.4.0.orig/src/openvpn/init.c openvpn-2.4.0/src/openvpn/init.c --- openvpn-2.4.0.orig/src/openvpn/init.c 2016-12-26 12:51:00.000000000 +0100 +++ openvpn-2.4.0/src/openvpn/init.c 2016-12-30 12:05:15.000000000 +0100 @@ -1573,6 +1573,27 @@ } #endif + /* actually run the up script based on --up-pre flag */ + if (c->options.up_pre) + { + run_up_down (c->options.up_script, + c->plugins, + OPENVPN_PLUGIN_UP, + "[unknown-dev]", +#ifdef _WIN32 + TUN_ADAPTER_INDEX_INVALID, +#endif + dev_type_string (c->options.dev, c->options.dev_type), + TUN_MTU_SIZE (&c->c2.frame), + EXPANDED_SIZE (&c->c2.frame), + NULL, + NULL, + "init", + NULL, + "up", + c->c2.es); + } + /* initialize (but do not open) tun/tap object */ do_init_tun(c); @@ -1639,23 +1660,26 @@ do_ifconfig(c->c1.tuntap, c->c1.tuntap->actual_name, TUN_MTU_SIZE(&c->c2.frame), c->c2.es); } - /* run the up script */ - run_up_down(c->options.up_script, - c->plugins, - OPENVPN_PLUGIN_UP, - c->c1.tuntap->actual_name, + /* actually run the up script based on --up-pre flag */ + if (!c->options.up_pre) + { + run_up_down(c->options.up_script, + c->plugins, + OPENVPN_PLUGIN_UP, + c->c1.tuntap->actual_name, #ifdef _WIN32 - c->c1.tuntap->adapter_index, + c->c1.tuntap->adapter_index, #endif - dev_type_string(c->options.dev, c->options.dev_type), - TUN_MTU_SIZE(&c->c2.frame), - EXPANDED_SIZE(&c->c2.frame), - print_in_addr_t(c->c1.tuntap->local, IA_EMPTY_IF_UNDEF, &gc), - print_in_addr_t(c->c1.tuntap->remote_netmask, IA_EMPTY_IF_UNDEF, &gc), - "init", - NULL, - "up", - c->c2.es); + dev_type_string(c->options.dev, c->options.dev_type), + TUN_MTU_SIZE(&c->c2.frame), + EXPANDED_SIZE(&c->c2.frame), + print_in_addr_t(c->c1.tuntap->local, IA_EMPTY_IF_UNDEF, &gc), + print_in_addr_t(c->c1.tuntap->remote_netmask, IA_EMPTY_IF_UNDEF, &gc), + "init", + NULL, + "up", + c->c2.es); + } #if defined(_WIN32) if (c->options.block_outside_dns) diff -Naur openvpn-2.4.0.orig/src/openvpn/options.c openvpn-2.4.0/src/openvpn/options.c --- openvpn-2.4.0.orig/src/openvpn/options.c 2016-12-26 12:51:00.000000000 +0100 +++ openvpn-2.4.0/src/openvpn/options.c 2016-12-30 12:09:19.000000000 +0100 @@ -301,6 +301,7 @@ " Execute as: cmd tun/tap-dev tun-mtu link-mtu \\\n" " ifconfig-local-ip ifconfig-remote-ip\n" " (pre --user or --group UID/GID change)\n" + "--up-pre : Run --up command before TUN/TAP open.\n" "--up-delay : Delay tun/tap open and possible --up script execution\n" " until after TCP/UDP connection establishment with peer.\n" "--down cmd : Run command cmd after tun device close.\n" @@ -1623,6 +1624,7 @@ SHOW_STR(up_script); SHOW_STR(down_script); SHOW_BOOL(down_pre); + SHOW_BOOL(up_pre); SHOW_BOOL(up_restart); SHOW_BOOL(up_delay); SHOW_BOOL(daemon); @@ -5530,6 +5532,11 @@ VERIFY_PERMISSION(OPT_P_GENERAL); options->down_pre = true; } + else if (streq(p[0], "up-pre") && !p[1]) + { + VERIFY_PERMISSION(OPT_P_GENERAL); + options->up_pre = true; + } else if (streq(p[0], "up-delay") && !p[1]) { VERIFY_PERMISSION(OPT_P_GENERAL); diff -Naur openvpn-2.4.0.orig/src/openvpn/options.h openvpn-2.4.0/src/openvpn/options.h --- openvpn-2.4.0.orig/src/openvpn/options.h 2016-12-26 12:51:00.000000000 +0100 +++ openvpn-2.4.0/src/openvpn/options.h 2016-12-30 12:09:47.000000000 +0100 @@ -285,6 +285,7 @@ const char *down_script; bool user_script_used; bool down_pre; + bool up_pre; bool up_delay; bool up_restart; bool daemon;