From patchwork Mon Jun 4 23:04:17 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 352 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director8.mail.ord1d.rsapps.net ([172.27.255.52]) by backend30.mail.ord1d.rsapps.net (Dovecot) with LMTP id O7DPLphSFlsEIwAAIUCqbw for ; Tue, 05 Jun 2018 05:06:32 -0400 Received: from proxy3.mail.iad3a.rsapps.net ([172.27.255.52]) by director8.mail.ord1d.rsapps.net (Dovecot) with LMTP id kVZ6EJhSFltWcwAAfY0hYg ; Tue, 05 Jun 2018 05:06:32 -0400 Received: from smtp3.gate.iad3a ([172.27.255.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy3.mail.iad3a.rsapps.net with LMTP id uEYhJphSFltQewAAYaqY3Q ; Tue, 05 Jun 2018 05:06:32 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp3.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: bcf49404-689f-11e8-9ed3-525400af4d07-1-1 Received: from [216.105.38.7] ([216.105.38.7:27235] helo=lists.sourceforge.net) by smtp3.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 06/89-29017-892561B5; Tue, 05 Jun 2018 05:06:32 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1fQ7u8-0007L9-LH; Tue, 05 Jun 2018 09:05:24 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1fQ7tx-0007Ka-1D for openvpn-devel@lists.sourceforge.net; Tue, 05 Jun 2018 09:05:13 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc: To:From:Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=wa7p2NRECAfI3kvpALah91CzkJxwFofe51QKz4utVJQ=; b=RrVj3DxnDPPn2nBk3eHHBilViB HlrX+yvIrRmH88LrprBsrFCNA/pyD5Q0xYUOBEzdvyotc7NXoLhV7BJ9hsIAWLYLoAtn5qQe9/sHH n59P6RFASB1eTBbGaXRsu7AqRvY3iQjB2Kt2R7MXL1vLAm1SRO5YoQyRX/59zu2X6kPk=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=wa7p2NRECAfI3kvpALah91CzkJxwFofe51QKz4utVJQ=; b=hsetdZe/SDTHludJ7IUIoTgAo8 jp2IktHwv3Td8XQtvzss+gwbjko8wkorx2IVggum2Rc1djmiS52o3V/2EK4ax0BJ5bWIHo+ZN33ET gqoEr6rB+2N/6mxgcWI/mUicM/7MtLFGUGq/xEeVMxS0VCncRhlLkOeGtlthgFnJL1yk=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) id 1fQ7tq-006SQ5-Ad for openvpn-devel@lists.sourceforge.net; Tue, 05 Jun 2018 09:05:12 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Tue, 5 Jun 2018 17:04:17 +0800 Message-Id: <20180605090421.9746-2-a@unstable.cc> In-Reply-To: <20180605090421.9746-1-a@unstable.cc> References: <20180605090421.9746-1-a@unstable.cc> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [5.148.176.60 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1fQ7tq-006SQ5-Ad Subject: [Openvpn-devel] [PATCH 1/5] tun: ensure interface can be configured with IPv6 only X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Antonio Quartulli This change ensures that an interface is properly brought up even when only IPv6 settings are configured. This can be useful on a client that wants to ignore the IPv4 settings pushed by the server and configure only IPv6. To achieve the above, a client can use `pull-filter ignore "ifconfig "` (thanks Gert for this hint). Trac: #208 Cc: Gert Doering Signed-off-by: Antonio Quartulli --- src/openvpn/tun.c | 357 ++++++++++++++++++++-------------------------- 1 file changed, 158 insertions(+), 199 deletions(-) diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index 263cacdf..2e33880b 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -871,6 +871,161 @@ create_arbitrary_remote( struct tuntap *tt ) } #endif +/** + * do_ifconfig_ipv6 - perform platform specific ifconfig6 commands + * + * @param tt the tuntap interface context + * @param actual the human readable interface name + * @param mtu the MTU value to set the interface to + * @param es the environment to be used when executing the commands + * @param gc previously allocated garbage collector + */ +static void +do_ifconfig_ipv6(struct tuntap *tt, const char *actual, int tun_mtu, + const struct env_set *es, struct gc_arena *gc) +{ + const char *ifconfig_ipv6_local = NULL; + struct argv argv; + + if (!tt->did_ifconfig_ipv6_setup) + { + return; + } + + argv = argv_new(); + ifconfig_ipv6_local = print_in6_addr(tt->local_ipv6, 0, gc); + +#if defined(TARGET_LINUX) +#ifdef ENABLE_IPROUTE + /* set the MTU for the device and bring it up */ + argv_printf(&argv, "%s link set dev %s up mtu %d", iproute_path, actual, + tun_mtu); + argv_msg(M_INFO, &argv); + openvpn_execve_check(&argv, es, S_FATAL, "Linux ip link set failed"); + + argv_printf(&argv, "%s -6 addr add %s/%d dev %s", iproute_path, + ifconfig_ipv6_local, tt->netbits_ipv6, actual); + argv_msg(M_INFO, &argv); + openvpn_execve_check(&argv, es, S_FATAL, "Linux ip -6 addr add failed"); +#else + argv_printf(&argv, "%s %s add %s/%d mtu %d up", IFCONFIG_PATH, actual, + ifconfig_ipv6_local, tt->netbits_ipv6, tun_mtu); + argv_msg(M_INFO, &argv); + openvpn_execve_check(&argv, es, S_FATAL, "Linux ifconfig inet6 failed"); +#endif +#elif defined(TARGET_ANDROID) + char out6[64]; + + openvpn_snprintf(out6, sizeof(out6), "%s/%d", + ifconfig_ipv6_local,tt->netbits_ipv6); + management_android_control(management, "IFCONFIG6", out6); +#elif defined(TARGET_SOLARIS) + argv_printf(&argv, "%s %s inet6 unplumb", IFCONFIG_PATH, actual); + argv_msg(M_INFO, &argv); + openvpn_execve_check(&argv, es, 0, NULL); + + if (tt->type == DEV_TYPE_TUN) + { + const char *ifconfig_ipv6_remote = print_in6_addr(tt->remote_ipv6, 0, + gc); + + argv_printf(&argv, "%s %s inet6 plumb %s/%d %s mtu %d up", + IFCONFIG_PATH, actual, ifconfig_ipv6_local, + tt->netbits_ipv6, ifconfig_ipv6_remote, tun_mtu); + } + else /* tap mode */ + { + /* base IPv6 tap interface needs to be brought up first */ + argv_printf(&argv, "%s %s inet6 plumb up", IFCONFIG_PATH, actual); + argv_msg(M_INFO, &argv); + + if (!openvpn_execve_check(&argv, es, 0, + "Solaris ifconfig IPv6 (prepare) failed")) + { + solaris_error_close(tt, es, actual, true); + } + + /* we might need to do "ifconfig %s inet6 auto-dhcp drop" + * after the system has noticed the interface and fired up + * the DHCPv6 client - but this takes quite a while, and the + * server will ignore the DHCPv6 packets anyway. So we don't. + */ + + /* static IPv6 addresses need to go to a subinterface (tap0:1) */ + argv_printf(&argv, "%s %s inet6 addif %s/%d mtu %d up", IFCONFIG_PATH, + actual, ifconfig_ipv6_local, tt->netbits_ipv6, tun_mtu); + } + argv_msg(M_INFO, &argv); + + if (!openvpn_execve_check(&argv, es, 0, "Solaris ifconfig IPv6 failed")) + { + solaris_error_close(tt, es, actual, true); + } +#elif defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) \ + || defined(TARGET_DARWIN) || defined(TARGET_FREEBSD) \ + || defined(TARGET_DRAGONFLY) || defined(TARGET_AIX) + argv_printf(&argv, "%s %s inet6 %s/%d mtu %d up", IFCONFIG_PATH, actual, + ifconfig_ipv6_local, tt->netbits_ipv6, tun_mtu); + argv_msg(M_INFO, &argv); + +#if defined(TARGET_AIX) + /* AIX ifconfig will complain if it can't find ODM path in env */ + es = env_set_create(NULL); + env_set_add(es, "ODMDIR=/etc/objrepos"); +#endif + + openvpn_execve_check(&argv, es, S_FATAL, + "generic BSD ifconfig inet6 failed"); + +#if defined(TARGET_AIX) + env_set_destroy(es); +#endif + +#if !defined(TARGET_FREEBSD) && !defined(TARGET_DRAGONFLY) \ + && !defined(TARGET_AIX) + /* and, hooray, we explicitely need to add a route... */ + add_route_connected_v6_net(tt, es); +#endif +#elif defined (_WIN32) + if (tt->options.ip_win32_type == IPW32_SET_MANUAL) + { + msg(M_INFO, "******** NOTE: Please manually set the v6 IP of '%s' to %s (if it is not already set)", + actual, ifconfig_ipv6_local); + } + else if (tt->options.msg_channel) + { + do_address_service(true, AF_INET6, tt); + do_dns6_service(true, tt); + } + else + { + /* example: netsh interface ipv6 set address interface=42 + * 2001:608:8003::d store=active + */ + char iface[64]; + + openvpn_snprintf(iface, sizeof(iface), "interface=%lu", + tt->adapter_index); + argv_printf(&argv, "%s%sc interface ipv6 set address %s %s store=active", + get_win_sys_path(), NETSH_PATH_SUFFIX, iface, + ifconfig_ipv6_local); + netsh_command(&argv, 4, M_FATAL); + /* set ipv6 dns servers if any are specified */ + netsh_set_dns6_servers(tt->options.dns6, tt->options.dns6_len, actual); + } + + /* explicit route needed */ + if (tt->options.ip_win32_type != IPW32_SET_MANUAL) + { + add_route_connected_v6_net(tt, es); + } +#else /* if defined(TARGET_LINUX) */ + msg(M_FATAL, "Sorry, but I don't know how to do IPv6 'ifconfig' commands on this operating system. You should ifconfig your TUN/TAP device manually or use an --up script."); +#endif /* if defined(TARGET_LINUX) */ + + argv_reset(&argv); +} + /* execute the ifconfig command through the shell */ void do_ifconfig(struct tuntap *tt, @@ -886,8 +1041,6 @@ do_ifconfig(struct tuntap *tt, const char *ifconfig_local = NULL; const char *ifconfig_remote_netmask = NULL; const char *ifconfig_broadcast = NULL; - const char *ifconfig_ipv6_local = NULL; - bool do_ipv6 = false; struct argv argv = argv_new(); msg( M_DEBUG, "do_ifconfig, tt->did_ifconfig_ipv6_setup=%d", @@ -904,12 +1057,6 @@ do_ifconfig(struct tuntap *tt, ifconfig_local = print_in_addr_t(tt->local, 0, &gc); ifconfig_remote_netmask = print_in_addr_t(tt->remote_netmask, 0, &gc); - if (tt->did_ifconfig_ipv6_setup) - { - ifconfig_ipv6_local = print_in6_addr(tt->local_ipv6, 0, &gc); - do_ipv6 = true; - } - /* * If TAP-style device, generate broadcast address. */ @@ -975,18 +1122,6 @@ do_ifconfig(struct tuntap *tt, argv_msg(M_INFO, &argv); openvpn_execve_check(&argv, es, S_FATAL, "Linux ip addr add failed"); } - if (do_ipv6) - { - argv_printf( &argv, - "%s -6 addr add %s/%d dev %s", - iproute_path, - ifconfig_ipv6_local, - tt->netbits_ipv6, - actual - ); - argv_msg(M_INFO, &argv); - openvpn_execve_check(&argv, es, S_FATAL, "Linux ip -6 addr add failed"); - } tt->did_ifconfig = true; #else /* ifdef ENABLE_IPROUTE */ if (tun) @@ -1014,30 +1149,10 @@ do_ifconfig(struct tuntap *tt, } argv_msg(M_INFO, &argv); openvpn_execve_check(&argv, es, S_FATAL, "Linux ifconfig failed"); - if (do_ipv6) - { - argv_printf(&argv, - "%s %s add %s/%d", - IFCONFIG_PATH, - actual, - ifconfig_ipv6_local, - tt->netbits_ipv6 - ); - argv_msg(M_INFO, &argv); - openvpn_execve_check(&argv, es, S_FATAL, "Linux ifconfig inet6 failed"); - } tt->did_ifconfig = true; #endif /*ENABLE_IPROUTE*/ #elif defined(TARGET_ANDROID) - - if (do_ipv6) - { - char out6[64]; - openvpn_snprintf(out6, sizeof(out6), "%s/%d", ifconfig_ipv6_local,tt->netbits_ipv6); - management_android_control(management, "IFCONFIG6", out6); - } - char out[64]; char *top; @@ -1120,59 +1235,6 @@ do_ifconfig(struct tuntap *tt, solaris_error_close(tt, es, actual, false); } - if (do_ipv6) - { - argv_printf(&argv, "%s %s inet6 unplumb", - IFCONFIG_PATH, actual ); - argv_msg(M_INFO, &argv); - openvpn_execve_check(&argv, es, 0, NULL); - - if (tt->type == DEV_TYPE_TUN) - { - const char *ifconfig_ipv6_remote = - print_in6_addr(tt->remote_ipv6, 0, &gc); - - argv_printf(&argv, - "%s %s inet6 plumb %s/%d %s up", - IFCONFIG_PATH, - actual, - ifconfig_ipv6_local, - tt->netbits_ipv6, - ifconfig_ipv6_remote - ); - } - else /* tap mode */ - { - /* base IPv6 tap interface needs to be brought up first - */ - argv_printf(&argv, "%s %s inet6 plumb up", - IFCONFIG_PATH, actual ); - argv_msg(M_INFO, &argv); - if (!openvpn_execve_check(&argv, es, 0, "Solaris ifconfig IPv6 (prepare) failed")) - { - solaris_error_close(tt, es, actual, true); - } - - /* we might need to do "ifconfig %s inet6 auto-dhcp drop" - * after the system has noticed the interface and fired up - * the DHCPv6 client - but this takes quite a while, and the - * server will ignore the DHCPv6 packets anyway. So we don't. - */ - - /* static IPv6 addresses need to go to a subinterface (tap0:1) - */ - argv_printf(&argv, - "%s %s inet6 addif %s/%d up", - IFCONFIG_PATH, actual, - ifconfig_ipv6_local, tt->netbits_ipv6 ); - } - argv_msg(M_INFO, &argv); - if (!openvpn_execve_check(&argv, es, 0, "Solaris ifconfig IPv6 failed")) - { - solaris_error_close(tt, es, actual, true); - } - } - if (!tun && tt->topology == TOP_SUBNET) { /* Add a network route for the local tun interface */ @@ -1250,21 +1312,6 @@ do_ifconfig(struct tuntap *tt, add_route(&r, tt, 0, NULL, es); } - if (do_ipv6) - { - argv_printf(&argv, - "%s %s inet6 %s/%d", - IFCONFIG_PATH, - actual, - ifconfig_ipv6_local, - tt->netbits_ipv6 - ); - argv_msg(M_INFO, &argv); - openvpn_execve_check(&argv, es, S_FATAL, "OpenBSD ifconfig inet6 failed"); - - /* and, hooray, we explicitely need to add a route... */ - add_route_connected_v6_net(tt, es); - } tt->did_ifconfig = true; #elif defined(TARGET_NETBSD) @@ -1312,21 +1359,6 @@ do_ifconfig(struct tuntap *tt, argv_msg(M_INFO, &argv); openvpn_execve_check(&argv, es, S_FATAL, "NetBSD ifconfig failed"); - if (do_ipv6) - { - argv_printf(&argv, - "%s %s inet6 %s/%d", - IFCONFIG_PATH, - actual, - ifconfig_ipv6_local, - tt->netbits_ipv6 - ); - argv_msg(M_INFO, &argv); - openvpn_execve_check(&argv, es, S_FATAL, "NetBSD ifconfig inet6 failed"); - - /* and, hooray, we explicitely need to add a route... */ - add_route_connected_v6_net(tt, es); - } tt->did_ifconfig = true; #elif defined(TARGET_DARWIN) @@ -1398,22 +1430,6 @@ do_ifconfig(struct tuntap *tt, add_route(&r, tt, 0, NULL, es); } - if (do_ipv6) - { - argv_printf(&argv, - "%s %s inet6 %s/%d", - IFCONFIG_PATH, - actual, - ifconfig_ipv6_local, - tt->netbits_ipv6 - ); - argv_msg(M_INFO, &argv); - openvpn_execve_check(&argv, es, S_FATAL, "MacOS X ifconfig inet6 failed"); - - /* and, hooray, we explicitely need to add a route... */ - add_route_connected_v6_net(tt, es); - } - #elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) in_addr_t remote_end; /* for "virtual" subnet topology */ @@ -1471,19 +1487,6 @@ do_ifconfig(struct tuntap *tt, add_route(&r, tt, 0, NULL, es); } - if (do_ipv6) - { - argv_printf(&argv, - "%s %s inet6 %s/%d", - IFCONFIG_PATH, - actual, - ifconfig_ipv6_local, - tt->netbits_ipv6 - ); - argv_msg(M_INFO, &argv); - openvpn_execve_check(&argv, es, S_FATAL, "FreeBSD ifconfig inet6 failed"); - } - #elif defined(TARGET_AIX) { /* AIX ifconfig will complain if it can't find ODM path in env */ @@ -1509,18 +1512,6 @@ do_ifconfig(struct tuntap *tt, openvpn_execve_check(&argv, aix_es, S_FATAL, "AIX ifconfig failed"); tt->did_ifconfig = true; - if (do_ipv6) - { - argv_printf(&argv, - "%s %s inet6 %s/%d", - IFCONFIG_PATH, - actual, - ifconfig_ipv6_local, - tt->netbits_ipv6 - ); - argv_msg(M_INFO, &argv); - openvpn_execve_check(&argv, aix_es, S_FATAL, "AIX ifconfig inet6 failed"); - } env_set_destroy(aix_es); } #elif defined (_WIN32) @@ -1548,46 +1539,14 @@ do_ifconfig(struct tuntap *tt, tt->did_ifconfig = true; } - if (do_ipv6) - { - if (tt->options.ip_win32_type == IPW32_SET_MANUAL) - { - msg(M_INFO, "******** NOTE: Please manually set the v6 IP of '%s' to %s (if it is not already set)", - actual, - ifconfig_ipv6_local); - } - else if (tt->options.msg_channel) - { - do_address_service(true, AF_INET6, tt); - do_dns6_service(true, tt); - } - else - { - /* example: netsh interface ipv6 set address interface=42 2001:608:8003::d store=active */ - char iface[64]; - openvpn_snprintf(iface, sizeof(iface), "interface=%lu", tt->adapter_index ); - argv_printf(&argv, - "%s%sc interface ipv6 set address %s %s store=active", - get_win_sys_path(), - NETSH_PATH_SUFFIX, - iface, - ifconfig_ipv6_local ); - netsh_command(&argv, 4, M_FATAL); - /* set ipv6 dns servers if any are specified */ - netsh_set_dns6_servers(tt->options.dns6, tt->options.dns6_len, actual); - } - - /* explicit route needed */ - if (tt->options.ip_win32_type != IPW32_SET_MANUAL) - { - add_route_connected_v6_net(tt, es); - } - } #else /* if defined(TARGET_LINUX) */ msg(M_FATAL, "Sorry, but I don't know how to do 'ifconfig' commands on this operating system. You should ifconfig your TUN/TAP device manually or use an --up script."); #endif /* if defined(TARGET_LINUX) */ argv_reset(&argv); } + + do_ifconfig_ipv6(tt, actual, tun_mtu, es, &gc); + gc_free(&gc); } From patchwork Mon Jun 4 23:04:18 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 349 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director8.mail.ord1d.rsapps.net ([172.27.255.7]) by backend30.mail.ord1d.rsapps.net (Dovecot) with LMTP id u+OTIIVSFlsEIwAAIUCqbw for ; Tue, 05 Jun 2018 05:06:13 -0400 Received: from proxy11.mail.iad3a.rsapps.net ([172.27.255.7]) by director8.mail.ord1d.rsapps.net (Dovecot) with LMTP id u0FVGoVSFltZcwAAfY0hYg ; Tue, 05 Jun 2018 05:06:13 -0400 Received: from smtp4.gate.iad3a ([172.27.255.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy11.mail.iad3a.rsapps.net with LMTP id mAc0GIVSFlv1PwAAxCvdqw ; Tue, 05 Jun 2018 05:06:13 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp4.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: b1702a26-689f-11e8-a5b4-5254003c557e-1-1 Received: from [216.105.38.7] ([216.105.38.7:47445] helo=lists.sourceforge.net) by smtp4.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id F7/AE-30858-482561B5; Tue, 05 Jun 2018 05:06:12 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1fQ7u9-0004AO-91; Tue, 05 Jun 2018 09:05:25 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1fQ7tw-00049u-0A for openvpn-devel@lists.sourceforge.net; Tue, 05 Jun 2018 09:05:12 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc: To:From:Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=zBCFtXVSuHoAkEMpe8HW0bDS7WD1/NGnemBxkLu7fqA=; b=lV0EkP3+fftUHMxNQUZJ2dTIw7 MKv9ApCbLl5LmKAZEI9NpIjpEpb22ARyWcPV+o1zG+zttvAi0YfVpXdCKfKmRS7Ro8f02r141dOPj CbslxLB/egqHuDG3oFXeXlTg2AzR/yeIQ8ioQkkAMup/3Cnyxhu6d11j5UDicwhFiKsI=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=zBCFtXVSuHoAkEMpe8HW0bDS7WD1/NGnemBxkLu7fqA=; b=XBkCBoIhEcIC393PuVYF+29djQ iGDglSFmT6+DsBfPhbxNhZ1EI+9JGwfl9Hpgzvjkle6SHxlXkp0HsNP+6ySllH3tYwcTK+oIW75gM nvd+BtR6c6RYGS+Q2SyxU98Qlndxbubzr8JWCz6QzBhsYnt5EplKIexruFPf/pnpHu1w=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) id 1fQ7tq-006SQC-G2 for openvpn-devel@lists.sourceforge.net; Tue, 05 Jun 2018 09:05:11 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Tue, 5 Jun 2018 17:04:18 +0800 Message-Id: <20180605090421.9746-3-a@unstable.cc> In-Reply-To: <20180605090421.9746-1-a@unstable.cc> References: <20180605090421.9746-1-a@unstable.cc> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [5.148.176.60 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1fQ7tq-006SQC-G2 Subject: [Openvpn-devel] [PATCH 2/5] pool: restyle ipv4/ipv6 members to improve readability X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Antonio Quartulli (This is only code refactoring) IPv4 and IPv6 members are all part of the same flat hierarchy in the pool data structure, without a proper name convention. Create 2 sub-structures to properly saperate IPv4 from IPv6 relate members. This should make the structure more organized and also slightly improve code readability. Signed-off-by: Antonio Quartulli Acked-by: Gert Doering --- src/openvpn/pool.c | 72 +++++++++++++++++++++++----------------------- src/openvpn/pool.h | 16 +++++++---- 2 files changed, 46 insertions(+), 42 deletions(-) diff --git a/src/openvpn/pool.c b/src/openvpn/pool.c index da28bc06..26eb0ebd 100644 --- a/src/openvpn/pool.c +++ b/src/openvpn/pool.c @@ -66,7 +66,7 @@ ifconfig_pool_find(struct ifconfig_pool *pool, const char *common_name) int previous_usage = -1; int new_usage = -1; - for (i = 0; i < pool->size; ++i) + for (i = 0; i < pool->ipv4.size; ++i) { struct ifconfig_pool_entry *ipe = &pool->list[i]; if (!ipe->in_use) @@ -158,19 +158,19 @@ ifconfig_pool_init(int type, in_addr_t start, in_addr_t end, ASSERT(start <= end && end - start < IFCONFIG_POOL_MAX); ALLOC_OBJ_CLEAR(pool, struct ifconfig_pool); - pool->type = type; + pool->ipv4.type = type; pool->duplicate_cn = duplicate_cn; - switch (type) + switch (pool->ipv4.type) { case IFCONFIG_POOL_30NET: - pool->base = start & ~3; - pool->size = (((end | 3) + 1) - pool->base) >> 2; + pool->ipv4.base = start & ~3; + pool->ipv4.size = (((end | 3) + 1) - pool->ipv4.base) >> 2; break; case IFCONFIG_POOL_INDIV: - pool->base = start; - pool->size = end - start + 1; + pool->ipv4.base = start; + pool->ipv4.size = end - start + 1; break; default: @@ -178,30 +178,30 @@ ifconfig_pool_init(int type, in_addr_t start, in_addr_t end, } /* IPv6 pools are always "INDIV" type */ - pool->ipv6 = ipv6_pool; + pool->ipv6.enabled = ipv6_pool; - if (pool->ipv6) + if (pool->ipv6.enabled) { - pool->base_ipv6 = ipv6_base; - pool->size_ipv6 = ipv6_netbits>96 ? ( 1<<(128-ipv6_netbits) ) + pool->ipv6.base = ipv6_base; + pool->ipv6.size = ipv6_netbits > 96 ? (1 << (128 - ipv6_netbits)) : IFCONFIG_POOL_MAX; msg( D_IFCONFIG_POOL, "IFCONFIG POOL IPv6: (IPv4) size=%d, size_ipv6=%d, netbits=%d, base_ipv6=%s", - pool->size, pool->size_ipv6, ipv6_netbits, - print_in6_addr( pool->base_ipv6, 0, &gc )); + pool->ipv4.size, pool->ipv6.size, ipv6_netbits, + print_in6_addr(pool->ipv6.base, 0, &gc)); /* the current code is very simple and assumes that the IPv6 * pool is at least as big as the IPv4 pool, and we don't need * to do separate math etc. for IPv6 */ - ASSERT( pool->size < pool->size_ipv6 ); + ASSERT(pool->ipv4.size < pool->ipv6.size); } - ALLOC_ARRAY_CLEAR(pool->list, struct ifconfig_pool_entry, pool->size); + ALLOC_ARRAY_CLEAR(pool->list, struct ifconfig_pool_entry, pool->ipv4.size); msg(D_IFCONFIG_POOL, "IFCONFIG POOL: base=%s size=%d, ipv6=%d", - print_in_addr_t(pool->base, 0, &gc), - pool->size, pool->ipv6 ); + print_in_addr_t(pool->ipv4.base, 0, &gc), + pool->ipv4.size, pool->ipv6.enabled); gc_free(&gc); return pool; @@ -213,7 +213,7 @@ ifconfig_pool_free(struct ifconfig_pool *pool) if (pool) { int i; - for (i = 0; i < pool->size; ++i) + for (i = 0; i < pool->ipv4.size; ++i) { ifconfig_pool_entry_free(&pool->list[i], true); } @@ -239,11 +239,11 @@ ifconfig_pool_acquire(struct ifconfig_pool *pool, in_addr_t *local, in_addr_t *r ipe->common_name = string_alloc(common_name, NULL); } - switch (pool->type) + switch (pool->ipv4.type) { case IFCONFIG_POOL_30NET: { - in_addr_t b = pool->base + (i << 2); + in_addr_t b = pool->ipv4.base + (i << 2); *local = b + 1; *remote = b + 2; break; @@ -251,7 +251,7 @@ ifconfig_pool_acquire(struct ifconfig_pool *pool, in_addr_t *local, in_addr_t *r case IFCONFIG_POOL_INDIV: { - in_addr_t b = pool->base + i; + in_addr_t b = pool->ipv4.base + i; *local = 0; *remote = b; break; @@ -262,9 +262,9 @@ ifconfig_pool_acquire(struct ifconfig_pool *pool, in_addr_t *local, in_addr_t *r } /* IPv6 pools are always INDIV (--linear) */ - if (pool->ipv6 && remote_ipv6) + if (pool->ipv6.enabled && remote_ipv6) { - *remote_ipv6 = add_in6_addr( pool->base_ipv6, i ); + *remote_ipv6 = add_in6_addr(pool->ipv6.base, i); } } return i; @@ -274,7 +274,7 @@ bool ifconfig_pool_release(struct ifconfig_pool *pool, ifconfig_pool_handle hand, const bool hard) { bool ret = false; - if (pool && hand >= 0 && hand < pool->size) + if (pool && hand >= 0 && hand < pool->ipv4.size) { ifconfig_pool_entry_free(&pool->list[hand], hard); ret = true; @@ -291,17 +291,17 @@ ifconfig_pool_ip_base_to_handle(const struct ifconfig_pool *pool, const in_addr_ { ifconfig_pool_handle ret = -1; - switch (pool->type) + switch (pool->ipv4.type) { case IFCONFIG_POOL_30NET: { - ret = (addr - pool->base) >> 2; + ret = (addr - pool->ipv4.base) >> 2; break; } case IFCONFIG_POOL_INDIV: { - ret = (addr - pool->base); + ret = (addr - pool->ipv4.base); break; } @@ -309,7 +309,7 @@ ifconfig_pool_ip_base_to_handle(const struct ifconfig_pool *pool, const in_addr_ ASSERT(0); } - if (ret < 0 || ret >= pool->size) + if (ret < 0 || ret >= pool->ipv4.size) { ret = -1; } @@ -322,19 +322,19 @@ ifconfig_pool_handle_to_ip_base(const struct ifconfig_pool *pool, ifconfig_pool_ { in_addr_t ret = 0; - if (hand >= 0 && hand < pool->size) + if (hand >= 0 && hand < pool->ipv4.size) { - switch (pool->type) + switch (pool->ipv4.type) { case IFCONFIG_POOL_30NET: { - ret = pool->base + (hand << 2); + ret = pool->ipv4.base + (hand << 2); break; } case IFCONFIG_POOL_INDIV: { - ret = pool->base + hand; + ret = pool->ipv4.base + hand; break; } @@ -352,9 +352,9 @@ ifconfig_pool_handle_to_ipv6_base(const struct ifconfig_pool *pool, ifconfig_poo struct in6_addr ret = in6addr_any; /* IPv6 pools are always INDIV (--linear) */ - if (hand >= 0 && hand < pool->size_ipv6) + if (hand >= 0 && hand < pool->ipv6.size) { - ret = add_in6_addr( pool->base_ipv6, hand ); + ret = add_in6_addr( pool->ipv6.base, hand ); } return ret; } @@ -382,13 +382,13 @@ ifconfig_pool_list(const struct ifconfig_pool *pool, struct status_output *out) struct gc_arena gc = gc_new(); int i; - for (i = 0; i < pool->size; ++i) + for (i = 0; i < pool->ipv4.size; ++i) { const struct ifconfig_pool_entry *e = &pool->list[i]; if (e->common_name) { const in_addr_t ip = ifconfig_pool_handle_to_ip_base(pool, i); - if (pool->ipv6) + if (pool->ipv6.enabled) { struct in6_addr ip6 = ifconfig_pool_handle_to_ipv6_base(pool, i); status_printf(out, "%s,%s,%s", diff --git a/src/openvpn/pool.h b/src/openvpn/pool.h index 6de28ac5..544d4180 100644 --- a/src/openvpn/pool.h +++ b/src/openvpn/pool.h @@ -47,13 +47,17 @@ struct ifconfig_pool_entry struct ifconfig_pool { - in_addr_t base; - int size; - int type; bool duplicate_cn; - bool ipv6; - struct in6_addr base_ipv6; - unsigned int size_ipv6; + struct { + int type; + in_addr_t base; + int size; + } ipv4; + struct { + bool enabled; + struct in6_addr base; + unsigned int size; + } ipv6; struct ifconfig_pool_entry *list; }; From patchwork Mon Jun 4 23:04:19 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 351 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director7.mail.ord1d.rsapps.net ([172.27.255.1]) by backend30.mail.ord1d.rsapps.net (Dovecot) with LMTP id g5FmBZFSFlvISgAAIUCqbw for ; Tue, 05 Jun 2018 05:06:25 -0400 Received: from proxy1.mail.iad3a.rsapps.net ([172.27.255.1]) by director7.mail.ord1d.rsapps.net (Dovecot) with LMTP id qrIxAJFSFlunHwAAovjBpQ ; Tue, 05 Jun 2018 05:06:25 -0400 Received: from smtp13.gate.iad3a ([172.27.255.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy1.mail.iad3a.rsapps.net with LMTP id AJq0OJBSFltMSQAA8TVjwQ ; Tue, 05 Jun 2018 05:06:24 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp13.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: b887447a-689f-11e8-a9d9-5254004b83b1-1-1 Received: from [216.105.38.7] ([216.105.38.7:52290] helo=lists.sourceforge.net) by smtp13.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id D1/37-08228-092561B5; Tue, 05 Jun 2018 05:06:24 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1fQ7u9-0004AC-5C; Tue, 05 Jun 2018 09:05:25 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1fQ7tu-00049j-0i for openvpn-devel@lists.sourceforge.net; Tue, 05 Jun 2018 09:05:10 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc: To:From:Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=y20EsHFTH7Nm999WxYe5EwtdobaiwtaRBeL8ihmO0gk=; b=QGZadFTSSrepWq6lqWgnGv9pRs fcVJO1dONtO8KGkawYZy2Wnth/cGxpUxMW9MtUcPRxqYG7Bs4GIlpgStcqIQruWom9rFa/lBWz1+P AUKIvvuu42jNrWT6MZ3nNgscwxNTcZ61PUnOlzqaZMcXzO1X/j7zkzz3UGg6iI071J28=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=y20EsHFTH7Nm999WxYe5EwtdobaiwtaRBeL8ihmO0gk=; b=mTcDmfvQYAUtIq1Vc3aReqQvS+ YK3R1PYkgwzU7uqOaLxjXlOyMr+OXPihpGt5Xa8kZBdBtDxy59VqsUaABhCq8k3LprmommmIwAQWC XWFhQ8n+HxClVlg4ju7vWE2vU9IzvKtzYFkpkFfuyqzziqHiSWJl5AarL18EH03BLByQ=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) id 1fQ7ts-006JuK-M7 for openvpn-devel@lists.sourceforge.net; Tue, 05 Jun 2018 09:05:09 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Tue, 5 Jun 2018 17:04:19 +0800 Message-Id: <20180605090421.9746-4-a@unstable.cc> In-Reply-To: <20180605090421.9746-1-a@unstable.cc> References: <20180605090421.9746-1-a@unstable.cc> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [5.148.176.60 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1fQ7ts-006JuK-M7 Subject: [Openvpn-devel] [PATCH 3/5] pool: convert pool 'type' to enum X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Antonio Quartulli The pool 'type' member is actually an enumered type, therefore declare it as 'enum' to improve static code analisys and readability. Signed-off-by: Antonio Quartulli --- src/openvpn/pool.c | 2 +- src/openvpn/pool.h | 11 +++++++---- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/src/openvpn/pool.c b/src/openvpn/pool.c index 26eb0ebd..5d503a33 100644 --- a/src/openvpn/pool.c +++ b/src/openvpn/pool.c @@ -147,7 +147,7 @@ ifconfig_pool_verify_range(const int msglevel, const in_addr_t start, const in_a } struct ifconfig_pool * -ifconfig_pool_init(int type, in_addr_t start, in_addr_t end, +ifconfig_pool_init(enum pool_type type, in_addr_t start, in_addr_t end, const bool duplicate_cn, const bool ipv6_pool, const struct in6_addr ipv6_base, const int ipv6_netbits ) diff --git a/src/openvpn/pool.h b/src/openvpn/pool.h index 544d4180..73ea5599 100644 --- a/src/openvpn/pool.h +++ b/src/openvpn/pool.h @@ -34,8 +34,11 @@ #define IFCONFIG_POOL_MAX 65536 #define IFCONFIG_POOL_MIN_NETBITS 16 -#define IFCONFIG_POOL_30NET 0 -#define IFCONFIG_POOL_INDIV 1 +enum pool_type +{ + IFCONFIG_POOL_30NET, + IFCONFIG_POOL_INDIV +}; struct ifconfig_pool_entry { @@ -49,7 +52,7 @@ struct ifconfig_pool { bool duplicate_cn; struct { - int type; + enum pool_type type; in_addr_t base; int size; } ipv4; @@ -69,7 +72,7 @@ struct ifconfig_pool_persist typedef int ifconfig_pool_handle; -struct ifconfig_pool *ifconfig_pool_init(int type, in_addr_t start, in_addr_t end, const bool duplicate_cn, const bool ipv6_pool, const struct in6_addr ipv6_base, const int ipv6_netbits ); +struct ifconfig_pool *ifconfig_pool_init(enum pool_type type, in_addr_t start, in_addr_t end, const bool duplicate_cn, const bool ipv6_pool, const struct in6_addr ipv6_base, const int ipv6_netbits ); void ifconfig_pool_free(struct ifconfig_pool *pool); From patchwork Mon Jun 4 23:04:20 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 348 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director12.mail.ord1d.rsapps.net ([172.27.255.55]) by backend30.mail.ord1d.rsapps.net (Dovecot) with LMTP id /HVrEHlSFlvISgAAIUCqbw for ; Tue, 05 Jun 2018 05:06:02 -0400 Received: from proxy21.mail.iad3a.rsapps.net ([172.27.255.55]) by director12.mail.ord1d.rsapps.net (Dovecot) with LMTP id U3TkM3lSFlueVAAAIasKDg ; Tue, 05 Jun 2018 05:06:01 -0400 Received: from smtp17.gate.iad3a ([172.27.255.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy21.mail.iad3a.rsapps.net with LMTP id +PnqMXlSFlvgPAAASBQwCQ ; Tue, 05 Jun 2018 05:06:01 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp17.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: aa3832d0-689f-11e8-934c-525400723ca9-1-1 Received: from [216.105.38.7] ([216.105.38.7:25868] helo=lists.sourceforge.net) by smtp17.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 7C/1B-27399-872561B5; Tue, 05 Jun 2018 05:06:00 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1fQ7u8-0007LH-Ss; Tue, 05 Jun 2018 09:05:24 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1fQ7tz-0007Kk-2M for openvpn-devel@lists.sourceforge.net; Tue, 05 Jun 2018 09:05:15 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc: To:From:Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=G6wlqL1BSP7IeX7xdaF266rxKETqmSShA9jTbwabgbk=; b=baZ5QKrIU2jc9Xzprfmcvm4pol nRCY5yoNiY9vdOoBPfl1ZcZz8962LS3mG9i1IQjS6arTBnl5WUwfhw1II+eLl7y3u0iWoAjZ9yw9D /yesjmSIPAjzQKv2BVbfeNNzFIZm08gT2H8cEQIi3zTlCcpUALsPwRhpWcRzjg2/DmEo=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=G6wlqL1BSP7IeX7xdaF266rxKETqmSShA9jTbwabgbk=; b=KI7nlyJX28FrydcGy0T7MnqXHu bESy1iCdeABY5scMgI1b4AjqE0UHnPqbxP13a8ujW7nZZkeIS2g/CMfAPdTN60PRwRXZYlXiKFce/ sQJZqUfknhv0pwJMLDJiJIXzZp7dRhCPBRg1Nl48W3TpP+tudGjMObB8/bbAgoDjvu70=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) id 1fQ7tu-006SQW-AJ for openvpn-devel@lists.sourceforge.net; Tue, 05 Jun 2018 09:05:15 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Tue, 5 Jun 2018 17:04:20 +0800 Message-Id: <20180605090421.9746-5-a@unstable.cc> In-Reply-To: <20180605090421.9746-1-a@unstable.cc> References: <20180605090421.9746-1-a@unstable.cc> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [5.148.176.60 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1fQ7tu-006SQW-AJ Subject: [Openvpn-devel] [PATCH 4/5] pool: allow to configure an IPv6-only ifconfig-pool X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Antonio Quartulli With this change a server is allowed to allocate an IPv6-only pool. This is required to make it capable of managing an IPv6-only tunnel. Trac: #208 Cc: Gert Doering Signed-off-by: Antonio Quartulli --- src/openvpn/multi.c | 7 ++- src/openvpn/pool.c | 139 ++++++++++++++++++++++++++++++-------------- src/openvpn/pool.h | 8 ++- 3 files changed, 107 insertions(+), 47 deletions(-) diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 3da8c110..39ab6d68 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -397,7 +397,8 @@ multi_init(struct multi_context *m, struct context *t, bool tcp_mode, int thread pool_type = IFCONFIG_POOL_30NET; } - m->ifconfig_pool = ifconfig_pool_init(pool_type, + m->ifconfig_pool = ifconfig_pool_init(t->options.ifconfig_pool_defined, + pool_type, t->options.ifconfig_pool_start, t->options.ifconfig_pool_end, t->options.duplicate_cn, @@ -1497,7 +1498,9 @@ multi_select_virtual_addr(struct multi_context *m, struct multi_instance *mi) const int tunnel_topology = TUNNEL_TOPOLOGY(mi->context.c1.tuntap); msg( M_INFO, "MULTI_sva: pool returned IPv4=%s, IPv6=%s", - print_in_addr_t( remote, 0, &gc ), + (mi->context.options.ifconfig_pool_defined + ? print_in_addr_t(remote, 0, &gc) + : "(Not enabled)", (mi->context.options.ifconfig_ipv6_pool_defined ? print_in6_addr( remote_ipv6, 0, &gc ) : "(Not enabled)") ); diff --git a/src/openvpn/pool.c b/src/openvpn/pool.c index 5d503a33..08addc6f 100644 --- a/src/openvpn/pool.c +++ b/src/openvpn/pool.c @@ -58,6 +58,22 @@ ifconfig_pool_entry_free(struct ifconfig_pool_entry *ipe, bool hard) } } +static const int +ifconfig_pool_size(const struct ifconfig_pool *pool) +{ + /* at least one pool is enabled, but base logic on IPv4 if both are, because + * it is always smaller + */ + if (pool->ipv4.enabled) + { + return pool->ipv4.size; + } + else + { + return pool->ipv6.size; + } +} + static int ifconfig_pool_find(struct ifconfig_pool *pool, const char *common_name) { @@ -65,8 +81,11 @@ ifconfig_pool_find(struct ifconfig_pool *pool, const char *common_name) time_t earliest_release = 0; int previous_usage = -1; int new_usage = -1; + int pool_size; + + pool_size = ifconfig_pool_size(pool); - for (i = 0; i < pool->ipv4.size; ++i) + for (i = 0; i < pool_size; ++i) { struct ifconfig_pool_entry *ipe = &pool->list[i]; if (!ipe->in_use) @@ -147,34 +166,40 @@ ifconfig_pool_verify_range(const int msglevel, const in_addr_t start, const in_a } struct ifconfig_pool * -ifconfig_pool_init(enum pool_type type, in_addr_t start, in_addr_t end, - const bool duplicate_cn, +ifconfig_pool_init(const bool ipv4_pool, enum pool_type type, in_addr_t start, + in_addr_t end, const bool duplicate_cn, const bool ipv6_pool, const struct in6_addr ipv6_base, const int ipv6_netbits ) { struct gc_arena gc = gc_new(); struct ifconfig_pool *pool = NULL; + int pool_size = -1; ASSERT(start <= end && end - start < IFCONFIG_POOL_MAX); ALLOC_OBJ_CLEAR(pool, struct ifconfig_pool); - pool->ipv4.type = type; pool->duplicate_cn = duplicate_cn; - switch (pool->ipv4.type) + pool->ipv4.enabled = ipv4_pool; + + if (pool->ipv4.enabled) { - case IFCONFIG_POOL_30NET: - pool->ipv4.base = start & ~3; - pool->ipv4.size = (((end | 3) + 1) - pool->ipv4.base) >> 2; - break; + pool->ipv4.type = type; + switch (pool->ipv4.type) + { + case IFCONFIG_POOL_30NET: + pool->ipv4.base = start & ~3; + pool->ipv4.size = (((end | 3) + 1) - pool->ipv4.base) >> 2; + break; - case IFCONFIG_POOL_INDIV: - pool->ipv4.base = start; - pool->ipv4.size = end - start + 1; - break; + case IFCONFIG_POOL_INDIV: + pool->ipv4.base = start; + pool->ipv4.size = end - start + 1; + break; - default: - ASSERT(0); + default: + ASSERT(0); + } } /* IPv6 pools are always "INDIV" type */ @@ -189,19 +214,27 @@ ifconfig_pool_init(enum pool_type type, in_addr_t start, in_addr_t end, msg( D_IFCONFIG_POOL, "IFCONFIG POOL IPv6: (IPv4) size=%d, size_ipv6=%d, netbits=%d, base_ipv6=%s", pool->ipv4.size, pool->ipv6.size, ipv6_netbits, print_in6_addr(pool->ipv6.base, 0, &gc)); + } - /* the current code is very simple and assumes that the IPv6 - * pool is at least as big as the IPv4 pool, and we don't need - * to do separate math etc. for IPv6 - */ + /* the current code is very simple and assumes that the IPv6 + * pool is at least as big as the IPv4 pool, and we don't need + * to do separate math etc. for IPv6 + */ + if (pool->ipv4.enabled && pool->ipv6.enabled) + { ASSERT(pool->ipv4.size < pool->ipv6.size); } - ALLOC_ARRAY_CLEAR(pool->list, struct ifconfig_pool_entry, pool->ipv4.size); + pool_size = ifconfig_pool_size(pool); + + ALLOC_ARRAY_CLEAR(pool->list, struct ifconfig_pool_entry, pool_size); - msg(D_IFCONFIG_POOL, "IFCONFIG POOL: base=%s size=%d, ipv6=%d", - print_in_addr_t(pool->ipv4.base, 0, &gc), - pool->ipv4.size, pool->ipv6.enabled); + if (pool->ipv4.enabled) + { + msg(D_IFCONFIG_POOL, "IFCONFIG POOL: base=%s size=%d, ipv6=%d", + print_in_addr_t(pool->ipv4.base, 0, &gc), pool->ipv4.size, + pool->ipv6.enabled); + } gc_free(&gc); return pool; @@ -212,8 +245,11 @@ ifconfig_pool_free(struct ifconfig_pool *pool) { if (pool) { - int i; - for (i = 0; i < pool->ipv4.size; ++i) + int i, pool_size; + + pool_size = ifconfig_pool_size(pool); + + for (i = 0; i < pool_size; ++i) { ifconfig_pool_entry_free(&pool->list[i], true); } @@ -239,26 +275,29 @@ ifconfig_pool_acquire(struct ifconfig_pool *pool, in_addr_t *local, in_addr_t *r ipe->common_name = string_alloc(common_name, NULL); } - switch (pool->ipv4.type) + if (pool->ipv4.enabled && local && remote) { - case IFCONFIG_POOL_30NET: + switch (pool->ipv4.type) { - in_addr_t b = pool->ipv4.base + (i << 2); - *local = b + 1; - *remote = b + 2; - break; - } + case IFCONFIG_POOL_30NET: + { + in_addr_t b = pool->ipv4.base + (i << 2); + *local = b + 1; + *remote = b + 2; + break; + } - case IFCONFIG_POOL_INDIV: - { - in_addr_t b = pool->ipv4.base + i; - *local = 0; - *remote = b; - break; - } + case IFCONFIG_POOL_INDIV: + { + in_addr_t b = pool->ipv4.base + i; + *local = 0; + *remote = b; + break; + } - default: - ASSERT(0); + default: + ASSERT(0); + } } /* IPv6 pools are always INDIV (--linear) */ @@ -274,7 +313,9 @@ bool ifconfig_pool_release(struct ifconfig_pool *pool, ifconfig_pool_handle hand, const bool hard) { bool ret = false; - if (pool && hand >= 0 && hand < pool->ipv4.size) + int pool_size = ifconfig_pool_size(pool); + + if (pool && hand >= 0 && hand < pool_size) { ifconfig_pool_entry_free(&pool->list[hand], hard); ret = true; @@ -286,6 +327,7 @@ ifconfig_pool_release(struct ifconfig_pool *pool, ifconfig_pool_handle hand, con * private access functions */ +/* currently handling IPv4 logic only */ static ifconfig_pool_handle ifconfig_pool_ip_base_to_handle(const struct ifconfig_pool *pool, const in_addr_t addr) { @@ -380,9 +422,9 @@ ifconfig_pool_list(const struct ifconfig_pool *pool, struct status_output *out) if (pool && out) { struct gc_arena gc = gc_new(); - int i; + int i, pool_size = ifconfig_pool_size(pool); - for (i = 0; i < pool->ipv4.size; ++i) + for (i = 0; i < pool_size; ++i) { const struct ifconfig_pool_entry *e = &pool->list[i]; if (e->common_name) @@ -475,6 +517,15 @@ ifconfig_pool_read(struct ifconfig_pool_persist *persist, struct ifconfig_pool * const int buf_size = 128; update_time(); + + /* IPv6 logic not implemented yet, therefore bail out if no IPv4 pool was + * configured + */ + if (pool && !pool->ipv4.enabled) + { + return; + } + if (persist && persist->file && pool) { struct gc_arena gc = gc_new(); diff --git a/src/openvpn/pool.h b/src/openvpn/pool.h index 73ea5599..6af04645 100644 --- a/src/openvpn/pool.h +++ b/src/openvpn/pool.h @@ -52,6 +52,7 @@ struct ifconfig_pool { bool duplicate_cn; struct { + bool enabled; enum pool_type type; in_addr_t base; int size; @@ -72,7 +73,12 @@ struct ifconfig_pool_persist typedef int ifconfig_pool_handle; -struct ifconfig_pool *ifconfig_pool_init(enum pool_type type, in_addr_t start, in_addr_t end, const bool duplicate_cn, const bool ipv6_pool, const struct in6_addr ipv6_base, const int ipv6_netbits ); +struct ifconfig_pool *ifconfig_pool_init(const bool ipv4_pool, + enum pool_type type, in_addr_t start, + in_addr_t end, const bool duplicate_cn, + const bool ipv6_pool, + const struct in6_addr ipv6_base, + const int ipv6_netbits); void ifconfig_pool_free(struct ifconfig_pool *pool); From patchwork Mon Jun 4 23:04:21 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 350 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director8.mail.ord1d.rsapps.net ([172.27.255.59]) by backend30.mail.ord1d.rsapps.net (Dovecot) with LMTP id jLFDA4pSFlsuWgAAIUCqbw for ; Tue, 05 Jun 2018 05:06:18 -0400 Received: from proxy17.mail.iad3a.rsapps.net ([172.27.255.59]) by director8.mail.ord1d.rsapps.net (Dovecot) with LMTP id I1x0D4pSFltucgAAfY0hYg ; Tue, 05 Jun 2018 05:06:18 -0400 Received: from smtp51.gate.iad3a ([172.27.255.59]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy17.mail.iad3a.rsapps.net with LMTP id qAmRDYpSFlv+LQAAR4KW9A ; Tue, 05 Jun 2018 05:06:18 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp51.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: b490af14-689f-11e8-9e46-525400aaff7b-1-1 Received: from [216.105.38.7] ([216.105.38.7:8659] helo=lists.sourceforge.net) by smtp51.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 77/E0-08969-982561B5; Tue, 05 Jun 2018 05:06:18 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1fQ7u9-0004AZ-Be; Tue, 05 Jun 2018 09:05:25 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1fQ7tx-0004A0-QB for openvpn-devel@lists.sourceforge.net; Tue, 05 Jun 2018 09:05:13 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc: To:From:Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=j/lJ4QER5g2RETBprKDg0/DK0PcA2Q4x9LDP2JM44WA=; b=gfczkmghRgVFynw9VMb9MEfL7K g6CtvozCmFUnba0/fz4l33oarqd+zkO+6Fvo9+T2kwPKPX1RSL7Ti7QXOy93jFyDDoXuhoALykKMQ BQpB/fy+7Bt+UI3E4dOeP3rsSMwXo5f5/A8+UpBP28zg32OOs/NiKpfWyzXieRNsKNAA=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=j/lJ4QER5g2RETBprKDg0/DK0PcA2Q4x9LDP2JM44WA=; b=KSh1kTU27Jmv+WKQ/fFWYo2v4R uDWW/5Lm77ki1g3broiiiXZAbQQ1H2tkI7+0NbSehYfTIPvTs9yJkbwlfEc/OuZ4rIzOVoLN1Rp3S widevRUjyHPTW+12PDrSj8pZl/uCINbmd2lHSv7v0fEcbZKgN8JVO5mSc4YgSnfD1A6Y=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) id 1fQ7tw-006SQd-8W for openvpn-devel@lists.sourceforge.net; Tue, 05 Jun 2018 09:05:13 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Tue, 5 Jun 2018 17:04:21 +0800 Message-Id: <20180605090421.9746-6-a@unstable.cc> In-Reply-To: <20180605090421.9746-1-a@unstable.cc> References: <20180605090421.9746-1-a@unstable.cc> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [5.148.176.60 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1fQ7tw-006SQd-8W Subject: [Openvpn-devel] [PATCH 5/5] make server capable of starting with an IPv6-only tunnel X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Antonio Quartulli Due to the current logic it is not possible for a server to create an IPv6-only tunnel, because OpenVPN mandates the existance of an IPv4 configuration (even if fake). This change relaxes this constraint and allows servers to bring up tunnels without any IPv4 setting at all. For the user this means that a server can be configured with just the "--server-ipv6" directive and no "--server" at all. Trac: #208 Cc: Gert Doering Signed-off-by: Antonio Quartulli --- src/openvpn/helper.c | 8 ++++++-- src/openvpn/multi.c | 3 ++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/src/openvpn/helper.c b/src/openvpn/helper.c index ff9df506..42ba5b2c 100644 --- a/src/openvpn/helper.c +++ b/src/openvpn/helper.c @@ -177,10 +177,11 @@ helper_client_server(struct options *o) */ if (o->server_ipv6_defined) { - if (!o->server_defined) + if (o->client) { - msg(M_USAGE, "--server-ipv6 must be used together with --server"); + msg(M_USAGE, "--server and --client cannot be used together"); } + if (o->server_flags & SF_NOPOOL) { msg( M_USAGE, "--server-ipv6 is incompatible with 'nopool' option" ); @@ -190,6 +191,9 @@ helper_client_server(struct options *o) msg( M_USAGE, "--server-ipv6 already defines an ifconfig-ipv6-pool, so you can't also specify --ifconfig-pool explicitly"); } + o->mode = MODE_SERVER; + o->tls_server = true; + /* local ifconfig is "base address + 1" and "+2" */ o->ifconfig_ipv6_local = print_in6_addr( add_in6_addr( o->server_network_ipv6, 1), 0, &o->gc ); diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 39ab6d68..5d10bd18 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -388,7 +388,8 @@ multi_init(struct multi_context *m, struct context *t, bool tcp_mode, int thread * differently based on whether a tun or tap style * tunnel. */ - if (t->options.ifconfig_pool_defined) + if (t->options.ifconfig_pool_defined + || t->options.ifconfig_ipv6_pool_defined) { int pool_type = IFCONFIG_POOL_INDIV;