This option was useful when Ipv6 tun support was non standard and was an internal/user specified flag that tracked the Ipv6 capability of the tun device.
All supported OS support IPv6. Also tun-ipv6 is pushable by the remote so not putting tun-ipv6 does not forbid ipv6 addresses. This commit also clean up a bit of the ipv6 related tun.c. Changes for most platforms are minimal. For linux a bit more cleanup is done: - Remove compatibility defines that were added 2008 - Always use IFF_NO_PI for the linux tun and not only for IPv4 only tun setups (Android also always IFF_NO_PI works fine with Ipv6). This commit also remove a non ipv6 fallback for tap driver from OpenVPN 2.2-beta or earlier and only warns. Patch V2: Integrate Gert's comments Patch V3: Remove tun_ipv4 option. It only used for MTU discovery and there it was wrong since it should on the transport protocol if at all Patch V4: do not send V3 as V2 --- Changes.rst | 3 ++ src/openvpn/forward.c | 2 +- src/openvpn/helper.c | 2 - src/openvpn/init.c | 6 --- src/openvpn/multi.c | 8 ++-- src/openvpn/openvpn.h | 5 --- src/openvpn/options.c | 11 +---- src/openvpn/options.h | 1 - src/openvpn/route.c | 13 ++---- src/openvpn/tun.c | 110 ++++++++++---------------------------------------- src/openvpn/tun.h | 2 - 11 files changed, 32 insertions(+), 131 deletions(-) diff --git a/Changes.rst b/Changes.rst index 9fcba75..2956003 100644 --- a/Changes.rst +++ b/Changes.rst @@ -135,6 +135,9 @@ User-visible Changes ciphers configured in the config file. Use --ncp-disable if you don't want that. +- ALl tun devices on all platforms are considered always IPv6 capable. The --tun-ipv6 + option is ignored (behaves like it is always on). + Maintainer-visible changes -------------------------- diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 6c11439..b3077ed 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -391,7 +391,7 @@ check_fragment_dowork (struct context *c) struct link_socket_info *lsi = get_link_socket_info (c); /* OS MTU Hint? */ - if (lsi->mtu_changed && c->c2.ipv4_tun) + if (lsi->mtu_changed) { frame_adjust_path_mtu (&c->c2.frame_fragment, c->c2.link_socket->mtu, c->options.ce.proto); diff --git a/src/openvpn/helper.c b/src/openvpn/helper.c index 62f88ec..229523d 100644 --- a/src/openvpn/helper.c +++ b/src/openvpn/helper.c @@ -200,8 +200,6 @@ helper_client_server (struct options *o) add_in6_addr( o->server_network_ipv6, 0x1000 ); o->ifconfig_ipv6_pool_netbits = o->server_netbits_ipv6; - o->tun_ipv6 = true; - push_option( o, "tun-ipv6", M_USAGE ); } diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 9236a9f..7b73509 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -1400,9 +1400,6 @@ do_init_tun (struct context *c) !c->options.ifconfig_nowarn, c->c2.es); - /* flag tunnel for IPv6 config if --tun-ipv6 is set */ - c->c1.tuntap->ipv6 = c->options.tun_ipv6; - init_tun_post (c->c1.tuntap, &c->c2.frame, &c->options.tuntap_options); @@ -1420,9 +1417,6 @@ do_open_tun (struct context *c) struct gc_arena gc = gc_new (); bool ret = false; - c->c2.ipv4_tun = (!c->options.tun_ipv6 - && is_dev_type (c->options.dev, c->options.dev_type, "tun")); - #ifndef TARGET_ANDROID if (!c->c1.tuntap) { diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index ba7f2c0..228b393 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -1377,8 +1377,7 @@ multi_select_virtual_addr (struct multi_context *m, struct multi_instance *mi) * (see below) so issue a warning if that happens - don't break the * session, though, as we don't even know if this client WANTS IPv6 */ - if ( mi->context.c1.tuntap->ipv6 && - mi->context.options.ifconfig_ipv6_pool_defined && + if ( mi->context.options.ifconfig_ipv6_pool_defined && ! mi->context.options.push_ifconfig_ipv6_defined ) { msg( M_INFO, "MULTI_sva: WARNING: if --ifconfig-push is used for IPv4, automatic IPv6 assignment from --ifconfig-ipv6-pool does not work. Use --ifconfig-ipv6-push for IPv6 then." ); @@ -1451,8 +1450,7 @@ multi_select_virtual_addr (struct multi_context *m, struct multi_instance *mi) * way round ("dynamic IPv4, static IPv6") or "both static" makes sense * -> and so it's implemented right now */ - if ( mi->context.c1.tuntap->ipv6 && - mi->context.options.push_ifconfig_ipv6_defined ) + if ( mi->context.options.push_ifconfig_ipv6_defined ) { mi->context.c2.push_ifconfig_ipv6_local = mi->context.options.push_ifconfig_ipv6_local; @@ -1510,7 +1508,7 @@ multi_set_virtual_addr_env (struct multi_context *m, struct multi_instance *mi) setenv_del (mi->context.c2.es, "ifconfig_pool_remote_ip6"); setenv_del (mi->context.c2.es, "ifconfig_pool_ip6_netbits"); - if (mi->context.c1.tuntap->ipv6 && mi->context.c2.push_ifconfig_ipv6_defined) + if (mi->context.c2.push_ifconfig_ipv6_defined) { setenv_in6_addr (mi->context.c2.es, "ifconfig_pool_remote", diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h index 1a458f1..66d06b5 100644 --- a/src/openvpn/openvpn.h +++ b/src/openvpn/openvpn.h @@ -390,11 +390,6 @@ struct context_2 struct buffer to_tun; struct buffer to_link; - /* - * IPv4 TUN device? - */ - bool ipv4_tun; - /* should we print R|W|r|w to console on packet transfers? */ bool log_rw; diff --git a/src/openvpn/options.c b/src/openvpn/options.c index e052042..0bab660 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -1496,7 +1496,6 @@ show_settings (const struct options *o) SHOW_STR (dev_node); SHOW_STR (lladdr); SHOW_INT (topology); - SHOW_BOOL (tun_ipv6); SHOW_STR (ifconfig_local); SHOW_STR (ifconfig_remote_netmask); SHOW_BOOL (ifconfig_noexec); @@ -2099,10 +2098,6 @@ options_postprocess_verify_ce (const struct options *options, const struct conne options->connection_list->array[0]->remote) msg (M_USAGE, "<connection> cannot be used with --mode server"); -#if 0 - if (options->tun_ipv6) - msg (M_USAGE, "--tun-ipv6 cannot be used with --mode server"); -#endif if (options->shaper) msg (M_USAGE, "--shaper cannot be used with --mode server"); if (options->inetd) @@ -2126,9 +2121,6 @@ options_postprocess_verify_ce (const struct options *options, const struct conne msg (M_USAGE, "--ifconfig-pool-persist must be used with --ifconfig-pool"); if (options->ifconfig_ipv6_pool_defined && !options->ifconfig_ipv6_local ) msg (M_USAGE, "--ifconfig-ipv6-pool needs --ifconfig-ipv6"); - if (options->ifconfig_ipv6_local && !options->tun_ipv6 ) - msg (M_INFO, "Warning: --ifconfig-ipv6 without --tun-ipv6 will not do IPv6"); - if (options->auth_user_pass_file) msg (M_USAGE, "--auth-user-pass cannot be used with --mode server (it should be used on the client side only)"); if (options->ccd_exclusive && !options->client_config_dir) @@ -3077,7 +3069,7 @@ options_string (const struct options *o, /* send tun_ipv6 only in peer2peer mode - in client/server mode, it * is usually pushed by the server, triggering a non-helpful warning */ - if (o->tun_ipv6 && o->mode == MODE_POINT_TO_POINT && !PULL_DEFINED(o)) + if (o->ifconfig_ipv6_local && o->mode == MODE_POINT_TO_POINT && !PULL_DEFINED(o)) buf_printf (&out, ",tun-ipv6"); /* @@ -4578,7 +4570,6 @@ add_option (struct options *options, else if (streq (p[0], "tun-ipv6") && !p[1]) { VERIFY_PERMISSION (OPT_P_UP); - options->tun_ipv6 = true; } #ifdef ENABLE_IPROUTE else if (streq (p[0], "iproute") && p[1] && !p[2]) diff --git a/src/openvpn/options.h b/src/openvpn/options.h index 9b7b57c..b7453a0 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -251,7 +251,6 @@ struct options int ping_send_timeout; /* Send a TCP/UDP ping to remote every n seconds */ int ping_rec_timeout; /* Expect a TCP/UDP ping from remote at least once every n seconds */ bool ping_timer_remote; /* Run ping timer only if we have a remote address */ - bool tun_ipv6; /* Build tun dev that supports IPv6 */ # define PING_UNDEF 0 # define PING_EXIT 1 diff --git a/src/openvpn/route.c b/src/openvpn/route.c index 85aec71..82855d6 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -1729,10 +1729,10 @@ add_route_ipv6 (struct route_ipv6 *r6, const struct tuntap *tt, unsigned int fla } #endif - if ( !tt->ipv6 ) + if (!tt->did_ifconfig_ipv6_setup) { - msg( M_INFO, "add_route_ipv6(): not adding %s/%d, no IPv6 on if %s", - network, r6->netbits, device ); + msg( M_INFO, "add_route_ipv6(): not adding %s/%d, no IPv6 ifconfig on if %s", + network, r6->netbits, device); return; } @@ -2159,13 +2159,6 @@ delete_route_ipv6 (const struct route_ipv6 *r6, const struct tuntap *tt, unsigne } #endif - if ( !tt->ipv6 ) - { - msg( M_INFO, "delete_route_ipv6(): not deleting %s/%d, no IPv6 on if %s", - network, r6->netbits, device ); - return; - } - msg( M_INFO, "delete_route_ipv6(%s/%d)", network, r6->netbits ); /* if we used a gateway on "add route", we also need to specify it on diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index b7a29f7..2fbb33c 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -741,8 +741,8 @@ do_ifconfig (struct tuntap *tt, argv_init (&argv); - msg( M_INFO, "do_ifconfig, tt->ipv6=%d, tt->did_ifconfig_ipv6_setup=%d", - tt->ipv6, tt->did_ifconfig_ipv6_setup ); + msg( M_INFO, "do_ifconfig, tt->did_ifconfig_ipv6_setup=%d", + tt->did_ifconfig_ipv6_setup ); /* * We only handle TUN/TAP devices here, not --dev null devices. @@ -755,7 +755,7 @@ do_ifconfig (struct tuntap *tt, ifconfig_local = print_in_addr_t (tt->local, 0, &gc); ifconfig_remote_netmask = print_in_addr_t (tt->remote_netmask, 0, &gc); - if ( tt->ipv6 && tt->did_ifconfig_ipv6_setup ) + if (tt->did_ifconfig_ipv6_setup ) { ifconfig_ipv6_local = print_in6_addr (tt->local_ipv6, 0, &gc); ifconfig_ipv6_remote = print_in6_addr (tt->remote_ipv6, 0, &gc); @@ -1127,6 +1127,8 @@ do_ifconfig (struct tuntap *tt, if ( do_ipv6 ) { #ifdef NETBSD_MULTI_AF +#error no IPv6 support for tun interfaces on NetBSD before 4.0, upgrade your system. +#endif argv_printf (&argv, "%s %s inet6 %s/%d", IFCONFIG_PATH, @@ -1139,10 +1141,6 @@ do_ifconfig (struct tuntap *tt, /* and, hooray, we explicitely need to add a route... */ add_route_connected_v6_net(tt, es); -#else - msg( M_INFO, "no IPv6 support for tun interfaces on NetBSD before 4.0 (if your system is newer, recompile openvpn)" ); - tt->ipv6 = false; -#endif } tt->did_ifconfig = true; @@ -1425,7 +1423,6 @@ clear_tuntap (struct tuntap *tuntap) #ifdef TARGET_SOLARIS tuntap->ip_fd = -1; #endif - tuntap->ipv6 = false; } static void @@ -1478,7 +1475,7 @@ write_tun_header (struct tuntap* tt, uint8_t *buf, int len) iph = (struct ip *) buf; - if (tt->ipv6 && iph->ip_v == 6) + if (iph->ip_v == 6) type = htonl (AF_INET6); else type = htonl (AF_INET); @@ -1526,7 +1523,7 @@ open_tun_generic (const char *dev, const char *dev_type, const char *dev_node, bool dynamic_opened = false; - if ( tt->ipv6 && ! ipv6_explicitly_supported ) + if ( ! ipv6_explicitly_supported ) msg (M_WARN, "NOTE: explicit support for IPv6 tun devices is not provided for this OS"); if (tt->type == DEV_TYPE_NULL) @@ -1710,7 +1707,6 @@ read_tun (struct tuntap* tt, uint8_t *buf, int len) } #elif defined(TARGET_LINUX) -#ifdef HAVE_LINUX_IF_TUN_H /* New driver support */ #ifndef HAVE_LINUX_SOCKIOS_H #error header file linux/sockios.h required @@ -1751,8 +1747,7 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, struct tu * Process --tun-ipv6 */ CLEAR (ifr); - if (!tt->ipv6) - ifr.ifr_flags = IFF_NO_PI; + ifr.ifr_flags = IFF_NO_PI; #if defined(IFF_ONE_QUEUE) && defined(SIOCSIFTXQLEN) ifr.ifr_flags |= IFF_ONE_QUEUE; @@ -1833,32 +1828,10 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, struct tu ASSERT (0); } -#endif - -#else - -void -open_tun (const char *dev, const char *dev_type, const char *dev_node, struct tuntap *tt) -{ - open_tun_generic (dev, dev_type, dev_node, false, true, tt); -} - -#endif /* HAVE_LINUX_IF_TUN_H */ +#endif /* !PENDANTIC */ #ifdef ENABLE_FEATURE_TUN_PERSIST -/* - * This can be removed in future - * when all systems will use newer - * linux-headers - */ -#ifndef TUNSETOWNER -#define TUNSETOWNER _IOW('T', 204, int) -#endif -#ifndef TUNSETGROUP -#define TUNSETGROUP _IOW('T', 206, int) -#endif - void tuncfg (const char *dev, const char *dev_type, const char *dev_node, int persist_mode, const char *username, const char *groupname, const struct tuntap_options *options) { @@ -1940,7 +1913,7 @@ close_tun (struct tuntap *tt) argv_msg (M_INFO, &argv); openvpn_execve_check (&argv, NULL, 0, "Linux ip addr del failed"); - if (tt->ipv6 && tt->did_ifconfig_ipv6_setup) + if (tt->did_ifconfig_ipv6_setup) { const char * ifconfig_ipv6_local = print_in6_addr (tt->local_ipv6, 0, &gc); @@ -1977,53 +1950,13 @@ close_tun (struct tuntap *tt) int write_tun (struct tuntap* tt, uint8_t *buf, int len) { - if (tt->ipv6) - { - struct tun_pi pi; - struct iphdr *iph; - struct iovec vect[2]; - int ret; - - iph = (struct iphdr *)buf; - - pi.flags = 0; - - if(iph->version == 6) - pi.proto = htons(OPENVPN_ETH_P_IPV6); - else - pi.proto = htons(OPENVPN_ETH_P_IPV4); - - vect[0].iov_len = sizeof(pi); - vect[0].iov_base = π - vect[1].iov_len = len; - vect[1].iov_base = buf; - - ret = writev(tt->fd, vect, 2); - return(ret - sizeof(pi)); - } - else - return write (tt->fd, buf, len); + return write (tt->fd, buf, len); } int read_tun (struct tuntap* tt, uint8_t *buf, int len) { - if (tt->ipv6) - { - struct iovec vect[2]; - struct tun_pi pi; - int ret; - - vect[0].iov_len = sizeof(pi); - vect[0].iov_base = π - vect[1].iov_len = len; - vect[1].iov_base = buf; - - ret = readv(tt->fd, vect, 2); - return(ret - sizeof(pi)); - } - else - return read (tt->fd, buf, len); + return read (tt->fd, buf, len); } #elif defined(TARGET_SOLARIS) @@ -2227,7 +2160,7 @@ solaris_close_tun (struct tuntap *tt) if (tt) { /* IPv6 interfaces need to be 'manually' de-configured */ - if ( tt->ipv6 && tt->did_ifconfig_ipv6_setup ) + if ( tt->did_ifconfig_ipv6_setup ) { struct argv argv; argv_init (&argv); @@ -2518,7 +2451,7 @@ write_tun (struct tuntap* tt, uint8_t *buf, int len) iph = (struct openvpn_iphdr *) buf; - if (tt->ipv6 && OPENVPN_IPH_GET_VER(iph->version_len) == 6) + if (OPENVPN_IPH_GET_VER(iph->version_len) == 6) type = htonl (AF_INET6); else type = htonl (AF_INET); @@ -2644,7 +2577,7 @@ write_tun (struct tuntap* tt, uint8_t *buf, int len) iph = (struct ip *) buf; - if (tt->ipv6 && iph->ip_v == 6) + if (iph->ip_v == 6) type = htonl (AF_INET6); else type = htonl (AF_INET); @@ -2727,7 +2660,7 @@ write_tun (struct tuntap* tt, uint8_t *buf, int len) iph = (struct ip *) buf; - if (tt->ipv6 && iph->ip_v == 6) + if (iph->ip_v == 6) type = htonl (AF_INET6); else type = htonl (AF_INET); @@ -2954,7 +2887,7 @@ close_tun (struct tuntap* tt) struct argv argv; argv_init (&argv); - if ( tt->ipv6 && tt->did_ifconfig_ipv6_setup ) + if (tt->did_ifconfig_ipv6_setup ) { const char * ifconfig_ipv6_local = print_in6_addr (tt->local_ipv6, 0, &gc); @@ -5182,7 +5115,7 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, struct tu /*netcmd_semaphore_lock ();*/ - msg( M_INFO, "open_tun, tt->ipv6=%d", tt->ipv6 ); + msg( M_INFO, "open_tun"); if (tt->type == DEV_TYPE_NULL) { @@ -5308,11 +5241,10 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, struct tu /* usage of numeric constants is ugly, but this is really tied to * *this* version of the driver */ - if ( tt->ipv6 && tt->type == DEV_TYPE_TUN && + if (tt->type == DEV_TYPE_TUN && info[0] == 9 && info[1] < 8) { - msg( M_INFO, "WARNING: Tap-Win32 driver version %d.%d does not support IPv6 in TUN mode. IPv6 will be disabled. Upgrade to Tap-Win32 9.8 (2.2-beta3 release or later) or use TAP mode to get IPv6", (int) info[0], (int) info[1] ); - tt->ipv6 = false; + msg( M_INFO, "WARNING: Tap-Win32 driver version %d.%d does not support IPv6 in TUN mode. IPv6 will not work. Upgrade to Tap-Win32 9.8 (2.2-beta3 release or later) or use TAP mode to get IPv6", (int) info[0], (int) info[1] ); } /* tap driver 9.8 (2.2.0 and 2.2.1 release) is buggy @@ -5653,7 +5585,7 @@ close_tun (struct tuntap *tt) if (tt) { - if ( tt->ipv6 && tt->did_ifconfig_ipv6_setup ) + if ( tt->did_ifconfig_ipv6_setup ) { if (tt->options.msg_channel) { diff --git a/src/openvpn/tun.h b/src/openvpn/tun.h index 4e93a3f..88431fb 100644 --- a/src/openvpn/tun.h +++ b/src/openvpn/tun.h @@ -139,8 +139,6 @@ struct tuntap bool did_ifconfig_ipv6_setup; bool did_ifconfig; - bool ipv6; - bool persistent_if; /* if existed before, keep on program end */ struct tuntap_options options; /* options set on command line */ -- 2.8.4 (Apple Git-73) ------------------------------------------------------------------------------ _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel