Acked-by: Gert Doering <g...@greenie.muc.de> Reviewed again ("stare at code"). Most of the changes are really "straightforward", as soon as done :-) - make all the IPv4 stuff in the pool handling conditional, make IPv6 "stand on its own", plus fiddling with minimum sizes (if both protocols are "on", the more limited pool limits the size of the other protocol).
There still is *one* "pool" structure, but its IPv4 and IPv6 parts are now fully independent, except for the common size limitation - and that is fine, as there is currently no logic to tell openvpn "oh, this client only gets a v4 pool address", or "and v6 comes from that *other* pool". Maybe some day, but that's a different patchset. One thing we actually might spend some more thought on is this one: pool->ipv6.size = ipv6_netbits > 112 ? (1 << (128 - ipv6_netbits)) - base : IFCONFIG_POOL_MAX; which, I think, will not do the right thing for ifconfig-ipv6-pool 2001:db8::f000/112 (it will come up with "65536", but the actual max size should be 4096, ::f000 to :ffff) - so it should be ">= 112" there. But... even for a larger pool, if the base address is sufficiently silly, this will still not do what we intended to - 2001:db8::ffff:f000/96 will still overrun after 4096 clients, not having space for IFCONFIG_POOL_MAX. Since this is no worse than today for silly configs, and better than today for /113.../128, it makes sense to merge as it is, but we need to revisit this. (Note: when I say "overrun", it's not a "the pool structure will overrun and OpenVPN will segfault" overrun, it's just "we hand out pool addresses that are not part of the specified subnet" - which OpenVPN has always done, if the pool was specified in a silly-enough way, but Antonio and I decided to fix this now by reducing the pool size according to the base address, so the last address handed out is always "$net:ffff" - with the correct number of "f", of course) Tested on the t_server setup with "no pools at all" (-> crash in v4) and "only v6 pool". Passed t_client tests, of course, but since no client-related code paths are touched, this was just extra double-checking. Your patch has been applied to the master branch. commit 452113155e791fdf6091de0422391ff62bda2ac9 Author: Antonio Quartulli Date: Mon Jun 1 22:06:24 2020 +0200 pool: allow to configure an IPv6-only ifconfig-pool Signed-off-by: Antonio Quartulli <anto...@openvpn.net> Acked-by: Gert Doering <g...@greenie.muc.de> Message-Id: <20200601200624.14765-...@unstable.cc> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg19957.html Signed-off-by: Gert Doering <g...@greenie.muc.de> -- kind regards, Gert Doering _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel