Attention is currently required from: cron2, flichtenheld, plaisthos.
Hello cron2, flichtenheld,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/750?usp=email
to look at the new patch set (#7).
The following approvals got outdated and were removed:
Code-Review+2 by cron2
Change subject: Automatically enable ifconfig-exec/route-exec behaviour for
afunix tun/tap
......................................................................
Automatically enable ifconfig-exec/route-exec behaviour for afunix tun/tap
Change-Id: I0a2957699757665d70514ba7cafe833443018ad6
Signed-off-by: Arne Schwabe <[email protected]>
---
M src/openvpn/init.c
M src/openvpn/tun.c
2 files changed, 30 insertions(+), 5 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/50/750/7
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 5b2228c..05ae641 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -1679,6 +1679,18 @@
#endif /* ifdef ENABLE_MANAGEMENT */
}
+/**
+ * Determine if external route commands should be executed based on
+ * configured options and backend driver
+ */
+static bool
+route_noexec_enabled(const struct options *o, const struct tuntap *tt)
+{
+ return o->route_noexec
+ || (tt && tt->backend_driver == DRIVER_AFUNIX)
+ || (tt && tt->backend_driver == DRIVER_NULL);
+}
+
/*
* Possibly add routes and/or call route-up script
* based on options.
@@ -1693,7 +1705,7 @@
openvpn_net_ctx_t *ctx)
{
bool ret = true;
- if (!options->route_noexec && ( route_list || route_ipv6_list ) )
+ if (!route_noexec_enabled(options, tt) && ( route_list || route_ipv6_list
) )
{
ret = add_routes(route_list, route_ipv6_list, tt,
ROUTE_OPTION_FLAGS(options),
es, ctx);
@@ -1858,6 +1870,19 @@
#endif
}
+/**
+ * Determines if ifconfig execution should be disabled because of a
+ * @param c
+ * @return
+ */
+static bool
+ifconfig_noexec_enabled(const struct context *c)
+{
+ return c->options.ifconfig_noexec
+ || (c->c1.tuntap && c->c1.tuntap->backend_driver == DRIVER_AFUNIX)
+ || (c->c1.tuntap && c->c1.tuntap->backend_driver == DRIVER_NULL);
+}
+
static void
open_tun_backend(struct context *c)
{
@@ -1937,7 +1962,7 @@
}
/* do ifconfig */
- if (!c->options.ifconfig_noexec
+ if (!ifconfig_noexec_enabled(c)
&& ifconfig_order(c->c1.tuntap) == IFCONFIG_BEFORE_TUN_OPEN)
{
/* guess actual tun/tap unit number that will be returned
@@ -1978,7 +2003,7 @@
}
/* do ifconfig */
- if (!c->options.ifconfig_noexec
+ if (!ifconfig_noexec_enabled(c)
&& ifconfig_order(c->c1.tuntap) == IFCONFIG_AFTER_TUN_OPEN)
{
do_ifconfig(c->c1.tuntap, c->c1.tuntap->actual_name,
@@ -2061,7 +2086,7 @@
if (c->c1.tuntap)
{
- if (!c->options.ifconfig_noexec)
+ if (!ifconfig_noexec_enabled(c))
{
undo_ifconfig(c->c1.tuntap, &c->net_ctx);
}
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index b944350..db88202 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -1744,7 +1744,7 @@
void
undo_ifconfig(struct tuntap *tt, openvpn_net_ctx_t *ctx)
{
- if (tt->backend_driver != DRIVER_NULL)
+ if (tt->backend_driver != DRIVER_AFUNIX && tt->backend_driver !=
DRIVER_NULL)
{
if (tt->did_ifconfig_setup)
{
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/750?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I0a2957699757665d70514ba7cafe833443018ad6
Gerrit-Change-Number: 750
Gerrit-PatchSet: 7
Gerrit-Owner: plaisthos <[email protected]>
Gerrit-Reviewer: cron2 <[email protected]>
Gerrit-Reviewer: flichtenheld <[email protected]>
Gerrit-CC: openvpn-devel <[email protected]>
Gerrit-Attention: plaisthos <[email protected]>
Gerrit-Attention: cron2 <[email protected]>
Gerrit-Attention: flichtenheld <[email protected]>
Gerrit-MessageType: newpatchset
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
