subject:"\[Openvpn\-devel\] IPv6 enhancement\: non\-\/64 prefix lengths for IPv6"

Re: [Openvpn-devel] IPv6 enhancement: non-/64 prefix lengths for IPv6

2013-03-14 Thread Gert Doering

Hi,

On Sun, Jan 20, 2013 at 07:50:30PM +0100, Gert Doering wrote:
> From cdfbc8952a01acde0eedf08fa0ebefed38fa2763 Mon Sep 17 00:00:00 2001
> From: Gert Doering 
> Date: Sun, 20 Jan 2013 20:50:38 +0200
> Subject: [PATCH] Permit pool size of /64.../112 for ifconfig-ipv6-pool
> 
> (Leftover check from the early days where --server-ipv6 also only
> accepted /64 - nowadays we handle smaller pools just fine)

... talking to myself again... committed to master and release/2.3

commit 704d9273b6e0e253b62eb728fddd5bbb02503eea (master)
commit 0fb2391660a369853f20fd4807eaa5ed3461e755 (release/2.3)

gert
-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


pgpL_DuMguHrF.pgp
Description: PGP signature

Re: [Openvpn-devel] IPv6 enhancement: non-/64 prefix lengths for IPv6

2013-03-12 Thread Arne Schwabe

Am 20.01.13 19:50, schrieb Gert Doering:
> Hi,
>
> On Sun, Jan 20, 2013 at 04:49:51PM +0100, Marcel Pennewiß wrote:
>>> in time for 2.3, one of the remaining open itches for the IPv6 code 
>>> is now fixed :-)  (and the changes needed turned out to be fairly
>>> trivial).
>> Using ifconfig-ipv6-pool instead of server-ipv6(-macro) does not allow
>> non-/64 prefix (in current 2.3). Bug or Feature?
> Smells buggy.  As server-ipv6 is just a macro (not really, but sort of).
>
> Indeed... options.c:
>
>   else if (streq (p[0], "ifconfig-ipv6-pool") && p[1] )
> ...
>   if ( netbits != 64 )
> {
>   msg( msglevel, "--ifconfig-ipv6-pool settings: only /64 supported 
> righ
> t now (not /%d)", netbits );
>   goto err;
> }
>
> ... this is a leftover from the initial days, where nothing else was
> supported (not for server-ipv6 either).
>
> Patch is trivial, please find attached.  David: 2.3.1 and 2.4.0, please :-)

Patch looks good. ACK from me.

Arne



signature.asc
Description: OpenPGP digital signature

Re: [Openvpn-devel] IPv6 enhancement: non-/64 prefix lengths for IPv6

2013-01-20 Thread Gert Doering

Hi,

On Sun, Jan 20, 2013 at 04:49:51PM +0100, Marcel Pennewiß wrote:
> > in time for 2.3, one of the remaining open itches for the IPv6 code 
> > is now fixed :-)  (and the changes needed turned out to be fairly
> > trivial).
> 
> Using ifconfig-ipv6-pool instead of server-ipv6(-macro) does not allow
> non-/64 prefix (in current 2.3). Bug or Feature?

Smells buggy.  As server-ipv6 is just a macro (not really, but sort of).

Indeed... options.c:

  else if (streq (p[0], "ifconfig-ipv6-pool") && p[1] )
...
  if ( netbits != 64 )
{
  msg( msglevel, "--ifconfig-ipv6-pool settings: only /64 supported righ
t now (not /%d)", netbits );
  goto err;
}

... this is a leftover from the initial days, where nothing else was
supported (not for server-ipv6 either).

Patch is trivial, please find attached.  David: 2.3.1 and 2.4.0, please :-)

gert

-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
From cdfbc8952a01acde0eedf08fa0ebefed38fa2763 Mon Sep 17 00:00:00 2001
From: Gert Doering 
List-Post: openvpn-devel@lists.sourceforge.net
Date: Sun, 20 Jan 2013 20:50:38 +0200
Subject: [PATCH] Permit pool size of /64.../112 for ifconfig-ipv6-pool

(Leftover check from the early days where --server-ipv6 also only
accepted /64 - nowadays we handle smaller pools just fine)

Signem-off-by: Gert Doering 
---
 src/openvpn/options.c |4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 8ca41a3..1d89e4b 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -5484,9 +5484,9 @@ add_option (struct options *options,
  msg (msglevel, "error parsing --ifconfig-ipv6-pool parameters");
  goto err;
}
-  if ( netbits != 64 )
+  if ( netbits < 64 || netbits > 112 )
{
- msg( msglevel, "--ifconfig-ipv6-pool settings: only /64 supported 
right now (not /%d)", netbits );
+ msg( msglevel, "--ifconfig-ipv6-pool settings: only /64../112 
supported right now (not /%d)", netbits );
  goto err;
}
 
-- 
1.7.3.5



pgpluBHBLkzV3.pgp
Description: PGP signature

Re: [Openvpn-devel] IPv6 enhancement: non-/64 prefix lengths for IPv6

2013-01-20 Thread Marcel Pennewiß

On Fri, 3 Feb 2012 09:44:26 +0100
Gert Doering  wrote:

> Hi,
> 
> in time for 2.3, one of the remaining open itches for the IPv6 code 
> is now fixed :-)  (and the changes needed turned out to be fairly
> trivial).

Using ifconfig-ipv6-pool instead of server-ipv6(-macro) does not allow
non-/64 prefix (in current 2.3). Bug or Feature?

Best regards,
Marcel


signature.asc
Description: PGP signature

Re: [Openvpn-devel] IPv6 enhancement: non-/64 prefix lengths for IPv6 [v2]

2012-02-04 Thread David Sommerseth


On 03/02/12 18:12, Gert Doering wrote:

Hi,

On Fri, Feb 03, 2012 at 04:19:31PM +0100, Gert Doering wrote:

On Fri, Feb 03, 2012 at 03:10:37PM +0100, Michael wrote:

the patch does not remove

+++ b/push.c
@@ -245,8 +245,9 @@ send_push_reply (struct context *c)
/* TODO: push "/netbits" as well, to allow non-/64 subnet sizes
 *   (needs changes in options.c, options.h, and other
places)
 */


Now it does :-)  - thanks for pointing this out.  v2 patch attached.

"git --reset" is my friend ;-)


ACK.  Applied to master branch on -testing and stable.

commit c55e9562d64f381ba46b83a02503f6239e23d3ef
Author: Gert Doering 
List-Post: openvpn-devel@lists.sourceforge.net
Date:   Fri Feb 3 17:11:03 2012 +0100

Implement IPv6 interface config with non-/64 prefix lengths.

Signed-off-by: Gert Doering 
Acked-by: David Sommerseth 
Signed-off-by: David Sommerseth 


kind regards,

David Sommerseth

Re: [Openvpn-devel] IPv6 enhancement: non-/64 prefix lengths for IPv6 [v2]

2012-02-03 Thread Gert Doering

Hi,

On Fri, Feb 03, 2012 at 04:19:31PM +0100, Gert Doering wrote:
> On Fri, Feb 03, 2012 at 03:10:37PM +0100, Michael wrote:
> > the patch does not remove
> > 
> > +++ b/push.c
> > @@ -245,8 +245,9 @@ send_push_reply (struct context *c)
> >/* TODO: push "/netbits" as well, to allow non-/64 subnet sizes
> > *   (needs changes in options.c, options.h, and other 
> > places)
> > */

Now it does :-)  - thanks for pointing this out.  v2 patch attached.

"git --reset" is my friend ;-)

gert

-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
From 53e78848f552235c3270419771f3e3293dfe91ec Mon Sep 17 00:00:00 2001
From: Gert Doering 
List-Post: openvpn-devel@lists.sourceforge.net
Date: Fri, 3 Feb 2012 17:11:03 +0100
Subject: [PATCH] Implement IPv6 interface config with non-/64 prefix lengths.

Add "ifconfig_ipv6_netbits_parm" parameter to init_tun(), use that to
initialize tt->netbits_ipv6 (previously: always /64).  Actual interface
setup code already used tt->netbits_ipv6, so no changes needed there.

Remove restrictions on "/netbits" value for --server-ipv6 config option
(can now be /64.../112, previously had to be exactly /64).  Supporting
even smaller networks could cause problems with ipv6-pool handling and
are only allowed for explicit "ifconfig-ipv6", not for "server-ipv6".

Add /netbits to pushed "ifconfig-ipv6" values on server side (client
side always accepted this, but ignored it so far, so this does not
break compatibility).

Tested on Linux/ifconfig, Linux/iproute2 and FreeBSD 7.4

Signed-off-by: Gert Doering 
---
 TODO.IPv6 |2 ++
 helper.c  |8 +---
 init.c|1 +
 options.c |5 +++--
 push.c|6 ++
 tun.c |4 +++-
 tun.h |1 +
 7 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/TODO.IPv6 b/TODO.IPv6
index 87c47b3..f23cce0 100644
--- a/TODO.IPv6
+++ b/TODO.IPv6
@@ -77,6 +77,8 @@ tun0: flags=8051 mtu 1500
 of /netbits, and correctly ifconfig'ing this
 (default, if not specified: /64)
 
+* done * 2012-02-03
+
 11.) do not add ipv6-routes if tun-ipv6 is not set - complain instead
 
  * done * 12.1.10
diff --git a/helper.c b/helper.c
index c7333f6..22ea652 100644
--- a/helper.c
+++ b/helper.c
@@ -184,12 +184,14 @@ helper_client_server (struct options *o)
print_in6_addr( add_in6_addr( o->server_network_ipv6, 1), 0, 
>gc );
o->ifconfig_ipv6_remote = 
print_in6_addr( add_in6_addr( o->server_network_ipv6, 2), 0, 
>gc );
+   o->ifconfig_ipv6_netbits = o->server_netbits_ipv6;
+
+   /* pool starts at "base address + 0x1000" - leave enough room */
+   ASSERT( o->server_netbits_ipv6 <= 112 );/* want 16 bits */
 
-   /* pool starts at "base address + 0x1" */
-   ASSERT( o->server_netbits_ipv6 < 96 );  /* want 32 bits */
o->ifconfig_ipv6_pool_defined = true;
o->ifconfig_ipv6_pool_base = 
-   add_in6_addr( o->server_network_ipv6, 0x1 );
+   add_in6_addr( o->server_network_ipv6, 0x1000 );
o->ifconfig_ipv6_pool_netbits = o->server_netbits_ipv6;
 
o->tun_ipv6 = true;
diff --git a/init.c b/init.c
index b8cb84f..525f441 100644
--- a/init.c
+++ b/init.c
@@ -1415,6 +1415,7 @@ do_init_tun (struct context *c)
   c->options.ifconfig_local,
   c->options.ifconfig_remote_netmask,
   c->options.ifconfig_ipv6_local,
+  c->options.ifconfig_ipv6_netbits,
   c->options.ifconfig_ipv6_remote,
   addr_host (>c1.link_socket_addr.local),
   addr_host (>c1.link_socket_addr.remote),
diff --git a/options.c b/options.c
index 0fbe368..cb9738a 100644
--- a/options.c
+++ b/options.c
@@ -2926,6 +2926,7 @@ options_string (const struct options *o,
 o->ifconfig_local,
 o->ifconfig_remote_netmask,
 o->ifconfig_ipv6_local,
+o->ifconfig_ipv6_netbits,
 o->ifconfig_ipv6_remote,
 (in_addr_t)0,
 (in_addr_t)0,
@@ -5396,9 +5397,9 @@ add_option (struct options *options,
  msg (msglevel, "error parsing --server-ipv6 parameter");
  goto err;
}
-  if ( netbits != 64 )
+  if ( netbits < 64 || netbits > 112 )
{
- msg( msglevel, "--server-ipv6 settings: only /64 supported right now 
(not /%d)", netbits );
+ msg( msglevel, "--server-ipv6 settings: only /64../112 supported 
right now (not /%d)", netbits );
  goto err;
}

Re: [Openvpn-devel] IPv6 enhancement: non-/64 prefix lengths for IPv6

2012-02-03 Thread Gert Doering

Hi,

On Fri, Feb 03, 2012 at 03:10:37PM +0100, Michael wrote:
> the patch does not remove
> 
> +++ b/push.c
> @@ -245,8 +245,9 @@ send_push_reply (struct context *c)
>/* TODO: push "/netbits" as well, to allow non-/64 subnet sizes
> *   (needs changes in options.c, options.h, and other 
> places)
> */
> 
> though the code now does it?

Indeed, thanks.  I overlooked that.

(Need to check with Dazo how to get that into the same commit...)

gert
-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de

[Openvpn-devel] IPv6 enhancement: non-/64 prefix lengths for IPv6

2012-02-03 Thread Gert Doering

Hi,

in time for 2.3, one of the remaining open itches for the IPv6 code 
is now fixed :-)  (and the changes needed turned out to be fairly
trivial).

gert

-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
From 8873bdf1c69c7fd655d7cce23b1dbf2d542b5cab Mon Sep 17 00:00:00 2001
From: Gert Doering 
List-Post: openvpn-devel@lists.sourceforge.net
Date: Fri, 3 Feb 2012 08:42:09 +0100
Subject: [PATCH] Implement IPv6 interface config with non-/64 prefix lengths.

Add "ifconfig_ipv6_netbits_parm" parameter to init_tun(), use that to
initialize tt->netbits_ipv6 (previously: always /64).  Actual interface
setup code already used tt->netbits_ipv6, so no changes needed there.

Remove restrictions on "/netbits" value for --server-ipv6 config option
(can now be /64.../112, previously had to be exactly /64).  Supporting
even smaller networks could cause problems with ipv6-pool handling and
are only allowed for explicit "ifconfig-ipv6", not for "server-ipv6".

Add /netbits to pushed "ifconfig-ipv6" values on server side (client
side always accepted this, but ignored it so far, so this does not
break compatibility).

Tested on Linux/ifconfig, Linux/iproute2 and FreeBSD 7.4

Signed-off-by: Gert Doering 
---
 helper.c  |8 +---
 init.c|1 +
 options.c |5 +++--
 push.c|3 ++-
 tun.c |4 +++-
 tun.h |1 +
 6 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/helper.c b/helper.c
index c7333f6..22ea652 100644
--- a/helper.c
+++ b/helper.c
@@ -184,12 +184,14 @@ helper_client_server (struct options *o)
print_in6_addr( add_in6_addr( o->server_network_ipv6, 1), 0, 
>gc );
o->ifconfig_ipv6_remote = 
print_in6_addr( add_in6_addr( o->server_network_ipv6, 2), 0, 
>gc );
+   o->ifconfig_ipv6_netbits = o->server_netbits_ipv6;
+
+   /* pool starts at "base address + 0x1000" - leave enough room */
+   ASSERT( o->server_netbits_ipv6 <= 112 );/* want 16 bits */
 
-   /* pool starts at "base address + 0x1" */
-   ASSERT( o->server_netbits_ipv6 < 96 );  /* want 32 bits */
o->ifconfig_ipv6_pool_defined = true;
o->ifconfig_ipv6_pool_base = 
-   add_in6_addr( o->server_network_ipv6, 0x1 );
+   add_in6_addr( o->server_network_ipv6, 0x1000 );
o->ifconfig_ipv6_pool_netbits = o->server_netbits_ipv6;
 
o->tun_ipv6 = true;
diff --git a/init.c b/init.c
index b8cb84f..525f441 100644
--- a/init.c
+++ b/init.c
@@ -1415,6 +1415,7 @@ do_init_tun (struct context *c)
   c->options.ifconfig_local,
   c->options.ifconfig_remote_netmask,
   c->options.ifconfig_ipv6_local,
+  c->options.ifconfig_ipv6_netbits,
   c->options.ifconfig_ipv6_remote,
   addr_host (>c1.link_socket_addr.local),
   addr_host (>c1.link_socket_addr.remote),
diff --git a/options.c b/options.c
index 0fbe368..cb9738a 100644
--- a/options.c
+++ b/options.c
@@ -2926,6 +2926,7 @@ options_string (const struct options *o,
 o->ifconfig_local,
 o->ifconfig_remote_netmask,
 o->ifconfig_ipv6_local,
+o->ifconfig_ipv6_netbits,
 o->ifconfig_ipv6_remote,
 (in_addr_t)0,
 (in_addr_t)0,
@@ -5396,9 +5397,9 @@ add_option (struct options *options,
  msg (msglevel, "error parsing --server-ipv6 parameter");
  goto err;
}
-  if ( netbits != 64 )
+  if ( netbits < 64 || netbits > 112 )
{
- msg( msglevel, "--server-ipv6 settings: only /64 supported right now 
(not /%d)", netbits );
+ msg( msglevel, "--server-ipv6 settings: only /64../112 supported 
right now (not /%d)", netbits );
  goto err;
}
   options->server_ipv6_defined = true;
diff --git a/push.c b/push.c
index a8ce356..9f4c50e 100644
--- a/push.c
+++ b/push.c
@@ -245,8 +245,9 @@ send_push_reply (struct context *c)
   /* TODO: push "/netbits" as well, to allow non-/64 subnet sizes
*   (needs changes in options.c, options.h, and other places)
*/
-  buf_printf( , ",ifconfig-ipv6 %s %s",
+  buf_printf( , ",ifconfig-ipv6 %s/%d %s",
print_in6_addr( c->c2.push_ifconfig_ipv6_local, 0, ),
+   c->c2.push_ifconfig_ipv6_netbits,
print_in6_addr( c->c2.push_ifconfig_ipv6_remote, 0, ) );
   if (BLEN () >= safe_cap)
{
diff --git a/tun.c b/tun.c
index c9af168..1527ac8 100644
--- a/tun.c
+++ b/tun.c
@@ -404,6 +404,7 @@ init_tun (const char

Re: [Openvpn-devel] IPv6 enhancement: non-/64 prefix lengths for IPv6

Re: [Openvpn-devel] IPv6 enhancement: non-/64 prefix lengths for IPv6

Re: [Openvpn-devel] IPv6 enhancement: non-/64 prefix lengths for IPv6

Re: [Openvpn-devel] IPv6 enhancement: non-/64 prefix lengths for IPv6

Re: [Openvpn-devel] IPv6 enhancement: non-/64 prefix lengths for IPv6 [v2]

Re: [Openvpn-devel] IPv6 enhancement: non-/64 prefix lengths for IPv6 [v2]

Re: [Openvpn-devel] IPv6 enhancement: non-/64 prefix lengths for IPv6

[Openvpn-devel] IPv6 enhancement: non-/64 prefix lengths for IPv6

8 matches

Site Navigation

Mail list logo

Footer information