Re: [Openvpn-devel] OpenVPN 2.1_rc22 released

2009-11-23 Thread Stefan Monnier 
> 2009.11.20 -- Version 2.1_rc22

Thanks.
For those like me who need to use routing commands with hostnames mapped
to more than a single IP, here's an updated patch.  IIUC the previous
patch should still apply, tho with some offsets.


Stefan


Index: route.c
===
--- route.c (révision 5180)
+++ route.c (copie de travail)
@@ -217,34 +217,39 @@
 return false;
 }

-static bool
+struct route *
 init_route (struct route *r,
+   struct route *last_route,
const struct route_option *ro,
const struct route_special_addr *spec)
 {
   const in_addr_t default_netmask = ~0;
   bool status;
+  int nb = -1;
+  in_addr_t nets[MAX_IPS_PER_HOSTNAME];
+  in_addr_t netmask, gateway;
+  bool metric_defined;
+  int metric;

-  r->option = ro;
-  r->defined = false;
-
   /* network */

   if (!is_route_parm_defined (ro->network))
 {
   goto fail;
 }
-  
-  if (!get_special_addr (spec, ro->network, >network, ))
+
+  if (get_special_addr (spec, ro->network, [0], ))
+nb = 1;
+  else
 {
-  r->network = getaddr (
-   GETADDR_RESOLVE
-   | GETADDR_HOST_ORDER
-   | GETADDR_WARN_ON_SIGNAL,
-   ro->network,
-   0,
-   ,
-   NULL);
+  nb = getaddr_all (GETADDR_RESOLVE
+   | GETADDR_HOST_ORDER
+   | GETADDR_WARN_ON_SIGNAL,
+   nets, MAX_IPS_PER_HOSTNAME,
+   ro->network,
+   0,
+   NULL);
+  status = (nb >= 0);
 }

   if (!status)
@@ -254,33 +259,33 @@

   if (is_route_parm_defined (ro->netmask))
 {
-  r->netmask = getaddr (
-   GETADDR_HOST_ORDER
-   | GETADDR_WARN_ON_SIGNAL,
-   ro->netmask,
-   0,
-   ,
-   NULL);
+  netmask = getaddr (
+GETADDR_HOST_ORDER
+| GETADDR_WARN_ON_SIGNAL,
+ro->netmask,
+0,
+,
+NULL);
   if (!status)
goto fail;
 }
   else
-r->netmask = default_netmask;
+netmask = default_netmask;

   /* gateway */
-
+  
   if (is_route_parm_defined (ro->gateway))
 {
-  if (!get_special_addr (spec, ro->gateway, >gateway, ))
+  if (!get_special_addr (spec, ro->gateway, , ))
{
- r->gateway = getaddr (
-   GETADDR_RESOLVE
-   | GETADDR_HOST_ORDER
-   | GETADDR_WARN_ON_SIGNAL,
-   ro->gateway,
-   0,
-   ,
-   NULL);
+ gateway = getaddr (
+GETADDR_RESOLVE
+| GETADDR_HOST_ORDER
+| GETADDR_WARN_ON_SIGNAL,
+ro->gateway,
+0,
+,
+NULL);
}
   if (!status)
goto fail;
@@ -288,7 +293,7 @@
   else
 {
   if (spec->remote_endpoint_defined)
-   r->gateway = spec->remote_endpoint;
+   gateway = spec->remote_endpoint;
   else
{
  msg (M_WARN, PACKAGE_NAME " ROUTE: " PACKAGE_NAME " needs a gateway 
parameter for a --route option and no default was specified by either 
--route-gateway or --ifconfig options");
@@ -298,35 +303,54 @@

   /* metric */

-  r->metric_defined = false;
-  r->metric = 0;
+  metric_defined = false;
+  metric = 0;
   if (is_route_parm_defined (ro->metric))
 {
-  r->metric = atoi (ro->metric);
-  if (r->metric < 0)
+  metric = atoi (ro->metric);
+  if (metric < 0)
{
  msg (M_WARN, PACKAGE_NAME " ROUTE: route metric for network %s (%s) 
must be >= 0",
   ro->network,
   ro->metric);
  goto fail;
}
-  r->metric_defined = true;
+  metric_defined = true;
 }
   else if (spec->default_metric_defined)
 {
-  r->metric = spec->default_metric;
-  r->metric_defined = true;
+  metric = spec->default_metric;
+  metric_defined = true;
 }

-  r->defined = true;
+  /* Now fill the corresponding route entries.  */

-  return true;
+  if (netmask != default_netmask && nb > 1)
+/* If we add individual hosts, then every IP of that host is added,
+   but if we add a whole subnet, then only consider the first IP,
+   presuming that all the IPs are in the same subnet.  */
+nb = 1;

+  /* Add a route for each one of the IPs found.  */
+  while (nb > 0 && r < last_route)
+{
+  nb--;
+

Re: [Openvpn-devel] OpenVPN 2.1_rc22 released

2009-11-20 Thread David Sommerseth 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 20/11/09 15:47, James Yonan wrote:
> Change log:
> 
> 2009.11.20 -- Version 2.1_rc22
> 
> * Fixed a client-side bug on Windows that occurred when the
>"dhcp-pre-release" or "dhcp-renew" options were combined with
>"route-gateway dhcp".  The release/renew would not occur
>because the Windows DHCP renew function is blocking and
>therefore must be called from another process or thread
>so as not to stall the tunnel.
> 
> * Added a hard failure when peer provides a certificate chain
>with depth > 16.  Previously, a warning was issued.
> 
> James

I have updated the patch for providing certificate SHA1
digest/fingerprint via the environment table for plug-ins.  This is
needed for the eurephia project I'm working on.

The patch is available for download here:


The openvpn source tree with and without this patch can be fetched here:


The git tree can be browsed via:



kind regards,

David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAksGxi8ACgkQDC186MBRfrruMwCdHPAwrLUx7BbUxlGojE8MN66S
IaQAnizf5dRn4bIRKFuUzV0WM2Pc2NoV
=GQCZ
-END PGP SIGNATURE-