date:20130524

[Openvpn-devel] [PATCH] openvpn ipv6 pool env variables

2013-05-24 Thread Samuel Thibault

Hello,

To make it short: yes, the ipv6 pool environment variables are useful,
for user-defined scripts to be run at connection for instance to
propagate routes, do accounting, etc.  The patch below adds them.

Thanks,
Samuel


Add IPv6 pool environment variables

Add ifconfig_ipv6_pool_local_ip, ifconfig_ipv6_pool_remote_ip and
ifconfig_ipv6_pool_netbits environment variables, similar to
ifconfig_pool_local_ip, ifconfig_pool_remote_ip, and
ifconfig_pool_netmask.

Signed-off-by: Samuel Thibault 

diff --git a/doc/openvpn.8 b/doc/openvpn.8
index d590714..70a8f35 100644
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -5755,6 +5755,60 @@ and
 scripts.
 .\"*
 .TP
+.B ifconfig_ipv6_pool_local_ip
+The local
+virtual IPv6 address for the TUN/TAP tunnel taken from an
+.B \-\-ifconfig-ipv6-push
+directive if specified, or otherwise from
+the ifconfig pool (controlled by the
+.B \-\-ifconfig-ipv6-pool
+config file directive).
+Only set for
+.B \-\-dev tun
+tunnels.
+This option is set on the server prior to execution
+of the
+.B \-\-client-connect
+and
+.B \-\-client-disconnect
+scripts.
+.\"*
+.TP
+.B ifconfig_ipv6_pool_netbits
+The
+size of the virtual IPv6 netmask for the TUN/TAP tunnel taken from an
+.B \-\-ifconfig-ipv6-push
+directive if specified, or otherwise from
+the ifconfig pool (controlled by the
+.B \-\-ifconfig-ipv6-pool
+config file directive).
+Only set for
+.B \-\-dev tap
+tunnels.
+This option is set on the server prior to execution
+of the
+.B \-\-client-connect
+and
+.B \-\-client-disconnect
+scripts.
+.\"*
+.TP
+.B ifconfig_ipv6_pool_remote_ip
+The remote
+virtual IPv6 address for the TUN/TAP tunnel taken from an
+.B \-\-ifconfig-ipv6-push
+directive if specified, or otherwise from
+the ifconfig pool (controlled by the
+.B \-\-ifconfig-ipv6-pool
+config file directive).
+This option is set on the server prior to execution
+of the
+.B \-\-client-connect
+and
+.B \-\-client-disconnect
+scripts.
+.\"*
+.TP
 .B link_mtu
 The maximum packet size (not including the IP header)
 of tunnel data in UDP tunnel transport mode.
diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
index 0a4542a..72686f3 100644
--- a/src/openvpn/manage.c
+++ b/src/openvpn/manage.c
@@ -2283,6 +2283,8 @@ env_filter_match (const char *env_str, const int 
env_filter_level)
 "dev=",
 "ifconfig_pool_remote_ip=",
 "ifconfig_pool_netmask=",
+"ifconfig_ipv6_pool_remote_ip=",
+"ifconfig_ipv6_pool_netbits=",
 "time_duration=",
 "bytes_sent=",
 "bytes_received="
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index ab3f10c..d38cc8e 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -1426,10 +1426,35 @@ multi_set_virtual_addr_env (struct multi_context *m, 
struct multi_instance *mi)
}
 }

-/* TODO: I'm not exactly sure what these environment variables are
- *   used for, but if we have them for IPv4, we should also have
- *   them for IPv6, no?
- */
+  setenv_del (mi->context.c2.es, "ifconfig_ipv6_pool_local_ip");
+  setenv_del (mi->context.c2.es, "ifconfig_ipv6_pool_remote_ip");
+  setenv_del (mi->context.c2.es, "ifconfig_ipv6_pool_netbits");
+
+  if (mi->context.c2.push_ifconfig_ipv6_defined)
+{
+  const int tunnel_type = TUNNEL_TYPE (mi->context.c1.tuntap);
+  const int tunnel_topology = TUNNEL_TOPOLOGY (mi->context.c1.tuntap);
+
+  setenv_in6_addr_t (mi->context.c2.es,
+   "ifconfig_ipv6_pool_remote_ip",
+   >context.c2.push_ifconfig_ipv6_local,
+   SA_SET_IF_NONZERO);
+
+  if (tunnel_type == DEV_TYPE_TAP || (tunnel_type == DEV_TYPE_TUN && 
tunnel_topology == TOP_SUBNET))
+   {
+ setenv_int (mi->context.c2.es,
+   "ifconfig_ipv6_pool_netbits",
+   mi->context.c2.push_ifconfig_ipv6_netbits);
+   }
+  else if (tunnel_type == DEV_TYPE_TUN)
+   {
+ setenv_in6_addr_t (mi->context.c2.es,
+   "ifconfig_ipv6_pool_local_ip",
+   >context.c2.push_ifconfig_ipv6_remote,
+   SA_SET_IF_NONZERO);
+   }
+}
+
 }

 /*
diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c
index 8eb112b..8eb27f6 100644
--- a/src/openvpn/socket.c
+++ b/src/openvpn/socket.c
@@ -2381,7 +2381,10 @@ setenv_sockaddr (struct env_set *es, const char 
*name_prefix, const struct openv
}
   break;
 case AF_INET6:
-  openvpn_snprintf (name_buf, sizeof (name_buf), "%s_ip6", name_prefix);
+  if (flags & SA_IP_PORT)
+   openvpn_snprintf (name_buf, sizeof (name_buf), "%s_ip6", name_prefix);
+  else
+   openvpn_snprintf (name_buf, sizeof (name_buf), "%s", name_prefix);

Re: [Openvpn-devel] [PATCH] make "explicit-exit-notify" pullable again

2013-05-24 Thread Gert Doering

Hi,

On Fri, May 24, 2013 at 02:36:32PM +0200, Jan Just Keijser wrote:
> diff --git a/src/openvpn/options.c b/src/openvpn/options.c
> index d44f835..47df4cb 100644
> --- a/src/openvpn/options.c
> +++ b/src/openvpn/options.c

ACK, and thanks.

Applied to master and release/2.3 branches.

commit 49f714942d5afd5f274aea52c790c896babc8c05 (master)
commit 14dfec07c91fc42df7ee4abeada104b4fb847f8f (release/2.3)

Author: Jan Just Keijser 
List-Post: openvpn-devel@lists.sourceforge.net
Date:   Fri May 24 14:36:32 2013 +0200

make 'explicit-exit-notify' pullable again

Acked-by: Gert Doering 
Message-Id: <519f5ed0.4070...@nikhef.nl>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7605

gert
-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


pgp09_9YeFizo.pgp
Description: PGP signature

[Openvpn-devel] [PATCH] make "explicit-exit-notify" pullable again

2013-05-24 Thread Jan Just Keijser


diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index d44f835..47df4cb 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -5084,8 +5084,7 @@ add_option (struct options *options,
#ifdef ENABLE_OCC
  else if (streq (p[0], "explicit-exit-notify"))
{
-  VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION);
-/*  VERIFY_PERMISSION (OPT_P_EXPLICIT_NOTIFY); */
+  VERIFY_PERMISSION 
(OPT_P_GENERAL|OPT_P_CONNECTION|OPT_P_EXPLICIT_NOTIFY);

  if (p[1])
   {
 options->ce.explicit_exit_notification = positive_atoi (p[1]);


share and enjoy,

JJK




Gert Doering wrote:

Hi,

On Fri, May 24, 2013 at 10:13:14AM +0400, Dmitry Melekhov wrote:
  

Posted the same on forum :-)



I'm not sure why that is *funny* - in general, I'd frown upon putting
the same question in multiple places at the same time, as it causes
extra work for other people who might not see both questions, so I might
answer here and someone else might spend the time answering in the 
forum.


  

But today I installed update to 2.3.1 and I now I see:

Options error: option 'explicit-exit-notify' cannot be used in this 
context ([PUSH-OPTIONS])


Why? How can I revert to previous behavior?



That is, indeed, a good question.  "git blame" points to...

commit 76809cae0eae07817160b423d3f9551df1a1d68e
Author: Jan Just Keijser 
Date:   Tue Feb 7 16:29:47 2012 +0100

Made some options connection-entry specific
Acked-by: David Sommerseth 

... which has lots of changes we thought we understand, plus:

@@ -5106,14 +5108,15 @@ add_option (struct options *options,
 #ifdef ENABLE_OCC
   else if (streq (p[0], "explicit-exit-notify"))
 {
-  VERIFY_PERMISSION (OPT_P_EXPLICIT_NOTIFY);
+  VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION);
+//  VERIFY_PERMISSION (OPT_P_EXPLICIT_NOTIFY);


... but since JJK is reading this list, he might have an answer, and a
suggested fix for 2.3.2 :-)

gert

[Openvpn-devel] [PATCH] openvpn ipv6 pool env variables

Re: [Openvpn-devel] [PATCH] make "explicit-exit-notify" pullable again

[Openvpn-devel] [PATCH] make "explicit-exit-notify" pullable again

3 matches

Site Navigation

Mail list logo

Footer information