Re: [Openvpn-devel] [Patch v5] Remove tun-ipv6 Option. Instead assume that IPv6 is always supported.

2016-10-14 Thread Gert Doering 
Hi,

On Thu, Oct 13, 2016 at 06:54:16PM +0200, Arne Schwabe wrote:
> Patch V5: Assume generic OS in tun.c is also IPv6 capable. Add changes to man 
> page. Fix typos/change message as suggest by David.

Patch still looks reasonable.  Since David tested Linux, I gave NetBSD 5.1
a run for the money (other platforms have no platform-specific code that
might be broken).

What can I say?  This stuff works :-)

 Test sets succeded: 1 1a 2 2b 2c 3 4 5.
 Test sets failed: 2a.

(That I actually ran 2a is an oversight - it's the IPv4 --multihome test
which I know is broken on NetBSD, unrelated to this patch)

So, throw in an ACK from me, too.

gert

-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


signature.asc
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [Patch v5] Remove tun-ipv6 Option. Instead assume that IPv6 is always supported.

2016-10-13 Thread Arne Schwabe 
This option was useful when Ipv6 tun support was non standard and was an 
internal/user specified flag that tracked the Ipv6 capability of the tun device.

All supported OS support IPv6. Also tun-ipv6 is pushable by the remote so not 
putting tun-ipv6 does not forbid ipv6 addresses.

This commit also clean up a bit of the ipv6 related tun.c. Changes for most 
platforms are minimal.

For linux a bit more cleanup is done:
- Remove compatibility defines that were added 2008
- Always use IFF_NO_PI for the linux tun and not only for IPv4 only tun setups 
(Android also always IFF_NO_PI works fine with Ipv6).

This commit also remove a non ipv6 fallback for tap driver from OpenVPN 
2.2-beta or earlier and only warns.

Patch V2: Integrate Gert's comments
Patch V3: Remove tun_ipv4 option. It only used for MTU discovery and there it 
was wrong since it should on the transport protocol if at all
Patch V4: Completely remove support for NetBSD <= 4.0 and remove 
NETBSD_MULTI_AF defines
Patch V5: Assume generic OS in tun.c is also IPv6 capable. Add changes to man 
page. Fix typos/change message as suggest by David.
---
 Changes.rst   |   4 ++
 doc/openvpn.8 |  21 ++-
 src/openvpn/forward.c |   2 +-
 src/openvpn/helper.c  |   2 -
 src/openvpn/init.c|   6 --
 src/openvpn/multi.c   |   8 +--
 src/openvpn/openvpn.h |   5 --
 src/openvpn/options.c |  13 +---
 src/openvpn/options.h |   1 -
 src/openvpn/route.c   |  14 ++---
 src/openvpn/tun.c | 160 +-
 src/openvpn/tun.h |   2 -
 12 files changed, 47 insertions(+), 191 deletions(-)

diff --git a/Changes.rst b/Changes.rst
index 9fcba75..27dc99e 100644
--- a/Changes.rst
+++ b/Changes.rst
@@ -135,6 +135,10 @@ User-visible Changes
   ciphers configured in the config file.  Use --ncp-disable if you don't want
   that.
 
+- All tun devices on all platforms are always considered to be IPv6
+  capable. The --tun-ipv6 option is ignored (behaves like it is always
+  on).
+
 
 Maintainer-visible changes
 --
diff --git a/doc/openvpn.8 b/doc/openvpn.8
index 1c341ae..2e58f33 100644
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -797,18 +797,6 @@ changes the interpretation of the arguments of
 to mean "address netmask", no longer "local remote".
 .\"*
 .TP
-.B \-\-tun\-ipv6
-Build a tun link capable of forwarding IPv6 traffic.
-Should be used in conjunction with
-.B \-\-dev tun
-or
-.B \-\-dev tunX.
-A warning will be displayed
-if no specific IPv6 TUN support for your OS has been compiled into OpenVPN.
-
-See below for further IPv6-related configuration options.
-.\"*
-.TP
 .B \-\-dev\-node node
 Explicitly set the device node rather than using
 /dev/net/tun, /dev/tun, /dev/tap, etc.  If OpenVPN
@@ -3600,7 +3588,7 @@ Clients that connect with options that are incompatible
 with those of the server will be disconnected.
 
 Options that will be compared for compatibility include
-dev\-type, link\-mtu, tun\-mtu, proto, tun\-ipv6, ifconfig,
+dev\-type, link\-mtu, tun\-mtu, proto, ifconfig,
 comp\-lzo, fragment, keydir, cipher, auth, keysize, secret,
 no\-replay, no\-iv, tls\-auth, key\-method, tls\-server, and tls\-client.
 
@@ -5870,10 +5858,13 @@ is used.
 .B \-\-server\-ipv6 ipv6addr/bits
 convenience-function to enable a number of IPv6 related options at
 once, namely
-.B \-\-ifconfig\-ipv6, \-\-ifconfig\-ipv6\-pool, \-\-tun\-ipv6
+.B \-\-ifconfig\-ipv6, \-\-ifconfig\-ipv6\-pool
 and
 .B \-\-push tun\-ipv6
-Is only accepted if ``\-\-mode server'' or ``\-\-server'' is set.
+Is only accepted if ``\-\-mode server'' or ``\-\-server'' is set. Pushing of 
the
+.B \-\-tun\-ipv6
+directive is done for older clients which require an explicit
+``\-\-tun\-ipv6'' in their configuration.
 .TP
 .B \-\-ifconfig\-ipv6\-pool ipv6addr/bits
 Specify an IPv6 address pool for dynamic assignment to clients.  The
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 6c11439..b3077ed 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -391,7 +391,7 @@ check_fragment_dowork (struct context *c)
   struct link_socket_info *lsi = get_link_socket_info (c);
 
   /* OS MTU Hint? */
-  if (lsi->mtu_changed && c->c2.ipv4_tun)
+  if (lsi->mtu_changed)
 {
   frame_adjust_path_mtu (&c->c2.frame_fragment, c->c2.link_socket->mtu,
 c->options.ce.proto);
diff --git a/src/openvpn/helper.c b/src/openvpn/helper.c
index 62f88ec..229523d 100644
--- a/src/openvpn/helper.c
+++ b/src/openvpn/helper.c
@@ -200,8 +200,6 @@ helper_client_server (struct options *o)
add_in6_addr( o->server_network_ipv6, 0x1000 );
o->ifconfig_ipv6_pool_netbits = o->server_netbits_ipv6;
 
-   o->tun_ipv6 = true;
-
push_option( o, "tun-ipv6", M_USAGE );
  }
 
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index cc8e945..73f8c6d 100644
--- a/src/openv