[Openvpn-devel] [S] Change in openvpn[master]: Allow route_ipv6_match_host to be used outside of route.c
Attention is currently required from: d12fk, flichtenheld, ordex, plaisthos. cron2 has posted comments on this change by plaisthos. ( http://gerrit.openvpn.net/c/openvpn/+/1191?usp=email ) Change subject: Allow route_ipv6_match_host to be used outside of route.c .. Patch Set 5: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1191?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ief1495b52ea81cac35d78e40264372d3869423f1 Gerrit-Change-Number: 1191 Gerrit-PatchSet: 5 Gerrit-Owner: plaisthos Gerrit-Reviewer: cron2 Gerrit-Reviewer: d12fk Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: ordex Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: flichtenheld Gerrit-Attention: ordex Gerrit-Attention: d12fk Gerrit-Comment-Date: Tue, 07 Oct 2025 16:08:09 + Gerrit-HasComments: No Gerrit-Has-Labels: Yes ___ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Allow route_ipv6_match_host to be used outside of route.c
cron2 has uploaded a new patch set (#6) to the change originally created by plaisthos. ( http://gerrit.openvpn.net/c/openvpn/+/1191?usp=email ) The following approvals got outdated and were removed: Code-Review+2 by cron2 Change subject: Allow route_ipv6_match_host to be used outside of route.c .. Allow route_ipv6_match_host to be used outside of route.c Also adjust style a bit to C99 Change-Id: Ief1495b52ea81cac35d78e40264372d3869423f1 Signed-off-by: Arne Schwabe Acked-by: Gert Doering Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1191 Message-Id: <[email protected]> URL: https://sourceforge.net/p/openvpn/mailman/message/59243387/ Signed-off-by: Gert Doering --- M src/openvpn/route.c M src/openvpn/route.h 2 files changed, 23 insertions(+), 14 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/91/1191/6 diff --git a/src/openvpn/route.c b/src/openvpn/route.c index 05a0c8f..0044794 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -710,25 +710,20 @@ return ret; } -/* check whether an IPv6 host address is covered by a given route_ipv6 - * (not the most beautiful implementation in the world, but portable and - * "good enough") - */ -static bool -route_ipv6_match_host(const struct route_ipv6 *r6, const struct in6_addr *host) +bool +ipv6_net_contains_host(const struct in6_addr *network, unsigned int bits, const struct in6_addr *host) { -unsigned int bits = r6->netbits; -int i; -unsigned int mask; - +/* not the most beautiful implementation in the world, but portable and + * "good enough" */ if (bits > 128) { return false; } +int i; for (i = 0; bits >= 8; i++, bits -= 8) { -if (r6->network.s6_addr[i] != host->s6_addr[i]) +if (network->s6_addr[i] != host->s6_addr[i]) { return false; } @@ -739,9 +734,9 @@ return true; } -mask = 0xff << (8 - bits); +unsigned int mask = 0xff << (8 - bits); -if ((r6->network.s6_addr[i] & mask) == (host->s6_addr[i] & mask)) +if ((network->s6_addr[i] & mask) == (host->s6_addr[i] & mask)) { return true; } @@ -830,7 +825,8 @@ * avoiding routing loops, so ignore this part and let * need_remote_ipv6_route always evaluate to false */ -if (remote_host_ipv6 && route_ipv6_match_host(r6, remote_host_ipv6)) +if (remote_host_ipv6 +&& ipv6_net_contains_host(&r6->network, r6->netbits, remote_host_ipv6)) { need_remote_ipv6_route = true; msg(D_ROUTE, diff --git a/src/openvpn/route.h b/src/openvpn/route.h index c5006ae..54fa137 100644 --- a/src/openvpn/route.h +++ b/src/openvpn/route.h @@ -426,4 +426,17 @@ return rl && BOOL_CAST(rl->iflags & RL_DID_REDIRECT_DEFAULT_GATEWAY); } + +/** + * check whether an IPv6 host address is covered by a given network/bits + * @param network the network address + * @param bits the network mask + * @param host the host address to be checked if it is contained by the network + * + * @return true if the host address is covered by the network with the given + * network mask by bits + */ +bool +ipv6_net_contains_host(const struct in6_addr *network, unsigned int bits, const struct in6_addr *host); + #endif /* ifndef ROUTE_H */ -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1191?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: newpatchset Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ief1495b52ea81cac35d78e40264372d3869423f1 Gerrit-Change-Number: 1191 Gerrit-PatchSet: 6 Gerrit-Owner: plaisthos Gerrit-Reviewer: cron2 Gerrit-Reviewer: d12fk Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: ordex Gerrit-CC: openvpn-devel ___ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Allow route_ipv6_match_host to be used outside of route.c
cron2 has submitted this change. ( http://gerrit.openvpn.net/c/openvpn/+/1191?usp=email ) Change subject: Allow route_ipv6_match_host to be used outside of route.c .. Allow route_ipv6_match_host to be used outside of route.c Also adjust style a bit to C99 Change-Id: Ief1495b52ea81cac35d78e40264372d3869423f1 Signed-off-by: Arne Schwabe Acked-by: Gert Doering Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1191 Message-Id: <[email protected]> URL: https://sourceforge.net/p/openvpn/mailman/message/59243387/ Signed-off-by: Gert Doering --- M src/openvpn/route.c M src/openvpn/route.h 2 files changed, 23 insertions(+), 14 deletions(-) diff --git a/src/openvpn/route.c b/src/openvpn/route.c index 05a0c8f..0044794 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -710,25 +710,20 @@ return ret; } -/* check whether an IPv6 host address is covered by a given route_ipv6 - * (not the most beautiful implementation in the world, but portable and - * "good enough") - */ -static bool -route_ipv6_match_host(const struct route_ipv6 *r6, const struct in6_addr *host) +bool +ipv6_net_contains_host(const struct in6_addr *network, unsigned int bits, const struct in6_addr *host) { -unsigned int bits = r6->netbits; -int i; -unsigned int mask; - +/* not the most beautiful implementation in the world, but portable and + * "good enough" */ if (bits > 128) { return false; } +int i; for (i = 0; bits >= 8; i++, bits -= 8) { -if (r6->network.s6_addr[i] != host->s6_addr[i]) +if (network->s6_addr[i] != host->s6_addr[i]) { return false; } @@ -739,9 +734,9 @@ return true; } -mask = 0xff << (8 - bits); +unsigned int mask = 0xff << (8 - bits); -if ((r6->network.s6_addr[i] & mask) == (host->s6_addr[i] & mask)) +if ((network->s6_addr[i] & mask) == (host->s6_addr[i] & mask)) { return true; } @@ -830,7 +825,8 @@ * avoiding routing loops, so ignore this part and let * need_remote_ipv6_route always evaluate to false */ -if (remote_host_ipv6 && route_ipv6_match_host(r6, remote_host_ipv6)) +if (remote_host_ipv6 +&& ipv6_net_contains_host(&r6->network, r6->netbits, remote_host_ipv6)) { need_remote_ipv6_route = true; msg(D_ROUTE, diff --git a/src/openvpn/route.h b/src/openvpn/route.h index c5006ae..54fa137 100644 --- a/src/openvpn/route.h +++ b/src/openvpn/route.h @@ -426,4 +426,17 @@ return rl && BOOL_CAST(rl->iflags & RL_DID_REDIRECT_DEFAULT_GATEWAY); } + +/** + * check whether an IPv6 host address is covered by a given network/bits + * @param network the network address + * @param bits the network mask + * @param host the host address to be checked if it is contained by the network + * + * @return true if the host address is covered by the network with the given + * network mask by bits + */ +bool +ipv6_net_contains_host(const struct in6_addr *network, unsigned int bits, const struct in6_addr *host); + #endif /* ifndef ROUTE_H */ -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1191?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: merged Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ief1495b52ea81cac35d78e40264372d3869423f1 Gerrit-Change-Number: 1191 Gerrit-PatchSet: 6 Gerrit-Owner: plaisthos Gerrit-Reviewer: cron2 Gerrit-Reviewer: d12fk Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: ordex Gerrit-CC: openvpn-devel ___ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Allow route_ipv6_match_host to be used outside of route.c
Attention is currently required from: d12fk, flichtenheld, ordex. plaisthos has posted comments on this change by plaisthos. ( http://gerrit.openvpn.net/c/openvpn/+/1191?usp=email ) Change subject: Allow route_ipv6_match_host to be used outside of route.c .. Patch Set 4: (2 comments) File src/openvpn/route.c: http://gerrit.openvpn.net/c/openvpn/+/1191/comment/b4f0cf06_f7cd3760?usp=email : PS1, Line 726: int i = 0; > Heiko said there is no need to "initialize" i. […] ah sorry. I misread that comment. http://gerrit.openvpn.net/c/openvpn/+/1191/comment/b5cfb3f4_7e1356d9?usp=email : PS1, Line 740: unsigned mask = 0xff << (8 - bits); > no. Will fix it. Done -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1191?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ief1495b52ea81cac35d78e40264372d3869423f1 Gerrit-Change-Number: 1191 Gerrit-PatchSet: 4 Gerrit-Owner: plaisthos Gerrit-Reviewer: d12fk Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: ordex Gerrit-CC: openvpn-devel Gerrit-Attention: flichtenheld Gerrit-Attention: ordex Gerrit-Attention: d12fk Gerrit-Comment-Date: Mon, 06 Oct 2025 12:27:05 + Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: plaisthos Comment-In-Reply-To: flichtenheld Comment-In-Reply-To: ordex Comment-In-Reply-To: d12fk ___ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Allow route_ipv6_match_host to be used outside of route.c
Attention is currently required from: d12fk, flichtenheld, ordex.
Hello d12fk, flichtenheld, ordex,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/1191?usp=email
to look at the new patch set (#5).
The following approvals got outdated and were removed:
Code-Review+1 by d12fk
Change subject: Allow route_ipv6_match_host to be used outside of route.c
..
Allow route_ipv6_match_host to be used outside of route.c
Also adjust style a bit to C99
Change-Id: Ief1495b52ea81cac35d78e40264372d3869423f1
Signed-off-by: Arne Schwabe
---
M src/openvpn/route.c
M src/openvpn/route.h
2 files changed, 23 insertions(+), 14 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/91/1191/5
diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index 05a0c8f..0044794 100644
--- a/src/openvpn/route.c
+++ b/src/openvpn/route.c
@@ -710,25 +710,20 @@
return ret;
}
-/* check whether an IPv6 host address is covered by a given route_ipv6
- * (not the most beautiful implementation in the world, but portable and
- * "good enough")
- */
-static bool
-route_ipv6_match_host(const struct route_ipv6 *r6, const struct in6_addr *host)
+bool
+ipv6_net_contains_host(const struct in6_addr *network, unsigned int bits,
const struct in6_addr *host)
{
-unsigned int bits = r6->netbits;
-int i;
-unsigned int mask;
-
+/* not the most beautiful implementation in the world, but portable and
+ * "good enough" */
if (bits > 128)
{
return false;
}
+int i;
for (i = 0; bits >= 8; i++, bits -= 8)
{
-if (r6->network.s6_addr[i] != host->s6_addr[i])
+if (network->s6_addr[i] != host->s6_addr[i])
{
return false;
}
@@ -739,9 +734,9 @@
return true;
}
-mask = 0xff << (8 - bits);
+unsigned int mask = 0xff << (8 - bits);
-if ((r6->network.s6_addr[i] & mask) == (host->s6_addr[i] & mask))
+if ((network->s6_addr[i] & mask) == (host->s6_addr[i] & mask))
{
return true;
}
@@ -830,7 +825,8 @@
* avoiding routing loops, so ignore this part and let
* need_remote_ipv6_route always evaluate to false
*/
-if (remote_host_ipv6 && route_ipv6_match_host(r6,
remote_host_ipv6))
+if (remote_host_ipv6
+&& ipv6_net_contains_host(&r6->network, r6->netbits,
remote_host_ipv6))
{
need_remote_ipv6_route = true;
msg(D_ROUTE,
diff --git a/src/openvpn/route.h b/src/openvpn/route.h
index c5006ae..54fa137 100644
--- a/src/openvpn/route.h
+++ b/src/openvpn/route.h
@@ -426,4 +426,17 @@
return rl && BOOL_CAST(rl->iflags & RL_DID_REDIRECT_DEFAULT_GATEWAY);
}
+
+/**
+ * check whether an IPv6 host address is covered by a given network/bits
+ * @param network the network address
+ * @param bits the network mask
+ * @param host the host address to be checked if it is contained by the network
+ *
+ * @return true if the host address is covered by the network with the given
+ * network mask by bits
+ */
+bool
+ipv6_net_contains_host(const struct in6_addr *network, unsigned int bits,
const struct in6_addr *host);
+
#endif /* ifndef ROUTE_H */
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1191?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings?usp=email
Gerrit-MessageType: newpatchset
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Ief1495b52ea81cac35d78e40264372d3869423f1
Gerrit-Change-Number: 1191
Gerrit-PatchSet: 5
Gerrit-Owner: plaisthos
Gerrit-Reviewer: d12fk
Gerrit-Reviewer: flichtenheld
Gerrit-Reviewer: ordex
Gerrit-CC: openvpn-devel
Gerrit-Attention: flichtenheld
Gerrit-Attention: ordex
Gerrit-Attention: d12fk
___
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Allow route_ipv6_match_host to be used outside of route.c
Attention is currently required from: d12fk, flichtenheld. plaisthos has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1191?usp=email ) Change subject: Allow route_ipv6_match_host to be used outside of route.c .. Patch Set 2: (2 comments) File src/openvpn/route.c: http://gerrit.openvpn.net/c/openvpn/+/1191/comment/2f55ee96_d20f3430 : PS1, Line 726: int i = 0; > Don't have to initialize i as it is done in the loop. No i is used outside the loop in line 740/742 http://gerrit.openvpn.net/c/openvpn/+/1191/comment/5e5c6e75_616c359f : PS1, Line 740: unsigned mask = 0xff << (8 - bits); > any particular reason you left the "int" off here but used in the other > places? no. Will fix it. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1191?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ief1495b52ea81cac35d78e40264372d3869423f1 Gerrit-Change-Number: 1191 Gerrit-PatchSet: 2 Gerrit-Owner: plaisthos Gerrit-Reviewer: flichtenheld Gerrit-CC: d12fk Gerrit-CC: openvpn-devel Gerrit-Attention: flichtenheld Gerrit-Attention: d12fk Gerrit-Comment-Date: Tue, 16 Sep 2025 14:14:01 + Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: flichtenheld Comment-In-Reply-To: d12fk Gerrit-MessageType: comment ___ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Allow route_ipv6_match_host to be used outside of route.c
Attention is currently required from: d12fk, flichtenheld. plaisthos has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1191?usp=email ) Change subject: Allow route_ipv6_match_host to be used outside of route.c .. Patch Set 2: (1 comment) File src/openvpn/route.c: http://gerrit.openvpn.net/c/openvpn/+/1191/comment/3c335e9d_90299601 : PS1, Line 713: /** > Why make this doxygen? The doxygen part is covered by the comment at the > declaration, isn't it? Yeah the doxygen in the header should be good enough -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1191?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ief1495b52ea81cac35d78e40264372d3869423f1 Gerrit-Change-Number: 1191 Gerrit-PatchSet: 2 Gerrit-Owner: plaisthos Gerrit-Reviewer: flichtenheld Gerrit-CC: d12fk Gerrit-CC: openvpn-devel Gerrit-Attention: flichtenheld Gerrit-Attention: d12fk Gerrit-Comment-Date: Tue, 16 Sep 2025 14:35:18 + Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: flichtenheld Gerrit-MessageType: comment ___ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Allow route_ipv6_match_host to be used outside of route.c
Attention is currently required from: flichtenheld, ordex, plaisthos. d12fk has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1191?usp=email ) Change subject: Allow route_ipv6_match_host to be used outside of route.c .. Patch Set 4: Code-Review+1 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1191?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ief1495b52ea81cac35d78e40264372d3869423f1 Gerrit-Change-Number: 1191 Gerrit-PatchSet: 4 Gerrit-Owner: plaisthos Gerrit-Reviewer: d12fk Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: ordex Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: flichtenheld Gerrit-Attention: ordex Gerrit-Comment-Date: Thu, 18 Sep 2025 03:16:24 + Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment ___ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Allow route_ipv6_match_host to be used outside of route.c
Attention is currently required from: flichtenheld, ordex, plaisthos. d12fk has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1191?usp=email ) Change subject: Allow route_ipv6_match_host to be used outside of route.c .. Patch Set 4: (1 comment) File src/openvpn/route.c: http://gerrit.openvpn.net/c/openvpn/+/1191/comment/80b8c376_b808626c : PS1, Line 719: route_ipv6_match_host(const struct in6_addr *network, unsigned int bits, const struct in6_addr *host) > I agree - that also makes it obvious that there is no route involved anymore Done -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1191?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ief1495b52ea81cac35d78e40264372d3869423f1 Gerrit-Change-Number: 1191 Gerrit-PatchSet: 4 Gerrit-Owner: plaisthos Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: ordex Gerrit-CC: d12fk Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: flichtenheld Gerrit-Attention: ordex Gerrit-Comment-Date: Thu, 18 Sep 2025 03:14:36 + Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: ordex Comment-In-Reply-To: d12fk Gerrit-MessageType: comment ___ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Allow route_ipv6_match_host to be used outside of route.c
Attention is currently required from: flichtenheld, ordex, plaisthos.
Hello flichtenheld, ordex,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/1191?usp=email
to look at the new patch set (#4).
The following approvals got outdated and were removed:
Code-Review+1 by ordex
Change subject: Allow route_ipv6_match_host to be used outside of route.c
..
Allow route_ipv6_match_host to be used outside of route.c
Also adjust style a bit to C99
Change-Id: Ief1495b52ea81cac35d78e40264372d3869423f1
Signed-off-by: Arne Schwabe
---
M src/openvpn/route.c
M src/openvpn/route.h
2 files changed, 23 insertions(+), 14 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/91/1191/4
diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index e504485..2bae681 100644
--- a/src/openvpn/route.c
+++ b/src/openvpn/route.c
@@ -710,25 +710,20 @@
return ret;
}
-/* check whether an IPv6 host address is covered by a given route_ipv6
- * (not the most beautiful implementation in the world, but portable and
- * "good enough")
- */
-static bool
-route_ipv6_match_host(const struct route_ipv6 *r6, const struct in6_addr *host)
+bool
+ipv6_net_contains_host(const struct in6_addr *network, unsigned int bits,
const struct in6_addr *host)
{
-unsigned int bits = r6->netbits;
-int i;
-unsigned int mask;
-
+/* (not the most beautiful implementation in the world, but portable and
+ * "good enough") */
if (bits > 128)
{
return false;
}
+int i = 0;
for (i = 0; bits >= 8; i++, bits -= 8)
{
-if (r6->network.s6_addr[i] != host->s6_addr[i])
+if (network->s6_addr[i] != host->s6_addr[i])
{
return false;
}
@@ -739,9 +734,9 @@
return true;
}
-mask = 0xff << (8 - bits);
+unsigned int mask = 0xff << (8 - bits);
-if ((r6->network.s6_addr[i] & mask) == (host->s6_addr[i] & mask))
+if ((network->s6_addr[i] & mask) == (host->s6_addr[i] & mask))
{
return true;
}
@@ -830,7 +825,8 @@
* avoiding routing loops, so ignore this part and let
* need_remote_ipv6_route always evaluate to false
*/
-if (remote_host_ipv6 && route_ipv6_match_host(r6,
remote_host_ipv6))
+if (remote_host_ipv6
+&& ipv6_net_contains_host(&r6->network, r6->netbits,
remote_host_ipv6))
{
need_remote_ipv6_route = true;
msg(D_ROUTE,
diff --git a/src/openvpn/route.h b/src/openvpn/route.h
index 9b6a47e..21f37a2 100644
--- a/src/openvpn/route.h
+++ b/src/openvpn/route.h
@@ -426,4 +426,17 @@
return rl && BOOL_CAST(rl->iflags & RL_DID_REDIRECT_DEFAULT_GATEWAY);
}
+
+/**
+ * check whether an IPv6 host address is covered by a given network/bits
+ * @param network the network address
+ * @param bits the network mask
+ * @param host the host address to be checked if it is contained by the network
+ *
+ * @return true if the host address is covered by the network with the given
+ * network mask by bits
+ */
+bool
+ipv6_net_contains_host(const struct in6_addr *network, unsigned int bits,
const struct in6_addr *host);
+
#endif /* ifndef ROUTE_H */
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1191?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Ief1495b52ea81cac35d78e40264372d3869423f1
Gerrit-Change-Number: 1191
Gerrit-PatchSet: 4
Gerrit-Owner: plaisthos
Gerrit-Reviewer: flichtenheld
Gerrit-Reviewer: ordex
Gerrit-CC: d12fk
Gerrit-CC: openvpn-devel
Gerrit-Attention: plaisthos
Gerrit-Attention: flichtenheld
Gerrit-Attention: ordex
Gerrit-MessageType: newpatchset
___
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Allow route_ipv6_match_host to be used outside of route.c
Attention is currently required from: flichtenheld, plaisthos. ordex has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1191?usp=email ) Change subject: Allow route_ipv6_match_host to be used outside of route.c .. Patch Set 3: Code-Review+1 (4 comments) Patchset: PS3: patch looks good to me, but I have a few nitpicks in line with Heiko's opinion. File src/openvpn/route.c: http://gerrit.openvpn.net/c/openvpn/+/1191/comment/c97633f9_e67e2e01 : PS1, Line 719: route_ipv6_match_host(const struct in6_addr *network, unsigned int bits, const struct in6_addr *host) > The name is somewhat outdated with the new signature of the function. […] I agree - that also makes it obvious that there is no route involved anymore http://gerrit.openvpn.net/c/openvpn/+/1191/comment/128cf6ac_eb198fb9 : PS1, Line 726: int i = 0; > No i is used outside the loop in line 740/742 Heiko said there is no need to "initialize" i. So just drop "= 0" as it's initialized by the for loop. File src/openvpn/route.c: http://gerrit.openvpn.net/c/openvpn/+/1191/comment/336ca137_8e3a6ff8 : PS3, Line 716: /* (not the most beautiful implementation in the world, but portable and maybe drop opening and closing parenthesis? -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1191?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ief1495b52ea81cac35d78e40264372d3869423f1 Gerrit-Change-Number: 1191 Gerrit-PatchSet: 3 Gerrit-Owner: plaisthos Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: ordex Gerrit-CC: d12fk Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: flichtenheld Gerrit-Comment-Date: Tue, 16 Sep 2025 21:03:19 + Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Comment-In-Reply-To: plaisthos Comment-In-Reply-To: d12fk Gerrit-MessageType: comment ___ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Allow route_ipv6_match_host to be used outside of route.c
Attention is currently required from: flichtenheld, plaisthos. d12fk has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1191?usp=email ) Change subject: Allow route_ipv6_match_host to be used outside of route.c .. Patch Set 3: (1 comment) File src/openvpn/route.c: http://gerrit.openvpn.net/c/openvpn/+/1191/comment/829340fe_7ea4f3b8 : PS1, Line 726: int i = 0; > No i is used outside the loop in line 740/742 Yeah, I meant `int i;` is enough here, like it was before. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1191?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ief1495b52ea81cac35d78e40264372d3869423f1 Gerrit-Change-Number: 1191 Gerrit-PatchSet: 3 Gerrit-Owner: plaisthos Gerrit-Reviewer: flichtenheld Gerrit-CC: d12fk Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: flichtenheld Gerrit-Comment-Date: Tue, 16 Sep 2025 20:57:43 + Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: plaisthos Comment-In-Reply-To: d12fk Gerrit-MessageType: comment ___ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Allow route_ipv6_match_host to be used outside of route.c
Attention is currently required from: d12fk, flichtenheld.
Hello flichtenheld,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/1191?usp=email
to look at the new patch set (#3).
Change subject: Allow route_ipv6_match_host to be used outside of route.c
..
Allow route_ipv6_match_host to be used outside of route.c
Also adjust style a bit to C99
Change-Id: Ief1495b52ea81cac35d78e40264372d3869423f1
Signed-off-by: Arne Schwabe
---
M src/openvpn/route.c
M src/openvpn/route.h
2 files changed, 23 insertions(+), 14 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/91/1191/3
diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index e504485..7eb7a1b 100644
--- a/src/openvpn/route.c
+++ b/src/openvpn/route.c
@@ -710,25 +710,20 @@
return ret;
}
-/* check whether an IPv6 host address is covered by a given route_ipv6
- * (not the most beautiful implementation in the world, but portable and
- * "good enough")
- */
-static bool
-route_ipv6_match_host(const struct route_ipv6 *r6, const struct in6_addr *host)
+bool
+route_ipv6_match_host(const struct in6_addr *network, unsigned int bits, const
struct in6_addr *host)
{
-unsigned int bits = r6->netbits;
-int i;
-unsigned int mask;
-
+/* (not the most beautiful implementation in the world, but portable and
+ * "good enough") */
if (bits > 128)
{
return false;
}
+int i = 0;
for (i = 0; bits >= 8; i++, bits -= 8)
{
-if (r6->network.s6_addr[i] != host->s6_addr[i])
+if (network->s6_addr[i] != host->s6_addr[i])
{
return false;
}
@@ -739,9 +734,9 @@
return true;
}
-mask = 0xff << (8 - bits);
+unsigned int mask = 0xff << (8 - bits);
-if ((r6->network.s6_addr[i] & mask) == (host->s6_addr[i] & mask))
+if ((network->s6_addr[i] & mask) == (host->s6_addr[i] & mask))
{
return true;
}
@@ -830,7 +825,8 @@
* avoiding routing loops, so ignore this part and let
* need_remote_ipv6_route always evaluate to false
*/
-if (remote_host_ipv6 && route_ipv6_match_host(r6,
remote_host_ipv6))
+if (remote_host_ipv6
+&& route_ipv6_match_host(&r6->network, r6->netbits,
remote_host_ipv6))
{
need_remote_ipv6_route = true;
msg(D_ROUTE,
diff --git a/src/openvpn/route.h b/src/openvpn/route.h
index 9b6a47e..54abe24 100644
--- a/src/openvpn/route.h
+++ b/src/openvpn/route.h
@@ -426,4 +426,17 @@
return rl && BOOL_CAST(rl->iflags & RL_DID_REDIRECT_DEFAULT_GATEWAY);
}
+
+/**
+ * check whether an IPv6 host address is covered by a given route_ipv6
+ * @param network the network address
+ * @param bits the network mask
+ * @param host the host address to be checked if it is contained by the network
+ *
+ * @return true if the host address is covered by the network with the given
+ * network mask by bits
+ */
+bool
+route_ipv6_match_host(const struct in6_addr *network, unsigned int bits, const
struct in6_addr *host);
+
#endif /* ifndef ROUTE_H */
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1191?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Ief1495b52ea81cac35d78e40264372d3869423f1
Gerrit-Change-Number: 1191
Gerrit-PatchSet: 3
Gerrit-Owner: plaisthos
Gerrit-Reviewer: flichtenheld
Gerrit-CC: d12fk
Gerrit-CC: openvpn-devel
Gerrit-Attention: flichtenheld
Gerrit-Attention: d12fk
Gerrit-MessageType: newpatchset
___
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Allow route_ipv6_match_host to be used outside of route.c
Attention is currently required from: plaisthos. flichtenheld has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1191?usp=email ) Change subject: Allow route_ipv6_match_host to be used outside of route.c .. Patch Set 1: (2 comments) File src/openvpn/route.c: http://gerrit.openvpn.net/c/openvpn/+/1191/comment/1fc5a8a3_d7b71b82 : PS1, Line 713: /** Why make this doxygen? The doxygen part is covered by the comment at the declaration, isn't it? http://gerrit.openvpn.net/c/openvpn/+/1191/comment/c57f9efb_cf95f1a2 : PS1, Line 740: unsigned mask = 0xff << (8 - bits); any particular reason you left the "int" off here but used in the other places? -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1191?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ief1495b52ea81cac35d78e40264372d3869423f1 Gerrit-Change-Number: 1191 Gerrit-PatchSet: 1 Gerrit-Owner: plaisthos Gerrit-Reviewer: flichtenheld Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Comment-Date: Tue, 16 Sep 2025 11:50:39 + Gerrit-HasComments: Yes Gerrit-Has-Labels: No Gerrit-MessageType: comment ___ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Allow route_ipv6_match_host to be used outside of route.c
Attention is currently required from: plaisthos. d12fk has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1191?usp=email ) Change subject: Allow route_ipv6_match_host to be used outside of route.c .. Patch Set 1: (2 comments) File src/openvpn/route.c: http://gerrit.openvpn.net/c/openvpn/+/1191/comment/1b0d244a_0432b565 : PS1, Line 719: route_ipv6_match_host(const struct in6_addr *network, unsigned int bits, const struct in6_addr *host) The name is somewhat outdated with the new signature of the function. Maybe something like `ipv6_net_contains_host` would fit better now. http://gerrit.openvpn.net/c/openvpn/+/1191/comment/b5f1c14b_74c1e681 : PS1, Line 726: int i = 0; Don't have to initialize i as it is done in the loop. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1191?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ief1495b52ea81cac35d78e40264372d3869423f1 Gerrit-Change-Number: 1191 Gerrit-PatchSet: 1 Gerrit-Owner: plaisthos Gerrit-Reviewer: flichtenheld Gerrit-CC: d12fk Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Comment-Date: Tue, 16 Sep 2025 12:12:28 + Gerrit-HasComments: Yes Gerrit-Has-Labels: No Gerrit-MessageType: comment ___ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Allow route_ipv6_match_host to be used outside of route.c
Attention is currently required from: flichtenheld.
Hello flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/1191?usp=email
to review the following change.
Change subject: Allow route_ipv6_match_host to be used outside of route.c
..
Allow route_ipv6_match_host to be used outside of route.c
Also adjust style a bit to C99
Change-Id: Ief1495b52ea81cac35d78e40264372d3869423f1
Signed-off-by: Arne Schwabe
---
M src/openvpn/route.c
M src/openvpn/route.h
2 files changed, 23 insertions(+), 11 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/91/1191/1
diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index e504485..8be3f65 100644
--- a/src/openvpn/route.c
+++ b/src/openvpn/route.c
@@ -710,25 +710,23 @@
return ret;
}
-/* check whether an IPv6 host address is covered by a given route_ipv6
+/**
+ * check whether an IPv6 host address is covered by a given route_ipv6
* (not the most beautiful implementation in the world, but portable and
* "good enough")
*/
-static bool
-route_ipv6_match_host(const struct route_ipv6 *r6, const struct in6_addr *host)
+bool
+route_ipv6_match_host(const struct in6_addr *network, unsigned int bits, const
struct in6_addr *host)
{
-unsigned int bits = r6->netbits;
-int i;
-unsigned int mask;
-
if (bits > 128)
{
return false;
}
+int i = 0;
for (i = 0; bits >= 8; i++, bits -= 8)
{
-if (r6->network.s6_addr[i] != host->s6_addr[i])
+if (network->s6_addr[i] != host->s6_addr[i])
{
return false;
}
@@ -739,9 +737,9 @@
return true;
}
-mask = 0xff << (8 - bits);
+unsigned mask = 0xff << (8 - bits);
-if ((r6->network.s6_addr[i] & mask) == (host->s6_addr[i] & mask))
+if ((network->s6_addr[i] & mask) == (host->s6_addr[i] & mask))
{
return true;
}
@@ -830,7 +828,8 @@
* avoiding routing loops, so ignore this part and let
* need_remote_ipv6_route always evaluate to false
*/
-if (remote_host_ipv6 && route_ipv6_match_host(r6,
remote_host_ipv6))
+if (remote_host_ipv6
+&& route_ipv6_match_host(&r6->network, r6->netbits,
remote_host_ipv6))
{
need_remote_ipv6_route = true;
msg(D_ROUTE,
diff --git a/src/openvpn/route.h b/src/openvpn/route.h
index 9b6a47e..54abe24 100644
--- a/src/openvpn/route.h
+++ b/src/openvpn/route.h
@@ -426,4 +426,17 @@
return rl && BOOL_CAST(rl->iflags & RL_DID_REDIRECT_DEFAULT_GATEWAY);
}
+
+/**
+ * check whether an IPv6 host address is covered by a given route_ipv6
+ * @param network the network address
+ * @param bits the network mask
+ * @param host the host address to be checked if it is contained by the network
+ *
+ * @return true if the host address is covered by the network with the given
+ * network mask by bits
+ */
+bool
+route_ipv6_match_host(const struct in6_addr *network, unsigned int bits, const
struct in6_addr *host);
+
#endif /* ifndef ROUTE_H */
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1191?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Ief1495b52ea81cac35d78e40264372d3869423f1
Gerrit-Change-Number: 1191
Gerrit-PatchSet: 1
Gerrit-Owner: plaisthos
Gerrit-Reviewer: flichtenheld
Gerrit-CC: openvpn-devel
Gerrit-Attention: flichtenheld
Gerrit-MessageType: newchange
___
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
