From: Samuel T. <sam...@en...> - 2013-03-31 23:30:07
|
Hello, To make it short: yes, the ipv6 pool environment variables are useful, for user-defined scripts to be run at connection for instance to propagate routes, do accounting, etc. The patch below adds them. Thanks, Samuel Add IPv6 pool environment variables Add ifconfig_ipv6_pool_local_ip, ifconfig_ipv6_pool_remote_ip and ifconfig_ipv6_pool_netbits environment variables, similar to ifconfig_pool_local_ip, ifconfig_pool_remote_ip, and ifconfig_pool_netmask. Signed-off-by: Samuel Thibault <sam...@en...> diff --git a/doc/openvpn.8 b/doc/openvpn.8 index d590714..70a8f35 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -5755,6 +5755,60 @@ and scripts. .\"********************************************************* .TP +.B ifconfig_ipv6_pool_local_ip +The local +virtual IPv6 address for the TUN/TAP tunnel taken from an +.B \-\-ifconfig-ipv6-push +directive if specified, or otherwise from +the ifconfig pool (controlled by the +.B \-\-ifconfig-ipv6-pool +config file directive). +Only set for +.B \-\-dev tun +tunnels. +This option is set on the server prior to execution +of the +.B \-\-client-connect +and +.B \-\-client-disconnect +scripts. +.\"********************************************************* +.TP +.B ifconfig_ipv6_pool_netbits +The +size of the virtual IPv6 netmask for the TUN/TAP tunnel taken from an +.B \-\-ifconfig-ipv6-push +directive if specified, or otherwise from +the ifconfig pool (controlled by the +.B \-\-ifconfig-ipv6-pool +config file directive). +Only set for +.B \-\-dev tap +tunnels. +This option is set on the server prior to execution +of the +.B \-\-client-connect +and +.B \-\-client-disconnect +scripts. +.\"********************************************************* +.TP +.B ifconfig_ipv6_pool_remote_ip +The remote +virtual IPv6 address for the TUN/TAP tunnel taken from an +.B \-\-ifconfig-ipv6-push +directive if specified, or otherwise from +the ifconfig pool (controlled by the +.B \-\-ifconfig-ipv6-pool +config file directive). +This option is set on the server prior to execution +of the +.B \-\-client-connect +and +.B \-\-client-disconnect +scripts. +.\"********************************************************* +.TP .B link_mtu The maximum packet size (not including the IP header) of tunnel data in UDP tunnel transport mode. diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c index 0a4542a..72686f3 100644 --- a/src/openvpn/manage.c +++ b/src/openvpn/manage.c @@ -2283,6 +2283,8 @@ env_filter_match (const char *env_str, const int env_filter_level) "dev=", "ifconfig_pool_remote_ip=", "ifconfig_pool_netmask=", + "ifconfig_ipv6_pool_remote_ip=", + "ifconfig_ipv6_pool_netbits=", "time_duration=", "bytes_sent=", "bytes_received=" diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index ab3f10c..d38cc8e 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -1426,10 +1426,35 @@ multi_set_virtual_addr_env (struct multi_context *m, struct multi_instance *mi) } } - /* TODO: I'm not exactly sure what these environment variables are - * used for, but if we have them for IPv4, we should also have - * them for IPv6, no? - */ + setenv_del (mi->context.c2.es, "ifconfig_ipv6_pool_local_ip"); + setenv_del (mi->context.c2.es, "ifconfig_ipv6_pool_remote_ip"); + setenv_del (mi->context.c2.es, "ifconfig_ipv6_pool_netbits"); + + if (mi->context.c2.push_ifconfig_ipv6_defined) + { + const int tunnel_type = TUNNEL_TYPE (mi->context.c1.tuntap); + const int tunnel_topology = TUNNEL_TOPOLOGY (mi->context.c1.tuntap); + + setenv_in6_addr_t (mi->context.c2.es, + "ifconfig_ipv6_pool_remote_ip", + &mi->context.c2.push_ifconfig_ipv6_local, + SA_SET_IF_NONZERO); + + if (tunnel_type == DEV_TYPE_TAP || (tunnel_type == DEV_TYPE_TUN && tunnel_topology == TOP_SUBNET)) + { + setenv_int (mi->context.c2.es, + "ifconfig_ipv6_pool_netbits", + mi->context.c2.push_ifconfig_ipv6_netbits); + } + else if (tunnel_type == DEV_TYPE_TUN) + { + setenv_in6_addr_t (mi->context.c2.es, + "ifconfig_ipv6_pool_local_ip", + &mi->context.c2.push_ifconfig_ipv6_remote, + SA_SET_IF_NONZERO); + } + } + } /* diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index 8eb112b..8eb27f6 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -2381,7 +2381,10 @@ setenv_sockaddr (struct env_set *es, const char *name_prefix, const struct openv } break; case AF_INET6: - openvpn_snprintf (name_buf, sizeof (name_buf), "%s_ip6", name_prefix); + if (flags & SA_IP_PORT) + openvpn_snprintf (name_buf, sizeof (name_buf), "%s_ip6", name_prefix); + else + openvpn_snprintf (name_buf, sizeof (name_buf), "%s", name_prefix); getnameinfo(&addr->addr.sa, sizeof (struct sockaddr_in6), buf, sizeof(buf), NULL, 0, NI_NUMERICHOST); setenv_str (es, name_buf, buf); @@ -2409,6 +2412,19 @@ setenv_in_addr_t (struct env_set *es, const char *name_prefix, in_addr_t addr, c } void +setenv_in6_addr_t (struct env_set *es, const char *name_prefix, struct in6_addr *addr, const bool flags) +{ + if ( memcmp(addr, &in6addr_any, sizeof(*addr)) != 0 || !(flags & SA_SET_IF_NONZERO)) + { + struct openvpn_sockaddr si; + CLEAR (si); + si.addr.in6.sin6_family = AF_INET6; + si.addr.in6.sin6_addr = *addr; + setenv_sockaddr (es, name_prefix, &si, flags); + } +} + +void setenv_link_socket_actual (struct env_set *es, const char *name_prefix, const struct link_socket_actual *act, diff --git a/src/openvpn/socket.h b/src/openvpn/socket.h index 4e7e7f8..788e6ee 100644 --- a/src/openvpn/socket.h +++ b/src/openvpn/socket.h @@ -383,6 +383,11 @@ void setenv_in_addr_t (struct env_set *es, in_addr_t addr, const unsigned int flags); +void setenv_in6_addr_t (struct env_set *es, + const char *name_prefix, + struct in6_addr *addr, + const bool flags); + void setenv_link_socket_actual (struct env_set *es, const char *name_prefix, const struct link_socket_actual *act, |