[Openvpn-devel] [S] Change in openvpn[master]: redirect-gateway: Only redirect traffic through TUN if address famili...

[mrbff (C. Review) <ge...@op...>]

Attention is currently required from: cron2, flichtenheld, plaisthos.

Hello flichtenheld, plaisthos, 

I'd like you to reexamine a change. Please visit

    http://gerrit.openvpn.net/c/openvpn/+/1210?usp=email

to look at the new patch set (#2).


Change subject: redirect-gateway: Only redirect traffic through TUN if address families match
......................................................................

redirect-gateway: Only redirect traffic through TUN if address families match

Fixes an ifconfig push-reply bug where, if the remote is switched and the new
TUN has a different address family, the previous ifconfig options remain
assigned to the new TUN.

Adds a check in do_init_route_ipv6_list() to add default routes toward the TUN
only if the TUN has IPv6 addresses.

Change-Id: Ib3458a9ed2eb38e00184c4a92659b83b97fe476c
---
M src/openvpn/init.c
M src/openvpn/options.c
2 files changed, 13 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/10/1210/2

diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index f8a0fee..aaa0573 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -1523,7 +1523,7 @@
 
     /* redirect (IPv6) gateway to VPN?  if yes, add a few more specifics
      */
-    if (options->routes_ipv6->flags & RG_REROUTE_GW)
+    if (options->routes_ipv6->flags & RG_REROUTE_GW && options->ifconfig_ipv6_local)
     {
         char *opt_list[] = { "::/3", "2000::/4", "3000::/4", "fc00::/7", NULL };
         int i;
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index f35738d..185233f 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -5470,6 +5470,18 @@
     const msglvl_t msglevel = D_PUSH_ERRORS | M_OPTERR;
     unsigned int update_options_found = 0;
 
+    /* When receiving a PUSH_REPLY, reset the ifconfig options to prevent
+     * stale data conflicts. This could be necessary when the new address has a
+     * different address family than the previous one. */
+    if (!is_update)
+    {
+        options->ifconfig_local = NULL;
+        options->ifconfig_remote_netmask = NULL;
+        options->ifconfig_ipv6_local = NULL;
+        options->ifconfig_ipv6_netbits = 0;
+        options->ifconfig_ipv6_remote = NULL;
+    }
+
     while (buf_parse(buf, ',', line, sizeof(line)))
     {
         char *p[MAX_PARMS + 1];

-- 
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1210?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email

Gerrit-MessageType: newpatchset
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Ib3458a9ed2eb38e00184c4a92659b83b97fe476c
Gerrit-Change-Number: 1210
Gerrit-PatchSet: 2
Gerrit-Owner: mrbff <ma...@ma...>
Gerrit-Reviewer: flichtenheld <fr...@li...>
Gerrit-Reviewer: plaisthos <arn...@rf...>
Gerrit-CC: cron2 <ge...@gr...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-Attention: plaisthos <arn...@rf...>
Gerrit-Attention: cron2 <ge...@gr...>
Gerrit-Attention: flichtenheld <fr...@li...>