funny enough, neither Azure, nor GCP are running ipv6.
well, GCP images are compiled with ipv6 support actually.
2016-09-17 14:23 GMT+05:00 Arne Schwabe <a...@rfc2549.org>:
> This option was useful when Ipv6 tun support was non standard and was an
> internal/user specified flag that tracked the Ipv6 capability of the tun
> device.
>
> All supported OS support IPv6. Also tun-ipv6 is pushable by the remote so
> not putting tun-ipv6 does not forbid ipv6 addresses.
>
> This commit also clean up a bit of the ipv6 related tun.c. Changes for
> most platforms are minimal.
>
> For linux a bit more cleanup is done:
>
> - Remove compatibility defines that were added 2008
> - Always use IFF_NO_PI for the linux tun and not only for IPv4 only tun
> setups (Android also always IFF_NO_PI works fine with Ipv6).
>
> This commit also remove a non ipv6 fallback for tap driver from OpenVPN
> 2.2-beta or earlier and only warns.
>
> Patch V2: Integrate Gert's comments
> ---
> src/openvpn/helper.c | 2 -
> src/openvpn/init.c | 7 +---
> src/openvpn/multi.c | 8 ++--
> src/openvpn/options.c | 11 +----
> src/openvpn/options.h | 1 -
> src/openvpn/route.c | 13 ++----
> src/openvpn/tun.c | 110 ++++++++++--------------------
> --------------------
> src/openvpn/tun.h | 2 -
> 8 files changed, 30 insertions(+), 124 deletions(-)
>
> diff --git a/src/openvpn/helper.c b/src/openvpn/helper.c
> index 62f88ec..229523d 100644
> --- a/src/openvpn/helper.c
> +++ b/src/openvpn/helper.c
> @@ -200,8 +200,6 @@ helper_client_server (struct options *o)
> add_in6_addr( o->server_network_ipv6, 0x1000 );
> o->ifconfig_ipv6_pool_netbits = o->server_netbits_ipv6;
>
> - o->tun_ipv6 = true;
> -
> push_option( o, "tun-ipv6", M_USAGE );
> }
>
> diff --git a/src/openvpn/init.c b/src/openvpn/init.c
> index 9236a9f..e9eb6c7 100644
> --- a/src/openvpn/init.c
> +++ b/src/openvpn/init.c
> @@ -1400,9 +1400,6 @@ do_init_tun (struct context *c)
> !c->options.ifconfig_nowarn,
> c->c2.es);
>
> - /* flag tunnel for IPv6 config if --tun-ipv6 is set */
> - c->c1.tuntap->ipv6 = c->options.tun_ipv6;
> -
> init_tun_post (c->c1.tuntap,
> &c->c2.frame,
> &c->options.tuntap_options);
> @@ -1420,8 +1417,8 @@ do_open_tun (struct context *c)
> struct gc_arena gc = gc_new ();
> bool ret = false;
>
> - c->c2.ipv4_tun = (!c->options.tun_ipv6
> - && is_dev_type (c->options.dev, c->options.dev_type,
> "tun"));
> + //c->c2.ipv4_tun = (!c->options.tun_ipv6
> + // && is_dev_type (c->options.dev, c->options.dev_type,
> "tun"));
>
> #ifndef TARGET_ANDROID
> if (!c->c1.tuntap)
> diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
> index ba7f2c0..228b393 100644
> --- a/src/openvpn/multi.c
> +++ b/src/openvpn/multi.c
> @@ -1377,8 +1377,7 @@ multi_select_virtual_addr (struct multi_context *m,
> struct multi_instance *mi)
> * (see below) so issue a warning if that happens - don't break the
> * session, though, as we don't even know if this client WANTS IPv6
> */
> - if ( mi->context.c1.tuntap->ipv6 &&
> - mi->context.options.ifconfig_ipv6_pool_defined &&
> + if ( mi->context.options.ifconfig_ipv6_pool_defined &&
> ! mi->context.options.push_ifconfig_ipv6_defined )
> {
> msg( M_INFO, "MULTI_sva: WARNING: if --ifconfig-push is used for
> IPv4, automatic IPv6 assignment from --ifconfig-ipv6-pool does not work.
> Use --ifconfig-ipv6-push for IPv6 then." );
> @@ -1451,8 +1450,7 @@ multi_select_virtual_addr (struct multi_context *m,
> struct multi_instance *mi)
> * way round ("dynamic IPv4, static IPv6") or "both static" makes sense
> * -> and so it's implemented right now
> */
> - if ( mi->context.c1.tuntap->ipv6 &&
> - mi->context.options.push_ifconfig_ipv6_defined )
> + if ( mi->context.options.push_ifconfig_ipv6_defined )
> {
> mi->context.c2.push_ifconfig_ipv6_local =
> mi->context.options.push_ifconfig_ipv6_local;
> @@ -1510,7 +1508,7 @@ multi_set_virtual_addr_env (struct multi_context *m,
> struct multi_instance *mi)
> setenv_del (mi->context.c2.es, "ifconfig_pool_remote_ip6");
> setenv_del (mi->context.c2.es, "ifconfig_pool_ip6_netbits");
>
> - if (mi->context.c1.tuntap->ipv6 && mi->context.c2.push_ifconfig_
> ipv6_defined)
> + if (mi->context.c2.push_ifconfig_ipv6_defined)
> {
> setenv_in6_addr (mi->context.c2.es,
> "ifconfig_pool_remote",
> diff --git a/src/openvpn/options.c b/src/openvpn/options.c
> index e052042..0bab660 100644
> --- a/src/openvpn/options.c
> +++ b/src/openvpn/options.c
> @@ -1496,7 +1496,6 @@ show_settings (const struct options *o)
> SHOW_STR (dev_node);
> SHOW_STR (lladdr);
> SHOW_INT (topology);
> - SHOW_BOOL (tun_ipv6);
> SHOW_STR (ifconfig_local);
> SHOW_STR (ifconfig_remote_netmask);
> SHOW_BOOL (ifconfig_noexec);
> @@ -2099,10 +2098,6 @@ options_postprocess_verify_ce (const struct options
> *options, const struct conne
> options->connection_list->array[0]->remote)
> msg (M_USAGE, "<connection> cannot be used with --mode server");
>
> -#if 0
> - if (options->tun_ipv6)
> - msg (M_USAGE, "--tun-ipv6 cannot be used with --mode server");
> -#endif
> if (options->shaper)
> msg (M_USAGE, "--shaper cannot be used with --mode server");
> if (options->inetd)
> @@ -2126,9 +2121,6 @@ options_postprocess_verify_ce (const struct options
> *options, const struct conne
> msg (M_USAGE, "--ifconfig-pool-persist must be used with
> --ifconfig-pool");
> if (options->ifconfig_ipv6_pool_defined &&
> !options->ifconfig_ipv6_local )
> msg (M_USAGE, "--ifconfig-ipv6-pool needs --ifconfig-ipv6");
> - if (options->ifconfig_ipv6_local && !options->tun_ipv6 )
> - msg (M_INFO, "Warning: --ifconfig-ipv6 without --tun-ipv6 will not
> do IPv6");
> -
> if (options->auth_user_pass_file)
> msg (M_USAGE, "--auth-user-pass cannot be used with --mode server
> (it should be used on the client side only)");
> if (options->ccd_exclusive && !options->client_config_dir)
> @@ -3077,7 +3069,7 @@ options_string (const struct options *o,
> /* send tun_ipv6 only in peer2peer mode - in client/server mode, it
> * is usually pushed by the server, triggering a non-helpful warning
> */
> - if (o->tun_ipv6 && o->mode == MODE_POINT_TO_POINT && !PULL_DEFINED(o))
> + if (o->ifconfig_ipv6_local && o->mode == MODE_POINT_TO_POINT &&
> !PULL_DEFINED(o))
> buf_printf (&out, ",tun-ipv6");
>
> /*
> @@ -4578,7 +4570,6 @@ add_option (struct options *options,
> else if (streq (p[0], "tun-ipv6") && !p[1])
> {
> VERIFY_PERMISSION (OPT_P_UP);
> - options->tun_ipv6 = true;
> }
> #ifdef ENABLE_IPROUTE
> else if (streq (p[0], "iproute") && p[1] && !p[2])
> diff --git a/src/openvpn/options.h b/src/openvpn/options.h
> index 9b7b57c..b7453a0 100644
> --- a/src/openvpn/options.h
> +++ b/src/openvpn/options.h
> @@ -251,7 +251,6 @@ struct options
> int ping_send_timeout; /* Send a TCP/UDP ping to remote every n
> seconds */
> int ping_rec_timeout; /* Expect a TCP/UDP ping from remote at
> least once every n seconds */
> bool ping_timer_remote; /* Run ping timer only if we have a
> remote address */
> - bool tun_ipv6; /* Build tun dev that supports IPv6 */
>
> # define PING_UNDEF 0
> # define PING_EXIT 1
> diff --git a/src/openvpn/route.c b/src/openvpn/route.c
> index 85aec71..82855d6 100644
> --- a/src/openvpn/route.c
> +++ b/src/openvpn/route.c
> @@ -1729,10 +1729,10 @@ add_route_ipv6 (struct route_ipv6 *r6, const
> struct tuntap *tt, unsigned int fla
> }
> #endif
>
> - if ( !tt->ipv6 )
> + if (!tt->did_ifconfig_ipv6_setup)
> {
> - msg( M_INFO, "add_route_ipv6(): not adding %s/%d, no IPv6 on if %s",
> - network, r6->netbits, device );
> + msg( M_INFO, "add_route_ipv6(): not adding %s/%d, no IPv6 ifconfig
> on if %s",
> + network, r6->netbits, device);
> return;
> }
>
> @@ -2159,13 +2159,6 @@ delete_route_ipv6 (const struct route_ipv6 *r6,
> const struct tuntap *tt, unsigne
> }
> #endif
>
> - if ( !tt->ipv6 )
> - {
> - msg( M_INFO, "delete_route_ipv6(): not deleting %s/%d, no IPv6 on
> if %s",
> - network, r6->netbits, device );
> - return;
> - }
> -
> msg( M_INFO, "delete_route_ipv6(%s/%d)", network, r6->netbits );
>
> /* if we used a gateway on "add route", we also need to specify it on
> diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
> index b7a29f7..2fbb33c 100644
> --- a/src/openvpn/tun.c
> +++ b/src/openvpn/tun.c
> @@ -741,8 +741,8 @@ do_ifconfig (struct tuntap *tt,
>
> argv_init (&argv);
>
> - msg( M_INFO, "do_ifconfig, tt->ipv6=%d,
> tt->did_ifconfig_ipv6_setup=%d",
> - tt->ipv6, tt->did_ifconfig_ipv6_setup );
> + msg( M_INFO, "do_ifconfig, tt->did_ifconfig_ipv6_setup=%d",
> + tt->did_ifconfig_ipv6_setup );
>
> /*
> * We only handle TUN/TAP devices here, not --dev null devices.
> @@ -755,7 +755,7 @@ do_ifconfig (struct tuntap *tt,
> ifconfig_local = print_in_addr_t (tt->local, 0, &gc);
> ifconfig_remote_netmask = print_in_addr_t (tt->remote_netmask, 0,
> &gc);
>
> - if ( tt->ipv6 && tt->did_ifconfig_ipv6_setup )
> + if (tt->did_ifconfig_ipv6_setup )
> {
> ifconfig_ipv6_local = print_in6_addr (tt->local_ipv6, 0, &gc);
> ifconfig_ipv6_remote = print_in6_addr (tt->remote_ipv6, 0, &gc);
> @@ -1127,6 +1127,8 @@ do_ifconfig (struct tuntap *tt,
> if ( do_ipv6 )
> {
> #ifdef NETBSD_MULTI_AF
> +#error no IPv6 support for tun interfaces on NetBSD before 4.0, upgrade
> your system.
> +#endif
> argv_printf (&argv,
> "%s %s inet6 %s/%d",
> IFCONFIG_PATH,
> @@ -1139,10 +1141,6 @@ do_ifconfig (struct tuntap *tt,
>
> /* and, hooray, we explicitely need to add a route... */
> add_route_connected_v6_net(tt, es);
> -#else
> - msg( M_INFO, "no IPv6 support for tun interfaces on NetBSD
> before 4.0 (if your system is newer, recompile openvpn)" );
> - tt->ipv6 = false;
> -#endif
> }
> tt->did_ifconfig = true;
>
> @@ -1425,7 +1423,6 @@ clear_tuntap (struct tuntap *tuntap)
> #ifdef TARGET_SOLARIS
> tuntap->ip_fd = -1;
> #endif
> - tuntap->ipv6 = false;
> }
>
> static void
> @@ -1478,7 +1475,7 @@ write_tun_header (struct tuntap* tt, uint8_t *buf,
> int len)
>
> iph = (struct ip *) buf;
>
> - if (tt->ipv6 && iph->ip_v == 6)
> + if (iph->ip_v == 6)
> type = htonl (AF_INET6);
> else
> type = htonl (AF_INET);
> @@ -1526,7 +1523,7 @@ open_tun_generic (const char *dev, const char
> *dev_type, const char *dev_node,
> bool dynamic_opened = false;
>
>
> - if ( tt->ipv6 && ! ipv6_explicitly_supported )
> + if ( ! ipv6_explicitly_supported )
> msg (M_WARN, "NOTE: explicit support for IPv6 tun devices is not
> provided for this OS");
>
> if (tt->type == DEV_TYPE_NULL)
> @@ -1710,7 +1707,6 @@ read_tun (struct tuntap* tt, uint8_t *buf, int len)
> }
>
> #elif defined(TARGET_LINUX)
> -#ifdef HAVE_LINUX_IF_TUN_H /* New driver support */
>
> #ifndef HAVE_LINUX_SOCKIOS_H
> #error header file linux/sockios.h required
> @@ -1751,8 +1747,7 @@ open_tun (const char *dev, const char *dev_type,
> const char *dev_node, struct tu
> * Process --tun-ipv6
> */
> CLEAR (ifr);
> - if (!tt->ipv6)
> - ifr.ifr_flags = IFF_NO_PI;
> + ifr.ifr_flags = IFF_NO_PI;
>
> #if defined(IFF_ONE_QUEUE) && defined(SIOCSIFTXQLEN)
> ifr.ifr_flags |= IFF_ONE_QUEUE;
> @@ -1833,32 +1828,10 @@ open_tun (const char *dev, const char *dev_type,
> const char *dev_node, struct tu
> ASSERT (0);
> }
>
> -#endif
> -
> -#else
> -
> -void
> -open_tun (const char *dev, const char *dev_type, const char *dev_node,
> struct tuntap *tt)
> -{
> - open_tun_generic (dev, dev_type, dev_node, false, true, tt);
> -}
> -
> -#endif /* HAVE_LINUX_IF_TUN_H */
> +#endif /* !PENDANTIC */
>
> #ifdef ENABLE_FEATURE_TUN_PERSIST
>
> -/*
> - * This can be removed in future
> - * when all systems will use newer
> - * linux-headers
> - */
> -#ifndef TUNSETOWNER
> -#define TUNSETOWNER _IOW('T', 204, int)
> -#endif
> -#ifndef TUNSETGROUP
> -#define TUNSETGROUP _IOW('T', 206, int)
> -#endif
> -
> void
> tuncfg (const char *dev, const char *dev_type, const char *dev_node, int
> persist_mode, const char *username, const char *groupname, const struct
> tuntap_options *options)
> {
> @@ -1940,7 +1913,7 @@ close_tun (struct tuntap *tt)
> argv_msg (M_INFO, &argv);
> openvpn_execve_check (&argv, NULL, 0, "Linux ip addr del
> failed");
>
> - if (tt->ipv6 && tt->did_ifconfig_ipv6_setup)
> + if (tt->did_ifconfig_ipv6_setup)
> {
> const char * ifconfig_ipv6_local = print_in6_addr
> (tt->local_ipv6, 0, &gc);
>
> @@ -1977,53 +1950,13 @@ close_tun (struct tuntap *tt)
> int
> write_tun (struct tuntap* tt, uint8_t *buf, int len)
> {
> - if (tt->ipv6)
> - {
> - struct tun_pi pi;
> - struct iphdr *iph;
> - struct iovec vect[2];
> - int ret;
> -
> - iph = (struct iphdr *)buf;
> -
> - pi.flags = 0;
> -
> - if(iph->version == 6)
> - pi.proto = htons(OPENVPN_ETH_P_IPV6);
> - else
> - pi.proto = htons(OPENVPN_ETH_P_IPV4);
> -
> - vect[0].iov_len = sizeof(pi);
> - vect[0].iov_base = π
> - vect[1].iov_len = len;
> - vect[1].iov_base = buf;
> -
> - ret = writev(tt->fd, vect, 2);
> - return(ret - sizeof(pi));
> - }
> - else
> - return write (tt->fd, buf, len);
> + return write (tt->fd, buf, len);
> }
>
> int
> read_tun (struct tuntap* tt, uint8_t *buf, int len)
> {
> - if (tt->ipv6)
> - {
> - struct iovec vect[2];
> - struct tun_pi pi;
> - int ret;
> -
> - vect[0].iov_len = sizeof(pi);
> - vect[0].iov_base = π
> - vect[1].iov_len = len;
> - vect[1].iov_base = buf;
> -
> - ret = readv(tt->fd, vect, 2);
> - return(ret - sizeof(pi));
> - }
> - else
> - return read (tt->fd, buf, len);
> + return read (tt->fd, buf, len);
> }
>
> #elif defined(TARGET_SOLARIS)
> @@ -2227,7 +2160,7 @@ solaris_close_tun (struct tuntap *tt)
> if (tt)
> {
> /* IPv6 interfaces need to be 'manually' de-configured */
> - if ( tt->ipv6 && tt->did_ifconfig_ipv6_setup )
> + if ( tt->did_ifconfig_ipv6_setup )
> {
> struct argv argv;
> argv_init (&argv);
> @@ -2518,7 +2451,7 @@ write_tun (struct tuntap* tt, uint8_t *buf, int len)
>
> iph = (struct openvpn_iphdr *) buf;
>
> - if (tt->ipv6 && OPENVPN_IPH_GET_VER(iph->version_len) == 6)
> + if (OPENVPN_IPH_GET_VER(iph->version_len) == 6)
> type = htonl (AF_INET6);
> else
> type = htonl (AF_INET);
> @@ -2644,7 +2577,7 @@ write_tun (struct tuntap* tt, uint8_t *buf, int len)
>
> iph = (struct ip *) buf;
>
> - if (tt->ipv6 && iph->ip_v == 6)
> + if (iph->ip_v == 6)
> type = htonl (AF_INET6);
> else
> type = htonl (AF_INET);
> @@ -2727,7 +2660,7 @@ write_tun (struct tuntap* tt, uint8_t *buf, int len)
>
> iph = (struct ip *) buf;
>
> - if (tt->ipv6 && iph->ip_v == 6)
> + if (iph->ip_v == 6)
> type = htonl (AF_INET6);
> else
> type = htonl (AF_INET);
> @@ -2954,7 +2887,7 @@ close_tun (struct tuntap* tt)
> struct argv argv;
> argv_init (&argv);
>
> - if ( tt->ipv6 && tt->did_ifconfig_ipv6_setup )
> + if (tt->did_ifconfig_ipv6_setup )
> {
> const char * ifconfig_ipv6_local =
> print_in6_addr (tt->local_ipv6, 0, &gc);
> @@ -5182,7 +5115,7 @@ open_tun (const char *dev, const char *dev_type,
> const char *dev_node, struct tu
>
> /*netcmd_semaphore_lock ();*/
>
> - msg( M_INFO, "open_tun, tt->ipv6=%d", tt->ipv6 );
> + msg( M_INFO, "open_tun");
>
> if (tt->type == DEV_TYPE_NULL)
> {
> @@ -5308,11 +5241,10 @@ open_tun (const char *dev, const char *dev_type,
> const char *dev_node, struct tu
> /* usage of numeric constants is ugly, but this is really tied to
> * *this* version of the driver
> */
> - if ( tt->ipv6 && tt->type == DEV_TYPE_TUN &&
> + if (tt->type == DEV_TYPE_TUN &&
> info[0] == 9 && info[1] < 8)
> {
> - msg( M_INFO, "WARNING: Tap-Win32 driver version %d.%d does not
> support IPv6 in TUN mode. IPv6 will be disabled. Upgrade to Tap-Win32 9.8
> (2.2-beta3 release or later) or use TAP mode to get IPv6", (int) info[0],
> (int) info[1] );
> - tt->ipv6 = false;
> + msg( M_INFO, "WARNING: Tap-Win32 driver version %d.%d does not
> support IPv6 in TUN mode. IPv6 will not work. Upgrade to Tap-Win32 9.8
> (2.2-beta3 release or later) or use TAP mode to get IPv6", (int) info[0],
> (int) info[1] );
> }
>
> /* tap driver 9.8 (2.2.0 and 2.2.1 release) is buggy
> @@ -5653,7 +5585,7 @@ close_tun (struct tuntap *tt)
>
> if (tt)
> {
> - if ( tt->ipv6 && tt->did_ifconfig_ipv6_setup )
> + if ( tt->did_ifconfig_ipv6_setup )
> {
> if (tt->options.msg_channel)
> {
> diff --git a/src/openvpn/tun.h b/src/openvpn/tun.h
> index 4e93a3f..88431fb 100644
> --- a/src/openvpn/tun.h
> +++ b/src/openvpn/tun.h
> @@ -139,8 +139,6 @@ struct tuntap
> bool did_ifconfig_ipv6_setup;
> bool did_ifconfig;
>
> - bool ipv6;
> -
> bool persistent_if; /* if existed before, keep on program end
> */
>
> struct tuntap_options options; /* options set on command line */
> --
> 2.8.4 (Apple Git-73)
>
>
> ------------------------------------------------------------
> ------------------
> _______________________________________________
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel
>
------------------------------------------------------------------------------
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
