[Openvpn-devel] [PATCH] Improve ifconfig_sanity_check()

Thu, 08 Dec 2016 18:54:55 -0800 

- Instead of checking the complete in_addr_t (which lacked proper htonl()),
  just do a simple peek at the last byte which contains the first octet
  of an IP address or subnet mask.

- Improve error messages to also report errornous IP address usage when
  being in TOP_SUBNET

- Improve the TAP check too, providing the IP address used instead of the
  subnet mask

Signed-off-by: David Sommerseth <dav...@openvpn.net>
---
 src/openvpn/tun.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 8df3489..07748b1 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -304,18 +304,28 @@ void
 ifconfig_sanity_check (bool tun, in_addr_t addr, int topology)
 {
   struct gc_arena gc = gc_new ();
-  const bool looks_like_netmask = ((addr & 0xFF000000) == 0xFF000000);
+  const bool looks_like_netmask = (((unsigned char *)&addr)[3] == 0xff);
+
   if (tun)
     {
       if (looks_like_netmask && (topology == TOP_NET30 || topology == TOP_P2P))
-       msg (M_WARN, "WARNING: Since you are using --dev tun with a 
point-to-point topology, the second argument to --ifconfig must be an IP 
address.  You are using something (%s) that looks more like a netmask. %s",
+        {
+          msg (M_WARN, "WARNING: Since you are using --dev tun with a 
point-to-point topology, the second argument to --ifconfig must be an IP 
address.  You are using something (%s) that looks more like a netmask. %s",
+               print_in_addr_t (addr, 0, &gc),
+               ifconfig_warn_how_to_silence);
+        }
+      else if (!looks_like_netmask && topology == TOP_SUBNET)
+        {
+          msg (M_WARN, "WARNING: Since you are using --dev tun with subnet 
topology, the second argument to --ifconfig must be a netmask, for example 
something like 255.255.255.0.  You are using something (%s) that looks more 
like an IP address. %s",
             print_in_addr_t (addr, 0, &gc),
             ifconfig_warn_how_to_silence);
+        }
     }
   else /* tap */
     {
       if (!looks_like_netmask)
-       msg (M_WARN, "WARNING: Since you are using --dev tap, the second 
argument to --ifconfig must be a netmask, for example something like 
255.255.255.0. %s",
+       msg (M_WARN, "WARNING: Since you are using --dev tap, the second 
argument to --ifconfig must be a netmask, for example something like 
255.255.255.0. You are using something (%s) that looks more like an IP address. 
%s",
+             print_in_addr_t (addr, 0, &gc),
             ifconfig_warn_how_to_silence);
     }
   gc_free (&gc);
-- 
1.8.3.1


------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to