[Openvpn-devel] [PATCH] do not push route-ipv6 entries that are also in the iroute-ipv6 list

Wed, 23 May 2018 12:32:19 -0700 

A server should push a route to a client only if there is no matching
iroute for the same client.

While this logic works fine for IPv4, there is no IPv6 counterpart.

Implement the same check for IPv6 routes and discard matching ones
from the push list.

Trac: #354
Cc: Gert Doering <[email protected]>
Signed-off-by: Antonio Quartulli <[email protected]>
---

Apparently this patch has been pending in Gert's endless TODO
list since a while. I thought it could be nice to help him to
get rid of some items :)

 src/openvpn/push.c | 25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/src/openvpn/push.c b/src/openvpn/push.c
index 6a30e479..9199e1f0 100644
--- a/src/openvpn/push.c
+++ b/src/openvpn/push.c
@@ -776,7 +776,7 @@ process_incoming_push_msg(struct context *c,
 void
 remove_iroutes_from_push_route_list(struct options *o)
 {
-    if (o && o->push_list.head && o->iroutes)
+    if (o && o->push_list.head && (o->iroutes || o->iroutes_ipv6))
     {
         struct gc_arena gc = gc_new();
         struct push_entry *e = o->push_list.head;
@@ -816,6 +816,29 @@ remove_iroutes_from_push_route_list(struct options *o)
                         }
                     }
                 }
+                else if (p[0] && !strcmp(p[0], "route-ipv6") && !p[2])
+                {
+                    /* get route parameters */
+                    struct in6_addr network;
+                    unsigned int netbits;
+
+                    /* parse route-ipv6 arguments */
+                    if (get_ipv6_addr(p[1], &network, &netbits, D_ROUTE_DEBUG))
+                    {
+                        struct iroute_ipv6 *ir;
+
+                        /* does this route-ipv6 match an iroute-ipv6? */
+                        for (ir = o->iroutes_ipv6; ir != NULL; ir = ir->next)
+                        {
+                            if (!memcmp(&network, &ir->network, 
sizeof(network))
+                                && netbits == ir->netbits)
+                            {
+                                enable = false;
+                                break;
+                            }
+                        }
+                    }
+                }
 
                 /* should we copy the push item? */
                 e->enable = enable;
-- 
2.17.0


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to