Platform cleanup for FreeBSD

- cleanup TUN/TAP devices at program end ("ifconfig ... destroy") - make TUN device setup for "topology subnet" work together with IPv6 (setup correct netmask and route, but do not use IFF_BROADCAST) There's one catch for FreeBSD 8.2 if you use pf(4): it will block IPv6 fragments by default, so the standard t_client.sh test sets fail unless you specifically add "pass in on tun1 fragment" rules - but there's nothing OpenVPN can do about it. Tested with IPv4 and IPv6 on 7.4-RELEASE/amd64 and 8.2-RELEASE/amd64 Signed-off-by: Gert Doering <gert@greenie.muc.de> URL: http://thread.gmane.org/gmane.network.openvpn.devel/5303 Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
2024-11-23 17:53:49 +08:00 · 2012-01-22 23:21:22 +02:00 · 2012-01-22 23:21:22 +02:00 · 62c613d46d
commit 62c613d46d
parent 9c6ee9d1ec
1 changed files with 34 additions and 3 deletions
--- a/tun.c
+++ b/tun.c
@ -1098,6 +1098,18 @@ do_ifconfig (struct tuntap *tt,
 			  ifconfig_remote_netmask,
 			  tun_mtu
 			  );
+      else if ( tt->topology == TOP_SUBNET )
+	{
+	    argv_printf (&argv,
+			  "%s %s %s %s mtu %d netmask %s up",
+			  IFCONFIG_PATH,
+			  actual,
+			  ifconfig_local,
+			  ifconfig_local,
+			  tun_mtu,
+			  ifconfig_remote_netmask
+			  );
+	}
      else
 	argv_printf (&argv,
 		      "%s %s %s netmask %s mtu %d up",
@ -2246,10 +2258,8 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, struct tu

  if (tt->fd >= 0 && tt->type == DEV_TYPE_TUN)
    {
-      int i = 0;
+      int i = IFF_POINTOPOINT | IFF_MULTICAST;

-      i = tt->topology == TOP_SUBNET ? IFF_BROADCAST : IFF_POINTOPOINT;
-      i |= IFF_MULTICAST;
      if (ioctl (tt->fd, TUNSIFMODE, &i) < 0) {
 	msg (M_WARN | M_ERRNO, "ioctl(TUNSIFMODE): %s", strerror(errno));
      }
@ -2260,12 +2270,33 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, struct tu
    }
 }

+/* tun(4): "These network interfaces persist until the if_tun.ko module is
+ *          unloaded, or until removed with the ifconfig(8) command."
+ *          (verified for FreeBSD 6.3, 7.4, 8.2 and 9, same for tap(4))
+ *
+ * so, to avoid lingering tun/tap interfaces after OpenVPN quits,
+ * we need to call "ifconfig ... destroy" for cleanup
+ */
 void
 close_tun (struct tuntap *tt)
 {
  if (tt)
    {
+      struct gc_arena gc = gc_new ();
+      struct argv argv;
+
+      /* setup command, close tun dev (clears tt->actual_name!), run command
+       */
+
+      argv_init (&argv);
+      argv_printf (&argv, "%s %s destroy",
+                          IFCONFIG_PATH, tt->actual_name);
+
      close_tun_generic (tt);
+
+      argv_msg (M_INFO, &argv);
+      openvpn_execve_check (&argv, NULL, 0, "FreeBSD 'destroy tun interface' failed (non-critical)");
+
      free (tt);
    }
 }