mirrors/openvpn
0
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2024-11-23 17:53:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

Platform cleanup for FreeBSD

Browse Source 
- cleanup TUN/TAP devices at program end ("ifconfig ... destroy")
- make TUN device setup for "topology subnet" work together with IPv6
  (setup correct netmask and route, but do not use IFF_BROADCAST)

There's one catch for FreeBSD 8.2 if you use pf(4): it will block IPv6
fragments by default, so the standard t_client.sh test sets fail unless
you specifically add "pass in on tun1 fragment" rules - but there's
nothing OpenVPN can do about it.

Tested with IPv4 and IPv6 on 7.4-RELEASE/amd64 and 8.2-RELEASE/amd64

Signed-off-by: Gert Doering <gert@greenie.muc.de>
URL: http://thread.gmane.org/gmane.network.openvpn.devel/5303
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
This commit is contained in:
Gert Doering 2012-01-22 23:21:22 +02:00 committed by David Sommerseth
parent 9c6ee9d1ec
commit 62c613d46d
1 changed files with 34 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
tun.c
View File

@ -1098,6 +1098,18 @@ do_ifconfig (struct tuntap *tt,
ifconfig_remote_netmask, ifconfig_remote_netmask,
tun_mtu tun_mtu
); );
else if ( tt->topology == TOP_SUBNET )
{
argv_printf (&argv,
"%s %s %s %s mtu %d netmask %s up",
IFCONFIG_PATH,
actual,
ifconfig_local,
ifconfig_local,
tun_mtu,
ifconfig_remote_netmask
);
}
else else
argv_printf (&argv, argv_printf (&argv,
"%s %s %s netmask %s mtu %d up", "%s %s %s netmask %s mtu %d up",
@ -2246,10 +2258,8 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, struct tu
if (tt->fd >= 0 && tt->type == DEV_TYPE_TUN) if (tt->fd >= 0 && tt->type == DEV_TYPE_TUN)
{ {
int i = 0; int i = IFF_POINTOPOINT | IFF_MULTICAST;
i = tt->topology == TOP_SUBNET ? IFF_BROADCAST : IFF_POINTOPOINT;
i |= IFF_MULTICAST;
if (ioctl (tt->fd, TUNSIFMODE, &i) < 0) { if (ioctl (tt->fd, TUNSIFMODE, &i) < 0) {
msg (M_WARN | M_ERRNO, "ioctl(TUNSIFMODE): %s", strerror(errno)); msg (M_WARN | M_ERRNO, "ioctl(TUNSIFMODE): %s", strerror(errno));
} }
@ -2260,12 +2270,33 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, struct tu
} }
} }
/* tun(4): "These network interfaces persist until the if_tun.ko module is
* unloaded, or until removed with the ifconfig(8) command."
* (verified for FreeBSD 6.3, 7.4, 8.2 and 9, same for tap(4))
*
* so, to avoid lingering tun/tap interfaces after OpenVPN quits,
* we need to call "ifconfig ... destroy" for cleanup
*/
void void
close_tun (struct tuntap *tt) close_tun (struct tuntap *tt)
{ {
if (tt) if (tt)
{ {
struct gc_arena gc = gc_new ();
struct argv argv;
/* setup command, close tun dev (clears tt->actual_name!), run command
*/
argv_init (&argv);
argv_printf (&argv, "%s %s destroy",
IFCONFIG_PATH, tt->actual_name);
close_tun_generic (tt); close_tun_generic (tt);
argv_msg (M_INFO, &argv);
openvpn_execve_check (&argv, NULL, 0, "FreeBSD 'destroy tun interface' failed (non-critical)");
free (tt); free (tt);
} }
} }