openvpn.git/src/openvpn/multi.c, branch release/2.3 Copy of the official OpenVPN git repo Ensure that client-connect files are always deleted 2014-10-20T08:43:23+00:00 Samuel Thibault samuel.thibault@ens-lyon.org 2014-10-09T21:40:49+00:00 10cbaea91d7d377489142e3ffb524950807edb1d On a long-running, busy server using either a plug-in which hooks into OPENVPN_PLUGIN_CLIENT_CONNECT or a configuration using --client-connect a lot of unused files will be lingering and potentially filling up the file system with temporary files if the plug-in or --client-connect script fails. This patch ensures that these files are always removed in the end, regardless if the plug-in or script succeeds or fails. Signed-off-by: David Sommerseth <davids@redhat.com> Acked-by: David Sommerseth <davids@redhat.com> Message-Id: 20141012195919.GU3738@type URL: http://thread.gmane.org/gmane.network.openvpn.devel/9104/focus=9118 (cherry picked from commit 7da9d40243e0743e2d050ceb6ae34e467dd58973) 
On a long-running, busy server using either a plug-in which hooks into
OPENVPN_PLUGIN_CLIENT_CONNECT or a configuration using --client-connect
a lot of unused files will be lingering and potentially filling up
the file system with temporary files if the plug-in or --client-connect
script fails.

This patch ensures that these files are always removed in the end,
regardless if the plug-in or script succeeds or fails.

Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: David Sommerseth <davids@redhat.com>
Message-Id: 20141012195919.GU3738@type
URL: http://thread.gmane.org/gmane.network.openvpn.devel/9104/focus=9118
(cherry picked from commit 7da9d40243e0743e2d050ceb6ae34e467dd58973)
Drop incoming fe80:: packets silently now. 2014-06-08T10:57:31+00:00 Gert Doering gert@greenie.muc.de 2014-06-06T18:43:55+00:00 45f5a0a87870809ee453695ff0167b3754f0431e IPv6 has the concept of "link local" addresses, fe80::<host id>, which normally are present on every link, and are used for stuff like DHCPv6, neighbor discovery, etc. OpenVPN point-to-multipoint mode currently does neither configure them on tun interfaces, nor are they handled in a meaningful way if a client OS always has them (like Windows or Solaris) - so the log fills with many lines of "MULTI: bad source address from client [fe80::...]", serving no useful purpose. This patch just recognizes IPv6 LL packets and silently drops them. Further patches can build on this and add full link-local support, which would require address learning (as the addresse are based on host IDs, not assigned by the server). Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Steffan Karger <steffan.karger@fox-it.com> Message-Id: <1402080235-24409-1-git-send-email-gert@greenie.muc.de> URL: http://article.gmane.org/gmane.network.openvpn.devel/8773 (cherry picked from commit 70f1864188ad00451683cabf51e56b7730250c40) 
IPv6 has the concept of "link local" addresses, fe80::<host id>, which
normally are present on every link, and are used for stuff like DHCPv6,
neighbor discovery, etc.

OpenVPN point-to-multipoint mode currently does neither configure them on
tun interfaces, nor are they handled in a meaningful way if a client OS
always has them (like Windows or Solaris) - so the log fills with many
lines of "MULTI: bad source address from client [fe80::...]", serving
no useful purpose.

This patch just recognizes IPv6 LL packets and silently drops them.

Further patches can build on this and add full link-local support, which
would require address learning (as the addresse are based on host IDs, not
assigned by the server).

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1402080235-24409-1-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8773
(cherry picked from commit 70f1864188ad00451683cabf51e56b7730250c40)
Implement --mssfix handling for IPv6 packets. 2012-12-13T15:46:01+00:00 Gert Doering gert@greenie.muc.de 2012-12-02T21:11:12+00:00 729c8464021ff7c41a7fbb03501465eca55909a3 Rename process_ipv4_header() to process_ip_header() and PIPV4_MSSFIX flag to PIP_MSSFIX, to make visible that it's no longer IPv4-only. Inside process_ip_header(), call out to mss_fixup_ipv6() if --mssfix is active and IPv6 packet seen. Rename mss_fixup() to mss_fixup_ipv4(), implement mss_fixup_ipv6(). Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: 1354482672-16136-2-git-send-email-gert@greenie.muc.de URL: http://article.gmane.org/gmane.network.openvpn.devel/7173 Signed-off-by: David Sommerseth <davids@redhat.com> (cherry picked from commit f0e8997a874a89b3fe1f82109c443232e8967b01) 
Rename process_ipv4_header() to process_ip_header() and PIPV4_MSSFIX
flag to PIP_MSSFIX, to make visible that it's no longer IPv4-only.

Inside process_ip_header(), call out to mss_fixup_ipv6() if --mssfix
is active and IPv6 packet seen.

Rename mss_fixup() to mss_fixup_ipv4(), implement mss_fixup_ipv6().

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: 1354482672-16136-2-git-send-email-gert@greenie.muc.de
URL: http://article.gmane.org/gmane.network.openvpn.devel/7173
Signed-off-by: David Sommerseth <davids@redhat.com>
(cherry picked from commit f0e8997a874a89b3fe1f82109c443232e8967b01)
build: move wrappers into platform module 2012-03-23T23:14:14+00:00 Alon Bar-Lev alon.barlev@gmail.com 2012-02-29T20:12:19+00:00 14a131ac1cfc95e5ba2518ff887d04c034aecc53 + Some fixups within the platform.c functions. - need to check environment set on Windows. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com> 
+ Some fixups within the platform.c functions.
- need to check environment set on Windows.

Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
build: move out config.h include from syshead 2012-03-22T21:53:39+00:00 Alon Bar-Lev alon.barlev@gmail.com 2012-02-29T20:12:13+00:00 c110b289eced4a792fd7c7c29e651b22f602fd24 Yet another step in reducing the syshead.h content. Conditional compilation of sources needs to be based on a minimum program prefix (config.h only). Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com> 
Yet another step in reducing the syshead.h content.

Conditional compilation of sources needs to be based on
a minimum program prefix (config.h only).

Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
build: standard directory layout 2012-03-22T21:07:08+00:00 Alon Bar-Lev alon.barlev@gmail.com 2012-02-29T20:11:59+00:00 34cb9132ef2dae08f91a66015ea5437539a4b557 Suitable for mature project. root - administrative stuff doc - documents src - sources tests - tests distro - distro specific files sample - samples SIDE EFFECT: many changes to rpm spec. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Acked-by: Adriaan de Jong <dejong@fox-it.com> Signed-off-by: David Sommerseth <davids@redhat.com> 
Suitable for mature project.

root   - administrative stuff
doc    - documents
src    - sources
tests  - tests
distro - distro specific files
sample - samples

SIDE EFFECT: many changes to rpm spec.

Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Acked-by: Adriaan de Jong <dejong@fox-it.com>
Signed-off-by: David Sommerseth <davids@redhat.com>