include ifconfig_ environment variables in --up-restart env set

here's my patch for bug #93: missing ifconfig_* env vars after up-restart. Tested with both IPv4, IPv6, topology subnet and topology net30 Document differences between --up-restart and --up in openvpn.8 See trac #93 and the discussion starting with <555BF270.3090706@nikhef.nl> on the openvpn-devel mailing list. fix trac #93 Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <555BF270.3090706@nikhef.nl> URL: http://article.gmane.org/gmane.network.openvpn.devel/9705 Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit db950be85d37eab40d8fffe0bc2060059f8a7e10)
author: Jan Just Keijser <janjust@nikhef.nl> 2015-05-20 04:33:20 +0200
committer: Gert Doering <gert@greenie.muc.de> 2015-05-23 13:39:36 +0200
commit: 30256bede8f7ef6c82f1c2ed0d9f6c2177002926 (patch)
tree: b2c26fd7c9d2185d22f8fb14e212e84d1ffbc05e
parent: f1fa7e35cf7c7a11c27031c7eb35c3e730a450b6 (diff)
download: openvpn-30256bede8f7ef6c82f1c2ed0d9f6c2177002926.tar.gz
openvpn-30256bede8f7ef6c82f1c2ed0d9f6c2177002926.tar.xz
openvpn-30256bede8f7ef6c82f1c2ed0d9f6c2177002926.zip
4 files changed, 56 insertions, 43 deletions
diff --git a/doc/openvpn.8 b/doc/openvpn.8
index b0689b9..f9e7a0b 100644
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -1809,6 +1809,12 @@ has been specified, the up script will be called with
 .I restart
 as the last parameter.
 
+NOTE: on restart, OpenVPN will not pass the full set of environment
+variables to the script.  Namely, everything related to routing and
+gateways will not be passed, as nothing needs to be done anyway - all
+the routing setup is already in place.  Additionally, the up\-restart
+script will run with the downgraded UID/GID settings (if configured).
+
 The following standalone example shows how the
 .B \-\-up
 script can be called in both an initialization and restart context.
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 2c3285d..ce0a865 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -1489,6 +1489,9 @@ do_open_tun (struct context *c)
       msg (M_INFO, "Preserving previous TUN/TAP instance: %s",
 	   c->c1.tuntap->actual_name);
 
+      /* explicitly set the ifconfig_* env vars */
+      do_ifconfig_setenv(c->c1.tuntap, c->c2.es);
+
       /* run the up script if user specified --up-restart */
       if (c->options.up_restart)
 	run_up_down (c->options.up_script,
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 9ca3ee2..088527e 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -396,6 +396,45 @@ is_tun_p2p (const struct tuntap *tt)
 }
 
 /*
+ * Set the ifconfig_* environment variables, both for IPv4 and IPv6
+ */
+void
+do_ifconfig_setenv (const struct tuntap *tt, struct env_set *es)
+{
+    struct gc_arena gc = gc_new ();
+    bool tun = is_tun_p2p (tt);
+    const char *ifconfig_local = print_in_addr_t (tt->local, 0, &gc);
+    const char *ifconfig_remote_netmask = print_in_addr_t (tt->remote_netmask, 0, &gc);
+
+    /*
+     * Set environmental variables with ifconfig parameters.
+     */
+    setenv_str (es, "ifconfig_local", ifconfig_local);
+    if (tun)
+    {
+	setenv_str (es, "ifconfig_remote", ifconfig_remote_netmask);
+    }
+    else
+    {
+	const char *ifconfig_broadcast = print_in_addr_t (tt->broadcast, 0, &gc);
+	setenv_str (es, "ifconfig_netmask", ifconfig_remote_netmask);
+	setenv_str (es, "ifconfig_broadcast", ifconfig_broadcast);
+    }
+
+    if (tt->did_ifconfig_ipv6_setup)
+    {
+	const char *ifconfig_ipv6_local = print_in6_addr (tt->local_ipv6, 0, &gc);
+	const char *ifconfig_ipv6_remote = print_in6_addr (tt->remote_ipv6, 0, &gc);
+
+	setenv_str (es, "ifconfig_ipv6_local", ifconfig_ipv6_local);
+	setenv_int (es, "ifconfig_ipv6_netbits", tt->netbits_ipv6);
+	setenv_str (es, "ifconfig_ipv6_remote", ifconfig_ipv6_remote);
+    }
+
+    gc_free (&gc);
+}
+
+/*
  * Init tun/tap object.
  *
  * Set up tuntap structure for ifconfig,
@@ -427,9 +466,6 @@ init_tun (const char *dev,       /* --dev option */
   if (ifconfig_local_parm && ifconfig_remote_netmask_parm)
     {
       bool tun = false;
-      const char *ifconfig_local = NULL;
-      const char *ifconfig_remote_netmask = NULL;
-      const char *ifconfig_broadcast = NULL;
 
       /*
        * We only handle TUN/TAP devices here, not --dev null devices.
@@ -491,44 +527,19 @@ init_tun (const char *dev,       /* --dev option */
 	}
 
       /*
-       * Set ifconfig parameters
-       */
-      ifconfig_local = print_in_addr_t (tt->local, 0, &gc);
-      ifconfig_remote_netmask = print_in_addr_t (tt->remote_netmask, 0, &gc);
-
-      /*
        * If TAP-style interface, generate broadcast address.
        */
       if (!tun)
 	{
 	  tt->broadcast = generate_ifconfig_broadcast_addr (tt->local, tt->remote_netmask);
-	  ifconfig_broadcast = print_in_addr_t (tt->broadcast, 0, &gc);
 	}
 
-      /*
-       * Set environmental variables with ifconfig parameters.
-       */
-      if (es)
-	{
-	  setenv_str (es, "ifconfig_local", ifconfig_local);
-	  if (tun)
-	    {
-	      setenv_str (es, "ifconfig_remote", ifconfig_remote_netmask);
-	    }
-	  else
-	    {
-	      setenv_str (es, "ifconfig_netmask", ifconfig_remote_netmask);
-	      setenv_str (es, "ifconfig_broadcast", ifconfig_broadcast);
-	    }
-	}
 
       tt->did_ifconfig_setup = true;
     }
 
   if (ifconfig_ipv6_local_parm && ifconfig_ipv6_remote_parm)
     {
-      const char *ifconfig_ipv6_local = NULL;
-      const char *ifconfig_ipv6_remote = NULL;
 
       /*
        * Convert arguments to binary IPv6 addresses.
@@ -541,24 +552,14 @@ init_tun (const char *dev,       /* --dev option */
 	}
       tt->netbits_ipv6 = ifconfig_ipv6_netbits_parm;
 
-      /*
-       * Set ifconfig parameters
-       */
-      ifconfig_ipv6_local = print_in6_addr (tt->local_ipv6, 0, &gc);
-      ifconfig_ipv6_remote = print_in6_addr (tt->remote_ipv6, 0, &gc);
-
-      /*
-       * Set environmental variables with ifconfig parameters.
-       */
-      if (es)
-	{
-	  setenv_str (es, "ifconfig_ipv6_local", ifconfig_ipv6_local);
-	  setenv_int (es, "ifconfig_ipv6_netbits", tt->netbits_ipv6);
-	  setenv_str (es, "ifconfig_ipv6_remote", ifconfig_ipv6_remote);
-	}
       tt->did_ifconfig_ipv6_setup = true;
     }
 
+  /*
+   * Set environmental variables with ifconfig parameters.
+   */
+  if (es) do_ifconfig_setenv(tt, es);
+
   gc_free (&gc);
   return tt;
 }
diff --git a/src/openvpn/tun.h b/src/openvpn/tun.h
index 1931c52..7089f7c 100644
--- a/src/openvpn/tun.h
+++ b/src/openvpn/tun.h
@@ -241,6 +241,9 @@ void init_tun_post (struct tuntap *tt,
 		    const struct frame *frame,
 		    const struct tuntap_options *options);
 
+void do_ifconfig_setenv (const struct tuntap *tt,
+		  struct env_set *es);
+
 void do_ifconfig (struct tuntap *tt,
 		  const char *actual,    /* actual device name */
 		  int tun_mtu,
author	Jan Just Keijser <janjust@nikhef.nl>	2015-05-20 04:33:20 +0200
committer	Gert Doering <gert@greenie.muc.de>	2015-05-23 13:39:36 +0200
commit	30256bede8f7ef6c82f1c2ed0d9f6c2177002926 (patch)
tree	b2c26fd7c9d2185d22f8fb14e212e84d1ffbc05e
parent	f1fa7e35cf7c7a11c27031c7eb35c3e730a450b6 (diff)
download	openvpn-30256bede8f7ef6c82f1c2ed0d9f6c2177002926.tar.gz openvpn-30256bede8f7ef6c82f1c2ed0d9f6c2177002926.tar.xz openvpn-30256bede8f7ef6c82f1c2ed0d9f6c2177002926.zip