rebased to 2.2RC2 (beta 2.2 branch)

removed mutex locking stuff (no more threading in 2.2) fixed rebase/merge artifacts in mroute.c add current ChangeLog.IPv6 and TODO.IPv6 to commit tag as ipv6-20110424-2 Signed-off-by: Gert Doering <gert@greenie.muc.de>
author: Gert Doering <gert@greenie.muc.de> 2011-04-24 17:15:56 +0200
committer: Gert Doering <gert@greenie.muc.de> 2011-04-24 17:22:46 +0200
commit: 15a436aac6b617b87bb234cdd7fedf1e603c470f (patch)
tree: 3f0611ad2a38d7b91879bb2e935364f87d942b94
parent: 37aa6ac67bd969544ee1c077df915a3bafa484da (diff)
download: openvpn-15a436aac6b617b87bb234cdd7fedf1e603c470f.tar.gz
openvpn-15a436aac6b617b87bb234cdd7fedf1e603c470f.tar.xz
openvpn-15a436aac6b617b87bb234cdd7fedf1e603c470f.zip
5 files changed, 95 insertions, 47 deletions
diff --git a/ChangeLog.IPv6 b/ChangeLog.IPv6
index 252450d..38f4446 100644
--- a/ChangeLog.IPv6
+++ b/ChangeLog.IPv6
@@ -348,3 +348,47 @@ Wed Sep 22 22:20:37 CEST 2010
   * TEST SUCCESS: Linux/iproute2: client-tun/net30+subnet, v4+v6
 
   * options.c: tag as 20100922-1 so "allmerged" users can see IPv6 change
+
+Fri Sep 24 17:57:41 CEST 2010
+
+  * TEST SUCCESS: Linux/<both>: client-tap, v4+v6, ping6 on connected addr
+
+  * TEST FAIL: Linux/<both>: client-tap, v6, route6 (gateway missing)
+
+Do 21. Okt 19:36:49 CEST 2010
+
+  * t_client.sh.in: cherrypick commit f25fe91a40aa3f and 6f1e61b41be52 
+    (proper exit codes to signal "SKIP" if we do not want to run)
+
+So 16. Jan 17:25:23 CET 2011
+
+  * tun.c, route.c: cherrypick 121755c2cb4891f and f0eac1a5979096c67
+    (TAP driver and "topology subnet" support for Solaris)
+
+  * tun.c: add IPv6 configuration for TAP interfaces (<device>:1 inet6)
+
+  * tun.c: on close_tun on Solaris, unplumb IPv6 TUN or TAP interfaces
+
+  * TEST SUCCESS: OpenSolaris: client-tun, v4+v6
+    TEST SUCCESS: OpenSolaris: client-tap, v4+v6, ping6 on connected addr
+    TEST FAIL: OpenSolaris: client-tap, v6, route6 (gateway missing)
+
+So 24. Apr 16:51:45 CEST 2011
+
+  * rebase to "beta2.2" branch (at 2.2RC2 tag)
+
+  * mroute.c: remove mroute_helper_lock/_unlock() calls for IPv6
+  * socket.c: remove locking with L_INET_NTOA mutex
+      (all the threading stuff got removed by David Sommerseth for 2.2)
+
+  * mroute.c: remove duplicate mroute_helper_add_iroute6() and
+              mroute_helper_del_iroute6() - "git rebase" artefact
+
+  * ChangeLog.IPv6 and TODO.IPv6: add to commit
+
+  * options.c: tag as 20110424-2 (2.2RC2)
+
+  * TEST SUCCESS: Linux/ifconfig: client-tun/net30+subnet, v4+v6
+
+  * TEST SUCCESS: Linux/iproute2: client-tun/net30+subnet, v4+v6
+
diff --git a/TODO.IPv6 b/TODO.IPv6
index c8953a0..092a1a3 100644
--- a/TODO.IPv6
+++ b/TODO.IPv6
@@ -1,7 +1,7 @@
 known issues for IPv6 payload support in OpenVPN
 -----------------------------------------------
 
-1.) "--topology subnet" doesn't work together with IPv6 payload
+1.) "--topology subnet" doesn't work together with IPv6 payload on FreeBSD
     (verified for FreeBSD server, Linux/ifconfig client, problems 
     with ICMP6 neighbor solicitations from BSD not being answered by Linux)
 
@@ -36,6 +36,11 @@ tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
     * semi-fixed for NetBSD, 28.2.10, always do tun0 destroy / tun0 create
       before actual ifconfig -- tunnel still lingers after OpenVPN quits
 
+4b.) verify this - on FreeBSD, tun0 is auto-destroyed if created by
+     opening /dev/tun (and lingers if created by "ifconfig tun0 create")
+
+     -> use for persistant tunnels on not-linux?
+
 5.) add new option "ifconfig-ipv6-push"
     (per-client static IPv6 assignment, -> radiusplugin, etc)
 
@@ -52,6 +57,13 @@ tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
 8.) full IPv6 support for TAP interfaces 
     (main issue should be routes+gateway - and testing :-) )
 
+    test 2010/09/24: TAP itself works on linux/ifconfig+iproute2, but 
+    route-via-tap doesn't work at all (route points to "tap0" which fails)
+
+17:51:14.075412 fe:ab:6e:c5:53:71 > 33:33:ff:00:00:01, ethertype IPv6 (0x86dd), length 86: 2001:608:4:a053::1:0 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has 2001:608:4:a001::1, length 32
+
+    how is iroute-via-tap supposed to work??
+
 9.) verify that iroute-ipv6 and route-ipv6 interact in the same way as
     documented for iroute/route:
 
@@ -98,3 +110,40 @@ tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
 	- revert ifconfig/open_tun order to "normal" (separate commit!!!)
 	  (openvpn-devel, Subject: OpenBSD)
 	- test
+
+17.) client-option (Elwood)
+	- ignore-v6-push-options yes/no
+	- ignore-v6-route-push  ("as for IPv4 routes")
+
+18.) fail-save?  "what if 'ip -6 addr add' fails" -> fail, or fallback to v4?
+	(-> recomment setting "ignore-v6-push-options yes")
+
+19.) safety check: if connecting over IPv6 (v6 transport) and the pushed
+     route-ipv6 network encompasses the server IPv6 address, make sure 
+     we at least log a warning (until we can fiddle with external routing
+     to make this work correctly).
+
+20.) show "route add" / "route delete" commands for IPv6 in log file
+     (we show the "ifconfig" commands, so why not the routes?)
+
+     2010-08-07: this is a null-feature - it's already there, but with
+                 different debug level (M_INFO vs. D_ROUTE) so user 
+                 didn't notice
+
+21.) enable ipv6-only server operations
+      - decouple ipv6 pool handling from ipv4 pool
+      - make sure Rest of OpenVPN doesn't assume "there will always be IPv4"
+
+22.) implement --learn-address for IPv6
+
+23.) FreeBSD 8 seems to require explicit setting of the "ifconfig" IPv6
+     route, while FreeBSD 6+7 don't --> more testing, and code fix
+
+     workaround for the time being: just add
+
+	server-ipv6 2001:608:4:a051::/64
+	route-ipv6 2001:608:4:a051::/64
+
+    to the config
+
+    (problem + workaround applies both to tun and tap style devices)
diff --git a/mroute.c b/mroute.c
index 5ef07b2..3182f65 100644
--- a/mroute.c
+++ b/mroute.c
@@ -499,12 +499,10 @@ mroute_helper_add_iroute6 (struct mroute_helper *mh,
   if (ir6->netbits >= 0)
     {
       ASSERT (ir6->netbits < MR_HELPER_NET_LEN);
-      mroute_helper_lock (mh);
       ++mh->cache_generation;
       ++mh->net_len_refcount[ir6->netbits];
       if (mh->net_len_refcount[ir6->netbits] == 1)
 	mroute_helper_regenerate (mh);
-      mroute_helper_unlock (mh);
     }
 }
 
@@ -515,51 +513,11 @@ mroute_helper_del_iroute6 (struct mroute_helper *mh,
   if (ir6->netbits >= 0)
     {
       ASSERT (ir6->netbits < MR_HELPER_NET_LEN);
-      mroute_helper_lock (mh);
       ++mh->cache_generation;
       --mh->net_len_refcount[ir6->netbits];
       ASSERT (mh->net_len_refcount[ir6->netbits] >= 0);
       if (!mh->net_len_refcount[ir6->netbits])
 	mroute_helper_regenerate (mh);
-      mroute_helper_unlock (mh);
-    }
-}
-
-/* this is a bit inelegant, we really should have a helper to that 
- * is only passed the netbits value, and not the whole struct iroute *
- * - thus one helper could do IPv4 and IPv6.  For the sake of "not change
- * code unrelated to IPv4" this is left for later cleanup, for now.
- */
-void
-mroute_helper_add_iroute6 (struct mroute_helper *mh, 
-                           const struct iroute_ipv6 *ir6)
-{
-  if (ir6->netbits >= 0)
-    {
-      ASSERT (ir6->netbits < MR_HELPER_NET_LEN);
-      mroute_helper_lock (mh);
-      ++mh->cache_generation;
-      ++mh->net_len_refcount[ir6->netbits];
-      if (mh->net_len_refcount[ir6->netbits] == 1)
-	mroute_helper_regenerate (mh);
-      mroute_helper_unlock (mh);
-    }
-}
-
-void
-mroute_helper_del_iroute6 (struct mroute_helper *mh, 
-			   const struct iroute_ipv6 *ir6)
-{
-  if (ir6->netbits >= 0)
-    {
-      ASSERT (ir6->netbits < MR_HELPER_NET_LEN);
-      mroute_helper_lock (mh);
-      ++mh->cache_generation;
-      --mh->net_len_refcount[ir6->netbits];
-      ASSERT (mh->net_len_refcount[ir6->netbits] >= 0);
-      if (!mh->net_len_refcount[ir6->netbits])
-	mroute_helper_regenerate (mh);
-      mroute_helper_unlock (mh);
     }
 }
 
diff --git a/options.c b/options.c
index 7cecf79..6f98d14 100644
--- a/options.c
+++ b/options.c
@@ -80,7 +80,7 @@ const char title_string[] =
 #ifdef ENABLE_EUREPHIA
   " [eurephia]"
 #endif
-  " [IPv6 payload 20100922-1]"
+  " [IPv6 payload 20110424-2 (2.2RC2)]"
   " built on " __DATE__
 ;
 
diff --git a/socket.c b/socket.c
index 5d7a8c5..3520aca 100644
--- a/socket.c
+++ b/socket.c
@@ -2053,7 +2053,6 @@ print_in_addr_t (in_addr_t addr, unsigned int flags, struct gc_arena *gc)
 /*
  * Convert an in6_addr in host byte order
  * to an ascii representation of an IPv6 address
- * (we reuse the L_INET_NTOA mutex, no contention here)
  */
 const char *
 print_in6_addr (struct in6_addr a6, unsigned int flags, struct gc_arena *gc)
@@ -2064,10 +2063,8 @@ print_in6_addr (struct in6_addr a6, unsigned int flags, struct gc_arena *gc)
   if ( memcmp(&a6, &in6addr_any, sizeof(a6)) != 0 || 
        !(flags & IA_EMPTY_IF_UNDEF))
     {
-      mutex_lock_static (L_INET_NTOA);
       inet_ntop (AF_INET6, &a6, tmp_out_buf, sizeof(tmp_out_buf)-1);
       buf_printf (&out, "%s", tmp_out_buf );
-      mutex_unlock_static (L_INET_NTOA);
     }
   return BSTR (&out);
 }
author	Gert Doering <gert@greenie.muc.de>	2011-04-24 17:15:56 +0200
committer	Gert Doering <gert@greenie.muc.de>	2011-04-24 17:22:46 +0200
commit	15a436aac6b617b87bb234cdd7fedf1e603c470f (patch)
tree	3f0611ad2a38d7b91879bb2e935364f87d942b94
parent	37aa6ac67bd969544ee1c077df915a3bafa484da (diff)
download	openvpn-15a436aac6b617b87bb234cdd7fedf1e603c470f.tar.gz openvpn-15a436aac6b617b87bb234cdd7fedf1e603c470f.tar.xz openvpn-15a436aac6b617b87bb234cdd7fedf1e603c470f.zip