mirror of
https://gitlab.com/openconnect/ocserv.git
synced 2026-02-10 00:37:00 +08:00
Fix tun device usage on *BSD.
SIOCSIFADDR is deprecated on *BSD. Instead, use SIOCAIFADDR to add an alias. Also destroy the tun device with SIOCIFDESTROY when the client disconnects.
This commit is contained in:
Brian Chu
committed by
Nikos Mavrogiannopoulos
Nikos Mavrogiannopoulos
parent
264114e799
commit
de0388a3f7
@@ -201,6 +201,8 @@ void remove_proc(main_server_st * s, struct proc_st *proc, unsigned k)
|
||||
proc->cookie_ptr->proc = NULL;
|
||||
}
|
||||
|
||||
close_tun(s, proc);
|
||||
|
||||
talloc_free(proc);
|
||||
}
|
||||
|
||||
|
||||
@@ -30,6 +30,11 @@
|
||||
#include "ipc.pb-c.h"
|
||||
#include <common.h>
|
||||
|
||||
#ifdef __FreeBSD__
|
||||
# include <limits.h>
|
||||
# define SOL_IP IPPROTO_IP
|
||||
#endif
|
||||
|
||||
#define COOKIE_KEY_SIZE 16
|
||||
|
||||
int cmd_parser (void *pool, int argc, char **argv, struct cfg_st** config);
|
||||
@@ -238,6 +243,7 @@ void mslog_hex(const main_server_st * s, const struct proc_st* proc,
|
||||
int priority, const char *prefix, uint8_t* bin, unsigned bin_size, unsigned b64);
|
||||
|
||||
int open_tun(main_server_st* s, struct proc_st* proc);
|
||||
int close_tun(main_server_st* s, struct proc_st* proc);
|
||||
int set_tun_mtu(main_server_st* s, struct proc_st * proc, unsigned mtu);
|
||||
|
||||
int send_cookie_auth_reply(main_server_st* s, struct proc_st* proc,
|
||||
|
||||
70
src/tun.c
70
src/tun.c
@@ -45,6 +45,12 @@
|
||||
#include <main.h>
|
||||
#include <ccan/list/list.h>
|
||||
|
||||
#ifdef __FreeBSD__
|
||||
# include <net/if_tun.h>
|
||||
# include <net/if_var.h>
|
||||
# include <netinet/in_var.h>
|
||||
#endif
|
||||
|
||||
#ifdef __linux__
|
||||
|
||||
#include <linux/types.h>
|
||||
@@ -123,7 +129,7 @@ int set_ipv6_addr(main_server_st * s, struct proc_st *proc)
|
||||
}
|
||||
#elif defined(SIOCSIFPHYADDR_IN6)
|
||||
|
||||
#warn "IPv6 support on this platform is untested"
|
||||
#warning "IPv6 support on this platform is untested"
|
||||
|
||||
/* untested code for FreeBSD */
|
||||
static
|
||||
@@ -180,7 +186,7 @@ int set_ipv6_addr(main_server_st * s, struct proc_st *proc)
|
||||
return ret;
|
||||
}
|
||||
#else
|
||||
#warn "No IPv6 support on this platform"
|
||||
#warning "No IPv6 support on this platform"
|
||||
static int set_ipv6_addr(main_server_st * s, struct proc_st *proc)
|
||||
{
|
||||
return -1;
|
||||
@@ -191,7 +197,11 @@ static int set_ipv6_addr(main_server_st * s, struct proc_st *proc)
|
||||
static int set_network_info(main_server_st * s, struct proc_st *proc)
|
||||
{
|
||||
int fd = -1, ret, e;
|
||||
#ifdef SIOCAIFADDR
|
||||
struct in_aliasreq ifr;
|
||||
#else
|
||||
struct ifreq ifr;
|
||||
#endif
|
||||
|
||||
if (proc->ipv4 && proc->ipv4->lip_len > 0 && proc->ipv4->rip_len > 0) {
|
||||
memset(&ifr, 0, sizeof(ifr));
|
||||
@@ -200,6 +210,33 @@ static int set_network_info(main_server_st * s, struct proc_st *proc)
|
||||
if (fd == -1)
|
||||
return -1;
|
||||
|
||||
#ifdef SIOCAIFADDR
|
||||
snprintf(ifr.ifra_name, IFNAMSIZ, "%s", proc->tun_lease.name);
|
||||
|
||||
/* remove old addresses */
|
||||
while (ioctl(fd, SIOCDIFADDR, &ifr) == 0);
|
||||
|
||||
memcpy(&ifr.ifra_addr, &proc->ipv4->lip, proc->ipv4->lip_len);
|
||||
ifr.ifra_addr.sin_len = sizeof(struct sockaddr_in);
|
||||
ifr.ifra_addr.sin_family = AF_INET;
|
||||
|
||||
memcpy(&ifr.ifra_dstaddr, &proc->ipv4->rip, proc->ipv4->rip_len);
|
||||
ifr.ifra_dstaddr.sin_len = sizeof(struct sockaddr_in);
|
||||
ifr.ifra_dstaddr.sin_family = AF_INET;
|
||||
|
||||
ifr.ifra_mask.sin_len = sizeof(struct sockaddr_in);
|
||||
ifr.ifra_mask.sin_family = AF_INET;
|
||||
ifr.ifra_mask.sin_addr.s_addr = 0xffffffff;
|
||||
|
||||
ret = ioctl(fd, SIOCAIFADDR, &ifr);
|
||||
if (ret != 0) {
|
||||
e = errno;
|
||||
mslog(s, NULL, LOG_ERR, "%s: Error setting IPv4: %s\n",
|
||||
proc->tun_lease.name, strerror(e));
|
||||
ret = -1;
|
||||
goto cleanup;
|
||||
}
|
||||
#else
|
||||
snprintf(ifr.ifr_name, IFNAMSIZ, "%s", proc->tun_lease.name);
|
||||
memcpy(&ifr.ifr_addr, &proc->ipv4->lip, proc->ipv4->lip_len);
|
||||
ifr.ifr_addr.sa_family = AF_INET;
|
||||
@@ -243,6 +280,7 @@ static int set_network_info(main_server_st * s, struct proc_st *proc)
|
||||
ret = -1;
|
||||
goto cleanup;
|
||||
}
|
||||
#endif
|
||||
|
||||
close(fd);
|
||||
fd = -1;
|
||||
@@ -385,3 +423,31 @@ int open_tun(main_server_st * s, struct proc_st *proc)
|
||||
close(tunfd);
|
||||
return -1;
|
||||
}
|
||||
|
||||
int close_tun(main_server_st * s, struct proc_st *proc)
|
||||
{
|
||||
int fd = -1, ret = 0, e;
|
||||
struct ifreq ifr;
|
||||
|
||||
#ifdef SIOCIFDESTROY
|
||||
if (proc->tun_lease.name[0] != 0) {
|
||||
fd = socket(AF_INET, SOCK_DGRAM, 0);
|
||||
if (fd == -1)
|
||||
return -1;
|
||||
|
||||
memset(&ifr, 0, sizeof(struct ifreq));
|
||||
snprintf(ifr.ifr_name, IFNAMSIZ, "%s", proc->tun_lease.name);
|
||||
|
||||
ret = ioctl(fd, SIOCIFDESTROY, &ifr);
|
||||
if (ret != 0) {
|
||||
e = errno;
|
||||
mslog(s, NULL, LOG_ERR, "%s: Error destroying interface: %s\n",
|
||||
proc->tun_lease.name, strerror(e));
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
if (fd != -1)
|
||||
close(fd);
|
||||
return ret;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user