]> git.ipfire.org Git - thirdparty/openvpn.git/commitdiff
extend management interface command "state"
authorHeiko Hund <heiko.hund@sophos.com>
Wed, 25 Nov 2015 12:57:00 +0000 (13:57 +0100)
committerGert Doering <gert@greenie.muc.de>
Sat, 28 Nov 2015 13:24:23 +0000 (14:24 +0100)
Currently the state command shows only the tun/tap IPv4 address. The
IPv4 address of the remote peer is also displayed. In case you connect
via IPv6 it just shows the first 4 bytes of the address in IPv4 notation.

This patch extends the state command, so it handles IPv6 addresses.
In addition it also displays the local address and the both port numbers
of the connection, e.g.

1447250958,CONNECTED,SUCCESS,10.0.0.2,fd00::1,1193,fd00::2,6492,fdff::1002

Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1448456220-2042-1-git-send-email-heiko.hund@sophos.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/10603
Signed-off-by: Gert Doering <gert@greenie.muc.de>
doc/management-notes.txt
src/openvpn/forward.c
src/openvpn/init.c
src/openvpn/manage.c
src/openvpn/manage.h
src/openvpn/route.c
src/openvpn/sig.c
src/openvpn/socket.c
src/openvpn/socket.h
src/openvpn/ssl.c
src/openvpn/tun.c

index 0265d5579d32c881db1bd6ad26d847e91bcaaf67..f68f3db98a80a2feb0045c4f194940d6e8d5f151 100644 (file)
@@ -366,14 +366,23 @@ Command examples:
                   same time enable real-time state notification
                  of future state transitions.
 
-The output format consists of 4 comma-separated parameters: 
+The output format consists of up to 9 comma-separated parameters:
   (a) the integer unix date/time,
   (b) the state name,
   (c) optional descriptive string (used mostly on RECONNECTING
       and EXITING to show the reason for the disconnect),
-  (d) optional TUN/TAP local IP address (shown for ASSIGN_IP
-      and CONNECTED), and
-  (e) optional address of remote server (OpenVPN 2.1 or higher).
+  (d) optional TUN/TAP local IPv4 address
+  (e) optional address of remote server,
+  (f) optional port of remote server,
+  (g) optional local address,
+  (h) optional local port, and
+  (i) optional TUN/TAP local IPv6 address.
+
+Fields (e)-(h) are shown for CONNECTED state,
+(d) and (i) are shown for ASSIGN_IP and CONNECTED states.
+
+(e) is available starting from OpenVPN 2.1
+(f)-(i) are available starting from OpenVPN 2.4
 
 Real-time state notifications will have a ">STATE:" prefix
 prepended to them.
index cef063d9c300f2ce568d0cd8d12833853c402fee..36a99e6f7df37c9ec3d658cb1db285766a8f1468 100644 (file)
@@ -208,8 +208,10 @@ check_connection_established_dowork (struct context *c)
                  management_set_state (management,
                                        OPENVPN_STATE_GET_CONFIG,
                                        NULL,
-                                       0,
-                                       0);
+                                        NULL,
+                                        NULL,
+                                        NULL,
+                                        NULL);
                }
 #endif
              /* fire up push request right away (already 1s delayed) */
index c5c0ab6dd9ed1b24d8a8d8ec7f23bb5af5e8ff1c..5c1708796829813bce4f014fb81349f723ec5bcb 100644 (file)
@@ -44,6 +44,7 @@
 #include "ping.h"
 #include "mstats.h"
 #include "ssl_verify.h"
+#include "forward-inline.h"
 
 #include "memdbg.h"
 
@@ -1273,26 +1274,48 @@ initialization_sequence_completed (struct context *c, const unsigned int flags)
   /* Tell management interface that we initialized */
   if (management)
     {
-      in_addr_t tun_local = 0;
-      in_addr_t tun_remote = 0; /* FKS */
+      in_addr_t *tun_local = NULL;
+      struct in6_addr *tun_local6 = NULL;
+      struct openvpn_sockaddr local, remote;
+      struct link_socket_actual *actual;
+      socklen_t sa_len = sizeof(local);
       const char *detail = "SUCCESS";
-      if (c->c1.tuntap)
-       tun_local = c->c1.tuntap->local;
-      /* TODO(jjo): for ipv6 this will convert some 32bits in the ipv6 addr
-       *            to a meaningless ipv4 address.
-       *            In any case, is somewhat inconsistent to send local tunnel
-       *            addr with remote _endpoint_ addr (?)
-       */
-      tun_remote = htonl (c->c1.link_socket_addr.actual.dest.addr.in4.sin_addr.s_addr);
       if (flags & ISC_ERRORS)
-       detail = "ERROR";
+        detail = "ERROR";
+
+      CLEAR (local);
+      actual = &get_link_socket_info(c)->lsa->actual;
+      remote = actual->dest;
+      getsockname(c->c2.link_socket->sd, &local.addr.sa, &sa_len);
+#if ENABLE_IP_PKTINFO
+      if (!addr_defined(&local))
+        {
+          switch (local.addr.sa.sa_family)
+            {
+            case AF_INET:
+              local.addr.in4.sin_addr = actual->pi.in4.ipi_spec_dst;
+              break;
+            case AF_INET6:
+              local.addr.in6.sin6_addr = actual->pi.in6.ipi6_addr;
+              break;
+            }
+        }
+#endif
+
+      if (c->c1.tuntap)
+        {
+          tun_local = &c->c1.tuntap->local;
+          tun_local6 = &c->c1.tuntap->local_ipv6;
+        }
       management_set_state (management,
                            OPENVPN_STATE_CONNECTED,
                            detail,
                            tun_local,
-                           tun_remote);
+                            tun_local6,
+                            &local,
+                            &remote);
       if (tun_local)
-       management_post_tunnel_open (management, tun_local);
+       management_post_tunnel_open (management, *tun_local);
     }
 #endif
 }
@@ -3288,8 +3311,10 @@ open_management (struct context *c)
              management_set_state (management,
                                    OPENVPN_STATE_CONNECTING,
                                    NULL,
-                                   (in_addr_t)0,
-                                   (in_addr_t)0);
+                                    NULL,
+                                    NULL,
+                                    NULL,
+                                    NULL);
            }
 
          /* initial management hold, called early, before first context initialization */
index 97d6f0fa240954fa3935a607223ba49f287e4846..dcb1bc18757334455709d8f1ab627dfdf3edbbae 100644 (file)
@@ -2422,8 +2422,10 @@ void
 management_set_state (struct management *man,
                      const int state,
                      const char *detail,
-                     const in_addr_t tun_local_ip,
-                     const in_addr_t tun_remote_ip)
+                      const in_addr_t *tun_local_ip,
+                      const struct in6_addr *tun_local_ip6,
+                      const struct openvpn_sockaddr *local,
+                      const struct openvpn_sockaddr *remote)
 {
   if (man->persist.state && (!(man->settings.flags & MF_SERVER) || state < OPENVPN_STATE_CLIENT_BASE))
     {
@@ -2436,9 +2438,15 @@ management_set_state (struct management *man,
       e.timestamp = now;
       e.u.state = state;
       e.string = detail;
-      e.local_ip = tun_local_ip;
-      e.remote_ip = tun_remote_ip;
-      
+      if (tun_local_ip)
+        e.local_ip = *tun_local_ip;
+      if (tun_local_ip6)
+        e.local_ip6 = *tun_local_ip6;
+      if (local)
+        e.local_sock = *local;
+      if (remote)
+        e.remote_sock = *remote;
+
       log_history_add (man->persist.state, &e);
 
       if (man->connection.state_realtime)
@@ -3460,7 +3468,14 @@ log_entry_print (const struct log_entry *e, unsigned int flags, struct gc_arena
   if (flags & LOG_PRINT_LOCAL_IP)
     buf_printf (&out, ",%s", print_in_addr_t (e->local_ip, IA_EMPTY_IF_UNDEF, gc));
   if (flags & LOG_PRINT_REMOTE_IP)
-    buf_printf (&out, ",%s", print_in_addr_t (e->remote_ip, IA_EMPTY_IF_UNDEF, gc));
+    {
+      buf_printf (&out, ",%s", (!addr_defined (&e->remote_sock) ? "," :
+        print_sockaddr_ex (&e->remote_sock.addr.sa, ",", PS_DONT_SHOW_FAMILY|PS_SHOW_PORT, gc)));
+      buf_printf (&out, ",%s", (!addr_defined (&e->local_sock) ? "," :
+        print_sockaddr_ex (&e->local_sock.addr.sa, ",", PS_DONT_SHOW_FAMILY|PS_SHOW_PORT, gc)));
+    }
+  if (flags & LOG_PRINT_LOCAL_IP && !IN6_IS_ADDR_UNSPECIFIED(&e->local_ip6))
+    buf_printf (&out, ",%s", print_in6_addr (e->local_ip6, IA_EMPTY_IF_UNDEF, gc));
   if (flags & LOG_ECHO_TO_LOG)
     msg (D_MANAGEMENT, "MANAGEMENT: %s", BSTR (&out));
   if (flags & LOG_PRINT_CRLF)
index a97e8a2345867b87b22208d59cdc6099545a9405..988600f5e290ef006f3e2a302e9db9c60808cad4 100644 (file)
@@ -88,7 +88,9 @@ struct log_entry
   time_t timestamp;
   const char *string;
   in_addr_t local_ip;
-  in_addr_t remote_ip;
+  struct in6_addr local_ip6;
+  struct openvpn_sockaddr local_sock;
+  struct openvpn_sockaddr remote_sock;
   union log_entry_union u;
 };
 
@@ -496,8 +498,10 @@ management_enable_def_auth (const struct management *man)
 void management_set_state (struct management *man,
                           const int state,
                           const char *detail,
-                          const in_addr_t tun_local_ip,
-                          const in_addr_t tun_remote_ip);
+                           const in_addr_t *tun_local_ip,
+                           const struct in6_addr *tun_local_ip6,
+                           const struct openvpn_sockaddr *local_addr,
+                           const struct openvpn_sockaddr *remote_addr);
 
 /*
  * The management object keeps track of OpenVPN --echo
index d06018730ff2d3e3efdbd49c988f53b529b2743b..4a60345d451931c220429714f98ded0f660ee9eb 100644 (file)
@@ -1093,8 +1093,10 @@ add_routes (struct route_list *rl, struct route_ipv6_list *rl6, const struct tun
          management_set_state (management,
                                OPENVPN_STATE_ADD_ROUTES,
                                NULL,
-                               0,
-                               0);
+                                NULL,
+                                NULL,
+                                NULL,
+                                NULL);
        }
 #endif
 
index a3d29de0d52aa75d4411270859a33c2b2dc37909..f903fc0efae6398610946a17c334a919934f9263 100644 (file)
@@ -189,8 +189,10 @@ signal_restart_status (const struct signal_info *si)
        management_set_state (management,
                              state,
                              si->signal_text ? si->signal_text : signal_name (si->signal_received, true),
-                             (in_addr_t)0,
-                             (in_addr_t)0);
+                              NULL,
+                              NULL,
+                              NULL,
+                              NULL);
     }
 #endif
 }
index 8e6b4bcac69e75248ea8df6f5bc85a058f578404..13c05e0762f73da5ad942a9259305807efcc2f68 100644 (file)
@@ -363,8 +363,10 @@ openvpn_getaddrinfo (unsigned int flags,
             management_set_state (management,
                                   OPENVPN_STATE_RESOLVE,
                                   NULL,
-                                  (in_addr_t)0,
-                                  (in_addr_t)0);
+                                  NULL,
+                                  NULL,
+                                  NULL,
+                                  NULL);
         }
 #endif
 
@@ -1244,8 +1246,10 @@ socket_connect (socket_descriptor_t* sd,
        management_set_state (management,
                              OPENVPN_STATE_TCP_CONNECT,
                              NULL,
-                             (in_addr_t)0,
-                             (in_addr_t)0);
+                              NULL,
+                              NULL,
+                              NULL,
+                              NULL);
 #endif
 
   /* Set the actual address */
@@ -2371,17 +2375,22 @@ print_sockaddr_ex (const struct sockaddr *sa,
   switch(sa->sa_family)
     {
     case AF_INET:
-      buf_puts (&out, "[AF_INET]");
+      if (!(flags & PS_DONT_SHOW_FAMILY))
+        buf_puts (&out, "[AF_INET]");
       salen = sizeof (struct sockaddr_in);
       addr_is_defined = ((struct sockaddr_in*) sa)->sin_addr.s_addr != 0;
       break;
     case AF_INET6:
-      buf_puts (&out, "[AF_INET6]");
+      if (!(flags & PS_DONT_SHOW_FAMILY))
+        buf_puts (&out, "[AF_INET6]");
       salen = sizeof (struct sockaddr_in6);
       addr_is_defined = !IN6_IS_ADDR_UNSPECIFIED(&((struct sockaddr_in6*) sa)->sin6_addr);
       break;
     case AF_UNSPEC:
-      return "[AF_UNSPEC]";
+      if (!(flags & PS_DONT_SHOW_FAMILY))
+        return "[AF_UNSPEC]";
+      else
+        return "";
     default:
       ASSERT(0);
     }
index 54cdc8878a3d81c980ff8e2f842ff57dd8fdbbb3..a8e0e816cd8b9e761009eef41563f8f551695f7e 100644 (file)
@@ -344,6 +344,7 @@ void sd_close (socket_descriptor_t *sd);
 #define PS_SHOW_PORT            (1<<1)
 #define PS_SHOW_PKTINFO         (1<<2)
 #define PS_DONT_SHOW_ADDR       (1<<3)
+#define PS_DONT_SHOW_FAMILY     (1<<4)
 
 const char *print_sockaddr_ex (const struct sockaddr *addr,
                               const char* separator,
index 86eda77c09ad57ce68505966ef16ef83aad9ed21..817bc49d52e706228c125dc429fc85ba9b9578ad 100644 (file)
@@ -2307,8 +2307,10 @@ tls_process (struct tls_multi *multi,
                      management_set_state (management,
                                            OPENVPN_STATE_WAIT,
                                            NULL,
-                                           0,
-                                           0);
+                                            NULL,
+                                            NULL,
+                                            NULL,
+                                            NULL);
                    }
 #endif
                }
@@ -3016,8 +3018,10 @@ tls_pre_decrypt (struct tls_multi *multi,
                      management_set_state (management,
                                            OPENVPN_STATE_AUTH,
                                            NULL,
-                                           0,
-                                           0);
+                                            NULL,
+                                            NULL,
+                                            NULL,
+                                            NULL);
                    }
 #endif
 
index c293e1ecd1bf1219096028ed6bf11f2aaf0aba9d..014d988541b0a513ab6e4f41adc09c29c9278278 100644 (file)
@@ -711,8 +711,10 @@ do_ifconfig (struct tuntap *tt,
       management_set_state (management,
                            OPENVPN_STATE_ASSIGN_IP,
                            NULL,
-                           tt->local,
-                           0);
+                            &tt->local,
+                            &tt->local_ipv6,
+                            NULL,
+                            NULL);
     }
 #endif