include ifconfig_ environment variables in --up-restart env set

here's my patch for bug #93: missing ifconfig_* env vars after
up-restart. Tested with both IPv4, IPv6, topology subnet and topology net30

Document differences between --up-restart and --up in openvpn.8

See trac #93 and the discussion starting with <555BF270.3090706@nikhef.nl>
on the openvpn-devel mailing list.

fix trac #93

Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <555BF270.3090706@nikhef.nl>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9705
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/doc/openvpn.8 b/doc/openvpn.8
index b9eee0d9a8d3310b1ffad957454fce23fbb33cdc..ef87bb7223f545a02d32f3bff4d3c069e6828a15 100644 (file)
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -1817,6 +1817,12 @@ has been specified, the up script will be called with
 .I restart
 as the last parameter.
 
+NOTE: on restart, OpenVPN will not pass the full set of environment
+variables to the script.  Namely, everything related to routing and
+gateways will not be passed, as nothing needs to be done anyway - all
+the routing setup is already in place.  Additionally, the up\-restart
+script will run with the downgraded UID/GID settings (if configured).
+
 The following standalone example shows how the
 .B \-\-up
 script can be called in both an initialization and restart context.

diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 42cb3e201b14d5133d3e47c1218dbf3f4d0fabd8..769ab9b514bf7c25981a63a57da89ded8d4a04cf 100644 (file)
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -1486,6 +1486,9 @@ do_open_tun (struct context *c)
       msg (M_INFO, "Preserving previous TUN/TAP instance: %s",
           c->c1.tuntap->actual_name);
 
+      /* explicitly set the ifconfig_* env vars */
+      do_ifconfig_setenv(c->c1.tuntap, c->c2.es);
+
       /* run the up script if user specified --up-restart */
       if (c->options.up_restart)
        run_up_down (c->options.up_script,

diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index ce3ed853ba9b9d9957c97cf9ef2a4b7eff4e7f8d..9e853c0036889ec2e5f54b6c3739a9fa649f9191 100644 (file)
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -396,6 +396,45 @@ is_tun_p2p (const struct tuntap *tt)
   return tun;
 }
 
+/*
+ * Set the ifconfig_* environment variables, both for IPv4 and IPv6
+ */
+void
+do_ifconfig_setenv (const struct tuntap *tt, struct env_set *es)
+{
+    struct gc_arena gc = gc_new ();
+    bool tun = is_tun_p2p (tt);
+    const char *ifconfig_local = print_in_addr_t (tt->local, 0, &gc);
+    const char *ifconfig_remote_netmask = print_in_addr_t (tt->remote_netmask, 0, &gc);
+
+    /*
+     * Set environmental variables with ifconfig parameters.
+     */
+    setenv_str (es, "ifconfig_local", ifconfig_local);
+    if (tun)
+    {
+       setenv_str (es, "ifconfig_remote", ifconfig_remote_netmask);
+    }
+    else
+    {
+       const char *ifconfig_broadcast = print_in_addr_t (tt->broadcast, 0, &gc);
+       setenv_str (es, "ifconfig_netmask", ifconfig_remote_netmask);
+       setenv_str (es, "ifconfig_broadcast", ifconfig_broadcast);
+    }
+
+    if (tt->did_ifconfig_ipv6_setup)
+    {
+       const char *ifconfig_ipv6_local = print_in6_addr (tt->local_ipv6, 0, &gc);
+       const char *ifconfig_ipv6_remote = print_in6_addr (tt->remote_ipv6, 0, &gc);
+
+       setenv_str (es, "ifconfig_ipv6_local", ifconfig_ipv6_local);
+       setenv_int (es, "ifconfig_ipv6_netbits", tt->netbits_ipv6);
+       setenv_str (es, "ifconfig_ipv6_remote", ifconfig_ipv6_remote);
+    }
+
+    gc_free (&gc);
+}
+
 /*
  * Init tun/tap object.
  *
@@ -428,9 +467,6 @@ init_tun (const char *dev,       /* --dev option */
   if (ifconfig_local_parm && ifconfig_remote_netmask_parm)
     {
       bool tun = false;
-      const char *ifconfig_local = NULL;
-      const char *ifconfig_remote_netmask = NULL;
-      const char *ifconfig_broadcast = NULL;
 
       /*
        * We only handle TUN/TAP devices here, not --dev null devices.
@@ -498,45 +534,20 @@ init_tun (const char *dev,       /* --dev option */
            check_subnet_conflict (tt->local, IPV4_NETMASK_HOST, "TUN/TAP adapter");
        }
 
-      /*
-       * Set ifconfig parameters
-       */
-      ifconfig_local = print_in_addr_t (tt->local, 0, &gc);
-      ifconfig_remote_netmask = print_in_addr_t (tt->remote_netmask, 0, &gc);
-
       /*
        * If TAP-style interface, generate broadcast address.
        */
       if (!tun)
        {
          tt->broadcast = generate_ifconfig_broadcast_addr (tt->local, tt->remote_netmask);
-         ifconfig_broadcast = print_in_addr_t (tt->broadcast, 0, &gc);
        }
 
-      /*
-       * Set environmental variables with ifconfig parameters.
-       */
-      if (es)
-       {
-         setenv_str (es, "ifconfig_local", ifconfig_local);
-         if (tun)
-           {
-             setenv_str (es, "ifconfig_remote", ifconfig_remote_netmask);
-           }
-         else
-           {
-             setenv_str (es, "ifconfig_netmask", ifconfig_remote_netmask);
-             setenv_str (es, "ifconfig_broadcast", ifconfig_broadcast);
-           }
-       }
 
       tt->did_ifconfig_setup = true;
     }
 
   if (ifconfig_ipv6_local_parm && ifconfig_ipv6_remote_parm)
     {
-      const char *ifconfig_ipv6_local = NULL;
-      const char *ifconfig_ipv6_remote = NULL;
 
       /*
        * Convert arguments to binary IPv6 addresses.
@@ -549,24 +560,14 @@ init_tun (const char *dev,       /* --dev option */
        }
       tt->netbits_ipv6 = ifconfig_ipv6_netbits_parm;
 
-      /*
-       * Set ifconfig parameters
-       */
-      ifconfig_ipv6_local = print_in6_addr (tt->local_ipv6, 0, &gc);
-      ifconfig_ipv6_remote = print_in6_addr (tt->remote_ipv6, 0, &gc);
-
-      /*
-       * Set environmental variables with ifconfig parameters.
-       */
-      if (es)
-       {
-         setenv_str (es, "ifconfig_ipv6_local", ifconfig_ipv6_local);
-         setenv_int (es, "ifconfig_ipv6_netbits", tt->netbits_ipv6);
-         setenv_str (es, "ifconfig_ipv6_remote", ifconfig_ipv6_remote);
-       }
       tt->did_ifconfig_ipv6_setup = true;
     }
 
+  /*
+   * Set environmental variables with ifconfig parameters.
+   */
+  if (es) do_ifconfig_setenv(tt, es);
+
   gc_free (&gc);
   return tt;
 }

diff --git a/src/openvpn/tun.h b/src/openvpn/tun.h
index 79e2d188396a992a05db6866d33c1114227fb568..65bacac055607ac665409cc1680579afd59f7e8a 100644 (file)
--- a/src/openvpn/tun.h
+++ b/src/openvpn/tun.h
@@ -241,6 +241,9 @@ void init_tun_post (struct tuntap *tt,
                    const struct frame *frame,
                    const struct tuntap_options *options);
 
+void do_ifconfig_setenv (const struct tuntap *tt,
+                 struct env_set *es);
+
 void do_ifconfig (struct tuntap *tt,
                  const char *actual,    /* actual device name */
                  int tun_mtu,