From: Antonio Quartulli Date: Mon, 8 Jun 2020 20:16:13 +0000 (+0200) Subject: ipv6-pool: get rid of size constraint X-Git-Tag: v2.5_beta1~125 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1379e5271d0057fcaed82d6985e614ca2ed8c265;p=thirdparty%2Fopenvpn.git ipv6-pool: get rid of size constraint Signed-off-by: Antonio Quartulli Acked-by: Gert Doering Message-Id: <20200608201613.23750-1-a@unstable.cc> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20005.html Signed-off-by: Gert Doering --- diff --git a/src/openvpn/helper.c b/src/openvpn/helper.c index 277e6972a..fbfc287f1 100644 --- a/src/openvpn/helper.c +++ b/src/openvpn/helper.c @@ -198,12 +198,17 @@ helper_client_server(struct options *o) print_in6_addr( add_in6_addr( o->server_network_ipv6, 2), 0, &o->gc ); o->ifconfig_ipv6_netbits = o->server_netbits_ipv6; - /* pool starts at "base address + 0x1000" - leave enough room */ - ASSERT( o->server_netbits_ipv6 <= 112 ); /* want 16 bits */ + /* basic sanity check */ + ASSERT(o->server_netbits_ipv6 >= 64 && o->server_netbits_ipv6 <= 124); o->ifconfig_ipv6_pool_defined = true; - o->ifconfig_ipv6_pool_base = - add_in6_addr( o->server_network_ipv6, 0x1000 ); + /* For large enough pools we keep the original behaviour of adding + * 0x1000 when computing the base. + * + * Smaller pools can't get that far, therefore we just increase by 2 + */ + o->ifconfig_ipv6_pool_base = add_in6_addr(o->server_network_ipv6, + o->server_netbits_ipv6 < 112 ? 0x1000 : 2); o->ifconfig_ipv6_pool_netbits = o->server_netbits_ipv6; push_option( o, "tun-ipv6", M_USAGE ); diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 018f6f18c..9d3a8dfed 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -6718,9 +6718,12 @@ add_option(struct options *options, msg(msglevel, "error parsing --server-ipv6 parameter"); goto err; } - if (netbits < 64 || netbits > 112) + if (netbits < 64 || netbits > 124) { - msg( msglevel, "--server-ipv6 settings: only /64../112 supported right now (not /%d)", netbits ); + msg(msglevel, + "--server-ipv6 settings: network must be between /64 and /124 (not /%d)", + netbits); + goto err; } options->server_ipv6_defined = true; @@ -6840,9 +6843,11 @@ add_option(struct options *options, msg(msglevel, "error parsing --ifconfig-ipv6-pool parameters"); goto err; } - if (netbits < 64 || netbits > 112) + if (netbits < 64 || netbits > 124) { - msg( msglevel, "--ifconfig-ipv6-pool settings: only /64../112 supported right now (not /%d)", netbits ); + msg(msglevel, + "--ifconfig-ipv6-pool settings: network must be between /64 and /124 (not /%d)", + netbits); goto err; } diff --git a/src/openvpn/pool.c b/src/openvpn/pool.c index 4e303712b..296676230 100644 --- a/src/openvpn/pool.c +++ b/src/openvpn/pool.c @@ -207,6 +207,12 @@ ifconfig_pool_init(const bool ipv4_pool, enum pool_type type, in_addr_t start, ASSERT(0); } + if (pool->ipv4.size < 2) + { + msg(M_FATAL, "IPv4 pool size is too small (%d), must be at least 2", + pool->ipv4.size); + } + msg(D_IFCONFIG_POOL, "IFCONFIG POOL IPv4: base=%s size=%d", print_in_addr_t(pool->ipv4.base, 0, &gc), pool->ipv4.size); } @@ -245,6 +251,12 @@ ifconfig_pool_init(const bool ipv4_pool, enum pool_type type, in_addr_t start, ? (1 << (128 - ipv6_netbits)) - base : IFCONFIG_POOL_MAX; + if (pool->ipv6.size < 2) + { + msg(M_FATAL, "IPv6 pool size is too small (%d), must be at least 2", + pool->ipv6.size); + } + msg(D_IFCONFIG_POOL, "IFCONFIG POOL IPv6: base=%s size=%d netbits=%d", print_in6_addr(pool->ipv6.base, 0, &gc), pool->ipv6.size, ipv6_netbits);