git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Gert Doering <gert@greenie.muc.de>
	Thu, 17 Sep 2020 08:59:41 +0000 (10:59 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Thu, 17 Sep 2020 15:41:50 +0000 (17:41 +0200)
commit	4dff236811a1ec9c97a27ad93182ad4beb12377f
tree	765d9b0e89b058ccd9665d3782bdee1933b4fe13	tree \| snapshot
parent	3ad86c2534a92af137809b6d446d570193e6d01f	commit \| diff

If IPv6 pool specification sets pool start to ::0 address, increment.

The first IPv6 address in a subnet is not usable (IPv6 anycast address),
but our pool code ignored this.

Instead of assigning an unusable address or erroring out, just log the
fact, and increment the pool start to <pool_base>::1

NOTE: this is a bit simplistic. A pool that is larger than /96 and
has non-0 bits in the "uppermost bits" will still get the increment
as we only look at the lowermost 32 bits.

NOTE2: if the pool is specified with "--server-ipv6 $base/$bits", this
is a non-issue, as the address for the pool start will be incremented
anyway.

v2: make comment more explicit about "we're only talking about the
host part here" and "base sees only only 32 bit of the host part"

Reported-by: NicolaF_ in Trac
Trac: #1282

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Antonio Quartulli <a@unstable.cc>
Message-Id: <20200917085941.20972-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21039.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

doc/man-sections/server-options.rst		diff \| blob \| blame \| history
src/openvpn/pool.c		diff \| blob \| blame \| history