include ifconfig_ environment variables in --up-restart env set

here's my patch for bug #93: missing ifconfig_* env vars after
up-restart. Tested with both IPv4, IPv6, topology subnet and topology net30

Document differences between --up-restart and --up in openvpn.8

See trac #93 and the discussion starting with <555BF270.3090706@nikhef.nl>
on the openvpn-devel mailing list.

fix trac #93

Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <555BF270.3090706@nikhef.nl>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9705
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit db950be85d37eab40d8fffe0bc2060059f8a7e10)

diff --git a/doc/openvpn.8 b/doc/openvpn.8
index b0689b96f00255954da96f0a2fb8fadaa7ef0280..f9e7a0b1a36f547a92e676293b28db9f9d23f0ae 100644 (file)
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -1809,6 +1809,12 @@ has been specified, the up script will be called with
 .I restart
 as the last parameter.
 
+NOTE: on restart, OpenVPN will not pass the full set of environment
+variables to the script.  Namely, everything related to routing and
+gateways will not be passed, as nothing needs to be done anyway - all
+the routing setup is already in place.  Additionally, the up\-restart
+script will run with the downgraded UID/GID settings (if configured).
+
 The following standalone example shows how the
 .B \-\-up
 script can be called in both an initialization and restart context.

diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 2c3285d8f9405c42742f20aef0b092e80cbddd42..ce0a865032d02baea1d987cdc7c7ef8fe4a27fa1 100644 (file)
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -1489,6 +1489,9 @@ do_open_tun (struct context *c)
       msg (M_INFO, "Preserving previous TUN/TAP instance: %s",
           c->c1.tuntap->actual_name);
 
+      /* explicitly set the ifconfig_* env vars */
+      do_ifconfig_setenv(c->c1.tuntap, c->c2.es);
+
       /* run the up script if user specified --up-restart */
       if (c->options.up_restart)
        run_up_down (c->options.up_script,

diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 9ca3ee2008b67867855776b78169347bd4fc9fd5..088527e3b53aa9b9e2b078112ffdcae6bc4b42f8 100644 (file)
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -395,6 +395,45 @@ is_tun_p2p (const struct tuntap *tt)
   return tun;
 }
 
+/*
+ * Set the ifconfig_* environment variables, both for IPv4 and IPv6
+ */
+void
+do_ifconfig_setenv (const struct tuntap *tt, struct env_set *es)
+{
+    struct gc_arena gc = gc_new ();
+    bool tun = is_tun_p2p (tt);
+    const char *ifconfig_local = print_in_addr_t (tt->local, 0, &gc);
+    const char *ifconfig_remote_netmask = print_in_addr_t (tt->remote_netmask, 0, &gc);
+
+    /*
+     * Set environmental variables with ifconfig parameters.
+     */
+    setenv_str (es, "ifconfig_local", ifconfig_local);
+    if (tun)
+    {
+       setenv_str (es, "ifconfig_remote", ifconfig_remote_netmask);
+    }
+    else
+    {
+       const char *ifconfig_broadcast = print_in_addr_t (tt->broadcast, 0, &gc);
+       setenv_str (es, "ifconfig_netmask", ifconfig_remote_netmask);
+       setenv_str (es, "ifconfig_broadcast", ifconfig_broadcast);
+    }
+
+    if (tt->did_ifconfig_ipv6_setup)
+    {
+       const char *ifconfig_ipv6_local = print_in6_addr (tt->local_ipv6, 0, &gc);
+       const char *ifconfig_ipv6_remote = print_in6_addr (tt->remote_ipv6, 0, &gc);
+
+       setenv_str (es, "ifconfig_ipv6_local", ifconfig_ipv6_local);
+       setenv_int (es, "ifconfig_ipv6_netbits", tt->netbits_ipv6);
+       setenv_str (es, "ifconfig_ipv6_remote", ifconfig_ipv6_remote);
+    }
+
+    gc_free (&gc);
+}
+
 /*
  * Init tun/tap object.
  *
@@ -427,9 +466,6 @@ init_tun (const char *dev,       /* --dev option */
   if (ifconfig_local_parm && ifconfig_remote_netmask_parm)
     {
       bool tun = false;
-      const char *ifconfig_local = NULL;
-      const char *ifconfig_remote_netmask = NULL;
-      const char *ifconfig_broadcast = NULL;
 
       /*
        * We only handle TUN/TAP devices here, not --dev null devices.
@@ -490,45 +526,20 @@ init_tun (const char *dev,       /* --dev option */
            check_subnet_conflict (tt->local, IPV4_NETMASK_HOST, "TUN/TAP adapter");
        }
 
-      /*
-       * Set ifconfig parameters
-       */
-      ifconfig_local = print_in_addr_t (tt->local, 0, &gc);
-      ifconfig_remote_netmask = print_in_addr_t (tt->remote_netmask, 0, &gc);
-
       /*
        * If TAP-style interface, generate broadcast address.
        */
       if (!tun)
        {
          tt->broadcast = generate_ifconfig_broadcast_addr (tt->local, tt->remote_netmask);
-         ifconfig_broadcast = print_in_addr_t (tt->broadcast, 0, &gc);
        }
 
-      /*
-       * Set environmental variables with ifconfig parameters.
-       */
-      if (es)
-       {
-         setenv_str (es, "ifconfig_local", ifconfig_local);
-         if (tun)
-           {
-             setenv_str (es, "ifconfig_remote", ifconfig_remote_netmask);
-           }
-         else
-           {
-             setenv_str (es, "ifconfig_netmask", ifconfig_remote_netmask);
-             setenv_str (es, "ifconfig_broadcast", ifconfig_broadcast);
-           }
-       }
 
       tt->did_ifconfig_setup = true;
     }
 
   if (ifconfig_ipv6_local_parm && ifconfig_ipv6_remote_parm)
     {
-      const char *ifconfig_ipv6_local = NULL;
-      const char *ifconfig_ipv6_remote = NULL;
 
       /*
        * Convert arguments to binary IPv6 addresses.
@@ -541,24 +552,14 @@ init_tun (const char *dev,       /* --dev option */
        }
       tt->netbits_ipv6 = ifconfig_ipv6_netbits_parm;
 
-      /*
-       * Set ifconfig parameters
-       */
-      ifconfig_ipv6_local = print_in6_addr (tt->local_ipv6, 0, &gc);
-      ifconfig_ipv6_remote = print_in6_addr (tt->remote_ipv6, 0, &gc);
-
-      /*
-       * Set environmental variables with ifconfig parameters.
-       */
-      if (es)
-       {
-         setenv_str (es, "ifconfig_ipv6_local", ifconfig_ipv6_local);
-         setenv_int (es, "ifconfig_ipv6_netbits", tt->netbits_ipv6);
-         setenv_str (es, "ifconfig_ipv6_remote", ifconfig_ipv6_remote);
-       }
       tt->did_ifconfig_ipv6_setup = true;
     }
 
+  /*
+   * Set environmental variables with ifconfig parameters.
+   */
+  if (es) do_ifconfig_setenv(tt, es);
+
   gc_free (&gc);
   return tt;
 }

diff --git a/src/openvpn/tun.h b/src/openvpn/tun.h
index 1931c5207923a0d1f561dbe035179be5b0ce807b..7089f7cb9e2c146131854bcb7aebabd1e2e3a4e5 100644 (file)
--- a/src/openvpn/tun.h
+++ b/src/openvpn/tun.h
@@ -241,6 +241,9 @@ void init_tun_post (struct tuntap *tt,
                    const struct frame *frame,
                    const struct tuntap_options *options);
 
+void do_ifconfig_setenv (const struct tuntap *tt,
+                 struct env_set *es);
+
 void do_ifconfig (struct tuntap *tt,
                  const char *actual,    /* actual device name */
                  int tun_mtu,