When running in TAP mode we may need to set the LL address of the
interface, if requested by the user.
This operation was overlooked when implementing the networking API and
it still relies on iproute/net-tools being installed.
Basically this means that when compiling OpenVPN on a system without
iproute2/net-tools and the user uses the "lladdr" config directive,
OpenVPN will fail to se the LL address of the interface.
With this patch a new API is introduced, it is implemented for both
SITNL and iproute2 backends, and called on Linux (this is a combination
of three patches in master).
Reported-by: Jan Hugo Prins <jprins@betterbe.com>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Tested-by: Jan Hugo Prins <jprins@betterbe.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <
20210903161113.30498-1-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22792.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit
98f524cbd58d24d09dee26160d7386d710c3564f)
(cherry picked from commit
cb5d29461e6e734a2250b984b8423d39f7b9ddaa)
(cherry picked from commit
7205cdd8508be0ec9a83ea2e012e2a495157cad0)
ctx);
if (options->persist_mode && options->lladdr)
{
- set_lladdr(options->dev, options->lladdr, NULL);
+ set_lladdr(ctx, options->dev, options->lladdr, NULL);
}
return true;
#else /* ifdef ENABLE_FEATURE_TUN_PERSIST */
/* set the hardware address */
if (c->options.lladdr)
{
- set_lladdr(c->c1.tuntap->actual_name, c->options.lladdr, c->c2.es);
+ set_lladdr(&c->net_ctx, c->c1.tuntap->actual_name, c->options.lladdr,
+ c->c2.es);
}
/* do ifconfig */
#include "lladdr.h"
int
-set_lladdr(const char *ifname, const char *lladdr,
+set_lladdr(openvpn_net_ctx_t *ctx, const char *ifname, const char *lladdr,
const struct env_set *es)
{
- struct argv argv = argv_new();
int r;
if (!ifname || !lladdr)
}
#if defined(TARGET_LINUX)
-#ifdef ENABLE_IPROUTE
- argv_printf(&argv,
- "%s link set addr %s dev %s",
- iproute_path, lladdr, ifname);
-#else
- argv_printf(&argv,
- "%s %s hw ether %s",
- IFCONFIG_PATH,
- ifname, lladdr);
-#endif
-#elif defined(TARGET_SOLARIS)
+ uint8_t addr[ETH_ALEN];
+
+ sscanf(lladdr, MAC_FMT, MAC_SCAN_ARG(addr));
+ r = (net_addr_ll_set(ctx, ifname, addr) == 0);
+#else /* if defined(TARGET_LINUX) */
+ struct argv argv = argv_new();
+#if defined(TARGET_SOLARIS)
argv_printf(&argv,
"%s %s ether %s",
IFCONFIG_PATH,
"%s %s ether %s",
IFCONFIG_PATH,
ifname, lladdr);
-#else /* if defined(TARGET_LINUX) */
+#else /* if defined(TARGET_SOLARIS) */
msg(M_WARN, "Sorry, but I don't know how to configure link layer addresses on this operating system.");
return -1;
-#endif /* if defined(TARGET_LINUX) */
-
+#endif /* if defined(TARGET_SOLARIS) */
argv_msg(M_INFO, &argv);
r = openvpn_execve_check(&argv, es, M_WARN, "ERROR: Unable to set link layer address.");
+ argv_free(&argv);
+#endif /* if defined(TARGET_LINUX) */
+
if (r)
{
msg(M_INFO, "TUN/TAP link layer address set to %s", lladdr);
}
- argv_free(&argv);
return r;
}
*/
#include "misc.h"
+#include "networking.h"
-int set_lladdr(const char *ifname, const char *lladdr,
+int set_lladdr(openvpn_net_ctx_t *ctx, const char *ifname, const char *lladdr,
const struct env_set *es);
struct buffer
prepend_dir(const char *dir, const char *path, struct gc_arena *gc);
+#define _STRINGIFY(S) #S
+#define MAC_FMT _STRINGIFY(%02hhx:%02hhx:%02hhx:%02hhx:%02hhx:%02hhx)
+#define MAC_PRINT_ARG(_mac) _mac[0], _mac[1], _mac[2], \
+ _mac[3], _mac[4], _mac[5]
+#define MAC_SCAN_ARG(_mac) &_mac[0], &_mac[1], &_mac[2], \
+ &_mac[3], &_mac[4], &_mac[5]
+
#endif /* ifndef MISC_H */
int net_iface_mtu_set(openvpn_net_ctx_t *ctx,
const openvpn_net_iface_t *iface, uint32_t mtu);
+/**
+ * Set the Link Layer (Ethernet) address of the TAP interface
+ *
+ * @param ctx the implementation specific context
+ * @param iface the interface to modify
+ * @param addr the new address to set (expected ETH_ALEN bytes (6))
+ *
+ * @return 0 on success, a negative error code otherwise
+ */
+int net_addr_ll_set(openvpn_net_ctx_t *ctx, const openvpn_net_iface_t *iface,
+ uint8_t *addr);
+
/**
* Add an IPv4 address to an interface
*
return 0;
}
+int
+net_addr_ll_set(openvpn_net_ctx_t *ctx, const openvpn_net_iface_t *iface,
+ uint8_t *addr)
+{
+ struct argv argv = argv_new();
+ int ret = 0;
+
+ argv_printf(&argv,
+ "%s link set addr " MAC_FMT " dev %s",
+ iproute_path, MAC_PRINT_ARG(addr), iface);
+
+ argv_msg(M_INFO, &argv);
+ if (!openvpn_execve_check(&argv, ctx->es, M_WARN,
+ "Linux ip link set addr failed"))
+ {
+ ret = -1;
+ }
+
+ argv_free(&argv);
+
+ return ret;
+}
+
int
net_addr_v4_add(openvpn_net_ctx_t *ctx, const char *iface,
const in_addr_t *addr, int prefixlen)
#include "errlevel.h"
#include "buffer.h"
+#include "misc.h"
#include "networking.h"
#include <errno.h>
return ret;
}
+int
+net_addr_ll_set(openvpn_net_ctx_t *ctx, const openvpn_net_iface_t *iface,
+ uint8_t *addr)
+{
+ struct sitnl_link_req req;
+ int ifindex, ret = -1;
+
+ CLEAR(req);
+
+ ifindex = if_nametoindex(iface);
+ if (ifindex == 0)
+ {
+ msg(M_WARN | M_ERRNO, "%s: rtnl: cannot get ifindex for %s", __func__,
+ iface);
+ return -1;
+ }
+
+ req.n.nlmsg_len = NLMSG_LENGTH(sizeof(req.i));
+ req.n.nlmsg_flags = NLM_F_REQUEST;
+ req.n.nlmsg_type = RTM_NEWLINK;
+
+ req.i.ifi_family = AF_PACKET;
+ req.i.ifi_index = ifindex;
+
+ SITNL_ADDATTR(&req.n, sizeof(req), IFLA_ADDRESS, addr, ETH_ALEN);
+
+ msg(M_INFO, "%s: lladdr " MAC_FMT " for %s", __func__, MAC_PRINT_ARG(addr),
+ iface);
+
+ ret = sitnl_send(&req.n, 0, 0, NULL, NULL);
+err:
+ return ret;
+}
+
static int
sitnl_addr_set(int cmd, uint32_t flags, int ifindex, sa_family_t af_family,
const inet_address_t *local, const inet_address_t *remote,
projects / thirdparty / openvpn.git / commitdiff
