* added --management-up-down option to allow management interface

  to be notified of tunnel up/down events.

* pulled --ip-win32 options will be suppressed on the client
  if --route-nopull option is specified.

Version 2.1.3f

git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6813 e7ae566f-a301-0410-adde-c780ea21d3b5

diff --git a/init.c b/init.c
index e694a70cc6ded4e503b46dc224a85365351344cc..7f072ae2ce171acc1ba6993a5ffed618f99a1f39 100644 (file)
--- a/init.c
+++ b/init.c
@@ -1177,7 +1177,14 @@ do_route (const struct options *options,
          struct env_set *es)
 {
   if (!options->route_noexec && route_list)
-    add_routes (route_list, tt, ROUTE_OPTION_FLAGS (options), es);
+    {
+      add_routes (route_list, tt, ROUTE_OPTION_FLAGS (options), es);
+      setenv_int (es, "redirect_gateway", route_list->did_redirect_default_gateway);
+    }
+#ifdef ENABLE_MANAGEMENT
+  if (management)
+    management_up_down (management, "UP", es);
+#endif
 
   if (plugin_defined (plugins, OPENVPN_PLUGIN_ROUTE_UP))
     {
@@ -1385,7 +1392,10 @@ do_close_tun (struct context *c, bool force)
 #ifdef ENABLE_MANAGEMENT
          /* tell management layer we are about to close the TUN/TAP device */
          if (management)
-           management_pre_tunnel_close (management);
+           {
+             management_pre_tunnel_close (management);
+             management_up_down (management, "DOWN", c->c2.es);
+           }
 #endif
 
          /* delete any routes we added */
@@ -1527,7 +1537,6 @@ pull_permission_mask (const struct context *c)
   unsigned int flags =
       OPT_P_UP
     | OPT_P_ROUTE_EXTRAS
-    | OPT_P_IPWIN32
     | OPT_P_SOCKBUF
     | OPT_P_SOCKFLAGS
     | OPT_P_SETENV
@@ -1541,7 +1550,7 @@ pull_permission_mask (const struct context *c)
     | OPT_P_PULL_MODE;
 
   if (!c->options.route_nopull)
-    flags |= OPT_P_ROUTE;
+    flags |= (OPT_P_ROUTE | OPT_P_IPWIN32);
 
   return flags;
 }

diff --git a/manage.c b/manage.c
index eabfb1fc83950f2a8fbf453c69f3aac26171d111..e8f67cde05601b34a595201e54d82b6df0200b54 100644 (file)
--- a/manage.c
+++ b/manage.c
@@ -2252,8 +2252,6 @@ management_set_state (struct management *man,
     }
 }
 
-#ifdef MANAGEMENT_DEF_AUTH
-
 static bool
 env_filter_match (const char *env_str, const int env_filter_level)
 {
@@ -2275,9 +2273,11 @@ env_filter_match (const char *env_str, const int env_filter_level)
     "bytes_received="
   };
 
-  if (env_filter_level >= 2 && !strncmp(env_str, "X509_", 5))
+  if (env_filter_level == 0)
     return true;
-  else if (env_filter_level >= 1)
+  else if (env_filter_level <= 1 && !strncmp(env_str, "X509_", 5))
+    return true;
+  else if (env_filter_level <= 2)
     {
       size_t i;
       for (i = 0; i < SIZE(env_names); ++i)
@@ -2289,12 +2289,11 @@ env_filter_match (const char *env_str, const int env_filter_level)
        }
       return false;
     }
-  else
-    return true;
+  return false;
 }
 
 static void
-man_output_env (const struct env_set *es, const bool tail, const int env_filter_level)
+man_output_env (const struct env_set *es, const bool tail, const int env_filter_level, const char *prefix)
 {
   if (es)
     {
@@ -2302,15 +2301,15 @@ man_output_env (const struct env_set *es, const bool tail, const int env_filter_
       for (e = es->list; e != NULL; e = e->next)
        {
          if (e->string && (!env_filter_level || env_filter_match(e->string, env_filter_level)))
-           msg (M_CLIENT, ">CLIENT:ENV,%s", e->string);
+           msg (M_CLIENT, ">%s:ENV,%s", prefix, e->string);
        }
     }
   if (tail)
-    msg (M_CLIENT, ">CLIENT:ENV,END");
+    msg (M_CLIENT, ">%s:ENV,END", prefix);
 }
 
 static void
-man_output_extra_env (struct management *man)
+man_output_extra_env (struct management *man, const char *prefix)
 {
   struct gc_arena gc = gc_new ();
   struct env_set *es = env_set_create (&gc);
@@ -2319,10 +2318,22 @@ man_output_extra_env (struct management *man)
       const int nclients = (*man->persist.callback.n_clients) (man->persist.callback.arg);
       setenv_int (es, "n_clients", nclients);
     }
-  man_output_env (es, false, man->connection.env_filter_level);
+  man_output_env (es, false, man->connection.env_filter_level, prefix);
   gc_free (&gc);
 }
 
+void
+management_up_down(struct management *man, const char *updown, const struct env_set *es)
+{
+  if (man->settings.flags & MF_UP_DOWN)
+    {
+      msg (M_CLIENT, ">UPDOWN:%s", updown);
+      man_output_env (es, true, 0, "UPDOWN");
+    }
+}
+
+#ifdef MANAGEMENT_DEF_AUTH
+
 static bool
 validate_peer_info_line(const char *line)
 {
@@ -2387,9 +2398,9 @@ management_notify_client_needing_auth (struct management *management,
       if (mdac->flags & DAF_CONNECTION_ESTABLISHED)
        mode = "REAUTH";
       msg (M_CLIENT, ">CLIENT:%s,%lu,%u", mode, mdac->cid, mda_key_id);
-      man_output_extra_env (management);
+      man_output_extra_env (management, "CLIENT");
       man_output_peer_info_env(management, mdac);
-      man_output_env (es, true, management->connection.env_filter_level);
+      man_output_env (es, true, management->connection.env_filter_level, "CLIENT");
       mdac->flags |= DAF_INITIAL_AUTH;
     }
 }
@@ -2401,8 +2412,8 @@ management_connection_established (struct management *management,
 {
   mdac->flags |= DAF_CONNECTION_ESTABLISHED;
   msg (M_CLIENT, ">CLIENT:ESTABLISHED,%lu", mdac->cid);
-  man_output_extra_env (management);
-  man_output_env (es, true, management->connection.env_filter_level);
+  man_output_extra_env (management, "CLIENT");
+  man_output_env (es, true, management->connection.env_filter_level, "CLIENT");
 }
 
 void
@@ -2413,7 +2424,7 @@ management_notify_client_close (struct management *management,
   if ((mdac->flags & DAF_INITIAL_AUTH) && !(mdac->flags & DAF_CONNECTION_CLOSED))
     {
       msg (M_CLIENT, ">CLIENT:DISCONNECT,%lu", mdac->cid);
-      man_output_env (es, true, management->connection.env_filter_level);
+      man_output_env (es, true, management->connection.env_filter_level, "CLIENT");
       mdac->flags |= DAF_CONNECTION_CLOSED;
     }
 }

diff --git a/manage.h b/manage.h
index a8f971b8c38d7818b554f2f9159a7730c25e7cfe..c884cafc54420aa2042dc6397f4a7f119774dac6 100644 (file)
--- a/manage.h
+++ b/manage.h
@@ -332,6 +332,7 @@ struct management *management_init (void);
 #ifdef MANAGMENT_EXTERNAL_KEY
 # define MF_EXTERNAL_KEY    (1<<9)
 #endif
+#define MF_UP_DOWN          (1<<10)
 
 bool management_open (struct management *man,
                      const char *addr,
@@ -372,6 +373,8 @@ bool management_hold (struct management *man);
 
 void management_event_loop_n_seconds (struct management *man, int sec);
 
+void management_up_down(struct management *man, const char *updown, const struct env_set *es);
+
 #ifdef MANAGEMENT_DEF_AUTH
 void management_notify_client_needing_auth (struct management *management,
                                            const unsigned int auth_id,

diff --git a/openvpn.8 b/openvpn.8
index 3cdc07e653bf3ba26cc32aff655a59aa64d39653..164b58ec7e35fcf6d08c7178c58174ca0b8d2568 100644 (file)
--- a/openvpn.8
+++ b/openvpn.8
@@ -2367,6 +2367,11 @@ lines of log file history for usage
 by the management channel.
 .\"*********************************************************
 .TP
+.B --management-up-down
+Report tunnel up/down events to management interface.
+.B 
+.\"*********************************************************
+.TP
 .B --management-client-auth
 Gives management interface client the responsibility
 to authenticate clients after their client certificate

diff --git a/options.c b/options.c
index 2ba18ec43defd0886f778d83ae74c99ee986cdff..a4b2d49cbc8f149119c5fa2bb675a59b6ee1b6bf 100644 (file)
--- a/options.c
+++ b/options.c
@@ -341,6 +341,7 @@ static const char usage_message[] =
   "--management-signal : Issue SIGUSR1 when management disconnect event occurs.\n"
   "--management-forget-disconnect : Forget passwords when management disconnect\n"
   "                                 event occurs.\n"
+  "--management-up-down : Report tunnel up/down events to management interface.\n"
   "--management-log-cache n : Cache n lines of log file history for usage\n"
   "                  by the management channel.\n"
 #if UNIX_SOCK_SUPPORT
@@ -3632,6 +3633,11 @@ add_option (struct options *options,
       VERIFY_PERMISSION (OPT_P_GENERAL);
       options->management_flags |= MF_FORGET_DISCONNECT;
     }
+  else if (streq (p[0], "management-up-down"))
+    {
+      VERIFY_PERMISSION (OPT_P_GENERAL);
+      options->management_flags |= MF_UP_DOWN;
+    }
   else if (streq (p[0], "management-client"))
     {
       VERIFY_PERMISSION (OPT_P_GENERAL);

diff --git a/version.m4 b/version.m4
index 44d9190a710eb4a1bdafeb076854b10ec2943334..6d51fb61bf7f68a5a78c9f6fae37737f81a5d6ea 100644 (file)
--- a/version.m4
+++ b/version.m4
@@ -1,5 +1,5 @@
 dnl define the OpenVPN version
-define(PRODUCT_VERSION,[2.1.3e])
+define(PRODUCT_VERSION,[2.1.3f])
 dnl define the TAP version
 define(PRODUCT_TAP_ID,[tap0901])
 define(PRODUCT_TAP_WIN32_MIN_MAJOR,[9])