eabb682a3d
Bump openvpn-acct-wtmpx to add its licence and to take into account the new location of plugin directory Significant changes since 2.2.x: * Full IPv6 support * SSL layer modularised, enabling easier implementation for other SSL libraries * PolarSSL support as a drop-in replacement for OpenSSL * New plug-in API providing direct certificate access, improved logging API and easier to extend in the future * Added 'dev_type' environment variable to scripts and plug-ins - which is set to 'TUN' or 'TAP' * New feature: --management-external-key - to provide access to the encryption keys via the management interface * New feature: --x509-track option, more fine grained access to X.509 fields in scripts and plug-ins * New feature: --client-nat support * New feature: --mark which can mark encrypted packets from the tunnel, suitable for more advanced routing and firewalling * New feature: --management-query-proxy - manage proxy settings via the management interface (supercedes --http-proxy-fallback) * New feature: --stale-routes-check, which cleans up the internal routing table * New feature: --x509-username-field, where other X.509v3 fields can be used for the authentication instead of Common Name * Improved client-kill management interface command * Improved UTF-8 support - and added --compat-names to provide backwards compatibility with older scripts/plug-ins * Improved auth-pam with COMMONNAME support, passing the certificate's common name in the PAM conversation * More options can now be used inside <connection> blocks * Completely new build system, enabling easier cross-compilation and Windows builds * Much of the code has been better documented * Many documentation updates * Plenty of bug fixes and other code clean-ups
62 lines
2 KiB
Text
62 lines
2 KiB
Text
$NetBSD: patch-ac,v 1.10 2013/02/10 05:55:07 manu Exp $
|
|
|
|
--- src/openvpn/tun.c.orig 2011-04-06 16:05:52.000000000 +0000
|
|
+++ src/openvpn/tun.c
|
|
@@ -805,15 +805,15 @@ do_ifconfig (struct tuntap *tt,
|
|
* NetBSD has distinct tun and tap devices
|
|
* so we don't need the "link0" extra parameter to specify we want to do
|
|
* tunneling at the ethernet level
|
|
+ * NB: The tun driver has no broadcast capability.
|
|
*/
|
|
argv_printf (&argv,
|
|
- "%s %s %s netmask %s mtu %d broadcast %s",
|
|
+ "%s %s %s netmask %s mtu %d",
|
|
IFCONFIG_PATH,
|
|
actual,
|
|
ifconfig_local,
|
|
ifconfig_remote_netmask,
|
|
- tun_mtu,
|
|
- ifconfig_broadcast
|
|
+ tun_mtu
|
|
);
|
|
argv_msg (M_INFO, &argv);
|
|
openvpn_execve_check (&argv, es, S_FATAL, "NetBSD ifconfig failed");
|
|
@@ -1023,7 +1023,37 @@ open_tun_generic (const char *dev, const
|
|
if (dynamic && !has_digit((unsigned char *)dev))
|
|
{
|
|
int i;
|
|
- for (i = 0; i < 256; ++i)
|
|
+#if defined(TAPGIFNAME)
|
|
+ /*
|
|
+ * Perhaps we have a cloning device. Try opening
|
|
+ * the device without any appended digits,
|
|
+ * and use ioctl(,TAPGIFNAME,) to get the resulting
|
|
+ * interface name.
|
|
+ */
|
|
+ openvpn_snprintf (tunname, sizeof (tunname), "/dev/%s", dev);
|
|
+ if ((tt->fd = open (tunname, O_RDWR)) > 0)
|
|
+ {
|
|
+ struct ifreq ifr;
|
|
+ if (ioctl (tt->fd, TAPGIFNAME, (void*)&ifr) < 0)
|
|
+ {
|
|
+ msg (D_READ_WRITE | M_ERRNO,
|
|
+ "ioctl(,TAPGIFNAME,) failed for %s", tunname);
|
|
+ close(tt->fd);
|
|
+ }
|
|
+ else
|
|
+ {
|
|
+ strlcpy (dynamic_name, ifr.ifr_name,
|
|
+ sizeof (dynamic_name));
|
|
+ dynamic_opened = true;
|
|
+ msg (M_INFO, "TUN/TAP dynamic interface %s opened",
|
|
+ dynamic_name);
|
|
+ }
|
|
+ }
|
|
+ if (!dynamic_opened)
|
|
+ msg (D_READ_WRITE | M_ERRNO, "Tried opening %s (failed)",
|
|
+ tunname);
|
|
+#endif /* TAPGIFNAME */
|
|
+ for (i = 0; i < 256 && !dynamic_opened; ++i)
|
|
{
|
|
openvpn_snprintf (tunname, sizeof (tunname),
|
|
"/dev/%s%d", dev, i);
|