openvpn
openvpn copied to clipboard
OpenVPN
Implement the passtos option for IPv6 packets and sockets.
Hello,
This pull request implements the passtos option for both IPv6 packets (parsing the ToS of IPv6 packets received inside the tunnel) and sockets (setting the ToS of IPv6 encrypted packets sent to the OpenVPN server).
Cheers, Vittorio
Overall the change looks good. We would like to have all patches sent to the mailing list. See the Contributing file for more details.
Hi,
On Thu, Dec 15, 2016 at 05:51:50AM -0800, Vittorio G (VittGam) wrote:
+link_socket_extract_tos_v6 (struct link_socket *ls, const struct buffer *ipbuf) +{
- if (ls && ipbuf)
- {
struct openvpn_ipv6hdr *ip6h = (struct openvpn_ipv6hdr *) BPTR (ipbuf);ls->ptos = ((ip6h->version_prio & 0x0f) << 4) | (ip6h->flow_lbl[0] >> 4);It's handling a single byte, so it should be... Anyway I'm going to test this on an OpenWrt/LEDE big-endian router too.
I'm not sure if relevant: at this point, does the code know that the buffer is indeed big enough, that is, "larger than sizeof(openvpn_ipv6hdr)"?
gert
-- USENET is not the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany [email protected] fax: +49-89-35655025 [email protected]
Yes and no: yes, because the is_ipv_X in proto.c checks that the packet is at least sizeof(struct openvpn_iphdr) (20 bytes) large, and so in this particular case it's kind of okay because the ToS is in the first two bytes of the IPv6 packet; no, because the is_ipv_X function should check against sizeof(struct openvpn_ipv6hdr) (40 bytes) for an IPv6 packet. So I guess that's going to be another patch! :)
The "other patch" landed on the mailing list:
https://patchwork.openvpn.net/project/openvpn2/patch/[email protected]/
@VittGam any chance to send the patches to the ml?
I took the freedom to rebase the patch and send it to the ml. This PR can be closed. Thanks!