Attention is currently required from: flichtenheld, ordex, plaisthos.
Hello flichtenheld, ordex,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/1191?usp=email
to look at the new patch set (#4).
The following approvals got outdated and were removed:
Code-Review+1 by ordex
Change subject: Allow route_ipv6_match_host to be used outside of route.c
......................................................................
Allow route_ipv6_match_host to be used outside of route.c
Also adjust style a bit to C99
Change-Id: Ief1495b52ea81cac35d78e40264372d3869423f1
Signed-off-by: Arne Schwabe <[email protected]>
---
M src/openvpn/route.c
M src/openvpn/route.h
2 files changed, 23 insertions(+), 14 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/91/1191/4
diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index e504485..2bae681 100644
--- a/src/openvpn/route.c
+++ b/src/openvpn/route.c
@@ -710,25 +710,20 @@
return ret;
}
-/* check whether an IPv6 host address is covered by a given route_ipv6
- * (not the most beautiful implementation in the world, but portable and
- * "good enough")
- */
-static bool
-route_ipv6_match_host(const struct route_ipv6 *r6, const struct in6_addr *host)
+bool
+ipv6_net_contains_host(const struct in6_addr *network, unsigned int bits,
const struct in6_addr *host)
{
- unsigned int bits = r6->netbits;
- int i;
- unsigned int mask;
-
+ /* (not the most beautiful implementation in the world, but portable and
+ * "good enough") */
if (bits > 128)
{
return false;
}
+ int i = 0;
for (i = 0; bits >= 8; i++, bits -= 8)
{
- if (r6->network.s6_addr[i] != host->s6_addr[i])
+ if (network->s6_addr[i] != host->s6_addr[i])
{
return false;
}
@@ -739,9 +734,9 @@
return true;
}
- mask = 0xff << (8 - bits);
+ unsigned int mask = 0xff << (8 - bits);
- if ((r6->network.s6_addr[i] & mask) == (host->s6_addr[i] & mask))
+ if ((network->s6_addr[i] & mask) == (host->s6_addr[i] & mask))
{
return true;
}
@@ -830,7 +825,8 @@
* avoiding routing loops, so ignore this part and let
* need_remote_ipv6_route always evaluate to false
*/
- if (remote_host_ipv6 && route_ipv6_match_host(r6,
remote_host_ipv6))
+ if (remote_host_ipv6
+ && ipv6_net_contains_host(&r6->network, r6->netbits,
remote_host_ipv6))
{
need_remote_ipv6_route = true;
msg(D_ROUTE,
diff --git a/src/openvpn/route.h b/src/openvpn/route.h
index 9b6a47e..21f37a2 100644
--- a/src/openvpn/route.h
+++ b/src/openvpn/route.h
@@ -426,4 +426,17 @@
return rl && BOOL_CAST(rl->iflags & RL_DID_REDIRECT_DEFAULT_GATEWAY);
}
+
+/**
+ * check whether an IPv6 host address is covered by a given network/bits
+ * @param network the network address
+ * @param bits the network mask
+ * @param host the host address to be checked if it is contained by the network
+ *
+ * @return true if the host address is covered by the network with the given
+ * network mask by bits
+ */
+bool
+ipv6_net_contains_host(const struct in6_addr *network, unsigned int bits,
const struct in6_addr *host);
+
#endif /* ifndef ROUTE_H */
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1191?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Ief1495b52ea81cac35d78e40264372d3869423f1
Gerrit-Change-Number: 1191
Gerrit-PatchSet: 4
Gerrit-Owner: plaisthos <[email protected]>
Gerrit-Reviewer: flichtenheld <[email protected]>
Gerrit-Reviewer: ordex <[email protected]>
Gerrit-CC: d12fk <[email protected]>
Gerrit-CC: openvpn-devel <[email protected]>
Gerrit-Attention: plaisthos <[email protected]>
Gerrit-Attention: flichtenheld <[email protected]>
Gerrit-Attention: ordex <[email protected]>
Gerrit-MessageType: newpatchset
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
