Re: [Openvpn-devel] [PATCH 3/9] vlan: Add per-client --vlan-tag option

2010-04-01 Thread Peter Stuge 
Hi Fabian,

Fabian Knittel wrote:
> >> +#define OPENVPN_8021Q_MAX_VID 0xFFFE
> > 
> > The max VID in 802.1q is 4095 = 0xfff.
> 
> You are absolutely correct.  Thanks for catching that.  I intended
> it to say 0xFFE, because the standard talks about VID values being
> valid within the range 0 through 4094 [1].

Aha!


> But OPENVPN_8021Q_MASK_VID should definitely be defined as 0xFFF,
> as the bit field is 12 bits.

Right.


> VID == 0xFFF is "Reserved for implementation use." and "shall not
> be configured as PVID [...] or transmitted in a tag header." [2]
> But I'm not sure whether it's used in reality and if you'd like
> that value to be accepted, I have no objections.

I think it's good to play along with the standards, so I like MAX
0xffe too.


> Thanks again for reviewing!

You're welcome!


//Peter

Re: [Openvpn-devel] [PATCH 3/9] vlan: Add per-client --vlan-tag option

2010-04-01 Thread Fabian Knittel 
Hi Peter,

Peter Stuge schrieb:
> Fabian Knittel wrote:
>> +#define OPENVPN_8021Q_MAX_VID 0xFFFE
> 
> The max VID in 802.1q is 4095 = 0xfff.

You are absolutely correct.  Thanks for catching that.  I intended it to
say 0xFFE, because the standard talks about VID values being valid
within the range 0 through 4094 [1].  But OPENVPN_8021Q_MASK_VID should
definitely be defined as 0xFFF, as the bit field is 12 bits.

VID == 0xFFF is "Reserved for implementation use." and "shall not be
configured as PVID [...] or transmitted in a tag header." [2]  But I'm
not sure whether it's used in reality and if you'd like that value to be
accepted, I have no objections.

Thanks again for reviewing!

Cheers
Fabian

1: IEEE Std 8021.Q-2005, "9.6 VLAN Tag Control Information", p.76
2: IEEE Std 8021.Q-2005, Table 9-2, p.76

[Openvpn-devel] [PATCH 3/9] vlan: Add per-client --vlan-tag option

2010-03-31 Thread Fabian Knittel 
This patch adds the new "--vlan-tag" integer option.  The option is valid
in server mode and can be set in a client context (e.g. from the client-connect
hook).  It defaults to 0.

The value indicates which VID (VLAN identifier) to associate with a client.
The client will only receive packets which belong to the same VLAN.  Packets
going out via the tap devie will be marked as belonging to the indicated VID.

The option has no immediate effect yet, but will be used by later patches.
---
 options.c |   25 +++--
 options.h |1 +
 proto.h   |4 
 3 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/options.c b/options.c
index 506fb49..aaf92f0 100644
--- a/options.c
+++ b/options.c
@@ -1178,6 +1178,7 @@ show_settings (const struct options *o)
   SHOW_BOOL (ifconfig_nowarn);

   SHOW_BOOL (vlan_tagging);
+  SHOW_INT (vlan_tag);

 #ifdef HAVE_GETTIMEOFDAY
   SHOW_INT (shaper);
@@ -1748,6 +1749,8 @@ options_postprocess_verify_ce (const struct options 
*options, const struct conne
  msg (M_USAGE, "--script-security method='system' cannot be combined 
with --no-name-remapping");
   if (options->vlan_tagging && dev != DEV_TYPE_TAP)
msg (M_USAGE, "--vlan-tagging only works with --dev tap");
+  if (!options->vlan_tagging && options->vlan_tag)
+   msg (M_USAGE, "--vlan-tag must be used with activated --vlan-tagging");
 }
   else
 {
@@ -1794,8 +1797,8 @@ options_postprocess_verify_ce (const struct options 
*options, const struct conne
   if (options->port_share_host || options->port_share_port)
msg (M_USAGE, "--port-share requires TCP server mode (--mode server 
--proto tcp-server)");
 #endif
-  if (options->vlan_tagging)
-   msg (M_USAGE, "--vlan-tagging requires --mode server");
+  if (options->vlan_tagging || options->vlan_tag)
+   msg (M_USAGE, "--vlan-tagging/--vlan-tag requires --mode server");

 }
 #endif /* P2MP_SERVER */
@@ -5743,6 +5746,24 @@ add_option (struct options *options,
   VERIFY_PERMISSION (OPT_P_GENERAL);
   options->vlan_tagging = true;
 }
+  else if (streq (p[0], "vlan-tag"))
+{
+  VERIFY_PERMISSION (OPT_P_INSTANCE);
+  if (p[1])
+   {
+ options->vlan_tag = positive_atoi (p[1]);
+ if (options->vlan_tag < OPENVPN_8021Q_MIN_VID || options->vlan_tag > 
OPENVPN_8021Q_MAX_VID)
+   {
+ msg (msglevel, "the parameter of --vlan-tag parameters must be >= 
%d and <= %d", OPENVPN_8021Q_MIN_VID, OPENVPN_8021Q_MAX_VID);
+ goto err;
+   }
+   }
+  else
+   {
+ msg (msglevel, "error parsing --vlan-tag parameters");
+ goto err;
+   }
+}
   else
 {
   if (file)
diff --git a/options.h b/options.h
index 49fa596..f4ca502 100644
--- a/options.h
+++ b/options.h
@@ -511,6 +511,7 @@ struct options
 #endif

   bool vlan_tagging;
+  int vlan_tag;
 };

 #define streq(x, y) (!strcmp((x), (y)))
diff --git a/proto.h b/proto.h
index 628e991..f26cbc0 100644
--- a/proto.h
+++ b/proto.h
@@ -211,4 +211,8 @@ void ipv4_packet_size_verify (const uint8_t *data,
  counter_type *errors);
 #endif

+
+#define OPENVPN_8021Q_MIN_VID 1
+#define OPENVPN_8021Q_MAX_VID 0xFFFE
+
 #endif
-- 
1.7.0