Don't attempt to configure Legacy IP address on tun device.

This was only setting the Legacy IP address and not IPv6, and it wasn't
setting up any routes or nameservers. It wasn't even setting a *netmask*,
so wasn't even useful in the simple case of a VPN serving a single network
range. I can't think of a single case in which it was actually useful.

This is my response to the patch from Stanislav Sedov which makes the IP
configuration code work on FreeBSD 10. The tun code is a big enough mess
of OS-specific ifdefs already; I don't want it getting even worse, so let's
just rip this bit out.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

diff --git a/tun.c b/tun.c
index 6acf778..b3a7fb2 100644 (file)
--- a/tun.c
+++ b/tun.c
@@ -75,17 +75,9 @@
 #define TUN_HAS_AF_PREFIX 1
 #endif
 
-#ifdef __sun__
-static int local_config_tun(struct openconnect_info *vpninfo, int mtu_only)
-{
-       if (!mtu_only)
-               vpn_progress(vpninfo, PRG_ERR,
-                            _("No vpnc-script configured. Need Solaris IP-setting code\n"));
-       return 0;
-}
-#else
-static int local_config_tun(struct openconnect_info *vpninfo, int mtu_only)
+static int set_tun_mtu(struct openconnect_info *vpninfo)
 {
+#ifndef __sun__ /* We don't know how to do this on Solaris */
        struct ifreq ifr;
        int net_fd;
 
@@ -94,35 +86,19 @@ static int local_config_tun(struct openconnect_info *vpninfo, int mtu_only)
                perror(_("open net"));
                return -EINVAL;
        }
+
        memset(&ifr, 0, sizeof(ifr));
        strncpy(ifr.ifr_name, vpninfo->ifname, sizeof(ifr.ifr_name) - 1);
-
-       if (!mtu_only) {
-               struct sockaddr_in addr;
-
-               if (ioctl(net_fd, SIOCGIFFLAGS, &ifr) < 0)
-                       perror(_("SIOCGIFFLAGS"));
-
-               ifr.ifr_flags |= IFF_UP | IFF_POINTOPOINT;
-               if (ioctl(net_fd, SIOCSIFFLAGS, &ifr) < 0)
-                       perror(_("SIOCSIFFLAGS"));
-
-               addr.sin_family = AF_INET;
-               addr.sin_addr.s_addr = inet_addr(vpninfo->vpn_addr);
-               memcpy(&ifr.ifr_addr, &addr, sizeof(addr));
-               if (ioctl(net_fd, SIOCSIFADDR, &ifr) < 0)
-                       perror(_("SIOCSIFADDR"));
-       }
-
        ifr.ifr_mtu = vpninfo->mtu;
+
        if (ioctl(net_fd, SIOCSIFMTU, &ifr) < 0)
                perror(_("SIOCSIFMTU"));
 
        close(net_fd);
-
+#endif
        return 0;
 }
-#endif
+
 
 static int setenv_int(const char *opt, int value)
 {
@@ -585,13 +561,11 @@ int setup_tun(struct openconnect_info *vpninfo)
                if (tun_fd < 0)
                        return tun_fd;
 
-               if (vpninfo->vpnc_script) {
-                       setenv("TUNDEV", vpninfo->ifname, 1);
-                       script_config_tun(vpninfo, "connect");
-                       /* We have to set the MTU for ourselves, because the script doesn't */
-                       local_config_tun(vpninfo, 1);
-               } else
-                       local_config_tun(vpninfo, 0);
+               setenv("TUNDEV", vpninfo->ifname, 1);
+               script_config_tun(vpninfo, "connect");
+
+               /* Ancient vpnc-scripts might not get this right */
+               set_tun_mtu(vpninfo);
        }
 
        fcntl(tun_fd, F_SETFD, FD_CLOEXEC);

diff --git a/www/changelog.xml b/www/changelog.xml
index e16d7c9..b5aa71d 100644 (file)
--- a/www/changelog.xml
+++ b/www/changelog.xml
@@ -17,6 +17,7 @@
 <ul>
    <li><b>OpenConnect HEAD</b>
      <ul>
+       <li>Don't set Legacy IP address on tun device; let <tt>vpnc-script</tt> do it.</li>
        <li>Detect OpenSSL even without pkg-config.</li>
        <li>Stop building static library by default.</li>
        <li>Invoke <tt>vpnc-script</tt> with "pre-init" reason to load tun module if necessary.</li>