Attachment 259305 Details for Bug 309385 – patching openvpn files to add and remove tap device to bridge

patching openvpn files to add and remove tap device to bridge

openvpn.patch (text/plain), 5.30 KB, created by niv on 2011-01-08 18:22:32 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: niv

Created: 2011-01-08 18:22:32 UTC

Size: 5.30 KB

patch

obsolete

>--- /etc/openvpn/init.d/openvpn.orig	2010-12-18 04:10:29.000000000 +0200
>+++ /etc/openvpn/init.d/openvpn	2011-01-08 01:32:22.000000000 +0200
>@@ -12,7 +12,12 @@
> VPNCONF="${VPNDIR}/${VPN}.conf"
> 
> depend() {
>-	need localmount net
>+#	grep -q "^[ 	]*dev[ 	].*tap0" "${VPNCONF}"
>+#	if [ $? -eq 0 ] ; then
>+#		need localmount net.tap0
>+#	else
>+#		need localmount net
>+#	fi
> 	use dns
> 	after bootmisc
> }
>@@ -66,24 +71,19 @@
> 
> 	checkconfig || return 1
> 
>-	local args="" reenter=${RE_ENTER:-no}
>+	local args=("")
>+	local reenter=${RE_ENTER:-no}
> 	# If the config file does not specify the cd option, we do
> 	# But if we specify it, we override the config option which we do not want
> 	if ! grep -q "^[ 	]*cd[ 	].*" "${VPNCONF}" ; then
>-		args="${args} --cd ${VPNDIR}"
>+		args+=( --cd ${VPNDIR})
> 	fi
>-	
> 	# We mark the service as inactive and then start it.
> 	# When we get an authenticated packet from the peer then we run our script
> 	# which configures our DNS if any and marks us as up.
> 	if [ "${DETECT_CLIENT:-yes}" = "yes" ] && \
> 	grep -q "^[ 	]*remote[ 	].*" "${VPNCONF}" ; then
>-		reenter="yes"
>-		args="${args} --up-delay --up-restart"
>-		args="${args} --script-security 2"
>-		args="${args} --up /etc/openvpn/up.sh"
>-		args="${args} --down-pre --down /etc/openvpn/down.sh"
>-
>+		reener="yes"
> 		# Warn about setting scripts as we override them
> 		if grep -Eq "^[ 	]*(up|down)[ 	].*" "${VPNCONF}" ; then
> 			ewarn "WARNING: You have defined your own up/down scripts"
>@@ -102,17 +102,23 @@
> 		fi
> 	else
> 		# So we're a server. Run as openvpn unless otherwise specified
>-		grep -q "^[ 	]*user[ 	].*" "${VPNCONF}" || args="${args} --user openvpn"
>-		grep -q "^[ 	]*group[ 	].*" "${VPNCONF}" || args="${args} --group openvpn"
>+		grep -q "^[ 	]*user[ 	].*" "${VPNCONF}" || args+=( --user openvpn)
>+		grep -q "^[ 	]*group[ 	].*" "${VPNCONF}" || args+=( --group openvpn)
> 	fi
> 
>+#common settings:
>+	args+=(--up-delay --up-restart)
>+	args+=(--script-security 2)
>+	args+=( --up /etc/openvpn/up.sh ${SVCNAME})
>+	args+=( --down-pre --down /etc/openvpn/down.sh ${SVCNAME})
>+
> 	# Ensure that our scripts get the PEER_DNS variable
>-	[ -n "${PEER_DNS}" ] && args="${args} --setenv PEER_DNS ${PEER_DNS}"
>+	[ -n "${PEER_DNS}" ] && args+=( --setenv PEER_DNS ${PEER_DNS})
> 
> 	[ "${reenter}" = "yes" ] && mark_service_inactive "${SVCNAME}"
> 	start-stop-daemon --start --exec /usr/sbin/openvpn --pidfile "${VPNPID}" \
> 		-- --config "${VPNCONF}" --writepid "${VPNPID}" --daemon \
>-		--setenv SVCNAME "${SVCNAME}" ${args}
>+		--setenv SVCNAME "${SVCNAME}" "${args[@]}"
> 	eend $? "Check your logs to see why startup failed"
> }
> 
>@@ -127,6 +133,15 @@
> 	ebegin "Stopping ${SVCNAME}"
> 	start-stop-daemon --stop --quiet \
> 		--exec /usr/sbin/openvpn --pidfile "${VPNPID}"
>+	#remove device from bridge
>+	IFACE=$(sed -n 's/[[:space:]]*dev[[:space:]]*//p' ${VPNCONF})
>+	#IFACE="$( awk '/^\ *dev/ { print $2 }' ${VPNCONF} )"
>+	BRIDGE=$(ls -l /sys/class/net/${IFACE}/brport/bridge 2>/dev/null|sed 's/.*\///' )
>+	if [ "${BRIDGE}" != " "] ; then
>+		einfo "BRIDGE : $BRIDGE IFACE: $IFACE"
>+		/sbin/brctl delif ${BRIDGE} ${IFACE}
>+		ifconfig ${IFACE} 0.0.0.0
>+	fi
> 	eend $?
> }
> 
>--- /etc/openvpn/up.sh.orig	2010-12-18 04:18:58.000000000 +0200
>+++ /etc/openvpn/up.sh	2011-01-08 01:32:07.000000000 +0200
>@@ -18,7 +18,17 @@
> # This however, will break compatibility with Debians resolvconf
> # A possible workaround would be to just list multiple domain lines
> # and try and let resolvconf handle it
>+# Niv Vaizer: Shell script in tap is called:
>+#cmd tap_dev tap_mtu link_mtu ifconfig_local_ip ifconfig_netmask [ init | restart ]
>+set -x
>+
>+_is_bridge()
>+{
>+	[ -d /sys/class/net/"${1:-${IFACE}}"/bridge ]
>+	return $?
>+}
> 
>+#start original
> if [ "${PEER_DNS}" != "no" ]; then
> 	NS=
> 	DOMAIN=
>@@ -59,7 +69,22 @@
> 		fi
> 	fi
> fi
>-
>+#end origianl
>+# in case openvpn is in bridge mode bridge it to the apropriate bridge
>+if [ $# -eq 7 ] ;then
>+	SVCNAME=$1
>+	IFACE=$2
>+	VPNDIR=${VPNDIR:-/etc/openvpn}
>+	VPN=${SVCNAME#*.}
>+	VPNCONF="${VPNDIR}/${VPN}.conf"
>+	. /etc/conf.d/$SVCNAME
>+	grep -q "^[[:space:]]*dev[[:space:]].*${IFACE}" "${VPNCONF}"  || exit 1
>+	if [ -e /sys/class/net/${IFACE} -a -e /sys/class/net/"${BRIDGE}"/bridge ]; then
>+		[ -d /sys/class/net/"${IFACE}"/brport ] && /sbin/brctl delif ${BRIDGE} ${IFACE}
>+		/sbin/brctl addif ${BRIDGE} ${IFACE}
>+	fi
>+fi
>+#start original
> # Below section is Gentoo specific
> # Quick summary - our init scripts are re-entrant and set the SVCNAME env var
> # as we could have >1 openvpn service
>--- /etc/openvpn/down.sh.orig	2010-11-24 03:25:45.000000000 +0200
>+++ /etc/openvpn/down.sh	2011-01-08 01:32:01.000000000 +0200
>@@ -2,7 +2,23 @@
> # Copyright (c) 2006-2007 Gentoo Foundation
> # Distributed under the terms of the GNU General Public License v2
> # Contributed by Roy Marples (uberlord@gentoo.org)
>-
>+set -x
>+if [ $# -eq 7 ] ;then
>+	SVCNAME=$1
>+	IFACE=$2
>+	VPNDIR=${VPNDIR:-/etc/openvpn}
>+	VPN=${SVCNAME#*.}
>+	VPNCONF="${VPNDIR}/${VPN}.conf"
>+	. /etc/conf.d/$SVCNAME
>+	grep -q "^[[:space:]]*dev[[:space:]].*${IFACE}" "${VPNCONF}"  || exit 1
>+	IFACE_BRIDGE=$(ls -l /sys/class/net/${IFACE}/brport/bridge 2>/dev/null|sed 's/.*\///' )
>+	if [ ${IFACE_BRIDGE} -eq ${BRIDGE} ] ; then
>+		/sbin/brctl delif ${BRIDGE} ${IFACE}
>+		ifconfig ${IFACE} 0.0.0.0
>+	fi
>+fi
>+	
>+# start original
> # If we have a service specific script, run this now
> if [ -x /etc/openvpn/"${SVCNAME}"-down.sh ] ; then
> 	/etc/openvpn/"${SVCNAME}"-down.sh "$@"

Actions: View

Attachments on bug 309385: 255269 | 255273 | 255275 | 259305 | 259416