[PATCH -ocserv 4/5] Use distinct remote and local IPs when explicit_ipv[46] is specified

Kevin Cernekee cernekee at gmail.com
Sun Feb 8 17:26:39 PST 2015 

Currently the code sets the local interface IP to the same value as the
P-t-P IP:

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:192.168.63.1  P-t-P:192.168.63.1  Mask:255.255.255.0
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1341  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

This doesn't seem to get things routed correctly.  e.g. pinging 192.168.63.1
from the ocserv gateway just loops traffic back to the local machine instead
of pinging the client.

So instead we'll set LIP = RIP + 1.  This isn't terribly intuitive (an
administrator might try to number consecutive users 192.168.1.1, 192.168.1.2,
192.168.1.3, ...) but it's better than the current situation.  Maybe at some
point, fixed IPs should also make use of the hash table.
---
 src/ip-lease.c | 24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/src/ip-lease.c b/src/ip-lease.c
index e544ef6..5e350f3 100644
--- a/src/ip-lease.c
+++ b/src/ip-lease.c
@@ -159,13 +159,17 @@ int get_ipv4_lease(main_server_st* s, struct proc_st* proc)
 
         	((struct sockaddr_in*)&network)->sin_family = AF_INET;
         	((struct sockaddr_in*)&network)->sin_port = 0;
-		memcpy(&proc->ipv4->lip, &network, sizeof(struct sockaddr_in));
-       		proc->ipv4->lip_len = sizeof(struct sockaddr_in);
-	
 		memcpy(&proc->ipv4->rip, &network, sizeof(struct sockaddr_in));
        		proc->ipv4->rip_len = sizeof(struct sockaddr_in);
 	
-       		return 0;
+		/* LIP = RIP + 1 */
+		memcpy(&tmp, &proc->ipv4->rip, sizeof(struct sockaddr_in));
+		bignum_add(SA_IN_U8_P(&tmp), sizeof(struct in_addr), 1);
+
+		memcpy(&proc->ipv4->lip, &tmp, sizeof(struct sockaddr_in));
+		proc->ipv4->lip_len = sizeof(struct sockaddr_in);
+
+		return 0;
 	}
 
 	/* Our IP accounting */
@@ -319,13 +323,17 @@ int get_ipv6_lease(main_server_st* s, struct proc_st* proc)
 
         	((struct sockaddr_in6*)&network)->sin6_family = AF_INET6;
         	((struct sockaddr_in6*)&network)->sin6_port = 0;
-		memcpy(&proc->ipv6->lip, &network, sizeof(struct sockaddr_in6));
-       		proc->ipv6->lip_len = sizeof(struct sockaddr_in6);
-	
 		memcpy(&proc->ipv6->rip, &network, sizeof(struct sockaddr_in6));
        		proc->ipv6->rip_len = sizeof(struct sockaddr_in6);
 	
-       		return 0;
+		/* LIP = RIP + 1 */
+		memcpy(&tmp, &proc->ipv6->rip, sizeof(struct sockaddr_in6));
+		bignum_add(SA_IN6_U8_P(&tmp), sizeof(struct in6_addr), 1);
+
+		memcpy(&proc->ipv6->lip, &tmp, sizeof(struct sockaddr_in6));
+		proc->ipv6->lip_len = sizeof(struct sockaddr_in6);
+
+		return 0;
 	}
 
 	if (proc->config.ipv6_network && proc->config.ipv6_prefix) {
-- 
1.9.1

More information about the openconnect-devel mailing list