summaryrefslogtreecommitdiff
path: root/openvpn
diff options
context:
space:
mode:
authorArne Schwabe <arne@rfc2549.org>2012-09-13 01:42:20 +0200
committerArne Schwabe <arne@rfc2549.org>2012-09-13 01:42:20 +0200
commit93213caa1c1456836dc0f9d2ade45eed1a3d4e4a (patch)
tree2e5dfc3557e2cd6d2093db9b30839e1fd93e87e6 /openvpn
parenteec4659b127c69a5005be439efad148e98648c69 (diff)
Add support for persist-tun option (closes issue #83)
Diffstat (limited to 'openvpn')
-rw-r--r--openvpn/src/openvpn/init.c25
-rw-r--r--openvpn/src/openvpn/socket.c2
2 files changed, 18 insertions, 9 deletions
diff --git a/openvpn/src/openvpn/init.c b/openvpn/src/openvpn/init.c
index cd5ebd3d..1f06eaa5 100644
--- a/openvpn/src/openvpn/init.c
+++ b/openvpn/src/openvpn/init.c
@@ -1402,8 +1402,19 @@ do_open_tun (struct context *c)
c->c2.ipv4_tun = (!c->options.tun_ipv6
&& is_dev_type (c->options.dev, c->options.dev_type, "tun"));
+#ifndef TARGET_ANDROID
if (!c->c1.tuntap)
{
+#endif
+
+#ifdef TARGET_ANDROID
+ /* If we emulate persist-tun on android we still have to open a new tun and
+ then close the old */
+ int oldtunfd=-1;
+ if(c->c1.tuntap)
+ oldtunfd = c->c1.tuntap->fd;
+#endif
+
/* initialize (but do not open) tun/tap object */
do_init_tun (c);
@@ -1439,7 +1450,10 @@ do_open_tun (struct context *c)
/* open the tun device */
open_tun (c->options.dev, c->options.dev_type, c->options.dev_node,
c->c1.tuntap);
-
+#ifdef TARGET_ANDROID
+ if(oldtunfd>=0)
+ close(oldtunfd);
+#endif
/* set the hardware address */
if (c->options.lladdr)
set_lladdr(c->c1.tuntap->actual_name, c->options.lladdr, c->c2.es);
@@ -1481,6 +1495,7 @@ do_open_tun (struct context *c)
ret = true;
static_context = c;
+#ifndef TARGET_ANDROID
}
else
{
@@ -1503,6 +1518,7 @@ do_open_tun (struct context *c)
"up",
c->c2.es);
}
+#endif
gc_free (&gc);
return ret;
}
@@ -2488,13 +2504,6 @@ do_option_warnings (struct context *c)
msg (M_WARN, "NOTE: --connect-timeout option is not supported on this OS");
#endif
- if (script_security >= SSEC_SCRIPTS)
- msg (M_WARN, "NOTE: the current --script-security setting may allow this configuration to call user-defined scripts");
- else if (script_security >= SSEC_PW_ENV)
- msg (M_WARN, "WARNING: the current --script-security setting may allow passwords to be passed to scripts via environmental variables");
- else
- msg (M_WARN, "NOTE: " PACKAGE_NAME " 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables");
-
if (script_method == SM_SYSTEM)
msg (M_WARN, "NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion");
}
diff --git a/openvpn/src/openvpn/socket.c b/openvpn/src/openvpn/socket.c
index bb973bc9..1e38e82c 100644
--- a/openvpn/src/openvpn/socket.c
+++ b/openvpn/src/openvpn/socket.c
@@ -730,9 +730,9 @@ create_socket (struct link_socket *sock)
struct user_pass up;
strcpy(up.username ,__func__);
management->connection.fdtosend = sock->sd;
+ msg(M_DEBUG, "Protecting socket fd %d", sock->sd);
management_query_user_pass(management, &up , "PROTECTFD", GET_USER_PASS_NEED_OK,(void*) 0);
-
#endif
}