Automatically enable ifconfig-exec/route-exec behaviour for afunix tun/tap

Change-Id: I0a2957699757665d70514ba7cafe833443018ad6 Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <20240924131437.22294-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/search?l=mid&q=20240924131437.22294-1-gert@greenie.muc.de Signed-off-by: Gert Doering <gert@greenie.muc.de>
2026-06-11 09:50:26 -04:00 · 2024-09-24 15:14:37 +02:00 · 2024-09-24 15:14:37 +02:00 · 5c4a0b71ab
commit 5c4a0b71ab
parent 193b4f9dd0
2 changed files with 30 additions and 5 deletions
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@ -1679,6 +1679,18 @@ initialization_sequence_completed(struct context *c, const unsigned int flags)
 #endif /* ifdef ENABLE_MANAGEMENT */
 }

+/**
+ * Determine if external route commands should be executed based on
+ * configured options and backend driver
+ */
+static bool
+route_noexec_enabled(const struct options *o, const struct tuntap *tt)
+{
+    return o->route_noexec
+           || (tt && tt->backend_driver == DRIVER_AFUNIX)
+           || (tt && tt->backend_driver == DRIVER_NULL);
+}
+
 /*
 * Possibly add routes and/or call route-up script
 * based on options.
@ -1693,7 +1705,7 @@ do_route(const struct options *options,
         openvpn_net_ctx_t *ctx)
 {
    bool ret = true;
-    if (!options->route_noexec && ( route_list || route_ipv6_list ) )
+    if (!route_noexec_enabled(options, tt) && ( route_list || route_ipv6_list ) )
    {
        ret = add_routes(route_list, route_ipv6_list, tt, ROUTE_OPTION_FLAGS(options),
                         es, ctx);
@ -1858,6 +1870,19 @@ del_wfp_block(struct context *c, unsigned long adapter_index)
 #endif
 }

+/**
+ * Determines if ifconfig execution should be disabled because of a
+ * @param c
+ * @return
+ */
+static bool
+ifconfig_noexec_enabled(const struct context *c)
+{
+    return c->options.ifconfig_noexec
+           || (c->c1.tuntap && c->c1.tuntap->backend_driver == DRIVER_AFUNIX)
+           || (c->c1.tuntap && c->c1.tuntap->backend_driver == DRIVER_NULL);
+}
+
 static void
 open_tun_backend(struct context *c)
 {
@ -1937,7 +1962,7 @@ do_open_tun(struct context *c, int *error_flags)
        }

        /* do ifconfig */
-        if (!c->options.ifconfig_noexec
+        if (!ifconfig_noexec_enabled(c)
            && ifconfig_order(c->c1.tuntap) == IFCONFIG_BEFORE_TUN_OPEN)
        {
            /* guess actual tun/tap unit number that will be returned
@ -1978,7 +2003,7 @@ do_open_tun(struct context *c, int *error_flags)
        }

        /* do ifconfig */
-        if (!c->options.ifconfig_noexec
+        if (!ifconfig_noexec_enabled(c)
            && ifconfig_order(c->c1.tuntap) == IFCONFIG_AFTER_TUN_OPEN)
        {
            do_ifconfig(c->c1.tuntap, c->c1.tuntap->actual_name,
@ -2061,7 +2086,7 @@ do_close_tun_simple(struct context *c)

    if (c->c1.tuntap)
    {
-        if (!c->options.ifconfig_noexec)
+        if (!ifconfig_noexec_enabled(c))
        {
            undo_ifconfig(c->c1.tuntap, &c->net_ctx);
        }
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@ -1744,7 +1744,7 @@ undo_ifconfig_ipv6(struct tuntap *tt, openvpn_net_ctx_t *ctx)
 void
 undo_ifconfig(struct tuntap *tt, openvpn_net_ctx_t *ctx)
 {
-    if (tt->backend_driver != DRIVER_NULL)
+    if (tt->backend_driver != DRIVER_NULL && tt->backend_driver != DRIVER_AFUNIX)
    {
        if (tt->did_ifconfig_setup)
        {