Browse code
Add --route-pre-down/OPENVPN_PLUGIN_ROUTE_PREDOWN script/plug-in hook
This patchs adds a script/plug-in hook which is called right before the
network routes are taken down. This gives external processes a
possibility to tear down communication over the VPN before the VPN
disappears.
One use case can be to mount a networked file system over the VPN via
--route-up. And then to unmount this file system via --route-pre-down
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
David Sommerseth authored on 2012/01/24 20:32:46Showing 5 changed files
| ... | ... |
@@ -1583,8 +1583,25 @@ do_close_tun (struct context *c, bool force) |
| 1583 | 1583 |
|
| 1584 | 1584 |
/* delete any routes we added */ |
| 1585 | 1585 |
if (c->c1.route_list || c->c1.route_ipv6_list ) |
| 1586 |
- delete_routes (c->c1.route_list, c->c1.route_ipv6_list, |
|
| 1587 |
- c->c1.tuntap, ROUTE_OPTION_FLAGS (&c->options), c->c2.es); |
|
| 1586 |
+ {
|
|
| 1587 |
+ run_up_down (c->options.route_predown_script, |
|
| 1588 |
+ c->plugins, |
|
| 1589 |
+ OPENVPN_PLUGIN_ROUTE_PREDOWN, |
|
| 1590 |
+ tuntap_actual, |
|
| 1591 |
+ NULL, |
|
| 1592 |
+ TUN_MTU_SIZE (&c->c2.frame), |
|
| 1593 |
+ EXPANDED_SIZE (&c->c2.frame), |
|
| 1594 |
+ print_in_addr_t (local, IA_EMPTY_IF_UNDEF, &gc), |
|
| 1595 |
+ print_in_addr_t (remote_netmask, IA_EMPTY_IF_UNDEF, &gc), |
|
| 1596 |
+ "init", |
|
| 1597 |
+ signal_description (c->sig->signal_received, |
|
| 1598 |
+ c->sig->signal_text), |
|
| 1599 |
+ "route-pre-down", |
|
| 1600 |
+ c->c2.es); |
|
| 1601 |
+ |
|
| 1602 |
+ delete_routes (c->c1.route_list, c->c1.route_ipv6_list, |
|
| 1603 |
+ c->c1.tuntap, ROUTE_OPTION_FLAGS (&c->options), c->c2.es); |
|
| 1604 |
+ } |
|
| 1588 | 1605 |
|
| 1589 | 1606 |
/* actually close tun/tap device based on --down-pre flag */ |
| 1590 | 1607 |
if (!c->options.down_pre) |
| ... | ... |
@@ -108,7 +108,8 @@ |
| 108 | 108 |
#define OPENVPN_PLUGIN_CLIENT_CONNECT_V2 9 |
| 109 | 109 |
#define OPENVPN_PLUGIN_TLS_FINAL 10 |
| 110 | 110 |
#define OPENVPN_PLUGIN_ENABLE_PF 11 |
| 111 |
-#define OPENVPN_PLUGIN_N 12 |
|
| 111 |
+#define OPENVPN_PLUGIN_ROUTE_PREDOWN 12 |
|
| 112 |
+#define OPENVPN_PLUGIN_N 13 |
|
| 112 | 113 |
|
| 113 | 114 |
/* |
| 114 | 115 |
* Build a mask out of a set of plug-in types. |
| ... | ... |
@@ -5194,6 +5194,10 @@ as defined by the |
| 5194 | 5194 |
option. |
| 5195 | 5195 |
.\"********************************************************* |
| 5196 | 5196 |
.TP |
| 5197 |
+.B \-\-route-pre-down |
|
| 5198 |
+Executed right before the routes are removed. |
|
| 5199 |
+.\"********************************************************* |
|
| 5200 |
+.TP |
|
| 5197 | 5201 |
.B \-\-client-disconnect |
| 5198 | 5202 |
Executed in |
| 5199 | 5203 |
.B \-\-mode server |
| ... | ... |
@@ -216,6 +216,7 @@ static const char usage_message[] = |
| 216 | 216 |
" be added immediately after tun/tap open. On Windows, wait\n" |
| 217 | 217 |
" up to w seconds for TUN/TAP adapter to come up.\n" |
| 218 | 218 |
"--route-up cmd : Execute shell cmd after routes are added.\n" |
| 219 |
+ "--route-pre-down cmd : Execute shell cmd before routes are removed.\n" |
|
| 219 | 220 |
"--route-noexec : Don't add routes automatically. Instead pass routes to\n" |
| 220 | 221 |
" --route-up script using environmental variables.\n" |
| 221 | 222 |
"--route-nopull : When used with --client or --pull, accept options pushed\n" |
| ... | ... |
@@ -2739,6 +2740,8 @@ options_postprocess_filechecks (struct options *options) |
| 2739 | 2739 |
R_OK|X_OK, "--ipchange script"); |
| 2740 | 2740 |
errs |= check_file_access (CHKACC_FILE, options->route_script, |
| 2741 | 2741 |
R_OK|X_OK, "--route-up script"); |
| 2742 |
+ errs |= check_file_access (CHKACC_FILE, options->route_predown_script, |
|
| 2743 |
+ R_OK|X_OK, "--route-pre-down script"); |
|
| 2742 | 2744 |
errs |= check_file_access (CHKACC_FILE, options->learn_address_script, |
| 2743 | 2745 |
R_OK|X_OK, "--learn-address script"); |
| 2744 | 2746 |
#endif /* P2MP_SERVER */ |
| ... | ... |
@@ -5217,6 +5220,14 @@ add_option (struct options *options, |
| 5217 | 5217 |
warn_multiple_script (options->route_script, "route-up"); |
| 5218 | 5218 |
options->route_script = p[1]; |
| 5219 | 5219 |
} |
| 5220 |
+ else if (streq (p[0], "route-pre-down") && p[1]) |
|
| 5221 |
+ {
|
|
| 5222 |
+ VERIFY_PERMISSION (OPT_P_SCRIPT); |
|
| 5223 |
+ if (!no_more_than_n_args (msglevel, p, 2, NM_QUOTE_HINT)) |
|
| 5224 |
+ goto err; |
|
| 5225 |
+ warn_multiple_script (options->route_predown_script, "route-pre-down"); |
|
| 5226 |
+ options->route_predown_script = p[1]; |
|
| 5227 |
+ } |
|
| 5220 | 5228 |
else if (streq (p[0], "route-noexec")) |
| 5221 | 5229 |
{
|
| 5222 | 5230 |
VERIFY_PERMISSION (OPT_P_SCRIPT); |