New upstream version 2.5~rc2upstream/2.5_rc2

author: Bernhard Schmidt <berni@debian.org> 2020-09-30 21:10:50 +0200
committer: Bernhard Schmidt <berni@debian.org> 2020-09-30 21:10:50 +0200
commit: 5246174f27866c0e9e22844d998f3c97cac54050 (patch)
tree: 7cdcbac7dfb50f319c053b2f35325c5dc368bdd8 /src/openvpn/pool.c
parent: 57f0b7b331088e489e93ae89ee0aed98381d8806 (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/src/openvpn/pool.c b/src/openvpn/pool.c
index 1f74ac5..ece0784 100644
--- a/src/openvpn/pool.c
+++ b/src/openvpn/pool.c
@@ -224,6 +224,24 @@ ifconfig_pool_init(const bool ipv4_pool, enum pool_type type, in_addr_t start,
         }
 
         pool->ipv6.base = ipv6_base;
+
+        /* if a pool starts at a base address that has all-zero in the
+         * host part, that first IPv6 address must not be assigned to
+         * clients because it is not usable (subnet anycast address).
+         * Start with 1, then.
+         *
+         * NOTE: this will also (mis-)fire for something like
+         *    ifconfig-ipv6-pool 2001:db8:0:1:1234::0/64
+         * as we only check the rightmost 32 bits of the host part.  So be it.
+         */
+        if (base == 0)
+        {
+            msg(D_IFCONFIG_POOL, "IFCONFIG POOL IPv6: incrementing pool start "
+                "to avoid ::0 assignment");
+            base++;
+            pool->ipv6.base.s6_addr[15]++;
+        }
+
         pool_ipv6_size = ipv6_netbits >= 112
                           ? (1 << (128 - ipv6_netbits)) - base
                           : IFCONFIG_POOL_MAX;
author	Bernhard Schmidt <berni@debian.org>	2020-09-30 21:10:50 +0200
committer	Bernhard Schmidt <berni@debian.org>	2020-09-30 21:10:50 +0200
commit	5246174f27866c0e9e22844d998f3c97cac54050 (patch)
tree	7cdcbac7dfb50f319c053b2f35325c5dc368bdd8 /src/openvpn/pool.c
parent	57f0b7b331088e489e93ae89ee0aed98381d8806 (diff)