summaryrefslogtreecommitdiff
path: root/src/openvpn/pool.c
diff options
context:
space:
mode:
authorBernhard Schmidt <berni@debian.org>2020-09-30 21:10:56 +0200
committerBernhard Schmidt <berni@debian.org>2020-09-30 21:10:56 +0200
commitc3a748571ed19f9259b2e63cd7ba56abdb1b7747 (patch)
treeef419b35f5a1632a8b0c3ab6faa773eed9c6788a /src/openvpn/pool.c
parentb97ad09a3b8c0017db0a677667a7215f1a98cccf (diff)
parent5246174f27866c0e9e22844d998f3c97cac54050 (diff)
Update upstream source from tag 'upstream/2.5_rc2'
Update to upstream version '2.5~rc2' with Debian dir 0cd2307abadc06f5064e4d5e7c23689a67b720c5
Diffstat (limited to 'src/openvpn/pool.c')
-rw-r--r--src/openvpn/pool.c18
1 files changed, 18 insertions, 0 deletions
diff --git a/src/openvpn/pool.c b/src/openvpn/pool.c
index 1f74ac5..ece0784 100644
--- a/src/openvpn/pool.c
+++ b/src/openvpn/pool.c
@@ -224,6 +224,24 @@ ifconfig_pool_init(const bool ipv4_pool, enum pool_type type, in_addr_t start,
}
pool->ipv6.base = ipv6_base;
+
+ /* if a pool starts at a base address that has all-zero in the
+ * host part, that first IPv6 address must not be assigned to
+ * clients because it is not usable (subnet anycast address).
+ * Start with 1, then.
+ *
+ * NOTE: this will also (mis-)fire for something like
+ * ifconfig-ipv6-pool 2001:db8:0:1:1234::0/64
+ * as we only check the rightmost 32 bits of the host part. So be it.
+ */
+ if (base == 0)
+ {
+ msg(D_IFCONFIG_POOL, "IFCONFIG POOL IPv6: incrementing pool start "
+ "to avoid ::0 assignment");
+ base++;
+ pool->ipv6.base.s6_addr[15]++;
+ }
+
pool_ipv6_size = ipv6_netbits >= 112
? (1 << (128 - ipv6_netbits)) - base
: IFCONFIG_POOL_MAX;