From: Daniel Lenski Date: Tue, 8 Dec 2020 06:25:31 +0000 (-0800) Subject: cleanup whitespace and clarify comments X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=43cfec4cc10282d4c4f8c816d8da2c571515f84a;p=users%2Fdwmw2%2Fvpnc-scripts.git cleanup whitespace and clarify comments --- diff --git a/vpnc-script b/vpnc-script index 596ab73..ab69eed 100755 --- a/vpnc-script +++ b/vpnc-script @@ -22,28 +22,28 @@ # # List of parameters passed through environment #* reason -- why this script was called, one of: pre-init connect disconnect reconnect attempt-reconnect -#* VPNGATEWAY -- vpn gateway address (always present) +#* VPNGATEWAY -- VPN gateway address (always present) #* TUNDEV -- tunnel device (always present) #* INTERNAL_IP4_ADDRESS -- address (always present) -#* INTERNAL_IP4_MTU -- mtu (often unset) +#* INTERNAL_IP4_MTU -- MTU (often unset) #* INTERNAL_IP4_NETMASK -- netmask (often unset) #* INTERNAL_IP4_NETMASKLEN -- netmask length (often unset) #* INTERNAL_IP4_NETADDR -- address of network (only present if netmask is set) -#* INTERNAL_IP4_DNS -- list of dns servers -#* INTERNAL_IP4_NBNS -- list of wins servers +#* INTERNAL_IP4_DNS -- list of DNS servers +#* INTERNAL_IP4_NBNS -- list of WINS servers #* INTERNAL_IP6_ADDRESS -- IPv6 address #* INTERNAL_IP6_NETMASK -- IPv6 netmask #* INTERNAL_IP6_DNS -- IPv6 list of dns servers #* CISCO_DEF_DOMAIN -- default domain name #* CISCO_BANNER -- banner from server -#* CISCO_SPLIT_DNS -- dns search domain list +#* CISCO_SPLIT_DNS -- DNS search domain list #* CISCO_SPLIT_INC -- number of networks in split-network-list #* CISCO_SPLIT_INC_%d_ADDR -- network address #* CISCO_SPLIT_INC_%d_MASK -- subnet mask (for example: 255.255.255.0) #* CISCO_SPLIT_INC_%d_MASKLEN -- subnet masklen (for example: 24) -#* CISCO_SPLIT_INC_%d_PROTOCOL -- protocol (often just 0) -#* CISCO_SPLIT_INC_%d_SPORT -- source port (often just 0) -#* CISCO_SPLIT_INC_%d_DPORT -- destination port (often just 0) +#* CISCO_SPLIT_INC_%d_PROTOCOL -- protocol (often just 0); unused +#* CISCO_SPLIT_INC_%d_SPORT -- source port (often just 0); unused +#* CISCO_SPLIT_INC_%d_DPORT -- destination port (often just 0); unused #* CISCO_IPV6_SPLIT_INC -- number of networks in IPv6 split-network-list #* CISCO_IPV6_SPLIT_INC_%d_ADDR -- IPv6 network address #* CISCO_IPV6_SPLIT_INC_$%d_MASKLEN -- IPv6 subnet masklen @@ -70,7 +70,7 @@ # Section B: Split DNS handling # 1) Maybe dnsmasq can do something like that -# 2) Parse dns packets going out via tunnel and redirect them to original dns-server +# 2) Parse DNS packets going out via tunnel and redirect them to original DNS-server # ======== For test logging (CI/CD will uncomment automatically) ========= @@ -189,9 +189,9 @@ run_hooks() { HOOK="$1" if [ -d ${HOOKS_DIR}/${HOOK}.d ]; then - for script in ${HOOKS_DIR}/${HOOK}.d/* ; do - [ -f $script ] && . $script - done + for script in ${HOOKS_DIR}/${HOOK}.d/* ; do + [ -f $script ] && . $script + done fi } @@ -226,20 +226,20 @@ do_ifconfig() { # If the netmask is provided, it contains the address _and_ netmask if [ -n "$INTERNAL_IP6_ADDRESS" ] && [ -z "$INTERNAL_IP6_NETMASK" ]; then - INTERNAL_IP6_NETMASK="$INTERNAL_IP6_ADDRESS/128" + INTERNAL_IP6_NETMASK="$INTERNAL_IP6_ADDRESS/128" fi if [ -n "$INTERNAL_IP6_NETMASK" ]; then - if [ -n "$IPROUTE" ]; then - $IPROUTE -6 addr add $INTERNAL_IP6_NETMASK dev $TUNDEV - else - # Unlike for Legacy IP, we don't specify the dest_address - # here on *BSD. OpenBSD for one will refuse to accept - # incoming packets to that address if we do. - # OpenVPN does the same (gives dest_address for Legacy IP - # but not for IPv6). - # Only Solaris needs it; hence $ifconfig_syntax_ptpv6 - ifconfig "$TUNDEV" $ifconfig_syntax_add_inet6 $INTERNAL_IP6_NETMASK $ifconfig_syntax_ptpv6 mtu $MTU up - fi + if [ -n "$IPROUTE" ]; then + $IPROUTE -6 addr add $INTERNAL_IP6_NETMASK dev $TUNDEV + else + # Unlike for Legacy IP, we don't specify the dest_address + # here on *BSD. OpenBSD for one will refuse to accept + # incoming packets to that address if we do. + # OpenVPN does the same (gives dest_address for Legacy IP + # but not for IPv6). + # Only Solaris needs it; hence $ifconfig_syntax_ptpv6 + ifconfig "$TUNDEV" $ifconfig_syntax_add_inet6 $INTERNAL_IP6_NETMASK $ifconfig_syntax_ptpv6 mtu $MTU up + fi fi } @@ -267,7 +267,7 @@ if [ -n "$IPROUTE" ]; then $IPROUTE route flush cache 2>/dev/null } - set_vpngateway_route_attempt_reconnect() { + set_vpngateway_route_attempt_reconnect() { # We'll attempt to add a host route to the gateway through every route that matches # its address (excluding those through TUNDEV because the goal is to avoid loopback). @@ -283,7 +283,7 @@ if [ -n "$IPROUTE" ]; then $IPROUTE $FAMILY route add `echo "$VPNGATEWAY $LINE" | fix_ip_get_output` 2>/dev/null done $IPROUTE $FAMILY route flush cache 2>/dev/null - } + } del_vpngateway_route() { $IPROUTE route $route_syntax_del "$VPNGATEWAY" @@ -327,7 +327,7 @@ if [ -n "$IPROUTE" ]; then del_exclude_route() { # FIXME: In theory, this could delete existing routes which are - # identical to split-exclude routes specificed by VPNGATEWAY + # identical to split-exclude routes specified by VPNGATEWAY NETWORK="$1" NETMASK="$2" NETMASKLEN="$3" @@ -408,10 +408,10 @@ if [ -n "$IPROUTE" ]; then } else # use route command get_default_gw() { - # isn't -n supposed to give --numeric output? - # apperently not... - # Get rid of lines containing IPv6 addresses (':') - # Get rid of lines for link-local routes (https://superuser.com/a/1067742) + # Intended behavior, starting with `netstat -r -n` output: + # - keep lines starting with 'default' or '0.0.0.0', but exclude bogus routes '0.0.0.0/nn' where nn != 0 + # - remove lines containing IPv6 addresses (':') + # - remove lines for link-local routes (https://superuser.com/a/1067742) netstat -r -n | awk '/:/ { next; } /link\#/ { next; } /^(default|0\.0\.0\.0([[:space:]]|\/0))/ { print $2; exit; }' } @@ -430,12 +430,12 @@ else # use route command esac } - set_vpngateway_route_attempt_reconnect() { + set_vpngateway_route_attempt_reconnect() { case "$VPNGATEWAY" in *:*) route add $route_syntax_inet6_host "$VPNGATEWAY" $route_syntax_gw "`get_ipv6_default_gw_excl_tunnel`";; *) route add -host "$VPNGATEWAY" $route_syntax_gw "`get_default_gw_excl_tunnel`";; esac - } + } del_vpngateway_route() { case "$VPNGATEWAY" in @@ -508,8 +508,10 @@ else # use route command } get_ipv6_default_gw() { - # isn't -n supposed to give --numeric output? - # apperently not... + # Intended behavior, starting with `netstat -r -n` IPv6 output: + # - keep lines starting with 'default' or '::' + # - append %$interface to link-local routes (fe80::/10) + # - remove lines for loopback interface (lo) # FIXME: is there a better way to exclude loopback routes than filtering interface /^lo/? netstat -r -n $netstat_syntax_ipv6 | awk '/^(default|::\/0)/ { if ($NF!~/^lo/) { print ($2~/^fe[89ab]/ ? $2"%"$NF : $2); } }' } @@ -1153,7 +1155,7 @@ do_disconnect() { } do_attempt_reconnect() { - set_vpngateway_route_attempt_reconnect + set_vpngateway_route_attempt_reconnect } #### Main