Limit netmask on Windows TAP setup to 255.255.255.254

This makes a start on the problems with point-to-point configurations, discussed in openconnect/openconnect-gui#132 Some work is required in vpnc-script-win.js to make the routing do anything useful, but at least it's not now *impossible* to persuade it to pass any traffic. Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
sailfishos-mirror · Sep 23, 2016 · 16fc31a · 16fc31a
1 parent b40bb63
commit 16fc31a
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/tun-win32.c b/tun-win32.c
@@ -195,7 +195,12 @@ static intptr_t open_tun(struct openconnect_info *vpninfo, char *guid, char *nam
 		     data[0], data[1], data[2]);
 
 	data[0] = inet_addr(vpninfo->ip_info.addr);
-	data[2] = inet_addr(vpninfo->ip_info.netmask);
+	/* Always ensure the netmask is no smaller than /31. This isn't a
+	 * sensible Ethernet netmask, but at least as far as the TAP-Windows
+	 * driver is concerned, it does allow for the existence of *one* other
+	 * host for which ARP replies can be faked, and which we can use as
+	 * the "router". */
+	data[2] = inet_addr(vpninfo->ip_info.netmask) & 0xfeffffff;
 	data[1] = data[0] & data[2];
 
 	if (!DeviceIoControl(tun_fh, TAP_IOCTL_CONFIG_TUN,