Opened 11 years ago

Closed 11 years ago

#216 closed Bug / Defect (fixed)

tap server broken

Reported by: Gert Döring Owned by: David Sommerseth
Priority: blocker Milestone: beta 2.3
Component: Generic / unclassified Version: OpenVPN git master branch (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc: Gert Döring


tap server is completely broken as far as "address learning on the server side" goes.

Instead of learning MAC + forwarding packet, all it does is print this error:

RSat Jun 30 19:35:37 2012 us=148584 cron2-gentoo-i386/ MULTI: bad source address from client [f2:5e:ad:e0:05:d6], packet dropped

(which is the correct MAC source address for this client). This has been observed "in the wild", and reproduced on a fresh gentoo install (cron2) and on freebsd 9.0 (ecrist/phillip).

The same configuration works perfectly well in 2.2 and in what phillip installed from "ports" (2.x-testing-3c19fcc2099d), but fails in "current as of today" (2.3_alpha2).

Change History (3)

comment:1 Changed 11 years ago by Gert Döring

Cc: David Sommerseth added

gert@gentoo $ git bisect bad
4029971240b6274b9b30e76ff74c7f689d7d9750 is the first bad commit
commit 4029971240b6274b9b30e76ff74c7f689d7d9750
Author: Alon Bar-Lev <alon.barlev@…>
Date: Fri Apr 27 15:09:15 2012 +0300

build: use stdbool.h if available

comment:2 Changed 11 years ago by Gert Döring

Cc: Gert Döring added; David Sommerseth removed
Owner: set to David Sommerseth
Status: newassigned

trivial and "obviously correct" fix sent to list...

diff --git a/src/openvpn/mroute.c b/src/openvpn/mroute.c
index aecb702..850e336 100644
--- a/src/openvpn/mroute.c
+++ b/src/openvpn/mroute.c
@@ -52,7 +52,7 @@ mroute_addr_init (struct mroute_addr *addr)

static inline bool
is_mac_mcast_addr (const uint8_t *mac)

  • return (bool) mac[0] & 1;

+ return (bool) (mac[0] & 1);


static inline bool

... ticket to dazo: yours to ack, commit, push, etc.

comment:3 Changed 11 years ago by David Sommerseth

Resolution: fixed
Status: assignedclosed

Fix applied to master.

commit 8df08de6f84d224c6a79ab6c74ba73c33a47735d
Author: Gert Doering <>
Date:   Sat Jun 30 22:50:43 2012 +0200

    Repair "tap server" mode brokenness caused by <stdbool.h> fallout
    Operator/Cast precedence wrong: casting mac[0] to (bool) first - giving
    "1" for "any mac address that does not start with 00:" - and only then
    bit-anding with "1" - thus always returning "true".  Which, in turn,
    leads to "reject all incoming packets with 'bad source address'".
    OpenVPN bug #216.
    Signed-off-by: Gert Doering <>
    Acked-by: Fabian Knittel <>
    Signed-off-by: David Sommerseth <>
Note: See TracTickets for help on using tickets.