diff mbox series

[Openvpn-devel,v2] Route: remove incorrect routes on exit

Message ID 20240221111814.942965-1-frank@lichtenheld.com
State Accepted
Headers show
Series [Openvpn-devel,v2] Route: remove incorrect routes on exit | expand

Commit Message

Frank Lichtenheld Feb. 21, 2024, 11:18 a.m. UTC 
From: Gianmarco De Gregori <gianmarco@mandelbit.com>

Implemented a safeguard to verify the returned value
from add_route3() when the default gateway is not a local
remote host.

Prior to this implementation, RT_DID_LOCAL flag was
erroneously set even in case of add_route3() failure.
This problem typically occurs when there's no default
route and the --redirect-gateway def1 option is specified,
and in case of reconnection makes it impossible for the client
to reobtain the route to the server.
This fix ensures OpenVPN accurately deletes the appropriate
route on exit by properly handling add_route3() return value.

Fixes: Trac #1457
Change-Id: I8a67b82eb4afdc8d82c5a879c18457b41e77cbe7
Signed-off-by: Gianmarco De Gregori <gianmarco@mandelbit.com>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/522
This mail reflects revision 2 of this Change.
Acked-by according to Gerrit (reflected above):
Frank Lichtenheld <frank@lichtenheld.com>

Comments

Gert Doering Sept. 17, 2024, 10:40 a.m. UTC | #1 
This is a good find, and a somewhat stupid oversight - even if not easy
to trigger.  What you need so this has an effect is a pre-existing host
route to the VPN server and then a "route add" fail (easy to trigger on
the BSDs, EEXIST because "only 1 route can exist") - and because we do not
remember, we try "route delete" later on and delete the *other* route,
messing up our routing table.  Which is something t_client even checks
for ("is 'route print' the same as before?") but you need a host route
to begin with - added t_client tests, breaks without the patch, works
with the patch.  Thanks :-)

I've changed the commit message slightly ("Trac: #1457" is the standard
format).

Your patch has been applied to the master and release/2.6 branch (bugfix).

commit 14d2db6cd41fb6414992869caf109972d7a8275e (master)
commit 4ad3aa5a2b6838650ca98fd92994eab7108c1e8b (release/2.6)
Author: Gianmarco De Gregori
Date:   Wed Feb 21 12:18:14 2024 +0100

     Route: remove incorrect routes on exit

     Signed-off-by: Gianmarco De Gregori <gianmarco@mandelbit.com>
     Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
     Message-Id: <20240221111814.942965-1-frank@lichtenheld.com>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28290.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering
diff mbox series

Patch

diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index 6c027d9..6ab4392 100644
--- a/src/openvpn/route.c
+++ b/src/openvpn/route.c
@@ -1055,7 +1055,10 @@ 
                     ret = add_route3(rl->spec.remote_host, IPV4_NETMASK_HOST,
                                      rl->rgi.gateway.addr, tt, flags | ROUTE_REF_GW,
                                      &rl->rgi, es, ctx);
-                    rl->iflags |= RL_DID_LOCAL;
+                    if (ret)
+                    {
+                        rl->iflags |= RL_DID_LOCAL;
+                    }
                 }
                 else
                 {