From patchwork Mon May 2 14:28:40 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lev Stipakov X-Patchwork-Id: 2429 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director9.mail.ord1d.rsapps.net ([172.27.255.57]) by backend41.mail.ord1d.rsapps.net with LMTP id eC3THTcqcWLlYQAAqwncew (envelope-from ) for ; Tue, 03 May 2022 09:12:23 -0400 Received: from proxy8.mail.iad3a.rsapps.net ([172.27.255.57]) by director9.mail.ord1d.rsapps.net with LMTP id gNfhNDcqcWK2HwAAalYnBA (envelope-from ) for ; Tue, 03 May 2022 09:12:23 -0400 Received: from smtp39.gate.iad3a ([172.27.255.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy8.mail.iad3a.rsapps.net with LMTPS id 4NOALzcqcWKCPwAAsBr/qg (envelope-from ) for ; Tue, 03 May 2022 09:12:23 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp39.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=gmail.com; dmarc=fail (p=none; dis=none) header.from=gmail.com X-Suspicious-Flag: YES X-Classification-ID: ab3a0ccc-cae2-11ec-bb66-525400eea4e4-1-1 Received: from [216.105.38.7] ([216.105.38.7:55286] helo=lists.sourceforge.net) by smtp39.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id EE/AC-30731-73A21726; Tue, 03 May 2022 09:12:23 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nlsJE-0008PA-Ee; Tue, 03 May 2022 13:11:19 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nlsJD-0008P4-0c for openvpn-devel@lists.sourceforge.net; Tue, 03 May 2022 13:11:17 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc: To:From:Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=m57c35oIp7wiDYJsOjy0hhFcuqlbSiNAg7zsmSvY2vw=; b=PvBYguk012GnZJkCnHdkaKZo+J /LbSFxMhP7ngPN8p8H8VY7oXoWOxlBj32mgm0u8DfPp+BMpZ1aibMeHg9qCZiM5cQdI4wRbpVx8sh gWSofbtdLd6heYkmn8XsjjcpdDUl33SVh4A/VxeEeMv//2G37lXiRiATD54K223saWeg=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=m57c35oIp7wiDYJsOjy0hhFcuqlbSiNAg7zsmSvY2vw=; b=RYD77DvxWw9x7wWRniIMXUlGUQ jzbfCSckFCHlkTO/BzoWG27SS8bmBleF0eG93HODeiSF51GaJcEz7eWT+hqFE3uBmKAGPv2P5zdA4 0JzIQpGIPRCpDiMmY17KAU3kTCdHCGNgNPILgGpQNnM+cEhIll1rdpU+7HvadIC61tWM=; Received: from mail-wm1-f53.google.com ([209.85.128.53]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.94.2) id 1nlsJ7-0007H8-Px for openvpn-devel@lists.sourceforge.net; Tue, 03 May 2022 13:11:17 +0000 Received: by mail-wm1-f53.google.com with SMTP id p189so9864124wmp.3 for ; Tue, 03 May 2022 06:11:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=m57c35oIp7wiDYJsOjy0hhFcuqlbSiNAg7zsmSvY2vw=; b=cpBkC/EOXejI5hMy2fn8JtkN7K/sHp7pG/RopHItDzEmfCmfGDUyI1Vn/R2eghRF8B ngY57AkweNtAl8oI3A/eIUx2jmbP8uwmI2zzR8eT5T8ob/P8f4YQPJf3Cry6RiI33Azo mY7dRoEGr9jkPmrsSGjrcZWk5XiJapzTWYMELEWPqE3IeVgcwirF5JpEW5c9gK1le30n pL+ddKUkthpDwn8ROhKyZMEuKX/Av2a2j7EOUZhCtLwQrkxXdLw/gztna7JQrD1GcwS1 ymiN15h2RbceL6cvj4n/wNVkiFmdYucAt3P18bp7Rsd2SXMe113OGExQ9ObowhqDlg4R 4W7Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=m57c35oIp7wiDYJsOjy0hhFcuqlbSiNAg7zsmSvY2vw=; b=EQh9fcqM0htFRSfF9ICHrVCuJjvQe8axNOuMXX30scEcpro2XISX00N6M09ZSJ+ECf 9bpqkVi/aB/kNXkLrrY+H8xz/sKsrthdP/GC9AukMIEikMHF3fZUhNyK/+UaFSQBePbH 3Zg41sFP0qgDvV5fqCW14rAbM10FVqYJxmdekHtDrWEyAEjBkJ8evbzaZT0hls8sTYrK Ep6vkZpNBlR06Fvc40RTc3pLROGc5wUZSu0eUeYL8ldXRNYbZZie8gp6msqytFs9t2i5 w3+86/tasDtDHOZ5Z288oxeYNc3w32WCt6ftiuxngofubdUWx6nCpl6K72sVeAx5fz8n AzpA== X-Gm-Message-State: AOAM5332/QEmmOB8eAXW6QHZXA5VoKlEWOTBani70RTun52FpwK4Q1od lCMglC5QS0p7guoXOGZ4K+ASkqD+0xQ= X-Google-Smtp-Source: ABdhPJxI/gkgotPfW4eyZIzX1LQa05HRG4LUS+ayLu5/jipI7ftOCuaeusAr8z3SKyslI93YHK+Oqw== X-Received: by 2002:a05:600c:4fc8:b0:394:3a0d:5858 with SMTP id o8-20020a05600c4fc800b003943a0d5858mr3318917wmq.177.1651583466686; Tue, 03 May 2022 06:11:06 -0700 (PDT) Received: from LAPTOP-4L3N7KFS.localdomain (nat1.panoulu.net. [185.38.2.1]) by smtp.gmail.com with ESMTPSA id a25-20020adfb519000000b0020c5253d920sm12137129wrd.108.2022.05.03.06.11.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 May 2022 06:11:06 -0700 (PDT) From: Lev Stipakov To: openvpn-devel@lists.sourceforge.net Date: Tue, 3 May 2022 03:28:40 +0300 Message-Id: <20220503002840.295-1-lstipakov@gmail.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Lev Stipakov We use M_ERRNO flag in logging to display error code and error message. This has been broken on Windows, where we use error code from GetLastError() and error description from strerror(). strerror() e [...] Content analysis details: (0.6 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.8 DATE_IN_PAST_12_24 Date: is 12 to 24 hours before Received: date 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [lstipakov[at]gmail.com] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.128.53 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.53 listed in wl.mailspike.net] -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain X-Headers-End: 1nlsJ7-0007H8-Px Subject: [Openvpn-devel] [PATCH v2] Fix M_ERRNO behavior on Windows X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Lev Stipakov MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Lev Stipakov We use M_ERRNO flag in logging to display error code and error message. This has been broken on Windows, where we use error code from GetLastError() and error description from strerror(). strerror() expects C runtime error code, which is quite different from last error code from WinAPI call. As a result, we got incorrect error description. The ultimate fix would be introducing another flag for WinAPI errors, like M_WINERR and use either that or M_ERRNO depends on context. However, the change would be quite intrusive and in some cases it is hard to say which one to use without looking into internals. Instead we stick to M_ERRNO and in Windows case we first try to obtain error code from GetLastError() and if it returns ERROR_SUCCESS (which is 0), we assume that we have C runtime error and use errno. To get error description we use strerror_win32() with GetLastError() and strerror() with errno. strerror_win32() uses FormatMessage() internally, which is the right way to get WinAPI error description. Acked-by: Selva Nair --- v2: - removed WSA error printing, to be implemented in a follow-up patch - added missing crt error fallback to x_check_status() and main_io_error() - fixed "network unreachable" detection src/openvpn/error.c | 34 +++++++++++++++++++++++++++------- src/openvpn/error.h | 39 +++++++++++++++++++++++++++++---------- src/openvpn/forward.c | 9 ++++++++- src/openvpn/manage.c | 5 +++-- src/openvpn/platform.c | 2 +- src/openvpn/tun.h | 4 ++-- 6 files changed, 70 insertions(+), 23 deletions(-) diff --git a/src/openvpn/error.c b/src/openvpn/error.c index 603d6c63..1b7f5cde 100644 --- a/src/openvpn/error.c +++ b/src/openvpn/error.c @@ -220,6 +220,18 @@ x_msg(const unsigned int flags, const char *format, ...) va_end(arglist); } +static const char* +openvpn_strerror(int err, bool crt_error, struct gc_arena *gc) +{ +#ifdef _WIN32 + if (!crt_error) + { + return strerror_win32(err, gc); + } +#endif + return strerror(err); +} + void x_msg_va(const unsigned int flags, const char *format, va_list arglist) { @@ -242,7 +254,8 @@ x_msg_va(const unsigned int flags, const char *format, va_list arglist) return; } - e = openvpn_errno(); + bool crt_error = false; + e = openvpn_errno_maybe_crt(&crt_error); /* * Apply muting filter. @@ -264,7 +277,7 @@ x_msg_va(const unsigned int flags, const char *format, va_list arglist) if ((flags & M_ERRNO) && e) { openvpn_snprintf(m2, ERR_BUF_SIZE, "%s: %s (errno=%d)", - m1, strerror(e), e); + m1, openvpn_strerror(e, crt_error, &gc), e); SWAP; } @@ -643,7 +656,6 @@ x_check_status(int status, struct link_socket *sock, struct tuntap *tt) { - const int my_errno = openvpn_errno(); const char *extended_msg = NULL; msg(x_cs_verbose_level, "%s %s returned %d", @@ -666,26 +678,34 @@ x_check_status(int status, sock->info.mtu_changed = true; } } -#elif defined(_WIN32) +#endif /* EXTENDED_SOCKET_ERROR_CAPABILITY */ + +#ifdef _WIN32 /* get possible driver error from TAP-Windows driver */ if (tuntap_defined(tt)) { extended_msg = tap_win_getinfo(tt, &gc); } #endif - if (!ignore_sys_error(my_errno)) + + bool crt_error = false; + int my_errno = openvpn_errno_maybe_crt(&crt_error); + + if (!ignore_sys_error(my_errno, crt_error)) { if (extended_msg) { msg(x_cs_info_level, "%s %s [%s]: %s (fd=%d,code=%d)", description, sock ? proto2ascii(sock->info.proto, sock->info.af, true) : "", - extended_msg, strerror(my_errno), sock ? sock->sd : -1, my_errno); + extended_msg, openvpn_strerror(my_errno, crt_error, &gc), + sock ? sock->sd : -1, my_errno); } else { msg(x_cs_info_level, "%s %s: %s (fd=%d,code=%d)", description, sock ? proto2ascii(sock->info.proto, sock->info.af, true) : "", - strerror(my_errno), sock ? sock->sd : -1, my_errno); + openvpn_strerror(my_errno, crt_error, &gc), + sock ? sock->sd : -1, my_errno); } if (x_cs_err_delay_ms) diff --git a/src/openvpn/error.h b/src/openvpn/error.h index ad7defe8..be8d97e5 100644 --- a/src/openvpn/error.h +++ b/src/openvpn/error.h @@ -75,13 +75,10 @@ struct gc_arena; /* String and Error functions */ #ifdef _WIN32 -#define openvpn_errno() GetLastError() -#define openvpn_strerror(e, gc) strerror_win32(e, gc) +#define openvpn_errno() GetLastError() const char *strerror_win32(DWORD errnum, struct gc_arena *gc); - #else -#define openvpn_errno() errno -#define openvpn_strerror(x, gc) strerror(x) +#define openvpn_errno() errno #endif /* @@ -352,20 +349,22 @@ msg_get_virtual_output(void) * which can be safely ignored. */ static inline bool -ignore_sys_error(const int err) +ignore_sys_error(const int err, bool crt_error) { - /* I/O operation pending */ #ifdef _WIN32 - if (err == WSAEWOULDBLOCK || err == WSAEINVAL) + if (!crt_error && ((err == WSAEWOULDBLOCK || err == WSAEINVAL))) { return true; } #else - if (err == EAGAIN) + crt_error = true; +#endif + + /* I/O operation pending */ + if (crt_error && (err == EAGAIN)) { return true; } -#endif #if 0 /* if enabled, suppress ENOBUFS errors */ #ifdef ENOBUFS @@ -387,6 +386,26 @@ nonfatal(const unsigned int err) return err & M_FATAL ? (err ^ M_FATAL) | M_NONFATAL : err; } +static inline int +openvpn_errno_maybe_crt(bool *crt_error) +{ + int err = 0; + *crt_error = false; +#ifdef _WIN32 + err = GetLastError(); + if (err == ERROR_SUCCESS) + { + /* error is likely C runtime */ + *crt_error = true; + err = errno; + } +#else + *crt_error = true; + err = errno; +#endif + return err; +} + #include "errlevel.h" #endif /* ifndef ERROR_H */ diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 8930e578..04828a5c 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -1660,7 +1660,14 @@ process_outgoing_link(struct context *c) } /* for unreachable network and "connecting" state switch to the next host */ - if (size < 0 && ENETUNREACH == error_code && c->c2.tls_multi + + bool unreachable = error_code == +#ifdef _WIN32 + WSAENETUNREACH; +#else + ENETUNREACH; +#endif + if (size < 0 && unreachable && c->c2.tls_multi && !tls_initial_packet_received(c->c2.tls_multi) && c->options.mode == MODE_POINT_TO_POINT) { msg(M_INFO, "Network unreachable, restarting"); diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c index 9b03b057..036658b1 100644 --- a/src/openvpn/manage.c +++ b/src/openvpn/manage.c @@ -2008,9 +2008,10 @@ man_process_command(struct management *man, const char *line) static bool man_io_error(struct management *man, const char *prefix) { - const int err = openvpn_errno(); + bool crt_error = false; + int err = openvpn_errno_maybe_crt(&crt_error); - if (!ignore_sys_error(err)) + if (!ignore_sys_error(err, crt_error)) { struct gc_arena gc = gc_new(); msg(D_MANAGEMENT, "MANAGEMENT: TCP %s error: %s", prefix, diff --git a/src/openvpn/platform.c b/src/openvpn/platform.c index 61afee83..ae1678db 100644 --- a/src/openvpn/platform.c +++ b/src/openvpn/platform.c @@ -532,7 +532,7 @@ platform_test_file(const char *filename) } else { - if (openvpn_errno() == EACCES) + if (errno == EACCES) { msg( M_WARN | M_ERRNO, "Could not access file '%s'", filename); } diff --git a/src/openvpn/tun.h b/src/openvpn/tun.h index 3a7314c5..4bc35916 100644 --- a/src/openvpn/tun.h +++ b/src/openvpn/tun.h @@ -446,7 +446,7 @@ tuntap_stop(int status) */ if (status < 0) { - return openvpn_errno() == ERROR_FILE_NOT_FOUND; + return GetLastError() == ERROR_FILE_NOT_FOUND; } return false; } @@ -459,7 +459,7 @@ tuntap_abort(int status) */ if (status < 0) { - return openvpn_errno() == ERROR_OPERATION_ABORTED; + return GetLastError() == ERROR_OPERATION_ABORTED; } return false; }