From patchwork Thu Jun 23 22:38:05 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 2541 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director9.mail.ord1d.rsapps.net ([172.30.191.6]) by backend41.mail.ord1d.rsapps.net with LMTP id SCQsIZd/tWJVXgAAqwncew (envelope-from ) for ; Fri, 24 Jun 2022 05:10:47 -0400 Received: from proxy12.mail.ord1d.rsapps.net ([172.30.191.6]) by director9.mail.ord1d.rsapps.net with LMTP id mLIgIZd/tWJsYAAAalYnBA (envelope-from ) for ; Fri, 24 Jun 2022 05:10:47 -0400 Received: from smtp34.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy12.mail.ord1d.rsapps.net with LMTPS id EBrOIJd/tWLoOwAA7PHxkg (envelope-from ) for ; Fri, 24 Jun 2022 05:10:47 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp34.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: 888523fe-f39d-11ec-b3fb-5254008bd48f-1-1 Received: from [216.105.38.7] ([216.105.38.7:53416] helo=lists.sourceforge.net) by smtp34.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id B6/1E-02123-79F75B26; Fri, 24 Jun 2022 05:10:47 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1o4fK3-0002OK-AK; Fri, 24 Jun 2022 09:09:51 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1o4fK1-0002Nw-Ps for openvpn-devel@lists.sourceforge.net; Fri, 24 Jun 2022 09:09:49 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=bXL03upAacme1XklBmSg3NlktHBVfe2rTZ5JRZZmlro=; b=QIC1xo2vfAz/EF1v7fAzugeX01 QG+dUBWHAj/O9cUmXTO6T8ho6BZpRdHrSqtHCsdV185fyx6fkWr+3yZ1bzZyzoA546XN3g00PWnkZ Z0IbeBtSTcdG2AQkO64u40FL7cqj8jgwqlN4X/uFx8tg8siHpig2U/oknFW9cSRAM7jQ=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=bXL03upAacme1XklBmSg3NlktHBVfe2rTZ5JRZZmlro=; b=UnLQKDgc0vicZwq5We0W3aPio8 ZISedcEhRUDmzHWshfXrbBOhdr81ddqlI+ZqaDjvp7uOVowLys+jT7UkMOtbXdEnnG7YYzpCsVOfB 2yLwi0Bj6UoiCRVaqgJIZ4ie6aSTgqclXZmOP38/KgdOlOY9zpmiMmmtppGUHgpIFru8=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1o4fK0-00C43l-1K for openvpn-devel@lists.sourceforge.net; Fri, 24 Jun 2022 09:09:49 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Fri, 24 Jun 2022 10:38:05 +0200 Message-Id: <20220624083809.23487-22-a@unstable.cc> In-Reply-To: <20220624083809.23487-1-a@unstable.cc> References: <20220624083809.23487-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: The current condition checking if the TUN interface was preserved is dependant on the platform being Android or not. This makes the code reasonably ugly, especially because uncrustify can't indent pro [...] Content analysis details: (-0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1o4fK0-00C43l-1K Subject: [Openvpn-devel] [PATCH 21/25] do_open_tun: restyle "can preserve TUN" check X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox The current condition checking if the TUN interface was preserved is dependant on the platform being Android or not. This makes the code reasonably ugly, especially because uncrustify can't indent properly. On top of that, we will require an extra condition only for windows+DCO, which will make the check even uglier. For this reason, factor out the check in a separate function which can keep the ifdefs craziness well hidden, while do_open_tun becomes (a bit) cleaner. Signed-off-by: Antonio Quartulli Acked-by: Heiko Hund --- src/openvpn/init.c | 283 +++++++++++++++++++++++---------------------- 1 file changed, 146 insertions(+), 137 deletions(-) diff --git a/src/openvpn/init.c b/src/openvpn/init.c index bdd2ad96..f95dcb93 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -1690,161 +1690,123 @@ do_init_tun(struct context *c) * Open tun/tap device, ifconfig, call up script, etc. */ + +static bool +can_preserve_tun(struct tuntap *tt) +{ +#ifdef TARGET_ANDROID + return false; +#elif _WIN32 + return tt && tt->dco.real_tun_init; +#else + return tt; +#endif +} + static bool do_open_tun(struct context *c) { struct gc_arena gc = gc_new(); bool ret = false; -#ifndef TARGET_ANDROID - if (!c->c1.tuntap) + if (!can_preserve_tun(c->c1.tuntap)) { -#endif #ifdef TARGET_ANDROID - /* If we emulate persist-tun on android we still have to open a new tun and - * then close the old */ - int oldtunfd = -1; - if (c->c1.tuntap) - { - oldtunfd = c->c1.tuntap->fd; - free(c->c1.tuntap); - c->c1.tuntap = NULL; - c->c1.tuntap_owned = false; - } + /* If we emulate persist-tun on android we still have to open a new tun and + * then close the old */ + int oldtunfd = -1; + if (c->c1.tuntap) + { + oldtunfd = c->c1.tuntap->fd; + free(c->c1.tuntap); + c->c1.tuntap = NULL; + c->c1.tuntap_owned = false; + } #endif - /* initialize (but do not open) tun/tap object */ - do_init_tun(c); + /* initialize (but do not open) tun/tap object */ + do_init_tun(c); - /* inherit the dco context from the tuntap object */ - if (c->c2.tls_multi) - { - c->c2.tls_multi->dco = &c->c1.tuntap->dco; - } + /* inherit the dco context from the tuntap object */ + if (c->c2.tls_multi) + { + c->c2.tls_multi->dco = &c->c1.tuntap->dco; + } #ifdef _WIN32 - /* store (hide) interactive service handle in tuntap_options */ - c->c1.tuntap->options.msg_channel = c->options.msg_channel; - msg(D_ROUTE, "interactive service msg_channel=%" PRIu64, (unsigned long long) c->options.msg_channel); + /* store (hide) interactive service handle in tuntap_options */ + c->c1.tuntap->options.msg_channel = c->options.msg_channel; + msg(D_ROUTE, "interactive service msg_channel=%" PRIu64, (unsigned long long) c->options.msg_channel); #endif - /* allocate route list structure */ - do_alloc_route_list(c); + /* allocate route list structure */ + do_alloc_route_list(c); - /* parse and resolve the route option list */ - ASSERT(c->c2.link_socket); - if (c->options.routes && c->c1.route_list) - { - do_init_route_list(&c->options, c->c1.route_list, - &c->c2.link_socket->info, c->c2.es, &c->net_ctx); - } - if (c->options.routes_ipv6 && c->c1.route_ipv6_list) - { - do_init_route_ipv6_list(&c->options, c->c1.route_ipv6_list, - &c->c2.link_socket->info, c->c2.es, - &c->net_ctx); - } + /* parse and resolve the route option list */ + ASSERT(c->c2.link_socket); + if (c->options.routes && c->c1.route_list) + { + do_init_route_list(&c->options, c->c1.route_list, + &c->c2.link_socket->info, c->c2.es, &c->net_ctx); + } + if (c->options.routes_ipv6 && c->c1.route_ipv6_list) + { + do_init_route_ipv6_list(&c->options, c->c1.route_ipv6_list, + &c->c2.link_socket->info, c->c2.es, + &c->net_ctx); + } - /* do ifconfig */ - if (!c->options.ifconfig_noexec - && ifconfig_order() == IFCONFIG_BEFORE_TUN_OPEN) - { - /* guess actual tun/tap unit number that will be returned - * by open_tun */ - const char *guess = guess_tuntap_dev(c->options.dev, - c->options.dev_type, - c->options.dev_node, - &gc); - do_ifconfig(c->c1.tuntap, guess, c->c2.frame.tun_mtu, c->c2.es, - &c->net_ctx); - } + /* do ifconfig */ + if (!c->options.ifconfig_noexec + && ifconfig_order() == IFCONFIG_BEFORE_TUN_OPEN) + { + /* guess actual tun/tap unit number that will be returned + * by open_tun */ + const char *guess = guess_tuntap_dev(c->options.dev, + c->options.dev_type, + c->options.dev_node, + &gc); + do_ifconfig(c->c1.tuntap, guess, c->c2.frame.tun_mtu, c->c2.es, + &c->net_ctx); + } - /* possibly add routes */ - if (route_order() == ROUTE_BEFORE_TUN) - { - /* Ignore route_delay, would cause ROUTE_BEFORE_TUN to be ignored */ - do_route(&c->options, c->c1.route_list, c->c1.route_ipv6_list, - c->c1.tuntap, c->plugins, c->c2.es, &c->net_ctx); - } + /* possibly add routes */ + if (route_order() == ROUTE_BEFORE_TUN) + { + /* Ignore route_delay, would cause ROUTE_BEFORE_TUN to be ignored */ + do_route(&c->options, c->c1.route_list, c->c1.route_ipv6_list, + c->c1.tuntap, c->plugins, c->c2.es, &c->net_ctx); + } #ifdef TARGET_ANDROID - /* Store the old fd inside the fd so open_tun can use it */ - c->c1.tuntap->fd = oldtunfd; -#endif - if (dco_enabled(&c->options)) - { - ovpn_dco_init(c->mode, &c->c1.tuntap->dco); - } - - /* open the tun device */ - open_tun(c->options.dev, c->options.dev_type, c->options.dev_node, - c->c1.tuntap, &c->net_ctx); - - /* set the hardware address */ - if (c->options.lladdr) - { - set_lladdr(&c->net_ctx, c->c1.tuntap->actual_name, c->options.lladdr, - c->c2.es); - } - - /* do ifconfig */ - if (!c->options.ifconfig_noexec - && ifconfig_order() == IFCONFIG_AFTER_TUN_OPEN) - { - do_ifconfig(c->c1.tuntap, c->c1.tuntap->actual_name, - c->c2.frame.tun_mtu, c->c2.es, &c->net_ctx); - } - - /* run the up script */ - run_up_down(c->options.up_script, - c->plugins, - OPENVPN_PLUGIN_UP, - c->c1.tuntap->actual_name, -#ifdef _WIN32 - c->c1.tuntap->adapter_index, + /* Store the old fd inside the fd so open_tun can use it */ + c->c1.tuntap->fd = oldtunfd; #endif - dev_type_string(c->options.dev, c->options.dev_type), - c->c2.frame.tun_mtu, - print_in_addr_t(c->c1.tuntap->local, IA_EMPTY_IF_UNDEF, &gc), - print_in_addr_t(c->c1.tuntap->remote_netmask, IA_EMPTY_IF_UNDEF, &gc), - "init", - NULL, - "up", - c->c2.es); - -#if defined(_WIN32) - if (c->options.block_outside_dns) - { - dmsg(D_LOW, "Blocking outside DNS"); - if (!win_wfp_block_dns(c->c1.tuntap->adapter_index, c->options.msg_channel)) + if (dco_enabled(&c->options)) { - msg(M_FATAL, "Blocking DNS failed!"); + ovpn_dco_init(c->mode, &c->c1.tuntap->dco); } - } -#endif - /* possibly add routes */ - if ((route_order() == ROUTE_AFTER_TUN) && (!c->options.route_delay_defined)) - { - do_route(&c->options, c->c1.route_list, c->c1.route_ipv6_list, - c->c1.tuntap, c->plugins, c->c2.es, &c->net_ctx); - } + /* open the tun device */ + open_tun(c->options.dev, c->options.dev_type, c->options.dev_node, + c->c1.tuntap, &c->net_ctx); - ret = true; - static_context = c; -#ifndef TARGET_ANDROID -} -else -{ - msg(M_INFO, "Preserving previous TUN/TAP instance: %s", - c->c1.tuntap->actual_name); + /* set the hardware address */ + if (c->options.lladdr) + { + set_lladdr(&c->net_ctx, c->c1.tuntap->actual_name, c->options.lladdr, + c->c2.es); + } - /* explicitly set the ifconfig_* env vars */ - do_ifconfig_setenv(c->c1.tuntap, c->c2.es); + /* do ifconfig */ + if (!c->options.ifconfig_noexec + && ifconfig_order() == IFCONFIG_AFTER_TUN_OPEN) + { + do_ifconfig(c->c1.tuntap, c->c1.tuntap->actual_name, + c->c2.frame.tun_mtu, c->c2.es, &c->net_ctx); + } - /* run the up script if user specified --up-restart */ - if (c->options.up_restart) - { + /* run the up script */ run_up_down(c->options.up_script, c->plugins, OPENVPN_PLUGIN_UP, @@ -1856,24 +1818,71 @@ else c->c2.frame.tun_mtu, print_in_addr_t(c->c1.tuntap->local, IA_EMPTY_IF_UNDEF, &gc), print_in_addr_t(c->c1.tuntap->remote_netmask, IA_EMPTY_IF_UNDEF, &gc), - "restart", + "init", NULL, "up", c->c2.es); - } + #if defined(_WIN32) - if (c->options.block_outside_dns) - { - dmsg(D_LOW, "Blocking outside DNS"); - if (!win_wfp_block_dns(c->c1.tuntap->adapter_index, c->options.msg_channel)) + if (c->options.block_outside_dns) { - msg(M_FATAL, "Blocking DNS failed!"); + dmsg(D_LOW, "Blocking outside DNS"); + if (!win_wfp_block_dns(c->c1.tuntap->adapter_index, c->options.msg_channel)) + { + msg(M_FATAL, "Blocking DNS failed!"); + } } +#endif + + /* possibly add routes */ + if ((route_order() == ROUTE_AFTER_TUN) && (!c->options.route_delay_defined)) + { + do_route(&c->options, c->c1.route_list, c->c1.route_ipv6_list, + c->c1.tuntap, c->plugins, c->c2.es, &c->net_ctx); + } + + ret = true; + static_context = c; } + else + { + msg(M_INFO, "Preserving previous TUN/TAP instance: %s", + c->c1.tuntap->actual_name); + + /* explicitly set the ifconfig_* env vars */ + do_ifconfig_setenv(c->c1.tuntap, c->c2.es); + + /* run the up script if user specified --up-restart */ + if (c->options.up_restart) + { + run_up_down(c->options.up_script, + c->plugins, + OPENVPN_PLUGIN_UP, + c->c1.tuntap->actual_name, +#ifdef _WIN32 + c->c1.tuntap->adapter_index, +#endif + dev_type_string(c->options.dev, c->options.dev_type), + c->c2.frame.tun_mtu, + print_in_addr_t(c->c1.tuntap->local, IA_EMPTY_IF_UNDEF, &gc), + print_in_addr_t(c->c1.tuntap->remote_netmask, IA_EMPTY_IF_UNDEF, &gc), + "restart", + NULL, + "up", + c->c2.es); + } +#if defined(_WIN32) + if (c->options.block_outside_dns) + { + dmsg(D_LOW, "Blocking outside DNS"); + if (!win_wfp_block_dns(c->c1.tuntap->adapter_index, c->options.msg_channel)) + { + msg(M_FATAL, "Blocking DNS failed!"); + } + } #endif -} -#endif /* ifndef TARGET_ANDROID */ + } gc_free(&gc); return ret; }