From patchwork Fri Apr 20 01:16:19 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 313 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director9.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net (Dovecot) with LMTP id q0XJAqfM2VpcIwAAIUCqbw for ; Fri, 20 Apr 2018 07:19:03 -0400 Received: from proxy19.mail.ord1d.rsapps.net ([172.30.191.6]) by director9.mail.ord1d.rsapps.net (Dovecot) with LMTP id S0WiAqfM2VpIZQAAalYnBA ; Fri, 20 Apr 2018 07:19:03 -0400 Received: from smtp25.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy19.mail.ord1d.rsapps.net with LMTP id ADBpAqfM2VoCRgAAyH2SIw ; Fri, 20 Apr 2018 07:19:03 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp25.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: a0dc4910-448c-11e8-bc1c-52540081550e-1-1 Received: from [216.105.38.7] ([216.105.38.7:27138] helo=lists.sourceforge.net) by smtp25.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id DC/07-14064-6ACC9DA5; Fri, 20 Apr 2018 07:19:02 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1f9U3B-00048W-Qc; Fri, 20 Apr 2018 11:17:57 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1f9U37-000483-TI for openvpn-devel@lists.sourceforge.net; Fri, 20 Apr 2018 11:17:53 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc: To:From:Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=m6qmEQvtE8HNECtWgRWvRPZgRd5jTl9uNfEihGJuquI=; b=gR+iHmNcN6qUKQt4nIrPsE94eU s/A2jhEt/Bi/9lhX59/FAE28bK7nR5qcQquGoFFkZGSNLtuYuz80uSlwHIyFdQWRwsLgX5ZCWyOnB YSwrm8d0IlTSBJmSkZCXct/bK3KMMT0jNfj8OgI2JcoV2fTS5BCIZ0J438/rz2yIp7nk=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=m6qmEQvtE8HNECtWgRWvRPZgRd5jTl9uNfEihGJuquI=; b=YdBwTT/h3EWsoiG9MUCJE+k66k T7sfdaqjpNEnS9Cm4vsS7LhZzo4pAKESXWCanmiZW+TZlw6VgyxRrMCpZibkNXueLTLYc9mwtxBLl KiVkwp/ZRs6LYMkQrPbhjlNcJCJY5ufbgmHGC+QkLjuZQASjWcAf/aL+FnREsG4XIfOc=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-3.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) id 1f9U36-004bhT-AE for openvpn-devel@lists.sourceforge.net; Fri, 20 Apr 2018 11:17:53 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Fri, 20 Apr 2018 19:16:19 +0800 Message-Id: <20180420111624.7230-4-a@unstable.cc> In-Reply-To: <20180420111624.7230-1-a@unstable.cc> References: <20180420111624.7230-1-a@unstable.cc> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [5.148.176.60 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1f9U36-004bhT-AE Subject: [Openvpn-devel] [PATCH 3/8] tun.c: use new networking API to handle tun interface on Linux X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox By switching to the networking API (for Linux) openvpn will now use any of the available implementations to handle the tun interface. At the moment only iproute2 is implemented. Signed-off-by: Antonio Quartulli --- src/openvpn/tun.c | 199 ++++++++++++++-------------------------------- 1 file changed, 58 insertions(+), 141 deletions(-) diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index 263cacdf..3eec6899 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -46,6 +46,7 @@ #include "route.h" #include "win32.h" #include "block_dns.h" +#include "networking.h" #include "memdbg.h" @@ -883,10 +884,12 @@ do_ifconfig(struct tuntap *tt, if (tt->did_ifconfig_setup) { bool tun = false; +#if !defined(TARGET_LINUX) const char *ifconfig_local = NULL; const char *ifconfig_remote_netmask = NULL; const char *ifconfig_broadcast = NULL; const char *ifconfig_ipv6_local = NULL; +#endif bool do_ipv6 = false; struct argv argv = argv_new(); @@ -898,18 +901,23 @@ do_ifconfig(struct tuntap *tt, */ tun = is_tun_p2p(tt); +#if !defined(TARGET_LINUX) /* * Set ifconfig parameters */ ifconfig_local = print_in_addr_t(tt->local, 0, &gc); ifconfig_remote_netmask = print_in_addr_t(tt->remote_netmask, 0, &gc); +#endif if (tt->did_ifconfig_ipv6_setup) { +#if !defined(TARGET_LINUX) ifconfig_ipv6_local = print_in6_addr(tt->local_ipv6, 0, &gc); +#endif do_ipv6 = true; } +#if !defined(TARGET_LINUX) /* * If TAP-style device, generate broadcast address. */ @@ -917,6 +925,7 @@ do_ifconfig(struct tuntap *tt, { ifconfig_broadcast = print_in_addr_t(tt->broadcast, 0, &gc); } +#endif #ifdef ENABLE_MANAGEMENT if (management) @@ -933,102 +942,42 @@ do_ifconfig(struct tuntap *tt, #if defined(TARGET_LINUX) -#ifdef ENABLE_IPROUTE - /* - * Set the MTU for the device - */ - argv_printf(&argv, - "%s link set dev %s up mtu %d", - iproute_path, - actual, - tun_mtu - ); - argv_msg(M_INFO, &argv); - openvpn_execve_check(&argv, es, S_FATAL, "Linux ip link set failed"); - - if (tun) - { - - /* - * Set the address for the device - */ - argv_printf(&argv, - "%s addr add dev %s local %s peer %s", - iproute_path, - actual, - ifconfig_local, - ifconfig_remote_netmask - ); - argv_msg(M_INFO, &argv); - openvpn_execve_check(&argv, es, S_FATAL, "Linux ip addr add failed"); - } - else + if (net_iface_mtu_set(actual, tun_mtu) < 0) { - argv_printf(&argv, - "%s addr add dev %s %s/%d broadcast %s", - iproute_path, - actual, - ifconfig_local, - netmask_to_netbits2(tt->remote_netmask), - ifconfig_broadcast - ); - argv_msg(M_INFO, &argv); - openvpn_execve_check(&argv, es, S_FATAL, "Linux ip addr add failed"); + msg(M_FATAL, "Linux can't set mtu (%d) on %s", tun_mtu, actual); } - if (do_ipv6) + + if (net_iface_up(actual, true) < 0) { - argv_printf( &argv, - "%s -6 addr add %s/%d dev %s", - iproute_path, - ifconfig_ipv6_local, - tt->netbits_ipv6, - actual - ); - argv_msg(M_INFO, &argv); - openvpn_execve_check(&argv, es, S_FATAL, "Linux ip -6 addr add failed"); + msg(M_FATAL, "Linux can't bring %s up", actual); } - tt->did_ifconfig = true; -#else /* ifdef ENABLE_IPROUTE */ + if (tun) { - argv_printf(&argv, - "%s %s %s pointopoint %s mtu %d", - IFCONFIG_PATH, - actual, - ifconfig_local, - ifconfig_remote_netmask, - tun_mtu - ); + if (net_addr_ptp_v4_add(actual, &tt->local, + &tt->remote_netmask) < 0) + { + msg(M_FATAL, "Linux can't add IP to TUN interface %s", actual); + } } else { - argv_printf(&argv, - "%s %s %s netmask %s mtu %d broadcast %s", - IFCONFIG_PATH, - actual, - ifconfig_local, - ifconfig_remote_netmask, - tun_mtu, - ifconfig_broadcast - ); + if (net_addr_v4_add(actual, &tt->local, + netmask_to_netbits2(tt->remote_netmask), + &tt->remote_netmask) < 0) + { + msg(M_FATAL, "Linux can't add IP to TAP interface %s", actual); + } } - argv_msg(M_INFO, &argv); - openvpn_execve_check(&argv, es, S_FATAL, "Linux ifconfig failed"); if (do_ipv6) { - argv_printf(&argv, - "%s %s add %s/%d", - IFCONFIG_PATH, - actual, - ifconfig_ipv6_local, - tt->netbits_ipv6 - ); - argv_msg(M_INFO, &argv); - openvpn_execve_check(&argv, es, S_FATAL, "Linux ifconfig inet6 failed"); + if (net_addr_v6_add(actual, &tt->local_ipv6, tt->netbits_ipv6) < 0) + { + msg(M_FATAL, "Linux can't add IPv6 to interface %s", actual); + } } tt->did_ifconfig = true; -#endif /*ENABLE_IPROUTE*/ #elif defined(TARGET_ANDROID) if (do_ipv6) @@ -2103,77 +2052,45 @@ tuncfg(const char *dev, const char *dev_type, const char *dev_node, int persist_ void close_tun(struct tuntap *tt) { - if (tt) + if (!tt) { - if (tt->type != DEV_TYPE_NULL && tt->did_ifconfig) - { - struct argv argv = argv_new(); - struct gc_arena gc = gc_new(); + return; + } -#ifdef ENABLE_IPROUTE - if (is_tun_p2p(tt)) + if (tt->type != DEV_TYPE_NULL && tt->did_ifconfig) + { + int netbits = netmask_to_netbits2(tt->remote_netmask); + if (is_tun_p2p(tt)) + { + if (net_addr_ptp_v4_del(tt->actual_name, &tt->local, + &tt->remote_netmask) < 0) { - argv_printf(&argv, - "%s addr del dev %s local %s peer %s", - iproute_path, - tt->actual_name, - print_in_addr_t(tt->local, 0, &gc), - print_in_addr_t(tt->remote_netmask, 0, &gc) - ); + msg(M_WARN, "Linux can't del IP from TUN iface %s", + tt->actual_name); } - else + } + else + { + if (net_addr_v4_del(tt->actual_name, &tt->local, netbits) < 0) { - argv_printf(&argv, - "%s addr del dev %s %s/%d", - iproute_path, - tt->actual_name, - print_in_addr_t(tt->local, 0, &gc), - netmask_to_netbits2(tt->remote_netmask) - ); + msg(M_WARN, "Linux can't del IP from TAP iface %s", + tt->actual_name); } -#else /* ifdef ENABLE_IPROUTE */ - argv_printf(&argv, - "%s %s 0.0.0.0", - IFCONFIG_PATH, - tt->actual_name - ); -#endif /* ifdef ENABLE_IPROUTE */ - - argv_msg(M_INFO, &argv); - openvpn_execve_check(&argv, NULL, 0, "Linux ip addr del failed"); + } - if (tt->did_ifconfig_ipv6_setup) + if (tt->did_ifconfig_ipv6_setup) + { + if (net_addr_v6_del(tt->actual_name, &tt->local_ipv6, + tt->netbits_ipv6) < 0) { - const char *ifconfig_ipv6_local = print_in6_addr(tt->local_ipv6, 0, &gc); - -#ifdef ENABLE_IPROUTE - argv_printf(&argv, "%s -6 addr del %s/%d dev %s", - iproute_path, - ifconfig_ipv6_local, - tt->netbits_ipv6, - tt->actual_name - ); - argv_msg(M_INFO, &argv); - openvpn_execve_check(&argv, NULL, 0, "Linux ip -6 addr del failed"); -#else /* ifdef ENABLE_IPROUTE */ - argv_printf(&argv, - "%s %s del %s/%d", - IFCONFIG_PATH, - tt->actual_name, - ifconfig_ipv6_local, - tt->netbits_ipv6 - ); - argv_msg(M_INFO, &argv); - openvpn_execve_check(&argv, NULL, 0, "Linux ifconfig inet6 del failed"); -#endif + msg(M_WARN, "Linux can't del IPv6 from iface %s", + tt->actual_name); } - - argv_reset(&argv); - gc_free(&gc); } - close_tun_generic(tt); - free(tt); } + + close_tun_generic(tt); + free(tt); } int