From patchwork Wed May 23 09:28:02 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 332 X-Patchwork-Delegate: gert@greenie.muc.de Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director12.mail.ord1d.rsapps.net ([172.31.255.6]) by backend30.mail.ord1d.rsapps.net (Dovecot) with LMTP id kxoPCrHBBVtgRgAAIUCqbw for ; Wed, 23 May 2018 15:32:01 -0400 Received: from proxy8.mail.iad3b.rsapps.net ([172.31.255.6]) by director12.mail.ord1d.rsapps.net (Dovecot) with LMTP id ow9lBLHBBVsdWwAAIasKDg ; Wed, 23 May 2018 15:32:01 -0400 Received: from smtp19.gate.iad3b ([172.31.255.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy8.mail.iad3b.rsapps.net with LMTP id CK3KArHBBVujGwAAoCsc3g ; Wed, 23 May 2018 15:32:01 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp19.gate.iad3b.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: f64f845a-5ebf-11e8-bd89-525400cbaf6c-1-1 Received: from [216.105.38.7] ([216.105.38.7:5807] helo=lists.sourceforge.net) by smtp19.gate.iad3b.rsapps.net (envelope-from ) (ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 98/99-22378-0B1C50B5; Wed, 23 May 2018 15:32:00 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1fLZTJ-0004SY-RA; Wed, 23 May 2018 19:30:53 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1fLZTI-0004SO-Cj for openvpn-devel@lists.sourceforge.net; Wed, 23 May 2018 19:30:52 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=8K/SUm9VhXphZDgllCeYiebXFQn1+vwtDC3JaRK6xbg=; b=EcaJ1mr/EIW+Eix1KFRUORC3f0 cq9hBwyCqva4hjxUjS5gzzxlY0FW8BYo0WgdRYKLwrWPz4YC/AxINXLIQ3WjY7ss2jlDkK63Yqn5S lxlUPYGbCo3H8F4R+wmz5rMHJwCVyWTu0S3XeSFR63yaTq+Dy6rlEgQCJJwcGiHUywFA=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=8K/SUm9VhXphZDgllCeYiebXFQn1+vwtDC3JaRK6xbg=; b=DUBUv9QfaHTu2exL+IwS+KKekJ dOi+PrQLZtxmg0eZUsPW2y5dapRmUHNNpKOXi+lDBdt5zE7bnplUoEbf3Xd5CZsiaXURzBjJBAO4j wNlxlwFpGnfhfTj5oPzYLfYJZqQogHCTgYQkcHrfc8ZZAky7BjHYQcnwy6H0eg+J4NdE=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-3.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) id 1fLZTF-00FKgY-Sv for openvpn-devel@lists.sourceforge.net; Wed, 23 May 2018 19:30:52 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Thu, 24 May 2018 03:28:02 +0800 Message-Id: <20180523192802.31611-1-a@unstable.cc> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [5.148.176.60 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1fLZTF-00FKgY-Sv Subject: [Openvpn-devel] [PATCH] do not push route-ipv6 entries that are also in the iroute-ipv6 list X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox A server should push a route to a client only if there is no matching iroute for the same client. While this logic works fine for IPv4, there is no IPv6 counterpart. Implement the same check for IPv6 routes and discard matching ones from the push list. Trac: #354 Cc: Gert Doering Signed-off-by: Antonio Quartulli --- Apparently this patch has been pending in Gert's endless TODO list since a while. I thought it could be nice to help him to get rid of some items :) src/openvpn/push.c | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/src/openvpn/push.c b/src/openvpn/push.c index 6a30e479..9199e1f0 100644 --- a/src/openvpn/push.c +++ b/src/openvpn/push.c @@ -776,7 +776,7 @@ process_incoming_push_msg(struct context *c, void remove_iroutes_from_push_route_list(struct options *o) { - if (o && o->push_list.head && o->iroutes) + if (o && o->push_list.head && (o->iroutes || o->iroutes_ipv6)) { struct gc_arena gc = gc_new(); struct push_entry *e = o->push_list.head; @@ -816,6 +816,29 @@ remove_iroutes_from_push_route_list(struct options *o) } } } + else if (p[0] && !strcmp(p[0], "route-ipv6") && !p[2]) + { + /* get route parameters */ + struct in6_addr network; + unsigned int netbits; + + /* parse route-ipv6 arguments */ + if (get_ipv6_addr(p[1], &network, &netbits, D_ROUTE_DEBUG)) + { + struct iroute_ipv6 *ir; + + /* does this route-ipv6 match an iroute-ipv6? */ + for (ir = o->iroutes_ipv6; ir != NULL; ir = ir->next) + { + if (!memcmp(&network, &ir->network, sizeof(network)) + && netbits == ir->netbits) + { + enable = false; + break; + } + } + } + } /* should we copy the push item? */ e->enable = enable;