From patchwork Sun Nov 5 14:14:36 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 50 X-Patchwork-Delegate: gert@greenie.muc.de Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director5.mail.ord1d.rsapps.net ([172.30.191.6]) by backend31.mail.ord1d.rsapps.net (Dovecot) with LMTP id 8y/EEb23/1nAWAAAgoeIoA for ; Sun, 05 Nov 2017 20:15:41 -0500 Received: from proxy4.mail.ord1d.rsapps.net ([172.30.191.6]) by director5.mail.ord1d.rsapps.net (Dovecot) with LMTP id FSqjBL23/1nSHwAAsdCWiw ; Sun, 05 Nov 2017 20:15:41 -0500 Received: from smtp7.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy4.mail.ord1d.rsapps.net (Dovecot) with LMTP id zNorCb23/1k3VAAAiYrejw ; Sun, 05 Nov 2017 20:15:41 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-MessageSniffer-Scan-Result: 0 X-MessageSniffer-Rules: 0-298-1111-1319-w 0-298-1111-1683-w 0-298-0-15007-f X-CMAE-Scan-Result: 0 X-CNFS-Analysis: v=2.2 cv=Kb+QikQD c=1 sm=1 tr=0 a=Q8DxjiC8O3VT/NpP1XjEZQ==:117 a=Q8DxjiC8O3VT/NpP1XjEZQ==:17 a=kj9zAlcOel0A:10 a=x7bEGLp0ZPQA:10 a=yLqVZIfK32oA:10 a=sC3jslCIGhcA:10 a=WiVod9pSvdkA:10 a=pGLkceISAAAA:8 a=9sSjY8p1AAAA:8 a=P_JWiMecAAAA:8 a=FP58Ms26AAAA:8 a=qW07QnDt9mNRzIeZWOIA:9 a=Y2DqpBn-lgcA7Yy8:21 a=AsLsqBRqe23KzAlK:21 a=CjuIK1q_8ugA:10 a=-FEs8UIgK8oA:10 a=NWVoK91CQyQA:10 a=ub54wNWiXv_DzeFsgEJW:22 a=D0-HAvA3Hk9NMREbgwuX:22 X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.34.181.88] Authentication-Results: smtp7.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.34.181.88"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=gmail.com; dmarc=fail (p=none; dis=none) header.from=gmail.com X-Classification-ID: 01261d52-c290-11e7-bfff-525400d28ed9-1-1 Received: from [216.34.181.88] ([216.34.181.88:47810] helo=lists.sourceforge.net) by smtp7.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 8D/D5-05585-CB7BFF95; Sun, 05 Nov 2017 20:15:40 -0500 Received: from localhost ([127.0.0.1] helo=sfs-ml-4.v29.ch3.sourceforge.com) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.89) (envelope-from ) id 1eBW0E-0004UM-8M; Mon, 06 Nov 2017 01:15:02 +0000 Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtps (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.89) (envelope-from ) id 1eBW0C-0004U9-Th for openvpn-devel@lists.sourceforge.net; Mon, 06 Nov 2017 01:15:00 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From; bh=kbh0LsihfciUXhPGEVus8zZI58xZ8OQTz20J2RACMdo=; b=VO8Qvr+3492qlyPIEbtvPAqISzJ0oktAxGzcs2ptkrhn9FXjPxfXFxWMjzRXipxpcz3ug6Jp2pe7TurqRSK/skv8cOWqdLiQ8Pk8pUgQy5G4WG0rgMNJgB2MtAZPnyQ4PGheC5GaRGdz3Hw6/UAiCivUjxngbdJBXXBCA429Ct4=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From; bh=kbh0LsihfciUXhPGEVus8zZI58xZ8OQTz20J2RACMdo=; b=ZPpzpaArrFIZpg44N7CdRGI248iSamDhyBfD6XvpjxTqJ6Np/Yt09k2yQQ+PG48tbSS/GafnIvmFoknf5Bnff072ghBrwGB3JbIphbRmc+z4tJ3VdI1vvOQCbZWIB02cgcinT0qWHvwoHbXfd9Tar1os0RTl/7/PGAiYPRfbkLo=; Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.214.50 as permitted sender) client-ip=209.85.214.50; envelope-from=selva.nair@gmail.com; helo=mail-it0-f50.google.com; Received: from mail-it0-f50.google.com ([209.85.214.50]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:AES128-SHA:128) (Exim 4.76) id 1eBW0C-0003Ju-1e for openvpn-devel@lists.sourceforge.net; Mon, 06 Nov 2017 01:15:00 +0000 Received: by mail-it0-f50.google.com with SMTP id 72so3313349itk.3 for ; Sun, 05 Nov 2017 17:15:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=kbh0LsihfciUXhPGEVus8zZI58xZ8OQTz20J2RACMdo=; b=ssBvyAKrFm74PAkcQ636Mi2QYJx8N92AxsGxnJkZOo7q2w9NtxPpeuA+tPp6lPyNYo SF97X1Lg3LG7oNUrm/cF3GGpkE6E1bOUpwkmNU53u7qyiCGiFA74Q93aESUIjLZPDARP rE8waQ7HjjWH1rBsoBXuqXNAf4w8GxmyCck67AE2AV6TWmGclQMLt4X3hnOwvosag07J SipJYoToghX/hM2wjcQfIfMPrGwXMDaCg6X5zwPGMNaQCjDNor0xZ01VymRbMET+qFJz f1BIZeX/FX41ukqfRmu/aE9y9+MmAjqIe4f37vxRaxOuFH4FtuXPaNHqunWNJ+0XD5GG Va9A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=kbh0LsihfciUXhPGEVus8zZI58xZ8OQTz20J2RACMdo=; b=PVaSEm/XJ/wDBvfM2mn32PrOHNIHuogjqPT59oSqZ4GoIlhOOr3BtwKgnAWmSF8OEI vYuKYqT+m9OSs+9jJim8VNPd31wPbsPcRE+WRR+HbOJmUA7xeisS/qBDQN+zM2D9anrv +XoO5OADfKM49zPrdQ5XmkR3VDK7CDYbir7Yy/0OP4CreP/e5HCpk+sQ73Nxx0qbsD/T SGCcDZlkrUuE0DfwDDqQo531tHT/cz3Gb+Qw3gzTo7HHkDF+jwFrJzWNhkdbfVX+Ymau WxdWz7a3GHr21Rrsnv3Gn9qtKqofLkqPC630xJHIyHgKSZjIv2pBJ5i/dzYDgiy7xAKt bQSQ== X-Gm-Message-State: AJaThX7I1aN47xxCB36+p000L0EGoSAz3nflHcYnVtavjVDbByYC457o R99t4Bhb0B5KTW4AtRTN1wC7V+D6 X-Google-Smtp-Source: ABhQp+Q2l11/ZRB0aRah7Lah36GeFAsAqaSdrh5YzN6p0OR61RfnmCZ7wHEQkxzLmr6kt5CubBvDPg== X-Received: by 10.36.31.212 with SMTP id d203mr7201614itd.48.1509930894445; Sun, 05 Nov 2017 17:14:54 -0800 (PST) Received: from saturn.home.sansel.ca (CPE40167ea0e1c2-CM788df74daaa0.cpe.net.cable.rogers.com. [99.228.215.92]) by smtp.gmail.com with ESMTPSA id e142sm3814546ite.28.2017.11.05.17.14.52 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 05 Nov 2017 17:14:52 -0800 (PST) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Sun, 5 Nov 2017 20:14:36 -0500 Message-Id: <1509930876-30728-1-git-send-email-selva.nair@gmail.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1509903249-10979-1-git-send-email-selva.nair@gmail.com> References: <1509903249-10979-1-git-send-email-selva.nair@gmail.com> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (selva.nair[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 0.5 RCVD_IN_SORBS_SPAM RBL: SORBS: sender is a spam source [209.85.214.50 listed in dnsbl.sorbs.net] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1eBW0C-0003Ju-1e Subject: [Openvpn-devel] [PATCH v2] Use lowest metric interface when multiple interfaces match a route X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Selva Nair Currently a route addition using IPAPI or service is skipped if the route gateway is reachable by multiple interfaces. This changes that to use the interface with lowest metric. Implemented by (i) Do not over-write the return value with TUN_ADAPTER_INDEX_INVALID in windows_route_find_if_index() if multiple interfaces match a route. (ii) Select the interface with lowest metric in adapter_index_of_ip() instead of the first one found when multiple interfaces match. Reported by Jan Just Keijser v2: - A private get_interface_metric() method and better error reporting - Revert an unintented edit of route.c (a_index = ...) - Improve the commit message Signed-off-by: Selva Nair Signed-off-by: Selva Nair <selva.nair@gmail.com>
--- src/openvpn/route.c | 1 - src/openvpn/tun.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 57 insertions(+), 3 deletions(-) diff --git a/src/openvpn/route.c b/src/openvpn/route.c index 8c71e6e..66a8ae3 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -2780,7 +2780,6 @@ windows_route_find_if_index(const struct route_ipv4 *r, const struct tuntap *tt) msg(M_WARN, "Warning: route gateway is ambiguous: %s (%d matches)", print_in_addr_t(r->gateway, 0, &gc), count); - ret = TUN_ADAPTER_INDEX_INVALID; } dmsg(D_ROUTE_DEBUG, "DEBUG: route find if: on_tun=%d count=%d index=%d", diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index 3639718..7603133 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -4474,6 +4474,49 @@ is_ip_in_adapter_subnet(const IP_ADAPTER_INFO *ai, const in_addr_t ip, in_addr_t return ret; } +/** + * Given an interface index return the interface metric. + * + * Arguments: + * index : The index of the interface + * family : AF_INET for IPv4 or AF_INET6 for IPv6 + * On error returns -1 + */ + +/* function signature missing in mingw iphlpapi.h */ +VOID NETIOAPI_API_ +InitializeIpInterfaceEntry(PMIB_IPINTERFACE_ROW Row); + +static int +get_interface_metric(NET_IFINDEX index, ADDRESS_FAMILY family) +{ + DWORD err; + int msglevel = D_ROUTE|M_WARN; + MIB_IPINTERFACE_ROW ipiface; + + InitializeIpInterfaceEntry(&ipiface); + ipiface.Family = family; + ipiface.InterfaceIndex = index; + + err = GetIpInterfaceEntry(&ipiface); + if (err == NO_ERROR) + { + return ipiface.Metric; + } + else if (err == ERROR_NOT_FOUND) + { + /* + * This happens if the address family is not enabled for the + * interface, which is benign -- display only at a debug level + */ + msglevel = D_ROUTE_DEBUG; + } + msg(msglevel, "Note: failed to determine metric of interface " + "<%lu> for %s : (error code = %lu)", + index, (family == AF_INET)? "ipv4" : "ipv6", err); + return -1; +} + DWORD adapter_index_of_ip(const IP_ADAPTER_INFO *list, const in_addr_t ip, @@ -4483,6 +4526,7 @@ adapter_index_of_ip(const IP_ADAPTER_INFO *list, struct gc_arena gc = gc_new(); DWORD ret = TUN_ADAPTER_INDEX_INVALID; in_addr_t highest_netmask = 0; + int lowest_metric = INT_MAX; bool first = true; if (count) @@ -4496,9 +4540,14 @@ adapter_index_of_ip(const IP_ADAPTER_INFO *list, if (is_ip_in_adapter_subnet(list, ip, &hn)) { + int metric = get_interface_metric(list->Index, AF_INET); if (first || hn > highest_netmask) { highest_netmask = hn; + if (metric >= 0) + { + lowest_metric = metric; + } if (count) { *count = 1; @@ -4512,16 +4561,22 @@ adapter_index_of_ip(const IP_ADAPTER_INFO *list, { ++*count; } + if (metric >= 0 && metric < lowest_metric) + { + ret = list->Index; + lowest_metric = metric; + } } } list = list->Next; } - dmsg(D_ROUTE_DEBUG, "DEBUG: IP Locate: ip=%s nm=%s index=%d count=%d", + dmsg(D_ROUTE_DEBUG, "DEBUG: IP Locate: ip=%s nm=%s index=%d count=%d metric=%d", print_in_addr_t(ip, 0, &gc), print_in_addr_t(highest_netmask, 0, &gc), (int)ret, - count ? *count : -1); + count ? *count : -1, + lowest_metric); if (ret == TUN_ADAPTER_INDEX_INVALID && count) {