[Openvpn-devel] Stop complaining about IPv6 routes without gateway address.

Message ID 20181205210734.62565-1-gert@greenie.muc.de
State Superseded
Delegated to: Antonio Quartulli
Headers show
Series
  • [Openvpn-devel] Stop complaining about IPv6 routes without gateway address.
Related show

Commit Message

Gert Doering Dec. 5, 2018, 9:07 p.m.
The IPv6 routing code inherited assumptions and the message

   "OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6
    option and no default was specified by either --route-ipv6-gateway or
    --ifconfig-ipv6 options"

from the IPv4 routing code.

This was never really correct, as no gateway is needed for "into tun
device" IPv6 routes, and the "--route-ipv6-gateway" option it refers
to also never existed.  (Routes on tap interfaces *do* need a gateway
due to neighbour discovery being involved.  As do routes on Windows,
but there we fake the gateway in tun mode anyway).

Change the code to generally accept IPv6 routes with no gateway
specification (so "--block-ipv6 --redirect-gateway ipv6" can work
without additional config).  When installing IPv6 routes, check
if a gateway is needed (tap mode) but missing, and if yes, print
correct message.

Trac: #1143

Signed-off-by: Gert Doering <gert@greenie.muc.de>
---
 src/openvpn/route.c | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

Comments

Gert Doering Dec. 5, 2018, 9:24 p.m. | #1
Hi,

On Wed, Dec 05, 2018 at 10:07:34PM +0100, Gert Doering wrote:
> The IPv6 routing code inherited assumptions and the message
> 
>    "OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6
>     option and no default was specified by either --route-ipv6-gateway or
>     --ifconfig-ipv6 options"
> 
> from the IPv4 routing code.
> 
> This was never really correct, as no gateway is needed for "into tun
> device" IPv6 routes, and the "--route-ipv6-gateway" option it refers
> to also never existed.  (Routes on tap interfaces *do* need a gateway
> due to neighbour discovery being involved.  As do routes on Windows,
> but there we fake the gateway in tun mode anyway).

Mmmh, ditch this patch.

I've forgotten the patch from James Bekkema (which was sent in a weird
format so patchwork did not recognize it as such).  Both patches are
compatible, but my new message does not take this into account

v2 coming tomorrow.

gert

Patch

diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index d97e8dba..cf51063b 100644
--- a/src/openvpn/route.c
+++ b/src/openvpn/route.c
@@ -448,11 +448,6 @@  init_route_ipv6(struct route_ipv6 *r6,
     {
         r6->gateway = rl6->remote_endpoint_ipv6;
     }
-    else
-    {
-        msg(M_WARN, PACKAGE_NAME " ROUTE6: " PACKAGE_NAME " needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options");
-        goto fail;
-    }
 
     /* metric */
 
@@ -1917,6 +1912,16 @@  add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt, unsigned int flag
         gateway_needed = true;
     }
 
+    if (gateway_needed && IN6_IS_ADDR_UNSPECIFIED(&r6->gateway) )
+    {
+        msg(M_WARN, "ROUTE6 WARNING: " PACKAGE_NAME " needs a gateway "
+            "parameter for a --route-ipv6 option and no default was set via "
+            "--ifconfig-ipv6 option.  Not installing IPv6 route to %s/%d.",
+            network, r6->netbits );
+        status = false;
+        goto done;
+    }
+
 #if defined(TARGET_LINUX)
 #ifdef ENABLE_IPROUTE
     argv_printf(&argv, "%s -6 route add %s/%d dev %s",
@@ -2114,6 +2119,7 @@  add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt, unsigned int flag
     msg(M_FATAL, "Sorry, but I don't know how to do 'route ipv6' commands on this operating system.  Try putting your routes in a --route-up script");
 #endif /* if defined(TARGET_LINUX) */
 
+done:
     if (status)
     {
         r6->flags |= RT_ADDED;