| Message ID | 20181205214037.70783-1-gert@greenie.muc.de |
|---|---|
| State | Accepted |
| Delegated to: | Antonio Quartulli |
| Headers | show |
| Series | [Openvpn-devel,v2] Stop complaining about IPv6 routes without gateway address. | expand |
Hi, On 06/12/2018 07:40, Gert Doering wrote: > The IPv6 routing code inherited assumptions and the message > > "OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 > option and no default was specified by either --route-ipv6-gateway or > --ifconfig-ipv6 options" > > from the IPv4 routing code. > > This was never really correct, as no gateway is needed for "into tun > device" IPv6 routes, and the "--route-ipv6-gateway" option it refers > to also never existed. (Routes on tap interfaces *do* need a gateway > due to neighbour discovery being involved. As do routes on Windows, > but there we fake the gateway in tun mode anyway). > > While commit d24e1b179b95 introduces support for "--route-ipv6-gateway", > the message is still falsely triggered for IPv6 routes in tun mode. > > Change the code to generally accept IPv6 routes with no gateway > specification (so "--block-ipv6 --redirect-gateway ipv6" can work > without additional config). When installing IPv6 routes, check > if a gateway is needed (tap mode) but missing, and if yes, print > correct message. > Thanks for this commit message. It was very clear as of what the patch is addressing, how and why, > Trac: #1143 > > Signed-off-by: Gert Doering <gert@greenie.muc.de> > --- > src/openvpn/route.c | 16 +++++++++++----- > 1 file changed, 11 insertions(+), 5 deletions(-) > > diff --git a/src/openvpn/route.c b/src/openvpn/route.c > index d97e8dba..ac38bf15 100644 > --- a/src/openvpn/route.c > +++ b/src/openvpn/route.c > @@ -448,11 +448,6 @@ init_route_ipv6(struct route_ipv6 *r6, > { > r6->gateway = rl6->remote_endpoint_ipv6; > } > - else > - { > - msg(M_WARN, PACKAGE_NAME " ROUTE6: " PACKAGE_NAME " needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options"); > - goto fail; > - } > > /* metric */ > > @@ -1917,6 +1912,16 @@ add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt, unsigned int flag > gateway_needed = true; > } > > + if (gateway_needed && IN6_IS_ADDR_UNSPECIFIED(&r6->gateway) ) please remove the space before the last ')' > + { > + msg(M_WARN, "ROUTE6 WARNING: " PACKAGE_NAME " needs a gateway " > + "parameter for a --route-ipv6 option and no default was set via " > + "--ifconfig-ipv6 or --route-ipv6-gateway option. Not installing " > + "IPv6 route to %s/%d.", network, r6->netbits ); please remove the space before the last ')' As quickly discussed during the meeting, it might be better to have the string all on one line to make it easier to grep. You could go on a new line after M_WARN, and then right after the long string. One dis-advantage I have seen while testing this patch is that we now get one message for each route we try to install. However, I think it is ok because the message explicitly mentions each failing route. > + status = false; > + goto done; > + } > + > #if defined(TARGET_LINUX) > #ifdef ENABLE_IPROUTE > argv_printf(&argv, "%s -6 route add %s/%d dev %s", > @@ -2114,6 +2119,7 @@ add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt, unsigned int flag > msg(M_FATAL, "Sorry, but I don't know how to do 'route ipv6' commands on this operating system. Try putting your routes in a --route-up script"); > #endif /* if defined(TARGET_LINUX) */ > > +done: > if (status) > { > r6->flags |= RT_ADDED; > Other than those comments above, the patch looks good and my tests did not reveal any issue. Acked-by: Antonio Quartulli <antonio@openvpn.net> Regards,
Hi, just as a side note, for the archives: On Mon, Dec 17, 2018 at 04:53:45PM +1000, Antonio Quartulli wrote: > One dis-advantage I have seen while testing this patch is that we now > get one message for each route we try to install. That's no different from today - we hit the message at a different spot (when trying to install the route, as opposed to "when processing the 'route-ipv6' option") - but we got one message per route before. Just sayin' ;-) Will go and uncrustify... gert
Patch has been applied to the master branch.
I haven't put it into release/2.4 as this is more a "make things nicer"
than a bugfix - plus it needs the "--route-ipv6-gateway" feature from
d24e1b179b95, which is "new feature" and thus not in 2.4.
Reformatted braces as suggested. Interesting enough, our uncrustify
rules permit both "a space before the closing bracked" and "no space"
(and I think this is good enough, sometimes you just want the extra
space for readability - but maybe not in this case).
I've left the message as it was, because "putting it all in one line"
creates a 220 characters wide line - which is definitely in "Steffan
will come and kick me" land.
commit 14d7e0e496f15563005fffc6d4791a95444ddf23 (master)
Author: Gert Doering
Date: Wed Dec 5 22:40:37 2018 +0100
Stop complaining about IPv6 routes without gateway address.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <20181205214037.70783-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17990.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
--
kind regards,
Gert Doering
diff --git a/src/openvpn/route.c b/src/openvpn/route.c index d97e8dba..ac38bf15 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -448,11 +448,6 @@ init_route_ipv6(struct route_ipv6 *r6, { r6->gateway = rl6->remote_endpoint_ipv6; } - else - { - msg(M_WARN, PACKAGE_NAME " ROUTE6: " PACKAGE_NAME " needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options"); - goto fail; - } /* metric */ @@ -1917,6 +1912,16 @@ add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt, unsigned int flag gateway_needed = true; } + if (gateway_needed && IN6_IS_ADDR_UNSPECIFIED(&r6->gateway) ) + { + msg(M_WARN, "ROUTE6 WARNING: " PACKAGE_NAME " needs a gateway " + "parameter for a --route-ipv6 option and no default was set via " + "--ifconfig-ipv6 or --route-ipv6-gateway option. Not installing " + "IPv6 route to %s/%d.", network, r6->netbits ); + status = false; + goto done; + } + #if defined(TARGET_LINUX) #ifdef ENABLE_IPROUTE argv_printf(&argv, "%s -6 route add %s/%d dev %s", @@ -2114,6 +2119,7 @@ add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt, unsigned int flag msg(M_FATAL, "Sorry, but I don't know how to do 'route ipv6' commands on this operating system. Try putting your routes in a --route-up script"); #endif /* if defined(TARGET_LINUX) */ +done: if (status) { r6->flags |= RT_ADDED;
The IPv6 routing code inherited assumptions and the message "OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options" from the IPv4 routing code. This was never really correct, as no gateway is needed for "into tun device" IPv6 routes, and the "--route-ipv6-gateway" option it refers to also never existed. (Routes on tap interfaces *do* need a gateway due to neighbour discovery being involved. As do routes on Windows, but there we fake the gateway in tun mode anyway). While commit d24e1b179b95 introduces support for "--route-ipv6-gateway", the message is still falsely triggered for IPv6 routes in tun mode. Change the code to generally accept IPv6 routes with no gateway specification (so "--block-ipv6 --redirect-gateway ipv6" can work without additional config). When installing IPv6 routes, check if a gateway is needed (tap mode) but missing, and if yes, print correct message. Trac: #1143 Signed-off-by: Gert Doering <gert@greenie.muc.de> --- src/openvpn/route.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-)