From patchwork Wed Oct 9 03:34:22 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 859 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director9.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id qHU4BOnwnV3yUAAAIUCqbw for ; Wed, 09 Oct 2019 10:38:33 -0400 Received: from proxy12.mail.ord1d.rsapps.net ([172.30.191.6]) by director9.mail.ord1d.rsapps.net with LMTP id 0D3fA+nwnV3KDwAAalYnBA ; Wed, 09 Oct 2019 10:38:33 -0400 Received: from smtp37.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy12.mail.ord1d.rsapps.net with LMTP id 2CedA+nwnV3sZwAA7PHxkg ; Wed, 09 Oct 2019 10:38:33 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp37.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: 77853550-eaa2-11e9-a7fd-525400a11cf3-1-1 Received: from [216.105.38.7] ([216.105.38.7:44052] helo=lists.sourceforge.net) by smtp37.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 04/64-09610-8E0FD9D5; Wed, 09 Oct 2019 10:38:32 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1iID5t-0001tV-VI; Wed, 09 Oct 2019 14:37:37 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1iID5p-0001s2-UM for openvpn-devel@lists.sourceforge.net; Wed, 09 Oct 2019 14:37:33 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=SXLCP4866x72R1l+SIssg8CrkJFRe6hjVId8m4SESUE=; b=JrYAbIlIH1W7o/hJ2iN8TRo+H1 d+uygdJBCBHpJqskQa46QM8P3yWncxjfj0+rOkDFC3AqB+fhN4szY9ZbAbSSP4/nEScs56T5tk3kt vVYtNN8kElJvtGeDojBU/dClQY7DPav5MkA3a2Bda4cbUsKnS5OjkdKKhTGh/K1w5c+M=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=SXLCP4866x72R1l+SIssg8CrkJFRe6hjVId8m4SESUE=; b=Q3bCv2p5LcJGxZqak/WwUi4o3r wtrsZ7ET3G1fpxB7JZcVR4LKPpvC5Nl6vx3TRsgqY7sdWq3enLrzl0IaEL/wicrFqUD8a5kx2U/fO IKU5ljydilMAKm8Hy9RS+xYd388iO2AdM00djlGUne2gKSVH8AQ3+JgJrd9Me2h6653U=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-4.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1iID5m-00425j-13 for openvpn-devel@lists.sourceforge.net; Wed, 09 Oct 2019 14:37:33 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Wed, 9 Oct 2019 16:34:22 +0200 Message-Id: <20191009143422.9419-10-a@unstable.cc> In-Reply-To: <20191009143422.9419-1-a@unstable.cc> References: <20191009143422.9419-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: makefile.am] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [5.148.176.60 listed in list.dnswl.org] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record 0.2 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1iID5m-00425j-13 Subject: [Openvpn-devel] [PATCH 9/9] VLAN: allow user to avoid compiling VLAN handling code X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox To handle VLANs a whole lot of code has been introduced. However, there are a number of users who may not need this feature and would rather preserve disk space. Implement a configure knob (--disable-vlan-tagging) to conditionally take the entire VLAN code out. This patch introduces the conditional by keeping all the logic/ifdefs in vlan.h and avoid polluting the rest of code (exception made for options.h/c which is really troublesome to deal with). Signed-off-by: Antonio Quartulli --- configure.ac | 12 ++++++ src/openvpn/Makefile.am | 5 ++- src/openvpn/mroute.c | 6 +-- src/openvpn/mroute.h | 2 + src/openvpn/multi.c | 10 ++--- src/openvpn/options.c | 15 ++++++++ src/openvpn/options.h | 2 + src/openvpn/vlan.h | 83 +++++++++++++++++++++++++++++++++++++++++ 8 files changed, 126 insertions(+), 9 deletions(-) diff --git a/configure.ac b/configure.ac index c7fd7a84..66d58b91 100644 --- a/configure.ac +++ b/configure.ac @@ -256,6 +256,13 @@ AC_ARG_ENABLE( [enable_async_push="no"] ) +AC_ARG_ENABLE( + [vlan-tagging], + [AS_HELP_STRING([--disable-vlan-tagging], [Disble support for 802.1Q-based VLAN tagging])], + , + [enable_vlan="yes"] +) + AC_ARG_WITH( [special-build], [AS_HELP_STRING([--with-special-build=STRING], [specify special build string])], @@ -1321,6 +1328,10 @@ if test "${enable_async_push}" = "yes"; then ) fi +if test "${enable_vlan}" = "yes"; then + AC_DEFINE(ENABLE_VLAN_TAGGING, 1, [Enable 802.1Q-based VLAN tagging/untagging]) +fi + CONFIGURE_DEFINES="`set | grep '^enable_.*=' ; set | grep '^with_.*='`" AC_DEFINE_UNQUOTED([CONFIGURE_DEFINES], ["`echo ${CONFIGURE_DEFINES}`"], [Configuration settings]) @@ -1349,6 +1360,7 @@ AC_SUBST([OPTIONAL_PKCS11_HELPER_LIBS]) AC_SUBST([PLUGIN_AUTH_PAM_CFLAGS]) AC_SUBST([PLUGIN_AUTH_PAM_LIBS]) +AM_CONDITIONAL([VLAN_TAGGING], [test "${enable_vlan}" = "yes"]) AM_CONDITIONAL([WIN32], [test "${WIN32}" = "yes"]) AM_CONDITIONAL([GIT_CHECKOUT], [test "${GIT_CHECKOUT}" = "yes"]) AM_CONDITIONAL([ENABLE_PLUGIN_AUTH_PAM], [test "${enable_plugin_auth_pam}" = "yes"]) diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am index bc976019..64df1df4 100644 --- a/src/openvpn/Makefile.am +++ b/src/openvpn/Makefile.am @@ -123,7 +123,7 @@ openvpn_SOURCES = \ syshead.h \ tls_crypt.c tls_crypt.h \ tun.c tun.h \ - vlan.c vlan.h \ + vlan.h \ win32.h win32.c \ cryptoapi.h cryptoapi.c openvpn_LDADD = \ @@ -136,6 +136,9 @@ openvpn_LDADD = \ $(OPTIONAL_SELINUX_LIBS) \ $(OPTIONAL_SYSTEMD_LIBS) \ $(OPTIONAL_DL_LIBS) +if VLAN_TAGGING +openvpn_SOURCES += vlan.c +endif if WIN32 openvpn_SOURCES += openvpn_win32_resources.rc block_dns.c block_dns.h openvpn_LDADD += -lgdi32 -lws2_32 -lwininet -lcrypt32 -liphlpapi -lwinmm -lfwpuclnt -lrpcrt4 -lncrypt diff --git a/src/openvpn/mroute.c b/src/openvpn/mroute.c index bdb1b0c0..d6dc8d22 100644 --- a/src/openvpn/mroute.c +++ b/src/openvpn/mroute.c @@ -35,6 +35,7 @@ #include "proto.h" #include "error.h" #include "socket.h" +#include "vlan.h" #include "memdbg.h" @@ -256,8 +257,7 @@ mroute_copy_ether_to_addr(struct mroute_addr *maddr, maddr->netbits = 0; maddr->len = OPENVPN_ETH_ALEN; memcpy(maddr->ether.addr, ether_addr, OPENVPN_ETH_ALEN); - maddr->len += sizeof(vid); - maddr->ether.vid = vid; + vlan_maddr_copy_vid(maddr, vid); } unsigned int @@ -467,7 +467,7 @@ mroute_addr_print_ex(const struct mroute_addr *ma, case MR_ADDR_ETHER: buf_printf(&out, "%s", format_hex_ex(ma->ether.addr, sizeof(ma->ether.addr), 0, 1, ":", gc)); - buf_printf(&out, "@%hu", ma->ether.vid); + vlan_maddr_print_vid(&out, ma); break; case MR_ADDR_IPV4: diff --git a/src/openvpn/mroute.h b/src/openvpn/mroute.h index 113aa8c5..4bbcd61d 100644 --- a/src/openvpn/mroute.h +++ b/src/openvpn/mroute.h @@ -84,7 +84,9 @@ struct mroute_addr { uint8_t raw_addr[MR_MAX_ADDR_LEN]; /* actual address */ struct { uint8_t addr[OPENVPN_ETH_ALEN]; +#ifdef ENABLE_VLAN_TAGGING uint16_t vid; +#endif } ether; struct { in_addr_t addr; /* _network order_ IPv4 address */ diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index d594dd25..13e81315 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -2260,11 +2260,12 @@ multi_bcast(struct multi_context *m, } } #endif /* ifdef ENABLE_PF */ - if (vid != 0 && vid != mi->context.options.vlan_pvid) + if (!vlan_match_pvid(vid, &mi->context.options)) { continue; } multi_add_mbuf(m, mi, mb); + } } @@ -2648,8 +2649,7 @@ multi_process_incoming_link(struct multi_context *m, struct multi_instance *inst struct mroute_addr edest; mroute_addr_reset(&edest); #endif - - if (m->top.options.vlan_tagging) + if (vlan_is_enabled(&m->top.options)) { if (vlan_is_tagged(&c->c2.to_tun)) { @@ -2659,7 +2659,7 @@ multi_process_incoming_link(struct multi_context *m, struct multi_instance *inst } else { - vid = c->options.vlan_pvid; + vid = vlan_get_pvid(&c->options); } } /* extract packet source and dest addresses */ @@ -2788,7 +2788,7 @@ multi_process_incoming_tun(struct multi_context *m, const unsigned int mpp_flags return true; } - if (dev_type == DEV_TYPE_TAP && m->top.options.vlan_tagging) + if (dev_type == DEV_TYPE_TAP && vlan_is_enabled(&m->top.options)) { vid = vlan_decapsulate(&m->top, &m->top.c2.buf); if (vid < 0) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 3bcb9063..2c41eeda 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -405,9 +405,11 @@ static const char usage_message[] = "--plugin m [str]: Load plug-in module m passing str as an argument\n" " to its initialization function.\n" #endif +#ifdef ENABLE_VLAN_TAGGING "--vlan-tagging : Enable 802.1Q-based VLAN tagging.\n" "--vlan-accept tagged|untagged|all : Set VLAN tagging mode. Default is 'all'.\n" "--vlan-pvid v : Sets the Port VLAN Identifier. Defaults to 1.\n" +#endif /* ifdef ENABLE_VLAN_TAGGING */ #if P2MP #if P2MP_SERVER "\n" @@ -853,8 +855,10 @@ init_options(struct options *o, const bool init_gc) o->route_method = ROUTE_METHOD_ADAPTIVE; o->block_outside_dns = false; #endif +#ifdef ENABLE_VLAN_TAGGING o->vlan_accept = VLAN_ALL; o->vlan_pvid = 1; +#endif /* ifdef ENABLE_VLAN_TAGGING */ #if P2MP_SERVER o->real_hash_size = 256; o->virtual_hash_size = 256; @@ -1230,6 +1234,7 @@ dhcp_option_address_parse(const char *name, const char *parm, in_addr_t *array, #endif /* if defined(_WIN32) || defined(TARGET_ANDROID) */ +#ifdef ENABLE_VLAN_TAGGING static const char * print_vlan_accept(enum vlan_acceptable_frames mode) { @@ -1244,6 +1249,7 @@ print_vlan_accept(enum vlan_acceptable_frames mode) } return NULL; } +#endif /* ifdef ENABLE_VLAN_TAGGING */ #if P2MP @@ -1314,9 +1320,11 @@ show_p2mp_parms(const struct options *o) SHOW_STR(port_share_host); SHOW_STR(port_share_port); #endif +#ifdef ENABLE_VLAN_TAGGING SHOW_BOOL(vlan_tagging); msg(D_SHOW_PARMS, " vlan_accept = %s", print_vlan_accept (o->vlan_accept)); SHOW_INT(vlan_pvid); +#endif /* ifdef ENABLE_VLAN_TAGGING */ #endif /* P2MP_SERVER */ SHOW_BOOL(client); @@ -2380,6 +2388,7 @@ options_postprocess_verify_ce(const struct options *options, const struct connec } } +#ifdef ENABLE_VLAN_TAGGING if (options->vlan_tagging && dev != DEV_TYPE_TAP) { msg(M_USAGE, "--vlan-tagging must be used with --dev tap"); @@ -2395,6 +2404,8 @@ options_postprocess_verify_ce(const struct options *options, const struct connec msg(M_USAGE, "--vlan-pvid requires --vlan-tagging"); } } +#endif /* ifdef ENABLE_VLAN_TAGGING */ + } else { @@ -2485,10 +2496,12 @@ options_postprocess_verify_ce(const struct options *options, const struct connec msg(M_USAGE, "--stale-routes-check requires --mode server"); } +#ifdef ENABLE_VLAN_TAGGING if (options->vlan_tagging) { msg(M_USAGE, "--vlan-tagging requires --mode server"); } +#endif /* ifdef ENABLE_VLAN_TAGGING */ } #endif /* P2MP_SERVER */ @@ -8404,6 +8417,7 @@ add_option(struct options *options, VERIFY_PERMISSION(OPT_P_GENERAL); options->allow_recursive_routing = true; } +#ifdef ENABLE_VLAN_TAGGING else if (streq(p[0], "vlan-tagging") && !p[1]) { VERIFY_PERMISSION(OPT_P_GENERAL); @@ -8443,6 +8457,7 @@ add_option(struct options *options, goto err; } } +#endif /* ifdef ENABLE_VLAN_TAGGING */ else { int i; diff --git a/src/openvpn/options.h b/src/openvpn/options.h index 6f5e1f53..0192bfb0 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -639,9 +639,11 @@ struct options int keying_material_exporter_length; #endif +#ifdef ENABLE_VLAN_TAGGING bool vlan_tagging; enum vlan_acceptable_frames vlan_accept; uint16_t vlan_pvid; +#endif /* ifdef ENABLE_VLAN_TAGGING */ struct pull_filter_list *pull_filter_list; diff --git a/src/openvpn/vlan.h b/src/openvpn/vlan.h index a67ad0e1..44b3193b 100644 --- a/src/openvpn/vlan.h +++ b/src/openvpn/vlan.h @@ -29,11 +29,14 @@ #include "buffer.h" #include "mroute.h" +#include "options.h" #include "openvpn.h" struct multi_context; struct multi_instance; +#ifdef ENABLE_VLAN_TAGGING + int16_t vlan_decapsulate(const struct context *c, struct buffer *buf); @@ -43,6 +46,86 @@ vlan_is_tagged(const struct buffer *buf); void vlan_process_outgoing_tun(struct multi_context *m, struct multi_instance *mi); +static inline bool +vlan_is_enabled(struct options *opt) +{ + return opt->vlan_tagging; +} + +static inline bool +vlan_match_pvid(uint16_t vid, struct options *opt) +{ + return vid != 0 && vid == opt->vlan_pvid; +} + +static inline uint16_t +vlan_get_pvid(struct options *opt) +{ + return opt->vlan_pvid; +} + +static inline void +vlan_maddr_copy_vid(struct mroute_addr *maddr, uint16_t vid) +{ + maddr->len += sizeof(vid); + maddr->ether.vid = vid; +} + +static inline void +vlan_maddr_print_vid(struct buffer *out, const struct mroute_addr *maddr) +{ + buf_printf(out, "@%hu", maddr->ether.vid); +} + +#else + +static inline int16_t +vlan_decapsulate(const struct context *c, struct buffer *buf) +{ + return 1; +} + +static inline bool +vlan_tagged_drop(const struct buffer *buf) +{ + return false; +} + +static inline void +vlan_process_outgoing_tun(struct multi_context *m, struct multi_instance *mi) +{ +} + +static inline bool +vlan_is_enabled(struct options *opt) +{ + return false; +} + +static inline bool +vlan_match_pvid(uint16_t vid, struct options *opt) +{ + return true; +} + +static inline uint16_t +vlan_get_pvid(struct options *opt) +{ + return 0; +} + +static inline void +vlan_maddr_copy_vid(struct mroute_addr *maddr, uint16_t vid) +{ +} + +static inline void +vlan_maddr_print_vid(struct buffer *out, const struct mroute_addr *maddr) +{ +} + +#endif + #endif /* P2MP_SERVER */ #endif /* VLAN_H */