From patchwork Wed Oct 9 03:34:16 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 862 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director8.mail.ord1d.rsapps.net ([172.27.255.53]) by backend30.mail.ord1d.rsapps.net with LMTP id GEwmLw3xnV23IAAAIUCqbw for ; Wed, 09 Oct 2019 10:39:09 -0400 Received: from proxy2.mail.iad3a.rsapps.net ([172.27.255.53]) by director8.mail.ord1d.rsapps.net with LMTP id wEg0LA3xnV1zEgAAfY0hYg ; Wed, 09 Oct 2019 10:39:09 -0400 Received: from smtp8.gate.iad3a ([172.27.255.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy2.mail.iad3a.rsapps.net with LMTP id OBxxJg3xnV2fagAABcWvHw ; Wed, 09 Oct 2019 10:39:09 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp8.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: 8d1bde14-eaa2-11e9-91bb-525400b8fe03-1-1 Received: from [216.105.38.7] ([216.105.38.7:38262] helo=lists.sourceforge.net) by smtp8.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 50/B3-29775-C01FD9D5; Wed, 09 Oct 2019 10:39:09 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1iID5m-0003QF-Qv; Wed, 09 Oct 2019 14:37:31 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1iID5l-0003Q0-Br for openvpn-devel@lists.sourceforge.net; Wed, 09 Oct 2019 14:37:29 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=P9LyT1+hVRl2g7uGXVtfeyRe5pxV64Jiz7GTcmkpLBg=; b=KKquYrUJmuhqc6G1Y637xoUoIE ASBQU2TqzzpKvDClsA9Kzy8ndM33mlhTqVzvjcM45L3ImIUb0zx3DaXz1yptKSIKUPs2j1eSOqb1X /ZJx1xZfMM3wbmLSUCcgVHqskSoObd3CNZGUSsR3OAKLdpP6OJcbRwqimNJh2sK/zntg=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=P9LyT1+hVRl2g7uGXVtfeyRe5pxV64Jiz7GTcmkpLBg=; b=W3FV6JRPdIh0a9FBnJpUh21Iw5 FdVHLsfFUlPh9qc9Lf8YPNnpHnB2Nz45h2L8U8Nh/D8knHKun+WcTnYtVwbQ7wkj1QEmlj18rpy8f uzVtcmUVTwGoKWabRUH2PNPUYOTvgjBQUJybdmYMZp2H0EfKUcT5CJ9Q8Ov6PbUP+SqY=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1iID5i-00BOLl-V0 for openvpn-devel@lists.sourceforge.net; Wed, 09 Oct 2019 14:37:29 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Wed, 9 Oct 2019 16:34:16 +0200 Message-Id: <20191009143422.9419-4-a@unstable.cc> In-Reply-To: <20191009143422.9419-1-a@unstable.cc> References: <20191009143422.9419-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: unstable.cc] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [5.148.176.60 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1iID5i-00BOLl-V0 Subject: [Openvpn-devel] [PATCH 3/9] maddr: export VLAN ID from client context to maddr object X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox When receiving a packet from a client, the associated maddr needs to carry also the VID associated with that client. This way the VID can be appended to the packet later, if needed. This patch adds support for exporting the VID from the client context to the related per-packet maddr object. Signed-off-by: Fabian Knittel Signed-off-by: Antonio Quartulli Acked-by: Gert Doering --- src/openvpn/mroute.c | 54 +++++++++++++++++++++++++++++++------------- src/openvpn/mroute.h | 11 ++++++--- src/openvpn/multi.c | 3 +++ 3 files changed, 49 insertions(+), 19 deletions(-) diff --git a/src/openvpn/mroute.c b/src/openvpn/mroute.c index c52ef7b1..bdb1b0c0 100644 --- a/src/openvpn/mroute.c +++ b/src/openvpn/mroute.c @@ -58,7 +58,7 @@ static inline bool is_mac_mcast_maddr(const struct mroute_addr *addr) { return (addr->type & MR_ADDR_MASK) == MR_ADDR_ETHER - && is_mac_mcast_addr(addr->eth_addr); + && is_mac_mcast_addr(addr->ether.addr); } /* @@ -249,12 +249,15 @@ mroute_extract_addr_ip(struct mroute_addr *src, struct mroute_addr *dest, static void mroute_copy_ether_to_addr(struct mroute_addr *maddr, - const uint8_t *ether_addr) + const uint8_t *ether_addr, + uint16_t vid) { maddr->type = MR_ADDR_ETHER; maddr->netbits = 0; maddr->len = OPENVPN_ETH_ALEN; - memcpy(maddr->eth_addr, ether_addr, OPENVPN_ETH_ALEN); + memcpy(maddr->ether.addr, ether_addr, OPENVPN_ETH_ALEN); + maddr->len += sizeof(vid); + maddr->ether.vid = vid; } unsigned int @@ -262,6 +265,7 @@ mroute_extract_addr_ether(struct mroute_addr *src, struct mroute_addr *dest, struct mroute_addr *esrc, struct mroute_addr *edest, + uint16_t vid, const struct buffer *buf) { unsigned int ret = 0; @@ -270,11 +274,11 @@ mroute_extract_addr_ether(struct mroute_addr *src, const struct openvpn_ethhdr *eth = (const struct openvpn_ethhdr *) BPTR(buf); if (src) { - mroute_copy_ether_to_addr(src, eth->source); + mroute_copy_ether_to_addr(src, eth->source, vid); } if (dest) { - mroute_copy_ether_to_addr(dest, eth->dest); + mroute_copy_ether_to_addr(dest, eth->dest, vid); /* ethernet broadcast/multicast packet? */ if (is_mac_mcast_addr(eth->dest)) @@ -289,18 +293,35 @@ mroute_extract_addr_ether(struct mroute_addr *src, if (esrc || edest) { struct buffer b = *buf; - if (buf_advance(&b, sizeof(struct openvpn_ethhdr))) + if (!buf_advance(&b, sizeof(struct openvpn_ethhdr))) { - switch (ntohs(eth->proto)) - { - case OPENVPN_ETH_P_IPV4: - ret |= (mroute_extract_addr_ip(esrc, edest, &b) << MROUTE_SEC_SHIFT); - break; + return 0; + } - case OPENVPN_ETH_P_ARP: - ret |= (mroute_extract_addr_arp(esrc, edest, &b) << MROUTE_SEC_SHIFT); - break; + uint16_t proto = eth->proto; + if (proto == htons(OPENVPN_ETH_P_8021Q)) + { + if (!buf_advance(&b, SIZE_ETH_TO_8021Q_HDR)) + { + /* It's an 802.1Q packet, but doesn't have a full header, + * so something went wrong */ + return 0; } + + const struct openvpn_8021qhdr *tag; + tag = (const struct openvpn_8021qhdr *)BPTR(buf); + proto = tag->proto; + } + + switch (ntohs(proto)) + { + case OPENVPN_ETH_P_IPV4: + ret |= (mroute_extract_addr_ip(esrc, edest, &b) << MROUTE_SEC_SHIFT); + break; + + case OPENVPN_ETH_P_ARP: + ret |= (mroute_extract_addr_arp(esrc, edest, &b) << MROUTE_SEC_SHIFT); + break; } } #endif @@ -444,8 +465,9 @@ mroute_addr_print_ex(const struct mroute_addr *ma, switch (maddr.type & MR_ADDR_MASK) { case MR_ADDR_ETHER: - buf_printf(&out, "%s", format_hex_ex(ma->eth_addr, - sizeof(ma->eth_addr), 0, 1, ":", gc)); + buf_printf(&out, "%s", format_hex_ex(ma->ether.addr, + sizeof(ma->ether.addr), 0, 1, ":", gc)); + buf_printf(&out, "@%hu", ma->ether.vid); break; case MR_ADDR_IPV4: diff --git a/src/openvpn/mroute.h b/src/openvpn/mroute.h index 7fcd9956..113aa8c5 100644 --- a/src/openvpn/mroute.h +++ b/src/openvpn/mroute.h @@ -82,7 +82,10 @@ struct mroute_addr { * valid if MR_WITH_NETBITS is set */ union { uint8_t raw_addr[MR_MAX_ADDR_LEN]; /* actual address */ - uint8_t eth_addr[OPENVPN_ETH_ALEN]; + struct { + uint8_t addr[OPENVPN_ETH_ALEN]; + uint16_t vid; + } ether; struct { in_addr_t addr; /* _network order_ IPv4 address */ in_port_t port; /* _network order_ TCP/UDP port */ @@ -100,7 +103,7 @@ struct mroute_addr { /* Wrappers to support compilers that do not grok anonymous unions */ mroute_union #define raw_addr mroute_union.raw_addr -#define eth_addr mroute_union.eth_addr +#define ether mroute_union.ether #define v4 mroute_union.v4 #define v6 mroute_union.v6 #define v4mappedv6 mroute_union.v4mappedv6 @@ -178,6 +181,7 @@ unsigned int mroute_extract_addr_ether(struct mroute_addr *src, struct mroute_addr *dest, struct mroute_addr *esrc, struct mroute_addr *edest, + uint16_t vid, const struct buffer *buf); /* @@ -189,6 +193,7 @@ mroute_extract_addr_from_packet(struct mroute_addr *src, struct mroute_addr *dest, struct mroute_addr *esrc, struct mroute_addr *edest, + uint16_t vid, const struct buffer *buf, int tunnel_type) { @@ -200,7 +205,7 @@ mroute_extract_addr_from_packet(struct mroute_addr *src, } else if (tunnel_type == DEV_TYPE_TAP) { - ret = mroute_extract_addr_ether(src, dest, esrc, edest, buf); + ret = mroute_extract_addr_ether(src, dest, esrc, edest, vid, buf); } return ret; } diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 8caaa868..95b33e7a 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -2570,6 +2570,7 @@ multi_process_incoming_link(struct multi_context *m, struct multi_instance *inst &dest, NULL, NULL, + 0, &c->c2.to_tun, DEV_TYPE_TUN); @@ -2664,6 +2665,7 @@ multi_process_incoming_link(struct multi_context *m, struct multi_instance *inst #else NULL, #endif + 0, &c->c2.to_tun, DEV_TYPE_TAP); @@ -2791,6 +2793,7 @@ multi_process_incoming_tun(struct multi_context *m, const unsigned int mpp_flags NULL, #endif NULL, + 0, &m->top.c2.buf, dev_type);