From patchwork Thu Nov 7 06:45:28 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lev Stipakov X-Patchwork-Id: 883 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director9.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id AC14Cg9ZxF3fUAAAIUCqbw for ; Thu, 07 Nov 2019 12:49:03 -0500 Received: from proxy5.mail.ord1d.rsapps.net ([172.30.191.6]) by director9.mail.ord1d.rsapps.net with LMTP id WM44Cg9ZxF1TCAAAalYnBA ; Thu, 07 Nov 2019 12:49:03 -0500 Received: from smtp13.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy5.mail.ord1d.rsapps.net with LMTP id yGi7CQ9ZxF3cDQAA8Zzt7w ; Thu, 07 Nov 2019 12:49:03 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp13.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=gmail.com; dmarc=fail (p=none; dis=none) header.from=gmail.com X-Suspicious-Flag: YES X-Classification-ID: e258a54c-0186-11ea-94d0-525400b197d9-1-1 Received: from [216.105.38.7] ([216.105.38.7:48574] helo=lists.sourceforge.net) by smtp13.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 87/82-13012-E0954CD5; Thu, 07 Nov 2019 12:49:02 -0500 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1iSlt7-0003SS-98; Thu, 07 Nov 2019 17:48:05 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1iSlt4-0003Ra-1U for openvpn-devel@lists.sourceforge.net; Thu, 07 Nov 2019 17:48:02 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc: To:From:Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Z4jZZaE7732K+bRAonQYM1UAC/e++1ro5BbAHUtTtcM=; b=YXbC4FfJDZf3xcIDDYXWYKxsxI TqzVvuWG2dd/GO1MBliaq3BzYcBIFYVYnr03hiBHFhEkLmM5595ZVJP7TAPvJuwAAafvfAatqDVHr yLR6O0eFcA5aOn5f7emHBNgMY6nCQdkuPuDrFmlW7Moe64KHCOlfGKz36FHV+Uk4hbYA=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Z4jZZaE7732K+bRAonQYM1UAC/e++1ro5BbAHUtTtcM=; b=cY+wD05ByJJS9UnzC3V+ZM2bJd FcHHwK6gqbEg4RYjvP/4lIR/YcYFfCrqt8gZuj4Wr9JPOdck8bHK64ZHCcT7k0ntmYQYX8LxWN114 RJ0SP3K7cyV0MjDmI0LkeDBRqxmPGbKuqersGb+CmEgsfyPE381W2KrhHzKQyxfLcuzw=; Received: from mail-wr1-f68.google.com ([209.85.221.68]) by sfi-mx-4.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92.2) id 1iSlt0-0040zT-4x for openvpn-devel@lists.sourceforge.net; Thu, 07 Nov 2019 17:48:02 +0000 Received: by mail-wr1-f68.google.com with SMTP id t1so4068494wrv.4 for ; Thu, 07 Nov 2019 09:47:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Z4jZZaE7732K+bRAonQYM1UAC/e++1ro5BbAHUtTtcM=; b=gReEVh/HK9Ogj/hLlIqjHNovMNB4zXc/6DhtLaHTPr7cjUABC9KF1AADB81ecGKRZF sg7n+d3C7SOxMLWsnhDaBuAWmG66X20ILPRdZiGU4rN9gknjfcO9OA+O9g+aJ99r/pE1 NPWN08kAJxZI/ekozLTroR9rJkAEloGEO0gSejqTFLXW7hydaijNV4MhJmQY+mjIlnef igY3HL1qcYlZ+hULzwDpj5Yz9jxEPV1zDEaqpo4atH8UkbLXO4eJ6mk07LGLvww2xs7O jberfrJLdh8R8cxGHyLroklSMjmsqb/3TUfR6tvcY3y3eTjO21LtCQui3QH0mM8fur98 56Pw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Z4jZZaE7732K+bRAonQYM1UAC/e++1ro5BbAHUtTtcM=; b=WjonphyK3AyIgRRfOpwA0SLAwRQCFGmIY8hRhxtqFestz/I/YdYxgqy+L8A1+1LEZJ Rm9eEafC9x6yORzvChEja5E9LBmqEUmCLj8LsOEc+bafEiQ+4aypjuCJGDW8J5oovXhS ktkWEEgmoy5vYYsGB/DkI0yNCw7uOq66XQ2qVek17OLm6l5Tucx9D3ah5IKDexIv3HC9 pkhPgRUL3xH0Rt2JpoY0gEix4tO/1Nozf/3uezMmXMg4XtrxxXXy9Fan9zKGLXRa4DMl bkW1iGWT0kvOLdbFRfSqK8sset92i4dvxDuAkZoQPSi9T/ZdvjfeqUwlqyBKIFrN224S daUQ== X-Gm-Message-State: APjAAAUiMnu5uK43MrcrJAoOnh92OnhIt72UbcoTASX6z3KAQqHK70ej xSinBSxXMbOzH/UVhtMOu5fUlOOwL6/Q5Q== X-Google-Smtp-Source: APXvYqw+ncpecAL0CaFRJUfwK5/WZIuzBAdWVUOQp5Pk48wrLCDFf1TbkUYuEnwpgGk19lCH+9GanQ== X-Received: by 2002:adf:e78c:: with SMTP id n12mr3824441wrm.94.1573148870982; Thu, 07 Nov 2019 09:47:50 -0800 (PST) Received: from stipakov.fi (stipakov.fi. [128.199.52.117]) by smtp.gmail.com with ESMTPSA id l13sm2527752wmh.12.2019.11.07.09.47.50 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 07 Nov 2019 09:47:50 -0800 (PST) From: Lev Stipakov To: openvpn-devel@lists.sourceforge.net Date: Thu, 7 Nov 2019 19:45:28 +0200 Message-Id: <1573148729-27339-7-git-send-email-lstipakov@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1573148729-27339-1-git-send-email-lstipakov@gmail.com> References: <1573148729-27339-1-git-send-email-lstipakov@gmail.com> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: openvpn.net] 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (lstipakov[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.221.68 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.221.68 listed in wl.mailspike.net] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1iSlt0-0040zT-4x Subject: [Openvpn-devel] [PATCH v2 6/7] wintun: set adapter properties via interactive service X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Lev Stipakov MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Lev Stipakov Since Wintun doesn't do DHCP, use interactive service calls to set up adapter properties. This also fixes bug in previously unused IPv4 code of do_address_service(): - ipv4 address must be in network byte order - prefix length cannot be hardcoded /32 but must be calculated from netmask Signed-off-by: Lev Stipakov Acked-by: Simon Rozman --- src/openvpn/route.c | 2 +- src/openvpn/route.h | 3 ++- src/openvpn/tun.c | 77 +++++++++++++++++++++++++++++++++++++++++------------ 3 files changed, 63 insertions(+), 19 deletions(-) diff --git a/src/openvpn/route.c b/src/openvpn/route.c index 97e90e5..cc6d551 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -3019,7 +3019,7 @@ out: return ret; } -static bool +bool do_route_ipv4_service(const bool add, const struct route_ipv4 *r, const struct tuntap *tt) { DWORD if_index = windows_route_find_if_index(r, tt); diff --git a/src/openvpn/route.h b/src/openvpn/route.h index 2e68091..27b652c 100644 --- a/src/openvpn/route.h +++ b/src/openvpn/route.h @@ -321,7 +321,8 @@ void setenv_routes(struct env_set *es, const struct route_list *rl); void setenv_routes_ipv6(struct env_set *es, const struct route_ipv6_list *rl6); - +bool do_route_ipv4_service(const bool add, const struct route_ipv4 *r, + const struct tuntap *tt); bool is_special_addr(const char *addr_str); diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index ef1415c..c3ea4a8 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -109,8 +109,8 @@ do_address_service(const bool add, const short family, const struct tuntap *tt) if (addr.family == AF_INET) { - addr.address.ipv4.s_addr = tt->local; - addr.prefix_len = 32; + addr.address.ipv4.s_addr = htonl(tt->local); + addr.prefix_len = netmask_to_netbits2(tt->adapter_netmask); } else { @@ -139,13 +139,17 @@ out: } static bool -do_dns6_service(bool add, const struct tuntap *tt) +do_dns_service(bool add, const short family, const struct tuntap *tt) { bool ret = false; ack_message_t ack; struct gc_arena gc = gc_new(); HANDLE pipe = tt->options.msg_channel; - int addr_len = add ? tt->options.dns6_len : 0; + int len = family == AF_INET6 ? tt->options.dns6_len : tt->options.dns_len; + int addr_len = add ? len : 0; + char ip_proto_name[5]; + + strcpy(ip_proto_name, family == AF_INET6 ? "IPv6" : "IPv4"); if (addr_len == 0 && add) /* no addresses to add */ { @@ -160,7 +164,7 @@ do_dns6_service(bool add, const struct tuntap *tt) }, .iface = { .index = tt->adapter_index, .name = "" }, .domains = "", - .family = AF_INET6, + .family = family, .addr_len = addr_len }; @@ -172,17 +176,24 @@ do_dns6_service(bool add, const struct tuntap *tt) { addr_len = _countof(dns.addr); dns.addr_len = addr_len; - msg(M_WARN, "Number of IPv6 DNS addresses sent to service truncated to %d", - addr_len); + msg(M_WARN, "Number of %s DNS addresses sent to service truncated to %d", + ip_proto_name, addr_len); } for (int i = 0; i < addr_len; ++i) { - dns.addr[i].ipv6 = tt->options.dns6[i]; + if (family == AF_INET6) + { + dns.addr[i].ipv6 = tt->options.dns6[i]; + } + else + { + dns.addr[i].ipv4.s_addr = htonl(tt->options.dns[i]); + } } - msg(D_LOW, "%s IPv6 dns servers on '%s' (if_index = %d) using service", - (add ? "Setting" : "Deleting"), dns.iface.name, dns.iface.index); + msg(D_LOW, "%s %s dns servers on '%s' (if_index = %d) using service", + (add ? "Setting" : "Deleting"), ip_proto_name, dns.iface.name, dns.iface.index); if (!send_msg_iservice(pipe, &dns, sizeof(dns), &ack, "TUN")) { @@ -191,13 +202,13 @@ do_dns6_service(bool add, const struct tuntap *tt) if (ack.error_number != NO_ERROR) { - msg(M_WARN, "TUN: %s IPv6 dns failed using service: %s [status=%u if_name=%s]", - (add ? "adding" : "deleting"), strerror_win32(ack.error_number, &gc), + msg(M_WARN, "TUN: %s %s dns failed using service: %s [status=%u if_name=%s]", + (add ? "adding" : "deleting"), ip_proto_name, strerror_win32(ack.error_number, &gc), ack.error_number, dns.iface.name); goto out; } - msg(M_INFO, "IPv6 dns servers %s using service", (add ? "set" : "deleted")); + msg(M_INFO, "%s dns servers %s using service", ip_proto_name, (add ? "set" : "deleted")); ret = true; out: @@ -830,7 +841,7 @@ init_tun_post(struct tuntap *tt, * an extra call to "route add..." * -> helper function to simplify code below */ -void +static void add_route_connected_v6_net(struct tuntap *tt, const struct env_set *es) { @@ -862,6 +873,21 @@ delete_route_connected_v6_net(struct tuntap *tt, } #endif /* if defined(_WIN32) || defined(TARGET_DARWIN) || defined(TARGET_NETBSD) || defined(TARGET_OPENBSD) */ +#if defined(_WIN32) +void +do_route_ipv4_service_tun(bool add, const struct tuntap *tt) +{ + struct route_ipv4 r4; + CLEAR(r4); + r4.network = tt->local & tt->remote_netmask; + r4.netmask = tt->remote_netmask; + r4.gateway = tt->local; + r4.metric = 0; /* connected route */ + r4.flags = RT_DEFINED | RT_METRIC_DEFINED; + do_route_ipv4_service(add, &r4, tt); +} +#endif + #if defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \ || defined(TARGET_NETBSD) || defined(TARGET_OPENBSD) /* we can't use true subnet mode on tun on all platforms, as that @@ -1018,7 +1044,7 @@ do_ifconfig_ipv6(struct tuntap *tt, const char *ifname, int tun_mtu, else if (tt->options.msg_channel) { do_address_service(true, AF_INET6, tt); - do_dns6_service(true, tt); + do_dns_service(true, AF_INET6, tt); } else { @@ -1400,8 +1426,16 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, int tun_mtu, { ASSERT(ifname != NULL); - switch (tt->options.ip_win32_type) + if (tt->options.msg_channel && tt->wintun) + { + do_address_service(true, AF_INET, tt); + do_route_ipv4_service_tun(true, tt); + do_dns_service(true, AF_INET, tt); + } + else { + switch (tt->options.ip_win32_type) + { case IPW32_SET_MANUAL: msg(M_INFO, "******** NOTE: Please manually set the IP/netmask of '%s' to %s/%s (if it is not already set)", @@ -1414,6 +1448,7 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, int tun_mtu, tt->adapter_netmask, NI_IP_NETMASK|NI_OPTIONS); break; + } } } @@ -6140,6 +6175,7 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun } /* possibly use IP Helper API to set IP address on adapter */ + if (!tt->wintun) { const DWORD index = tt->adapter_index; @@ -6350,7 +6386,7 @@ close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx) do_address_service(false, AF_INET6, tt); if (tt->options.dns6_len > 0) { - do_dns6_service(false, tt); + do_dns_service(false, AF_INET6, tt); } } else @@ -6387,6 +6423,13 @@ close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx) } } #if 1 + if (tt->wintun && tt->options.msg_channel) + { + do_route_ipv4_service_tun(false, tt); + do_address_service(false, AF_INET, tt); + do_dns_service(false, AF_INET, tt); + } + else if (tt->ipapi_context_defined) { DWORD status;