From patchwork Thu Jun 7 19:20:17 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 358 X-Patchwork-Delegate: gert@greenie.muc.de Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director7.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net (Dovecot) with LMTP id 6+6ICWcSGlu8fgAAIUCqbw for ; Fri, 08 Jun 2018 01:21:43 -0400 Received: from proxy20.mail.ord1d.rsapps.net ([172.30.191.6]) by director7.mail.ord1d.rsapps.net (Dovecot) with LMTP id w/FYCWcSGlslUwAAovjBpQ ; Fri, 08 Jun 2018 01:21:43 -0400 Received: from smtp38.gate.ord1c ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy20.mail.ord1d.rsapps.net with LMTP id IPYrCWcSGlsIMQAAsk8m8w ; Fri, 08 Jun 2018 01:21:43 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp38.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: d405e588-6adb-11e8-b3dd-5452007bdf16-1-1 Received: from [216.105.38.7] ([216.105.38.7:25186] helo=lists.sourceforge.net) by smtp38.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id C8/C7-09784-6621A1B5; Fri, 08 Jun 2018 01:21:42 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1fR9pk-0000S8-JI; Fri, 08 Jun 2018 05:21:08 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1fR9pj-0000Rr-7Q for openvpn-devel@lists.sourceforge.net; Fri, 08 Jun 2018 05:21:07 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc: To:From:Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=P59UfPwdq6hizgiYI5L5gn0eupzEc84ZYRQqHgyVxko=; b=EpjHsx7pwouXugtyN3gmYazGcG 6TFK+D7qdtIPXCGxIi+fMtLvKH3YLacP3NbKxfDMX1oKVlsNfDb9ONcltfMYJxB+UyJlNeZ2dolap TsHenZJAj3RawAw4FmYiJg2+3LJujVCIL9w2Quc42tei2NDTtw4agZ0XmpS6ns5gkfJU=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=P59UfPwdq6hizgiYI5L5gn0eupzEc84ZYRQqHgyVxko=; b=JaEKkvCbSABOaF73GKrWpfEM7n AzC71kop5OzqqJG4zgxLgmo4zdfvf7BD4Mk4AqH/Vt/jCV97FQwljRhipQJlS1nsILFKyRD4nYGYk 8bR6reewH6Wg1krpolx+5FpIPRfcRyDjWu6CDtyDV5nc1OlqusqB+fG4N72u+BvnYB7o=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) id 1fR9ph-003Tzh-Qk for openvpn-devel@lists.sourceforge.net; Fri, 08 Jun 2018 05:21:07 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Fri, 8 Jun 2018 13:20:17 +0800 Message-Id: <20180608052017.6696-9-a@unstable.cc> In-Reply-To: <20180608052017.6696-1-a@unstable.cc> References: <20180608052017.6696-1-a@unstable.cc> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [5.148.176.60 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1fR9ph-003Tzh-Qk Subject: [Openvpn-devel] [PATCH v2 8/8] options: enable IPv4 redirection logic only if really required X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Antonio Quartulli If no IPv4 redirection flag is set, do not enable the IPv4 redireciton logic at all so that it won't bother adding any useless IPv4 route. At the same the warning message (for both IPv4 and IPv6) have been modified by removing the tunnel interface name, as routes being added might actually be going over other interfaces. Signed-off-by: Antonio Quartulli --- src/openvpn/options.c | 9 ++++++++- src/openvpn/route.c | 8 ++++---- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 4d9e4a3f..90dee4f2 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -6337,7 +6337,14 @@ add_option(struct options *options, /* we need this here to handle pushed --redirect-gateway */ remap_redirect_gateway_flags(options); #endif - options->routes->flags |= RG_ENABLE; + /* enable IPv4 redirection logic only if at least one IPv4 flag is set. + * For instance, when "redirect-gateway !ipv4 ipv6" is specified no + * IPv4 redirection should be activated. + */ + if (options->routes->flags) + { + options->routes->flags |= RG_ENABLE; + } } else if (streq(p[0], "remote-random-hostname") && !p[1]) { diff --git a/src/openvpn/route.c b/src/openvpn/route.c index 64fd08c0..a9c2934f 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -1174,9 +1174,9 @@ add_routes(struct route_list *rl, struct route_ipv6_list *rl6, const struct tunt if (rl->routes && !tt->did_ifconfig_setup) { msg(M_INFO, "WARNING: OpenVPN was configured to add an IPv4 " - "route over %s. However, no IPv4 has been configured for " + "route. However, no IPv4 has been configured for " "this interface, therefore the route installation may " - "fail or may not work as expected.", tt->actual_name); + "fail or may not work as expected."); } #ifdef ENABLE_MANAGEMENT @@ -1210,9 +1210,9 @@ add_routes(struct route_list *rl, struct route_ipv6_list *rl6, const struct tunt if (!tt->did_ifconfig_ipv6_setup) { msg(M_INFO, "WARNING: OpenVPN was configured to add an IPv6 " - "route over %s. However, no IPv6 has been configured for " + "route. However, no IPv6 has been configured for " "this interface, therefore the route installation may " - "fail or may not work as expected.", tt->actual_name); + "fail or may not work as expected."); } for (r = rl6->routes_ipv6; r; r = r->next)