From patchwork Wed Dec 5 10:07:34 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 629 X-Patchwork-Delegate: a@unstable.cc Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director10.mail.ord1d.rsapps.net ([172.31.255.6]) by backend30.mail.ord1d.rsapps.net with LMTP id KFB9Hm8+CFw0QAAAIUCqbw for ; Wed, 05 Dec 2018 16:09:03 -0500 Received: from proxy13.mail.iad3b.rsapps.net ([172.31.255.6]) by director10.mail.ord1d.rsapps.net with LMTP id 0B9UG28+CFw1TwAApN4f7A ; Wed, 05 Dec 2018 16:09:03 -0500 Received: from smtp25.gate.iad3b ([172.31.255.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy13.mail.iad3b.rsapps.net with LMTP id 0C66FG8+CFztAQAAvUvv+w ; Wed, 05 Dec 2018 16:09:03 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp25.gate.iad3b.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=greenie.muc.de X-Suspicious-Flag: YES X-Classification-ID: fd7f2986-f8d1-11e8-a332-52540030a522-1-1 Received: from [216.105.38.7] ([216.105.38.7:5761] helo=lists.sourceforge.net) by smtp25.gate.iad3b.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 66/69-31938-E6E380C5; Wed, 05 Dec 2018 16:09:02 -0500 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1gUeOh-0007Ai-EK; Wed, 05 Dec 2018 21:07:55 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1gUeOg-0007Ab-8M for openvpn-devel@lists.sourceforge.net; Wed, 05 Dec 2018 21:07:54 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc: MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=8FThkzADlLiFjGyqPN9OBEw666cQ/fODiuaLNMKezXE=; b=XkQC26toDADcvmesRL1g07XkyY mLBjifHdynOEYr+QC9n1TvAFHte9BD1WfjotF8Oa0dqWd6ltaUb8UcMlN3B1sHEU/BK5b9IBvMSxk YDC8sDd4rWa17rigQaTNcD7tt9xNCk8wVFR0tpwLwq6poqy2Vfsu+mgIj/NPm7VvJzL8=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=8FThkzADlLiFjGyqPN9OBEw666cQ/fODiuaLNMKezXE=; b=YBL/be4NwoButMqRnR+ib3qm4R rgOdroI+gc8dpbLCN9ntqWG9WGckd/VSfVUfCLAvsupMRhckk5/x/F9P5H1WBLU0YfKiZ3NmLc5g9 RLCp8IH//Ow8S6/UO/b+d7boGEQ80au1jixWMvZktgSxcegJj1kyZr/+WPqSGCnlJs0c=; Received: from [193.149.48.178] (helo=chekov.greenie.muc.de) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) id 1gUeOd-003IX8-Mv for openvpn-devel@lists.sourceforge.net; Wed, 05 Dec 2018 21:07:54 +0000 Received: from chekov.greenie.muc.de (localhost [127.0.0.1]) by chekov.greenie.muc.de (8.15.2/8.15.2) with ESMTPS id wB5L7Yse062607 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Wed, 5 Dec 2018 22:07:34 +0100 (CET) (envelope-from gert@chekov.greenie.muc.de) Received: (from gert@localhost) by chekov.greenie.muc.de (8.15.2/8.15.2/Submit) id wB5L7Y14062606 for openvpn-devel@lists.sourceforge.net; Wed, 5 Dec 2018 22:07:34 +0100 (CET) (envelope-from gert) From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Wed, 5 Dec 2018 22:07:34 +0100 Message-Id: <20181205210734.62565-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.18.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 1.0 RDNS_NONE Delivered to internal network by a host with no rDNS -0.5 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1gUeOd-003IX8-Mv Subject: [Openvpn-devel] [PATCH] Stop complaining about IPv6 routes without gateway address. X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox The IPv6 routing code inherited assumptions and the message "OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options" from the IPv4 routing code. This was never really correct, as no gateway is needed for "into tun device" IPv6 routes, and the "--route-ipv6-gateway" option it refers to also never existed. (Routes on tap interfaces *do* need a gateway due to neighbour discovery being involved. As do routes on Windows, but there we fake the gateway in tun mode anyway). Change the code to generally accept IPv6 routes with no gateway specification (so "--block-ipv6 --redirect-gateway ipv6" can work without additional config). When installing IPv6 routes, check if a gateway is needed (tap mode) but missing, and if yes, print correct message. Trac: #1143 Signed-off-by: Gert Doering --- src/openvpn/route.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/src/openvpn/route.c b/src/openvpn/route.c index d97e8dba..cf51063b 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -448,11 +448,6 @@ init_route_ipv6(struct route_ipv6 *r6, { r6->gateway = rl6->remote_endpoint_ipv6; } - else - { - msg(M_WARN, PACKAGE_NAME " ROUTE6: " PACKAGE_NAME " needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options"); - goto fail; - } /* metric */ @@ -1917,6 +1912,16 @@ add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt, unsigned int flag gateway_needed = true; } + if (gateway_needed && IN6_IS_ADDR_UNSPECIFIED(&r6->gateway) ) + { + msg(M_WARN, "ROUTE6 WARNING: " PACKAGE_NAME " needs a gateway " + "parameter for a --route-ipv6 option and no default was set via " + "--ifconfig-ipv6 option. Not installing IPv6 route to %s/%d.", + network, r6->netbits ); + status = false; + goto done; + } + #if defined(TARGET_LINUX) #ifdef ENABLE_IPROUTE argv_printf(&argv, "%s -6 route add %s/%d dev %s", @@ -2114,6 +2119,7 @@ add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt, unsigned int flag msg(M_FATAL, "Sorry, but I don't know how to do 'route ipv6' commands on this operating system. Try putting your routes in a --route-up script"); #endif /* if defined(TARGET_LINUX) */ +done: if (status) { r6->flags |= RT_ADDED;