From patchwork Wed Dec 5 10:40:37 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 630 X-Patchwork-Delegate: a@unstable.cc Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director9.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id 4LWRLRZGCFzyVQAAIUCqbw for ; Wed, 05 Dec 2018 16:41:42 -0500 Received: from proxy18.mail.ord1d.rsapps.net ([172.30.191.6]) by director9.mail.ord1d.rsapps.net with LMTP id 4Mh5LRZGCFwwaAAAalYnBA ; Wed, 05 Dec 2018 16:41:42 -0500 Received: from smtp37.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy18.mail.ord1d.rsapps.net with LMTP id aMr/LBZGCFx4CgAATCaURg ; Wed, 05 Dec 2018 16:41:42 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp37.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=greenie.muc.de X-Suspicious-Flag: YES X-Classification-ID: 8d73bd14-f8d6-11e8-bd54-525400a11cf3-1-1 Received: from [216.105.38.7] ([216.105.38.7:8607] helo=lists.sourceforge.net) by smtp37.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id FD/67-18017-616480C5; Wed, 05 Dec 2018 16:41:42 -0500 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1gUeuW-00006q-Nz; Wed, 05 Dec 2018 21:40:48 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1gUeuU-00006g-Rv for openvpn-devel@lists.sourceforge.net; Wed, 05 Dec 2018 21:40:46 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:To: From:Sender:Reply-To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=4NYTBPLiGz8/xkaCEQPwrOL0kfbwq5Ku8HPyoEQuvqI=; b=D+1+i+kNBGyKbRJgPZPant4ac2 CKQt7vRx/+unHwEOkMaFqy1cNrMyyEgxBPK7CbBzoeCxFIfosTmOIgH9WvHG+sPEs0jDDuuKENtEn ElfTuH/QeEdbvZsXvVF6clcwQoVfjjLyUOIVEHmtCJRbXQvSb/FRz5uki+retZ563s3c=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=4NYTBPLiGz8/xkaCEQPwrOL0kfbwq5Ku8HPyoEQuvqI=; b=ZrFrEIA1yyCXuTAvLpdADV7s4Z 8ubDWB/v89yQCyZpwJp/dcBvKqEmdawp3ockqygJS/QgGxY3kaZ6D8GU2dk7wgaqhHfYvLSXhCVrY q5kpU5FeMbg8TQRb639EARB9WyUOEjYW8Z2zrluQ0ZVbpZrryGC/Yck+hf4WnOuy2weE=; Received: from chekov.greenie.muc.de ([193.149.48.178]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) id 1gUeuS-003KEZ-TD for openvpn-devel@lists.sourceforge.net; Wed, 05 Dec 2018 21:40:46 +0000 Received: from chekov.greenie.muc.de (localhost [127.0.0.1]) by chekov.greenie.muc.de (8.15.2/8.15.2) with ESMTPS id wB5Leb24070825 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Wed, 5 Dec 2018 22:40:37 +0100 (CET) (envelope-from gert@chekov.greenie.muc.de) Received: (from gert@localhost) by chekov.greenie.muc.de (8.15.2/8.15.2/Submit) id wB5LebHp070824 for openvpn-devel@lists.sourceforge.net; Wed, 5 Dec 2018 22:40:37 +0100 (CET) (envelope-from gert) From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Wed, 5 Dec 2018 22:40:37 +0100 Message-Id: <20181205214037.70783-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20181205212453.GR962@greenie.muc.de> References: <20181205212453.GR962@greenie.muc.de> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.1 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1gUeuS-003KEZ-TD Subject: [Openvpn-devel] [PATCH v2] Stop complaining about IPv6 routes without gateway address. X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox The IPv6 routing code inherited assumptions and the message "OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options" from the IPv4 routing code. This was never really correct, as no gateway is needed for "into tun device" IPv6 routes, and the "--route-ipv6-gateway" option it refers to also never existed. (Routes on tap interfaces *do* need a gateway due to neighbour discovery being involved. As do routes on Windows, but there we fake the gateway in tun mode anyway). While commit d24e1b179b95 introduces support for "--route-ipv6-gateway", the message is still falsely triggered for IPv6 routes in tun mode. Change the code to generally accept IPv6 routes with no gateway specification (so "--block-ipv6 --redirect-gateway ipv6" can work without additional config). When installing IPv6 routes, check if a gateway is needed (tap mode) but missing, and if yes, print correct message. Trac: #1143 Signed-off-by: Gert Doering Acked-by: Antonio Quartulli --- src/openvpn/route.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/src/openvpn/route.c b/src/openvpn/route.c index d97e8dba..ac38bf15 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -448,11 +448,6 @@ init_route_ipv6(struct route_ipv6 *r6, { r6->gateway = rl6->remote_endpoint_ipv6; } - else - { - msg(M_WARN, PACKAGE_NAME " ROUTE6: " PACKAGE_NAME " needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options"); - goto fail; - } /* metric */ @@ -1917,6 +1912,16 @@ add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt, unsigned int flag gateway_needed = true; } + if (gateway_needed && IN6_IS_ADDR_UNSPECIFIED(&r6->gateway) ) + { + msg(M_WARN, "ROUTE6 WARNING: " PACKAGE_NAME " needs a gateway " + "parameter for a --route-ipv6 option and no default was set via " + "--ifconfig-ipv6 or --route-ipv6-gateway option. Not installing " + "IPv6 route to %s/%d.", network, r6->netbits ); + status = false; + goto done; + } + #if defined(TARGET_LINUX) #ifdef ENABLE_IPROUTE argv_printf(&argv, "%s -6 route add %s/%d dev %s", @@ -2114,6 +2119,7 @@ add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt, unsigned int flag msg(M_FATAL, "Sorry, but I don't know how to do 'route ipv6' commands on this operating system. Try putting your routes in a --route-up script"); #endif /* if defined(TARGET_LINUX) */ +done: if (status) { r6->flags |= RT_ADDED;