From patchwork Mon Sep 7 03:17:34 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vladislav Grishenko X-Patchwork-Id: 1414 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director8.mail.ord1d.rsapps.net ([172.27.255.58]) by backend30.mail.ord1d.rsapps.net with LMTP id KNhJFWEzVl8GDQAAIUCqbw (envelope-from ) for ; Mon, 07 Sep 2020 09:19:29 -0400 Received: from proxy2.mail.iad3a.rsapps.net ([172.27.255.58]) by director8.mail.ord1d.rsapps.net with LMTP id WIQsFWEzVl+USgAAfY0hYg (envelope-from ) for ; Mon, 07 Sep 2020 09:19:29 -0400 Received: from smtp29.gate.iad3a ([172.27.255.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy2.mail.iad3a.rsapps.net with LMTPS id qIf/DGEzVl9mSwAABcWvHw (envelope-from ) for ; Mon, 07 Sep 2020 09:19:29 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp29.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=yandex-team.ru; dmarc=fail (p=none; dis=none) header.from=yandex-team.ru X-Suspicious-Flag: YES X-Classification-ID: c19af848-f10c-11ea-ab5b-52540071c87c-1-1 Received: from [216.105.38.7] ([216.105.38.7:48986] helo=lists.sourceforge.net) by smtp29.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 89/FB-19217-063365F5; Mon, 07 Sep 2020 09:19:28 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1kFH2B-00019e-LC; Mon, 07 Sep 2020 13:18:11 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kFH29-00019W-0A for openvpn-devel@lists.sourceforge.net; Mon, 07 Sep 2020 13:18:09 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc: MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=sbouWw/kCtGbEQlc2KKkM+HYyJy5ez7xvppEla171K8=; b=bV9qXmlAxElvM3P6E4xYwtkvEj 8aVZG1qruHN9VArk4uxJ2Q3EsRdVbLUo0A/uOBRwugHA6HgtRBqlomRl0yiKlBQFOT7yN7V1wHGS9 iN5HZ+8BmMasRSTqu/HRXGCSveOOzFIIoa1v/Qc0rEBImGHGauqMdei2yVo/dSY5qS/o=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=sbouWw/kCtGbEQlc2KKkM+HYyJy5ez7xvppEla171K8=; b=eStY/npSG3SpKWumKcBFSo2GWm uCqjUtKNOxU2nWVK+Bn9FUTJ/B6R4kMmH/Kemnaxrw9kul/TjW0qciqr1H6EoG6HAogjrj9b354Sy FAubhrFJdox5FtcWk/zuLB1Fznu4QuSvNtCptYz8CO0bb6YeswSS9hdkF0p/sdJM5MBM=; Received: from forwardcorp1j.mail.yandex.net ([5.45.199.163]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1kFH22-00FWed-H2 for openvpn-devel@lists.sourceforge.net; Mon, 07 Sep 2020 13:18:08 +0000 Received: from sas1-ec30c78b6c5b.qloud-c.yandex.net (sas1-ec30c78b6c5b.qloud-c.yandex.net [IPv6:2a02:6b8:c14:2704:0:640:ec30:c78b]) by forwardcorp1j.mail.yandex.net (Yandex) with ESMTP id 3CB012E1500 for ; Mon, 7 Sep 2020 16:17:44 +0300 (MSK) Received: from sas2-32987e004045.qloud-c.yandex.net (sas2-32987e004045.qloud-c.yandex.net [2a02:6b8:c08:b889:0:640:3298:7e00]) by sas1-ec30c78b6c5b.qloud-c.yandex.net (mxbackcorp/Yandex) with ESMTP id DH2gFMXfYA-Hiw4Dp0t; Mon, 07 Sep 2020 16:17:44 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex-team.ru; s=default; t=1599484664; bh=sbouWw/kCtGbEQlc2KKkM+HYyJy5ez7xvppEla171K8=; h=Message-Id:Date:Subject:To:From; b=EMtykUKjY5LmPaDU/WBe9XfgVIFK0icst8CyFAcDftIrZgIOHLGDYgmStVN2y7Mw+ Y2BTfW52voJshaaK4sc1+IHYQH6qudqJUykIS2kcoVVRpuJ9Twu2QTuIYiF00+kxrX xtJDm0+P4u8hr3A2u+YE0Xky/T+MG4sv38I+os8s= Received: from 178.154.189.45-vpn.dhcp.yndx.net (178.154.189.45-vpn.dhcp.yndx.net [178.154.189.45]) by sas2-32987e004045.qloud-c.yandex.net (smtpcorp/Yandex) with ESMTPSA id eYkDp5PNG6-Hhl8SnSl; Mon, 07 Sep 2020 16:17:43 +0300 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client certificate not present) From: Vladislav Grishenko To: openvpn-devel@lists.sourceforge.net Date: Mon, 7 Sep 2020 18:17:34 +0500 Message-Id: <20200907131734.31164-1-themiron@yandex-team.ru> X-Mailer: git-send-email 2.17.1 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1kFH22-00FWed-H2 Subject: [Openvpn-devel] [PATCH] Fix best gateway selection over netlink X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Netlink route request with NLM_F_DUMP flag set means to return all entries matching criteria passed in message content - matching supplied dst address in our case. So, gateway from the first returned route was always used even there were more specific routes present. By a chance, after route refactoring in ~2.6.38 first route is the default route, so default gateway was always used, hiding the problem. On earlier kernels default route is the last one, so route w/o gateway is likely be returned as first causes gateway always to be 0.0.0.0. Fix this behavior by requesting exact route, not dump along with specifying correct dst perfix size. Tested on 5.4.0, 4.1.51 and 2.6.36 kernels. Signed-off-by: Vladislav Grishenko --- src/openvpn/networking_sitnl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/openvpn/networking_sitnl.c b/src/openvpn/networking_sitnl.c index 713a213a..150dfa5c 100644 --- a/src/openvpn/networking_sitnl.c +++ b/src/openvpn/networking_sitnl.c @@ -477,11 +477,12 @@ sitnl_route_best_gw(sa_family_t af_family, const inet_address_t *dst, { case AF_INET: res.addr_size = sizeof(in_addr_t); - req.n.nlmsg_flags |= NLM_F_DUMP; + req.r.rtm_dst_len = 32; break; case AF_INET6: res.addr_size = sizeof(struct in6_addr); + req.r.rtm_dst_len = 128; break; default: