From patchwork Tue Apr 13 02:20:05 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Vladislav Grishenko <themiron@yandex-team.ru>
X-Patchwork-Id: 1737
X-Patchwork-Delegate: a@unstable.cc
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director11.mail.ord1d.rsapps.net ([172.31.255.6])
	by backend30.mail.ord1d.rsapps.net with LMTP
	id uEtxHGuQdWAHEQAAIUCqbw
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Tue, 13 Apr 2021 08:36:59 -0400
Received: from proxy4.mail.iad3b.rsapps.net ([172.31.255.6])
	by director11.mail.ord1d.rsapps.net with LMTP
	id ELImHGuQdWAtOQAAvGGmqA
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Tue, 13 Apr 2021 08:36:59 -0400
Received: from smtp3.gate.iad3b ([172.31.255.6])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy4.mail.iad3b.rsapps.net with LMTPS
	id ANSmFmuQdWDCLQAA9crAow
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Tue, 13 Apr 2021 08:36:59 -0400
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: openvpnslackdevel@openvpn.net
X-Originating-Ip: [216.105.38.7]
Authentication-Results: smtp3.gate.iad3b.rsapps.net;
 iprev=pass policy.iprev="216.105.38.7";
 spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net"
 smtp.helo="lists.sourceforge.net";
 dkim=fail (signature verification failed) header.d=sourceforge.net;
 dkim=fail (signature verification failed) header.d=sf.net;
 dkim=fail (signature verification failed) header.d=yandex-team.ru;
 dmarc=fail (p=none; dis=none) header.from=yandex-team.ru
X-Suspicious-Flag: YES
X-Classification-ID: ef784b28-9c54-11eb-a575-525400bb3479-1-1
Received: from [216.105.38.7] ([216.105.38.7:39540]
 helo=lists.sourceforge.net)
	by smtp3.gate.iad3b.rsapps.net (envelope-from
 <openvpn-devel-bounces@lists.sourceforge.net>)
	(ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384)
	id E5/67-18839-96095706; Tue, 13 Apr 2021 08:36:58 -0400
Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com)
	by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.92.3)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1lWIGz-0002TG-3d; Tue, 13 Apr 2021 12:36:05 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
 by sfs-ml-2.v29.lw.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3)
 (envelope-from <themiron@yandex-team.ru>) id 1lWIGx-0002T8-7W
 for openvpn-devel@lists.sourceforge.net; Tue, 13 Apr 2021 12:36:03 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:
 MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=W90T1BUKWPoz3Xad4W9I3BMqaWajY4U9Oh4WHtphpnA=; b=S8TT0Hn32OReoMOxERgH3e0GBs
 mGX4vNGJszgb7I+LLxgMfAjG9W5s7+1M1cp+LWDDyhKFVxcEYom5vgbzEgLKnHGT8x2IANpNW37QN
 RbZ8/ivccTylnLDMbpq0dihC54+pa0A2+/1G4VhmYGuMowiBsarj6fbA6Brs6HBCDixg=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:MIME-Version:
 Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:
 Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
 In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=W90T1BUKWPoz3Xad4W9I3BMqaWajY4U9Oh4WHtphpnA=; b=cUATSk1JTAd9md9GV0q81pwUsK
 4sOdpDfSzD5ojBZnvxXNjBeq0cDn+hyWFu/DGljy1gEd3yqaDQXkqTMNd1lob/SACOdT/0I3xxCie
 AKJUA5Su0FnF4y8QAgDjhbPk3IlPyvCLF6Ed4k5Kp3SbTjjFFXnvWocGYNnEn4wBKQ9Q=;
Received: from forwardcorp1j.mail.yandex.net ([5.45.199.163])
 by sfi-mx-1.v28.lw.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2)
 id 1lWIGn-00Fi3Q-Eh
 for openvpn-devel@lists.sourceforge.net; Tue, 13 Apr 2021 12:36:03 +0000
Received: from iva8-d077482f1536.qloud-c.yandex.net
 (iva8-d077482f1536.qloud-c.yandex.net
 [IPv6:2a02:6b8:c0c:2f26:0:640:d077:482f])
 by forwardcorp1j.mail.yandex.net (Yandex) with ESMTP id 0396F2E163D
 for <openvpn-devel@lists.sourceforge.net>;
 Tue, 13 Apr 2021 15:20:15 +0300 (MSK)
Received: from iva4-f06c35e68a0a.qloud-c.yandex.net
 (iva4-f06c35e68a0a.qloud-c.yandex.net [2a02:6b8:c0c:152e:0:640:f06c:35e6])
 by iva8-d077482f1536.qloud-c.yandex.net (mxbackcorp/Yandex) with ESMTP id
 fn25Qg4Aye-KE0KEqn3; Tue, 13 Apr 2021 15:20:14 +0300
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex-team.ru;
 s=default;
 t=1618316414; bh=W90T1BUKWPoz3Xad4W9I3BMqaWajY4U9Oh4WHtphpnA=;
 h=Message-Id:Date:Subject:To:From;
 b=ZN606fitv4BH4kUwscYi9JdOJSwNKUoOW8TnDw7Fu6rCzzXM9SQdrN0TlOgBPkEKS
 /8lu1gQUuxhDBGM5QsR3PLZ1UcDijRispnltghUuQpY+KO9dZygSM4uE1DaqZRERZD
 ZG8t12j0pQ+CUI501WeLWVqDrT2EEA7GlA2CD+kA=
Received: from unknown (unknown [95.108.219.204])
 by iva4-f06c35e68a0a.qloud-c.yandex.net (smtpcorp/Yandex) with ESMTPSA id
 m7AexvVbfi-KEpGDgsu; Tue, 13 Apr 2021 15:20:14 +0300
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
 (Client certificate not present)
From: Vladislav Grishenko <themiron@yandex-team.ru>
To: openvpn-devel@lists.sourceforge.net
Date: Tue, 13 Apr 2021 17:20:05 +0500
Message-Id: <20210413122006.3960-1-themiron@yandex-team.ru>
X-Mailer: git-send-email 2.17.1
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
 See http://spamassassin.org/tag/ for more details.
 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
 See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
 for more information. [URIs: yandex-team.ru]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
 domain
 -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily valid
X-Headers-End: 1lWIGn-00Fi3Q-Eh
Subject: [Openvpn-devel] [PATCH 1/2] Fix IPv4 default gateway with multiple
 route tables
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
MIME-Version: 1.0
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox

Current default gateway selection for zero destignation address just
dumps and parses all the routing tables. If any of non-main table
with default route comes first, wrong default gateway can be picked.
Since adding/removing routes currently handles only main table,
let's stick to RT_TABLE_MAIN while selecting default route too.

Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
---
 src/openvpn/networking_sitnl.c | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/src/openvpn/networking_sitnl.c b/src/openvpn/networking_sitnl.c
index 2bc70a50..56543648 100644
--- a/src/openvpn/networking_sitnl.c
+++ b/src/openvpn/networking_sitnl.c
@@ -426,6 +426,7 @@ typedef struct {
     inet_address_t gw;
     char iface[IFNAMSIZ];
     bool default_only;
+    unsigned int table;
 } route_res_t;
 
 static int
@@ -435,7 +436,7 @@ sitnl_route_save(struct nlmsghdr *n, void *arg)
     struct rtmsg *r = NLMSG_DATA(n);
     struct rtattr *rta = RTM_RTA(r);
     int len = n->nlmsg_len - NLMSG_LENGTH(sizeof(*r));
-    unsigned int ifindex = 0;
+    unsigned int table, ifindex = 0;
 
     /* filter-out non-zero dst prefixes */
     if (res->default_only && r->rtm_dst_len != 0)
@@ -443,6 +444,9 @@ sitnl_route_save(struct nlmsghdr *n, void *arg)
         return 1;
     }
 
+    /* route table, ignored with RTA_TABLE */
+    table = r->rtm_table;
+
     while (RTA_OK(rta, len))
     {
         switch (rta->rta_type)
@@ -460,11 +464,22 @@ sitnl_route_save(struct nlmsghdr *n, void *arg)
             case RTA_GATEWAY:
                 memcpy(&res->gw, RTA_DATA(rta), res->addr_size);
                 break;
+
+            /* route table */
+            case RTA_TABLE:
+                table = *(unsigned int *)RTA_DATA(rta);
+                break;
         }
 
         rta = RTA_NEXT(rta, len);
     }
 
+    /* filter-out zero dns prefixes from other tables */
+    if (res->table && res->table != table)
+    {
+        return 1;
+    }
+
     if (!if_indextoname(ifindex, res->iface))
     {
         msg(M_WARN | M_ERRNO, "%s: rtnl: can't get ifname for index %d",
@@ -507,6 +522,7 @@ sitnl_route_best_gw(sa_family_t af_family, const inet_address_t *dst,
             {
                 req.n.nlmsg_flags |= NLM_F_DUMP;
                 res.default_only = true;
+                res.table = RT_TABLE_MAIN;
             }
             else
             {