From patchwork Thu Apr 15 13:05:44 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vladislav Grishenko X-Patchwork-Id: 1742 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director9.mail.ord1d.rsapps.net ([172.28.255.1]) by backend30.mail.ord1d.rsapps.net with LMTP id 6AsiCFrLeGCbTAAAIUCqbw (envelope-from ) for ; Thu, 15 Apr 2021 19:25:14 -0400 Received: from proxy4.mail.ord1c.rsapps.net ([172.28.255.1]) by director9.mail.ord1d.rsapps.net with LMTP id AIH5B1rLeGAhRgAAalYnBA (envelope-from ) for ; Thu, 15 Apr 2021 19:25:14 -0400 Received: from smtp40.gate.ord1c ([172.28.255.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy4.mail.ord1c.rsapps.net with LMTPS id gOXJB1rLeGDmKAAAjcXvpA (envelope-from ) for ; Thu, 15 Apr 2021 19:25:14 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp40.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=yandex-team.ru; dmarc=fail (p=none; dis=none) header.from=yandex-team.ru X-Suspicious-Flag: YES X-Classification-ID: d398e018-9e41-11eb-ae77-525400b3abc9-1-1 Received: from [216.105.38.7] ([216.105.38.7:41930] helo=lists.sourceforge.net) by smtp40.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 9C/34-17176-85BC8706; Thu, 15 Apr 2021 19:25:13 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1lXBLU-0007w4-JD; Thu, 15 Apr 2021 23:24:24 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lXBLT-0007vy-M6 for openvpn-devel@lists.sourceforge.net; Thu, 15 Apr 2021 23:24:23 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc: To:From:Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=m/HJtUupGwc/ASASN4Ll9YREwq6KLtOnwYEsauJKygE=; b=gzh4VPoUFjm5TO8EbHh/NtSA2q Pl1zBelpd0+Di0+kSKKE7tYwksAHsM96+I/Mqy1G+30nSOrl4n30QnqpTNrma4qrHwbfr8+RBwAmZ 3k0MlJyPdFmEoXDHxPFjYYr8XJ6+fSFqchPzYfzU8jWzex634ZdCQP7dT1r3mZHoWO1o=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=m/HJtUupGwc/ASASN4Ll9YREwq6KLtOnwYEsauJKygE=; b=Exh00QWdAhw1i0Dxz/f4/65lAD gflSzqZuV9a5ug4+hUGKqgFrCRHm94Hw0IOzW+TLmbqpi6VuHg3hseGQRHeTsbLy4PzWsqkTA5tyb 5MXJ/VQaoZ7GH2bUp7aEj/L7VYCVq7CFmFvS4jLg8YW7bZ9ETc8ADWlTXpQAtvJYH470=; Received: from forwardcorp1o.mail.yandex.net ([95.108.205.193]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1lXBLQ-00C2jy-0x for openvpn-devel@lists.sourceforge.net; Thu, 15 Apr 2021 23:24:24 +0000 Received: from iva8-d077482f1536.qloud-c.yandex.net (iva8-d077482f1536.qloud-c.yandex.net [IPv6:2a02:6b8:c0c:2f26:0:640:d077:482f]) by forwardcorp1o.mail.yandex.net (Yandex) with ESMTP id 8904F2E1AC5; Fri, 16 Apr 2021 02:05:50 +0300 (MSK) Received: from iva8-5ba4ca89b0c6.qloud-c.yandex.net (iva8-5ba4ca89b0c6.qloud-c.yandex.net [2a02:6b8:c0c:a8ae:0:640:5ba4:ca89]) by iva8-d077482f1536.qloud-c.yandex.net (mxbackcorp/Yandex) with ESMTP id 4hCBkw3hy1-5o14S5MJ; Fri, 16 Apr 2021 02:05:50 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex-team.ru; s=default; t=1618527950; bh=m/HJtUupGwc/ASASN4Ll9YREwq6KLtOnwYEsauJKygE=; h=In-Reply-To:Message-Id:References:Date:Subject:To:From:Cc; b=sIf6UsK+8EGxNHhQuHxGefEZUnmiIqbfmhX33d69T3IUaw9cJZ2SDAPaM0LFQDP/f TLo3qAWIBbRAKsHQqy0fbtFZYpKO4vk7BWf+0DeYgvkJ/N8ixKtdjWbKRDKk+5Xy3i 9CZr4FVTU6VWTbW84sJyaN0qM/52V0ZEAMFlt6/o= Received: from 178.154.162.245-vpn.dhcp.yndx.net (178.154.162.245-vpn.dhcp.yndx.net [178.154.162.245]) by iva8-5ba4ca89b0c6.qloud-c.yandex.net (smtpcorp/Yandex) with ESMTPSA id ilb0QO6vTL-5ooGSSV0; Fri, 16 Apr 2021 02:05:50 +0300 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client certificate not present) From: Vladislav Grishenko To: openvpn-devel@lists.sourceforge.net Date: Fri, 16 Apr 2021 04:05:44 +0500 Message-Id: <20210415230545.22317-1-themiron@yandex-team.ru> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210413122006.3960-2-themiron@yandex-team.ru> References: <20210413122006.3960-2-themiron@yandex-team.ru> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: yandex-team.ru] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1lXBLQ-00C2jy-0x Subject: [Openvpn-devel] [PATCH v2 1/2] Fix IPv4 default gateway with multiple route tables X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Donald Sharp MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Current default gateway selection for zero destination address just dumps and parses all the routing tables. If any of non-main table with default route comes first, wrong default gateway can be picked. Since adding/removing routes currently handles only main table, let's stick to RT_TABLE_MAIN while selecting default route too. Reported-By: Donald Sharp Signed-off-by: Vladislav Grishenko --- src/openvpn/networking_sitnl.c | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/src/openvpn/networking_sitnl.c b/src/openvpn/networking_sitnl.c index 2bc70a50..402d3303 100644 --- a/src/openvpn/networking_sitnl.c +++ b/src/openvpn/networking_sitnl.c @@ -426,6 +426,7 @@ typedef struct { inet_address_t gw; char iface[IFNAMSIZ]; bool default_only; + unsigned int table; } route_res_t; static int @@ -435,7 +436,8 @@ sitnl_route_save(struct nlmsghdr *n, void *arg) struct rtmsg *r = NLMSG_DATA(n); struct rtattr *rta = RTM_RTA(r); int len = n->nlmsg_len - NLMSG_LENGTH(sizeof(*r)); - unsigned int ifindex = 0; + unsigned int table, ifindex = 0; + inet_address_t gw; /* filter-out non-zero dst prefixes */ if (res->default_only && r->rtm_dst_len != 0) @@ -443,6 +445,11 @@ sitnl_route_save(struct nlmsghdr *n, void *arg) return 1; } + /* route table, ignored with RTA_TABLE */ + table = r->rtm_table; + /* initial route gateway */ + gw = res->gw; + while (RTA_OK(rta, len)) { switch (rta->rta_type) @@ -458,19 +465,31 @@ sitnl_route_save(struct nlmsghdr *n, void *arg) /* GW for the route */ case RTA_GATEWAY: - memcpy(&res->gw, RTA_DATA(rta), res->addr_size); + memcpy(&gw, RTA_DATA(rta), res->addr_size); + break; + + /* route table */ + case RTA_TABLE: + table = *(unsigned int *)RTA_DATA(rta); break; } rta = RTA_NEXT(rta, len); } + /* filter out any route not coming from the selected table */ + if (res->table && res->table != table) + { + return 1; + } + if (!if_indextoname(ifindex, res->iface)) { msg(M_WARN | M_ERRNO, "%s: rtnl: can't get ifname for index %d", __func__, ifindex); return -1; } + res->gw = gw; return 0; } @@ -507,6 +526,7 @@ sitnl_route_best_gw(sa_family_t af_family, const inet_address_t *dst, { req.n.nlmsg_flags |= NLM_F_DUMP; res.default_only = true; + res.table = RT_TABLE_MAIN; } else {