From patchwork Tue Jun 28 08:56:23 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 2563 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director15.mail.ord1d.rsapps.net ([172.28.255.1]) by backend30.mail.ord1d.rsapps.net with LMTP id eIjgACBPu2KoWQAAIUCqbw (envelope-from ) for ; Tue, 28 Jun 2022 14:57:36 -0400 Received: from proxy1.mail.ord1c.rsapps.net ([172.28.255.1]) by director15.mail.ord1d.rsapps.net with LMTP id sJSXACBPu2IDMgAAIcMcQg (envelope-from ) for ; Tue, 28 Jun 2022 14:57:36 -0400 Received: from smtp10.gate.ord1c ([172.28.255.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy1.mail.ord1c.rsapps.net with LMTPS id YAI9HyFPu2KXcQAA2VeTtA (envelope-from ) for ; Tue, 28 Jun 2022 14:57:37 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp10.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: 2becc0f0-f714-11ec-90a2-0026b954785f-1-1 Received: from [216.105.38.7] ([216.105.38.7:48058] helo=lists.sourceforge.net) by smtp10.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 41/49-02564-F1F4BB26; Tue, 28 Jun 2022 14:57:35 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1o6GO3-0005Ly-4p; Tue, 28 Jun 2022 18:56:34 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1o6GNu-0005Lm-Nt for openvpn-devel@lists.sourceforge.net; Tue, 28 Jun 2022 18:56:25 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=CS9s0OGHSs1uMQ3pvSOGxZ7aSz06seCQd6fktQxPPpg=; b=gI7y60G6KRr1CdBLs4BD8JPzvn WR4PiMzJTPOIS9x5I5CTuOc4Zns8R94lBjqVLGMtLHB02fdjXNfYU2A05dqxlzauwkRCrExGV2xv+ uuatSQtFBKCiBU6ojyNPqnjXuOeI3qzHHnK78zUDK5Ms6M2SFWZumibfAIcUsCzKSydE=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=CS9s0OGHSs1uMQ3pvSOGxZ7aSz06seCQd6fktQxPPpg=; b=TPgBRfD89XVK4cMlX3BsbLwQlB vVYBmzzzm/MUGbJUL5uSdlhERsEjVWqcjh/7hQLOoU0WPJTMDcWl6m6DI6jCwe5d+GOW/44jftzFh 4ODfjeMPLrTGqcWIB93S2Y/HJkJBqlzfermJtwA80eyb4yWSCMM/l4M/6PYrmIewbyHg=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1o6GNl-00HNkY-BW for openvpn-devel@lists.sourceforge.net; Tue, 28 Jun 2022 18:56:20 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Tue, 28 Jun 2022 20:56:23 +0200 Message-Id: <20220628185623.1734-1-a@unstable.cc> In-Reply-To: <20220624083809.23487-4-a@unstable.cc> References: <20220624083809.23487-4-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: When using DCO iroutes and routes all live in the same routing table, However, the latter should always come after the former. for this reason assign a default metric of 200 to routes. iroutes will later get a metric of 100. Content analysis details: (0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1o6GNl-00HNkY-BW Subject: [Openvpn-devel] [PATCH v2 03/25] dco: use specific metric when installing routes X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox When using DCO iroutes and routes all live in the same routing table, However, the latter should always come after the former. for this reason assign a default metric of 200 to routes. iroutes will later get a metric of 100. Signed-off-by: Antonio Quartulli Acked-by: Gert Doering --- Changes from v1: * added comments before "(if (dco_enabled(c))" to explain why we need a different metric src/openvpn/dco.h | 2 ++ src/openvpn/init.c | 15 +++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/src/openvpn/dco.h b/src/openvpn/dco.h index dcadba78..063e5028 100644 --- a/src/openvpn/dco.h +++ b/src/openvpn/dco.h @@ -38,6 +38,8 @@ struct event_set; struct options; struct tuntap; +#define DCO_DEFAULT_METRIC 200 + #if defined(ENABLE_DCO) /** diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 638fd10c..03221cbb 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -1385,6 +1385,15 @@ do_init_route_list(const struct options *options, int dev = dev_type_enum(options->dev, options->dev_type); int metric = 0; + /* if DCO is enabled we have both regular routes and iroutes in the system + * routing table, and normal routes must have a higher metric for that to + * work so that iroutes are always matched first + */ + if (dco_enabled(options)) + { + metric = DCO_DEFAULT_METRIC; + } + if (dev == DEV_TYPE_TUN && (options->topology == TOP_NET30 || options->topology == TOP_P2P)) { gw = options->ifconfig_remote_netmask; @@ -1421,6 +1430,12 @@ do_init_route_ipv6_list(const struct options *options, const char *gw = NULL; int metric = -1; /* no metric set */ + /* see explanation in do_init_route_list() */ + if (dco_enabled(options)) + { + metric = DCO_DEFAULT_METRIC; + } + gw = options->ifconfig_ipv6_remote; /* default GW = remote end */ if (options->route_ipv6_default_gateway) {