From patchwork Fri Aug 12 03:06:48 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 2657 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director9.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id SKevC7BQ9mK6MwAAIUCqbw (envelope-from ) for ; Fri, 12 Aug 2022 09:08:00 -0400 Received: from proxy2.mail.ord1d.rsapps.net ([172.30.191.6]) by director9.mail.ord1d.rsapps.net with LMTP id cKKMC7BQ9mIqbQAAalYnBA (envelope-from ) for ; Fri, 12 Aug 2022 09:08:00 -0400 Received: from smtp13.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy2.mail.ord1d.rsapps.net with LMTPS id YK5FC7BQ9mKvcwAAfawv4w (envelope-from ) for ; Fri, 12 Aug 2022 09:08:00 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp13.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=fail (p=none; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: c9db1c14-1a3f-11ed-92ed-525400b197d9-1-1 Received: from [216.105.38.7] ([216.105.38.7:39234] helo=lists.sourceforge.net) by smtp13.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 9F/7C-28767-FA056F26; Fri, 12 Aug 2022 09:07:59 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1oMUNS-0001qc-Jo; Fri, 12 Aug 2022 13:07:02 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1oMUNP-0001pd-TT for openvpn-devel@lists.sourceforge.net; Fri, 12 Aug 2022 13:06:59 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=5udL6xA7kpkSykMPhB7NqQt8gg0f0QNiiZyAAnL7+VM=; b=X50tRjFN/nwIBs+VYLUKn2qKQq m3Epi2H6uuHE/kMmIeA2kpmSiEN7LTCTENAGWdOgLWcTvAFy2yNMAfF47GnIb6QK5KKRNpDjbgyHS 5xcwMz16ttfHkctAppP/mqsLcb5Jylhkq1f5U+WF77cHSa359Gf0H7/jOHuIjq4WqTEI=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=5udL6xA7kpkSykMPhB7NqQt8gg0f0QNiiZyAAnL7+VM=; b=fuiXLVZAWx2zVI9IoQSp42Or5e eT1kEO/dxIlE9jVv/aXg+XnUOPbMzsaP+YvfUG1LKmS0Iu0tpWbqtbBVvuY5zzEx0NgYJ5PvdCAuN 1+rYKloAC0/GBgMLLVrtur18XJ6uWej9GWj2w61ZU7WtqDvwAW7yFpxxXnkbwOaY8LLE=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1oMUMu-0002Jq-Sn for openvpn-devel@lists.sourceforge.net; Fri, 12 Aug 2022 13:06:40 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Fri, 12 Aug 2022 15:06:48 +0200 Message-Id: <20220812130657.29899-2-a@unstable.cc> In-Reply-To: <20220812130657.29899-1-a@unstable.cc> References: <20220812130657.29899-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: The current condition checking if the TUN interface was preserved is dependant on the platform being Android or not. This makes the code reasonably ugly, especially because uncrustify can't indent pro [...] Content analysis details: (1.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) X-Headers-End: 1oMUMu-0002Jq-Sn Subject: [Openvpn-devel] [PATCH v100 01/10] do_open_tun: restyle "can preserve TUN" check X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox The current condition checking if the TUN interface was preserved is dependant on the platform being Android or not. This makes the code reasonably ugly, especially because uncrustify can't indent properly. On top of that, we will require an extra condition only for windows+DCO, which will make the check even uglier. For this reason, factor out the check in a separate function which can keep the ifdefs craziness well hidden, while do_open_tun becomes (a bit) cleaner. Signed-off-by: Antonio Quartulli Acked-by: Lev Stipakov --- src/openvpn/init.c | 282 +++++++++++++++++++++++---------------------- 1 file changed, 144 insertions(+), 138 deletions(-) diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 82a57bef..4d4c7192 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -1716,161 +1716,120 @@ do_init_tun(struct context *c) * Open tun/tap device, ifconfig, call up script, etc. */ + +static bool +can_preserve_tun(struct tuntap *tt) +{ +#ifdef TARGET_ANDROID + return false; +#else + return tt; +#endif +} + static bool do_open_tun(struct context *c) { struct gc_arena gc = gc_new(); bool ret = false; -#ifndef TARGET_ANDROID - if (!c->c1.tuntap) + if (!can_preserve_tun(c->c1.tuntap)) { -#endif - #ifdef TARGET_ANDROID - /* If we emulate persist-tun on android we still have to open a new tun and - * then close the old */ - int oldtunfd = -1; - if (c->c1.tuntap) - { - oldtunfd = c->c1.tuntap->fd; - free(c->c1.tuntap); - c->c1.tuntap = NULL; - c->c1.tuntap_owned = false; - } + /* If we emulate persist-tun on android we still have to open a new tun and + * then close the old */ + int oldtunfd = -1; + if (c->c1.tuntap) + { + oldtunfd = c->c1.tuntap->fd; + free(c->c1.tuntap); + c->c1.tuntap = NULL; + c->c1.tuntap_owned = false; + } #endif - /* initialize (but do not open) tun/tap object */ - do_init_tun(c); + /* initialize (but do not open) tun/tap object */ + do_init_tun(c); - /* inherit the dco context from the tuntap object */ - if (c->c2.tls_multi) - { - c->c2.tls_multi->dco = &c->c1.tuntap->dco; - } + /* inherit the dco context from the tuntap object */ + if (c->c2.tls_multi) + { + c->c2.tls_multi->dco = &c->c1.tuntap->dco; + } #ifdef _WIN32 - /* store (hide) interactive service handle in tuntap_options */ - c->c1.tuntap->options.msg_channel = c->options.msg_channel; - msg(D_ROUTE, "interactive service msg_channel=%" PRIu64, (unsigned long long) c->options.msg_channel); + /* store (hide) interactive service handle in tuntap_options */ + c->c1.tuntap->options.msg_channel = c->options.msg_channel; + msg(D_ROUTE, "interactive service msg_channel=%" PRIu64, (unsigned long long) c->options.msg_channel); #endif - /* allocate route list structure */ - do_alloc_route_list(c); + /* allocate route list structure */ + do_alloc_route_list(c); - /* parse and resolve the route option list */ - ASSERT(c->c2.link_socket); - if (c->options.routes && c->c1.route_list) - { - do_init_route_list(&c->options, c->c1.route_list, - &c->c2.link_socket->info, c->c2.es, &c->net_ctx); - } - if (c->options.routes_ipv6 && c->c1.route_ipv6_list) - { - do_init_route_ipv6_list(&c->options, c->c1.route_ipv6_list, - &c->c2.link_socket->info, c->c2.es, - &c->net_ctx); - } + /* parse and resolve the route option list */ + ASSERT(c->c2.link_socket); + if (c->options.routes && c->c1.route_list) + { + do_init_route_list(&c->options, c->c1.route_list, + &c->c2.link_socket->info, c->c2.es, &c->net_ctx); + } + if (c->options.routes_ipv6 && c->c1.route_ipv6_list) + { + do_init_route_ipv6_list(&c->options, c->c1.route_ipv6_list, + &c->c2.link_socket->info, c->c2.es, + &c->net_ctx); + } - /* do ifconfig */ - if (!c->options.ifconfig_noexec - && ifconfig_order() == IFCONFIG_BEFORE_TUN_OPEN) - { - /* guess actual tun/tap unit number that will be returned - * by open_tun */ - const char *guess = guess_tuntap_dev(c->options.dev, - c->options.dev_type, - c->options.dev_node, - &gc); - do_ifconfig(c->c1.tuntap, guess, c->c2.frame.tun_mtu, c->c2.es, - &c->net_ctx); - } + /* do ifconfig */ + if (!c->options.ifconfig_noexec + && ifconfig_order() == IFCONFIG_BEFORE_TUN_OPEN) + { + /* guess actual tun/tap unit number that will be returned + * by open_tun */ + const char *guess = guess_tuntap_dev(c->options.dev, + c->options.dev_type, + c->options.dev_node, + &gc); + do_ifconfig(c->c1.tuntap, guess, c->c2.frame.tun_mtu, c->c2.es, + &c->net_ctx); + } - /* possibly add routes */ - if (route_order() == ROUTE_BEFORE_TUN) - { - /* Ignore route_delay, would cause ROUTE_BEFORE_TUN to be ignored */ - do_route(&c->options, c->c1.route_list, c->c1.route_ipv6_list, - c->c1.tuntap, c->plugins, c->c2.es, &c->net_ctx); - } + /* possibly add routes */ + if (route_order() == ROUTE_BEFORE_TUN) + { + /* Ignore route_delay, would cause ROUTE_BEFORE_TUN to be ignored */ + do_route(&c->options, c->c1.route_list, c->c1.route_ipv6_list, + c->c1.tuntap, c->plugins, c->c2.es, &c->net_ctx); + } #ifdef TARGET_ANDROID - /* Store the old fd inside the fd so open_tun can use it */ - c->c1.tuntap->fd = oldtunfd; -#endif - if (dco_enabled(&c->options)) - { - ovpn_dco_init(c->mode, &c->c1.tuntap->dco); - } - - /* open the tun device */ - open_tun(c->options.dev, c->options.dev_type, c->options.dev_node, - c->c1.tuntap, &c->net_ctx); - - /* set the hardware address */ - if (c->options.lladdr) - { - set_lladdr(&c->net_ctx, c->c1.tuntap->actual_name, c->options.lladdr, - c->c2.es); - } - - /* do ifconfig */ - if (!c->options.ifconfig_noexec - && ifconfig_order() == IFCONFIG_AFTER_TUN_OPEN) - { - do_ifconfig(c->c1.tuntap, c->c1.tuntap->actual_name, - c->c2.frame.tun_mtu, c->c2.es, &c->net_ctx); - } - - /* run the up script */ - run_up_down(c->options.up_script, - c->plugins, - OPENVPN_PLUGIN_UP, - c->c1.tuntap->actual_name, -#ifdef _WIN32 - c->c1.tuntap->adapter_index, + /* Store the old fd inside the fd so open_tun can use it */ + c->c1.tuntap->fd = oldtunfd; #endif - dev_type_string(c->options.dev, c->options.dev_type), - c->c2.frame.tun_mtu, - print_in_addr_t(c->c1.tuntap->local, IA_EMPTY_IF_UNDEF, &gc), - print_in_addr_t(c->c1.tuntap->remote_netmask, IA_EMPTY_IF_UNDEF, &gc), - "init", - NULL, - "up", - c->c2.es); - -#if defined(_WIN32) - if (c->options.block_outside_dns) - { - dmsg(D_LOW, "Blocking outside DNS"); - if (!win_wfp_block_dns(c->c1.tuntap->adapter_index, c->options.msg_channel)) + if (dco_enabled(&c->options)) { - msg(M_FATAL, "Blocking DNS failed!"); + ovpn_dco_init(c->mode, &c->c1.tuntap->dco); } - } -#endif - /* possibly add routes */ - if ((route_order() == ROUTE_AFTER_TUN) && (!c->options.route_delay_defined)) - { - do_route(&c->options, c->c1.route_list, c->c1.route_ipv6_list, - c->c1.tuntap, c->plugins, c->c2.es, &c->net_ctx); - } + /* open the tun device */ + open_tun(c->options.dev, c->options.dev_type, c->options.dev_node, + c->c1.tuntap, &c->net_ctx); - ret = true; - static_context = c; -#ifndef TARGET_ANDROID -} -else -{ - msg(M_INFO, "Preserving previous TUN/TAP instance: %s", - c->c1.tuntap->actual_name); + /* set the hardware address */ + if (c->options.lladdr) + { + set_lladdr(&c->net_ctx, c->c1.tuntap->actual_name, c->options.lladdr, + c->c2.es); + } - /* explicitly set the ifconfig_* env vars */ - do_ifconfig_setenv(c->c1.tuntap, c->c2.es); + /* do ifconfig */ + if (!c->options.ifconfig_noexec + && ifconfig_order() == IFCONFIG_AFTER_TUN_OPEN) + { + do_ifconfig(c->c1.tuntap, c->c1.tuntap->actual_name, + c->c2.frame.tun_mtu, c->c2.es, &c->net_ctx); + } - /* run the up script if user specified --up-restart */ - if (c->options.up_restart) - { + /* run the up script */ run_up_down(c->options.up_script, c->plugins, OPENVPN_PLUGIN_UP, @@ -1882,24 +1841,71 @@ else c->c2.frame.tun_mtu, print_in_addr_t(c->c1.tuntap->local, IA_EMPTY_IF_UNDEF, &gc), print_in_addr_t(c->c1.tuntap->remote_netmask, IA_EMPTY_IF_UNDEF, &gc), - "restart", + "init", NULL, "up", c->c2.es); - } + #if defined(_WIN32) - if (c->options.block_outside_dns) - { - dmsg(D_LOW, "Blocking outside DNS"); - if (!win_wfp_block_dns(c->c1.tuntap->adapter_index, c->options.msg_channel)) + if (c->options.block_outside_dns) + { + dmsg(D_LOW, "Blocking outside DNS"); + if (!win_wfp_block_dns(c->c1.tuntap->adapter_index, c->options.msg_channel)) + { + msg(M_FATAL, "Blocking DNS failed!"); + } + } +#endif + + /* possibly add routes */ + if ((route_order() == ROUTE_AFTER_TUN) && (!c->options.route_delay_defined)) { - msg(M_FATAL, "Blocking DNS failed!"); + do_route(&c->options, c->c1.route_list, c->c1.route_ipv6_list, + c->c1.tuntap, c->plugins, c->c2.es, &c->net_ctx); } + + ret = true; + static_context = c; } + else + { + msg(M_INFO, "Preserving previous TUN/TAP instance: %s", + c->c1.tuntap->actual_name); + + /* explicitly set the ifconfig_* env vars */ + do_ifconfig_setenv(c->c1.tuntap, c->c2.es); + + /* run the up script if user specified --up-restart */ + if (c->options.up_restart) + { + run_up_down(c->options.up_script, + c->plugins, + OPENVPN_PLUGIN_UP, + c->c1.tuntap->actual_name, +#ifdef _WIN32 + c->c1.tuntap->adapter_index, +#endif + dev_type_string(c->options.dev, c->options.dev_type), + c->c2.frame.tun_mtu, + print_in_addr_t(c->c1.tuntap->local, IA_EMPTY_IF_UNDEF, &gc), + print_in_addr_t(c->c1.tuntap->remote_netmask, IA_EMPTY_IF_UNDEF, &gc), + "restart", + NULL, + "up", + c->c2.es); + } +#if defined(_WIN32) + if (c->options.block_outside_dns) + { + dmsg(D_LOW, "Blocking outside DNS"); + if (!win_wfp_block_dns(c->c1.tuntap->adapter_index, c->options.msg_channel)) + { + msg(M_FATAL, "Blocking DNS failed!"); + } + } #endif -} -#endif /* ifndef TARGET_ANDROID */ + } gc_free(&gc); return ret; }