From patchwork Fri Aug 12 03:41:54 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kristof Provost via Openvpn-devel X-Patchwork-Id: 2665 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director12.mail.ord1d.rsapps.net ([172.31.255.6]) by backend30.mail.ord1d.rsapps.net with LMTP id iKzVNvNY9mL7bwAAIUCqbw (envelope-from ) for ; Fri, 12 Aug 2022 09:43:15 -0400 Received: from proxy12.mail.iad3b.rsapps.net ([172.31.255.6]) by director12.mail.ord1d.rsapps.net with LMTP id WKSuNvNY9mL4CwAAIasKDg (envelope-from ) for ; Fri, 12 Aug 2022 09:43:15 -0400 Received: from smtp1.gate.iad3b ([172.31.255.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy12.mail.iad3b.rsapps.net with LMTPS id kEHgL/NY9mJ1DAAAEsW3lA (envelope-from ) for ; Fri, 12 Aug 2022 09:43:15 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp1.gate.iad3b.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=netgate.com; dmarc=pass (p=none; dis=none) header.from=lists.sourceforge.net X-Suspicious-Flag: YES X-Classification-ID: b6ec16f8-1a44-11ed-abd6-5254008fd675-1-1 Received: from [216.105.38.7] ([216.105.38.7:38458] helo=lists.sourceforge.net) by smtp1.gate.iad3b.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 77/AC-00640-3F856F26; Fri, 12 Aug 2022 09:43:15 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1oMUvU-0001sq-3v; Fri, 12 Aug 2022 13:42:12 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1oMUvT-0001sj-0C for openvpn-devel@lists.sourceforge.net; Fri, 12 Aug 2022 13:42:11 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=CfTAGvRUEuaRRbU89e/Sg14QO/SPV3izwPWh5gmBUnc=; b=LYRprqQjxTQHOXMb6VbHElTW7H LwqLv0pOUHTMxhvZdSiVKzzlu/O66y606Afftu/PRE7z0A9U3g0QG3xYlxf+AXzTi7XV5WM7BeMqk Xo6ScNtIuhk6/BNFmZwG3FbJcSUMqTfuWb+0btsnYnPugZWS8GaDD0/T+S2VSCmoEEJE=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=CfTAGvRUEuaRRbU89e/Sg14QO/SPV3izwPWh5gmBUnc=; b=kYtJpvAmWgBiDGJgYpCOoUNslH fEh/nFE841c1NGym3+Nxl2W95CQoE/lPPwBGrtTHncd/Ae5TT7aCb98Jo0G6G3AiAqvTQgoY5f4MH qY+qD83jvl8cbgytkTmf0qjgDn21n3bmiwNZpBMrjak/k2wr4r7X2rgUwEhJIgRyNpts=; Received: from mail-ed1-f43.google.com ([209.85.208.43]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.94.2) id 1oMUvP-00DLcH-FY for openvpn-devel@lists.sourceforge.net; Fri, 12 Aug 2022 13:42:10 +0000 Received: by mail-ed1-f43.google.com with SMTP id w3so1401195edc.2 for ; Fri, 12 Aug 2022 06:42:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netgate.com; s=google; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc; bh=CfTAGvRUEuaRRbU89e/Sg14QO/SPV3izwPWh5gmBUnc=; b=RaXlJRD4QTXeuwnwMy7kfBe6evmPiKmr7fd+MrYqBn1B99o8eT2LVDY/ZzV90B4Byz bq0gq882IMNCpGqYeUEAe+KV5I3BIbCdBty6oOvfJ/RZCs13kyoaSAsuuEsc6DMZDGFL Li5bTv6LNEOLN77ZEZX7NEG1pWsW4TEAUdHx4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc; bh=CfTAGvRUEuaRRbU89e/Sg14QO/SPV3izwPWh5gmBUnc=; b=MxBXtXwPafZbPkXtiJ5cPjBKxVy1/YgM88qxAfl0nFocrcYsJcgU9m3nOzqB2tSWDg x5eoUqQ55HvaOovF/YCvZvYrgmXHMOW5kuPWtdHPwxNRx2VokRxNB21GRrN3GZIYCa5z RrM+C8jp68D6z7/+QYojP3HkJHeVdzYmRHdgI4x81Tyu7kIofAAHMJpFZX7PtZWmONic EV+McoBqK5Oo1acZuKHGQsk2Tu/RTRj0Xm+6br8vGhLYGeAGmGc2kuV7xdgRJuwHSob/ Bn9ykSG9AsX0FPin4eSzwYBRy6YnM5vfH1JZv+lrlmIAlcpLs64VE6/U/9eI5urI/4dG R1Ug== X-Gm-Message-State: ACgBeo3VXgFJciYL1C/rDql1LWaOMuymuFitRhacOhKgf/FYG2DdSCBF NSYk0Np8PfQ7SnjsJ9wZA9eZtp7ry66xjg== X-Google-Smtp-Source: AA6agR7K/yf+H0jufQ7vVSa+fj5kuHYH99QkwE+N9TN6y8yxMDNEy4wowr2ulyOMqJqAxzc6F2r22w== X-Received: by 2002:a05:6402:27d2:b0:43e:3ff6:ad58 with SMTP id c18-20020a05640227d200b0043e3ff6ad58mr3711095ede.234.1660311720825; Fri, 12 Aug 2022 06:42:00 -0700 (PDT) Received: from nut.jupiter.sigsegv.be (ptr-8ripfq6ujrcnucff0d4.18120a2.ip6.access.telenet.be. [2a02:1811:2419:3500:f602:70ff:feae:6e98]) by smtp.googlemail.com with ESMTPSA id b2-20020aa7d482000000b0043a6df72c11sm1337352edr.63.2022.08.12.06.42.00 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 12 Aug 2022 06:42:00 -0700 (PDT) To: openvpn-devel Date: Fri, 12 Aug 2022 15:41:54 +0200 Message-Id: <20220812134154.16729-3-kprovost@netgate.com> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220812134154.16729-1-kprovost@netgate.com> References: <20220812134154.16729-1-kprovost@netgate.com> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Kristof Provost Signed-off-by: Kristof Provost --- src/openvpn/Makefile.am | 1 + src/openvpn/dco.c | 8 +-- src/openvpn/dco_freebsd.h | 2 + src/openvpn/networking.h | 9 +++ src/openvpn/networkin [...] Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.208.43 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.208.43 listed in wl.mailspike.net] -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain X-Headers-End: 1oMUvP-00DLcH-FY Subject: [Openvpn-devel] [PATCH 2/2] Support creating iroute route entries on FreeBSD X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Kristof Provost via Openvpn-devel From: Kristof Provost via Openvpn-devel Reply-To: Kristof Provost Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Kristof Provost Signed-off-by: Kristof Provost Acked-by: Gert Doering --- src/openvpn/Makefile.am | 1 + src/openvpn/dco.c | 8 +-- src/openvpn/dco_freebsd.h | 2 + src/openvpn/networking.h | 9 +++ src/openvpn/networking_freebsd.c | 101 +++++++++++++++++++++++++++++++ 5 files changed, 117 insertions(+), 4 deletions(-) create mode 100644 src/openvpn/networking_freebsd.c diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am index 2a139b23..5155a180 100644 --- a/src/openvpn/Makefile.am +++ b/src/openvpn/Makefile.am @@ -88,6 +88,7 @@ openvpn_SOURCES = \ mtu.c mtu.h \ mudp.c mudp.h \ multi.c multi.h \ + networking_freebsd.c \ networking_iproute2.c networking_iproute2.h \ networking_sitnl.c networking_sitnl.h \ networking.h \ diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c index 07dc1087..3ffc56d1 100644 --- a/src/openvpn/dco.c +++ b/src/openvpn/dco.c @@ -599,7 +599,7 @@ void dco_install_iroute(struct multi_context *m, struct multi_instance *mi, struct mroute_addr *addr) { -#if defined(TARGET_LINUX) +#if defined(TARGET_LINUX) || defined(TARGET_FREEBSD) if (!dco_enabled(&m->top.options)) { return; @@ -642,13 +642,13 @@ dco_install_iroute(struct multi_context *m, struct multi_instance *mi, &mi->context.c2.push_ifconfig_local, dev, 0, DCO_IROUTE_METRIC); } -#endif /* if defined(TARGET_LINUX) */ +#endif /* if defined(TARGET_LINUX) || defined(TARGET_FREEBSD) */ } void dco_delete_iroutes(struct multi_context *m, struct multi_instance *mi) { -#if defined(TARGET_LINUX) +#if defined(TARGET_LINUX) || defined(TARGET_FREEBSD) if (!dco_enabled(&m->top.options)) { return; @@ -681,7 +681,7 @@ dco_delete_iroutes(struct multi_context *m, struct multi_instance *mi) 0, DCO_IROUTE_METRIC); } } -#endif /* if defined(TARGET_LINUX) */ +#endif /* if defined(TARGET_LINUX) || defined(TARGET_FREEBSD) */ } #endif /* defined(ENABLE_DCO) */ diff --git a/src/openvpn/dco_freebsd.h b/src/openvpn/dco_freebsd.h index 3594f229..7de11697 100644 --- a/src/openvpn/dco_freebsd.h +++ b/src/openvpn/dco_freebsd.h @@ -27,6 +27,8 @@ #include "ovpn_dco_freebsd.h" +#define DCO_IROUTE_METRIC 100 + typedef enum ovpn_key_slot dco_key_slot_t; typedef enum ovpn_key_cipher dco_cipher_t; diff --git a/src/openvpn/networking.h b/src/openvpn/networking.h index cf6d39ac..b0b31ea1 100644 --- a/src/openvpn/networking.h +++ b/src/openvpn/networking.h @@ -31,6 +31,9 @@ struct context; #include "networking_sitnl.h" #elif ENABLE_IPROUTE #include "networking_iproute2.h" +#elif defined(TARGET_FREEBSD) +typedef void *openvpn_net_ctx_t; +typedef char openvpn_net_iface_t; #else /* define mock types to ensure code builds on any platform */ typedef void *openvpn_net_ctx_t; @@ -238,7 +241,9 @@ int net_addr_ptp_v4_del(openvpn_net_ctx_t *ctx, const openvpn_net_iface_t *iface, const in_addr_t *local, const in_addr_t *remote); +#endif /* ENABLE_SITNL || ENABLE_IPROUTE */ +#if defined(ENABLE_SITNL) || defined(ENABLE_IPROUTE) || defined(TARGET_FREEBSD) /** * Add a route for an IPv4 address/network * @@ -315,6 +320,10 @@ int net_route_v6_del(openvpn_net_ctx_t *ctx, const struct in6_addr *dst, const openvpn_net_iface_t *iface, uint32_t table, int metric); +#endif /* ENABLE_SITNL || ENABLE_IPROUTE || TARGET_FREEBSD */ + +#if defined(ENABLE_SITNL) || defined(ENABLE_IPROUTE) + /** * Retrieve the gateway and outgoing interface for the specified IPv4 * address/network diff --git a/src/openvpn/networking_freebsd.c b/src/openvpn/networking_freebsd.c new file mode 100644 index 00000000..4e36941e --- /dev/null +++ b/src/openvpn/networking_freebsd.c @@ -0,0 +1,101 @@ +#ifdef HAVE_CONFIG_H +#include "config.h" +#elif defined(_MSC_VER) +#include "config-msvc.h" +#endif +#include "syshead.h" +#include "errlevel.h" +#include "run_command.h" +#include "networking.h" + +#if defined(TARGET_FREEBSD) + +static int +net_route_v4(const char *op, const in_addr_t *dst, int prefixlen, + const in_addr_t *gw, const char *iface, uint32_t table, + int metric) +{ + char buf1[16], buf2[16]; + in_addr_t _dst, _gw; + struct argv argv = argv_new(); + bool status; + + _dst = ntohl(*dst); + _gw = ntohl(*gw); + + argv_printf(&argv, "%s %s", + ROUTE_PATH, op); + argv_printf_cat(&argv, "-net %s/%d %s -fib %d", + inet_ntop(AF_INET, &_dst, buf1, sizeof(buf1)), + prefixlen, + inet_ntop(AF_INET, &_gw, buf2, sizeof(buf2)), + table); + + argv_msg(M_INFO, &argv); + status = openvpn_execve_check(&argv, NULL, 0, + "ERROR: FreeBSD route add command failed"); + + argv_free(&argv); + + return (!status); +} + +static int +net_route_v6(const char *op, const struct in6_addr *dst, + int prefixlen, const struct in6_addr *gw, const char *iface, + uint32_t table, int metric) +{ + char buf1[64], buf2[64]; + struct argv argv = argv_new(); + bool status; + + argv_printf(&argv, "%s -6 %s", + ROUTE_PATH, op); + argv_printf_cat(&argv, "-net %s/%d %s -fib %d", + inet_ntop(AF_INET6, dst, buf1, sizeof(buf1)), + prefixlen, + inet_ntop(AF_INET6, gw, buf2, sizeof(buf2)), + table); + + argv_msg(M_INFO, &argv); + status = openvpn_execve_check(&argv, NULL, 0, + "ERROR: FreeBSD route add command failed"); + + argv_free(&argv); + + return (!status); +} + +int +net_route_v4_add(openvpn_net_ctx_t *ctx, const in_addr_t *dst, int prefixlen, + const in_addr_t *gw, const char *iface, uint32_t table, + int metric) +{ + return net_route_v4("add", dst, prefixlen, gw, iface, table, metric); +} + +int +net_route_v6_add(openvpn_net_ctx_t *ctx, const struct in6_addr *dst, + int prefixlen, const struct in6_addr *gw, const char *iface, + uint32_t table, int metric) +{ + return net_route_v6("add", dst, prefixlen, gw, iface, table, metric); +} + +int +net_route_v4_del(openvpn_net_ctx_t *ctx, const in_addr_t *dst, int prefixlen, + const in_addr_t *gw, const char *iface, uint32_t table, + int metric) +{ + return net_route_v4("del", dst, prefixlen, gw, iface, table, metric); +} + +int +net_route_v6_del(openvpn_net_ctx_t *ctx, const struct in6_addr *dst, + int prefixlen, const struct in6_addr *gw, const char *iface, + uint32_t table, int metric) +{ + return net_route_v6("del", dst, prefixlen, gw, iface, table, metric); +} + +#endif