From patchwork Thu Jan  5 02:27:16 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Selva Nair <selva.nair@gmail.com>
X-Patchwork-Id: 2973
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp13676dyk;
        Wed, 4 Jan 2023 18:28:29 -0800 (PST)
X-Google-Smtp-Source: 
 AMrXdXtFckj+Iytf/M0FfhgHgWsvHNUnYiiQVjyuZMhUPmSqr7CvgINoQ8Qx24tMcGzyzNn0myL/
X-Received: by 2002:a17:90a:d78b:b0:21a:1793:5c99 with SMTP id
 z11-20020a17090ad78b00b0021a17935c99mr53546283pju.42.1672885708987;
        Wed, 04 Jan 2023 18:28:28 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1672885708; cv=none;
        d=google.com; s=arc-20160816;
        b=XeTNYHiV2RdUiAHrkdUZzVx1aDV1AF/sA+fEXIxPlZH66Brwjqd5vRT8uJLhOhuVou
         AiGAQy5FQiO1wHKHu7BAUqu9fou1+6sXhY9Ub+vztAvQFVuKdx6b1DZu+ukeSf39Bv9O
         9T5U5dr5KBa5SJ70wX/rzmN8yD0umzO6qhREvT5HlF7VBHO10n7pPqvfiH3V8+CQoAZl
         epWwUMlgSfLsDv1AkjGjpYQU7pzhm6soduZR2jUIs2DofNZCZi41ag/xHcg4fYwFrpla
         crrWv0yA07A0ZlmiaJeiNwYI5X1jdX1Jp48fBDNRPz84msE1N4SPJvkFPP4PASHFq8nI
         +RvQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=errors-to:content-transfer-encoding:list-subscribe:list-help
         :list-post:list-archive:list-unsubscribe:list-id:precedence:subject
         :mime-version:message-id:date:to:from:dkim-signature:dkim-signature
         :dkim-signature;
        bh=hgFTVxJbvAM0AQLxXMWX1OXSXoI4xVfwCEEKZlZV5cU=;
        b=Z30vEQtpW//JXWGxilkJnHSId5+HJUYSKCx8EUDvs7jkFTvxycauH6EWqhpRPN//pg
         lfL2nTMuRv7tbskuBHpJAMSnLpv3HujdR7GWHsmQ7YiFBf0EQxY/Y/Ic5RdnEl3NoSrE
         4cwM7UekakGWH4xEIYTycGOAd6xyIpruAUnxvPIxb+CaIyNMGSZP3GHafNguLuBWDR6I
         jNJ98WfYZPSNQYterNjy5n+VPzhkhC+NtVU4b1mLlH/IbIoG6zK+THDd+QYWo5rAHTBP
         HqEea0eeES8P7Yvc85JOPt7lxSfvSxzJBP9MClsJrkhZhpxAqKqxAf7SysKkAYqj5Zwa
         JJTA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=BfxFYn4k;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=df8u3OaQ;
       dkim=neutral (body hash did not verify) header.i=@gmail.com
 header.s=20210112 header.b=BcnLlCE1;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
        by mx.google.com with ESMTPS id
 oa4-20020a17090b1bc400b0021960920dc8si748047pjb.53.2023.01.04.18.28.28
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 04 Jan 2023 18:28:28 -0800 (PST)
Received-SPF: pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=BfxFYn4k;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=df8u3OaQ;
       dkim=neutral (body hash did not verify) header.i=@gmail.com
 header.s=20210112 header.b=BcnLlCE1;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com)
	by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1pDFyd-0001gB-9h;
	Thu, 05 Jan 2023 02:27:31 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
 by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
 (envelope-from <selva.nair@gmail.com>) id 1pDFyc-0001g1-EF
 for openvpn-devel@lists.sourceforge.net;
 Thu, 05 Jan 2023 02:27:30 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id:
 Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=jO+EHMLLy8B5AaeF4zwkzO8jJjzF0Qw9AVqv8omJkCA=; b=BfxFYn4krkDnEAx1UZVt7j5u3O
 STu9Ih0amd0ieoseYK9m/CTTrxs6c9UaSXi0oeqpL33SrFAxPEoJNng2+sLpSm3SSqZIJ+6n9rIPp
 /G18SVgsHx70yPaXP5r+YFgosDFfvjur+XIo8RJZO8bIOu9hnvy96A06EE2yX0XJwdCM=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From
 :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:
 Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:
 References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:
 List-Owner:List-Archive; bh=jO+EHMLLy8B5AaeF4zwkzO8jJjzF0Qw9AVqv8omJkCA=; b=d
 f8u3OaQIAOY89LQoZJL4bgWoQfpc7KkSfZjLOqE6MQmc1b/UprWhQK5jLX4p3nClu1fqjvXQ/OU7A
 LChsZ83xFFYh6zlhjJnwb2LIu1XSJVPyUTHg+ymFz4mR7cEqRjnCFF+gH5ATGGWhLeN5RqhwN1osO
 fns8wEy+431k5beo=;
Received: from mail-io1-f47.google.com ([209.85.166.47])
 by sfi-mx-2.v28.lw.sourceforge.com with esmtps
 (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95)
 id 1pDFyb-0006rv-IM for openvpn-devel@lists.sourceforge.net;
 Thu, 05 Jan 2023 02:27:30 +0000
Received: by mail-io1-f47.google.com with SMTP id r72so18981301iod.5
 for <openvpn-devel@lists.sourceforge.net>;
 Wed, 04 Jan 2023 18:27:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:from:to:cc:subject:date:message-id:reply-to;
 bh=jO+EHMLLy8B5AaeF4zwkzO8jJjzF0Qw9AVqv8omJkCA=;
 b=BcnLlCE1UBIj99OwpYQl3DbcixB2JWnBjlX7gfZIVly3kQwZjE7hXue1lnYkWqZmQA
 hxjIWRoDuPrfM34WcxqD/Pqqnwe7yP88tjo3W85nylCqVv7DUeG5muNCjdcIHfI/ULDi
 0seV6HZQIi9Z6X9qEpAtMSunAsZfJn1qb+VbMQGp1YVytE8hpE9d1/N2Nqsl+fxubY5G
 3AXSlJE1pMeC9DlCPxnknkiORYJxY4Lj4+GjrGSLbHTIfJt6tB26C4jafS/yT/VDcep0
 ENvWMOsJgBcNHgY0ZlE8mEW+WhUm7+3hk9DW/C0SV5J5JqbJ26AB1/LMYImMNeW2ryS6
 KDAA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
 :reply-to;
 bh=jO+EHMLLy8B5AaeF4zwkzO8jJjzF0Qw9AVqv8omJkCA=;
 b=1kydimta5b0Qsc29PxpP4ylAAoEFJplKA6HhiC71tEOU4+Qpqd+/cv43Lq6bWfu/v8
 zgFcsKgZNnHNsE4j+RQHCimoTrw4hVGyidANs2h2GUJL4IASBC+o+hsRsxqP80gCvI34
 ExMtzCpxOoJEhBj1VeuulOd22kbjx/kSKxBVB2j3xp60FIBN9Wii65vj0x9BfbGiSeht
 gJe+PWAnUbJFK+Sf1In6Ooxx5c4kaNR5KqPLr6rCXPvmcVrLPskZv7kttDEW71oh9chA
 6DzUb+mG0CIM3t7ee67Bgvmk0Emw95B0WFmLdlSi1qYSnzsRuFa59xcumMyPXoIwdclD
 ln+w==
X-Gm-Message-State: AFqh2kq1wTZtfHyASKiqvFrxwEO/R2SL8kiXkkWHYi7lBNPXnr5/OuMP
 ebg7+P1wxzoFAUOjouO9QmgsxRAsjHxusKSf
X-Received: by 2002:a6b:d107:0:b0:6e2:d939:4f30 with SMTP id
 l7-20020a6bd107000000b006e2d9394f30mr6350270iob.0.1672885643713;
 Wed, 04 Jan 2023 18:27:23 -0800 (PST)
Received: from uranus.sansel.ca
 (bras-vprn-tnhlon4053w-lp130-01-70-51-222-66.dsl.bell.ca. [70.51.222.66])
 by smtp.gmail.com with ESMTPSA id
 g4-20020a05663810e400b0037477c3d04asm10968971jae.130.2023.01.04.18.27.22
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 04 Jan 2023 18:27:23 -0800 (PST)
From: selva.nair@gmail.com
To: openvpn-devel@lists.sourceforge.net
Date: Wed,  4 Jan 2023 21:27:16 -0500
Message-Id: <20230105022718.1641751-1-selva.nair@gmail.com>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
X-Spam-Score: -0.2 (/)
X-Spam-Report: Spam detection software,
 running on the system "util-spamd-1.v13.lw.sourceforge.com",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  From: Selva Nair Currently we use netsh for this. The new
 code closely follows what interactive service does. Signed-off-by: Selva Nair
 --- src/openvpn/route.c | 175 ++++++++++++++++++ 1 file changed,
 71 insertions(+), 104 deletions(-)
 Content analysis details:   (-0.2 points, 6.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider [selva.nair[at]gmail.com]
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
 no trust [209.85.166.47 listed in list.dnswl.org]
 -0.0 RCVD_IN_MSPIKE_H2      RBL: Average reputation (+2)
 [209.85.166.47 listed in wl.mailspike.net]
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
 author's domain
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
 envelope-from domain
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily
 valid
 -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1pDFyb-0006rv-IM
Subject: [Openvpn-devel] [PATCH 1/3] Use IPAPI for setting ipv6 routes when
 iservice not available
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1754147805036417626?=
X-GMAIL-MSGID: =?utf-8?q?1754147805036417626?=

From: Selva Nair <selva.nair@gmail.com>

Currently we use netsh for this. The new code closely follows
what interactive service does.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Lev Stipakov <lstipakov@gmail.com>
---
 src/openvpn/route.c | 175 ++++++++++++++++++--------------------------
 1 file changed, 71 insertions(+), 104 deletions(-)

diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index ded8fec8..eabfe0a5 100644
--- a/src/openvpn/route.c
+++ b/src/openvpn/route.c
@@ -65,6 +65,8 @@ static bool add_route_ipv6_service(const struct route_ipv6 *, const struct tunta
 
 static bool del_route_ipv6_service(const struct route_ipv6 *, const struct tuntap *);
 
+static bool route_ipv6_ipapi(bool add, const struct route_ipv6 *, const struct tuntap *);
+
 #endif
 
 static void delete_route(struct route_ipv4 *r, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, const struct env_set *es, openvpn_net_ctx_t *ctx);
@@ -1975,58 +1977,8 @@ add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt,
     }
     else
     {
-        DWORD adapter_index;
-        if (r6->adapter_index)          /* vpn server special route */
-        {
-            adapter_index = r6->adapter_index;
-            gateway_needed = true;
-        }
-        else
-        {
-            adapter_index = tt->adapter_index;
-        }
-
-        /* netsh interface ipv6 add route 2001:db8::/32 42 */
-        argv_printf(&argv, "%s%s interface ipv6 add route %s/%d %lu",
-                    get_win_sys_path(),
-                    NETSH_PATH_SUFFIX,
-                    network,
-                    r6->netbits,
-                    adapter_index);
-
-        /* next-hop depends on TUN or TAP mode:
-         * - in TAP mode, we use the "real" next-hop
-         * - in TUN mode we use a special-case link-local address that the tapdrvr
-         *   knows about and will answer ND (neighbor discovery) packets for
-         */
-        if (tt->type == DEV_TYPE_TUN && !gateway_needed)
-        {
-            argv_printf_cat( &argv, " %s", "fe80::8" );
-        }
-        else if (!IN6_IS_ADDR_UNSPECIFIED(&r6->gateway) )
-        {
-            argv_printf_cat( &argv, " %s", gateway );
-        }
-
-#if 0
-        if (r6->flags & RT_METRIC_DEFINED)
-        {
-            argv_printf_cat(&argv, " METRIC %d", r->metric);
-        }
-#endif
-
-        /* in some versions of Windows, routes are persistent across reboots by
-         * default, unless "store=active" is set (pointed out by Tony Lim, thanks)
-         */
-        argv_printf_cat( &argv, " store=active" );
-
-        argv_msg(D_ROUTE, &argv);
-
-        netcmd_semaphore_lock();
-        status = openvpn_execve_check(&argv, es, 0, "ERROR: Windows route add ipv6 command failed");
-        netcmd_semaphore_release();
+        status = route_ipv6_ipapi(true, r6, tt);
     }
-
 #elif defined (TARGET_SOLARIS)
 
     /* example: route add -inet6 2001:db8::/32 somegateway 0 */
@@ -2416,60 +2368,8 @@ delete_route_ipv6(const struct route_ipv6 *r6, const struct tuntap *tt,
     }
     else
     {
-        DWORD adapter_index;
-        if (r6->adapter_index)          /* vpn server special route */
-        {
-            adapter_index = r6->adapter_index;
-            gateway_needed = true;
-        }
-        else
-        {
-            adapter_index = tt->adapter_index;
-        }
-
-        /* netsh interface ipv6 delete route 2001:db8::/32 42 */
-        argv_printf(&argv, "%s%s interface ipv6 delete route %s/%d %lu",
-                    get_win_sys_path(),
-                    NETSH_PATH_SUFFIX,
-                    network,
-                    r6->netbits,
-                    adapter_index);
-
-        /* next-hop depends on TUN or TAP mode:
-         * - in TAP mode, we use the "real" next-hop
-         * - in TUN mode we use a special-case link-local address that the tapdrvr
-         *   knows about and will answer ND (neighbor discovery) packets for
-         * (and "route deletion without specifying next-hop" does not work...)
-         */
-        if (tt->type == DEV_TYPE_TUN && !gateway_needed)
-        {
-            argv_printf_cat( &argv, " %s", "fe80::8" );
-        }
-        else if (!IN6_IS_ADDR_UNSPECIFIED(&r6->gateway) )
-        {
-            argv_printf_cat( &argv, " %s", gateway );
-        }
-
-#if 0
-        if (r6->flags & RT_METRIC_DEFINED)
-        {
-            argv_printf_cat(&argv, "METRIC %d", r->metric);
-        }
-#endif
-
-        /* Windows XP to 7 "just delete" routes, wherever they came from, but
-         * in Windows 8(.1?), if you create them with "store=active", this is
-         * how you should delete them as well (pointed out by Cedric Tabary)
-         */
-        argv_printf_cat( &argv, " store=active" );
-
-        argv_msg(D_ROUTE, &argv);
-
-        netcmd_semaphore_lock();
-        openvpn_execve_check(&argv, es, 0, "ERROR: Windows route delete ipv6 command failed");
-        netcmd_semaphore_release();
+        route_ipv6_ipapi(false, r6, tt);
     }
-
 #elif defined (TARGET_SOLARIS)
 
     /* example: route delete -inet6 2001:db8::/32 somegateway */
@@ -3049,6 +2949,73 @@ do_route_ipv4_service(const bool add, const struct route_ipv4 *r, const struct t
     return do_route_service(add, &msg, sizeof(msg), tt->options.msg_channel);
 }
 
+/* Add or delete an ipv6 route */
+static bool
+route_ipv6_ipapi(const bool add, const struct route_ipv6 *r, const struct tuntap *tt)
+{
+    DWORD err;
+    PMIB_IPFORWARD_ROW2 fwd_row;
+    struct gc_arena gc = gc_new();
+
+    fwd_row = gc_malloc(sizeof(*fwd_row), true, &gc);
+
+    fwd_row->ValidLifetime = 0xffffffff;
+    fwd_row->PreferredLifetime = 0xffffffff;
+    fwd_row->Protocol = MIB_IPPROTO_NETMGMT;
+    fwd_row->Metric = ((r->flags & RT_METRIC_DEFINED) ? r->metric : -1);
+    fwd_row->DestinationPrefix.Prefix.si_family = AF_INET6;
+    fwd_row->DestinationPrefix.Prefix.Ipv6.sin6_addr = r->network;
+    fwd_row->DestinationPrefix.PrefixLength = (UINT8) r->netbits;
+    fwd_row->NextHop.si_family = AF_INET6;
+    fwd_row->NextHop.Ipv6.sin6_addr = r->gateway;
+    fwd_row->InterfaceIndex = r->adapter_index ? r->adapter_index : tt->adapter_index;
+
+    /* In TUN mode we use a special link-local address as the next hop.
+     * The tapdrvr knows about it and will answer neighbor discovery packets.
+     * (only do this for routes actually using the tun/tap device)
+     */
+    if (tt->type == DEV_TYPE_TUN && !r->adapter_index)
+    {
+        inet_pton(AF_INET6, "fe80::8", &fwd_row->NextHop.Ipv6.sin6_addr);
+    }
+
+    /* Use LUID if interface index not available */
+    if (fwd_row->InterfaceIndex == TUN_ADAPTER_INDEX_INVALID && strlen(tt->actual_name))
+    {
+        NET_LUID luid;
+        err = ConvertInterfaceAliasToLuid(wide_string(tt->actual_name, &gc), &luid);
+        if (err != NO_ERROR)
+        {
+            goto out;
+        }
+        fwd_row->InterfaceLuid = luid;
+        fwd_row->InterfaceIndex = 0;
+    }
+
+    if (add)
+    {
+        err = CreateIpForwardEntry2(fwd_row);
+    }
+    else
+    {
+        err = DeleteIpForwardEntry2(fwd_row);
+    }
+
+out:
+    if (err != NO_ERROR)
+    {
+        msg(M_WARN, "ROUTE: route %s failed using ipapi: %s [status=%lu if_index=%lu]",
+            (add ? "addition" : "deletion"), strerror_win32(err, &gc), err, fwd_row->InterfaceIndex);
+    }
+    else
+    {
+        msg(D_ROUTE, "IPv6 route %s using ipapi", add ? "added" : "deleted");
+    }
+    gc_free(&gc);
+
+    return (err == NO_ERROR);
+}
+
 static bool
 do_route_ipv6_service(const bool add, const struct route_ipv6 *r, const struct tuntap *tt)
 {