From patchwork Thu Jan 5 02:27:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 2975 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp13694dyk; Wed, 4 Jan 2023 18:28:31 -0800 (PST) X-Google-Smtp-Source: AMrXdXt7kUUR5GaXedWcYbnVYqIDZ/4LIeyE6r2Ac8TMPq/C07/MEF9lXYluzzMm3XIyUlx2RNat X-Received: by 2002:a17:902:b713:b0:190:c550:d295 with SMTP id d19-20020a170902b71300b00190c550d295mr50219391pls.9.1672885710863; Wed, 04 Jan 2023 18:28:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1672885710; cv=none; d=google.com; s=arc-20160816; b=Gois7OY2a+NGqeSqOTssf7lhuvBS+VJMA/ymZGE/aPTx+o/Oo58cy8LAJLeRKVg+s0 cpq6fxL6IPs8aOLohlwZite3z0MruzQX0mWbsGoCxaVKec2Mg6IFI7RBDedm5It6UnBT /fD1R+NGo0XyD27GAB42GcWJAk+O0I0I1pntij/RAguNKiucdJ88oAUR4YuWbUXYEgDW zFmS3NeeOc8eZmUm3uwEfoCeCUptMMqVXGgzGA9spFZG2PXYGArfEuyqYPSGITSVFZ+C 3D/LZHV0e/16V3/pao8kVreD3t1AG1TvADhxiwLBmi6tiNknYy6Ynt+E8wY6j4fewLY5 8SDw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=rHCHU6+Pha8d7M17FtRlMB1APFwI01ewlFA+wDXptwU=; b=AtuQXEqDNPu1+s8AkH5mCn/R96t1rqYrVuMp4K1U2sZEo0Ux3QxWj/wnEV1WqJpUbs 7gB8//mB54iCmANwcrooh+jodcunsCKa322l8fcuD7t364Kmfao7r0C60QvaYdzRzuVd UD1wnCMopepp5JEKIPwBYaCd0huQDT9HS4gel86tOIQYnxgAioFqDy+2kuBUHAv52lrP 4zKZukkD0WnA7cuhbTGEyS9VJQaOrIkceTchtXimQtNGYnzcsZ28MgZYbk2agtLKdZCc IPHYMEo+G2qLYcUpmHzkMXn3tCkKCRI9xDz2+iOdB1zuNrVjpnzLkeqziKaKw1hQYRMs rY9A== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=mLzMZdFZ; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=h503GweB; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=Q9S2RAnj; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id d21-20020a170902b71500b00176c9015627si34463648pls.94.2023.01.04.18.28.30 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 04 Jan 2023 18:28:30 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=mLzMZdFZ; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=h503GweB; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=Q9S2RAnj; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pDFym-0002WP-KB; Thu, 05 Jan 2023 02:27:40 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pDFyl-0002WJ-FX for openvpn-devel@lists.sourceforge.net; Thu, 05 Jan 2023 02:27:39 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=0Dedbfcas467g33JqeBFWJmQ5l8+nakJD4L5O2VH9Cs=; b=mLzMZdFZbv8YXWE+0V3GySjiMh EmO3rwLZJjk64KVNFvDfjOwZNKToZYyqOY+XnPHOnoQVzHCo924thY9ufjhtUWELodG4oSVNSP3bx O3AsYIyiDzXSwayktkkdmdT0fP/NYQrMlbEVYyU7x8kKSM/qyZe3nucyWa9hAI+y6h8E=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=0Dedbfcas467g33JqeBFWJmQ5l8+nakJD4L5O2VH9Cs=; b=h503GweBkAQGQrkLvXRbS48kmp j62s3fmWD0/FL9OdYSnHm3i2TvsWceiJz19aaTwjbwhlkGKPMROjxYVyUCj72PcnphUQCgcwISYbI Mz+IIuEKL2hAcPsZVdnTBjktihQYQW339LAvQdirVAQF0LFzsyARqsBX0cXC6CQgPh8o=; Received: from mail-io1-f47.google.com ([209.85.166.47]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1pDFyg-005HpB-FX for openvpn-devel@lists.sourceforge.net; Thu, 05 Jan 2023 02:27:38 +0000 Received: by mail-io1-f47.google.com with SMTP id n63so18970487iod.7 for ; Wed, 04 Jan 2023 18:27:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=0Dedbfcas467g33JqeBFWJmQ5l8+nakJD4L5O2VH9Cs=; b=Q9S2RAnjGVkGDFQlzhINZYM67uLNaYIa76zPJDf/uFfh73syTW+C8LfkRXX56DCK+0 2EBdUmQYYWQehMTXiHzCL1rONfhVHQIjqaymAwatkUook+B8myMc/eqyDuhdu1OFaOTk opj2awkl9Q2NkKM/791KD8L6IpRX51MIVnLqEq9b0g3c3wzjxFGWxCDmhg6Gy6404Xpk CLe5neacLsmisUpnuXTv04ZF03Uqm6wI70HmkBXhpIZ/6DevQg5kyTmxjVIor2I5iYd4 0fuzPUeZF6PnECpCfKJihlLFdGY6kOeojrNZO2jeki47Cs01RtsDWkMUFztbDvV7Fu5y 2dRg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0Dedbfcas467g33JqeBFWJmQ5l8+nakJD4L5O2VH9Cs=; b=zNUyEUM3fMedp6Okkj6L2II5edGejezrVNP+X14jIovVZ9AcHnu8L46UnDUYA+bGeZ DBWziJM0U24a6SCnqrFZ5dm1LqQX21ZyS17aLN/1Q0DztG65sbupJqvJ68DVQCRr0PgQ fE09JhhRxoPYSvhIZ4RYQ2vtPEodI7feOfG8gj+OwjQXk80f0QHcF4vcbbxJ4mYujTp5 IT3Gf3HRjGWKoWBXJsoFwbyfhow02s98WDfQmHhZPQgLn837x9//YLdBHFp4w4po8ZXF kIDmP7c0UuWM2Myoj2FoL+7r6cWZ9lECe7umnQZNSxMOAm+mAjpwxmi1v3IQ1XnEGOs0 IEaQ== X-Gm-Message-State: AFqh2krg64MQaI+YsBHkHi4NsYlJrBf8xpMcO80TNIP6tgTVuOt7ldkY 7ZVkPioK4p6uiZl2Jn2l+G16je0Gu2c7LDU6 X-Received: by 2002:a6b:d107:0:b0:6e2:d939:4f30 with SMTP id l7-20020a6bd107000000b006e2d9394f30mr6350296iob.0.1672885646891; Wed, 04 Jan 2023 18:27:26 -0800 (PST) Received: from uranus.sansel.ca (bras-vprn-tnhlon4053w-lp130-01-70-51-222-66.dsl.bell.ca. [70.51.222.66]) by smtp.gmail.com with ESMTPSA id g4-20020a05663810e400b0037477c3d04asm10968971jae.130.2023.01.04.18.27.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 04 Jan 2023 18:27:26 -0800 (PST) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Wed, 4 Jan 2023 21:27:18 -0500 Message-Id: <20230105022718.1641751-3-selva.nair@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230105022718.1641751-1-selva.nair@gmail.com> References: <20230105022718.1641751-1-selva.nair@gmail.com> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Selva Nair Makes it possible to report management state as CONNECTED,ROUTE_ERROR instead of CONNECTED,SUCCESS in case of routing errors. This depends on treating "route already exists" as not an error which right now works when using netlink on Linux and IPAPI or iservice on Windows. Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.166.47 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [selva.nair[at]gmail.com] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.166.47 listed in wl.mailspike.net] 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1pDFyg-005HpB-FX Subject: [Openvpn-devel] [PATCH 3/3] Propagate route error to initialization_completed() X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1754147807101860545?= X-GMAIL-MSGID: =?utf-8?q?1754147807101860545?= From: Selva Nair Makes it possible to report management state as CONNECTED,ROUTE_ERROR instead of CONNECTED,SUCCESS in case of routing errors. This depends on treating "route already exists" as not an error which right now works when using netlink on Linux and IPAPI or iservice on Windows. For route set via command line there is no easy way to get this information and current behaviour is unchanged: i.e., the management state continues to be reported as CONNECTED,SUCCESS. Status notification to systemd is not affected. To test on Linux, build with netlink and use a --route option with an unreachable gateway like: "--route 192.168.122.0 255.255.255.0 1.1.1.1" Notes: On windows, if the route method is "exe", setting a route that exists *may* get logged as error and this patch will lead to a slightly misleading CONNECTED,ROUTE_ERROR state message. This is considered tolerable as no one should be using "exe" (i.e. route.exe) as the route method. Signed-off-by: Selva Nair Acked-by: Gert Doering --- src/openvpn/forward.c | 10 +++-- src/openvpn/init.c | 42 +++++++++++++------ src/openvpn/init.h | 10 ++--- src/openvpn/route.c | 97 +++++++++++++++++-------------------------- src/openvpn/route.h | 18 +++----- 5 files changed, 85 insertions(+), 92 deletions(-) diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index af4ed05d..d7b0a2d3 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -405,12 +405,16 @@ send_control_channel_string(struct context *c, const char *str, int msglevel) static void check_add_routes_action(struct context *c, const bool errors) { - do_route(&c->options, c->c1.route_list, c->c1.route_ipv6_list, - c->c1.tuntap, c->plugins, c->c2.es, &c->net_ctx); + bool route_status = do_route(&c->options, c->c1.route_list, c->c1.route_ipv6_list, + c->c1.tuntap, c->plugins, c->c2.es, &c->net_ctx); + + int flags = (errors ? ISC_ERRORS : 0); + flags |= (!route_status ? ISC_ROUTE_ERRORS : 0); + update_time(); event_timeout_clear(&c->c2.route_wakeup); event_timeout_clear(&c->c2.route_wakeup_expire); - initialization_sequence_completed(c, errors ? ISC_ERRORS : 0); /* client/p2p --route-delay was defined */ + initialization_sequence_completed(c, flags); /* client/p2p --route-delay was defined */ } static void diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 2e95256c..a5e7399a 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -1648,6 +1648,15 @@ initialization_sequence_completed(struct context *c, const unsigned int flags) { detail = "ERROR"; } + /* Flag route error only on platforms where trivial "already exists" errors + * are filtered out. Currently this is the case on Windows or if usng netlink. + */ +#if defined(_WIN32) || defined(ENABLE_SITNL) + else if (flags & ISC_ROUTE_ERRORS) + { + detail = "ROUTE_ERROR"; + } +#endif CLEAR(local); actual = &get_link_socket_info(c)->lsa->actual; @@ -1697,7 +1706,7 @@ initialization_sequence_completed(struct context *c, const unsigned int flags) * Possibly add routes and/or call route-up script * based on options. */ -void +bool do_route(const struct options *options, struct route_list *route_list, struct route_ipv6_list *route_ipv6_list, @@ -1706,10 +1715,11 @@ do_route(const struct options *options, struct env_set *es, openvpn_net_ctx_t *ctx) { + bool ret = true; if (!options->route_noexec && ( route_list || route_ipv6_list ) ) { - add_routes(route_list, route_ipv6_list, tt, ROUTE_OPTION_FLAGS(options), - es, ctx); + ret = add_routes(route_list, route_ipv6_list, tt, ROUTE_OPTION_FLAGS(options), + es, ctx); setenv_int(es, "redirect_gateway", route_did_redirect_default_gateway(route_list)); } #ifdef ENABLE_MANAGEMENT @@ -1748,6 +1758,7 @@ do_route(const struct options *options, show_adapters(D_SHOW_NET|M_NOPREFIX); } #endif + return ret; } /* @@ -1798,10 +1809,11 @@ can_preserve_tun(struct tuntap *tt) } static bool -do_open_tun(struct context *c) +do_open_tun(struct context *c, int *error_flags) { struct gc_arena gc = gc_new(); bool ret = false; + *error_flags = 0; if (!can_preserve_tun(c->c1.tuntap)) { @@ -1868,8 +1880,9 @@ do_open_tun(struct context *c) if (route_order() == ROUTE_BEFORE_TUN) { /* Ignore route_delay, would cause ROUTE_BEFORE_TUN to be ignored */ - do_route(&c->options, c->c1.route_list, c->c1.route_ipv6_list, - c->c1.tuntap, c->plugins, c->c2.es, &c->net_ctx); + bool status = do_route(&c->options, c->c1.route_list, c->c1.route_ipv6_list, + c->c1.tuntap, c->plugins, c->c2.es, &c->net_ctx); + *error_flags |= (status ? 0 : ISC_ROUTE_ERRORS); } #ifdef TARGET_ANDROID /* Store the old fd inside the fd so open_tun can use it */ @@ -1930,8 +1943,9 @@ do_open_tun(struct context *c) /* possibly add routes */ if ((route_order() == ROUTE_AFTER_TUN) && (!c->options.route_delay_defined)) { - do_route(&c->options, c->c1.route_list, c->c1.route_ipv6_list, - c->c1.tuntap, c->plugins, c->c2.es, &c->net_ctx); + int status = do_route(&c->options, c->c1.route_list, c->c1.route_ipv6_list, + c->c1.tuntap, c->plugins, c->c2.es, &c->net_ctx); + *error_flags |= (status ? 0 : ISC_ROUTE_ERRORS); } ret = true; @@ -2227,6 +2241,7 @@ do_deferred_options_part2(struct context *c) bool do_up(struct context *c, bool pulled_options, unsigned int option_types_found) { + int error_flags = 0; if (!c->c2.do_up_ran) { reset_coarse_timers(c); @@ -2243,7 +2258,7 @@ do_up(struct context *c, bool pulled_options, unsigned int option_types_found) /* if --up-delay specified, open tun, do ifconfig, and run up script now */ if (c->options.up_delay || PULL_DEFINED(&c->options)) { - c->c2.did_open_tun = do_open_tun(c); + c->c2.did_open_tun = do_open_tun(c, &error_flags); update_time(); /* @@ -2272,7 +2287,7 @@ do_up(struct context *c, bool pulled_options, unsigned int option_types_found) else { management_sleep(1); - c->c2.did_open_tun = do_open_tun(c); + c->c2.did_open_tun = do_open_tun(c, &error_flags); update_time(); } } @@ -2345,12 +2360,12 @@ do_up(struct context *c, bool pulled_options, unsigned int option_types_found) } else { - initialization_sequence_completed(c, 0); /* client/p2p --route-delay undefined */ + initialization_sequence_completed(c, error_flags); /* client/p2p --route-delay undefined */ } } else if (c->options.mode == MODE_POINT_TO_POINT) { - initialization_sequence_completed(c, 0); /* client/p2p restart with --persist-tun */ + initialization_sequence_completed(c, error_flags); /* client/p2p restart with --persist-tun */ } c->c2.do_up_ran = true; @@ -4483,7 +4498,8 @@ init_instance(struct context *c, const struct env_set *env, const unsigned int f * open tun/tap device, ifconfig, run up script, etc. */ if (!(options->up_delay || PULL_DEFINED(options)) && (c->mode == CM_P2P || c->mode == CM_TOP)) { - c->c2.did_open_tun = do_open_tun(c); + int error_flags = 0; + c->c2.did_open_tun = do_open_tun(c, &error_flags); } c->c2.frame_initial = c->c2.frame; diff --git a/src/openvpn/init.h b/src/openvpn/init.h index d0fb6ea1..2315b3ca 100644 --- a/src/openvpn/init.h +++ b/src/openvpn/init.h @@ -71,12 +71,9 @@ void init_instance(struct context *c, const struct env_set *env, const unsigned */ void init_query_passwords(const struct context *c); -void do_route(const struct options *options, - struct route_list *route_list, - struct route_ipv6_list *route_ipv6_list, - const struct tuntap *tt, - const struct plugin_list *plugins, - struct env_set *es, +bool do_route(const struct options *options, struct route_list *route_list, + struct route_ipv6_list *route_ipv6_list, const struct tuntap *tt, + const struct plugin_list *plugins, struct env_set *es, openvpn_net_ctx_t *ctx); void close_instance(struct context *c); @@ -116,6 +113,7 @@ void free_context_buffers(struct context_buffers *b); #define ISC_ERRORS (1<<0) #define ISC_SERVER (1<<1) +#define ISC_ROUTE_ERRORS (1<<2) void initialization_sequence_completed(struct context *c, const unsigned int flags); #ifdef ENABLE_MANAGEMENT diff --git a/src/openvpn/route.c b/src/openvpn/route.c index b4a9d56a..d406770d 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -907,7 +907,7 @@ init_route_ipv6_list(struct route_ipv6_list *rl6, return ret; } -static void +static bool add_route3(in_addr_t network, in_addr_t netmask, in_addr_t gateway, @@ -923,7 +923,7 @@ add_route3(in_addr_t network, r.network = network; r.netmask = netmask; r.gateway = gateway; - add_route(&r, tt, flags, rgi, es, ctx); + return add_route(&r, tt, flags, rgi, es, ctx); } static void @@ -945,7 +945,7 @@ del_route3(in_addr_t network, delete_route(&r, tt, flags, rgi, es, ctx); } -static void +static bool add_bypass_routes(struct route_bypass *rb, in_addr_t gateway, const struct tuntap *tt, @@ -954,21 +954,16 @@ add_bypass_routes(struct route_bypass *rb, const struct env_set *es, openvpn_net_ctx_t *ctx) { - int i; - for (i = 0; i < rb->n_bypass; ++i) + int ret = true; + for (int i = 0; i < rb->n_bypass; ++i) { if (rb->bypass[i]) { - add_route3(rb->bypass[i], - IPV4_NETMASK_HOST, - gateway, - tt, - flags | ROUTE_REF_GW, - rgi, - es, - ctx); + ret = add_route3(rb->bypass[i], IPV4_NETMASK_HOST, gateway, tt, + flags | ROUTE_REF_GW, rgi, es, ctx) && ret; } } + return ret; } static void @@ -997,12 +992,13 @@ del_bypass_routes(struct route_bypass *rb, } } -static void +static bool redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, unsigned int flags, const struct env_set *es, openvpn_net_ctx_t *ctx) { const char err[] = "NOTE: unable to redirect IPv4 default gateway --"; + bool ret = true; if (rl && rl->flags & RG_ENABLE) { @@ -1011,6 +1007,7 @@ redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, if (!(rl->spec.flags & RTSA_REMOTE_ENDPOINT) && (rl->flags & RG_REROUTE_GW)) { msg(M_WARN, "%s VPN gateway parameter (--route-gateway or --ifconfig) is missing", err); + ret = false; } /* * check if a default route is defined, unless: @@ -1021,6 +1018,7 @@ redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, && (rl->spec.flags & RTSA_REMOTE_HOST)) { msg(M_WARN, "%s Cannot read current default gateway from system", err); + ret = false; } else { @@ -1047,14 +1045,9 @@ redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, if ((rl->spec.flags & RTSA_REMOTE_HOST) && rl->spec.remote_host != IPV4_INVALID_ADDR) { - add_route3(rl->spec.remote_host, - IPV4_NETMASK_HOST, - rl->rgi.gateway.addr, - tt, - flags | ROUTE_REF_GW, - &rl->rgi, - es, - ctx); + ret = add_route3(rl->spec.remote_host, IPV4_NETMASK_HOST, + rl->rgi.gateway.addr, tt, flags | ROUTE_REF_GW, + &rl->rgi, es, ctx); rl->iflags |= RL_DID_LOCAL; } else @@ -1065,32 +1058,20 @@ redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, #endif /* ifndef TARGET_ANDROID */ /* route DHCP/DNS server traffic through original default gateway */ - add_bypass_routes(&rl->spec.bypass, rl->rgi.gateway.addr, tt, flags, - &rl->rgi, es, ctx); + ret = add_bypass_routes(&rl->spec.bypass, rl->rgi.gateway.addr, tt, flags, + &rl->rgi, es, ctx); if (rl->flags & RG_REROUTE_GW) { if (rl->flags & RG_DEF1) { /* add new default route (1st component) */ - add_route3(0x00000000, - 0x80000000, - rl->spec.remote_endpoint, - tt, - flags, - &rl->rgi, - es, - ctx); + ret = add_route3(0x00000000, 0x80000000, rl->spec.remote_endpoint, + tt, flags, &rl->rgi, es, ctx) && ret; /* add new default route (2nd component) */ - add_route3(0x80000000, - 0x80000000, - rl->spec.remote_endpoint, - tt, - flags, - &rl->rgi, - es, - ctx); + ret = add_route3(0x80000000, 0x80000000, rl->spec.remote_endpoint, + tt, flags, &rl->rgi, es, ctx) && ret; } else { @@ -1103,14 +1084,8 @@ redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, } /* add new default route */ - add_route3(0, - 0, - rl->spec.remote_endpoint, - tt, - flags, - &rl->rgi, - es, - ctx); + ret = add_route3(0, 0, rl->spec.remote_endpoint, tt, + flags, &rl->rgi, es, ctx) && ret; } } @@ -1118,6 +1093,7 @@ redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, rl->iflags |= RL_DID_REDIRECT_DEFAULT_GATEWAY; } } + return ret; } static void @@ -1194,12 +1170,12 @@ undo_redirect_default_route_to_vpn(struct route_list *rl, } } -void +bool add_routes(struct route_list *rl, struct route_ipv6_list *rl6, const struct tuntap *tt, unsigned int flags, const struct env_set *es, openvpn_net_ctx_t *ctx) { - redirect_default_route_to_vpn(rl, tt, flags, es, ctx); + bool ret = redirect_default_route_to_vpn(rl, tt, flags, es, ctx); if (rl && !(rl->iflags & RL_ROUTES_ADDED) ) { struct route_ipv4 *r; @@ -1232,7 +1208,7 @@ add_routes(struct route_list *rl, struct route_ipv6_list *rl6, { delete_route(r, tt, flags, &rl->rgi, es, ctx); } - add_route(r, tt, flags, &rl->rgi, es, ctx); + ret = add_route(r, tt, flags, &rl->rgi, es, ctx) && ret; } rl->iflags |= RL_ROUTES_ADDED; } @@ -1254,10 +1230,11 @@ add_routes(struct route_list *rl, struct route_ipv6_list *rl6, { delete_route_ipv6(r, tt, flags, es, ctx); } - add_route_ipv6(r, tt, flags, es, ctx); + ret = add_route_ipv6(r, tt, flags, es, ctx) && ret; } rl6->iflags |= RL_ROUTES_ADDED; } + return ret; } void @@ -1569,7 +1546,7 @@ is_on_link(const int is_local_route, const unsigned int flags, const struct rout return rgi && (is_local_route == LR_MATCH || ((flags & ROUTE_REF_GW) && (rgi->flags & RGI_ON_LINK))); } -void +bool add_route(struct route_ipv4 *r, const struct tuntap *tt, unsigned int flags, @@ -1582,7 +1559,7 @@ add_route(struct route_ipv4 *r, if (!(r->flags & RT_DEFINED)) { - return; + return true; /* no error */ } struct argv argv = argv_new(); @@ -1635,7 +1612,7 @@ add_route(struct route_ipv4 *r, { openvpn_snprintf(out, sizeof(out), "%s %s %s", network, netmask, gateway); } - management_android_control(management, "ROUTE", out); + status = management_android_control(management, "ROUTE", out); #elif defined (_WIN32) { @@ -1845,6 +1822,8 @@ done: gc_free(&gc); /* release resources potentially allocated during route setup */ net_ctx_reset(ctx); + + return (status != 0); } @@ -1871,7 +1850,7 @@ route_ipv6_clear_host_bits( struct route_ipv6 *r6 ) } } -void +bool add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt, unsigned int flags, const struct env_set *es, openvpn_net_ctx_t *ctx) @@ -1882,7 +1861,7 @@ add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt, if (!(r6->flags & RT_DEFINED) ) { - return; + return true; /* no error */ } struct argv argv = argv_new(); @@ -1972,7 +1951,7 @@ add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt, openvpn_snprintf(out, sizeof(out), "%s/%d %s", network, r6->netbits, device); - management_android_control(management, "ROUTE6", out); + status = management_android_control(management, "ROUTE6", out); #elif defined (_WIN32) @@ -2092,6 +2071,8 @@ done: gc_free(&gc); /* release resources potentially allocated during route setup */ net_ctx_reset(ctx); + + return (status != 0); } static void diff --git a/src/openvpn/route.h b/src/openvpn/route.h index 74ecd343..1c940a9b 100644 --- a/src/openvpn/route.h +++ b/src/openvpn/route.h @@ -259,15 +259,12 @@ void copy_route_ipv6_option_list(struct route_ipv6_option_list *dest, void route_ipv6_clear_host_bits( struct route_ipv6 *r6 ); -void add_route_ipv6(struct route_ipv6 *r, const struct tuntap *tt, unsigned int flags, const struct env_set *es, openvpn_net_ctx_t *ctx); +bool add_route_ipv6(struct route_ipv6 *r, const struct tuntap *tt, unsigned int flags, const struct env_set *es, openvpn_net_ctx_t *ctx); void delete_route_ipv6(const struct route_ipv6 *r, const struct tuntap *tt, unsigned int flags, const struct env_set *es, openvpn_net_ctx_t *ctx); -void add_route(struct route_ipv4 *r, - const struct tuntap *tt, - unsigned int flags, - const struct route_gateway_info *rgi, - const struct env_set *es, +bool add_route(struct route_ipv4 *r, const struct tuntap *tt, unsigned int flags, + const struct route_gateway_info *rgi, const struct env_set *es, openvpn_net_ctx_t *ctx); void add_route_to_option_list(struct route_option_list *l, @@ -301,12 +298,9 @@ void route_list_add_vpn_gateway(struct route_list *rl, struct env_set *es, const in_addr_t addr); -void add_routes(struct route_list *rl, - struct route_ipv6_list *rl6, - const struct tuntap *tt, - unsigned int flags, - const struct env_set *es, - openvpn_net_ctx_t *ctx); +bool add_routes(struct route_list *rl, struct route_ipv6_list *rl6, + const struct tuntap *tt, unsigned int flags, + const struct env_set *es, openvpn_net_ctx_t *ctx); void delete_routes(struct route_list *rl, struct route_ipv6_list *rl6,