From patchwork Wed Jan 11 16:08:48 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 2996 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp4526031dyk; Wed, 11 Jan 2023 08:37:22 -0800 (PST) X-Google-Smtp-Source: AMrXdXt/a+A5qej9xJ0bJsvDJ3y8xDcyGAc5/4Pu+SEVRfg8APlR76y9B62dzy1TMgx9avM+NXnD X-Received: by 2002:a17:90a:bb8b:b0:227:1c1e:7529 with SMTP id v11-20020a17090abb8b00b002271c1e7529mr9861729pjr.15.1673455042099; Wed, 11 Jan 2023 08:37:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1673455042; cv=none; d=google.com; s=arc-20160816; b=C1VxiSmtwoDIF2GiReKOIZ7JJJ+4AsZJWExuXbE1QIa8LGftPVRkpcwy05W43/dI8l HSBQwqF4OdLlBrjfHeDNRtudZB5D8is/ZEv/j82O7v4BLH5+W+RuW4Qucy7pTwI02x6q QvkLRgukpeY10bOFT2VhKeF/qJxclD1fjc7p2BrlUJmHjipzOQnp4WTm4JYnJKbLXUJt /TuK9lkcXcLiy/g3NGY0LX3U5/enkmmfLtdZZ9oswEdB3bhq2cvBy5rWJFSLWl4t1r4u yGqZf9+mAL4hTR9d9I8OGy2OeoFFbJr0LmZuYmL0E1DKZzecnLiT4g8s7bKP/lzRvQ5/ a8fw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:dkim-signature; bh=7KhdwsLiqhHOf0B7hpVVx9906iaIEQumy/k2ZMTscso=; b=0/c4pzjOd/YE/vOlc4TigGCqgspS6hDrrj8RIBu8TOf9pfcE7PPE8Mx/sz1pgHlDmH tCxUb+BUEIvmdYoYEDWrjGuNcZfH/Mpf+so85fJKYqwHcUoBMuUDgUCGg9MFAA0mFBnF bV+aFjJajYSi9baB2joCEiFbTu5w9NG0I7kwcnM0TIIIY2Hyso7F4n/u3v+0xEdQwDA9 Vq0Kt8aaIx8essAfhh+la/qHh8RVlxejeYtyUACuVYALtF4EJJuq6GQWG1VrtGn2pbFv ZWNWvW7+ZtMQ8rHcasBVde8rMh/WQcLW+C3G2K5pFm/thNXUw3whLZXhxncOzGaXpv8H mfnA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=N5eYbAWp; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=N4K2S58F; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id i35-20020a635863000000b00478a1814885si14612018pgm.319.2023.01.11.08.37.21 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 11 Jan 2023 08:37:22 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=N5eYbAWp; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=N4K2S58F; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pFe5V-0003Yj-0v; Wed, 11 Jan 2023 16:36:27 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pFe5T-0003Yd-B8 for openvpn-devel@lists.sourceforge.net; Wed, 11 Jan 2023 16:36:25 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=5dQnEOhUOstgvbnoaePoGgGfTZufAnqtesmmiouD6CU=; b=N5eYbAWpiGznFOQWIKC9Y2WODz xOy/C2wI94MfTmcx+i19GKmX4eJ2WrjBWmZwz+MPPr39wZ1ILqghXDqwaw5aJJhK0TucCdrqQQW7i sDusiJzUrDl96U3fNKZy53q/jFVjm4tRJgQgrrgh2t6og5cA2hyPASqFicXze/smQKwg=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:To:From: Sender:Reply-To:Cc:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=5dQnEOhUOstgvbnoaePoGgGfTZufAnqtesmmiouD6CU=; b=N 4K2S58FI6sGrDySPl95doQ8DTYRXyWmQKRFBUPXiHW6mLqX+lQGpeZfaMn3QzaC5gkKOnFEDENckJ eHTKycpuYmroefGi89OSLemZ6+1PAL0UGk4UIiqMQTZirLhwQGEs59uq+0LdhSxbbScTxySTr//NJ cIWNVjWLwDJHr0aE=; Received: from vmail1.greenie.net ([195.30.8.66]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1pFe5O-0002X7-4U for openvpn-devel@lists.sourceforge.net; Wed, 11 Jan 2023 16:36:25 +0000 Received: from gentoo.ov.greenie.net (gentoo.ov.greenie.net [IPv6:2001:608:0:814:0:0:f000:11]) by vmail1.greenie.net (8.17.1/8.16.1) with SMTP id 30BG8mSa073069 for ; Wed, 11 Jan 2023 17:08:48 +0100 (CET) Received: (nullmailer pid 22915 invoked by uid 1000); Wed, 11 Jan 2023 16:08:48 -0000 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Wed, 11 Jan 2023 17:08:48 +0100 Message-Id: <20230111160848.22906-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.38.2 MIME-Version: 1.0 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.4 (vmail1.greenie.net [IPv6:2001:608:1:995a:20c:29ff:feb8:10eb]); Wed, 11 Jan 2023 17:08:48 +0100 (CET) X-Spam-Score: -2.0 (--) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: The code in sitnl_route_set() used to treat "route can not be installed because it already exists" (EEXIST) as "not an error". This is arguably a reasonable approach, but needs to handled higher up - if the low level add_route() function say "no error", we will try to remove that route later on in delete_route(), possibly rem [...] Content analysis details: (-2.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/, medium trust [195.30.8.66 listed in list.dnswl.org] X-Headers-End: 1pFe5O-0002X7-4U Subject: [Openvpn-devel] [PATCH] Repair special-casing of EEXIST for Linux/SITNL route install X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1754744794402660041?= X-GMAIL-MSGID: =?utf-8?q?1754744794402660041?= The code in sitnl_route_set() used to treat "route can not be installed because it already exists" (EEXIST) as "not an error". This is arguably a reasonable approach, but needs to handled higher up - if the low level add_route() function say "no error", we will try to remove that route later on in delete_route(), possibly removing someone else's "already existing" route then. So: - remove special case in sitnl_route_set() - do not pass NLM_F_REPLACE flag to sitnl_route_set() call - this would cause netlink to just replace existing routes, never return EEXIST (see "man netlink(7)") - add detailed return code handling to route_add(), assign "2" on "-EEXIST" (and log appropriate message). (Note: sitnl_route_set() is a common function for sitnl route add and delete, but EEXIST can not happen on delete - so this change has no impact for the "delete" case) Signed-off-by: Gert Doering Acked-by: Antonio Quartulli --- src/openvpn/networking_sitnl.c | 6 +----- src/openvpn/route.c | 10 ++++++++-- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/src/openvpn/networking_sitnl.c b/src/openvpn/networking_sitnl.c index fe124616..92f30044 100644 --- a/src/openvpn/networking_sitnl.c +++ b/src/openvpn/networking_sitnl.c @@ -944,10 +944,6 @@ sitnl_route_set(int cmd, uint32_t flags, int ifindex, sa_family_t af_family, } ret = sitnl_send(&req.n, 0, 0, NULL, NULL); - if (ret == -EEXIST) - { - ret = 0; - } err: return ret; } @@ -1177,7 +1173,7 @@ sitnl_route_add(const char *iface, sa_family_t af_family, const void *dst, scope = RT_SCOPE_LINK; } - return sitnl_route_set(RTM_NEWROUTE, NLM_F_CREATE | NLM_F_REPLACE, ifindex, + return sitnl_route_set(RTM_NEWROUTE, NLM_F_CREATE, ifindex, af_family, dst, prefixlen, gw, table, metric, scope, RTPROT_BOOT, RTN_UNICAST); } diff --git a/src/openvpn/route.c b/src/openvpn/route.c index 99f948ba..2db127bb 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -1594,8 +1594,14 @@ add_route(struct route_ipv4 *r, } status = 1; - if (net_route_v4_add(ctx, &r->network, netmask_to_netbits2(r->netmask), - &r->gateway, iface, 0, metric) < 0) + int ret = net_route_v4_add(ctx, &r->network, netmask_to_netbits2(r->netmask), + &r->gateway, iface, 0, metric); + if (ret == -EEXIST) + { + msg(D_ROUTE, "NOTE: Linux route add command failed because route exists"); + status = 2; + } + else if (ret < 0) { msg(M_WARN, "ERROR: Linux route add command failed"); status = 0;