From patchwork Wed Jan 18 07:46:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 3005 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp3041387dyk; Tue, 17 Jan 2023 23:47:21 -0800 (PST) X-Google-Smtp-Source: AMrXdXs0fT0mfpPdBIw8liX9ngGCZ0389vvKXTjcZjv8hYUvloBzVSEaSI9UaWaWMo+JY5xoyq0L X-Received: by 2002:a17:902:c10d:b0:191:309a:d752 with SMTP id 13-20020a170902c10d00b00191309ad752mr7323284pli.47.1674028041507; Tue, 17 Jan 2023 23:47:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674028041; cv=none; d=google.com; s=arc-20160816; b=mJqXvic4h+I7EYiKWxely58J4cP4XPA/gfq834tc4SSTeKjPZOIoTPWfkpkECjh+he 52y/krbJQUa/IK395kfekbjOusbf0uGemMaJcFSEjR5bAdqeQ/FsZC70T4tWpl3ZpyCY DEOmJmtocozE76lDM+6eZ7lp6o4eGybVSVIPDss2NzLQyHUNneRe4vN7nc2RYis3z3i5 YjbyGus2Xp12P9JhqaEeTFUgDToqv9MK3v4eMZm0KUzgpR4+zBR3Tz587NbfL4uf52im iV+2sdMRUgKRFILeENTpXKgmVBpl0F3vC14dZaSlasE3B6WZ+oXg4JwFnLK49Nq98E4R ZCmQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=CskCY94yo9G0pRSWpGhZspqKR1UWkcSyUQyJn27bhok=; b=mcWtJ4HOdSIh4IRJ63grO1xdjZymvMnsNrBhWlfas5p+b+pUVGtN1VI3Cg367VYlPE 16Hfz4hPGeOit5sixJZkUzhtWVIKv7J+pZrs4Hq0DaoRQpK6eg1d56bfbuzmXAYV79Ak RxD6BXtRf0fQdlYnLQsrwEVH04rPHjvcS+f8oEXAJ6KqBCZ9mE7VXCTKUGJ/U8VULGWO wvK4J0jyqykmZ57VeCOifHhAq8L4XWvU5QPBZUam9tWTi5AZqYENnOpuL5+5nR8/NAM9 WJEg0O68+BjY9x57bZHqcr7kxiX5V18ShLB9bZF5wKctm9jYuTGTwRrSxy8lsPm/RNCr Srcg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=RTpOQAvk; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=Oh1I9acU; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id b8-20020a170902b60800b001947f4efe99si11549627pls.551.2023.01.17.23.47.20 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 17 Jan 2023 23:47:21 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=RTpOQAvk; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=Oh1I9acU; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pI39l-0006pc-8I; Wed, 18 Jan 2023 07:46:48 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pI39i-0006pV-O8 for openvpn-devel@lists.sourceforge.net; Wed, 18 Jan 2023 07:46:45 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=NLgQwpbzbKbnKE3jf+5YharYdeFr7H31qhY85cSpPPY=; b=RTpOQAvkY3zT1xsvuMIzMXzYEP O/akC4MKAuUwywhJcKAK0xGg6wSskZxh1hZyobOLT3cMVN29pFsb08/G8jTctkt+gzOsZ0XtppJSO hFvDLIvAhBLBAPHC/qgpVknXs8ZnG2gZGprcnEUnupTpNlvs5u/xEJvAwpKhqmXbUG8Q=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=NLgQwpbzbKbnKE3jf+5YharYdeFr7H31qhY85cSpPPY=; b=Oh1I9acU305RL+9FY6eRMEVNfr Sajwf+FIRWk5h37UFoAPSIaVd8dM4XUSJFSieDsMW6DXBChWP9jXummxaQ+ExHTRlUP1IO7JAPyJL IbPQQM/xlY2FE1tMraZq5dja33jYtwJNoHFX3/9PZKru/tmok0It7E7gM/0MKngi7xLo=; Received: from vmail1.greenie.net ([195.30.8.66]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1pI39g-007brz-AA for openvpn-devel@lists.sourceforge.net; Wed, 18 Jan 2023 07:46:45 +0000 Received: from gentoo.ov.greenie.net (gentoo.ov.greenie.net [IPv6:2001:608:0:814:0:0:f000:11]) by vmail1.greenie.net (8.17.1/8.16.1) with SMTP id 30I7kXD8095538 for ; Wed, 18 Jan 2023 08:46:33 +0100 (CET) Received: (nullmailer pid 27595 invoked by uid 1000); Wed, 18 Jan 2023 07:46:33 -0000 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Wed, 18 Jan 2023 08:46:33 +0100 Message-Id: <20230118074633.27586-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.38.2 In-Reply-To: <20230111160848.22906-1-gert@greenie.muc.de> References: <20230111160848.22906-1-gert@greenie.muc.de> MIME-Version: 1.0 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.4 (vmail1.greenie.net [IPv6:2001:608:1:995a:20c:29ff:feb8:10eb]); Wed, 18 Jan 2023 08:46:33 +0100 (CET) X-Spam-Score: -2.0 (--) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: The code in sitnl_route_set() used to treat "route can not be installed because it already exists" (EEXIST) as "not an error". This is arguably a reasonable approach, but needs to handled higher up - if the low level add_route() function say "no error", we will try to remove that route later on in delete_route(), possibly rem [...] Content analysis details: (-2.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/, medium trust [195.30.8.66 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1pI39g-007brz-AA Subject: [Openvpn-devel] [PATCH v2] Repair special-casing of EEXIST for Linux/SITNL route install X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1754744794402660041?= X-GMAIL-MSGID: =?utf-8?q?1755345627467081257?= The code in sitnl_route_set() used to treat "route can not be installed because it already exists" (EEXIST) as "not an error". This is arguably a reasonable approach, but needs to handled higher up - if the low level add_route() function say "no error", we will try to remove that route later on in delete_route(), possibly removing someone else's "already existing" route then. So: - remove special case in sitnl_route_set() - do not pass NLM_F_REPLACE flag to sitnl_route_set() call - this would cause netlink to just replace existing routes, never return EEXIST (see "man netlink(7)") - add detailed return code handling to add_route(), assign "2" on "-EEXIST" (and log appropriate message). (Note: sitnl_route_set() is a common function for sitnl route add and delete, but EEXIST can not happen on delete - so this change has no impact for the "delete" case) v2: use RTA_ macros, also adjust add_route_ipv6() Signed-off-by: Gert Doering Acked-by: Selva Nair --- src/openvpn/networking_sitnl.c | 6 +----- src/openvpn/route.c | 24 ++++++++++++++++++------ 2 files changed, 19 insertions(+), 11 deletions(-) diff --git a/src/openvpn/networking_sitnl.c b/src/openvpn/networking_sitnl.c index dece83c2..cb9a47c0 100644 --- a/src/openvpn/networking_sitnl.c +++ b/src/openvpn/networking_sitnl.c @@ -944,10 +944,6 @@ sitnl_route_set(int cmd, uint32_t flags, int ifindex, sa_family_t af_family, } ret = sitnl_send(&req.n, 0, 0, NULL, NULL); - if (ret == -EEXIST) - { - ret = 0; - } err: return ret; } @@ -1177,7 +1173,7 @@ sitnl_route_add(const char *iface, sa_family_t af_family, const void *dst, scope = RT_SCOPE_LINK; } - return sitnl_route_set(RTM_NEWROUTE, NLM_F_CREATE | NLM_F_REPLACE, ifindex, + return sitnl_route_set(RTM_NEWROUTE, NLM_F_CREATE, ifindex, af_family, dst, prefixlen, gw, table, metric, scope, RTPROT_BOOT, RTN_UNICAST); } diff --git a/src/openvpn/route.c b/src/openvpn/route.c index 61a40ff1..f1257b00 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -1599,8 +1599,14 @@ add_route(struct route_ipv4 *r, } status = RTA_SUCCESS; - if (net_route_v4_add(ctx, &r->network, netmask_to_netbits2(r->netmask), - &r->gateway, iface, 0, metric) < 0) + int ret = net_route_v4_add(ctx, &r->network, netmask_to_netbits2(r->netmask), + &r->gateway, iface, 0, metric); + if (ret == -EEXIST) + { + msg(D_ROUTE, "NOTE: Linux route add command failed because route exists"); + status = RTA_EEXIST; + } + else if (ret < 0) { msg(M_WARN, "ERROR: Linux route add command failed"); status = RTA_ERROR; @@ -1963,11 +1969,17 @@ add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt, } status = RTA_SUCCESS; - if (net_route_v6_add(ctx, &r6->network, r6->netbits, - gateway_needed ? &r6->gateway : NULL, device, 0, - metric) < 0) + int ret = net_route_v6_add(ctx, &r6->network, r6->netbits, + gateway_needed ? &r6->gateway : NULL, + device, 0, metric); + if (ret == -EEXIST) { - msg(M_WARN, "ERROR: Linux IPv6 route can't be added"); + msg(D_ROUTE, "NOTE: Linux route add command failed because route exists"); + status = RTA_EEXIST; + } + else if (ret < 0) + { + msg(M_WARN, "ERROR: Linux route add command failed"); status = RTA_ERROR; }