From patchwork Wed Feb 21 11:18:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Frank Lichtenheld X-Patchwork-Id: 3628 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7001:a416:b0:559:d8ef:cc57 with SMTP id vo22csp2351241mab; Wed, 21 Feb 2024 03:18:53 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCV0OtnmTz6pmrzKY4BQJZkSSxYvrd7XTDKztZSB+NJAqDeVlIMtgXGvkgcAvM0bRSQLEMZYHh22FNlIWcx3DsOJySTmJ9o= X-Google-Smtp-Source: AGHT+IEZaDj5Z019LBXsMd7vkOEKSysgqVUTePrJVdpaDWhXkK6Hj3tQ6qkvF/zkreyx8qmMsU/y X-Received: by 2002:a05:6e02:2144:b0:365:2f19:e58e with SMTP id d4-20020a056e02214400b003652f19e58emr7884033ilv.3.1708514333149; Wed, 21 Feb 2024 03:18:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1708514333; cv=none; d=google.com; s=arc-20160816; b=UTxdpWUxQirVDQ7vDNNmiFF3vnLEa2ysU8Cauxw5YvTm32QK7kLs2/aJpqIZ1R6fBR ka4ovdCETYs7yDuinuYngslAQQBbS1Ogt6nPbAzZqtcGWoUQCcY2eeKI9NgZ7NngKKqe 3j9prxBa5qYjs38uNKDGywgkNg3zznJnOnyQi4n4CNiM0P2sXqJEuJK3i+iVoJ1FiIPP vpZN4Tb1MWmg8zQczxv6ZXACIyTilcUPGe97LSdWg/HNeo+elYx85SX4XghHFW9niAQT nwVCErt64m2MwivaT7l4jfZt0KSWEhS+bXjm9uWgUHUuzIczmnMRlVTujRv9x+BLaz/k t6dg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=9WsrqccKlHR4fQpkpOhpK/CkQcoY7cOyUNPggjB8Di8=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=c7eL8/uGzlWtO2pxPkLAuzGyuzWNaHiYeNzd7a9W/+ImAm7sCuuLoHCwe6o1SAUr7v BD2Ip13aoCTOc8WXaez7ZlRGA7X3NsJ/x+ZUO1dc45s0U/RqerDMDUGWjwtXjm+bt1c4 cpkKdd1jzFOtc+kRng1FJWxkbbLW2PZ9ctXa4FVW/MQERwwk1AwDZhpoHVhfkzOMoYYP qCxCxYzOtHlcwuAzoqOFUAjOY//TFIpB63Wd6DWTlly+uAPeic41a6T/1+FNIPqhbMJt tL7koNZcqISnOPV0bURR+tMDUkOAgmgYPwQ+tKFy3VJwGvuL6hMIGgJvd1FO0ASha7yQ Jb1Q==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=KgltzdTG; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="Y/Tl9xCi"; dkim=neutral (body hash did not verify) header.i=@lichtenheld.com header.s=MBO0001 header.b=h6bEMq2L; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 80-20020a630153000000b005dc89f25fb0si8064397pgb.58.2024.02.21.03.18.52 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 21 Feb 2024 03:18:53 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=KgltzdTG; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="Y/Tl9xCi"; dkim=neutral (body hash did not verify) header.i=@lichtenheld.com header.s=MBO0001 header.b=h6bEMq2L; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1rckcT-0003rv-NJ; Wed, 21 Feb 2024 11:18:34 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1rckcS-0003rh-9H for openvpn-devel@lists.sourceforge.net; Wed, 21 Feb 2024 11:18:32 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=aHniGmue9zTT6441hOzqGooZ36E6LtTojaxux8PGacY=; b=KgltzdTGGJoduOfXf6IUg30Xek VS8iEoCJa0phRq9QF9NclLtUwI0FNu/+4++Zxn+FX0oonqw3tBhB4rbauKE4pJI5pMi0n1g/lEfIr tlbytOLgjlPVrFRiKSbHYReJEdGVyVvzG236ChFV5SCZdCvRduZIcfFE2UU1O+Ob083c=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=aHniGmue9zTT6441hOzqGooZ36E6LtTojaxux8PGacY=; b=Y/Tl9xCio+AjkqxQENMjp8KGGx DKBiiDyONDO3Zil3WF9K9TWGKEl1PrwkoEDYoC6rXD4ifXggfmi+eorOYFXPD97ldZsSE5QNzxVgu Cm69QwlS7dCoyb4dELBD/EaJmhMxR5vqYHT3Eqtio/C05+ClL5m2h6KVVGQjzZxs/DEU=; Received: from mout-p-101.mailbox.org ([80.241.56.151]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1rckcN-0000Zu-GE for openvpn-devel@lists.sourceforge.net; Wed, 21 Feb 2024 11:18:32 +0000 Received: from smtp102.mailbox.org (smtp102.mailbox.org [IPv6:2001:67c:2050:b231:465::102]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-101.mailbox.org (Postfix) with ESMTPS id 4Tfv071sKvz9sr2; Wed, 21 Feb 2024 12:18:15 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lichtenheld.com; s=MBO0001; t=1708514295; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=aHniGmue9zTT6441hOzqGooZ36E6LtTojaxux8PGacY=; b=h6bEMq2LgDo51XwBG5i5tJNsCRQiHNQYbQK/tteFgMTLS+qhh9NpAR2nLYD/e8HDz4iLDj QcOfS7Nf4TM6oHpnzvXQAUCNASTRGIVScQBwWoyCW748zEFBJd1ekTT2BCbs/nwOqs2Bln S2dcr5gFPEXrPn7KZ43/LgmiZMMpuIhYYuog4Co3SEapXdiMwOWaAldRczgRfo8bGyZLva me+iGHnYpWxdqacoqrA1ZNdZKZ3xiu4f+82RZuKfVtH57heT9HF12+D9+WRWKHftEC219e UiX6aT0vgZF8f2RXvCclz5Z9ruRXjoPSx+IKEMgtztl6dkUNRG0I+K34tzVFkg== From: Frank Lichtenheld To: openvpn-devel@lists.sourceforge.net Date: Wed, 21 Feb 2024 12:18:14 +0100 Message-Id: <20240221111814.942965-1-frank@lichtenheld.com> In-Reply-To: References: MIME-Version: 1.0 X-Rspamd-Queue-Id: 4Tfv071sKvz9sr2 X-Spam-Score: -0.9 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Gianmarco De Gregori Implemented a safeguard to verify the returned value from add_route3() when the default gateway is not a local remote host. Prior to this implementation, RT_DID_LOCAL flag was erroneously set even in case of add_route3() failure. This problem typically occurs when there's no default route and the --redirect-gateway def1 op [...] Content analysis details: (-0.9 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [80.241.56.151 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1rckcN-0000Zu-GE Subject: [Openvpn-devel] [PATCH v2] Route: remove incorrect routes on exit X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1791507124954608220?= X-GMAIL-MSGID: =?utf-8?q?1791507124954608220?= From: Gianmarco De Gregori Implemented a safeguard to verify the returned value from add_route3() when the default gateway is not a local remote host. Prior to this implementation, RT_DID_LOCAL flag was erroneously set even in case of add_route3() failure. This problem typically occurs when there's no default route and the --redirect-gateway def1 option is specified, and in case of reconnection makes it impossible for the client to reobtain the route to the server. This fix ensures OpenVPN accurately deletes the appropriate route on exit by properly handling add_route3() return value. Fixes: Trac #1457 Change-Id: I8a67b82eb4afdc8d82c5a879c18457b41e77cbe7 Signed-off-by: Gianmarco De Gregori Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/522 This mail reflects revision 2 of this Change. Acked-by according to Gerrit (reflected above): Frank Lichtenheld diff --git a/src/openvpn/route.c b/src/openvpn/route.c index 6c027d9..6ab4392 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -1055,7 +1055,10 @@ ret = add_route3(rl->spec.remote_host, IPV4_NETMASK_HOST, rl->rgi.gateway.addr, tt, flags | ROUTE_REF_GW, &rl->rgi, es, ctx); - rl->iflags |= RL_DID_LOCAL; + if (ret) + { + rl->iflags |= RL_DID_LOCAL; + } } else {