From patchwork Mon Jan 27 12:21:01 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4083 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:c127:b0:5e7:b9eb:58e8 with SMTP id jm39csp2278109mab; Mon, 27 Jan 2025 04:21:56 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCVzlj1nnw1HFVDAXMkBIf1xgDhVyuW5AasQTVET8p4Rs5NXulI3V4o5VtKzzQtp+2h+bA7IO5Uv2gU=@openvpn.net X-Google-Smtp-Source: AGHT+IE4LhUSnaHJg/VeSBCECV/WAGeLFipiwNnFJzWQI1DX4/Mns8z+XmOxbUQrFuuPgLz4AAf7 X-Received: by 2002:a05:6871:3394:b0:2a3:c5fe:29b9 with SMTP id 586e51a60fabf-2b1c0c0afb0mr25676288fac.29.1737980516130; Mon, 27 Jan 2025 04:21:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1737980516; cv=none; d=google.com; s=arc-20240605; b=jRshqPtNCi0Q54UyhkBVZ50baQ98kayn8XVhI124jK92E7ycun+an0BURQiHKr/pag 5yungyChszciUbGfkfg4ODSuw0e63mvhZ6ntumH/bn5NEz5C3NrvbWkudkEjKfh7xY7z YDrT/LnsOb5DwvF+p3e1TT8l7G4D073hPeZtMhT6s1JsoVa9WzySzRD0PWVgfeYPFpYL A+vqUrNidoWIRjEKp02YlIROviTKzO/jIdFQ3sBqIE/I+V3fh8owBo1zgWjo+77+LhUk wFu9PlCcgMRO577LntVt2Z6ImgwP3Yw2yCux3fB0UcXhl9py5rTbZjwJBltYx1t+oNP4 pfEA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=nvsd8Na0nQ/+VbgVbkhy8P89+14lx0EXnbKwIh1tpRI=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=AeQGfC4gRj9gF8DB5Djwjn20E+s4UAnKKHtd1GMpb8ozMGyHUvb1rKQZ7ocDT4kDY5 Ljawd9tjUyZ5Bklm9uOwzN/GbKXpGS9+kMWRmQqW5fUNvlv2hT/e3LQOsdCiryKvIwZK nnQL7aYPtVT8S1PC3UtYyXbzDUOV2yYYFcbs7uXOUkGPCfUOVN0/kL7pXB7zIbHTCRgQ iyFt7pmDEGMdx4EHHk+47mhDBxcjSvqaTL5q9OFuq2qU3nQjB4H+9QuqOyjMUazfvoms abpBh2SvSLgrNP987n04cPLVKlTD7xb2to58t/zojWfnnFKUxq/jn9rmBQVYCBT+nPna FyDQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=bZT1M+Sx; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=cvz2SV48; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-2b28f4b10e9si6780436fac.169.2025.01.27.04.21.55 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 27 Jan 2025 04:21:55 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=bZT1M+Sx; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=cvz2SV48; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1tcO7l-0005aA-0y; Mon, 27 Jan 2025 12:21:53 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tcO77-0005ZU-Js for openvpn-devel@lists.sourceforge.net; Mon, 27 Jan 2025 12:21:13 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=ZJxT8n5hfo4FaBgqKy8XbJDAsKL46XJ1zOmeogZLyiE=; b=bZT1M+SxVDJtJiepIp4uM6BSof 4yrIHSNYL+cweAhUnjfweCOc2A1NnzcUOs2meDPituLdGlSMxrN4zHWV3iD6x3rE/PnvahRg6qmir 8L2YX5MrcsODNuSFbxoupQhc+VcFpDw3KOJ/6LmLDHAHWCtP8vq4JrEYkI0cFVRd8s/I=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=ZJxT8n5hfo4FaBgqKy8XbJDAsKL46XJ1zOmeogZLyiE=; b=cvz2SV48xKag1dbYcv6zRuyBrS eL3OUCoNJczHX6cqy+Aq1cZHTVTf1LSxl8U76FH/AC1AhLYNfO4tWqkBWj27HLKHHbGYQfR6My0TP ug1yYqWyjEWzbxINgaqJZHi8qYMlMt0IjS9NxkE+2+DA8QpP4/X+ANhvNnK4P9urcbgM=; Received: from dhcp-174.greenie.muc.de ([193.149.48.174] helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1tcO73-0003Ie-68 for openvpn-devel@lists.sourceforge.net; Mon, 27 Jan 2025 12:21:12 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 50RCL1dQ010283 for ; Mon, 27 Jan 2025 13:21:01 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 50RCL1V1010282 for openvpn-devel@lists.sourceforge.net; Mon, 27 Jan 2025 13:21:01 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Mon, 27 Jan 2025 13:21:01 +0100 Message-ID: <20250127122101.10273-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.45.2 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: -0.0 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Antonio Quartulli A netlink error may contain more specific attributes: i.e. missing attributes or missing neted objects. Parse and print this information too. Content analysis details: (-0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [193.149.48.174 listed in sa-accredit.habeas.com] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [193.149.48.174 listed in bl.score.senderscore.com] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1tcO73-0003Ie-68 Subject: [Openvpn-devel] [PATCH v8] dco_linux: extend netlink error cb with extra info X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1822404657697128076?= X-GMAIL-MSGID: =?utf-8?q?1822404657697128076?= From: Antonio Quartulli A netlink error may contain more specific attributes: i.e. missing attributes or missing neted objects. Parse and print this information too. Note that we are re-defining some enum entries that exist in netlink.h starting with linux-6.1. Since we do support distros not shipping an up-to-date netlink.h, we had to re-define the entries we need for this patch. Change-Id: I9e27ff335d892429334137d028f8503da4e4ca5b Signed-off-by: Antonio Quartulli Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/841 This mail reflects revision 8 of this Change. Acked-by according to Gerrit (reflected above): Frank Lichtenheld diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c index b038382..abfd3b4 100644 --- a/src/openvpn/dco_linux.c +++ b/src/openvpn/dco_linux.c @@ -291,6 +291,25 @@ return NL_SKIP; } +/* The following enum members exist in netlink.h since linux-6.1. + * However, some distro we support still ship an old header, thus + * failing the OpenVPN compilation. + * + * For the time being we add the needed defines manually. + * We will drop this definition once we stop supporting those old + * distros. + * + * @NLMSGERR_ATTR_MISS_TYPE: type of a missing required attribute, + * %NLMSGERR_ATTR_MISS_NEST will not be present if the attribute was + * missing at the message level + * @NLMSGERR_ATTR_MISS_NEST: offset of the nest where attribute was missing + */ +enum ovpn_nlmsgerr_attrs { + OVPN_NLMSGERR_ATTR_MISS_TYPE = 5, + OVPN_NLMSGERR_ATTR_MISS_NEST = 6, + OVPN_NLMSGERR_ATTR_MAX = 6, +}; + /* This function is used as error callback on the netlink socket. * When something goes wrong and the kernel returns an error, this function is * invoked. @@ -330,7 +349,7 @@ attrs = (void *)((unsigned char *)nlh + ack_len); len -= ack_len; - nla_parse(tb_msg, NLMSGERR_ATTR_MAX, attrs, len, NULL); + nla_parse(tb_msg, OVPN_NLMSGERR_ATTR_MAX, attrs, len, NULL); if (tb_msg[NLMSGERR_ATTR_MSG]) { len = strnlen((char *)nla_data(tb_msg[NLMSGERR_ATTR_MSG]), @@ -339,6 +358,18 @@ (char *)nla_data(tb_msg[NLMSGERR_ATTR_MSG])); } + if (tb_msg[OVPN_NLMSGERR_ATTR_MISS_NEST]) + { + msg(M_WARN, "kernel error: missing required nesting type %u\n", + nla_get_u32(tb_msg[OVPN_NLMSGERR_ATTR_MISS_NEST])); + } + + if (tb_msg[OVPN_NLMSGERR_ATTR_MISS_TYPE]) + { + msg(M_WARN, "kernel error: missing required attribute type %u\n", + nla_get_u32(tb_msg[OVPN_NLMSGERR_ATTR_MISS_TYPE])); + } + return NL_STOP; }