From patchwork Wed Jan 29 17:30:07 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4106 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:6a49:b0:5e7:b9eb:58e8 with SMTP id v9csp1180365mat; Wed, 29 Jan 2025 09:30:46 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCXxpJ/OeoFIK+ov92k9K7BYhtaw9Cby+fjwonUG0J+1fkd/YU8rX+eH/s1rjGTk5Q3N+ruXGVKLDQE=@openvpn.net X-Google-Smtp-Source: AGHT+IGSfT7MneMrZTuvHuFMc/cktZmY698ijLSGku1Pi8xSvAKj2pcyD5Arvara47H2+BU/IPBY X-Received: by 2002:a05:6870:2dcb:b0:29e:6647:1080 with SMTP id 586e51a60fabf-2b32f07b26bmr2041517fac.21.1738171845936; Wed, 29 Jan 2025 09:30:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1738171845; cv=none; d=google.com; s=arc-20240605; b=IwnjldiPvKjpDIqftz2F0knWBeqs9rWA6KchMHSb/e1TuXBquwZmRgQvFXE2Q/fthx nXfyXpQ9ZqZDr/dFif6wUcJf9yydpcQ9Uswv6C+4qDL+aD+upmfxcmA1BFJHDaZ56HEk kIu63t9LCu50aNPpRwr2dGRHLu3r2QkOhs3Ml+hceJNXe2a+SWJAdk5qrbJIFqZeGjeG 8XCMvfDn3l37IOOo1K/MpQrT1vxh0WpCB3GeiH6wqxZtEW556Rie7vvQdRIoDZiPB9nV XqBqzmL3HEqTOAaG8eNMEFqrS19coFwrPwXvm9aaexIWeN1Do/+dvkNmEitS6hGkb1Yh llOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=aTLow6BJh8RrseN7FOwWcP3PWCE3NntBFhSs7/XTotI=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=Cw/imWJJRYySg9EJVXFm+0EmSJtA32IZ0yNdEuvuSAB+GOdRpKkpPuT8eOq0kBYakX mn03jBk4N+AsZPpXfaLL6qEaUDz+I6n1inmR5RXarsZ83oNXagMpHs9JyNgz78aO3wsj cyybcqA6+mu6jRpEHC9bMOlbwCn/RLLIgBzCCkHeP2xzlhOpDn0V48VBKmKGL+6A2xLG Xk1HxPu0FXNJJPRDzNZlddUvq5W/y11SCaNNvvcBPGmqeRpRWnCwXyWUCBFD0bVxqBse 9LlBJ3hb4ktEiizjXwmymu7u8U9cbSKo7EPTagedyaTR9V3mUHMp4mMZUTDocte2bFlv Z9zA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=It7sOKmH; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=jXar7pwi; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-2b28f6105e5si10580665fac.258.2025.01.29.09.30.45 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 29 Jan 2025 09:30:45 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=It7sOKmH; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=jXar7pwi; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1tdBtR-000492-BK; Wed, 29 Jan 2025 17:30:25 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tdBtO-00048u-Iv for openvpn-devel@lists.sourceforge.net; Wed, 29 Jan 2025 17:30:22 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=iydl6yYd28nLUvtQvK0IUWYGFe+5kR9rrTZm97rvqQQ=; b=It7sOKmHVKdvbCIdChXedkNkNu 1c0HSs+XTVqHPV1j0/dnV0HOq3FuCzprZ/IezvEO9BgO6+GKdxjbz6k/F2pLyWQsgmUYLbKC/qLgV Ep6zegT3JBqxHnKEi5FmRNji+xP55xrx8dzB99IADEqDZtzfqSwj0XTplhVPzPH76m2Q=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=iydl6yYd28nLUvtQvK0IUWYGFe+5kR9rrTZm97rvqQQ=; b=jXar7pwi4OZ9tB8ux5q+8GU0Tt q2mF3JSLwVXse6YfVYFoERC9bUDHAAtv+kdMji8sNYLO6tRvla6U0c/yqKAJ38rRPjmm5oq+ZVgBg bD9KXTvZOpjXRhAjE45JQDo3dOt/m/M+ZgPyrTqPxynIlIQi1qvinysDKKCnH066OAis=; Received: from dhcp-174.greenie.muc.de ([193.149.48.174] helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1tdBtM-0006bg-8N for openvpn-devel@lists.sourceforge.net; Wed, 29 Jan 2025 17:30:21 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 50THU87J003291 for ; Wed, 29 Jan 2025 18:30:08 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 50THU8j2003289 for openvpn-devel@lists.sourceforge.net; Wed, 29 Jan 2025 18:30:08 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Wed, 29 Jan 2025 18:30:07 +0100 Message-ID: <20250129173007.3280-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.45.2 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 0.0 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This is an old debug option, which used to print "the default routes found" for IPv4 and IPv6, and optionally "a route to a particular IPv6 target" if passed an argument. With the work started in commit 0fcfc8381f60d we want this to handle IPv4 as well, mostly to be able to easily test per-platform get_default_gateway() implementations. Content analysis details: (0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [193.149.48.174 listed in bl.score.senderscore.com] 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [193.149.48.174 listed in sa-accredit.habeas.com] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1tdBtM-0006bg-8N Subject: [Openvpn-devel] [PATCH v3] options: add IPv4 support to '--show-gateway ' X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1822605281371013862?= X-GMAIL-MSGID: =?utf-8?q?1822605281371013862?= This is an old debug option, which used to print "the default routes found" for IPv4 and IPv6, and optionally "a route to a particular IPv6 target" if passed an argument. With the work started in commit 0fcfc8381f60d we want this to handle IPv4 as well, mostly to be able to easily test per-platform get_default_gateway() implementations. The implementation is simplistic - if can be parsed as an IPv4 or IPv6 address, that particular protocol lookup will do "the host route" and the other one will stick to "the default route". NOTE: as of this commit, there is no backend functionality for IPv4, so it will not actually print anything interesting. This will be added in further platform dependent commits. v2: amend --help output v3: uncrustify (#ifdef block too long, comments at #endif required now) Change-Id: Ic438c583a782035ecb9b5ea65702a768ae2585f5 Signed-off-by: Gert Doering Acked-by: Lev Stipakov --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/881 This mail reflects revision 3 of this Change. Acked-by according to Gerrit (reflected above): Lev Stipakov diff --git a/doc/man-sections/advanced-options.rst b/doc/man-sections/advanced-options.rst index d5a6b4f..e1115e4 100644 --- a/doc/man-sections/advanced-options.rst +++ b/doc/man-sections/advanced-options.rst @@ -9,13 +9,17 @@ :: --show-gateway + --show-gateway IPv4-target --show-gateway IPv6-target + For IPv4 it looks for a 0.0.0.0/0 route, or the specified IPv4 address + if the target can be parsed as an IPv4 address. For IPv6 this queries the route towards ::/128, or the specified IPv6 - target address if passed as argument. - For IPv4 on Linux, Windows, MacOS and BSD it looks for a 0.0.0.0/0 route. - If there are more specific routes, the result will not always be matching - the route of the IPv4 packets to the VPN gateway. + target address if the argument is an IPv6 address. + + Adding a target is helpful for diagnostics to see if OpenVPN will do + the right thing if there are more specific IPv4/IPv6 routes to a + VPN server. Advanced Expert Options diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 5a80e6b..218d8a6 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -788,7 +788,7 @@ "\n" "General Standalone Options:\n" #ifdef ENABLE_DEBUG - "--show-gateway : Show info about default gateway.\n" + "--show-gateway [address]: Show info about gateway [to v4/v6 address].\n" #endif ; @@ -5858,20 +5858,26 @@ { struct route_gateway_info rgi; struct route_ipv6_gateway_info rgi6; - struct in6_addr remote = IN6ADDR_ANY_INIT; + in_addr_t remote_ipv4 = 0; + struct in6_addr remote_ipv6 = IN6ADDR_ANY_INIT; openvpn_net_ctx_t net_ctx; VERIFY_PERMISSION(OPT_P_GENERAL); if (p[1]) { - get_ipv6_addr(p[1], &remote, NULL, M_WARN); + /* try parsing the argument as a v4 or v6 address - if + * possible, the output will show the exact route there, and + * "the default route" for the other protocol + */ + remote_ipv4 = get_ip_addr(p[1], M_WARN, NULL); + get_ipv6_addr(p[1], &remote_ipv6, NULL, M_WARN); } net_ctx_init(NULL, &net_ctx); - get_default_gateway(&rgi, 0, &net_ctx); - get_default_gateway_ipv6(&rgi6, &remote, &net_ctx); + get_default_gateway(&rgi, remote_ipv4, &net_ctx); + get_default_gateway_ipv6(&rgi6, &remote_ipv6, &net_ctx); print_default_gateway(M_INFO, &rgi, &rgi6); openvpn_exit(OPENVPN_EXIT_STATUS_GOOD); /* exit point */ } -#endif +#endif /* if defined(ENABLE_DEBUG) && !defined(ENABLE_SMALL) */ else if (streq(p[0], "echo") || streq(p[0], "parameter")) { struct buffer string = alloc_buf_gc(OPTION_PARM_SIZE, &gc);