diff mbox series

[Openvpn-devel,v3] get_default_gateway(): Prevent passing IPV4_INVALID_ADDR as a destination

Message ID 20250214153434.18539-1-gert@greenie.muc.de
State Accepted
Headers show
Series [Openvpn-devel,v3] get_default_gateway(): Prevent passing IPV4_INVALID_ADDR as a destination | expand

Commit Message

Gert Doering Feb. 14, 2025, 3:34 p.m. UTC 
From: Marco Baffo <marco@mandelbit.com>

When using --redirect-gateway (IPv4) while connected to an IPv6 remote,
OpenVPN still attempts to determine the IPv4 default gateway,
so link_socket_current_remote() returns IPV4_INVALID_ADDR (0xffffffff)
as the destination, leading to unintended behavior:

- the IPv4 default gateway (rl->rgi.gateway.addr) gets wiped.
- this prevents proper restoration of the original route when needed.

To fix this, if link_socket_current_remote() returns IPV4_INVALID_ADDR,
we now pass INADDR_ANY (0x00000000) to get_default_gateway(),
ensuring the function behaves correctly.

Change-Id: I02afe6817433ca21aae76671c35151ec6a066933
Signed-off-by: Marco Baffo <marco@mandelbit.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/898
This mail reflects revision 3 of this Change.

Acked-by according to Gerrit (reflected above):
Gert Doering <gert@greenie.muc.de>

Comments

Gert Doering Feb. 14, 2025, 4:03 p.m. UTC | #1 
There has been quite a bit of discussion about this one-liner on
#openvpn-devel - this is not a particularily pretty piece of code, nor
easy to understand.  It's intended as a "do not break existing setups"
bandaid, while we spend more thoughts on making this work better, and
also clarify for ourselves and the documentation what "default gateway"
and "route ... net_gateway" really means :-) - and possibly drop
"non def1" redirection, which will simplify more of this.

Thanks for looking into this :-)

Your patch has been applied to the master branch.

commit 75ba07d496da269b13fc368311f8a063b65d58e7
Author: Marco Baffo
Date:   Fri Feb 14 16:34:34 2025 +0100

     get_default_gateway(): Prevent passing IPV4_INVALID_ADDR as a destination

     Signed-off-by: Marco Baffo <marco@mandelbit.com>
     Acked-by: Gert Doering <gert@greenie.muc.de>
     Message-Id: <20250214153434.18539-1-gert@greenie.muc.de>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg30895.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering
diff mbox series

Patch

diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index d895e1c..bc41492 100644
--- a/src/openvpn/route.c
+++ b/src/openvpn/route.c
@@ -655,7 +655,7 @@ 
         rl->spec.flags |= RTSA_DEFAULT_METRIC;
     }
 
-    get_default_gateway(&rl->rgi, remote_host, ctx);
+    get_default_gateway(&rl->rgi, remote_host != IPV4_INVALID_ADDR ? remote_host : INADDR_ANY, ctx);
     if (rl->rgi.flags & RGI_ADDR_DEFINED)
     {
         setenv_route_addr(es, "net_gateway", rl->rgi.gateway.addr, -1);