From patchwork Fri Feb 14 15:34:34 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4144 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:9b51:b0:5e7:b9eb:58e8 with SMTP id b17csp286053max; Fri, 14 Feb 2025 07:34:54 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCX+Qw2oSRdy+Bx8MimETJvmVZSUo/BocBQ2k8Ff76B8UsW/B0fI//Cn7wV+XhedUah/FcLsGIFH/0M=@openvpn.net X-Google-Smtp-Source: AGHT+IHIRqs7KMsAP4vAk1Wu/l5vbdh1YF66UjuoVwIVC+qIyR2Gm+Ct3tFl+FXh1ex0bqQi2xP9 X-Received: by 2002:a05:6602:489:b0:847:4fc0:c775 with SMTP id ca18e2360f4ac-85555c941e3mr1130258239f.8.1739547294021; Fri, 14 Feb 2025 07:34:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1739547294; cv=none; d=google.com; s=arc-20240605; b=CR5JpDgPkiPO+PpF1DB8EYTxi8830EDkaWfgQ4J0vnc/cNQplPQy0dZDIMF5K3CgQy nHNCYl0WDl1fufgwMwmLrEEk8cOOQTMqsYJV4Vf2O0xluu09d2tPH+GFd61x/lYn5aL0 VurSw89p7PcFZHUaRLDZwpL2hIJqx0vKeHvdBtoc+WGGTmt3Ns3+WkgEK3ut8XRTxoHK u3mAEe0L9j+5Zu52YmcEIGuSCNRMDNDFzIRpSYmMWskmIU97ZKhE0fi5ovztHTI19hOi FyIvMdYZAnIamFNGbUz2KKHah3opDzz8YJ1yf3VDjSBYwPdVXOcvFUSlz4SdWAgQ8H23 ZVqg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=UXbbFAiOVbKyTudCnmEkAkKAkTdRIhcB0F6gAJ+io9k=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=WOzRyfRzZ2EUblLvMpda+AZ9ohaJuJMnv9YAVPFH00AzY1DGtU5hid6JVCIyECQPvr nJmelBVkLpSNyN7J2Mt9irxiWqOh1St0f4u4C0XsE4qVaXZFGv/+he+P1zIszwvT3NkU 7FlJ574bKvOvVkcXLF+5QifNsptlVSKJ7UBxugvnqlymcfvkJceENNJpx0vJXBTPhDUr /5oWrJL0BHV4iuz0FklC3xxX33ghaWdqrxOAck7/cIvKBrU84gH2+hwpRea33glV7hkn LndcPIR9kplJV2j7mH6NbSnXLWHGveyDwX34NoLef7FkLs9Rar3tUlk8DrsjWPZ9QjWR egnw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="Ty/k9Ahx"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=IBS4phv8; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id ca18e2360f4ac-85566f84dd8si220534839f.113.2025.02.14.07.34.53 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 14 Feb 2025 07:34:53 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="Ty/k9Ahx"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=IBS4phv8; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1tixiM-0002RM-3l; Fri, 14 Feb 2025 15:34:49 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tixiK-0002RF-Q3 for openvpn-devel@lists.sourceforge.net; Fri, 14 Feb 2025 15:34:48 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=OZhzNNCzddAzviuS/Sp8P9J9HTmZeF6rWrk52fZww0M=; b=Ty/k9Ahx+f2evjoJbuhva/usuT oSK4lLPBjO1lphNS1dauSv22inFCT+mBzg3vyoh1CsU3z3kXF2k8zUhxjDzmjzkeSyRzL10HDlyiK UHqWkdQFEoro644FHpNfbLhjw9hkWNkhAPB5nQJ+KxeYshKy1mO/yC037iEwz7p750/k=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=OZhzNNCzddAzviuS/Sp8P9J9HTmZeF6rWrk52fZww0M=; b=IBS4phv8ihiX8NRqaqb9Sx9qKm 0fKDtN41nJB9mbLv/tot78IUTlfLHpDqAh+kyeLyltnLGsxusbQahDmsWyz4xXnLyrRFkUa2diUgQ bWVtiTR1O5ratADWrPzohdjTIEUj796BXRc0sNZZbckRpsvYt1UQCZZ9mtfLyP7jwSM8=; Received: from dhcp-174.greenie.muc.de ([193.149.48.174] helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1tixiJ-000711-0Y for openvpn-devel@lists.sourceforge.net; Fri, 14 Feb 2025 15:34:48 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 51EFYZ79018551 for ; Fri, 14 Feb 2025 16:34:35 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 51EFYZDE018550 for openvpn-devel@lists.sourceforge.net; Fri, 14 Feb 2025 16:34:35 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Fri, 14 Feb 2025 16:34:34 +0100 Message-ID: <20250214153434.18539-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.45.2 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 0.0 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Marco Baffo When using --redirect-gateway (IPv4) while connected to an IPv6 remote, OpenVPN still attempts to determine the IPv4 default gateway, so link_socket_current_remote() returns IPV4_INVALID_ADDR (0xfffff [...] Content analysis details: (0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [193.149.48.174 listed in sa-accredit.habeas.com] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [193.149.48.174 listed in bl.score.senderscore.com] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1tixiJ-000711-0Y Subject: [Openvpn-devel] [PATCH v3] get_default_gateway(): Prevent passing IPV4_INVALID_ADDR as a destination X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1824047543322923888?= X-GMAIL-MSGID: =?utf-8?q?1824047543322923888?= From: Marco Baffo When using --redirect-gateway (IPv4) while connected to an IPv6 remote, OpenVPN still attempts to determine the IPv4 default gateway, so link_socket_current_remote() returns IPV4_INVALID_ADDR (0xffffffff) as the destination, leading to unintended behavior: - the IPv4 default gateway (rl->rgi.gateway.addr) gets wiped. - this prevents proper restoration of the original route when needed. To fix this, if link_socket_current_remote() returns IPV4_INVALID_ADDR, we now pass INADDR_ANY (0x00000000) to get_default_gateway(), ensuring the function behaves correctly. Change-Id: I02afe6817433ca21aae76671c35151ec6a066933 Signed-off-by: Marco Baffo Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/898 This mail reflects revision 3 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/src/openvpn/route.c b/src/openvpn/route.c index d895e1c..bc41492 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -655,7 +655,7 @@ rl->spec.flags |= RTSA_DEFAULT_METRIC; } - get_default_gateway(&rl->rgi, remote_host, ctx); + get_default_gateway(&rl->rgi, remote_host != IPV4_INVALID_ADDR ? remote_host : INADDR_ANY, ctx); if (rl->rgi.flags & RGI_ADDR_DEFINED) { setenv_route_addr(es, "net_gateway", rl->rgi.gateway.addr, -1);