From patchwork Wed May 7 08:56:32 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 4240 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:e147:b0:656:592e:a137 with SMTP id nw7csp3436284mab; Wed, 7 May 2025 01:57:39 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWQeRC/5iXlR8FGOpW0tHDB0Nx690VRr2d/q6IzOce7tjzVD/gTZhDjE3RabYrko/QObqpCTWUDEm0=@openvpn.net X-Google-Smtp-Source: AGHT+IG+9RDJCHlg7qCGMG6Iv4eI5VZ+XOoGCPaV2Wn8YtlWPvomUhOBnMyv94n//zAyBkzxBbbu X-Received: by 2002:a05:6808:1925:b0:403:36aa:e085 with SMTP id 5614622812f47-4036f085a23mr1536285b6e.23.1746608259483; Wed, 07 May 2025 01:57:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1746608259; cv=none; d=google.com; s=arc-20240605; b=k3cJcEY2aVtmISZU2IsQcQaLw89kNga1E41qf2y6uvV1ABM6Bbi0KUai/vwVnu95t9 iWTf9Bs2F/SLh7A4sleTrbLS6Oz3KRj5+VIaWITDgzRf4IeFfYlBx6SLoN9bZ9MjyFUA xA8E8bM6QQz5tV4mWBOxCMVhdtP3Ai0Oidq4P1XkVsZz2HJHXLC4Q4/0AY1kFblwo5wT ugBRWxPI5jbb6W13LvmC9GTbVPUUjlJ6PpD49482OspZwxAlJyrcUJZOnaICaM9HQp6s tKwf6AoXoUuatUw/BtEMTTljd5vTDmF1A0q0/uSstvwz8rjXgRvLqkv0RRXfHsPdUObA vVyQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:dkim-signature :dkim-signature:dkim-signature; bh=xKaCQby4G2zo1mUPXQV06O5Pd6y/EzBpcr2XoEIMJ4g=; fh=/NWOwiPDkYy/DRZrNHPX7mNu6WnwBc1KZqvRNLNCKz0=; b=gV9ediyWsScuFVivH5dzTopM3RPpTgBzeJ6o1WBhuzLSGemowgoW/IoEM9z2d7yfIt PSzJVSsNZ+CMgLG8xW0u0Z8AgEHGDll454dRRxmSej44sUKSRJpv54nGwHyq9pw86wbH wVGVNHr9ddlt+SheK08ti7n1A3ko4WB3tFOGCuDkMTwL8BFS0SiY0yfZzFWDjC5AKBqj vIzeimmNRY3xxlMboOLoOs8leEJURFNq2VmDKaIjGBMa5nLlnxgHuEJEmCmpPdyEif1H GUq2ofMmPqY1tSnzQMovy9LS0pmgf+kytj42Oo28qqM8UyVabcyao7xfNlOOa6I+TyTp wQ6w==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=KtvPnmtk; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=MOCyCFN5; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=NYJH2ZFI; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=20220809-q8oc header.b=m2us+iQB; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 5614622812f47-4036f38514dsi711391b6e.216.2025.05.07.01.57.39 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 May 2025 01:57:39 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=KtvPnmtk; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=MOCyCFN5; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=NYJH2ZFI; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=20220809-q8oc header.b=m2us+iQB; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:Message-ID:Date:To:From:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Owner; bh=xKaCQby4G2zo1mUPXQV06O5Pd6y/EzBpcr2XoEIMJ4g=; b=KtvPnmtk2tnOvGERg1aZ8zQZOI GLAsV6MHtBOvXyAWbcXuS+fEtxlKAAIzdOGDiSk3eqBYvNlT7YBiKI1CRhnkVTHyEdnnpR+hf5ewc wbqlpf1H9PrTdLJ/jlaIBgXX0QU1vnIJgUMSDt+JlwuEmUjZGpovRCFKIZxjyFiOCnrE=; Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1uCaap-00084O-Iy; Wed, 07 May 2025 08:57:31 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1uCaao-00084H-11 for openvpn-devel@lists.sourceforge.net; Wed, 07 May 2025 08:57:30 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=4da2SBI0GuEybiw8dbFInZ/Lw+uxlOYOq4UL3nfisRU=; b=MOCyCFN5ChmkNEa5bcI6OIkPpP hgT0YjRelUtRaDmUHPaIkEUY4ZgUtq1vv8R3/U2GFyZl8u6fryeTgqHysLBgvl1dBYxRzaEySZ6Sr pw22tLc4F2Pk3c76SOMMLijSIeo8CtnVW9C/+9A5c1wIrbHB0f2PptwY6Dtq2LN9m9eE=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-ID:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=4da2SBI0GuEybiw8dbFInZ/Lw+uxlOYOq4UL3nfisRU=; b=N YJH2ZFI7WK3bg7zaBV2mPqu7NWT8WrAqTqhIw9dC/SyVyGrGBBwrs6WoN+E3bC3pLEn5qPGrAKJ6K q6USh35Eo1Zyut6OzsY0vKA/hZL6LFpkbuoyr9vEQJEldsRI+WRSWwPOUGtcP/glO3kqNiLWfyaQv sXrgL2gvoPF77yA8=; Received: from wilbur.contactoffice.com ([212.3.242.68]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1uCaaX-0002Ch-U5 for openvpn-devel@lists.sourceforge.net; Wed, 07 May 2025 08:57:29 +0000 Received: from smtpauth2.co-bxl (smtpauth2.co-bxl [10.2.0.24]) by wilbur.contactoffice.com (Postfix) with ESMTP id 66C3E2114; Wed, 7 May 2025 10:57:02 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1746608222; s=20220809-q8oc; d=unstable.cc; i=a@unstable.cc; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version:Content-Transfer-Encoding; bh=4da2SBI0GuEybiw8dbFInZ/Lw+uxlOYOq4UL3nfisRU=; b=m2us+iQBPNWFQDSmqjKOihjuEVRF0kwUcSrR/zg0wPetzvb654MpLfCVNFF5svB+ JrfvkU3DYyelLiTi7YZOikqHDLDw4m5MyfPHWXeUXIR7tG1RsTFeyeMWtbonVzzVs0w qN9uICH9sBnmnvhAn/BQEhV7Mws3P/nu/Tm2s5K7x0jhCEj1kyezMq63GSIO+ZYTrxp fha75uh3pu8pX59dLgWNd7Iy9UsqcBrRxNB1NKoULfPUxRQegAjRc0iKJXXYnld9eqY W8qm/cl3VuE5d/uc+dpFjBb288TFrCj28ohf39cN0mGOHmryJW60qU8OmIu+ynhb0k8 g0dq/pXyCg== Received: by smtp.mailfence.com with ESMTPSA ; Wed, 7 May 2025 10:57:01 +0200 (CEST) From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Wed, 7 May 2025 10:56:32 +0200 Message-ID: <20250507085632.15329-1-a@unstable.cc> X-Mailer: git-send-email 2.49.0 MIME-Version: 1.0 X-ContactOffice-Account: com:375058688 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Antonio Quartulli When routing a packet to a LAN behind a peer, ovpn need to inspect the route entry that brought there the packet in the first place. If this packet is truly routable, the route will provide the GW to be used to lookup the VPN peer to send the packet to. Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: unstable.cc] 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [212.3.242.68 listed in sa-accredit.habeas.com] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [212.3.242.68 listed in bl.score.senderscore.com] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-Headers-End: 1uCaaX-0002Ch-U5 Subject: [Openvpn-devel] [PATCH ovpn-net-next] ovpn: don't drop skb's dst when xmitting packet X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Gert Doering , Antonio Quartulli , sd@queasysnail.net Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1831451502337759905?= X-GMAIL-MSGID: =?utf-8?q?1831451502337759905?= From: Antonio Quartulli When routing a packet to a LAN behind a peer, ovpn need to inspect the route entry that brought there the packet in the first place. If this packet is truly routable, the route will provide the GW to be used to lookup the VPN peer to send the packet to. However, the route entry is currently dropped before entering the ovpn xmit function, because the IFF_XMIT_DST_RELEASE priv_flag is set by default. Clear the IFF_XMIT_DST_RELEASE flag during interface setup to allow the route entry (skb's dst) to survive and thus be inspected by the routing logic. Reported-by: Gert Doering Signed-off-by: Antonio Quartulli Tested-by: Gert Doering Acked-by: Gert Doering --- drivers/net/ovpn/main.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/net/ovpn/main.c b/drivers/net/ovpn/main.c index 0acb0934c1be..e17992b937bc 100644 --- a/drivers/net/ovpn/main.c +++ b/drivers/net/ovpn/main.c @@ -157,6 +157,11 @@ static void ovpn_setup(struct net_device *dev) dev->type = ARPHRD_NONE; dev->flags = IFF_POINTOPOINT | IFF_NOARP; dev->priv_flags |= IFF_NO_QUEUE; + /* when routing packet to a LAN behind a client, we rely on the + * route entry that originally brought the packet into ovpn, so + * don't release it + */ + dev->priv_flags &= ~IFF_XMIT_DST_RELEASE; dev->lltx = true; dev->features |= feat;