From patchwork Tue Jan 28 13:17:56 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "cron2 (Code Review)" X-Patchwork-Id: 4094 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:6a49:b0:5e7:b9eb:58e8 with SMTP id v9csp422216mat; Tue, 28 Jan 2025 05:18:17 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCWtCRmbJMTkPQDHRNHB12u5NXg3sNVbOP4oWqZWPFzvsXmkMXYFoO564sWzUrfYC8rtRR4TpGdHNxM=@openvpn.net X-Google-Smtp-Source: AGHT+IHeRpE3H1M4DQX1boc2QJp3wQZrxnfqm3ufk1eObKjqG3dvu6DQXZ8/y9HShKL48UDmMq5w X-Received: by 2002:a05:6808:1b0e:b0:3eb:643b:defc with SMTP id 5614622812f47-3f313c8e403mr2063755b6e.7.1738070296992; Tue, 28 Jan 2025 05:18:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1738070296; cv=none; d=google.com; s=arc-20240605; b=VkdXcoOUR6AfbDinysglGegFoAYtwGcWvOyJIWkDD7+xmHANhZibhSrfD1mfziq1Bt f4odtTmgxxaXUSVzacSXqDNSM8rl/XNY01p0QXvb3L3WRQLNIUmpgMIDd8fu6EwiknWw nUM90p8Sri81PrOtFlRPOabwmY7iX9/t8LEXGNmQScr8tsH5wQTKj6ryGj2nKChjVqTa qRdIk5fnN/vISQtSpWLqjbz7eeHeEQtHg99kpQ0Px7y2xchW1clhM5H44z5lQg8JUNwG J+++J9b3Yavjxkyafz3dvI3tAGj3W8mALhVlIrzsEEgmh2vKuH4NZBmcr9kc7o+BtiHF K84Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=hVvHwT5hjISTFWK11m/gQNYkEGK8OPgT14f+GO09DHM=; fh=U7wEyxtwz2o5+UdevFSA47vNeG9knhWH0KV//QhD5a0=; b=A8x7+oJsdDFOfvOX4r3JXHfiP8hFS7iDpSHRsL0MsportLfna33V/7uGdukSG+wY8j QV0JS0d40C5B6C21tkV1HV0Pr+dSk+K0CViffCgBF+p1FqBVTviZQQzGFD7TCVLANkQq zi9hQvEi0ci3fzGKP2M3fWKQurw/OFUrdTtJOjz0s4zP34/zjTYQWJLFQK7tmgh/Fl7w 31WYMUlUwmA7k9RQIzCCcWkyi5iVmx09q9s7DCSl3yflbrYDbsrc7bAMfA2005kfclNe MpJo43gpylDFNvcnL5ZP9MnY2ihi67s4bRZaAfNKP1YLana3aCkoBWiyFPMI9/e/1kwb R8Gg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=DxF4In89; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="CoT/4stl"; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=ULOpt4j9; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 006d021491bc7-5fa8ba0ac3dsi6829836eaf.53.2025.01.28.05.18.16 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 28 Jan 2025 05:18:16 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=DxF4In89; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="CoT/4stl"; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=ULOpt4j9; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1tclTo-0005rL-Od; Tue, 28 Jan 2025 13:18:12 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tclTn-0005rC-2K for openvpn-devel@lists.sourceforge.net; Tue, 28 Jan 2025 13:18:11 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=PgIDe3K2/SlNjxkFVO2btRego7r82NvHuQJpvCvndiI=; b=DxF4In89z8cJPsE4i+JbM3sffL wBYYc/dvjXe50qTWw0kXkRnT29pfshQo6YdLuSyNHd+S/CiUC0iUZpLI5o4UaSxikNWYkLbEQxxiP mtz8ddY4gEfau97uTO+f99h4rHs7aKJ2R9p+czNcmfMKFcYfPNUUVbMeuho0+T/iKljQ=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=PgIDe3K2/SlNjxkFVO2btRego7r82NvHuQJpvCvndiI=; b=C oT/4stlR/5AsfkQeDfEkBfzZWX1l16YWthTDM5f0t/kARgQvrT7B4hj/Lj7n/cUzKryeE0aU2zs1M cM1U+VW5CbNhkvlHz3NyK2HeHEiiJoxPgjqG9LKfRHogiwwLm0TTsZwI6aIabDqMIy02SMTXdL93v k28+2JIcPTVXJ/h8=; Received: from mail-wm1-f46.google.com ([209.85.128.46]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1tclTl-0003HQ-Fz for openvpn-devel@lists.sourceforge.net; Tue, 28 Jan 2025 13:18:10 +0000 Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-4361f796586so61844475e9.3 for ; Tue, 28 Jan 2025 05:18:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1738070278; x=1738675078; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=PgIDe3K2/SlNjxkFVO2btRego7r82NvHuQJpvCvndiI=; b=ULOpt4j9doIAzVl1S+A7rqyOXs2GR7XmAPn4Y4MBKsXKnxzTYhcbCaWHkbdOoCtltW RDmvfzuCgaOfGrCJfNXHNfynUGiPccqOE8MPM9UNufsxtSwlceXBowV1RaRtm0n+iIQI NaIg1vsG/Xw4S/AcKXxUQDewQ/n8xR41e4BhmgsdngeoJBHDhxxzj6Ugp9m/yCfssZOF hqp3GwXYZeMdira1DbB4zUxsNnwmHrZ8IF371qwKVcd2Jxprl1NzzVZy0+dShjnDNIIp lqjIlnE3dt8E2ZacPRKoKetRdtfu7WjXdyPJyWeBQH9l6fQs2KiXYrhfhFvReyqLekQE Urhw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738070278; x=1738675078; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=PgIDe3K2/SlNjxkFVO2btRego7r82NvHuQJpvCvndiI=; b=vJ+wYpGSWMASW7a0n1ex5coNpGVCeZOVNDWy6aCmXuaueANUQFTl62tZuuvT8f0QPN 9MjIuWw4N0MRdd6TRBp7mAIIOwAXOUSydLkU4n6p8Rwz5wf3Vk0hvt7MkAe8zbbLhfbK x89PqdsDxb1bqLTaP6G96MFjycHrgZdSxzrJCdqte0lnoHCLOaPKsDYfmtlM21H4C0lY pnRDdoXtH1wdUnZtd++gxg6gJKqhEaokKLCwwvp/GNIu8FFDIkOmGBpj/3JGDXSw+eE6 fYPGPXDuW00+9O6nTPMEm9D3LxMzf8TC5OJmJtHqkCJWhe+LWt0OTxloxhlFpHtRry2L vMXg== X-Gm-Message-State: AOJu0YyHwee09cJDC7oN2Fn7E1AWwl54FTtbFGuHVKfq5Sqzf3C3ein+ ECoqFU47cgUSWtfoI9YRvV2+P3Dhf1V4rrOgS8JWsBnIwkwQIDYFIqKL4ZfpNO8= X-Gm-Gg: ASbGncsnzKlfmSVf29wJFNHuRJxIbIkVHaQNaDGlNz2Ft89+ib7KFUcQQ0Im5ZkZSHV AEAmURGmPwwnvNO32aE+u7BizLbyUSPmhekhij6EDKsfHzjs3d83XRr7kBxFt5GU2RCOZFNxxhW 1IjyNIvrswmcUj/2JQe2RAHF1MtMRbXlHFVii/P3pPjWHjuCV6qo+fK/sVW+5XvThXmLROwrjIh xaZjUQtwo7lskcqkaBbRkNCJBrJV+ZqDmi+30yqLkOwib4y8MvI6DZhpJU4LAuwrV2OpO8l2ruz t3SQaTHD9bTmwvNwJMYY9i/SNG7k1uwHHAi4RZW+WJCtVvsyveFxU4GmY7v+P4lHT9iwOztMmvd YQ0ayKJs= X-Received: by 2002:a05:600c:3548:b0:434:a1d3:a321 with SMTP id 5b1f17b1804b1-438913c6150mr416593575e9.3.1738070277684; Tue, 28 Jan 2025 05:17:57 -0800 (PST) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-438bd4fa3e3sm171072905e9.3.2025.01.28.05.17.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Jan 2025 05:17:57 -0800 (PST) From: "stipa (Code Review)" X-Google-Original-From: "stipa (Code Review)" X-Gerrit-PatchSet: 1 Date: Tue, 28 Jan 2025 13:17:56 +0000 To: plaisthos , flichtenheld Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: I6c7e1cef637fe9fb3f3bc6ff4fb2c65599cd86fb X-Gerrit-Change-Number: 879 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: 086c6152145306399e32760e73949993383636be References: Message-ID: <2f5e78a5c6ac0839c6bd09dc2a9236db9ba83057-HTML@gerrit.openvpn.net> MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.128.46 listed in list.dnswl.org] 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.128.46 listed in sa-accredit.habeas.com] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.128.46 listed in bl.score.senderscore.com] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.46 listed in wl.mailspike.net] 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.0 T_SCC_BODY_TEXT_LINE No description available. 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML X-Headers-End: 1tclTl-0003HQ-Fz Subject: [Openvpn-devel] [M] Change in openvpn[master]: route.c: improve get_default_gateway() logic on Windows X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: lstipakov@gmail.com, arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net, frank@lichtenheld.com Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1822498799821004281?= X-GMAIL-MSGID: =?utf-8?q?1822498799821004281?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/879?usp=email to review the following change. Change subject: route.c: improve get_default_gateway() logic on Windows ...................................................................... route.c: improve get_default_gateway() logic on Windows When adding host route for IPv4, we use the default gateway. There are cases, however, when this does not work - for example when remote is not accessible via default gateway but via dedicated route. Factor out code to look for the best gateway to reach the host from get_default_gateway_ipv6() and generalize is for IPv4/6. Change-Id: I6c7e1cef637fe9fb3f3bc6ff4fb2c65599cd86fb Signed-off-by: Lev Stipakov --- M src/openvpn/route.c 1 file changed, 91 insertions(+), 52 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/79/879/1 diff --git a/src/openvpn/route.c b/src/openvpn/route.c index 640b0dc..dc98f78 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -2732,40 +2732,100 @@ return ret; } +/** + * @brief Determines the best route to a destination for both IPv4 and IPv6. + * + * Uses `GetBestInterfaceEx` and `GetBestRoute2` to find the optimal route + * and network interface for the specified destination address. + * + * @param gc Pointer to struct gc_arena for internal string allocation. + * @param dest The destination IP address (IPv4 or IPv6). + * @param best_route Pointer to a `MIB_IPFORWARD_ROW2` structure to store the best route. + * @return DWORD `NO_ERROR` on success, or an error code. + */ +static DWORD +get_best_route(struct gc_arena *gc, SOCKADDR_INET *dest, MIB_IPFORWARD_ROW2 *best_route) +{ + DWORD best_if_index; + DWORD status; + + CLEAR(*best_route); + + /* get the best interface index to reach dest */ + status = GetBestInterfaceEx((struct sockaddr *)dest, &best_if_index); + if (status != NO_ERROR) + { + msg(D_ROUTE, "NOTE: GetBestInterfaceEx returned error: %s (code=%u)", + strerror_win32(status, gc), + (unsigned int)status); + goto done; + } + + msg(D_ROUTE_DEBUG, "GetBestInterfaceEx() returned if=%d", (int)best_if_index); + + /* get the routing information (such as NextHop) for the destination and interface */ + NET_LUID luid; + CLEAR(luid); + SOCKADDR_INET best_src; + CLEAR(best_src); + status = GetBestRoute2(&luid, best_if_index, NULL, + dest, 0, best_route, &best_src); + if (status != NO_ERROR) + { + msg(D_ROUTE, "NOTE: GetIpForwardEntry2 returned error: %s (code=%u)", + strerror_win32(status, gc), + (unsigned int)status); + goto done; + } + +done: + return status; +} + void get_default_gateway(struct route_gateway_info *rgi, in_addr_t dest, openvpn_net_ctx_t *ctx) { - struct gc_arena gc = gc_new(); - - const IP_ADAPTER_INFO *adapters = get_adapter_info_list(&gc); - const MIB_IPFORWARDTABLE *routes = get_windows_routing_table(&gc); - const MIB_IPFORWARDROW *row = get_default_gateway_row(routes); - DWORD a_index; - const IP_ADAPTER_INFO *ai; - CLEAR(*rgi); - if (row) + struct gc_arena gc = gc_new(); + + /* convert in_addr_t into SOCKADDR_INET */ + SOCKADDR_INET sa; + CLEAR(sa); + sa.si_family = AF_INET; + sa.Ipv4.sin_addr.s_addr = htonl(dest); + + /* get the best route to the destination */ + MIB_IPFORWARD_ROW2 best_route; + CLEAR(best_route); + DWORD status = get_best_route(&gc, &sa, &best_route); + if (status != NO_ERROR) { - rgi->gateway.addr = ntohl(row->dwForwardNextHop); - if (rgi->gateway.addr) - { - rgi->flags |= RGI_ADDR_DEFINED; - a_index = adapter_index_of_ip(adapters, rgi->gateway.addr, NULL, &rgi->gateway.netmask); - if (a_index != TUN_ADAPTER_INDEX_INVALID) - { - rgi->adapter_index = a_index; - rgi->flags |= (RGI_IFACE_DEFINED|RGI_NETMASK_DEFINED); - ai = get_adapter(adapters, a_index); - if (ai) - { - memcpy(rgi->hwaddr, ai->Address, 6); - rgi->flags |= RGI_HWADDR_DEFINED; - } - } - } + goto done; } + rgi->flags = RGI_ADDR_DEFINED; + rgi->gateway.addr = ntohl(best_route.NextHop.Ipv4.sin_addr.S_un.S_addr); + + /* get netmask and adapter index */ + const IP_ADAPTER_INFO *adapters = get_adapter_info_list(&gc); + DWORD a_index = adapter_index_of_ip(adapters, rgi->gateway.addr, NULL, &rgi->gateway.netmask); + if (a_index == TUN_ADAPTER_INDEX_INVALID) + { + goto done; + } + rgi->adapter_index = a_index; + rgi->flags |= (RGI_IFACE_DEFINED | RGI_NETMASK_DEFINED); + + /* get MAC address */ + const IP_ADAPTER_INFO *ai = get_adapter(adapters, rgi->adapter_index); + if (ai) + { + memcpy(rgi->hwaddr, ai->Address, 6); + rgi->flags |= RGI_HWADDR_DEFINED; + } + +done: gc_free(&gc); } @@ -2823,43 +2883,22 @@ const struct in6_addr *dest, openvpn_net_ctx_t *ctx) { struct gc_arena gc = gc_new(); - MIB_IPFORWARD_ROW2 BestRoute; - SOCKADDR_INET DestinationAddress, BestSourceAddress; - DWORD BestIfIndex; - DWORD status; - NET_LUID InterfaceLuid; - CLEAR(*rgi6); - CLEAR(InterfaceLuid); /* cleared = not used for lookup */ - CLEAR(DestinationAddress); + SOCKADDR_INET DestinationAddress; + CLEAR(DestinationAddress); DestinationAddress.si_family = AF_INET6; if (dest) { DestinationAddress.Ipv6.sin6_addr = *dest; } - status = GetBestInterfaceEx( (struct sockaddr *)&DestinationAddress, &BestIfIndex ); + MIB_IPFORWARD_ROW2 BestRoute; + CLEAR(BestRoute); + DWORD status = get_best_route(&gc, &DestinationAddress, &BestRoute); if (status != NO_ERROR) { - msg(D_ROUTE, "NOTE: GetBestInterfaceEx returned error: %s (code=%u)", - strerror_win32(status, &gc), - (unsigned int)status); - goto done; - } - - msg( D_ROUTE, "GetBestInterfaceEx() returned if=%d", (int) BestIfIndex ); - - status = GetBestRoute2( &InterfaceLuid, BestIfIndex, NULL, - &DestinationAddress, 0, - &BestRoute, &BestSourceAddress ); - - if (status != NO_ERROR) - { - msg(D_ROUTE, "NOTE: GetIpForwardEntry2 returned error: %s (code=%u)", - strerror_win32(status, &gc), - (unsigned int)status); goto done; }