From patchwork Mon Jan 13 09:20:06 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "mrbff (Code Review)" X-Patchwork-Id: 4047 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:b7cb:b0:5e7:b9eb:58e8 with SMTP id en11csp1531599mab; Mon, 13 Jan 2025 01:20:36 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCXlOW6dVzKElTMMtMWMrE4Q6v67IqDOK+NWgjAm7EFEO+FBO2Kf2cBPcDqrmSPlWOpHWyYsk2DWJek=@openvpn.net X-Google-Smtp-Source: AGHT+IH+Fh6i7P0Uf5wBqxtDiMHL5vZjnwFIqsSLOzbl2Haq9m2oS7q4bZfXchfYleEvYoxeIROu X-Received: by 2002:a05:6871:71c4:b0:29f:c94b:3a06 with SMTP id 586e51a60fabf-2aacdbca3a9mr9907824fac.8.1736760035915; Mon, 13 Jan 2025 01:20:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1736760035; cv=none; d=google.com; s=arc-20240605; b=GCo+jC675DnbReCfTntxe0X2dW/CUk+gEHzE5EQd5LFhuMexso4tja3bAzH63BXOKs r2zObqAUgvTqmw5BuJ3ql/uMRlqS8e6HIOoX8zasgtVhCx4zO50MRJ4rjyTWEycibXBz nt5A9djklYyX8Vyjni0QKqTE4I1EdvhLaRQQ+Qr34nE++BdFi9KFdTKXDlKHslrW9JuZ tErVyx5LIfo94XARPJ4w+4JQUS9FjfgMaDi0G2kl3hc3PWfEYyRPTj/YcLaXCMS1bVoh fB4HiTcjMXIG8640y4MNDOvkYFFUkF45rJbvfgD974xfzdU9q0bcx2D62W4I7Rlth1Ii qUbQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=L0Cuwg6oIjmeES1YNniuDOgMP3QdAkrp8NKMXaGdxDc=; fh=U7wEyxtwz2o5+UdevFSA47vNeG9knhWH0KV//QhD5a0=; b=aKET1uAsLrBX6Et9bKf1Lkes+ox2pKLP+YTBjT5SRQ63gl/jO+dcweFEKH6YibghNH 5xe2U5W5UvPqBOKDwec3OHRFo44oAq578qrQ3CLb9EVZcwmMkUN2LRNE9bma2X53HOHy oq9E/PFX3RkvWoOgEA8Y+oNiivPu3ip7UgvRt/RwSlZSchJaTtv9yvG2oKIWmJQHrMRX jj4nSEw5v+PXHMZxqCXkOeDxjt1he3KVhPzFabJP7Z2dgQXpc9ePN4u8j38xq5wGdqYI a6rm6NfAoiZOGu/lHHI1a40Jg/g/SvC2dfGxg61t53ulKE7rt5b6bAuV1rW8OWHTLDnm GoPg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="JmlPA4/p"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=hLwnZ+ff; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b="YXgSYh1/"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-2ad804976easi6164082fac.8.2025.01.13.01.20.35 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 13 Jan 2025 01:20:35 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="JmlPA4/p"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=hLwnZ+ff; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b="YXgSYh1/"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1tXGcY-0004OA-Iy; Mon, 13 Jan 2025 09:20:31 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tXGcX-0004Nl-89 for openvpn-devel@lists.sourceforge.net; Mon, 13 Jan 2025 09:20:29 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=2jZGKMXZk4vTYREmUiF7d5w5Jtq0su5u4ZAQ4utxi5I=; b=JmlPA4/pu8xpHN0BmyFLKtmvKy R8s+GflBmB9GfphY8WZjmtWgz73R5xn8c2vPRIj/Xpsml4I+ZLy1BtY9ICbxJlnLH03VBg8Bj/iPQ BEbFtPk2InBhoK3fhJY2oT5CjuFlWb/nfdfSP5d0l4UHaZm4UpatBmzgFZZ+3zo60mAE=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=2jZGKMXZk4vTYREmUiF7d5w5Jtq0su5u4ZAQ4utxi5I=; b=h LwnZ+ffne5cNUhvcD8fPPessoPFZdecfYCzEX2JaAkSdPZC4K/B8rsrtxS097SHT/J4wBX0GJLqTI 7SoP1cwWPK5LKDPDjbySMR91Pd+8NgfEdmmf3RuWjvxZOgMDza9wA34fznka1rSFgmfoL3jd9hZ13 W9Qtwt4M2PFjtnh8=; Received: from mail-wm1-f42.google.com ([209.85.128.42]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1tXGcN-0007tH-R8 for openvpn-devel@lists.sourceforge.net; Mon, 13 Jan 2025 09:20:21 +0000 Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-436a03197b2so27785355e9.2 for ; Mon, 13 Jan 2025 01:20:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1736760008; x=1737364808; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=2jZGKMXZk4vTYREmUiF7d5w5Jtq0su5u4ZAQ4utxi5I=; b=YXgSYh1/2PUamZ39SsqzrKXA95x8bNRgs4peXKEMC7PgfxMwO8vFdFbwMuAuHpgqAJ ZY0OPVbARRlibOFWZo91rMsMTbJCWPjXNmZOvh8XrcbXr4NNLgXq6plC1/Mu3EjOsQ5o FQkOQtJzvbixI1hh3JL6WnX5hOY9D+yUdXBXI39yHc+/JAMCALkHMsH3CQcqG4t1voPi tQ5j5XZsVlA6AwNjxe7k+YxlgYBt/c5VuGnvxNDJG1xGq4pcMUvbt0f/2Jj4+4CqduDs u+t9QLB0GoZjWKT8v9ByKHsqA7LRgUPurUtvyRTAo9ex3FLXwsiHIsZ1jT5SCSNqZNtH +OFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736760008; x=1737364808; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=2jZGKMXZk4vTYREmUiF7d5w5Jtq0su5u4ZAQ4utxi5I=; b=UMedBuZflst7R+YFiS/CZyf2f7JR/q3aacMYJ19pw1J/ZK5vnbDoD/zbQP2/VeM/hW 8T6Tv8Mar/GWvYX8DU65CwcNux3Dqd00fBhSXpCQgjDS46qa6yMUTGYuyHKdENcq+deU acgcu4zQX9J7/5ep3hFOXuqYVqCTd9Z9Nr+CLaEVVmSxXc6o6tqcl4roJrPxn9WZwkJ3 iXN2+v0d+Aa7+GmNpHZnRPS3xfI0B9B2YpBG8oPnuCnvelbsDRrMQWedZxZqdye0LjQI aKi3Q3JFTSya6qcx6jD5KtYp+jB0CgiTlZffxMSU0+qaKBMIjysrmoeL3YEJt2wac0OD KGTQ== X-Gm-Message-State: AOJu0YwAHNUjWP5G06//82la0mM+XXtZTwCJ88rS1biXSqE9bOBJccbs ZM/ZrSazXZryASUhKvCs590yUm6d4YGfmxQ914QHEq6bMyiHpKsBRIvCCw9de9gKua5+ZYkyiz4 D X-Gm-Gg: ASbGnctooKgIJTi0SqRK1dXCs5h9u3omjwvTBXPOnro0j7/pvCqsB2xu18srIwjOaK3 XUWjDKT8xKJhH6+uPhwI0/xeAvljyZalZq2EjR/sz/yNx33/DgEPjZiAGlC+7BkZWt56Uzx0TkQ wk7tb1ypKhWt2Exr8DwMb+6vp21VRxbLi44QcXEWrR1EX+aGXHoXlgeQlfirAgFQ/b+pX2+gdMR T92HrhKQnf1veZMidqN42igX9fKt7mgKtCQVmZKZqQOA3Ac6lzbObpJkUtocS6AWgHRXDHb2TJg URqVEWuQz7KzV5z+T5JHgsuRyzt13XYbh+vPan0MGpW2JJD4 X-Received: by 2002:a05:600c:4e8f:b0:434:e9ee:c1e with SMTP id 5b1f17b1804b1-436e270021fmr183673205e9.31.1736760007943; Mon, 13 Jan 2025 01:20:07 -0800 (PST) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-436e9e03e5fsm136157555e9.18.2025.01.13.01.20.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 13 Jan 2025 01:20:07 -0800 (PST) From: "stipa (Code Review)" X-Google-Original-From: "stipa (Code Review)" X-Gerrit-PatchSet: 1 Date: Mon, 13 Jan 2025 09:20:06 +0000 To: plaisthos , flichtenheld Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: I36a5442c0a5667628f419bc64efe5fb562ad3b57 X-Gerrit-Change-Number: 857 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: 65c886788bc6c479d0a670a3af923e6eb97e5283 References: Message-ID: <495f8d162aa631986785722609231c2813178ffe-HTML@gerrit.openvpn.net> MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -2.0 (--) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit Content analysis details: (-2.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.128.42 listed in sa-accredit.habeas.com] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.128.42 listed in bl.score.senderscore.com] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.128.42 listed in list.dnswl.org] -1.8 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.42 listed in wl.mailspike.net] 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML X-Headers-End: 1tXGcN-0007tH-R8 Subject: [Openvpn-devel] [M] Change in openvpn[master]: dco-win: support for iroutes X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: lstipakov@gmail.com, arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net, frank@lichtenheld.com Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1821124891486673349?= X-GMAIL-MSGID: =?utf-8?q?1821124891486673349?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/857?usp=email to review the following change. Change subject: dco-win: support for iroutes ...................................................................... dco-win: support for iroutes Unlike Linux/FreeBSD, dco-win doesn't have access to a system routing table, so we have to maintain internal routing table in the driver. For that, we have 4 ioctls to add/delete IPv4/IPv6 iroutes. When adding iroute, we pass peer-id, so that the driver is able to associate a subnet with a peer context. Change-Id: I36a5442c0a5667628f419bc64efe5fb562ad3b57 Signed-off-by: Lev Stipakov --- M src/openvpn/dco.c M src/openvpn/dco_win.c M src/openvpn/dco_win.h M src/openvpn/ovpn_dco_win.h 4 files changed, 127 insertions(+), 11 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/57/857/1 diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c index b5a2136..55fe40a 100644 --- a/src/openvpn/dco.c +++ b/src/openvpn/dco.c @@ -637,7 +637,7 @@ dco_install_iroute(struct multi_context *m, struct multi_instance *mi, struct mroute_addr *addr) { -#if defined(TARGET_LINUX) || defined(TARGET_FREEBSD) +#if defined(TARGET_LINUX) || defined(TARGET_FREEBSD) || defined(_WIN32) if (!dco_enabled(&m->top.options)) { return; @@ -653,28 +653,34 @@ } struct context *c = &mi->context; - const char *dev = c->c1.tuntap->actual_name; - if (addrtype == MR_ADDR_IPV6) { +#if defined(_WIN32) + dco_win_add_iroute_ipv6(&c->c1.tuntap->dco, addr->v6.addr, addr->netbits, c->c2.tls_multi->peer_id); +#else net_route_v6_add(&m->top.net_ctx, &addr->v6.addr, addr->netbits, - &mi->context.c2.push_ifconfig_ipv6_local, dev, 0, + &mi->context.c2.push_ifconfig_ipv6_local, c->c1.tuntap->actual_name, 0, DCO_IROUTE_METRIC); +#endif } else if (addrtype == MR_ADDR_IPV4) { +#if defined(_WIN32) + dco_win_add_iroute_ipv4(&c->c1.tuntap->dco, addr->v4.addr, addr->netbits, c->c2.tls_multi->peer_id); +#else in_addr_t dest = htonl(addr->v4.addr); net_route_v4_add(&m->top.net_ctx, &dest, addr->netbits, - &mi->context.c2.push_ifconfig_local, dev, 0, + &mi->context.c2.push_ifconfig_local, c->c1.tuntap->actual_name, 0, DCO_IROUTE_METRIC); +#endif } -#endif /* if defined(TARGET_LINUX) || defined(TARGET_FREEBSD) */ +#endif /* if defined(TARGET_LINUX) || defined(TARGET_FREEBSD) || defined(_WIN32) */ } void dco_delete_iroutes(struct multi_context *m, struct multi_instance *mi) { -#if defined(TARGET_LINUX) || defined(TARGET_FREEBSD) +#if defined(TARGET_LINUX) || defined(TARGET_FREEBSD) || defined(_WIN32) if (!dco_enabled(&m->top.options)) { return; @@ -682,7 +688,6 @@ ASSERT(TUNNEL_TYPE(mi->context.c1.tuntap) == DEV_TYPE_TUN); struct context *c = &mi->context; - const char *dev = c->c1.tuntap->actual_name; if (mi->context.c2.push_ifconfig_defined) { @@ -690,9 +695,13 @@ ir; ir = ir->next) { +#if defined(_WIN32) + dco_win_del_iroute_ipv4(&c->c1.tuntap->dco, htonl(ir->network), ir->netbits); +#else net_route_v4_del(&m->top.net_ctx, &ir->network, ir->netbits, - &mi->context.c2.push_ifconfig_local, dev, + &mi->context.c2.push_ifconfig_local, c->c1.tuntap->actual_name, 0, DCO_IROUTE_METRIC); +#endif } } @@ -702,12 +711,16 @@ ir6; ir6 = ir6->next) { +#if defined(_WIN32) + dco_win_del_iroute_ipv6(&c->c1.tuntap->dco, ir6->network, ir6->netbits); +#else net_route_v6_del(&m->top.net_ctx, &ir6->network, ir6->netbits, - &mi->context.c2.push_ifconfig_ipv6_local, dev, + &mi->context.c2.push_ifconfig_ipv6_local, c->c1.tuntap->actual_name, 0, DCO_IROUTE_METRIC); +#endif } } -#endif /* if defined(TARGET_LINUX) || defined(TARGET_FREEBSD) */ +#endif /* if defined(TARGET_LINUX) || defined(TARGET_FREEBSD) || defined(_WIN32) */ } #endif /* defined(ENABLE_DCO) */ diff --git a/src/openvpn/dco_win.c b/src/openvpn/dco_win.c index 14220b6..db2adac 100644 --- a/src/openvpn/dco_win.c +++ b/src/openvpn/dco_win.c @@ -873,4 +873,80 @@ return dco_get_version(&ver) && ver.Major >= 2; } +void +dco_win_add_iroute_ipv4(dco_context_t *dco, in_addr_t dst, unsigned int netbits, unsigned int peer_id) +{ + struct gc_arena gc = gc_new(); + + OVPN_MP_IROUTE route = {.Addr.Addr4.S_un.S_addr = dst, .Netbits = netbits, .PeerId = peer_id, .IPv6 = 0}; + + msg(D_DCO_DEBUG, "%s: %s/%d -> peer %d", __func__, print_in_addr_t(dst, IA_NET_ORDER, &gc), netbits, peer_id); + + DWORD bytes_returned = 0; + if (!DeviceIoControl(dco->tt->hand, OVPN_IOCTL_MP_ADD_IROUTE, &route, + sizeof(route), NULL, 0, &bytes_returned, NULL)) + { + msg(M_WARN | M_ERRNO, "DeviceIoControl(OVPN_IOCTL_MP_ADD_IROUTE) failed"); + } + + gc_free(&gc); +} + +void +dco_win_add_iroute_ipv6(dco_context_t *dco, struct in6_addr dst, unsigned int netbits, unsigned int peer_id) +{ + struct gc_arena gc = gc_new(); + + OVPN_MP_IROUTE route = { .Addr.Addr6 = dst, .Netbits = netbits, .PeerId = peer_id, .IPv6 = 1 }; + + msg(D_DCO_DEBUG, "%s: %s/%d -> peer %d", __func__, print_in6_addr(dst, IA_NET_ORDER, &gc), netbits, peer_id); + + DWORD bytes_returned = 0; + if (!DeviceIoControl(dco->tt->hand, OVPN_IOCTL_MP_ADD_IROUTE, &route, + sizeof(route), NULL, 0, &bytes_returned, NULL)) + { + msg(M_WARN | M_ERRNO, "DeviceIoControl(OVPN_IOCTL_MP_ADD_IROUTE) failed"); + } + + gc_free(&gc); +} + +void +dco_win_del_iroute_ipv4(dco_context_t *dco, in_addr_t dst, unsigned int netbits) +{ + struct gc_arena gc = gc_new(); + + OVPN_MP_IROUTE route = { .Addr.Addr4.S_un.S_addr = dst, .Netbits = netbits, .PeerId = -1, .IPv6 = 0 }; + + msg(D_DCO_DEBUG, "%s: %s/%d", __func__, print_in_addr_t(dst, IA_NET_ORDER, &gc), netbits); + + DWORD bytes_returned = 0; + if (!DeviceIoControl(dco->tt->hand, OVPN_IOCTL_MP_DEL_IROUTE, &route, + sizeof(route), NULL, 0, &bytes_returned, NULL)) + { + msg(M_WARN | M_ERRNO, "DeviceIoControl(OVPN_IOCTL_MP_DEL_IROUTE) failed"); + } + + gc_free(&gc); +} + +void +dco_win_del_iroute_ipv6(dco_context_t *dco, struct in6_addr dst, unsigned int netbits) +{ + struct gc_arena gc = gc_new(); + + OVPN_MP_IROUTE route = { .Addr.Addr6 = dst, .Netbits = netbits, .PeerId = -1, .IPv6 = 1 }; + + msg(D_DCO_DEBUG, "%s: %s/%d", __func__, print_in6_addr(dst, IA_NET_ORDER, &gc), netbits); + + DWORD bytes_returned = 0; + if (!DeviceIoControl(dco->tt->hand, OVPN_IOCTL_MP_DEL_IROUTE, &route, + sizeof(route), NULL, 0, &bytes_returned, NULL)) + { + msg(M_WARN | M_ERRNO, "DeviceIoControl(OVPN_IOCTL_MP_DEL_IROUTE) failed"); + } + + gc_free(&gc); +} + #endif /* defined(_WIN32) */ diff --git a/src/openvpn/dco_win.h b/src/openvpn/dco_win.h index 2c2309f..21cb1de 100644 --- a/src/openvpn/dco_win.h +++ b/src/openvpn/dco_win.h @@ -24,6 +24,8 @@ #if defined(ENABLE_DCO) && defined(_WIN32) +#include + #include "buffer.h" #include "ovpn_dco_win.h" #include "sig.h" @@ -72,6 +74,18 @@ bool dco_win_supports_multipeer(void); +void +dco_win_add_iroute_ipv4(dco_context_t *dco, in_addr_t dst, unsigned int netbits, unsigned int peer_id); + +void +dco_win_add_iroute_ipv6(dco_context_t *dco, struct in6_addr dst, unsigned int netbits, unsigned int peer_id); + +void +dco_win_del_iroute_ipv4(dco_context_t *dco, in_addr_t dst, unsigned int netbits); + +void +dco_win_del_iroute_ipv6(dco_context_t *dco, struct in6_addr dst, unsigned int netbits); + #else /* if defined(ENABLE_DCO) && defined(_WIN32) */ static inline void diff --git a/src/openvpn/ovpn_dco_win.h b/src/openvpn/ovpn_dco_win.h index 8003ace..f798c5a 100644 --- a/src/openvpn/ovpn_dco_win.h +++ b/src/openvpn/ovpn_dco_win.h @@ -182,6 +182,16 @@ int PeerId; } OVPN_MP_SWAP_KEYS, * POVPN_MP_SWAP_KEYS; +typedef struct _OVPN_MP_IROUTE { + union { + IN_ADDR Addr4; + IN6_ADDR Addr6; + } Addr; + int Netbits; + int PeerId; + int IPv6; +} OVPN_MP_IROUTE, * POVPN_MP_IROUTE; + #define OVPN_IOCTL_NEW_PEER CTL_CODE(FILE_DEVICE_UNKNOWN, 1, METHOD_BUFFERED, FILE_ANY_ACCESS) #define OVPN_IOCTL_GET_STATS CTL_CODE(FILE_DEVICE_UNKNOWN, 2, METHOD_BUFFERED, FILE_ANY_ACCESS) #define OVPN_IOCTL_NEW_KEY CTL_CODE(FILE_DEVICE_UNKNOWN, 3, METHOD_BUFFERED, FILE_ANY_ACCESS) @@ -201,3 +211,6 @@ #define OVPN_IOCTL_MP_DEL_PEER CTL_CODE(FILE_DEVICE_UNKNOWN, 15, METHOD_BUFFERED, FILE_ANY_ACCESS) #define OVPN_IOCTL_MP_SWAP_KEYS CTL_CODE(FILE_DEVICE_UNKNOWN, 16, METHOD_BUFFERED, FILE_ANY_ACCESS) + +#define OVPN_IOCTL_MP_ADD_IROUTE CTL_CODE(FILE_DEVICE_UNKNOWN, 17, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define OVPN_IOCTL_MP_DEL_IROUTE CTL_CODE(FILE_DEVICE_UNKNOWN, 18, METHOD_BUFFERED, FILE_ANY_ACCESS)