From patchwork Wed Jan 29 13:49:10 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "cron2 (Code Review)" X-Patchwork-Id: 4104 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:6a49:b0:5e7:b9eb:58e8 with SMTP id v9csp1045674mat; Wed, 29 Jan 2025 05:49:32 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCUXq+nr/pdmucZ2IEoNJsLsSs9ojxkud4l0ehaCDWlaG3NzqYyDAIL/smx21+a3nhTfie7vH/kI+Rw=@openvpn.net X-Google-Smtp-Source: AGHT+IE4XUnlj8gPJF1/1rqLfvGLpDoGPKrjuZJXwEiujM4XRi0vxtSw/t8ArWoF9PxfKEKTuMTN X-Received: by 2002:a05:6808:3a19:b0:3e7:b644:e4ec with SMTP id 5614622812f47-3f323b674acmr1878038b6e.26.1738158572422; Wed, 29 Jan 2025 05:49:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1738158572; cv=none; d=google.com; s=arc-20240605; b=MLJej392z1qWVXeEc4BeV/EZWibIXgjE6VyxgEo5BL8qtVl75dgKXa9SFuwRXAEb9r tcG6UoW5rUGYGUHPsQdEV1QdjuAZZfPE/jEysAbW7eY2tYJAlNdu+UaVuFdjuOSvUMPX F0k5EWS5PWtRcVzrM4Bktrdrk15HFj8063lNnAGVtpD5bvQCEXzH7Tg2ozNf/hdcVdMt 4eyP7k2MqgfaBD90cy9puYQxYDsF15BW6TWKKinIIwQbL8+qH2yD7G2nezjBVS9BdUUZ BB18sQNZ5Qh3g9ycClIjvhabqFLFIzF9kHxlTfYn3Zo4PvVHWGGDWLPoQnin0YY7cnIg KxDg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=Ev8ZId7l9Whbvk6J41SJHx2aVxISwWtWG5bNIPmOsGs=; fh=U7wEyxtwz2o5+UdevFSA47vNeG9knhWH0KV//QhD5a0=; b=ep5wp0tYZoof4rK1/Anhyxmf7YIvK/pDu3a8H+vTHYXjYovBiIjdrarnI/rvEL61M7 NkXMcy6hpuHRG+UFgZtC1z5ZUXoiQt3Me8Mq0uHsHRt7TWp5EV0aSvCGx2MAtvOfRAZu ZUgaiq+hnrj4Zvmo9Y1xzcYCt+GQTD3hg7fZTpYEcfian/oiESbNGE0n27xqspctI3mW npNvH8wmXBDRFik1g6janbtrjlBnyJkJc2UknX2LKwLM4NEHCZc3gbkuc7/AMfPKM9R0 tAsexHVmLiqvTUPlP7FMMEJ5HdeSYPj/S1BAMqR4wYtz89AM3Y8qN/MSzH6mUPPuuzLx sx1A==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=X+U9DUnB; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=cPml+OvX; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=UbbzON55; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 5614622812f47-3f1f08506b5si9132828b6e.19.2025.01.29.05.49.32 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 29 Jan 2025 05:49:32 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=X+U9DUnB; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=cPml+OvX; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=UbbzON55; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1td8RY-0004Ve-VS; Wed, 29 Jan 2025 13:49:24 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1td8RX-0004VV-Us for openvpn-devel@lists.sourceforge.net; Wed, 29 Jan 2025 13:49:23 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=aPM95F5jSf+SRxXkldw2vHl0CFP4SyWXJGBWoug3vGM=; b=X+U9DUnBw9cCVhgirXeXv45gsw SXNR5gIlbn8jpGuu1ifJfgSR5+v09XLIMXeKPSWxVcHeAGjh5E/GPft/vb7H1xnLhZvWfCP8w599p Tgk1FhGGLGvnnOy0KrClDOS5viRuSbnjvywJjy/JDKPFlaxd4oF2GZLCMaKrVklcSO54=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=aPM95F5jSf+SRxXkldw2vHl0CFP4SyWXJGBWoug3vGM=; b=c Pml+OvX1ZzJSo7BpL90iACq5EMg6glsZFQEY8lnBubu1Z0r4QlhLkTYJgy9zZnKnWdm/kZTRhRtFV BS/mzESf/zLnvwFZ4qEm7gtIwUf/WLsUBd2T30KZz70XA+esn47xvuvxERpKJCjbhzxZJYkDCCOic 3d/IeJRqXfIHKlZI=; Received: from mail-wm1-f43.google.com ([209.85.128.43]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1td8RW-0006q1-Jf for openvpn-devel@lists.sourceforge.net; Wed, 29 Jan 2025 13:49:23 +0000 Received: by mail-wm1-f43.google.com with SMTP id 5b1f17b1804b1-438a3216fc2so70223725e9.1 for ; Wed, 29 Jan 2025 05:49:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1738158551; x=1738763351; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=aPM95F5jSf+SRxXkldw2vHl0CFP4SyWXJGBWoug3vGM=; b=UbbzON55imt7rdM22+F0alu9sYTEPOwL994Fvh3cJIZpXmbCXJMJE0WJU+mpe+ASJV cne/G7GkYmwEDruWuUJmOQcUZOuPby6FF/XCawWqGRxVokDmw8cBQlpzD7W8hWE3aBe6 cHmx6DEhLH366x4v3ZO4B68P5gStwBG4WU4bB4HRZDf6ZU9Kc++sGbT391AFovCxZ/qz zAzDH+p2LJYAb3Q9ibXHstTEGlJ4m8IVy1DYIdpgbATykyPzyuQxzsDjrZ6N1a2abAwn ZRspn5HHpQo7wBiXki3YZ77V1NuZbZ7etm8xNXJB+3gT3sVSl6YK2S2ruKGThd9epdMM LRmQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738158551; x=1738763351; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=aPM95F5jSf+SRxXkldw2vHl0CFP4SyWXJGBWoug3vGM=; b=uPsBogiusDilPiZ/EW/6BhkrYNcfYcjmqcmfvSt7CYzIi+Z+t8jcR0KQID2yXHCkHw X0zBOZO4GYSdcoGcIN87NqPh3uMypnw0MDTQRxpPskAX1JMj2PQUWjPgUeKhF8OzEgAG wcgCI+hEpieoVjKHyI/rcFW/+PgHti2J3wwEvG+ZaeqPJiUhA2jXiTiH8/9HYqPaxriu /Y3wtcLFiNjpZz/QFmbptmNm54RxN/coQOcmuk1h37lqimRso2a5PkzSUQU+b3qnotzw r9qKKQXnbrJTibL8iBsY0rOEoL7cYN6RRI2fvFcQwCUt7tMbve/ms+3UOXzDntTer8t+ Ucbw== X-Gm-Message-State: AOJu0Yz2pAL0psfP9pZxTnH3Albw33Y7rILt8phA+UVjdlbp0wmT60W4 /WGqgD6VxvtUAeKNI0fw8+ucOI3c9zIi4U3ElKfcJ2eQD0eFo1P1wu85lfGBkB3/KpV5lZa4v6q J X-Gm-Gg: ASbGncts8/CTxBVzOyD1wbnT58wP+IqOrsV00Vu5x+6xAWvbZfo451FBlRYndzA/04w lWLCRKJ0H7/YRhJE1Db+HBI9ypu0T5SARFaiNAX8TsoRNlgPTfl1KM4zsai1ue2ntB82FCEHJf4 ee4oyCn7RQ6Dq0R0CcGXaT9tWM8QvvsFquDURF1c1+WneqSvim8Dv/qy4SeZPNoprT0bdr/dKfW o6C0TVLeyfBbjMDZkYqwdD2QxSZLkS13jtWY/9f0Qi7S/zzmZpYASRGJukfx1+kncuRpz4rzW0e 9gFCwzvd5D7UEr/yrNdVqdzYHAkLJtGFQgNc4hxUZME70wjylDuEN8zcU6iquD1UhH6leZgD9EJ +OMyCJd83VJ0yV5Vzxw== X-Received: by 2002:a5d:64a1:0:b0:38a:88bc:bae4 with SMTP id ffacd0b85a97d-38c519697d5mr2546730f8f.18.1738158551011; Wed, 29 Jan 2025 05:49:11 -0800 (PST) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-38c2a188d5dsm17590135f8f.55.2025.01.29.05.49.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 Jan 2025 05:49:10 -0800 (PST) From: "cron2 (Code Review)" X-Google-Original-From: "cron2 (Code Review)" X-Gerrit-PatchSet: 1 Date: Wed, 29 Jan 2025 13:49:10 +0000 To: plaisthos , flichtenheld Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: I9e96af79981c4cb050f5b963837c7166e92e6791 X-Gerrit-Change-Number: 882 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: 4a398d20bde158e8aa388187d0eedf21fa9b0e92 References: Message-ID: <8000d2ec789a09800e794a76a7c5fe2de5b65e64-HTML@gerrit.openvpn.net> MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.128.43 listed in sa-accredit.habeas.com] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.128.43 listed in bl.score.senderscore.com] 0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.43 listed in wl.mailspike.net] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.128.43 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML X-Headers-End: 1td8RW-0006q1-Jf Subject: [Openvpn-devel] [S] Change in openvpn[master]: options: add IPv4 support to '--show-gateway ' X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: gert@greenie.muc.de, arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net, frank@lichtenheld.com Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1822591363100669083?= X-GMAIL-MSGID: =?utf-8?q?1822591363100669083?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/882?usp=email to review the following change. Change subject: options: add IPv4 support to '--show-gateway ' ...................................................................... options: add IPv4 support to '--show-gateway ' This is an old debug option, which used to print "the default routes found" for IPv4 and IPv6, and optionally "a route to a particular IPv6 target" if passed an argument. With the work started in commit 0fcfc8381f60d we want this to handle IPv4 as well, mostly to be able to easily test per-platform get_default_gateway() implementations. The implementation is simplistic - if can be parsed as an IPv4 or IPv6 address, that particular protocol lookup will do "the host route" and the other one will stick to "the default route". NOTE: as of this commit, there is no backend functionality for IPv4, so it will not actually print anything interesting. This will be added in further platform dependent commits. Change-Id: Ic438c583a782035ecb9b5ea65702a768ae2585f5 Signed-off-by: Gert Doering --- v2: amend --help output Change-Id: I9e96af79981c4cb050f5b963837c7166e92e6791 --- M doc/man-sections/advanced-options.rst M src/openvpn/options.c 2 files changed, 19 insertions(+), 9 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/82/882/1 diff --git a/doc/man-sections/advanced-options.rst b/doc/man-sections/advanced-options.rst index d5a6b4f..e1115e4 100644 --- a/doc/man-sections/advanced-options.rst +++ b/doc/man-sections/advanced-options.rst @@ -9,13 +9,17 @@ :: --show-gateway + --show-gateway IPv4-target --show-gateway IPv6-target + For IPv4 it looks for a 0.0.0.0/0 route, or the specified IPv4 address + if the target can be parsed as an IPv4 address. For IPv6 this queries the route towards ::/128, or the specified IPv6 - target address if passed as argument. - For IPv4 on Linux, Windows, MacOS and BSD it looks for a 0.0.0.0/0 route. - If there are more specific routes, the result will not always be matching - the route of the IPv4 packets to the VPN gateway. + target address if the argument is an IPv6 address. + + Adding a target is helpful for diagnostics to see if OpenVPN will do + the right thing if there are more specific IPv4/IPv6 routes to a + VPN server. Advanced Expert Options diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 5a80e6b..00c6fce 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -788,7 +788,7 @@ "\n" "General Standalone Options:\n" #ifdef ENABLE_DEBUG - "--show-gateway : Show info about default gateway.\n" + "--show-gateway [address]: Show info about gateway [to v4/v6 address].\n" #endif ; @@ -5858,16 +5858,22 @@ { struct route_gateway_info rgi; struct route_ipv6_gateway_info rgi6; - struct in6_addr remote = IN6ADDR_ANY_INIT; + in_addr_t remote_ipv4 = 0; + struct in6_addr remote_ipv6 = IN6ADDR_ANY_INIT; openvpn_net_ctx_t net_ctx; VERIFY_PERMISSION(OPT_P_GENERAL); if (p[1]) { - get_ipv6_addr(p[1], &remote, NULL, M_WARN); + /* try parsing the argument as a v4 or v6 address - if + * possible, the output will show the exact route there, and + * "the default route" for the other protocol + */ + remote_ipv4 = get_ip_addr(p[1], M_WARN, NULL); + get_ipv6_addr(p[1], &remote_ipv6, NULL, M_WARN); } net_ctx_init(NULL, &net_ctx); - get_default_gateway(&rgi, 0, &net_ctx); - get_default_gateway_ipv6(&rgi6, &remote, &net_ctx); + get_default_gateway(&rgi, remote_ipv4, &net_ctx); + get_default_gateway_ipv6(&rgi6, &remote_ipv6, &net_ctx); print_default_gateway(M_INFO, &rgi, &rgi6); openvpn_exit(OPENVPN_EXIT_STATUS_GOOD); /* exit point */ }