From patchwork Thu Jul 18 14:03:31 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "plaisthos (Code Review)" X-Patchwork-Id: 3767 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:6242:b0:5a1:d4fc:4ac6 with SMTP id v2csp15670mad; Thu, 18 Jul 2024 07:04:06 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWwykXRa8oT7ZRDtghe6jemKeTGYe6us86jUBgHOvwMI/ZFSlS4auhQ1UaY2WeNX+nQP6wqvnfNlV9feGdNhNQLiUOSkNU= X-Google-Smtp-Source: AGHT+IGbEpiCWdFC+A+lsfeAUB4JFOUXDT7leOKVRBVspZkc4O9yTPBujW3RnhVU47jUCRDEGix8 X-Received: by 2002:a05:6808:bcd:b0:3da:4c28:66ae with SMTP id 5614622812f47-3dad52be765mr2832968b6e.5.1721311445548; Thu, 18 Jul 2024 07:04:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1721311445; cv=none; d=google.com; s=arc-20160816; b=l5wGnETZoJJFMqEVsYJdoS+mg15G4/Hj+NKaLSQNTx3LqPSYnp0RcjrGR+w94znveL VfpBdBAfQhriOlwsTgBrKlDiZ6yTssdFn+L9DcH5zTpOxNbUEMzvzXVHYspRnfvmUq2j yfovUdlAVEj2JMb4Rd+zFueGui+1L0d7OdIm5smwUa0ixsvuCUI15rnFmRWMofTIX5Ou j7P6saBXYeOtPd5LMovW/K8z/hUvU+6w/0Qs8BqS9yTzIa6xXGotffX2tHRb6JEd4K+b vhziBeCBlAXZXOAi/GR2lVzDaa9YpcygxulV430xJZbZ8Eg5zRLFYFYkZwuh8SkQQUu5 A33g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=clZojlSMJ74tGBn535E9GdYMlpXjqpfwC2P6DI3Ekng=; fh=U7wEyxtwz2o5+UdevFSA47vNeG9knhWH0KV//QhD5a0=; b=AUljxJ9MCuDVSGmO4SHRTCzgtoUuHfNlK6Hd8Gbt3wc6QDDnXnTS6h6llc/ICwdS+b seA76Z6sB8IWiWFB6lFdletAXJeSf6iDJb6ql0M0ZLxUzyIEQSoDlgDeUyUL44GSdYsN FrgR+HJQo5M4QTyv8IVRvWxpoGBz1fGvpQhiI1vkrBPJq6ALHcQnYo8GW/oMC0hKvplx MvyAPxm4+eOv+EsMFP8aV7WeZWvi6UVovVgYCJJ9n2RB50G+fTrUhZIEiCx03T9pBirB g9D3P84oaNBm7PdV9XoaHfxxEOHMPJ7TxnoFMRzO9TaZPwP4ZjYzR+fmKnFJiYJR3qqL tAjw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="XZ/CGW57"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=BKhnKo6W; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=GFkGEsTZ; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 5614622812f47-3dad521b24esi1206328b6e.100.2024.07.18.07.04.05 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 18 Jul 2024 07:04:05 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="XZ/CGW57"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=BKhnKo6W; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=GFkGEsTZ; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1sURjQ-0004yj-IO; Thu, 18 Jul 2024 14:03:40 +0000 Received: from [172.30.29.67] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1sURjP-0004yd-Na for openvpn-devel@lists.sourceforge.net; Thu, 18 Jul 2024 14:03:39 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=wTzWInpKxtO22PoOAPx0zjw3D1P0y4jrg7+TNOAMrf0=; b=XZ/CGW57a/zudX0EmODgy4l+9E lW5q+0ha0kPg706g1/66JlVnZ/j3PN8RjjX6SeyOj5KttTksXFIdvi9+z/A6GB3+Yejm0a+xXXvlO wJtD7SlZYX1oo7KqhYNi0HCLIHxsYywVamx1HlqbRmqQQPfq5QSIP8D4Sj8rzyBsVkw8=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=wTzWInpKxtO22PoOAPx0zjw3D1P0y4jrg7+TNOAMrf0=; b=B KhnKo6W3BY79FGroo5CY7KEoWKI9bP62+VpQ4B1De05wzI8EwdEKSBBo/bz1OJTBT8eMnnCmWuTb6 Gay9oSMRDt7HFoXlR0jspzZrWsbS6+LlHZNQZL0Cu/rpU9EU7VjntLRZR8wDxFfaEfugKTEp3uq33 K1sS+1ISeRVYYViI=; Received: from mail-wm1-f47.google.com ([209.85.128.47]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1sURjP-0002rh-9G for openvpn-devel@lists.sourceforge.net; Thu, 18 Jul 2024 14:03:39 +0000 Received: by mail-wm1-f47.google.com with SMTP id 5b1f17b1804b1-427b4c621b9so2833595e9.1 for ; Thu, 18 Jul 2024 07:03:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1721311412; x=1721916212; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=wTzWInpKxtO22PoOAPx0zjw3D1P0y4jrg7+TNOAMrf0=; b=GFkGEsTZyN+UZwrGxerH7Ha0T7hoTy+sY4CMXg3FtkmDj6UGfs/fdKcpqRFukU625s OaKg/3R+MVgsvYbZA5CvF3RedqmBLjeYuiG4G9eK9XsE9wLGezwj2WkU5d3NaAuUeuem InLpCtlny/dm9XK6ipx6ZicJnaVjI//9HhYODbbGgnzZ2nv3x0gBJbQUpTaD3DUy9xSs Y/ABLf0/5FhYgw+/6aiHPEn8YAS0K3319BZJxP2sCQVsgNm6uS0uLtZ53A/7Ab2zSVPu hitOr4cYfUsoD3JxU30ONJQV4hGibkLMpkGgjre/+6lqZGTfB+qhvjlCsuvi3yWLR0x/ 5vPw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721311412; x=1721916212; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=wTzWInpKxtO22PoOAPx0zjw3D1P0y4jrg7+TNOAMrf0=; b=EFKPOplicDrschKpJ+d+HG6HDSc5UvctiLRnRQ030FPINUmlNL+oAJM0ztKXZCQPej MQG+bErnyVf4z5O5kL1TaXVzLQD8x5J3aGNJ8ELjJUwJkA6nrQ93PWfh24sZc82u2RsL tqnPfsfLzdJ+gRzXp6SsjxhqjnTAWTZ4PhdOaQ3QZn7WRNPNORZgTEY2TfUdcMt9UqN2 KkIg5K/DgP7zHR4mci7PRDPUdLYWdyDBNZerlSSipUXuOD1Kw88nFdbC+ObPwkPVAQZl Afxn3SvEsG6X0w6a4pR69bWHDknJ+a56EOGH/04SupRaz45Go8dzLdyX1leiU6/5oY0W SwsQ== X-Gm-Message-State: AOJu0Yxh+f74/W6RKZ8BF8imyaIlOQWeHsS8XMeQB6VHLxzfIXMImUEz aM0/1o6WVkIy2KC/lAK+2xVIrI6hIKljGmuGSg25gOT0u/xxZpl7ywtRwlh3D2E= X-Received: by 2002:a05:600c:4f05:b0:426:67f0:b4eb with SMTP id 5b1f17b1804b1-427c6ba4cedmr26394005e9.2.1721311411911; Thu, 18 Jul 2024 07:03:31 -0700 (PDT) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-427d2a43598sm16379845e9.1.2024.07.18.07.03.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jul 2024 07:03:31 -0700 (PDT) From: "mrbff (Code Review)" X-Google-Original-From: "mrbff (Code Review)" X-Gerrit-PatchSet: 1 Date: Thu, 18 Jul 2024 14:03:31 +0000 To: plaisthos , flichtenheld Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: Id1ec0c6e4c391604ec5dbb8b7122f2e47ad186d1 X-Gerrit-Change-Number: 677 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: 575029bbf266fb7e76b30dac6b3e3e6004d40c07 References: Message-ID: MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -5.2 (-----) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit Content analysis details: (-5.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: openvpn.net] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.128.47 listed in bl.score.senderscore.com] 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.128.47 listed in sa-trusted.bondedsender.org] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.47 listed in wl.mailspike.net] -5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at https://www.dnswl.org/, high trust [209.85.128.47 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML X-Headers-End: 1sURjP-0002rh-9G Subject: [Openvpn-devel] [S] Change in openvpn[master]: route: copied 'gateway_needed' logic from add_route_ipv6 to add_route X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: marco@mandelbit.com, arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net, frank@lichtenheld.com Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1804925870394777703?= X-GMAIL-MSGID: =?utf-8?q?1804925870394777703?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/677?usp=email to review the following change. Change subject: route: copied 'gateway_needed' logic from add_route_ipv6 to add_route ...................................................................... route: copied 'gateway_needed' logic from add_route_ipv6 to add_route Under certain circumstances it may not be necessary to pass the gateway when adding a new route via net_route_v4_add() API function. add_route_ipv6() already accounts for some of these cases and therefore this patch copies the same logic to add_route(). Change-Id: Id1ec0c6e4c391604ec5dbb8b7122f2e47ad186d1 Signed-off-by: Marco Baffo --- M src/openvpn/route.c 1 file changed, 31 insertions(+), 3 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/77/677/1 diff --git a/src/openvpn/route.c b/src/openvpn/route.c index 91f2032..bc8f561 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -1571,6 +1571,7 @@ { int status = 0; int is_local_route; + bool gateway_needed = false; if (!(r->flags & RT_DEFINED)) { @@ -1580,8 +1581,20 @@ struct argv argv = argv_new(); struct gc_arena gc = gc_new(); -#if !defined(TARGET_LINUX) +#if defined(TARGET_LINUX) + const char *iface = tt->actual_name; + if (rgi && rgi->iface[0] != '\0') /* vpn server special route */ + { + iface = rgi->iface; + if (r->gateway != 0) + { + gateway_needed = true; + } + } +#endif + const char *network = print_in_addr_t(r->network, 0, &gc); +#if !defined(TARGET_LINUX) #if !defined(TARGET_AIX) const char *netmask = print_in_addr_t(r->netmask, 0, &gc); #endif @@ -1594,8 +1607,22 @@ goto done; } + if (tt->type == DEV_TYPE_TAP && !(r->flags & RT_METRIC_DEFINED && r->metric == 0)) + { + gateway_needed = true; + } + + if (gateway_needed && r->gateway == 0) + { + msg(M_WARN, "ROUTE WARNING: " PACKAGE_NAME " needs a gateway " + "parameter for a --route option and no default was set via " + "--route-gateway or --ifconfig option. Not installing " + "IPv4 route to %s/%d.", network, netmask_to_netbits2(r->netmask)); + status = 0; + goto done; + } + #if defined(TARGET_LINUX) - const char *iface = NULL; int metric = -1; if (is_on_link(is_local_route, flags, rgi)) @@ -1610,7 +1637,8 @@ status = RTA_SUCCESS; int ret = net_route_v4_add(ctx, &r->network, netmask_to_netbits2(r->netmask), - &r->gateway, iface, 0, metric); + gateway_needed ? &r->gateway : NULL, + iface, 0, metric); if (ret == -EEXIST) { msg(D_ROUTE, "NOTE: Linux route add command failed because route exists");