From patchwork Wed Nov 15 13:45:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "flichtenheld (Code Review)" X-Patchwork-Id: 3445 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:3c06:b0:f2:62eb:61c1 with SMTP id e6csp2926303dys; Wed, 15 Nov 2023 05:46:17 -0800 (PST) X-Google-Smtp-Source: AGHT+IHJ/XCvnKh/eRf5o/rDm3bQPHFWBlTqiGfm4v4vw3I8JPrq2u8lWkpxpYLDlPZWyo8fFduT X-Received: by 2002:a17:902:ec84:b0:1c6:2b3d:d918 with SMTP id x4-20020a170902ec8400b001c62b3dd918mr3362537plg.3.1700055977214; Wed, 15 Nov 2023 05:46:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700055977; cv=none; d=google.com; s=arc-20160816; b=NekUOtoG7AeVB47MqYtgcVhARWhX/8QxVaP3YYeidM89DLBwbsU6a2agPEJ9OrM1IV wiOFZnjpa+lEz4B0EQ0D0IeDL+cmoHZxHPIlNGx8JmAmAq8Bf374dmjDkjpi/+NEVnRH u+yL2mWE1FPzqbQGPyWGWDHghxxc+XfCCdFzVRkFhudfq2V7mX5v0cMs2QPr4d5Yf0xT 49T3FX2ewH5dsRCi+7dDBWTtMI5z7zhx2rbHruJvgEo8mB9AjNNMzvl0/1u31eTG+r41 3b5R36BqPse0ck8KPx3GzgrHeb0rqaNMdqt3jyg3MMNmcAlqjngr8nKaEvq71GCzTTA6 Rnkg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=ZQ7Xlhg/g6zFXNNK0ehtOtqQZTCq+7vXoFSvcCM51SU=; fh=U7wEyxtwz2o5+UdevFSA47vNeG9knhWH0KV//QhD5a0=; b=I//MFEMrcCQTaHH1yEZBQtMsn6o0pqt3LxlFj37mUZGVQxtXyQXJssvpm4xe82zOHb q5idP8kFYSBISINutljwmSUb+sCXEPUElXli0jBU72mTwSFAI55K9YMeNSNHFRel4qxT lAdXxM5SIAjQYyfAOEuQWpapEOGTUyFRK9ROCxEeMHNbWaxTTKc+5S3iyK1+tP6rfhyo M64cJc/14/9jzVsla2P80JK52AREw47R3u6uzSMZ99/lOBn/JSSwhRx/nhqRHmk/EMxY NSaw9YvYPi9QSH/yL96gEtHvZlaaNILVkmz8PNyqSLUfTuok3vMn+XDt3R/9qXcYjq0e yvuw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=BdOr62Tj; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="IMop1T/O"; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=QDgaTpE8; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id j8-20020a170903028800b001c1e4f9c63esi11091426plr.491.2023.11.15.05.46.17 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 15 Nov 2023 05:46:17 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=BdOr62Tj; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="IMop1T/O"; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=QDgaTpE8; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1r3GCw-00010Z-NF; Wed, 15 Nov 2023 13:45:29 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1r3GCt-00010L-Kj for openvpn-devel@lists.sourceforge.net; Wed, 15 Nov 2023 13:45:26 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=QqnJaVUw5AOkLRaDCjLjDYPmnMJ4XUxmVYj1RPx/uqk=; b=BdOr62TjtlFutcInnCnq9d/XAM QAVEaA4y1UITVlBA3Yfj5+TeYdC+6ruL1nqnr8f2LD5fTD38Uchz4lGfZyppSrru4EX7MWtGzvKut pXkLqnx7yr+1c4e1GhCGNcT6SvfwwCzco6VbI97rkJ780W5UgZpFxQo4Od3JVgRGZ3Po=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=QqnJaVUw5AOkLRaDCjLjDYPmnMJ4XUxmVYj1RPx/uqk=; b=I Mop1T/OKaOswg/nvA2Ko1IHPcNCi/4v80hrlGYx7uNk9ZBU6dUGVn37/1pvPMSafJHErBvhyknEHr nS0V7Pt4QoaBQE299jwEJuQaHz4l435W82d49iSwLR7cPYC7Yo9V0Hr4IN6Fxrc8PwZUxAHnONEuj c0sfRQD50+nvrMHQ=; Received: from mail-lj1-f178.google.com ([209.85.208.178]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1r3GCr-006Vpk-5x for openvpn-devel@lists.sourceforge.net; Wed, 15 Nov 2023 13:45:26 +0000 Received: by mail-lj1-f178.google.com with SMTP id 38308e7fff4ca-2c72e275d96so91721871fa.2 for ; Wed, 15 Nov 2023 05:45:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1700055918; x=1700660718; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=QqnJaVUw5AOkLRaDCjLjDYPmnMJ4XUxmVYj1RPx/uqk=; b=QDgaTpE8uUvz6Ycj+W3PA/5Rvs0u+3lRM+oISZJDU9vX5d9TZOxK5XIlHRBhRW7w/V D8jE+xww8FCEqhaafmFCLKaxJUXu7aLEDAj0thz040zpqTSyIjS2WKRi99IJRlGHfYjd 8qMn+Rf7dmp1pzNEuG9SCq38ggDbnL/VJe+ivqO/Q0uJtLNYqEe9eQZB11VtdayVHjcy kHpEkiorUhWdmmtRjNmRbZHjpCAMye+rKPRNIrSDg5ceNtojJNtWRNr3gbl5Wf1Yt74/ GJnJWWNrZvyH0j90rdnzj9GBu+u7CdoKlqSV7EMLAf+1Kf7Ws1N/W8Pegv76z99tnRWn qnaQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700055918; x=1700660718; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=QqnJaVUw5AOkLRaDCjLjDYPmnMJ4XUxmVYj1RPx/uqk=; b=k8GpZaFlGK4PL0ziOKYdWl6XsXApMKWgqX1/NoEKXT4pKvw4erqc+P952yDoQaM1pQ 6ISAJGnyxrBjfJRGs6TnY+nkn+EQ3CIPy1gRT3F26HR4F5NRhcrPRB2kOFL3xRRSzJQ+ wu4cHbTOfk3ooouXMGGzkAvptVUUAe3pGpuWp2tO5uf0Q4/PZfvwglrf0uHtnS8a6P4d M8Bdlzd6OhC364yCzJ9sMpbJz6/8u2BrYX+/4Id75r20WDPcvtIx53MjGADRxrDzK1bL MEwgJi+J3Yd3ylUDmOiwVG5P2U3erQ0E/qhLRQNx4hQUfr7rpKfrs6Edq7Efk3zogRbz 0iJw== X-Gm-Message-State: AOJu0YysSudDTbSXP/0DH1MP3im6PK/b01bsLai+aSDDNnFHlii4G2vZ 4egxDjOZPv144rBRUK9dIPClUdQaKSUUiUkF+04= X-Received: by 2002:a05:651c:1728:b0:2c7:f9d:587a with SMTP id be40-20020a05651c172800b002c70f9d587amr3759764ljb.3.1700055918420; Wed, 15 Nov 2023 05:45:18 -0800 (PST) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id e10-20020a05600c4e4a00b004063ea92492sm15224762wmq.22.2023.11.15.05.45.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 15 Nov 2023 05:45:17 -0800 (PST) From: "ordex (Code Review)" X-Google-Original-From: "ordex (Code Review)" X-Gerrit-PatchSet: 1 Date: Wed, 15 Nov 2023 13:45:17 +0000 To: plaisthos , flichtenheld Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: I6688362d8461c112bf425ddfe488d511a64cc37e X-Gerrit-Change-Number: 439 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: 659fb4cdc3c477681ecc82d9a211c3ac627c202f References: Message-ID: MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.208.178 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.208.178 listed in wl.mailspike.net] 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1r3GCr-006Vpk-5x Subject: [Openvpn-devel] [M] Change in openvpn[master]: mroute: properly print protocol at the end of the string X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: a@unstable.cc, arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net, frank@lichtenheld.com Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1782637896190125467?= X-GMAIL-MSGID: =?utf-8?q?1782637896190125467?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/439?usp=email to review the following change. Change subject: mroute: properly print protocol at the end of the string ...................................................................... mroute: properly print protocol at the end of the string mroute: substitute unused field with proto Rather than adding a new field 'proto', take advantage of the 'unused' field and rename it. Hashing will now start at the 'proto' field rather than 'type'. MULTI: ensure we've got the correct protocol with virtual addresses MULTI: ensure we've got the same value as protocol for vaddressed Change-Id: I6688362d8461c112bf425ddfe488d511a64cc37e Signed-off-by: Gianmarco De Gregori --- M src/openvpn/forward.c M src/openvpn/mroute.c M src/openvpn/mroute.h M src/openvpn/mtcp.c M src/openvpn/mudp.c M src/openvpn/multi.c M src/openvpn/ssl.c 7 files changed, 45 insertions(+), 29 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/39/439/1 diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 27415ee..63a684b 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -1114,13 +1114,16 @@ decrypt_status = openvpn_decrypt(&c->c2.buf, c->c2.buffers->decrypt_buf, co, &c->c2.frame, ad_start); - if (!decrypt_status - /* all sockets are of the same type, so just check the first one */ - && link_socket_connection_oriented(c->c2.link_sockets[0])) + for (int i = 0; i < c->c1.link_sockets_num; i++) { - /* decryption errors are fatal in TCP mode */ - register_signal(c->sig, SIGUSR1, "decryption-error"); /* SOFT-SIGUSR1 -- decryption error in TCP mode */ - msg(D_STREAM_ERRORS, "Fatal decryption error (process_incoming_link), restarting"); + if (!decrypt_status + /* all sockets are of the same type, so just check the first one (not anymore!) */ + && link_socket_connection_oriented(c->c2.link_sockets[i])) + { + /* decryption errors are fatal in TCP mode */ + register_signal(c->sig, SIGUSR1, "decryption-error"); /* SOFT-SIGUSR1 -- decryption error in TCP mode */ + msg(D_STREAM_ERRORS, "Fatal decryption error (process_incoming_link), restarting"); + } } } else @@ -2239,6 +2242,7 @@ if (status > 0) { + /*printf("\nstatus: %d\n", status); */ int i; mtcp->event_set_status = 0; for (i = 0; i < status; ++i) @@ -2275,10 +2279,6 @@ mtcp->event_set_status = ES_TIMEOUT; } } - else - { - mtcp->event_set_status = SOCKET_READ; - } } /* 'now' should always be a reasonably up-to-date timestamp */ diff --git a/src/openvpn/mroute.c b/src/openvpn/mroute.c index 0017a48..c72fe10 100644 --- a/src/openvpn/mroute.c +++ b/src/openvpn/mroute.c @@ -421,7 +421,6 @@ { buf_printf(&out, ":%d", ntohs(maddr.v4.port)); } - buf_printf(&out, ":%d", maddr.proto); } break; @@ -454,6 +453,7 @@ buf_printf(&out, "UNKNOWN"); break; } + buf_printf(&out, "|%d", maddr.proto); return BSTR(&out); } else diff --git a/src/openvpn/mroute.h b/src/openvpn/mroute.h index 7c8972f..4e6d32c 100644 --- a/src/openvpn/mroute.h +++ b/src/openvpn/mroute.h @@ -74,9 +74,8 @@ struct mroute_addr { uint8_t len; /* length of address */ - uint8_t unused; - uint8_t type; /* MR_ADDR/MR_WITH flags */ uint8_t proto; + uint8_t type; /* MR_ADDR/MR_WITH flags */ uint8_t netbits; /* number of bits in network part of address, * valid if MR_WITH_NETBITS is set */ union { @@ -231,7 +230,7 @@ mroute_addr_hash_ptr(const struct mroute_addr *a) { /* NOTE: depends on ordering of struct mroute_addr */ - return (uint8_t *) &a->type; + return (uint8_t *) &a->proto; } static inline uint32_t diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c index d4ce642..ba0905e 100644 --- a/src/openvpn/mtcp.c +++ b/src/openvpn/mtcp.c @@ -109,7 +109,7 @@ mi = multi_create_instance(m, NULL, ls); if (mi && !proto_is_dgram(ls->info.proto)) { - printf("\nTCP add\n"); + mi->real.proto = ls->info.proto; struct hash_element *he; const uint32_t hv = hash_value(hash, &mi->real); struct hash_bucket *bucket = hash_bucket(hash, hv); @@ -746,22 +746,26 @@ ev_arg->u.ls); } } - multi_get_timeout(m, &m->top.c2.timeval); - io_wait_udp(&m->top, m->mtcp, p2mp_iow_flags(m)); - MULTI_CHECK_SIG(m); - multi_process_per_second_timers(m); - - if (m->mtcp->event_set_status == ES_TIMEOUT) + while (true) { - multi_process_timeout(m, MPP_PRE_SELECT | MPP_CLOSE_ON_SIGNAL); - } - else - { - multi_process_io_udp(m); + multi_get_timeout(m, &m->top.c2.timeval); + io_wait_udp(&m->top, m->mtcp, p2mp_iow_flags(m)); MULTI_CHECK_SIG(m); - } + multi_process_per_second_timers(m); + + if (m->mtcp->event_set_status == ES_TIMEOUT) + { + multi_process_timeout(m, MPP_PRE_SELECT | MPP_CLOSE_ON_SIGNAL); + } + else + { + multi_process_io_udp(m); + MULTI_CHECK_SIG(m); + break; + } + } break; } } diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c index e9182c8..4979751 100644 --- a/src/openvpn/mudp.c +++ b/src/openvpn/mudp.c @@ -193,6 +193,7 @@ struct multi_instance *mi = NULL; struct hash *hash = m->hash; real.proto = ls->info.proto; + m->local.proto = real.proto; if (mroute_extract_openvpn_sockaddr(&real, &m->top.c2.from.dest, true) && m->top.c2.buf.len > 0) diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 3522206..5098581 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -1157,11 +1157,12 @@ */ static struct multi_instance * multi_get_instance_by_virtual_addr(struct multi_context *m, - const struct mroute_addr *addr, + struct mroute_addr *addr, bool cidr_routing) { struct multi_route *route; struct multi_instance *ret = NULL; + addr->proto = 0; /* check for local address */ if (mroute_addr_equal(addr, &m->local)) @@ -1247,6 +1248,7 @@ CLEAR(remote_si); remote_si.addr.in4.sin_family = AF_INET; remote_si.addr.in4.sin_addr.s_addr = htonl(a); + addr.proto = 0; ASSERT(mroute_extract_openvpn_sockaddr(&addr, &remote_si, false)); if (netbits >= 0) @@ -3351,6 +3353,14 @@ bool ret = true; bool floated = false; + /* + * Since we don't really need the protocol on vaddresses for internal VPN + * payload packets, make sure we have the same value to void hashing insert + * and search issues. + */ + src.proto = 0; + dest.proto = src.proto; + if (m->pending) { return true; @@ -3417,7 +3427,6 @@ 0, &c->c2.to_tun, DEV_TYPE_TUN); - /* drop packet if extract failed */ if (!(mroute_flags & MROUTE_EXTRACT_SUCCEEDED)) { @@ -3555,6 +3564,8 @@ const int dev_type = TUNNEL_TYPE(m->top.c1.tuntap); int16_t vid = 0; + src.proto = 0; + dest.proto = src.proto; #ifdef MULTI_DEBUG_EVENT_LOOP printf("TUN -> TCP/UDP [%d]\n", BLEN(&m->top.c2.buf)); diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index cee4afe..73d6db0 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -3926,6 +3926,7 @@ { msg(D_MULTI_DROPPED, "Incoming control channel packet too big, dropping."); + printf("\nif (!buf_copy(in, buf))\n"); goto error; } reliable_mark_active_incoming(ks->rec_reliable, in, id, op);