From patchwork Tue Apr 13 02:20:05 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vladislav Grishenko X-Patchwork-Id: 1737 X-Patchwork-Delegate: a@unstable.cc Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director11.mail.ord1d.rsapps.net ([172.31.255.6]) by backend30.mail.ord1d.rsapps.net with LMTP id uEtxHGuQdWAHEQAAIUCqbw (envelope-from ) for ; Tue, 13 Apr 2021 08:36:59 -0400 Received: from proxy4.mail.iad3b.rsapps.net ([172.31.255.6]) by director11.mail.ord1d.rsapps.net with LMTP id ELImHGuQdWAtOQAAvGGmqA (envelope-from ) for ; Tue, 13 Apr 2021 08:36:59 -0400 Received: from smtp3.gate.iad3b ([172.31.255.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy4.mail.iad3b.rsapps.net with LMTPS id ANSmFmuQdWDCLQAA9crAow (envelope-from ) for ; Tue, 13 Apr 2021 08:36:59 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp3.gate.iad3b.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=yandex-team.ru; dmarc=fail (p=none; dis=none) header.from=yandex-team.ru X-Suspicious-Flag: YES X-Classification-ID: ef784b28-9c54-11eb-a575-525400bb3479-1-1 Received: from [216.105.38.7] ([216.105.38.7:39540] helo=lists.sourceforge.net) by smtp3.gate.iad3b.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id E5/67-18839-96095706; Tue, 13 Apr 2021 08:36:58 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.92.3) (envelope-from ) id 1lWIGz-0002TG-3d; Tue, 13 Apr 2021 12:36:05 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) (envelope-from ) id 1lWIGx-0002T8-7W for openvpn-devel@lists.sourceforge.net; Tue, 13 Apr 2021 12:36:03 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc: MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=W90T1BUKWPoz3Xad4W9I3BMqaWajY4U9Oh4WHtphpnA=; b=S8TT0Hn32OReoMOxERgH3e0GBs mGX4vNGJszgb7I+LLxgMfAjG9W5s7+1M1cp+LWDDyhKFVxcEYom5vgbzEgLKnHGT8x2IANpNW37QN RbZ8/ivccTylnLDMbpq0dihC54+pa0A2+/1G4VhmYGuMowiBsarj6fbA6Brs6HBCDixg=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=W90T1BUKWPoz3Xad4W9I3BMqaWajY4U9Oh4WHtphpnA=; b=cUATSk1JTAd9md9GV0q81pwUsK 4sOdpDfSzD5ojBZnvxXNjBeq0cDn+hyWFu/DGljy1gEd3yqaDQXkqTMNd1lob/SACOdT/0I3xxCie AKJUA5Su0FnF4y8QAgDjhbPk3IlPyvCLF6Ed4k5Kp3SbTjjFFXnvWocGYNnEn4wBKQ9Q=; Received: from forwardcorp1j.mail.yandex.net ([5.45.199.163]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1lWIGn-00Fi3Q-Eh for openvpn-devel@lists.sourceforge.net; Tue, 13 Apr 2021 12:36:03 +0000 Received: from iva8-d077482f1536.qloud-c.yandex.net (iva8-d077482f1536.qloud-c.yandex.net [IPv6:2a02:6b8:c0c:2f26:0:640:d077:482f]) by forwardcorp1j.mail.yandex.net (Yandex) with ESMTP id 0396F2E163D for ; Tue, 13 Apr 2021 15:20:15 +0300 (MSK) Received: from iva4-f06c35e68a0a.qloud-c.yandex.net (iva4-f06c35e68a0a.qloud-c.yandex.net [2a02:6b8:c0c:152e:0:640:f06c:35e6]) by iva8-d077482f1536.qloud-c.yandex.net (mxbackcorp/Yandex) with ESMTP id fn25Qg4Aye-KE0KEqn3; Tue, 13 Apr 2021 15:20:14 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex-team.ru; s=default; t=1618316414; bh=W90T1BUKWPoz3Xad4W9I3BMqaWajY4U9Oh4WHtphpnA=; h=Message-Id:Date:Subject:To:From; b=ZN606fitv4BH4kUwscYi9JdOJSwNKUoOW8TnDw7Fu6rCzzXM9SQdrN0TlOgBPkEKS /8lu1gQUuxhDBGM5QsR3PLZ1UcDijRispnltghUuQpY+KO9dZygSM4uE1DaqZRERZD ZG8t12j0pQ+CUI501WeLWVqDrT2EEA7GlA2CD+kA= Received: from unknown (unknown [95.108.219.204]) by iva4-f06c35e68a0a.qloud-c.yandex.net (smtpcorp/Yandex) with ESMTPSA id m7AexvVbfi-KEpGDgsu; Tue, 13 Apr 2021 15:20:14 +0300 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client certificate not present) From: Vladislav Grishenko To: openvpn-devel@lists.sourceforge.net Date: Tue, 13 Apr 2021 17:20:05 +0500 Message-Id: <20210413122006.3960-1-themiron@yandex-team.ru> X-Mailer: git-send-email 2.17.1 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: yandex-team.ru] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1lWIGn-00Fi3Q-Eh Subject: [Openvpn-devel] [PATCH 1/2] Fix IPv4 default gateway with multiple route tables X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Current default gateway selection for zero destignation address just dumps and parses all the routing tables. If any of non-main table with default route comes first, wrong default gateway can be picked. Since adding/removing routes currently handles only main table, let's stick to RT_TABLE_MAIN while selecting default route too. Signed-off-by: Vladislav Grishenko --- src/openvpn/networking_sitnl.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/src/openvpn/networking_sitnl.c b/src/openvpn/networking_sitnl.c index 2bc70a50..56543648 100644 --- a/src/openvpn/networking_sitnl.c +++ b/src/openvpn/networking_sitnl.c @@ -426,6 +426,7 @@ typedef struct { inet_address_t gw; char iface[IFNAMSIZ]; bool default_only; + unsigned int table; } route_res_t; static int @@ -435,7 +436,7 @@ sitnl_route_save(struct nlmsghdr *n, void *arg) struct rtmsg *r = NLMSG_DATA(n); struct rtattr *rta = RTM_RTA(r); int len = n->nlmsg_len - NLMSG_LENGTH(sizeof(*r)); - unsigned int ifindex = 0; + unsigned int table, ifindex = 0; /* filter-out non-zero dst prefixes */ if (res->default_only && r->rtm_dst_len != 0) @@ -443,6 +444,9 @@ sitnl_route_save(struct nlmsghdr *n, void *arg) return 1; } + /* route table, ignored with RTA_TABLE */ + table = r->rtm_table; + while (RTA_OK(rta, len)) { switch (rta->rta_type) @@ -460,11 +464,22 @@ sitnl_route_save(struct nlmsghdr *n, void *arg) case RTA_GATEWAY: memcpy(&res->gw, RTA_DATA(rta), res->addr_size); break; + + /* route table */ + case RTA_TABLE: + table = *(unsigned int *)RTA_DATA(rta); + break; } rta = RTA_NEXT(rta, len); } + /* filter-out zero dns prefixes from other tables */ + if (res->table && res->table != table) + { + return 1; + } + if (!if_indextoname(ifindex, res->iface)) { msg(M_WARN | M_ERRNO, "%s: rtnl: can't get ifname for index %d", @@ -507,6 +522,7 @@ sitnl_route_best_gw(sa_family_t af_family, const inet_address_t *dst, { req.n.nlmsg_flags |= NLM_F_DUMP; res.default_only = true; + res.table = RT_TABLE_MAIN; } else { From patchwork Tue Apr 13 02:20:06 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vladislav Grishenko X-Patchwork-Id: 1736 X-Patchwork-Delegate: a@unstable.cc Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director8.mail.ord1d.rsapps.net ([172.27.255.53]) by backend30.mail.ord1d.rsapps.net with LMTP id SAoeK9GMdWCEHwAAIUCqbw (envelope-from ) for ; Tue, 13 Apr 2021 08:21:37 -0400 Received: from proxy19.mail.iad3a.rsapps.net ([172.27.255.53]) by director8.mail.ord1d.rsapps.net with LMTP id GNW/KtGMdWDRegAAfY0hYg (envelope-from ) for ; Tue, 13 Apr 2021 08:21:37 -0400 Received: from smtp51.gate.iad3a ([172.27.255.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy19.mail.iad3a.rsapps.net with LMTPS id 8NjCHtGMdWCYKAAAXy6Yeg (envelope-from ) for ; Tue, 13 Apr 2021 08:21:37 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp51.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=yandex-team.ru; dmarc=fail (p=none; dis=none) header.from=yandex-team.ru X-Suspicious-Flag: YES X-Classification-ID: ca60475c-9c52-11eb-adb6-525400aaff7b-1-1 Received: from [216.105.38.7] ([216.105.38.7:60606] helo=lists.sourceforge.net) by smtp51.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 71/92-22925-0DC85706; Tue, 13 Apr 2021 08:21:36 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1lWI1z-00031l-Fk; Tue, 13 Apr 2021 12:20:35 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lWI1x-00031d-MI for openvpn-devel@lists.sourceforge.net; Tue, 13 Apr 2021 12:20:33 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:To: From:Sender:Reply-To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=P7lG6YQ7vmmjU7naAhMqsJ5MS4kjxSkS98EMK0KlNZE=; b=NO9iAocClg8RpovF+4ECf1tnUH A2IPLK7ZlOG7mSvRlloeS7uISAjSskRptKZ7MCZs4DjFo4jnlLQshyuEbR6Y2hXa+ZD24nMCp+c79 dwlaoZiVxAsbI7u0hzP26wOe38d4Na7voPPO+ATf5R2etPR/9BqBc8+5SFru1EXZ3Z2E=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=P7lG6YQ7vmmjU7naAhMqsJ5MS4kjxSkS98EMK0KlNZE=; b=JP7/E1uYQD0qWyrz3yg1BnddSc +GOEYfTtrHYM9gXd2HsTXNmneTI8vjNOV2cizeuC3hjXKDTPS3ftmvezy0ikrCqNq+6e1zMBhRAMi D663qNqoUprYm44HPePT4VPWMJRRB9xVfoMItHpizRKasF0wYVmb0c4Ae73EpkcPC6eI=; Received: from forwardcorp1p.mail.yandex.net ([77.88.29.217]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1lWI1n-00042k-7L for openvpn-devel@lists.sourceforge.net; Tue, 13 Apr 2021 12:20:34 +0000 Received: from iva8-d077482f1536.qloud-c.yandex.net (iva8-d077482f1536.qloud-c.yandex.net [IPv6:2a02:6b8:c0c:2f26:0:640:d077:482f]) by forwardcorp1p.mail.yandex.net (Yandex) with ESMTP id 54D502E16FE for ; Tue, 13 Apr 2021 15:20:15 +0300 (MSK) Received: from iva4-f06c35e68a0a.qloud-c.yandex.net (iva4-f06c35e68a0a.qloud-c.yandex.net [2a02:6b8:c0c:152e:0:640:f06c:35e6]) by iva8-d077482f1536.qloud-c.yandex.net (mxbackcorp/Yandex) with ESMTP id LBafRXqcB6-KF00bHkA; Tue, 13 Apr 2021 15:20:15 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex-team.ru; s=default; t=1618316415; bh=P7lG6YQ7vmmjU7naAhMqsJ5MS4kjxSkS98EMK0KlNZE=; h=Message-Id:References:Date:Subject:To:From:In-Reply-To; b=0RZBIlf9PWtohq3UB3cWNWT2re7/zJoWdhlAto9dxdJh9m6M7LwMgbYIO3WJRddqp Q9FXNeVyQnM0O4y1czS8mCY0llmtcEKDaJ9Fy3FcPkpSoBTxYHMWdyCFcSM7WW1+bA 8Z54SJHlNSNab9e5esIpyphG+qdEUdFAlJgNob+s= Received: from unknown (unknown [95.108.219.204]) by iva4-f06c35e68a0a.qloud-c.yandex.net (smtpcorp/Yandex) with ESMTPSA id m7AexvVbfi-KFpGJ0YI; Tue, 13 Apr 2021 15:20:15 +0300 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client certificate not present) From: Vladislav Grishenko To: openvpn-devel@lists.sourceforge.net Date: Tue, 13 Apr 2021 17:20:06 +0500 Message-Id: <20210413122006.3960-2-themiron@yandex-team.ru> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210413122006.3960-1-themiron@yandex-team.ru> References: <20210413122006.3960-1-themiron@yandex-team.ru> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: yandex-team.ru] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1lWI1n-00042k-7L Subject: [Openvpn-devel] [PATCH 2/2] Add basic support for multipath gateway X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Load balancing setup over multiple upstreams may include multipath gateway route, which is not not supported by OpenVPN. Let's add basic support for that for selecting best route for zero destignation address - use any one of nexthop addresses as a gateway, weights are not handled. Setup example: ip route add default \ nexthop via 192.168.1.1 dev eth1 weight 1 \ nexthop via 192.168.2.1 dev eth2 weight 1 Signed-off-by: Vladislav Grishenko --- src/openvpn/networking_sitnl.c | 37 ++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/src/openvpn/networking_sitnl.c b/src/openvpn/networking_sitnl.c index 56543648..8f084687 100644 --- a/src/openvpn/networking_sitnl.c +++ b/src/openvpn/networking_sitnl.c @@ -449,6 +449,11 @@ sitnl_route_save(struct nlmsghdr *n, void *arg) while (RTA_OK(rta, len)) { +#ifdef RTA_MULTIPATH + struct rtnexthop *nh; + int nhlen; +#endif + switch (rta->rta_type) { /* route interface */ @@ -469,6 +474,38 @@ sitnl_route_save(struct nlmsghdr *n, void *arg) case RTA_TABLE: table = *(unsigned int *)RTA_DATA(rta); break; + +#ifdef RTA_MULTIPATH + /* multipath nexthops */ + case RTA_MULTIPATH: + nh = RTA_DATA(rta); + nhlen = RTA_PAYLOAD(rta); + + while (RTNH_OK(nh, nhlen)) + { + struct rtattr *nha = RTNH_DATA(nh); + int nhalen = nh->rtnh_len - sizeof(*nh); + + /* route interface */ + ifindex = nh->rtnh_ifindex; + + while (RTA_OK(nha, nhalen)) + { + switch (nha->rta_type) + { + /* GW for the route */ + case RTA_GATEWAY: + memcpy(&res->gw, RTA_DATA(nha), res->addr_size); + break; + } + + nha = RTA_NEXT(nha, nhalen); + } + + nh = RTNH_NEXT(nh); + } + break; +#endif } rta = RTA_NEXT(rta, len);