From patchwork Thu Apr 15 13:05:44 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vladislav Grishenko X-Patchwork-Id: 1742 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director9.mail.ord1d.rsapps.net ([172.28.255.1]) by backend30.mail.ord1d.rsapps.net with LMTP id 6AsiCFrLeGCbTAAAIUCqbw (envelope-from ) for ; Thu, 15 Apr 2021 19:25:14 -0400 Received: from proxy4.mail.ord1c.rsapps.net ([172.28.255.1]) by director9.mail.ord1d.rsapps.net with LMTP id AIH5B1rLeGAhRgAAalYnBA (envelope-from ) for ; Thu, 15 Apr 2021 19:25:14 -0400 Received: from smtp40.gate.ord1c ([172.28.255.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy4.mail.ord1c.rsapps.net with LMTPS id gOXJB1rLeGDmKAAAjcXvpA (envelope-from ) for ; Thu, 15 Apr 2021 19:25:14 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp40.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=yandex-team.ru; dmarc=fail (p=none; dis=none) header.from=yandex-team.ru X-Suspicious-Flag: YES X-Classification-ID: d398e018-9e41-11eb-ae77-525400b3abc9-1-1 Received: from [216.105.38.7] ([216.105.38.7:41930] helo=lists.sourceforge.net) by smtp40.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 9C/34-17176-85BC8706; Thu, 15 Apr 2021 19:25:13 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1lXBLU-0007w4-JD; Thu, 15 Apr 2021 23:24:24 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lXBLT-0007vy-M6 for openvpn-devel@lists.sourceforge.net; Thu, 15 Apr 2021 23:24:23 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc: To:From:Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=m/HJtUupGwc/ASASN4Ll9YREwq6KLtOnwYEsauJKygE=; b=gzh4VPoUFjm5TO8EbHh/NtSA2q Pl1zBelpd0+Di0+kSKKE7tYwksAHsM96+I/Mqy1G+30nSOrl4n30QnqpTNrma4qrHwbfr8+RBwAmZ 3k0MlJyPdFmEoXDHxPFjYYr8XJ6+fSFqchPzYfzU8jWzex634ZdCQP7dT1r3mZHoWO1o=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=m/HJtUupGwc/ASASN4Ll9YREwq6KLtOnwYEsauJKygE=; b=Exh00QWdAhw1i0Dxz/f4/65lAD gflSzqZuV9a5ug4+hUGKqgFrCRHm94Hw0IOzW+TLmbqpi6VuHg3hseGQRHeTsbLy4PzWsqkTA5tyb 5MXJ/VQaoZ7GH2bUp7aEj/L7VYCVq7CFmFvS4jLg8YW7bZ9ETc8ADWlTXpQAtvJYH470=; Received: from forwardcorp1o.mail.yandex.net ([95.108.205.193]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1lXBLQ-00C2jy-0x for openvpn-devel@lists.sourceforge.net; Thu, 15 Apr 2021 23:24:24 +0000 Received: from iva8-d077482f1536.qloud-c.yandex.net (iva8-d077482f1536.qloud-c.yandex.net [IPv6:2a02:6b8:c0c:2f26:0:640:d077:482f]) by forwardcorp1o.mail.yandex.net (Yandex) with ESMTP id 8904F2E1AC5; Fri, 16 Apr 2021 02:05:50 +0300 (MSK) Received: from iva8-5ba4ca89b0c6.qloud-c.yandex.net (iva8-5ba4ca89b0c6.qloud-c.yandex.net [2a02:6b8:c0c:a8ae:0:640:5ba4:ca89]) by iva8-d077482f1536.qloud-c.yandex.net (mxbackcorp/Yandex) with ESMTP id 4hCBkw3hy1-5o14S5MJ; Fri, 16 Apr 2021 02:05:50 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex-team.ru; s=default; t=1618527950; bh=m/HJtUupGwc/ASASN4Ll9YREwq6KLtOnwYEsauJKygE=; h=In-Reply-To:Message-Id:References:Date:Subject:To:From:Cc; b=sIf6UsK+8EGxNHhQuHxGefEZUnmiIqbfmhX33d69T3IUaw9cJZ2SDAPaM0LFQDP/f TLo3qAWIBbRAKsHQqy0fbtFZYpKO4vk7BWf+0DeYgvkJ/N8ixKtdjWbKRDKk+5Xy3i 9CZr4FVTU6VWTbW84sJyaN0qM/52V0ZEAMFlt6/o= Received: from 178.154.162.245-vpn.dhcp.yndx.net (178.154.162.245-vpn.dhcp.yndx.net [178.154.162.245]) by iva8-5ba4ca89b0c6.qloud-c.yandex.net (smtpcorp/Yandex) with ESMTPSA id ilb0QO6vTL-5ooGSSV0; Fri, 16 Apr 2021 02:05:50 +0300 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client certificate not present) From: Vladislav Grishenko To: openvpn-devel@lists.sourceforge.net Date: Fri, 16 Apr 2021 04:05:44 +0500 Message-Id: <20210415230545.22317-1-themiron@yandex-team.ru> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210413122006.3960-2-themiron@yandex-team.ru> References: <20210413122006.3960-2-themiron@yandex-team.ru> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: yandex-team.ru] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1lXBLQ-00C2jy-0x Subject: [Openvpn-devel] [PATCH v2 1/2] Fix IPv4 default gateway with multiple route tables X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Donald Sharp MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Current default gateway selection for zero destination address just dumps and parses all the routing tables. If any of non-main table with default route comes first, wrong default gateway can be picked. Since adding/removing routes currently handles only main table, let's stick to RT_TABLE_MAIN while selecting default route too. Reported-By: Donald Sharp Signed-off-by: Vladislav Grishenko --- src/openvpn/networking_sitnl.c | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/src/openvpn/networking_sitnl.c b/src/openvpn/networking_sitnl.c index 2bc70a50..402d3303 100644 --- a/src/openvpn/networking_sitnl.c +++ b/src/openvpn/networking_sitnl.c @@ -426,6 +426,7 @@ typedef struct { inet_address_t gw; char iface[IFNAMSIZ]; bool default_only; + unsigned int table; } route_res_t; static int @@ -435,7 +436,8 @@ sitnl_route_save(struct nlmsghdr *n, void *arg) struct rtmsg *r = NLMSG_DATA(n); struct rtattr *rta = RTM_RTA(r); int len = n->nlmsg_len - NLMSG_LENGTH(sizeof(*r)); - unsigned int ifindex = 0; + unsigned int table, ifindex = 0; + inet_address_t gw; /* filter-out non-zero dst prefixes */ if (res->default_only && r->rtm_dst_len != 0) @@ -443,6 +445,11 @@ sitnl_route_save(struct nlmsghdr *n, void *arg) return 1; } + /* route table, ignored with RTA_TABLE */ + table = r->rtm_table; + /* initial route gateway */ + gw = res->gw; + while (RTA_OK(rta, len)) { switch (rta->rta_type) @@ -458,19 +465,31 @@ sitnl_route_save(struct nlmsghdr *n, void *arg) /* GW for the route */ case RTA_GATEWAY: - memcpy(&res->gw, RTA_DATA(rta), res->addr_size); + memcpy(&gw, RTA_DATA(rta), res->addr_size); + break; + + /* route table */ + case RTA_TABLE: + table = *(unsigned int *)RTA_DATA(rta); break; } rta = RTA_NEXT(rta, len); } + /* filter out any route not coming from the selected table */ + if (res->table && res->table != table) + { + return 1; + } + if (!if_indextoname(ifindex, res->iface)) { msg(M_WARN | M_ERRNO, "%s: rtnl: can't get ifname for index %d", __func__, ifindex); return -1; } + res->gw = gw; return 0; } @@ -507,6 +526,7 @@ sitnl_route_best_gw(sa_family_t af_family, const inet_address_t *dst, { req.n.nlmsg_flags |= NLM_F_DUMP; res.default_only = true; + res.table = RT_TABLE_MAIN; } else { From patchwork Thu Apr 15 13:05:45 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vladislav Grishenko X-Patchwork-Id: 1741 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director11.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id 8FSWKRfHeGCHbgAAIUCqbw (envelope-from ) for ; Thu, 15 Apr 2021 19:07:03 -0400 Received: from proxy11.mail.ord1d.rsapps.net ([172.30.191.6]) by director11.mail.ord1d.rsapps.net with LMTP id SB56KRfHeGAzagAAvGGmqA (envelope-from ) for ; Thu, 15 Apr 2021 19:07:03 -0400 Received: from smtp10.gate.ord1c ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy11.mail.ord1d.rsapps.net with LMTPS id EGGKGAzHeGCmFQAAgKDEHA (envelope-from ) for ; Thu, 15 Apr 2021 19:06:52 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp10.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=yandex-team.ru; dmarc=fail (p=none; dis=none) header.from=yandex-team.ru X-Suspicious-Flag: YES X-Classification-ID: 49af687e-9e3f-11eb-a164-0026b954785f-1-1 Received: from [216.105.38.7] ([216.105.38.7:44572] helo=lists.sourceforge.net) by smtp10.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 1E/FA-26939-617C8706; Thu, 15 Apr 2021 19:07:02 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.92.3) (envelope-from ) id 1lXB3n-0007E4-ME; Thu, 15 Apr 2021 23:06:07 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) (envelope-from ) id 1lXB3l-0007Dw-Ia for openvpn-devel@lists.sourceforge.net; Thu, 15 Apr 2021 23:06:05 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc: To:From:Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=cfskybNZVwILt7Gcxs8rmORRGrkqx/5k5FrWrVzgZZM=; b=LP88NcMw9A3Xg4iLOaDz0nReJR JviOD3Y65xCe5/jUZh2xKK+LGOOkfNyM0ZMmTCBcPB3HhZktmUp74hkem2rM/XlsPD9MkLZ1qHX5s rRmukKZxjFn/Xw2O+6GnV74QiLZ5Tr3MlX16rBOwq1d7VZJ+kSqfYMvGfxvJezXjf8z0=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=cfskybNZVwILt7Gcxs8rmORRGrkqx/5k5FrWrVzgZZM=; b=Bd9bXgRGtgJFgselMFmjxmLcCs h7PSGj1YHO9c0VPK7N0VkaZoGo43XK5zuoax8YCba+wJQUJpt2cp3ofnv+QngLzRrTDnX3VaB8mOl GQ/kmbAJ9ehg/KgR04N0rlBdCR8oVhkQANRTNkozpwWVk8xUVMrpDZ3SmVcywUi30SYY=; Received: from forwardcorp1j.mail.yandex.net ([5.45.199.163]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1lXB3g-00C1S4-GW for openvpn-devel@lists.sourceforge.net; Thu, 15 Apr 2021 23:06:05 +0000 Received: from iva8-d077482f1536.qloud-c.yandex.net (iva8-d077482f1536.qloud-c.yandex.net [IPv6:2a02:6b8:c0c:2f26:0:640:d077:482f]) by forwardcorp1j.mail.yandex.net (Yandex) with ESMTP id F32F32E1706; Fri, 16 Apr 2021 02:05:50 +0300 (MSK) Received: from iva8-5ba4ca89b0c6.qloud-c.yandex.net (iva8-5ba4ca89b0c6.qloud-c.yandex.net [2a02:6b8:c0c:a8ae:0:640:5ba4:ca89]) by iva8-d077482f1536.qloud-c.yandex.net (mxbackcorp/Yandex) with ESMTP id 9vuNhnshrk-5o1qWoui; Fri, 16 Apr 2021 02:05:50 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex-team.ru; s=default; t=1618527950; bh=cfskybNZVwILt7Gcxs8rmORRGrkqx/5k5FrWrVzgZZM=; h=In-Reply-To:Message-Id:References:Date:Subject:To:From:Cc; b=UGDzqHYJGhv5nLvZwGB1vQVFifPAALSI/8sPsB8weOT1SMxlTWGOjb5715tvKBz42 w3odEwaM3VpNGmZkYIw/Qjvz8/TaIxyb3sztrEF8TVmT9I01jiRzK1eRPmh6pgpSow QF5ZlHIUa3v4980zdq3ONsGW63Q8KRW64VlzqGCk= Received: from 178.154.162.245-vpn.dhcp.yndx.net (178.154.162.245-vpn.dhcp.yndx.net [178.154.162.245]) by iva8-5ba4ca89b0c6.qloud-c.yandex.net (smtpcorp/Yandex) with ESMTPSA id ilb0QO6vTL-5ooGnNnE; Fri, 16 Apr 2021 02:05:50 +0300 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client certificate not present) From: Vladislav Grishenko To: openvpn-devel@lists.sourceforge.net Date: Fri, 16 Apr 2021 04:05:45 +0500 Message-Id: <20210415230545.22317-2-themiron@yandex-team.ru> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210415230545.22317-1-themiron@yandex-team.ru> References: <20210413122006.3960-2-themiron@yandex-team.ru> <20210415230545.22317-1-themiron@yandex-team.ru> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: yandex-team.ru] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1lXB3g-00C1S4-GW Subject: [Openvpn-devel] [PATCH v2 2/2] Add basic support for multipath gateway X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Donald Sharp MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Load balancing setup over multiple upstreams may include multipath gateway route, which is not not supported by OpenVPN. Let's add basic support for that for selecting best route for zero destination address - use any one of nexthop addresses as a gateway, weights are not handled. Setup example: ip route add default \ nexthop via 192.168.1.1 dev eth1 weight 1 \ nexthop via 192.168.2.1 dev eth2 weight 1 Reported-By: Donald Sharp Signed-off-by: Vladislav Grishenko --- src/openvpn/networking_sitnl.c | 35 ++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/src/openvpn/networking_sitnl.c b/src/openvpn/networking_sitnl.c index 402d3303..02c34d6b 100644 --- a/src/openvpn/networking_sitnl.c +++ b/src/openvpn/networking_sitnl.c @@ -452,6 +452,9 @@ sitnl_route_save(struct nlmsghdr *n, void *arg) while (RTA_OK(rta, len)) { + struct rtnexthop *nh; + int nhlen; + switch (rta->rta_type) { /* route interface */ @@ -472,6 +475,38 @@ sitnl_route_save(struct nlmsghdr *n, void *arg) case RTA_TABLE: table = *(unsigned int *)RTA_DATA(rta); break; + + /* multipath nexthops */ + case RTA_MULTIPATH: + nh = RTA_DATA(rta); + nhlen = RTA_PAYLOAD(rta); + + while (RTNH_OK(nh, nhlen)) + { + struct rtattr *nha = RTNH_DATA(nh); + int nhalen = nh->rtnh_len - sizeof(*nh); + + /* route interface */ + ifindex = nh->rtnh_ifindex; + /* initial route gateway */ + gw = res->gw; + + while (RTA_OK(nha, nhalen)) + { + switch (nha->rta_type) + { + /* GW for the route */ + case RTA_GATEWAY: + memcpy(&gw, RTA_DATA(nha), res->addr_size); + break; + } + + nha = RTA_NEXT(nha, nhalen); + } + + nh = RTNH_NEXT(nh); + } + break; } rta = RTA_NEXT(rta, len);