From patchwork Fri Apr 16 02:07:07 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vladislav Grishenko X-Patchwork-Id: 1744 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director8.mail.ord1d.rsapps.net ([172.27.255.59]) by backend30.mail.ord1d.rsapps.net with LMTP id 6IdmFUV+eWANQwAAIUCqbw (envelope-from ) for ; Fri, 16 Apr 2021 08:08:37 -0400 Received: from proxy5.mail.iad3a.rsapps.net ([172.27.255.59]) by director8.mail.ord1d.rsapps.net with LMTP id 6I87FUV+eWAjPQAAfY0hYg (envelope-from ) for ; Fri, 16 Apr 2021 08:08:37 -0400 Received: from smtp11.gate.iad3a ([172.27.255.59]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy5.mail.iad3a.rsapps.net with LMTPS id MAk7DkV+eWBUSQAAhn5joQ (envelope-from ) for ; Fri, 16 Apr 2021 08:08:37 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp11.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=yandex-team.ru; dmarc=fail (p=none; dis=none) header.from=yandex-team.ru X-Suspicious-Flag: YES X-Classification-ID: 7823c5ac-9eac-11eb-81ed-5254005eb44a-1-1 Received: from [216.105.38.7] ([216.105.38.7:41808] helo=lists.sourceforge.net) by smtp11.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 61/DD-02931-34E79706; Fri, 16 Apr 2021 08:08:36 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1lXNGB-0003eW-Fa; Fri, 16 Apr 2021 12:07:43 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lXNG4-0003b7-Si for openvpn-devel@lists.sourceforge.net; Fri, 16 Apr 2021 12:07:36 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:To: From:Sender:Reply-To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=b6n+IvNlpXiSsrpt7gFbGRXJUhLPBiJiq5hg5Ebrt1A=; b=YFXYNY0JiMoqSoJWnScfX40yXw l4V4+vvgo0Xouthaw059jPevUlF1udn4DA99ZSCqJzW8t0rWqFWBAbcn48UbDNp9CLIySOvaTGoKC zi7z/xXWYhna0lo+mniX/nQmIKMcsZ6m7M5/v9da23rENU5/7sR18rRPKfgp1QdVMiKY=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=b6n+IvNlpXiSsrpt7gFbGRXJUhLPBiJiq5hg5Ebrt1A=; b=ZRqO+1I6YBzFLpIM4NcUBnQDI1 p4iSNdrxJrV9yaKymFlbs1mpeKnoYn9lNOj1VBQt7tog/U0p/MPnLtEQSppQahnoh0RDiZmKlUGWh KiC03KoRF1arZ4Lj+24M+z8LqKwbmKBf6KGIZH01z9xHejBpJxLUp5GK0nML7THf0Am0=; Received: from forwardcorp1j.mail.yandex.net ([5.45.199.163]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1lXNFx-0004MV-Sh for openvpn-devel@lists.sourceforge.net; Fri, 16 Apr 2021 12:07:36 +0000 Received: from myt5-23f0be3aa648.qloud-c.yandex.net (myt5-23f0be3aa648.qloud-c.yandex.net [IPv6:2a02:6b8:c12:3e29:0:640:23f0:be3a]) by forwardcorp1j.mail.yandex.net (Yandex) with ESMTP id B6E062E1709 for ; Fri, 16 Apr 2021 15:07:17 +0300 (MSK) Received: from myt6-76f0a6db1a7e.qloud-c.yandex.net (myt6-76f0a6db1a7e.qloud-c.yandex.net [2a02:6b8:c12:422d:0:640:76f0:a6db]) by myt5-23f0be3aa648.qloud-c.yandex.net (mxbackcorp/Yandex) with ESMTP id 65ly9VXjFz-7H0W4uX5; Fri, 16 Apr 2021 15:07:17 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex-team.ru; s=default; t=1618574837; bh=b6n+IvNlpXiSsrpt7gFbGRXJUhLPBiJiq5hg5Ebrt1A=; h=Message-Id:References:Date:Subject:To:From:In-Reply-To; b=XNCIcULNKSHtsgviHj252e09nFa1Ds73BKX0sizYBIGWNghVqX9tRPsHa9MrYwXFe I7xYK1NhWvGSMpgY3p6yN8P4iydffcJHkdqMTtyQ5ChgTUKnKn1mHESRKwhD35qWWf kDi7V8l8UePOGFpkbMxNdPSTAlMPTPvsHKuU0C5s= Received: from 178.154.162.245-vpn.dhcp.yndx.net (178.154.162.245-vpn.dhcp.yndx.net [178.154.162.245]) by myt6-76f0a6db1a7e.qloud-c.yandex.net (smtpcorp/Yandex) with ESMTPSA id rvb0JLZksa-7Ho0gIaX; Fri, 16 Apr 2021 15:07:17 +0300 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client certificate not present) From: Vladislav Grishenko To: openvpn-devel@lists.sourceforge.net Date: Fri, 16 Apr 2021 17:07:07 +0500 Message-Id: <20210416120708.1532-1-themiron@yandex-team.ru> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210415230545.22317-1-themiron@yandex-team.ru> References: <20210415230545.22317-1-themiron@yandex-team.ru> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: yandex-team.ru] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1lXNFx-0004MV-Sh Subject: [Openvpn-devel] [PATCH v3 1/2] Fix IPv4 default gateway with multiple route tables X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Current default gateway selection for zero destination address just dumps and parses all the routing tables. If any of non-main table with default route comes first, wrong default gateway can be picked. Since adding/removing routes currently handles only main table, let's stick to RT_TABLE_MAIN while selecting default route too. v2: keep gateway address unchanged on lookup error v3: reduce ammout of gateway address copying Reported-by: Donald Sharp Signed-off-by: Vladislav Grishenko Acked-by: Antonio Quartulli --- src/openvpn/networking_sitnl.c | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/src/openvpn/networking_sitnl.c b/src/openvpn/networking_sitnl.c index 2bc70a50..ea1621ed 100644 --- a/src/openvpn/networking_sitnl.c +++ b/src/openvpn/networking_sitnl.c @@ -426,6 +426,7 @@ typedef struct { inet_address_t gw; char iface[IFNAMSIZ]; bool default_only; + unsigned int table; } route_res_t; static int @@ -435,7 +436,8 @@ sitnl_route_save(struct nlmsghdr *n, void *arg) struct rtmsg *r = NLMSG_DATA(n); struct rtattr *rta = RTM_RTA(r); int len = n->nlmsg_len - NLMSG_LENGTH(sizeof(*r)); - unsigned int ifindex = 0; + unsigned int table, ifindex = 0; + void *gw = NULL; /* filter-out non-zero dst prefixes */ if (res->default_only && r->rtm_dst_len != 0) @@ -443,6 +445,9 @@ sitnl_route_save(struct nlmsghdr *n, void *arg) return 1; } + /* route table, ignored with RTA_TABLE */ + table = r->rtm_table; + while (RTA_OK(rta, len)) { switch (rta->rta_type) @@ -458,13 +463,24 @@ sitnl_route_save(struct nlmsghdr *n, void *arg) /* GW for the route */ case RTA_GATEWAY: - memcpy(&res->gw, RTA_DATA(rta), res->addr_size); + gw = RTA_DATA(rta); + break; + + /* route table */ + case RTA_TABLE: + table = *(unsigned int *)RTA_DATA(rta); break; } rta = RTA_NEXT(rta, len); } + /* filter out any route not coming from the selected table */ + if (res->table && res->table != table) + { + return 1; + } + if (!if_indextoname(ifindex, res->iface)) { msg(M_WARN | M_ERRNO, "%s: rtnl: can't get ifname for index %d", @@ -472,6 +488,11 @@ sitnl_route_save(struct nlmsghdr *n, void *arg) return -1; } + if (gw) + { + memcpy(&res->gw, gw, res->addr_size); + } + return 0; } @@ -507,6 +528,7 @@ sitnl_route_best_gw(sa_family_t af_family, const inet_address_t *dst, { req.n.nlmsg_flags |= NLM_F_DUMP; res.default_only = true; + res.table = RT_TABLE_MAIN; } else { From patchwork Fri Apr 16 02:07:08 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vladislav Grishenko X-Patchwork-Id: 1745 X-Patchwork-Delegate: a@unstable.cc Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director10.mail.ord1d.rsapps.net ([172.28.255.1]) by backend30.mail.ord1d.rsapps.net with LMTP id SGCZIvKBeWCjWwAAIUCqbw (envelope-from ) for ; Fri, 16 Apr 2021 08:24:18 -0400 Received: from proxy7.mail.ord1c.rsapps.net ([172.28.255.1]) by director10.mail.ord1d.rsapps.net with LMTP id MD1hIvKBeWCfbwAApN4f7A (envelope-from ) for ; Fri, 16 Apr 2021 08:24:18 -0400 Received: from smtp11.gate.ord1c ([172.28.255.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy7.mail.ord1c.rsapps.net with LMTPS id OLcHIvKBeWDbaAAAknS3pQ (envelope-from ) for ; Fri, 16 Apr 2021 08:24:18 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp11.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=yandex-team.ru; dmarc=fail (p=none; dis=none) header.from=yandex-team.ru X-Suspicious-Flag: YES X-Classification-ID: a9cbeab0-9eae-11eb-97e8-bc305beffa54-1-1 Received: from [216.105.38.7] ([216.105.38.7:35668] helo=lists.sourceforge.net) by smtp11.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id DE/A5-18211-1F189706; Fri, 16 Apr 2021 08:24:18 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1lXNV3-0007kl-57; Fri, 16 Apr 2021 12:23:05 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lXNV1-0007Vz-6i for openvpn-devel@lists.sourceforge.net; Fri, 16 Apr 2021 12:23:03 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:To: From:Sender:Reply-To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=u+wfl+s5M4uUYuT09zRjQkYj7XP8iytsk7Xgcg9dnSQ=; b=XNvCTZFgPb05H2e3NzLZkyBZwe Z4rh/RcpIFvVGZ2lU0s2oTktD7YwWpnz6jYaH4/zfgIgHBMP0+XRSV8Xwe3n3GmROWzAp/VVgxb1O sk+1wOg5uZ3owzzTxSyIVN5k+8fPpI/GfiCKKOO4UkjnYCf/L9GYYBnM7wTDA6hcNIac=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=u+wfl+s5M4uUYuT09zRjQkYj7XP8iytsk7Xgcg9dnSQ=; b=kMS+BynjMOWgEFpFmTKlOAPa8J RaGT/kcbT4vTvTRCByPm2Mru9+CEP/QWb05Nm41wEQO2E3CMAnb/F9pWosceI8TZHQ7R2n8gqbwgA WcR7MOULhp7rst/xdnBSokbPOs4gmiPbAXt9TQkjcUPyXFseJJIsiOBO2pZFXzTu9+hk=; Received: from forwardcorp1o.mail.yandex.net ([95.108.205.193]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1lXNFt-00F1cI-6T for openvpn-devel@lists.sourceforge.net; Fri, 16 Apr 2021 12:07:33 +0000 Received: from myt5-23f0be3aa648.qloud-c.yandex.net (myt5-23f0be3aa648.qloud-c.yandex.net [IPv6:2a02:6b8:c12:3e29:0:640:23f0:be3a]) by forwardcorp1o.mail.yandex.net (Yandex) with ESMTP id 0E6B62E1A2C for ; Fri, 16 Apr 2021 15:07:18 +0300 (MSK) Received: from myt6-76f0a6db1a7e.qloud-c.yandex.net (myt6-76f0a6db1a7e.qloud-c.yandex.net [2a02:6b8:c12:422d:0:640:76f0:a6db]) by myt5-23f0be3aa648.qloud-c.yandex.net (mxbackcorp/Yandex) with ESMTP id wk2zqRIpFn-7H0O0C4P; Fri, 16 Apr 2021 15:07:17 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex-team.ru; s=default; t=1618574837; bh=u+wfl+s5M4uUYuT09zRjQkYj7XP8iytsk7Xgcg9dnSQ=; h=Message-Id:References:Date:Subject:To:From:In-Reply-To; b=JHAF7IjuKmF30JbyXpWCody0b5pX+txEL/lQUFghCfBuoAO8fCgHVUCIEa2xYbGKI oMuZvuiIzSlGYwaaAFTG6kCD2mbiAV8+fXkpEECSfdeBfxVkXO8AQIOrMg7voZTajw RoLxjqYJu2Dd3NtfBMrUQ+Zq7PBOQGq1RtMMmm+4= Received: from 178.154.162.245-vpn.dhcp.yndx.net (178.154.162.245-vpn.dhcp.yndx.net [178.154.162.245]) by myt6-76f0a6db1a7e.qloud-c.yandex.net (smtpcorp/Yandex) with ESMTPSA id rvb0JLZksa-7Ho0augS; Fri, 16 Apr 2021 15:07:17 +0300 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client certificate not present) From: Vladislav Grishenko To: openvpn-devel@lists.sourceforge.net Date: Fri, 16 Apr 2021 17:07:08 +0500 Message-Id: <20210416120708.1532-2-themiron@yandex-team.ru> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210416120708.1532-1-themiron@yandex-team.ru> References: <20210415230545.22317-1-themiron@yandex-team.ru> <20210416120708.1532-1-themiron@yandex-team.ru> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: yandex-team.ru] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1lXNFt-00F1cI-6T Subject: [Openvpn-devel] [PATCH v3 2/2] Add basic support for multipath gateway X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Load balancing setup over multiple upstreams may include multipath gateway route, which is not not supported by OpenVPN. Let's add basic support for that for selecting best route for zero destination address - use any one of nexthop addresses as a gateway, weights are not handled. Setup example: ip route add default \ nexthop via 192.168.1.1 dev eth1 weight 1 \ nexthop via 192.168.2.1 dev eth2 weight 1 v2: keep gateway address unchanged on lookup error v3: reduce ammout of gateway address copying Reported-by: Donald Sharp Signed-off-by: Vladislav Grishenko --- src/openvpn/networking_sitnl.c | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/src/openvpn/networking_sitnl.c b/src/openvpn/networking_sitnl.c index ea1621ed..aa35f5f5 100644 --- a/src/openvpn/networking_sitnl.c +++ b/src/openvpn/networking_sitnl.c @@ -450,6 +450,9 @@ sitnl_route_save(struct nlmsghdr *n, void *arg) while (RTA_OK(rta, len)) { + struct rtnexthop *nh; + int nhlen; + switch (rta->rta_type) { /* route interface */ @@ -470,6 +473,37 @@ sitnl_route_save(struct nlmsghdr *n, void *arg) case RTA_TABLE: table = *(unsigned int *)RTA_DATA(rta); break; + + /* multipath nexthops */ + case RTA_MULTIPATH: + nh = RTA_DATA(rta); + nhlen = RTA_PAYLOAD(rta); + + while (RTNH_OK(nh, nhlen)) + { + struct rtattr *nha = RTNH_DATA(nh); + int nhalen = nh->rtnh_len - sizeof(*nh); + + /* init route interface & gateway */ + ifindex = nh->rtnh_ifindex; + gw = NULL; + + while (RTA_OK(nha, nhalen)) + { + switch (nha->rta_type) + { + /* GW for the route */ + case RTA_GATEWAY: + gw = RTA_DATA(nha); + break; + } + + nha = RTA_NEXT(nha, nhalen); + } + + nh = RTNH_NEXT(nh); + } + break; } rta = RTA_NEXT(rta, len);