From patchwork Fri Sep 3 06:11:12 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 1932 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director15.mail.ord1d.rsapps.net ([172.31.255.6]) by backend30.mail.ord1d.rsapps.net with LMTP id UL7NGW5JMmHiIwAAIUCqbw (envelope-from ) for ; Fri, 03 Sep 2021 12:12:30 -0400 Received: from proxy7.mail.iad3b.rsapps.net ([172.31.255.6]) by director15.mail.ord1d.rsapps.net with LMTP id kKZuGW5JMmHINQAAIcMcQg (envelope-from ) for ; Fri, 03 Sep 2021 12:12:30 -0400 Received: from smtp11.gate.iad3b ([172.31.255.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy7.mail.iad3b.rsapps.net with LMTPS id eA1QEW5JMmE7KAAAQkQ5tQ (envelope-from ) for ; Fri, 03 Sep 2021 12:12:30 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp11.gate.iad3b.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: bc92c7c2-0cd1-11ec-921f-52540070b5bb-1-1 Received: from [216.105.38.7] ([216.105.38.7:51562] helo=lists.sourceforge.net) by smtp11.gate.iad3b.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 5A/75-17907-D6942316; Fri, 03 Sep 2021 12:12:30 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1mMBmw-0004zT-VQ; Fri, 03 Sep 2021 16:11:34 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mMBmw-0004zN-5M for openvpn-devel@lists.sourceforge.net; Fri, 03 Sep 2021 16:11:34 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=TsBVuJD5mkDjyNAkKi0X8hOqHSkvgh3jxJXd1ep9z9g=; b=T6HlRzCFohS+oiDnW1uq13SAYf P3qJKVCu7wqXrmZ789lfuMa7kYdd5SDt5jtSSrtvFU0coK5AIzys5bK8CPk2vFm3eTgaiUGsCUccR +9SzRGo807J5tONaesLu7xIr3/CP/6XfYJ7LiNLzqTS1ZmDi85khwLqTeb/cp3z+K0FU=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=TsBVuJD5mkDjyNAkKi0X8hOqHSkvgh3jxJXd1ep9z9g=; b=G HGw//mo5pfpfLBmXX038kuSz2/xiWAaPUCgsT3/z/diiMrwSXV+YCmaWG7Abo/xHhNrJ44TqLlplo w1TROQnIgvhcq8FOTYHRm/7AMG2IIflQjrSIZWB1eosDIEM4N98CG3POZkpH2navX0LaF4HyKm3wa 3Q1RALit6cxNiRnU=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1mMBmt-0006NB-Ok for openvpn-devel@lists.sourceforge.net; Fri, 03 Sep 2021 16:11:34 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Fri, 3 Sep 2021 18:11:12 +0200 Message-Id: <20210903161113.30498-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: unstable.cc] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.5 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1mMBmt-0006NB-Ok Subject: [Openvpn-devel] [PATCH 1/2] networking: add and implement net_addr_ll_set() API X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli , Jan Hugo Prins Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox When running in TAP mode we may need to set the LL address of the interface, if requested by the user. This operation was overlooked when implementing the networking API and it still relies on iproute/net-tools being installed. Basically this means that when compiling OpenVPN on a system without iproute2/net-tools and the user uses the "lladdr" config directive, OpenVPN will fail to se the LL address of the interface. With this patch a new API is introduced and it is implemented for both SITNL and iproute2 backends. Reported-by: Jan Hugo Prins Signed-off-by: Antonio Quartulli Acked-by: Gert Doering --- src/openvpn/misc.h | 7 +++++++ src/openvpn/networking.h | 12 +++++++++++ src/openvpn/networking_iproute2.c | 21 +++++++++++++++++++ src/openvpn/networking_sitnl.c | 35 +++++++++++++++++++++++++++++++ 4 files changed, 75 insertions(+) diff --git a/src/openvpn/misc.h b/src/openvpn/misc.h index c10529f7..e8d1a521 100644 --- a/src/openvpn/misc.h +++ b/src/openvpn/misc.h @@ -211,4 +211,11 @@ get_num_elements(const char *string, char delimiter); struct buffer prepend_dir(const char *dir, const char *path, struct gc_arena *gc); +#define _STRINGIFY(S) #S +#define MAC_FMT _STRINGIFY(%02hhx:%02hhx:%02hhx:%02hhx:%02hhx:%02hhx) +#define MAC_PRINT_ARG(_mac) _mac[0], _mac[1], _mac[2], \ + _mac[3], _mac[4], _mac[5] +#define MAC_SCAN_ARG(_mac) &_mac[0], &_mac[1], &_mac[2], \ + &_mac[3], &_mac[4], &_mac[5] + #endif /* ifndef MISC_H */ diff --git a/src/openvpn/networking.h b/src/openvpn/networking.h index 94f12617..d43979f0 100644 --- a/src/openvpn/networking.h +++ b/src/openvpn/networking.h @@ -103,6 +103,18 @@ int net_iface_up(openvpn_net_ctx_t *ctx, const openvpn_net_iface_t *iface, int net_iface_mtu_set(openvpn_net_ctx_t *ctx, const openvpn_net_iface_t *iface, uint32_t mtu); +/** + * Set the Link Layer (Ethernet) address of the TAP interface + * + * @param ctx the implementation specific context + * @param iface the interface to modify + * @param addr the new address to set (expected ETH_ALEN bytes (6)) + * + * @return 0 on success, a negative error code otherwise + */ +int net_addr_ll_set(openvpn_net_ctx_t *ctx, const openvpn_net_iface_t *iface, + uint8_t *addr); + /** * Add an IPv4 address to an interface * diff --git a/src/openvpn/networking_iproute2.c b/src/openvpn/networking_iproute2.c index e4897e3b..c6623b19 100644 --- a/src/openvpn/networking_iproute2.c +++ b/src/openvpn/networking_iproute2.c @@ -93,6 +93,27 @@ net_iface_mtu_set(openvpn_net_ctx_t *ctx, const char *iface, uint32_t mtu) return 0; } +int +net_addr_ll_set(openvpn_net_ctx_t *ctx, const openvpn_net_iface_t *iface, + uint8_t *addr) +{ + struct argv argv = argv_new(); + int ret = 0; + + argv_printf(&argv, + "%s link set addr " MAC_FMT " dev %s", + iproute_path, MAC_PRINT_ARG(addr), iface); + + argv_msg(M_INFO, &argv); + if (!openvpn_execve_check(&argv, ctx->es, M_WARN, + "Linux ip link set addr failed")) + ret = -1; + + argv_free(&argv); + + return ret; +} + int net_addr_v4_add(openvpn_net_ctx_t *ctx, const char *iface, const in_addr_t *addr, int prefixlen) diff --git a/src/openvpn/networking_sitnl.c b/src/openvpn/networking_sitnl.c index f0dda7a4..8610e1d2 100644 --- a/src/openvpn/networking_sitnl.c +++ b/src/openvpn/networking_sitnl.c @@ -30,6 +30,7 @@ #include "errlevel.h" #include "buffer.h" +#include "misc.h" #include "networking.h" #include @@ -723,6 +724,40 @@ err: return ret; } +int +net_addr_ll_set(openvpn_net_ctx_t *ctx, const openvpn_net_iface_t *iface, + uint8_t *addr) +{ + struct sitnl_link_req req; + int ifindex, ret = -1; + + CLEAR(req); + + ifindex = if_nametoindex(iface); + if (ifindex == 0) + { + msg(M_WARN | M_ERRNO, "%s: rtnl: cannot get ifindex for %s", __func__, + iface); + return -1; + } + + req.n.nlmsg_len = NLMSG_LENGTH(sizeof(req.i)); + req.n.nlmsg_flags = NLM_F_REQUEST; + req.n.nlmsg_type = RTM_NEWLINK; + + req.i.ifi_family = AF_PACKET; + req.i.ifi_index = ifindex; + + SITNL_ADDATTR(&req.n, sizeof(req), IFLA_ADDRESS, addr, ETH_ALEN); + + msg(M_INFO, "%s: lladdr " MAC_FMT " for %s", __func__, MAC_PRINT_ARG(addr), + iface); + + ret = sitnl_send(&req.n, 0, 0, NULL, NULL); +err: + return ret; +} + static int sitnl_addr_set(int cmd, uint32_t flags, int ifindex, sa_family_t af_family, const inet_address_t *local, const inet_address_t *remote, From patchwork Fri Sep 3 06:11:13 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 1933 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director13.mail.ord1d.rsapps.net ([172.31.255.6]) by backend30.mail.ord1d.rsapps.net with LMTP id 8MwvIm5JMmHoIwAAIUCqbw (envelope-from ) for ; Fri, 03 Sep 2021 12:12:30 -0400 Received: from proxy14.mail.iad3b.rsapps.net ([172.31.255.6]) by director13.mail.ord1d.rsapps.net with LMTP id 0LfnIW5JMmE1SAAA91zNiA (envelope-from ) for ; Fri, 03 Sep 2021 12:12:30 -0400 Received: from smtp19.gate.iad3b ([172.31.255.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy14.mail.iad3b.rsapps.net with LMTPS id mLqQHG5JMmEGEAAA+7ETDg (envelope-from ) for ; Fri, 03 Sep 2021 12:12:30 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp19.gate.iad3b.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: bc91e208-0cd1-11ec-ab0a-525400cbaf6c-1-1 Received: from [216.105.38.7] ([216.105.38.7:56382] helo=lists.sourceforge.net) by smtp19.gate.iad3b.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id D7/39-05396-D6942316; Fri, 03 Sep 2021 12:12:30 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1mMBmz-0005RD-0A; Fri, 03 Sep 2021 16:11:37 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mMBmx-0005Qp-6f for openvpn-devel@lists.sourceforge.net; Fri, 03 Sep 2021 16:11:35 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=dgojB9QfluXUjF0HXLyjtMOFcBaNC+/PkdQ6Qc9+rEw=; b=LN8jgXyGUXifTKd3kofS7UpkUW iIgz3x4BK3SNqzvcup6FRyXa3oDAfbbEk+1MmNahitMRi4OOvEwlNfJhhq+Vpz6isynr4Rb0/hl1B cRmAPLl3IwtUm2MqqzaYF89C7IsmmeqoezlPfPBTJmOeVFaU/Fo3rzDyc99DSb0sSL/c=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=dgojB9QfluXUjF0HXLyjtMOFcBaNC+/PkdQ6Qc9+rEw=; b=Gjt/5qKzShDQ5cYwcq1zeHLuQJ zxdYxjUjw/bc67Rrvkp4WUmz1YAyYa820vfcPyzQs8VfR8IXlqkCreAFZ75OPGRvgpyZKnK+bVGLB kLtwGomUb8X2Pz3iAYyQg/Zpmywx1UJrG8PuGiVg8G87515VL5NAVydoqd7fQaK5DJ1g=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1mMBmv-0006NJ-4k for openvpn-devel@lists.sourceforge.net; Fri, 03 Sep 2021 16:11:35 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Fri, 3 Sep 2021 18:11:13 +0200 Message-Id: <20210903161113.30498-2-a@unstable.cc> In-Reply-To: <20210903161113.30498-1-a@unstable.cc> References: <20210903161113.30498-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: betterbe.com] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1mMBmv-0006NJ-4k Subject: [Openvpn-devel] [PATCH 2/2] set_lladdr: use networking API net_addr_ll_set() on Linux X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli , Jan Hugo Prins Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Make sure that set_addr() uses the proper networking backend when setting the LL address of a TAP interface. This operation was overlooked while implementing the networking APIs on the Linux platform. Reported-by: Jan Hugo Prins Signed-off-by: Antonio Quartulli Acked-by: Gert Doering --- This patch (along with 1/2) has been tested on buildbots, but I couldn't run any specific test on any *BSD or Windows platform. Linux with both iproute2 and sitnl works as expected. src/openvpn/init.c | 5 +++-- src/openvpn/lladdr.c | 30 +++++++++++++----------------- src/openvpn/lladdr.h | 3 ++- 3 files changed, 18 insertions(+), 20 deletions(-) diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 386aee23..a17fe859 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -1176,7 +1176,7 @@ do_persist_tuntap(const struct options *options, openvpn_net_ctx_t *ctx) ctx); if (options->persist_mode && options->lladdr) { - set_lladdr(options->dev, options->lladdr, NULL); + set_lladdr(ctx, options->dev, options->lladdr, NULL); } return true; #else /* ifdef ENABLE_FEATURE_TUN_PERSIST */ @@ -1853,7 +1853,8 @@ do_open_tun(struct context *c) /* set the hardware address */ if (c->options.lladdr) { - set_lladdr(c->c1.tuntap->actual_name, c->options.lladdr, c->c2.es); + set_lladdr(&c->net_ctx, c->c1.tuntap->actual_name, c->options.lladdr, + c->c2.es); } /* do ifconfig */ diff --git a/src/openvpn/lladdr.c b/src/openvpn/lladdr.c index 22857eb7..f12c146f 100644 --- a/src/openvpn/lladdr.c +++ b/src/openvpn/lladdr.c @@ -15,10 +15,9 @@ #include "lladdr.h" int -set_lladdr(const char *ifname, const char *lladdr, +set_lladdr(openvpn_net_ctx_t *ctx, const char *ifname, const char *lladdr, const struct env_set *es) { - struct argv argv = argv_new(); int r; if (!ifname || !lladdr) @@ -27,17 +26,13 @@ set_lladdr(const char *ifname, const char *lladdr, } #if defined(TARGET_LINUX) -#ifdef ENABLE_IPROUTE - argv_printf(&argv, - "%s link set addr %s dev %s", - iproute_path, lladdr, ifname); -#else - argv_printf(&argv, - "%s %s hw ether %s", - IFCONFIG_PATH, - ifname, lladdr); -#endif -#elif defined(TARGET_SOLARIS) + uint8_t addr[ETH_ALEN]; + + sscanf(lladdr, MAC_FMT, MAC_SCAN_ARG(addr)); + r = net_addr_ll_set(ctx, ifname, addr) == 0; +#else /* if defined(TARGET_LINUX) */ + struct argv argv = argv_new(); +#if defined(TARGET_SOLARIS) argv_printf(&argv, "%s %s ether %s", IFCONFIG_PATH, @@ -57,18 +52,19 @@ set_lladdr(const char *ifname, const char *lladdr, "%s %s ether %s", IFCONFIG_PATH, ifname, lladdr); -#else /* if defined(TARGET_LINUX) */ +#else /* if defined(TARGET_SOLARIS) */ msg(M_WARN, "Sorry, but I don't know how to configure link layer addresses on this operating system."); return -1; -#endif /* if defined(TARGET_LINUX) */ - +#endif /* if defined(TARGET_SOLARIS) */ argv_msg(M_INFO, &argv); r = openvpn_execve_check(&argv, es, M_WARN, "ERROR: Unable to set link layer address."); + argv_free(&argv); +#endif /* if defined(TARGET_LINUX) */ + if (r) { msg(M_INFO, "TUN/TAP link layer address set to %s", lladdr); } - argv_free(&argv); return r; } diff --git a/src/openvpn/lladdr.h b/src/openvpn/lladdr.h index f6ea2b12..0c8b4164 100644 --- a/src/openvpn/lladdr.h +++ b/src/openvpn/lladdr.h @@ -3,6 +3,7 @@ */ #include "misc.h" +#include "networking.h" -int set_lladdr(const char *ifname, const char *lladdr, +int set_lladdr(openvpn_net_ctx_t *ctx, const char *ifname, const char *lladdr, const struct env_set *es);