From patchwork Tue Sep 28 21:07:17 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 1974 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director12.mail.ord1d.rsapps.net ([172.31.255.6]) by backend30.mail.ord1d.rsapps.net with LMTP id CF5jBO8QVGGWSQAAIUCqbw (envelope-from ) for ; Wed, 29 Sep 2021 03:08:31 -0400 Received: from proxy16.mail.iad3b.rsapps.net ([172.31.255.6]) by director12.mail.ord1d.rsapps.net with LMTP id KLlMBO8QVGG/XgAAIasKDg (envelope-from ) for ; Wed, 29 Sep 2021 03:08:31 -0400 Received: from smtp8.gate.iad3b ([172.31.255.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy16.mail.iad3b.rsapps.net with LMTPS id AIqBOu4QVGHLCwAAPj+4aA (envelope-from ) for ; Wed, 29 Sep 2021 03:08:30 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp8.gate.iad3b.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: 0c6a7926-20f4-11ec-888b-5254005eee35-1-1 Received: from [216.105.38.7] ([216.105.38.7:59038] helo=lists.sourceforge.net) by smtp8.gate.iad3b.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id D7/91-10780-DE014516; Wed, 29 Sep 2021 03:08:30 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1mVTgh-00046I-7O; Wed, 29 Sep 2021 07:07:31 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mVTgg-00046C-3X for openvpn-devel@lists.sourceforge.net; Wed, 29 Sep 2021 07:07:30 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=m3BNtjUXSak4CdmeOgiYTIFImCBnUudbTEz+OllaXXc=; b=OeCU6G2oCMAnBdcxtS7anvvjjM hCNbrWHg7QbNFach2ZtQHnJ2DnTfZsmfbNf9qLhNU/WDCzZSdTnIatH0xJl35Bk5kvKDlOkQQNSSh AkFzAr4EnC/tiLg6HuCHIs7WCUsQMgYZrnsmHRJnXwrVUj4mLx6MXljGNH1E/bZPqbbE=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=m3BNtjUXSak4CdmeOgiYTIFImCBnUudbTEz+OllaXXc=; b=iUZxlaBIbgf8/TKzRXYbbwCViy nELZENNbEryndQ2ZdYAQod/jeDOJCw5F4YrrcnHgY9Muj7TRgs+49IhNyW+/OedqKNeN+t9pZQPX0 tuwmb6xKVY54L/0MgFz3885wkwCQs2jPvBvYYZjwbMm/FKlBheOBBFv3QRm+4ZoN2qio=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1mVTgc-00B1Lo-Dy for openvpn-devel@lists.sourceforge.net; Wed, 29 Sep 2021 07:07:29 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Wed, 29 Sep 2021 09:07:17 +0200 Message-Id: <20210929070717.28164-1-a@unstable.cc> In-Reply-To: <20210903161113.30498-1-a@unstable.cc> References: <20210903161113.30498-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: When running in TAP mode we may need to set the LL address of the interface, if requested by the user. This operation was overlooked when implementing the networking API and it still relies on iproute/net-tools being installed. Content analysis details: (-0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1mVTgc-00B1Lo-Dy Subject: [Openvpn-devel] [PATCH v2 1/2] networking: add and implement net_addr_ll_set() API X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli , Jan Hugo Prins Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox When running in TAP mode we may need to set the LL address of the interface, if requested by the user. This operation was overlooked when implementing the networking API and it still relies on iproute/net-tools being installed. Basically this means that when compiling OpenVPN on a system without iproute2/net-tools and the user uses the "lladdr" config directive, OpenVPN will fail to se the LL address of the interface. With this patch a new API is introduced and it is implemented for both SITNL and iproute2 backends. Reported-by: Jan Hugo Prins Signed-off-by: Antonio Quartulli --- Changes from v1: * addemissing brackets around oneliner if-block src/openvpn/misc.h | 7 +++++++ src/openvpn/networking.h | 12 +++++++++++ src/openvpn/networking_iproute2.c | 23 ++++++++++++++++++++ src/openvpn/networking_sitnl.c | 35 +++++++++++++++++++++++++++++++ 4 files changed, 77 insertions(+) diff --git a/src/openvpn/misc.h b/src/openvpn/misc.h index c10529f7..e8d1a521 100644 --- a/src/openvpn/misc.h +++ b/src/openvpn/misc.h @@ -211,4 +211,11 @@ get_num_elements(const char *string, char delimiter); struct buffer prepend_dir(const char *dir, const char *path, struct gc_arena *gc); +#define _STRINGIFY(S) #S +#define MAC_FMT _STRINGIFY(%02hhx:%02hhx:%02hhx:%02hhx:%02hhx:%02hhx) +#define MAC_PRINT_ARG(_mac) _mac[0], _mac[1], _mac[2], \ + _mac[3], _mac[4], _mac[5] +#define MAC_SCAN_ARG(_mac) &_mac[0], &_mac[1], &_mac[2], \ + &_mac[3], &_mac[4], &_mac[5] + #endif /* ifndef MISC_H */ diff --git a/src/openvpn/networking.h b/src/openvpn/networking.h index 94f12617..d43979f0 100644 --- a/src/openvpn/networking.h +++ b/src/openvpn/networking.h @@ -103,6 +103,18 @@ int net_iface_up(openvpn_net_ctx_t *ctx, const openvpn_net_iface_t *iface, int net_iface_mtu_set(openvpn_net_ctx_t *ctx, const openvpn_net_iface_t *iface, uint32_t mtu); +/** + * Set the Link Layer (Ethernet) address of the TAP interface + * + * @param ctx the implementation specific context + * @param iface the interface to modify + * @param addr the new address to set (expected ETH_ALEN bytes (6)) + * + * @return 0 on success, a negative error code otherwise + */ +int net_addr_ll_set(openvpn_net_ctx_t *ctx, const openvpn_net_iface_t *iface, + uint8_t *addr); + /** * Add an IPv4 address to an interface * diff --git a/src/openvpn/networking_iproute2.c b/src/openvpn/networking_iproute2.c index e4897e3b..67b8894b 100644 --- a/src/openvpn/networking_iproute2.c +++ b/src/openvpn/networking_iproute2.c @@ -93,6 +93,29 @@ net_iface_mtu_set(openvpn_net_ctx_t *ctx, const char *iface, uint32_t mtu) return 0; } +int +net_addr_ll_set(openvpn_net_ctx_t *ctx, const openvpn_net_iface_t *iface, + uint8_t *addr) +{ + struct argv argv = argv_new(); + int ret = 0; + + argv_printf(&argv, + "%s link set addr " MAC_FMT " dev %s", + iproute_path, MAC_PRINT_ARG(addr), iface); + + argv_msg(M_INFO, &argv); + if (!openvpn_execve_check(&argv, ctx->es, M_WARN, + "Linux ip link set addr failed")) + { + ret = -1; + } + + argv_free(&argv); + + return ret; +} + int net_addr_v4_add(openvpn_net_ctx_t *ctx, const char *iface, const in_addr_t *addr, int prefixlen) diff --git a/src/openvpn/networking_sitnl.c b/src/openvpn/networking_sitnl.c index f0dda7a4..8610e1d2 100644 --- a/src/openvpn/networking_sitnl.c +++ b/src/openvpn/networking_sitnl.c @@ -30,6 +30,7 @@ #include "errlevel.h" #include "buffer.h" +#include "misc.h" #include "networking.h" #include @@ -723,6 +724,40 @@ err: return ret; } +int +net_addr_ll_set(openvpn_net_ctx_t *ctx, const openvpn_net_iface_t *iface, + uint8_t *addr) +{ + struct sitnl_link_req req; + int ifindex, ret = -1; + + CLEAR(req); + + ifindex = if_nametoindex(iface); + if (ifindex == 0) + { + msg(M_WARN | M_ERRNO, "%s: rtnl: cannot get ifindex for %s", __func__, + iface); + return -1; + } + + req.n.nlmsg_len = NLMSG_LENGTH(sizeof(req.i)); + req.n.nlmsg_flags = NLM_F_REQUEST; + req.n.nlmsg_type = RTM_NEWLINK; + + req.i.ifi_family = AF_PACKET; + req.i.ifi_index = ifindex; + + SITNL_ADDATTR(&req.n, sizeof(req), IFLA_ADDRESS, addr, ETH_ALEN); + + msg(M_INFO, "%s: lladdr " MAC_FMT " for %s", __func__, MAC_PRINT_ARG(addr), + iface); + + ret = sitnl_send(&req.n, 0, 0, NULL, NULL); +err: + return ret; +} + static int sitnl_addr_set(int cmd, uint32_t flags, int ifindex, sa_family_t af_family, const inet_address_t *local, const inet_address_t *remote,