From patchwork Mon Aug 8 04:34:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kristof Provost via Openvpn-devel X-Patchwork-Id: 2640 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director14.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id 2GC/Gzsf8WKfdQAAIUCqbw (envelope-from ) for ; Mon, 08 Aug 2022 10:35:39 -0400 Received: from proxy2.mail.ord1d.rsapps.net ([172.30.191.6]) by director14.mail.ord1d.rsapps.net with LMTP id 6BKUGzsf8WI9MAAAeJ7fFg (envelope-from ) for ; Mon, 08 Aug 2022 10:35:39 -0400 Received: from smtp29.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy2.mail.ord1d.rsapps.net with LMTPS id KGphGzsf8WK4MQAAfawv4w (envelope-from ) for ; Mon, 08 Aug 2022 10:35:39 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp29.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=netgate.com; dmarc=pass (p=none; dis=none) header.from=lists.sourceforge.net X-Suspicious-Flag: YES X-Classification-ID: 5edf4cca-1727-11ed-a782-525400f257a9-1-1 Received: from [216.105.38.7] ([216.105.38.7:34516] helo=lists.sourceforge.net) by smtp29.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 46/49-04991-A3F11F26; Mon, 08 Aug 2022 10:35:38 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1oL3q2-0007RZ-D2; Mon, 08 Aug 2022 14:34:39 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1oL3q1-0007RT-1d for openvpn-devel@lists.sourceforge.net; Mon, 08 Aug 2022 14:34:37 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=r4Ma0y4zEtHiD4NEpOQphU6d/FyBahv0Ykb2HTY+m5I=; b=nQOIy4u7ZAwG4E6FzQsh6UL6wn JUjz4EG1+a7jP6ghV7cI3p1KbSSrkrhyUdg9PWCbFnxeMldPGcaIEq02V5bkgp1IFyJPHwOBsLx6j OOXjdu7WsjfvmWs9jfQA4gWGeOT8wtnIdtJIicJLInpNMILnDoGGZtFqlXUmt+47iZ6A=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=r4Ma0y4zEtHiD4NEpOQphU6d/FyBahv0Ykb2HTY+m5I=; b=WFNEJegXN+oi5DerK1IeYqKGpW 6E/JSo26dvpGnal3VBRje7Lq3MzjA/jsldtSGQQa4GEB8pYcRhIo1L1gFYUHdAYdqhWinaeTIF8F7 N0epmgKc6gMXmP5negjXMY4U2Kfg0/TIrR3Uf/Mpdse6jBaILbdvbeoUrKYHushaKP8E=; Received: from mail-ed1-f50.google.com ([209.85.208.50]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.94.2) id 1oL3py-0008NZ-Ri for openvpn-devel@lists.sourceforge.net; Mon, 08 Aug 2022 14:34:37 +0000 Received: by mail-ed1-f50.google.com with SMTP id a89so11582462edf.5 for ; Mon, 08 Aug 2022 07:34:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netgate.com; s=google; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc; bh=r4Ma0y4zEtHiD4NEpOQphU6d/FyBahv0Ykb2HTY+m5I=; b=qIdKU11Msmsxgjv18AT/YuPNd86IudPn8QQoqi5WzqnO9x1pOET9a153TcGf5JvyoQ Rbj3onlJpVefo1MejZ9M68TnlH6TDfimDsHN80UYxyGjK4v5FLt6VaUggljJ78heBAtH N6/lkzx7Ewwz3De4QDdPoBHt1i4H0ZYft4qHw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc; bh=r4Ma0y4zEtHiD4NEpOQphU6d/FyBahv0Ykb2HTY+m5I=; b=3aTGQeG0U29KgLOnuseb3alkv9IlosFN+mYlXPVygjZMfDgTzXUqJaccRuzWUGfxBQ NpALVNgWynzgcpASqVYMTMxa9f0IYyGblGwPgFJvKcNoV/jkepIlE/Ha6TVmkKb01LsE gL3mrZou/CXxNFUupv81L7G7nhAfF+nX/HjNGNaq7QW+t7bXGgQaKlCm45dRgbWa3ZrE 9XV/aSWKStrU2zwfK0oyWWcitwizzFypdlB7DJ/LtodF4xBd/RUSV6/xZN0ycc0M8lQ6 /oKsD+jd9uqhMJc//NYVsTKkA5jd3vGHKEGsvNN2MhcClvo3gBjjaG3podKnJ9+VzBsK 5tyA== X-Gm-Message-State: ACgBeo0EvBd6fnxY3Kc79jtowZy+aDIxDw5Cggj0A+QPG1XMR+66Rbjq mohBqG50FiLJ9moo5jWR+LYMB71rf2OkVA== X-Google-Smtp-Source: AA6agR5F8DxdFjgVU8g0xnX2pjzBCxxgcO0izFSKJh0z9uO4Ovaoiermpfc44HnOoB2HCV3qIe4iYw== X-Received: by 2002:a05:6402:4385:b0:440:679a:c3fa with SMTP id o5-20020a056402438500b00440679ac3famr8826507edc.118.1659969268172; Mon, 08 Aug 2022 07:34:28 -0700 (PDT) Received: from nut.jupiter.sigsegv.be (ptr-8rii4qaqu7q1ipd5fh4.18120a2.ip6.access.telenet.be. [2a02:1811:2417:df00:f602:70ff:feae:6e98]) by smtp.googlemail.com with ESMTPSA id e12-20020a170906314c00b007246492658asm5051034eje.117.2022.08.08.07.34.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Aug 2022 07:34:27 -0700 (PDT) To: openvpn-devel Date: Mon, 8 Aug 2022 16:34:22 +0200 Message-Id: <20220808143424.65924-2-kprovost@netgate.com> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220808143424.65924-1-kprovost@netgate.com> References: <20220808143424.65924-1-kprovost@netgate.com> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Kristof Provost If 'max-clients' is set multi_create_instance() can return NULL (for any client that would take us over the client limit). If mi is NULL we don't add it to the hash map, but we do potentially dereference it to increment the session count. Do not attempt to do so if 'mi == NULL'. Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.208.50 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.208.50 listed in wl.mailspike.net] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain X-Headers-End: 1oL3py-0008NZ-Ri Subject: [Openvpn-devel] [PATCH] Handle exceeding 'max-clients' X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Kristof Provost via Openvpn-devel From: Kristof Provost via Openvpn-devel Reply-To: Kristof Provost Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Kristof Provost If 'max-clients' is set multi_create_instance() can return NULL (for any client that would take us over the client limit). If mi is NULL we don't add it to the hash map, but we do potentially dereference it to increment the session count. Do not attempt to do so if 'mi == NULL'. Signed-off-by: Kristof Provost --- src/openvpn/mudp.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c index 0810fada..0cbca1a9 100644 --- a/src/openvpn/mudp.c +++ b/src/openvpn/mudp.c @@ -241,15 +241,16 @@ multi_get_create_instance_udp(struct multi_context *m, bool *floated) hash_add_fast(hash, bucket, &mi->real, hv, mi); mi->did_real_hash = true; multi_assign_peer_id(m, mi); - } - /* If we have a session id already, ensure that the - * state is using the same */ - if (session_id_defined(&state.server_session_id) - && session_id_defined((&state.peer_session_id))) - { - mi->context.c2.tls_multi->n_sessions++; - struct tls_session *session = &mi->context.c2.tls_multi->session[TM_ACTIVE]; - session_skip_to_pre_start(session, &state, &m->top.c2.from); + + /* If we have a session id already, ensure that the + * state is using the same */ + if (session_id_defined(&state.server_session_id) + && session_id_defined((&state.peer_session_id))) + { + mi->context.c2.tls_multi->n_sessions++; + struct tls_session *session = &mi->context.c2.tls_multi->session[TM_ACTIVE]; + session_skip_to_pre_start(session, &state, &m->top.c2.from); + } } } else From patchwork Mon Aug 8 04:34:24 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kristof Provost via Openvpn-devel X-Patchwork-Id: 2641 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director14.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id 0H48Cz4f8WJ5dQAAIUCqbw (envelope-from ) for ; Mon, 08 Aug 2022 10:35:42 -0400 Received: from proxy2.mail.ord1d.rsapps.net ([172.30.191.6]) by director14.mail.ord1d.rsapps.net with LMTP id 8PIMCz4f8WLBKQAAeJ7fFg (envelope-from ) for ; Mon, 08 Aug 2022 10:35:42 -0400 Received: from smtp3.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy2.mail.ord1d.rsapps.net with LMTPS id wH2PCj4f8WJLMgAAfawv4w (envelope-from ) for ; Mon, 08 Aug 2022 10:35:42 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp3.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=netgate.com; dmarc=pass (p=none; dis=none) header.from=lists.sourceforge.net X-Suspicious-Flag: YES X-Classification-ID: 608e0700-1727-11ed-8d12-5254006d4589-1-1 Received: from [216.105.38.7] ([216.105.38.7:55710] helo=lists.sourceforge.net) by smtp3.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id EF/D2-07358-D3F11F26; Mon, 08 Aug 2022 10:35:41 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1oL3q9-0003lI-LV; Mon, 08 Aug 2022 14:34:44 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1oL3q5-0003lB-DO for openvpn-devel@lists.sourceforge.net; Mon, 08 Aug 2022 14:34:40 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=GjdbQ2m2KP3LDLd2PbOgMJp/vLtJoShCIJbVp2YMABs=; b=JgXMqwZylKYP4/pPnWTTsNrQh9 DPqFXiRBlUX4KYUoe5YIagjZFQOL3lcZcdFU7AvmU1nMMhPUGu44VlpvCtJArxPy9mC+DVfM+FkCk 92bVy5HEsARTvI2O13l5YHEqvn2uZDyCVdejRFD0lL0+ZyzyOYqmnf11jySH5T5i+vjo=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=GjdbQ2m2KP3LDLd2PbOgMJp/vLtJoShCIJbVp2YMABs=; b=igSO9OX9Iwr7oPUnTZwbEKT/Iq M8fAww37ge/QV9e14sJH1PpMr99Kv3n0PHBjeInhPvZIyB8LST23N2MqEMH7825H0wktMcOYTo8UI jQS85eZPY1tSuJngQhRnHyANtsU4Ag34Fe2abZTN7w96yYuquDS2/a015LIQ4Jgjd/q8=; Received: from mail-ed1-f43.google.com ([209.85.208.43]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.94.2) id 1oL3q0-007rx1-Mt for openvpn-devel@lists.sourceforge.net; Mon, 08 Aug 2022 14:34:39 +0000 Received: by mail-ed1-f43.google.com with SMTP id f22so11547845edc.7 for ; Mon, 08 Aug 2022 07:34:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netgate.com; s=google; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc; bh=GjdbQ2m2KP3LDLd2PbOgMJp/vLtJoShCIJbVp2YMABs=; b=rZA3JjaV6iByPDqWt80TdAOsfQAJ6bDlB0p7EE5iXuEM/8lM6xTMtp0vRdB8zSDdYM 0SS5ScUJh9GtBjI253fPnTk6tq5WHqU0s8BsuSQGcSFgh4hD8ItFI0hc66EK8bcRWKWk 1cUrHorHyYx7FSdNr4mfOUlJ6zPVRkbrkxfAE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc; bh=GjdbQ2m2KP3LDLd2PbOgMJp/vLtJoShCIJbVp2YMABs=; b=aByItFmSisZPa9qH9rx/zgXVok1WrYuDOuNze73U4YXDef4fT+TFnHjOxroJzMDHuS 3cenyKTwtIoQXryJmqMSaRywj3QNbtbUAoVmblGG4QR1YD/u2CuH9gOYm2yW7VEm0CmD ZhhcMQIYvLUSo3vkz3zqJXxoCBLZfJpzOv5KNe9Ip2UFMkOQK1EHNXjNFNdQ+pacjseg FeBH+eNkxHoDCIfREVKgf1ISr2sT3hHEFTbEycd5385TBIdNhUC92ZpyHg65NAjYDhfT DZS0fo/l/xP5TECYpOOVE1KFT0YiyyVhPBAxeNW2C3UO+DPLCflcs7whI9f8lh6mgbia k+AA== X-Gm-Message-State: ACgBeo2k+PUw19zYjLEU7g3/qZSdpY5LvxUG14GVKegQCSrcfo1oL9n4 jihojKB5fcraY4igKPTNu7Nxo0Dco5BOMQ== X-Google-Smtp-Source: AA6agR699PMvR1/7JYrihkfiFtDXq9mbfkBFI99YVDtnYmlD0kdm9kMsVggnHQ+FbtCQvcA00Exb2A== X-Received: by 2002:aa7:c7da:0:b0:440:d482:36b5 with SMTP id o26-20020aa7c7da000000b00440d48236b5mr2560502eds.21.1659969269981; Mon, 08 Aug 2022 07:34:29 -0700 (PDT) Received: from nut.jupiter.sigsegv.be (ptr-8rii4qaqu7q1ipd5fh4.18120a2.ip6.access.telenet.be. [2a02:1811:2417:df00:f602:70ff:feae:6e98]) by smtp.googlemail.com with ESMTPSA id e12-20020a170906314c00b007246492658asm5051034eje.117.2022.08.08.07.34.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Aug 2022 07:34:29 -0700 (PDT) To: openvpn-devel Date: Mon, 8 Aug 2022 16:34:24 +0200 Message-Id: <20220808143424.65924-4-kprovost@netgate.com> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220808143424.65924-1-kprovost@netgate.com> References: <20220808143424.65924-1-kprovost@netgate.com> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Kristof Provost Signed-off-by: Kristof Provost --- src/openvpn/Makefile.am | 1 + src/openvpn/dco.c | 8 +-- src/openvpn/dco_freebsd.h | 2 + src/openvpn/networking.h | 9 +++ src/openvpn/networkin [...] Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.208.43 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.208.43 listed in wl.mailspike.net] 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1oL3q0-007rx1-Mt Subject: [Openvpn-devel] [PATCH 2/2] Support creating iroute route entries on FreeBSD X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Kristof Provost via Openvpn-devel From: Kristof Provost via Openvpn-devel Reply-To: Kristof Provost Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Kristof Provost Signed-off-by: Kristof Provost --- src/openvpn/Makefile.am | 1 + src/openvpn/dco.c | 8 +-- src/openvpn/dco_freebsd.h | 2 + src/openvpn/networking.h | 9 +++ src/openvpn/networking_freebsd.c | 101 +++++++++++++++++++++++++++++++ 5 files changed, 117 insertions(+), 4 deletions(-) create mode 100644 src/openvpn/networking_freebsd.c diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am index 2a139b23..5155a180 100644 --- a/src/openvpn/Makefile.am +++ b/src/openvpn/Makefile.am @@ -88,6 +88,7 @@ openvpn_SOURCES = \ mtu.c mtu.h \ mudp.c mudp.h \ multi.c multi.h \ + networking_freebsd.c \ networking_iproute2.c networking_iproute2.h \ networking_sitnl.c networking_sitnl.h \ networking.h \ diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c index 4f40255e..b9cc0b83 100644 --- a/src/openvpn/dco.c +++ b/src/openvpn/dco.c @@ -591,7 +591,7 @@ void dco_install_iroute(struct multi_context *m, struct multi_instance *mi, struct mroute_addr *addr) { -#if defined(TARGET_LINUX) +#if defined(TARGET_LINUX) || defined(TARGET_FREEBSD) if (!dco_enabled(&m->top.options)) { return; @@ -634,13 +634,13 @@ dco_install_iroute(struct multi_context *m, struct multi_instance *mi, &mi->context.c2.push_ifconfig_local, dev, 0, DCO_IROUTE_METRIC); } -#endif /* if defined(TARGET_LINUX) */ +#endif /* if defined(TARGET_LINUX) || defined(TARGET_FREEBSD) */ } void dco_delete_iroutes(struct multi_context *m, struct multi_instance *mi) { -#if defined(TARGET_LINUX) +#if defined(TARGET_LINUX) || defined(TARGET_FREEBSD) if (!dco_enabled(&m->top.options)) { return; @@ -673,7 +673,7 @@ dco_delete_iroutes(struct multi_context *m, struct multi_instance *mi) 0, DCO_IROUTE_METRIC); } } -#endif /* if defined(TARGET_LINUX) */ +#endif /* if defined(TARGET_LINUX) || defined(TARGET_FREEBSD) */ } #endif /* defined(ENABLE_DCO) */ diff --git a/src/openvpn/dco_freebsd.h b/src/openvpn/dco_freebsd.h index 3594f229..7de11697 100644 --- a/src/openvpn/dco_freebsd.h +++ b/src/openvpn/dco_freebsd.h @@ -27,6 +27,8 @@ #include "ovpn_dco_freebsd.h" +#define DCO_IROUTE_METRIC 100 + typedef enum ovpn_key_slot dco_key_slot_t; typedef enum ovpn_key_cipher dco_cipher_t; diff --git a/src/openvpn/networking.h b/src/openvpn/networking.h index cf6d39ac..b0b31ea1 100644 --- a/src/openvpn/networking.h +++ b/src/openvpn/networking.h @@ -31,6 +31,9 @@ struct context; #include "networking_sitnl.h" #elif ENABLE_IPROUTE #include "networking_iproute2.h" +#elif defined(TARGET_FREEBSD) +typedef void *openvpn_net_ctx_t; +typedef char openvpn_net_iface_t; #else /* define mock types to ensure code builds on any platform */ typedef void *openvpn_net_ctx_t; @@ -238,7 +241,9 @@ int net_addr_ptp_v4_del(openvpn_net_ctx_t *ctx, const openvpn_net_iface_t *iface, const in_addr_t *local, const in_addr_t *remote); +#endif /* ENABLE_SITNL || ENABLE_IPROUTE */ +#if defined(ENABLE_SITNL) || defined(ENABLE_IPROUTE) || defined(TARGET_FREEBSD) /** * Add a route for an IPv4 address/network * @@ -315,6 +320,10 @@ int net_route_v6_del(openvpn_net_ctx_t *ctx, const struct in6_addr *dst, const openvpn_net_iface_t *iface, uint32_t table, int metric); +#endif /* ENABLE_SITNL || ENABLE_IPROUTE || TARGET_FREEBSD */ + +#if defined(ENABLE_SITNL) || defined(ENABLE_IPROUTE) + /** * Retrieve the gateway and outgoing interface for the specified IPv4 * address/network diff --git a/src/openvpn/networking_freebsd.c b/src/openvpn/networking_freebsd.c new file mode 100644 index 00000000..4e36941e --- /dev/null +++ b/src/openvpn/networking_freebsd.c @@ -0,0 +1,101 @@ +#ifdef HAVE_CONFIG_H +#include "config.h" +#elif defined(_MSC_VER) +#include "config-msvc.h" +#endif +#include "syshead.h" +#include "errlevel.h" +#include "run_command.h" +#include "networking.h" + +#if defined(TARGET_FREEBSD) + +static int +net_route_v4(const char *op, const in_addr_t *dst, int prefixlen, + const in_addr_t *gw, const char *iface, uint32_t table, + int metric) +{ + char buf1[16], buf2[16]; + in_addr_t _dst, _gw; + struct argv argv = argv_new(); + bool status; + + _dst = ntohl(*dst); + _gw = ntohl(*gw); + + argv_printf(&argv, "%s %s", + ROUTE_PATH, op); + argv_printf_cat(&argv, "-net %s/%d %s -fib %d", + inet_ntop(AF_INET, &_dst, buf1, sizeof(buf1)), + prefixlen, + inet_ntop(AF_INET, &_gw, buf2, sizeof(buf2)), + table); + + argv_msg(M_INFO, &argv); + status = openvpn_execve_check(&argv, NULL, 0, + "ERROR: FreeBSD route add command failed"); + + argv_free(&argv); + + return (!status); +} + +static int +net_route_v6(const char *op, const struct in6_addr *dst, + int prefixlen, const struct in6_addr *gw, const char *iface, + uint32_t table, int metric) +{ + char buf1[64], buf2[64]; + struct argv argv = argv_new(); + bool status; + + argv_printf(&argv, "%s -6 %s", + ROUTE_PATH, op); + argv_printf_cat(&argv, "-net %s/%d %s -fib %d", + inet_ntop(AF_INET6, dst, buf1, sizeof(buf1)), + prefixlen, + inet_ntop(AF_INET6, gw, buf2, sizeof(buf2)), + table); + + argv_msg(M_INFO, &argv); + status = openvpn_execve_check(&argv, NULL, 0, + "ERROR: FreeBSD route add command failed"); + + argv_free(&argv); + + return (!status); +} + +int +net_route_v4_add(openvpn_net_ctx_t *ctx, const in_addr_t *dst, int prefixlen, + const in_addr_t *gw, const char *iface, uint32_t table, + int metric) +{ + return net_route_v4("add", dst, prefixlen, gw, iface, table, metric); +} + +int +net_route_v6_add(openvpn_net_ctx_t *ctx, const struct in6_addr *dst, + int prefixlen, const struct in6_addr *gw, const char *iface, + uint32_t table, int metric) +{ + return net_route_v6("add", dst, prefixlen, gw, iface, table, metric); +} + +int +net_route_v4_del(openvpn_net_ctx_t *ctx, const in_addr_t *dst, int prefixlen, + const in_addr_t *gw, const char *iface, uint32_t table, + int metric) +{ + return net_route_v4("del", dst, prefixlen, gw, iface, table, metric); +} + +int +net_route_v6_del(openvpn_net_ctx_t *ctx, const struct in6_addr *dst, + int prefixlen, const struct in6_addr *gw, const char *iface, + uint32_t table, int metric) +{ + return net_route_v6("del", dst, prefixlen, gw, iface, table, metric); +} + +#endif