From patchwork Tue Oct 4 03:53:18 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 2800 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director7.mail.ord1d.rsapps.net ([172.27.255.53]) by backend30.mail.ord1d.rsapps.net with LMTP id oPYWKm9JPGPiEgAAIUCqbw (envelope-from ) for ; Tue, 04 Oct 2022 10:55:43 -0400 Received: from proxy13.mail.iad3a.rsapps.net ([172.27.255.53]) by director7.mail.ord1d.rsapps.net with LMTP id 0Jm8KW9JPGPWRgAAovjBpQ (envelope-from ) for ; Tue, 04 Oct 2022 10:55:43 -0400 Received: from smtp15.gate.iad3a ([172.27.255.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy13.mail.iad3a.rsapps.net with LMTPS id yCMiGmxJPGNlRAAAwhxzoA (envelope-from ) for ; Tue, 04 Oct 2022 10:55:40 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp15.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=greenie.muc.de X-Suspicious-Flag: YES X-Classification-ID: 67c446ac-43f4-11ed-98c2-525400f46865-1-1 Received: from [216.105.38.7] ([216.105.38.7:59182] helo=lists.sourceforge.net) by smtp15.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 81/45-10461-3194C336; Tue, 04 Oct 2022 10:54:11 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1ofjIm-0004PI-BT; Tue, 04 Oct 2022 14:53:44 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1ofjIk-0004P5-9f for openvpn-devel@lists.sourceforge.net; Tue, 04 Oct 2022 14:53:42 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=M7VeZnDfifEQdFlBtFG+BnFrxVWA2ELVnNhuZhvONsI=; b=HD31M+4KRO+4K0aGpSE1yoyKXa D1Slg9MEddihr0Bd+OpCJhlAwW+TJLxY+gWQM+64BYpgPIkYBPwFuPhe4GZLeI3r5IugydNeD+OUy TxwAVKdDTMKHN1JbzlFhS2Vq2zRCpQWAopLx6brweRSyx/QHwQ8cmwGuEwdQ2VZcvJJg=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:To:From: Sender:Reply-To:Cc:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=M7VeZnDfifEQdFlBtFG+BnFrxVWA2ELVnNhuZhvONsI=; b=F 9Hw6R75CHpFHcG+gxwOepJ6ejWJODptwjozqY92fQJDSxmLs5FREJfF2IeeM0hQnPm3JBBMSC8sOG 50QrJKnGwvkDev6Bkyk92ZNLcREqtNZV4H+PDSE4uuqMvbzcdL+JB9ltxnRY19JKQKH14NARyPW1Y OGklmCK/jSdZSunA=; Received: from chekov.greenie.muc.de ([193.149.48.178]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1ofjIj-00CUS8-7i for openvpn-devel@lists.sourceforge.net; Tue, 04 Oct 2022 14:53:42 +0000 Received: from chekov.greenie.muc.de (localhost [127.0.0.1]) by chekov.greenie.muc.de (8.16.1/8.16.1) with ESMTPS id 294ErItB098476 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO) for ; Tue, 4 Oct 2022 16:53:18 +0200 (CEST) (envelope-from gert@chekov.greenie.muc.de) Received: (from gert@localhost) by chekov.greenie.muc.de (8.16.1/8.16.1/Submit) id 294ErIBa098475 for openvpn-devel@lists.sourceforge.net; Tue, 4 Oct 2022 16:53:18 +0200 (CEST) (envelope-from gert) From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Tue, 4 Oct 2022 16:53:18 +0200 Message-Id: <20221004145318.98467-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.37.3 MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This commit needs a somewhat longer background story to explain the problem... undo_ifconfig_ipv4()/_ipv6() started their life as part of the TARGET_LINUX (only) close_tun() function. In commit 611fcbc48, these functions were created, to decouple IPv4/IPv6 dependency, still TARGET_LINUX only, with an #ifdef ENABLE_IPROUTE inside, to differenciate iproute2 vs. old-style ifconfig. Content analysis details: (0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1ofjIj-00CUS8-7i Subject: [Openvpn-devel] [PATCH] un-break undo_ifconfig_ipv4()/_ipv6() on all non-linux/non-win32 platforms X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This commit needs a somewhat longer background story to explain the problem... undo_ifconfig_ipv4()/_ipv6() started their life as part of the TARGET_LINUX (only) close_tun() function. In commit 611fcbc48, these functions were created, to decouple IPv4/IPv6 dependency, still TARGET_LINUX only, with an #ifdef ENABLE_IPROUTE inside, to differenciate iproute2 vs. old-style ifconfig. Commit dc7fcd714 changed this to "the new linux API" (sitnl), calling net_addr_ptp_v4_del() etc. - in the first branch of the #ifdef, changing from ENABLE_IPROUTE to TARGET_LINUX, inside a TARGET_LINUX, so the #else branch was never looked at for any platform. The code in that #else branch was still "the old linux ifconfig" style to undo IPv4/IPv6 address config on the tun interface. Now, commit 0c4d40cb8 comes along and makes undo_ifconfig_ipvX() a global function, during the bugfix to "don't undo ifconfig if --ifconfig-noexec is in effect". Due to "it makes the code a lot cleaner" undo_ifconfig*() is now called from do_close_tun_simple() and no longer from (Linux-) close_tun(). *This* now enables the old "linux ifconfig" code to be run on "all non-windows platforms" - running commands like ifconfig tun0 0.0.0.0 to remove the IPv4 address - which plain doesn't work on the BSDs (and has not been tested anywhere else). This all said, it's debatable whether any platforms actually NEED this - all unixoid platforms remove IPv4/IPv6 addresses on interface destroy time, so for non-persistant tun/tap interfaces, there is no hard requirement to remove IP addresses on program exit. For persistent tun/tap (pre-create with "ifconfig tun7 create") this is indeed useful to restore the pre-openvpn state by removing anything OpenVPN configured. OpenVPN up to 2.5 did not do this IP address removal on any non-Linux platform, which is better than exec'ing an ifconfig command that does nothing but print an error message (very annoying in t_client.sh V=1 runs). This all said: this patch brings an implementation of undo_ifconfig_*() for TARGET_FREEBSD ("ifconfig tunX $ip -alias"), and brings back the old "do nothing" behaviour for all other unixoid platforms. Tested on FreeBSD 7.4, 12.3, 14.0. Signed-off-by: Gert Doering --- src/openvpn/tun.c | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index 5ea460a6..3cecff4f 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -1635,17 +1635,20 @@ undo_ifconfig_ipv4(struct tuntap *tt, openvpn_net_ctx_t *ctx) tt->actual_name); } } -#elif !defined(_WIN32) /* if !defined(TARGET_LINUX) && !defined(_WIN32) */ +#elif TARGET_FREEBSD + struct gc_arena gc = gc_new(); + const char *ifconfig_local = print_in_addr_t(tt->local, 0, &gc); struct argv argv = argv_new(); - argv_printf(&argv, "%s %s 0.0.0.0", IFCONFIG_PATH, tt->actual_name); - + argv_printf(&argv, "%s %s %s -alias", IFCONFIG_PATH, + tt->actual_name, ifconfig_local); argv_msg(M_INFO, &argv); - openvpn_execve_check(&argv, NULL, 0, "Generic ip addr del failed"); + openvpn_execve_check(&argv, NULL, 0, "FreeBSD ip addr del failed"); argv_free(&argv); + gc_free(&gc); #endif /* if defined(TARGET_LINUX) */ - /* Empty for _WIN32. */ + /* Empty for _WIN32 and all other unixoid platforms */ } static void @@ -1657,21 +1660,21 @@ undo_ifconfig_ipv6(struct tuntap *tt, openvpn_net_ctx_t *ctx) { msg(M_WARN, "Linux can't del IPv6 from iface %s", tt->actual_name); } -#elif !defined(_WIN32) /* if !defined(TARGET_LINUX) && !defined(_WIN32) */ +#elif TARGET_FREEBSD struct gc_arena gc = gc_new(); const char *ifconfig_ipv6_local = print_in6_addr(tt->local_ipv6, 0, &gc); struct argv argv = argv_new(); - argv_printf(&argv, "%s %s del %s/%d", IFCONFIG_PATH, tt->actual_name, - ifconfig_ipv6_local, tt->netbits_ipv6); + argv_printf(&argv, "%s %s inet6 %s/%d -alias", IFCONFIG_PATH, + tt->actual_name, ifconfig_ipv6_local, tt->netbits_ipv6); argv_msg(M_INFO, &argv); - openvpn_execve_check(&argv, NULL, 0, "Generic ip -6 addr del failed"); + openvpn_execve_check(&argv, NULL, 0, "FreeBSD ip -6 addr del failed"); argv_free(&argv); gc_free(&gc); #endif /* if defined(TARGET_LINUX) */ - /* Empty for _WIN32. */ + /* Empty for _WIN32 and all other unixoid platforms */ } void