From patchwork Tue Oct 4 04:31:27 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 2802 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director13.mail.ord1d.rsapps.net ([172.27.255.51]) by backend30.mail.ord1d.rsapps.net with LMTP id ccgfD/xRPGPWAwAAIUCqbw (envelope-from ) for ; Tue, 04 Oct 2022 11:32:12 -0400 Received: from proxy4.mail.iad3a.rsapps.net ([172.27.255.51]) by director13.mail.ord1d.rsapps.net with LMTP id GOSvDfxRPGPHDgAA91zNiA (envelope-from ) for ; Tue, 04 Oct 2022 11:32:12 -0400 Received: from smtp19.gate.iad3a ([172.27.255.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy4.mail.iad3a.rsapps.net with LMTPS id kMj+B/xRPGOYBAAA8Zvu4w (envelope-from ) for ; Tue, 04 Oct 2022 11:32:12 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp19.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=greenie.muc.de X-Suspicious-Flag: YES X-Classification-ID: b6743adc-43f9-11ed-8267-5254005d39f2-1-1 Received: from [216.105.38.7] ([216.105.38.7:37856] helo=lists.sourceforge.net) by smtp19.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 55/3B-16082-BF15C336; Tue, 04 Oct 2022 11:32:11 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1ofjta-0003Mt-Rp; Tue, 04 Oct 2022 15:31:46 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1ofjta-0003Ml-15 for openvpn-devel@lists.sourceforge.net; Tue, 04 Oct 2022 15:31:46 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=EdzTmdgLLSaIy3pwBz3K9tEA1fzWuSDwqgggOP/yw1M=; b=SekTX0xHSvF2N+zTsOujB6W+iY KXugpFzH4dScog07TfJcFJV7lYGvsme+EUqnzZoao7RG5AEq3MmNUf2FNrnmuLdY0MrZbt7mYnokp jxXbfswaiilstSbpzE9XK9SGEKQiQujHw8pTbncQWFei+ZmVCOxCtAuoNhqv1Tdnfix8=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=EdzTmdgLLSaIy3pwBz3K9tEA1fzWuSDwqgggOP/yw1M=; b=mVJjSD/nJdptzXHGvQf+Doxg8C fl2uFz7g1qwIaTehyoj9r+jkNkvWL51vc7+Prw051ykzoRDiR5B5Bduh/RZCfaWXfx3Q96BfD4xfo hIVLB5BKPzUADNqg/npzQLPD26VVp2EOKmE1kZ5+VxmARLL8SCuiaLrQLYYyOgxQB7WM=; Received: from chekov.greenie.muc.de ([193.149.48.178]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1ofjtY-00CWiN-Ui for openvpn-devel@lists.sourceforge.net; Tue, 04 Oct 2022 15:31:45 +0000 Received: from chekov.greenie.muc.de (localhost [127.0.0.1]) by chekov.greenie.muc.de (8.16.1/8.16.1) with ESMTPS id 294FVbS5000536 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO) for ; Tue, 4 Oct 2022 17:31:37 +0200 (CEST) (envelope-from gert@chekov.greenie.muc.de) Received: (from gert@localhost) by chekov.greenie.muc.de (8.16.1/8.16.1/Submit) id 294FVWqv000535 for openvpn-devel@lists.sourceforge.net; Tue, 4 Oct 2022 17:31:32 +0200 (CEST) (envelope-from gert) From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Tue, 4 Oct 2022 17:31:27 +0200 Message-Id: <20221004153127.527-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20221004145318.98467-1-gert@greenie.muc.de> References: <20221004145318.98467-1-gert@greenie.muc.de> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This commit needs a somewhat longer background story to explain the problem... undo_ifconfig_ipv4()/_ipv6() started their life as part of the TARGET_LINUX (only) close_tun() function. In commit 611fcbc48, these functions were created, to decouple IPv4/IPv6 dependency, still TARGET_LINUX only, with an #ifdef ENABLE_IPROUTE inside, to differenciate iproute2 vs. old-style ifconfig. Content analysis details: (0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1ofjtY-00CWiN-Ui Subject: [Openvpn-devel] [PATCH v2] un-break undo_ifconfig_ipv4()/_ipv6() on all non-linux/non-win32 platforms X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This commit needs a somewhat longer background story to explain the problem... undo_ifconfig_ipv4()/_ipv6() started their life as part of the TARGET_LINUX (only) close_tun() function. In commit 611fcbc48, these functions were created, to decouple IPv4/IPv6 dependency, still TARGET_LINUX only, with an #ifdef ENABLE_IPROUTE inside, to differenciate iproute2 vs. old-style ifconfig. Commit dc7fcd714 changed this to "the new linux API" (sitnl), calling net_addr_ptp_v4_del() etc. - in the first branch of the #ifdef, changing from ENABLE_IPROUTE to TARGET_LINUX, inside a TARGET_LINUX, so the #else branch was never looked at for any platform. The code in that #else branch was still "the old linux ifconfig" style to undo IPv4/IPv6 address config on the tun interface. Now, commit 0c4d40cb8 comes along and makes undo_ifconfig_ipvX() a global function, during the bugfix to "don't undo ifconfig if --ifconfig-noexec is in effect". Due to "it makes the code a lot cleaner" undo_ifconfig*() is now called from do_close_tun_simple() and no longer from (Linux-) close_tun(). *This* now enables the old "linux ifconfig" code to be run on "all non-windows platforms" - running commands like ifconfig tun0 0.0.0.0 to remove the IPv4 address - which plain doesn't work on the BSDs (and has not been tested anywhere else). This all said, it's debatable whether any platforms actually NEED this - all unixoid platforms remove IPv4/IPv6 addresses on interface destroy time, so for non-persistant tun/tap interfaces, there is no hard requirement to remove IP addresses on program exit. For persistent tun/tap (pre-create with "ifconfig tun7 create") this is indeed useful to restore the pre-openvpn state by removing anything OpenVPN configured. OpenVPN up to 2.5 did not do this IP address removal on any non-Linux platform, which is better than exec'ing an ifconfig command that does nothing but print an error message (very annoying in t_client.sh V=1 runs). This all said: this patch brings an implementation of undo_ifconfig_*() for TARGET_FREEBSD ("ifconfig tunX $ip -alias"), and brings back the old "do nothing" behaviour for all other unixoid platforms. Tested on FreeBSD 7.4, 12.3, 14.0. v2: use #elif defined(TARGET_FREEBSD), otherwise it breaks other platforms Signed-off-by: Gert Doering Acked-by: Antonio Quartulli --- src/openvpn/tun.c | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index 5ea460a6..ddee49f9 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -1635,17 +1635,20 @@ undo_ifconfig_ipv4(struct tuntap *tt, openvpn_net_ctx_t *ctx) tt->actual_name); } } -#elif !defined(_WIN32) /* if !defined(TARGET_LINUX) && !defined(_WIN32) */ +#elif defined(TARGET_FREEBSD) + struct gc_arena gc = gc_new(); + const char *ifconfig_local = print_in_addr_t(tt->local, 0, &gc); struct argv argv = argv_new(); - argv_printf(&argv, "%s %s 0.0.0.0", IFCONFIG_PATH, tt->actual_name); - + argv_printf(&argv, "%s %s %s -alias", IFCONFIG_PATH, + tt->actual_name, ifconfig_local); argv_msg(M_INFO, &argv); - openvpn_execve_check(&argv, NULL, 0, "Generic ip addr del failed"); + openvpn_execve_check(&argv, NULL, 0, "FreeBSD ip addr del failed"); argv_free(&argv); + gc_free(&gc); #endif /* if defined(TARGET_LINUX) */ - /* Empty for _WIN32. */ + /* Empty for _WIN32 and all other unixoid platforms */ } static void @@ -1657,21 +1660,21 @@ undo_ifconfig_ipv6(struct tuntap *tt, openvpn_net_ctx_t *ctx) { msg(M_WARN, "Linux can't del IPv6 from iface %s", tt->actual_name); } -#elif !defined(_WIN32) /* if !defined(TARGET_LINUX) && !defined(_WIN32) */ +#elif defined(TARGET_FREEBSD) struct gc_arena gc = gc_new(); const char *ifconfig_ipv6_local = print_in6_addr(tt->local_ipv6, 0, &gc); struct argv argv = argv_new(); - argv_printf(&argv, "%s %s del %s/%d", IFCONFIG_PATH, tt->actual_name, - ifconfig_ipv6_local, tt->netbits_ipv6); + argv_printf(&argv, "%s %s inet6 %s/%d -alias", IFCONFIG_PATH, + tt->actual_name, ifconfig_ipv6_local, tt->netbits_ipv6); argv_msg(M_INFO, &argv); - openvpn_execve_check(&argv, NULL, 0, "Generic ip -6 addr del failed"); + openvpn_execve_check(&argv, NULL, 0, "FreeBSD ip -6 addr del failed"); argv_free(&argv); gc_free(&gc); #endif /* if defined(TARGET_LINUX) */ - /* Empty for _WIN32. */ + /* Empty for _WIN32 and all other unixoid platforms */ } void