From patchwork Mon Jan 16 19:48:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 3004 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp1870899dyk; Mon, 16 Jan 2023 11:49:16 -0800 (PST) X-Google-Smtp-Source: AMrXdXuD9N4nZ3OkDC1dtq7l+tklbDMuR2umnOZREsL4FkpR2/DQvEKGjEV1t2v6aip3dtCC1x99 X-Received: by 2002:a17:902:f149:b0:194:810a:d6af with SMTP id d9-20020a170902f14900b00194810ad6afmr757246plb.56.1673898556560; Mon, 16 Jan 2023 11:49:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1673898556; cv=none; d=google.com; s=arc-20160816; b=hbcPRzZ/kdIolCn/suJgODpE0X1qG69mPgilhQ8nnWNfnZuTzMh4zJNYv1uQdYh2vJ n2hOUCbRiMMWZwTNCeRRPq353BbWNrjcb/7h2YDO/gp29O7Kr3e8/6S5MZx8OrtUiyR5 Jc91m8ST6XMyZNHqf1imF998JLAojTlx/eq68uku4t1A5i36yVg75VRqqqPxD9rqF/Bw kbN6yss01jl0+s2r5dCSlLAE4OmCWDvcuEYnegu/zejOC/6bvhOqVh385qQFYnCe4Dpj r4GVNzdvfX2FI2UqNkkDEik4bSUT31oGhMRAN5B4+0JcCNohqK6KjmELPqbkQq8c7/Xu E4lg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:dkim-signature :dkim-signature; bh=5ODfi0lmsobjkF4WOAwJsNGWiFU2srtwKGn7HREv2u0=; b=oJuqJ7lGA1co7u6VeIiMlDtt1FNw6ZGOOjFrL/oNlk7uNqNx+OCM78ZeFQmcicQDNm Tvoc+fZtD9JsLZ0WOOgiJc6J46WJyAfMN3RUGMuY9+yT146d83FeHSMlE9b149Q7iHrt l9EGvc5q7cZZqF49E3oNTsIq+JF0fJq2Utt1+JmkMRhPUaXkHHrVSuy+JYdIhvjAiJXl NFFE6j/Wobso8SUBouKxwL7Hz0FL8bXwZT/WjETgLPfCdklXYYDrITdwET6WKDtAX6EB lyI1ZQgE8a32w41wVJ9emvFt4SiUZBnSYY/PtEr6PGY9GS5JPAb/5PakVrJngrdqL/oQ dwgw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=g47LY4co; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=QQKdOstl; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=A5kuvCjw; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id y15-20020a1709027c8f00b00182d09b284dsi12581183pll.310.2023.01.16.11.49.16 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 16 Jan 2023 11:49:16 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=g47LY4co; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=QQKdOstl; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=A5kuvCjw; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pHVSw-00058U-BM; Mon, 16 Jan 2023 19:48:21 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pHVSu-00058O-RH for openvpn-devel@lists.sourceforge.net; Mon, 16 Jan 2023 19:48:20 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Dh0etshNa2s2/JJK+N0QsdcD5BCHRjWpCyUOPxzVlHk=; b=g47LY4coQ6R2ceFviL7Z0kao25 4BHvQdIDFh945K6878edZjrEO6IxTsc3NMs3kPiV+xQ6mZujBuYSLQoIs/epar04c/0+2Vb9Mcv2X yv9XgYcRq5diKobA5aYt6mwMMIFGJ5fJPD0NNPpQ06mg+YbatzeqejU+qGAZNw4CsMeI=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=Dh0etshNa2s2/JJK+N0QsdcD5BCHRjWpCyUOPxzVlHk=; b=Q QKdOstlJ01Vs4T+TqwfDzO44FEsxWPC5sw6i6vY8LiiBeYN/PSRhaZMnQRZ/iQOnzSLyKvc2nhXyX anAEieAg5aUYv14YeLLgfbAb4yRmhEKi12UFn1Huk+4vH53nQ4OKFqVpiGfH337Z2nU75g1dnmHpB 40KqzKKjk+imirkk=; Received: from mail-io1-f51.google.com ([209.85.166.51]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1pHVSs-0001at-GW for openvpn-devel@lists.sourceforge.net; Mon, 16 Jan 2023 19:48:20 +0000 Received: by mail-io1-f51.google.com with SMTP id q130so1019277iod.4 for ; Mon, 16 Jan 2023 11:48:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=Dh0etshNa2s2/JJK+N0QsdcD5BCHRjWpCyUOPxzVlHk=; b=A5kuvCjwf3/CHYFw7B62LkdIdDtaawNRCLw3eSwbXMJ8OaQPkWw4e14EpBzzGq/iby UHTdNaj2/bBYrOga2m7zvIwvOzt9xlKvRYwjoLxABMI20illVJv1IgkYYxd4lJ4oHogy 93Cmzz0UkYf73rnleDVDH1rxnhkY5yf+TwoBzSp4iBbLUH+mwYqoW40C4eGAP13luD3j wBx4BHqyZ3E4qfQo2R+N2jrN/m3jval73kk0WDAYWWWHnwbKatsGBCP0mG+iHLK8Tbr1 ZXLW4Zt4pLD//YVcCxh9QSmGS/zcW/vIs1d8mKKuKS5+QfCtx2ohRyrFoANfSNE7N5e/ io8A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Dh0etshNa2s2/JJK+N0QsdcD5BCHRjWpCyUOPxzVlHk=; b=UFJop7qV0JYZUxQyK5F6jI6va5hDCHt4MJQgpBfmfbQDbrxatIb5S5o6GzRCY0eX6K RWQjfhlSV1JDTvd9NnAiN86noMbNf5cJ4+fINaWkF/c5he4Yr6rErvn+mWiobc4cmw67 WDr5IsE5mxYEoPHXLVLAP3vG+NsnI5N4VI4cEtqxatvb5L45UGZomc4vRiDIeb7aNnJK Fo/0TxL1lKjWPXK31WtsWE7UoTIwsJsmYZ2nDTJcJ+EnykSzpc/ZTNgC1KuM7wBW/PEn KNJKMewdIXodQw8IV7zAiESkhDqNYXHR9G21RdB2KeA+QFQov89jdZyUDR67kOR5Rbis Tg+A== X-Gm-Message-State: AFqh2krT/WyMJJaTPirAqk+ahTAD6hdaST8xHkk7djP2ETqs+kAsOTNk QoPSM2mRbadksLhTXRAyX9VJt8yGslc= X-Received: by 2002:a6b:e90e:0:b0:704:bbb2:f9f9 with SMTP id u14-20020a6be90e000000b00704bbb2f9f9mr41568iof.1.1673898492643; Mon, 16 Jan 2023 11:48:12 -0800 (PST) Received: from uranus.sansel.ca (bras-vprn-tnhlon4053w-lp130-01-70-51-222-66.dsl.bell.ca. [70.51.222.66]) by smtp.gmail.com with ESMTPSA id u62-20020a022341000000b003a328648a40sm1144179jau.118.2023.01.16.11.48.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 16 Jan 2023 11:48:12 -0800 (PST) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Mon, 16 Jan 2023 14:48:09 -0500 Message-Id: <20230116194809.1980444-1-selva.nair@gmail.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Selva Nair - Set RL_DID_LOCAL only if the corresponding route addition succeeds. This is needed to preserve when the direct route to the vpn server preexists. - Ensure net_route_v4/v6_add/del() functions using iproute2 return error when route addition fails. Return value follows the same logic as corresponding functions using netlink though all failure reas [...] Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.166.51 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [selva.nair[at]gmail.com] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.166.51 listed in wl.mailspike.net] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1pHVSs-0001at-GW Subject: [Openvpn-devel] [PATCH] Fix more "existing route may get deleted" cases X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1755209853071842341?= X-GMAIL-MSGID: =?utf-8?q?1755209853071842341?= From: Selva Nair - Set RL_DID_LOCAL only if the corresponding route addition succeeds. This is needed to preserve when the direct route to the vpn server preexists. - Ensure net_route_v4/v6_add/del() functions using iproute2 return error when route addition fails. Return value follows the same logic as corresponding functions using netlink though all failure reasons get the same error code of -1. NOTE: delete_route_connected_v6_net() is called even if the corresponding addition fails. This looks harder to fix, but also less critical. Signed-off-by: Selva Nair --- This anticipates two other cases of wrongly deleted routes to be fixed by https://patchwork.openvpn.net/project/openvpn2/patch/20230111160848.22906-1-gert@greenie.muc.de/ src/openvpn/networking_iproute2.c | 32 +++++++++++++++++++++++-------- src/openvpn/route.c | 26 ++++++++++++++----------- src/openvpn/route.h | 8 ++++---- 3 files changed, 43 insertions(+), 23 deletions(-) diff --git a/src/openvpn/networking_iproute2.c b/src/openvpn/networking_iproute2.c index f93756d6..0efeed0f 100644 --- a/src/openvpn/networking_iproute2.c +++ b/src/openvpn/networking_iproute2.c @@ -267,6 +267,7 @@ net_route_v4_add(openvpn_net_ctx_t *ctx, const in_addr_t *dst, int prefixlen, { struct argv argv = argv_new(); const char *dst_str = print_in_addr_t(*dst, 0, &ctx->gc); + int ret = 0; argv_printf(&argv, "%s route add %s/%d", iproute_path, dst_str, prefixlen); @@ -288,11 +289,14 @@ net_route_v4_add(openvpn_net_ctx_t *ctx, const in_addr_t *dst, int prefixlen, } argv_msg(D_ROUTE, &argv); - openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route add command failed"); + if (!openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route add command failed")) + { + ret = -1; + } argv_free(&argv); - return 0; + return ret; } int @@ -302,6 +306,7 @@ net_route_v6_add(openvpn_net_ctx_t *ctx, const struct in6_addr *dst, { struct argv argv = argv_new(); char *dst_str = (char *)print_in6_addr(*dst, 0, &ctx->gc); + int ret = 0; argv_printf(&argv, "%s -6 route add %s/%d dev %s", iproute_path, dst_str, prefixlen, iface); @@ -319,11 +324,14 @@ net_route_v6_add(openvpn_net_ctx_t *ctx, const struct in6_addr *dst, } argv_msg(D_ROUTE, &argv); - openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route -6 add command failed"); + if (!openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route -6 add command failed")) + { + ret = -1; + } argv_free(&argv); - return 0; + return ret; } int @@ -333,6 +341,7 @@ net_route_v4_del(openvpn_net_ctx_t *ctx, const in_addr_t *dst, int prefixlen, { struct argv argv = argv_new(); const char *dst_str = print_in_addr_t(*dst, 0, &ctx->gc); + int ret = 0; argv_printf(&argv, "%s route del %s/%d", iproute_path, dst_str, prefixlen); @@ -342,11 +351,14 @@ net_route_v4_del(openvpn_net_ctx_t *ctx, const in_addr_t *dst, int prefixlen, } argv_msg(D_ROUTE, &argv); - openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route delete command failed"); + if (!openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route delete command failed")) + { + ret = -1; + } argv_free(&argv); - return 0; + return ret; } int @@ -356,6 +368,7 @@ net_route_v6_del(openvpn_net_ctx_t *ctx, const struct in6_addr *dst, { struct argv argv = argv_new(); char *dst_str = (char *)print_in6_addr(*dst, 0, &ctx->gc); + int ret = 0; argv_printf(&argv, "%s -6 route del %s/%d dev %s", iproute_path, dst_str, prefixlen, iface); @@ -373,11 +386,14 @@ net_route_v6_del(openvpn_net_ctx_t *ctx, const struct in6_addr *dst, } argv_msg(D_ROUTE, &argv); - openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route -6 del command failed"); + if (!openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route -6 del command failed")) + { + ret = -1; + } argv_free(&argv); - return 0; + return ret; } int diff --git a/src/openvpn/route.c b/src/openvpn/route.c index 3a978cb4..20dacb5e 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -912,7 +912,7 @@ init_route_ipv6_list(struct route_ipv6_list *rl6, return ret; } -static bool +static int add_route3(in_addr_t network, in_addr_t netmask, in_addr_t gateway, @@ -1050,10 +1050,14 @@ redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, if ((rl->spec.flags & RTSA_REMOTE_HOST) && rl->spec.remote_host != IPV4_INVALID_ADDR) { - ret = add_route3(rl->spec.remote_host, IPV4_NETMASK_HOST, - rl->rgi.gateway.addr, tt, flags | ROUTE_REF_GW, - &rl->rgi, es, ctx); - rl->iflags |= RL_DID_LOCAL; + int status = add_route3(rl->spec.remote_host, IPV4_NETMASK_HOST, + rl->rgi.gateway.addr, tt, flags | ROUTE_REF_GW, + &rl->rgi, es, ctx); + if (status == RTA_SUCCESS) + { + rl->iflags |= RL_DID_LOCAL; + } + ret = (status != RTA_ERROR); } else { @@ -1551,7 +1555,7 @@ is_on_link(const int is_local_route, const unsigned int flags, const struct rout return rgi && (is_local_route == LR_MATCH || ((flags & ROUTE_REF_GW) && (rgi->flags & RGI_ON_LINK))); } -bool +int add_route(struct route_ipv4 *r, const struct tuntap *tt, unsigned int flags, @@ -1564,7 +1568,7 @@ add_route(struct route_ipv4 *r, if (!(r->flags & RT_DEFINED)) { - return true; /* no error */ + return RTA_SUCCESS; /* no error */ } struct argv argv = argv_new(); @@ -1858,7 +1862,7 @@ done: /* release resources potentially allocated during route setup */ net_ctx_reset(ctx); - return (status != RTA_ERROR); + return status; } @@ -1885,7 +1889,7 @@ route_ipv6_clear_host_bits( struct route_ipv6 *r6 ) } } -bool +int add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt, unsigned int flags, const struct env_set *es, openvpn_net_ctx_t *ctx) @@ -1895,7 +1899,7 @@ add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt, if (!(r6->flags & RT_DEFINED) ) { - return true; /* no error */ + return RTA_SUCCESS; /* no error */ } struct argv argv = argv_new(); @@ -2131,7 +2135,7 @@ done: /* release resources potentially allocated during route setup */ net_ctx_reset(ctx); - return (status != RTA_ERROR); + return status; } static void diff --git a/src/openvpn/route.h b/src/openvpn/route.h index 71b4cf4e..1e110911 100644 --- a/src/openvpn/route.h +++ b/src/openvpn/route.h @@ -259,13 +259,13 @@ void copy_route_ipv6_option_list(struct route_ipv6_option_list *dest, void route_ipv6_clear_host_bits( struct route_ipv6 *r6 ); -bool add_route_ipv6(struct route_ipv6 *r, const struct tuntap *tt, unsigned int flags, const struct env_set *es, openvpn_net_ctx_t *ctx); +int add_route_ipv6(struct route_ipv6 *r, const struct tuntap *tt, unsigned int flags, const struct env_set *es, openvpn_net_ctx_t *ctx); void delete_route_ipv6(const struct route_ipv6 *r, const struct tuntap *tt, unsigned int flags, const struct env_set *es, openvpn_net_ctx_t *ctx); -bool add_route(struct route_ipv4 *r, const struct tuntap *tt, unsigned int flags, - const struct route_gateway_info *rgi, const struct env_set *es, - openvpn_net_ctx_t *ctx); +int add_route(struct route_ipv4 *r, const struct tuntap *tt, unsigned int flags, + const struct route_gateway_info *rgi, const struct env_set *es, + openvpn_net_ctx_t *ctx); void add_route_to_option_list(struct route_option_list *l, const char *network,