From patchwork Sat Jan 21 19:42:26 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 3010 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp667371dyk; Sat, 21 Jan 2023 11:43:00 -0800 (PST) X-Google-Smtp-Source: AMrXdXutEZPR4YBV1EacHi5tUEscAds8tXJQ65gfA/qeUh7l8l2Cp+FOFVXr59UuZKgL1iUuYqFg X-Received: by 2002:a05:6a20:6a92:b0:b8:7ef5:4308 with SMTP id bi18-20020a056a206a9200b000b87ef54308mr18309797pzb.23.1674330180190; Sat, 21 Jan 2023 11:43:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674330180; cv=none; d=google.com; s=arc-20160816; b=gmV+wo3Gi5kE9WsNWprS5ruLobsGLyeW3PcJ0tgvuqB+Q4C/3aq9Q54kdoe3pWNjD3 ahFeluQFrIhGjJjjGPYdCu3z+vaJyc3erDVaKhmVEi+5HbUFLkGddhKeQEhI992heT+z mieJglDNDo7yhuc9lWUFQH1TyRcm23bM/St1Tgd7djTae9x5yglxzdjlpCJnRq7GJ0AT G0WnSn0X8dYVttpA+Poxqo8q3N+gMcOXX9Wnzma2umRcD23+9SJiOobitY+gBStbQRDm nhBDl99qWZXG/3ve1nESUe+q7Ev69Dc4luskD3XD6fR1rVL45pEe3cN1+AJ/rxrqFumP ioeg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=P1/Zmr3UGc0ywiaktozeLuIPrWjO9YE/eUd9XXb707Y=; b=s8C1vG37p95GBYDguBpd79jP8XO4p4k/H7hC+c3Drv5V0oPyYuCdpdH0suyglQiGQe unzG7eujxuZ6PNX4uOClUXaUHaGCkHbxzYTDFzzSyVxos2+dGFw53d9I9gLLCmp5b0PI /xsXuweJgElf9cTu4/eoN+cTlfWx6+2T3wtldLB622WtZ1un9XNjJ9+kb9/0fYyw6vAU btCagE4moqrvq7llclhs0TFaUhB7cNa9+20HHXDY9Wf3SLX5s6pdIW4ecPtBYpNYTIsL XnvwqM/+jq6j0aFnKzb8VOsIlUoRAQpoIwB9s/HZ+5520KFlHSqkcxjwr65jujEkFmtb H66A== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=g9aPpleu; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=B1yD9FJa; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=iJaK6WFE; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id a18-20020a63e852000000b0047785402653si44479070pgk.776.2023.01.21.11.42.59 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 21 Jan 2023 11:43:00 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=g9aPpleu; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=B1yD9FJa; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=iJaK6WFE; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pJJl7-00070u-AH; Sat, 21 Jan 2023 19:42:36 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pJJl6-00070o-IA for openvpn-devel@lists.sourceforge.net; Sat, 21 Jan 2023 19:42:35 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=pMDaJKQpKcPmN9IcOcR0NC5E5z72+XWHXf+Vfbxnlv8=; b=g9aPpleuS05FrBjsCvV9ke8QAG nzAYig4qr1O0/AgRimDxV20mGY0yzixo1TTRBNQmC5KfcebHLKMKxNIJVMZwWwJ2E47/Lux06ZoDh nYcP70ysY1Prjh+RcP4c5067U/4PF4fN/HiQ8J/uusD0LRj96ybhRsrhr3BgQZhatejY=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=pMDaJKQpKcPmN9IcOcR0NC5E5z72+XWHXf+Vfbxnlv8=; b=B1yD9FJaZ08NykxrjrIUzDMZnq 8Vk2fwVxr0TUAAzgvdw6oTvkbbui8VSl8Oz/DHIuj07R0KOUKk3O8UWVlg4cd59349nOxpqzH2GI/ 1nTqhGO8RTHsrGl3Y7yOw/7IOW0z0SaTWKWsZtKzGVS80O4q7AGQncpnEN1UVLrqvi78=; Received: from mail-io1-f43.google.com ([209.85.166.43]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1pJJl5-0005BT-7O for openvpn-devel@lists.sourceforge.net; Sat, 21 Jan 2023 19:42:35 +0000 Received: by mail-io1-f43.google.com with SMTP id b127so3987979iof.8 for ; Sat, 21 Jan 2023 11:42:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=pMDaJKQpKcPmN9IcOcR0NC5E5z72+XWHXf+Vfbxnlv8=; b=iJaK6WFED+3+wukKqAv4QMgStizwnv5NvtiNMNty+2vOu8TROqO9xM3v2NJ3v6JB/X /eyCP2KhJqoHcJxzE+rTnJPVTedGmBmI+Rw9CngoNpRJHjezbulH4GqkVXGkcIQ1mKt9 gy0cNpdo+R3t7eReCx/Y5w3A9u6X9z/ZIo/qNAvzHtTtSdOu6Qt7IvcxDtvdmrRBDWJf C7CfXPmBAH4WCsRwZIkiJmONzGPtaKrzYYy2Fhhqq3mX3Xf04OYyoenAmZhtW1eIUQvY fa4dkZgQBhYY7IiECS7lREeGB491enXBwuF+sbJmcqQHzZBezpB/MsgI6gOiGD/3ow/O yHRg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=pMDaJKQpKcPmN9IcOcR0NC5E5z72+XWHXf+Vfbxnlv8=; b=3z5B0+alRLNzIuFBApBFANCJsplCrJ6Dr5n06eSoone4cKGMLqxPyaMaUqDPXgOMy+ 1Nt79ucLnJMdNcBUZFKqEZJmfy/TK3jsScQY2+g5S+rMBf0bTIfOE09EqlYBCPKSdbfg K5Cv9yMDVHaa1w9UrRdMF2KG1aeUIVZ3cZ+eC9hi2Ao1+gfaVbOwZ+kpb0+W4TfzhMNE jbrWDMqjmPFgq2674nvZZ6CV5qssD6DI+QwqMP8stJL08OLY+f9xQAckoa8pZD9Fuyat FyjjxZHkOtVzNv5iupiXsuPsF69q9Dgzhk2Mjuar8UqpIoifigjWY91EJhTPOny6uf87 ympQ== X-Gm-Message-State: AFqh2kqx3NZbl6npmdksxr+KOuC4Ysng1/JtOylNXxKkkyH7sb/rjnZj 2XuqBhFAQ0KVdNjWYkXQTyXELXxhoa0= X-Received: by 2002:a05:6602:2813:b0:704:69fd:280 with SMTP id d19-20020a056602281300b0070469fd0280mr2364839ioe.2.1674330149327; Sat, 21 Jan 2023 11:42:29 -0800 (PST) Received: from uranus.sansel.ca (bras-vprn-tnhlon4053w-lp130-01-70-51-222-66.dsl.bell.ca. [70.51.222.66]) by smtp.gmail.com with ESMTPSA id b9-20020a026f49000000b0039e68e9988csm10066900jae.56.2023.01.21.11.42.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 21 Jan 2023 11:42:28 -0800 (PST) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Sat, 21 Jan 2023 14:42:26 -0500 Message-Id: <20230121194226.2081637-1-selva.nair@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230116194809.1980444-1-selva.nair@gmail.com> References: <20230116194809.1980444-1-selva.nair@gmail.com> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Selva Nair - Ensure net_route_v4/v6_add/del() functions using iproute2 return error when route addition fails. Return value follows the same logic as corresponding functions using netlink though all failure reas [...] Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.166.43 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.166.43 listed in wl.mailspike.net] 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [selva.nair[at]gmail.com] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1pJJl5-0005BT-7O Subject: [Openvpn-devel] [PATCH v2] Fix one more "existing route may get deleted" case X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1755662443218349575?= X-GMAIL-MSGID: =?utf-8?q?1755662443218349575?= From: Selva Nair - Ensure net_route_v4/v6_add/del() functions using iproute2 return error when route addition fails. Return value follows the same logic as corresponding functions using netlink though all failure reasons get the same error code of -1. TODO: Preserve any preexisting direct route to VPN and optionally the IPv6 connected net route. v2: Following review, removed the poorly coded RL_DID_LOCAL-related chunks. That part needs a better fix. Signed-off-by: Selva Nair Acked-by: Gert Doering --- src/openvpn/networking_iproute2.c | 32 +++++++++++++++++++++++-------- 1 file changed, 24 insertions(+), 8 deletions(-) diff --git a/src/openvpn/networking_iproute2.c b/src/openvpn/networking_iproute2.c index f93756d6..0efeed0f 100644 --- a/src/openvpn/networking_iproute2.c +++ b/src/openvpn/networking_iproute2.c @@ -267,6 +267,7 @@ net_route_v4_add(openvpn_net_ctx_t *ctx, const in_addr_t *dst, int prefixlen, { struct argv argv = argv_new(); const char *dst_str = print_in_addr_t(*dst, 0, &ctx->gc); + int ret = 0; argv_printf(&argv, "%s route add %s/%d", iproute_path, dst_str, prefixlen); @@ -288,11 +289,14 @@ net_route_v4_add(openvpn_net_ctx_t *ctx, const in_addr_t *dst, int prefixlen, } argv_msg(D_ROUTE, &argv); - openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route add command failed"); + if (!openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route add command failed")) + { + ret = -1; + } argv_free(&argv); - return 0; + return ret; } int @@ -302,6 +306,7 @@ net_route_v6_add(openvpn_net_ctx_t *ctx, const struct in6_addr *dst, { struct argv argv = argv_new(); char *dst_str = (char *)print_in6_addr(*dst, 0, &ctx->gc); + int ret = 0; argv_printf(&argv, "%s -6 route add %s/%d dev %s", iproute_path, dst_str, prefixlen, iface); @@ -319,11 +324,14 @@ net_route_v6_add(openvpn_net_ctx_t *ctx, const struct in6_addr *dst, } argv_msg(D_ROUTE, &argv); - openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route -6 add command failed"); + if (!openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route -6 add command failed")) + { + ret = -1; + } argv_free(&argv); - return 0; + return ret; } int @@ -333,6 +341,7 @@ net_route_v4_del(openvpn_net_ctx_t *ctx, const in_addr_t *dst, int prefixlen, { struct argv argv = argv_new(); const char *dst_str = print_in_addr_t(*dst, 0, &ctx->gc); + int ret = 0; argv_printf(&argv, "%s route del %s/%d", iproute_path, dst_str, prefixlen); @@ -342,11 +351,14 @@ net_route_v4_del(openvpn_net_ctx_t *ctx, const in_addr_t *dst, int prefixlen, } argv_msg(D_ROUTE, &argv); - openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route delete command failed"); + if (!openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route delete command failed")) + { + ret = -1; + } argv_free(&argv); - return 0; + return ret; } int @@ -356,6 +368,7 @@ net_route_v6_del(openvpn_net_ctx_t *ctx, const struct in6_addr *dst, { struct argv argv = argv_new(); char *dst_str = (char *)print_in6_addr(*dst, 0, &ctx->gc); + int ret = 0; argv_printf(&argv, "%s -6 route del %s/%d dev %s", iproute_path, dst_str, prefixlen, iface); @@ -373,11 +386,14 @@ net_route_v6_del(openvpn_net_ctx_t *ctx, const struct in6_addr *dst, } argv_msg(D_ROUTE, &argv); - openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route -6 del command failed"); + if (!openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route -6 del command failed")) + { + ret = -1; + } argv_free(&argv); - return 0; + return ret; } int