From patchwork Mon Sep 16 13:04:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "ralf_lici (Code Review)" X-Patchwork-Id: 3836 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:c41d:b0:5b9:581e:f939 with SMTP id jt29csp1191674mab; Mon, 16 Sep 2024 06:04:36 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCV1umPsOsQuCAtxpOeoYtLaDpuBVxdA1pSJ6Pt4B7tBfPSXHdD5t4tkFo6JH7mYXZ0o+KdcMPGCBYk=@openvpn.net X-Google-Smtp-Source: AGHT+IG1vUa4Pj8UkX1IV/YfSpJMag3ZCv3wS5zGkSIqaaf5uI/A74rS7RoJXfkJcVnJRuxYaOk7 X-Received: by 2002:a05:6808:1b14:b0:3d9:2e62:7065 with SMTP id 5614622812f47-3e04e23dfe8mr10400779b6e.1.1726491876020; Mon, 16 Sep 2024 06:04:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1726491876; cv=none; d=google.com; s=arc-20240605; b=S8c15040PfICSuKQpOo8g+ogBj2s+W+eDUNSVb5Y85K3X57r1ezMjKslhOWTnKVNuF ETHP/nNxmfV6F6tcDXr9wzZGvZZipu+yq+2clkmcaQVlb0jbUeBgB6R3i2SsqDZw2aa5 5zcRCcwvjI6sa0UGw2bRUWN4MSFBbpbpSb2Zcr5lZzjvsiWbtM+hqqszQu45QqjbGEQa 43lUvLCUHv+D+r/B+uc5gIAVEYPYLp3SqdkdjboGr4wM/3BkvCSzEDfiFUhLSpeBE+TY 0iVzJMOszzJivsvwTabeo99TwhbtdwD/RMyZW7XNJPX4iR2zBCtnkB5r6S57lwNAtv7j 4nmw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=MHFpDjnb7yFjAOwrj3CQrWYXNUu0R+AvCnLj8+xHHAY=; fh=lm0MLPW7DntlrDqRECIiC9JlE1uPxhepE0URYHIf+eE=; b=QLm0rxxicELRxIbfwmTs3NK2/FQ5Y3Lmqei4HtUzfX6JYk6HwrOofkgt8hZyrZ3Q2T RdymFctPbd9K9OyuSXbtwUjMGkvRBef3nMLb+Xq28FHAoDO5XeEzLahoqEvOscJdm0/g Y+f7yltg+f6wQekARl87cNqR17sUNomxMd1YYWIY/2CG1iOD/F7ijKLo59hqxma4VKa8 h1NJtY4GVNbpjgRTpcArUo1x5mnUId7KlFb3XtXo9VUNHrKNliV6CMC1RkhCDWRe3JB0 H/O0hMWbqKrkz4fX+UUzFsYvDiThKDoFtECDgaDrGMKnoC5yDqCErFCk6/vcGYqFaaqh MVMw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=JN6KnNeg; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=gt3R1qW3; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=czWPpObJ; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 5614622812f47-3e166f749d8si2067742b6e.172.2024.09.16.06.04.35 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 16 Sep 2024 06:04:35 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=JN6KnNeg; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=gt3R1qW3; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=czWPpObJ; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1sqBP0-00032J-IY; Mon, 16 Sep 2024 13:04:25 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1sqBOx-000325-SU for openvpn-devel@lists.sourceforge.net; Mon, 16 Sep 2024 13:04:23 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=YkdxFdUwGeCXCghmb0RHstmwqbELxlrSI5B54+qqcGc=; b=JN6KnNegQNAgkr0+N6VlEE1iyu yxIurvz86tZuKOnRdi+M7h6Xjf35GccCPqwci2iyweE5YGTISkkiEQ2qusiMy9GS63eMR24/TA32g nA9Y4G/8T66NjBMoQDHo2KNdOXnh5IKq9YT1bjwruK1Ou8DFnJbYCh3/gBfj2joN3/RU=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=YkdxFdUwGeCXCghmb0RHstmwqbELxlrSI5B54+qqcGc=; b=g t3R1qW3UqrFFBBa4bIWUv66+O8M6Eoc+XkcBE9m7UkIr/E/xx0wyKAmpC9lntxofUCLPuuE73alkB gs+k748BZdMZs6S6CeNhPSgep5tbi1JOX9tZvUrtX8qyVHQTJKVZbAq7grQa6j43y/njuRbww6QCf 06HWwWAigRNGCo/U=; Received: from mail-wm1-f44.google.com ([209.85.128.44]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1sqBOw-0000xf-4g for openvpn-devel@lists.sourceforge.net; Mon, 16 Sep 2024 13:04:23 +0000 Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-42cbe624c59so26048635e9.3 for ; Mon, 16 Sep 2024 06:04:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1726491850; x=1727096650; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=YkdxFdUwGeCXCghmb0RHstmwqbELxlrSI5B54+qqcGc=; b=czWPpObJW1RQGKYMba+Rdl2l521m7Cw2P990dhmuRkIPXjCFJ4Nu2m9jSSXRg/OHDT unrm/HyqWNZ0LlBlTvz3tOj/xlxBDJF9/6UQzUTWJYVMzK+/xX7GbR73A7qis9LaSIEK ab3A4jHgg1VtrD1i9FOjAM8X56KqSTfehbH/WGBymAtBaGSyPyb+1FckFElKV+g5UJGX bVpirVyo843SVq0az6o7OaUjUBW5sI38qHfvzCuC3AAGW0fBYIP4bVj9UdWGsfxu6rx+ 1XCJ6COTEHq/EdYRVR/7gxN/khNFoxvonJSfEEGdzujTI0bEtMxGJ77uisDD1UweK6BK 6Ivw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726491850; x=1727096650; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=YkdxFdUwGeCXCghmb0RHstmwqbELxlrSI5B54+qqcGc=; b=ggPufW10DJkDljPRYQAHnLALXZXeVu47DdIwUWLtge7vNxV+zbGIhJagQEPyGgpyNz /w3Hb7iWrQD8w9J4f6BQf4I0/QdsmLNpH70mbBdCkSUJ8EgTXxMkM/dJXSRlFqxe5kVN Vev3FZMLTnzKzI639XhK09+XAjoYEk0nLTjmWy5U8ESO+VXwayXRDAIcR7HbclcSAVSb tAiiv4cic2S7qh1mleuQyuunvg5Nc0tVV6mWwxPQXw4vmWs8WyvZnFALCdm9LBAGR24A aTHABJIGiUm3mgiEO4XiGBUmt0JUSHLKrsLZ42FtgwEOQxxju2A+fgNbNa3rwQU/B4sZ m6uQ== X-Gm-Message-State: AOJu0YwbobxvrDbCrcZmalD5W2Bi3IQkehTg6z6XccI9D+zEpO0prmJA BqX+5KH7KWy6h5GLQN04Jv0xLd8tuo5pk+pbBqVU4BOYNS+Mkihh91N8nep/UAtARmSMHIbqtrv 4 X-Received: by 2002:a05:600c:3b1d:b0:42c:c401:6d8b with SMTP id 5b1f17b1804b1-42d9070af3emr85513955e9.7.1726491849871; Mon, 16 Sep 2024 06:04:09 -0700 (PDT) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-42d9b1949c3sm110786995e9.46.2024.09.16.06.04.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 16 Sep 2024 06:04:09 -0700 (PDT) From: "plaisthos (Code Review)" X-Google-Original-From: "plaisthos (Code Review)" X-Gerrit-PatchSet: 1 Date: Mon, 16 Sep 2024 13:04:08 +0000 To: flichtenheld Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: I0a2957699757665d70514ba7cafe833443018ad6 X-Gerrit-Change-Number: 750 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: 7b89c3f238f12d67e6b9e1f0d1945b38337980f4 References: Message-ID: <16273cddc913033cb2871584840dd12ce04675f7-HTML@gerrit.openvpn.net> MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -1.2 (-) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit Content analysis details: (-1.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.128.44 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -1.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.44 listed in wl.mailspike.net] 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML X-Headers-End: 1sqBOw-0000xf-4g Subject: [Openvpn-devel] [S] Change in openvpn[master]: Automatically enable ifconfig-exec/route-exec behaviour for afunix tu... X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net, frank@lichtenheld.com Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1810357945593290032?= X-GMAIL-MSGID: =?utf-8?q?1810357945593290032?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/750?usp=email to review the following change. Change subject: Automatically enable ifconfig-exec/route-exec behaviour for afunix tun/tap ...................................................................... Automatically enable ifconfig-exec/route-exec behaviour for afunix tun/tap Change-Id: I0a2957699757665d70514ba7cafe833443018ad6 Signed-off-by: Arne Schwabe --- M src/openvpn/init.c 1 file changed, 27 insertions(+), 4 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/50/750/1 diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 8d37a7f..ae5a1f4 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -1679,6 +1679,17 @@ #endif /* ifdef ENABLE_MANAGEMENT */ } +/** + * Determine if external route commands should be executed based on + * configured options and backend driver + */ +static bool +route_noexec_enabled(const struct options *o, const struct tuntap *tt) +{ + return o->route_noexec + || (tt && tt->backend_driver == DRIVER_AFUNIX); +} + /* * Possibly add routes and/or call route-up script * based on options. @@ -1693,7 +1704,7 @@ openvpn_net_ctx_t *ctx) { bool ret = true; - if (!options->route_noexec && ( route_list || route_ipv6_list ) ) + if (!route_noexec_enabled(options, tt) && ( route_list || route_ipv6_list ) ) { ret = add_routes(route_list, route_ipv6_list, tt, ROUTE_OPTION_FLAGS(options), es, ctx); @@ -1858,6 +1869,18 @@ #endif } +/** + * Determines if ifconfig execution should be disabled because of a + * @param c + * @return + */ +static bool +ifconfig_noexec_enabled(const struct context *c) +{ + return c->options.ifconfig_noexec + || (c->c1.tuntap && c->c1.tuntap->backend_driver == DRIVER_AFUNIX); +} + static void open_tun_backend(struct context *c) { @@ -1937,7 +1960,7 @@ } /* do ifconfig */ - if (!c->options.ifconfig_noexec + if (!ifconfig_noexec_enabled(c) && ifconfig_order(c->c1.tuntap) == IFCONFIG_BEFORE_TUN_OPEN) { /* guess actual tun/tap unit number that will be returned @@ -1978,7 +2001,7 @@ } /* do ifconfig */ - if (!c->options.ifconfig_noexec + if (!ifconfig_noexec_enabled(c) && ifconfig_order(c->c1.tuntap) == IFCONFIG_AFTER_TUN_OPEN) { do_ifconfig(c->c1.tuntap, c->c1.tuntap->actual_name, @@ -2061,7 +2084,7 @@ if (c->c1.tuntap) { - if (!c->options.ifconfig_noexec) + if (!ifconfig_noexec_enabled(c)) { undo_ifconfig(c->c1.tuntap, &c->net_ctx); }