From patchwork Mon Sep 23 13:41:31 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "flichtenheld (Code Review)" X-Patchwork-Id: 3859 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:10cd:b0:5b9:581e:f939 with SMTP id j13csp2172038mae; Mon, 23 Sep 2024 06:41:51 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCUjVTHtggsVAzcSWS65ffDG6wh0KJYnb2Ck6bgMDTrzs1hXeirmpj35Ipl0Pl1vFaw2LElb4b0vcNo=@openvpn.net X-Google-Smtp-Source: AGHT+IFwX8SdH+WXZCH7/fYEWBazon6faD9PaeM+6wlQgARZa+vdUckhfgnLyparenBceSUgoHNi X-Received: by 2002:a05:6602:1605:b0:82d:314:23c0 with SMTP id ca18e2360f4ac-83209d01de9mr1095724339f.6.1727098911301; Mon, 23 Sep 2024 06:41:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1727098911; cv=none; d=google.com; s=arc-20240605; b=Fs/uQubaa00z+L+k4cw5hjyiS54VumpGt5K4jGRSwn97mBFA/LBIRcsOhFq4O3YzyZ KOAbck7rIp5YngfuWejNLQb58cG1TywUnqCWDyR+62VsNqJ031+kKFegHosirFQ42w7G ykfYbmJqgJKJSf6MuFfliCxvcstZ8wxicLFldGwX+N+QBv38Y8YDq5EavyfBdLBi9Dbe KUQXtNDVRAkAJEOEdJHlRo4jZSSOW2u0PwF55i32lUGnHPe7sgyUuGlqzRI7/H2kYJrg 29B4BkXSKj0Av2UTcb1dStcCKhCcqdWQZPdW/HqtzfLemGyOHAd8k9mN4TCl58kvcifl H65g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=IdTY6WbqWFs4wxKZDZ49czGYsLPLuM+RznS3axYzgpc=; fh=U7wEyxtwz2o5+UdevFSA47vNeG9knhWH0KV//QhD5a0=; b=gajz3/szaPqBsrj43PKQ+KxMtEDT8b6m4h9MRjiaj6whxboRJSETV7Q5n7PDvvseH1 /9bwKK3WQI1p639aYaAiBL+d193+W9Lxe4kxvmb9AJqpkNiLTkEfFwVILO5FT3t1cLeP y3nJH/DPEdcpRRCMFtV+EQLFsC8+LT8j2uHPmBj+eVIhgIPMXAywNkgvlzFjKz3j6i9r 48S5HLICXqVIc7UCVVGPX3zBAQkHp+BJfhHeg9DhNTYZF99xXo2SuIM8OtPUqE6is+3O 9u3lJUGJ9GlwM5ofiQpETRQZwrZkmduj91XDi5/DGhL3/E2XKwYuHyDtDdDcFikbZxbl zlBQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=J1PeL5Rc; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=FvLonV0b; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=Kixz7ibP; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id ca18e2360f4ac-82d4934d580si904491339f.127.2024.09.23.06.41.51 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 23 Sep 2024 06:41:51 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=J1PeL5Rc; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=FvLonV0b; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=Kixz7ibP; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1ssjJz-0007l8-1o; Mon, 23 Sep 2024 13:41:47 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1ssjJx-0007kw-1h for openvpn-devel@lists.sourceforge.net; Mon, 23 Sep 2024 13:41:45 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=eGNuBmrFRU4P7x4xZf78+fkgzfbLqQtVo1/oQa30uEQ=; b=J1PeL5RcrDgywTUC6cOP9/8Nnh rj+Ne6ht4i+pLNAop8phb2htsUL3w/oOdA03LoK0kWz0myDq3DRPXcj+8ZXddW19qs7kAE95YXqhQ XtIsRvEbjAwYiMsnRgXuyBfKmJR3svzKEftUh90/PD1cdYouOk4+QnPO5UCGPjs7LRE4=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=eGNuBmrFRU4P7x4xZf78+fkgzfbLqQtVo1/oQa30uEQ=; b=F vLonV0bfGW4D3WccEGedOz7CzspsPCIla3nZxxTQVe56SHfFAESn/Ol8TB6fXKEBm0mEcvvXYspwh 2sSALFqBD3mTBwqcP2nt9WNMdEW1UK+zHn2TRjXrL+MUSHySdUUxEELUXDcSFHpt61QKb7HqXM/x6 RO12LUw5FQM5hJbM=; Received: from mail-wm1-f54.google.com ([209.85.128.54]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1ssjJw-0006rr-Bs for openvpn-devel@lists.sourceforge.net; Mon, 23 Sep 2024 13:41:45 +0000 Received: by mail-wm1-f54.google.com with SMTP id 5b1f17b1804b1-42cb1e623d1so41863025e9.0 for ; Mon, 23 Sep 2024 06:41:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1727098893; x=1727703693; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=eGNuBmrFRU4P7x4xZf78+fkgzfbLqQtVo1/oQa30uEQ=; b=Kixz7ibPC++k5ljCQbI0NKGQIKPpJnSHzdkn0oUbxdJgQIYG11QYPCjUhY6rMVELQA kmWuAotdGJitHw+3Gjo2QUz3wQU91OPwtt9imAGU32s1ScTxiMp3cXMYnbw9O2V8Ap4b CLemGdC+rTh3crtBoHS8ucMeYrlokjQ8TeFyF+vnALcGwi3uMCvgxBCE8E2wkQifLJ+6 MWD07iY3gznRGeGLCdUOkNZHEk90IiH/y+AUdC26uxsWTOgDqf297vExYrvPTUSnLgsz UzHvSEzFCq7cp7qeE/MG8N+pVEfWB6rD40u02SH2m7IFypMn1BudpEO4BKzSM8E5HtiN Ag0Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727098893; x=1727703693; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=eGNuBmrFRU4P7x4xZf78+fkgzfbLqQtVo1/oQa30uEQ=; b=qwH2FmmqTVnMK2zZQshgv4UQfU/sN+6+vdaL9C+XU8CnpwgzezmrKxZZMhiOGDnIjZ x6beYbx1os+tkY88d3SHZtp2fQSeALsAlqsMJSry7UAbRl6/ZH2HeJpdpxix6IduxeZz 3CvzXcTgFBaUC2eZEW4c7WlYFOTanZtCTCFFXAo6yBsmOfI4/zCbhxHDhQZigFhEpNj1 kRaZuKsYEUUjZ8aCqNndTCHmLtbCylDRoMUqob3+VVYOApg+qjxS2iYS1Y6i6W8BzRe9 WFRsKoj9ciZa6CMew8m6iDLl83h54C3Ixo+s4QqdQXBmAFtvlhIE5nnEYT3szUxM16O8 3Agw== X-Gm-Message-State: AOJu0YyZ+/9xDGBTJ0scagpXJGotW/1nqJK9yPfyskPNt5CMAjdZYyVT rO7WDnB7JbZdMTIbdemMn6SrFgMyab2uSahqtG7on9LhFeGu8XP9iSFjNxSnIHwZkC9BS7NQaTc I X-Received: by 2002:a05:600c:190e:b0:42c:b95c:65ba with SMTP id 5b1f17b1804b1-42e7abe51bbmr76992835e9.6.1727098892574; Mon, 23 Sep 2024 06:41:32 -0700 (PDT) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-42e7543f3f4sm127581605e9.16.2024.09.23.06.41.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Sep 2024 06:41:32 -0700 (PDT) From: "its_Giaan (Code Review)" X-Google-Original-From: "its_Giaan (Code Review)" X-Gerrit-PatchSet: 1 Date: Mon, 23 Sep 2024 13:41:31 +0000 To: plaisthos , flichtenheld Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: Ic66eccb5058fe9c0fae64d8e2ca88728068a92ab X-Gerrit-Change-Number: 765 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: 09cba15c696b7537b93f1c2a861af5a267319dd4 References: Message-ID: <9b77ecdf4ba9bc5d24a2113a16cd5ea24c065b62-HTML@gerrit.openvpn.net> MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -1.1 (-) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit Content analysis details: (-1.1 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.128.54 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.9 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.54 listed in wl.mailspike.net] 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML X-Headers-End: 1ssjJw-0006rr-Bs Subject: [Openvpn-devel] [S] Change in openvpn[master]: mroute: properly print protocol at the end of the string X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: gianmarco@mandelbit.com, arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net, frank@lichtenheld.com Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1810994468147916938?= X-GMAIL-MSGID: =?utf-8?q?1810994468147916938?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/765?usp=email to review the following change. Change subject: mroute: properly print protocol at the end of the string ...................................................................... mroute: properly print protocol at the end of the string mroute: substitute unused field with proto Rather than adding a new field 'proto', take advantage of the 'unused' field and rename it. Hashing will now start at the 'proto' field rather than 'type'. MULTI: ensure we've got the correct protocol with virtual addresses MULTI: ensure we've got the same value as protocol for vaddresses Change-Id: Ic66eccb5058fe9c0fae64d8e2ca88728068a92ab Signed-off-by: Gianmarco De Gregori --- M src/openvpn/forward.c M src/openvpn/mroute.c M src/openvpn/mroute.h M src/openvpn/mtcp.c M src/openvpn/mudp.c M src/openvpn/multi.c 6 files changed, 27 insertions(+), 12 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/65/765/1 diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 7559a71..1357cad 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -1129,13 +1129,16 @@ decrypt_status = openvpn_decrypt(&c->c2.buf, c->c2.buffers->decrypt_buf, co, &c->c2.frame, ad_start); - if (!decrypt_status - /* all sockets are of the same type, so just check the first one */ - && link_socket_connection_oriented(c->c2.link_sockets[0])) + for (int i = 0; i < c->c1.link_sockets_num; i++) { - /* decryption errors are fatal in TCP mode */ - register_signal(c->sig, SIGUSR1, "decryption-error"); /* SOFT-SIGUSR1 -- decryption error in TCP mode */ - msg(D_STREAM_ERRORS, "Fatal decryption error (process_incoming_link), restarting"); + if (!decrypt_status + /* all sockets are of the same type, so just check the first one (not anymore!) */ + && link_socket_connection_oriented(c->c2.link_sockets[i])) + { + /* decryption errors are fatal in TCP mode */ + register_signal(c->sig, SIGUSR1, "decryption-error"); /* SOFT-SIGUSR1 -- decryption error in TCP mode */ + msg(D_STREAM_ERRORS, "Fatal decryption error (process_incoming_link), restarting"); + } } } else diff --git a/src/openvpn/mroute.c b/src/openvpn/mroute.c index 6c8e8dd..3a0224e 100644 --- a/src/openvpn/mroute.c +++ b/src/openvpn/mroute.c @@ -421,7 +421,6 @@ { buf_printf(&out, ":%d", ntohs(maddr.v4.port)); } - buf_printf(&out, ":%d", maddr.proto); } break; @@ -454,6 +453,7 @@ buf_printf(&out, "UNKNOWN"); break; } + buf_printf(&out, "|%d", maddr.proto); return BSTR(&out); } else diff --git a/src/openvpn/mroute.h b/src/openvpn/mroute.h index fd1dbfe..e844c21 100644 --- a/src/openvpn/mroute.h +++ b/src/openvpn/mroute.h @@ -74,9 +74,8 @@ struct mroute_addr { uint8_t len; /* length of address */ - uint8_t unused; - uint8_t type; /* MR_ADDR/MR_WITH flags */ uint8_t proto; + uint8_t type; /* MR_ADDR/MR_WITH flags */ uint8_t netbits; /* number of bits in network part of address, * valid if MR_WITH_NETBITS is set */ union { @@ -221,7 +220,7 @@ mroute_addr_hash_ptr(const struct mroute_addr *a) { /* NOTE: depends on ordering of struct mroute_addr */ - return (uint8_t *) &a->type; + return (uint8_t *) &a->proto; } static inline uint32_t diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c index 73f6bcc..1eb28ec 100644 --- a/src/openvpn/mtcp.c +++ b/src/openvpn/mtcp.c @@ -56,6 +56,7 @@ mi = multi_create_instance(m, NULL, ls); if (mi && !proto_is_dgram(ls->info.proto)) { + mi->real.proto = ls->info.proto; struct hash_element *he; const uint32_t hv = hash_value(hash, &mi->real); struct hash_bucket *bucket = hash_bucket(hash, hv); diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c index a7e6e1d..f9efcd5 100644 --- a/src/openvpn/mudp.c +++ b/src/openvpn/mudp.c @@ -193,6 +193,7 @@ struct multi_instance *mi = NULL; struct hash *hash = m->hash; real.proto = ls->info.proto; + m->local.proto = real.proto; if (mroute_extract_openvpn_sockaddr(&real, &m->top.c2.from.dest, true) && m->top.c2.buf.len > 0) diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 2d4fbe7..4a6dd52 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -1156,11 +1156,12 @@ */ static struct multi_instance * multi_get_instance_by_virtual_addr(struct multi_context *m, - const struct mroute_addr *addr, + struct mroute_addr *addr, bool cidr_routing) { struct multi_route *route; struct multi_instance *ret = NULL; + addr->proto = 0; /* check for local address */ if (mroute_addr_equal(addr, &m->local)) @@ -1246,6 +1247,7 @@ CLEAR(remote_si); remote_si.addr.in4.sin_family = AF_INET; remote_si.addr.in4.sin_addr.s_addr = htonl(a); + addr.proto = 0; ASSERT(mroute_extract_openvpn_sockaddr(&addr, &remote_si, false)); if (netbits >= 0) @@ -3346,6 +3348,14 @@ bool ret = true; bool floated = false; + /* + * Since we don't really need the protocol on vaddresses for internal VPN + * payload packets, make sure we have the same value to void hashing insert + * and search issues. + */ + src.proto = 0; + dest.proto = src.proto; + if (m->pending) { return true; @@ -3412,7 +3422,6 @@ 0, &c->c2.to_tun, DEV_TYPE_TUN); - /* drop packet if extract failed */ if (!(mroute_flags & MROUTE_EXTRACT_SUCCEEDED)) { @@ -3550,6 +3559,8 @@ const int dev_type = TUNNEL_TYPE(m->top.c1.tuntap); int16_t vid = 0; + src.proto = 0; + dest.proto = src.proto; #ifdef MULTI_DEBUG_EVENT_LOOP printf("TUN -> TCP/UDP [%d]\n", BLEN(&m->top.c2.buf));