From patchwork Tue Sep 24 13:14:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 3868 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:10cd:b0:5b9:581e:f939 with SMTP id j13csp2740208mae; Tue, 24 Sep 2024 06:14:56 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCUmF7dooYfB+3DA9lARkFQQ1BjNPr4RWLl6J5fyxUNAMYCTeRtSyM2w3x4AlCVFSACY9n0LlVpmHs4=@openvpn.net X-Google-Smtp-Source: AGHT+IGAPoCXTvc4Nqc7RugR7PzdowuWGMs2B8LapgysZxlWzkD1QoKLbfzTEmeDIcJZKDVX/SZr X-Received: by 2002:a05:6870:b50e:b0:25e:1edb:5bcf with SMTP id 586e51a60fabf-2803a57b3efmr8927554fac.6.1727183696520; Tue, 24 Sep 2024 06:14:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1727183696; cv=none; d=google.com; s=arc-20240605; b=eMDKiK8g5fmt68IDMj8uockMiZRKCc6Nx0z5nfhluv8RSVqfgFgnZhMEpEPFWuDqRC VmT06/Md+L8cLxuOwRXX2T3izB2UdI3aTIKJHH/+nvdWrubHjrf13YYmCJ/uTGJdv3Zk MXgo8YH46KfrOVUgqN9sw7jLy1ZUfE6je8Nme0EeR+PKSVXcI9oJtpUynn1DCX9hPCh7 RMODMQEBZvGF1uTECvZ8QIwpdy+c5l5lgGTx5ukDK5LNlsxkzFZd07J+oGecODvcWwvU dqJvGn9PfVz8Ky7QpAffN8Fn5nL5l0ugjQRGsqgVRBTSKXGzo58XNqcz3pen0IJPLOBJ igkg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=EgOoCz0sCHJvhkl4gBNd4t/dhtE036sZxErGSPswq00=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=aDugTMuQ8OpKHiQ0gKTdZV84Y0QLrdr4IX64Ii6TgrrVAr7LowvJmLXB6eFxvG8Ebl cGr6RHZaL10SQJB4AxjRp3OHBy7EvUUpgxXnEv2PAHixJ4VFftCOCNbkOwkFGbTMDN5H 70IBA1ofDPlz+wIyP+3HFZfceCZ/HBry1ZCQWPABasn9nKyX4qnoOwimwLT/VRrQ1G2o Qn5ANeRGrlXxR7ujDYzsKfkyWoY3JdwUYBqv999wXPZChwyEVZMwOPJinTSOT0qt7v0G Vb7+YfpC7U0GBkB5X3mAOEZAx31+PVl69zc531wkfADxuLFS/DK/AVO1k/fsCgEruyAY c2lw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=mG+Ah+HT; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=W7WK7rao; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-283afac65fdsi631060fac.212.2024.09.24.06.14.55 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 24 Sep 2024 06:14:56 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=mG+Ah+HT; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=W7WK7rao; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1st5NU-0007zr-WC; Tue, 24 Sep 2024 13:14:53 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1st5NS-0007zj-MG for openvpn-devel@lists.sourceforge.net; Tue, 24 Sep 2024 13:14:50 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=c6Jnk5ZTlpn+v9rQjpXYsqjqRTqVT9bmT1WH1GfDejI=; b=mG+Ah+HTqtruw7vT1G1eHjuCvf RouSmgNY6QQh4YynnGHvM+QS63ljTozYYEu3l380EBkaRndkFTAfaZ58tN/nDgefAHzltpd6T/2/7 VN4w03C7jVnVOB0Nw9+66ZAxvOZfWZDhSQ3iAmFAuiYrV8fj4F2T6l90eOYN4+6RR0AI=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=c6Jnk5ZTlpn+v9rQjpXYsqjqRTqVT9bmT1WH1GfDejI=; b=W7WK7raoNn++H/zJYPwi/hpnu6 oYqHRZrnGTQVea+wlZ2EcBd6IVc0VCvlNKT75TDedgBRJJAuWr6NXwag4yZUODOh5WUQtYTY3+OWG S8fRWJV4H/BqXyQEfZDYRhOAiwQzDam0Wxc8nDuhmg1qQgMkg1AoRAPjW+g2cG2gnncY=; Received: from dhcp-174.greenie.muc.de ([193.149.48.174] helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1st5NR-0002Lt-HS for openvpn-devel@lists.sourceforge.net; Tue, 24 Sep 2024 13:14:50 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 48ODEcIk022304 for ; Tue, 24 Sep 2024 15:14:38 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 48ODEcNJ022303 for openvpn-devel@lists.sourceforge.net; Tue, 24 Sep 2024 15:14:38 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Tue, 24 Sep 2024 15:14:37 +0200 Message-ID: <20240924131437.22294-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.44.2 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: -0.0 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Arne Schwabe Change-Id: I0a2957699757665d70514ba7cafe833443018ad6 Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Content analysis details: (-0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1st5NR-0002Lt-HS Subject: [Openvpn-devel] [PATCH v11] Automatically enable ifconfig-exec/route-exec behaviour for afunix tun/tap X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1811083371785541274?= X-GMAIL-MSGID: =?utf-8?q?1811083371785541274?= From: Arne Schwabe Change-Id: I0a2957699757665d70514ba7cafe833443018ad6 Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/750 This mail reflects revision 11 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/src/openvpn/init.c b/src/openvpn/init.c index cd9203a..876edad 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -1679,6 +1679,18 @@ #endif /* ifdef ENABLE_MANAGEMENT */ } +/** + * Determine if external route commands should be executed based on + * configured options and backend driver + */ +static bool +route_noexec_enabled(const struct options *o, const struct tuntap *tt) +{ + return o->route_noexec + || (tt && tt->backend_driver == DRIVER_AFUNIX) + || (tt && tt->backend_driver == DRIVER_NULL); +} + /* * Possibly add routes and/or call route-up script * based on options. @@ -1693,7 +1705,7 @@ openvpn_net_ctx_t *ctx) { bool ret = true; - if (!options->route_noexec && ( route_list || route_ipv6_list ) ) + if (!route_noexec_enabled(options, tt) && ( route_list || route_ipv6_list ) ) { ret = add_routes(route_list, route_ipv6_list, tt, ROUTE_OPTION_FLAGS(options), es, ctx); @@ -1858,6 +1870,19 @@ #endif } +/** + * Determines if ifconfig execution should be disabled because of a + * @param c + * @return + */ +static bool +ifconfig_noexec_enabled(const struct context *c) +{ + return c->options.ifconfig_noexec + || (c->c1.tuntap && c->c1.tuntap->backend_driver == DRIVER_AFUNIX) + || (c->c1.tuntap && c->c1.tuntap->backend_driver == DRIVER_NULL); +} + static void open_tun_backend(struct context *c) { @@ -1937,7 +1962,7 @@ } /* do ifconfig */ - if (!c->options.ifconfig_noexec + if (!ifconfig_noexec_enabled(c) && ifconfig_order(c->c1.tuntap) == IFCONFIG_BEFORE_TUN_OPEN) { /* guess actual tun/tap unit number that will be returned @@ -1978,7 +2003,7 @@ } /* do ifconfig */ - if (!c->options.ifconfig_noexec + if (!ifconfig_noexec_enabled(c) && ifconfig_order(c->c1.tuntap) == IFCONFIG_AFTER_TUN_OPEN) { do_ifconfig(c->c1.tuntap, c->c1.tuntap->actual_name, @@ -2061,7 +2086,7 @@ if (c->c1.tuntap) { - if (!c->options.ifconfig_noexec) + if (!ifconfig_noexec_enabled(c)) { undo_ifconfig(c->c1.tuntap, &c->net_ctx); } diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index 206ddc0..85fe01a 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -1744,7 +1744,7 @@ void undo_ifconfig(struct tuntap *tt, openvpn_net_ctx_t *ctx) { - if (tt->backend_driver != DRIVER_NULL) + if (tt->backend_driver != DRIVER_NULL && tt->backend_driver != DRIVER_AFUNIX) { if (tt->did_ifconfig_setup) {