From patchwork Fri Jan 24 20:51:35 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4078 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:c127:b0:5e7:b9eb:58e8 with SMTP id jm39csp1067022mab; Fri, 24 Jan 2025 12:52:01 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCWf5I9xzSu4d2bdgdKpeKna9jbkAgH8FUibD1R4ukLnyBgsSQCnKfHXoQoMIKS0v/v1gXSkhOkzbP0=@openvpn.net X-Google-Smtp-Source: AGHT+IGc3wkiJMd61GsUZUuToCPPSsseaQWiOK18aGUhYwHsXTgm3UiQSqjblZoaI7wOJ8viphJ+ X-Received: by 2002:a05:6808:3c46:b0:3eb:3b6e:a731 with SMTP id 5614622812f47-3f19fc3f1a3mr19667962b6e.6.1737751920945; Fri, 24 Jan 2025 12:52:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1737751920; cv=none; d=google.com; s=arc-20240605; b=OJPN4tOrVjubj0IOMbCrP0YUrNUDZtAPehBvbZbwkH7IE5u2wLAr0Mz7B8ALpnXO0d a69Fu28D7apVv9uPDAQOhLFRHOrCyMdyKGmmJYFhlCI0CRNRBFj8gcYkl1+IWcNXRGR1 R2KrmihZPGQN0GZV0ng+jqNpIhQX0WYfVYgl+oSGsV1KuJbvf/2kCT2zFrz43H8IiJIs qvpoPPK0rY4q+FJchEC1yv2rOd2yHjZv1Ao/HmedkDHIJ46+YuYgrZPZNoU12Cr0RXbh Ab0JlQ8rWAKffUs9akYhhcPKpASp2GZLZF9OypxEJQlhV/pFkoDmswEue1teH+gByBNB 7hPg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=mmlIPSlLI4tCWBxFuDyTtX/GEoitNiTS5QojnJoMqdA=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=Ld1D70EWtcgjGIWjuiEZTvBwT3/GWjXAi+m3Wdt6hVXgv+RneWSxQzwJprjCusEnYn RWWcFgkk4JSb5ElKtxcO/cyWLuMSXPBoNRDEsvlQWfAvF59QSA1KuxGaOfr+gPMjUmIV QInemR6g+89zUN1eRqYeQYXoX+eF4HLxqPb/8qcadLsSdwK3rnTu7x/QNvIxFa3NC9ho FQixeAySdhNVeIo+moYWHMajmZHP3QQDSU0SWvLWe7LYN76cmXAAG7jkE4/BbAZNcURr JS+8r2AnPsdsGGV4YG9Zy+sEke1iBaCFOLoxUfurs28BswWLrDhsqI4JZLXXD9cBHBj5 HBcA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=kWtx7yGC; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=YFOx1JYL; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 46e09a7af769-724ecdd9c7bsi2336676a34.120.2025.01.24.12.52.00 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 24 Jan 2025 12:52:00 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=kWtx7yGC; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=YFOx1JYL; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1tbQeh-0007Vx-G4; Fri, 24 Jan 2025 20:51:56 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tbQeb-0007Vn-5G for openvpn-devel@lists.sourceforge.net; Fri, 24 Jan 2025 20:51:49 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=QSU2IEy3VWXbRUJKL1wGXbGmg0M5iJEfHdDfHIa9q3M=; b=kWtx7yGCl+qjqIP0jK4VZGhFh5 MBrabJuZ1PsIzX4P1Fh4/qfXr3408VO5h4EFDOr2HbSfj8iky79YqID0CJBkFHqrUCIrBmOP83t8N TaXI3ivc0SBpUY7thB1nqYKv8V90LIA6IQUoTVaZso2PZVLVSrLIDICB7edeAM+NUB/o=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=QSU2IEy3VWXbRUJKL1wGXbGmg0M5iJEfHdDfHIa9q3M=; b=YFOx1JYLD5L1zKqG1+6OEZbvcI QLemgbgGDAbnh/sGQpUZ5N23JTpJ7fUhm4L7TMBXJEfpBTJsMJP7xWQjinw20r7qvirexlEC65AQw rOA+L99inom223JexVgUXX6TMewEVMI8qRFkYNfua0Xcx4OBlZTEWgmeGizbmjQttgbA=; Received: from dhcp-174.greenie.muc.de ([193.149.48.174] helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1tbQea-00044Q-7C for openvpn-devel@lists.sourceforge.net; Fri, 24 Jan 2025 20:51:49 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 50OKpaNN018821 for ; Fri, 24 Jan 2025 21:51:36 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 50OKpa16018820 for openvpn-devel@lists.sourceforge.net; Fri, 24 Jan 2025 21:51:36 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Fri, 24 Jan 2025 21:51:35 +0100 Message-ID: <20250124205135.18765-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.45.2 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: -0.0 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Gianmarco De Gregori Repurposing an unused field and renaming it to 'proto' instead of introducing a new field. The hashing now begins at the 'proto' field rather than the 'type' field. Additionally, the changes ensure th [...] Content analysis details: (-0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [193.149.48.174 listed in sa-trusted.bondedsender.org] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [193.149.48.174 listed in bl.score.senderscore.com] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1tbQea-00044Q-7C Subject: [Openvpn-devel] [PATCH v17] mroute: adapt to new protocol handling and hashing improvements X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1822140206549137701?= X-GMAIL-MSGID: =?utf-8?q?1822164958392395119?= From: Gianmarco De Gregori Repurposing an unused field and renaming it to 'proto' instead of introducing a new field. The hashing now begins at the 'proto' field rather than the 'type' field. Additionally, the changes ensure that the correct protocol is consistently used with virtual addresses ensuring alignment. Change-Id: Ic66eccb5058fe9c0fae64d8e2ca88728068a92ab Signed-off-by: Gianmarco De Gregori Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/765 This mail reflects revision 17 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/src/openvpn/mroute.c b/src/openvpn/mroute.c index 80e18b7..74923cf 100644 --- a/src/openvpn/mroute.c +++ b/src/openvpn/mroute.c @@ -454,6 +454,7 @@ buf_printf(&out, "UNKNOWN"); break; } + buf_printf(&out, "|%d", maddr.proto); return BSTR(&out); } else diff --git a/src/openvpn/mroute.h b/src/openvpn/mroute.h index 8b457d4..2659695 100644 --- a/src/openvpn/mroute.h +++ b/src/openvpn/mroute.h @@ -74,7 +74,7 @@ struct mroute_addr { uint8_t len; /* length of address */ - uint8_t unused; + uint8_t proto; uint8_t type; /* MR_ADDR/MR_WITH flags */ uint8_t netbits; /* number of bits in network part of address, * valid if MR_WITH_NETBITS is set */ @@ -183,6 +183,15 @@ { unsigned int ret = 0; verify_align_4(buf); + + /* + * Since we don't really need the protocol on vaddresses for internal VPN + * payload packets, make sure we have the same value to avoid hashing insert + * and search issues. + */ + src->proto = 0; + dest->proto = src->proto; + if (tunnel_type == DEV_TYPE_TUN) { ret = mroute_extract_addr_ip(src, dest, buf); @@ -201,6 +210,10 @@ { return false; } + if (a1->proto != a2->proto) + { + return false; + } if (a1->netbits != a2->netbits) { return false; @@ -216,13 +229,13 @@ mroute_addr_hash_ptr(const struct mroute_addr *a) { /* NOTE: depends on ordering of struct mroute_addr */ - return (uint8_t *) &a->type; + return (uint8_t *) &a->proto; } static inline uint32_t mroute_addr_hash_len(const struct mroute_addr *a) { - return (uint32_t) a->len + 2; + return (uint32_t) a->len + 3; } static inline void diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c index 6d1d5a0..62ed044 100644 --- a/src/openvpn/mtcp.c +++ b/src/openvpn/mtcp.c @@ -56,6 +56,7 @@ mi = multi_create_instance(m, NULL, ls); if (mi) { + mi->real.proto = ls->info.proto; struct hash_element *he; const uint32_t hv = hash_value(hash, &mi->real); struct hash_bucket *bucket = hash_bucket(hash, hv); diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c index 6137578..4f2bbd7 100644 --- a/src/openvpn/mudp.c +++ b/src/openvpn/mudp.c @@ -192,6 +192,7 @@ struct mroute_addr real = {0}; struct multi_instance *mi = NULL; struct hash *hash = m->hash; + real.proto = ls->info.proto; if (mroute_extract_openvpn_sockaddr(&real, &m->top.c2.from.dest, true) && m->top.c2.buf.len > 0) diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 3f55dd7..9c8c014 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -794,6 +794,7 @@ { goto err; } + mi->real.proto = ls->info.proto; generate_prefix(mi); } @@ -1243,6 +1244,7 @@ CLEAR(remote_si); remote_si.addr.in4.sin_family = AF_INET; remote_si.addr.in4.sin_addr.s_addr = htonl(a); + addr.proto = 0; ASSERT(mroute_extract_openvpn_sockaddr(&addr, &remote_si, false)); if (netbits >= 0) @@ -3548,7 +3550,6 @@ const int dev_type = TUNNEL_TYPE(m->top.c1.tuntap); int16_t vid = 0; - #ifdef MULTI_DEBUG_EVENT_LOOP printf("TUN -> TCP/UDP [%d]\n", BLEN(&m->top.c2.buf)); #endif