From patchwork Wed Jan 29 11:30:58 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "cron2 (Code Review)" X-Patchwork-Id: 4102 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:6a49:b0:5e7:b9eb:58e8 with SMTP id v9csp975238mat; Wed, 29 Jan 2025 03:31:20 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCWcD5UzI3WV0Oo8QcvbwTYkoYA0Zln9e+OyYv3wBRY9ERPg4g+dpUIRlhHeP1ZpAYtKzqALiPk+ge8=@openvpn.net X-Google-Smtp-Source: AGHT+IEOzvEaP8Ech8I6x9dSpc+SjzyRIKbLoP4JU1/k9fr6W5dID1/W9uGousAkKQL0XTxPWUuu X-Received: by 2002:a05:6830:631c:b0:71d:5a8a:1a29 with SMTP id 46e09a7af769-726567793fbmr1283769a34.14.1738150280254; Wed, 29 Jan 2025 03:31:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1738150280; cv=none; d=google.com; s=arc-20240605; b=A95K+JnuycEbOxEpEVuNsol+5nTIjrrDVBKJbyf9bAhI2Te6NInBMel2a39iqaGhyt UKaQaw57IvLxvPthd85i0YbZ4hcmRhgClMZTu2nCVqYz1JZVK8S6HD0Q0Ozo1XBu3Hj7 4XfqA4lK4KXhWueJFNYe4h7dV8B+CC9Ozkr70dWBNtFz9skScBSFPumT7/Dr6mRgOZlQ szJSfpyPv8eBkJK+wYTa+KVO+X5Y0KhGo3QN51gk44uKpXc3AsyOvqK8KLrI4D+wQPG7 tdl9bKA68fNYd612Bq7+kA7d+eyYqrrGsW03awRTgAiwy7QnBYFYRWbzrir7w4DFHhZK QFjg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=xbPt+eSmhy/MkAOpz7uKQPhMniXXYj25WKTTSUKcWQY=; fh=U7wEyxtwz2o5+UdevFSA47vNeG9knhWH0KV//QhD5a0=; b=Lt7Yl2OxctA3M+FTQRdPvuEop95r+2vhjqEIpUrq0BSHEaw8S80bxgitGqZzufhmCz YwM0sXzHdvgaE6tXnH1gAHCGZHgjKGhrjU1bX4YZrZXc78/mKMx+DSRNiBDFNKuN4sEy vFp8TmmzKBWLkkMCs4wS63gDbEuCJnLErURRGDZeu8W58fBXQSW67aL+zAsYpEidnPIN cNbMGYIsI4m7Iucn4XfZuwJG24kQp6EgOl4B67TM5WyKf36nMKywndF2PTauQfs7Qfim I5Wcj6Vs6g8N+3tGB0nJ+YiltiOA7rPh9mIJ5XQVmqSH9Y3wWIfcHcrVi9DY/18ewuZo KINA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=E8mcleUO; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=Tmeb5cQ+; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=EUSgBjsh; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 46e09a7af769-724ecda4371si9421918a34.52.2025.01.29.03.31.20 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 29 Jan 2025 03:31:20 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=E8mcleUO; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=Tmeb5cQ+; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=EUSgBjsh; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1td6Hr-0008QN-Ng; Wed, 29 Jan 2025 11:31:15 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1td6Hp-0008QE-2r for openvpn-devel@lists.sourceforge.net; Wed, 29 Jan 2025 11:31:12 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=wDg9ARPbfMW2AFF3WH8Lsd0JGeAI9wnV+4XRZoZ4B4Q=; b=E8mcleUOcM6CXPbqhB0N4XQRua S1zLb0IZXpvsTdVC9G4+U19prLIYjm5l7KxmhJKTNgRZp7o3xc8FmZrAvwML7LFc4nTkFqnXGnvBC i6dItT30WeXKcyLLQPc/UdQBlBBkarNBmhwFa9w1+G33kzJxLZfANDwMnQw4byVakmYU=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=wDg9ARPbfMW2AFF3WH8Lsd0JGeAI9wnV+4XRZoZ4B4Q=; b=T meb5cQ+UtMfPRTvAm2kcbaDnUaw1fuYozQQ7Kd1Qq3TFj98+bbthfG12W0c9KtDr4auMu/hHrqoWY 5cH858vFjEHMxnEhdACHKOAUS4RouFHLYGokZg2tO04FnYs8aiKZY3PzKD9zS0BPUtZEE9alBdj7g yvsBglOSuVKujshQ=; Received: from mail-wm1-f54.google.com ([209.85.128.54]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1td6Hn-00055A-3h for openvpn-devel@lists.sourceforge.net; Wed, 29 Jan 2025 11:31:12 +0000 Received: by mail-wm1-f54.google.com with SMTP id 5b1f17b1804b1-4361f796586so74250525e9.3 for ; Wed, 29 Jan 2025 03:31:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1738150259; x=1738755059; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=wDg9ARPbfMW2AFF3WH8Lsd0JGeAI9wnV+4XRZoZ4B4Q=; b=EUSgBjshldaY7KaCqZkDGvG7X2Q0rn2rclRyhDHNONya32KI71BOxjMgKc3tuXqaSI 3kz5ODDQNbcs/9tgsTiCVMElC8+B2SpQjc9wqNuxRw0fglGfWUqVt3zzGrMuzbfmrS4G f3+ewBW+/o+RvnXmd77DTXKWhN7cP6TXfvvbiqC9mX0wgmWmGioxTV1WCrxtaeWHkRWL CD0I1l6prvHqzhc/3fvAaTimEu9RVMARAa68KhMSWOfDkGJUCYs1KObXeVQ0tISflvJx B6IxNpfT42VCVO3hS1Tw+vZHIeciErraSM06wWso/4vNYNN/PSKRiuS/OTMQaeV9IINC ZpKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738150259; x=1738755059; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=wDg9ARPbfMW2AFF3WH8Lsd0JGeAI9wnV+4XRZoZ4B4Q=; b=hEFbYO8F4jMYsJ3Y1HiNcdgBZ1VBQRt8c76kvfUND0PdqWVwQNzNajCxlKcQxPHOmu iNLm20fSlFYbTaI8ht4XjHuA68QXNjxl4MXEYMj+n9S3C/U6n6DH2y08QcbzJh6kd/o8 RUkUHwDu7Gk8fJfieC/CfHFcrWDW65AfGBt0yfoN6l0wMg7xMPz5M6Gnz6l9rLWlvxch 4+tz4iATwsRR9eygZb45Kk7R2dRx/sYBS2imMA58t5RKlhOH3+dcSRfhVpDbm53uHo3O y6whgqBMBs2U1t81eTp5dxkv8zjJxQzlCCigz0DLJJWrDXRlsduecZ0wZU2faIQhwWHJ 9yzw== X-Gm-Message-State: AOJu0YwsHr8ek50OhRi0WDPYPLV3BJUdE+yRnKdf2O7GCzAo9a7O/XC+ x8ahKKPLOQlyIzzBtBRw68/hjSYMORcFwgqSGoVW4BOzeOzlbfQYz9Z2+wsykld0qTeKq/V/T8k G X-Gm-Gg: ASbGncshiOD9rX0Q7hwhC9mwmqwFId/NaZ5Kmu+DusVDm+aWcidAXhhnEHmyet0/Op7 GsqPzZxBytHLtW2GoqzM2ezhgeLMNksc30lPdTuE7WZ/SIKPDHIG7X4cU9P1y3yuptRZbEt0BYG WbxYmYKGw07aRaoIhJi9AbAQaTPTupmwE0AoH05nJCB0x0YOcAQl+cHYa0hJE+y6fjXmUuEx8MB Fkr+c9eSAQiaHDKDUOBTti6hofS6Luwj+i6aFOYpfKPIhqlqL9Quv8Fv7yoiXaIDPL6Ui99Q6Zk rZfxoe7+ZxnRI/xkX0Pdpifk9kMjkph9sGmpuAAPd86gfW49oVDICgfPvDEKzKHzP+S2Gy9KIP5 Vt3FadAU= X-Received: by 2002:a05:600c:4e87:b0:434:fddf:5c0c with SMTP id 5b1f17b1804b1-438dc3ab5afmr24131935e9.4.1738150259334; Wed, 29 Jan 2025 03:30:59 -0800 (PST) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-438dcc6dfb5sm20128705e9.31.2025.01.29.03.30.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 Jan 2025 03:30:58 -0800 (PST) From: "cron2 (Code Review)" X-Google-Original-From: "cron2 (Code Review)" X-Gerrit-PatchSet: 1 Date: Wed, 29 Jan 2025 11:30:58 +0000 To: plaisthos , flichtenheld Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: Ic438c583a782035ecb9b5ea65702a768ae2585f5 X-Gerrit-Change-Number: 881 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: e1a4075bb7757bfb3eed19ec4d30171f8f3fb039 References: Message-ID: MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.128.54 listed in bl.score.senderscore.com] 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.128.54 listed in sa-accredit.habeas.com] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.128.54 listed in list.dnswl.org] 0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.54 listed in wl.mailspike.net] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML X-Headers-End: 1td6Hn-00055A-3h Subject: [Openvpn-devel] [S] Change in openvpn[master]: options: add IPv4 support to '--show-gateway ' X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: gert@greenie.muc.de, arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net, frank@lichtenheld.com Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1822582668416315727?= X-GMAIL-MSGID: =?utf-8?q?1822582668416315727?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/881?usp=email to review the following change. Change subject: options: add IPv4 support to '--show-gateway ' ...................................................................... options: add IPv4 support to '--show-gateway ' This is an old debug option, which used to print "the default routes found" for IPv4 and IPv6, and optionally "a route to a particular IPv6 target" if passed an argument. With the work started in commit 0fcfc8381f60d we want this to handle IPv4 as well, mostly to be able to easily test per-platform get_default_gateway() implementations. The implementation is simplistic - if can be parsed as an IPv4 or IPv6 address, that particular protocol lookup will do "the host route" and the other one will stick to "the default route". Change-Id: Ic438c583a782035ecb9b5ea65702a768ae2585f5 Signed-off-by: Gert Doering --- M doc/man-sections/advanced-options.rst M src/openvpn/options.c 2 files changed, 18 insertions(+), 8 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/81/881/1 diff --git a/doc/man-sections/advanced-options.rst b/doc/man-sections/advanced-options.rst index d5a6b4f..e1115e4 100644 --- a/doc/man-sections/advanced-options.rst +++ b/doc/man-sections/advanced-options.rst @@ -9,13 +9,17 @@ :: --show-gateway + --show-gateway IPv4-target --show-gateway IPv6-target + For IPv4 it looks for a 0.0.0.0/0 route, or the specified IPv4 address + if the target can be parsed as an IPv4 address. For IPv6 this queries the route towards ::/128, or the specified IPv6 - target address if passed as argument. - For IPv4 on Linux, Windows, MacOS and BSD it looks for a 0.0.0.0/0 route. - If there are more specific routes, the result will not always be matching - the route of the IPv4 packets to the VPN gateway. + target address if the argument is an IPv6 address. + + Adding a target is helpful for diagnostics to see if OpenVPN will do + the right thing if there are more specific IPv4/IPv6 routes to a + VPN server. Advanced Expert Options diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 5a80e6b..2897961 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -5858,16 +5858,22 @@ { struct route_gateway_info rgi; struct route_ipv6_gateway_info rgi6; - struct in6_addr remote = IN6ADDR_ANY_INIT; + in_addr_t remote_ipv4 = 0; + struct in6_addr remote_ipv6 = IN6ADDR_ANY_INIT; openvpn_net_ctx_t net_ctx; VERIFY_PERMISSION(OPT_P_GENERAL); if (p[1]) { - get_ipv6_addr(p[1], &remote, NULL, M_WARN); + /* try parsing the argument as a v4 or v6 address - if + * possible, the output will show the exact route there, and + * "the default route" for the other protocol + */ + remote_ipv4 = get_ip_addr(p[1], M_WARN, NULL); + get_ipv6_addr(p[1], &remote_ipv6, NULL, M_WARN); } net_ctx_init(NULL, &net_ctx); - get_default_gateway(&rgi, 0, &net_ctx); - get_default_gateway_ipv6(&rgi6, &remote, &net_ctx); + get_default_gateway(&rgi, remote_ipv4, &net_ctx); + get_default_gateway_ipv6(&rgi6, &remote_ipv6, &net_ctx); print_default_gateway(M_INFO, &rgi, &rgi6); openvpn_exit(OPENVPN_EXIT_STATUS_GOOD); /* exit point */ }