From patchwork Tue Oct 7 16:08:18 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4472 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:7d42:b0:72f:f16c:e055 with SMTP id fr2csp364094mab; Tue, 7 Oct 2025 09:08:46 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCUxOtrtzAElbNocuY2HXtNtb+A/JKGpZlPI1GIa7rWXOOg57Z+VM4V7vE//4O2DKMgS5AWqx/ABcHo=@openvpn.net X-Google-Smtp-Source: AGHT+IG3LlVmn5oVBRKYNgBVc/49NCOYPdpY+xOU6TLSpWZniMF1E7pZ+ykqOF7qF90daAA0FDuy X-Received: by 2002:a05:6808:1a27:b0:43f:9c1d:ae82 with SMTP id 5614622812f47-4417b2c3b21mr45254b6e.2.1759853326409; Tue, 07 Oct 2025 09:08:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1759853326; cv=none; d=google.com; s=arc-20240605; b=SZXb6v7FP9dQTMhBzhPemHjwoHFuxWGwoyqMi38zOq53PfEGT6GNzEZ5TxBn9mEgPd jAgKZGdY6aJtZrV+DIJ6DVbHgty8lMAjjuq8PiOzgX+uTbi27ofa+RLcVUa+PaNSNCO/ w5KL09MgGQa0BHoJiTNcw+09LCOZuiiX8Y+iiPM7QAdrhVgsH7CXb1vhT8PMBbUabxaw S/Wmm3+aOskPAWp8+EO33Tp6thZhzQRh/kr5yh51nb1oKQoWjx40bP1eJf8Tye/LzHlt YZKHgAkPDhOv+u5eWkEiKgy2idFZvO5UOdalrUZZGLsdmtnZUo971BmslbWvE69AAiiY 9NFQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=StryDEZL8vifbrgissOnONq1JhXzg3p8/ivphK6eWv4=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=MJZsVcF1vHDJcAOMXYFbRyak7tiEkS2XHyqMzu651YVt6xmJDkW+gbdwfePzUA1cif eyp/WmC0tGk3EhHjEA0Vi45YwoqQ0OUV7slnXFY4JGgNx4kcRmwmPtlHGZTUQKnmbNHF HJmXAQhnGB0xXXTo8GmI2d7qYUnVe9hYxyHPaMu5KNlNf/CGmesdMzBZR6IP3IgZBjjg c/DnSh5mXd+p5kPWte40kr15PTQ/yQa8oCm/rla/ciDbYU/kbfKKyLQPBwDhZjUPwKb6 nD0kVcx85hd+XKcMQGyWC1fv14Goy3AErgphUZynk0W7iSjG8k65IYmUgpnhz5HNqhBo zbxQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=KNMl38Kl; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=QJM4jpx0; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=BMctcSAr; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 5614622812f47-43fc184a1f4si3128659b6e.81.2025.10.07.09.08.45 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 07 Oct 2025 09:08:45 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=KNMl38Kl; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=QJM4jpx0; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=BMctcSAr; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=StryDEZL8vifbrgissOnONq1JhXzg3p8/ivphK6eWv4=; b=KNMl38KlBjITsfN2Zv2LOePcb9 Ne4a47rGBZsrHA8hv6vv8a7L7r9kQKPnQSIIRPr//D2wLMKFu/90lW0l7d/Ab4te9x9B9OlIGyarM uKgQMjCjrknvBSpMpC4t2iTPudcxs/YKOfM8VA0Of+t3bzgCUm2/vWBHMP9O5MhYjYuc=; Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1v6AF1-00053y-4z; Tue, 07 Oct 2025 16:08:43 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1v6AEy-00053q-To for openvpn-devel@lists.sourceforge.net; Tue, 07 Oct 2025 16:08:41 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Gu1Y0iNSEgheF/abDae6I3iPnBh6PHROYHXWDxsEjgM=; b=QJM4jpx0mJAt5paCwHOqDwSeVk bhosVbLJ93kgNw9ocBlgOQtIXI4ZlNu6926wXhQSXXGoWPVwWT/pdbDoBoROsGd3Zp0zG0lJM+Xel zhNu5FFpiaoas5KAnE3OXbWSAOPCtqc8ltzc2PiZnRlbmnXxPf/TJnM8FWxn3geI3/YU=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Gu1Y0iNSEgheF/abDae6I3iPnBh6PHROYHXWDxsEjgM=; b=BMctcSArmz+LqKkzmsb570JUSR WIROkKJKnJvjIbNZ+yagHQxmVLoB18bcXngIpK8wB1Qpcwp31nKc9AaqzAHgdEQtqxTboA7Oy204l cZU7GEWaJA4A/S0HmyYtFqe2UmOX/5EzYUKI+per4skNR2rKk57jCjZbz7SolAQ8O9jM=; Received: from [193.149.48.134] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1v6AEx-00085U-Tp for openvpn-devel@lists.sourceforge.net; Tue, 07 Oct 2025 16:08:40 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 597G8ScY004637 for ; Tue, 7 Oct 2025 18:08:28 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 597G8RMr004636 for openvpn-devel@lists.sourceforge.net; Tue, 7 Oct 2025 18:08:27 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Tue, 7 Oct 2025 18:08:18 +0200 Message-ID: <20251007160826.4614-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.49.1 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Arne Schwabe Also adjust style a bit to C99 Change-Id: Ief1495b52ea81cac35d78e40264372d3869423f1 Signed-off-by: Arne Schwabe Acked-by: Gert Doering Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1191 [...] Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1v6AEx-00085U-Tp Subject: [Openvpn-devel] [PATCH v5] Allow route_ipv6_match_host to be used outside of route.c X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1845339960976152164?= X-GMAIL-MSGID: =?utf-8?q?1845339960976152164?= From: Arne Schwabe Also adjust style a bit to C99 Change-Id: Ief1495b52ea81cac35d78e40264372d3869423f1 Signed-off-by: Arne Schwabe Acked-by: Gert Doering Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1191 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1191 This mail reflects revision 5 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/src/openvpn/route.c b/src/openvpn/route.c index 05a0c8f..0044794 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -710,25 +710,20 @@ return ret; } -/* check whether an IPv6 host address is covered by a given route_ipv6 - * (not the most beautiful implementation in the world, but portable and - * "good enough") - */ -static bool -route_ipv6_match_host(const struct route_ipv6 *r6, const struct in6_addr *host) +bool +ipv6_net_contains_host(const struct in6_addr *network, unsigned int bits, const struct in6_addr *host) { - unsigned int bits = r6->netbits; - int i; - unsigned int mask; - + /* not the most beautiful implementation in the world, but portable and + * "good enough" */ if (bits > 128) { return false; } + int i; for (i = 0; bits >= 8; i++, bits -= 8) { - if (r6->network.s6_addr[i] != host->s6_addr[i]) + if (network->s6_addr[i] != host->s6_addr[i]) { return false; } @@ -739,9 +734,9 @@ return true; } - mask = 0xff << (8 - bits); + unsigned int mask = 0xff << (8 - bits); - if ((r6->network.s6_addr[i] & mask) == (host->s6_addr[i] & mask)) + if ((network->s6_addr[i] & mask) == (host->s6_addr[i] & mask)) { return true; } @@ -830,7 +825,8 @@ * avoiding routing loops, so ignore this part and let * need_remote_ipv6_route always evaluate to false */ - if (remote_host_ipv6 && route_ipv6_match_host(r6, remote_host_ipv6)) + if (remote_host_ipv6 + && ipv6_net_contains_host(&r6->network, r6->netbits, remote_host_ipv6)) { need_remote_ipv6_route = true; msg(D_ROUTE, diff --git a/src/openvpn/route.h b/src/openvpn/route.h index c5006ae..54fa137 100644 --- a/src/openvpn/route.h +++ b/src/openvpn/route.h @@ -426,4 +426,17 @@ return rl && BOOL_CAST(rl->iflags & RL_DID_REDIRECT_DEFAULT_GATEWAY); } + +/** + * check whether an IPv6 host address is covered by a given network/bits + * @param network the network address + * @param bits the network mask + * @param host the host address to be checked if it is contained by the network + * + * @return true if the host address is covered by the network with the given + * network mask by bits + */ +bool +ipv6_net_contains_host(const struct in6_addr *network, unsigned int bits, const struct in6_addr *host); + #endif /* ifndef ROUTE_H */