From patchwork Thu Oct 11 07:41:54 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 545 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director9.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id OJIWJB2av1s/WQAAIUCqbw for ; Thu, 11 Oct 2018 14:44:45 -0400 Received: from proxy17.mail.ord1d.rsapps.net ([172.30.191.6]) by director9.mail.ord1d.rsapps.net with LMTP id SJYHJB2av1sVFwAAalYnBA ; Thu, 11 Oct 2018 14:44:45 -0400 Received: from smtp5.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy17.mail.ord1d.rsapps.net with LMTP id KFixIx2av1snJwAAWC7mWg ; Thu, 11 Oct 2018 14:44:45 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp5.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: b86793c8-cd85-11e8-908c-525400d73c44-1-1 Received: from [216.105.38.7] ([216.105.38.7:48304] helo=lists.sourceforge.net) by smtp5.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 14/B8-12354-C1A9FBB5; Thu, 11 Oct 2018 14:44:45 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1gAfwO-0007Vy-8Z; Thu, 11 Oct 2018 18:44:08 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1gAfwN-0007Vs-7S for openvpn-devel@lists.sourceforge.net; Thu, 11 Oct 2018 18:44:07 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=re78oq3e34rIKLkhQ5cHD0zWm3pq0qhwCb7G2lT9xEA=; b=AYI3zI+8XuPiqmFpfdg/PVLkC7 ZbupwU/3CiwYScE8DIy4k3OHcZzfDtNIq2BjLiwtFrPqUazFNQu+0yibt6li2GYIYSZMe+OkTMTMI W0/A0K3SxhN/b1I63WiyYza5ob7yOuL+YRAvUOMK0ZhPH5q8dxQQ/wTgBRM+gISZvYts=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=re78oq3e34rIKLkhQ5cHD0zWm3pq0qhwCb7G2lT9xEA=; b=COfv4tPjCs+w18etNvBqIpKyan gcMrxXyu2pdbkXRpTK8yVpG2vq5bvL5luXanQYYMExc34N9OYTSTBhoLxq9Ya0ge7GV7mDIRiHiLc zI5KE+auiFbtA0l9A2SdVV/pL46cNLcNaSio1n7TrhoVH8CawI0e831az3TINYJomAbg=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-4.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) id 1gAfwL-00GyvI-DA for openvpn-devel@lists.sourceforge.net; Thu, 11 Oct 2018 18:44:07 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Fri, 12 Oct 2018 02:41:54 +0800 Message-Id: <20181011184200.22175-2-a@unstable.cc> In-Reply-To: <20181011184200.22175-1-a@unstable.cc> References: <20181011184200.22175-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 SPF_PASS SPF: sender matches SPF record -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [5.148.176.60 listed in list.dnswl.org] X-Headers-End: 1gAfwL-00GyvI-DA Subject: [Openvpn-devel] [PATCH v2 1/7] implement platform generic networking API X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox tun.c and route.c contain all the code used by openvpn to manage the tun interface and the routing table on all the supported platforms. Across the years, this resulted in a longer functions and series of ifdefs. This patch introduces a new "networking API" which aims at creating a simple abstraction between the tun/route logic and the platform dependent code. The is API expected to be implemented outside of tun.c/route.c by using platform specific functionalities. Signed-off-by: Antonio Quartulli --- src/openvpn/Makefile.am | 1 + src/openvpn/networking.h | 278 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 279 insertions(+) create mode 100644 src/openvpn/networking.h diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am index 197e62ba..8afc4146 100644 --- a/src/openvpn/Makefile.am +++ b/src/openvpn/Makefile.am @@ -80,6 +80,7 @@ openvpn_SOURCES = \ mtu.c mtu.h \ mudp.c mudp.h \ multi.c multi.h \ + networking.h \ ntlm.c ntlm.h \ occ.c occ.h \ openssl_compat.h \ diff --git a/src/openvpn/networking.h b/src/openvpn/networking.h new file mode 100644 index 00000000..716e61a5 --- /dev/null +++ b/src/openvpn/networking.h @@ -0,0 +1,278 @@ +/* + * Generic interface to platform specific networking code + * + * Copyright (C) 2016-2018 Antonio Quartulli + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program (see the file COPYING included with this + * distribution); if not, write to the Free Software Foundation, Inc., + * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#ifndef NETWORKING_H_ +#define NETWORKING_H_ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#elif defined(_MSC_VER) +#include "config-msvc.h" +#endif + +#include "syshead.h" + +struct context; + +#ifdef ENABLE_SITNL +#include "networking_sitnl.h" +#elif ENABLE_IPROUTE +#include "networking_ip.h" +#else +/* define mock types to ensure code builds on any platform */ +typedef void * openvpn_net_ctx_t; +typedef void * openvpn_net_iface_t; + +static inline int +net_ctx_init(struct context *c, openvpn_net_ctx_t *ctx) +{ + return 0; +} +#endif + +#if defined(ENABLE_SITNL) || defined(ENABLE_IPROUTE) + +/** + * Initialize the platform specific context object + * + * @param c openvpn generic context + * @param ctx the implementation specific context to initialize + * + * @return 0 on success, a negative error code otherwise + */ +int net_ctx_init(struct context *c, openvpn_net_ctx_t *ctx); + +/** + * Bring interface up or down. + * + * @param ctx the implementation specific context + * @param iface the interface to modify + * @param up true if the interface has to be brought up, false otherwise + * + * @return 0 on success, a negative error code otherwise + */ +int net_iface_up(openvpn_net_ctx_t *ctx, const openvpn_net_iface_t *iface, + bool up); + +/** + * Set the MTU for an interface + * + * @param ctx the implementation specific context + * @param iface the interface to modify + * @param mtru the new MTU + * + * @return 0 on success, a negative error code otherwise + */ +int net_iface_mtu_set(openvpn_net_ctx_t *ctx, + const openvpn_net_iface_t *iface, uint32_t mtu); + +/** + * Add an IPv4 address to an interface + * + * @param ctx the implementation specific context + * @param iface the interface where the address has to be added + * @param addr the address to add + * @param prefixlen the prefix length of the network associated with the address + * @param broadcast the broadcast address to configure on the interface + * + * @return 0 on success, a negative error code otherwise + */ +int net_addr_v4_add(openvpn_net_ctx_t *ctx, const openvpn_net_iface_t *iface, + const in_addr_t *addr, int prefixlen, + const in_addr_t *broadcast); + +/** + * Add an IPv6 address to an interface + * + * @param ctx the implementation specific context + * @param iface the interface where the address has to be added + * @param addr the address to add + * @param prefixlen the prefix length of the network associated with the address + * + * @return 0 on success, a negative error code otherwise + */ + +int net_addr_v6_add(openvpn_net_ctx_t *ctx, const openvpn_net_iface_t *iface, + const struct in6_addr *addr, int prefixlen); + +/** + * Remove an IPv4 from an interface + * + * @param ctx the implementation specific context + * @param iface the interface to remove the address from + * @param prefixlen the prefix length of the network associated with the address + * + * @return 0 on success, a negative error code otherwise + */ +int net_addr_v4_del(openvpn_net_ctx_t *ctx, const openvpn_net_iface_t *iface, + const in_addr_t *addr, int prefixlen); + +/** + * Remove an IPv6 from an interface + * + * @param ctx the implementation specific context + * @param iface the interface to remove the address from + * @param prefixlen the prefix length of the network associated with the address + * + * @return 0 on success, a negative error code otherwise + */ +int net_addr_v6_del(openvpn_net_ctx_t *ctx, const openvpn_net_iface_t *iface, + const struct in6_addr *addr, int prefixlen); + +/** + * Add a point-to-point IPv4 address to an interface + * + * @param ctx the implementation specific context + * @param iface the interface where the address has to be added + * @param local the address to add + * @param remote the associated p-t-p remote address + * + * @return 0 on success, a negative error code otherwise + */ +int net_addr_ptp_v4_add(openvpn_net_ctx_t *ctx, + const openvpn_net_iface_t *iface, + const in_addr_t *local, const in_addr_t *remote); + +/** + * Remove a point-to-point IPv4 address from an interface + * + * @param ctx the implementation specific context + * @param iface the interface to remove the address from + * @param local the address to remove + * @param remote the associated p-t-p remote address + * + * @return 0 on success, a negative error code otherwise + */ +int net_addr_ptp_v4_del(openvpn_net_ctx_t *ctx, + const openvpn_net_iface_t *iface, + const in_addr_t *local, const in_addr_t *remote); + + +/** + * Add a route for an IPv4 address/network + * + * @param ctx the implementation specific context + * @param dst the destination of the route + * @param prefixlen the length of the prefix of the destination + * @param gw the gateway for this route + * @param iface the interface for this route (can be NULL) + * @param table the table to add this route to (if 0, will be added to the + * main table) + * @param metric the metric associated with the route + * + * @return 0 on success, a negative error code otherwise + */ +int net_route_v4_add(openvpn_net_ctx_t *ctx, const in_addr_t *dst, + int prefixlen, const in_addr_t *gw, + const openvpn_net_iface_t *iface, uint32_t table, + int metric); + +/** + * Add a route for an IPv6 address/network + * + * @param ctx the implementation specific context + * @param dst the destination of the route + * @param prefixlen the length of the prefix of the destination + * @param gw the gateway for this route + * @param iface the interface for this route (can be NULL) + * @param table the table to add this route to (if 0, will be added to the + * main table) + * @param metric the metric associated with the route + * + * @return 0 on success, a negative error code otherwise + */ +int net_route_v6_add(openvpn_net_ctx_t *ctx, const struct in6_addr *dst, + int prefixlen, const struct in6_addr *gw, + const openvpn_net_iface_t *iface, + uint32_t table, int metric); + +/** + * Delete a route for an IPv4 address/network + * + * @param ctx the implementation specific context + * @param dst the destination of the route + * @param prefixlen the length of the prefix of the destination + * @param gw the gateway for this route + * @param iface the interface for this route (can be NULL) + * @param table the table to add this route to (if 0, will be added to the + * main table) + * @param metric the metric associated with the route + * + * @return 0 on success, a negative error code otherwise + */ +int net_route_v4_del(openvpn_net_ctx_t *ctx, const in_addr_t *dst, + int prefixlen, const in_addr_t *gw, + const openvpn_net_iface_t *iface, uint32_t table, + int metric); + +/** + * Delete a route for an IPv4 address/network + * + * @param ctx the implementation specific context + * @param dst the destination of the route + * @param prefixlen the length of the prefix of the destination + * @param gw the gateway for this route + * @param iface the interface for this route (can be NULL) + * @param table the table to add this route to (if 0, will be added to the + * main table) + * @param metric the metric associated with the route + * + * @return 0 on success, a negative error code otherwise + */ +int net_route_v6_del(openvpn_net_ctx_t *ctx, const struct in6_addr *dst, + int prefixlen, const struct in6_addr *gw, + const openvpn_net_iface_t *iface, + uint32_t table, int metric); + +/** + * Retrieve the gateway and outgoing interface for the specified IPv4 + * address/network + * + * @param ctx the implementation specific context + * @param dst The destination to lookup + * @param prefixlen The length of the prefix of the destination + * @param best_gw Location where the retrieved GW has to be stored + * @param best_iface Location where the retrieved interface has to be stored + * + * @return 0 on success, a negative error code otherwise + */ +int net_route_v4_best_gw(openvpn_net_ctx_t *ctx, const in_addr_t *dst, + int prefixlen, in_addr_t *best_gw, + openvpn_net_iface_t *best_iface); + +/** + * Retrieve the gateway and outgoing interface for the specified IPv6 + * address/network + * + * @param ctx the implementation specific context + * @param dst The destination to lookup + * @param prefixlen The length of the prefix of the destination + * @param best_gw Location where the retrieved GW has to be stored + * @param best_iface Location where the retrieved interface has to be stored + * + * @return 0 on success, a negative error code otherwise + */ +int net_route_v6_best_gw(openvpn_net_ctx_t *ctx, const struct in6_addr *dst, + int prefixlen, struct in6_addr *best_gw, + openvpn_net_iface_t *best_iface); + +#endif /* ENABLE_SITNL || ENABLE_IPROUTE */ + +#endif /* NETWORKING_H_ */ From patchwork Thu Oct 11 07:41:55 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 548 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director10.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id cNBaGSGav1t8JwAAIUCqbw for ; Thu, 11 Oct 2018 14:44:49 -0400 Received: from proxy17.mail.ord1d.rsapps.net ([172.30.191.6]) by director10.mail.ord1d.rsapps.net with LMTP id kNdRGSGav1t9FAAApN4f7A ; Thu, 11 Oct 2018 14:44:49 -0400 Received: from smtp27.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy17.mail.ord1d.rsapps.net with LMTP id gGf1GCGav1t6JwAAWC7mWg ; Thu, 11 Oct 2018 14:44:49 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp27.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: ba888522-cd85-11e8-a337-5254003773d7-1-1 Received: from [216.105.38.7] ([216.105.38.7:47448] helo=lists.sourceforge.net) by smtp27.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 74/9B-16068-02A9FBB5; Thu, 11 Oct 2018 14:44:48 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1gAfwS-0007WS-Cz; Thu, 11 Oct 2018 18:44:12 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1gAfwQ-0007WD-NK for openvpn-devel@lists.sourceforge.net; Thu, 11 Oct 2018 18:44:10 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=RLol6MWSKL4/z0EHlkZiPIET0tSQpKP21STSjLP8+Dg=; b=ILaQHoAVGer2SUtgsdZnwXLjsa IyvQcc4EbLmVnBuFOLsCLBq8/dqN/2DmcnMec8B0+H2/DcAbfyrq0BumiJBWljofUStYlRs06fHAi Ov9kB+9lJZabWUKtdlnxyeUQyXj4ZcBickushl+mrEweQqJzU46uIGyt2Ojw2+h/JKf4=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=RLol6MWSKL4/z0EHlkZiPIET0tSQpKP21STSjLP8+Dg=; b=DvDrJ0UVqkFEXSIkzoMM4vDuxK fzztYonK4chIdbr1s/x7WZM+gXf4txEdbxvzBOCePkYaBtQzGsaYwtJ2skEQapsRqDH38uAzMYj5l mUzQ/k+DCngaEIsbHB6Rq7pVcMrMgptjjU8vp26+bProrVfXUhkCiNEvVyoxVrRSdLHg=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) id 1gAfwO-006C3L-Oj for openvpn-devel@lists.sourceforge.net; Thu, 11 Oct 2018 18:44:10 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Fri, 12 Oct 2018 02:41:55 +0800 Message-Id: <20181011184200.22175-3-a@unstable.cc> In-Reply-To: <20181011184200.22175-1-a@unstable.cc> References: <20181011184200.22175-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [5.148.176.60 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1gAfwO-006C3L-Oj Subject: [Openvpn-devel] [PATCH v2 2/7] implement networking API for iproute2 X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox iproute2 is the first user of the new networking API and its one of the two currently supported functionalities on Linux (the other being net-tools). This patch simply copies the current code from tun.c/route.c to networking_ip.c without introducing any funcional change to the code. Signed-off-by: Antonio Quartulli --- src/openvpn/Makefile.am | 2 +- src/openvpn/networking_ip.c | 386 ++++++++++++++++++++++++++++++++++++ src/openvpn/networking_ip.h | 36 ++++ 3 files changed, 423 insertions(+), 1 deletion(-) create mode 100644 src/openvpn/networking_ip.c create mode 100644 src/openvpn/networking_ip.h diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am index 8afc4146..3caad17d 100644 --- a/src/openvpn/Makefile.am +++ b/src/openvpn/Makefile.am @@ -80,7 +80,7 @@ openvpn_SOURCES = \ mtu.c mtu.h \ mudp.c mudp.h \ multi.c multi.h \ - networking.h \ + networking_ip.c networking_ip.h networking.h \ ntlm.c ntlm.h \ occ.c occ.h \ openssl_compat.h \ diff --git a/src/openvpn/networking_ip.c b/src/openvpn/networking_ip.c new file mode 100644 index 00000000..ae667a9c --- /dev/null +++ b/src/openvpn/networking_ip.c @@ -0,0 +1,386 @@ +/* + * Networking API implementation for iproute2 + * + * Copyright (C) 2018 Antonio Quartulli + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program (see the file COPYING included with this + * distribution); if not, write to the Free Software Foundation, Inc., + * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#elif defined(_MSC_VER) +#include "config-msvc.h" +#endif + +#if defined(TARGET_LINUX) && defined(ENABLE_IPROUTE) + +#include "syshead.h" + +#include "networking.h" +#include "networking_ip.h" +#include "misc.h" +#include "openvpn.h" +#include "run_command.h" +#include "socket.h" + +#include +#include + +int +net_ctx_init(struct context *c, openvpn_net_ctx_t *ctx) +{ + ctx->es = NULL; + if (c) + ctx->es = c->es; + + return 0; +} + +int +net_iface_up(openvpn_net_ctx_t *ctx, const char *iface, bool up) +{ + struct argv argv = argv_new(); + + argv_printf(&argv, "%s link set dev %s %s", iproute_path, iface, + up ? "up" : "down"); + argv_msg(M_INFO, &argv); + openvpn_execve_check(&argv, ctx->es, S_FATAL, "Linux ip link set failed"); + + argv_reset(&argv); + + return 0; +} + +int +net_iface_mtu_set(openvpn_net_ctx_t *ctx, const char *iface, uint32_t mtu) +{ + struct argv argv = argv_new(); + + argv_printf(&argv, "%s link set dev %s up mtu %d", iproute_path, iface, + mtu); + argv_msg(M_INFO, &argv); + openvpn_execve_check(&argv, ctx->es, S_FATAL, "Linux ip link set failed"); + + return 0; +} + +int +net_addr_v4_add(openvpn_net_ctx_t *ctx, const char *iface, + const in_addr_t *addr, int prefixlen, + const in_addr_t *broadcast) +{ + struct argv argv = argv_new(); + + char *addr_str = (char *)print_in_addr_t(*addr, 0, NULL); + char *brd_str = (char *)print_in_addr_t(*broadcast, 0, NULL); + + argv_printf(&argv, "%s addr add dev %s %s/%d broadcast %s", iproute_path, + iface, addr_str, prefixlen, brd_str); + argv_msg(M_INFO, &argv); + openvpn_execve_check(&argv, ctx->es, S_FATAL, "Linux ip addr add failed"); + + free(addr_str); + free(brd_str); + + argv_reset(&argv); + + return 0; +} + +int +net_addr_v6_add(openvpn_net_ctx_t *ctx, const char *iface, + const struct in6_addr *addr, int prefixlen) +{ + struct argv argv = argv_new(); + char *addr_str = (char *)print_in6_addr(*addr, 0, NULL); + + argv_printf(&argv, "%s -6 addr add %s/%d dev %s", iproute_path, addr_str, + prefixlen, iface); + argv_msg(M_INFO, &argv); + openvpn_execve_check(&argv, ctx->es, S_FATAL, + "Linux ip -6 addr add failed"); + + free(addr_str); + + argv_reset(&argv); + + return 0; +} + +int +net_addr_v4_del(openvpn_net_ctx_t *ctx, const char *iface, + const in_addr_t *addr, int prefixlen) +{ + struct argv argv = argv_new(); + char *addr_str = (char *)print_in_addr_t(*addr, 0, NULL); + + argv_printf(&argv, "%s addr del dev %s %s/%d", iproute_path, iface, + addr_str, prefixlen); + + argv_msg(M_INFO, &argv); + openvpn_execve_check(&argv, ctx->es, 0, "Linux ip addr del failed"); + + free(addr_str); + + argv_reset(&argv); + + return 0; +} + +int +net_addr_v6_del(openvpn_net_ctx_t *ctx, const char *iface, + const struct in6_addr *addr, int prefixlen) +{ + struct argv argv = argv_new(); + char *addr_str = (char *)print_in6_addr(*addr, 0, NULL); + + argv_printf(&argv, "%s -6 addr del %s/%d dev %s", iproute_path, + addr_str, prefixlen, iface); + argv_msg(M_INFO, &argv); + openvpn_execve_check(&argv, ctx->es, 0, "Linux ip -6 addr del failed"); + + free(addr_str); + + argv_reset(&argv); + + return 0; +} + +int +net_addr_ptp_v4_add(openvpn_net_ctx_t *ctx, const char *iface, + const in_addr_t *local, const in_addr_t *remote) +{ + struct argv argv = argv_new(); + char *local_str = (char *)print_in_addr_t(*local, 0, NULL); + char *remote_str = (char *)print_in_addr_t(*remote, 0, NULL); + + argv_printf(&argv, "%s addr add dev %s local %s peer %s", iproute_path, + iface, local_str, remote_str); + argv_msg(M_INFO, &argv); + openvpn_execve_check(&argv, ctx->es, S_FATAL, "Linux ip addr add failed"); + + free(local_str); + free(remote_str); + + argv_reset(&argv); + + return 0; +} + +int +net_addr_ptp_v4_del(openvpn_net_ctx_t *ctx, const char *iface, + const in_addr_t *local, const in_addr_t *remote) +{ + struct argv argv = argv_new(); + char *local_str = (char *)print_in_addr_t(*local, 0, NULL); + char *remote_str = (char *)print_in_addr_t(*remote, 0, NULL); + + argv_printf(&argv, "%s addr del dev %s local %s peer %s", iproute_path, + iface, local_str, remote_str); + argv_msg(M_INFO, &argv); + openvpn_execve_check(&argv, ctx->es, 0, "Linux ip addr del failed"); + + free(local_str); + free(remote_str); + + argv_reset(&argv); + + return 0; +} + +int +net_route_v4_add(openvpn_net_ctx_t *ctx, const in_addr_t *dst, int prefixlen, + const in_addr_t *gw, const char *iface, uint32_t table, + int metric) +{ + struct argv argv = argv_new(); + char *dst_str = (char *)print_in_addr_t(*dst, 0, NULL); + + argv_printf(&argv, "%s route add %s/%d", iproute_path, dst_str, prefixlen); + + if (metric > 0) + argv_printf_cat(&argv, "metric %d", metric); + + if (iface) + argv_printf_cat(&argv, "dev %s", iface); + + if (gw) + { + char *gw_str = (char *)print_in_addr_t(*gw, 0, NULL); + + argv_printf_cat(&argv, "via %s", gw_str); + + free(gw_str); + } + + argv_msg(D_ROUTE, &argv); + openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route add command failed"); + + free(dst_str); + + argv_reset(&argv); + + return 0; +} + +int +net_route_v6_add(openvpn_net_ctx_t *ctx, const struct in6_addr *dst, + int prefixlen, const struct in6_addr *gw, const char *iface, + uint32_t table, int metric) +{ + struct argv argv = argv_new(); + char *dst_str = (char *)print_in6_addr(*dst, 0, NULL); + + argv_printf(&argv, "%s -6 route add %s/%d dev %s", iproute_path, dst_str, + prefixlen, iface); + + if (gw) + { + char *gw_str = (char *)print_in6_addr(*gw, 0, NULL); + + argv_printf_cat(&argv, "via %s", gw_str); + + free(gw_str); + } + + if (metric > 0) + argv_printf_cat(&argv, "metric %d", metric); + + argv_msg(D_ROUTE, &argv); + openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route -6 add command failed"); + + free(dst_str); + + argv_reset(&argv); + + return 0; +} + +int +net_route_v4_del(openvpn_net_ctx_t *ctx, const in_addr_t *dst, int prefixlen, + const in_addr_t *gw, const char *iface, uint32_t table, + int metric) +{ + struct argv argv = argv_new(); + char *dst_str = (char *)print_in_addr_t(*dst, 0, NULL); + + argv_printf(&argv, "%s route del %s/%d", iproute_path, dst_str, prefixlen); + + if (metric > 0) + argv_printf_cat(&argv, "metric %d", metric); + + argv_msg(D_ROUTE, &argv); + openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route delete command failed"); + + free(dst_str); + + argv_reset(&argv); + + return 0; +} + +int +net_route_v6_del(openvpn_net_ctx_t *ctx, const struct in6_addr *dst, + int prefixlen, const struct in6_addr *gw, const char *iface, + uint32_t table, int metric) +{ + struct argv argv = argv_new(); + char *dst_str = (char *)print_in6_addr(*dst, 0, NULL); + + argv_printf(&argv, "%s -6 route del %s/%d dev %s", iproute_path, dst_str, + prefixlen, iface); + + if (gw) + { + char *gw_str = (char *)print_in6_addr(*gw, 0, NULL); + + argv_printf_cat(&argv, "via %s", gw_str); + + free(gw_str); + } + + if (metric > 0) + argv_printf_cat(&argv, "metric %d", metric); + + argv_msg(D_ROUTE, &argv); + openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route -6 del command failed"); + + free(dst_str); + + argv_reset(&argv); + + return 0; +} + +int +net_route_v4_best_gw(openvpn_net_ctx_t *ctx, const in_addr_t *dst, + int prefixlen, in_addr_t *best_gw, char *best_iface) +{ + best_iface[0] = '\0'; + + FILE *fp = fopen("/proc/net/route", "r"); + if (!fp) + return -1; + + char line[256]; + int count = 0; + unsigned int lowest_metric = UINT_MAX; + while (fgets(line, sizeof(line), fp) != NULL) + { + if (count) + { + unsigned int net_x = 0; + unsigned int mask_x = 0; + unsigned int gw_x = 0; + unsigned int metric = 0; + unsigned int flags = 0; + char name[16]; + name[0] = '\0'; + + const int np = sscanf(line, "%15s\t%x\t%x\t%x\t%*s\t%*s\t%d\t%x", + name, &net_x, &gw_x, &flags, &metric, + &mask_x); + + if (np == 6 && (flags & IFF_UP)) + { + const in_addr_t net = ntohl(net_x); + const in_addr_t mask = ntohl(mask_x); + const in_addr_t gw = ntohl(gw_x); + + if (!net && !mask && metric < lowest_metric) + { + *best_gw = gw; + strcpy(best_iface, name); + lowest_metric = metric; + } + } + } + ++count; + } + fclose(fp); + + return 0; +} + +/* + * The following function is not implemented in the iproute backend as it + * already uses netlink in route.c. + * + * int + * net_route_v6_best_gw(const struct in6_addr *dst, int prefixlen, + * struct in6_addr *best_gw, char *best_iface) + */ + +#endif /* ENABLE_IPROUTE && TARGET_LINUX */ diff --git a/src/openvpn/networking_ip.h b/src/openvpn/networking_ip.h new file mode 100644 index 00000000..47b50a9f --- /dev/null +++ b/src/openvpn/networking_ip.h @@ -0,0 +1,36 @@ +/* + * Generic interface to platform specific networking code + * + * Copyright (C) 2016-2018 Antonio Quartulli + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program (see the file COPYING included with this + * distribution); if not, write to the Free Software Foundation, Inc., + * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#ifndef NETWORKING_IP_H_ +#define NETWORKING_IP_H_ + +#include "env_set.h" + +typedef char openvpn_net_iface_t; + +struct openvpn_net_ctx +{ + struct env_set *es; +}; + +typedef struct openvpn_net_ctx openvpn_net_ctx_t; + +#endif /* NETWORKING_IP_H_ */ From patchwork Thu Oct 11 07:41:56 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 551 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director7.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id KFxdIzqav1tlTwAAIUCqbw for ; Thu, 11 Oct 2018 14:45:14 -0400 Received: from proxy18.mail.ord1d.rsapps.net ([172.30.191.6]) by director7.mail.ord1d.rsapps.net with LMTP id MGJAIzqav1uXCQAAovjBpQ ; Thu, 11 Oct 2018 14:45:14 -0400 Received: from smtp15.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy18.mail.ord1d.rsapps.net with LMTP id oE30Ijqav1vZGAAATCaURg ; Thu, 11 Oct 2018 14:45:14 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp15.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: c9a58870-cd85-11e8-855d-5254007ab6c8-1-1 Received: from [216.105.38.7] ([216.105.38.7:47887] helo=lists.sourceforge.net) by smtp15.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 6E/C8-31169-93A9FBB5; Thu, 11 Oct 2018 14:45:13 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1gAfwU-0007Xa-NQ; Thu, 11 Oct 2018 18:44:14 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1gAfwT-0007X8-8P for openvpn-devel@lists.sourceforge.net; Thu, 11 Oct 2018 18:44:13 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=tcbC7ibPR0PCb/QF4qyG6I7MwYnYMM/TA33Wruqo3Xc=; b=NfQpSCWROxnGOFD988XO7/DzSh j1alncZ5TDcwBa3C46kYw+7l7Mr8f6/F96uBJYNB12kdEURFoJspUAyhhMWBWmMEbKI2x3KxwazmV Ne6p4OLUzh4DS9tMsKMDa59mteMiABEUpb2zIUXdsingBZuRkAhX93XLbQyBiLsj5IRY=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=tcbC7ibPR0PCb/QF4qyG6I7MwYnYMM/TA33Wruqo3Xc=; b=BiNYxQF3DGvDNfVPEeGf6tk/En 53X53NX2j9btxGmd2HVFfM0qGe08D1Ze2PzYcyfzowo3pU7V0/XZwDlFK5McNARNc6kFuY3qNjMJI N+0NY5xOkrk6JQ9M1kNxbySiFR4aTKyOnXTB9Jd8o0PZ3asiAI0OpoLJ7TOm+JCIostk=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) id 1gAfwO-006C3Q-VI for openvpn-devel@lists.sourceforge.net; Thu, 11 Oct 2018 18:44:13 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Fri, 12 Oct 2018 02:41:56 +0800 Message-Id: <20181011184200.22175-4-a@unstable.cc> In-Reply-To: <20181011184200.22175-1-a@unstable.cc> References: <20181011184200.22175-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [5.148.176.60 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1gAfwO-006C3Q-VI Subject: [Openvpn-devel] [PATCH v2 3/7] introduce sitnl: Simplified Interface To NetLink X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This patch introduces a tiny netlink interface, optimized for the openvpn use case. It basically exposes all those operations that are currently handled by directly calling the /sbin/ip command (or even ifconfig/route, if configured). By using netlink, openvpn won't need to spawn new processes when configuring the tun interface or routes. This new approach will also allow openvpn to be granted CAP_NET_ADMIN and be able to properly work even though it dropped the root privileges (currently handled via workarounds). By moving this logic into the sitnl module, tun.c and route.c also benefit from some code simplification Signed-off-by: Antonio Quartulli --- configure.ac | 13 +- src/openvpn/Makefile.am | 4 +- src/openvpn/errlevel.h | 1 + src/openvpn/networking_sitnl.c | 1227 ++++++++++++++++++++++++++++++++ src/openvpn/networking_sitnl.h | 28 + src/openvpn/sitnl.h | 217 ++++++ 6 files changed, 1484 insertions(+), 6 deletions(-) create mode 100644 src/openvpn/networking_sitnl.c create mode 100644 src/openvpn/networking_sitnl.h create mode 100644 src/openvpn/sitnl.h diff --git a/configure.ac b/configure.ac index 1e6891b1..2a51ad46 100644 --- a/configure.ac +++ b/configure.ac @@ -298,6 +298,7 @@ case "$host" in *-*-linux*) AC_DEFINE([TARGET_LINUX], [1], [Are we running on Linux?]) AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["L"], [Target prefix]) + have_sitnl="yes" ;; *-*-solaris*) AC_DEFINE([TARGET_SOLARIS], [1], [Are we running on Solaris?]) @@ -1226,11 +1227,13 @@ fi if test "${enable_iproute2}" = "yes"; then test -z "${IPROUTE}" && AC_MSG_ERROR([ip utility is required but missing]) AC_DEFINE([ENABLE_IPROUTE], [1], [enable iproute2 support]) -else - if test "${WIN32}" != "yes"; then - test -z "${ROUTE}" && AC_MSG_ERROR([route utility is required but missing]) - test -z "${IFCONFIG}" && AC_MSG_ERROR([ifconfig utility is required but missing]) - fi +else if test "${have_sitnl}" = "yes"; then + AC_DEFINE([ENABLE_SITNL], [1], [enable sitnl support]) +else if test "${WIN32}" != "yes" -a "${have_sitnl}" != "yes"; then + test -z "${ROUTE}" && AC_MSG_ERROR([route utility is required but missing]) + test -z "${IFCONFIG}" && AC_MSG_ERROR([ifconfig utility is required but missing]) +fi +fi fi if test "${enable_selinux}" = "yes"; then diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am index 3caad17d..d70f4be7 100644 --- a/src/openvpn/Makefile.am +++ b/src/openvpn/Makefile.am @@ -80,7 +80,9 @@ openvpn_SOURCES = \ mtu.c mtu.h \ mudp.c mudp.h \ multi.c multi.h \ - networking_ip.c networking_ip.h networking.h \ + networking_ip.c networking_ip.h \ + networking_sitnl.c networking_sitnl.h \ + networking.h \ ntlm.c ntlm.h \ occ.c occ.h \ openssl_compat.h \ diff --git a/src/openvpn/errlevel.h b/src/openvpn/errlevel.h index c30284fc..60896c1f 100644 --- a/src/openvpn/errlevel.h +++ b/src/openvpn/errlevel.h @@ -109,6 +109,7 @@ #define D_LOG_RW LOGLEV(5, 0, 0) /* Print 'R' or 'W' to stdout for read/write */ +#define D_RTNL LOGLEV(6, 68, M_DEBUG) /* show RTNL low level operations */ #define D_LINK_RW LOGLEV(6, 69, M_DEBUG) /* show TCP/UDP reads/writes (terse) */ #define D_TUN_RW LOGLEV(6, 69, M_DEBUG) /* show TUN/TAP reads/writes */ #define D_TAP_WIN_DEBUG LOGLEV(6, 69, M_DEBUG) /* show TAP-Windows driver debug info */ diff --git a/src/openvpn/networking_sitnl.c b/src/openvpn/networking_sitnl.c new file mode 100644 index 00000000..64b59e2d --- /dev/null +++ b/src/openvpn/networking_sitnl.c @@ -0,0 +1,1227 @@ +/* + * Simplified Interface To NetLink + * + * Copyright (C) 2016-2018 Antonio Quartulli + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program (see the file COPYING included with this + * distribution); if not, write to the Free Software Foundation, Inc., + * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#elif defined(_MSC_VER) +#include "config-msvc.h" +#endif + +#ifdef TARGET_LINUX + +#include "syshead.h" + +#include "errlevel.h" +#include "buffer.h" +#include "networking.h" + +#include +#include +#include +#include +#include +#include +#include + +#define SNDBUF_SIZE (1024 * 2) +#define RCVBUF_SIZE (1024 * 4) + +#define SITNL_ADDATTR(_msg, _max_size, _attr, _data, _size) \ + { \ + if (sitnl_addattr(_msg, _max_size, _attr, _data, _size) < 0)\ + { \ + goto err; \ + } \ + } + +#define NLMSG_TAIL(nmsg) \ + ((struct rtattr *)(((uint8_t *)(nmsg)) + NLMSG_ALIGN((nmsg)->nlmsg_len))) + +/** + * Generic address data structure used to pass addresses and prefixes as + * argument to AF family agnostic functions + */ +typedef union { + in_addr_t ipv4; + struct in6_addr ipv6; +} inet_address_t; + +/** + * Link state request message + */ +struct sitnl_link_req { + struct nlmsghdr n; + struct ifinfomsg i; + char buf[256]; +}; + +/** + * Address request message + */ +struct sitnl_addr_req { + struct nlmsghdr n; + struct ifaddrmsg i; + char buf[256]; +}; + +/** + * Route request message + */ +struct sitnl_route_req { + struct nlmsghdr n; + struct rtmsg r; + char buf[256]; +}; + +typedef int (*sitnl_parse_reply_cb)(struct nlmsghdr *msg, void *arg); + +/** + * Object returned by route request operation + */ +struct sitnl_route_data_cb { + unsigned int iface; + inet_address_t gw; +}; + +/** + * Helper function used to easily add attributes to a rtnl message + */ +static int +sitnl_addattr(struct nlmsghdr *n, int maxlen, int type, const void *data, + int alen) +{ + int len = RTA_LENGTH(alen); + struct rtattr *rta; + + if ((int)(NLMSG_ALIGN(n->nlmsg_len) + RTA_ALIGN(len)) > maxlen) + { + msg(M_WARN, "%s: rtnl: message exceeded bound of %d", __func__, + maxlen); + return -EMSGSIZE; + } + + rta = NLMSG_TAIL(n); + rta->rta_type = type; + rta->rta_len = len; + + if (!data) + { + memset(RTA_DATA(rta), 0, alen); + } + else + { + memcpy(RTA_DATA(rta), data, alen); + } + + n->nlmsg_len = NLMSG_ALIGN(n->nlmsg_len) + RTA_ALIGN(len); + + return 0; +} + +/** + * Open RTNL socket + */ +static int +sitnl_socket(void) +{ + int sndbuf = SNDBUF_SIZE; + int rcvbuf = RCVBUF_SIZE; + int fd; + + fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE); + if (fd < 0) + { + msg(M_WARN, "%s: cannot open netlink socket", __func__); + return fd; + } + + if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &sndbuf, sizeof(sndbuf)) < 0) + { + msg(M_WARN | M_ERRNO, "%s: SO_SNDBUF", __func__); + close(fd); + return -1; + } + + if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &rcvbuf, sizeof(rcvbuf)) < 0) + { + msg(M_WARN | M_ERRNO, "%s: SO_RCVBUF", __func__); + close(fd); + return -1; + } + + return fd; +} + +/** + * Bind socket to Netlink subsystem + */ +static int +sitnl_bind(int fd, uint32_t groups) +{ + socklen_t addr_len; + struct sockaddr_nl local; + + CLEAR(local); + + local.nl_family = AF_NETLINK; + local.nl_groups = groups; + + if (bind(fd, (struct sockaddr *)&local, sizeof(local)) < 0) + { + msg(M_WARN | M_ERRNO, "%s: cannot bind netlink socket", __func__); + return -errno; + } + + addr_len = sizeof(local); + if (getsockname(fd, (struct sockaddr *)&local, &addr_len) < 0) + { + msg(M_WARN | M_ERRNO, "%s: cannot getsockname", __func__); + return -errno; + } + + if (addr_len != sizeof(local)) + { + msg(M_WARN, "%s: wrong address length %d", __func__, addr_len); + return -EINVAL; + } + + if (local.nl_family != AF_NETLINK) + { + msg(M_WARN, "%s: wrong address family %d", __func__, local.nl_family); + return -EINVAL; + } + + return 0; +} + +/** + * Send Netlink message and run callback on reply (if specified) + */ +static int +sitnl_send(struct nlmsghdr *payload, pid_t peer, unsigned int groups, + sitnl_parse_reply_cb cb, void *arg_cb) +{ + int len, rem_len, fd, ret, rcv_len; + struct sockaddr_nl nladdr; + struct nlmsgerr *err; + struct nlmsghdr *h; + unsigned int seq; + char buf[1024 * 16]; + struct iovec iov = + { + .iov_base = payload, + .iov_len = payload->nlmsg_len, + }; + struct msghdr nlmsg = + { + .msg_name = &nladdr, + .msg_namelen = sizeof(nladdr), + .msg_iov = &iov, + .msg_iovlen = 1, + }; + + CLEAR(nladdr); + + nladdr.nl_family = AF_NETLINK; + nladdr.nl_pid = peer; + nladdr.nl_groups = groups; + + payload->nlmsg_seq = seq = time(NULL); + + /* no need to send reply */ + if (!cb) + { + payload->nlmsg_flags |= NLM_F_ACK; + } + + fd = sitnl_socket(); + if (fd < 0) + { + msg(M_WARN | M_ERRNO, "%s: can't open rtnl socket", __func__); + return -errno; + } + + ret = sitnl_bind(fd, 0); + if (ret < 0) + { + msg(M_WARN | M_ERRNO, "%s: can't bind rtnl socket", __func__); + ret = -errno; + goto out; + } + + ret = sendmsg(fd, &nlmsg, 0); + if (ret < 0) + { + msg(M_WARN | M_ERRNO, "%s: rtnl: error on sendmsg()", __func__); + ret = -errno; + goto out; + } + + /* prepare buffer to store RTNL replies */ + memset(buf, 0, sizeof(buf)); + iov.iov_base = buf; + + while (1) + { + /* + * iov_len is modified by recvmsg(), therefore has to be initialized before + * using it again + */ + msg(D_RTNL, "%s: checking for received messages", __func__); + iov.iov_len = sizeof(buf); + rcv_len = recvmsg(fd, &nlmsg, 0); + msg(D_RTNL, "%s: rtnl: received %d bytes", __func__, rcv_len); + if (rcv_len < 0) + { + if ((errno == EINTR) || (errno == EAGAIN)) + { + msg(D_RTNL, "%s: interrupted call", __func__); + continue; + } + msg(M_WARN | M_ERRNO, "%s: rtnl: error on recvmsg()", __func__); + ret = -errno; + goto out; + } + + if (rcv_len == 0) + { + msg(M_WARN, "%s: rtnl: socket reached unexpected EOF", __func__); + ret = -EIO; + goto out; + } + + if (nlmsg.msg_namelen != sizeof(nladdr)) + { + msg(M_WARN, "%s: sender address length: %u (expected %zu)", + __func__, nlmsg.msg_namelen, sizeof(nladdr)); + ret = -EIO; + goto out; + } + + h = (struct nlmsghdr *)buf; + while (rcv_len >= (int)sizeof(*h)) + { + len = h->nlmsg_len; + rem_len = len - sizeof(*h); + + if ((rem_len < 0) || (len > rcv_len)) + { + if (nlmsg.msg_flags & MSG_TRUNC) + { + msg(M_WARN, "%s: truncated message", __func__); + ret = -EIO; + goto out; + } + msg(M_WARN, "%s: malformed message: len=%d", __func__, len); + ret = -EIO; + goto out; + } + +/* if (((int)nladdr.nl_pid != peer) || (h->nlmsg_pid != nladdr.nl_pid) + || (h->nlmsg_seq != seq)) + { + rcv_len -= NLMSG_ALIGN(len); + h = (struct nlmsghdr *)((char *)h + NLMSG_ALIGN(len)); + msg(M_DEBUG, "%s: skipping unrelated message. nl_pid:%d (peer:%d) nl_msg_pid:%d nl_seq:%d seq:%d", + __func__, (int)nladdr.nl_pid, peer, h->nlmsg_pid, + h->nlmsg_seq, seq); + continue; + } +*/ + if (h->nlmsg_type == NLMSG_ERROR) + { + err = (struct nlmsgerr *)NLMSG_DATA(h); + if (rem_len < (int)sizeof(struct nlmsgerr)) + { + msg(M_WARN, "%s: ERROR truncated", __func__); + ret = -EIO; + } + else + { + if (!err->error) + { + ret = 0; + if (cb) + ret = cb(h, arg_cb); + } + else + { + msg(M_WARN, "%s: rtnl: generic error: %s", + __func__, strerror(-err->error)); + ret = -err->error; + } + } + goto out; + } + + if (cb) + { + ret = cb(h, arg_cb); + goto out; + } + else + { + msg(M_WARN, "%s: RTNL: unexpected reply", __func__); + } + + rcv_len -= NLMSG_ALIGN(len); + h = (struct nlmsghdr *)((char *)h + NLMSG_ALIGN(len)); + } + + if (nlmsg.msg_flags & MSG_TRUNC) + { + msg(M_WARN, "%s: message truncated", __func__); + continue; + } + + if (rcv_len) + { + msg(M_WARN, "%s: rtnl: %d not parsed bytes", __func__, rcv_len); + ret = -1; + goto out; + } + } +out: + close(fd); + + return ret; +} + +typedef struct { + int addr_size; + inet_address_t gw; + char iface[IFNAMSIZ]; +} route_res_t; + +static int +sitnl_route_save(struct nlmsghdr *n, void *arg) +{ + route_res_t *res = arg; + struct rtmsg *r = NLMSG_DATA(n); + struct rtattr *rta = RTM_RTA(r); + int len = n->nlmsg_len - NLMSG_LENGTH(sizeof(*r)); + unsigned int ifindex = 0; + + while (RTA_OK(rta, len)) + { + switch (rta->rta_type) + { + /* route interface */ + case RTA_OIF: + ifindex = *(unsigned int *)RTA_DATA(rta); + break; + /* route prefix */ + case RTA_DST: + break; + /* GW for the route */ + case RTA_GATEWAY: + memcpy(&res->gw, RTA_DATA(rta), res->addr_size); + break; + } + + rta = RTA_NEXT(rta, len); + } + + if (!if_indextoname(ifindex, res->iface)) + { + msg(M_WARN | M_ERRNO, "%s: rtnl: can't get ifname for index %d", + __func__, ifindex); + return -1; + } + + return 0; +} + +static int +sitnl_route_best_gw(sa_family_t af_family, const inet_address_t *dst, + int prefixlen, void *best_gw, char *best_iface) +{ + struct sitnl_route_req req; + route_res_t res; + int ret = -EINVAL; + + ASSERT(best_gw); + ASSERT(best_iface); + + CLEAR(req); + CLEAR(res); + + req.n.nlmsg_len = NLMSG_LENGTH(sizeof(req.r)); + req.n.nlmsg_type = RTM_GETROUTE; + req.n.nlmsg_flags = NLM_F_REQUEST | NLM_F_DUMP; + + req.r.rtm_family = af_family; + req.r.rtm_dst_len = prefixlen; + + switch (af_family) + { + case AF_INET: + res.addr_size = sizeof(in_addr_t); + break; + case AF_INET6: + res.addr_size = sizeof(struct in6_addr); + break; + default: + /* unsupported */ + return -EINVAL; + } + + SITNL_ADDATTR(&req.n, sizeof(req), RTA_DST, dst, res.addr_size); + + ret = sitnl_send(&req.n, 0, 0, sitnl_route_save, &res); + if (ret < 0) + { + goto err; + } + + /* save result in output variables */ + memcpy(best_gw, &res.gw, res.addr_size); + strcpy(best_iface, res.iface); +err: + return ret; + +} + +/* used by iproute2 implementation too */ +int +net_route_v6_best_gw(openvpn_net_ctx_t *ctx, const struct in6_addr *dst, + int prefixlen, struct in6_addr *best_gw, char *best_iface) +{ + inet_address_t dst_v6 = {0}; + char buf[INET6_ADDRSTRLEN]; + int ret; + + if (dst) + { + dst_v6.ipv6 = *dst; + } + + msg(D_ROUTE, "%s query: dst %s/%d", __func__, + inet_ntop(AF_INET6, &dst_v6.ipv6, buf, sizeof(buf)), prefixlen); + + ret = sitnl_route_best_gw(AF_INET6, &dst_v6, prefixlen, best_gw, + best_iface); + if (ret < 0) + { + return ret; + } + + msg(D_ROUTE, "%s result: via %s dev %s", __func__, + inet_ntop(AF_INET6, best_gw, buf, sizeof(buf)), best_iface); + + return ret; + +} + +#ifdef ENABLE_SITNL + +int +net_ctx_init(struct context *c, openvpn_net_ctx_t *ctx) +{ + (void)c; + (void)ctx; + + return 0; +} + +int +net_route_v4_best_gw(openvpn_net_ctx_t *ctx, const in_addr_t *dst, + int prefixlen, in_addr_t *best_gw, char *best_iface) +{ + inet_address_t dst_v4 = {0}; + char buf[INET_ADDRSTRLEN]; + int ret; + + if (dst) + { + dst_v4.ipv4 = htonl(*dst); + } + + msg(D_ROUTE, "%s query: dst %s/%d", __func__, + inet_ntop(AF_INET, &dst_v4.ipv4, buf, sizeof(buf)), prefixlen); + + ret = sitnl_route_best_gw(AF_INET, &dst_v4, prefixlen, best_gw, best_iface); + if (ret < 0) + { + return ret; + } + + msg(D_ROUTE, "%s result: via %s dev %s", __func__, + inet_ntop(AF_INET, best_gw, buf, sizeof(buf)), best_iface); + + /* result is expected in Host Order */ + *best_gw = ntohl(*best_gw); + + return ret; +} + +int +net_iface_up(openvpn_net_ctx_t *ctx, const char *iface, bool up) +{ + struct sitnl_link_req req; + int ifindex; + + CLEAR(req); + + if (!iface) + { + msg(M_WARN, "%s: passed NULL interface", __func__); + return -EINVAL; + } + + ifindex = if_nametoindex(iface); + if (ifindex == 0) { + msg(M_WARN, "%s: rtnl: cannot get ifindex for %s: %s", __func__, iface, + strerror(errno)); + return -ENOENT; + } + + req.n.nlmsg_len = NLMSG_LENGTH(sizeof(req.i)); + req.n.nlmsg_flags = NLM_F_REQUEST; + req.n.nlmsg_type = RTM_NEWLINK; + + req.i.ifi_family = AF_PACKET; + req.i.ifi_index = ifindex; + req.i.ifi_change |= IFF_UP; + if (up) + req.i.ifi_flags |= IFF_UP; + else + req.i.ifi_flags &= ~IFF_UP; + + msg(M_INFO, "%s: set %s %s", __func__, iface, up ? "up" : "down"); + + return sitnl_send(&req.n, 0, 0, NULL, NULL); +} + +int +net_iface_mtu_set(openvpn_net_ctx_t *ctx, const char *iface, + uint32_t mtu) +{ + struct sitnl_link_req req; + int ifindex, ret = -1; + + CLEAR(req); + + ifindex = if_nametoindex(iface); + if (ifindex == 0) { + msg(M_WARN | M_ERRNO, "%s: rtnl: cannot get ifindex for %s", __func__, + iface); + return -1; + } + + req.n.nlmsg_len = NLMSG_LENGTH(sizeof(req.i)); + req.n.nlmsg_flags = NLM_F_REQUEST; + req.n.nlmsg_type = RTM_NEWLINK; + + req.i.ifi_family = AF_PACKET; + req.i.ifi_index = ifindex; + + SITNL_ADDATTR(&req.n, sizeof(req), IFLA_MTU, &mtu, 4); + + msg(M_INFO, "%s: mtu %u for %s", __func__, mtu, iface); + + ret = sitnl_send(&req.n, 0, 0, NULL, NULL); +err: + return ret; +} + +static int +sitnl_addr_set(int cmd, uint32_t flags, int ifindex, sa_family_t af_family, + const inet_address_t *local, const inet_address_t *remote, + int prefixlen, const inet_address_t *broadcast) +{ + struct sitnl_addr_req req; + uint32_t size; + int ret = -EINVAL; + + CLEAR(req); + + req.n.nlmsg_len = NLMSG_LENGTH(sizeof(req.i)); + req.n.nlmsg_type = cmd; + req.n.nlmsg_flags = NLM_F_REQUEST | flags; + + req.i.ifa_index = ifindex; + req.i.ifa_family = af_family; + + switch (af_family) + { + case AF_INET: + size = sizeof(struct in_addr); + break; + case AF_INET6: + size = sizeof(struct in6_addr); + break; + default: + msg(M_WARN, "%s: rtnl: unknown address family %d", __func__, + af_family); + return -EINVAL; + } + + /* if no prefixlen has been specified, assume host address */ + if (prefixlen == 0) + { + prefixlen = size * 8; + } + req.i.ifa_prefixlen = prefixlen; + + if (remote) + { + SITNL_ADDATTR(&req.n, sizeof(req), IFA_ADDRESS, remote, size); + } + + if (local) + { + SITNL_ADDATTR(&req.n, sizeof(req), IFA_LOCAL, local, size); + } + + if (broadcast) + { + SITNL_ADDATTR(&req.n, sizeof(req), IFA_BROADCAST, broadcast, size); + } + + ret = sitnl_send(&req.n, 0, 0, NULL, NULL); + if ((ret < 0) && (errno == EEXIST)) + { + ret = 0; + } +err: + return ret; +} + +static int +sitnl_addr_ptp_add(sa_family_t af_family, const char *iface, + const inet_address_t *local, + const inet_address_t *remote) +{ + int ifindex; + + switch (af_family) { + case AF_INET: + case AF_INET6: + break; + default: + return -EINVAL; + } + + if (!iface) + { + msg(M_WARN, "%s: passed NULL interface", __func__); + return -EINVAL; + } + + ifindex = if_nametoindex(iface); + if (ifindex == 0) + { + msg(M_WARN, "%s: cannot get ifindex for %s: %s", __func__, np(iface), + strerror(errno)); + return -ENOENT; + } + + return sitnl_addr_set(RTM_NEWADDR, NLM_F_CREATE | NLM_F_REPLACE, ifindex, + af_family, local, remote, 0, NULL); +} + +static int +sitnl_addr_ptp_del(sa_family_t af_family, const char *iface, + const inet_address_t *local) +{ + int ifindex; + + switch (af_family) { + case AF_INET: + case AF_INET6: + break; + default: + return -EINVAL; + } + + if (!iface) + { + msg(M_WARN, "%s: passed NULL interface", __func__); + return -EINVAL; + } + + ifindex = if_nametoindex(iface); + if (ifindex == 0) + { + msg(M_WARN | M_ERRNO, "%s: cannot get ifindex for %s", __func__, iface); + return -ENOENT; + } + + return sitnl_addr_set(RTM_DELADDR, 0, ifindex, af_family, local, NULL, 0, + NULL); +} + +static int +sitnl_route_set(int cmd, uint32_t flags, int ifindex, sa_family_t af_family, + const void *dst, int prefixlen, + const void *gw, enum rt_class_t table, int metric, + enum rt_scope_t scope, int protocol, int type) +{ + struct sitnl_route_req req; + int ret = -1, size; + + CLEAR(req); + + switch (af_family) + { + case AF_INET: + size = sizeof(in_addr_t); + break; + case AF_INET6: + size = sizeof(struct in6_addr); + break; + default: + return -EINVAL; + } + + req.n.nlmsg_len = NLMSG_LENGTH(sizeof(req.r)); + req.n.nlmsg_type = cmd; + req.n.nlmsg_flags = NLM_F_REQUEST | flags; + + req.r.rtm_family = af_family; + req.r.rtm_scope = scope; + req.r.rtm_protocol = protocol; + req.r.rtm_type = type; + req.r.rtm_dst_len = prefixlen; + + if (table < 256) + { + req.r.rtm_table = table; + } + else + { + req.r.rtm_table = RT_TABLE_UNSPEC; + SITNL_ADDATTR(&req.n, sizeof(req), RTA_TABLE, &table, 4); + } + + if (dst) + { + SITNL_ADDATTR(&req.n, sizeof(req), RTA_DST, dst, size); + } + + if (gw) + { + SITNL_ADDATTR(&req.n, sizeof(req), RTA_GATEWAY, gw, size); + } + + if (ifindex > 0) + { + SITNL_ADDATTR(&req.n, sizeof(req), RTA_OIF, &ifindex, 4); + } + + if (metric > 0) + { + SITNL_ADDATTR(&req.n, sizeof(req), RTA_PRIORITY, &metric, 4); + } + + ret = sitnl_send(&req.n, 0, 0, NULL, NULL); + if ((ret < 0) && (errno == EEXIST)) + { + ret = 0; + } +err: + return ret; +} + +static int +sitnl_addr_add(sa_family_t af_family, const char *iface, + const inet_address_t *addr, int prefixlen, + const inet_address_t *broadcast) +{ + int ifindex; + + switch (af_family) { + case AF_INET: + case AF_INET6: + break; + default: + return -EINVAL;; + } + + if (!iface) + { + msg(M_WARN, "%s: passed NULL interface", __func__); + return -EINVAL; + } + + ifindex = if_nametoindex(iface); + if (ifindex == 0) + { + msg(M_WARN | M_ERRNO, "%s: rtnl: cannot get ifindex for %s", __func__, + iface); + return -ENOENT; + } + + return sitnl_addr_set(RTM_NEWADDR, NLM_F_CREATE | NLM_F_REPLACE, ifindex, + af_family, addr, NULL, prefixlen, broadcast); +} + +static int +sitnl_addr_del(sa_family_t af_family, const char *iface, inet_address_t *addr, + int prefixlen) +{ + int ifindex; + + switch (af_family) { + case AF_INET: + case AF_INET6: + break; + default: + return -EINVAL;; + } + + if (!iface) + { + msg(M_WARN, "%s: passed NULL interface", __func__); + return -EINVAL; + } + + ifindex = if_nametoindex(iface); + if (ifindex == 0) + { + msg(M_WARN | M_ERRNO, "%s: rtnl: cannot get ifindex for %s", __func__, + iface); + return -ENOENT; + } + + return sitnl_addr_set(RTM_DELADDR, 0, ifindex, af_family, addr, NULL, + prefixlen, NULL); +} + +int +net_addr_v4_add(openvpn_net_ctx_t *ctx, const char *iface, + const in_addr_t *addr, int prefixlen, + const in_addr_t *broadcast) +{ + inet_address_t addr_v4 = { 0 }; + inet_address_t brd_v4 = { 0 }; + char buf1[INET_ADDRSTRLEN]; + char buf2[INET_ADDRSTRLEN]; + + if (!addr) + { + return -EINVAL; + } + + addr_v4.ipv4 = htonl(*addr); + + if (broadcast) + { + brd_v4.ipv4 = htonl(*broadcast); + } + + msg(M_INFO, "%s: %s/%d brd %s dev %s", __func__, + inet_ntop(AF_INET, &addr_v4.ipv4, buf1, sizeof(buf1)), prefixlen, + inet_ntop(AF_INET, &brd_v4.ipv4, buf2, sizeof(buf2)), iface); + + return sitnl_addr_add(AF_INET, iface, &addr_v4, prefixlen, &brd_v4); +} + +int +net_addr_v6_add(openvpn_net_ctx_t *ctx, const char *iface, + const struct in6_addr *addr, int prefixlen) +{ + inet_address_t addr_v6 = { 0 }; + char buf[INET6_ADDRSTRLEN]; + + if (!addr) + { + return -EINVAL; + } + + addr_v6.ipv6 = *addr; + + msg(M_INFO, "%s: %s/%d dev %s", __func__, + inet_ntop(AF_INET6, &addr_v6.ipv6, buf, sizeof(buf)), prefixlen, iface); + + return sitnl_addr_add(AF_INET6, iface, &addr_v6, prefixlen, NULL); +} + +int +net_addr_v4_del(openvpn_net_ctx_t *ctx, const char *iface, + const in_addr_t *addr, int prefixlen) +{ + inet_address_t addr_v4 = { 0 }; + char buf[INET_ADDRSTRLEN]; + + if (!addr) + { + return -EINVAL; + } + + addr_v4.ipv4 = htonl(*addr); + + msg(M_INFO, "%s: %s dev %s", __func__, + inet_ntop(AF_INET, &addr_v4.ipv4, buf, sizeof(buf)), iface); + + return sitnl_addr_del(AF_INET, iface, &addr_v4, prefixlen); +} + +int +net_addr_v6_del(openvpn_net_ctx_t *ctx, const char *iface, + const struct in6_addr *addr, int prefixlen) +{ + inet_address_t addr_v6 = { 0 }; + char buf[INET6_ADDRSTRLEN]; + + if (!addr) + { + return -EINVAL; + } + + addr_v6.ipv6 = *addr; + + msg(M_INFO, "%s: %s/%d dev %s", __func__, + inet_ntop(AF_INET6, &addr_v6.ipv6, buf, sizeof(buf)), prefixlen, iface); + + return sitnl_addr_del(AF_INET6, iface, &addr_v6, prefixlen); +} + +int +net_addr_ptp_v4_add(openvpn_net_ctx_t *ctx, const char *iface, + const in_addr_t *local, const in_addr_t *remote) +{ + inet_address_t local_v4 = { 0 }; + inet_address_t remote_v4 = { 0 }; + char buf1[INET_ADDRSTRLEN]; + char buf2[INET_ADDRSTRLEN]; + + if (!local) + { + return -EINVAL; + } + + local_v4.ipv4 = htonl(*local); + + if (remote) + { + remote_v4.ipv4 = htonl(*remote); + } + + msg(M_INFO, "%s: %s peer %s dev %s", __func__, + inet_ntop(AF_INET, &local_v4.ipv4, buf1, sizeof(buf1)), + inet_ntop(AF_INET, &remote_v4.ipv4, buf2, sizeof(buf2)), iface); + + return sitnl_addr_ptp_add(AF_INET, iface, &local_v4, &remote_v4); +} + +int +net_addr_ptp_v4_del(openvpn_net_ctx_t *ctx, const char *iface, + const in_addr_t *local, const in_addr_t *remote) +{ + inet_address_t local_v4 = { 0 }; + char buf[INET6_ADDRSTRLEN]; + + + if (!local) + { + return -EINVAL; + } + + local_v4.ipv4 = htonl(*local); + + msg(M_INFO, "%s: %s dev %s", __func__, + inet_ntop(AF_INET, &local_v4.ipv4, buf, sizeof(buf)), iface); + + return sitnl_addr_ptp_del(AF_INET, iface, &local_v4); +} + +static int +sitnl_route_add(const char *iface, sa_family_t af_family, const void *dst, + int prefixlen, const void *gw, uint32_t table, int metric) +{ + enum rt_scope_t scope = RT_SCOPE_UNIVERSE; + int ifindex = 0; + + if (iface) + { + ifindex = if_nametoindex(iface); + if (ifindex == 0) + { + msg(M_WARN | M_ERRNO, "%s: rtnl: can't get ifindex for %s", + __func__, iface); + return -ENOENT; + } + } + + if (table == 0) + { + table = RT_TABLE_MAIN; + } + + if (!gw && iface) + { + scope = RT_SCOPE_LINK; + } + + return sitnl_route_set(RTM_NEWROUTE, NLM_F_CREATE | NLM_F_REPLACE, ifindex, + af_family, dst, prefixlen, gw, table, metric, scope, + RTPROT_BOOT, RTN_UNICAST); +} + +int +net_route_v4_add(openvpn_net_ctx_t *ctx, const in_addr_t *dst, int prefixlen, + const in_addr_t *gw, const char *iface, + uint32_t table, int metric) +{ + in_addr_t *dst_ptr = NULL, *gw_ptr = NULL; + in_addr_t dst_be = 0, gw_be = 0; + char dst_str[INET_ADDRSTRLEN]; + char gw_str[INET_ADDRSTRLEN]; + + if (dst) + { + dst_be = htonl(*dst); + dst_ptr = &dst_be; + } + + if (gw) + { + gw_be = htonl(*gw); + gw_ptr = &gw_be; + } + + msg(D_ROUTE, "%s: %s/%d via %s dev %s table %d metric %d", __func__, + inet_ntop(AF_INET, &dst_be, dst_str, sizeof(dst_str)), + prefixlen, inet_ntop(AF_INET, &gw_be, gw_str, sizeof(gw_str)), + np(iface), table, metric); + + return sitnl_route_add(iface, AF_INET, dst_ptr, prefixlen, gw_ptr, table, + metric); +} + +int +net_route_v6_add(openvpn_net_ctx_t *ctx, const struct in6_addr *dst, + int prefixlen, const struct in6_addr *gw, + const char *iface, uint32_t table, int metric) +{ + inet_address_t dst_v6 = { 0 }; + inet_address_t gw_v6 = { 0 }; + char dst_str[INET6_ADDRSTRLEN]; + char gw_str[INET6_ADDRSTRLEN]; + + if (dst) + { + dst_v6.ipv6 = *dst; + } + + if (gw) + { + gw_v6.ipv6 = *gw; + } + + msg(D_ROUTE, "%s: %s/%d via %s dev %s table %d metric %d", __func__, + inet_ntop(AF_INET6, &dst_v6.ipv6, dst_str, sizeof(dst_str)), + prefixlen, inet_ntop(AF_INET6, &gw_v6.ipv6, gw_str, sizeof(gw_str)), + np(iface), table, metric); + + return sitnl_route_add(iface, AF_INET6, dst, prefixlen, gw, table, + metric); +} + +static int +sitnl_route_del(const char *iface, sa_family_t af_family, inet_address_t *dst, + int prefixlen, inet_address_t *gw, uint32_t table, + int metric) +{ + int ifindex = 0; + + if (iface) + { + ifindex = if_nametoindex(iface); + if (ifindex == 0) + { + msg(M_WARN | M_ERRNO, "%s: rtnl: can't get ifindex for %s", + __func__, iface); + return -ENOENT; + } + } + + if (table == 0) + { + table = RT_TABLE_MAIN; + } + + return sitnl_route_set(RTM_DELROUTE, 0, ifindex, af_family, dst, prefixlen, + gw, table, metric, RT_SCOPE_NOWHERE, 0, 0); +} + +int +net_route_v4_del(openvpn_net_ctx_t *ctx, const in_addr_t *dst, int prefixlen, + const in_addr_t *gw, const char *iface, uint32_t table, + int metric) +{ + inet_address_t dst_v4 = { 0 }; + inet_address_t gw_v4 = { 0 }; + char dst_str[INET_ADDRSTRLEN]; + char gw_str[INET_ADDRSTRLEN]; + + if (dst) + { + dst_v4.ipv4 = htonl(*dst); + } + + if (gw) + { + gw_v4.ipv4 = htonl(*gw); + } + + msg(D_ROUTE, "%s: %s/%d via %s dev %s table %d metric %d", __func__, + inet_ntop(AF_INET, &dst_v4.ipv4, dst_str, sizeof(dst_str)), + prefixlen, inet_ntop(AF_INET, &gw_v4.ipv4, gw_str, sizeof(gw_str)), + np(iface), table, metric); + + return sitnl_route_del(iface, AF_INET, &dst_v4, prefixlen, &gw_v4, table, + metric); +} + +int +net_route_v6_del(openvpn_net_ctx_t *ctx, const struct in6_addr *dst, + int prefixlen, const struct in6_addr *gw, + const char *iface, uint32_t table, int metric) +{ + inet_address_t dst_v6 = { 0 }; + inet_address_t gw_v6 = { 0 }; + char dst_str[INET6_ADDRSTRLEN]; + char gw_str[INET6_ADDRSTRLEN]; + + if (dst) + { + dst_v6.ipv6 = *dst; + } + + if (gw) + { + gw_v6.ipv6 = *gw; + } + + msg(D_ROUTE, "%s: %s/%d via %s dev %s table %d metric %d", __func__, + inet_ntop(AF_INET6, &dst_v6.ipv6, dst_str, sizeof(dst_str)), + prefixlen, inet_ntop(AF_INET6, &gw_v6.ipv6, gw_str, sizeof(gw_str)), + np(iface), table, metric); + + return sitnl_route_del(iface, AF_INET6, &dst_v6, prefixlen, &gw_v6, + table, metric); +} + +#endif /* !ENABLE_SITNL */ + +#endif /* TARGET_LINUX */ diff --git a/src/openvpn/networking_sitnl.h b/src/openvpn/networking_sitnl.h new file mode 100644 index 00000000..f39d426d --- /dev/null +++ b/src/openvpn/networking_sitnl.h @@ -0,0 +1,28 @@ +/* + * Generic interface to platform specific networking code + * + * Copyright (C) 2016-2018 Antonio Quartulli + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program (see the file COPYING included with this + * distribution); if not, write to the Free Software Foundation, Inc., + * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#ifndef NETWORKING_SITNL_H_ +#define NETWORKING_SITNL_H_ + +typedef char openvpn_net_iface_t; +typedef void * openvpn_net_ctx_t; + +#endif /* NETWORKING_SITNL_H_ */ diff --git a/src/openvpn/sitnl.h b/src/openvpn/sitnl.h new file mode 100644 index 00000000..937522f9 --- /dev/null +++ b/src/openvpn/sitnl.h @@ -0,0 +1,217 @@ +/* + * Simplified Interface To NetLink + * + * Copyright (C) 2016-2018 Antonio Quartulli + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program (see the file COPYING included with this + * distribution); if not, write to the Free Software Foundation, Inc., + * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#ifndef SITNL_H_ +#define SITNL_H_ + +#ifdef TARGET_LINUX + +#include +#include + +/** + * Bring interface up or down. + * + * @param iface the interface to modify + * @param up true if the interface has to be brought up, false otherwise + * + * @return 0 on success, a negative error code otherwise + */ +int sitnl_iface_up(const char *iface, bool up); + +/** + * Set the MTU for an interface + * + * @param iface the interface to modify + * @param mtru the new MTU + * + * @return 0 on success, a negative error code otherwise + */ +int sitnl_iface_mtu_set(const char *iface, uint32_t mtu); + +/** + * Add an IPv4 address to an interface + * + * @param iface the interface where the address has to be added + * @param addr the address to add + * @param prefixlen the prefix length of the network associated with the address + * @param broadcast the broadcast address to configure on the interface + * + * @return 0 on success, a negative error code otherwise + */ +int sitnl_addr_v4_add(const char *iface, const in_addr_t *addr, int prefixlen, + const in_addr_t *broadcast); + +/** + * Add an IPv6 address to an interface + * + * @param iface the interface where the address has to be added + * @param addr the address to add + * @param prefixlen the prefix length of the network associated with the address + * + * @return 0 on success, a negative error code otherwise + */ + +int sitnl_addr_v6_add(const char *iface, const struct in6_addr *addr, + int prefixlen); + +/** + * Remove an IPv4 from an interface + * + * @param iface the interface to remove the address from + * @param prefixlen the prefix length of the network associated with the address + * + * @return 0 on success, a negative error code otherwise + */ +int sitnl_addr_v4_del(const char *iface, const in_addr_t *addr, int prefixlen); + +/** + * Remove an IPv6 from an interface + * + * @param iface the interface to remove the address from + * @param prefixlen the prefix length of the network associated with the address + * + * @return 0 on success, a negative error code otherwise + */ +int sitnl_addr_v6_del(const char *iface, const struct in6_addr *addr, + int prefixlen); + +/** + * Add a point-to-point IPv4 address to an interface + * + * @param iface the interface where the address has to be added + * @param local the address to add + * @param remote the associated p-t-p remote address + * + * @return 0 on success, a negative error code otherwise + */ +int sitnl_addr_ptp_v4_add(const char *iface, const in_addr_t *local, + const in_addr_t *remote); + +/** + * Remove a point-to-point IPv4 address from an interface + * + * @param iface the interface to remove the address from + * @param local the address to remove + * + * @return 0 on success, a negative error code otherwise + */ +int sitnl_addr_ptp_v4_del(const char *iface, const in_addr_t *local); + + +/** + * Add a route for an IPv4 address/network + * + * @param dst the destination of the route + * @param prefixlen the length of the prefix of the destination + * @param gw the gateway for this route + * @param iface the interface for this route (can be NULL) + * @param table the table to add this route to (if 0, will be added to the + * main table) + * @param metric the metric associated with the route + * + * @return 0 on success, a negative error code otherwise + */ +int sitnl_route_v4_add(const in_addr_t *dst, int prefixlen, + const in_addr_t *gw, const char *iface, uint32_t table, + int metric); + +/** + * Add a route for an IPv6 address/network + * + * @param dst the destination of the route + * @param prefixlen the length of the prefix of the destination + * @param gw the gateway for this route + * @param iface the interface for this route (can be NULL) + * @param table the table to add this route to (if 0, will be added to the + * main table) + * @param metric the metric associated with the route + * + * @return 0 on success, a negative error code otherwise + */ +int sitnl_route_v6_add(const struct in6_addr *dst, int prefixlen, + const struct in6_addr *gw, const char *iface, + uint32_t table, int metric); + +/** + * Delete a route for an IPv4 address/network + * + * @param dst the destination of the route + * @param prefixlen the length of the prefix of the destination + * @param gw the gateway for this route + * @param iface the interface for this route (can be NULL) + * @param table the table to add this route to (if 0, will be added to the + * main table) + * @param metric the metric associated with the route + * + * @return 0 on success, a negative error code otherwise + */ +int sitnl_route_v4_del(const in_addr_t *dst, int prefixlen, + const in_addr_t *gw, const char *iface, uint32_t table, + int metric); + +/** + * Delete a route for an IPv4 address/network + * + * @param dst the destination of the route + * @param prefixlen the length of the prefix of the destination + * @param gw the gateway for this route + * @param iface the interface for this route (can be NULL) + * @param table the table to add this route to (if 0, will be added to the + * main table) + * @param metric the metric associated with the route + * + * @return 0 on success, a negative error code otherwise + */ +int sitnl_route_v6_del(const struct in6_addr *dst, int prefixlen, + const struct in6_addr *gw, const char *iface, + uint32_t table, int metric); + +/** + * Retrieve the gateway and outgoing interface for the specified IPv4 + * address/network + * + * @param dst The destination to lookup + * @param prefixlen The length of the prefix of the destination + * @param best_gw Location where the retrieved GW has to be stored + * @param best_iface Location where the retrieved interface has to be stored + * + * @return 0 on success, a negative error code otherwise + */ +int sitnl_route_v4_best_gw(const in_addr_t *dst, int prefixlen, + in_addr_t *best_gw, char *best_iface); + +/** + * Retrieve the gateway and outgoing interface for the specified IPv6 + * address/network + * + * @param dst The destination to lookup + * @param prefixlen The length of the prefix of the destination + * @param best_gw Location where the retrieved GW has to be stored + * @param best_iface Location where the retrieved interface has to be stored + * + * @return 0 on success, a negative error code otherwise + */ +int sitnl_route_v6_best_gw(const struct in6_addr *dst, int prefixlen, + struct in6_addr *best_gw, char *best_iface); + +#endif /* TARGET_LINUX */ + +#endif /* SITNL_H_ */ From patchwork Thu Oct 11 07:41:57 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 547 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director11.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id gGcpOiCav1s/WQAAIUCqbw for ; Thu, 11 Oct 2018 14:44:48 -0400 Received: from proxy5.mail.ord1d.rsapps.net ([172.30.191.6]) by director11.mail.ord1d.rsapps.net with LMTP id EC0aOiCav1uDEwAAvGGmqA ; Thu, 11 Oct 2018 14:44:48 -0400 Received: from smtp39.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy5.mail.ord1d.rsapps.net with LMTP id uKLtOSCav1vkHgAA8Zzt7w ; Thu, 11 Oct 2018 14:44:48 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp39.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: ba9ca8f4-cd85-11e8-9c9f-525400a97bbc-1-1 Received: from [216.105.38.7] ([216.105.38.7:4116] helo=lists.sourceforge.net) by smtp39.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 55/AF-02301-02A9FBB5; Thu, 11 Oct 2018 14:44:48 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1gAfwU-0007XN-Jx; Thu, 11 Oct 2018 18:44:14 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1gAfwS-0007Ww-P7 for openvpn-devel@lists.sourceforge.net; Thu, 11 Oct 2018 18:44:12 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=BUykMkSj8b0tkaJN9SDxOlkBmKWH+KZuMljhHcCe6DQ=; b=Y/fxyKD0vZhvGO5lg/M2YtdK/u c+gaP7KZa1z018CozjTRPFZLA7T5fyzEEq2M7lCISxmQhum902EbDvzW8TgXXcyLFKRcRGv+laaCl o7kdSJyis7spDOQRlMDEa2vr9nQWJC1ptHWgBiI4A871QMsKAlvAUVwI6YmXBK7x3xlE=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=BUykMkSj8b0tkaJN9SDxOlkBmKWH+KZuMljhHcCe6DQ=; b=IQ60zSNgffRUu4xcNG4iVa4FpN vciCRXbYTES9jqY5+uklu/Pd5pffyIy8mnc35MzeT/+BrF+6GH/roebUzuA8/Tkb4C1gOSCjBGdNr iQBqIpg1gZm4/ChtFN0z5LZAjR3Rlnf1e2ya5v7rncnq7x4go8XvMex5Ygxv9IfgHOsg=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) id 1gAfwQ-000R6i-Ge for openvpn-devel@lists.sourceforge.net; Thu, 11 Oct 2018 18:44:12 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Fri, 12 Oct 2018 02:41:57 +0800 Message-Id: <20181011184200.22175-5-a@unstable.cc> In-Reply-To: <20181011184200.22175-1-a@unstable.cc> References: <20181011184200.22175-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [5.148.176.60 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1gAfwQ-000R6i-Ge Subject: [Openvpn-devel] [PATCH v2 4/7] tun.c: use new networking API to handle tun interface on Linux X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox By switching to the networking API (for Linux) openvpn will now use any of the available implementations to handle the tun interface. At the moment only iproute2 and sitnl (NetLink) is implemented. Signed-off-by: Antonio Quartulli --- src/openvpn/init.c | 22 ++-- src/openvpn/init.h | 2 +- src/openvpn/networking.h | 6 -- src/openvpn/openvpn.c | 4 +- src/openvpn/openvpn.h | 2 + src/openvpn/options.c | 4 +- src/openvpn/options.h | 1 + src/openvpn/tun.c | 215 +++++++++++++++++++++------------------ src/openvpn/tun.h | 12 ++- 9 files changed, 147 insertions(+), 121 deletions(-) diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 1b9f19d0..1eba49ab 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -1081,7 +1081,7 @@ do_genkey(const struct options *options) * Persistent TUN/TAP device management mode? */ bool -do_persist_tuntap(const struct options *options) +do_persist_tuntap(const struct options *options, openvpn_net_ctx_t *ctx) { if (options->persist_config) { @@ -1099,7 +1099,8 @@ do_persist_tuntap(const struct options *options) #ifdef ENABLE_FEATURE_TUN_PERSIST tuncfg(options->dev, options->dev_type, options->dev_node, options->persist_mode, - options->username, options->groupname, &options->tuntap_options); + options->username, options->groupname, &options->tuntap_options, + ctx); if (options->persist_mode && options->lladdr) { set_lladdr(options->dev, options->lladdr, NULL); @@ -1672,7 +1673,8 @@ do_init_tun(struct context *c) c->c1.link_socket_addr.bind_local, c->c1.link_socket_addr.remote_list, !c->options.ifconfig_nowarn, - c->c2.es); + c->c2.es, + &c->net_ctx); init_tun_post(c->c1.tuntap, &c->c2.frame, @@ -1744,7 +1746,8 @@ do_open_tun(struct context *c) c->options.dev_type, c->options.dev_node, &gc); - do_ifconfig(c->c1.tuntap, guess, TUN_MTU_SIZE(&c->c2.frame), c->c2.es); + do_ifconfig(c->c1.tuntap, guess, TUN_MTU_SIZE(&c->c2.frame), c->c2.es, + &c->net_ctx); } /* possibly add routes */ @@ -1772,7 +1775,8 @@ do_open_tun(struct context *c) if (!c->options.ifconfig_noexec && ifconfig_order() == IFCONFIG_AFTER_TUN_OPEN) { - do_ifconfig(c->c1.tuntap, c->c1.tuntap->actual_name, TUN_MTU_SIZE(&c->c2.frame), c->c2.es); + do_ifconfig(c->c1.tuntap, c->c1.tuntap->actual_name, + TUN_MTU_SIZE(&c->c2.frame), c->c2.es, &c->net_ctx); } /* run the up script */ @@ -1880,7 +1884,7 @@ do_close_tun_simple(struct context *c) msg(D_CLOSE, "Closing TUN/TAP interface"); if (c->c1.tuntap) { - close_tun(c->c1.tuntap); + close_tun(c->c1.tuntap, &c->net_ctx); c->c1.tuntap = NULL; } c->c1.tuntap_owned = false; @@ -3321,9 +3325,11 @@ do_compute_occ_strings(struct context *c) struct gc_arena gc = gc_new(); c->c2.options_string_local = - options_string(&c->options, &c->c2.frame, c->c1.tuntap, false, &gc); + options_string(&c->options, &c->c2.frame, c->c1.tuntap, &c->net_ctx, + false, &gc); c->c2.options_string_remote = - options_string(&c->options, &c->c2.frame, c->c1.tuntap, true, &gc); + options_string(&c->options, &c->c2.frame, c->c1.tuntap, &c->net_ctx, + true, &gc); msg(D_SHOW_OCC, "Local Options String (VER=%s): '%s'", options_string_version(c->c2.options_string_local, &gc), diff --git a/src/openvpn/init.h b/src/openvpn/init.h index 085ac533..ba5eda06 100644 --- a/src/openvpn/init.h +++ b/src/openvpn/init.h @@ -56,7 +56,7 @@ bool print_openssl_info(const struct options *options); bool do_genkey(const struct options *options); -bool do_persist_tuntap(const struct options *options); +bool do_persist_tuntap(const struct options *options, openvpn_net_ctx_t *ctx); bool possibly_become_daemon(const struct options *options); diff --git a/src/openvpn/networking.h b/src/openvpn/networking.h index 716e61a5..e624cb6b 100644 --- a/src/openvpn/networking.h +++ b/src/openvpn/networking.h @@ -21,12 +21,6 @@ #ifndef NETWORKING_H_ #define NETWORKING_H_ -#ifdef HAVE_CONFIG_H -#include "config.h" -#elif defined(_MSC_VER) -#include "config-msvc.h" -#endif - #include "syshead.h" struct context; diff --git a/src/openvpn/openvpn.c b/src/openvpn/openvpn.c index 5d6a41cd..a32227da 100644 --- a/src/openvpn/openvpn.c +++ b/src/openvpn/openvpn.c @@ -215,6 +215,8 @@ openvpn_main(int argc, char *argv[]) open_plugins(&c, true, OPENVPN_PLUGIN_INIT_PRE_CONFIG_PARSE); #endif + net_ctx_init(&c, &c.net_ctx); + /* init verbosity and mute levels */ init_verb_mute(&c, IVM_LEVEL_1); @@ -234,7 +236,7 @@ openvpn_main(int argc, char *argv[]) } /* tun/tap persist command? */ - if (do_persist_tuntap(&c.options)) + if (do_persist_tuntap(&c.options, &c.net_ctx)) { break; } diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h index bc972f22..7ec69612 100644 --- a/src/openvpn/openvpn.h +++ b/src/openvpn/openvpn.h @@ -520,6 +520,8 @@ struct context struct env_set *es; /**< Set of environment variables. */ + openvpn_net_ctx_t net_ctx; /**< Networking API opaque context */ + struct signal_info *sig; /**< Internal error signaling object. */ struct plugin_list *plugins; /**< List of plug-ins. */ diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 0421185f..55559dfd 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -3570,6 +3570,7 @@ char * options_string(const struct options *o, const struct frame *frame, struct tuntap *tt, + openvpn_net_ctx_t *ctx, bool remote, struct gc_arena *gc) { @@ -3612,7 +3613,8 @@ options_string(const struct options *o, NULL, NULL, false, - NULL); + NULL, + ctx); if (tt) { tt_local = true; diff --git a/src/openvpn/options.h b/src/openvpn/options.h index 33b1e45a..8e777e40 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -726,6 +726,7 @@ const char *options_string_version(const char *s, struct gc_arena *gc); char *options_string(const struct options *o, const struct frame *frame, struct tuntap *tt, + openvpn_net_ctx_t *ctx, bool remote, struct gc_arena *gc); diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index 948fd17d..002c3e6c 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -46,6 +46,7 @@ #include "route.h" #include "win32.h" #include "block_dns.h" +#include "networking.h" #include "memdbg.h" @@ -631,7 +632,8 @@ init_tun(const char *dev, /* --dev option */ struct addrinfo *local_public, struct addrinfo *remote_public, const bool strict_warn, - struct env_set *es) + struct env_set *es, + openvpn_net_ctx_t *ctx) { struct gc_arena gc = gc_new(); struct tuntap *tt; @@ -870,35 +872,37 @@ create_arbitrary_remote( struct tuntap *tt ) * @param ifname the human readable interface name * @param mtu the MTU value to set the interface to * @param es the environment to be used when executing the commands + * @param ctx the networking API opaque context */ static void do_ifconfig_ipv6(struct tuntap *tt, const char *ifname, int tun_mtu, - const struct env_set *es) + const struct env_set *es, openvpn_net_ctx_t *ctx) { - const char *ifconfig_ipv6_local = NULL; +#if defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) \ + || defined(TARGET_DARWIN) || defined(TARGET_FREEBSD) \ + || defined(TARGET_DRAGONFLY) || defined(TARGET_AIX) \ + || defined(TARGET_SOLARIS) || defined(_WIN32) struct argv argv = argv_new(); struct gc_arena gc = gc_new(); - - ifconfig_ipv6_local = print_in6_addr(tt->local_ipv6, 0, &gc); + const char *ifconfig_ipv6_local = print_in6_addr(tt->local_ipv6, 0, &gc); +#endif #if defined(TARGET_LINUX) -#ifdef ENABLE_IPROUTE - /* set the MTU for the device and bring it up */ - argv_printf(&argv, "%s link set dev %s up mtu %d", iproute_path, ifname, - tun_mtu); - argv_msg(M_INFO, &argv); - openvpn_execve_check(&argv, es, S_FATAL, "Linux ip link set failed"); + if (net_iface_mtu_set(ctx, ifname, tun_mtu) < 0) + { + msg(M_FATAL, "Linux can't set mtu (%d) on %s", tun_mtu, ifname); + } - argv_printf(&argv, "%s -6 addr add %s/%d dev %s", iproute_path, - ifconfig_ipv6_local, tt->netbits_ipv6, ifname); - argv_msg(M_INFO, &argv); - openvpn_execve_check(&argv, es, S_FATAL, "Linux ip -6 addr add failed"); -#else - argv_printf(&argv, "%s %s add %s/%d mtu %d up", IFCONFIG_PATH, ifname, - ifconfig_ipv6_local, tt->netbits_ipv6, tun_mtu); - argv_msg(M_INFO, &argv); - openvpn_execve_check(&argv, es, S_FATAL, "Linux ifconfig inet6 failed"); -#endif + if (net_iface_up(ctx, ifname, true) < 0) + { + msg(M_FATAL, "Linux can't bring %s up", ifname); + } + + if (net_addr_v6_add(ctx, ifname, &tt->local_ipv6, + tt->netbits_ipv6) < 0) + { + msg(M_FATAL, "Linux can't add IPv6 to interface %s", ifname); + } #elif defined(TARGET_ANDROID) char out6[64]; @@ -1011,8 +1015,13 @@ do_ifconfig_ipv6(struct tuntap *tt, const char *ifname, int tun_mtu, msg(M_FATAL, "Sorry, but I don't know how to do IPv6 'ifconfig' commands on this operating system. You should ifconfig your TUN/TAP device manually or use an --up script."); #endif /* outer "if defined(TARGET_xxx)" conditional */ +#if defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) \ + || defined(TARGET_DARWIN) || defined(TARGET_FREEBSD) \ + || defined(TARGET_DRAGONFLY) || defined(TARGET_AIX) \ + || defined(TARGET_SOLARIS) || defined(_WIN32) gc_free(&gc); argv_reset(&argv); +#endif } /** @@ -1022,23 +1031,27 @@ do_ifconfig_ipv6(struct tuntap *tt, const char *ifname, int tun_mtu, * @param ifname the human readable interface name * @param mtu the MTU value to set the interface to * @param es the environment to be used when executing the commands + * @param ctx the networking API opaque context */ static void do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, int tun_mtu, - const struct env_set *es) + const struct env_set *es, openvpn_net_ctx_t *ctx) { - bool tun = false; + /* + * We only handle TUN/TAP devices here, not --dev null devices. + */ + bool tun = is_tun_p2p(tt); + +#if defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) \ + || defined(TARGET_DARWIN) || defined(TARGET_FREEBSD) \ + || defined(TARGET_DRAGONFLY) || defined(TARGET_AIX) \ + || defined(TARGET_SOLARIS) || defined(_WIN32) const char *ifconfig_local = NULL; const char *ifconfig_remote_netmask = NULL; const char *ifconfig_broadcast = NULL; struct argv argv = argv_new(); struct gc_arena gc = gc_new(); - /* - * We only handle TUN/TAP devices here, not --dev null devices. - */ - tun = is_tun_p2p(tt); - /* * Set ifconfig parameters */ @@ -1052,53 +1065,36 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, int tun_mtu, { ifconfig_broadcast = print_in_addr_t(tt->broadcast, 0, &gc); } +#endif #if defined(TARGET_LINUX) -#ifdef ENABLE_IPROUTE - /* - * Set the MTU for the device - */ - argv_printf(&argv, "%s link set dev %s up mtu %d", iproute_path, ifname, - tun_mtu); - argv_msg(M_INFO, &argv); - openvpn_execve_check(&argv, es, S_FATAL, "Linux ip link set failed"); - - if (tun) + if (net_iface_mtu_set(ctx, ifname, tun_mtu) < 0) { - - /* - * Set the address for the device - */ - argv_printf(&argv, "%s addr add dev %s local %s peer %s", iproute_path, - ifname, ifconfig_local, ifconfig_remote_netmask); - argv_msg(M_INFO, &argv); - openvpn_execve_check(&argv, es, S_FATAL, "Linux ip addr add failed"); + msg(M_FATAL, "Linux can't set mtu (%d) on %s", tun_mtu, ifname); } - else + + if (net_iface_up(ctx, ifname, true) < 0) { - argv_printf(&argv, "%s addr add dev %s %s/%d broadcast %s", - iproute_path, ifname, ifconfig_local, - netmask_to_netbits2(tt->remote_netmask), - ifconfig_broadcast); - argv_msg(M_INFO, &argv); - openvpn_execve_check(&argv, es, S_FATAL, "Linux ip addr add failed"); + msg(M_FATAL, "Linux can't bring %s up", ifname); } -#else /* ifdef ENABLE_IPROUTE */ + if (tun) { - argv_printf(&argv, "%s %s %s pointopoint %s mtu %d", IFCONFIG_PATH, - ifname, ifconfig_local, ifconfig_remote_netmask, tun_mtu); + if (net_addr_ptp_v4_add(ctx, ifname, &tt->local, + &tt->remote_netmask) < 0) + { + msg(M_FATAL, "Linux can't add IP to TUN interface %s", ifname); + } } else { - argv_printf(&argv, "%s %s %s netmask %s mtu %d broadcast %s", - IFCONFIG_PATH, ifname, ifconfig_local, - ifconfig_remote_netmask, tun_mtu, ifconfig_broadcast); + if (net_addr_v4_add(ctx, ifname, &tt->local, + netmask_to_netbits2(tt->remote_netmask), + &tt->remote_netmask) < 0) + { + msg(M_FATAL, "Linux can't add IP to TAP interface %s", ifname); + } } - argv_msg(M_INFO, &argv); - openvpn_execve_check(&argv, es, S_FATAL, "Linux ifconfig failed"); - -#endif /*ENABLE_IPROUTE*/ #elif defined(TARGET_ANDROID) char out[64]; @@ -1399,14 +1395,19 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, int tun_mtu, msg(M_FATAL, "Sorry, but I don't know how to do 'ifconfig' commands on this operating system. You should ifconfig your TUN/TAP device manually or use an --up script."); #endif /* if defined(TARGET_LINUX) */ +#if defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) \ + || defined(TARGET_DARWIN) || defined(TARGET_FREEBSD) \ + || defined(TARGET_DRAGONFLY) || defined(TARGET_AIX) \ + || defined(TARGET_SOLARIS) || defined(_WIN32) gc_free(&gc); argv_reset(&argv); +#endif } /* execute the ifconfig command through the shell */ void do_ifconfig(struct tuntap *tt, const char *ifname, int tun_mtu, - const struct env_set *es) + const struct env_set *es, openvpn_net_ctx_t *ctx) { msg(D_LOW, "do_ifconfig, ipv4=%d, ipv6=%d", tt->did_ifconfig_setup, tt->did_ifconfig_ipv6_setup); @@ -1426,12 +1427,12 @@ do_ifconfig(struct tuntap *tt, const char *ifname, int tun_mtu, if (tt->did_ifconfig_setup) { - do_ifconfig_ipv4(tt, ifname, tun_mtu, es); + do_ifconfig_ipv4(tt, ifname, tun_mtu, es, ctx); } if (tt->did_ifconfig_ipv6_setup) { - do_ifconfig_ipv6(tt, ifname, tun_mtu, es); + do_ifconfig_ipv6(tt, ifname, tun_mtu, es, ctx); } } @@ -1742,7 +1743,7 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun } void -close_tun(struct tuntap *tt) +close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx) { ASSERT(tt); @@ -1898,7 +1899,9 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun #ifdef ENABLE_FEATURE_TUN_PERSIST void -tuncfg(const char *dev, const char *dev_type, const char *dev_node, int persist_mode, const char *username, const char *groupname, const struct tuntap_options *options) +tuncfg(const char *dev, const char *dev_type, const char *dev_node, + int persist_mode, const char *username, const char *groupname, + const struct tuntap_options *options, openvpn_net_ctx_t *ctx) { struct tuntap *tt; @@ -1937,62 +1940,74 @@ tuncfg(const char *dev, const char *dev_type, const char *dev_node, int persist_ msg(M_ERR, "Cannot ioctl TUNSETOWNER(%s) %s", groupname, dev); } } - close_tun(tt); + close_tun(tt, ctx); msg(M_INFO, "Persist state set to: %s", (persist_mode ? "ON" : "OFF")); } #endif /* ENABLE_FEATURE_TUN_PERSIST */ void -undo_ifconfig_ipv4(struct tuntap *tt, struct gc_arena *gc) +undo_ifconfig_ipv4(struct tuntap *tt, struct gc_arena *gc, + openvpn_net_ctx_t *ctx) { - struct argv argv = argv_new(); +#if defined(TARGET_LINUX) + int netbits = netmask_to_netbits2(tt->remote_netmask); -#ifdef ENABLE_IPROUTE if (is_tun_p2p(tt)) { - argv_printf(&argv, "%s addr del dev %s local %s peer %s", iproute_path, - tt->actual_name, print_in_addr_t(tt->local, 0, gc), - print_in_addr_t(tt->remote_netmask, 0, gc)); + if (net_addr_ptp_v4_del(ctx, tt->actual_name, &tt->local, + &tt->remote_netmask) < 0) + { + msg(M_WARN, "Linux can't del IP from TUN iface %s", + tt->actual_name); + } } else { - argv_printf(&argv, "%s addr del dev %s %s/%d", iproute_path, - tt->actual_name, print_in_addr_t(tt->local, 0, gc), - netmask_to_netbits2(tt->remote_netmask)); + if (net_addr_v4_del(ctx, tt->actual_name, &tt->local, netbits) < 0) + { + msg(M_WARN, "Linux can't del IP from TAP iface %s", + tt->actual_name); + } } -#else /* ifdef ENABLE_IPROUTE */ +#else /* ifdef TARGET_LINUX */ + struct argv argv = argv_new(); + argv_printf(&argv, "%s %s 0.0.0.0", IFCONFIG_PATH, tt->actual_name); -#endif /* ifdef ENABLE_IPROUTE */ argv_msg(M_INFO, &argv); - openvpn_execve_check(&argv, NULL, 0, "Linux ip addr del failed"); + openvpn_execve_check(&argv, NULL, 0, "Generic ip addr del failed"); argv_reset(&argv); +#endif /* ifdef TARGET_LINUX */ } void -undo_ifconfig_ipv6(struct tuntap *tt, struct gc_arena *gc) +undo_ifconfig_ipv6(struct tuntap *tt, struct gc_arena *gc, + openvpn_net_ctx_t *ctx) { +#if defined(TARGET_LINUX) + if (net_addr_v6_del(ctx, tt->actual_name, &tt->local_ipv6, + tt->netbits_ipv6) < 0) + { + msg(M_WARN, "Linux can't del IPv6 from iface %s", tt->actual_name); + } +#else /* ifdef TARGET_LINUX */ const char *ifconfig_ipv6_local = print_in6_addr(tt->local_ipv6, 0, gc); struct argv argv = argv_new(); -#ifdef ENABLE_IPROUTE - argv_printf(&argv, "%s -6 addr del %s/%d dev %s", iproute_path, - ifconfig_ipv6_local, tt->netbits_ipv6, tt->actual_name); -#else /* ifdef ENABLE_IPROUTE */ argv_printf(&argv, "%s %s del %s/%d", IFCONFIG_PATH, tt->actual_name, ifconfig_ipv6_local, tt->netbits_ipv6); -#endif argv_msg(M_INFO, &argv); openvpn_execve_check(&argv, NULL, 0, "Linux ip -6 addr del failed"); argv_reset(&argv); +#endif /* ifdef TARGET_LINUX */ } void -close_tun(struct tuntap *tt) +close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx) { ASSERT(tt); @@ -2002,12 +2017,12 @@ close_tun(struct tuntap *tt) if (tt->did_ifconfig_setup) { - undo_ifconfig_ipv4(tt, &gc); + undo_ifconfig_ipv4(tt, &gc, ctx); } if (tt->did_ifconfig_ipv6_setup) { - undo_ifconfig_ipv6(tt, &gc); + undo_ifconfig_ipv6(tt, &gc, ctx); } gc_free(&gc); @@ -2327,7 +2342,7 @@ solaris_close_tun(struct tuntap *tt) * Close TUN device. */ void -close_tun(struct tuntap *tt) +close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx) { ASSERT(tt); @@ -2363,7 +2378,7 @@ solaris_error_close(struct tuntap *tt, const struct env_set *es, argv_msg(M_INFO, &argv); openvpn_execve_check(&argv, es, 0, "Solaris ifconfig unplumb failed"); - close_tun(tt); + close_tun(tt, NULL); msg(M_FATAL, "Solaris ifconfig failed"); argv_reset(&argv); } @@ -2426,7 +2441,7 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun */ void -close_tun(struct tuntap *tt) +close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx) { ASSERT(tt); @@ -2512,7 +2527,7 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun * need to be explicitely destroyed */ void -close_tun(struct tuntap *tt) +close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx) { ASSERT(tt); @@ -2653,7 +2668,7 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun * we need to call "ifconfig ... destroy" for cleanup */ void -close_tun(struct tuntap *tt) +close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx) { ASSERT(tt); @@ -2769,7 +2784,7 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun } void -close_tun(struct tuntap *tt) +close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx) { ASSERT(tt); @@ -3025,7 +3040,7 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun } void -close_tun(struct tuntap *tt) +close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx) { ASSERT(tt); @@ -3173,7 +3188,7 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun /* tap devices need to be manually destroyed on AIX */ void -close_tun(struct tuntap *tt) +close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx) { ASSERT(tt); @@ -6069,7 +6084,7 @@ tun_show_debug(struct tuntap *tt) } void -close_tun(struct tuntap *tt) +close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx) { ASSERT(tt); @@ -6244,7 +6259,7 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun } void -close_tun(struct tuntap *tt) +close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx) { ASSERT(tt); diff --git a/src/openvpn/tun.h b/src/openvpn/tun.h index cb1ab1cc..a68ecaa9 100644 --- a/src/openvpn/tun.h +++ b/src/openvpn/tun.h @@ -36,6 +36,7 @@ #include "event.h" #include "proto.h" #include "misc.h" +#include "networking.h" #if defined(_WIN32) || defined(TARGET_ANDROID) @@ -211,7 +212,7 @@ tuntap_defined(const struct tuntap *tt) void open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tuntap *tt); -void close_tun(struct tuntap *tt); +void close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx); int write_tun(struct tuntap *tt, uint8_t *buf, int len); @@ -219,7 +220,8 @@ int read_tun(struct tuntap *tt, uint8_t *buf, int len); void tuncfg(const char *dev, const char *dev_type, const char *dev_node, int persist_mode, const char *username, - const char *groupname, const struct tuntap_options *options); + const char *groupname, const struct tuntap_options *options, + openvpn_net_ctx_t *ctx); const char *guess_tuntap_dev(const char *dev, const char *dev_type, @@ -237,7 +239,8 @@ struct tuntap *init_tun(const char *dev, /* --dev option */ struct addrinfo *local_public, struct addrinfo *remote_public, const bool strict_warn, - struct env_set *es); + struct env_set *es, + openvpn_net_ctx_t *ctx); void init_tun_post(struct tuntap *tt, const struct frame *frame, @@ -253,9 +256,10 @@ void do_ifconfig_setenv(const struct tuntap *tt, * @param ifname the human readable interface name * @param mtu the MTU value to set the interface to * @param es the environment to be used when executing the commands + * @param ctx the networking API opaque context */ void do_ifconfig(struct tuntap *tt, const char *ifname, int tun_mtu, - const struct env_set *es); + const struct env_set *es, openvpn_net_ctx_t *ctx); bool is_dev_type(const char *dev, const char *dev_type, const char *match_type); From patchwork Thu Oct 11 07:41:58 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 549 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director7.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id kABhBCeav1tlTwAAIUCqbw for ; Thu, 11 Oct 2018 14:44:55 -0400 Received: from proxy13.mail.ord1d.rsapps.net ([172.30.191.6]) by director7.mail.ord1d.rsapps.net with LMTP id mJtABCeav1svBwAAovjBpQ ; Thu, 11 Oct 2018 14:44:55 -0400 Received: from smtp20.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy13.mail.ord1d.rsapps.net with LMTP id INHnAyeav1vfHQAAgjf6aA ; Thu, 11 Oct 2018 14:44:55 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp20.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: be282dae-cd85-11e8-966c-525400b8bfda-1-1 Received: from [216.105.38.7] ([216.105.38.7:44164] helo=lists.sourceforge.net) by smtp20.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id B5/B9-07746-62A9FBB5; Thu, 11 Oct 2018 14:44:54 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1gAfwY-00086I-D3; Thu, 11 Oct 2018 18:44:18 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1gAfwW-000865-VQ for openvpn-devel@lists.sourceforge.net; Thu, 11 Oct 2018 18:44:16 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=9/09vbBqwSBoRHBJ1rgGX23Z9NseRqhwH6DAWDsso0A=; b=ZQLof7Lu+B1rigPcOcOlKPxFzi 2yn5iCj32sxPkv36NTAW8m0Zr4TcjDshejh8o5Kj291mEIyK2UlCUG8CEjREIUkDXfIa2cAIuaJTG +yP4xXnDqttrqWUFAj6iVLzTciYxcNs1KuJWlBvrAYldPZYG9aCEZNRd0ZhTk1WRHUo4=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=9/09vbBqwSBoRHBJ1rgGX23Z9NseRqhwH6DAWDsso0A=; b=fjqGSfuaHEtMoRLJxANsMRWQdz qxXdgATulACNzOwB+tcDg47wH5+GLFCvdioah9V9ax+yPiD2PbcHKOo0cMwWOd0XNDxkyqxgbdYnM IC88kjlT1j5jIBDdhSq2IZ490o7JB9qZXZkPn9YiGFk7EHXR2/9XFJFTGwXI5It8w5p4=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) id 1gAfwU-006C3k-BA for openvpn-devel@lists.sourceforge.net; Thu, 11 Oct 2018 18:44:16 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Fri, 12 Oct 2018 02:41:58 +0800 Message-Id: <20181011184200.22175-6-a@unstable.cc> In-Reply-To: <20181011184200.22175-1-a@unstable.cc> References: <20181011184200.22175-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [5.148.176.60 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1gAfwU-006C3k-BA Subject: [Openvpn-devel] [PATCH v2 5/7] route.c: use new networking API to handle routing table on Linux X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox By switching to the networking API (for Linux) openvpn will now use any of the available implementations to handle the routing table. At the moment only iproute2 is implemented. Signed-off-by: Antonio Quartulli --- src/openvpn/forward.c | 2 +- src/openvpn/init.c | 24 ++- src/openvpn/init.h | 3 +- src/openvpn/networking_ip.c | 1 - src/openvpn/options.c | 4 +- src/openvpn/route.c | 336 +++++++++++++++--------------------- src/openvpn/route.h | 19 +- src/openvpn/ssl.c | 2 +- src/openvpn/ssl_common.h | 1 + src/openvpn/tun.c | 18 +- src/openvpn/tun.h | 2 +- 11 files changed, 184 insertions(+), 228 deletions(-) diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index f8faa810..03579e44 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -508,7 +508,7 @@ static void check_add_routes_action(struct context *c, const bool errors) { do_route(&c->options, c->c1.route_list, c->c1.route_ipv6_list, - c->c1.tuntap, c->plugins, c->c2.es); + c->c1.tuntap, c->plugins, c->c2.es, &c->net_ctx); update_time(); event_timeout_clear(&c->c2.route_wakeup); event_timeout_clear(&c->c2.route_wakeup_expire); diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 1eba49ab..79541cc8 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -1402,7 +1402,8 @@ static void do_init_route_list(const struct options *options, struct route_list *route_list, const struct link_socket_info *link_socket_info, - struct env_set *es) + struct env_set *es, + openvpn_net_ctx_t *ctx) { const char *gw = NULL; int dev = dev_type_enum(options->dev, options->dev_type); @@ -1426,7 +1427,8 @@ do_init_route_list(const struct options *options, gw, metric, link_socket_current_remote(link_socket_info), - es)) + es, + ctx)) { /* copy routes to environment */ setenv_routes(es, route_list); @@ -1611,11 +1613,13 @@ do_route(const struct options *options, struct route_ipv6_list *route_ipv6_list, const struct tuntap *tt, const struct plugin_list *plugins, - struct env_set *es) + struct env_set *es, + openvpn_net_ctx_t *ctx) { if (!options->route_noexec && ( route_list || route_ipv6_list ) ) { - add_routes(route_list, route_ipv6_list, tt, ROUTE_OPTION_FLAGS(options), es); + add_routes(route_list, route_ipv6_list, tt, ROUTE_OPTION_FLAGS(options), + es, ctx); setenv_int(es, "redirect_gateway", route_did_redirect_default_gateway(route_list)); } #ifdef ENABLE_MANAGEMENT @@ -1728,7 +1732,7 @@ do_open_tun(struct context *c) if (c->options.routes && c->c1.route_list) { do_init_route_list(&c->options, c->c1.route_list, - &c->c2.link_socket->info, c->c2.es); + &c->c2.link_socket->info, c->c2.es, &c->net_ctx); } if (c->options.routes_ipv6 && c->c1.route_ipv6_list) { @@ -1755,7 +1759,7 @@ do_open_tun(struct context *c) { /* Ignore route_delay, would cause ROUTE_BEFORE_TUN to be ignored */ do_route(&c->options, c->c1.route_list, c->c1.route_ipv6_list, - c->c1.tuntap, c->plugins, c->c2.es); + c->c1.tuntap, c->plugins, c->c2.es, &c->net_ctx); } #ifdef TARGET_ANDROID /* Store the old fd inside the fd so open_tun can use it */ @@ -1812,7 +1816,7 @@ do_open_tun(struct context *c) if ((route_order() == ROUTE_AFTER_TUN) && (!c->options.route_delay_defined)) { do_route(&c->options, c->c1.route_list, c->c1.route_ipv6_list, - c->c1.tuntap, c->plugins, c->c2.es); + c->c1.tuntap, c->plugins, c->c2.es, &c->net_ctx); } /* @@ -1941,7 +1945,8 @@ do_close_tun(struct context *c, bool force) c->c2.es); delete_routes(c->c1.route_list, c->c1.route_ipv6_list, - c->c1.tuntap, ROUTE_OPTION_FLAGS(&c->options), c->c2.es); + c->c1.tuntap, ROUTE_OPTION_FLAGS(&c->options), + c->c2.es, &c->net_ctx); } /* actually close tun/tap device based on --down-pre flag */ @@ -2777,6 +2782,7 @@ do_init_crypto_tls(struct context *c, const unsigned int flags) to.x509_username_field = X509_USERNAME_FIELD_DEFAULT; #endif to.es = c->c2.es; + to.net_ctx = &c->net_ctx; #ifdef ENABLE_DEBUG to.gremlin = c->options.gremlin; @@ -3123,7 +3129,7 @@ do_option_warnings(struct context *c) if (o->tls_server) { - warn_on_use_of_common_subnets(); + warn_on_use_of_common_subnets(&c->net_ctx); } if (o->tls_client && !o->tls_verify diff --git a/src/openvpn/init.h b/src/openvpn/init.h index ba5eda06..fa70bab2 100644 --- a/src/openvpn/init.h +++ b/src/openvpn/init.h @@ -76,7 +76,8 @@ void do_route(const struct options *options, struct route_ipv6_list *route_ipv6_list, const struct tuntap *tt, const struct plugin_list *plugins, - struct env_set *es); + struct env_set *es, + openvpn_net_ctx_t *ctx); void close_instance(struct context *c); diff --git a/src/openvpn/networking_ip.c b/src/openvpn/networking_ip.c index ae667a9c..918d62ef 100644 --- a/src/openvpn/networking_ip.c +++ b/src/openvpn/networking_ip.c @@ -29,7 +29,6 @@ #include "syshead.h" #include "networking.h" -#include "networking_ip.h" #include "misc.h" #include "openvpn.h" #include "run_command.h" diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 55559dfd..df927056 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -5028,12 +5028,14 @@ add_option(struct options *options, struct route_gateway_info rgi; struct route_ipv6_gateway_info rgi6; struct in6_addr remote = IN6ADDR_ANY_INIT; + openvpn_net_ctx_t net_ctx; VERIFY_PERMISSION(OPT_P_GENERAL); if (p[1]) { get_ipv6_addr(p[1], &remote, NULL, M_WARN); } - get_default_gateway(&rgi); + net_ctx_init(NULL, &net_ctx); + get_default_gateway(&rgi, &net_ctx); get_default_gateway_ipv6(&rgi6, &remote); print_default_gateway(M_INFO, &rgi, &rgi6); openvpn_exit(OPENVPN_EXIT_STATUS_GOOD); /* exit point */ diff --git a/src/openvpn/route.c b/src/openvpn/route.c index d97e8dba..fd6274da 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -41,6 +41,7 @@ #include "manage.h" #include "win32.h" #include "options.h" +#include "networking.h" #include "memdbg.h" @@ -62,7 +63,7 @@ static bool del_route_ipv6_service(const struct route_ipv6 *, const struct tunta #endif -static void delete_route(struct route_ipv4 *r, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, const struct env_set *es); +static void delete_route(struct route_ipv4 *r, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, const struct env_set *es, openvpn_net_ctx_t *ctx); static void get_bypass_addresses(struct route_bypass *rb, const unsigned int flags); @@ -613,7 +614,8 @@ init_route_list(struct route_list *rl, const char *remote_endpoint, int default_metric, in_addr_t remote_host, - struct env_set *es) + struct env_set *es, + openvpn_net_ctx_t *ctx) { struct gc_arena gc = gc_new(); bool ret = true; @@ -634,7 +636,7 @@ init_route_list(struct route_list *rl, rl->spec.flags |= RTSA_DEFAULT_METRIC; } - get_default_gateway(&rl->rgi); + get_default_gateway(&rl->rgi, ctx); if (rl->rgi.flags & RGI_ADDR_DEFINED) { setenv_route_addr(es, "net_gateway", rl->rgi.gateway.addr, -1); @@ -901,7 +903,8 @@ add_route3(in_addr_t network, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, - const struct env_set *es) + const struct env_set *es, + openvpn_net_ctx_t *ctx) { struct route_ipv4 r; CLEAR(r); @@ -909,7 +912,7 @@ add_route3(in_addr_t network, r.network = network; r.netmask = netmask; r.gateway = gateway; - add_route(&r, tt, flags, rgi, es); + add_route(&r, tt, flags, rgi, es, ctx); } static void @@ -919,7 +922,8 @@ del_route3(in_addr_t network, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, - const struct env_set *es) + const struct env_set *es, + openvpn_net_ctx_t *ctx) { struct route_ipv4 r; CLEAR(r); @@ -927,7 +931,7 @@ del_route3(in_addr_t network, r.network = network; r.netmask = netmask; r.gateway = gateway; - delete_route(&r, tt, flags, rgi, es); + delete_route(&r, tt, flags, rgi, es, ctx); } static void @@ -936,7 +940,8 @@ add_bypass_routes(struct route_bypass *rb, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, - const struct env_set *es) + const struct env_set *es, + openvpn_net_ctx_t *ctx) { int i; for (i = 0; i < rb->n_bypass; ++i) @@ -949,7 +954,8 @@ add_bypass_routes(struct route_bypass *rb, tt, flags | ROUTE_REF_GW, rgi, - es); + es, + ctx); } } } @@ -960,7 +966,8 @@ del_bypass_routes(struct route_bypass *rb, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, - const struct env_set *es) + const struct env_set *es, + openvpn_net_ctx_t *ctx) { int i; for (i = 0; i < rb->n_bypass; ++i) @@ -973,13 +980,16 @@ del_bypass_routes(struct route_bypass *rb, tt, flags | ROUTE_REF_GW, rgi, - es); + es, + ctx); } } } static void -redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, unsigned int flags, const struct env_set *es) +redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, + unsigned int flags, const struct env_set *es, + openvpn_net_ctx_t *ctx) { const char err[] = "NOTE: unable to redirect default gateway --"; @@ -1035,7 +1045,8 @@ redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, un tt, flags | ROUTE_REF_GW, &rl->rgi, - es); + es, + ctx); rl->iflags |= RL_DID_LOCAL; } else @@ -1046,7 +1057,8 @@ redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, un #endif /* ifndef TARGET_ANDROID */ /* route DHCP/DNS server traffic through original default gateway */ - add_bypass_routes(&rl->spec.bypass, rl->rgi.gateway.addr, tt, flags, &rl->rgi, es); + add_bypass_routes(&rl->spec.bypass, rl->rgi.gateway.addr, tt, flags, + &rl->rgi, es, ctx); if (rl->flags & RG_REROUTE_GW) { @@ -1059,7 +1071,8 @@ redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, un tt, flags, &rl->rgi, - es); + es, + ctx); /* add new default route (2nd component) */ add_route3(0x80000000, @@ -1068,7 +1081,8 @@ redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, un tt, flags, &rl->rgi, - es); + es, + ctx); } else { @@ -1077,7 +1091,7 @@ redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, un { /* delete default route */ del_route3(0, 0, rl->rgi.gateway.addr, tt, - flags | ROUTE_REF_GW, &rl->rgi, es); + flags | ROUTE_REF_GW, &rl->rgi, es, ctx); } /* add new default route */ @@ -1087,7 +1101,8 @@ redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, un tt, flags, &rl->rgi, - es); + es, + ctx); } } @@ -1098,7 +1113,10 @@ redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, un } static void -undo_redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, unsigned int flags, const struct env_set *es) +undo_redirect_default_route_to_vpn(struct route_list *rl, + const struct tuntap *tt, unsigned int flags, + const struct env_set *es, + openvpn_net_ctx_t *ctx) { if (rl && rl->iflags & RL_DID_REDIRECT_DEFAULT_GATEWAY) { @@ -1111,12 +1129,14 @@ undo_redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *t tt, flags | ROUTE_REF_GW, &rl->rgi, - es); + es, + ctx); rl->iflags &= ~RL_DID_LOCAL; } /* delete special DHCP/DNS bypass route */ - del_bypass_routes(&rl->spec.bypass, rl->rgi.gateway.addr, tt, flags, &rl->rgi, es); + del_bypass_routes(&rl->spec.bypass, rl->rgi.gateway.addr, tt, flags, + &rl->rgi, es, ctx); if (rl->flags & RG_REROUTE_GW) { @@ -1129,7 +1149,8 @@ undo_redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *t tt, flags, &rl->rgi, - es); + es, + ctx); /* delete default route (2nd component) */ del_route3(0x80000000, @@ -1138,7 +1159,8 @@ undo_redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *t tt, flags, &rl->rgi, - es); + es, + ctx); } else { @@ -1149,12 +1171,13 @@ undo_redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *t tt, flags, &rl->rgi, - es); + es, + ctx); /* restore original default route if there was any */ if (rl->rgi.flags & RGI_ADDR_DEFINED) { add_route3(0, 0, rl->rgi.gateway.addr, tt, - flags | ROUTE_REF_GW, &rl->rgi, es); + flags | ROUTE_REF_GW, &rl->rgi, es, ctx); } } } @@ -1164,9 +1187,11 @@ undo_redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *t } void -add_routes(struct route_list *rl, struct route_ipv6_list *rl6, const struct tuntap *tt, unsigned int flags, const struct env_set *es) +add_routes(struct route_list *rl, struct route_ipv6_list *rl6, + const struct tuntap *tt, unsigned int flags, + const struct env_set *es, openvpn_net_ctx_t *ctx) { - redirect_default_route_to_vpn(rl, tt, flags, es); + redirect_default_route_to_vpn(rl, tt, flags, es, ctx); if (rl && !(rl->iflags & RL_ROUTES_ADDED) ) { struct route_ipv4 *r; @@ -1189,9 +1214,9 @@ add_routes(struct route_list *rl, struct route_ipv6_list *rl6, const struct tunt check_subnet_conflict(r->network, r->netmask, "route"); if (flags & ROUTE_DELETE_FIRST) { - delete_route(r, tt, flags, &rl->rgi, es); + delete_route(r, tt, flags, &rl->rgi, es, ctx); } - add_route(r, tt, flags, &rl->rgi, es); + add_route(r, tt, flags, &rl->rgi, es, ctx); } rl->iflags |= RL_ROUTES_ADDED; } @@ -1211,9 +1236,9 @@ add_routes(struct route_list *rl, struct route_ipv6_list *rl6, const struct tunt { if (flags & ROUTE_DELETE_FIRST) { - delete_route_ipv6(r, tt, flags, es); + delete_route_ipv6(r, tt, flags, es, ctx); } - add_route_ipv6(r, tt, flags, es); + add_route_ipv6(r, tt, flags, es, ctx); } rl6->iflags |= RL_ROUTES_ADDED; } @@ -1221,19 +1246,20 @@ add_routes(struct route_list *rl, struct route_ipv6_list *rl6, const struct tunt void delete_routes(struct route_list *rl, struct route_ipv6_list *rl6, - const struct tuntap *tt, unsigned int flags, const struct env_set *es) + const struct tuntap *tt, unsigned int flags, + const struct env_set *es, openvpn_net_ctx_t *ctx) { if (rl && rl->iflags & RL_ROUTES_ADDED) { struct route_ipv4 *r; for (r = rl->routes; r; r = r->next) { - delete_route(r, tt, flags, &rl->rgi, es); + delete_route(r, tt, flags, &rl->rgi, es, ctx); } rl->iflags &= ~RL_ROUTES_ADDED; } - undo_redirect_default_route_to_vpn(rl, tt, flags, es); + undo_redirect_default_route_to_vpn(rl, tt, flags, es, ctx); if (rl) { @@ -1245,7 +1271,7 @@ delete_routes(struct route_list *rl, struct route_ipv6_list *rl6, struct route_ipv6 *r6; for (r6 = rl6->routes_ipv6; r6; r6 = r6->next) { - delete_route_ipv6(r6, tt, flags, es); + delete_route_ipv6(r6, tt, flags, es, ctx); } rl6->iflags &= ~RL_ROUTES_ADDED; } @@ -1525,15 +1551,21 @@ add_route(struct route_ipv4 *r, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, /* may be NULL */ - const struct env_set *es) + const struct env_set *es, + openvpn_net_ctx_t *ctx) { struct gc_arena gc; struct argv argv = argv_new(); +#if !defined(TARGET_LINUX) const char *network; #if !defined(ENABLE_IPROUTE) && !defined(TARGET_AIX) const char *netmask; #endif const char *gateway; +#else + const char *iface; + int metric; +#endif bool status = false; int is_local_route; @@ -1544,11 +1576,13 @@ add_route(struct route_ipv4 *r, gc_init(&gc); +#if !defined(TARGET_LINUX) network = print_in_addr_t(r->network, 0, &gc); #if !defined(ENABLE_IPROUTE) && !defined(TARGET_AIX) netmask = print_in_addr_t(r->netmask, 0, &gc); #endif gateway = print_in_addr_t(r->gateway, 0, &gc); +#endif is_local_route = local_route(r->network, r->netmask, r->gateway, rgi); if (is_local_route == LR_ERROR) @@ -1557,47 +1591,26 @@ add_route(struct route_ipv4 *r, } #if defined(TARGET_LINUX) -#ifdef ENABLE_IPROUTE - argv_printf(&argv, "%s route add %s/%d", - iproute_path, - network, - netmask_to_netbits2(r->netmask)); - - if (r->flags & RT_METRIC_DEFINED) - { - argv_printf_cat(&argv, "metric %d", r->metric); - } - + iface = NULL; if (is_on_link(is_local_route, flags, rgi)) { - argv_printf_cat(&argv, "dev %s", rgi->iface); - } - else - { - argv_printf_cat(&argv, "via %s", gateway); + iface = rgi->iface; } -#else /* ifdef ENABLE_IPROUTE */ - argv_printf(&argv, "%s add -net %s netmask %s", - ROUTE_PATH, - network, - netmask); + + metric = -1; if (r->flags & RT_METRIC_DEFINED) { - argv_printf_cat(&argv, "metric %d", r->metric); + metric = r->metric; } - if (is_on_link(is_local_route, flags, rgi)) - { - argv_printf_cat(&argv, "dev %s", rgi->iface); - } - else + + status = true; + if (net_route_v4_add(ctx, &r->network, netmask_to_netbits2(r->netmask), + &r->gateway, iface, 0, metric) < 0) { - argv_printf_cat(&argv, "gw %s", gateway); + msg(M_WARN, "ERROR: Linux route add command failed"); + status = false; } -#endif /*ENABLE_IPROUTE*/ - argv_msg(D_ROUTE, &argv); - status = openvpn_execve_check(&argv, es, 0, "ERROR: Linux route add command failed"); - #elif defined (TARGET_ANDROID) char out[128]; @@ -1844,7 +1857,9 @@ route_ipv6_clear_host_bits( struct route_ipv6 *r6 ) } void -add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt, unsigned int flags, const struct env_set *es) +add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt, + unsigned int flags, const struct env_set *es, + openvpn_net_ctx_t *ctx) { struct gc_arena gc; struct argv argv = argv_new(); @@ -1853,7 +1868,9 @@ add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt, unsigned int flag const char *gateway; bool status = false; const char *device = tt->actual_name; - +#if defined(TARGET_LINUX) + int metric; +#endif bool gateway_needed = false; if (!(r6->flags & RT_DEFINED) ) @@ -1918,38 +1935,20 @@ add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt, unsigned int flag } #if defined(TARGET_LINUX) -#ifdef ENABLE_IPROUTE - argv_printf(&argv, "%s -6 route add %s/%d dev %s", - iproute_path, - network, - r6->netbits, - device); - if (gateway_needed) - { - argv_printf_cat(&argv, "via %s", gateway); - } - if ( (r6->flags & RT_METRIC_DEFINED) && r6->metric > 0) + metric = -1; + if ((r6->flags & RT_METRIC_DEFINED) && (r6->metric > 0)) { - argv_printf_cat(&argv, " metric %d", r6->metric); + metric = r6->metric; } -#else /* ifdef ENABLE_IPROUTE */ - argv_printf(&argv, "%s -A inet6 add %s/%d dev %s", - ROUTE_PATH, - network, - r6->netbits, - device); - if (gateway_needed) + status = true; + if (net_route_v6_add(ctx, &r6->network, r6->netbits, + gateway_needed ? &r6->gateway : NULL, device, 0, + metric) < 0) { - argv_printf_cat(&argv, "gw %s", gateway); + msg(M_WARN, "ERROR: Linux IPv6 route can't be added"); + status = false; } - if ( (r6->flags & RT_METRIC_DEFINED) && r6->metric > 0) - { - argv_printf_cat(&argv, " metric %d", r6->metric); - } -#endif /*ENABLE_IPROUTE*/ - argv_msg(D_ROUTE, &argv); - status = openvpn_execve_check(&argv, es, 0, "ERROR: Linux route -6/-A inet6 add command failed"); #elif defined (TARGET_ANDROID) char out[64]; @@ -2131,16 +2130,21 @@ delete_route(struct route_ipv4 *r, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, - const struct env_set *es) + const struct env_set *es, + openvpn_net_ctx_t *ctx) { struct gc_arena gc; struct argv argv = argv_new(); +#if !defined(TARGET_LINUX) const char *network; #if !defined(ENABLE_IPROUTE) && !defined(TARGET_AIX) const char *netmask; #endif #if !defined(TARGET_LINUX) && !defined(TARGET_ANDROID) const char *gateway; +#endif +#else + int metric; #endif int is_local_route; @@ -2151,12 +2155,14 @@ delete_route(struct route_ipv4 *r, gc_init(&gc); +#if !defined(TARGET_LINUX) network = print_in_addr_t(r->network, 0, &gc); #if !defined(ENABLE_IPROUTE) && !defined(TARGET_AIX) netmask = print_in_addr_t(r->netmask, 0, &gc); #endif #if !defined(TARGET_LINUX) && !defined(TARGET_ANDROID) gateway = print_in_addr_t(r->gateway, 0, &gc); +#endif #endif is_local_route = local_route(r->network, r->netmask, r->gateway, rgi); @@ -2166,24 +2172,17 @@ delete_route(struct route_ipv4 *r, } #if defined(TARGET_LINUX) -#ifdef ENABLE_IPROUTE - argv_printf(&argv, "%s route del %s/%d", - iproute_path, - network, - netmask_to_netbits2(r->netmask)); -#else - argv_printf(&argv, "%s del -net %s netmask %s", - ROUTE_PATH, - network, - netmask); -#endif /*ENABLE_IPROUTE*/ + metric = -1; if (r->flags & RT_METRIC_DEFINED) { - argv_printf_cat(&argv, "metric %d", r->metric); + metric = r->metric; } - argv_msg(D_ROUTE, &argv); - openvpn_execve_check(&argv, es, 0, "ERROR: Linux route delete command failed"); + if (net_route_v4_del(ctx, &r->network, netmask_to_netbits2(r->netmask), + &r->gateway, NULL, 0, metric) < 0) + { + msg(M_WARN, "ERROR: Linux route delete command failed"); + } #elif defined (_WIN32) argv_printf(&argv, "%s%sc DELETE %s MASK %s %s", @@ -2319,12 +2318,18 @@ done: } void -delete_route_ipv6(const struct route_ipv6 *r6, const struct tuntap *tt, unsigned int flags, const struct env_set *es) +delete_route_ipv6(const struct route_ipv6 *r6, const struct tuntap *tt, + unsigned int flags, const struct env_set *es, + openvpn_net_ctx_t *ctx) { struct gc_arena gc; struct argv argv = argv_new(); const char *network; +#if !defined(TARGET_LINUX) const char *gateway; +#else + int metric; +#endif const char *device = tt->actual_name; bool gateway_needed = false; @@ -2344,7 +2349,9 @@ delete_route_ipv6(const struct route_ipv6 *r6, const struct tuntap *tt, unsigned gc_init(&gc); network = print_in6_addr( r6->network, 0, &gc); +#if !defined(TARGET_LINUX) gateway = print_in6_addr( r6->gateway, 0, &gc); +#endif #if defined(TARGET_DARWIN) \ || defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \ @@ -2375,35 +2382,19 @@ delete_route_ipv6(const struct route_ipv6 *r6, const struct tuntap *tt, unsigned gateway_needed = true; } - #if defined(TARGET_LINUX) -#ifdef ENABLE_IPROUTE - argv_printf(&argv, "%s -6 route del %s/%d dev %s", - iproute_path, - network, - r6->netbits, - device); - if (gateway_needed) + metric = -1; + if ((r6->flags & RT_METRIC_DEFINED) && (r6->metric > 0)) { - argv_printf_cat(&argv, "via %s", gateway); + metric = r6->metric; } -#else /* ifdef ENABLE_IPROUTE */ - argv_printf(&argv, "%s -A inet6 del %s/%d dev %s", - ROUTE_PATH, - network, - r6->netbits, - device); - if (gateway_needed) - { - argv_printf_cat(&argv, "gw %s", gateway); - } - if ( (r6->flags & RT_METRIC_DEFINED) && r6->metric > 0) + + if (net_route_v6_del(ctx, &r6->network, r6->netbits, + gateway_needed ? &r6->gateway : NULL, device, 0, + metric) < 0) { - argv_printf_cat(&argv, " metric %d", r6->metric); + msg(M_WARN, "ERROR: Linux route v6 delete command failed"); } -#endif /*ENABLE_IPROUTE*/ - argv_msg(D_ROUTE, &argv); - openvpn_execve_check(&argv, es, 0, "ERROR: Linux route -6/-A inet6 del command failed"); #elif defined (_WIN32) @@ -2715,7 +2706,7 @@ get_default_gateway_row(const MIB_IPFORWARDTABLE *routes) } void -get_default_gateway(struct route_gateway_info *rgi) +get_default_gateway(struct route_gateway_info *rgi, openvpn_net_ctx_t *ctx) { struct gc_arena gc = gc_new(); @@ -2802,7 +2793,7 @@ windows_route_find_if_index(const struct route_ipv4 *r, const struct tuntap *tt) */ void get_default_gateway_ipv6(struct route_ipv6_gateway_info *rgi6, - const struct in6_addr *dest) + const struct in6_addr *dest, openvpn_net_ctx_t *ctx) { struct gc_arena gc = gc_new(); MIB_IPFORWARD_ROW2 BestRoute; @@ -3163,72 +3154,23 @@ show_routes(int msglev) #elif defined(TARGET_LINUX) || defined(TARGET_ANDROID) void -get_default_gateway(struct route_gateway_info *rgi) +get_default_gateway(struct route_gateway_info *rgi, openvpn_net_ctx_t *ctx) { struct gc_arena gc = gc_new(); int sd = -1; - char best_name[16]; - best_name[0] = 0; + char best_name[IFNAMSIZ]; CLEAR(*rgi); + CLEAR(best_name); #ifndef TARGET_ANDROID /* get default gateway IP addr */ + if (net_route_v4_best_gw(ctx, NULL, 0, &rgi->gateway.addr, best_name) == 0) { - FILE *fp = fopen("/proc/net/route", "r"); - if (fp) + rgi->flags |= RGI_ADDR_DEFINED; + if (!rgi->gateway.addr && best_name[0]) { - char line[256]; - int count = 0; - unsigned int lowest_metric = UINT_MAX; - in_addr_t best_gw = 0; - bool found = false; - while (fgets(line, sizeof(line), fp) != NULL) - { - if (count) - { - unsigned int net_x = 0; - unsigned int mask_x = 0; - unsigned int gw_x = 0; - unsigned int metric = 0; - unsigned int flags = 0; - char name[16]; - name[0] = 0; - const int np = sscanf(line, "%15s\t%x\t%x\t%x\t%*s\t%*s\t%d\t%x", - name, - &net_x, - &gw_x, - &flags, - &metric, - &mask_x); - if (np == 6 && (flags & IFF_UP)) - { - const in_addr_t net = ntohl(net_x); - const in_addr_t mask = ntohl(mask_x); - const in_addr_t gw = ntohl(gw_x); - - if (!net && !mask && metric < lowest_metric) - { - found = true; - best_gw = gw; - strcpy(best_name, name); - lowest_metric = metric; - } - } - } - ++count; - } - fclose(fp); - - if (found) - { - rgi->gateway.addr = best_gw; - rgi->flags |= RGI_ADDR_DEFINED; - if (!rgi->gateway.addr && best_name[0]) - { - rgi->flags |= RGI_ON_LINK; - } - } + rgi->flags |= RGI_ON_LINK; } } #else /* ifndef TARGET_ANDROID */ @@ -3590,7 +3532,7 @@ struct rtmsg { #define max(a,b) ((a) > (b) ? (a) : (b)) void -get_default_gateway(struct route_gateway_info *rgi) +get_default_gateway(struct route_gateway_info *rgi, openvpn_net_ctx_t *ctx) { struct gc_arena gc = gc_new(); struct rtmsg m_rtmsg; @@ -3990,7 +3932,7 @@ done: * may be disabled by missing items. */ void -get_default_gateway(struct route_gateway_info *rgi) +get_default_gateway(struct route_gateway_info *rgi, openvpn_net_ctx_t *ctx) { CLEAR(*rgi); } diff --git a/src/openvpn/route.h b/src/openvpn/route.h index 69420228..e552e6ec 100644 --- a/src/openvpn/route.h +++ b/src/openvpn/route.h @@ -256,15 +256,16 @@ void copy_route_ipv6_option_list(struct route_ipv6_option_list *dest, void route_ipv6_clear_host_bits( struct route_ipv6 *r6 ); -void add_route_ipv6(struct route_ipv6 *r, const struct tuntap *tt, unsigned int flags, const struct env_set *es); +void add_route_ipv6(struct route_ipv6 *r, const struct tuntap *tt, unsigned int flags, const struct env_set *es, openvpn_net_ctx_t *ctx); -void delete_route_ipv6(const struct route_ipv6 *r, const struct tuntap *tt, unsigned int flags, const struct env_set *es); +void delete_route_ipv6(const struct route_ipv6 *r, const struct tuntap *tt, unsigned int flags, const struct env_set *es, openvpn_net_ctx_t *ctx); void add_route(struct route_ipv4 *r, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, - const struct env_set *es); + const struct env_set *es, + openvpn_net_ctx_t *ctx); void add_route_to_option_list(struct route_option_list *l, const char *network, @@ -282,7 +283,8 @@ bool init_route_list(struct route_list *rl, const char *remote_endpoint, int default_metric, in_addr_t remote_host, - struct env_set *es); + struct env_set *es, + openvpn_net_ctx_t *ctx); bool init_route_ipv6_list(struct route_ipv6_list *rl6, const struct route_ipv6_option_list *opt6, @@ -299,13 +301,15 @@ void add_routes(struct route_list *rl, struct route_ipv6_list *rl6, const struct tuntap *tt, unsigned int flags, - const struct env_set *es); + const struct env_set *es, + openvpn_net_ctx_t *ctx); void delete_routes(struct route_list *rl, struct route_ipv6_list *rl6, const struct tuntap *tt, unsigned int flags, - const struct env_set *es); + const struct env_set *es, + openvpn_net_ctx_t *ctx); void setenv_routes(struct env_set *es, const struct route_list *rl); @@ -315,7 +319,8 @@ void setenv_routes_ipv6(struct env_set *es, const struct route_ipv6_list *rl6); bool is_special_addr(const char *addr_str); -void get_default_gateway(struct route_gateway_info *rgi); +void get_default_gateway(struct route_gateway_info *rgi, + openvpn_net_ctx_t *ctx); void get_default_gateway_ipv6(struct route_ipv6_gateway_info *rgi, const struct in6_addr *dest); diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 4ec85f50..e763133a 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -2282,7 +2282,7 @@ push_peer_info(struct buffer *buf, struct tls_session *session) { /* push mac addr */ struct route_gateway_info rgi; - get_default_gateway(&rgi); + get_default_gateway(&rgi, session->opt->net_ctx); if (rgi.flags & RGI_HWADDR_DEFINED) { buf_printf(&out, "IV_HWADDR=%s\n", format_hex_ex(rgi.hwaddr, 6, 0, 1, ":", &gc)); diff --git a/src/openvpn/ssl_common.h b/src/openvpn/ssl_common.h index 919ec57c..a9747d38 100644 --- a/src/openvpn/ssl_common.h +++ b/src/openvpn/ssl_common.h @@ -306,6 +306,7 @@ struct tls_options /* instance-wide environment variable set */ struct env_set *es; + openvpn_net_ctx_t *net_ctx; const struct plugin_list *plugins; /* compression parms */ diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index 002c3e6c..fb9fbdc6 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -453,13 +453,13 @@ check_subnet_conflict(const in_addr_t ip, } void -warn_on_use_of_common_subnets(void) +warn_on_use_of_common_subnets(openvpn_net_ctx_t *ctx) { struct gc_arena gc = gc_new(); struct route_gateway_info rgi; const int needed = (RGI_ADDR_DEFINED|RGI_NETMASK_DEFINED); - get_default_gateway(&rgi); + get_default_gateway(&rgi, ctx); if ((rgi.flags & needed) == needed) { const in_addr_t lan_network = rgi.gateway.addr & rgi.gateway.netmask; @@ -818,7 +818,7 @@ add_route_connected_v6_net(struct tuntap *tt, r6.gateway = tt->local_ipv6; r6.metric = 0; /* connected route */ r6.flags = RT_DEFINED | RT_METRIC_DEFINED; - add_route_ipv6(&r6, tt, 0, es); + add_route_ipv6(&r6, tt, 0, es, NULL); } void @@ -834,7 +834,7 @@ delete_route_connected_v6_net(struct tuntap *tt, r6.metric = 0; /* connected route */ r6.flags = RT_DEFINED | RT_ADDED | RT_METRIC_DEFINED; route_ipv6_clear_host_bits(&r6); - delete_route_ipv6(&r6, tt, 0, es); + delete_route_ipv6(&r6, tt, 0, es, NULL); } #endif /* if defined(_WIN32) || defined(TARGET_DARWIN) || defined(TARGET_NETBSD) || defined(TARGET_OPENBSD) */ @@ -1170,7 +1170,7 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, int tun_mtu, r.netmask = tt->remote_netmask; r.gateway = tt->local; r.metric = 0; - add_route(&r, tt, 0, NULL, es); + add_route(&r, tt, 0, NULL, es, NULL); } #elif defined(TARGET_OPENBSD) @@ -1217,7 +1217,7 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, int tun_mtu, r.network = tt->local & tt->remote_netmask; r.netmask = tt->remote_netmask; r.gateway = remote_end; - add_route(&r, tt, 0, NULL, es); + add_route(&r, tt, 0, NULL, es, NULL); } #elif defined(TARGET_NETBSD) @@ -1259,7 +1259,7 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, int tun_mtu, r.network = tt->local & tt->remote_netmask; r.netmask = tt->remote_netmask; r.gateway = remote_end; - add_route(&r, tt, 0, NULL, es); + add_route(&r, tt, 0, NULL, es, NULL); } #elif defined(TARGET_DARWIN) @@ -1309,7 +1309,7 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, int tun_mtu, r.network = tt->local & tt->remote_netmask; r.netmask = tt->remote_netmask; r.gateway = tt->local; - add_route(&r, tt, 0, NULL, es); + add_route(&r, tt, 0, NULL, es, NULL); } #elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) @@ -1348,7 +1348,7 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, int tun_mtu, r.network = tt->local & tt->remote_netmask; r.netmask = tt->remote_netmask; r.gateway = remote_end; - add_route(&r, tt, 0, NULL, es); + add_route(&r, tt, 0, NULL, es, NULL); } #elif defined(TARGET_AIX) diff --git a/src/openvpn/tun.h b/src/openvpn/tun.h index a68ecaa9..24c2ae58 100644 --- a/src/openvpn/tun.h +++ b/src/openvpn/tun.h @@ -275,7 +275,7 @@ void check_subnet_conflict(const in_addr_t ip, const in_addr_t netmask, const char *prefix); -void warn_on_use_of_common_subnets(void); +void warn_on_use_of_common_subnets(openvpn_net_ctx_t *ctx); /* * Inline functions From patchwork Thu Oct 11 07:41:59 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 552 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director10.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id uPN4Kzqav1sKMAAAIUCqbw for ; Thu, 11 Oct 2018 14:45:14 -0400 Received: from proxy4.mail.ord1d.rsapps.net ([172.30.191.6]) by director10.mail.ord1d.rsapps.net with LMTP id gBp7Kzqav1tIFAAApN4f7A ; Thu, 11 Oct 2018 14:45:14 -0400 Received: from smtp18.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy4.mail.ord1d.rsapps.net with LMTP id UPtCKzqav1tWaAAAiYrejw ; Thu, 11 Oct 2018 14:45:14 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp18.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: c9c7e320-cd85-11e8-8fd3-5254005167a7-1-1 Received: from [216.105.38.7] ([216.105.38.7:28621] helo=lists.sourceforge.net) by smtp18.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id EC/E7-17073-93A9FBB5; Thu, 11 Oct 2018 14:45:14 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1gAfwY-00086R-FK; Thu, 11 Oct 2018 18:44:18 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1gAfwX-00086B-7M for openvpn-devel@lists.sourceforge.net; Thu, 11 Oct 2018 18:44:17 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=gzSeFrhMBQ7rMEHbwzZkNDZGkKpAPIvrybRmv6fG1f8=; b=U4or6eIVibWSoNrfHvWgxZVfRR 1QesCT4c055IxYRmwo2ihMs/BLvPeI3iNUU7KNDG5OHY0Q3lJUhdUqlMW0dlIFY0xPbdobmZzgGlA s9DaLy3JVrfCXdId+prtnhqiJA1QZVF3gYm0ZftLrQ//PuTPp3nDOPSBUHiIrNVs9MOc=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=gzSeFrhMBQ7rMEHbwzZkNDZGkKpAPIvrybRmv6fG1f8=; b=XRsj79zFDD8JNyHkIqF+mkHxLv Xne/DTOVeRgYhafIrbYEyfG1KPNsggKZWfkuCvbgIp+GuHt12CCxFPx59xxU0G87HkOm0G9TRr+X4 POq4NPambeOzSv6Y43aI44q1ig7GzkxpXlVfryDOhNTYbWrfZVOpmv8pYUPx3KcGNQNM=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) id 1gAfwV-006C3o-GE for openvpn-devel@lists.sourceforge.net; Thu, 11 Oct 2018 18:44:17 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Fri, 12 Oct 2018 02:41:59 +0800 Message-Id: <20181011184200.22175-7-a@unstable.cc> In-Reply-To: <20181011184200.22175-1-a@unstable.cc> References: <20181011184200.22175-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [5.148.176.60 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1gAfwV-006C3o-GE Subject: [Openvpn-devel] [PATCH v2 6/7] route.c: use sitnl to implement get_default_gateway_ipv6() X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox get_default_gateway_ipv6() has always been implemented using netlink, however, now that we have sitnl, we can re-use the latter and get rid of the netlink code from route.c. Signed-off-by: Antonio Quartulli --- src/openvpn/init.c | 9 +- src/openvpn/networking_ip.c | 2 +- src/openvpn/options.c | 2 +- src/openvpn/route.c | 161 ++++-------------------------------- src/openvpn/route.h | 7 +- 5 files changed, 30 insertions(+), 151 deletions(-) diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 79541cc8..f287769a 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -1439,7 +1439,8 @@ static void do_init_route_ipv6_list(const struct options *options, struct route_ipv6_list *route_ipv6_list, const struct link_socket_info *link_socket_info, - struct env_set *es) + struct env_set *es, + openvpn_net_ctx_t *ctx) { const char *gw = NULL; int metric = -1; /* no metric set */ @@ -1477,7 +1478,8 @@ do_init_route_ipv6_list(const struct options *options, gw, metric, link_socket_current_remote_ipv6(link_socket_info), - es)) + es, + ctx)) { /* copy routes to environment */ setenv_routes_ipv6(es, route_ipv6_list); @@ -1737,7 +1739,8 @@ do_open_tun(struct context *c) if (c->options.routes_ipv6 && c->c1.route_ipv6_list) { do_init_route_ipv6_list(&c->options, c->c1.route_ipv6_list, - &c->c2.link_socket->info, c->c2.es); + &c->c2.link_socket->info, c->c2.es, + &c->net_ctx); } /* do ifconfig */ diff --git a/src/openvpn/networking_ip.c b/src/openvpn/networking_ip.c index 918d62ef..a5824306 100644 --- a/src/openvpn/networking_ip.c +++ b/src/openvpn/networking_ip.c @@ -375,7 +375,7 @@ net_route_v4_best_gw(openvpn_net_ctx_t *ctx, const in_addr_t *dst, /* * The following function is not implemented in the iproute backend as it - * already uses netlink in route.c. + * uses the sitnl implementation from networking_sitnl.c. * * int * net_route_v6_best_gw(const struct in6_addr *dst, int prefixlen, diff --git a/src/openvpn/options.c b/src/openvpn/options.c index df927056..9e5f3eae 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -5036,7 +5036,7 @@ add_option(struct options *options, } net_ctx_init(NULL, &net_ctx); get_default_gateway(&rgi, &net_ctx); - get_default_gateway_ipv6(&rgi6, &remote); + get_default_gateway_ipv6(&rgi6, &remote, &net_ctx); print_default_gateway(M_INFO, &rgi, &rgi6); openvpn_exit(OPENVPN_EXIT_STATUS_GOOD); /* exit point */ } diff --git a/src/openvpn/route.c b/src/openvpn/route.c index fd6274da..8c9254a8 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -770,7 +770,8 @@ init_route_ipv6_list(struct route_ipv6_list *rl6, const char *remote_endpoint, int default_metric, const struct in6_addr *remote_host_ipv6, - struct env_set *es) + struct env_set *es, + openvpn_net_ctx_t *ctx) { struct gc_arena gc = gc_new(); bool ret = true; @@ -795,7 +796,7 @@ init_route_ipv6_list(struct route_ipv6_list *rl6, msg(D_ROUTE, "GDG6: remote_host_ipv6=%s", remote_host_ipv6 ? print_in6_addr(*remote_host_ipv6, 0, &gc) : "n/a" ); - get_default_gateway_ipv6(&rl6->rgi6, remote_host_ipv6); + get_default_gateway_ipv6(&rl6->rgi6, remote_host_ipv6, ctx); if (rl6->rgi6.flags & RGI_ADDR_DEFINED) { setenv_str(es, "net_gateway_ipv6", print_in6_addr(rl6->rgi6.gateway.addr_ipv6, 0, &gc)); @@ -3317,152 +3318,30 @@ struct rtreq { void get_default_gateway_ipv6(struct route_ipv6_gateway_info *rgi6, - const struct in6_addr *dest) + const struct in6_addr *dest, openvpn_net_ctx_t *ctx) { - int nls = -1; - struct rtreq rtreq; - struct rtattr *rta; - - char rtbuf[2000]; - ssize_t ssize; - - CLEAR(*rgi6); - - nls = socket( PF_NETLINK, SOCK_RAW, NETLINK_ROUTE ); - if (nls < 0) - { - msg(M_WARN|M_ERRNO, "GDG6: socket() failed" ); goto done; - } - - /* bind() is not needed, no unsolicited msgs coming in */ - - /* request best matching route, see netlink(7) for explanations - */ - CLEAR(rtreq); - rtreq.nh.nlmsg_type = RTM_GETROUTE; - rtreq.nh.nlmsg_flags = NLM_F_REQUEST; /* best match only */ - rtreq.rtm.rtm_family = AF_INET6; - rtreq.rtm.rtm_src_len = 0; /* not source dependent */ - rtreq.rtm.rtm_dst_len = 128; /* exact dst */ - rtreq.rtm.rtm_table = RT_TABLE_MAIN; - rtreq.rtm.rtm_protocol = RTPROT_UNSPEC; - rtreq.nh.nlmsg_len = NLMSG_SPACE(sizeof(rtreq.rtm)); - - /* set RTA_DST for target IPv6 address we want */ - rta = (struct rtattr *)(((char *) &rtreq)+NLMSG_ALIGN(rtreq.nh.nlmsg_len)); - rta->rta_type = RTA_DST; - rta->rta_len = RTA_LENGTH(16); - rtreq.nh.nlmsg_len = NLMSG_ALIGN(rtreq.nh.nlmsg_len) - +RTA_LENGTH(16); - - if (dest == NULL) /* ::, unspecified */ - { - memset( RTA_DATA(rta), 0, 16 ); /* :: = all-zero */ - } - else - { - memcpy( RTA_DATA(rta), (void *)dest, 16 ); - } + struct in_addr gw; + int flags; - /* send and receive reply */ - if (send( nls, &rtreq, rtreq.nh.nlmsg_len, 0 ) < 0) - { - msg(M_WARN|M_ERRNO, "GDG6: send() failed" ); goto done; - } - - ssize = recv(nls, rtbuf, sizeof(rtbuf), MSG_TRUNC); - - if (ssize < 0) - { - msg(M_WARN|M_ERRNO, "GDG6: recv() failed" ); goto done; - } - - if (ssize > sizeof(rtbuf)) - { - msg(M_WARN, "get_default_gateway_ipv6: returned message too big for buffer (%d>%d)", (int)ssize, (int)sizeof(rtbuf) ); - goto done; - } - - struct nlmsghdr *nh; + CLEAR(gw); - for (nh = (struct nlmsghdr *)rtbuf; - NLMSG_OK(nh, ssize); - nh = NLMSG_NEXT(nh, ssize)) + if (net_route_v6_best_gw(ctx, dest, 128, &rgi6->gateway.addr_ipv6, + rgi6->iface) == 0) { - struct rtmsg *rtm; - int attrlen; - - if (nh->nlmsg_type == NLMSG_DONE) + if (rgi6->gateway.addr_ipv6.s6_addr) { - break; + rgi6->flags |= RGI_ADDR_DEFINED; } - if (nh->nlmsg_type == NLMSG_ERROR) + if (rgi6->iface) { - struct nlmsgerr *ne = (struct nlmsgerr *)NLMSG_DATA(nh); - - /* since linux-4.11 -ENETUNREACH is returned when no route can be - * found. Don't print any error message in this case */ - if (ne->error != -ENETUNREACH) - { - msg(M_WARN, "GDG6: NLMSG_ERROR: error %s\n", - strerror(-ne->error)); - } - break; - } - - if (nh->nlmsg_type != RTM_NEWROUTE) - { - /* shouldn't happen */ - msg(M_WARN, "GDG6: unexpected msg_type %d", nh->nlmsg_type ); - continue; - } - - rtm = (struct rtmsg *)NLMSG_DATA(nh); - attrlen = RTM_PAYLOAD(nh); - - /* we're only looking for routes in the main table, as "we have - * no IPv6" will lead to a lookup result in "Local" (::/0 reject) - */ - if (rtm->rtm_family != AF_INET6 - || rtm->rtm_table != RT_TABLE_MAIN) - { - continue; - } /* we're not interested */ - - for (rta = RTM_RTA(rtm); - RTA_OK(rta, attrlen); - rta = RTA_NEXT(rta, attrlen)) - { - if (rta->rta_type == RTA_GATEWAY) - { - if (RTA_PAYLOAD(rta) != sizeof(struct in6_addr) ) - { - msg(M_WARN, "GDG6: RTA_GW size mismatch"); continue; - } - rgi6->gateway.addr_ipv6 = *(struct in6_addr *) RTA_DATA(rta); - rgi6->flags |= RGI_ADDR_DEFINED; - } - else if (rta->rta_type == RTA_OIF) - { - char ifname[IF_NAMESIZE+1]; - int oif; - if (RTA_PAYLOAD(rta) != sizeof(oif) ) - { - msg(M_WARN, "GDG6: oif size mismatch"); continue; - } - - memcpy(&oif, RTA_DATA(rta), sizeof(oif)); - if_indextoname(oif,ifname); - strncpy( rgi6->iface, ifname, sizeof(rgi6->iface)-1 ); - rgi6->flags |= RGI_IFACE_DEFINED; - } + rgi6->flags |= RGI_IFACE_DEFINED; } } /* if we have an interface but no gateway, the destination is on-link */ - if ( ( rgi6->flags & (RGI_IFACE_DEFINED|RGI_ADDR_DEFINED) ) == - RGI_IFACE_DEFINED) + flags = rgi6->flags & (RGI_IFACE_DEFINED | RGI_ADDR_DEFINED); + if (flags == RGI_IFACE_DEFINED) { rgi6->flags |= (RGI_ADDR_DEFINED | RGI_ON_LINK); if (dest) @@ -3470,12 +3349,6 @@ get_default_gateway_ipv6(struct route_ipv6_gateway_info *rgi6, rgi6->gateway.addr_ipv6 = *dest; } } - -done: - if (nls >= 0) - { - close(nls); - } } #elif defined(TARGET_DARWIN) || defined(TARGET_SOLARIS) \ @@ -3752,7 +3625,7 @@ done: void get_default_gateway_ipv6(struct route_ipv6_gateway_info *rgi6, - const struct in6_addr *dest) + const struct in6_addr *dest, openvpn_net_ctx_t *ctx) { struct rtmsg m_rtmsg; @@ -3938,7 +3811,7 @@ get_default_gateway(struct route_gateway_info *rgi, openvpn_net_ctx_t *ctx) } void get_default_gateway_ipv6(struct route_ipv6_gateway_info *rgi6, - const struct in6_addr *dest) + const struct in6_addr *dest, openvpn_net_ctx_t *ctx) { msg(D_ROUTE, "no support for get_default_gateway_ipv6() on this system"); CLEAR(*rgi6); diff --git a/src/openvpn/route.h b/src/openvpn/route.h index e552e6ec..31d38e36 100644 --- a/src/openvpn/route.h +++ b/src/openvpn/route.h @@ -31,6 +31,7 @@ #include "basic.h" #include "tun.h" #include "misc.h" +#include "networking.h" #ifdef _WIN32 /* @@ -291,7 +292,8 @@ bool init_route_ipv6_list(struct route_ipv6_list *rl6, const char *remote_endpoint, int default_metric, const struct in6_addr *remote_host, - struct env_set *es); + struct env_set *es, + openvpn_net_ctx_t *ctx); void route_list_add_vpn_gateway(struct route_list *rl, struct env_set *es, @@ -323,7 +325,8 @@ void get_default_gateway(struct route_gateway_info *rgi, openvpn_net_ctx_t *ctx); void get_default_gateway_ipv6(struct route_ipv6_gateway_info *rgi, - const struct in6_addr *dest); + const struct in6_addr *dest, + openvpn_net_ctx_t *ctx); void print_default_gateway(const int msglevel, const struct route_gateway_info *rgi, From patchwork Thu Oct 11 07:42:00 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 550 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director12.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id UCmnIC2av1vfFAAAIUCqbw for ; Thu, 11 Oct 2018 14:45:01 -0400 Received: from proxy2.mail.ord1d.rsapps.net ([172.30.191.6]) by director12.mail.ord1d.rsapps.net with LMTP id qB9FIC2av1uEFwAAIasKDg ; Thu, 11 Oct 2018 14:45:01 -0400 Received: from smtp13.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy2.mail.ord1d.rsapps.net with LMTP id eBXLHy2av1sNIwAAfawv4w ; Thu, 11 Oct 2018 14:45:01 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp13.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: c1f1f26c-cd85-11e8-bc05-525400b197d9-1-1 Received: from [216.105.38.7] ([216.105.38.7:62528] helo=lists.sourceforge.net) by smtp13.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 0F/D7-21675-C2A9FBB5; Thu, 11 Oct 2018 14:45:00 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1gAfwb-00087Q-Lp; Thu, 11 Oct 2018 18:44:21 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1gAfwb-00087I-2I for openvpn-devel@lists.sourceforge.net; Thu, 11 Oct 2018 18:44:21 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=q7GlBfaxvCaeaIu0X+zJ1XwMmFCkGgvW5xEsWn/uAuc=; b=kQGK8L5yl/JAHG4yw0jLXN9Gs2 kN7+UHK32xJrX1Ra3Qjm+1NI9Uca+/KHrCMge6DRaS4ZD7hwpa2e/d7z5s+nXFbOzbUAfc8ioD1nb AQaCIYG3ONwbYHr1Mw1ju5AtadE4f9lQQWwzHhh81DNmOuZtCMHRmKzqKBFwIYi9SFS4=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=q7GlBfaxvCaeaIu0X+zJ1XwMmFCkGgvW5xEsWn/uAuc=; b=MkSeIOxy8CsB/0HX6JGk7M+KkI C4yf+HaO2fRwE0yShWhX0l3FTW+WiyDEVEcvfHwBZLsolwVDcExtXmHZQWJpUur2nqXM+UNvFIR/O 68s82PmClny3lwJhDvXN8TIogTDARZ9n9Jx0KuFX/us/bLmf2P6+t7Sqe8jKMXegZh78=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-3.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) id 1gAfwY-00GvYG-Su for openvpn-devel@lists.sourceforge.net; Thu, 11 Oct 2018 18:44:21 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Fri, 12 Oct 2018 02:42:00 +0800 Message-Id: <20181011184200.22175-8-a@unstable.cc> In-Reply-To: <20181011184200.22175-1-a@unstable.cc> References: <20181011184200.22175-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [5.148.176.60 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1gAfwY-00GvYG-Su Subject: [Openvpn-devel] [PATCH v2 7/7] unit tests: implement test for sitnl X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This patch introduces a new unit test that is not executed by the cmocka framework, but rather used by a new t_net.sh bash script. The idea behind this test is to ensure that invoking sitnl functions or running iproute commands leads to the same networking (interface and routing table) state. To achieve this, the t_net.sh script first runs a binary implemented invoking sitnl functions and then takes a "screenshot" of the state. Subsequently a series of iproute commands, expected to mimic exactly the same behaviour as the sitnl functions invoked before, are executed. The final state is then compared with the screenshot previously taken. If no mismatching is found, the test is passed. The current unit_test, however, does not cover all the sitnl functionalities and it is expected to be extended in the future. Signed-off-by: Antonio Quartulli --- configure.ac | 2 + tests/Makefile.am | 3 +- tests/t_net.sh | 180 ++++++++++++++++ tests/unit_tests/openvpn/Makefile.am | 28 ++- tests/unit_tests/openvpn/test_networking.c | 229 +++++++++++++++++++++ 5 files changed, 437 insertions(+), 5 deletions(-) create mode 100755 tests/t_net.sh create mode 100644 tests/unit_tests/openvpn/test_networking.c diff --git a/configure.ac b/configure.ac index 2a51ad46..90666f04 100644 --- a/configure.ac +++ b/configure.ac @@ -294,9 +294,11 @@ else fi AC_DEFINE_UNQUOTED([TARGET_ALIAS], ["${host}"], [A string representing our host]) +AM_CONDITIONAL([TARGET_LINUX], [false]) case "$host" in *-*-linux*) AC_DEFINE([TARGET_LINUX], [1], [Are we running on Linux?]) + AM_CONDITIONAL([TARGET_LINUX], [true]) AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["L"], [Target prefix]) have_sitnl="yes" ;; diff --git a/tests/Makefile.am b/tests/Makefile.am index e6803864..67acf7e3 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -14,7 +14,8 @@ MAINTAINERCLEANFILES = \ SUBDIRS = unit_tests -test_scripts = t_client.sh +test_scripts = t_net.sh +test_scripts += t_client.sh test_scripts += t_lpback.sh t_cltsrv.sh TESTS_ENVIRONMENT = top_srcdir="$(top_srcdir)" diff --git a/tests/t_net.sh b/tests/t_net.sh new file mode 100755 index 00000000..0be5bb42 --- /dev/null +++ b/tests/t_net.sh @@ -0,0 +1,180 @@ +#!/bin/sh + +IFACE="dummy0" +UNIT_TEST="./unit_tests/openvpn/networking_testdriver" +MAX_TEST=${1:-7} + +KILL_EXEC=`which kill` +CC=${CC:-gcc} + +srcdir="${srcdir:-.}" +top_builddir="${top_builddir:-..}" +openvpn="${top_builddir}/src/openvpn/openvpn" + + +# bail out right away on non-linux. NetLink (the object of this test) is only +# used on Linux, therefore testing other platform is not needed. +# +# Note: statements in the rest of the script may not even pass syntax check on +# solaris/bsd. It uses /bin/bash +if [ "$(uname -s)" != "Linux" ]; then + echo "$0: this test runs only on Linux. SKIPPING TEST." + exit 77 +fi + +# Commands used to retrieve the network state. +# State is retrieved after running sitnl and after running +# iproute commands. The two are then compared and expected to be equal. +typeset -a GET_STATE +GET_STATE[0]="ip link show dev $IFACE | sed 's/^[0-9]\+: //'" +GET_STATE[1]="ip addr show dev $IFACE | sed 's/^[0-9]\+: //'" +GET_STATE[2]="ip route show dev $IFACE" +GET_STATE[3]="ip -6 route show dev $IFACE" + +LAST_STATE=$((${#GET_STATE[@]} - 1)) + +reload_dummy() +{ + $RUN_SUDO $openvpn --dev $IFACE --dev-type tun --rmtun >/dev/null + $RUN_SUDO $openvpn --dev $IFACE --dev-type tun --mktun >/dev/null + if [ $? -ne 0 ]; then + echo "can't create interface $IFACE" + exit 1 + fi + + #ip link set dev $IFACE address 00:11:22:33:44:55 +} + +run_test() +{ + # run all test cases from 0 to $1 in sequence + CMD= + for k in $(seq 0 $1); do + # the unit-test prints to stdout the iproute command corresponding + # to the sitnl operation being executed. + # Format is "CMD: " + OUT=$($RUN_SUDO $UNIT_TEST $k $IFACE) + # ensure unit test worked properly + if [ $? -ne 0 ]; then + echo "unit-test $k errored out:" + echo "$OUT" + exit 1 + fi + + NEW=$(echo "$OUT" | sed -n 's/CMD: //p') + CMD="$CMD $RUN_SUDO $NEW ;" + done + + # collect state for later comparison + for k in $(seq 0 $LAST_STATE); do + STATE_TEST[$k]="$(eval ${GET_STATE[$k]})" + done +} + + +## execution starts here + +if [ -r "${top_builddir}"/t_client.rc ]; then + . "${top_builddir}"/t_client.rc +elif [ -r "${srcdir}"/t_client.rc ]; then + . "${srcdir}"/t_client.rc +else + echo "$0: cannot find 't_client.rc' in build dir ('${top_builddir}')" >&2 + echo "$0: or source directory ('${srcdir}'). SKIPPING TEST." >&2 + exit 77 +fi + +if [ ! -x "$openvpn" ]; then + echo "no (executable) openvpn binary in current build tree. FAIL." >&2 + exit 1 +fi + +if [ ! -x "$UNIT_TEST" ]; then + echo "no test_networking driver available. SKIPPING TEST." >&2 + exit 77 +fi + + +# Ensure PREFER_KSU is in a known state +PREFER_KSU="${PREFER_KSU:-0}" + +# make sure we have permissions to run ifconfig/route from OpenVPN +# can't use "id -u" here - doesn't work on Solaris +ID=`id` +if expr "$ID" : "uid=0" >/dev/null +then : +else + if [ "${PREFER_KSU}" -eq 1 ]; + then + # Check if we have a valid kerberos ticket + klist -l 1>/dev/null 2>/dev/null + if [ $? -ne 0 ]; + then + # No kerberos ticket found, skip ksu and fallback to RUN_SUDO + PREFER_KSU=0 + echo "$0: No Kerberos ticket available. Will not use ksu." + else + RUN_SUDO="ksu -q -e" + fi + fi + + if [ -z "$RUN_SUDO" ] + then + echo "$0: this test must run be as root, or RUN_SUDO=... " >&2 + echo " must be set correctly in 't_client.rc'. SKIP." >&2 + exit 77 + else + # We have to use sudo. Make sure that we (hopefully) do not have + # to ask the users password during the test. This is done to + # prevent timing issues, e.g. when the waits for openvpn to start + if $RUN_SUDO $KILL_EXEC -0 $$ + then + echo "$0: $RUN_SUDO $KILL_EXEC -0 succeeded, good." + else + echo "$0: $RUN_SUDO $KILL_EXEC -0 failed, cannot go on. SKIP." >&2 + exit 77 + fi + fi +fi + +for i in $(seq 0 $MAX_TEST); do + # reload dummy module to cleanup state + reload_dummy + typeset -a STATE_TEST + run_test $i + + # reload dummy module to cleanup state before running iproute commands + reload_dummy + + # CMD has been set by the unit test + eval $CMD + if [ $? -ne 0 ]; then + echo "error while executing:" + echo "$CMD" + exit 1 + fi + + # collect state after running manual ip command + for k in $(seq 0 $LAST_STATE); do + STATE_IP[$k]="$(eval ${GET_STATE[$k]})" + done + + # ensure states after running unit test matches the one after running + # manual iproute commands + for j in $(seq 0 $LAST_STATE); do + if [ "${STATE_TEST[$j]}" != "${STATE_IP[$j]}" ]; then + echo "state $j mismatching after '$CMD'" + echo "after unit-test:" + echo "${STATE_TEST[$j]}" + echo "after iproute command:" + echo "${STATE_IP[$j]}" + exit 1 + fi + done + +done + +# remove interface for good +$RUN_SUDO $openvpn --dev $IFACE --dev-type tun --rmtun >/dev/null + +exit 0 diff --git a/tests/unit_tests/openvpn/Makefile.am b/tests/unit_tests/openvpn/Makefile.am index 22a458a4..e2c29832 100644 --- a/tests/unit_tests/openvpn/Makefile.am +++ b/tests/unit_tests/openvpn/Makefile.am @@ -1,14 +1,19 @@ AUTOMAKE_OPTIONS = foreign -check_PROGRAMS= +test_binaries= if HAVE_LD_WRAP_SUPPORT -check_PROGRAMS += argv_testdriver buffer_testdriver +test_binaries += argv_testdriver buffer_testdriver endif -check_PROGRAMS += crypto_testdriver packet_id_testdriver tls_crypt_testdriver +test_binaries += crypto_testdriver packet_id_testdriver tls_crypt_testdriver -TESTS = $(check_PROGRAMS) +TESTS = $(test_binaries) +check_PROGRAMS = $(test_binaries) + +if TARGET_LINUX +check_PROGRAMS += networking_testdriver +endif openvpn_includedir = $(top_srcdir)/include openvpn_srcdir = $(top_srcdir)/src/openvpn @@ -62,3 +67,18 @@ tls_crypt_testdriver_SOURCES = test_tls_crypt.c mock_msg.c \ $(openvpn_srcdir)/otime.c \ $(openvpn_srcdir)/packet_id.c \ $(openvpn_srcdir)/platform.c + +networking_testdriver_CFLAGS = @TEST_CFLAGS@ \ + -I$(openvpn_includedir) -I$(compat_srcdir) -I$(openvpn_srcdir) \ + $(OPTIONAL_CRYPTO_CFLAGS) +networking_testdriver_LDFLAGS = @TEST_LDFLAGS@ -L$(openvpn_srcdir) \ + $(OPTIONAL_CRYPTO_LIBS) +networking_testdriver_SOURCES = test_networking.c mock_msg.c \ + $(openvpn_srcdir)/networking_sitnl.c \ + $(openvpn_srcdir)/buffer.c \ + $(openvpn_srcdir)/crypto.c \ + $(openvpn_srcdir)/crypto_mbedtls.c \ + $(openvpn_srcdir)/crypto_openssl.c \ + $(openvpn_srcdir)/otime.c \ + $(openvpn_srcdir)/packet_id.c \ + $(openvpn_srcdir)/platform.c diff --git a/tests/unit_tests/openvpn/test_networking.c b/tests/unit_tests/openvpn/test_networking.c new file mode 100644 index 00000000..66035011 --- /dev/null +++ b/tests/unit_tests/openvpn/test_networking.c @@ -0,0 +1,229 @@ +#include "config.h" +#include "syshead.h" +#include "networking.h" + +#include "mock_msg.h" + + +static char *iface = "dummy0"; + +#ifdef ENABLE_SITNL + +static int +net__iface_up(bool up) +{ + printf("CMD: ip link set %s %s\n", iface, up ? "up" : "down"); + + return net_iface_up(NULL, iface, up); +} + +static int +net__iface_mtu_set(int mtu) +{ + printf("CMD: ip link set %s mtu %d\n", iface, mtu); + + return net_iface_mtu_set(NULL, iface, mtu); +} + +static int +net__addr_v4_add(const char *addr_str, int prefixlen, const char *brd_str) +{ + in_addr_t addr, brd; + int ret; + + ret = inet_pton(AF_INET, addr_str, &addr); + if (ret != 1) + return -1; + + ret = inet_pton(AF_INET, brd_str, &brd); + if (ret != 1) + return -1; + + addr = ntohl(addr); + brd = ntohl(brd); + + printf("CMD: ip addr add %s/%d brd %s dev %s\n", addr_str, prefixlen, + brd_str, iface); + + return net_addr_v4_add(NULL, iface, &addr, prefixlen, &brd); +} + +static int +net__addr_v6_add(const char *addr_str, int prefixlen) +{ + struct in6_addr addr; + int ret; + + ret = inet_pton(AF_INET6, addr_str, &addr); + if (ret != 1) + return -1; + + printf("CMD: ip -6 addr add %s/%d dev %s\n", addr_str, prefixlen, iface); + + return net_addr_v6_add(NULL, iface, &addr, prefixlen); +} + +static int +net__route_v4_add(const char *dst_str, int prefixlen, int metric) +{ + in_addr_t dst; + int ret; + + if (!dst_str) + return -1; + + ret = inet_pton(AF_INET, dst_str, &dst); + if (ret != 1) + return -1; + + dst = ntohl(dst); + + printf("CMD: ip route add %s/%d dev %s", dst_str, prefixlen, iface); + if (metric > 0) + printf(" metric %d", metric); + printf("\n"); + + return net_route_v4_add(NULL, &dst, prefixlen, NULL, iface, 0, metric); + +} + +static int +net__route_v4_add_gw(const char *dst_str, int prefixlen, const char *gw_str, + int metric) +{ + in_addr_t dst, gw; + int ret; + + if (!dst_str || !gw_str) + return -1; + + ret = inet_pton(AF_INET, dst_str, &dst); + if (ret != 1) + return -1; + + ret = inet_pton(AF_INET, gw_str, &gw); + if (ret != 1) + return -1; + + dst = ntohl(dst); + gw = ntohl(gw); + + printf("CMD: ip route add %s/%d dev %s via %s", dst_str, prefixlen, iface, + gw_str); + if (metric > 0) + printf(" metric %d", metric); + printf("\n"); + + return net_route_v4_add(NULL, &dst, prefixlen, &gw, iface, 0, metric); +} + +static int +net__route_v6_add(const char *dst_str, int prefixlen, int metric) +{ + struct in6_addr dst; + int ret; + + if (!dst_str) + return -1; + + ret = inet_pton(AF_INET6, dst_str, &dst); + if (ret != 1) + return -1; + + printf("CMD: ip -6 route add %s/%d dev %s", dst_str, prefixlen, iface); + if (metric > 0) + printf(" metric %d", metric); + printf("\n"); + + return net_route_v6_add(NULL, &dst, prefixlen, NULL, iface, 0, metric); + +} + +static int +net__route_v6_add_gw(const char *dst_str, int prefixlen, const char *gw_str, + int metric) +{ + struct in6_addr dst, gw; + int ret; + + if (!dst_str || !gw_str) + return -1; + + ret = inet_pton(AF_INET6, dst_str, &dst); + if (ret != 1) + return -1; + + ret = inet_pton(AF_INET6, gw_str, &gw); + if (ret != 1) + return -1; + + printf("CMD: ip -6 route add %s/%d dev %s via %s", dst_str, prefixlen, + iface, gw_str); + if (metric > 0) + printf(" metric %d", metric); + printf("\n"); + + return net_route_v6_add(NULL, &dst, prefixlen, &gw, iface, 0, metric); +} + +static void +usage(char *name) +{ + printf("Usage: %s <0-7>\n", name); +} + +int +main(int argc, char *argv[]) +{ + int test; + + mock_set_debug_level(10); + + if (argc < 2) + { + usage(argv[0]); + return -1; + } + + if (argc > 3) + { + iface = argv[2]; + } + + test = atoi(argv[1]); + switch (test) + { + case 0: + return net__iface_up(true); + case 1: + return net__iface_mtu_set(1281); + case 2: + return net__addr_v4_add("10.255.255.1", 24, "10.255.255.255"); + case 3: + return net__addr_v6_add("2001::1", 64); + case 4: + return net__route_v4_add("11.11.11.0", 24, 0); + case 5: + return net__route_v4_add_gw("11.11.12.0", 24, "10.255.255.2", 0); + case 6: + return net__route_v6_add("2001:babe:cafe:babe::", 64, 600); + case 7: + return net__route_v6_add_gw("2001:cafe:babe::", 48, "2001::2", 600); + default: + printf("invalid test: %d\n", test); + break; + } + + usage(argv[0]); + return -1; +} + +#else + +int +main(int argc, char *argv[]) +{ + return 0; +} + +#endif /* ENABLE_SITNL */