From patchwork Tue Dec 18 18:01:12 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 639 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director9.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id KIw+EhLRGVxOKQAAIUCqbw for ; Wed, 19 Dec 2018 00:03:14 -0500 Received: from proxy17.mail.ord1d.rsapps.net ([172.30.191.6]) by director9.mail.ord1d.rsapps.net with LMTP id eOslEhLRGVyLcAAAalYnBA ; Wed, 19 Dec 2018 00:03:14 -0500 Received: from smtp7.gate.ord1c ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy17.mail.ord1d.rsapps.net with LMTP id qGTSERLRGVz6dQAAWC7mWg ; Wed, 19 Dec 2018 00:03:14 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp7.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: 6317c95a-034b-11e9-979b-bc305bf04148-1-1 Received: from [216.105.38.7] ([216.105.38.7:30880] helo=lists.sourceforge.net) by smtp7.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id FB/A8-13574-111D91C5; Wed, 19 Dec 2018 00:03:13 -0500 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1gZTzk-00009h-SE; Wed, 19 Dec 2018 05:02:08 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1gZTzk-00009S-6L for openvpn-devel@lists.sourceforge.net; Wed, 19 Dec 2018 05:02:08 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=TDLClLoqLZsKxaqn2Oy5H5iP+JuaSs9Gxhr4NsslxHI=; b=Bgp2fMPa7XsNSAu3QzmYo/avei 9FgAp/dQGKNtBIv6FnYLN19ZGAoiNJ/GcCUeMIx3tLicVWP8P3BJewumGqCwOQztdTEbW4OtImhxO 00S4W8esl6t3o/YmTMCQsIA9fKV9JADlnnw39XeDph9yfDHPhKFylLjEID3rrRDaBmKc=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=TDLClLoqLZsKxaqn2Oy5H5iP+JuaSs9Gxhr4NsslxHI=; b=laJS0u1pXH+oX9n3mdSMl1jN46 aOxr8Qq56etdcpJEcys8rELP4FtZXaVQex8MZcQdET/T0Ht1e8/GiH5Krz0BDZhnRqCR3HhD1j2j+ FbMSoXTcibw/vLLvFMPykf6tSaOhKPjdyR0YldWBAcJjJdPx0cXvf11PqgnikpmlcwPE=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) id 1gZTzi-007Vc7-1J for openvpn-devel@lists.sourceforge.net; Wed, 19 Dec 2018 05:02:08 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Wed, 19 Dec 2018 15:01:12 +1000 Message-Id: <20181219050118.6568-2-a@unstable.cc> In-Reply-To: <20181219050118.6568-1-a@unstable.cc> References: <20181219050118.6568-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [5.148.176.60 listed in list.dnswl.org] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record 0.0 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1gZTzi-007Vc7-1J Subject: [Openvpn-devel] [PATCH v3 1/7] implement networking API for iproute2 X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox iproute2 is the first user of the new networking API and its one of the two currently supported functionalities on Linux (the other being net-tools). This patch simply copies the current code from tun.c/route.c to networking_ip.c without introducing any funcional change to the code. Signed-off-by: Antonio Quartulli Acked-By: Arne Schwabe --- src/openvpn/Makefile.am | 2 +- src/openvpn/networking.h | 2 +- src/openvpn/networking_iproute2.c | 386 ++++++++++++++++++++++++++++++ src/openvpn/networking_iproute2.h | 36 +++ 4 files changed, 424 insertions(+), 2 deletions(-) create mode 100644 src/openvpn/networking_iproute2.c create mode 100644 src/openvpn/networking_iproute2.h diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am index 8afc4146..143bcf5c 100644 --- a/src/openvpn/Makefile.am +++ b/src/openvpn/Makefile.am @@ -80,7 +80,7 @@ openvpn_SOURCES = \ mtu.c mtu.h \ mudp.c mudp.h \ multi.c multi.h \ - networking.h \ + networking_iproute2.c networking_iproute2.h networking.h \ ntlm.c ntlm.h \ occ.c occ.h \ openssl_compat.h \ diff --git a/src/openvpn/networking.h b/src/openvpn/networking.h index 716e61a5..4f0167e7 100644 --- a/src/openvpn/networking.h +++ b/src/openvpn/networking.h @@ -34,7 +34,7 @@ struct context; #ifdef ENABLE_SITNL #include "networking_sitnl.h" #elif ENABLE_IPROUTE -#include "networking_ip.h" +#include "networking_iproute2.h" #else /* define mock types to ensure code builds on any platform */ typedef void * openvpn_net_ctx_t; diff --git a/src/openvpn/networking_iproute2.c b/src/openvpn/networking_iproute2.c new file mode 100644 index 00000000..a5a6585f --- /dev/null +++ b/src/openvpn/networking_iproute2.c @@ -0,0 +1,386 @@ +/* + * Networking API implementation for iproute2 + * + * Copyright (C) 2018 Antonio Quartulli + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program (see the file COPYING included with this + * distribution); if not, write to the Free Software Foundation, Inc., + * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#elif defined(_MSC_VER) +#include "config-msvc.h" +#endif + +#if defined(TARGET_LINUX) && defined(ENABLE_IPROUTE) + +#include "syshead.h" + +#include "networking.h" +#include "networking_iproute2.h" +#include "misc.h" +#include "openvpn.h" +#include "run_command.h" +#include "socket.h" + +#include +#include + +int +net_ctx_init(struct context *c, openvpn_net_ctx_t *ctx) +{ + ctx->es = NULL; + if (c) + ctx->es = c->es; + + return 0; +} + +int +net_iface_up(openvpn_net_ctx_t *ctx, const char *iface, bool up) +{ + struct argv argv = argv_new(); + + argv_printf(&argv, "%s link set dev %s %s", iproute_path, iface, + up ? "up" : "down"); + argv_msg(M_INFO, &argv); + openvpn_execve_check(&argv, ctx->es, S_FATAL, "Linux ip link set failed"); + + argv_reset(&argv); + + return 0; +} + +int +net_iface_mtu_set(openvpn_net_ctx_t *ctx, const char *iface, uint32_t mtu) +{ + struct argv argv = argv_new(); + + argv_printf(&argv, "%s link set dev %s up mtu %d", iproute_path, iface, + mtu); + argv_msg(M_INFO, &argv); + openvpn_execve_check(&argv, ctx->es, S_FATAL, "Linux ip link set failed"); + + return 0; +} + +int +net_addr_v4_add(openvpn_net_ctx_t *ctx, const char *iface, + const in_addr_t *addr, int prefixlen, + const in_addr_t *broadcast) +{ + struct argv argv = argv_new(); + + char *addr_str = (char *)print_in_addr_t(*addr, 0, NULL); + char *brd_str = (char *)print_in_addr_t(*broadcast, 0, NULL); + + argv_printf(&argv, "%s addr add dev %s %s/%d broadcast %s", iproute_path, + iface, addr_str, prefixlen, brd_str); + argv_msg(M_INFO, &argv); + openvpn_execve_check(&argv, ctx->es, S_FATAL, "Linux ip addr add failed"); + + free(addr_str); + free(brd_str); + + argv_reset(&argv); + + return 0; +} + +int +net_addr_v6_add(openvpn_net_ctx_t *ctx, const char *iface, + const struct in6_addr *addr, int prefixlen) +{ + struct argv argv = argv_new(); + char *addr_str = (char *)print_in6_addr(*addr, 0, NULL); + + argv_printf(&argv, "%s -6 addr add %s/%d dev %s", iproute_path, addr_str, + prefixlen, iface); + argv_msg(M_INFO, &argv); + openvpn_execve_check(&argv, ctx->es, S_FATAL, + "Linux ip -6 addr add failed"); + + free(addr_str); + + argv_reset(&argv); + + return 0; +} + +int +net_addr_v4_del(openvpn_net_ctx_t *ctx, const char *iface, + const in_addr_t *addr, int prefixlen) +{ + struct argv argv = argv_new(); + char *addr_str = (char *)print_in_addr_t(*addr, 0, NULL); + + argv_printf(&argv, "%s addr del dev %s %s/%d", iproute_path, iface, + addr_str, prefixlen); + + argv_msg(M_INFO, &argv); + openvpn_execve_check(&argv, ctx->es, 0, "Linux ip addr del failed"); + + free(addr_str); + + argv_reset(&argv); + + return 0; +} + +int +net_addr_v6_del(openvpn_net_ctx_t *ctx, const char *iface, + const struct in6_addr *addr, int prefixlen) +{ + struct argv argv = argv_new(); + char *addr_str = (char *)print_in6_addr(*addr, 0, NULL); + + argv_printf(&argv, "%s -6 addr del %s/%d dev %s", iproute_path, + addr_str, prefixlen, iface); + argv_msg(M_INFO, &argv); + openvpn_execve_check(&argv, ctx->es, 0, "Linux ip -6 addr del failed"); + + free(addr_str); + + argv_reset(&argv); + + return 0; +} + +int +net_addr_ptp_v4_add(openvpn_net_ctx_t *ctx, const char *iface, + const in_addr_t *local, const in_addr_t *remote) +{ + struct argv argv = argv_new(); + char *local_str = (char *)print_in_addr_t(*local, 0, NULL); + char *remote_str = (char *)print_in_addr_t(*remote, 0, NULL); + + argv_printf(&argv, "%s addr add dev %s local %s peer %s", iproute_path, + iface, local_str, remote_str); + argv_msg(M_INFO, &argv); + openvpn_execve_check(&argv, ctx->es, S_FATAL, "Linux ip addr add failed"); + + free(local_str); + free(remote_str); + + argv_reset(&argv); + + return 0; +} + +int +net_addr_ptp_v4_del(openvpn_net_ctx_t *ctx, const char *iface, + const in_addr_t *local, const in_addr_t *remote) +{ + struct argv argv = argv_new(); + char *local_str = (char *)print_in_addr_t(*local, 0, NULL); + char *remote_str = (char *)print_in_addr_t(*remote, 0, NULL); + + argv_printf(&argv, "%s addr del dev %s local %s peer %s", iproute_path, + iface, local_str, remote_str); + argv_msg(M_INFO, &argv); + openvpn_execve_check(&argv, ctx->es, 0, "Linux ip addr del failed"); + + free(local_str); + free(remote_str); + + argv_reset(&argv); + + return 0; +} + +int +net_route_v4_add(openvpn_net_ctx_t *ctx, const in_addr_t *dst, int prefixlen, + const in_addr_t *gw, const char *iface, uint32_t table, + int metric) +{ + struct argv argv = argv_new(); + char *dst_str = (char *)print_in_addr_t(*dst, 0, NULL); + + argv_printf(&argv, "%s route add %s/%d", iproute_path, dst_str, prefixlen); + + if (metric > 0) + argv_printf_cat(&argv, "metric %d", metric); + + if (iface) + argv_printf_cat(&argv, "dev %s", iface); + + if (gw) + { + char *gw_str = (char *)print_in_addr_t(*gw, 0, NULL); + + argv_printf_cat(&argv, "via %s", gw_str); + + free(gw_str); + } + + argv_msg(D_ROUTE, &argv); + openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route add command failed"); + + free(dst_str); + + argv_reset(&argv); + + return 0; +} + +int +net_route_v6_add(openvpn_net_ctx_t *ctx, const struct in6_addr *dst, + int prefixlen, const struct in6_addr *gw, const char *iface, + uint32_t table, int metric) +{ + struct argv argv = argv_new(); + char *dst_str = (char *)print_in6_addr(*dst, 0, NULL); + + argv_printf(&argv, "%s -6 route add %s/%d dev %s", iproute_path, dst_str, + prefixlen, iface); + + if (gw) + { + char *gw_str = (char *)print_in6_addr(*gw, 0, NULL); + + argv_printf_cat(&argv, "via %s", gw_str); + + free(gw_str); + } + + if (metric > 0) + argv_printf_cat(&argv, "metric %d", metric); + + argv_msg(D_ROUTE, &argv); + openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route -6 add command failed"); + + free(dst_str); + + argv_reset(&argv); + + return 0; +} + +int +net_route_v4_del(openvpn_net_ctx_t *ctx, const in_addr_t *dst, int prefixlen, + const in_addr_t *gw, const char *iface, uint32_t table, + int metric) +{ + struct argv argv = argv_new(); + char *dst_str = (char *)print_in_addr_t(*dst, 0, NULL); + + argv_printf(&argv, "%s route del %s/%d", iproute_path, dst_str, prefixlen); + + if (metric > 0) + argv_printf_cat(&argv, "metric %d", metric); + + argv_msg(D_ROUTE, &argv); + openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route delete command failed"); + + free(dst_str); + + argv_reset(&argv); + + return 0; +} + +int +net_route_v6_del(openvpn_net_ctx_t *ctx, const struct in6_addr *dst, + int prefixlen, const struct in6_addr *gw, const char *iface, + uint32_t table, int metric) +{ + struct argv argv = argv_new(); + char *dst_str = (char *)print_in6_addr(*dst, 0, NULL); + + argv_printf(&argv, "%s -6 route del %s/%d dev %s", iproute_path, dst_str, + prefixlen, iface); + + if (gw) + { + char *gw_str = (char *)print_in6_addr(*gw, 0, NULL); + + argv_printf_cat(&argv, "via %s", gw_str); + + free(gw_str); + } + + if (metric > 0) + argv_printf_cat(&argv, "metric %d", metric); + + argv_msg(D_ROUTE, &argv); + openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route -6 del command failed"); + + free(dst_str); + + argv_reset(&argv); + + return 0; +} + +int +net_route_v4_best_gw(openvpn_net_ctx_t *ctx, const in_addr_t *dst, + int prefixlen, in_addr_t *best_gw, char *best_iface) +{ + best_iface[0] = '\0'; + + FILE *fp = fopen("/proc/net/route", "r"); + if (!fp) + return -1; + + char line[256]; + int count = 0; + unsigned int lowest_metric = UINT_MAX; + while (fgets(line, sizeof(line), fp) != NULL) + { + if (count) + { + unsigned int net_x = 0; + unsigned int mask_x = 0; + unsigned int gw_x = 0; + unsigned int metric = 0; + unsigned int flags = 0; + char name[16]; + name[0] = '\0'; + + const int np = sscanf(line, "%15s\t%x\t%x\t%x\t%*s\t%*s\t%d\t%x", + name, &net_x, &gw_x, &flags, &metric, + &mask_x); + + if (np == 6 && (flags & IFF_UP)) + { + const in_addr_t net = ntohl(net_x); + const in_addr_t mask = ntohl(mask_x); + const in_addr_t gw = ntohl(gw_x); + + if (!net && !mask && metric < lowest_metric) + { + *best_gw = gw; + strcpy(best_iface, name); + lowest_metric = metric; + } + } + } + ++count; + } + fclose(fp); + + return 0; +} + +/* + * The following function is not implemented in the iproute backend as it + * already uses netlink in route.c. + * + * int + * net_route_v6_best_gw(const struct in6_addr *dst, int prefixlen, + * struct in6_addr *best_gw, char *best_iface) + */ + +#endif /* ENABLE_IPROUTE && TARGET_LINUX */ diff --git a/src/openvpn/networking_iproute2.h b/src/openvpn/networking_iproute2.h new file mode 100644 index 00000000..47b50a9f --- /dev/null +++ b/src/openvpn/networking_iproute2.h @@ -0,0 +1,36 @@ +/* + * Generic interface to platform specific networking code + * + * Copyright (C) 2016-2018 Antonio Quartulli + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program (see the file COPYING included with this + * distribution); if not, write to the Free Software Foundation, Inc., + * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#ifndef NETWORKING_IP_H_ +#define NETWORKING_IP_H_ + +#include "env_set.h" + +typedef char openvpn_net_iface_t; + +struct openvpn_net_ctx +{ + struct env_set *es; +}; + +typedef struct openvpn_net_ctx openvpn_net_ctx_t; + +#endif /* NETWORKING_IP_H_ */ From patchwork Tue Dec 18 18:01:13 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 642 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director11.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id gPfpFhXRGVwPIwAAIUCqbw for ; Wed, 19 Dec 2018 00:03:17 -0500 Received: from proxy8.mail.ord1d.rsapps.net ([172.30.191.6]) by director11.mail.ord1d.rsapps.net with LMTP id yMnFFhXRGVzzVAAAvGGmqA ; Wed, 19 Dec 2018 00:03:17 -0500 Received: from smtp34.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy8.mail.ord1d.rsapps.net with LMTP id KAQTFhXRGVyQCQAAGdz6CA ; Wed, 19 Dec 2018 00:03:17 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp34.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: 64de5e02-034b-11e9-aae6-5254008bd48f-1-1 Received: from [216.105.38.7] ([216.105.38.7:28572] helo=lists.sourceforge.net) by smtp34.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 7F/78-07503-411D91C5; Wed, 19 Dec 2018 00:03:16 -0500 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1gZTzu-0004D5-KF; Wed, 19 Dec 2018 05:02:18 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1gZTzs-0004Cs-Rb for openvpn-devel@lists.sourceforge.net; Wed, 19 Dec 2018 05:02:16 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Y21PJiecqmcuGeTrb4mJDPgCGd1iodRreOGR3MLo6nA=; b=Psg2OtdKJi4gN8JAhJ32dxF9aE cumqFRJ9mADwVoX1ivRkENmJxGH3D7wvE4rYpHFXEcMY0opMPqXOoVV8T6O7ibFLXUTVsi7tibpLG LgnJCTDTzcuo5Gy2/yQLb+d8qBbXmeUqhCx5HpDOK66X0VRGCVe+JL3OHcxjmvg+Fs94=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Y21PJiecqmcuGeTrb4mJDPgCGd1iodRreOGR3MLo6nA=; b=NsNH9XNLoTZ3EMvTI02zN+YQy+ 12fo5hujJV9mhucekbSsYMLtuX3pjcUCmI2O3+c3qqdm0pqdOUWR4cezlB1FdpN4sIj7nsyJLf+eJ 5SctII2lxsfNwEl49Af9pBU67hhFARdcMHh98atZBxbiRrRgcd8LpGzDG8kEJAGE3jUc=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-3.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) id 1gZTzo-008Qa5-VM for openvpn-devel@lists.sourceforge.net; Wed, 19 Dec 2018 05:02:16 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Wed, 19 Dec 2018 15:01:13 +1000 Message-Id: <20181219050118.6568-3-a@unstable.cc> In-Reply-To: <20181219050118.6568-1-a@unstable.cc> References: <20181219050118.6568-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [5.148.176.60 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1gZTzo-008Qa5-VM Subject: [Openvpn-devel] [PATCH v3 2/7] introduce sitnl: Simplified Interface To NetLink X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This patch introduces a tiny netlink interface, optimized for the openvpn use case. It basically exposes all those operations that are currently handled by directly calling the /sbin/ip command (or even ifconfig/route, if configured). By using netlink, openvpn won't need to spawn new processes when configuring the tun interface or routes. This new approach will also allow openvpn to be granted CAP_NET_ADMIN and be able to properly work even though it dropped the root privileges (currently handled via workarounds). By moving this logic into the sitnl module, tun.c and route.c also benefit from some code simplification Signed-off-by: Antonio Quartulli Acked-By: Arne Schwabe --- configure.ac | 13 +- src/openvpn/Makefile.am | 4 +- src/openvpn/errlevel.h | 1 + src/openvpn/networking_sitnl.c | 1228 ++++++++++++++++++++++++++++++++ src/openvpn/networking_sitnl.h | 28 + src/openvpn/sitnl.h | 217 ++++++ 6 files changed, 1485 insertions(+), 6 deletions(-) create mode 100644 src/openvpn/networking_sitnl.c create mode 100644 src/openvpn/networking_sitnl.h create mode 100644 src/openvpn/sitnl.h diff --git a/configure.ac b/configure.ac index 1e6891b1..2a51ad46 100644 --- a/configure.ac +++ b/configure.ac @@ -298,6 +298,7 @@ case "$host" in *-*-linux*) AC_DEFINE([TARGET_LINUX], [1], [Are we running on Linux?]) AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["L"], [Target prefix]) + have_sitnl="yes" ;; *-*-solaris*) AC_DEFINE([TARGET_SOLARIS], [1], [Are we running on Solaris?]) @@ -1226,11 +1227,13 @@ fi if test "${enable_iproute2}" = "yes"; then test -z "${IPROUTE}" && AC_MSG_ERROR([ip utility is required but missing]) AC_DEFINE([ENABLE_IPROUTE], [1], [enable iproute2 support]) -else - if test "${WIN32}" != "yes"; then - test -z "${ROUTE}" && AC_MSG_ERROR([route utility is required but missing]) - test -z "${IFCONFIG}" && AC_MSG_ERROR([ifconfig utility is required but missing]) - fi +else if test "${have_sitnl}" = "yes"; then + AC_DEFINE([ENABLE_SITNL], [1], [enable sitnl support]) +else if test "${WIN32}" != "yes" -a "${have_sitnl}" != "yes"; then + test -z "${ROUTE}" && AC_MSG_ERROR([route utility is required but missing]) + test -z "${IFCONFIG}" && AC_MSG_ERROR([ifconfig utility is required but missing]) +fi +fi fi if test "${enable_selinux}" = "yes"; then diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am index 143bcf5c..30caa01f 100644 --- a/src/openvpn/Makefile.am +++ b/src/openvpn/Makefile.am @@ -80,7 +80,9 @@ openvpn_SOURCES = \ mtu.c mtu.h \ mudp.c mudp.h \ multi.c multi.h \ - networking_iproute2.c networking_iproute2.h networking.h \ + networking_iproute2.c networking_iproute2.h \ + networking_sitnl.c networking_sitnl.h \ + networking.h \ ntlm.c ntlm.h \ occ.c occ.h \ openssl_compat.h \ diff --git a/src/openvpn/errlevel.h b/src/openvpn/errlevel.h index c30284fc..60896c1f 100644 --- a/src/openvpn/errlevel.h +++ b/src/openvpn/errlevel.h @@ -109,6 +109,7 @@ #define D_LOG_RW LOGLEV(5, 0, 0) /* Print 'R' or 'W' to stdout for read/write */ +#define D_RTNL LOGLEV(6, 68, M_DEBUG) /* show RTNL low level operations */ #define D_LINK_RW LOGLEV(6, 69, M_DEBUG) /* show TCP/UDP reads/writes (terse) */ #define D_TUN_RW LOGLEV(6, 69, M_DEBUG) /* show TUN/TAP reads/writes */ #define D_TAP_WIN_DEBUG LOGLEV(6, 69, M_DEBUG) /* show TAP-Windows driver debug info */ diff --git a/src/openvpn/networking_sitnl.c b/src/openvpn/networking_sitnl.c new file mode 100644 index 00000000..4e29d8ba --- /dev/null +++ b/src/openvpn/networking_sitnl.c @@ -0,0 +1,1228 @@ +/* + * Simplified Interface To NetLink + * + * Copyright (C) 2016-2018 Antonio Quartulli + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program (see the file COPYING included with this + * distribution); if not, write to the Free Software Foundation, Inc., + * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#elif defined(_MSC_VER) +#include "config-msvc.h" +#endif + +#ifdef TARGET_LINUX + +#include "syshead.h" + +#include "errlevel.h" +#include "buffer.h" +#include "networking.h" + +#include +#include +#include +#include +#include +#include +#include + +#define SNDBUF_SIZE (1024 * 2) +#define RCVBUF_SIZE (1024 * 4) + +#define SITNL_ADDATTR(_msg, _max_size, _attr, _data, _size) \ + { \ + if (sitnl_addattr(_msg, _max_size, _attr, _data, _size) < 0)\ + { \ + goto err; \ + } \ + } + +#define NLMSG_TAIL(nmsg) \ + ((struct rtattr *)(((uint8_t *)(nmsg)) + NLMSG_ALIGN((nmsg)->nlmsg_len))) + +/** + * Generic address data structure used to pass addresses and prefixes as + * argument to AF family agnostic functions + */ +typedef union { + in_addr_t ipv4; + struct in6_addr ipv6; +} inet_address_t; + +/** + * Link state request message + */ +struct sitnl_link_req { + struct nlmsghdr n; + struct ifinfomsg i; + char buf[256]; +}; + +/** + * Address request message + */ +struct sitnl_addr_req { + struct nlmsghdr n; + struct ifaddrmsg i; + char buf[256]; +}; + +/** + * Route request message + */ +struct sitnl_route_req { + struct nlmsghdr n; + struct rtmsg r; + char buf[256]; +}; + +typedef int (*sitnl_parse_reply_cb)(struct nlmsghdr *msg, void *arg); + +/** + * Object returned by route request operation + */ +struct sitnl_route_data_cb { + unsigned int iface; + inet_address_t gw; +}; + +/** + * Helper function used to easily add attributes to a rtnl message + */ +static int +sitnl_addattr(struct nlmsghdr *n, int maxlen, int type, const void *data, + int alen) +{ + int len = RTA_LENGTH(alen); + struct rtattr *rta; + + if ((int)(NLMSG_ALIGN(n->nlmsg_len) + RTA_ALIGN(len)) > maxlen) + { + msg(M_WARN, "%s: rtnl: message exceeded bound of %d", __func__, + maxlen); + return -EMSGSIZE; + } + + rta = NLMSG_TAIL(n); + rta->rta_type = type; + rta->rta_len = len; + + if (!data) + { + memset(RTA_DATA(rta), 0, alen); + } + else + { + memcpy(RTA_DATA(rta), data, alen); + } + + n->nlmsg_len = NLMSG_ALIGN(n->nlmsg_len) + RTA_ALIGN(len); + + return 0; +} + +/** + * Open RTNL socket + */ +static int +sitnl_socket(void) +{ + int sndbuf = SNDBUF_SIZE; + int rcvbuf = RCVBUF_SIZE; + int fd; + + fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE); + if (fd < 0) + { + msg(M_WARN, "%s: cannot open netlink socket", __func__); + return fd; + } + + if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &sndbuf, sizeof(sndbuf)) < 0) + { + msg(M_WARN | M_ERRNO, "%s: SO_SNDBUF", __func__); + close(fd); + return -1; + } + + if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &rcvbuf, sizeof(rcvbuf)) < 0) + { + msg(M_WARN | M_ERRNO, "%s: SO_RCVBUF", __func__); + close(fd); + return -1; + } + + return fd; +} + +/** + * Bind socket to Netlink subsystem + */ +static int +sitnl_bind(int fd, uint32_t groups) +{ + socklen_t addr_len; + struct sockaddr_nl local; + + CLEAR(local); + + local.nl_family = AF_NETLINK; + local.nl_groups = groups; + + if (bind(fd, (struct sockaddr *)&local, sizeof(local)) < 0) + { + msg(M_WARN | M_ERRNO, "%s: cannot bind netlink socket", __func__); + return -errno; + } + + addr_len = sizeof(local); + if (getsockname(fd, (struct sockaddr *)&local, &addr_len) < 0) + { + msg(M_WARN | M_ERRNO, "%s: cannot getsockname", __func__); + return -errno; + } + + if (addr_len != sizeof(local)) + { + msg(M_WARN, "%s: wrong address length %d", __func__, addr_len); + return -EINVAL; + } + + if (local.nl_family != AF_NETLINK) + { + msg(M_WARN, "%s: wrong address family %d", __func__, local.nl_family); + return -EINVAL; + } + + return 0; +} + +/** + * Send Netlink message and run callback on reply (if specified) + */ +static int +sitnl_send(struct nlmsghdr *payload, pid_t peer, unsigned int groups, + sitnl_parse_reply_cb cb, void *arg_cb) +{ + int len, rem_len, fd, ret, rcv_len; + struct sockaddr_nl nladdr; + struct nlmsgerr *err; + struct nlmsghdr *h; + unsigned int seq; + char buf[1024 * 16]; + struct iovec iov = + { + .iov_base = payload, + .iov_len = payload->nlmsg_len, + }; + struct msghdr nlmsg = + { + .msg_name = &nladdr, + .msg_namelen = sizeof(nladdr), + .msg_iov = &iov, + .msg_iovlen = 1, + }; + + CLEAR(nladdr); + + nladdr.nl_family = AF_NETLINK; + nladdr.nl_pid = peer; + nladdr.nl_groups = groups; + + payload->nlmsg_seq = seq = time(NULL); + + /* no need to send reply */ + if (!cb) + { + payload->nlmsg_flags |= NLM_F_ACK; + } + + fd = sitnl_socket(); + if (fd < 0) + { + msg(M_WARN | M_ERRNO, "%s: can't open rtnl socket", __func__); + return -errno; + } + + ret = sitnl_bind(fd, 0); + if (ret < 0) + { + msg(M_WARN | M_ERRNO, "%s: can't bind rtnl socket", __func__); + ret = -errno; + goto out; + } + + ret = sendmsg(fd, &nlmsg, 0); + if (ret < 0) + { + msg(M_WARN | M_ERRNO, "%s: rtnl: error on sendmsg()", __func__); + ret = -errno; + goto out; + } + + /* prepare buffer to store RTNL replies */ + memset(buf, 0, sizeof(buf)); + iov.iov_base = buf; + + while (1) + { + /* + * iov_len is modified by recvmsg(), therefore has to be initialized before + * using it again + */ + msg(D_RTNL, "%s: checking for received messages", __func__); + iov.iov_len = sizeof(buf); + rcv_len = recvmsg(fd, &nlmsg, 0); + msg(D_RTNL, "%s: rtnl: received %d bytes", __func__, rcv_len); + if (rcv_len < 0) + { + if ((errno == EINTR) || (errno == EAGAIN)) + { + msg(D_RTNL, "%s: interrupted call", __func__); + continue; + } + msg(M_WARN | M_ERRNO, "%s: rtnl: error on recvmsg()", __func__); + ret = -errno; + goto out; + } + + if (rcv_len == 0) + { + msg(M_WARN, "%s: rtnl: socket reached unexpected EOF", __func__); + ret = -EIO; + goto out; + } + + if (nlmsg.msg_namelen != sizeof(nladdr)) + { + msg(M_WARN, "%s: sender address length: %u (expected %zu)", + __func__, nlmsg.msg_namelen, sizeof(nladdr)); + ret = -EIO; + goto out; + } + + h = (struct nlmsghdr *)buf; + while (rcv_len >= (int)sizeof(*h)) + { + len = h->nlmsg_len; + rem_len = len - sizeof(*h); + + if ((rem_len < 0) || (len > rcv_len)) + { + if (nlmsg.msg_flags & MSG_TRUNC) + { + msg(M_WARN, "%s: truncated message", __func__); + ret = -EIO; + goto out; + } + msg(M_WARN, "%s: malformed message: len=%d", __func__, len); + ret = -EIO; + goto out; + } + +/* if (((int)nladdr.nl_pid != peer) || (h->nlmsg_pid != nladdr.nl_pid) + || (h->nlmsg_seq != seq)) + { + rcv_len -= NLMSG_ALIGN(len); + h = (struct nlmsghdr *)((char *)h + NLMSG_ALIGN(len)); + msg(M_DEBUG, "%s: skipping unrelated message. nl_pid:%d (peer:%d) nl_msg_pid:%d nl_seq:%d seq:%d", + __func__, (int)nladdr.nl_pid, peer, h->nlmsg_pid, + h->nlmsg_seq, seq); + continue; + } +*/ + if (h->nlmsg_type == NLMSG_ERROR) + { + err = (struct nlmsgerr *)NLMSG_DATA(h); + if (rem_len < (int)sizeof(struct nlmsgerr)) + { + msg(M_WARN, "%s: ERROR truncated", __func__); + ret = -EIO; + } + else + { + if (!err->error) + { + ret = 0; + if (cb) + ret = cb(h, arg_cb); + } + else + { + msg(M_WARN, "%s: rtnl: generic error: %s", + __func__, strerror(-err->error)); + ret = -err->error; + } + } + goto out; + } + + if (cb) + { + ret = cb(h, arg_cb); + goto out; + } + else + { + msg(M_WARN, "%s: RTNL: unexpected reply", __func__); + } + + rcv_len -= NLMSG_ALIGN(len); + h = (struct nlmsghdr *)((char *)h + NLMSG_ALIGN(len)); + } + + if (nlmsg.msg_flags & MSG_TRUNC) + { + msg(M_WARN, "%s: message truncated", __func__); + continue; + } + + if (rcv_len) + { + msg(M_WARN, "%s: rtnl: %d not parsed bytes", __func__, rcv_len); + ret = -1; + goto out; + } + } +out: + close(fd); + + return ret; +} + +typedef struct { + int addr_size; + inet_address_t gw; + char iface[IFNAMSIZ]; +} route_res_t; + +static int +sitnl_route_save(struct nlmsghdr *n, void *arg) +{ + route_res_t *res = arg; + struct rtmsg *r = NLMSG_DATA(n); + struct rtattr *rta = RTM_RTA(r); + int len = n->nlmsg_len - NLMSG_LENGTH(sizeof(*r)); + unsigned int ifindex = 0; + + while (RTA_OK(rta, len)) + { + switch (rta->rta_type) + { + /* route interface */ + case RTA_OIF: + ifindex = *(unsigned int *)RTA_DATA(rta); + break; + /* route prefix */ + case RTA_DST: + break; + /* GW for the route */ + case RTA_GATEWAY: + memcpy(&res->gw, RTA_DATA(rta), res->addr_size); + break; + } + + rta = RTA_NEXT(rta, len); + } + + if (!if_indextoname(ifindex, res->iface)) + { + msg(M_WARN | M_ERRNO, "%s: rtnl: can't get ifname for index %d", + __func__, ifindex); + return -1; + } + + return 0; +} + +static int +sitnl_route_best_gw(sa_family_t af_family, const inet_address_t *dst, + int prefixlen, void *best_gw, char *best_iface) +{ + struct sitnl_route_req req; + route_res_t res; + int ret = -EINVAL; + + ASSERT(best_gw); + ASSERT(best_iface); + + CLEAR(req); + CLEAR(res); + + req.n.nlmsg_len = NLMSG_LENGTH(sizeof(req.r)); + req.n.nlmsg_type = RTM_GETROUTE; + req.n.nlmsg_flags = NLM_F_REQUEST; + + req.r.rtm_family = af_family; + req.r.rtm_dst_len = prefixlen; + + switch (af_family) + { + case AF_INET: + res.addr_size = sizeof(in_addr_t); + req.n.nlmsg_flags |= NLM_F_DUMP; + break; + case AF_INET6: + res.addr_size = sizeof(struct in6_addr); + break; + default: + /* unsupported */ + return -EINVAL; + } + + SITNL_ADDATTR(&req.n, sizeof(req), RTA_DST, dst, res.addr_size); + + ret = sitnl_send(&req.n, 0, 0, sitnl_route_save, &res); + if (ret < 0) + { + goto err; + } + + /* save result in output variables */ + memcpy(best_gw, &res.gw, res.addr_size); + strcpy(best_iface, res.iface); +err: + return ret; + +} + +/* used by iproute2 implementation too */ +int +net_route_v6_best_gw(openvpn_net_ctx_t *ctx, const struct in6_addr *dst, + int prefixlen, struct in6_addr *best_gw, char *best_iface) +{ + inet_address_t dst_v6 = {0}; + char buf[INET6_ADDRSTRLEN]; + int ret; + + if (dst) + { + dst_v6.ipv6 = *dst; + } + + msg(D_ROUTE, "%s query: dst %s/%d", __func__, + inet_ntop(AF_INET6, &dst_v6.ipv6, buf, sizeof(buf)), prefixlen); + + ret = sitnl_route_best_gw(AF_INET6, &dst_v6, prefixlen, best_gw, + best_iface); + if (ret < 0) + { + return ret; + } + + msg(D_ROUTE, "%s result: via %s dev %s", __func__, + inet_ntop(AF_INET6, best_gw, buf, sizeof(buf)), best_iface); + + return ret; + +} + +#ifdef ENABLE_SITNL + +int +net_ctx_init(struct context *c, openvpn_net_ctx_t *ctx) +{ + (void)c; + (void)ctx; + + return 0; +} + +int +net_route_v4_best_gw(openvpn_net_ctx_t *ctx, const in_addr_t *dst, + int prefixlen, in_addr_t *best_gw, char *best_iface) +{ + inet_address_t dst_v4 = {0}; + char buf[INET_ADDRSTRLEN]; + int ret; + + if (dst) + { + dst_v4.ipv4 = htonl(*dst); + } + + msg(D_ROUTE, "%s query: dst %s/%d", __func__, + inet_ntop(AF_INET, &dst_v4.ipv4, buf, sizeof(buf)), prefixlen); + + ret = sitnl_route_best_gw(AF_INET, &dst_v4, prefixlen, best_gw, best_iface); + if (ret < 0) + { + return ret; + } + + msg(D_ROUTE, "%s result: via %s dev %s", __func__, + inet_ntop(AF_INET, best_gw, buf, sizeof(buf)), best_iface); + + /* result is expected in Host Order */ + *best_gw = ntohl(*best_gw); + + return ret; +} + +int +net_iface_up(openvpn_net_ctx_t *ctx, const char *iface, bool up) +{ + struct sitnl_link_req req; + int ifindex; + + CLEAR(req); + + if (!iface) + { + msg(M_WARN, "%s: passed NULL interface", __func__); + return -EINVAL; + } + + ifindex = if_nametoindex(iface); + if (ifindex == 0) { + msg(M_WARN, "%s: rtnl: cannot get ifindex for %s: %s", __func__, iface, + strerror(errno)); + return -ENOENT; + } + + req.n.nlmsg_len = NLMSG_LENGTH(sizeof(req.i)); + req.n.nlmsg_flags = NLM_F_REQUEST; + req.n.nlmsg_type = RTM_NEWLINK; + + req.i.ifi_family = AF_PACKET; + req.i.ifi_index = ifindex; + req.i.ifi_change |= IFF_UP; + if (up) + req.i.ifi_flags |= IFF_UP; + else + req.i.ifi_flags &= ~IFF_UP; + + msg(M_INFO, "%s: set %s %s", __func__, iface, up ? "up" : "down"); + + return sitnl_send(&req.n, 0, 0, NULL, NULL); +} + +int +net_iface_mtu_set(openvpn_net_ctx_t *ctx, const char *iface, + uint32_t mtu) +{ + struct sitnl_link_req req; + int ifindex, ret = -1; + + CLEAR(req); + + ifindex = if_nametoindex(iface); + if (ifindex == 0) { + msg(M_WARN | M_ERRNO, "%s: rtnl: cannot get ifindex for %s", __func__, + iface); + return -1; + } + + req.n.nlmsg_len = NLMSG_LENGTH(sizeof(req.i)); + req.n.nlmsg_flags = NLM_F_REQUEST; + req.n.nlmsg_type = RTM_NEWLINK; + + req.i.ifi_family = AF_PACKET; + req.i.ifi_index = ifindex; + + SITNL_ADDATTR(&req.n, sizeof(req), IFLA_MTU, &mtu, 4); + + msg(M_INFO, "%s: mtu %u for %s", __func__, mtu, iface); + + ret = sitnl_send(&req.n, 0, 0, NULL, NULL); +err: + return ret; +} + +static int +sitnl_addr_set(int cmd, uint32_t flags, int ifindex, sa_family_t af_family, + const inet_address_t *local, const inet_address_t *remote, + int prefixlen, const inet_address_t *broadcast) +{ + struct sitnl_addr_req req; + uint32_t size; + int ret = -EINVAL; + + CLEAR(req); + + req.n.nlmsg_len = NLMSG_LENGTH(sizeof(req.i)); + req.n.nlmsg_type = cmd; + req.n.nlmsg_flags = NLM_F_REQUEST | flags; + + req.i.ifa_index = ifindex; + req.i.ifa_family = af_family; + + switch (af_family) + { + case AF_INET: + size = sizeof(struct in_addr); + break; + case AF_INET6: + size = sizeof(struct in6_addr); + break; + default: + msg(M_WARN, "%s: rtnl: unknown address family %d", __func__, + af_family); + return -EINVAL; + } + + /* if no prefixlen has been specified, assume host address */ + if (prefixlen == 0) + { + prefixlen = size * 8; + } + req.i.ifa_prefixlen = prefixlen; + + if (remote) + { + SITNL_ADDATTR(&req.n, sizeof(req), IFA_ADDRESS, remote, size); + } + + if (local) + { + SITNL_ADDATTR(&req.n, sizeof(req), IFA_LOCAL, local, size); + } + + if (broadcast) + { + SITNL_ADDATTR(&req.n, sizeof(req), IFA_BROADCAST, broadcast, size); + } + + ret = sitnl_send(&req.n, 0, 0, NULL, NULL); + if ((ret < 0) && (errno == EEXIST)) + { + ret = 0; + } +err: + return ret; +} + +static int +sitnl_addr_ptp_add(sa_family_t af_family, const char *iface, + const inet_address_t *local, + const inet_address_t *remote) +{ + int ifindex; + + switch (af_family) { + case AF_INET: + case AF_INET6: + break; + default: + return -EINVAL; + } + + if (!iface) + { + msg(M_WARN, "%s: passed NULL interface", __func__); + return -EINVAL; + } + + ifindex = if_nametoindex(iface); + if (ifindex == 0) + { + msg(M_WARN, "%s: cannot get ifindex for %s: %s", __func__, np(iface), + strerror(errno)); + return -ENOENT; + } + + return sitnl_addr_set(RTM_NEWADDR, NLM_F_CREATE | NLM_F_REPLACE, ifindex, + af_family, local, remote, 0, NULL); +} + +static int +sitnl_addr_ptp_del(sa_family_t af_family, const char *iface, + const inet_address_t *local) +{ + int ifindex; + + switch (af_family) { + case AF_INET: + case AF_INET6: + break; + default: + return -EINVAL; + } + + if (!iface) + { + msg(M_WARN, "%s: passed NULL interface", __func__); + return -EINVAL; + } + + ifindex = if_nametoindex(iface); + if (ifindex == 0) + { + msg(M_WARN | M_ERRNO, "%s: cannot get ifindex for %s", __func__, iface); + return -ENOENT; + } + + return sitnl_addr_set(RTM_DELADDR, 0, ifindex, af_family, local, NULL, 0, + NULL); +} + +static int +sitnl_route_set(int cmd, uint32_t flags, int ifindex, sa_family_t af_family, + const void *dst, int prefixlen, + const void *gw, enum rt_class_t table, int metric, + enum rt_scope_t scope, int protocol, int type) +{ + struct sitnl_route_req req; + int ret = -1, size; + + CLEAR(req); + + switch (af_family) + { + case AF_INET: + size = sizeof(in_addr_t); + break; + case AF_INET6: + size = sizeof(struct in6_addr); + break; + default: + return -EINVAL; + } + + req.n.nlmsg_len = NLMSG_LENGTH(sizeof(req.r)); + req.n.nlmsg_type = cmd; + req.n.nlmsg_flags = NLM_F_REQUEST | flags; + + req.r.rtm_family = af_family; + req.r.rtm_scope = scope; + req.r.rtm_protocol = protocol; + req.r.rtm_type = type; + req.r.rtm_dst_len = prefixlen; + + if (table < 256) + { + req.r.rtm_table = table; + } + else + { + req.r.rtm_table = RT_TABLE_UNSPEC; + SITNL_ADDATTR(&req.n, sizeof(req), RTA_TABLE, &table, 4); + } + + if (dst) + { + SITNL_ADDATTR(&req.n, sizeof(req), RTA_DST, dst, size); + } + + if (gw) + { + SITNL_ADDATTR(&req.n, sizeof(req), RTA_GATEWAY, gw, size); + } + + if (ifindex > 0) + { + SITNL_ADDATTR(&req.n, sizeof(req), RTA_OIF, &ifindex, 4); + } + + if (metric > 0) + { + SITNL_ADDATTR(&req.n, sizeof(req), RTA_PRIORITY, &metric, 4); + } + + ret = sitnl_send(&req.n, 0, 0, NULL, NULL); + if ((ret < 0) && (errno == EEXIST)) + { + ret = 0; + } +err: + return ret; +} + +static int +sitnl_addr_add(sa_family_t af_family, const char *iface, + const inet_address_t *addr, int prefixlen, + const inet_address_t *broadcast) +{ + int ifindex; + + switch (af_family) { + case AF_INET: + case AF_INET6: + break; + default: + return -EINVAL;; + } + + if (!iface) + { + msg(M_WARN, "%s: passed NULL interface", __func__); + return -EINVAL; + } + + ifindex = if_nametoindex(iface); + if (ifindex == 0) + { + msg(M_WARN | M_ERRNO, "%s: rtnl: cannot get ifindex for %s", __func__, + iface); + return -ENOENT; + } + + return sitnl_addr_set(RTM_NEWADDR, NLM_F_CREATE | NLM_F_REPLACE, ifindex, + af_family, addr, NULL, prefixlen, broadcast); +} + +static int +sitnl_addr_del(sa_family_t af_family, const char *iface, inet_address_t *addr, + int prefixlen) +{ + int ifindex; + + switch (af_family) { + case AF_INET: + case AF_INET6: + break; + default: + return -EINVAL;; + } + + if (!iface) + { + msg(M_WARN, "%s: passed NULL interface", __func__); + return -EINVAL; + } + + ifindex = if_nametoindex(iface); + if (ifindex == 0) + { + msg(M_WARN | M_ERRNO, "%s: rtnl: cannot get ifindex for %s", __func__, + iface); + return -ENOENT; + } + + return sitnl_addr_set(RTM_DELADDR, 0, ifindex, af_family, addr, NULL, + prefixlen, NULL); +} + +int +net_addr_v4_add(openvpn_net_ctx_t *ctx, const char *iface, + const in_addr_t *addr, int prefixlen, + const in_addr_t *broadcast) +{ + inet_address_t addr_v4 = { 0 }; + inet_address_t brd_v4 = { 0 }; + char buf1[INET_ADDRSTRLEN]; + char buf2[INET_ADDRSTRLEN]; + + if (!addr) + { + return -EINVAL; + } + + addr_v4.ipv4 = htonl(*addr); + + if (broadcast) + { + brd_v4.ipv4 = htonl(*broadcast); + } + + msg(M_INFO, "%s: %s/%d brd %s dev %s", __func__, + inet_ntop(AF_INET, &addr_v4.ipv4, buf1, sizeof(buf1)), prefixlen, + inet_ntop(AF_INET, &brd_v4.ipv4, buf2, sizeof(buf2)), iface); + + return sitnl_addr_add(AF_INET, iface, &addr_v4, prefixlen, &brd_v4); +} + +int +net_addr_v6_add(openvpn_net_ctx_t *ctx, const char *iface, + const struct in6_addr *addr, int prefixlen) +{ + inet_address_t addr_v6 = { 0 }; + char buf[INET6_ADDRSTRLEN]; + + if (!addr) + { + return -EINVAL; + } + + addr_v6.ipv6 = *addr; + + msg(M_INFO, "%s: %s/%d dev %s", __func__, + inet_ntop(AF_INET6, &addr_v6.ipv6, buf, sizeof(buf)), prefixlen, iface); + + return sitnl_addr_add(AF_INET6, iface, &addr_v6, prefixlen, NULL); +} + +int +net_addr_v4_del(openvpn_net_ctx_t *ctx, const char *iface, + const in_addr_t *addr, int prefixlen) +{ + inet_address_t addr_v4 = { 0 }; + char buf[INET_ADDRSTRLEN]; + + if (!addr) + { + return -EINVAL; + } + + addr_v4.ipv4 = htonl(*addr); + + msg(M_INFO, "%s: %s dev %s", __func__, + inet_ntop(AF_INET, &addr_v4.ipv4, buf, sizeof(buf)), iface); + + return sitnl_addr_del(AF_INET, iface, &addr_v4, prefixlen); +} + +int +net_addr_v6_del(openvpn_net_ctx_t *ctx, const char *iface, + const struct in6_addr *addr, int prefixlen) +{ + inet_address_t addr_v6 = { 0 }; + char buf[INET6_ADDRSTRLEN]; + + if (!addr) + { + return -EINVAL; + } + + addr_v6.ipv6 = *addr; + + msg(M_INFO, "%s: %s/%d dev %s", __func__, + inet_ntop(AF_INET6, &addr_v6.ipv6, buf, sizeof(buf)), prefixlen, iface); + + return sitnl_addr_del(AF_INET6, iface, &addr_v6, prefixlen); +} + +int +net_addr_ptp_v4_add(openvpn_net_ctx_t *ctx, const char *iface, + const in_addr_t *local, const in_addr_t *remote) +{ + inet_address_t local_v4 = { 0 }; + inet_address_t remote_v4 = { 0 }; + char buf1[INET_ADDRSTRLEN]; + char buf2[INET_ADDRSTRLEN]; + + if (!local) + { + return -EINVAL; + } + + local_v4.ipv4 = htonl(*local); + + if (remote) + { + remote_v4.ipv4 = htonl(*remote); + } + + msg(M_INFO, "%s: %s peer %s dev %s", __func__, + inet_ntop(AF_INET, &local_v4.ipv4, buf1, sizeof(buf1)), + inet_ntop(AF_INET, &remote_v4.ipv4, buf2, sizeof(buf2)), iface); + + return sitnl_addr_ptp_add(AF_INET, iface, &local_v4, &remote_v4); +} + +int +net_addr_ptp_v4_del(openvpn_net_ctx_t *ctx, const char *iface, + const in_addr_t *local, const in_addr_t *remote) +{ + inet_address_t local_v4 = { 0 }; + char buf[INET6_ADDRSTRLEN]; + + + if (!local) + { + return -EINVAL; + } + + local_v4.ipv4 = htonl(*local); + + msg(M_INFO, "%s: %s dev %s", __func__, + inet_ntop(AF_INET, &local_v4.ipv4, buf, sizeof(buf)), iface); + + return sitnl_addr_ptp_del(AF_INET, iface, &local_v4); +} + +static int +sitnl_route_add(const char *iface, sa_family_t af_family, const void *dst, + int prefixlen, const void *gw, uint32_t table, int metric) +{ + enum rt_scope_t scope = RT_SCOPE_UNIVERSE; + int ifindex = 0; + + if (iface) + { + ifindex = if_nametoindex(iface); + if (ifindex == 0) + { + msg(M_WARN | M_ERRNO, "%s: rtnl: can't get ifindex for %s", + __func__, iface); + return -ENOENT; + } + } + + if (table == 0) + { + table = RT_TABLE_MAIN; + } + + if (!gw && iface) + { + scope = RT_SCOPE_LINK; + } + + return sitnl_route_set(RTM_NEWROUTE, NLM_F_CREATE | NLM_F_REPLACE, ifindex, + af_family, dst, prefixlen, gw, table, metric, scope, + RTPROT_BOOT, RTN_UNICAST); +} + +int +net_route_v4_add(openvpn_net_ctx_t *ctx, const in_addr_t *dst, int prefixlen, + const in_addr_t *gw, const char *iface, + uint32_t table, int metric) +{ + in_addr_t *dst_ptr = NULL, *gw_ptr = NULL; + in_addr_t dst_be = 0, gw_be = 0; + char dst_str[INET_ADDRSTRLEN]; + char gw_str[INET_ADDRSTRLEN]; + + if (dst) + { + dst_be = htonl(*dst); + dst_ptr = &dst_be; + } + + if (gw) + { + gw_be = htonl(*gw); + gw_ptr = &gw_be; + } + + msg(D_ROUTE, "%s: %s/%d via %s dev %s table %d metric %d", __func__, + inet_ntop(AF_INET, &dst_be, dst_str, sizeof(dst_str)), + prefixlen, inet_ntop(AF_INET, &gw_be, gw_str, sizeof(gw_str)), + np(iface), table, metric); + + return sitnl_route_add(iface, AF_INET, dst_ptr, prefixlen, gw_ptr, table, + metric); +} + +int +net_route_v6_add(openvpn_net_ctx_t *ctx, const struct in6_addr *dst, + int prefixlen, const struct in6_addr *gw, + const char *iface, uint32_t table, int metric) +{ + inet_address_t dst_v6 = { 0 }; + inet_address_t gw_v6 = { 0 }; + char dst_str[INET6_ADDRSTRLEN]; + char gw_str[INET6_ADDRSTRLEN]; + + if (dst) + { + dst_v6.ipv6 = *dst; + } + + if (gw) + { + gw_v6.ipv6 = *gw; + } + + msg(D_ROUTE, "%s: %s/%d via %s dev %s table %d metric %d", __func__, + inet_ntop(AF_INET6, &dst_v6.ipv6, dst_str, sizeof(dst_str)), + prefixlen, inet_ntop(AF_INET6, &gw_v6.ipv6, gw_str, sizeof(gw_str)), + np(iface), table, metric); + + return sitnl_route_add(iface, AF_INET6, dst, prefixlen, gw, table, + metric); +} + +static int +sitnl_route_del(const char *iface, sa_family_t af_family, inet_address_t *dst, + int prefixlen, inet_address_t *gw, uint32_t table, + int metric) +{ + int ifindex = 0; + + if (iface) + { + ifindex = if_nametoindex(iface); + if (ifindex == 0) + { + msg(M_WARN | M_ERRNO, "%s: rtnl: can't get ifindex for %s", + __func__, iface); + return -ENOENT; + } + } + + if (table == 0) + { + table = RT_TABLE_MAIN; + } + + return sitnl_route_set(RTM_DELROUTE, 0, ifindex, af_family, dst, prefixlen, + gw, table, metric, RT_SCOPE_NOWHERE, 0, 0); +} + +int +net_route_v4_del(openvpn_net_ctx_t *ctx, const in_addr_t *dst, int prefixlen, + const in_addr_t *gw, const char *iface, uint32_t table, + int metric) +{ + inet_address_t dst_v4 = { 0 }; + inet_address_t gw_v4 = { 0 }; + char dst_str[INET_ADDRSTRLEN]; + char gw_str[INET_ADDRSTRLEN]; + + if (dst) + { + dst_v4.ipv4 = htonl(*dst); + } + + if (gw) + { + gw_v4.ipv4 = htonl(*gw); + } + + msg(D_ROUTE, "%s: %s/%d via %s dev %s table %d metric %d", __func__, + inet_ntop(AF_INET, &dst_v4.ipv4, dst_str, sizeof(dst_str)), + prefixlen, inet_ntop(AF_INET, &gw_v4.ipv4, gw_str, sizeof(gw_str)), + np(iface), table, metric); + + return sitnl_route_del(iface, AF_INET, &dst_v4, prefixlen, &gw_v4, table, + metric); +} + +int +net_route_v6_del(openvpn_net_ctx_t *ctx, const struct in6_addr *dst, + int prefixlen, const struct in6_addr *gw, + const char *iface, uint32_t table, int metric) +{ + inet_address_t dst_v6 = { 0 }; + inet_address_t gw_v6 = { 0 }; + char dst_str[INET6_ADDRSTRLEN]; + char gw_str[INET6_ADDRSTRLEN]; + + if (dst) + { + dst_v6.ipv6 = *dst; + } + + if (gw) + { + gw_v6.ipv6 = *gw; + } + + msg(D_ROUTE, "%s: %s/%d via %s dev %s table %d metric %d", __func__, + inet_ntop(AF_INET6, &dst_v6.ipv6, dst_str, sizeof(dst_str)), + prefixlen, inet_ntop(AF_INET6, &gw_v6.ipv6, gw_str, sizeof(gw_str)), + np(iface), table, metric); + + return sitnl_route_del(iface, AF_INET6, &dst_v6, prefixlen, &gw_v6, + table, metric); +} + +#endif /* !ENABLE_SITNL */ + +#endif /* TARGET_LINUX */ diff --git a/src/openvpn/networking_sitnl.h b/src/openvpn/networking_sitnl.h new file mode 100644 index 00000000..f39d426d --- /dev/null +++ b/src/openvpn/networking_sitnl.h @@ -0,0 +1,28 @@ +/* + * Generic interface to platform specific networking code + * + * Copyright (C) 2016-2018 Antonio Quartulli + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program (see the file COPYING included with this + * distribution); if not, write to the Free Software Foundation, Inc., + * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#ifndef NETWORKING_SITNL_H_ +#define NETWORKING_SITNL_H_ + +typedef char openvpn_net_iface_t; +typedef void * openvpn_net_ctx_t; + +#endif /* NETWORKING_SITNL_H_ */ diff --git a/src/openvpn/sitnl.h b/src/openvpn/sitnl.h new file mode 100644 index 00000000..937522f9 --- /dev/null +++ b/src/openvpn/sitnl.h @@ -0,0 +1,217 @@ +/* + * Simplified Interface To NetLink + * + * Copyright (C) 2016-2018 Antonio Quartulli + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program (see the file COPYING included with this + * distribution); if not, write to the Free Software Foundation, Inc., + * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#ifndef SITNL_H_ +#define SITNL_H_ + +#ifdef TARGET_LINUX + +#include +#include + +/** + * Bring interface up or down. + * + * @param iface the interface to modify + * @param up true if the interface has to be brought up, false otherwise + * + * @return 0 on success, a negative error code otherwise + */ +int sitnl_iface_up(const char *iface, bool up); + +/** + * Set the MTU for an interface + * + * @param iface the interface to modify + * @param mtru the new MTU + * + * @return 0 on success, a negative error code otherwise + */ +int sitnl_iface_mtu_set(const char *iface, uint32_t mtu); + +/** + * Add an IPv4 address to an interface + * + * @param iface the interface where the address has to be added + * @param addr the address to add + * @param prefixlen the prefix length of the network associated with the address + * @param broadcast the broadcast address to configure on the interface + * + * @return 0 on success, a negative error code otherwise + */ +int sitnl_addr_v4_add(const char *iface, const in_addr_t *addr, int prefixlen, + const in_addr_t *broadcast); + +/** + * Add an IPv6 address to an interface + * + * @param iface the interface where the address has to be added + * @param addr the address to add + * @param prefixlen the prefix length of the network associated with the address + * + * @return 0 on success, a negative error code otherwise + */ + +int sitnl_addr_v6_add(const char *iface, const struct in6_addr *addr, + int prefixlen); + +/** + * Remove an IPv4 from an interface + * + * @param iface the interface to remove the address from + * @param prefixlen the prefix length of the network associated with the address + * + * @return 0 on success, a negative error code otherwise + */ +int sitnl_addr_v4_del(const char *iface, const in_addr_t *addr, int prefixlen); + +/** + * Remove an IPv6 from an interface + * + * @param iface the interface to remove the address from + * @param prefixlen the prefix length of the network associated with the address + * + * @return 0 on success, a negative error code otherwise + */ +int sitnl_addr_v6_del(const char *iface, const struct in6_addr *addr, + int prefixlen); + +/** + * Add a point-to-point IPv4 address to an interface + * + * @param iface the interface where the address has to be added + * @param local the address to add + * @param remote the associated p-t-p remote address + * + * @return 0 on success, a negative error code otherwise + */ +int sitnl_addr_ptp_v4_add(const char *iface, const in_addr_t *local, + const in_addr_t *remote); + +/** + * Remove a point-to-point IPv4 address from an interface + * + * @param iface the interface to remove the address from + * @param local the address to remove + * + * @return 0 on success, a negative error code otherwise + */ +int sitnl_addr_ptp_v4_del(const char *iface, const in_addr_t *local); + + +/** + * Add a route for an IPv4 address/network + * + * @param dst the destination of the route + * @param prefixlen the length of the prefix of the destination + * @param gw the gateway for this route + * @param iface the interface for this route (can be NULL) + * @param table the table to add this route to (if 0, will be added to the + * main table) + * @param metric the metric associated with the route + * + * @return 0 on success, a negative error code otherwise + */ +int sitnl_route_v4_add(const in_addr_t *dst, int prefixlen, + const in_addr_t *gw, const char *iface, uint32_t table, + int metric); + +/** + * Add a route for an IPv6 address/network + * + * @param dst the destination of the route + * @param prefixlen the length of the prefix of the destination + * @param gw the gateway for this route + * @param iface the interface for this route (can be NULL) + * @param table the table to add this route to (if 0, will be added to the + * main table) + * @param metric the metric associated with the route + * + * @return 0 on success, a negative error code otherwise + */ +int sitnl_route_v6_add(const struct in6_addr *dst, int prefixlen, + const struct in6_addr *gw, const char *iface, + uint32_t table, int metric); + +/** + * Delete a route for an IPv4 address/network + * + * @param dst the destination of the route + * @param prefixlen the length of the prefix of the destination + * @param gw the gateway for this route + * @param iface the interface for this route (can be NULL) + * @param table the table to add this route to (if 0, will be added to the + * main table) + * @param metric the metric associated with the route + * + * @return 0 on success, a negative error code otherwise + */ +int sitnl_route_v4_del(const in_addr_t *dst, int prefixlen, + const in_addr_t *gw, const char *iface, uint32_t table, + int metric); + +/** + * Delete a route for an IPv4 address/network + * + * @param dst the destination of the route + * @param prefixlen the length of the prefix of the destination + * @param gw the gateway for this route + * @param iface the interface for this route (can be NULL) + * @param table the table to add this route to (if 0, will be added to the + * main table) + * @param metric the metric associated with the route + * + * @return 0 on success, a negative error code otherwise + */ +int sitnl_route_v6_del(const struct in6_addr *dst, int prefixlen, + const struct in6_addr *gw, const char *iface, + uint32_t table, int metric); + +/** + * Retrieve the gateway and outgoing interface for the specified IPv4 + * address/network + * + * @param dst The destination to lookup + * @param prefixlen The length of the prefix of the destination + * @param best_gw Location where the retrieved GW has to be stored + * @param best_iface Location where the retrieved interface has to be stored + * + * @return 0 on success, a negative error code otherwise + */ +int sitnl_route_v4_best_gw(const in_addr_t *dst, int prefixlen, + in_addr_t *best_gw, char *best_iface); + +/** + * Retrieve the gateway and outgoing interface for the specified IPv6 + * address/network + * + * @param dst The destination to lookup + * @param prefixlen The length of the prefix of the destination + * @param best_gw Location where the retrieved GW has to be stored + * @param best_iface Location where the retrieved interface has to be stored + * + * @return 0 on success, a negative error code otherwise + */ +int sitnl_route_v6_best_gw(const struct in6_addr *dst, int prefixlen, + struct in6_addr *best_gw, char *best_iface); + +#endif /* TARGET_LINUX */ + +#endif /* SITNL_H_ */ From patchwork Tue Dec 18 18:01:14 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 638 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director10.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id MJ5PChLRGVwPIwAAIUCqbw for ; Wed, 19 Dec 2018 00:03:14 -0500 Received: from proxy13.mail.ord1d.rsapps.net ([172.30.191.6]) by director10.mail.ord1d.rsapps.net with LMTP id 2NIYChLRGVw1VQAApN4f7A ; Wed, 19 Dec 2018 00:03:14 -0500 Received: from smtp2.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy13.mail.ord1d.rsapps.net with LMTP id gN7TCRLRGVwNFAAAgjf6aA ; Wed, 19 Dec 2018 00:03:14 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp2.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: 62f95088-034b-11e9-a269-5254004a0287-1-1 Received: from [216.105.38.7] ([216.105.38.7:63401] helo=lists.sourceforge.net) by smtp2.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 83/B7-06426-111D91C5; Wed, 19 Dec 2018 00:03:13 -0500 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1gZTzr-0004CP-E3; Wed, 19 Dec 2018 05:02:15 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1gZTzq-0004CG-1E for openvpn-devel@lists.sourceforge.net; Wed, 19 Dec 2018 05:02:14 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=GgIGrB1VM0jiNpLzYyo7qNwTVfilZ9YOtvSTVnN4mEE=; b=eCqfaLa5M8Tlg1lRwWPlh+b8Fh MfhBWPJ+B5o64ZdydkFynWyUxBJoHbjXWLS9PfSOpP1qSzi6z9ccMAQsBhnjSiYzDN7xLYWrQRynY Z2ELIxHAypQN6kSH6K0NJjXrOA7m6w3bKD9VfDVrWTMTPHK4AOMIjgUBjOn9W2mlAOrk=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=GgIGrB1VM0jiNpLzYyo7qNwTVfilZ9YOtvSTVnN4mEE=; b=dOnzsbdo1Eki/fqn0eOl5O8ED/ QmHYzpD/wGtXD0C0af/z3g8gQoYe4Wsjattssg/eSasFoHjcC3Y9Ek8uNNa16Qr3cI0cscAYYFsqv 1BSJGALGEHiFm0o2c7dTFUPQXb2IcUnk8dRavE/xYhSgHUhjt2YYBrCn/7Kh/D1+P4gA=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) id 1gZTzn-007VcY-Ow for openvpn-devel@lists.sourceforge.net; Wed, 19 Dec 2018 05:02:13 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Wed, 19 Dec 2018 15:01:14 +1000 Message-Id: <20181219050118.6568-4-a@unstable.cc> In-Reply-To: <20181219050118.6568-1-a@unstable.cc> References: <20181219050118.6568-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [5.148.176.60 listed in list.dnswl.org] 0.0 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1gZTzn-007VcY-Ow Subject: [Openvpn-devel] [PATCH v3 3/7] tun.c: use new networking API to handle tun interface on Linux X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox By switching to the networking API (for Linux) openvpn will now use any of the available implementations to handle the tun interface. At the moment only iproute2 and sitnl (NetLink) is implemented. Signed-off-by: Antonio Quartulli Acked-By: Arne Schwabe --- src/openvpn/init.c | 22 ++-- src/openvpn/init.h | 2 +- src/openvpn/networking.h | 6 -- src/openvpn/openvpn.c | 4 +- src/openvpn/openvpn.h | 2 + src/openvpn/options.c | 4 +- src/openvpn/options.h | 1 + src/openvpn/tun.c | 215 +++++++++++++++++++++------------------ src/openvpn/tun.h | 12 ++- 9 files changed, 147 insertions(+), 121 deletions(-) diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 560d87db..bf27ff12 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -1105,7 +1105,7 @@ do_genkey(const struct options *options) * Persistent TUN/TAP device management mode? */ bool -do_persist_tuntap(const struct options *options) +do_persist_tuntap(const struct options *options, openvpn_net_ctx_t *ctx) { if (options->persist_config) { @@ -1123,7 +1123,8 @@ do_persist_tuntap(const struct options *options) #ifdef ENABLE_FEATURE_TUN_PERSIST tuncfg(options->dev, options->dev_type, options->dev_node, options->persist_mode, - options->username, options->groupname, &options->tuntap_options); + options->username, options->groupname, &options->tuntap_options, + ctx); if (options->persist_mode && options->lladdr) { set_lladdr(options->dev, options->lladdr, NULL); @@ -1694,7 +1695,8 @@ do_init_tun(struct context *c) c->c1.link_socket_addr.bind_local, c->c1.link_socket_addr.remote_list, !c->options.ifconfig_nowarn, - c->c2.es); + c->c2.es, + &c->net_ctx); init_tun_post(c->c1.tuntap, &c->c2.frame, @@ -1766,7 +1768,8 @@ do_open_tun(struct context *c) c->options.dev_type, c->options.dev_node, &gc); - do_ifconfig(c->c1.tuntap, guess, TUN_MTU_SIZE(&c->c2.frame), c->c2.es); + do_ifconfig(c->c1.tuntap, guess, TUN_MTU_SIZE(&c->c2.frame), c->c2.es, + &c->net_ctx); } /* possibly add routes */ @@ -1794,7 +1797,8 @@ do_open_tun(struct context *c) if (!c->options.ifconfig_noexec && ifconfig_order() == IFCONFIG_AFTER_TUN_OPEN) { - do_ifconfig(c->c1.tuntap, c->c1.tuntap->actual_name, TUN_MTU_SIZE(&c->c2.frame), c->c2.es); + do_ifconfig(c->c1.tuntap, c->c1.tuntap->actual_name, + TUN_MTU_SIZE(&c->c2.frame), c->c2.es, &c->net_ctx); } /* run the up script */ @@ -1902,7 +1906,7 @@ do_close_tun_simple(struct context *c) msg(D_CLOSE, "Closing TUN/TAP interface"); if (c->c1.tuntap) { - close_tun(c->c1.tuntap); + close_tun(c->c1.tuntap, &c->net_ctx); c->c1.tuntap = NULL; } c->c1.tuntap_owned = false; @@ -3380,9 +3384,11 @@ do_compute_occ_strings(struct context *c) struct gc_arena gc = gc_new(); c->c2.options_string_local = - options_string(&c->options, &c->c2.frame, c->c1.tuntap, false, &gc); + options_string(&c->options, &c->c2.frame, c->c1.tuntap, &c->net_ctx, + false, &gc); c->c2.options_string_remote = - options_string(&c->options, &c->c2.frame, c->c1.tuntap, true, &gc); + options_string(&c->options, &c->c2.frame, c->c1.tuntap, &c->net_ctx, + true, &gc); msg(D_SHOW_OCC, "Local Options String (VER=%s): '%s'", options_string_version(c->c2.options_string_local, &gc), diff --git a/src/openvpn/init.h b/src/openvpn/init.h index 085ac533..ba5eda06 100644 --- a/src/openvpn/init.h +++ b/src/openvpn/init.h @@ -56,7 +56,7 @@ bool print_openssl_info(const struct options *options); bool do_genkey(const struct options *options); -bool do_persist_tuntap(const struct options *options); +bool do_persist_tuntap(const struct options *options, openvpn_net_ctx_t *ctx); bool possibly_become_daemon(const struct options *options); diff --git a/src/openvpn/networking.h b/src/openvpn/networking.h index 4f0167e7..add45edc 100644 --- a/src/openvpn/networking.h +++ b/src/openvpn/networking.h @@ -21,12 +21,6 @@ #ifndef NETWORKING_H_ #define NETWORKING_H_ -#ifdef HAVE_CONFIG_H -#include "config.h" -#elif defined(_MSC_VER) -#include "config-msvc.h" -#endif - #include "syshead.h" struct context; diff --git a/src/openvpn/openvpn.c b/src/openvpn/openvpn.c index 5d6a41cd..a32227da 100644 --- a/src/openvpn/openvpn.c +++ b/src/openvpn/openvpn.c @@ -215,6 +215,8 @@ openvpn_main(int argc, char *argv[]) open_plugins(&c, true, OPENVPN_PLUGIN_INIT_PRE_CONFIG_PARSE); #endif + net_ctx_init(&c, &c.net_ctx); + /* init verbosity and mute levels */ init_verb_mute(&c, IVM_LEVEL_1); @@ -234,7 +236,7 @@ openvpn_main(int argc, char *argv[]) } /* tun/tap persist command? */ - if (do_persist_tuntap(&c.options)) + if (do_persist_tuntap(&c.options, &c.net_ctx)) { break; } diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h index d11f61df..fca33f25 100644 --- a/src/openvpn/openvpn.h +++ b/src/openvpn/openvpn.h @@ -522,6 +522,8 @@ struct context struct env_set *es; /**< Set of environment variables. */ + openvpn_net_ctx_t net_ctx; /**< Networking API opaque context */ + struct signal_info *sig; /**< Internal error signaling object. */ struct plugin_list *plugins; /**< List of plug-ins. */ diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 0cf8db76..97a2723a 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -3548,6 +3548,7 @@ char * options_string(const struct options *o, const struct frame *frame, struct tuntap *tt, + openvpn_net_ctx_t *ctx, bool remote, struct gc_arena *gc) { @@ -3590,7 +3591,8 @@ options_string(const struct options *o, NULL, NULL, false, - NULL); + NULL, + ctx); if (tt) { tt_local = true; diff --git a/src/openvpn/options.h b/src/openvpn/options.h index e2b38939..fb2d84a1 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -744,6 +744,7 @@ const char *options_string_version(const char *s, struct gc_arena *gc); char *options_string(const struct options *o, const struct frame *frame, struct tuntap *tt, + openvpn_net_ctx_t *ctx, bool remote, struct gc_arena *gc); diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index 12e6eb00..0d15d469 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -46,6 +46,7 @@ #include "route.h" #include "win32.h" #include "block_dns.h" +#include "networking.h" #include "memdbg.h" @@ -631,7 +632,8 @@ init_tun(const char *dev, /* --dev option */ struct addrinfo *local_public, struct addrinfo *remote_public, const bool strict_warn, - struct env_set *es) + struct env_set *es, + openvpn_net_ctx_t *ctx) { struct gc_arena gc = gc_new(); struct tuntap *tt; @@ -870,35 +872,37 @@ create_arbitrary_remote( struct tuntap *tt ) * @param ifname the human readable interface name * @param mtu the MTU value to set the interface to * @param es the environment to be used when executing the commands + * @param ctx the networking API opaque context */ static void do_ifconfig_ipv6(struct tuntap *tt, const char *ifname, int tun_mtu, - const struct env_set *es) + const struct env_set *es, openvpn_net_ctx_t *ctx) { - const char *ifconfig_ipv6_local = NULL; +#if defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) \ + || defined(TARGET_DARWIN) || defined(TARGET_FREEBSD) \ + || defined(TARGET_DRAGONFLY) || defined(TARGET_AIX) \ + || defined(TARGET_SOLARIS) || defined(_WIN32) struct argv argv = argv_new(); struct gc_arena gc = gc_new(); - - ifconfig_ipv6_local = print_in6_addr(tt->local_ipv6, 0, &gc); + const char *ifconfig_ipv6_local = print_in6_addr(tt->local_ipv6, 0, &gc); +#endif #if defined(TARGET_LINUX) -#ifdef ENABLE_IPROUTE - /* set the MTU for the device and bring it up */ - argv_printf(&argv, "%s link set dev %s up mtu %d", iproute_path, ifname, - tun_mtu); - argv_msg(M_INFO, &argv); - openvpn_execve_check(&argv, es, S_FATAL, "Linux ip link set failed"); + if (net_iface_mtu_set(ctx, ifname, tun_mtu) < 0) + { + msg(M_FATAL, "Linux can't set mtu (%d) on %s", tun_mtu, ifname); + } - argv_printf(&argv, "%s -6 addr add %s/%d dev %s", iproute_path, - ifconfig_ipv6_local, tt->netbits_ipv6, ifname); - argv_msg(M_INFO, &argv); - openvpn_execve_check(&argv, es, S_FATAL, "Linux ip -6 addr add failed"); -#else /* ifdef ENABLE_IPROUTE */ - argv_printf(&argv, "%s %s add %s/%d mtu %d up", IFCONFIG_PATH, ifname, - ifconfig_ipv6_local, tt->netbits_ipv6, tun_mtu); - argv_msg(M_INFO, &argv); - openvpn_execve_check(&argv, es, S_FATAL, "Linux ifconfig inet6 failed"); -#endif + if (net_iface_up(ctx, ifname, true) < 0) + { + msg(M_FATAL, "Linux can't bring %s up", ifname); + } + + if (net_addr_v6_add(ctx, ifname, &tt->local_ipv6, + tt->netbits_ipv6) < 0) + { + msg(M_FATAL, "Linux can't add IPv6 to interface %s", ifname); + } #elif defined(TARGET_ANDROID) char out6[64]; @@ -1011,8 +1015,13 @@ do_ifconfig_ipv6(struct tuntap *tt, const char *ifname, int tun_mtu, msg(M_FATAL, "Sorry, but I don't know how to do IPv6 'ifconfig' commands on this operating system. You should ifconfig your TUN/TAP device manually or use an --up script."); #endif /* outer "if defined(TARGET_xxx)" conditional */ +#if defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) \ + || defined(TARGET_DARWIN) || defined(TARGET_FREEBSD) \ + || defined(TARGET_DRAGONFLY) || defined(TARGET_AIX) \ + || defined(TARGET_SOLARIS) || defined(_WIN32) gc_free(&gc); argv_reset(&argv); +#endif } /** @@ -1022,23 +1031,27 @@ do_ifconfig_ipv6(struct tuntap *tt, const char *ifname, int tun_mtu, * @param ifname the human readable interface name * @param mtu the MTU value to set the interface to * @param es the environment to be used when executing the commands + * @param ctx the networking API opaque context */ static void do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, int tun_mtu, - const struct env_set *es) + const struct env_set *es, openvpn_net_ctx_t *ctx) { - bool tun = false; + /* + * We only handle TUN/TAP devices here, not --dev null devices. + */ + bool tun = is_tun_p2p(tt); + +#if defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) \ + || defined(TARGET_DARWIN) || defined(TARGET_FREEBSD) \ + || defined(TARGET_DRAGONFLY) || defined(TARGET_AIX) \ + || defined(TARGET_SOLARIS) || defined(_WIN32) const char *ifconfig_local = NULL; const char *ifconfig_remote_netmask = NULL; const char *ifconfig_broadcast = NULL; struct argv argv = argv_new(); struct gc_arena gc = gc_new(); - /* - * We only handle TUN/TAP devices here, not --dev null devices. - */ - tun = is_tun_p2p(tt); - /* * Set ifconfig parameters */ @@ -1052,53 +1065,36 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, int tun_mtu, { ifconfig_broadcast = print_in_addr_t(tt->broadcast, 0, &gc); } +#endif #if defined(TARGET_LINUX) -#ifdef ENABLE_IPROUTE - /* - * Set the MTU for the device - */ - argv_printf(&argv, "%s link set dev %s up mtu %d", iproute_path, ifname, - tun_mtu); - argv_msg(M_INFO, &argv); - openvpn_execve_check(&argv, es, S_FATAL, "Linux ip link set failed"); - - if (tun) + if (net_iface_mtu_set(ctx, ifname, tun_mtu) < 0) { - - /* - * Set the address for the device - */ - argv_printf(&argv, "%s addr add dev %s local %s peer %s", iproute_path, - ifname, ifconfig_local, ifconfig_remote_netmask); - argv_msg(M_INFO, &argv); - openvpn_execve_check(&argv, es, S_FATAL, "Linux ip addr add failed"); + msg(M_FATAL, "Linux can't set mtu (%d) on %s", tun_mtu, ifname); } - else + + if (net_iface_up(ctx, ifname, true) < 0) { - argv_printf(&argv, "%s addr add dev %s %s/%d broadcast %s", - iproute_path, ifname, ifconfig_local, - netmask_to_netbits2(tt->remote_netmask), - ifconfig_broadcast); - argv_msg(M_INFO, &argv); - openvpn_execve_check(&argv, es, S_FATAL, "Linux ip addr add failed"); + msg(M_FATAL, "Linux can't bring %s up", ifname); } -#else /* ifdef ENABLE_IPROUTE */ + if (tun) { - argv_printf(&argv, "%s %s %s pointopoint %s mtu %d", IFCONFIG_PATH, - ifname, ifconfig_local, ifconfig_remote_netmask, tun_mtu); + if (net_addr_ptp_v4_add(ctx, ifname, &tt->local, + &tt->remote_netmask) < 0) + { + msg(M_FATAL, "Linux can't add IP to TUN interface %s", ifname); + } } else { - argv_printf(&argv, "%s %s %s netmask %s mtu %d broadcast %s", - IFCONFIG_PATH, ifname, ifconfig_local, - ifconfig_remote_netmask, tun_mtu, ifconfig_broadcast); + if (net_addr_v4_add(ctx, ifname, &tt->local, + netmask_to_netbits2(tt->remote_netmask), + &tt->remote_netmask) < 0) + { + msg(M_FATAL, "Linux can't add IP to TAP interface %s", ifname); + } } - argv_msg(M_INFO, &argv); - openvpn_execve_check(&argv, es, S_FATAL, "Linux ifconfig failed"); - -#endif /*ENABLE_IPROUTE*/ #elif defined(TARGET_ANDROID) char out[64]; @@ -1400,14 +1396,19 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, int tun_mtu, msg(M_FATAL, "Sorry, but I don't know how to do 'ifconfig' commands on this operating system. You should ifconfig your TUN/TAP device manually or use an --up script."); #endif /* if defined(TARGET_LINUX) */ +#if defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) \ + || defined(TARGET_DARWIN) || defined(TARGET_FREEBSD) \ + || defined(TARGET_DRAGONFLY) || defined(TARGET_AIX) \ + || defined(TARGET_SOLARIS) || defined(_WIN32) gc_free(&gc); argv_reset(&argv); +#endif } /* execute the ifconfig command through the shell */ void do_ifconfig(struct tuntap *tt, const char *ifname, int tun_mtu, - const struct env_set *es) + const struct env_set *es, openvpn_net_ctx_t *ctx) { msg(D_LOW, "do_ifconfig, ipv4=%d, ipv6=%d", tt->did_ifconfig_setup, tt->did_ifconfig_ipv6_setup); @@ -1427,12 +1428,12 @@ do_ifconfig(struct tuntap *tt, const char *ifname, int tun_mtu, if (tt->did_ifconfig_setup) { - do_ifconfig_ipv4(tt, ifname, tun_mtu, es); + do_ifconfig_ipv4(tt, ifname, tun_mtu, es, ctx); } if (tt->did_ifconfig_ipv6_setup) { - do_ifconfig_ipv6(tt, ifname, tun_mtu, es); + do_ifconfig_ipv6(tt, ifname, tun_mtu, es, ctx); } } @@ -1743,7 +1744,7 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun } void -close_tun(struct tuntap *tt) +close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx) { ASSERT(tt); @@ -1899,7 +1900,9 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun #ifdef ENABLE_FEATURE_TUN_PERSIST void -tuncfg(const char *dev, const char *dev_type, const char *dev_node, int persist_mode, const char *username, const char *groupname, const struct tuntap_options *options) +tuncfg(const char *dev, const char *dev_type, const char *dev_node, + int persist_mode, const char *username, const char *groupname, + const struct tuntap_options *options, openvpn_net_ctx_t *ctx) { struct tuntap *tt; @@ -1938,62 +1941,74 @@ tuncfg(const char *dev, const char *dev_type, const char *dev_node, int persist_ msg(M_ERR, "Cannot ioctl TUNSETOWNER(%s) %s", groupname, dev); } } - close_tun(tt); + close_tun(tt, ctx); msg(M_INFO, "Persist state set to: %s", (persist_mode ? "ON" : "OFF")); } #endif /* ENABLE_FEATURE_TUN_PERSIST */ void -undo_ifconfig_ipv4(struct tuntap *tt, struct gc_arena *gc) +undo_ifconfig_ipv4(struct tuntap *tt, struct gc_arena *gc, + openvpn_net_ctx_t *ctx) { - struct argv argv = argv_new(); +#if defined(TARGET_LINUX) + int netbits = netmask_to_netbits2(tt->remote_netmask); -#ifdef ENABLE_IPROUTE if (is_tun_p2p(tt)) { - argv_printf(&argv, "%s addr del dev %s local %s peer %s", iproute_path, - tt->actual_name, print_in_addr_t(tt->local, 0, gc), - print_in_addr_t(tt->remote_netmask, 0, gc)); + if (net_addr_ptp_v4_del(ctx, tt->actual_name, &tt->local, + &tt->remote_netmask) < 0) + { + msg(M_WARN, "Linux can't del IP from TUN iface %s", + tt->actual_name); + } } else { - argv_printf(&argv, "%s addr del dev %s %s/%d", iproute_path, - tt->actual_name, print_in_addr_t(tt->local, 0, gc), - netmask_to_netbits2(tt->remote_netmask)); + if (net_addr_v4_del(ctx, tt->actual_name, &tt->local, netbits) < 0) + { + msg(M_WARN, "Linux can't del IP from TAP iface %s", + tt->actual_name); + } } -#else /* ifdef ENABLE_IPROUTE */ +#else /* ifdef TARGET_LINUX */ + struct argv argv = argv_new(); + argv_printf(&argv, "%s %s 0.0.0.0", IFCONFIG_PATH, tt->actual_name); -#endif /* ifdef ENABLE_IPROUTE */ argv_msg(M_INFO, &argv); - openvpn_execve_check(&argv, NULL, 0, "Linux ip addr del failed"); + openvpn_execve_check(&argv, NULL, 0, "Generic ip addr del failed"); argv_reset(&argv); +#endif /* ifdef TARGET_LINUX */ } void -undo_ifconfig_ipv6(struct tuntap *tt, struct gc_arena *gc) +undo_ifconfig_ipv6(struct tuntap *tt, struct gc_arena *gc, + openvpn_net_ctx_t *ctx) { +#if defined(TARGET_LINUX) + if (net_addr_v6_del(ctx, tt->actual_name, &tt->local_ipv6, + tt->netbits_ipv6) < 0) + { + msg(M_WARN, "Linux can't del IPv6 from iface %s", tt->actual_name); + } +#else /* ifdef TARGET_LINUX */ const char *ifconfig_ipv6_local = print_in6_addr(tt->local_ipv6, 0, gc); struct argv argv = argv_new(); -#ifdef ENABLE_IPROUTE - argv_printf(&argv, "%s -6 addr del %s/%d dev %s", iproute_path, - ifconfig_ipv6_local, tt->netbits_ipv6, tt->actual_name); -#else /* ifdef ENABLE_IPROUTE */ argv_printf(&argv, "%s %s del %s/%d", IFCONFIG_PATH, tt->actual_name, ifconfig_ipv6_local, tt->netbits_ipv6); -#endif argv_msg(M_INFO, &argv); openvpn_execve_check(&argv, NULL, 0, "Linux ip -6 addr del failed"); argv_reset(&argv); +#endif /* ifdef TARGET_LINUX */ } void -close_tun(struct tuntap *tt) +close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx) { ASSERT(tt); @@ -2003,12 +2018,12 @@ close_tun(struct tuntap *tt) if (tt->did_ifconfig_setup) { - undo_ifconfig_ipv4(tt, &gc); + undo_ifconfig_ipv4(tt, &gc, ctx); } if (tt->did_ifconfig_ipv6_setup) { - undo_ifconfig_ipv6(tt, &gc); + undo_ifconfig_ipv6(tt, &gc, ctx); } gc_free(&gc); @@ -2328,7 +2343,7 @@ solaris_close_tun(struct tuntap *tt) * Close TUN device. */ void -close_tun(struct tuntap *tt) +close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx) { ASSERT(tt); @@ -2364,7 +2379,7 @@ solaris_error_close(struct tuntap *tt, const struct env_set *es, argv_msg(M_INFO, &argv); openvpn_execve_check(&argv, es, 0, "Solaris ifconfig unplumb failed"); - close_tun(tt); + close_tun(tt, NULL); msg(M_FATAL, "Solaris ifconfig failed"); argv_reset(&argv); } @@ -2427,7 +2442,7 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun */ void -close_tun(struct tuntap *tt) +close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx) { ASSERT(tt); @@ -2513,7 +2528,7 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun * need to be explicitely destroyed */ void -close_tun(struct tuntap *tt) +close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx) { ASSERT(tt); @@ -2654,7 +2669,7 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun * we need to call "ifconfig ... destroy" for cleanup */ void -close_tun(struct tuntap *tt) +close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx) { ASSERT(tt); @@ -2770,7 +2785,7 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun } void -close_tun(struct tuntap *tt) +close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx) { ASSERT(tt); @@ -3026,7 +3041,7 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun } void -close_tun(struct tuntap *tt) +close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx) { ASSERT(tt); @@ -3174,7 +3189,7 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun /* tap devices need to be manually destroyed on AIX */ void -close_tun(struct tuntap *tt) +close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx) { ASSERT(tt); @@ -6069,7 +6084,7 @@ tun_show_debug(struct tuntap *tt) } void -close_tun(struct tuntap *tt) +close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx) { ASSERT(tt); @@ -6244,7 +6259,7 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun } void -close_tun(struct tuntap *tt) +close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx) { ASSERT(tt); diff --git a/src/openvpn/tun.h b/src/openvpn/tun.h index cb1ab1cc..a68ecaa9 100644 --- a/src/openvpn/tun.h +++ b/src/openvpn/tun.h @@ -36,6 +36,7 @@ #include "event.h" #include "proto.h" #include "misc.h" +#include "networking.h" #if defined(_WIN32) || defined(TARGET_ANDROID) @@ -211,7 +212,7 @@ tuntap_defined(const struct tuntap *tt) void open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tuntap *tt); -void close_tun(struct tuntap *tt); +void close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx); int write_tun(struct tuntap *tt, uint8_t *buf, int len); @@ -219,7 +220,8 @@ int read_tun(struct tuntap *tt, uint8_t *buf, int len); void tuncfg(const char *dev, const char *dev_type, const char *dev_node, int persist_mode, const char *username, - const char *groupname, const struct tuntap_options *options); + const char *groupname, const struct tuntap_options *options, + openvpn_net_ctx_t *ctx); const char *guess_tuntap_dev(const char *dev, const char *dev_type, @@ -237,7 +239,8 @@ struct tuntap *init_tun(const char *dev, /* --dev option */ struct addrinfo *local_public, struct addrinfo *remote_public, const bool strict_warn, - struct env_set *es); + struct env_set *es, + openvpn_net_ctx_t *ctx); void init_tun_post(struct tuntap *tt, const struct frame *frame, @@ -253,9 +256,10 @@ void do_ifconfig_setenv(const struct tuntap *tt, * @param ifname the human readable interface name * @param mtu the MTU value to set the interface to * @param es the environment to be used when executing the commands + * @param ctx the networking API opaque context */ void do_ifconfig(struct tuntap *tt, const char *ifname, int tun_mtu, - const struct env_set *es); + const struct env_set *es, openvpn_net_ctx_t *ctx); bool is_dev_type(const char *dev, const char *dev_type, const char *match_type); From patchwork Tue Dec 18 18:01:15 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 644 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director10.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id 8OZPFRrRGVwPIwAAIUCqbw for ; Wed, 19 Dec 2018 00:03:22 -0500 Received: from proxy20.mail.ord1d.rsapps.net ([172.30.191.6]) by director10.mail.ord1d.rsapps.net with LMTP id 2L4DFRrRGVw5VQAApN4f7A ; Wed, 19 Dec 2018 00:03:22 -0500 Received: from smtp1.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy20.mail.ord1d.rsapps.net with LMTP id wKDfFBrRGVytEwAAsk8m8w ; Wed, 19 Dec 2018 00:03:22 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp1.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: 67b6ea04-034b-11e9-b121-5254002d775b-1-1 Received: from [216.105.38.7] ([216.105.38.7:39439] helo=lists.sourceforge.net) by smtp1.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 83/14-25837-911D91C5; Wed, 19 Dec 2018 00:03:21 -0500 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1gZTzv-0003OY-70; Wed, 19 Dec 2018 05:02:19 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1gZTzt-0003OQ-Eb for openvpn-devel@lists.sourceforge.net; Wed, 19 Dec 2018 05:02:17 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=bpzP6mayed8/VwtdEumKx/625eHVDouRVT30oVbhoTQ=; b=N3Hr1T0EDo0DAkQgW0an8iVkcR 0B/FJ2RFfe8Zg4enALvGHnlxGuAksbMWcYZw8tkMHus9UeAiefvdSKACPDfXj+G1qjfyzM2BD3VCE skUyZuAxrDnzOiZc53uNnoa1QiIhHSWnfa+F5MYPV53SL5ASjLJhdhUNg4bu12wKB4g0=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=bpzP6mayed8/VwtdEumKx/625eHVDouRVT30oVbhoTQ=; b=c1PSBo9MxGn5HQZIRsYBxO22tz MOAUnIDvC7XpEHSiOXg4DvjZJ4gsZE1xnjig9/QVGvRj/3NZWiiz8yqj+Qt+S2lWK9A8SegUG1E/f yZ+/aachMqvo8It8XkTdeNlexKW9+Qdk9qGQTv/nOY2lStrh6Sx15HcysIVbwyH4cpxE=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-3.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) id 1gZTzq-008QaK-Ot for openvpn-devel@lists.sourceforge.net; Wed, 19 Dec 2018 05:02:17 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Wed, 19 Dec 2018 15:01:15 +1000 Message-Id: <20181219050118.6568-5-a@unstable.cc> In-Reply-To: <20181219050118.6568-1-a@unstable.cc> References: <20181219050118.6568-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [5.148.176.60 listed in list.dnswl.org] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record 0.0 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1gZTzq-008QaK-Ot Subject: [Openvpn-devel] [PATCH v3 4/7] route.c: use new networking API to handle routing table on Linux X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox By switching to the networking API (for Linux) openvpn will now use any of the available implementations to handle the routing table. At the moment only iproute2 is implemented. Signed-off-by: Antonio Quartulli Acked-By: Arne Schwabe --- src/openvpn/forward.c | 2 +- src/openvpn/init.c | 24 ++- src/openvpn/init.h | 3 +- src/openvpn/networking_iproute2.c | 1 - src/openvpn/options.c | 4 +- src/openvpn/route.c | 336 ++++++++++++------------------ src/openvpn/route.h | 19 +- src/openvpn/ssl.c | 2 +- src/openvpn/ssl_common.h | 1 + src/openvpn/tun.c | 18 +- src/openvpn/tun.h | 2 +- 11 files changed, 184 insertions(+), 228 deletions(-) diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 0a90fff0..baa0585a 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -508,7 +508,7 @@ static void check_add_routes_action(struct context *c, const bool errors) { do_route(&c->options, c->c1.route_list, c->c1.route_ipv6_list, - c->c1.tuntap, c->plugins, c->c2.es); + c->c1.tuntap, c->plugins, c->c2.es, &c->net_ctx); update_time(); event_timeout_clear(&c->c2.route_wakeup); event_timeout_clear(&c->c2.route_wakeup_expire); diff --git a/src/openvpn/init.c b/src/openvpn/init.c index bf27ff12..395f4ff0 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -1426,7 +1426,8 @@ static void do_init_route_list(const struct options *options, struct route_list *route_list, const struct link_socket_info *link_socket_info, - struct env_set *es) + struct env_set *es, + openvpn_net_ctx_t *ctx) { const char *gw = NULL; int dev = dev_type_enum(options->dev, options->dev_type); @@ -1450,7 +1451,8 @@ do_init_route_list(const struct options *options, gw, metric, link_socket_current_remote(link_socket_info), - es)) + es, + ctx)) { /* copy routes to environment */ setenv_routes(es, route_list); @@ -1633,11 +1635,13 @@ do_route(const struct options *options, struct route_ipv6_list *route_ipv6_list, const struct tuntap *tt, const struct plugin_list *plugins, - struct env_set *es) + struct env_set *es, + openvpn_net_ctx_t *ctx) { if (!options->route_noexec && ( route_list || route_ipv6_list ) ) { - add_routes(route_list, route_ipv6_list, tt, ROUTE_OPTION_FLAGS(options), es); + add_routes(route_list, route_ipv6_list, tt, ROUTE_OPTION_FLAGS(options), + es, ctx); setenv_int(es, "redirect_gateway", route_did_redirect_default_gateway(route_list)); } #ifdef ENABLE_MANAGEMENT @@ -1750,7 +1754,7 @@ do_open_tun(struct context *c) if (c->options.routes && c->c1.route_list) { do_init_route_list(&c->options, c->c1.route_list, - &c->c2.link_socket->info, c->c2.es); + &c->c2.link_socket->info, c->c2.es, &c->net_ctx); } if (c->options.routes_ipv6 && c->c1.route_ipv6_list) { @@ -1777,7 +1781,7 @@ do_open_tun(struct context *c) { /* Ignore route_delay, would cause ROUTE_BEFORE_TUN to be ignored */ do_route(&c->options, c->c1.route_list, c->c1.route_ipv6_list, - c->c1.tuntap, c->plugins, c->c2.es); + c->c1.tuntap, c->plugins, c->c2.es, &c->net_ctx); } #ifdef TARGET_ANDROID /* Store the old fd inside the fd so open_tun can use it */ @@ -1834,7 +1838,7 @@ do_open_tun(struct context *c) if ((route_order() == ROUTE_AFTER_TUN) && (!c->options.route_delay_defined)) { do_route(&c->options, c->c1.route_list, c->c1.route_ipv6_list, - c->c1.tuntap, c->plugins, c->c2.es); + c->c1.tuntap, c->plugins, c->c2.es, &c->net_ctx); } /* @@ -1963,7 +1967,8 @@ do_close_tun(struct context *c, bool force) c->c2.es); delete_routes(c->c1.route_list, c->c1.route_ipv6_list, - c->c1.tuntap, ROUTE_OPTION_FLAGS(&c->options), c->c2.es); + c->c1.tuntap, ROUTE_OPTION_FLAGS(&c->options), + c->c2.es, &c->net_ctx); } /* actually close tun/tap device based on --down-pre flag */ @@ -2820,6 +2825,7 @@ do_init_crypto_tls(struct context *c, const unsigned int flags) to.x509_username_field = X509_USERNAME_FIELD_DEFAULT; #endif to.es = c->c2.es; + to.net_ctx = &c->net_ctx; #ifdef ENABLE_DEBUG to.gremlin = c->options.gremlin; @@ -3182,7 +3188,7 @@ do_option_warnings(struct context *c) if (o->tls_server) { - warn_on_use_of_common_subnets(); + warn_on_use_of_common_subnets(&c->net_ctx); } if (o->tls_client && !o->tls_verify diff --git a/src/openvpn/init.h b/src/openvpn/init.h index ba5eda06..fa70bab2 100644 --- a/src/openvpn/init.h +++ b/src/openvpn/init.h @@ -76,7 +76,8 @@ void do_route(const struct options *options, struct route_ipv6_list *route_ipv6_list, const struct tuntap *tt, const struct plugin_list *plugins, - struct env_set *es); + struct env_set *es, + openvpn_net_ctx_t *ctx); void close_instance(struct context *c); diff --git a/src/openvpn/networking_iproute2.c b/src/openvpn/networking_iproute2.c index a5a6585f..918d62ef 100644 --- a/src/openvpn/networking_iproute2.c +++ b/src/openvpn/networking_iproute2.c @@ -29,7 +29,6 @@ #include "syshead.h" #include "networking.h" -#include "networking_iproute2.h" #include "misc.h" #include "openvpn.h" #include "run_command.h" diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 97a2723a..1f890f45 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -5006,12 +5006,14 @@ add_option(struct options *options, struct route_gateway_info rgi; struct route_ipv6_gateway_info rgi6; struct in6_addr remote = IN6ADDR_ANY_INIT; + openvpn_net_ctx_t net_ctx; VERIFY_PERMISSION(OPT_P_GENERAL); if (p[1]) { get_ipv6_addr(p[1], &remote, NULL, M_WARN); } - get_default_gateway(&rgi); + net_ctx_init(NULL, &net_ctx); + get_default_gateway(&rgi, &net_ctx); get_default_gateway_ipv6(&rgi6, &remote); print_default_gateway(M_INFO, &rgi, &rgi6); openvpn_exit(OPENVPN_EXIT_STATUS_GOOD); /* exit point */ diff --git a/src/openvpn/route.c b/src/openvpn/route.c index 2836d532..483b46ae 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -41,6 +41,7 @@ #include "manage.h" #include "win32.h" #include "options.h" +#include "networking.h" #include "memdbg.h" @@ -62,7 +63,7 @@ static bool del_route_ipv6_service(const struct route_ipv6 *, const struct tunta #endif -static void delete_route(struct route_ipv4 *r, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, const struct env_set *es); +static void delete_route(struct route_ipv4 *r, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, const struct env_set *es, openvpn_net_ctx_t *ctx); static void get_bypass_addresses(struct route_bypass *rb, const unsigned int flags); @@ -608,7 +609,8 @@ init_route_list(struct route_list *rl, const char *remote_endpoint, int default_metric, in_addr_t remote_host, - struct env_set *es) + struct env_set *es, + openvpn_net_ctx_t *ctx) { struct gc_arena gc = gc_new(); bool ret = true; @@ -629,7 +631,7 @@ init_route_list(struct route_list *rl, rl->spec.flags |= RTSA_DEFAULT_METRIC; } - get_default_gateway(&rl->rgi); + get_default_gateway(&rl->rgi, ctx); if (rl->rgi.flags & RGI_ADDR_DEFINED) { setenv_route_addr(es, "net_gateway", rl->rgi.gateway.addr, -1); @@ -896,7 +898,8 @@ add_route3(in_addr_t network, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, - const struct env_set *es) + const struct env_set *es, + openvpn_net_ctx_t *ctx) { struct route_ipv4 r; CLEAR(r); @@ -904,7 +907,7 @@ add_route3(in_addr_t network, r.network = network; r.netmask = netmask; r.gateway = gateway; - add_route(&r, tt, flags, rgi, es); + add_route(&r, tt, flags, rgi, es, ctx); } static void @@ -914,7 +917,8 @@ del_route3(in_addr_t network, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, - const struct env_set *es) + const struct env_set *es, + openvpn_net_ctx_t *ctx) { struct route_ipv4 r; CLEAR(r); @@ -922,7 +926,7 @@ del_route3(in_addr_t network, r.network = network; r.netmask = netmask; r.gateway = gateway; - delete_route(&r, tt, flags, rgi, es); + delete_route(&r, tt, flags, rgi, es, ctx); } static void @@ -931,7 +935,8 @@ add_bypass_routes(struct route_bypass *rb, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, - const struct env_set *es) + const struct env_set *es, + openvpn_net_ctx_t *ctx) { int i; for (i = 0; i < rb->n_bypass; ++i) @@ -944,7 +949,8 @@ add_bypass_routes(struct route_bypass *rb, tt, flags | ROUTE_REF_GW, rgi, - es); + es, + ctx); } } } @@ -955,7 +961,8 @@ del_bypass_routes(struct route_bypass *rb, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, - const struct env_set *es) + const struct env_set *es, + openvpn_net_ctx_t *ctx) { int i; for (i = 0; i < rb->n_bypass; ++i) @@ -968,13 +975,16 @@ del_bypass_routes(struct route_bypass *rb, tt, flags | ROUTE_REF_GW, rgi, - es); + es, + ctx); } } } static void -redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, unsigned int flags, const struct env_set *es) +redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, + unsigned int flags, const struct env_set *es, + openvpn_net_ctx_t *ctx) { const char err[] = "NOTE: unable to redirect default gateway --"; @@ -1030,7 +1040,8 @@ redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, un tt, flags | ROUTE_REF_GW, &rl->rgi, - es); + es, + ctx); rl->iflags |= RL_DID_LOCAL; } else @@ -1041,7 +1052,8 @@ redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, un #endif /* ifndef TARGET_ANDROID */ /* route DHCP/DNS server traffic through original default gateway */ - add_bypass_routes(&rl->spec.bypass, rl->rgi.gateway.addr, tt, flags, &rl->rgi, es); + add_bypass_routes(&rl->spec.bypass, rl->rgi.gateway.addr, tt, flags, + &rl->rgi, es, ctx); if (rl->flags & RG_REROUTE_GW) { @@ -1054,7 +1066,8 @@ redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, un tt, flags, &rl->rgi, - es); + es, + ctx); /* add new default route (2nd component) */ add_route3(0x80000000, @@ -1063,7 +1076,8 @@ redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, un tt, flags, &rl->rgi, - es); + es, + ctx); } else { @@ -1072,7 +1086,7 @@ redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, un { /* delete default route */ del_route3(0, 0, rl->rgi.gateway.addr, tt, - flags | ROUTE_REF_GW, &rl->rgi, es); + flags | ROUTE_REF_GW, &rl->rgi, es, ctx); } /* add new default route */ @@ -1082,7 +1096,8 @@ redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, un tt, flags, &rl->rgi, - es); + es, + ctx); } } @@ -1093,7 +1108,10 @@ redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, un } static void -undo_redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, unsigned int flags, const struct env_set *es) +undo_redirect_default_route_to_vpn(struct route_list *rl, + const struct tuntap *tt, unsigned int flags, + const struct env_set *es, + openvpn_net_ctx_t *ctx) { if (rl && rl->iflags & RL_DID_REDIRECT_DEFAULT_GATEWAY) { @@ -1106,12 +1124,14 @@ undo_redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *t tt, flags | ROUTE_REF_GW, &rl->rgi, - es); + es, + ctx); rl->iflags &= ~RL_DID_LOCAL; } /* delete special DHCP/DNS bypass route */ - del_bypass_routes(&rl->spec.bypass, rl->rgi.gateway.addr, tt, flags, &rl->rgi, es); + del_bypass_routes(&rl->spec.bypass, rl->rgi.gateway.addr, tt, flags, + &rl->rgi, es, ctx); if (rl->flags & RG_REROUTE_GW) { @@ -1124,7 +1144,8 @@ undo_redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *t tt, flags, &rl->rgi, - es); + es, + ctx); /* delete default route (2nd component) */ del_route3(0x80000000, @@ -1133,7 +1154,8 @@ undo_redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *t tt, flags, &rl->rgi, - es); + es, + ctx); } else { @@ -1144,12 +1166,13 @@ undo_redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *t tt, flags, &rl->rgi, - es); + es, + ctx); /* restore original default route if there was any */ if (rl->rgi.flags & RGI_ADDR_DEFINED) { add_route3(0, 0, rl->rgi.gateway.addr, tt, - flags | ROUTE_REF_GW, &rl->rgi, es); + flags | ROUTE_REF_GW, &rl->rgi, es, ctx); } } } @@ -1159,9 +1182,11 @@ undo_redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *t } void -add_routes(struct route_list *rl, struct route_ipv6_list *rl6, const struct tuntap *tt, unsigned int flags, const struct env_set *es) +add_routes(struct route_list *rl, struct route_ipv6_list *rl6, + const struct tuntap *tt, unsigned int flags, + const struct env_set *es, openvpn_net_ctx_t *ctx) { - redirect_default_route_to_vpn(rl, tt, flags, es); + redirect_default_route_to_vpn(rl, tt, flags, es, ctx); if (rl && !(rl->iflags & RL_ROUTES_ADDED) ) { struct route_ipv4 *r; @@ -1184,9 +1209,9 @@ add_routes(struct route_list *rl, struct route_ipv6_list *rl6, const struct tunt check_subnet_conflict(r->network, r->netmask, "route"); if (flags & ROUTE_DELETE_FIRST) { - delete_route(r, tt, flags, &rl->rgi, es); + delete_route(r, tt, flags, &rl->rgi, es, ctx); } - add_route(r, tt, flags, &rl->rgi, es); + add_route(r, tt, flags, &rl->rgi, es, ctx); } rl->iflags |= RL_ROUTES_ADDED; } @@ -1206,9 +1231,9 @@ add_routes(struct route_list *rl, struct route_ipv6_list *rl6, const struct tunt { if (flags & ROUTE_DELETE_FIRST) { - delete_route_ipv6(r, tt, flags, es); + delete_route_ipv6(r, tt, flags, es, ctx); } - add_route_ipv6(r, tt, flags, es); + add_route_ipv6(r, tt, flags, es, ctx); } rl6->iflags |= RL_ROUTES_ADDED; } @@ -1216,19 +1241,20 @@ add_routes(struct route_list *rl, struct route_ipv6_list *rl6, const struct tunt void delete_routes(struct route_list *rl, struct route_ipv6_list *rl6, - const struct tuntap *tt, unsigned int flags, const struct env_set *es) + const struct tuntap *tt, unsigned int flags, + const struct env_set *es, openvpn_net_ctx_t *ctx) { if (rl && rl->iflags & RL_ROUTES_ADDED) { struct route_ipv4 *r; for (r = rl->routes; r; r = r->next) { - delete_route(r, tt, flags, &rl->rgi, es); + delete_route(r, tt, flags, &rl->rgi, es, ctx); } rl->iflags &= ~RL_ROUTES_ADDED; } - undo_redirect_default_route_to_vpn(rl, tt, flags, es); + undo_redirect_default_route_to_vpn(rl, tt, flags, es, ctx); if (rl) { @@ -1240,7 +1266,7 @@ delete_routes(struct route_list *rl, struct route_ipv6_list *rl6, struct route_ipv6 *r6; for (r6 = rl6->routes_ipv6; r6; r6 = r6->next) { - delete_route_ipv6(r6, tt, flags, es); + delete_route_ipv6(r6, tt, flags, es, ctx); } rl6->iflags &= ~RL_ROUTES_ADDED; } @@ -1520,15 +1546,21 @@ add_route(struct route_ipv4 *r, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, /* may be NULL */ - const struct env_set *es) + const struct env_set *es, + openvpn_net_ctx_t *ctx) { struct gc_arena gc; struct argv argv = argv_new(); +#if !defined(TARGET_LINUX) const char *network; #if !defined(ENABLE_IPROUTE) && !defined(TARGET_AIX) const char *netmask; #endif const char *gateway; +#else + const char *iface; + int metric; +#endif bool status = false; int is_local_route; @@ -1539,11 +1571,13 @@ add_route(struct route_ipv4 *r, gc_init(&gc); +#if !defined(TARGET_LINUX) network = print_in_addr_t(r->network, 0, &gc); #if !defined(ENABLE_IPROUTE) && !defined(TARGET_AIX) netmask = print_in_addr_t(r->netmask, 0, &gc); #endif gateway = print_in_addr_t(r->gateway, 0, &gc); +#endif is_local_route = local_route(r->network, r->netmask, r->gateway, rgi); if (is_local_route == LR_ERROR) @@ -1552,47 +1586,26 @@ add_route(struct route_ipv4 *r, } #if defined(TARGET_LINUX) -#ifdef ENABLE_IPROUTE - argv_printf(&argv, "%s route add %s/%d", - iproute_path, - network, - netmask_to_netbits2(r->netmask)); - - if (r->flags & RT_METRIC_DEFINED) - { - argv_printf_cat(&argv, "metric %d", r->metric); - } - + iface = NULL; if (is_on_link(is_local_route, flags, rgi)) { - argv_printf_cat(&argv, "dev %s", rgi->iface); + iface = rgi->iface; } - else - { - argv_printf_cat(&argv, "via %s", gateway); - } -#else /* ifdef ENABLE_IPROUTE */ - argv_printf(&argv, "%s add -net %s netmask %s", - ROUTE_PATH, - network, - netmask); + + metric = -1; if (r->flags & RT_METRIC_DEFINED) { - argv_printf_cat(&argv, "metric %d", r->metric); + metric = r->metric; } - if (is_on_link(is_local_route, flags, rgi)) - { - argv_printf_cat(&argv, "dev %s", rgi->iface); - } - else + + status = true; + if (net_route_v4_add(ctx, &r->network, netmask_to_netbits2(r->netmask), + &r->gateway, iface, 0, metric) < 0) { - argv_printf_cat(&argv, "gw %s", gateway); + msg(M_WARN, "ERROR: Linux route add command failed"); + status = false; } -#endif /*ENABLE_IPROUTE*/ - argv_msg(D_ROUTE, &argv); - status = openvpn_execve_check(&argv, es, 0, "ERROR: Linux route add command failed"); - #elif defined (TARGET_ANDROID) char out[128]; @@ -1839,7 +1852,9 @@ route_ipv6_clear_host_bits( struct route_ipv6 *r6 ) } void -add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt, unsigned int flags, const struct env_set *es) +add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt, + unsigned int flags, const struct env_set *es, + openvpn_net_ctx_t *ctx) { struct gc_arena gc; struct argv argv = argv_new(); @@ -1848,7 +1863,9 @@ add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt, unsigned int flag const char *gateway; bool status = false; const char *device = tt->actual_name; - +#if defined(TARGET_LINUX) + int metric; +#endif bool gateway_needed = false; if (!(r6->flags & RT_DEFINED) ) @@ -1923,38 +1940,20 @@ add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt, unsigned int flag } #if defined(TARGET_LINUX) -#ifdef ENABLE_IPROUTE - argv_printf(&argv, "%s -6 route add %s/%d dev %s", - iproute_path, - network, - r6->netbits, - device); - if (gateway_needed) - { - argv_printf_cat(&argv, "via %s", gateway); - } - if ( (r6->flags & RT_METRIC_DEFINED) && r6->metric > 0) + metric = -1; + if ((r6->flags & RT_METRIC_DEFINED) && (r6->metric > 0)) { - argv_printf_cat(&argv, " metric %d", r6->metric); + metric = r6->metric; } -#else /* ifdef ENABLE_IPROUTE */ - argv_printf(&argv, "%s -A inet6 add %s/%d dev %s", - ROUTE_PATH, - network, - r6->netbits, - device); - if (gateway_needed) + status = true; + if (net_route_v6_add(ctx, &r6->network, r6->netbits, + gateway_needed ? &r6->gateway : NULL, device, 0, + metric) < 0) { - argv_printf_cat(&argv, "gw %s", gateway); - } - if ( (r6->flags & RT_METRIC_DEFINED) && r6->metric > 0) - { - argv_printf_cat(&argv, " metric %d", r6->metric); + msg(M_WARN, "ERROR: Linux IPv6 route can't be added"); + status = false; } -#endif /*ENABLE_IPROUTE*/ - argv_msg(D_ROUTE, &argv); - status = openvpn_execve_check(&argv, es, 0, "ERROR: Linux route -6/-A inet6 add command failed"); #elif defined (TARGET_ANDROID) char out[64]; @@ -2137,16 +2136,21 @@ delete_route(struct route_ipv4 *r, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, - const struct env_set *es) + const struct env_set *es, + openvpn_net_ctx_t *ctx) { struct gc_arena gc; struct argv argv = argv_new(); +#if !defined(TARGET_LINUX) const char *network; #if !defined(ENABLE_IPROUTE) && !defined(TARGET_AIX) const char *netmask; #endif #if !defined(TARGET_LINUX) && !defined(TARGET_ANDROID) const char *gateway; +#endif +#else + int metric; #endif int is_local_route; @@ -2157,12 +2161,14 @@ delete_route(struct route_ipv4 *r, gc_init(&gc); +#if !defined(TARGET_LINUX) network = print_in_addr_t(r->network, 0, &gc); #if !defined(ENABLE_IPROUTE) && !defined(TARGET_AIX) netmask = print_in_addr_t(r->netmask, 0, &gc); #endif #if !defined(TARGET_LINUX) && !defined(TARGET_ANDROID) gateway = print_in_addr_t(r->gateway, 0, &gc); +#endif #endif is_local_route = local_route(r->network, r->netmask, r->gateway, rgi); @@ -2172,24 +2178,17 @@ delete_route(struct route_ipv4 *r, } #if defined(TARGET_LINUX) -#ifdef ENABLE_IPROUTE - argv_printf(&argv, "%s route del %s/%d", - iproute_path, - network, - netmask_to_netbits2(r->netmask)); -#else - argv_printf(&argv, "%s del -net %s netmask %s", - ROUTE_PATH, - network, - netmask); -#endif /*ENABLE_IPROUTE*/ + metric = -1; if (r->flags & RT_METRIC_DEFINED) { - argv_printf_cat(&argv, "metric %d", r->metric); + metric = r->metric; } - argv_msg(D_ROUTE, &argv); - openvpn_execve_check(&argv, es, 0, "ERROR: Linux route delete command failed"); + if (net_route_v4_del(ctx, &r->network, netmask_to_netbits2(r->netmask), + &r->gateway, NULL, 0, metric) < 0) + { + msg(M_WARN, "ERROR: Linux route delete command failed"); + } #elif defined (_WIN32) argv_printf(&argv, "%s%sc DELETE %s MASK %s %s", @@ -2325,12 +2324,18 @@ done: } void -delete_route_ipv6(const struct route_ipv6 *r6, const struct tuntap *tt, unsigned int flags, const struct env_set *es) +delete_route_ipv6(const struct route_ipv6 *r6, const struct tuntap *tt, + unsigned int flags, const struct env_set *es, + openvpn_net_ctx_t *ctx) { struct gc_arena gc; struct argv argv = argv_new(); const char *network; +#if !defined(TARGET_LINUX) const char *gateway; +#else + int metric; +#endif const char *device = tt->actual_name; bool gateway_needed = false; @@ -2350,7 +2355,9 @@ delete_route_ipv6(const struct route_ipv6 *r6, const struct tuntap *tt, unsigned gc_init(&gc); network = print_in6_addr( r6->network, 0, &gc); +#if !defined(TARGET_LINUX) gateway = print_in6_addr( r6->gateway, 0, &gc); +#endif #if defined(TARGET_DARWIN) \ || defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \ @@ -2381,35 +2388,19 @@ delete_route_ipv6(const struct route_ipv6 *r6, const struct tuntap *tt, unsigned gateway_needed = true; } - #if defined(TARGET_LINUX) -#ifdef ENABLE_IPROUTE - argv_printf(&argv, "%s -6 route del %s/%d dev %s", - iproute_path, - network, - r6->netbits, - device); - if (gateway_needed) - { - argv_printf_cat(&argv, "via %s", gateway); - } -#else /* ifdef ENABLE_IPROUTE */ - argv_printf(&argv, "%s -A inet6 del %s/%d dev %s", - ROUTE_PATH, - network, - r6->netbits, - device); - if (gateway_needed) + metric = -1; + if ((r6->flags & RT_METRIC_DEFINED) && (r6->metric > 0)) { - argv_printf_cat(&argv, "gw %s", gateway); + metric = r6->metric; } - if ( (r6->flags & RT_METRIC_DEFINED) && r6->metric > 0) + + if (net_route_v6_del(ctx, &r6->network, r6->netbits, + gateway_needed ? &r6->gateway : NULL, device, 0, + metric) < 0) { - argv_printf_cat(&argv, " metric %d", r6->metric); + msg(M_WARN, "ERROR: Linux route v6 delete command failed"); } -#endif /*ENABLE_IPROUTE*/ - argv_msg(D_ROUTE, &argv); - openvpn_execve_check(&argv, es, 0, "ERROR: Linux route -6/-A inet6 del command failed"); #elif defined (_WIN32) @@ -2721,7 +2712,7 @@ get_default_gateway_row(const MIB_IPFORWARDTABLE *routes) } void -get_default_gateway(struct route_gateway_info *rgi) +get_default_gateway(struct route_gateway_info *rgi, openvpn_net_ctx_t *ctx) { struct gc_arena gc = gc_new(); @@ -2808,7 +2799,7 @@ windows_route_find_if_index(const struct route_ipv4 *r, const struct tuntap *tt) */ void get_default_gateway_ipv6(struct route_ipv6_gateway_info *rgi6, - const struct in6_addr *dest) + const struct in6_addr *dest, openvpn_net_ctx_t *ctx) { struct gc_arena gc = gc_new(); MIB_IPFORWARD_ROW2 BestRoute; @@ -3169,72 +3160,23 @@ show_routes(int msglev) #elif defined(TARGET_LINUX) || defined(TARGET_ANDROID) void -get_default_gateway(struct route_gateway_info *rgi) +get_default_gateway(struct route_gateway_info *rgi, openvpn_net_ctx_t *ctx) { struct gc_arena gc = gc_new(); int sd = -1; - char best_name[16]; - best_name[0] = 0; + char best_name[IFNAMSIZ]; CLEAR(*rgi); + CLEAR(best_name); #ifndef TARGET_ANDROID /* get default gateway IP addr */ + if (net_route_v4_best_gw(ctx, NULL, 0, &rgi->gateway.addr, best_name) == 0) { - FILE *fp = fopen("/proc/net/route", "r"); - if (fp) + rgi->flags |= RGI_ADDR_DEFINED; + if (!rgi->gateway.addr && best_name[0]) { - char line[256]; - int count = 0; - unsigned int lowest_metric = UINT_MAX; - in_addr_t best_gw = 0; - bool found = false; - while (fgets(line, sizeof(line), fp) != NULL) - { - if (count) - { - unsigned int net_x = 0; - unsigned int mask_x = 0; - unsigned int gw_x = 0; - unsigned int metric = 0; - unsigned int flags = 0; - char name[16]; - name[0] = 0; - const int np = sscanf(line, "%15s\t%x\t%x\t%x\t%*s\t%*s\t%d\t%x", - name, - &net_x, - &gw_x, - &flags, - &metric, - &mask_x); - if (np == 6 && (flags & IFF_UP)) - { - const in_addr_t net = ntohl(net_x); - const in_addr_t mask = ntohl(mask_x); - const in_addr_t gw = ntohl(gw_x); - - if (!net && !mask && metric < lowest_metric) - { - found = true; - best_gw = gw; - strcpy(best_name, name); - lowest_metric = metric; - } - } - } - ++count; - } - fclose(fp); - - if (found) - { - rgi->gateway.addr = best_gw; - rgi->flags |= RGI_ADDR_DEFINED; - if (!rgi->gateway.addr && best_name[0]) - { - rgi->flags |= RGI_ON_LINK; - } - } + rgi->flags |= RGI_ON_LINK; } } #else /* ifndef TARGET_ANDROID */ @@ -3596,7 +3538,7 @@ struct rtmsg { #define max(a,b) ((a) > (b) ? (a) : (b)) void -get_default_gateway(struct route_gateway_info *rgi) +get_default_gateway(struct route_gateway_info *rgi, openvpn_net_ctx_t *ctx) { struct gc_arena gc = gc_new(); struct rtmsg m_rtmsg; @@ -3996,7 +3938,7 @@ done: * may be disabled by missing items. */ void -get_default_gateway(struct route_gateway_info *rgi) +get_default_gateway(struct route_gateway_info *rgi, openvpn_net_ctx_t *ctx) { CLEAR(*rgi); } diff --git a/src/openvpn/route.h b/src/openvpn/route.h index 69420228..e552e6ec 100644 --- a/src/openvpn/route.h +++ b/src/openvpn/route.h @@ -256,15 +256,16 @@ void copy_route_ipv6_option_list(struct route_ipv6_option_list *dest, void route_ipv6_clear_host_bits( struct route_ipv6 *r6 ); -void add_route_ipv6(struct route_ipv6 *r, const struct tuntap *tt, unsigned int flags, const struct env_set *es); +void add_route_ipv6(struct route_ipv6 *r, const struct tuntap *tt, unsigned int flags, const struct env_set *es, openvpn_net_ctx_t *ctx); -void delete_route_ipv6(const struct route_ipv6 *r, const struct tuntap *tt, unsigned int flags, const struct env_set *es); +void delete_route_ipv6(const struct route_ipv6 *r, const struct tuntap *tt, unsigned int flags, const struct env_set *es, openvpn_net_ctx_t *ctx); void add_route(struct route_ipv4 *r, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, - const struct env_set *es); + const struct env_set *es, + openvpn_net_ctx_t *ctx); void add_route_to_option_list(struct route_option_list *l, const char *network, @@ -282,7 +283,8 @@ bool init_route_list(struct route_list *rl, const char *remote_endpoint, int default_metric, in_addr_t remote_host, - struct env_set *es); + struct env_set *es, + openvpn_net_ctx_t *ctx); bool init_route_ipv6_list(struct route_ipv6_list *rl6, const struct route_ipv6_option_list *opt6, @@ -299,13 +301,15 @@ void add_routes(struct route_list *rl, struct route_ipv6_list *rl6, const struct tuntap *tt, unsigned int flags, - const struct env_set *es); + const struct env_set *es, + openvpn_net_ctx_t *ctx); void delete_routes(struct route_list *rl, struct route_ipv6_list *rl6, const struct tuntap *tt, unsigned int flags, - const struct env_set *es); + const struct env_set *es, + openvpn_net_ctx_t *ctx); void setenv_routes(struct env_set *es, const struct route_list *rl); @@ -315,7 +319,8 @@ void setenv_routes_ipv6(struct env_set *es, const struct route_ipv6_list *rl6); bool is_special_addr(const char *addr_str); -void get_default_gateway(struct route_gateway_info *rgi); +void get_default_gateway(struct route_gateway_info *rgi, + openvpn_net_ctx_t *ctx); void get_default_gateway_ipv6(struct route_ipv6_gateway_info *rgi, const struct in6_addr *dest); diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index e9927eb8..fc2c7953 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -2324,7 +2324,7 @@ push_peer_info(struct buffer *buf, struct tls_session *session) { /* push mac addr */ struct route_gateway_info rgi; - get_default_gateway(&rgi); + get_default_gateway(&rgi, session->opt->net_ctx); if (rgi.flags & RGI_HWADDR_DEFINED) { buf_printf(&out, "IV_HWADDR=%s\n", format_hex_ex(rgi.hwaddr, 6, 0, 1, ":", &gc)); diff --git a/src/openvpn/ssl_common.h b/src/openvpn/ssl_common.h index 410b2163..0312c1f8 100644 --- a/src/openvpn/ssl_common.h +++ b/src/openvpn/ssl_common.h @@ -315,6 +315,7 @@ struct tls_options /* instance-wide environment variable set */ struct env_set *es; + openvpn_net_ctx_t *net_ctx; const struct plugin_list *plugins; /* compression parms */ diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index 0d15d469..dcbbf2f3 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -453,13 +453,13 @@ check_subnet_conflict(const in_addr_t ip, } void -warn_on_use_of_common_subnets(void) +warn_on_use_of_common_subnets(openvpn_net_ctx_t *ctx) { struct gc_arena gc = gc_new(); struct route_gateway_info rgi; const int needed = (RGI_ADDR_DEFINED|RGI_NETMASK_DEFINED); - get_default_gateway(&rgi); + get_default_gateway(&rgi, ctx); if ((rgi.flags & needed) == needed) { const in_addr_t lan_network = rgi.gateway.addr & rgi.gateway.netmask; @@ -818,7 +818,7 @@ add_route_connected_v6_net(struct tuntap *tt, r6.gateway = tt->local_ipv6; r6.metric = 0; /* connected route */ r6.flags = RT_DEFINED | RT_METRIC_DEFINED; - add_route_ipv6(&r6, tt, 0, es); + add_route_ipv6(&r6, tt, 0, es, NULL); } void @@ -834,7 +834,7 @@ delete_route_connected_v6_net(struct tuntap *tt, r6.metric = 0; /* connected route */ r6.flags = RT_DEFINED | RT_ADDED | RT_METRIC_DEFINED; route_ipv6_clear_host_bits(&r6); - delete_route_ipv6(&r6, tt, 0, es); + delete_route_ipv6(&r6, tt, 0, es, NULL); } #endif /* if defined(_WIN32) || defined(TARGET_DARWIN) || defined(TARGET_NETBSD) || defined(TARGET_OPENBSD) */ @@ -1170,7 +1170,7 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, int tun_mtu, r.netmask = tt->remote_netmask; r.gateway = tt->local; r.metric = 0; - add_route(&r, tt, 0, NULL, es); + add_route(&r, tt, 0, NULL, es, NULL); } #elif defined(TARGET_OPENBSD) @@ -1217,7 +1217,7 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, int tun_mtu, r.network = tt->local & tt->remote_netmask; r.netmask = tt->remote_netmask; r.gateway = remote_end; - add_route(&r, tt, 0, NULL, es); + add_route(&r, tt, 0, NULL, es, NULL); } #elif defined(TARGET_NETBSD) @@ -1259,7 +1259,7 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, int tun_mtu, r.network = tt->local & tt->remote_netmask; r.netmask = tt->remote_netmask; r.gateway = remote_end; - add_route(&r, tt, 0, NULL, es); + add_route(&r, tt, 0, NULL, es, NULL); } #elif defined(TARGET_DARWIN) @@ -1309,7 +1309,7 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, int tun_mtu, r.network = tt->local & tt->remote_netmask; r.netmask = tt->remote_netmask; r.gateway = tt->local; - add_route(&r, tt, 0, NULL, es); + add_route(&r, tt, 0, NULL, es, NULL); } #elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) @@ -1348,7 +1348,7 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, int tun_mtu, r.network = tt->local & tt->remote_netmask; r.netmask = tt->remote_netmask; r.gateway = remote_end; - add_route(&r, tt, 0, NULL, es); + add_route(&r, tt, 0, NULL, es, NULL); } #elif defined(TARGET_AIX) diff --git a/src/openvpn/tun.h b/src/openvpn/tun.h index a68ecaa9..24c2ae58 100644 --- a/src/openvpn/tun.h +++ b/src/openvpn/tun.h @@ -275,7 +275,7 @@ void check_subnet_conflict(const in_addr_t ip, const in_addr_t netmask, const char *prefix); -void warn_on_use_of_common_subnets(void); +void warn_on_use_of_common_subnets(openvpn_net_ctx_t *ctx); /* * Inline functions From patchwork Tue Dec 18 18:01:16 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 643 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director7.mail.ord1d.rsapps.net ([172.28.255.1]) by backend30.mail.ord1d.rsapps.net with LMTP id +A/uIhnRGVxyBQAAIUCqbw for ; Wed, 19 Dec 2018 00:03:21 -0500 Received: from director4.mail.ord1c.rsapps.net ([172.28.255.1]) by director7.mail.ord1d.rsapps.net with LMTP id 0KbPIhnRGVykQwAAovjBpQ ; Wed, 19 Dec 2018 00:03:21 -0500 Received: from smtp3.gate.ord1c ([172.28.255.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by director4.mail.ord1c.rsapps.net with LMTP id UPMIJwfRGVwZZQAAsEL7Xg ; Wed, 19 Dec 2018 00:03:03 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp3.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: 6798ae04-034b-11e9-b470-842b2b47481a-1-1 Received: from [216.105.38.7] ([216.105.38.7:22565] helo=lists.sourceforge.net) by smtp3.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 06/19-11697-911D91C5; Wed, 19 Dec 2018 00:03:21 -0500 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1gZU04-0004EM-PT; Wed, 19 Dec 2018 05:02:28 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1gZU02-0004EC-Tx for openvpn-devel@lists.sourceforge.net; Wed, 19 Dec 2018 05:02:26 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=M+tiUO2w5b1zfWU3obo8C2D9AWmfxTH4OazyY4qWb6g=; b=nV3ofnTSA9vtqf2H3ofxC0Fywi aXCpzx+Pv3iJMY+o0fxk8IuB68Q+ht26BgLof2f50UvAw52soZUs2FHwYiygJTFjkkyntuBGRxpUx KEoHP2jJ1NQmROK2YHaEFuYX9wf5k5NVV+PyijhM6CzWAaW4YNnrcC+c6A8dbOleYQ2c=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=M+tiUO2w5b1zfWU3obo8C2D9AWmfxTH4OazyY4qWb6g=; b=nHMC4YHbJ9V4/MNWOaza6KTvM6 JE1lRBVlvzikkP85sHMALY3ZSjAD+en+9z25DCeC0dGcCH5HwfKEPWMmhvZoHI57dLrNxiF5T8XNa cU0jrVb9aZOySl3AIXnUaHCuclHt0aXeKgEvBAoVJxorJYkYavgJcGG+Ep2Vy/0Pxp7s=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) id 1gZU00-007TUU-Tm for openvpn-devel@lists.sourceforge.net; Wed, 19 Dec 2018 05:02:26 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Wed, 19 Dec 2018 15:01:16 +1000 Message-Id: <20181219050118.6568-6-a@unstable.cc> In-Reply-To: <20181219050118.6568-1-a@unstable.cc> References: <20181219050118.6568-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [5.148.176.60 listed in list.dnswl.org] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record 0.0 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1gZU00-007TUU-Tm Subject: [Openvpn-devel] [PATCH v3 5/7] route.c: use sitnl to implement get_default_gateway_ipv6() X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox get_default_gateway_ipv6() has always been implemented using netlink, however, now that we have sitnl, we can re-use the latter and get rid of the netlink code from route.c. Signed-off-by: Antonio Quartulli Acked-By: Arne Schwabe --- src/openvpn/init.c | 9 +- src/openvpn/networking_iproute2.c | 2 +- src/openvpn/options.c | 2 +- src/openvpn/route.c | 161 ++++-------------------------- src/openvpn/route.h | 7 +- 5 files changed, 30 insertions(+), 151 deletions(-) diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 395f4ff0..c036bdae 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -1463,7 +1463,8 @@ static void do_init_route_ipv6_list(const struct options *options, struct route_ipv6_list *route_ipv6_list, const struct link_socket_info *link_socket_info, - struct env_set *es) + struct env_set *es, + openvpn_net_ctx_t *ctx) { const char *gw = NULL; int metric = -1; /* no metric set */ @@ -1499,7 +1500,8 @@ do_init_route_ipv6_list(const struct options *options, gw, metric, link_socket_current_remote_ipv6(link_socket_info), - es)) + es, + ctx)) { /* copy routes to environment */ setenv_routes_ipv6(es, route_ipv6_list); @@ -1759,7 +1761,8 @@ do_open_tun(struct context *c) if (c->options.routes_ipv6 && c->c1.route_ipv6_list) { do_init_route_ipv6_list(&c->options, c->c1.route_ipv6_list, - &c->c2.link_socket->info, c->c2.es); + &c->c2.link_socket->info, c->c2.es, + &c->net_ctx); } /* do ifconfig */ diff --git a/src/openvpn/networking_iproute2.c b/src/openvpn/networking_iproute2.c index 918d62ef..a5824306 100644 --- a/src/openvpn/networking_iproute2.c +++ b/src/openvpn/networking_iproute2.c @@ -375,7 +375,7 @@ net_route_v4_best_gw(openvpn_net_ctx_t *ctx, const in_addr_t *dst, /* * The following function is not implemented in the iproute backend as it - * already uses netlink in route.c. + * uses the sitnl implementation from networking_sitnl.c. * * int * net_route_v6_best_gw(const struct in6_addr *dst, int prefixlen, diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 1f890f45..8a9c67f9 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -5014,7 +5014,7 @@ add_option(struct options *options, } net_ctx_init(NULL, &net_ctx); get_default_gateway(&rgi, &net_ctx); - get_default_gateway_ipv6(&rgi6, &remote); + get_default_gateway_ipv6(&rgi6, &remote, &net_ctx); print_default_gateway(M_INFO, &rgi, &rgi6); openvpn_exit(OPENVPN_EXIT_STATUS_GOOD); /* exit point */ } diff --git a/src/openvpn/route.c b/src/openvpn/route.c index 483b46ae..60ea4fab 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -765,7 +765,8 @@ init_route_ipv6_list(struct route_ipv6_list *rl6, const char *remote_endpoint, int default_metric, const struct in6_addr *remote_host_ipv6, - struct env_set *es) + struct env_set *es, + openvpn_net_ctx_t *ctx) { struct gc_arena gc = gc_new(); bool ret = true; @@ -790,7 +791,7 @@ init_route_ipv6_list(struct route_ipv6_list *rl6, msg(D_ROUTE, "GDG6: remote_host_ipv6=%s", remote_host_ipv6 ? print_in6_addr(*remote_host_ipv6, 0, &gc) : "n/a" ); - get_default_gateway_ipv6(&rl6->rgi6, remote_host_ipv6); + get_default_gateway_ipv6(&rl6->rgi6, remote_host_ipv6, ctx); if (rl6->rgi6.flags & RGI_ADDR_DEFINED) { setenv_str(es, "net_gateway_ipv6", print_in6_addr(rl6->rgi6.gateway.addr_ipv6, 0, &gc)); @@ -3323,152 +3324,30 @@ struct rtreq { void get_default_gateway_ipv6(struct route_ipv6_gateway_info *rgi6, - const struct in6_addr *dest) + const struct in6_addr *dest, openvpn_net_ctx_t *ctx) { - int nls = -1; - struct rtreq rtreq; - struct rtattr *rta; - - char rtbuf[2000]; - ssize_t ssize; - - CLEAR(*rgi6); - - nls = socket( PF_NETLINK, SOCK_RAW, NETLINK_ROUTE ); - if (nls < 0) - { - msg(M_WARN|M_ERRNO, "GDG6: socket() failed" ); goto done; - } - - /* bind() is not needed, no unsolicited msgs coming in */ - - /* request best matching route, see netlink(7) for explanations - */ - CLEAR(rtreq); - rtreq.nh.nlmsg_type = RTM_GETROUTE; - rtreq.nh.nlmsg_flags = NLM_F_REQUEST; /* best match only */ - rtreq.rtm.rtm_family = AF_INET6; - rtreq.rtm.rtm_src_len = 0; /* not source dependent */ - rtreq.rtm.rtm_dst_len = 128; /* exact dst */ - rtreq.rtm.rtm_table = RT_TABLE_MAIN; - rtreq.rtm.rtm_protocol = RTPROT_UNSPEC; - rtreq.nh.nlmsg_len = NLMSG_SPACE(sizeof(rtreq.rtm)); - - /* set RTA_DST for target IPv6 address we want */ - rta = (struct rtattr *)(((char *) &rtreq)+NLMSG_ALIGN(rtreq.nh.nlmsg_len)); - rta->rta_type = RTA_DST; - rta->rta_len = RTA_LENGTH(16); - rtreq.nh.nlmsg_len = NLMSG_ALIGN(rtreq.nh.nlmsg_len) - +RTA_LENGTH(16); - - if (dest == NULL) /* ::, unspecified */ - { - memset( RTA_DATA(rta), 0, 16 ); /* :: = all-zero */ - } - else - { - memcpy( RTA_DATA(rta), (void *)dest, 16 ); - } + struct in_addr gw; + int flags; - /* send and receive reply */ - if (send( nls, &rtreq, rtreq.nh.nlmsg_len, 0 ) < 0) - { - msg(M_WARN|M_ERRNO, "GDG6: send() failed" ); goto done; - } - - ssize = recv(nls, rtbuf, sizeof(rtbuf), MSG_TRUNC); - - if (ssize < 0) - { - msg(M_WARN|M_ERRNO, "GDG6: recv() failed" ); goto done; - } - - if (ssize > sizeof(rtbuf)) - { - msg(M_WARN, "get_default_gateway_ipv6: returned message too big for buffer (%d>%d)", (int)ssize, (int)sizeof(rtbuf) ); - goto done; - } - - struct nlmsghdr *nh; + CLEAR(gw); - for (nh = (struct nlmsghdr *)rtbuf; - NLMSG_OK(nh, ssize); - nh = NLMSG_NEXT(nh, ssize)) + if (net_route_v6_best_gw(ctx, dest, 0, &rgi6->gateway.addr_ipv6, + rgi6->iface) == 0) { - struct rtmsg *rtm; - int attrlen; - - if (nh->nlmsg_type == NLMSG_DONE) + if (rgi6->gateway.addr_ipv6.s6_addr) { - break; + rgi6->flags |= RGI_ADDR_DEFINED; } - if (nh->nlmsg_type == NLMSG_ERROR) + if (rgi6->iface) { - struct nlmsgerr *ne = (struct nlmsgerr *)NLMSG_DATA(nh); - - /* since linux-4.11 -ENETUNREACH is returned when no route can be - * found. Don't print any error message in this case */ - if (ne->error != -ENETUNREACH) - { - msg(M_WARN, "GDG6: NLMSG_ERROR: error %s\n", - strerror(-ne->error)); - } - break; - } - - if (nh->nlmsg_type != RTM_NEWROUTE) - { - /* shouldn't happen */ - msg(M_WARN, "GDG6: unexpected msg_type %d", nh->nlmsg_type ); - continue; - } - - rtm = (struct rtmsg *)NLMSG_DATA(nh); - attrlen = RTM_PAYLOAD(nh); - - /* we're only looking for routes in the main table, as "we have - * no IPv6" will lead to a lookup result in "Local" (::/0 reject) - */ - if (rtm->rtm_family != AF_INET6 - || rtm->rtm_table != RT_TABLE_MAIN) - { - continue; - } /* we're not interested */ - - for (rta = RTM_RTA(rtm); - RTA_OK(rta, attrlen); - rta = RTA_NEXT(rta, attrlen)) - { - if (rta->rta_type == RTA_GATEWAY) - { - if (RTA_PAYLOAD(rta) != sizeof(struct in6_addr) ) - { - msg(M_WARN, "GDG6: RTA_GW size mismatch"); continue; - } - rgi6->gateway.addr_ipv6 = *(struct in6_addr *) RTA_DATA(rta); - rgi6->flags |= RGI_ADDR_DEFINED; - } - else if (rta->rta_type == RTA_OIF) - { - char ifname[IF_NAMESIZE+1]; - int oif; - if (RTA_PAYLOAD(rta) != sizeof(oif) ) - { - msg(M_WARN, "GDG6: oif size mismatch"); continue; - } - - memcpy(&oif, RTA_DATA(rta), sizeof(oif)); - if_indextoname(oif,ifname); - strncpy( rgi6->iface, ifname, sizeof(rgi6->iface)-1 ); - rgi6->flags |= RGI_IFACE_DEFINED; - } + rgi6->flags |= RGI_IFACE_DEFINED; } } /* if we have an interface but no gateway, the destination is on-link */ - if ( ( rgi6->flags & (RGI_IFACE_DEFINED|RGI_ADDR_DEFINED) ) == - RGI_IFACE_DEFINED) + flags = rgi6->flags & (RGI_IFACE_DEFINED | RGI_ADDR_DEFINED); + if (flags == RGI_IFACE_DEFINED) { rgi6->flags |= (RGI_ADDR_DEFINED | RGI_ON_LINK); if (dest) @@ -3476,12 +3355,6 @@ get_default_gateway_ipv6(struct route_ipv6_gateway_info *rgi6, rgi6->gateway.addr_ipv6 = *dest; } } - -done: - if (nls >= 0) - { - close(nls); - } } #elif defined(TARGET_DARWIN) || defined(TARGET_SOLARIS) \ @@ -3758,7 +3631,7 @@ done: void get_default_gateway_ipv6(struct route_ipv6_gateway_info *rgi6, - const struct in6_addr *dest) + const struct in6_addr *dest, openvpn_net_ctx_t *ctx) { struct rtmsg m_rtmsg; @@ -3944,7 +3817,7 @@ get_default_gateway(struct route_gateway_info *rgi, openvpn_net_ctx_t *ctx) } void get_default_gateway_ipv6(struct route_ipv6_gateway_info *rgi6, - const struct in6_addr *dest) + const struct in6_addr *dest, openvpn_net_ctx_t *ctx) { msg(D_ROUTE, "no support for get_default_gateway_ipv6() on this system"); CLEAR(*rgi6); diff --git a/src/openvpn/route.h b/src/openvpn/route.h index e552e6ec..31d38e36 100644 --- a/src/openvpn/route.h +++ b/src/openvpn/route.h @@ -31,6 +31,7 @@ #include "basic.h" #include "tun.h" #include "misc.h" +#include "networking.h" #ifdef _WIN32 /* @@ -291,7 +292,8 @@ bool init_route_ipv6_list(struct route_ipv6_list *rl6, const char *remote_endpoint, int default_metric, const struct in6_addr *remote_host, - struct env_set *es); + struct env_set *es, + openvpn_net_ctx_t *ctx); void route_list_add_vpn_gateway(struct route_list *rl, struct env_set *es, @@ -323,7 +325,8 @@ void get_default_gateway(struct route_gateway_info *rgi, openvpn_net_ctx_t *ctx); void get_default_gateway_ipv6(struct route_ipv6_gateway_info *rgi, - const struct in6_addr *dest); + const struct in6_addr *dest, + openvpn_net_ctx_t *ctx); void print_default_gateway(const int msglevel, const struct route_gateway_info *rgi, From patchwork Tue Dec 18 18:01:17 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 641 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director10.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id iPdtJhPRGVyxQgAAIUCqbw for ; Wed, 19 Dec 2018 00:03:15 -0500 Received: from proxy20.mail.ord1d.rsapps.net ([172.30.191.6]) by director10.mail.ord1d.rsapps.net with LMTP id cAlCJhPRGVwkVQAApN4f7A ; Wed, 19 Dec 2018 00:03:15 -0500 Received: from smtp12.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy20.mail.ord1d.rsapps.net with LMTP id QO1HJhPRGVymEwAAsk8m8w ; Wed, 19 Dec 2018 00:03:15 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp12.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: 63f6f0d0-034b-11e9-a7aa-52540070b731-1-1 Received: from [216.105.38.7] ([216.105.38.7:27880] helo=lists.sourceforge.net) by smtp12.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 21/60-22334-311D91C5; Wed, 19 Dec 2018 00:03:15 -0500 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1gZTzz-0000BL-0o; Wed, 19 Dec 2018 05:02:23 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1gZTzy-0000BD-5F for openvpn-devel@lists.sourceforge.net; Wed, 19 Dec 2018 05:02:22 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=dr+nWGIaN+ed+IvF+jIrqwUBx8FAtE6MTQNN/36rMS0=; b=jtsUJMhoEkC4EXXCKt/xAiV2Km AghFF3SuLZ3z2Ucp8xL3F3rS0rgk56ynDbE5y1UfND+p8/cnton81Hv+JdZsV82gl8r4ZruSGCTOj olrvaZ13KcW13wqMOYQYzqFRLVNaa9jRIX6dP4lo1SNY1iObJyYnhZ1oS4zYdfq1PqzM=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=dr+nWGIaN+ed+IvF+jIrqwUBx8FAtE6MTQNN/36rMS0=; b=l+QwzN4q5Povdlbc8TcYHso9Wq 1bYbjk1AyDm3y3KwmVdYr6p5tmKaZy4lfKKPy1byrfNYfjauJnnXlTb3QvpPgoU2XW21jn9LJZ13Q 6/MZ087ucQHYsV5gXjXTqWlwRVVt3adA2CHTfummDqTlTsCvgLPlWKo77CaRdrKzOfQA=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) id 1gZTzv-007Vd5-W2 for openvpn-devel@lists.sourceforge.net; Wed, 19 Dec 2018 05:02:22 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Wed, 19 Dec 2018 15:01:17 +1000 Message-Id: <20181219050118.6568-7-a@unstable.cc> In-Reply-To: <20181219050118.6568-1-a@unstable.cc> References: <20181219050118.6568-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [5.148.176.60 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1gZTzv-007Vd5-W2 Subject: [Openvpn-devel] [PATCH v3 6/7] unit tests: implement test for sitnl X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This patch introduces a new unit test that is not executed by the cmocka framework, but rather used by a new t_net.sh bash script. The idea behind this test is to ensure that invoking sitnl functions or running iproute commands leads to the same networking (interface and routing table) state. To achieve this, the t_net.sh script first runs a binary implemented invoking sitnl functions and then takes a "screenshot" of the state. Subsequently a series of iproute commands, expected to mimic exactly the same behaviour as the sitnl functions invoked before, are executed. The final state is then compared with the screenshot previously taken. If no mismatching is found, the test is passed. The current unit_test, however, does not cover all the sitnl functionalities and it is expected to be extended in the future. Signed-off-by: Antonio Quartulli Acked-By: Arne Schwabe --- configure.ac | 2 + tests/Makefile.am | 3 +- tests/t_net.sh | 180 ++++++++++++++++ tests/unit_tests/openvpn/Makefile.am | 30 ++- tests/unit_tests/openvpn/test_networking.c | 229 +++++++++++++++++++++ 5 files changed, 438 insertions(+), 6 deletions(-) create mode 100755 tests/t_net.sh create mode 100644 tests/unit_tests/openvpn/test_networking.c diff --git a/configure.ac b/configure.ac index 2a51ad46..90666f04 100644 --- a/configure.ac +++ b/configure.ac @@ -294,9 +294,11 @@ else fi AC_DEFINE_UNQUOTED([TARGET_ALIAS], ["${host}"], [A string representing our host]) +AM_CONDITIONAL([TARGET_LINUX], [false]) case "$host" in *-*-linux*) AC_DEFINE([TARGET_LINUX], [1], [Are we running on Linux?]) + AM_CONDITIONAL([TARGET_LINUX], [true]) AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["L"], [Target prefix]) have_sitnl="yes" ;; diff --git a/tests/Makefile.am b/tests/Makefile.am index e6803864..67acf7e3 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -14,7 +14,8 @@ MAINTAINERCLEANFILES = \ SUBDIRS = unit_tests -test_scripts = t_client.sh +test_scripts = t_net.sh +test_scripts += t_client.sh test_scripts += t_lpback.sh t_cltsrv.sh TESTS_ENVIRONMENT = top_srcdir="$(top_srcdir)" diff --git a/tests/t_net.sh b/tests/t_net.sh new file mode 100755 index 00000000..0be5bb42 --- /dev/null +++ b/tests/t_net.sh @@ -0,0 +1,180 @@ +#!/bin/sh + +IFACE="dummy0" +UNIT_TEST="./unit_tests/openvpn/networking_testdriver" +MAX_TEST=${1:-7} + +KILL_EXEC=`which kill` +CC=${CC:-gcc} + +srcdir="${srcdir:-.}" +top_builddir="${top_builddir:-..}" +openvpn="${top_builddir}/src/openvpn/openvpn" + + +# bail out right away on non-linux. NetLink (the object of this test) is only +# used on Linux, therefore testing other platform is not needed. +# +# Note: statements in the rest of the script may not even pass syntax check on +# solaris/bsd. It uses /bin/bash +if [ "$(uname -s)" != "Linux" ]; then + echo "$0: this test runs only on Linux. SKIPPING TEST." + exit 77 +fi + +# Commands used to retrieve the network state. +# State is retrieved after running sitnl and after running +# iproute commands. The two are then compared and expected to be equal. +typeset -a GET_STATE +GET_STATE[0]="ip link show dev $IFACE | sed 's/^[0-9]\+: //'" +GET_STATE[1]="ip addr show dev $IFACE | sed 's/^[0-9]\+: //'" +GET_STATE[2]="ip route show dev $IFACE" +GET_STATE[3]="ip -6 route show dev $IFACE" + +LAST_STATE=$((${#GET_STATE[@]} - 1)) + +reload_dummy() +{ + $RUN_SUDO $openvpn --dev $IFACE --dev-type tun --rmtun >/dev/null + $RUN_SUDO $openvpn --dev $IFACE --dev-type tun --mktun >/dev/null + if [ $? -ne 0 ]; then + echo "can't create interface $IFACE" + exit 1 + fi + + #ip link set dev $IFACE address 00:11:22:33:44:55 +} + +run_test() +{ + # run all test cases from 0 to $1 in sequence + CMD= + for k in $(seq 0 $1); do + # the unit-test prints to stdout the iproute command corresponding + # to the sitnl operation being executed. + # Format is "CMD: " + OUT=$($RUN_SUDO $UNIT_TEST $k $IFACE) + # ensure unit test worked properly + if [ $? -ne 0 ]; then + echo "unit-test $k errored out:" + echo "$OUT" + exit 1 + fi + + NEW=$(echo "$OUT" | sed -n 's/CMD: //p') + CMD="$CMD $RUN_SUDO $NEW ;" + done + + # collect state for later comparison + for k in $(seq 0 $LAST_STATE); do + STATE_TEST[$k]="$(eval ${GET_STATE[$k]})" + done +} + + +## execution starts here + +if [ -r "${top_builddir}"/t_client.rc ]; then + . "${top_builddir}"/t_client.rc +elif [ -r "${srcdir}"/t_client.rc ]; then + . "${srcdir}"/t_client.rc +else + echo "$0: cannot find 't_client.rc' in build dir ('${top_builddir}')" >&2 + echo "$0: or source directory ('${srcdir}'). SKIPPING TEST." >&2 + exit 77 +fi + +if [ ! -x "$openvpn" ]; then + echo "no (executable) openvpn binary in current build tree. FAIL." >&2 + exit 1 +fi + +if [ ! -x "$UNIT_TEST" ]; then + echo "no test_networking driver available. SKIPPING TEST." >&2 + exit 77 +fi + + +# Ensure PREFER_KSU is in a known state +PREFER_KSU="${PREFER_KSU:-0}" + +# make sure we have permissions to run ifconfig/route from OpenVPN +# can't use "id -u" here - doesn't work on Solaris +ID=`id` +if expr "$ID" : "uid=0" >/dev/null +then : +else + if [ "${PREFER_KSU}" -eq 1 ]; + then + # Check if we have a valid kerberos ticket + klist -l 1>/dev/null 2>/dev/null + if [ $? -ne 0 ]; + then + # No kerberos ticket found, skip ksu and fallback to RUN_SUDO + PREFER_KSU=0 + echo "$0: No Kerberos ticket available. Will not use ksu." + else + RUN_SUDO="ksu -q -e" + fi + fi + + if [ -z "$RUN_SUDO" ] + then + echo "$0: this test must run be as root, or RUN_SUDO=... " >&2 + echo " must be set correctly in 't_client.rc'. SKIP." >&2 + exit 77 + else + # We have to use sudo. Make sure that we (hopefully) do not have + # to ask the users password during the test. This is done to + # prevent timing issues, e.g. when the waits for openvpn to start + if $RUN_SUDO $KILL_EXEC -0 $$ + then + echo "$0: $RUN_SUDO $KILL_EXEC -0 succeeded, good." + else + echo "$0: $RUN_SUDO $KILL_EXEC -0 failed, cannot go on. SKIP." >&2 + exit 77 + fi + fi +fi + +for i in $(seq 0 $MAX_TEST); do + # reload dummy module to cleanup state + reload_dummy + typeset -a STATE_TEST + run_test $i + + # reload dummy module to cleanup state before running iproute commands + reload_dummy + + # CMD has been set by the unit test + eval $CMD + if [ $? -ne 0 ]; then + echo "error while executing:" + echo "$CMD" + exit 1 + fi + + # collect state after running manual ip command + for k in $(seq 0 $LAST_STATE); do + STATE_IP[$k]="$(eval ${GET_STATE[$k]})" + done + + # ensure states after running unit test matches the one after running + # manual iproute commands + for j in $(seq 0 $LAST_STATE); do + if [ "${STATE_TEST[$j]}" != "${STATE_IP[$j]}" ]; then + echo "state $j mismatching after '$CMD'" + echo "after unit-test:" + echo "${STATE_TEST[$j]}" + echo "after iproute command:" + echo "${STATE_IP[$j]}" + exit 1 + fi + done + +done + +# remove interface for good +$RUN_SUDO $openvpn --dev $IFACE --dev-type tun --rmtun >/dev/null + +exit 0 diff --git a/tests/unit_tests/openvpn/Makefile.am b/tests/unit_tests/openvpn/Makefile.am index b4304e35..e4471c09 100644 --- a/tests/unit_tests/openvpn/Makefile.am +++ b/tests/unit_tests/openvpn/Makefile.am @@ -1,17 +1,22 @@ AUTOMAKE_OPTIONS = foreign -check_PROGRAMS= +test_binaries= if HAVE_LD_WRAP_SUPPORT -check_PROGRAMS += argv_testdriver buffer_testdriver +test_binaries += argv_testdriver buffer_testdriver endif -check_PROGRAMS += crypto_testdriver packet_id_testdriver +test_binaries += crypto_testdriver packet_id_testdriver if HAVE_LD_WRAP_SUPPORT -check_PROGRAMS += tls_crypt_testdriver +test_binaries += tls_crypt_testdriver endif -TESTS = $(check_PROGRAMS) +TESTS = $(test_binaries) +check_PROGRAMS = $(test_binaries) + +if TARGET_LINUX +check_PROGRAMS += networking_testdriver +endif openvpn_includedir = $(top_srcdir)/include openvpn_srcdir = $(top_srcdir)/src/openvpn @@ -68,3 +73,18 @@ tls_crypt_testdriver_SOURCES = test_tls_crypt.c mock_msg.c \ $(openvpn_srcdir)/packet_id.c \ $(openvpn_srcdir)/platform.c \ $(openvpn_srcdir)/run_command.c + +networking_testdriver_CFLAGS = @TEST_CFLAGS@ \ + -I$(openvpn_includedir) -I$(compat_srcdir) -I$(openvpn_srcdir) \ + $(OPTIONAL_CRYPTO_CFLAGS) +networking_testdriver_LDFLAGS = @TEST_LDFLAGS@ -L$(openvpn_srcdir) \ + $(OPTIONAL_CRYPTO_LIBS) +networking_testdriver_SOURCES = test_networking.c mock_msg.c \ + $(openvpn_srcdir)/networking_sitnl.c \ + $(openvpn_srcdir)/buffer.c \ + $(openvpn_srcdir)/crypto.c \ + $(openvpn_srcdir)/crypto_mbedtls.c \ + $(openvpn_srcdir)/crypto_openssl.c \ + $(openvpn_srcdir)/otime.c \ + $(openvpn_srcdir)/packet_id.c \ + $(openvpn_srcdir)/platform.c diff --git a/tests/unit_tests/openvpn/test_networking.c b/tests/unit_tests/openvpn/test_networking.c new file mode 100644 index 00000000..66035011 --- /dev/null +++ b/tests/unit_tests/openvpn/test_networking.c @@ -0,0 +1,229 @@ +#include "config.h" +#include "syshead.h" +#include "networking.h" + +#include "mock_msg.h" + + +static char *iface = "dummy0"; + +#ifdef ENABLE_SITNL + +static int +net__iface_up(bool up) +{ + printf("CMD: ip link set %s %s\n", iface, up ? "up" : "down"); + + return net_iface_up(NULL, iface, up); +} + +static int +net__iface_mtu_set(int mtu) +{ + printf("CMD: ip link set %s mtu %d\n", iface, mtu); + + return net_iface_mtu_set(NULL, iface, mtu); +} + +static int +net__addr_v4_add(const char *addr_str, int prefixlen, const char *brd_str) +{ + in_addr_t addr, brd; + int ret; + + ret = inet_pton(AF_INET, addr_str, &addr); + if (ret != 1) + return -1; + + ret = inet_pton(AF_INET, brd_str, &brd); + if (ret != 1) + return -1; + + addr = ntohl(addr); + brd = ntohl(brd); + + printf("CMD: ip addr add %s/%d brd %s dev %s\n", addr_str, prefixlen, + brd_str, iface); + + return net_addr_v4_add(NULL, iface, &addr, prefixlen, &brd); +} + +static int +net__addr_v6_add(const char *addr_str, int prefixlen) +{ + struct in6_addr addr; + int ret; + + ret = inet_pton(AF_INET6, addr_str, &addr); + if (ret != 1) + return -1; + + printf("CMD: ip -6 addr add %s/%d dev %s\n", addr_str, prefixlen, iface); + + return net_addr_v6_add(NULL, iface, &addr, prefixlen); +} + +static int +net__route_v4_add(const char *dst_str, int prefixlen, int metric) +{ + in_addr_t dst; + int ret; + + if (!dst_str) + return -1; + + ret = inet_pton(AF_INET, dst_str, &dst); + if (ret != 1) + return -1; + + dst = ntohl(dst); + + printf("CMD: ip route add %s/%d dev %s", dst_str, prefixlen, iface); + if (metric > 0) + printf(" metric %d", metric); + printf("\n"); + + return net_route_v4_add(NULL, &dst, prefixlen, NULL, iface, 0, metric); + +} + +static int +net__route_v4_add_gw(const char *dst_str, int prefixlen, const char *gw_str, + int metric) +{ + in_addr_t dst, gw; + int ret; + + if (!dst_str || !gw_str) + return -1; + + ret = inet_pton(AF_INET, dst_str, &dst); + if (ret != 1) + return -1; + + ret = inet_pton(AF_INET, gw_str, &gw); + if (ret != 1) + return -1; + + dst = ntohl(dst); + gw = ntohl(gw); + + printf("CMD: ip route add %s/%d dev %s via %s", dst_str, prefixlen, iface, + gw_str); + if (metric > 0) + printf(" metric %d", metric); + printf("\n"); + + return net_route_v4_add(NULL, &dst, prefixlen, &gw, iface, 0, metric); +} + +static int +net__route_v6_add(const char *dst_str, int prefixlen, int metric) +{ + struct in6_addr dst; + int ret; + + if (!dst_str) + return -1; + + ret = inet_pton(AF_INET6, dst_str, &dst); + if (ret != 1) + return -1; + + printf("CMD: ip -6 route add %s/%d dev %s", dst_str, prefixlen, iface); + if (metric > 0) + printf(" metric %d", metric); + printf("\n"); + + return net_route_v6_add(NULL, &dst, prefixlen, NULL, iface, 0, metric); + +} + +static int +net__route_v6_add_gw(const char *dst_str, int prefixlen, const char *gw_str, + int metric) +{ + struct in6_addr dst, gw; + int ret; + + if (!dst_str || !gw_str) + return -1; + + ret = inet_pton(AF_INET6, dst_str, &dst); + if (ret != 1) + return -1; + + ret = inet_pton(AF_INET6, gw_str, &gw); + if (ret != 1) + return -1; + + printf("CMD: ip -6 route add %s/%d dev %s via %s", dst_str, prefixlen, + iface, gw_str); + if (metric > 0) + printf(" metric %d", metric); + printf("\n"); + + return net_route_v6_add(NULL, &dst, prefixlen, &gw, iface, 0, metric); +} + +static void +usage(char *name) +{ + printf("Usage: %s <0-7>\n", name); +} + +int +main(int argc, char *argv[]) +{ + int test; + + mock_set_debug_level(10); + + if (argc < 2) + { + usage(argv[0]); + return -1; + } + + if (argc > 3) + { + iface = argv[2]; + } + + test = atoi(argv[1]); + switch (test) + { + case 0: + return net__iface_up(true); + case 1: + return net__iface_mtu_set(1281); + case 2: + return net__addr_v4_add("10.255.255.1", 24, "10.255.255.255"); + case 3: + return net__addr_v6_add("2001::1", 64); + case 4: + return net__route_v4_add("11.11.11.0", 24, 0); + case 5: + return net__route_v4_add_gw("11.11.12.0", 24, "10.255.255.2", 0); + case 6: + return net__route_v6_add("2001:babe:cafe:babe::", 64, 600); + case 7: + return net__route_v6_add_gw("2001:cafe:babe::", 48, "2001::2", 600); + default: + printf("invalid test: %d\n", test); + break; + } + + usage(argv[0]); + return -1; +} + +#else + +int +main(int argc, char *argv[]) +{ + return 0; +} + +#endif /* ENABLE_SITNL */ From patchwork Tue Dec 18 18:01:18 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 645 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director11.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id OMZyLyDRGVxOKQAAIUCqbw for ; Wed, 19 Dec 2018 00:03:28 -0500 Received: from proxy13.mail.ord1d.rsapps.net ([172.30.191.6]) by director11.mail.ord1d.rsapps.net with LMTP id ICl4LyDRGVwwVQAAvGGmqA ; Wed, 19 Dec 2018 00:03:28 -0500 Received: from smtp10.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy13.mail.ord1d.rsapps.net with LMTP id kPAxLyDRGVwZFAAAgjf6aA ; Wed, 19 Dec 2018 00:03:28 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp10.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: 6bb1a3d8-034b-11e9-ae2c-52540013bccb-1-1 Received: from [216.105.38.7] ([216.105.38.7:50667] helo=lists.sourceforge.net) by smtp10.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 29/0F-26478-F11D91C5; Wed, 19 Dec 2018 00:03:28 -0500 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1gZU06-0000CU-4Q; Wed, 19 Dec 2018 05:02:30 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1gZU05-0000CG-5x for openvpn-devel@lists.sourceforge.net; Wed, 19 Dec 2018 05:02:29 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=h3WryLDENGB8+fhy4g4GOlwvVVu8pO356jjDCQ9F/bg=; b=P4iE3EOUxgp+H1RUbMyG9/kvdS jNNz/6EjsofhwOKDXBwcTkVGnM15bj1AUqY6yw+aXlokpzuc/UtK0m7cXSEkM67Q5hS2bC7BPrxnf /weyerm5BH9fgpDHgdYYPRSZTDL8p12UnmH7mdiNv0vXBI6fYPiJUld3qpz5E+ZF4lBQ=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=h3WryLDENGB8+fhy4g4GOlwvVVu8pO356jjDCQ9F/bg=; b=ct0eaw2IWJZdOkMwcMBFI1jy2a w6fnp/G72MMw4ViZJLw9Ldnp573DBgFGQWXMf7LhOILNxXF4VDcYQlSqYTIqzvznE4Icm9bYQgClo Wl7V6uOPOtmovsFmuXe2Xz7Tc8tyn6irMXJy1UkWuf+fPWPs1xQxnkjrF+PHhHQeLD1k=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-4.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) id 1gZU03-008vqU-O3 for openvpn-devel@lists.sourceforge.net; Wed, 19 Dec 2018 05:02:29 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Wed, 19 Dec 2018 15:01:18 +1000 Message-Id: <20181219050118.6568-8-a@unstable.cc> In-Reply-To: <20181219050118.6568-1-a@unstable.cc> References: <20181219050118.6568-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [5.148.176.60 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1gZU03-008vqU-O3 Subject: [Openvpn-devel] [PATCH v3 7/7] travis.yml: add test for iproute2 net implementation X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Signed-off-by: Antonio Quartulli Acked-By: Arne Schwabe --- .travis.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.travis.yml b/.travis.yml index ede2aaa6..b8031fd8 100644 --- a/.travis.yml +++ b/.travis.yml @@ -33,6 +33,9 @@ matrix: - env: SSLLIB="openssl" OPENSSL_VERSION="1.1.0h" os: linux compiler: gcc + - env: SSLLIB="openssl" EXTRA_CONFIG="--enable-iproute2" + os: linux + compiler: gcc - env: SSLLIB="openssl" CFLAGS="-fsanitize=address" os: linux compiler: clang