From patchwork Sat Mar 14 01:58:01 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Rozman X-Patchwork-Id: 1042 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director9.mail.ord1d.rsapps.net ([172.28.255.1]) by backend30.mail.ord1d.rsapps.net with LMTP id sN3sFi/VbF6MXgAAIUCqbw for ; Sat, 14 Mar 2020 08:59:27 -0400 Received: from proxy9.mail.ord1c.rsapps.net ([172.28.255.1]) by director9.mail.ord1d.rsapps.net with LMTP id yCLMFi/VbF7jUgAAalYnBA ; Sat, 14 Mar 2020 08:59:27 -0400 Received: from smtp8.gate.ord1c ([172.28.255.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy9.mail.ord1c.rsapps.net with LMTP id 0HGOFi/VbF5uPAAAgxtkuw ; Sat, 14 Mar 2020 08:59:27 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp8.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=rozman.si; dmarc=fail (p=none; dis=none) header.from=rozman.si X-Suspicious-Flag: YES X-Classification-ID: a2132968-65f3-11ea-b21c-782bcb03304b-1-1 Received: from [216.105.38.7] ([216.105.38.7:56420] helo=lists.sourceforge.net) by smtp8.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id BA/8F-05548-E25DC6E5; Sat, 14 Mar 2020 08:59:26 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1jD6N5-0007Ua-7H; Sat, 14 Mar 2020 12:58:31 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jD6N3-0007UR-Fo for openvpn-devel@lists.sourceforge.net; Sat, 14 Mar 2020 12:58:29 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=XiF4HbVrE0CKqYLsXqJEhXJtNQUEZ8SsOM4Gvaemijk=; b=AVHNDQcBbCbsYV+clS8DEbxUmW QjBHjUZN0HIyGO9M8L9H81dy4QfwwjrXJuvj4lSg/FMBDQKLfSuLEdFYJ493GabKtkL5cYOKUkoba HlApQFPGnjhIiXxz1iWMYOC9XjKEUADfP0HA1z1PqYhatNeGoWlMTD+nEZT1touHaDug=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=XiF4HbVrE0CKqYLsXqJEhXJtNQUEZ8SsOM4Gvaemijk=; b=O3uEaWkFZCmYHSJtxhffEfIt3k iYXi8CTF01Q8os9a5KN7EUgaafAjA6subWFsGUgEL0VQDsTyoMXjuY2WUt9vG6cEReBjDHUVWczrm slF1tCAy5OHG8uCAcAaRwwqUwQBEKG4tL6rFN98PLbXQI6Os8uZHTrIIpbkoCr29kIX0=; Received: from pub5.amebis.si ([213.250.55.21]) by sfi-mx-3.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1jD6Mw-007IRO-Ib for openvpn-devel@lists.sourceforge.net; Sat, 14 Mar 2020 12:58:29 +0000 Received: by pub5.amebis.si (Postfix, from userid 1000) id 0CCD51004491; Sat, 14 Mar 2020 13:58:07 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rozman.si; s=default; t=1584190687; bh=XiF4HbVrE0CKqYLsXqJEhXJtNQUEZ8SsOM4Gvaemijk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=KONM4DgArNNn/y+IZVMfwkJHr5MVCCCKpI3YfAdatbVVE+WFXpbkPwGhNwm2AbgSj daEPqsEExLjeJwtMjeC9ihdQ2BnT+I5wXU33/fgwF7WiKKDQDdWqCegAcS5UU6c4jg sarY431FMANjl382xYcpclFs+zhuG7WJFnvx2xqI= X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on brana.amebis.doma X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=unavailable autolearn_force=no version=3.4.4 Received: from SR6.amebis.doma (unknown [IPv6:2a00:ee2:209:164:bc7b:9052:d1ca:7bcd]) by pub5.amebis.si (Postfix) with ESMTP id 31E3F100448C; Sat, 14 Mar 2020 13:58:04 +0100 (CET) From: Simon Rozman To: openvpn-devel@lists.sourceforge.net Date: Sat, 14 Mar 2020 13:58:01 +0100 Message-Id: <20200314125801.1031-1-simon@rozman.si> X-Mailer: git-send-email 2.24.1.windows.2 In-Reply-To: <20200314124428.GE1431@greenie.muc.de> References: <20200314124428.GE1431@greenie.muc.de> MIME-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: rozman.si] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1jD6Mw-007IRO-Ib Subject: [Openvpn-devel] [PATCH v2 2/2] tun.c: revise the IPv4 ifconfig flow on Windows X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox When provisioning IP configuration, we shall not ask what kind of adapter this is. Rather, we should ask what method of provisioning we are configured to use. It is options.c's job to rule out invalid combinations. - do_ifconfig_ipv4(): unify the workflow with its IPv6 counterpart No need to distinguish Wintun and TAP-Windows6 here. This also fixes an issue with --windows-driver wintun overriding --ip-win32 manual, the later being perfectly fine choice for Wintun too. - open_tun(), tuntap_post_open(), tuntap_set_ip_addr(): unify Wintun and TAP-Windows6 workflow. This allows allows --ip-win32 ipapi now. - close_tun() the cleanup has been revised to match the ifconfig workflow in reverse. Signed-off-by: Simon Rozman Acked-by: Lev Stipakov --- src/openvpn/options.c | 5 +- src/openvpn/tun.c | 130 ++++++++++++++++++++++-------------------- 2 files changed, 70 insertions(+), 65 deletions(-) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index e79a1215..f1fc91e9 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -3007,8 +3007,9 @@ options_postprocess_mutate_invariant(struct options *options) } #ifdef _WIN32 - /* when using wintun, kernel doesn't send DHCP requests, so use netsh to set IP address and netmask */ - if (options->windows_driver == WINDOWS_DRIVER_WINTUN) + /* when using wintun, kernel doesn't send DHCP requests, so don't use it */ + if (options->windows_driver == WINDOWS_DRIVER_WINTUN + && (options->tuntap_options.ip_win32_type == IPW32_SET_DHCP_MASQ || options->tuntap_options.ip_win32_type == IPW32_SET_ADAPTIVE)) { options->tuntap_options.ip_win32_type = IPW32_SET_NETSH; } diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index 42193d97..1afa7f07 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -1381,34 +1381,29 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, int tun_mtu, env_set_destroy(aix_es); } #elif defined (_WIN32) - { - ASSERT(ifname != NULL); - - if (tt->options.msg_channel && tt->windows_driver == WINDOWS_DRIVER_WINTUN) - { - do_address_service(true, AF_INET, tt); - do_dns_service(true, AF_INET, tt); - } - else - { - switch (tt->options.ip_win32_type) - { - case IPW32_SET_MANUAL: - msg(M_INFO, - "******** NOTE: Please manually set the IP/netmask of '%s' to %s/%s (if it is not already set)", - ifname, ifconfig_local, - print_in_addr_t(tt->adapter_netmask, 0, &gc)); - break; + ASSERT(ifname != NULL); - case IPW32_SET_NETSH: - netsh_ifconfig(&tt->options, ifname, tt->local, - tt->adapter_netmask, NI_IP_NETMASK|NI_OPTIONS); - - break; - } - } + if (tt->options.ip_win32_type == IPW32_SET_MANUAL) + { + msg(M_INFO, + "******** NOTE: Please manually set the IP/netmask of '%s' to %s/%s (if it is not already set)", + ifname, ifconfig_local, + print_in_addr_t(tt->adapter_netmask, 0, &gc)); + } + else if (tt->options.ip_win32_type == IPW32_SET_DHCP_MASQ || tt->options.ip_win32_type == IPW32_SET_ADAPTIVE) + { + /* Let the DHCP configure the interface. */ + } + else if (tt->options.msg_channel) + { + do_address_service(true, AF_INET, tt); + do_dns_service(true, AF_INET, tt); + } + else if (tt->options.ip_win32_type == IPW32_SET_NETSH) + { + netsh_ifconfig(&tt->options, ifname, tt->local, + tt->adapter_netmask, NI_IP_NETMASK|NI_OPTIONS); } - #else /* if defined(TARGET_LINUX) */ msg(M_FATAL, "Sorry, but I don't know how to do 'ifconfig' commands on this operating system. You should ifconfig your TUN/TAP device manually or use an --up script."); #endif /* if defined(TARGET_LINUX) */ @@ -5821,7 +5816,8 @@ tuntap_set_ip_addr(struct tuntap *tt, const DWORD index = tt->adapter_index; /* flush arp cache */ - if (index != TUN_ADAPTER_INDEX_INVALID) + if (tt->windows_driver == WINDOWS_DRIVER_TAP_WINDOWS6 + && index != TUN_ADAPTER_INDEX_INVALID) { DWORD status = -1; @@ -6357,36 +6353,39 @@ tuntap_post_open(struct tuntap *tt, const char *device_guid) bool dhcp_masq = false; bool dhcp_masq_post = false; - /* get driver version info */ - tuntap_get_version_info(tt); + if (tt->windows_driver == WINDOWS_DRIVER_TAP_WINDOWS6) + { + /* get driver version info */ + tuntap_get_version_info(tt); - /* get driver MTU */ - tuntap_get_mtu(tt); + /* get driver MTU */ + tuntap_get_mtu(tt); - /* - * Preliminaries for setting TAP-Windows adapter TCP/IP - * properties via --ip-win32 dynamic or --ip-win32 adaptive. - */ - if (tt->did_ifconfig_setup) - { - tuntap_set_ip_props(tt, &dhcp_masq, &dhcp_masq_post); - } + /* + * Preliminaries for setting TAP-Windows adapter TCP/IP + * properties via --ip-win32 dynamic or --ip-win32 adaptive. + */ + if (tt->did_ifconfig_setup) + { + tuntap_set_ip_props(tt, &dhcp_masq, &dhcp_masq_post); + } - /* set point-to-point mode if TUN device */ - if (tt->type == DEV_TYPE_TUN) - { - tuntap_set_ptp(tt); - } + /* set point-to-point mode if TUN device */ + if (tt->type == DEV_TYPE_TUN) + { + tuntap_set_ptp(tt); + } - /* should we tell the TAP-Windows driver to masquerade as a DHCP server as a means - * of setting the adapter address? */ - if (dhcp_masq) - { - tuntap_dhcp_mask(tt, device_guid); - } + /* should we tell the TAP-Windows driver to masquerade as a DHCP server as a means + * of setting the adapter address? */ + if (dhcp_masq) + { + tuntap_dhcp_mask(tt, device_guid); + } - /* set driver media status to 'connected' */ - tuntap_set_connected(tt); + /* set driver media status to 'connected' */ + tuntap_set_connected(tt); + } /* possibly use IP Helper API to set IP address on adapter */ tuntap_set_ip_addr(tt, device_guid, dhcp_masq_post); @@ -6413,10 +6412,7 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun tun_open_device(tt, dev_node, &device_guid); - if (tt->windows_driver == WINDOWS_DRIVER_TAP_WINDOWS6) - { - tuntap_post_open(tt, device_guid); - } + tuntap_post_open(tt, device_guid); /*netcmd_semaphore_release ();*/ } @@ -6533,20 +6529,29 @@ close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx) netsh_delete_address_dns(tt, true, &gc); } } -#if 1 - if (tt->windows_driver == WINDOWS_DRIVER_WINTUN) + + if (tt->did_ifconfig_setup) { - if (tt->options.msg_channel) + if (tt->options.ip_win32_type == IPW32_SET_MANUAL) + { + /* We didn't do ifconfig. */ + } + else if (tt->options.ip_win32_type == IPW32_SET_DHCP_MASQ || tt->options.ip_win32_type == IPW32_SET_ADAPTIVE) + { + /* We don't have to clean the configuration with DHCP. */ + } + else if (tt->options.msg_channel) { - do_address_service(false, AF_INET, tt); do_dns_service(false, AF_INET, tt); + do_address_service(false, AF_INET, tt); } - else + else if (tt->options.ip_win32_type == IPW32_SET_NETSH) { netsh_delete_address_dns(tt, false, &gc); } } - else if (tt->ipapi_context_defined) + + if (tt->ipapi_context_defined) { DWORD status; if ((status = DeleteIPAddress(tt->ipapi_context)) != NO_ERROR) @@ -6557,7 +6562,6 @@ close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx) strerror_win32(status, &gc)); } } -#endif /* if 1 */ dhcp_release(tt);