Re: [Openvpn-devel] [PATCH v4 6/7] options: enable IPv4 redirection logic only if really required
Hi,
On Sun, Jun 07, 2020 at 01:25:01PM +0200, Gert Doering wrote:
> Can we make this conditional in a way that does not break "redirect-private"?
A very simple patch would be
if (streq(p[0], "redirect-gateway"))
{
options->routes->flags |= RG_REROUTE_GW;
}
+ if (streq(p[0], "redirect-private"))
+ {
+ options->routes->flags |= RG_ENABLE;
+ }
and then take your patch as-is ("redirect-gateway with no options" would
set RG_REROUTE_GW, which, if not cleared by !ipv4, would set RG_ENABLE
later on, while "redirect-private" sets the RG_ENABLE itself).
Alternatively, set RG_ENABLE at the top (always), and clear it for "!ipv4"
else if (streq(p[j], "!ipv4"))
{
options->routes->flags &= ~(RG_REROUTE_GW|RG_ENABLE);
}
... this should do the same thing, with less code convolutions.
Configs that have *both* "redirect-private" and "redirect-gateway !ipv4 ipv6"
would still be broken. But I'm not sure such a config is well-defined
in the first place.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH v4 6/7] options: enable IPv4 redirection logic only if really required
Hi, On Sat, May 30, 2020 at 02:05:59AM +0200, Antonio Quartulli wrote: > From: Antonio Quartulli > > If no IPv4 redirection flag is set, do not enable the IPv4 > redirection logic at all so that it won't bother adding any > useless IPv4 route. > > Trac: #208 > Signed-off-by: Antonio Quartulli I can see why we want this - I tried to connect to a "v6-only-in-tunnel" server over v4, specifying "redirect-gateway !ipv4 ipv6", and it tried to install a v4 /32 redirect route... Sun Jun 7 13:20:43 2020 net_route_v4_add: 199.102.77.82/32 via 193.149.48.190 dev [NULL] table 0 metric -1 ... which is harmless, but "unnecesary fumbling" is not desirable. The reason why I'm a bit unhappy about applying it is that it will change behaviour for the "redirect-private" case, and that might break people's setups. For "redirect-gateway" or "redirect-gateway def1" (etc), it will not change anything. Can we make this conditional in a way that does not break "redirect-private"? (I used to use "redirect-private" to handle overlapping IPv4 routes without actually redirecting the whole gateway - think "VPN server is on 192.0.2.1 and you want to push 'route 192.0.2.0/24'". IPv6 handles this automatically, but v4 needs "redirect-private" for that to work) thanks :) gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH v4 6/7] options: enable IPv4 redirection logic only if really required
From: Antonio Quartulli
If no IPv4 redirection flag is set, do not enable the IPv4
redirection logic at all so that it won't bother adding any
useless IPv4 route.
Trac: #208
Signed-off-by: Antonio Quartulli
---
Changes from v4:
- move error message modification to previous patch
Changes from v3:
- patchset rebased on top of pre-ipv6-only patchset
src/openvpn/options.c | 9 -
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 7556e7ee..3798731e 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -6591,7 +6591,14 @@ add_option(struct options *options,
/* we need this here to handle pushed --redirect-gateway */
remap_redirect_gateway_flags(options);
#endif
-options->routes->flags |= RG_ENABLE;
+/* enable IPv4 redirection logic only if at least one IPv4 flag is set.
+ * For instance, when "redirect-gateway !ipv4 ipv6" is specified no
+ * IPv4 redirection should be activated.
+ */
+if (options->routes->flags)
+{
+options->routes->flags |= RG_ENABLE;
+}
}
else if (streq(p[0], "block-ipv6") && !p[1])
{
--
2.26.2
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
