From: Antonio Quartulli <anto...@openvpn.net>
When routing a packet to a LAN behind a peer, ovpn need to
inspect the route entry that brought there the packet in the
first place.
If this packet is truly routable, the route will provide the
GW to be used to lookup the VPN peer to send the packet to.
However, the route entry is currently dropped before entering
the ovpn xmit function, because the IFF_XMIT_DST_RELEASE priv_flag
is set by default.
Clear the IFF_XMIT_DST_RELEASE flag during interface setup to allow
the route entry (skb's dst) to survive and thus be inspected
by the routing logic.
Reported-by: Gert Doering <g...@greenie.muc.de>
Signed-off-by: Antonio Quartulli <anto...@openvpn.net>
---
drivers/net/ovpn/main.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/net/ovpn/main.c b/drivers/net/ovpn/main.c
index 0acb0934c1be..e17992b937bc 100644
--- a/drivers/net/ovpn/main.c
+++ b/drivers/net/ovpn/main.c
@@ -157,6 +157,11 @@ static void ovpn_setup(struct net_device *dev)
dev->type = ARPHRD_NONE;
dev->flags = IFF_POINTOPOINT | IFF_NOARP;
dev->priv_flags |= IFF_NO_QUEUE;
+ /* when routing packet to a LAN behind a client, we rely on the
+ * route entry that originally brought the packet into ovpn, so
+ * don't release it
+ */
+ dev->priv_flags &= ~IFF_XMIT_DST_RELEASE;
dev->lltx = true;
dev->features |= feat;
--
2.49.0
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
