From: Antonio Quartulli Date: Mon, 9 Jun 2025 10:02:10 +0000 (+0200) Subject: dco_linux: enable extended netlink error reporting X-Git-Tag: v2.7_alpha2~6 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ddbfbeca603eedddc12556b28e5cd9b022e9ea63;p=thirdparty%2Fopenvpn.git dco_linux: enable extended netlink error reporting The ovpn netlink code reports more verbose error strings to help userspace understand what went wrong, rather than just returning, for example, -EINVAL. However, userspace must instruct the kernel netlink subsystem that it wants to receive such strings. code for parsing such strings has always been present but it was never used. Set the socket option which enables such reporting. Change-Id: I4457b1d7262e0a39c275d33aaef6c4bcbeae6ab3 Signed-off-by: Antonio Quartulli Acked-by: Gert Doering Message-Id: <20250609100216.3997-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg31885.html Signed-off-by: Gert Doering --- diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c index 49dbdad94..03454132e 100644 --- a/src/openvpn/dco_linux.c +++ b/src/openvpn/dco_linux.c @@ -367,19 +367,19 @@ ovpn_nl_cb_error(struct sockaddr_nl (*nla) __attribute__ ((unused)), { len = strnlen((char *)nla_data(tb_msg[NLMSGERR_ATTR_MSG]), nla_len(tb_msg[NLMSGERR_ATTR_MSG])); - msg(M_WARN, "kernel error: %*s\n", len, + msg(M_WARN, "kernel error: %*s", len, (char *)nla_data(tb_msg[NLMSGERR_ATTR_MSG])); } if (tb_msg[OVPN_NLMSGERR_ATTR_MISS_NEST]) { - msg(M_WARN, "kernel error: missing required nesting type %u\n", + msg(M_WARN, "kernel error: missing required nesting type %u", nla_get_u32(tb_msg[OVPN_NLMSGERR_ATTR_MISS_NEST])); } if (tb_msg[OVPN_NLMSGERR_ATTR_MISS_TYPE]) { - msg(M_WARN, "kernel error: missing required attribute type %u\n", + msg(M_WARN, "kernel error: missing required attribute type %u", nla_get_u32(tb_msg[OVPN_NLMSGERR_ATTR_MISS_TYPE])); } @@ -405,6 +405,11 @@ ovpn_dco_init_netlink(dco_context_t *dco) nl_geterror(ret)); } + /* enable Extended ACK for detailed error reporting */ + ret = 1; + setsockopt(nl_socket_get_fd(dco->nl_sock), SOL_NETLINK, NETLINK_EXT_ACK, + &ret, sizeof(ret)); + /* set close on exec and non-block on the netlink socket */ set_cloexec(nl_socket_get_fd(dco->nl_sock)); set_nonblock(nl_socket_get_fd(dco->nl_sock));