Message ID | CAJ-EccN7eQsSaFn4MH4qRTKx+zZ-1YcGAe0XU8813p7k=W2i4g@mail.gmail.com |
---|---|
State | Rejected |
Headers | show |
Series | [Openvpn-devel] Specify platform and version on command line. | expand |
Hi. On Fri, Apr 13, 2018 at 1:23 PM, Micah Morton <mortonm@chromium.org> wrote: > From 557d2e73bf21ddb9d07b43f716c7914d610e7392 Mon Sep 17 00:00:00 2001 > From: Micah Morton <mortonm@chromium.org> > Date: Fri, 13 Apr 2018 09:55:22 -0700 > Subject: [PATCH] Specify platform and version on command line. > > Add --iv-plat and --iv-plat-rel command line args, and use the values > passed to these args to set IV_PLAT and IV_PLAT_REL info that is pushed > to the server. Sounds reasonable, but the new options should be documented on the man page and in the usage message that's shown to users (in options.c) and that should be included in this patch. Best regards, Jon Bullard ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Hi, On Fri, Apr 13, 2018 at 10:23:03AM -0700, Micah Morton wrote: > From 557d2e73bf21ddb9d07b43f716c7914d610e7392 Mon Sep 17 00:00:00 2001 > From: Micah Morton <mortonm@chromium.org> > Date: Fri, 13 Apr 2018 09:55:22 -0700 > Subject: [PATCH] Specify platform and version on command line. > > Add --iv-plat and --iv-plat-rel command line args, and use the values > passed to these args to set IV_PLAT and IV_PLAT_REL info that is pushed > to the server. > > IV_PLAT (platform type) is normally inferred from the build target, but > it would be useful to be able to override this from the command line > (e.g. for client to set platform as ChromeOS instead of Linux). > > IV_PLAT_REL (platform release version) would allow for pushing the > platform (e.g. ChromeOS) release version to the server. I'm actually less than enthusiastic about "yay, two more special-case options for OpenVPN" - and even less so to options that enable users to override a fairly well-defined meaning of IV_PLAT with an arbitrary string. Even if it's ChromeOS, compiled with #define TARGET_LINUX, IV_PLAT should reflect that. There is already "--setenv UV_anykey=value" to send arbitrary strings to the server, and in particular, IV_PLAT_VER can already be set by "--setenv IV_PLAT_VER=<version>". There's one catch to this, though - for some reason that escapes me right now we have decided that IV_PLAT_VER= and the UV_ user-defined strings are only sent if --push-peer-info is also configured on the client (while IV_GUI_VER, also settable with --setenv, is always sent). So we might want to revisit that decision. gert
@gert: From the help message: "--setenv name value : Set a custom environmental variable to pass to script." --setenv appears to set string values for scripts only, not for the main openvpn process (which is reading them in the push_peer_info() function). Starting a test openvpn server with `--setenv foo bar` and then running `strings` on /proc/PID/environ doesn't show "foo=bar". This suggests that getenv() calls in the main openvpn process that try to read these vars may return NULL. @jon: the mods to options.c in the patch above should take care of the help message (I tested it by running openvpn --help). Although good point if this is going in I should update the man page as well. On Fri, Apr 13, 2018 at 11:58 AM, Gert Doering <gert@greenie.muc.de> wrote: > Hi, > > On Fri, Apr 13, 2018 at 10:23:03AM -0700, Micah Morton wrote: > > From 557d2e73bf21ddb9d07b43f716c7914d610e7392 Mon Sep 17 00:00:00 2001 > > From: Micah Morton <mortonm@chromium.org> > > Date: Fri, 13 Apr 2018 09:55:22 -0700 > > Subject: [PATCH] Specify platform and version on command line. > > > > Add --iv-plat and --iv-plat-rel command line args, and use the values > > passed to these args to set IV_PLAT and IV_PLAT_REL info that is pushed > > to the server. > > > > IV_PLAT (platform type) is normally inferred from the build target, but > > it would be useful to be able to override this from the command line > > (e.g. for client to set platform as ChromeOS instead of Linux). > > > > IV_PLAT_REL (platform release version) would allow for pushing the > > platform (e.g. ChromeOS) release version to the server. > > I'm actually less than enthusiastic about "yay, two more special-case > options for OpenVPN" - and even less so to options that enable users > to override a fairly well-defined meaning of IV_PLAT with an arbitrary > string. Even if it's ChromeOS, compiled with #define TARGET_LINUX, > IV_PLAT should reflect that. > > There is already "--setenv UV_anykey=value" to send arbitrary strings > to the server, and in particular, IV_PLAT_VER can already be set by > "--setenv IV_PLAT_VER=<version>". > > There's one catch to this, though - for some reason that escapes me right > now we have decided that IV_PLAT_VER= and the UV_ user-defined strings > are only sent if --push-peer-info is also configured on the client > (while IV_GUI_VER, also settable with --setenv, is always sent). > > So we might want to revisit that decision. > > gert > > -- > "If was one thing all people took for granted, was conviction that if you > feed honest figures into a computer, honest figures come out. Never > doubted > it myself till I met a computer with a sense of humor." > Robert A. Heinlein, The Moon is a Harsh > Mistress > > Gert Doering - Munich, Germany > gert@greenie.muc.de > <div dir="ltr"><div><span style="color:rgb(0,0,0);font-family:Roboto,-apple-system,BlinkMacSystemFont,"Segoe UI",Helvetica,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";font-size:13px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:pre-wrap;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">@gert:</span></div><div><span style="color:rgb(0,0,0);font-family:Roboto,-apple-system,BlinkMacSystemFont,"Segoe UI",Helvetica,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";font-size:13px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:pre-wrap;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"><br></span></div><div><span style="color:rgb(0,0,0);font-family:Roboto,-apple-system,BlinkMacSystemFont,"Segoe UI",Helvetica,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";font-size:13px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:pre-wrap;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">From the help message: "--setenv name value : Set a custom environmental variable to pass to script."</span></div><span style="color:rgb(0,0,0);font-family:Roboto,-apple-system,BlinkMacSystemFont,"Segoe UI",Helvetica,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";font-size:13px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:pre-wrap;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"><div><span style="color:rgb(0,0,0);font-family:Roboto,-apple-system,BlinkMacSystemFont,"Segoe UI",Helvetica,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";font-size:13px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:pre-wrap;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"><br></span></div>--setenv appears to set string values for scripts only, not for the main openvpn process (which is reading them in the push_peer_info() function). Starting a test openvpn server with `--setenv foo bar` and then running `strings` on /proc/PID/environ doesn't show "foo=bar". This suggests that getenv() calls in the main openvpn process that try to read these vars may return NULL.</span><br><div><span style="color:rgb(0,0,0);font-family:Roboto,-apple-system,BlinkMacSystemFont,"Segoe UI",Helvetica,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";font-size:13px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:pre-wrap;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"><br></span></div><div><span style="color:rgb(0,0,0);font-family:Roboto,-apple-system,BlinkMacSystemFont,"Segoe UI",Helvetica,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";font-size:13px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:pre-wrap;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">@jon:</span></div><div><span style="color:rgb(0,0,0);font-family:Roboto,-apple-system,BlinkMacSystemFont,"Segoe UI",Helvetica,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";font-size:13px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:pre-wrap;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"><br></span></div><div><span style="color:rgb(0,0,0);font-family:Roboto,-apple-system,BlinkMacSystemFont,"Segoe UI",Helvetica,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";font-size:13px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:pre-wrap;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">the mods to options.c in the patch above should take care of the help message (I tested it by running openvpn --help). Although good point if this is going in I should update the man page as well.</span></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Apr 13, 2018 at 11:58 AM, Gert Doering <span dir="ltr"><<a href="mailto:gert@greenie.muc.de" target="_blank">gert@greenie.muc.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br> <span class=""><br> On Fri, Apr 13, 2018 at 10:23:03AM -0700, Micah Morton wrote:<br> > From 557d2e73bf21ddb9d07b43f716c791<wbr>4d610e7392 Mon Sep 17 00:00:00 2001<br> > From: Micah Morton <<a href="mailto:mortonm@chromium.org">mortonm@chromium.org</a>><br> > Date: Fri, 13 Apr 2018 09:55:22 -0700<br> > Subject: [PATCH] Specify platform and version on command line.<br> > <br> > Add --iv-plat and --iv-plat-rel command line args, and use the values<br> > passed to these args to set IV_PLAT and IV_PLAT_REL info that is pushed<br> > to the server.<br> > <br> > IV_PLAT (platform type) is normally inferred from the build target, but<br> > it would be useful to be able to override this from the command line<br> > (e.g. for client to set platform as ChromeOS instead of Linux).<br> > <br> > IV_PLAT_REL (platform release version) would allow for pushing the<br> > platform (e.g. ChromeOS) release version to the server.<br> <br> </span>I'm actually less than enthusiastic about "yay, two more special-case<br> options for OpenVPN" - and even less so to options that enable users<br> to override a fairly well-defined meaning of IV_PLAT with an arbitrary <br> string. Even if it's ChromeOS, compiled with #define TARGET_LINUX, <br> IV_PLAT should reflect that.<br> <br> There is already "--setenv UV_anykey=value" to send arbitrary strings<br> to the server, and in particular, IV_PLAT_VER can already be set by<br> "--setenv IV_PLAT_VER=<version>".<br> <br> There's one catch to this, though - for some reason that escapes me right <br> now we have decided that IV_PLAT_VER= and the UV_ user-defined strings <br> are only sent if --push-peer-info is also configured on the client<br> (while IV_GUI_VER, also settable with --setenv, is always sent).<br> <br> So we might want to revisit that decision.<br> <span class="HOEnZb"><font color="#888888"><br> gert<br> <br> -- <br> "If was one thing all people took for granted, was conviction that if you <br> feed honest figures into a computer, honest figures come out. Never doubted <br> it myself till I met a computer with a sense of humor."<br> Robert A. Heinlein, The Moon is a Harsh Mistress<br> <br> Gert Doering - Munich, Germany <a href="mailto:gert@greenie.muc.de">gert@greenie.muc.de</a><br> </font></span></blockquote></div><br></div> ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Hi, On Fri, Apr 13, 2018 at 12:34:15PM -0700, Micah Morton wrote: > @gert: > > From the help message: "--setenv name value : Set a custom environmental > variable to pass to script." > > --setenv appears to set string values for scripts only, not for the main > openvpn process (which is reading them in the push_peer_info() function). > Starting a test openvpn server with `--setenv foo bar` and then running > `strings` on /proc/PID/environ doesn't show "foo=bar". This suggests that > getenv() calls in the main openvpn process that try to read these vars may > return NULL. This stuff isn't pushed into openvpn's own environment, because it does not need to. It goes into session->opt->es, which basically is a linked list of "NAME=VALUE" strings (and ssl.c / push_peer_info() walks that). When external programs are called, opt->es is put into *their* environment. gert
Am 13.04.2018 um 19:23 schrieb Micah Morton: > From 557d2e73bf21ddb9d07b43f716c7914d610e7392 Mon Sep 17 00:00:00 2001 > From: Micah Morton <mortonm@chromium.org <mailto:mortonm@chromium.org>> > Date: Fri, 13 Apr 2018 09:55:22 -0700 > Subject: [PATCH] Specify platform and version on command line. > > Add --iv-plat and --iv-plat-rel command line args, and use the values > passed to these args to set IV_PLAT and IV_PLAT_REL info that is pushed > to the server. > > IV_PLAT (platform type) is normally inferred from the build target, but > it would be useful to be able to override this from the command line > (e.g. for client to set platform as ChromeOS instead of Linux). > > IV_PLAT_REL (platform release version) would allow for pushing the > platform (e.g. ChromeOS) release version to the server. > My Android client already uses setenv IV_PLAT_VER to send platform specific information. I think setting IV_PLAT_VER (and extend that to other platforms, might be android specific at the moment) should also work for you. E.g.. setenv IV_PLAT_VER "27 8.1.0 arm64-v8a google taimen Pixel 2 XL" Arne <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> </head> <body text="#000000" bgcolor="#FFFFFF"> <div class="moz-cite-prefix">Am 13.04.2018 um 19:23 schrieb Micah Morton:<br> </div> <blockquote type="cite" cite="mid:CAJ-EccN7eQsSaFn4MH4qRTKx+zZ-1YcGAe0XU8813p7k=W2i4g@mail.gmail.com"> <div dir="ltr"> <div>From 557d2e73bf21ddb9d07b43f716c7914d610e7392 Mon Sep 17 00:00:00 2001</div> <div>From: Micah Morton <<a href="mailto:mortonm@chromium.org" moz-do-not-send="true">mortonm@chromium.org</a>></div> <div>Date: Fri, 13 Apr 2018 09:55:22 -0700</div> <div>Subject: [PATCH] Specify platform and version on command line.</div> <div><br> </div> <div>Add --iv-plat and --iv-plat-rel command line args, and use the values</div> <div>passed to these args to set IV_PLAT and IV_PLAT_REL info that is pushed</div> <div>to the server.</div> <div><br> </div> <div>IV_PLAT (platform type) is normally inferred from the build target, but</div> <div>it would be useful to be able to override this from the command line</div> <div>(e.g. for client to set platform as ChromeOS instead of Linux).</div> <div><br> </div> <div>IV_PLAT_REL (platform release version) would allow for pushing the</div> <div>platform (e.g. ChromeOS) release version to the server.</div> <div><br> </div> </div> </blockquote> My Android client already uses <br> <br> setenv IV_PLAT_VER to send platform specific information. I think setting IV_PLAT_VER (and extend that to other platforms, might be android specific at the moment) should also work for you. E.g..<br> <br> setenv IV_PLAT_VER "27 8.1.0 arm64-v8a google taimen Pixel 2 XL"<br> <br> Arne<br> </body> </html> ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
@gert: Good point. We should be able to use UV_* variables to do what we need. Thanks! On Fri, Apr 13, 2018 at 4:24 PM, Arne Schwabe <arne@rfc2549.org> wrote: > Am 13.04.2018 um 19:23 schrieb Micah Morton: > > From 557d2e73bf21ddb9d07b43f716c7914d610e7392 Mon Sep 17 00:00:00 2001 > From: Micah Morton <mortonm@chromium.org> > Date: Fri, 13 Apr 2018 09:55:22 -0700 > Subject: [PATCH] Specify platform and version on command line. > > Add --iv-plat and --iv-plat-rel command line args, and use the values > passed to these args to set IV_PLAT and IV_PLAT_REL info that is pushed > to the server. > > IV_PLAT (platform type) is normally inferred from the build target, but > it would be useful to be able to override this from the command line > (e.g. for client to set platform as ChromeOS instead of Linux). > > IV_PLAT_REL (platform release version) would allow for pushing the > platform (e.g. ChromeOS) release version to the server. > > My Android client already uses > > setenv IV_PLAT_VER to send platform specific information. I think setting > IV_PLAT_VER (and extend that to other platforms, might be android specific > at the moment) should also work for you. E.g.. > > setenv IV_PLAT_VER "27 8.1.0 arm64-v8a google taimen Pixel 2 XL" > > Arne > <div dir="ltr">@gert:<div><br></div><div>Good point. We should be able to use UV_* variables to do what we need.</div><div><br></div><div>Thanks!</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Apr 13, 2018 at 4:24 PM, Arne Schwabe <span dir="ltr"><<a href="mailto:arne@rfc2549.org" target="_blank">arne@rfc2549.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <div text="#000000" bgcolor="#FFFFFF"><span class=""> <div class="m_-697804746895640438moz-cite-prefix">Am 13.04.2018 um 19:23 schrieb Micah Morton:<br> </div> <blockquote type="cite"> <div dir="ltr"> <div>From 557d2e73bf21ddb9d07b43f716c791<wbr>4d610e7392 Mon Sep 17 00:00:00 2001</div> <div>From: Micah Morton <<a href="mailto:mortonm@chromium.org" target="_blank">mortonm@chromium.org</a>></div> <div>Date: Fri, 13 Apr 2018 09:55:22 -0700</div> <div>Subject: [PATCH] Specify platform and version on command line.</div> <div><br> </div> <div>Add --iv-plat and --iv-plat-rel command line args, and use the values</div> <div>passed to these args to set IV_PLAT and IV_PLAT_REL info that is pushed</div> <div>to the server.</div> <div><br> </div> <div>IV_PLAT (platform type) is normally inferred from the build target, but</div> <div>it would be useful to be able to override this from the command line</div> <div>(e.g. for client to set platform as ChromeOS instead of Linux).</div> <div><br> </div> <div>IV_PLAT_REL (platform release version) would allow for pushing the</div> <div>platform (e.g. ChromeOS) release version to the server.</div> <div><br> </div> </div> </blockquote></span> My Android client already uses <br> <br> setenv IV_PLAT_VER to send platform specific information. I think setting IV_PLAT_VER (and extend that to other platforms, might be android specific at the moment) should also work for you. E.g..<br> <br> setenv IV_PLAT_VER "27 8.1.0 arm64-v8a google taimen Pixel 2 XL"<span class="HOEnZb"><font color="#888888"><br> <br> Arne<br> </font></span></div> </blockquote></div><br></div> ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 133a9f5..1cb76ad 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -2723,6 +2723,14 @@ do_init_crypto_tls(struct context *c, const unsigned int flags) { to.push_peer_info_detail = 0; } + if (options->iv_plat) + { + to.iv_plat = options->iv_plat; + } + if (options->iv_plat_rel) + { + to.iv_plat_rel = options->iv_plat_rel; + } #endif /* should we not xmit any packets until we get an initial diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 8dee5d1..d9559a0 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -229,6 +229,8 @@ static const char usage_message[] = "--client-nat snat|dnat network netmask alias : on client add 1-to-1 NAT rule.\n" #ifdef ENABLE_PUSH_PEER_INFO "--push-peer-info : (client only) push client info to server.\n" + "--iv-plat: (client only) platform type.\n" + "--iv-plat-rel: (client only) platform release version.\n" #endif "--setenv name value : Set a custom environmental variable to pass to script.\n" "--setenv FORWARD_COMPATIBLE 1 : Relax config file syntax checking to allow\n" @@ -1781,6 +1783,8 @@ show_settings(const struct options *o) SHOW_BOOL(single_session); #ifdef ENABLE_PUSH_PEER_INFO SHOW_BOOL(push_peer_info); + SHOW_STR(iv_plat); + SHOW_STR(iv_plat_rel); #endif SHOW_BOOL(tls_exit); @@ -7837,6 +7841,20 @@ add_option(struct options *options, VERIFY_PERMISSION(OPT_P_GENERAL); options->push_peer_info = true; } + + else if (streq(p[0], "iv-plat") && p[1] && !p[2]) + { + VERIFY_PERMISSION(OPT_P_GENERAL); + options->iv_plat = p[1]; + } + + else if (streq(p[0], "iv-plat-rel") && p[1] && !p[2]) + { + VERIFY_PERMISSION(OPT_P_GENERAL); + options->iv_plat_rel = p[1]; + } + + #endif else if (streq(p[0], "tls-exit") && !p[1]) { diff --git a/src/openvpn/options.h b/src/openvpn/options.h index 01a7b26..9da4058 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -575,6 +575,8 @@ struct options #ifdef ENABLE_PUSH_PEER_INFO bool push_peer_info; + const char *iv_plat; + const char *iv_plat_rel; #endif bool tls_exit; diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 0739cf7..1265177 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -2245,6 +2245,7 @@ push_peer_info(struct buffer *buf, struct tls_session *session) buf_printf(&out, "IV_VER=%s\n", PACKAGE_VERSION); /* push platform */ + if (session->opt->iv_plat == NULL) { #if defined(TARGET_LINUX) buf_printf(&out, "IV_PLAT=linux\n"); #elif defined(TARGET_SOLARIS) @@ -2262,6 +2263,14 @@ push_peer_info(struct buffer *buf, struct tls_session *session) #elif defined(_WIN32) buf_printf(&out, "IV_PLAT=win\n"); #endif + } else { + buf_printf(&out, "IV_PLAT=%s\n", session->opt->iv_plat); + } + + if (session->opt->iv_plat_rel != NULL) + { + buf_printf(&out, "IV_PLAT_REL=%s\n", session->opt->iv_plat_rel); + } /* support for P_DATA_V2 */ buf_printf(&out, "IV_PROTO=2\n"); diff --git a/src/openvpn/ssl_common.h b/src/openvpn/ssl_common.h index 25bffd5..d95c2ef 100644 --- a/src/openvpn/ssl_common.h +++ b/src/openvpn/ssl_common.h @@ -251,6 +251,8 @@ struct tls_options bool pull; #ifdef ENABLE_PUSH_PEER_INFO int push_peer_info_detail; + const char *iv_plat; + const char *iv_plat_rel; #endif int transition_window; int handshake_window;