From patchwork Tue Jan 30 22:41:02 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 224 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director1.mail.ord1d.rsapps.net ([172.27.255.56]) by backend31.mail.ord1d.rsapps.net (Dovecot) with LMTP id vKIdDXCPcVqwDQAAgoeIoA for ; Wed, 31 Jan 2018 04:42:08 -0500 Received: from proxy13.mail.iad3a.rsapps.net ([172.27.255.56]) by director1.mail.ord1d.rsapps.net (Dovecot) with LMTP id 4xFlK3CPcVpVPAAANGzteQ ; Wed, 31 Jan 2018 04:42:08 -0500 Received: from smtp41.gate.iad3a ([172.27.255.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy13.mail.iad3a.rsapps.net (Dovecot) with LMTP id iw/nJnCPcVqlVAAAwhxzoA ; Wed, 31 Jan 2018 04:42:08 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.34.181.88] Authentication-Results: smtp41.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.34.181.88"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Classification-ID: 003fcb30-066b-11e8-81ec-782bcb371d7f-1-1 Received: from [216.34.181.88] ([216.34.181.88:7814] helo=lists.sourceforge.net) by smtp41.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 58/9C-22002-F6F817A5; Wed, 31 Jan 2018 04:42:07 -0500 Received: from localhost ([127.0.0.1] helo=sfs-ml-2.v29.ch3.sourceforge.com) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.89) (envelope-from ) id 1egotK-00035r-0f; Wed, 31 Jan 2018 09:41:18 +0000 Received: from sfi-mx-1.v28.ch3.sourceforge.com ([172.29.28.191] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from ) id 1egotI-00035k-7D for openvpn-devel@lists.sourceforge.net; Wed, 31 Jan 2018 09:41:16 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:To: From:Sender:Reply-To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=aDAPWOPNeWLgurlYsZ0tbpljmVagXpj5khGePlj1e+g=; b=hndzWL69p3CgKbLRIV2d03exfg 5kbzrPeGK0CbMQCPaL4n60PnyESUVFEawhthxGSURDE+2BZmZ/u3VofwaelmUzo5qPROBVogKxitx HZh+9HB47wgybga5WzSanWE0aC6EErrrlLgM+udwJnxo21y54NOYtf5SCQTEq5vX/vOc=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=aDAPWOPNeWLgurlYsZ0tbpljmVagXpj5khGePlj1e+g=; b=KMk+y0VvoabPdJDAR053glDePe amdjNTtlem6nt2EmwADmHKOZhchTxRPrwn2Im6BDiekC9yC9lXA/b8sLVTFfB2c4T4qhn01XSQaxS 9fo3G3LLZDkmObuxcv+1ncmUPeQbxyNbr+ZhI77l6/ThmIHeXwRUKPUe1ysGZdl1hm5c=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.ch3.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) id 1egotC-0001qP-26 for openvpn-devel@lists.sourceforge.net; Wed, 31 Jan 2018 09:41:16 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.89 (FreeBSD)) (envelope-from ) id 1egot4-000647-IE for openvpn-devel@lists.sourceforge.net; Wed, 31 Jan 2018 10:41:02 +0100 Received: (nullmailer pid 21366 invoked by uid 10006); Wed, 31 Jan 2018 09:41:02 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Wed, 31 Jan 2018 10:41:02 +0100 Message-Id: <1517391662-21325-1-git-send-email-arne@rfc2549.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1516191454-29034-1-git-send-email-arne@rfc2549.org> References: <1516191454-29034-1-git-send-email-arne@rfc2549.org> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain X-Headers-End: 1egotC-0001qP-26 Subject: [Openvpn-devel] [PATCH v3] Treat dhcp-option DNS6 and DNS identical X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox OpenVPN3 accepts both IPv4 and IPv6 with option-dhcp DNS but throws an error for option-dhcp DNS6. This patch makes OpenVPN2 accept IPv4/IPv6 for both DNS and DNS6 Patch V2: Put IPv6 parsing logic into own function similar as for for IPv4 DNS Acked-by: Selva Nair --- doc/openvpn.8 | 14 +++++--------- src/openvpn/options.c | 39 ++++++++++++++++++++++++--------------- 2 files changed, 29 insertions(+), 24 deletions(-) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index 43bbc217..d083b908 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -5886,17 +5886,13 @@ across the VPN. Set Connection\-specific DNS Suffix. .B DNS addr \-\- -Set primary domain name server IPv4 address. Repeat +Set primary domain name server IPv4 or IPv6 address. Repeat this option to set secondary DNS server addresses. -.B DNS6 addr \-\- -Set primary domain name server IPv6 address. Repeat -this option to set secondary DNS server IPv6 addresses. - -Note: currently this is handled using netsh (the -existing DHCP code can only do IPv4 DHCP, and that protocol only -permits IPv4 addresses anywhere). The option will be put into the -environment, so an +Note: DNS IPv6 servers are currently set using netsh (the existing +DHCP code can only do IPv4 DHCP, and that protocol only permits IPv4 +addresses anywhere). The option will be put into the environment, so +an .B \-\-up script could act upon it if needed. diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 75def7b6..f405d8a2 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -705,8 +705,7 @@ static const char usage_message[] = " which allow multiple addresses,\n" " --dhcp-option must be repeated.\n" " DOMAIN name : Set DNS suffix\n" - " DNS addr : Set domain name server address(es) (IPv4)\n" - " DNS6 addr : Set domain name server address(es) (IPv6)\n" + " DNS addr : Set domain name server address(es) (IPv4 and IPv6)\n" " NTP : Set NTP server address(es)\n" " NBDD : Set NBDD server address(es)\n" " WINS addr : Set WINS server address(es)\n" @@ -1228,6 +1227,20 @@ show_tuntap_options(const struct tuntap_options *o) #if defined(_WIN32) || defined(TARGET_ANDROID) static void +dhcp_option_dns6_parse(const char *parm, struct in6_addr *dns6_list, int *len, int msglevel) +{ + struct in6_addr addr; + if (*len >= N_DHCP_ADDR) + { + msg(msglevel, "--dhcp-option DNS: maximum of %d IPv6 dns servers can be specified", + N_DHCP_ADDR); + } + else if (get_ipv6_addr(parm, &addr, NULL, msglevel)) + { + dns6_list[(*len)++] = addr; + } +} +static void dhcp_option_address_parse(const char *name, const char *parm, in_addr_t *array, int *len, int msglevel) { if (*len >= N_DHCP_ADDR) @@ -7070,6 +7083,7 @@ add_option(struct options *options, { struct tuntap_options *o = &options->tuntap_options; VERIFY_PERMISSION(OPT_P_IPWIN32); + bool ipv6dns = false; if (streq(p[1], "DOMAIN") && p[2]) { @@ -7090,22 +7104,17 @@ add_option(struct options *options, } o->netbios_node_type = t; } - else if (streq(p[1], "DNS") && p[2]) + else if ((streq(p[1], "DNS") || streq(p[1], "DNS6")) && p[2] && (!strstr(p[2], ":") || ipv6_addr_safe(p[2]))) { - dhcp_option_address_parse("DNS", p[2], o->dns, &o->dns_len, msglevel); - } - else if (streq(p[1], "DNS6") && p[2] && ipv6_addr_safe(p[2])) - { - struct in6_addr addr; - foreign_option(options, p, 3, es); - if (o->dns6_len >= N_DHCP_ADDR) + if (strstr(p[2], ":")) { - msg(msglevel, "--dhcp-option DNS6: maximum of %d dns servers can be specified", - N_DHCP_ADDR); + ipv6dns=true; + foreign_option(options, p, 3, es); + dhcp_option_dns6_parse(p[2], o->dns6, &o->dns6_len, msglevel); } - else if (get_ipv6_addr(p[2], &addr, NULL, msglevel)) + else { - o->dns6[o->dns6_len++] = addr; + dhcp_option_address_parse("DNS", p[2], o->dns, &o->dns_len, msglevel); } } else if (streq(p[1], "WINS") && p[2]) @@ -7133,7 +7142,7 @@ add_option(struct options *options, /* flag that we have options to give to the TAP driver's DHCPv4 server * - skipped for "DNS6", as that's not a DHCPv4 option */ - if (!streq(p[1], "DNS6")) + if (!ipv6dns) { o->dhcp_options = true; }