From patchwork Mon Jun 6 23:36:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 2506 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director8.mail.ord1d.rsapps.net ([172.28.255.1]) by backend41.mail.ord1d.rsapps.net with LMTP id kC7iCWUcn2KqCwAAqwncew (envelope-from ) for ; Tue, 07 Jun 2022 05:37:41 -0400 Received: from proxy3.mail.ord1c.rsapps.net ([172.28.255.1]) by director8.mail.ord1d.rsapps.net with LMTP id 8A5bGWUcn2L6TAAAfY0hYg (envelope-from ) for ; Tue, 07 Jun 2022 05:37:41 -0400 Received: from smtp2.gate.ord1c ([172.28.255.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy3.mail.ord1c.rsapps.net with LMTPS id cKbkGGUcn2L+SQAANIxBXg (envelope-from ) for ; Tue, 07 Jun 2022 05:37:41 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp2.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=greenie.muc.de X-Suspicious-Flag: YES X-Classification-ID: 792f3fd0-e645-11ec-a866-842b2b4e7063-1-1 Received: from [216.105.38.7] ([216.105.38.7:56296] helo=lists.sourceforge.net) by smtp2.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 7D/49-11140-46C1F926; Tue, 07 Jun 2022 05:37:40 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nyVda-0001xp-E6; Tue, 07 Jun 2022 09:36:35 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nyVdY-0001xj-Lu for openvpn-devel@lists.sourceforge.net; Tue, 07 Jun 2022 09:36:33 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=dhGBTW9uK9FJp6C+31zkPnrfVgg9//Qi6RS6fsLjsDA=; b=ZFmPOqQQEc13tiLpl1DDoggTkC 6HDa1+DJ5Go9Xux+NSvdamEtq4LsmuEVfHHpCWBGUs4LDdnmRSDjsuKLT8Sb6DlQUxHZ4PMKDK60D f6tyIovVuRKxGBvzR89TwDFmBToetrRseYg6yyChuLOynPAP3y+g1+t/94zb2OT7Fx5g=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:To:From: Sender:Reply-To:Cc:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=dhGBTW9uK9FJp6C+31zkPnrfVgg9//Qi6RS6fsLjsDA=; b=j fwzp1lGws8bgMYSumo2b3MLd4vgLdJime+S35OTEvRtcEDWXcCgX/iTKissugeQwKcxBDrElfVdnZ yldlBC+EvkXZ6WVyYL2HROxt2lrpygsmtPHIwdU5q2cD6s1fHHGWlnIgUKD2q9oo7ETUsWkHaGFxz nNceQ7Mws5BH60ks=; Received: from dhcp-174.greenie.muc.de ([193.149.48.174] helo=blue.greenie.muc.de) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nyVdW-007xE9-OI for openvpn-devel@lists.sourceforge.net; Tue, 07 Jun 2022 09:36:33 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.17.1/8.17.1) with ESMTP id 2579aLUL023079 for ; Tue, 7 Jun 2022 11:36:21 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.17.1/8.17.1/Submit) id 2579aLqG023078 for openvpn-devel@lists.sourceforge.net; Tue, 7 Jun 2022 11:36:21 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Tue, 7 Jun 2022 11:36:19 +0200 Message-Id: <20220607093619.23066-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.35.1 MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: The new code to enable IPv6 extended error reporting will cause an error ("Protocol not available (errno=92)") if trying to enable that setsockopt() option on an IPv4-only socket. Fix: pass sock->info.af to set_sock_extended_error_passing(), only apply to AF_INET6 sockets. Content analysis details: (-0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1nyVdW-007xE9-OI Subject: [Openvpn-devel] [PATCH] Fix error message about extended errors for IPv4-only sockets. X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox The new code to enable IPv6 extended error reporting will cause an error ("Protocol not available (errno=92)") if trying to enable that setsockopt() option on an IPv4-only socket. Fix: pass sock->info.af to set_sock_extended_error_passing(), only apply to AF_INET6 sockets. Add comments to make explicit that the asymmetry here (IPv4 extended socket error reporting is enabled on all sockets) is intentional. Signed-off-by: Gert Doering --- src/openvpn/mtu.c | 13 +++++++++---- src/openvpn/mtu.h | 2 +- src/openvpn/socket.c | 2 +- 3 files changed, 11 insertions(+), 6 deletions(-) diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c index 59b91798..f60f4853 100644 --- a/src/openvpn/mtu.c +++ b/src/openvpn/mtu.c @@ -413,17 +413,22 @@ exit: } void -set_sock_extended_error_passing(int sd) +set_sock_extended_error_passing(int sd, sa_family_t proto_af) { int on = 1; - /* see "man 7 ip" (on Linux) */ + /* see "man 7 ip" (on Linux) + * this works on IPv4 and IPv6(-dual-stack) sockets (v4-mapped) + */ if (setsockopt(sd, SOL_IP, IP_RECVERR, (void *) &on, sizeof(on)) != 0) { msg(M_WARN | M_ERRNO, "Note: enable extended error passing on TCP/UDP socket failed (IP_RECVERR)"); } - /* see "man 7 ipv6" (on Linux) */ - if (setsockopt(sd, IPPROTO_IPV6, IPV6_RECVERR, (void *) &on, sizeof(on)) != 0) + /* see "man 7 ipv6" (on Linux) + * this only works on IPv6 sockets + */ + if (proto_af == AF_INET6 + && setsockopt(sd, IPPROTO_IPV6, IPV6_RECVERR, (void *) &on, sizeof(on)) != 0) { msg(M_WARN | M_ERRNO, "Note: enable extended error passing on TCP/UDP socket failed (IPV6_RECVERR)"); diff --git a/src/openvpn/mtu.h b/src/openvpn/mtu.h index 7f967e06..ac3268f7 100644 --- a/src/openvpn/mtu.h +++ b/src/openvpn/mtu.h @@ -278,7 +278,7 @@ void alloc_buf_sock_tun(struct buffer *buf, #if EXTENDED_SOCKET_ERROR_CAPABILITY -void set_sock_extended_error_passing(int sd); +void set_sock_extended_error_passing(int sd, sa_family_t proto_af); const char *format_extended_socket_error(int fd, int *mtu, struct gc_arena *gc); diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index 4e4a3a2f..47f1ba27 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -1949,7 +1949,7 @@ phase2_set_socket_flags(struct link_socket *sock) #if EXTENDED_SOCKET_ERROR_CAPABILITY /* if the OS supports it, enable extended error passing on the socket */ - set_sock_extended_error_passing(sock->sd); + set_sock_extended_error_passing(sock->sd, sock->info.af); #endif }