From patchwork Sun Oct 20 04:00:39 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gert Doering <gert@greenie.muc.de>
X-Patchwork-Id: 869
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director11.mail.ord1d.rsapps.net ([172.27.255.59])
	by backend30.mail.ord1d.rsapps.net with LMTP id yD1sBhZ6rF03WQAAIUCqbw
	for <patchwork@openvpn.net>; Sun, 20 Oct 2019 11:15:34 -0400
Received: from proxy18.mail.iad3a.rsapps.net ([172.27.255.59])
	by director11.mail.ord1d.rsapps.net with LMTP id MKIfBBZ6rF19eQAAvGGmqA
	; Sun, 20 Oct 2019 11:15:34 -0400
Received: from smtp52.gate.iad3a ([172.27.255.59])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy18.mail.iad3a.rsapps.net with LMTP id IDTGOhV6rF0+dwAAon3hFg
	; Sun, 20 Oct 2019 11:15:33 -0400
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: openvpnslackdevel@openvpn.net
X-Originating-Ip: [216.105.38.7]
Authentication-Results: smtp52.gate.iad3a.rsapps.net;
 iprev=pass policy.iprev="216.105.38.7";
 spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net"
 smtp.helo="lists.sourceforge.net";
 dkim=fail (signature verification failed) header.d=sourceforge.net;
 dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil;
 dis=none) header.from=greenie.muc.de
X-Suspicious-Flag: YES
X-Classification-ID: 7592e8d4-f34c-11e9-8675-525400a7d0a1-1-1
Received: from [216.105.38.7] ([216.105.38.7:33062]
 helo=lists.sourceforge.net)
	by smtp52.gate.iad3a.rsapps.net (envelope-from
 <openvpn-devel-bounces@lists.sourceforge.net>)
	(ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384)
	id 37/B2-30009-51A7CAD5; Sun, 20 Oct 2019 11:15:33 -0400
Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com)
	by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1iMCtg-00076A-Qd; Sun, 20 Oct 2019 15:13:32 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
 by sfs-ml-1.v29.lw.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1)
 (envelope-from <gert@blue.greenie.muc.de>) id 1iMCte-00075t-Vx
 for openvpn-devel@lists.sourceforge.net; Sun, 20 Oct 2019 15:13:30 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id:
 Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=Gz/ciNio8tWiqWURmmA7o0NynWARtEO8onbjoFXM6bw=; b=A3ckN+9x9/Io4pqUs0Wkqd52vb
 RWToY8eVOgVGerUQRNkWdNgy5XQ+gJbRXbcjYg5I0clDwKCdlx2AAl6gm1YLavRmsqpDNJi8MTYFX
 j1dRmKW9SSkxnpuZZGGZai3+l7aTnC9KI866bl30ainHjDGJaymjf1KXk9hUD577BnDI=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:To:From:
 Sender:Reply-To:Cc:Content-Type:Content-ID:Content-Description:Resent-Date:
 Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:
 References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:
 List-Owner:List-Archive; bh=Gz/ciNio8tWiqWURmmA7o0NynWARtEO8onbjoFXM6bw=; b=Z
 hT+bODWYOwMyXSMPiMgRtT0vHvYLQDGjTODcElK0firgDlCoFNmoqRiWXoYowfUz3nEpXq2a3LkVT
 NKp7pE9EcTLBUFKqvLps2m0B4oVBiCQAOdPedKAZQkSogHXKRlr6vKjz5sD2gIaR2itadVL1XK9pv
 D0KPUIz7k0LVegHM=;
Received: from dhcp-174.greenie.muc.de ([193.149.48.174]
 helo=blue.greenie.muc.de)
 by sfi-mx-3.v28.lw.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2)
 id 1iMCtb-00FEe8-Bf
 for openvpn-devel@lists.sourceforge.net; Sun, 20 Oct 2019 15:13:30 +0000
Received: from blue.greenie.muc.de (localhost [127.0.0.1])
 by blue.greenie.muc.de (8.14.9/8.14.9) with ESMTP id x9KF0f3d021561
 for <openvpn-devel@lists.sourceforge.net>; Sun, 20 Oct 2019 17:00:41 +0200
Received: (from gert@localhost)
 by blue.greenie.muc.de (8.15.2/8.14.9/Submit) id x9KF0flx021560
 for openvpn-devel@lists.sourceforge.net; Sun, 20 Oct 2019 17:00:41 +0200
From: Gert Doering <gert@greenie.muc.de>
To: openvpn-devel@lists.sourceforge.net
Date: Sun, 20 Oct 2019 17:00:39 +0200
Message-Id: <20191020150039.21516-1-gert@greenie.muc.de>
X-Mailer: git-send-email 2.21.0
MIME-Version: 1.0
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
 See http://spamassassin.org/tag/ for more details.
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 AWL AWL: Adjusted score from AWL reputation of From: address
X-Headers-End: 1iMCtb-00FEe8-Bf
Subject: [Openvpn-devel] [PATCH] Force combinationation of --socks-proxy and
 --proto UDP to use IPv4.
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox

Our current socks.c code does not handle IPv6 + UDP mode (socket
negotiated with server is IPv4-only, addresses passed in the
packets are IPv4-only).  If this combination is specified, print
an explanatory message and force IPv4-only.

While at it, extend socks.c code to print address+port of auxiliary
UDP connection to SOCKS server (helps debugging).

Trac: #1221

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
---
 src/openvpn/options.c | 18 ++++++++++++++++++
 src/openvpn/socks.c   |  4 ++++
 2 files changed, 22 insertions(+)

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 752f5f2c..1da14e8b 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -2825,6 +2825,24 @@ options_postprocess_mutate_ce(struct options *o, struct connection_entry *ce)
 #endif
     }
 
+    /* our socks code is not fully IPv6 enabled yet (TCP works, UDP not)
+     * so fall back to IPv4-only (trac #1221)
+     */
+    if (ce->socks_proxy_server && proto_is_udp(ce->proto) && ce->af != AF_INET)
+    {
+        if (ce->af == AF_INET6)
+        {
+            msg(M_INFO, "WARNING: '--proto udp6' is not compatible with "
+                "'--socks-proxy' today.  Forcing IPv4 mode." );
+        }
+        else
+        {
+            msg(M_INFO, "NOTICE: dual-stack mode for '--proto udp' does not "
+                "work correctly with '--socks-proxy' today.  Forcing IPv4." );
+        }
+        ce->af = AF_INET;
+    }
+
     /*
      * Set MTU defaults
      */
diff --git a/src/openvpn/socks.c b/src/openvpn/socks.c
index c61ef55c..ad3a70b2 100644
--- a/src/openvpn/socks.c
+++ b/src/openvpn/socks.c
@@ -414,6 +414,10 @@ recv_socks_reply(socket_descriptor_t sd,
     {
         memcpy(&addr->addr.in4.sin_addr, buf + 4, sizeof(addr->addr.in4.sin_addr));
         memcpy(&addr->addr.in4.sin_port, buf + 8, sizeof(addr->addr.in4.sin_port));
+        struct gc_arena gc = gc_new();
+        msg(M_INFO, "SOCKS proxy wants us to send UDP to %s",
+            print_sockaddr(addr, &gc));
+        gc_free(&gc);
     }