From patchwork Mon Dec 16 12:23:10 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: corubba X-Patchwork-Id: 4006 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:1f13:b0:5e7:b9eb:58e8 with SMTP id hs19csp2078660mab; Mon, 16 Dec 2024 04:23:32 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCUkHtsSm1WSrJmlJdnUNcya4/elOZRakSbMiElVe+jICVEdS6kfg5/2EBNj2inEEQjytkbSXAP09Uk=@openvpn.net X-Google-Smtp-Source: AGHT+IHdfKtojbpqIMXEf910IhJFUzdhj9E6NdT5B4ktXDvGkXt3vnSkzkYq2wRYHKo0fx+6xti3 X-Received: by 2002:a05:6870:6492:b0:29e:58ec:2a11 with SMTP id 586e51a60fabf-2a3ac7c20cemr7499745fac.21.1734351811887; Mon, 16 Dec 2024 04:23:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1734351811; cv=none; d=google.com; s=arc-20240605; b=G3zqrQMyhcuz0pWrYPUTILcuOaLtQA5ftomZps7ZBO2og82ys3VduTk9pYzduQ+Xk1 wyhw+CkzEh+EtkIPsY0wWUJL5rQwNufQntsmlp9MCNg8FoEG6GJJ4pbwpFga7jaoL7nM 7glhUsTDd96UNzMv9bsuC4c9SRApCgvfBlKL+o4+86cjX/OpcVWK50ba/Koeihm/J3Na yTfoDdv/OvsyOpVnGOFuyMlidBTb/LHW49NZaUc8JQTg2J4SB3iPObwLkXM8cwiEokXd s6fO5i2zPBgM+JPbR1em776/lIziZNm+/VzjhMBWpWjjBaFhUr+svKn4OU5U2D2cDLzv kQNw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:reply-to:from:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:ui-outboundreport:in-reply-to:content-language :references:to:user-agent:mime-version:date:message-id :dkim-signature:dkim-signature:dkim-signature; bh=79znLNybZ/m0ItGdIun01YmJkEx4MvpNcB0b2IWH/oE=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=jXUYS3HgQpy8I5tSZ2HynVFg7ULe+1OcJIblf4x1EU9KqaZBvwCRwwLrUPYq92MW5V R0w98/atbk3Cth+LGfDvlZzr27/Ub1WsQnDlS36X76IeTvQf7dHqwSxmpIPBEATGuCru Hl1BeDx/ZABo65C4pDpklw63uCE0MPwXBprILKeRHnfdgUtQ9rsh7k6uQjtcQukFffVj Ya/cF6zs+Tnux+J3SjpBJteNEoeDt3VD0sCKs6tTWenw3pEkZMh5pebiVRDlTA51LiJP dm+w1F+Iy5F6iVcK2nNc0KHp9TfL9p5TcIvoQJPvsjdlxr/MoJ+0YZvu32hGrC0hvSE1 tb1w==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=TufBOjkf; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=Dc+zDwWf; dkim=neutral (body hash did not verify) header.i=@gmx.de header.s=s31663417 header.b=m01wCDyC; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-2a3d2963455si3667298fac.136.2024.12.16.04.23.31 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 16 Dec 2024 04:23:31 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=TufBOjkf; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=Dc+zDwWf; dkim=neutral (body hash did not verify) header.i=@gmx.de header.s=s31663417 header.b=m01wCDyC; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1tNA8C-0000lc-UP; Mon, 16 Dec 2024 12:23:24 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tNA8B-0000lS-Ep for openvpn-devel@lists.sourceforge.net; Mon, 16 Dec 2024 12:23:22 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:Content-Type:In-Reply-To: From:References:To:Subject:MIME-Version:Date:Message-ID:Sender:Reply-To:Cc: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=NrObQtuA0cGO4Ik0ySB8kz0O5DlV/GzH6w+fPBmexXc=; b=TufBOjkf94/28FHqD8EdOkrIti WRDZsL/LLjIGm4RAD6PpD6IQGAsglTZ8aeSdGaiCCCkVe1ZYjuNls71p54c0BmZ7eM1BJLyc1vko7 HfI42/QPKCYPiN04I35f+JTN0GrSDHFfvTwVjNzc5choq2tfDMixpqZcrnHoMB9EoDWE=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:From:References:To: Subject:MIME-Version:Date:Message-ID:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=NrObQtuA0cGO4Ik0ySB8kz0O5DlV/GzH6w+fPBmexXc=; b=Dc+zDwWfz01lApk1XL+jNgDgMy 8bQrVL7f+CC3ZZLRUXziSXJm17lxCOk+oM8nhcWTok9/S19lWptChtuYYFwGXrbuwuezk5ka2Z5l1 gSZnI7GwCEZ/8ths1PrtDWT48m4FXTi2fRg59IHX5DNAjWxq0oSAiOO3RIBOKnwbt1NM=; Received: from mout.gmx.net ([212.227.15.19]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1tNA89-0005QM-TO for openvpn-devel@lists.sourceforge.net; Mon, 16 Dec 2024 12:23:22 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmx.de; s=s31663417; t=1734351790; x=1734956590; i=corubba@gmx.de; bh=NrObQtuA0cGO4Ik0ySB8kz0O5DlV/GzH6w+fPBmexXc=; h=X-UI-Sender-Class:Message-ID:Date:MIME-Version:Subject:To: References:From:In-Reply-To:Content-Type: Content-Transfer-Encoding:cc:content-transfer-encoding: content-type:date:from:message-id:mime-version:reply-to:subject: to; b=m01wCDyCmSJrIFZXWi65C2iP3oUBaC8OcLFzz7pM0JesFxTT4WUT71FnX048r+J9 wXNnf6ZjnkflZHkzMpZq+mE9icwPRCl+xxAbDNj4pPDcBYtddZjae2ldwEIcXG2FH uTu8zPND/NemN2tbF2+4kDDCQPB7cC4s8jP0+fcOAX+A8ORCFXw0ViJCuzwgRjEYS ugW+34t7EcjDY9uMJr8XhEJBNZKkYPwVJkx7zXQ7BedJIr949rkrmoQqbz6N96x8Z gc6xF+8ZdIAsugWGr+7CG4Ix3WXgESwO2fxs4qP99NyUXJ8Is8oaFokHKRIDjjaBm sWHXKIoqooT6hFlB0g== X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a Received: from [192.168.44.3] ([83.135.91.229]) by mail.gmx.net (mrgmx004 [212.227.17.190]) with ESMTPSA (Nemesis) id 1Mt79P-1thQrn1dTl-013PMZ for ; Mon, 16 Dec 2024 13:23:10 +0100 Message-ID: <14907efd-e18b-4bb2-94b7-51fe44011abd@gmx.de> Date: Mon, 16 Dec 2024 13:23:10 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird To: openvpn-devel@lists.sourceforge.net References: <7e42399c-3a94-40a2-bcaa-15545c3b761c@gmx.de> <6a00da72-dc11-409e-9d47-4694e1d6f02f@gmx.de> Content-Language: de-CH In-Reply-To: X-Provags-ID: V03:K1:yq8L1ZNJHdn02ImJN/P4s/MnCkryl0X30kJaHc5BtIQOk7mrhGR QLWbQxoHvrA3ONOQWk89PPKjMp8nlTtwispDJLV25bJuQpTe00o2k44c9sjSQxQ9m56G9Gv nvwlRPJQHRSXBkRMZ2XETJLeoFZudVIYVYp267ywFbgobu1M9SeNW33lnXJcjsCczVlx8+V d9oq2in7FefeoVG5DR/sg== X-Spam-Flag: NO UI-OutboundReport: notjunk:1;M01:P0:FeOrGMSd6zI=;OCuIwH5wEH8rC2+tyeyQQarOrlx OBsKYLpcp5bZQRQUvqTmD19oHQTDjQmMXLCBq6aKQCRe7L5yIgbWNlGnwZrsQ4fn9ds08HHQ9 LTtX1pT906jSsSi90hHXUE3XGfV2iIGygEIZQZ/NDgHLJTyNEGkJomoNY15TKKPJYuOybBDSc UumTrj4nsyCgLq8Rahm5x1RPHMD6TlLZ/8ZDBy4wtFiI7pBBjhj8wTNxMkkfO09USdGsPsU9f /YLTui9hFm4RHUkCk3EvJRHwxFrKD6pPGnD3O1VnedlmunjTeQjKkWrB95n14IZoKE9GIpbAB nQNJay2C4uKa2EWe+JbxDyn9oJLku+Deb9OfKQbl75frLS9j6wjB70kA32kkL2rK8dCqiDSkB Q5gYRpIbsgOZrlWWZIH588EOmu9101kmA/C30goVdVdBND241RLtdmOAfRzJJByH7woyIn7Ba T2nrnvVLQp0WURhuKjqxc3ZX+R1xts6WYi5CEi612DqAvgbBrCvwjCv8A6r1N9Y0f54D6i4B+ 9cq/mAsWjvAcZsikGLKPR/3DPP+ndG4i/N5g/ixHWtHSH3O2K5hTa0Jbv7Qn/hgU9Ikdcqejp l1zC/F0y0eKSVjn1ZPKczPBLODgD6DxL0dBtGJRblv5jiiD7XTZrdpRaWo59PGKKEnfgNwqy4 HxQXkpLsRlwuRJpoLm1CvaP9o3pz76yb2ZIPI0F4WfGfpM1L+PJH2VEM+ot5IR/LdsDtxR45D UfbQRwq15q7xz9YxgaVEaVssin6T+ruQizoFoOi9nk8IjdpleDJ6hKAkkfuvBBbtuSRiFkTUM KTZ13C1UZYpQO+UGUBFntYAvWq9fmz9Ykc1mwqV5NOeHGPIAQL5m4Bzdd93YewWrR3amJSBSg dYGOpJP6A0gZqxGCr410F3ATAdY6H9wzuoIcdDtLd0ebrAn4NyzCKAm85Nyq2qI4r0ah7bzqP fyqEksueNCqKhNM05BN3f1+2ERdrhUpkO3WbnVWbSeV09Cedxsv53uJBcNzWrqoP8tV4YcfZ7 PXLKNJxuniOzKpclVUp31P+AUN1XOgqz6A13Uf+y9rtzptqoLIp1SYlbhd1YAVAO/qH+V8e0k RSIR3qGxDL50IiUhF4/p7jD/ytQgCT X-Spam-Score: -2.0 (--) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Just in case it is ever needed. Signed-off-by: Corubba Smith --- src/openvpn/ps.c | 42 +++++++++++++++++++++++++++++++++++------- src/openvpn/socket.h | 1 + 2 files changed, 36 insertions(+), 7 deletions(-) Content analysis details: (-2.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [212.227.15.19 listed in bl.score.senderscore.com] 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [212.227.15.19 listed in sa-trusted.bondedsender.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [corubba[at]gmx.de] -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [212.227.15.19 listed in list.dnswl.org] -1.1 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [212.227.15.19 listed in wl.mailspike.net] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-Headers-End: 1tNA89-0005QM-TO Subject: [Openvpn-devel] [PATCH v2 3/2] port-share: Add unix-socket and udp support for proxy protocol X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: corubba via Openvpn-devel From: corubba Reply-To: corubba Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1818459907126457218?= X-GMAIL-MSGID: =?utf-8?q?1818599685508554290?= Just in case it is ever needed. Signed-off-by: Corubba Smith --- src/openvpn/ps.c | 42 +++++++++++++++++++++++++++++++++++------- src/openvpn/socket.h | 1 + 2 files changed, 36 insertions(+), 7 deletions(-) -- 2.47.1 diff --git a/src/openvpn/ps.c b/src/openvpn/ps.c index b5d04c5b..b34df315 100644 --- a/src/openvpn/ps.c +++ b/src/openvpn/ps.c @@ -400,18 +400,19 @@ journal_add(const char *journal_dir, struct proxy_connection *pc, struct proxy_c static void send_proxy_protocol_v2_header(const struct proxy_connection *const pc, const struct proxy_connection *const cp) { - static const uint8_t PP2_AF_UNSPEC = 0x0, PP2_AF_INET = 0x1, PP2_AF_INET6 = 0x2; - static const uint8_t PP2_PROTO_STREAM = 0x1; + static const uint8_t PP2_AF_UNSPEC = 0x0, PP2_AF_INET = 0x1, PP2_AF_INET6 = 0x2, PP2_AF_UNIX = 0x3; + static const uint8_t PP2_PROTO_UNSPEC = 0x0, PP2_PROTO_STREAM = 0x1, PP2_PROTO_DGRAM = 0x2; struct openvpn_sockaddr src, dst; - socklen_t src_len, dst_len; - unsigned char header[52] = { + socklen_t src_len, dst_len, socket_type_len; + unsigned char header[232] = { "\x0D\x0A\x0D\x0A\x00\x0D\x0A\x51\x55\x49\x54\x0A" /* signature */ "\x21" /* version=2 + command=proxy */ /* initialize the rest to zero for now */ }; - uint8_t addr_fam, header_len = 16; + uint8_t addr_fam, proto, header_len = 16; uint16_t addr_len; + int socket_type; src_len = sizeof(src.addr); dst_len = sizeof(dst.addr); @@ -467,7 +468,14 @@ send_proxy_protocol_v2_header(const struct proxy_connection *const pc, const str memcpy(&header[50], &dst.addr.in6.sin6_port, sizeof(dst.addr.in6.sin6_port)); break; - /* AF_UNIX is currently not suppported by OpenVPN */ + case AF_UNIX: + addr_fam = PP2_AF_UNIX; + addr_len = 216; + ASSERT(108 >= sizeof(src.addr.un.sun_path)); + ASSERT(108 >= sizeof(dst.addr.un.sun_path)); + memcpy(&header[16], &src.addr.un.sun_path, 108); + memcpy(&header[124], &dst.addr.un.sun_path, 108); + break; default: addr_fam = PP2_AF_UNSPEC; @@ -475,7 +483,27 @@ send_proxy_protocol_v2_header(const struct proxy_connection *const pc, const str break; } - const uint8_t proto = PP2_PROTO_STREAM; /* DGRAM is currently not supported by port-share */ + socket_type_len = sizeof(socket_type); + if (0 != getsockopt(pc->sd, SOL_SOCKET, SO_TYPE, &socket_type, &socket_type_len)) + { + msg(M_WARN, "PORT SHARE PROXY: getting socket type failed"); + socket_type = -1; /* fallback to unspec */ + } + switch (socket_type) + { + case SOCK_STREAM: + proto = PP2_PROTO_STREAM; + break; + + case SOCK_DGRAM: + proto = PP2_PROTO_DGRAM; + break; + + default: + proto = PP2_PROTO_UNSPEC; + break; + } + header[13] = (addr_fam << 4) | proto; /* TLV is currently not implemented */ diff --git a/src/openvpn/socket.h b/src/openvpn/socket.h index 465d92ba..3578b3c3 100644 --- a/src/openvpn/socket.h +++ b/src/openvpn/socket.h @@ -69,6 +69,7 @@ struct openvpn_sockaddr struct sockaddr sa; struct sockaddr_in in4; struct sockaddr_in6 in6; + struct sockaddr_un un; } addr; };