From patchwork Fri Dec 20 17:12:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "ralf_lici (Code Review)" X-Patchwork-Id: 4008 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:998b:b0:5e7:b9eb:58e8 with SMTP id d11csp2484906mav; Fri, 20 Dec 2024 09:12:59 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCX70r+nj8kNTAi14ac8QXvlTWmuwYIE6UQbrqKlHa2SXQWMZmqfYOZXQhkXMrYJ2NISgNEVSbZ+DgE=@openvpn.net X-Google-Smtp-Source: AGHT+IHBDtO65ajfuFdXQqQN9LZstEBOHhIQPIdLTePkUuhr7dVurdojeWZAXI3g+D1uN8gw9Ujy X-Received: by 2002:a05:6820:4cc4:b0:5f2:c518:bace with SMTP id 006d021491bc7-5f62e7759fbmr2117616eaf.3.1734714779579; Fri, 20 Dec 2024 09:12:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1734714779; cv=none; d=google.com; s=arc-20240605; b=K20rV3nCHS4DB7n2ZnOfQsPruybU8sGfFxoslVjYXA+mlN77eQOTOXu3NU37QhWKqC C1GmWfVp25yiMmLn/s/PduhIqsO0gdyz29L1SWaEBQdEem1O0pEMAGLt7vsRuyq7nQge AKViz2ZUu0BloSwQmZ+9WsrS78kSGsxL4Qs+pXmeHTtAh3o6GJ/qyzXAFWiEBC5D3jzI dul6Bwc5qYX9MMjpVwv7kHiZcMCiVGrLK+TTAsp7v3CnpxGqSlMWLtj+ariwOwAqrxQw VM4BQt00xu5y74Yr5Sj/u1yJx96TRUxFzDheka7RCt+KJ3RL7SLERoXxSWFp4IgHeg/Y SfhQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=o1J4eWH37b1wBg9nnvEmQK3rHsn+0S8B86sUPrAjMZI=; fh=U7wEyxtwz2o5+UdevFSA47vNeG9knhWH0KV//QhD5a0=; b=Fx1sOhPlbAiJrlKzJ1yJBTd6wP+prRdMqx1RtY32m3E4tXAksL6MhE4mBuxExI7b9O k+79Od/o2u5f42gjSyHnTi9B7elJmi+kNX59dQmpW+crzfbmtIvwSqhHPTPPehI/AZVF rWBhlaHkA1EH/nYDmTZpLG4z8TGOahpmgFagI6Vjtwcy1UIzVzkxyv+0jbo/ImyFTJOA ZlT3LheFMbZ+UxiNz+SMMKzAqS3hGG9MJMjgQeyqx8slocDgisQBtS7Wb6vaxH6LSMzM mhuuu7HD+YDO3N6LLS2bsxP6PiroqBm63oO4hIBavHhmuOuXvd3fyvpKHnVCIVGiQwbR nhKw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=d4iFlcAS; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=MVmtuSjJ; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=b+QdM0mB; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 006d021491bc7-5f4db58b669si2635697eaf.23.2024.12.20.09.12.59 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 20 Dec 2024 09:12:59 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=d4iFlcAS; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=MVmtuSjJ; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=b+QdM0mB; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1tOgYX-0005KJ-FB; Fri, 20 Dec 2024 17:12:53 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tOgYW-0005KD-Il for openvpn-devel@lists.sourceforge.net; Fri, 20 Dec 2024 17:12:52 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Xl07/9F1jXIocrqNK0stb0xp2OAAANCxI+rh+zYZh4g=; b=d4iFlcAS7U2US13sUHsrXAy9Bk fny3DURi/DbCh/qJIybYZ9jU6rV4rfbKAe9QQNUnsvDjzXpsLOEmBYuVa0xHFtj2lZG+ygdITpsAd nEi1n7aGK04hdLvXd7eXtuQYvRvzQyeC4N3E3OsGLWlmQjaEZNJwLu7kO8qH+6ud01cw=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=Xl07/9F1jXIocrqNK0stb0xp2OAAANCxI+rh+zYZh4g=; b=M VmtuSjJCiWRwyhFSehPSsJkNdnypbt2ke6qSnhpAWtBq8WVLJY5ysFAZ2MeoRKKMvaCn6nP/YR/2s moiSASp8NVaR+hMFddmbyB/oLytKUKkjXhw/jQW9tPDHk7SR2cJjHY3+ENWk1FVUs5w/NXv5V9PzV cUKuWnXaji0z3scc=; Received: from mail-wm1-f47.google.com ([209.85.128.47]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1tOgYV-0002aa-DP for openvpn-devel@lists.sourceforge.net; Fri, 20 Dec 2024 17:12:52 +0000 Received: by mail-wm1-f47.google.com with SMTP id 5b1f17b1804b1-43618283dedso20777595e9.3 for ; Fri, 20 Dec 2024 09:12:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1734714760; x=1735319560; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=Xl07/9F1jXIocrqNK0stb0xp2OAAANCxI+rh+zYZh4g=; b=b+QdM0mBVLYyVtF5APLpDfiMpcrAQxsIFw9irZcggV+1WrWCGh3tXlqSDeqjN/sWFZ EMd0QnotvhoYcIt0OY5didEFUbS88fpalKwvsmHJlSz2YVhicIFFORSCUKD7T0T5WSrN PCGT/fCUfWnKq7xxZG4P532nehwkGM5SxW9e+nU9EWPh/jY420d6liatDWvYTfKBxMxn 4y8ympFgna/8Khb973gJXjAp5Y+ZtnL0dgpGL+ACr+INrEIvgvgwABpYg9QIpN83N5Nw QPFDSiydNFKSo11LwTDTC/TywAdCUG4er9Q85AuYoJcpwzRcjFY7gPCPthqKqWOUAJ9W pTqQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734714760; x=1735319560; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Xl07/9F1jXIocrqNK0stb0xp2OAAANCxI+rh+zYZh4g=; b=bq8n9h6pomueZnlkyMuJUEWoFjoT3o0ZGDai8nTqaVcaeHza9Ak6ccZnyTA/qZgjzm E3V5kHkpdlycUshaL/Ej8Q1ddK9/q4Fbt2njRK/nSKjhNGpZV4voVxjVIYAl2RkyQf07 NXfEPAPJohLY7A5EMNoS8t26sxum+pQkI0fizq1IO0VstqCFcReSUJx+uCyQeSenHkGS gfIApka1bQfsJP/cYsF+N7miHTWlcmIPfhNUnk3qFe11HNUju5nCMqV9AKrqXR6VKgrE kusPBy61GEfEc1LOAQZufGWENuO2NNSvqTMCumgJlrNrKhR5f4hwhMKCVrGEwFgy3Ig+ rQlQ== X-Gm-Message-State: AOJu0Yx0jPikAxb22fHO1odoS6btl/UngDVA2EuKBS3OpN0Q7Nwe49Xm KEA+5CV5WwoCJcuABDaxK8I9VpNusYCr2nzpIHyJvneoFEOmOIPVSK6/Y3o3vVQ= X-Gm-Gg: ASbGncvD3DuiCYHvDUSH8GHpLgVmJC76hzz6bVEmPW+uujSGXIJVDLOTXCyz5FRv9WG gjr58wccuIWGLXGO4OGraUzEOHehx45ENvYIIYby1I5tW5YZ64q/7qM4KhHnbP1CsnN8s3gcD/4 sWk13XF152SRC0Vc9BZtLc406gwGT5H9uYrxZK8LBwQkJ27P4nYjSedZmOLd9xeAeJJx09Ru8Q1 u0tCrF0nfLmwIScOTwYbp7A8IbHX/kQUrtVROPWw4aKckA0XNA4cuYddYfEwNTdLT9Dtc84J2FU yvowtKVhPkr7HaloO78YsS/mcc1yqOXMq0JANJsSug5OQ478 X-Received: by 2002:a7b:c3c7:0:b0:434:a90b:94fe with SMTP id 5b1f17b1804b1-4366fb89a04mr22561335e9.10.1734714759796; Fri, 20 Dec 2024 09:12:39 -0800 (PST) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-43656b3b271sm84231275e9.34.2024.12.20.09.12.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 20 Dec 2024 09:12:39 -0800 (PST) From: "ralf_lici (Code Review)" X-Google-Original-From: "ralf_lici (Code Review)" X-Gerrit-PatchSet: 1 Date: Fri, 20 Dec 2024 17:12:38 +0000 To: plaisthos , flichtenheld Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: I806757a8c6f9a589665624f176391b5f7b87f581 X-Gerrit-Change-Number: 844 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: 6f35e2e567e3cdf87b0c95c32fe2774fee850e98 References: Message-ID: <190e4fc84e79b0c54644bfc981daf36b5995a079-HTML@gerrit.openvpn.net> MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -1.3 (-) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit Content analysis details: (-1.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.128.47 listed in list.dnswl.org] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.128.47 listed in bl.score.senderscore.com] 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.128.47 listed in sa-accredit.habeas.com] -1.1 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.47 listed in wl.mailspike.net] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML X-Headers-End: 1tOgYV-0002aa-DP Subject: [Openvpn-devel] [S] Change in openvpn[master]: Fix float support in P2P topology X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ralf@mandelbit.com, arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net, frank@lichtenheld.com Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1818980284623388736?= X-GMAIL-MSGID: =?utf-8?q?1818980284623388736?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/844?usp=email to review the following change. Change subject: Fix float support in P2P topology ...................................................................... Fix float support in P2P topology Fix the handling of floating operations in P2P topology, where new UDP endpoints were previously ignored. When floating occurs, this update processes the new endpoints and updates the address if the `--float` option is specified or `--remote` is omitted. Since the same code path is used for clients in MP topology, this change also enables processing of server floating operations from the client perspective. Change-Id: I806757a8c6f9a589665624f176391b5f7b87f581 Signed-off-by: Ralf Lici --- M src/openvpn/forward.c 1 file changed, 23 insertions(+), 2 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/44/844/1 diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 2c72001..5feffba 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -1227,12 +1227,33 @@ { perf_push(PERF_PROC_IN_LINK); + struct gc_arena gc = gc_new(); + bool floated = false; struct link_socket_info *lsi = &sock->info; const uint8_t *orig_buf = c->c2.buf.data; + const struct link_socket_actual *incoming = &c->c2.from; + struct link_socket_actual *remote = c->c2.to_link_addr; + const sa_family_t family = incoming->dest.addr.sa.sa_family; - process_incoming_link_part1(c, lsi, false); - process_incoming_link_part2(c, lsi, orig_buf); + if (remote && (family == AF_INET || family == AF_INET6)) + { + floated = !link_socket_actual_match(incoming, remote); + } + if (process_incoming_link_part1(c, lsi, floated)) + { + if (floated && c->c2.buf.len > 0) + { + msg(D_LOW, "peer floated from %s to %s", + print_link_socket_actual(remote, &gc), + print_link_socket_actual(incoming, &gc)); + link_socket_set_outgoing_addr(lsi, &c->c2.from, NULL, c->c2.es); + tls_update_remote_addr(c->c2.tls_multi, incoming); + } + process_incoming_link_part2(c, lsi, orig_buf); + } + + gc_free(&gc); perf_pop(); }