| Message ID | 20191020150039.21516-1-gert@greenie.muc.de |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [Openvpn-devel] Force combinationation of --socks-proxy and --proto UDP to use IPv4. | expand |
Hi, On 20/10/2019 17:00, Gert Doering wrote: > Our current socks.c code does not handle IPv6 + UDP mode (socket > negotiated with server is IPv4-only, addresses passed in the > packets are IPv4-only). If this combination is specified, print > an explanatory message and force IPv4-only. > > While at it, extend socks.c code to print address+port of auxiliary > UDP connection to SOCKS server (helps debugging). > > Trac: #1221 > > Signed-off-by: Gert Doering <gert@greenie.muc.de> I performed some basic test to ensure the rest is not being broken by this change and it all looks good. The patch does just what it says and it makes sense. I cannot test with an actual socks server, but Gert said he did so and I trust his test rig. I ensured that the "Force IPv4" was being performed when needed and it did so. Acked-by: Antonio Quartulli <antonio@openvpn.net>
Patch has been applied to the master and release/2.4 branch (bugfix).
commit 57623b4e40e68de983b9dfd82914dadcbe096f7b (master)
commit bdfa0d3540b7836f72dc5f2ddb8239154d152061 (release/2.4)
Author: Gert Doering
Date: Sun Oct 20 17:00:39 2019 +0200
Force combinationation of --socks-proxy and --proto UDP to use IPv4.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <20191020150039.21516-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18952.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
--
kind regards,
Gert Doering
diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 752f5f2c..1da14e8b 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -2825,6 +2825,24 @@ options_postprocess_mutate_ce(struct options *o, struct connection_entry *ce) #endif } + /* our socks code is not fully IPv6 enabled yet (TCP works, UDP not) + * so fall back to IPv4-only (trac #1221) + */ + if (ce->socks_proxy_server && proto_is_udp(ce->proto) && ce->af != AF_INET) + { + if (ce->af == AF_INET6) + { + msg(M_INFO, "WARNING: '--proto udp6' is not compatible with " + "'--socks-proxy' today. Forcing IPv4 mode." ); + } + else + { + msg(M_INFO, "NOTICE: dual-stack mode for '--proto udp' does not " + "work correctly with '--socks-proxy' today. Forcing IPv4." ); + } + ce->af = AF_INET; + } + /* * Set MTU defaults */ diff --git a/src/openvpn/socks.c b/src/openvpn/socks.c index c61ef55c..ad3a70b2 100644 --- a/src/openvpn/socks.c +++ b/src/openvpn/socks.c @@ -414,6 +414,10 @@ recv_socks_reply(socket_descriptor_t sd, { memcpy(&addr->addr.in4.sin_addr, buf + 4, sizeof(addr->addr.in4.sin_addr)); memcpy(&addr->addr.in4.sin_port, buf + 8, sizeof(addr->addr.in4.sin_port)); + struct gc_arena gc = gc_new(); + msg(M_INFO, "SOCKS proxy wants us to send UDP to %s", + print_sockaddr(addr, &gc)); + gc_free(&gc); }
Our current socks.c code does not handle IPv6 + UDP mode (socket negotiated with server is IPv4-only, addresses passed in the packets are IPv4-only). If this combination is specified, print an explanatory message and force IPv4-only. While at it, extend socks.c code to print address+port of auxiliary UDP connection to SOCKS server (helps debugging). Trac: #1221 Signed-off-by: Gert Doering <gert@greenie.muc.de> --- src/openvpn/options.c | 18 ++++++++++++++++++ src/openvpn/socks.c | 4 ++++ 2 files changed, 22 insertions(+)