From patchwork Mon Aug 2 03:31:27 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 1903 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director15.mail.ord1d.rsapps.net ([172.27.255.55]) by backend30.mail.ord1d.rsapps.net with LMTP id 6JaLBP7zB2FGcwAAIUCqbw (envelope-from ) for ; Mon, 02 Aug 2021 09:32:46 -0400 Received: from proxy16.mail.iad3a.rsapps.net ([172.27.255.55]) by director15.mail.ord1d.rsapps.net with LMTP id 2Hx0BP7zB2EzFQAAIcMcQg (envelope-from ) for ; Mon, 02 Aug 2021 09:32:46 -0400 Received: from smtp22.gate.iad3a ([172.27.255.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy16.mail.iad3a.rsapps.net with LMTPS id MIP1OP3zB2FpBgAADc5QwQ (envelope-from ) for ; Mon, 02 Aug 2021 09:32:45 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp22.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=greenie.muc.de X-Suspicious-Flag: YES X-Classification-ID: 1e3da6ea-f396-11eb-833c-5254005ae9fe-1-1 Received: from [216.105.38.7] ([216.105.38.7:45898] helo=lists.sourceforge.net) by smtp22.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 20/58-12865-CF3F7016; Mon, 02 Aug 2021 09:32:45 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.92.3) (envelope-from ) id 1mAY2h-0000NS-Ni; Mon, 02 Aug 2021 13:31:43 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) (envelope-from ) id 1mAY2f-0000NL-U5 for openvpn-devel@lists.sourceforge.net; Mon, 02 Aug 2021 13:31:42 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=2NT+wcgGI1zVfht9AREm0E2Upg9MZTeIoLH29XiYBtY=; b=M9zFgMOLSS4zLLs+bKuBY+4t+q MoHX8L/wLkifRTP5mn8qYx3qV5iopaX9OXE71g7DIQPMokYcTC05GFTDyykOMIl10Gew2o59kQQt5 5c0sROB6RgdjR/0xEMD8dxYU9jVyh0VZk/Vhqrt9bHAURk5U9bhT9d128J5zvdnhPRh8=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:To:From: Sender:Reply-To:Cc:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=2NT+wcgGI1zVfht9AREm0E2Upg9MZTeIoLH29XiYBtY=; b=c 1IpyBIbiAZgQ3XxncWwClaSC5xdDWU2Y6l9+OdYbmepYHJ9DmVUDNn/4BOaRD2twyIN/yvT5x+UKk jlIr2mx7cnUwG5iJVDVgS9f44vKv3Illv4vm1G8Cn74B26/cRliu8znd/BAbW0fpbAY/KfmjXQ0Bq /ZfOtS7rBdYqE+3g=; Received: from dhcp-174.greenie.muc.de ([193.149.48.174] helo=blue.greenie.muc.de) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1mAY2d-00AI9G-Pl for openvpn-devel@lists.sourceforge.net; Mon, 02 Aug 2021 13:31:41 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.15.2/8.14.9) with ESMTP id 172DVSZv025048 for ; Mon, 2 Aug 2021 15:31:28 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.15.2/8.14.9/Submit) id 172DVSoQ025047 for openvpn-devel@lists.sourceforge.net; Mon, 2 Aug 2021 15:31:28 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Mon, 2 Aug 2021 15:31:27 +0200 Message-Id: <20210802133127.25000-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.26.3 MIME-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record 0.0 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1mAY2d-00AI9G-Pl Subject: [Openvpn-devel] [PATCH] Ignore --explicit-exit-notify in TCP mode. X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Mixed udp+tcp configs can not have --explicit-exit-notify in them today because this option is refused in TCP mode. At the same time, it was always possible to push the option both in UDP and TCP mode (with a warning logged in TCP mode, and the option reset to 0). Do the same thing for local config - warn, and reset to 0. (Leaving it enabled in TCP mode is harmless, but causes extra error messages in the log which is undesired behaviour. Maybe one should just fix the underlying logic for TCP mode instead, but this is more invasive) Signed-off-by: Gert Doering Acked-by: Antonio Quartulli --- src/openvpn/options.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 63cda1e8..7e146db9 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -2266,12 +2266,6 @@ options_postprocess_verify_ce(const struct options *options, } #endif - if (!proto_is_udp(ce->proto) && ce->explicit_exit_notification) - { - msg(M_USAGE, - "--explicit-exit-notify can only be used with --proto udp"); - } - if (!ce->remote && ce->proto == PROTO_TCP_CLIENT) { msg(M_USAGE, "--remote MUST be used in TCP Client mode"); @@ -2978,6 +2972,13 @@ options_postprocess_mutate_ce(struct options *o, struct connection_entry *ce) connection_entry_preload_key(&ce->tls_crypt_v2_file, &ce->tls_crypt_v2_file_inline, &o->gc); } + + if (!proto_is_udp(ce->proto) && ce->explicit_exit_notification) + { + msg(M_WARN, "NOTICE: --explicit-exit-notify ignored for --proto tcp"); + ce->explicit_exit_notification = 0; + } + } #ifdef _WIN32