From patchwork Sat Jul 23 02:19:09 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 2603 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director12.mail.ord1d.rsapps.net ([172.27.255.58]) by backend30.mail.ord1d.rsapps.net with LMTP id wFjUAx7t22KCPgAAIUCqbw (envelope-from ) for ; Sat, 23 Jul 2022 08:44:14 -0400 Received: from proxy10.mail.iad3a.rsapps.net ([172.27.255.58]) by director12.mail.ord1d.rsapps.net with LMTP id mH3IAx7t22KOVAAAIasKDg (envelope-from ) for ; Sat, 23 Jul 2022 08:44:14 -0400 Received: from smtp3.gate.iad3a ([172.27.255.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy10.mail.iad3a.rsapps.net with LMTPS id IPQ7Nx3t22KnZgAAnQ/bqA (envelope-from ) for ; Sat, 23 Jul 2022 08:44:13 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp3.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=greenie.muc.de X-Suspicious-Flag: YES X-Classification-ID: 275f07b2-0a85-11ed-aa0b-525400af4d07-1-1 Received: from [216.105.38.7] ([216.105.38.7:35240] helo=lists.sourceforge.net) by smtp3.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 25/C4-19614-D1DEBD26; Sat, 23 Jul 2022 08:44:13 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1oFETT-0006Vl-A3; Sat, 23 Jul 2022 12:43:15 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1oFETS-0006VY-5d for openvpn-devel@lists.sourceforge.net; Sat, 23 Jul 2022 12:43:14 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=BIAqxVzyJcosbi9o5pYO11CEHKCVr4NwOYA+c8PtFOQ=; b=CkXhv6Wc6RKzofBDSIzYhR9iOC VfqEZg1wrJtIeKfoYxmld1w8+2dWQhVM1Bnk+sIPnldit5kWLmOjkvIKPRLYnFhkrfEWgK8RfiVyX AaPwEjTeSiQgQ6H9cLK4ZBQK43zHu5BxbaIN5KmfKw799aHt8RgRHPDyzA0Kklhfeq/Y=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=BIAqxVzyJcosbi9o5pYO11CEHKCVr4NwOYA+c8PtFOQ=; b=BDE01r+9LpHwy+woNdJTIZDr6S q23HJUC+hReaAVZpTviooPu7TEyLcuJatQ+Iz7nDltxoFbWiZ2yhYhXhLRh7TcNIljA6F+qN9LuOI PyVnsdvBuQS+lO+Pg8/gncqpDjduWV5RsCg/rU02q9VrkfVeZd4oHAoZdC+2adfTCFXg=; Received: from dhcp-174.greenie.muc.de ([193.149.48.174] helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1oFETN-000821-UG for openvpn-devel@lists.sourceforge.net; Sat, 23 Jul 2022 12:43:13 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.17.1/8.17.1) with ESMTP id 26NCJC0N022008 for ; Sat, 23 Jul 2022 14:19:12 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.17.1/8.17.1/Submit) id 26NCJC58022007 for openvpn-devel@lists.sourceforge.net; Sat, 23 Jul 2022 14:19:12 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Sat, 23 Jul 2022 14:19:09 +0200 Message-Id: <20220723121909.21943-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220607093619.23066-1-gert@greenie.muc.de> References: <20220607093619.23066-1-gert@greenie.muc.de> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: The new code to enable IPv6 extended error reporting will cause an error ("Protocol not available (errno=92)") if trying to enable that setsockopt() option on an IPv4-only socket. Fix: pass sock->info.af to set_sock_extended_error_passing(), only apply to AF_INET6 sockets. Content analysis details: (-0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1oFETN-000821-UG Subject: [Openvpn-devel] [PATCH v2] Fix error message about extended errors for IPv4-only sockets. X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox The new code to enable IPv6 extended error reporting will cause an error ("Protocol not available (errno=92)") if trying to enable that setsockopt() option on an IPv4-only socket. Fix: pass sock->info.af to set_sock_extended_error_passing(), only apply to AF_INET6 sockets. To make that work, ensure that sock->info.af is set to not only the value coming from config (which might be AF_UNSPEC) but to the actual value used in socket creation (credits: Arne Schwabe). Add comments to make explicit that the asymmetry here (IPv4 extended socket error reporting is enabled on all sockets) is intentional. Signed-off-by: Gert Doering Acked-By: Frank Lichtenheld --- v2: set sock->info.af in create_socket() (Arne Schwabe) --- src/openvpn/mtu.c | 13 +++++++++---- src/openvpn/mtu.h | 2 +- src/openvpn/socket.c | 6 +++++- 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c index 59b91798..f60f4853 100644 --- a/src/openvpn/mtu.c +++ b/src/openvpn/mtu.c @@ -413,17 +413,22 @@ exit: } void -set_sock_extended_error_passing(int sd) +set_sock_extended_error_passing(int sd, sa_family_t proto_af) { int on = 1; - /* see "man 7 ip" (on Linux) */ + /* see "man 7 ip" (on Linux) + * this works on IPv4 and IPv6(-dual-stack) sockets (v4-mapped) + */ if (setsockopt(sd, SOL_IP, IP_RECVERR, (void *) &on, sizeof(on)) != 0) { msg(M_WARN | M_ERRNO, "Note: enable extended error passing on TCP/UDP socket failed (IP_RECVERR)"); } - /* see "man 7 ipv6" (on Linux) */ - if (setsockopt(sd, IPPROTO_IPV6, IPV6_RECVERR, (void *) &on, sizeof(on)) != 0) + /* see "man 7 ipv6" (on Linux) + * this only works on IPv6 sockets + */ + if (proto_af == AF_INET6 + && setsockopt(sd, IPPROTO_IPV6, IPV6_RECVERR, (void *) &on, sizeof(on)) != 0) { msg(M_WARN | M_ERRNO, "Note: enable extended error passing on TCP/UDP socket failed (IPV6_RECVERR)"); diff --git a/src/openvpn/mtu.h b/src/openvpn/mtu.h index 9db6cf26..d4856f16 100644 --- a/src/openvpn/mtu.h +++ b/src/openvpn/mtu.h @@ -268,7 +268,7 @@ void alloc_buf_sock_tun(struct buffer *buf, #if EXTENDED_SOCKET_ERROR_CAPABILITY -void set_sock_extended_error_passing(int sd); +void set_sock_extended_error_passing(int sd, sa_family_t proto_af); const char *format_extended_socket_error(int fd, int *mtu, struct gc_arena *gc); diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index 4e4a3a2f..b4c20f69 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -1131,6 +1131,10 @@ create_socket(struct link_socket *sock, struct addrinfo *addr) { ASSERT(0); } + /* Set af field of sock->info, so it always reflects the address family + * of the created socket */ + sock->info.af = addr->ai_family; + /* set socket buffers based on --sndbuf and --rcvbuf options */ socket_set_buffers(sock->sd, &sock->socket_buffer_sizes); @@ -1949,7 +1953,7 @@ phase2_set_socket_flags(struct link_socket *sock) #if EXTENDED_SOCKET_ERROR_CAPABILITY /* if the OS supports it, enable extended error passing on the socket */ - set_sock_extended_error_passing(sock->sd); + set_sock_extended_error_passing(sock->sd, sock->info.af); #endif }