From patchwork Tue Nov  8 04:14:07 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Arne Schwabe <arne@rfc2549.org>
X-Patchwork-Id: 2840
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director11.mail.ord1d.rsapps.net ([172.31.255.6])
	by backend30.mail.ord1d.rsapps.net with LMTP
	id QPeaCo1yamOqPwAAIUCqbw
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Tue, 08 Nov 2022 10:15:25 -0500
Received: from proxy10.mail.iad3b.rsapps.net ([172.31.255.6])
	by director11.mail.ord1d.rsapps.net with LMTP
	id 6H2ACo1yamOeegAAvGGmqA
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Tue, 08 Nov 2022 10:15:25 -0500
Received: from smtp14.gate.iad3b ([172.31.255.6])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy10.mail.iad3b.rsapps.net with LMTPS
	id aGOkA41yamP1ZwAA/F5p9A
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Tue, 08 Nov 2022 10:15:25 -0500
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: openvpnslackdevel@openvpn.net
X-Originating-Ip: [216.105.38.7]
Authentication-Results: smtp14.gate.iad3b.rsapps.net;
 iprev=pass policy.iprev="216.105.38.7";
 spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net"
 smtp.helo="lists.sourceforge.net";
 dkim=fail (signature verification failed) header.d=sourceforge.net;
 dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil;
 dis=none) header.from=rfc2549.org
X-Suspicious-Flag: YES
X-Classification-ID: 2a3990c2-5f78-11ed-8330-52540057873d-1-1
Received: from [216.105.38.7] ([216.105.38.7:34266]
 helo=lists.sourceforge.net)
	by smtp14.gate.iad3b.rsapps.net (envelope-from
 <openvpn-devel-bounces@lists.sourceforge.net>)
	(ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384)
	id A3/6A-05902-B827A636; Tue, 08 Nov 2022 10:15:23 -0500
Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com)
	by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1osQJ8-0002SR-QA;
	Tue, 08 Nov 2022 15:14:34 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
 by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
 (envelope-from <arne@kamera.blinkt.de>) id 1osQIw-0002Ra-UZ
 for openvpn-devel@lists.sourceforge.net;
 Tue, 08 Nov 2022 15:14:22 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id:
 Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=kkpNzBPc5lTHttK62LY3louKtqvUIxcsz+OAjSg0nug=; b=EaiAL5HHkFrOLXnQFmoseWN78z
 3zdPvyzVvlhrB8y3Q0EkTE//vHselbHogn0/1DMwMN2zZxcpvsJhLuVQpK94cwkshnXk6i3NKv5kU
 eQFIgzuOKgFCo5ckL6kIsqj8jkk2EbdsJ0MIpQUK29lCpe7X5opufxeEz+tRjJ/Z9L+c=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:To:From:
 Sender:Reply-To:Cc:Content-Type:Content-ID:Content-Description:Resent-Date:
 Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:
 References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:
 List-Owner:List-Archive; bh=kkpNzBPc5lTHttK62LY3louKtqvUIxcsz+OAjSg0nug=; b=b
 hhzJmrt3poViUKd3n2sV39HDNyuRZFZl/MPWe/4wnaRQxMwRrsMrg0RbPEZMWSPinUdS04eSaTdTm
 AMK545OGN6P5bfrBSHenVP4vq2mOuyK5BEO6cvH90omjGC2ms9D4SrjMPFxhHtFznnXH2ijszgQR8
 ql38tJern6LWxwwk=;
Received: from mail.blinkt.de ([192.26.174.232])
 by sfi-mx-1.v28.lw.sourceforge.com with esmtps
 (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95)
 id 1osQIs-00Gcms-MO for openvpn-devel@lists.sourceforge.net;
 Tue, 08 Nov 2022 15:14:19 +0000
Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c])
 by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD))
 (envelope-from <arne@kamera.blinkt.de>) id 1osQIh-0006tQ-70
 for openvpn-devel@lists.sourceforge.net;
 Tue, 08 Nov 2022 16:14:07 +0100
Received: (nullmailer pid 1132143 invoked by uid 10006);
 Tue, 08 Nov 2022 15:14:07 -0000
From: Arne Schwabe <arne@rfc2549.org>
To: openvpn-devel@lists.sourceforge.net
Date: Tue,  8 Nov 2022 16:14:07 +0100
Message-Id: <20221108151407.1132097-1-arne@rfc2549.org>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
X-Spam-Report: Spam detection software,
 running on the system "util-spamd-1.v13.lw.sourceforge.com",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: This allows a bit easier debugging when trying to figure
 what
 kind of packet triggered a reject/accpet. Signed-off-by: Arne Schwabe
 <arne@rfc2549.org>
 --- src/openvpn/mudp.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3
 deletions(-)
 Content analysis details:   (0.3 points, 6.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
 mail domains are different
 0.0 SPF_NONE               SPF: sender does not publish an SPF Record
X-Headers-End: 1osQIs-00Gcms-MO
Subject: [Openvpn-devel] [PATCH] Add packet type in accept/reject messages
 for HMAC packet
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox

This allows a bit easier debugging when trying to figure what kind
of packet triggered a reject/accpet.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
---
 src/openvpn/mudp.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c
index 4ab18b72c..7c6fc816e 100644
--- a/src/openvpn/mudp.c
+++ b/src/openvpn/mudp.c
@@ -148,14 +148,18 @@ do_pre_decrypt_check(struct multi_context *m,
         bool ret = check_session_id_hmac(state, from, hmac, handwindow);
 
         const char *peer = print_link_socket_actual(&m->top.c2.from, &gc);
+        uint8_t pkt_firstbyte = *BPTR( &m->top.c2.buf);
+        int op = pkt_firstbyte >> P_OPCODE_SHIFT;
+
         if (!ret)
         {
-            msg(D_MULTI_MEDIUM, "Packet with invalid or missing SID from %s", peer);
+            msg(D_MULTI_MEDIUM, "Packet (%s) with invalid or missing SID from %s",
+                packet_opcode_name(op), peer);
         }
         else
         {
-            msg(D_MULTI_DEBUG, "Valid packet with HMAC challenge from peer (%s), "
-                "accepting new connection.", peer);
+            msg(D_MULTI_DEBUG, "Valid packet (%s) with HMAC challenge from peer (%s), "
+                "accepting new connection.", packet_opcode_name(op), peer);
         }
         gc_free(&gc);