From patchwork Tue Dec 13 22:54:28 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2906 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:622a:418d:b0:3a5:7962:c21f with SMTP id cd13csp3026125qtb; Tue, 13 Dec 2022 14:55:28 -0800 (PST) X-Google-Smtp-Source: AA0mqf4ozi+mp9xgzejZRGcp7ujTUFjMvvQ+l7GnHs4g0RwXPyAfEEbYtwxGmtFqYI3issiBXD5G X-Received: by 2002:aa7:858a:0:b0:56e:705e:3608 with SMTP id w10-20020aa7858a000000b0056e705e3608mr21011951pfn.31.1670972128307; Tue, 13 Dec 2022 14:55:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1670972128; cv=none; d=google.com; s=arc-20160816; b=T51h2MBfkLqHBIzVj8iqybzHtYxFT62eFqpKjzG108xhyLTvEKxU0NxZ1e39eU/PXr cyuqjDY9Po6QVbR0Mrg5PRIttvo3GlRx19Rsd9QFX8+NvoWhRVTMt3/R53gesmdVvf9J DS47S9XwGVL69AT4X3TfIRGh5HklkgWUOjOMTYh7atZX3xu0eEiaqmsA+Ls6QJdDvjNY iwdZ7zvEQ+CZ9ruldjlhi2SiBlaqAIiaI+8dipnpXIwGeJeuIYPhWEyI4JHUVPCZA8ny CUMw/L5SwJOdbtbRyuKMPOMTT7xiUI35rLRWQYKxoAoGgjVkFRdEIh2BYOjgKwGeyozl WSPA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:dkim-signature; bh=/zUzi2kY6b4e7n/RZxHe4OrP/i84Pb9OyNVlzzotRc0=; b=LeDqED3S3Q9J4SxXOr16U+JUTP09b2hTOle7xWZSEy/kkFQADqFspb6fRJCLuYUEDc C5oYDCcxoFzS7HwC/MLLMPzls2YjYU1pGpye7AFM7N2dlB2wFPHN2uGbgp07S7F8pd9l XOp5S7V51LCkKFJnoKCGusrup6h8qUYxqST5Aj7tdYvVKP8UFDRwjHCN+eY2l2eKgHbv WOQDXp5mdHFLZO6eAP4xq0LRGlWbXMWxZR6T6AwaoIcU183wr8bcBWzTip3HI5zaLu76 5TFDxPE9VQcs8VB/6QvGgbitHstJrFEpHwOSs/zcTdqiUBdGvP4ogsyuPwXqSLLL9S03 zIVQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=LzNeJfUq; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=Guj2DPeM; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id a2-20020aa79702000000b0056aff71af29si13062894pfg.209.2022.12.13.14.55.28 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Dec 2022 14:55:28 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=LzNeJfUq; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=Guj2DPeM; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1p5EAZ-0002g0-U4; Tue, 13 Dec 2022 22:54:39 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1p5EAY-0002ft-Fg for openvpn-devel@lists.sourceforge.net; Tue, 13 Dec 2022 22:54:38 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=2AXmbGMUDXvGhr5YMHtxYN19VsPKAq1cAjHynTVCTAY=; b=LzNeJfUqEABxDTwq4WR+bG4MKH oXx8SFJ6jXCWd6gkLyXaQgIzQOxGxNhqAPyhB38Bow8FMb/+thfyYU+HrbIupnB3gYF4Xp46T8tIj yTjohYVSB9ZT7cBLkpNn1I7cVO2ijaS00ODKgsIVOnc8B7wNuKl7ECIUyPZiSiClO/wU=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:To:From: Sender:Reply-To:Cc:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=2AXmbGMUDXvGhr5YMHtxYN19VsPKAq1cAjHynTVCTAY=; b=G uj2DPeMsMYPp+7BLbL7T9YGnYGVBZ27lvNYlNCMR3ATJmzyoIF2Y8S9/lh8P1fPBXpNKu5KQ3QkD5 7OQ1ae2nXWmkwlp/NoFJBx9wi8Bm7dAXUVXJOj3/U1ZWlDQDnpjJ/HZTrb2lruiC7y/TJ8BujN6X/ bU7IHKU3xebbYbLc=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1p5EAX-00GILw-TP for openvpn-devel@lists.sourceforge.net; Tue, 13 Dec 2022 22:54:38 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1p5EAQ-0009ly-Em for openvpn-devel@lists.sourceforge.net; Tue, 13 Dec 2022 23:54:30 +0100 Received: (nullmailer pid 1892986 invoked by uid 10006); Tue, 13 Dec 2022 22:54:30 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Tue, 13 Dec 2022 23:54:28 +0100 Message-Id: <20221213225430.1892940-1-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Spam-Score: 0.3 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Signed-off-by: Arne Schwabe --- src/openvpn/dco.c | 18 ++++++++++++++---- src/openvpn/dco_linux.c | 10 ++++++++-- 2 files changed, 22 insertions(+), 6 deletions(-) diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c index feb38cd02..2396bcbf0 100644 --- a/src/openvpn/dco.c +++ b/src/openvpn/dco.c @@ -55,8 +55,8 @@ dco_install_key(struct tls_multi *multi, struct k [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-Headers-End: 1p5EAX-00GILw-TP Subject: [Openvpn-devel] [PATCH 1/3] Improve debug logging of DCO swap key message and Linux dco_new_peer X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1752141270420864169?= X-GMAIL-MSGID: =?utf-8?q?1752141270420864169?= Signed-off-by: Arne Schwabe Acked-by: Antonio Quartulli --- src/openvpn/dco.c | 18 ++++++++++++++---- src/openvpn/dco_linux.c | 10 ++++++++-- 2 files changed, 22 insertions(+), 6 deletions(-) diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c index feb38cd02..2396bcbf0 100644 --- a/src/openvpn/dco.c +++ b/src/openvpn/dco.c @@ -55,8 +55,8 @@ dco_install_key(struct tls_multi *multi, struct key_state *ks, const char *ciphername) { - msg(D_DCO_DEBUG, "%s: peer_id=%d keyid=%d", __func__, multi->dco_peer_id, - ks->key_id); + msg(D_DCO_DEBUG, "%s: peer_id=%d keyid=%d, currently installed %d", + __func__, multi->dco_peer_id, ks->key_id, multi->dco_keys_installed); /* Install a key in the PRIMARY slot only when no other key exist. * From that moment on, any new key will be installed in the SECONDARY @@ -181,8 +181,18 @@ dco_update_keys(dco_context_t *dco, struct tls_multi *multi) */ if (primary->dco_status == DCO_INSTALLED_SECONDARY) { - msg(D_DCO_DEBUG, "Swapping primary and secondary keys, now: id1=%d id2=%d", - primary->key_id, secondary ? secondary->key_id : -1); + if (secondary) + { + msg(D_DCO_DEBUG, "Swapping primary and secondary keys to " + "primary-id=%d secondary-id=%d", + primary->key_id, secondary->key_id); + } + else + { + msg(D_DCO_DEBUG, "Swapping primary and secondary keys to" + "primary-id=%d secondary-id=(to be deleted)", + primary->key_id); + } int ret = dco_swap_keys(dco, multi->dco_peer_id); if (ret < 0) diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c index 109358205..fbd940c28 100644 --- a/src/openvpn/dco_linux.c +++ b/src/openvpn/dco_linux.c @@ -216,9 +216,15 @@ dco_new_peer(dco_context_t *dco, unsigned int peerid, int sd, struct sockaddr *localaddr, struct sockaddr *remoteaddr, struct in_addr *remote_in4, struct in6_addr *remote_in6) { - msg(D_DCO_DEBUG, "%s: peer-id %d, fd %d", __func__, peerid, sd); - struct gc_arena gc = gc_new(); + const char *remotestr = "[undefined]"; + if (remoteaddr) + { + remotestr = print_sockaddr(remoteaddr, &gc); + } + msg(D_DCO_DEBUG, "%s: peer-id %d, fd %d, remote addr: %s", __func__, + peerid, sd, remotestr); + struct nl_msg *nl_msg = ovpn_dco_nlmsg_create(dco, OVPN_CMD_NEW_PEER); struct nlattr *attr = nla_nest_start(nl_msg, OVPN_ATTR_NEW_PEER); int ret = -EMSGSIZE;