From patchwork Wed Jan 11 06:29:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 2992 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp4171731dyk; Tue, 10 Jan 2023 22:30:26 -0800 (PST) X-Google-Smtp-Source: AMrXdXtIfDBTMR/Y9tOcjAF0oqlxrm3Cas5fFQ1iPMCCB6sJbWTVdSAcaA8CrMiaRXij+r9lnnEu X-Received: by 2002:a17:902:e18b:b0:194:3f40:69b3 with SMTP id y11-20020a170902e18b00b001943f4069b3mr3953223pla.31.1673418625932; Tue, 10 Jan 2023 22:30:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1673418625; cv=none; d=google.com; s=arc-20160816; b=O2B1RiKsqfXooa29bP2CfcWABThtKLEnQv5IwlERHcq5ZxeiKuqSiieLoy9+fLnQUR Uok2aY9L39mJcQi0a21OS3AXg2t3BRwA6bSMDIa7hqEGhKVQKJ5vgRwCJNCpxb3LUTVX w6fLEaMqo8UAx3Btesm/HE1FSVcFGuwJD+XpVsaOjQkp3JKwRQ0+LPnjWySs1BouEten Zv+BqgItkeHTNbrj08lkPwSCGjc2+etDhKKS8+mN8JKijvP6wEdMRYPevzjRYVY3u2HZ p2HC2XNB6dJyXD05AiCDNO7TJu80vv3YXhOpvVvovZ2mc/2lrNcAuOU7rPKRudq3Kuo7 zUog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:dkim-signature :dkim-signature; bh=WIp1PBjSAA7vSZH0OuHSd7C/XHQ7J/C+FMBVglCHBoY=; b=0zlUErNaRyvMOH8sk0m/pFeTzuwqvgB1e8ClrQt27VLGLltmI5QDUISOc+0Df5Z3mw CUI0R9sE8XE4+rpWonKGoV3gDmnwaWPxKf4GbytjVjHWPi+UEWe49Cz7+iP4OmIulqiE vjFN+SnybM+6/yJ4y4HAbVOs12RTbbkFeLwvabBFLFrpSJcezlXnnvv1WG/XUQBIkVzx poBo0YLyyY7oSx3Tw2oUIMKWNCUXr/MGGb/SwS+GAXv4zzTwcWTpso3AKEmmCGNRf56e u/sbB7p1EQ0ZrKjCKOjWCWU1rDzBJm/BLjP1dF4I9RH2NFe5XyocZIJg+6fdFDYVPTNt ieaw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=H3sCXAys; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=dVnXbEpm; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=UTtKR8Uu; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id z9-20020a170902834900b0018929921900si12573896pln.80.2023.01.10.22.30.25 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 10 Jan 2023 22:30:25 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=H3sCXAys; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=dVnXbEpm; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=UTtKR8Uu; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pFUcX-0008B9-H6; Wed, 11 Jan 2023 06:29:56 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pFUcW-0008B2-1P for openvpn-devel@lists.sourceforge.net; Wed, 11 Jan 2023 06:29:55 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=3JltkxkFRH7iJCUC2czeU7YfC94fvruHzJr7H+1xGEk=; b=H3sCXAys1TEJzvhK49zEEe9ZTk wx9UH6wCN/l33GkVgMVIQ32SA67FdO17vvZVMf4fSPiRTD/muYsL1iMIpwUXh0lFR8FAGNTLo2+37 O3eNkMV/1BnLWeHKFmg6oEo9fdTFnHf5dpUIqKmQifgmBr5H8EhzbgNPNn4sk1U7KEZ0=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=3JltkxkFRH7iJCUC2czeU7YfC94fvruHzJr7H+1xGEk=; b=d VnXbEpmoeKPxDLQogssVZ/CKyqimu4zAt2e3ldFFZHMCVdRdXioV+dyA/SvKYAcVmP0INMiw2alxO RXffryO0O7dOlpO4A0MUT3NVtGREPrV3ZBQuQopOEAn/BBRdNMZ/6GNqNw9noxcNY6fxtMo940mtW XQSnYRrFrLuIHsFg=; Received: from mail-io1-f42.google.com ([209.85.166.42]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1pFUcU-00Dc6G-Kd for openvpn-devel@lists.sourceforge.net; Wed, 11 Jan 2023 06:29:55 +0000 Received: by mail-io1-f42.google.com with SMTP id r72so7241740iod.5 for ; Tue, 10 Jan 2023 22:29:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=3JltkxkFRH7iJCUC2czeU7YfC94fvruHzJr7H+1xGEk=; b=UTtKR8UuBrcSAp56HN1kKDApaPLVqWbalu0eQjM6ABdRenM1uVL2k/5nDo8k4LeghM uoWS/brs2USqxEq/AI1GIWbm6EKX8AdI13G2prVA/gNfmGz7Yi9hEi7QdbqNirBx/GwM qrgDVwZ6c8zjwZVhOWgZbZVU+Lvy9iZBHO4sK0gJBpMrSwaxNz7U8wnMYehaI14MxZlr Xo8/VHq3AIzz/Hk7EfKjLjZsT+indLPCARyWSo8uoUJKfiG5T+wgS46SV7Q1MbOq4vsA 244TkgML7P7TBdvhn9cAo032KkYZeMDmMi/7SD7CCkR/UNdHZDdFmQ4f8xKPPOpVk6ae SzKg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=3JltkxkFRH7iJCUC2czeU7YfC94fvruHzJr7H+1xGEk=; b=EldUkSfg6KhbP91QwnQ2UvJzuVR/9hwVAXaxy4DpQnYyeU2Ah5CLZcbXlIUV37BzEt pFUWzZcM18kDWsHQQxyrLL3BB+JaIwdixRDaVa0e5s7RQwUb9qyqb2KEbFhGcPkAx2Fy 8lCnEeL5zOnRpar5mRxd/XSPeAcUUoMHiEBN+b+1aZyK6FqTjHfFSHr0HDh1dp2QGWp1 9N/Q7xcuwKtivfMyEd9tIdX0WmGKZp6i47YYwfoXlSn+QycZfHJ2aijIAzF42re41C10 9lsol7ZJxommKBQCQZ1ifGymfk/luA5++Fem+rk9hO/3S8//zpI4xlLFKnNOSG60T7qc zREQ== X-Gm-Message-State: AFqh2krus+FPeS6cXzjvwWOTfh1AtxHPaNf1dPuu5GWee1IHWvaurvES S126oR82MH1+XMRCPQPAuM9Ih5Qex5s= X-Received: by 2002:a6b:7702:0:b0:6e2:d3f7:3b60 with SMTP id n2-20020a6b7702000000b006e2d3f73b60mr8964911iom.2.1673418588771; Tue, 10 Jan 2023 22:29:48 -0800 (PST) Received: from uranus.sansel.ca (bras-vprn-tnhlon4053w-lp130-01-70-51-222-66.dsl.bell.ca. [70.51.222.66]) by smtp.gmail.com with ESMTPSA id x20-20020a0566380cb400b0039e6a310d4csm3633432jad.110.2023.01.10.22.29.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Jan 2023 22:29:48 -0800 (PST) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Wed, 11 Jan 2023 01:29:10 -0500 Message-Id: <20230111062910.1846688-1-selva.nair@gmail.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Selva Nair - The response to the management command "remote-entry-get" is amended to include the status of the remote entry. The status reads "disabled" if (ce->flag & DISABLED) is true, "enabled" otherwise. Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [selva.nair[at]gmail.com] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.166.42 listed in wl.mailspike.net] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.166.42 listed in list.dnswl.org] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1pFUcU-00Dc6G-Kd Subject: [Openvpn-devel] [PATCH] Include CE_DISABLED status of remote in "remote-entry-get" response X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1754706609205999126?= X-GMAIL-MSGID: =?utf-8?q?1754706609205999126?= From: Selva Nair - The response to the management command "remote-entry-get" is amended to include the status of the remote entry. The status reads "disabled" if (ce->flag & DISABLED) is true, "enabled" otherwise. - Update and correct the description of this option in management-notes.txt Example responses: In response to "remote-entry-get 0" 0,vpn.example.com,udp,enabled END Or, in response to "remote-entry-get all" 0,vpn.example.org,udp,enabled 2,vpn.example.net,tcp-client,disabled 1,vpn.example.com,udp,enabled END This helps the management client to show only enabled remotes to the user. An alternative would require the UI/GUI to have knowledge of what makes the daemon set CE_DISABLED (--proto-force, --htttp-proxy-override etc.). Signed-off-by: Selva Nair Acked-by: Gert Doering --- doc/management-notes.txt | 23 +++++++++++++---------- src/openvpn/init.c | 8 +++++--- 2 files changed, 18 insertions(+), 13 deletions(-) diff --git a/doc/management-notes.txt b/doc/management-notes.txt index 6daa811a..34f301db 100644 --- a/doc/management-notes.txt +++ b/doc/management-notes.txt @@ -806,9 +806,12 @@ COMMAND -- remote-entry-get (OpenVPN 2.6+ management version > 3) remote-entry-get [] -Retrieve remote entry (host, port and protocol) for index - or indices from to +1. Alternatively - = "all" retrieves all remote entries. +Retrieve remote entry (host, port, protocol, and status) for index + or indices from to -1. Alternatively + = "all" retrieves all remote entries. The index is 0-based. +If the entry is disabled due to protocol or proxy restrictions +(i.e., ce->flag & CE_DISABLED == 1), the status is returned as "disabled", +otherwise it reads "enabled" without quotes. Example 1: @@ -818,8 +821,8 @@ Example 1: OpenVPN daemon responds with - 1,vpn.example.com,1194,udp - END + 1,vpn.example.com,1194,udp,enabled + END Example 2: @@ -829,8 +832,8 @@ Example 2: OpenVPN daemon responds with - 1,vpn.example.com,1194,udp - 2,vpn.example.net,443,tcp-client + 1,vpn.example.com,1194,udp,enabled + 2,vpn.example.net,443,tcp-client,disabled END Example 3: @@ -840,9 +843,9 @@ Example 3: OpenVPN daemon with 3 connection entries responds with - 1,vpn.example.com,1194,udp - 2,vpn.example.com,443,tcp-client - 3,vpn.example.net,443,udp + 0,vpn.example.com,1194,udp,enabled + 1,vpn.example.com,443,tcp-client,enabled + 2,vpn.example.net,443,udp,enabled END COMMAND -- remote (OpenVPN AS 2.1.5/OpenVPN 2.3 or higher) diff --git a/src/openvpn/init.c b/src/openvpn/init.c index fc1943bc..c8651232 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -353,13 +353,15 @@ management_callback_remote_entry_get(void *arg, unsigned int index, char **remot { struct connection_entry *ce = l->array[index]; const char *proto = proto2ascii(ce->proto, ce->af, false); + const char *status = (ce->flags & CE_DISABLED) ? "disabled" : "enabled"; - /* space for output including 2 commas and a nul */ - int len = strlen(ce->remote) + strlen(ce->remote_port) + strlen(proto) + 2 + 1; + /* space for output including 3 commas and a nul */ + int len = strlen(ce->remote) + strlen(ce->remote_port) + strlen(proto) + + strlen(status) + 3 + 1; char *out = malloc(len); check_malloc_return(out); - openvpn_snprintf(out, len, "%s,%s,%s", ce->remote, ce->remote_port, proto); + openvpn_snprintf(out, len, "%s,%s,%s,%s", ce->remote, ce->remote_port, proto, status); *remote = out; } else