From patchwork Tue Feb 7 08:53:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lev Stipakov X-Patchwork-Id: 3053 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp3791658dyk; Tue, 7 Feb 2023 00:54:55 -0800 (PST) X-Google-Smtp-Source: AK7set9voZh0vyBRcJcLYR9Yc8gdGeII9iznFiLVQlsNCW4BCQ1rwUHMwPdHgA2G5GVK4H4znMXC X-Received: by 2002:a05:6a20:9389:b0:bc:c469:fd6c with SMTP id x9-20020a056a20938900b000bcc469fd6cmr3407531pzh.1.1675760095064; Tue, 07 Feb 2023 00:54:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1675760095; cv=none; d=google.com; s=arc-20160816; b=iXSHxcYIHhYr8MJFLEUYPdxU/VVs2+UWNhAmRKy7h44Nlz71fnftsdEKwfRspM3gnu Z7yKXhAUTVdUYVfDIukXB0gPskfOf4NJr3aWjnjVreYPuHOaX5rTxmlsYLWzZFJ/8cwD 7YOe+HydLlDws6Zaxm5Unqs1/7ZuzhSQs0IxdaXGuENUPDcZHBakerQeDSHQedhqE9+u P68nn+dGY568qdBZKtydo6Ol2xl8khEncKOifW7RPnbynqRJ83FFaSPU+AzOGQSPYuKJ ac5sV0Pfzp51ofGRFIEYo8LcwSkp4FwoevL+cs5Q1tW72GWsy94Wiss5VdpjW8smH084 uU7A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:dkim-signature :dkim-signature; bh=J36IQ29YITJvVYcejh5ga/G2LebVXG014P6XgJPdlso=; b=a0A8qxMTun/X2p+j04B86AGrIxOhLS81Cyh/XlGwibyS/4jva3lMyd0eJAoqWCDVfx VJvDpj1yaifQONp2wmTDUmwXjetSbBw/Hv3ihbqYLjR9mLYECxuC+kK1iAILvPo+cdD3 Kq1Kb6NFVRwMX0X4exhOsaXzJL5IcSjAb0ent8/sn3sBP4bpLqW6k8RwbuY1/Zs1kv8s KSq5GOfbfm5poMRUzU1vZVdD6zSHZ2KDuorbaPEjJCWH9zs0ykHLPz26ydtFAdAAU0kT XpOAJm7oVXMsgYk/aVqbDsaTeSZULTjlQEvQCWhjFKwDQm9m0gLOA+YRgxRhR/l3OgDO zdGw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=JNr4LqC6; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=ToQXdkjM; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=DikYPHBU; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id e30-20020a63745e000000b004fb02bdd86fsi3586163pgn.814.2023.02.07.00.54.54 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 07 Feb 2023 00:54:55 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=JNr4LqC6; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=ToQXdkjM; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=DikYPHBU; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pPJkG-0006r7-9L; Tue, 07 Feb 2023 08:54:30 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pPJkF-0006r1-0x for openvpn-devel@lists.sourceforge.net; Tue, 07 Feb 2023 08:54:29 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=cBt/9fQa+hafKstriXfiUa1O2TaIZ8uMNh3DjQzkEwA=; b=JNr4LqC6Ck96DNTZkcAYhyP2CN hv5r024+1NOWwJJP3PRjRJgaziwTD8W7NT7bQ3QrE1Xc/v7xUyQ+Swj4+Ldtk6s+Dl6HstLkTYcHS HZJ8+LUiJT1Fcot/zzxitfQokcC81AxoURtnz2mkTZyxpi5/SZMyy0XilHyU7+d6OVvE=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=cBt/9fQa+hafKstriXfiUa1O2TaIZ8uMNh3DjQzkEwA=; b=T oQXdkjMhe8SSFsSrw1+kIE7SMUdg1FZvAhQNTx3+Cfy1Uef8uJWysbSq7blp1dryplNH5JhQ52TBW h3/SCWzn+f6iySE4DesY88SA/PQP1FQ+JkM7/GXLbCApsYvI5zfrBgQz+Hry2L6Iy4cAdqSbJ7xZo dqlfzp8WQLsuzFxI=; Received: from mail-io1-f44.google.com ([209.85.166.44]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1pPJk7-0005x7-Qf for openvpn-devel@lists.sourceforge.net; Tue, 07 Feb 2023 08:54:28 +0000 Received: by mail-io1-f44.google.com with SMTP id y7so5401509iob.6 for ; Tue, 07 Feb 2023 00:54:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=cBt/9fQa+hafKstriXfiUa1O2TaIZ8uMNh3DjQzkEwA=; b=DikYPHBUQ1yXXD0z0cULUtSWgYDJ4UfZ3JEaMang9CSmoP08yl4dB8v4c7Uuoh49aj orweyegIEfd1I1u1h34hoOnGA9W+F1cBIrMjOqYnlInjTy6uAfoWRKWv0X7GeBKnltqT xzLPuZ1lOEIY5Cgq+Fj77pynt2/v6GtBTuBAKVssO/xU6sq6ZgBWOZ25OgowfszgWaql k2qS0bJpq1JQaYu6vpZloSWnaxylUZfz+UZRiZYXOMXUHb2sEB2jLnDCr6OtLG6jVLJ3 YzTAvw7CB2ul3NZwDeS/vISkfzp8It6x5Bx+v6hV5Ix16bjkPZHFzhH2vf0PEfAdDidH yweA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=cBt/9fQa+hafKstriXfiUa1O2TaIZ8uMNh3DjQzkEwA=; b=HpbDipVv0ft1Wf0mvR0vXL9eC7ATVYGAAyJ5MR1Fcd1DYfTkYDPCqqERxkz+LnJAye 2bTCXVdFpULqceaKd3aSua32kLOEdYoBsk0rxj29eseLvmNRxey9NtZL9FMlFYdMBQl4 K3wq7srj+zrUmGgVwXdm3xyK5TXU2jXrz8DK76/6RPt9BA9rLKdlU+RaUfHA7q7A/dHf XuVkOZ0d9++bO+zNJ1oNWeZsYtb5+rCPS9gRlCP4KRvaba+sm7t5A6wkqBI6KcmiFYbf HexDqQbR/wyAIKPTyetotC6BW2AdkHDBi5X8fvDHhZj3O0n80vT7uPZtzU1d6arn1jK2 89zA== X-Gm-Message-State: AO0yUKXheHN6ipljIAzjxNuevuOJ4YUC98yZYPvk4HYR3XiB31IGY5AI IwfAyqiViNlOBCOBxtXWyaFNhDDpd3o= X-Received: by 2002:a6b:fd14:0:b0:71e:ea4a:cad2 with SMTP id c20-20020a6bfd14000000b0071eea4acad2mr2043167ioi.21.1675760058719; Tue, 07 Feb 2023 00:54:18 -0800 (PST) Received: from localhost.localdomain (nat4.panoulu.net. [185.38.2.4]) by smtp.gmail.com with ESMTPSA id b13-20020a5d8d8d000000b006e00e8f0e76sm3792994ioj.40.2023.02.07.00.54.17 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 07 Feb 2023 00:54:18 -0800 (PST) From: Lev Stipakov To: openvpn-devel@lists.sourceforge.net Date: Tue, 7 Feb 2023 10:53:39 +0200 Message-Id: <20230207085339.1492-1-lstipakov@gmail.com> X-Mailer: git-send-email 2.23.0.windows.1 MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Lev Stipakov Followin DHCP options: DOMAIN, ADAPTER_DOMAIN_SUFFIX, DNS, WINS Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [lstipakov[at]gmail.com] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.166.44 listed in wl.mailspike.net] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.166.44 listed in list.dnswl.org] -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1pPJk7-0005x7-Qf Subject: [Openvpn-devel] [PATCH release/2.6] Allow certain DHCP options to be used without DHCP server X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Lev Stipakov Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1757161817261485985?= X-GMAIL-MSGID: =?utf-8?q?1757161817261485985?= From: Lev Stipakov Followin DHCP options: DOMAIN, ADAPTER_DOMAIN_SUFFIX, DNS, WINS don't require DHCP server in order to be used. This change allows those options to be used with dco and wintun drivers. If an option specified which requires DHCP server and tap-windows6 driver is not used, print a clear error message instead of obscure reference to --ip-win32. Signed-off-by: Lev Stipakov --- src/openvpn/options.c | 39 +++++++++++++++++++++++---------------- src/openvpn/tun.h | 13 ++++++++++++- 2 files changed, 35 insertions(+), 17 deletions(-) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 6ae3faf8..9c05217c 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -1290,7 +1290,7 @@ show_tuntap_options(const struct tuntap_options *o) SHOW_INT(dhcp_masq_offset); SHOW_INT(dhcp_lease_time); SHOW_INT(tap_sleep); - SHOW_BOOL(dhcp_options); + SHOW_INT(dhcp_options); SHOW_BOOL(dhcp_renew); SHOW_BOOL(dhcp_pre_release); SHOW_STR(domain); @@ -2478,12 +2478,20 @@ options_postprocess_verify_ce(const struct options *options, msg(M_USAGE, "On Windows, --ip-win32 doesn't make sense unless --ifconfig is also used"); } - if (options->tuntap_options.dhcp_options - && options->windows_driver != WINDOWS_DRIVER_WINTUN - && options->tuntap_options.ip_win32_type != IPW32_SET_DHCP_MASQ - && options->tuntap_options.ip_win32_type != IPW32_SET_ADAPTIVE) + if (options->tuntap_options.dhcp_options & DHCP_OPTIONS_DHCP_REQUIRED) { - msg(M_USAGE, "--dhcp-option requires --ip-win32 dynamic or adaptive"); + const char *prefix = "Some dhcp-options require DHCP server"; + if (options->windows_driver != WINDOWS_DRIVER_TAP_WINDOWS6) + { + msg(M_USAGE, "%s, which is not supported by selected %s driver", + prefix, print_windows_driver(options->windows_driver)); + } + else if (options->tuntap_options.ip_win32_type != IPW32_SET_DHCP_MASQ + && options->tuntap_options.ip_win32_type != IPW32_SET_ADAPTIVE) + { + msg(M_USAGE, "%s, which requires --ip-win32 dynamic or adaptive", + prefix); + } } if (options->windows_driver == WINDOWS_DRIVER_WINTUN && dev != DEV_TYPE_TUN) @@ -8083,16 +8091,17 @@ add_option(struct options *options, { struct tuntap_options *o = &options->tuntap_options; VERIFY_PERMISSION(OPT_P_DHCPDNS); - bool ipv6dns = false; if ((streq(p[1], "DOMAIN") || streq(p[1], "ADAPTER_DOMAIN_SUFFIX")) && p[2] && !p[3]) { o->domain = p[2]; + o->dhcp_options |= DHCP_OPTIONS_DHCP_OPTIONAL; } else if (streq(p[1], "NBS") && p[2] && !p[3]) { o->netbios_scope = p[2]; + o->dhcp_options |= DHCP_OPTIONS_DHCP_REQUIRED; } else if (streq(p[1], "NBT") && p[2] && !p[3]) { @@ -8104,31 +8113,35 @@ add_option(struct options *options, goto err; } o->netbios_node_type = t; + o->dhcp_options |= DHCP_OPTIONS_DHCP_REQUIRED; } else if ((streq(p[1], "DNS") || streq(p[1], "DNS6")) && p[2] && !p[3] && (!strstr(p[2], ":") || ipv6_addr_safe(p[2]))) { if (strstr(p[2], ":")) { - ipv6dns = true; dhcp_option_dns6_parse(p[2], o->dns6, &o->dns6_len, msglevel); } else { dhcp_option_address_parse("DNS", p[2], o->dns, &o->dns_len, msglevel); + o->dhcp_options |= DHCP_OPTIONS_DHCP_OPTIONAL; } } else if (streq(p[1], "WINS") && p[2] && !p[3]) { dhcp_option_address_parse("WINS", p[2], o->wins, &o->wins_len, msglevel); + o->dhcp_options |= DHCP_OPTIONS_DHCP_OPTIONAL; } else if (streq(p[1], "NTP") && p[2] && !p[3]) { dhcp_option_address_parse("NTP", p[2], o->ntp, &o->ntp_len, msglevel); + o->dhcp_options |= DHCP_OPTIONS_DHCP_REQUIRED; } else if (streq(p[1], "NBDD") && p[2] && !p[3]) { dhcp_option_address_parse("NBDD", p[2], o->nbdd, &o->nbdd_len, msglevel); + o->dhcp_options |= DHCP_OPTIONS_DHCP_REQUIRED; } else if (streq(p[1], "DOMAIN-SEARCH") && p[2] && !p[3]) { @@ -8141,10 +8154,12 @@ add_option(struct options *options, msg(msglevel, "--dhcp-option %s: maximum of %d search entries can be specified", p[1], N_SEARCH_LIST_LEN); } + o->dhcp_options |= DHCP_OPTIONS_DHCP_REQUIRED; } else if (streq(p[1], "DISABLE-NBT") && !p[2]) { o->disable_nbt = 1; + o->dhcp_options |= DHCP_OPTIONS_DHCP_REQUIRED; } #if defined(TARGET_ANDROID) else if (streq(p[1], "PROXY_HTTP") && p[3] && !p[4]) @@ -8158,14 +8173,6 @@ add_option(struct options *options, msg(msglevel, "--dhcp-option: unknown option type '%s' or missing or unknown parameter", p[1]); goto err; } - - /* flag that we have options to give to the TAP driver's DHCPv4 server - * - skipped for "DNS6", as that's not a DHCPv4 option - */ - if (!ipv6dns) - { - o->dhcp_options = true; - } } #endif /* if defined(_WIN32) || defined(TARGET_ANDROID) */ #ifdef _WIN32 diff --git a/src/openvpn/tun.h b/src/openvpn/tun.h index 3b0a0d24..66604c19 100644 --- a/src/openvpn/tun.h +++ b/src/openvpn/tun.h @@ -62,6 +62,17 @@ enum windows_driver_type { #define IPW32_SET_ADAPTIVE_DELAY_WINDOW 300 #define IPW32_SET_ADAPTIVE_TRY_NETSH 20 +/* this is a bitmask */ +enum dhcp_options_type { + DHCP_OPTIONS_NONE = 0, + + /* option doesn't require DHCP server */ + DHCP_OPTIONS_DHCP_OPTIONAL = 1, + + /* option requires DHCP server */ + DHCP_OPTIONS_DHCP_REQUIRED = 2 +}; + struct tuntap_options { /* --ip-win32 options */ bool ip_win32_defined; @@ -90,7 +101,7 @@ struct tuntap_options { /* --dhcp-option options */ - bool dhcp_options; + enum dhcp_options_type dhcp_options; const char *domain; /* DOMAIN (15) */