From patchwork Tue Feb 7 09:42:47 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lev Stipakov X-Patchwork-Id: 3054 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp3816633dyk; Tue, 7 Feb 2023 01:44:09 -0800 (PST) X-Google-Smtp-Source: AK7set+EEsP2IE9tteuDdAkkvHEuMj5yugRnDX2eR2SrQ5bcJA0AKYlRXc8DCSxu1n4lKKOjE+Nv X-Received: by 2002:a17:90a:312:b0:22c:5cc0:eecc with SMTP id 18-20020a17090a031200b0022c5cc0eeccmr3192814pje.29.1675763049463; Tue, 07 Feb 2023 01:44:09 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1675763049; cv=none; d=google.com; s=arc-20160816; b=NlyqD00WGSe9UQrz2pm57fDSWLe0AIxGOdEduDxFW7lmo85FaG96AiTGUtOHkEpqKd Msccs7CQU371Xs5Fxl315KkrcPsYTXJljIpSW+nUfcJgtXRDnTicrYDNeke0x98uYOmG J/K7QZY2xxlC9TZHKk7eFrBoku3DtnrZHIT+wF6P0STBAJmlpSXvOkiT9lDe1gcUYdMT M3fBYEfDy1Do2zg1KJLEBH3HgRjTcDpZiraitab5v9x2wa1xteMFDrGn75z5DFgPTj4L zdyFsN3DxbRzi6PQHScCHVQXVxZOlyj+Luqsvgf4/3cMxl9mMBpGvgxCzvkmY/TbYArf Pbsg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=+9YSBVGtRW5C1FEYFbs0I+P2rEDtl+QltclgnLubw5A=; b=RDfORnPHQ7//KU4tXUWzxEUXM0tY2IO5W8k17xUxu2mMPMlFIv9B804QnN1ji7mjqo 8q4fnib9aXBOmNX+BIJ8Pt0Wtyf+Zdevp3xKHyJrXGR9lE9fnGumBhFMjFayylow3HKy w1OqlTlDNr3i4YZLH69lSK33t8aG4bSej76/sEeEPFM/usminh9exssRoauEf3xA/uxB 43RYmtpL0zui8JlFmuX6R6K4t4Ftabrwy13w7E4SyLujJJAxE3VvDyNG8QsrZ+mu6hjw /vsrSGEltKgdCbhcvEvW+0oWLJt3b5rarA9KMBoo5R18BNuVss0Ica/KlxsN/kwQIgAo axqg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=gIfTWcyN; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=Yl3do+b5; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=XM3N08di; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id lr1-20020a17090b4b8100b0022c2e765b69si11263490pjb.92.2023.02.07.01.44.09 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 07 Feb 2023 01:44:09 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=gIfTWcyN; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=Yl3do+b5; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=XM3N08di; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pPKVW-0006X7-54; Tue, 07 Feb 2023 09:43:21 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pPKVR-0006Wx-HG for openvpn-devel@lists.sourceforge.net; Tue, 07 Feb 2023 09:43:16 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Lp9LabMBps4VfuDcPcmBnfFTNjAqOTha9ydJDOgmHvg=; b=gIfTWcyNVdUyNr54p91XZqVIwe XAQK6F0ehzDWHJmwJ3n9XSzJq8yX4tuZta6NGIRp4FiVn9fw6jY92AtK5LhTi4AvHFqs6Yt0FcIvY rVIdyP5ErXyTCpWJVXLMddZIOhbcN9jXQe1eSzmzYRamKHSMAd+PdlSrgobotghPmQkM=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Lp9LabMBps4VfuDcPcmBnfFTNjAqOTha9ydJDOgmHvg=; b=Yl3do+b5aI1e6/wrkjEup3uT86 v5XIVn42P34EF+JPrt7bGqcuh99V5IgBdVjN85q4/wvqopIA2N1gPB706IsR/2gwiJ5mUr9mRMnMU 0wLBsVogGvFTyPA9DpG8zzgOgrqNhO31C6WR4cJWbFy1s5geeztM6B7X5/y8yi7oNkcE=; Received: from mail-io1-f54.google.com ([209.85.166.54]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1pPKVP-00DTYe-Qd for openvpn-devel@lists.sourceforge.net; Tue, 07 Feb 2023 09:43:16 +0000 Received: by mail-io1-f54.google.com with SMTP id y2so5449254iot.4 for ; Tue, 07 Feb 2023 01:43:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Lp9LabMBps4VfuDcPcmBnfFTNjAqOTha9ydJDOgmHvg=; b=XM3N08divpfZeqmO8EhhnGM7ilpgRgiSqRW7y6vOiqe1T7Xy8X5wlZ4xPpmJVJeM07 HU0oqxx4hVomRYt1D8rSTO2IhYj+PZXYVmsH/9XorCkT/1bPmzgRBb/hpyxyoVx7eAAx o4UKh+8u9sg9wQDerp8HU2/mwUNhfD+dsGMGb51pdVJTZifC1S5PLHObCmGH3Ydtiyyi /9gBqQ0lED/Y72lWDYXO43frkkR9CwfVvRBGeTxxw8/0aq+5vQHeHMhOxXwNcmC9qIPT vfIOeAdPvmzs9pzBzR0EUUMWBnUsIrMR99+xBdkl/hC/rcOzkLH1tF8TQkWwF2dUmkja kfLA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Lp9LabMBps4VfuDcPcmBnfFTNjAqOTha9ydJDOgmHvg=; b=tAs5/cqejBr5jkg8ngTfXlcAGqYMYDQCEzThlIdaIKSxMNNYyjU9KfnjSJQsDNJul6 SaEtop2/C/zNrlDhxI/Ia/id8sHrFfYZ18AsS+jVazNkRuoOqO8pkF4bFo1yjADnWvzA gPyMV//J8dn6zwBj68Z3Sr1RLZt+vRddpRzcLKbhvAtE4VeRPdMI17JK9I2ExqYxyBt8 y5fsUZcxwEJiEQr7iZ34AUKYhH+D5olmNSIri7TeMN4vb8SyaSWjWk8O0QNqt+bik+58 FV9lWi0lRetOnpQ91vP5euWb4CPYrZkkGPzUJJgfIXJAdINqdGc7G4eT1tNKf/JSG6lT 3SIw== X-Gm-Message-State: AO0yUKUtTq7mnk7WqXA1sV+fzetNWA7/wYEYJLZQUp6lpOqqbE2xBCt4 tXWmdYKCthHezLud0bdqc52UBxZ4lTE= X-Received: by 2002:a6b:ed0f:0:b0:707:ad8d:c0ab with SMTP id n15-20020a6bed0f000000b00707ad8dc0abmr2139875iog.10.1675762989918; Tue, 07 Feb 2023 01:43:09 -0800 (PST) Received: from localhost.localdomain (nat4.panoulu.net. [185.38.2.4]) by smtp.gmail.com with ESMTPSA id r6-20020a056602234600b0071ce71f8a09sm3828176iot.44.2023.02.07.01.43.08 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 07 Feb 2023 01:43:09 -0800 (PST) From: Lev Stipakov To: openvpn-devel@lists.sourceforge.net Date: Tue, 7 Feb 2023 11:42:47 +0200 Message-Id: <20230207094247.241-1-lstipakov@gmail.com> X-Mailer: git-send-email 2.23.0.windows.1 In-Reply-To: <20230207085339.1492-1-lstipakov@gmail.com> References: <20230207085339.1492-1-lstipakov@gmail.com> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Lev Stipakov Followin DHCP options: DOMAIN, ADAPTER_DOMAIN_SUFFIX, DNS, WINS Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.166.54 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.166.54 listed in wl.mailspike.net] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [lstipakov[at]gmail.com] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1pPKVP-00DTYe-Qd Subject: [Openvpn-devel] [PATCH v2 release/2.6] Allow certain DHCP options to be used without DHCP server X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Lev Stipakov Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1757161817261485985?= X-GMAIL-MSGID: =?utf-8?q?1757164915004271149?= From: Lev Stipakov Followin DHCP options: DOMAIN, ADAPTER_DOMAIN_SUFFIX, DNS, WINS don't require DHCP server in order to be used. This change allows those options to be used with dco and wintun drivers. If an option specified which requires DHCP server and tap-windows6 driver is not used, print a clear error message instead of obscure reference to --ip-win32. This fixes https://github.com/OpenVPN/openvpn/issues/239 Reported-by: Marek Zarychta Signed-off-by: Lev Stipakov --- v2: replace enum with defines, which are more suitable as bit flags src/openvpn/options.c | 39 +++++++++++++++++++++++---------------- src/openvpn/tun.h | 6 +++++- 2 files changed, 28 insertions(+), 17 deletions(-) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 6ae3faf8..9c05217c 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -1290,7 +1290,7 @@ show_tuntap_options(const struct tuntap_options *o) SHOW_INT(dhcp_masq_offset); SHOW_INT(dhcp_lease_time); SHOW_INT(tap_sleep); - SHOW_BOOL(dhcp_options); + SHOW_INT(dhcp_options); SHOW_BOOL(dhcp_renew); SHOW_BOOL(dhcp_pre_release); SHOW_STR(domain); @@ -2478,12 +2478,20 @@ options_postprocess_verify_ce(const struct options *options, msg(M_USAGE, "On Windows, --ip-win32 doesn't make sense unless --ifconfig is also used"); } - if (options->tuntap_options.dhcp_options - && options->windows_driver != WINDOWS_DRIVER_WINTUN - && options->tuntap_options.ip_win32_type != IPW32_SET_DHCP_MASQ - && options->tuntap_options.ip_win32_type != IPW32_SET_ADAPTIVE) + if (options->tuntap_options.dhcp_options & DHCP_OPTIONS_DHCP_REQUIRED) { - msg(M_USAGE, "--dhcp-option requires --ip-win32 dynamic or adaptive"); + const char *prefix = "Some dhcp-options require DHCP server"; + if (options->windows_driver != WINDOWS_DRIVER_TAP_WINDOWS6) + { + msg(M_USAGE, "%s, which is not supported by selected %s driver", + prefix, print_windows_driver(options->windows_driver)); + } + else if (options->tuntap_options.ip_win32_type != IPW32_SET_DHCP_MASQ + && options->tuntap_options.ip_win32_type != IPW32_SET_ADAPTIVE) + { + msg(M_USAGE, "%s, which requires --ip-win32 dynamic or adaptive", + prefix); + } } if (options->windows_driver == WINDOWS_DRIVER_WINTUN && dev != DEV_TYPE_TUN) @@ -8083,16 +8091,17 @@ add_option(struct options *options, { struct tuntap_options *o = &options->tuntap_options; VERIFY_PERMISSION(OPT_P_DHCPDNS); - bool ipv6dns = false; if ((streq(p[1], "DOMAIN") || streq(p[1], "ADAPTER_DOMAIN_SUFFIX")) && p[2] && !p[3]) { o->domain = p[2]; + o->dhcp_options |= DHCP_OPTIONS_DHCP_OPTIONAL; } else if (streq(p[1], "NBS") && p[2] && !p[3]) { o->netbios_scope = p[2]; + o->dhcp_options |= DHCP_OPTIONS_DHCP_REQUIRED; } else if (streq(p[1], "NBT") && p[2] && !p[3]) { @@ -8104,31 +8113,35 @@ add_option(struct options *options, goto err; } o->netbios_node_type = t; + o->dhcp_options |= DHCP_OPTIONS_DHCP_REQUIRED; } else if ((streq(p[1], "DNS") || streq(p[1], "DNS6")) && p[2] && !p[3] && (!strstr(p[2], ":") || ipv6_addr_safe(p[2]))) { if (strstr(p[2], ":")) { - ipv6dns = true; dhcp_option_dns6_parse(p[2], o->dns6, &o->dns6_len, msglevel); } else { dhcp_option_address_parse("DNS", p[2], o->dns, &o->dns_len, msglevel); + o->dhcp_options |= DHCP_OPTIONS_DHCP_OPTIONAL; } } else if (streq(p[1], "WINS") && p[2] && !p[3]) { dhcp_option_address_parse("WINS", p[2], o->wins, &o->wins_len, msglevel); + o->dhcp_options |= DHCP_OPTIONS_DHCP_OPTIONAL; } else if (streq(p[1], "NTP") && p[2] && !p[3]) { dhcp_option_address_parse("NTP", p[2], o->ntp, &o->ntp_len, msglevel); + o->dhcp_options |= DHCP_OPTIONS_DHCP_REQUIRED; } else if (streq(p[1], "NBDD") && p[2] && !p[3]) { dhcp_option_address_parse("NBDD", p[2], o->nbdd, &o->nbdd_len, msglevel); + o->dhcp_options |= DHCP_OPTIONS_DHCP_REQUIRED; } else if (streq(p[1], "DOMAIN-SEARCH") && p[2] && !p[3]) { @@ -8141,10 +8154,12 @@ add_option(struct options *options, msg(msglevel, "--dhcp-option %s: maximum of %d search entries can be specified", p[1], N_SEARCH_LIST_LEN); } + o->dhcp_options |= DHCP_OPTIONS_DHCP_REQUIRED; } else if (streq(p[1], "DISABLE-NBT") && !p[2]) { o->disable_nbt = 1; + o->dhcp_options |= DHCP_OPTIONS_DHCP_REQUIRED; } #if defined(TARGET_ANDROID) else if (streq(p[1], "PROXY_HTTP") && p[3] && !p[4]) @@ -8158,14 +8173,6 @@ add_option(struct options *options, msg(msglevel, "--dhcp-option: unknown option type '%s' or missing or unknown parameter", p[1]); goto err; } - - /* flag that we have options to give to the TAP driver's DHCPv4 server - * - skipped for "DNS6", as that's not a DHCPv4 option - */ - if (!ipv6dns) - { - o->dhcp_options = true; - } } #endif /* if defined(_WIN32) || defined(TARGET_ANDROID) */ #ifdef _WIN32 diff --git a/src/openvpn/tun.h b/src/openvpn/tun.h index 3b0a0d24..e19e1a2e 100644 --- a/src/openvpn/tun.h +++ b/src/openvpn/tun.h @@ -62,6 +62,10 @@ enum windows_driver_type { #define IPW32_SET_ADAPTIVE_DELAY_WINDOW 300 #define IPW32_SET_ADAPTIVE_TRY_NETSH 20 +/* bit flags for DHCP options */ +#define DHCP_OPTIONS_DHCP_OPTIONAL (1<<0) +#define DHCP_OPTIONS_DHCP_REQUIRED (1<<1) + struct tuntap_options { /* --ip-win32 options */ bool ip_win32_defined; @@ -90,7 +94,7 @@ struct tuntap_options { /* --dhcp-option options */ - bool dhcp_options; + int dhcp_options; const char *domain; /* DOMAIN (15) */