From patchwork Thu Feb 9 14:22:48 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 3064 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp480716dyk; Thu, 9 Feb 2023 06:23:29 -0800 (PST) X-Google-Smtp-Source: AK7set/7YKIh8Bqjio28O1xEYuIHctOUK8OtoK7EvDb2x8xOkmZVoRZa44O7FMoOkbOAkgCVCvgx X-Received: by 2002:a05:6a20:8b1a:b0:bc:5f20:1409 with SMTP id l26-20020a056a208b1a00b000bc5f201409mr10160114pzh.17.1675952609510; Thu, 09 Feb 2023 06:23:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1675952609; cv=none; d=google.com; s=arc-20160816; b=pEUgMZ480qhIz6n5heDXHGjRqECFTwkkKzx2gQWGSRH98tdT1/rePrxSGsiBv/tyPr Ceb5TzB57T6615g2qg0xPRVyTXIwoxIZ2ex6Rb4dth32LsPYFQ2WJxQhUW3fUogEeETn 6/o+CTOjz2Jy7P2ti1t1pSqosN3ptK/4NCseiAqys61GzFR6/adV5lB2rA3najB6qRsY qdq/6o3eFLAIjtSBACb3AsrznMP2gs1CekXjMIL3GU9eCDTbl5tDPJ0ikYKdtkLCHAW6 S2aH20syAI4hO9M6iD7xIsQFYSYZQzUwvqTkM4nUIOnqg0ROvGbj+agOFOlWhfHTBY+g /fRA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=nHI1mhW8mLu5wCbIaME+hdbeS4uwUMrYA/66tlO4QFs=; b=u1XcbS3VGzuekrM1tYIrz4/Pf9o5CfAVGWvLF3MjJOaMNdIje/EbtjJDIzd1jKkYwO HHbPCEvaVkM/FUi81wTgakNOSHLmx95je32LoZh6z1fVNl9LotPmx6jNPaEhBmcMBRI4 QdzIka9P60HoUidAwP8MjSdt4EGGu4VIo9RIuWDw4pmpVJe2apI6Gpya2mA8gZw3tb7k 4MQQfQRJBd6RJQqIf5PNO/ybDcHSEQn2cL4q5aJqLAgpu+ohwwVq2RcB3PN8sm9uCrOn B4ZkLs0lWRe8b4d3gkVmx3wEzQH5dIZgD2AVs8VPZkKguq9Wl/g3812fSkwU35WpHqEj pxuA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=aOgZguJc; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=GxeE5v8Z; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id k71-20020a63844a000000b004fb39804902si2028689pgd.399.2023.02.09.06.23.29 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 09 Feb 2023 06:23:29 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=aOgZguJc; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=GxeE5v8Z; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pQ7pI-0007So-Jc; Thu, 09 Feb 2023 14:23:03 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pQ7pH-0007Si-4X for openvpn-devel@lists.sourceforge.net; Thu, 09 Feb 2023 14:23:02 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=+wY1T9r3O9w2b/fM8OFKJfDHhrK2yF32XhI8j1z//8E=; b=aOgZguJcn82kJO7sZWmc7Gk3VZ jBO7kyc0RmDY4bXQhvO70TdOgJxbhF+l5fFnshs0bUM1TdfU4ph8N17o6WBRa34YbStqRHjBn0+G5 HcYlthecrlneAU4ZyJU0XwBjwmSgqo2NIx/zXGLwPOZ/D3qSyT4MbrDC9iNlJi9nce3I=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=+wY1T9r3O9w2b/fM8OFKJfDHhrK2yF32XhI8j1z//8E=; b=GxeE5v8ZxTsMN9utZA9dgaB19x V0iISjOfkrZXPWkoxyzLrPtnYMOqcygbuqf98XQ5NsGNetJzerZZ10xI5wbwIkDQbDZcSpqk+0rwQ A5C1LsobbTnedwWvvm4fEesM8cf9U6bTm+ed4jvBjufIRr7MP6VlBrgWPk2DzIUL2uh8=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1pQ7pC-0002UC-5Y for openvpn-devel@lists.sourceforge.net; Thu, 09 Feb 2023 14:23:02 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1pQ7p2-000OMc-EZ for openvpn-devel@lists.sourceforge.net; Thu, 09 Feb 2023 15:22:48 +0100 Received: (nullmailer pid 455169 invoked by uid 10006); Thu, 09 Feb 2023 14:22:48 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Thu, 9 Feb 2023 15:22:48 +0100 Message-Id: <20230209142248.455120-2-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230209142248.455120-1-arne@rfc2549.org> References: <20230209142248.455120-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Score: 0.3 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This helps debugging what information a client is sending without having to use a debugger or to look at the server log. Signed-off-by: Arne Schwabe --- src/openvpn/ssl.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1pQ7pC-0002UC-5Y Subject: [Openvpn-devel] [PATCH 2/2] Add debug output for sent IV variables in client mode with verb 7 X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1757363683706485604?= X-GMAIL-MSGID: =?utf-8?q?1757363683706485604?= This helps debugging what information a client is sending without having to use a debugger or to look at the server log. Signed-off-by: Arne Schwabe --- src/openvpn/ssl.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 016bdc57f..1138dc4e7 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -1970,6 +1970,20 @@ read_string_alloc(struct buffer *buf) return str; } +static void +print_client_peer_info(struct buffer *out, struct gc_arena *gc) +{ + struct buffer buf = alloc_buf_gc(buf_len(out), gc); + buf_copy(&buf, out); + + char line[256]; + + while (buf_parse(&buf, '\n', line, sizeof(line))) + { + chomp(line); + msg(D_PUSH_DEBUG, "sending peer info: %s", line); + } +} /** * Prepares the IV_ and UV_ variables that are part of the * exchange to signal the peer's capabilities. The amount @@ -2119,6 +2133,11 @@ push_peer_info(struct buffer *buf, struct tls_session *session) } } + if (check_debug_level(D_PUSH_DEBUG)) + { + print_client_peer_info(&out, &gc); + } + if (!write_string(buf, BSTR(&out), -1)) { goto error;