diff mbox series

[Openvpn-devel,v1] add and send IV_PROTO_DNS_OPTION_V2 flag

Message ID 20240725112248.21075-1-gert@greenie.muc.de
State Accepted
Headers show
Series [Openvpn-devel,v1] add and send IV_PROTO_DNS_OPTION_V2 flag | expand

Commit Message

Gert Doering July 25, 2024, 11:22 a.m. UTC 
From: Heiko Hund <heiko@ist.eigentlich.net>

Incompatible changes to the --dns server address and --dns server
exclude-domains options were introduced after the code for handling them
was released. Add and send a new IV_PROTO flag, so servers which act on
the flags set can differentiate between clients which have implemented
--dns and those which just support the new option. This enables them to
decide which variant of options to send to the client.

Change-Id: I975057c20c1457ef88111f8d142ca3fd2039d5ff
Signed-off-by: Heiko Hund <heiko@ist.eigentlich.net>
Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/680
This mail reflects revision 1 of this Change.

Acked-by according to Gerrit (reflected above):
Arne Schwabe <arne-openvpn@rfc2549.org>

Comments

Gert Doering July 25, 2024, 11:37 a.m. UTC | #1 
I have not tested this beyond "does it compile".

My understanding is that this is to align openvpn 2.x and 3.x in
regards to "if this bit is set, the client understands the new
variants in `--dns`" and since the "new code" is only in master,
so is this patch.

Your patch has been applied to the master branch.

commit 8991f0d5c6c06d1e42919d1d6a0813ca1c46f8a1 (master)
Author: Heiko Hund
Date:   Thu Jul 25 13:22:48 2024 +0200

     add and send IV_PROTO_DNS_OPTION_V2 flag

     Signed-off-by: Heiko Hund <heiko@ist.eigentlich.net>
     Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>
     Message-Id: <20240725112248.21075-1-gert@greenie.muc.de>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28970.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering
diff mbox series

Patch

diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index e0e9591..14c38cf 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -1900,8 +1900,8 @@ 
         /* support for P_DATA_V2 */
         int iv_proto = IV_PROTO_DATA_V2;
 
-        /* support for the --dns option */
-        iv_proto |= IV_PROTO_DNS_OPTION;
+        /* support for the latest --dns option */
+        iv_proto |= IV_PROTO_DNS_OPTION_V2;
 
         /* support for exit notify via control channel */
         iv_proto |= IV_PROTO_CC_EXIT_NOTIFY;
diff --git a/src/openvpn/ssl.h b/src/openvpn/ssl.h
index 1a45048..6c2bfc3 100644
--- a/src/openvpn/ssl.h
+++ b/src/openvpn/ssl.h
@@ -94,7 +94,7 @@ 
  * result. */
 #define IV_PROTO_NCP_P2P         (1<<5)
 
-/** Supports the --dns option introduced in version 2.6 */
+/** Supports the --dns option introduced in version 2.6. Not sent anymore. */
 #define IV_PROTO_DNS_OPTION      (1<<6)
 
 /** Support for explicit exit notify via control channel
@@ -107,6 +107,9 @@ 
 /** Support to dynamic tls-crypt (renegotiation with TLS-EKM derived tls-crypt key) */
 #define IV_PROTO_DYN_TLS_CRYPT   (1<<9)
 
+/** Supports the --dns option after all the incompatible changes */
+#define IV_PROTO_DNS_OPTION_V2   (1<<11)
+
 /* Default field in X509 to be username */
 #define X509_USERNAME_FIELD_DEFAULT "CN"