From patchwork Sun Mar 9 16:55:00 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4174 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:41ba:b0:60a:d70a:d3c7 with SMTP id a26csp615849mad; Sun, 9 Mar 2025 09:55:27 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXkaU7EzPnSk/1Z1KPG6BiMKqQIOv8oNDQmS75NP2HStGoqgskH5FcR8Yfr1NSmRCxPVIJ/O00Td4w=@openvpn.net X-Google-Smtp-Source: AGHT+IHBJclRn3oGag9R6ZDsZRzA4vi2fA76HNSPN7agEcdjnb5Dkb3QETIUeBI8FnmRjGvw1Q+z X-Received: by 2002:a05:6808:2f0e:b0:3f4:103c:4da8 with SMTP id 5614622812f47-3f697be9559mr6045189b6e.37.1741539327648; Sun, 09 Mar 2025 09:55:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1741539327; cv=none; d=google.com; s=arc-20240605; b=DDnuRs08wTpWRU6DvepQzi7W9B5m2WZJ0Mguslr8fixFEViO5HusHNltPnvp8iGCOp EGgxJw7XF4u7dr8/bvADsRn/59W+ZkURq/sGsk0H8MC8nMJdgEBs0Ah50nFxq8TRcVZQ Kw7NciYyg3Kjt4F1cSkZJE0EaKrySm4BVogpnw1eXKhLARWUstAKmZ/gSXO+QDX5Q8qK 3wnFts9IeWSKjAchKu+DZ5LjsHGijHqwpVP9Ce2vqhLfQXb290n0yl6datXMC9o8dOZ2 N3fBcSs3D2X5u0VzW8OWqsZcgXC11mv+3ghQ3FGycOmDBVsVkOE1SDLxrPE2ulP0G+J9 IYbg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=hNdzWrC52Y6WSH8jO4t1rSc/JVJknR1XvMm8Ot0og/A=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=AU7LbaRs9Gaqs/3Bz/CcjRsTT/k7Dqls1WixnLW/C7FWQjftKmwe+vq1mLCK++x428 4bTlRRB70ZeUGCIlZUISrOLG9NyyjVXE20DyOk7WRVvOjbiNt2b49UoZH1XtcZ4EzPBN tTg0WvlkTnVEGRMWk99E9FhxG2pEC4BYj1PVvtzUoRpQapmx3lBMODQqPZW0xNEvSQDu pHN3HvvkZOsjSOTUEPksTszDDCS8/4c03tVdDWyl4cliKVPvw8lgXeZi6JP5LQKVQBoP NX0ogxRnF39tTrPyjI666dQuUDxdMWWzmYiXrB1YUTLzkwOUb7pUX4vygjKjd6LL7hjM 13Uw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=OSAsGz+9; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=afl+eew7; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 5614622812f47-3f8acf346f8si373967b6e.183.2025.03.09.09.55.27 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 09 Mar 2025 09:55:27 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=OSAsGz+9; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=afl+eew7; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1trJvv-00016c-M1; Sun, 09 Mar 2025 16:55:24 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1trJvt-00016M-Vn for openvpn-devel@lists.sourceforge.net; Sun, 09 Mar 2025 16:55:22 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=4PnbGtEI5EjctL46GtRTJI2HBzHKVJ1XWt+QkpFIVr4=; b=OSAsGz+9/c4yevXvz9Sj+gwdq1 46c7zWTDLZoVdxFN7oMc6K5fnjZoYsvYiqaL2xQKZT1ZQG3L+RFniusJZ+Y6j/dbCSwCzOucKLr1w xF35sDCel9J4bRRGgN9JSkBURKDMK1DbNX+v6CSlO3YGxAaraw301E+w0Fuq/LjJJF60=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=4PnbGtEI5EjctL46GtRTJI2HBzHKVJ1XWt+QkpFIVr4=; b=afl+eew7uFPLL0f4yUse7yJB08 fuieDGE8LDPaDVMSprA6tYAZpqWggkT7BNPSW2rL7lvzFgbt36V9RJxVt+iqhcLDiwuqSNwM8IekA g0Bxlq9f08Kiu21ZQfo0ED6hFkHdYCIDn8kEqexYpvvdF/UdlvOUBvr8d1z4v0bJ/LmM=; Received: from dhcp-174.greenie.muc.de ([193.149.48.174] helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1trJvf-00049K-Ci for openvpn-devel@lists.sourceforge.net; Sun, 09 Mar 2025 16:55:13 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 529Gt0oS021808 for ; Sun, 9 Mar 2025 17:55:00 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 529Gt06L021806 for openvpn-devel@lists.sourceforge.net; Sun, 9 Mar 2025 17:55:00 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Sun, 9 Mar 2025 17:55:00 +0100 Message-ID: <20250309165500.21796-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.45.2 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 0.0 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Frank Lichtenheld This has been #if 0 for over a decade. Let's just remove this. Change-Id: If570253e57371e4126b0e8aa4c349e2051cb8b00 Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering --- Content analysis details: (0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [193.149.48.174 listed in bl.score.senderscore.com] 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [193.149.48.174 listed in sa-trusted.bondedsender.org] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1trJvf-00049K-Ci Subject: [Openvpn-devel] [PATCH v4] Remove unused function check_subnet_conflict X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1826136342172730324?= X-GMAIL-MSGID: =?utf-8?q?1826136342172730324?= From: Frank Lichtenheld This has been #if 0 for over a decade. Let's just remove this. Change-Id: If570253e57371e4126b0e8aa4c349e2051cb8b00 Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/863 This mail reflects revision 4 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/src/openvpn/route.c b/src/openvpn/route.c index 245b15b..dbdc01d 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -1218,7 +1218,6 @@ for (r = rl->routes; r; r = r->next) { - check_subnet_conflict(r->network, r->netmask, "route"); if (flags & ROUTE_DELETE_FIRST) { delete_route(r, tt, flags, &rl->rgi, es, ctx); diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index 4817f45..de54e89 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -626,44 +626,6 @@ gc_free(&gc); } -/* - * Issue a warning if ip/netmask (on the virtual IP network) conflicts with - * the settings on the local LAN. This is designed to flag issues where - * (for example) the OpenVPN server LAN is running on 192.168.1.x, but then - * an OpenVPN client tries to connect from a public location that is also running - * off of a router set to 192.168.1.x. - */ -void -check_subnet_conflict(const in_addr_t ip, - const in_addr_t netmask, - const char *prefix) -{ -#if 0 /* too many false positives */ - struct gc_arena gc = gc_new(); - in_addr_t lan_gw = 0; - in_addr_t lan_netmask = 0; - - if (get_default_gateway(&lan_gw, &lan_netmask) && lan_netmask) - { - const in_addr_t lan_network = lan_gw & lan_netmask; - const in_addr_t network = ip & netmask; - - /* do the two subnets defined by network/netmask and lan_network/lan_netmask intersect? */ - if ((network & lan_netmask) == lan_network - || (lan_network & netmask) == network) - { - msg(M_WARN, "WARNING: potential %s subnet conflict between local LAN [%s/%s] and remote VPN [%s/%s]", - prefix, - print_in_addr_t(lan_network, 0, &gc), - print_in_addr_t(lan_netmask, 0, &gc), - print_in_addr_t(network, 0, &gc), - print_in_addr_t(netmask, 0, &gc)); - } - } - gc_free(&gc); -#endif /* if 0 */ -} - void warn_on_use_of_common_subnets(openvpn_net_ctx_t *ctx) { @@ -922,15 +884,6 @@ tt->remote_netmask); } } - - if (!tun_p2p) - { - check_subnet_conflict(tt->local, tt->remote_netmask, "TUN/TAP adapter"); - } - else - { - check_subnet_conflict(tt->local, IPV4_NETMASK_HOST, "TUN/TAP adapter"); - } } #ifdef _WIN32 diff --git a/src/openvpn/tun.h b/src/openvpn/tun.h index ccba0bc..b616f5d 100644 --- a/src/openvpn/tun.h +++ b/src/openvpn/tun.h @@ -355,10 +355,6 @@ bool is_tun_p2p(const struct tuntap *tt); -void check_subnet_conflict(const in_addr_t ip, - const in_addr_t netmask, - const char *prefix); - void warn_on_use_of_common_subnets(openvpn_net_ctx_t *ctx); /**