From patchwork Thu Jul 31 12:24:05 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4343 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:b86:b0:671:5a2c:6455 with SMTP id mw6csp1561740mab; Thu, 31 Jul 2025 05:24:29 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCV0RgwFjr5WYLVxAyGzE4+gEf51107gU+z7yz/ja/UZVZqI6oS+ho7zYEGeLZsL+bHZnsN1mXvh4Jc=@openvpn.net X-Google-Smtp-Source: AGHT+IET2RCZfWfuakhq1Yc/XdPP5NLJv5gvEDS4lY0vpKzp/AQjfaajtDiOGttvaIyN7BnA63Dd X-Received: by 2002:a05:6808:50a7:b0:41b:d6f8:871e with SMTP id 5614622812f47-4319ba14e45mr4454553b6e.26.1753964669269; Thu, 31 Jul 2025 05:24:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1753964669; cv=none; d=google.com; s=arc-20240605; b=XS1crDcLmbEDPM/EKiD7cKMmHdzcZ5LuAgCZEG3TWe5Vn0XAhC2nMUwQ2diBzLhl9t kfJW44gouYOyqxPzX0MjQR6noizrlOdt27aPq7o81Af5kfTpeIfTPy+rMt+ZITZ4IfK7 sKdcl1hlTTg8Mms57h2dDrYqYGvPr9KqOTHKAVeLtY5m+0ZDnN2L5jbpUlxkYOtx7WLW gP3tbLGOZKc8bkceOW73cuYMqPbZWGjjZxWHikyXq+yL0yGkTAumyinYwQDQb/PjfsQV OScLTIMd6c8KYl9VUDE+jbpCrXMFCKrXMGKt1n8eEOOE+HY3vkb3I1qYM/wkCix+rzqy ET/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=dty+TSbDadW4DIw6esF3jQeLkntRZwsdSVJj3vIoe7o=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=CnVr0R74NxPo592oeb3slTLU8NaKugPyRfE+/HLyVlBw6ScVtvAc1Zlw5Qpfn+QTrF 2bvMBII3/MX+CxgzYzj0OSUTum5GROMEj3OnVsussp8+E+ER8PrBx/rk36JKZNFuZ98t pp8kH5A1PjXIeZTat1zPlqunv1+fSZ4wJK7d38m63jybtFpOvu4t70Mcv+/aE4P3VufF sAnQqtyhVvBqP7/OTfjXlZhaalxB0kVtlwJVZeZCcNX23kwVnOYtPDuLXQc6C4Q7nSmO aEk82Z4GNIMP2NyhWV2bI9N+vO5FV2kVyPSvSNA6GRppM237yG2uWhc033badsM8v5KW qAjA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=j3niWAUu; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="B/ckRjgr"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=JRrcF7v+; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 5614622812f47-4335908a7a2si284645b6e.311.2025.07.31.05.24.29 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 31 Jul 2025 05:24:29 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=j3niWAUu; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="B/ckRjgr"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=JRrcF7v+; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=dty+TSbDadW4DIw6esF3jQeLkntRZwsdSVJj3vIoe7o=; b=j3niWAUuuZNeaAGMvDUVQW9eQF 8lgYAZbKrGqZQp0PYXcmYviKZDSGBvxAnw6DR5NFHnfmxh0vE7wvM4O8vI0iuBqFK/fSD9OMb7SVe za8krSpBYrOzZydxx2odgAbWLhPO+z4igTWfrHSuy2uE5gA+uVQxihHQTfNMmSCDp3QE=; Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1uhSKf-0002GZ-JU; Thu, 31 Jul 2025 12:24:25 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1uhSKd-0002GQ-TW for openvpn-devel@lists.sourceforge.net; Thu, 31 Jul 2025 12:24:23 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=caU0vZO9e6ak3iWG+v7iYrimGtr9RjHT9OUkXQIuPik=; b=B/ckRjgrfl3yorDH3bjWEXReLq 9JubbL2LUt1kd5zZMlxNHrqk72xCJDXCVv06UacwaS9GQYoMkpIE5SlmpZh824VTSY101kcPqflOP Dj8oUdpsXJxacVc2LF2A0bAxkDvEntJqXf62YVXI94VIPJ+bFTye6A+bPhON9MOVyiNc=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=caU0vZO9e6ak3iWG+v7iYrimGtr9RjHT9OUkXQIuPik=; b=JRrcF7v+CQn2UumdSRVWH4g3Zn RWPFZHukJu4jer1XovRKJH8dWsgKFe9070hHUmPtzazMo9G8cmSTdYobRcKVWbgNkxmQNiTFZRd8D BPCaLdVAhvumNWGG34aFUe4XlVFMvYrNcfRxgAQstakscvJn1w7pjaABQnk52bvBk1r4=; Received: from [193.149.48.143] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1uhSKc-0001KV-Oo for openvpn-devel@lists.sourceforge.net; Thu, 31 Jul 2025 12:24:23 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 56VCOBIN012223 for ; Thu, 31 Jul 2025 14:24:11 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 56VCOBJV012221 for openvpn-devel@lists.sourceforge.net; Thu, 31 Jul 2025 14:24:11 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Thu, 31 Jul 2025 14:24:05 +0200 Message-ID: <20250731122410.12200-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Lev Stipakov Commit 2dfc4f ("dns: deal with --dhcp-options when --dns is active") Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1uhSKc-0001KV-Oo Subject: [Openvpn-devel] [PATCH v3] Fix DNS options duplication on PUSH_UPDATE X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1839165257145161981?= X-GMAIL-MSGID: =?utf-8?q?1839165257145161981?= From: Lev Stipakov Commit 2dfc4f ("dns: deal with --dhcp-options when --dns is active") has removed reset of tuntap DNS options. Due to that, incoming --dns options are added to existing ones instead of overwriting them. It has also added a new storage for --dhcp-option. The push-update code didn't clear it and as a result, incoming --dhcp-option options were added to existing ones instead of overwriting them. Fixed by: - resetting tuntap DNS options (regression from abovementioned commit) - clearing dhcp options storage in push-update code GitHub: fixes OpenVPN/openvpn#804 Change-Id: Ife4d8fc5f8e2183e61226d66a76bbaa02c06f787 Signed-off-by: Lev Stipakov Acked-by: Heiko Hund --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1121 This mail reflects revision 3 of this Change. Acked-by according to Gerrit (reflected above): Heiko Hund diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 3753810..3ceada0 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -3527,7 +3527,13 @@ #endif /* if defined(_WIN32) */ /* Copy --dns options to tuntap_options */ + const struct dns_domain *d = dns->search_domains; + if (d) + { + tt->domain_search_list_len = 0; + } + while (d && tt->domain_search_list_len + 1 < N_SEARCH_LIST_LEN) { tt->domain_search_list[tt->domain_search_list_len++] = d->name; @@ -3538,6 +3544,9 @@ msg(M_WARN, "WARNING: couldn't copy all --dns search-domains to TUN/TAP"); } + tt->dns_len = 0; + tt->dns6_len = 0; + const struct dns_server *s = dns->servers; while (s) { @@ -6212,6 +6221,8 @@ } o->disable_nbt = 0; o->dhcp_options = 0; + + CLEAR(options->dns_options.from_dhcp); #if defined(TARGET_ANDROID) o->http_proxy_port = 0; o->http_proxy = NULL;