From patchwork Fri Sep 26 11:17:26 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Frank Lichtenheld X-Patchwork-Id: 4452 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:7505:b0:72f:f16c:e055 with SMTP id r5csp658356mai; Fri, 26 Sep 2025 04:17:56 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCW0ysAw5BvghRkwQ8PxvwIUa+KpjQDS2V7HKriuvMyCc+Is+/yMwvpBbiuqefIVMCjBon+PhBsRM6o=@openvpn.net X-Google-Smtp-Source: AGHT+IEgvU+nPdQYeoPFJ/vMoPqhf0vlpZgrDYXnDzplzTujpF3E4YcNQp110SZP3Ds0goye8E9O X-Received: by 2002:a05:6871:79a3:b0:35c:cfec:df79 with SMTP id 586e51a60fabf-36c4698a0f9mr1133687fac.51.1758885475830; Fri, 26 Sep 2025 04:17:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1758885475; cv=none; d=google.com; s=arc-20240605; b=Uo/FMhpXYXDnQuqLjcMF3IC+E7GaS+I6pLqY7+TXOwFvW6pBLYAAyVP1EZfExLoMMy Epq5WWa+mnnb5GXJ16TUhlef1XBwQ51eqc8JBs6b6TVFyKmtsJpCvT+o++Gn2uE1Um7F JcHkWqNyCGFiFatPrjaugR4v13MUPS9Af/VG/Y3D/+8hu80oz+SAU6vsMmDse2MQQe8X 60c1DLhdyEbWCZGNMBlfQtEAPLrDcuy8qZBPe+PCIOimUDjQ4dZcC4C++X3rqaPW+wKR /sqWewn56gFwhc/hFkOKBX5+iCqpSupIMY+TzcbrX7l4679LADz0BufZkQCc5dnnapZg Wuww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature:dkim-signature; bh=tWASK29s7c6TbLSxL5hpIkjwcThqZ+xBbugJqXXuyzY=; fh=247L+IztxEdcidbjmJCC8yDC2mCuyVhfy37dKhZO6zE=; b=LGyuLxAVoiARAMcRfpx9Rp5kfiCdx6J5oYQ/L4YnjA6r//5MxOLwo0pkm41T90tjAL EMC26xCTB3wN3OeFRn2WEeHxpyrbwicRW3alIJOp86/acy67lmn4okzbtx/ZyrtVyHgU aAIsKwUl6XOYqUpnfPwEsGcqyHbRVbFAs1IFJq1R71r1N9RuBPxpblnyQvRGBrABz/QU rAcsvEOPvWMDirwizq5Q+lXw5mG9TWIv1ra2D3sXG1bASzXhxZO8Rx1h190SdtzZNIjt MZgC54Qel55vdx2JhaMI0LTMa6OYTLD7kPnwk4trakDukCdm5JPXvUX3c+Ryhx3WCk7z s0yg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=coQySYl5; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="Un4/l1gE"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=MIPM5Jm4; dkim=neutral (body hash did not verify) header.i=@lichtenheld.com header.s=MBO0001 header.b="Ha76lD5/"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-363c7db9ca3si1083422fac.279.2025.09.26.04.17.55 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 26 Sep 2025 04:17:55 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=coQySYl5; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="Un4/l1gE"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=MIPM5Jm4; dkim=neutral (body hash did not verify) header.i=@lichtenheld.com header.s=MBO0001 header.b="Ha76lD5/"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-Id:Date:To:From:Sender: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=tWASK29s7c6TbLSxL5hpIkjwcThqZ+xBbugJqXXuyzY=; b=coQySYl5osddUzvikVw7Bcv+e0 jD842l7wu62FpJv5PvPjNrEFpcT4TY1vFU0uqPcqw9hIaovN80sRUMHb0e01HxiqlG+uCB03crugQ yQrxaFaZImPdSj2v2yMT5qM5syDlD3BJv6TVn67Xoldn5aSyi3UqHaFNO7GBtvd7ozYc=; Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1v26ST-00016m-TP; Fri, 26 Sep 2025 11:17:49 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1v26SI-00016V-2i for openvpn-devel@lists.sourceforge.net; Fri, 26 Sep 2025 11:17:38 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=e2BoW4ILeE4MLpRq8tR3800ly2b82Mtsl88Ht2ftAe0=; b=Un4/l1gEotSR3ZuRxoEPyb5OAF TOnXLf4xAyWUlGK0YAnmsGFQEq1q9tAymjx3ANmaY7P9eq7qTN2JWQhQQ2YpN7MzBtIU3DYyhcqIo rG1sMTAo2AETd/6HGNkYJNR2YACZG6y0Kh8SLIBu5ogHpMjkOYNIW8eRsSCn28OMjWBI=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=e2BoW4ILeE4MLpRq8tR3800ly2b82Mtsl88Ht2ftAe0=; b=MIPM5Jm4TND/x4FyJ1DRqhxihX acLvtkwNGqhCL3qLog/8k6/4Xtz955jwvQD7lpxP1/YayrRmQynYO797rubN2DyB3FkSpUGe2bAdt pz7tvwxRfJrtpCtgbnV6wi6dPIeDdu6soVNc+AXydRneNfK4sVrqqUF6us7OYaWvITMM=; Received: from mout-p-201.mailbox.org ([80.241.56.171]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1v26SG-0003A2-9x for openvpn-devel@lists.sourceforge.net; Fri, 26 Sep 2025 11:17:37 +0000 Received: from smtp2.mailbox.org (smtp2.mailbox.org [10.196.197.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-201.mailbox.org (Postfix) with ESMTPS id 4cY7N76Dy4z9tfk; Fri, 26 Sep 2025 13:17:27 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lichtenheld.com; s=MBO0001; t=1758885447; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=e2BoW4ILeE4MLpRq8tR3800ly2b82Mtsl88Ht2ftAe0=; b=Ha76lD5/DQ1YIBNBtSpqApvoHf1dlIxkK3LqqqSh1faFKG+YEt3oAcw6M9ZKd+y7aMRU60 KqiUSf6h2ayvGWhKdgXqEcMu+7ypxkfkv7bicfuWtlND74c8b8IgHElttzKoCeFEGPr00+ FOLfADI3IhWCFfGkWOATOvJJihUwkGl80zR/2HrmzCYge4b+tlnSYA0WiJSrRd2i9wP4of u4WJw5eFBtI9E6/0aK2U40QVkBJGNnnCzSlybJPbITPKrmZtl+OpJRjdKKaANSvC3PyS7p fvobL+rzLUiCQNBXytu04onPhgO7nTt5uBO2pVxqnrx2uzFHvfE+betJ3ZM5Wg== From: Frank Lichtenheld To: openvpn-devel@lists.sourceforge.net Date: Fri, 26 Sep 2025 13:17:26 +0200 Message-Id: <20250926111726.153603-1-frank@lichtenheld.com> In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: These should not change any behavior, they mostly clarify the used types and silence warnings, since these casts are deliberate. Change-Id: Ica721a51b00d5314125bcaf5a586e718c5982aef Signed-off-by: Frank Lichtenheld Acked-by: MaxF Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/ [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_MSPIKE_H5 RBL: Excellent reputation (+5) [80.241.56.171 listed in wl.mailspike.net] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders X-Headers-End: 1v26SG-0003A2-9x Subject: [Openvpn-devel] [PATCH v4] proto: Clean up conversion warnings related to checksum macros X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: MaxF Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1844325096368880769?= X-GMAIL-MSGID: =?utf-8?q?1844325096368880769?= These should not change any behavior, they mostly clarify the used types and silence warnings, since these casts are deliberate. Change-Id: Ica721a51b00d5314125bcaf5a586e718c5982aef Signed-off-by: Frank Lichtenheld Acked-by: MaxF Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1164 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1164 This mail reflects revision 4 of this Change. Acked-by according to Gerrit (reflected above): MaxF diff --git a/src/openvpn/clinat.c b/src/openvpn/clinat.c index b49d4bb..7751a47 100644 --- a/src/openvpn/clinat.c +++ b/src/openvpn/clinat.c @@ -185,11 +185,7 @@ const int direction) { struct ip_tcp_udp_hdr *h = (struct ip_tcp_udp_hdr *)BPTR(ipbuf); - int i; - uint32_t addr, *addr_ptr; - const uint32_t *from, *to; - int accumulate = 0; - unsigned int amask; + int32_t accumulate = 0; unsigned int alog = 0; if (check_debug_level(D_CLIENT_NAT)) @@ -197,8 +193,11 @@ print_pkt(&h->ip, "BEFORE", direction, D_CLIENT_NAT); } - for (i = 0; i < list->n; ++i) + for (int i = 0; i < list->n; ++i) { + uint32_t addr, *addr_ptr; + const uint32_t *from, *to; + unsigned int amask; const struct client_nat_entry *e = &list->entries[i]; /* current NAT rule */ if (e->type ^ direction) { diff --git a/src/openvpn/mss.c b/src/openvpn/mss.c index e7111a8..10d61d1 100644 --- a/src/openvpn/mss.c +++ b/src/openvpn/mss.c @@ -130,11 +130,6 @@ } } -#if defined(__GNUC__) || defined(__clang__) -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wconversion" -#endif - /* * change TCP MSS option in SYN/SYN-ACK packets, if present * this is generic for IPv4 and IPv6, as the TCP header is the same @@ -143,11 +138,8 @@ void mss_fixup_dowork(struct buffer *buf, uint16_t maxmss) { - int hlen, olen, optlen; + int olen, optlen; uint8_t *opt; - uint16_t mssval; - int accumulate; - struct openvpn_tcphdr *tc; if (BLEN(buf) < (int)sizeof(struct openvpn_tcphdr)) { @@ -155,8 +147,8 @@ } verify_align_4(buf); - tc = (struct openvpn_tcphdr *)BPTR(buf); - hlen = OPENVPN_TCPH_GET_DOFF(tc->doff_res); + struct openvpn_tcphdr *tc = (struct openvpn_tcphdr *)BPTR(buf); + int hlen = OPENVPN_TCPH_GET_DOFF(tc->doff_res); /* Invalid header length or header without options. */ if (hlen <= (int)sizeof(struct openvpn_tcphdr) || hlen > BLEN(buf)) @@ -171,43 +163,37 @@ { break; } - else if (*opt == OPENVPN_TCPOPT_NOP) + if (*opt == OPENVPN_TCPOPT_NOP) { optlen = 1; + continue; } - else + + optlen = *(opt + 1); + if (optlen <= 0 || optlen > olen) { - optlen = *(opt + 1); - if (optlen <= 0 || optlen > olen) + break; + } + if (*opt == OPENVPN_TCPOPT_MAXSEG) + { + if (optlen != OPENVPN_TCPOLEN_MAXSEG) { - break; + continue; } - if (*opt == OPENVPN_TCPOPT_MAXSEG) + uint16_t mssval = (uint16_t)(opt[2] << 8) + opt[3]; + if (mssval > maxmss) { - if (optlen != OPENVPN_TCPOLEN_MAXSEG) - { - continue; - } - mssval = opt[2] << 8; - mssval += opt[3]; - if (mssval > maxmss) - { - dmsg(D_MSS, "MSS: %" PRIu16 " -> %" PRIu16, mssval, maxmss); - accumulate = htons(mssval); - opt[2] = (uint8_t)((maxmss >> 8) & 0xff); - opt[3] = (uint8_t)(maxmss & 0xff); - accumulate -= htons(maxmss); - ADJUST_CHECKSUM(accumulate, tc->check); - } + dmsg(D_MSS, "MSS: %" PRIu16 " -> %" PRIu16, mssval, maxmss); + opt[2] = (uint8_t)((maxmss >> 8) & 0xff); + opt[3] = (uint8_t)(maxmss & 0xff); + int32_t accumulate = htons(mssval); + accumulate -= htons(maxmss); + ADJUST_CHECKSUM(accumulate, tc->check); } } } } -#if defined(__GNUC__) || defined(__clang__) -#pragma GCC diagnostic pop -#endif - static inline size_t adjust_payload_max_cbc(const struct key_type *kt, size_t target) { diff --git a/src/openvpn/proto.h b/src/openvpn/proto.h index 62157fa..94952bd 100644 --- a/src/openvpn/proto.h +++ b/src/openvpn/proto.h @@ -214,7 +214,7 @@ */ #define ADJUST_CHECKSUM(acc, cksum) \ { \ - int _acc = acc; \ + int32_t _acc = acc; \ _acc += (cksum); \ if (_acc < 0) \ { \ @@ -231,16 +231,16 @@ } \ } -#define ADD_CHECKSUM_32(acc, u32) \ - { \ - acc += (u32) & 0xffff; \ - acc += (u32) >> 16; \ +#define ADD_CHECKSUM_32(acc, u32) \ + { \ + acc += (int32_t)((u32) & 0xffff); \ + acc += (int32_t)((u32) >> 16); \ } -#define SUB_CHECKSUM_32(acc, u32) \ - { \ - acc -= (u32) & 0xffff; \ - acc -= (u32) >> 16; \ +#define SUB_CHECKSUM_32(acc, u32) \ + { \ + acc -= (int32_t)((u32) & 0xffff); \ + acc -= (int32_t)((u32) >> 16); \ } /*