From patchwork Sat Dec 14 23:21:31 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: corubba <corubba@gmx.de>
X-Patchwork-Id: 4003
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7000:1f13:b0:5e7:b9eb:58e8 with SMTP id
 hs19csp1273871mab;
        Sat, 14 Dec 2024 15:21:49 -0800 (PST)
X-Forwarded-Encrypted: i=2;
 AJvYcCUaR7doFoHmkd2IneKb9EVMFauHLLZ/SJuzDpiOQNPbeynT8o0OBJMmWQGMoIy08YoAlUjAFioX2Fw=@openvpn.net
X-Google-Smtp-Source: 
 AGHT+IEiNpL2a6DfPTKwvv2jQ9MfAJ6DBVSTtOj6CFHh9NHAUdb6I1DLVq+EHHVYcIj6509HygOt
X-Received: by 2002:a05:6808:178e:b0:3e6:5761:af3 with SMTP id
 5614622812f47-3eba67febbcmr3443006b6e.9.1734218508931;
        Sat, 14 Dec 2024 15:21:48 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1734218508; cv=none;
        d=google.com; s=arc-20240605;
        b=MBWzL4/p5CJSKe12MbCpac7soITwiMOO/QC2h49BdxfI/vF/IbQj2lzFe5KXcNtZHU
         YLP7d/G2flJSufEpuhRMR5ut7Lyqd1bA/j+1TDQFLK8MFy++k0mhSCiPkIhVdWRA7h49
         ZOwWbiXuMEao9qAOlYSd6hJrWGSxjrVYgEWDIchsXJnmSRpFHpPC7FcnHPN3cx0Wsuk+
         zASqvejtuJuQEiXHb/XsZIslPUHM9KQPdyl+5P2SBif7B92rgnGs3OwIoFopFN5/qK22
         oksoEU0AYAfqENSCgd+1gB+9xEyL0JMHcqkp8LgcPoUNghBR9N2/MPK8iXyT4w8wS7p9
         KfLQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=errors-to:content-transfer-encoding:reply-to:from:list-subscribe
         :list-help:list-post:list-archive:list-unsubscribe:list-id
         :precedence:subject:ui-outboundreport:in-reply-to:content-language
         :references:to:user-agent:mime-version:date:message-id
         :dkim-signature:dkim-signature:dkim-signature;
        bh=28UjCKDX7gsYfCsdP4Uj5iWstAPpS52Y+Z87ljvAbBc=;
        fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=;
        b=DSFzKXjxddL9RoGsGWy5d2JdnZjkYR8WCVhuQk6pTWMKJeWc0eO8L6WXGfpun+U/LH
         rMaifiWXRpT2SyZQ9qJUCwGLLWD047OFbegTz6PDrFByDnX3U33b/AekaUPlm+v3CTvl
         6UBAJSha6i4RwIADFk4RkZtYeFXjD+nEWaNEIq+qHkjmgVAxXIOGJN+B6KozidSeEi+M
         5ah/3/TAZh8KuaHL5KOalGXr9Zi4DtTe6ZJi2pd6llHhuXLQlheJDkPCrPXJCvyDTbkV
         GVlemymotr2y7SHr9UV/52ISzmktWG1RBnOU5RZrzCYRmDhyqLr/iMqjlnZwsXm+nd+J
         5w5A==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=jMMzl48B;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=j6vAXZAO;
       dkim=neutral (body hash did not verify) header.i=@gmx.de
 header.s=s31663417 header.b="CEixez/o";
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=sourceforge.net
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
        by mx.google.com with ESMTPS id
 5614622812f47-3ebb48aa333si1276540b6e.239.2024.12.14.15.21.48
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Sat, 14 Dec 2024 15:21:48 -0800 (PST)
Received-SPF: pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=jMMzl48B;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=j6vAXZAO;
       dkim=neutral (body hash did not verify) header.i=@gmx.de
 header.s=s31663417 header.b="CEixez/o";
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=sourceforge.net
Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com)
	by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1tMbSC-0004Ug-8G;
	Sat, 14 Dec 2024 23:21:44 +0000
Received: from [172.30.29.66] (helo=mx.sourceforge.net)
 by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
 (envelope-from <corubba@gmx.de>) id 1tMbSB-0004Ua-EE
 for openvpn-devel@lists.sourceforge.net;
 Sat, 14 Dec 2024 23:21:44 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:
 References:To:From:Subject:MIME-Version:Date:Message-ID:Sender:Reply-To:Cc:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=AaX6LqGSMtEdFpsl+pa2MJKQaMgEEYvWQgerxCxU8NY=; b=jMMzl48BK17MSQHqQZCQiueSm0
 4hA11fD9yHPCt6iaN83meZVx9trQvXZOs4G34JsuO4ZG5dQ4JHzzWEUD4jZ04EMHRAMs3QavG9KGb
 VW9r8EpXOhQRy08OQA5gFNrXSY4e14nOdu5tPRA9aQgQnMQBkvmtcqUsxIMunCWO9ALc=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Transfer-Encoding:Content-Type:In-Reply-To:References:To:From:
 Subject:MIME-Version:Date:Message-ID:Sender:Reply-To:Cc:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=AaX6LqGSMtEdFpsl+pa2MJKQaMgEEYvWQgerxCxU8NY=; b=j6vAXZAOAiXau56Plpkal8jcBV
 tbS8cCSX5VW31DcowE6PVWNFLKBCnqjnXbMALZSZyalDhbuiqhUmBcoE92lchI1iX7XXou+EDPRT6
 F3x24YZEeo3cagTmWCDHjRkV+Ak3PjiS9NKxvoVOWRcIsWZKvUinoG6trXq+hBo5Q5l4=;
Received: from mout.gmx.net ([212.227.17.21])
 by sfi-mx-2.v28.lw.sourceforge.com with esmtps
 (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95)
 id 1tMbSB-0003JL-77 for openvpn-devel@lists.sourceforge.net;
 Sat, 14 Dec 2024 23:21:44 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmx.de;
 s=s31663417; t=1734218491; x=1734823291; i=corubba@gmx.de;
 bh=AaX6LqGSMtEdFpsl+pa2MJKQaMgEEYvWQgerxCxU8NY=;
 h=X-UI-Sender-Class:Message-ID:Date:MIME-Version:Subject:From:To:
 References:In-Reply-To:Content-Type:Content-Transfer-Encoding:cc:
 content-transfer-encoding:content-type:date:from:message-id:
 mime-version:reply-to:subject:to;
 b=CEixez/obMCNyliCp+uQG6op+z18OSPuL6lcH1D7pdYcoVWQuVZoJ1gO5RIsDxdb
 A01CSBd8TVHF7H6tQpp916ItfwCj7EvDIxn9+27IAENlYNAiSYm9A35HMTowqSLX9
 t0Xm37Mu6tDcjak/O3r3RN0juec3qAWbrBp4WCKYCJ5R+UV6friTYKz6qN5Geh1Do
 Riz3QYk4etWmkF3DrwZ9Plux4gEk0HV2yoKVN4vxl1M8RyvSrcwMnn9TKfJwsFSzH
 ItKDYnhH+PLwuNoE7vz6zFTgFY/iB5Qd3IliJAOV6FVU7+za1CAGLHdRysMdIcvuQ
 HIF9PKjjwjqPAuecGA==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from [192.168.44.3] ([83.135.91.236]) by mail.gmx.net (mrgmx104
 [212.227.17.168]) with ESMTPSA (Nemesis) id 1MAwbp-1tTWOQ2nlJ-001t3u for
 <openvpn-devel@lists.sourceforge.net>; Sun, 15 Dec 2024 00:21:31 +0100
Message-ID: <27c62e07-1f28-4e2a-b68d-32963f6d6da9@gmx.de>
Date: Sun, 15 Dec 2024 00:21:31 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: openvpn-devel@lists.sourceforge.net
References: <7e42399c-3a94-40a2-bcaa-15545c3b761c@gmx.de>
Content-Language: de-CH
In-Reply-To: <7e42399c-3a94-40a2-bcaa-15545c3b761c@gmx.de>
X-Provags-ID: V03:K1:DoTpvlDDoFdfbl7ndtYsNb6ff0Ci6DWb7Z4uDtNXeJEDWD1Qpdi
 aXFhM6Wb5M8g/6A+dThOQvao1TdXfRRfYREDvFkJGsrfHvjiyXKpt/CRXSj4PerfcY4D+n6
 +qmxbl/W6d6GYvzSleCjNrkC0OMVpgBBxp4RIY3znRMFc1Od3hAH1eiCWR8tSIiAwS1hPNm
 T7N13lbye7oDk2j2uHyNg==
X-Spam-Flag: NO
UI-OutboundReport: notjunk:1;M01:P0:AJgC/zHpC80=;Orhq1itdwzM4obF3nNrSaZngxdC
 /ZS4k6JKkMht4h5Bf2dQHJwXJvHrelwbmm/n4IxhWK6oaLQ6rZ8zSJsNwi1j7amM8FnouCV94
 0opMh3MTWqJEXeeOE2bQVWOAVk5TW2AS+tT4Ysea6qNysfAUmoTYW+ldfVHFlD+JB6siseqHz
 LK/BA1FMBuqs9dow+EMmTDlS4NOuXWx78mqvtAv3smiznNf9FUV9pX8idAjXcpiXcRrf/X1ot
 wNLbDInd4Ji4T8LeEtVuG46lEsn505QQO/iXSLyrwDlJT55mHiRjnE9xTw8sx4Jm8Nhe3ZfBD
 2XXlTuye+g2e6Mcy33ytzZms0ZVR32mq9v6od3MZq1b4kVGF/aH7w866s5n2Hivl60WCpE2tC
 kc9yWh4j5kot0wAaetT8pPVrnA84HoQcxSvFDp0cL6HKHusz8B3esyzL53LoofpJ6Zre4E11t
 FZx5/lS+tE7U3OESbSW06czTDDZBBn5Iyv/ZM7gsHbG7dkhaQwGXBIFggKp+n6N6kENIFQL8I
 YoPyz3UGmhH1pvHXRvOK8SHC8tlRMZCuCIHcsSdyauAUbPglbXYXlFfEg+QHSIzNsGIB3HllV
 OKkiDLrETtBqyBJ2QrQDULI2g/txTsRHgmuaFb+CqHw0dNpDuUOx7MVUB5hAY0W1n3MhOrVSJ
 xVosTILtXDwwAPHFOC8NLwDZNs6S055CWr9U3kitE4sHxqPIYei7K5YFbpF+kmEpmOUBzUg2r
 Rxohs55fOFXyNvNAt6mkX3QsLA1H9dcOupe5O8RLCuFyhmXPtmPueYORbi977JLQVDelu4cfS
 ls+gdIvDBdyfeM6qx3yuKJ24RlgwnMOSilvUVhRZ2UNJaH41kawbCG9l4ITqNS4FZx1UKQW9a
 rfcbfNARqwEVlc+7Cl4qK2AkeNcjctfwQ5qZV82L4cEenhs4FNGnrCoCLsm2HOUMVHtomTU7L
 FN2rSFMNl/RoYXnj4ItbnuTpbO6CJpBvo9p3EGgm/zW/xVjrvczrg4EwzzUa2pheVcXGu/tVO
 U2JsJUKiufZJS3rCIa7piD8WzsqPR+tGfBOnUSvoYMgTb8Z42ij2ehSYjfRI1fS2LcsgzWSYr
 Pu7juOI/6R/ARZOvVnsrhKyIY7akrf
X-Spam-Score: -0.9 (/)
X-Spam-Report: Spam detection software,
 running on the system "util-spamd-2.v13.lw.sourceforge.com",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: Subject: [PATCH 3/3] port-share: Add unix-socket and udp
 support
 for proxy protocol v2 Just in case it is ever needed. Signed-off-by: corubba
 --- src/openvpn/ps.c | 42 +++++++++++++++++++++++++++++++++++-------
 src/openvpn/socket.h
 | 1 + 2 files changed, 36 insertions(+), 7 deletions(-)
 Content analysis details:   (-0.9 points, 6.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 0.0 RCVD_IN_MSPIKE_H3      RBL: Good reputation (+3)
 [212.227.17.21 listed in wl.mailspike.net]
 -0.7 RCVD_IN_DNSWL_LOW      RBL: Sender listed at https://www.dnswl.org/,
 low trust [212.227.17.21 listed in list.dnswl.org]
 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
 query to Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243
 for more information.
 [212.227.17.21 listed in bl.score.senderscore.com]
 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The
 query to Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243
 for more information.
 [212.227.17.21 listed in sa-accredit.habeas.com]
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider [corubba[at]gmx.de]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily
 valid
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
 envelope-from domain
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
 author's domain
 0.0 RCVD_IN_MSPIKE_WL      Mailspike good senders
X-Headers-End: 1tMbSB-0003JL-77
Subject: [Openvpn-devel] [PATCH 3/2] port-share: Add unix-socket and udp
 support for proxy protocol
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
X-Patchwork-Original-From: corubba via Openvpn-devel
 <openvpn-devel@lists.sourceforge.net>
From: corubba <corubba@gmx.de>
Reply-To: corubba <corubba@gmx.de>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1818459907126457218?=
X-GMAIL-MSGID: =?utf-8?q?1818459907126457218?=

Subject: [PATCH 3/3] port-share: Add unix-socket and udp support for proxy
 protocol v2

Just in case it is ever needed.

Signed-off-by: corubba <corubba@gmx.de>
---
 src/openvpn/ps.c     | 42 +++++++++++++++++++++++++++++++++++-------
 src/openvpn/socket.h |  1 +
 2 files changed, 36 insertions(+), 7 deletions(-)

--
2.47.1

diff --git a/src/openvpn/ps.c b/src/openvpn/ps.c
index b5d04c5b..b34df315 100644
--- a/src/openvpn/ps.c
+++ b/src/openvpn/ps.c
@@ -400,18 +400,19 @@ journal_add(const char *journal_dir, struct proxy_connection *pc, struct proxy_c
 static void
 send_proxy_protocol_v2_header(const struct proxy_connection *const pc, const struct proxy_connection *const cp)
 {
-    static const uint8_t PP2_AF_UNSPEC = 0x0, PP2_AF_INET = 0x1, PP2_AF_INET6 = 0x2;
-    static const uint8_t PP2_PROTO_STREAM = 0x1;
+    static const uint8_t PP2_AF_UNSPEC = 0x0, PP2_AF_INET = 0x1, PP2_AF_INET6 = 0x2, PP2_AF_UNIX = 0x3;
+    static const uint8_t PP2_PROTO_UNSPEC = 0x0, PP2_PROTO_STREAM = 0x1, PP2_PROTO_DGRAM = 0x2;

     struct openvpn_sockaddr src, dst;
-    socklen_t src_len, dst_len;
-    unsigned char header[52] = {
+    socklen_t src_len, dst_len, socket_type_len;
+    unsigned char header[232] = {
         "\x0D\x0A\x0D\x0A\x00\x0D\x0A\x51\x55\x49\x54\x0A" /* signature */
         "\x21" /* version=2 + command=proxy */
         /* initialize the rest to zero for now */
     };
-    uint8_t addr_fam, header_len = 16;
+    uint8_t addr_fam, proto, header_len = 16;
     uint16_t addr_len;
+    int socket_type;

     src_len = sizeof(src.addr);
     dst_len = sizeof(dst.addr);
@@ -467,7 +468,14 @@ send_proxy_protocol_v2_header(const struct proxy_connection *const pc, const str
             memcpy(&header[50], &dst.addr.in6.sin6_port, sizeof(dst.addr.in6.sin6_port));
             break;

-        /* AF_UNIX is currently not suppported by OpenVPN */
+        case AF_UNIX:
+            addr_fam = PP2_AF_UNIX;
+            addr_len = 216;
+            ASSERT(108 >= sizeof(src.addr.un.sun_path));
+            ASSERT(108 >= sizeof(dst.addr.un.sun_path));
+            memcpy(&header[16], &src.addr.un.sun_path, 108);
+            memcpy(&header[124], &dst.addr.un.sun_path, 108);
+            break;

         default:
             addr_fam = PP2_AF_UNSPEC;
@@ -475,7 +483,27 @@ send_proxy_protocol_v2_header(const struct proxy_connection *const pc, const str
             break;
     }

-    const uint8_t proto = PP2_PROTO_STREAM; /* DGRAM is currently not supported by port-share */
+    socket_type_len = sizeof(socket_type);
+    if (0 != getsockopt(pc->sd, SOL_SOCKET, SO_TYPE, &socket_type, &socket_type_len))
+    {
+        msg(M_WARN, "PORT SHARE PROXY: getting socket type failed");
+        socket_type = -1; /* fallback to unspec */
+    }
+    switch (socket_type)
+    {
+        case SOCK_STREAM:
+            proto = PP2_PROTO_STREAM;
+            break;
+
+        case SOCK_DGRAM:
+            proto = PP2_PROTO_DGRAM;
+            break;
+
+        default:
+            proto = PP2_PROTO_UNSPEC;
+            break;
+    }
+
     header[13] = (addr_fam << 4) | proto;

     /* TLV is currently not implemented */
diff --git a/src/openvpn/socket.h b/src/openvpn/socket.h
index 465d92ba..3578b3c3 100644
--- a/src/openvpn/socket.h
+++ b/src/openvpn/socket.h
@@ -69,6 +69,7 @@ struct openvpn_sockaddr
         struct sockaddr sa;
         struct sockaddr_in in4;
         struct sockaddr_in6 in6;
+        struct sockaddr_un un;
     } addr;
 };