[Openvpn-devel,S] Change in openvpn[master]: Add warning if a p2p NCP client connects to a p2mp server

Message ID 5b489d868a80cf1c3bb6325df28aa79891c824d5-HTML@gerrit.openvpn.net
State Not Applicable
Headers show
Series [Openvpn-devel,S] Change in openvpn[master]: Add warning if a p2p NCP client connects to a p2mp server | expand

Commit Message

d12fk (Code Review) Aug. 10, 2023, 1:51 p.m. UTC
Attention is currently required from: flichtenheld.

Hello flichtenheld,

I'd like you to do a code review.
Please visit

    http://gerrit.openvpn.net/c/openvpn/+/323?usp=email

to review the following change.


Change subject: Add warning if a p2p NCP client connects to a p2mp server
......................................................................

Add warning if a p2p NCP client connects to a p2mp server

Change-Id: I85ae4e1167e1395b4f59d5d0ecf6c38befcaa8a7
---
M src/openvpn/ssl_ncp.c
M src/openvpn/ssl_ncp.h
2 files changed, 9 insertions(+), 2 deletions(-)



  git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/23/323/1

Patch

diff --git a/src/openvpn/ssl_ncp.c b/src/openvpn/ssl_ncp.c
index dafaef1..aae04e2 100644
--- a/src/openvpn/ssl_ncp.c
+++ b/src/openvpn/ssl_ncp.c
@@ -24,7 +24,7 @@ 
  */
 
 /**
- * @file Control Channel SSL/Data dynamic negotion Module
+ * @file Control Channel SSL/Data dynamic negotiation Module
  * This file is split from ssl.c to be able to unit test it.
  */
 
@@ -267,6 +267,13 @@ 
         remote_cipher = "";
     }
 
+    if (extract_iv_proto(peer_info) & IV_PROTO_NCP_P2P)
+    {
+        msg(M_WARN, "Note: peer reports running in P2P mode (no --pull/--client"
+            "option). It will not negotiate ciphers with this server. "
+            "Expect this connection to fail.");
+    }
+
     char *tmp_ciphers = string_alloc(server_list, &gc_tmp);
 
     const char *token;
diff --git a/src/openvpn/ssl_ncp.h b/src/openvpn/ssl_ncp.h
index d27ed24..de7a0e4 100644
--- a/src/openvpn/ssl_ncp.h
+++ b/src/openvpn/ssl_ncp.h
@@ -23,7 +23,7 @@ 
  */
 
 /**
- * @file Control Channel SSL/Data dynamic negotion Module
+ * @file Control Channel SSL/Data dynamic negotiation Module
  * This file is split from ssl.h to be able to unit test it.
  */