From patchwork Sat Dec 14 23:19:32 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: corubba X-Patchwork-Id: 4001 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:1f13:b0:5e7:b9eb:58e8 with SMTP id hs19csp1273347mab; Sat, 14 Dec 2024 15:19:56 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCUAIAkxKJnhG/12epcv+Gp9ifb14dKbIbZ8I9lEjYA1J2dYsVlJYbB8vKdyVB60kooeDY/W2gqyZUg=@openvpn.net X-Google-Smtp-Source: AGHT+IHZY6rB+O/4VE/pJQQYXEdlXD4pga93+i2lae6xiyS9sDZaGdr8dWiYzZ1jEjHoH0OOc5qw X-Received: by 2002:a05:6871:6a3:b0:288:e7f2:e9da with SMTP id 586e51a60fabf-2a3ac6b96a3mr3274669fac.20.1734218396237; Sat, 14 Dec 2024 15:19:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1734218396; cv=none; d=google.com; s=arc-20240605; b=ILbBxMUAbV4+tvetCrwj7pxwOVDpNpy6PKa+ilF7HKNPZ+7eh0w+87cRB3d1+15jii COZi3E0s1AruJlRlXitBegdNzuTPn90D2RNcW2ln1MNUmJPUR9U8QOr7pLnbXhnFDdAV oW7eaZnxZBgzKEAPzqyySuFjtLplWLz3O+FfuW0Gji396hynBzmmAec/coKwJ9RhkQg4 8k9K6vcxoKSOFZvLgokR88SiDZeH2kR7iD60ETOiaQd+wwH3v94b+omC1Knk09i+O+WY yDghEAzUzPM8RQBMM2JaCVFCLXIQCbDpgzeg7xZGx44HVPFsJS/6IMFGWhV/su1tLKIR tmvA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:reply-to:from:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:ui-outboundreport:in-reply-to:content-language :references:to:user-agent:mime-version:date:message-id :dkim-signature:dkim-signature:dkim-signature; bh=dNmhypVUMe6CUJVQ0wLcyqNy705LqAPPbb9+akVQytM=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=Z4WLQeCjjSnXt+piAK+sDElV+tVZ5Sdt62pk+OesfLa8joL5s0ETW1R7icHgdHHUh7 maaaE+sini/fHt6fxThX8joG30Bq0sk+0K54t1H8RUgFdv6xYTc0kI0jszdlOdVfKBNw s8fhx0fkj0O4/DP/LbC5hACfMakMxs8wUlQPUm6LvCQpfiaCz3e1JQqCbOx8va7xKTSB kWhw2FhVKIhu4GeGbZFbD2R179WA9sqCja21aqhHmlQP/CaiMXFB76p2QpGYa+2VHoQM phXE8sNVkxLmAzyi1WpptZO+swlSxlUHShLijVPVz/ByflRTe7EF5JfCEcd4cPE/Q/fk 5sYQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="h9HZYKv/"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=IrU1wsRR; dkim=neutral (body hash did not verify) header.i=@gmx.de header.s=s31663417 header.b=n7EYJG9B; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 46e09a7af769-71e484e9f4csi1388622a34.226.2024.12.14.15.19.56 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 14 Dec 2024 15:19:56 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="h9HZYKv/"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=IrU1wsRR; dkim=neutral (body hash did not verify) header.i=@gmx.de header.s=s31663417 header.b=n7EYJG9B; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1tMbQJ-0000TK-NN; Sat, 14 Dec 2024 23:19:47 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tMbQI-0000TE-CW for openvpn-devel@lists.sourceforge.net; Sat, 14 Dec 2024 23:19:45 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:Content-Type:In-Reply-To: References:To:From:Subject:MIME-Version:Date:Message-ID:Sender:Reply-To:Cc: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=BQyXW/cL0DF4nGdvtUC0iK2gN/e5DwIeW1/uFt2OWUo=; b=h9HZYKv/jwu3Bj7uiIAQyzMRpk 61wB8kHH3x3/1lApoqAAdHYB1zRFaIytdMz8UoY+px8w4ztV0ucmAugAOVui9XtE5is1wzhv98Qdy qQ4c57oQj4s9jLLetGBDSTg8pONh4h7JnsGI9/FcSeiA7yhV7mJwD5jKgZyO+eCmu/8s=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:References:To:From: Subject:MIME-Version:Date:Message-ID:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=BQyXW/cL0DF4nGdvtUC0iK2gN/e5DwIeW1/uFt2OWUo=; b=IrU1wsRRoxg0wYqcLpd8W/YBJq DKKxjKOsDkUvagm9HkWg2K7NQK4ImHgI8lQRJ6VTMP9teSmlfKessIwCAcwPXD69jdjfI+W2LlTKO gH7JoY8lo2xlxShK0k+MNLnRJ6YsqbrJW0ZKsW95Y9rsCt3IR1cPRaLVRNyOjHCYd3Vk=; Received: from mout.gmx.net ([212.227.17.22]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1tMbQG-0003B8-Qr for openvpn-devel@lists.sourceforge.net; Sat, 14 Dec 2024 23:19:45 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmx.de; s=s31663417; t=1734218373; x=1734823173; i=corubba@gmx.de; bh=BQyXW/cL0DF4nGdvtUC0iK2gN/e5DwIeW1/uFt2OWUo=; h=X-UI-Sender-Class:Message-ID:Date:MIME-Version:Subject:From:To: References:In-Reply-To:Content-Type:Content-Transfer-Encoding:cc: content-transfer-encoding:content-type:date:from:message-id: mime-version:reply-to:subject:to; b=n7EYJG9BGX6llZeylXTdhIBSqmxiHpgODxUqo56rgLtYzPWHFeI5rBo16Iqu4LWF cvX4LB+WRKJgr69RtfKPfwMawzUZ+NwSr/A9jIKEpuLB8zOwPKPlsXNDUOhHJhQCG bI25+MyKtL+JwVvZ/0RX/+vA+53ZbL3MKhr64hee6pgm+DZfB9Xx7lT2eDtIwMhRR hFPJR495vvgJGnqvnP3aQHmcD3Qrw/szeYfCNjSsmfOlcd9i0BywMkBi/6WBfmV+c bhm+StP1VXuqub/sgLVbamoJyvMq6fNs9eBKyuSdF93zoQVKAG0sgF+IGuZHQWF8x d17VBpjlKvk8v9kXSw== X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a Received: from [192.168.44.3] ([83.135.91.236]) by mail.gmx.net (mrgmx105 [212.227.17.168]) with ESMTPSA (Nemesis) id 1McH9Y-1tseNt12hY-00brSM for ; Sun, 15 Dec 2024 00:19:33 +0100 Message-ID: <6a00da72-dc11-409e-9d47-4694e1d6f02f@gmx.de> Date: Sun, 15 Dec 2024 00:19:32 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird To: openvpn-devel@lists.sourceforge.net References: <7e42399c-3a94-40a2-bcaa-15545c3b761c@gmx.de> Content-Language: de-CH In-Reply-To: <7e42399c-3a94-40a2-bcaa-15545c3b761c@gmx.de> X-Provags-ID: V03:K1:Fg+9lG1r0OlSWRWLCoCmieQT2bCkhPacPI8JFEgdD0u9Tq5Lnqg szl5zQuL7F5HVPB7ClSvSZQUf5w1tqHaqcloWoLDswe5/ptS5cO8GSc1vyyUlCNtmdx2Deg ampimg4BJ9jgg3Dpa+1zs2x2bpvUMpqrvSSTLaFdcPECdM9spJGIyzDNlB6rJ3bmrsD7dIZ hhmc0OpyXVbgY0oraA9gw== X-Spam-Flag: NO UI-OutboundReport: notjunk:1;M01:P0:Mp2gCcAPSF4=;sPOzgd4rcr8b+SQOAXpkL8icN6t BX6MDAt9mpCR65V5HbvX3DbDS1CKjUOoBBwIb5FTX7CyoWnlvfJXokX7rACyiGxlVgpoyiu9D Tv867YrIW61jqd+FS02G+WLY8O1FeGxoyyNeXMndHfWSo6NQzDAcJGIHjmvPLGLTJMD9zKq8X JKjRVBoee0oR4RsZpcbwrfklnXp9eBv/P0xxbdhTSQ9w6SL3nOY/T8qy4l1K3NwlK6odnlhXU gGJNmNemDSXY63+GBLSkcejUAqWdIdu5RIcdmhfC3JCmKSERcQWvFHA/+58wq1zHBTBQTTxjv CZ5BxCXSxK+G7YXQ3050xB79e0qw7cC/cKvg6KesEHhDdnSpEpjw7432MXzXFonK7EO/TK/4y DcVSMiyGFoKb280LAw7QromrQUcIF4R1DYgaFmtcGKzhJmEmSL4fSj+Ck6MPgEuW/oA2jLJAA jcGoS2ecH8m3CoiJ0nG9iZrFSqbWXo/75pSGBWEwHDrXaePisQSRa+10/qfGItR9L+sQK6BSD jVian3Yqsaj6TQpVaag9i4kZHuYeLxXcwmr90C8C0A91UrDw78BCCb/KiTdIvFKFzEZExITBD OZTKvdYcHqVuL7QQvdM71E/RKkfDRcP/XkeuTdW73vM5z6h9hR0N3a5mJ1yemgxUZ+OiK4aLv g56/A1tZxftaZ1vi0yZPH7OeN8oVzZRT/xpbncVhv2xak0kgVxuuNTpezc6S3e0vFXtDKNbm/ S+K4kxai2OfSeLjixygT/nR9tc+ojhwGUl2Zeht2Iwdg4G/GlDBhaWsnCptj+zAYwM/U9m/ys wDTKdhiQESxyu4bbvLYtCKrT2lKGX3BOBiG59shdSsCX0Vq0314psOSGbhjU+pgYWZMNxk55H XKi4flxvzzD+PKcixxzTkWEKrshxFHUiOo/t35E3OJjDt7/C+5VGFsW51XRdNooYGwezROu7S E3vxgSet5vb/duWi59aSIKLwHBewS1GLO1FHkNFxSnYek7sQUq8lZ3Pu1KZ8Y53uiOCGr+xuJ RH75yhj310ZNqorSw+9zRNJMxvKT6Vs7/x2BOmQHK2s1nvOEnSA7r24XvMSXQfOq+MOTxeZ0R V0axLt/6YjT3sseAZqklRbhrseSuRG X-Spam-Score: -0.9 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Before passing IPv4-mapped IPv6 addresses to the proxy journal, translate them to plain IPv4 addresses. Whether the connection was accepted by OpenVPN on a "dual stack" socket is of no importance to t [...] Content analysis details: (-0.9 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [212.227.17.22 listed in bl.score.senderscore.com] 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [212.227.17.22 listed in sa-trusted.bondedsender.org] 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [corubba[at]gmx.de] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.0 RCVD_IN_MSPIKE_H4 RBL: Very Good reputation (+4) [212.227.17.22 listed in wl.mailspike.net] -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [212.227.17.22 listed in list.dnswl.org] 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders X-Headers-End: 1tMbQG-0003B8-Qr Subject: [Openvpn-devel] [PATCH 1/2] port-share: Normalize IPv4-mapped IPv6 addresses X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: corubba via Openvpn-devel From: corubba Reply-To: corubba Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1818459789447854206?= X-GMAIL-MSGID: =?utf-8?q?1818459789447854206?= Before passing IPv4-mapped IPv6 addresses to the proxy journal, translate them to plain IPv4 addresses. Whether the connection was accepted by OpenVPN on a "dual stack" socket is of no importance to the proxy receiver. Signed-off-by: corubba --- src/openvpn/ps.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) -- 2.47.1 diff --git a/src/openvpn/ps.c b/src/openvpn/ps.c index 06bf91a8..36ea63b8 100644 --- a/src/openvpn/ps.c +++ b/src/openvpn/ps.c @@ -330,6 +330,22 @@ proxy_list_housekeeping(struct proxy_connection **list) } } +/* + * In-place transformation of an openvpn_sockaddr with an IPv4-mapped IPv6 + * address to one with a plain IPv4 address. No-op otherwise. + */ +static void +transform_mapped_v4_sockaddr(struct openvpn_sockaddr *sock) +{ + if (sock->addr.sa.sa_family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(&sock->addr.in6.sin6_addr)) + { + sock->addr.in4.sin_family = AF_INET; + /* sin_port and sin6_port are the same already */ + memcpy(&sock->addr.in4.sin_addr, &sock->addr.in6.sin6_addr.s6_addr[12], 4); + memset(&sock->addr.in4 + 1, 0, sizeof(sock->addr) - sizeof(sock->addr.in4)); + } +} + /* * Record IP/port of client in filesystem, so that server receiving * the proxy can determine true client origin. @@ -349,6 +365,8 @@ journal_add(const char *journal_dir, struct proxy_connection *pc, struct proxy_c if (!getpeername(pc->sd, (struct sockaddr *) &from.addr.sa, &slen) && !getsockname(cp->sd, (struct sockaddr *) &to.addr.sa, &dlen)) { + transform_mapped_v4_sockaddr(&from); + transform_mapped_v4_sockaddr(&to); const char *f = print_openvpn_sockaddr(&from, &gc); const char *t = print_openvpn_sockaddr(&to, &gc); fnlen = strlen(journal_dir) + strlen(t) + 2;