| Message ID | b16cab79-188f-41a3-af32-f944a387400f@gmx.de |
|---|---|
| State | New |
| Headers | show
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7000:1f13:b0:5e7:b9eb:58e8 with SMTP id
hs19csp2078336mab;
Mon, 16 Dec 2024 04:23:03 -0800 (PST)
X-Forwarded-Encrypted: i=2;
AJvYcCUEP0/6Mh0cUu5HX/9gkW+kr/QwSGdjwGxUbRGtj/Be8w68+PKMv6YW0OwsbkPZ8q+D8WDbQJMdJSU=@openvpn.net
X-Google-Smtp-Source:
AGHT+IGD8Fv+h6bmyK+IJwrJ9AhASanIc7rw+Eak+7FFVVr1EmK/PE17YVxoIADLtMKmyEs5v2ua
X-Received: by 2002:a05:6830:6c14:b0:71d:f429:7f95 with SMTP id
46e09a7af769-71e3ba779d5mr7303552a34.29.1734351783048;
Mon, 16 Dec 2024 04:23:03 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1734351783; cv=none;
d=google.com; s=arc-20240605;
b=A6GvRpH3PKoUWmhP4QQ7WGh7Y5/pk/ffFUEKr9vmzTd6fWALSmmucmKrUAH6iq5Qdh
eiV/olePP07/9NcZn2YedWNQYgzS0/Nn0DxmFW79+l5n98fTuCY6iI3ksjYwf+I4Eez+
UXQdCBFpnHQEDf/68T90tBn7iWPvDbVWdMsBee4S3VdcCS0TpG6OjUjaw1HRsfc2lIAD
FaD+rgtikQU3iejlvPqYZ3nFvItwTkbjMvew1V6AUQe3iRf7Ii9GdWdafBhLgpgg2u/L
Nzr+Ow++rsWdTCvXJ2PoqRLI/D2yYXOFXrADZOPjtFqonk3BUlB0mGXkeJnURegXRYXT
/ejQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20240605;
h=errors-to:content-transfer-encoding:reply-to:from:list-subscribe
:list-help:list-post:list-archive:list-unsubscribe:list-id
:precedence:subject:ui-outboundreport:in-reply-to:content-language
:references:to:user-agent:mime-version:date:message-id
:dkim-signature:dkim-signature:dkim-signature;
bh=q49Uh2LReDIdlyJPbiCN+xhNtm5wZgoPTu30v/I3jqo=;
fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=;
b=RzuERYWUtOTt7qOeGNxobz17bKHjX8G3rPWJz6H5NP2Z79s0MMfzH2SImr9EPCFLpC
tiHP0TyxPA5hoysCUDSjeT4XmMqF8E+6Sn7VMjDMW1UbAzgGW4RfJ67xCjfuSg0KXvf0
isARbY6VETG1B77f6dUAL3cKabX46VYYExKmu4h+DdlQwb6w6V2xQrrzngir9XVhFDOZ
4BBfPCs5+xtlwu7ezTapikWHkQzLvDs9fhpGoGvPBwMSb64RqA9FcxmCmHSqateqqX2e
E719dbOGTp5XHHu2XSpakKidLb0B/KcRgyr6W6kyyFJ2e/8mOxDxghZ3vxuuhkAn0VUg
8J6g==;
dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b=H1GWv0lY;
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b=lyW11juS;
dkim=neutral (body hash did not verify) header.i=@gmx.de
header.s=s31663417 header.b=bhk5yVAu;
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=sourceforge.net
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
by mx.google.com with ESMTPS id
46e09a7af769-71e48634c87si3134310a34.311.2024.12.16.04.23.02
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Mon, 16 Dec 2024 04:23:03 -0800 (PST)
Received-SPF: pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b=H1GWv0lY;
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b=lyW11juS;
dkim=neutral (body hash did not verify) header.i=@gmx.de
header.s=s31663417 header.b=bhk5yVAu;
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=sourceforge.net
Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com)
by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95)
(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
id 1tNA7k-0000kC-Jd;
Mon, 16 Dec 2024 12:22:56 +0000
Received: from [172.30.29.66] (helo=mx.sourceforge.net)
by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
(envelope-from <corubba@gmx.de>) id 1tNA7i-0000k5-NS
for openvpn-devel@lists.sourceforge.net;
Mon, 16 Dec 2024 12:22:54 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=sourceforge.net; s=x; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:
From:References:To:Subject:MIME-Version:Date:Message-ID:Sender:Reply-To:Cc:
Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
List-Subscribe:List-Post:List-Owner:List-Archive;
bh=+oOw2ImSOSFIaAxeJeppfl0aWLemECLILunreLvQoLM=; b=H1GWv0lYnRw+Ka9TS/YEqnU3CM
xQPX9WmO98Xlc7wtKvLK4NXxtE0zwBkQlkkUjuNXLpoACxBEOol4xXPeaEhrK6UtEUoPAExaNO/Mj
56ylfy57zo14VCuoGSW7ZKvra5Lv4rr7WGcsAYnvOVhxlrAY9/1xLa5oZsF1r2BP2kgQ=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
;
h=Content-Transfer-Encoding:Content-Type:In-Reply-To:From:References:To:
Subject:MIME-Version:Date:Message-ID:Sender:Reply-To:Cc:Content-ID:
Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
List-Post:List-Owner:List-Archive;
bh=+oOw2ImSOSFIaAxeJeppfl0aWLemECLILunreLvQoLM=; b=lyW11juSzTnBeJuyEn5e3n4Bzj
x+irGkj/pfQdIqWC+HySToHs1zB9n8ua7hdMY+sZbHrJpSaeOJ6/W9C3POsdgerHHauB8Ke1X7IiI
DCcStDIr9HwWucxK4oWFdHXvjr+df3hw90rqDmzzu9Yg1Urm7jUky4592B4C7zj21QQU=;
Received: from mout.gmx.net ([212.227.15.18])
by sfi-mx-2.v28.lw.sourceforge.com with esmtps
(TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95)
id 1tNA7h-0005OM-5l for openvpn-devel@lists.sourceforge.net;
Mon, 16 Dec 2024 12:22:54 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmx.de;
s=s31663417; t=1734351761; x=1734956561; i=corubba@gmx.de;
bh=+oOw2ImSOSFIaAxeJeppfl0aWLemECLILunreLvQoLM=;
h=X-UI-Sender-Class:Message-ID:Date:MIME-Version:Subject:To:
References:From:In-Reply-To:Content-Type:
Content-Transfer-Encoding:cc:content-transfer-encoding:
content-type:date:from:message-id:mime-version:reply-to:subject:
to;
b=bhk5yVAu0XL4k1EUopM3VZdIYthjN4VJJnwVRxbAK52daDCjEdBCDPAuSgs0K4Lv
08CIZ+F39EV3nGKtkr+hF/F6z9+/P/9o1yYgyudVzVauXGZj1VfmZoam6Dfn2mEVu
XaHuhB0HpyZe/v3AQ9D+ZuyfJJkWKUEW7vn6kJuEWgU7AcEkTMFrmy4HAiZO6pRUF
0GLKdITxH9t6gC90mZb9fuVPAyRYYZ/iP+Q/N0oZCsErev8RWhZqypQqedJ52GdMq
78V/z5YfDexXJS0SZPWHb8sgslNgmVRhs4xKu1D0L7+Yvbxsa0QwMWgfgztiVNIbk
uJwGKXioW3v/DtPeog==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from [192.168.44.3] ([83.135.91.229]) by mail.gmx.net (mrgmx005
[212.227.17.190]) with ESMTPSA (Nemesis) id 1N8GQs-1taaJ71Wxk-00rTar for
<openvpn-devel@lists.sourceforge.net>; Mon, 16 Dec 2024 13:22:41 +0100
Message-ID: <b16cab79-188f-41a3-af32-f944a387400f@gmx.de>
Date: Mon, 16 Dec 2024 13:22:38 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: openvpn-devel@lists.sourceforge.net
References: <7e42399c-3a94-40a2-bcaa-15545c3b761c@gmx.de>
<6a00da72-dc11-409e-9d47-4694e1d6f02f@gmx.de>
<a986633d-69d7-4bd1-b288-2f0de53b106e@unstable.cc>
Content-Language: de-CH
In-Reply-To: <a986633d-69d7-4bd1-b288-2f0de53b106e@unstable.cc>
X-Provags-ID: V03:K1:vPEEjTN6qoGpDthAkB4nazzvdcq4EVfOL07TviNsK+EuyhocdJR
NUwhqkRbHtcQTvenluWwaHQ4zxd2VRRzjA2gpKNoti7dkgXtzOJCQ0idD3+vEwSQlKuB59J
2kzoOUjD+NVJMU5MViW+Gq69i212OkzXpdiHf7c40xvRjylom3hW+rpD2OsKTFj9Ksp9l8m
To5VNsZO3e3Lj0CAONmLg==
X-Spam-Flag: NO
UI-OutboundReport: notjunk:1;M01:P0:WtXevEflkVM=;2cU8obtMo7eU3vTZZOW0X/JYdwf
A/ADvb7BktjO2eBg6gr30+irKKCCgKLMthSIrXOAf37kTyDVAMGD59ezMJJaTBkZwkUbabM4u
mEe5wMtByLkBY+IE3RSeXV81EZXD4ll/gv7PK6H3ZJnxY1GQXmA4i/pCJTjM+lpig/14YFh60
ZcsmzynwypFfj8a/HGGNQhN1Sl5/IJG4z46q0HfjPFUiAzEHs2xI3xHN7Yfq0SRslYyd8ZKz3
f8uG2flhBFP/b/0k8eytqq3LEsySgYEQ9m71GRb/B6kI+pwshP5Q+kGrqMjWymL5xnNXHF4Nm
ZsFRWiFkQmfZJ+Cvw1byRHwmOv5SMhZpWTHuxq87jpxVbR7XgxDrKD1smIdXO2pY2EMARm3Q8
hgNcMVGT96uepuH9BnPTSe806O4niDbnuyUN1/wXxhJVzPEBNV+pVnHYp2oal51WfmAO3KSv5
rUmWOAK2TxTrrsEK3IXQqD/VCmTDyPLierXN3sjoN2FINbk025Cf4/3MOROQ6WSNeENHN4A2e
I4oKHMighu1U/poGIfQDR/kMnem84tpuNU9X22HWEmjHRJ5da63Kd8bsY0ZqbyH2l3W/Ntqse
/IaUb06pFH2/QqEDgzvShPbF/IJEl66mbsouuFnIAhphQF/2crG24GgcuOfz6AyhnClwDYg3z
gj93w5qUsBLLW/lEvj8AaB/GYatEhOEnpitPxNQff8zvxuOJKJlYL0xPKajXWw7ID60tEfyXj
5xB0FBHkfWa1dT0RD8vNb74XK4Zc+VXSCEpziM2hA/K1awdoQu1ST7/WYqxtTiBRDn3NrH8V0
Qmo/HCBgCbTTy5nn8dg0Kl/LVg2+zoEXTc0ldZnlHNlTAPW+5f3DeZgTBKYelJbT52SKYcs6H
0gVw/0BT3tsvk4AkmWkeTWArBpgSC9lSDJ+dnh+oR76lsSq6r3xDZikw8KXTohykL6/py3C5Z
wyDxhxiDSHZ3n/VGqOcUDGKLzEtocuHLLwUQs+Sx2tNrhdCKOVhPVUXgPpND9XKuOoJDZWZlY
P5l3AWzrIw6ZGB8XWu+0FkymfPGH3prlgAPxfPUM7jcWa088YEtSG3ZW7rJ26mlcyA5lRL0Tx
9Klv6/WocsOjdT5VMqfX1m5dChgwsM
X-Spam-Score: -0.9 (/)
X-Spam-Report: Spam detection software,
running on the system "util-spamd-1.v13.lw.sourceforge.com",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Before passing IPv4-mapped IPv6 addresses to the proxy
journal,
translate them to plain IPv4 addresses. Whether the connection was accepted
by OpenVPN on a "dual stack" socket is of no importance to t [...]
Content analysis details: (-0.9 points, 6.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE:
The query to Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[212.227.15.18 listed in sa-accredit.habeas.com]
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
query to Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[212.227.15.18 listed in bl.score.senderscore.com]
-0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/,
low trust [212.227.15.18 listed in list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider [corubba[at]gmx.de]
0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[212.227.15.18 listed in wl.mailspike.net]
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily
valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
X-Headers-End: 1tNA7h-0005OM-5l
Subject: [Openvpn-devel] [PATCH v2 1/2] port-share: Normalize IPv4-mapped
IPv6 addresses
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive:
<http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
From: corubba via Openvpn-devel <openvpn-devel@lists.sourceforge.net>
Reply-To: corubba <corubba@gmx.de>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1818459789447854206?=
X-GMAIL-MSGID: =?utf-8?q?1818599655231478933?=
|
| Series |
[Openvpn-devel,v2,1/2] port-share: Normalize IPv4-mapped IPv6 addresses
|
expand
|
diff --git a/src/openvpn/ps.c b/src/openvpn/ps.c index 06bf91a8..36ea63b8 100644 --- a/src/openvpn/ps.c +++ b/src/openvpn/ps.c @@ -330,6 +330,22 @@ proxy_list_housekeeping(struct proxy_connection **list) } } +/* + * In-place transformation of an openvpn_sockaddr with an IPv4-mapped IPv6 + * address to one with a plain IPv4 address. No-op otherwise. + */ +static void +transform_mapped_v4_sockaddr(struct openvpn_sockaddr *sock) +{ + if (sock->addr.sa.sa_family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(&sock->addr.in6.sin6_addr)) + { + sock->addr.in4.sin_family = AF_INET; + /* sin_port and sin6_port are the same already */ + memcpy(&sock->addr.in4.sin_addr, &sock->addr.in6.sin6_addr.s6_addr[12], 4); + memset(&sock->addr.in4 + 1, 0, sizeof(sock->addr) - sizeof(sock->addr.in4)); + } +} + /* * Record IP/port of client in filesystem, so that server receiving * the proxy can determine true client origin. @@ -349,6 +365,8 @@ journal_add(const char *journal_dir, struct proxy_connection *pc, struct proxy_c if (!getpeername(pc->sd, (struct sockaddr *) &from.addr.sa, &slen) && !getsockname(cp->sd, (struct sockaddr *) &to.addr.sa, &dlen)) { + transform_mapped_v4_sockaddr(&from); + transform_mapped_v4_sockaddr(&to); const char *f = print_openvpn_sockaddr(&from, &gc); const char *t = print_openvpn_sockaddr(&to, &gc); fnlen = strlen(journal_dir) + strlen(t) + 2;
Before passing IPv4-mapped IPv6 addresses to the proxy journal, translate them to plain IPv4 addresses. Whether the connection was accepted by OpenVPN on a "dual stack" socket is of no importance to the proxy receiver. Signed-off-by: Corubba Smith <corubba@gmx.de> --- src/openvpn/ps.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) -- 2.47.1