From patchwork Wed Jan 17 01:17:34 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Arne Schwabe <arne@rfc2549.org>
X-Patchwork-Id: 192
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director1.mail.ord1d.rsapps.net ([172.30.191.6])
	by backend31.mail.ord1d.rsapps.net (Dovecot) with LMTP id
 lLZHAVA/X1paKwAAgoeIoA
	for <patchwork@openvpn.net>; Wed, 17 Jan 2018 07:19:28 -0500
Received: from proxy12.mail.ord1d.rsapps.net ([172.30.191.6])
	by director1.mail.ord1d.rsapps.net (Dovecot) with LMTP id
 s4/nGVA/X1rnLAAANGzteQ
	; Wed, 17 Jan 2018 07:19:28 -0500
Received: from smtp25.gate.ord1c ([172.30.191.6])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy12.mail.ord1d.rsapps.net (Dovecot) with LMTP id
 I/gTBlA/X1rkHwAA7PHxkg
	; Wed, 17 Jan 2018 07:19:28 -0500
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: openvpnslackdevel@openvpn.net
X-Originating-Ip: [216.34.181.88]
Authentication-Results: smtp25.gate.ord1c.rsapps.net;
 iprev=pass policy.iprev="216.34.181.88";
 spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net"
 smtp.helo="lists.sourceforge.net";
 dkim=fail (signature verification failed) header.d=sourceforge.net;
 dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil;
 dis=none) header.from=rfc2549.org
X-Classification-ID: a920faa8-fb80-11e7-b73c-0026b952bd60-1-1
Received: from [216.34.181.88] ([216.34.181.88:55441]
 helo=lists.sourceforge.net)
	by smtp25.gate.ord1c.rsapps.net (envelope-from
 <openvpn-devel-bounces@lists.sourceforge.net>)
	(ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS
 (cipher=DHE-RSA-AES256-GCM-SHA384)
	id 2B/97-21726-F4F3F5A5; Wed, 17 Jan 2018 07:19:27 -0500
Received: from localhost ([127.0.0.1] helo=sfs-ml-3.v29.ch3.sourceforge.com)
	by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.89)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1ebmf3-0000aD-4t; Wed, 17 Jan 2018 12:17:45 +0000
Received: from sfi-mx-2.v28.ch3.sourceforge.com ([172.29.28.192]
 helo=mx.sourceforge.net)
 by sfs-ml-3.v29.ch3.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89)
 (envelope-from <arne@kamera.blinkt.de>) id 1ebmf1-0000a5-AK
 for openvpn-devel@lists.sourceforge.net; Wed, 17 Jan 2018 12:17:43 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:
 MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=wgGGSyoWbtoUFAbcTfzPkTf6gxuKLA8uCJ/haedlSE8=; b=Q79cdMmnteKo+NQxuzPJpJ1rwC
 aKQMDJ4DYFVHrpmc4OeUBsE8H+4PQcNIbNyZDfo8Xs7wl0tt3eJI6HIWr8gugZjVLvEpr7DaZd8cx
 U40QnGGiTh4FsB2Tuv2yVTcLx6Uj5BuDwBlpxaMGKIVObZvC3irDeCQqcW13NzvkmSyk=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:MIME-Version:
 Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:
 Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
 In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=wgGGSyoWbtoUFAbcTfzPkTf6gxuKLA8uCJ/haedlSE8=; b=chT2ZJS44O+7P1+CAa3Lm+pEIU
 0XMmzJymsvYTkIh85A1pUv8h6sVb4HiRL5xSV0Uld37aER/sjN0Wl8quWc0ikvM1MEIc36GD+4mZh
 kziztsM53n+fdKHeQ3R9s9kJL8HpQNkYJ8HRUsJsIA/XuZfLA1MrpKj65HivD65WiIuc=;
Received: from mail.blinkt.de ([192.26.174.232])
 by sfi-mx-2.v28.ch3.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89)
 id 1ebmey-0001ZI-CC
 for openvpn-devel@lists.sourceforge.net; Wed, 17 Jan 2018 12:17:43 +0000
Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c])
 by mail.blinkt.de with smtp (Exim 4.89 (FreeBSD))
 (envelope-from <arne@kamera.blinkt.de>) id 1ebmes-000Hq8-71
 for openvpn-devel@lists.sourceforge.net; Wed, 17 Jan 2018 13:17:34 +0100
Received: (nullmailer pid 29075 invoked by uid 10006);
 Wed, 17 Jan 2018 12:17:34 -0000
From: Arne Schwabe <arne@rfc2549.org>
To: openvpn-devel@lists.sourceforge.net
Date: Wed, 17 Jan 2018 13:17:34 +0100
Message-Id: <1516191454-29034-1-git-send-email-arne@rfc2549.org>
X-Mailer: git-send-email 2.7.4
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
 See http://spamassassin.org/tag/ for more details.
 -0.0 T_RP_MATCHES_RCVD      Envelope sender domain matches handover relay
 domain
X-Headers-End: 1ebmey-0001ZI-CC
Subject: [Openvpn-devel] [PATCH] Treat dhcp-option DNS6 and DNS identical
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
MIME-Version: 1.0
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox

OpenVPN3 accepts both IPv4 and IPv6 with option-dhcp DNS but throws
an error for option-dhcp DNS6.

This patch makes OpenVPN2 accept IPv4/IPv6 for both DNS and DNS6
---
 doc/openvpn.8         |  8 ++------
 src/openvpn/options.c | 33 ++++++++++++++++++---------------
 2 files changed, 20 insertions(+), 21 deletions(-)

diff --git a/doc/openvpn.8 b/doc/openvpn.8
index 43bbc217..f9ccbb30 100644
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -5886,14 +5886,10 @@ across the VPN.
 Set Connection\-specific DNS Suffix.
 
 .B DNS addr \-\-
-Set primary domain name server IPv4 address.  Repeat
+Set primary domain name server IPv4 or IPv6 address.  Repeat
 this option to set secondary DNS server addresses.
 
-.B DNS6 addr \-\-
-Set primary domain name server IPv6 address.  Repeat
-this option to set secondary DNS server IPv6 addresses.
-
-Note: currently this is handled using netsh (the
+Note: DNS IPv6 server are currently handled using netsh (the
 existing DHCP code can only do IPv4 DHCP, and that protocol only
 permits IPv4 addresses anywhere).  The option will be put into the
 environment, so an
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 7c6528bc..48e6dbf6 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -7088,6 +7088,7 @@ add_option(struct options *options,
     {
         struct tuntap_options *o = &options->tuntap_options;
         VERIFY_PERMISSION(OPT_P_IPWIN32);
+        bool ipv6dns = false;
 
         if (streq(p[1], "DOMAIN") && p[2])
         {
@@ -7108,22 +7109,24 @@ add_option(struct options *options,
             }
             o->netbios_node_type = t;
         }
-        else if (streq(p[1], "DNS") && p[2])
+        else if ((streq(p[1], "DNS") || streq(p[1], "DNS6")) && p[2] && (!strstr(p[2], ":") || ipv6_addr_safe(p[2])))
         {
-            dhcp_option_address_parse("DNS", p[2], o->dns, &o->dns_len, msglevel);
-        }
-        else if (streq(p[1], "DNS6") && p[2] && ipv6_addr_safe(p[2]))
-        {
-            struct in6_addr addr;
-            foreign_option(options, p, 3, es);
-            if (o->dns6_len >= N_DHCP_ADDR)
-            {
-                msg(msglevel, "--dhcp-option DNS6: maximum of %d dns servers can be specified",
-                    N_DHCP_ADDR);
-            }
-            else if (get_ipv6_addr(p[2], &addr, NULL, msglevel))
+            if (strstr(p[2], ":"))
             {
-                o->dns6[o->dns6_len++] = addr;
+                ipv6dns=true;
+                struct in6_addr addr;
+                foreign_option(options, p, 3, es);
+                if (o->dns6_len >= N_DHCP_ADDR)
+                {
+                    msg(msglevel, "--dhcp-option DNS: maximum of %d IPv6 dns servers can be specified",
+                        N_DHCP_ADDR);
+                }
+                else if (get_ipv6_addr(p[2], &addr, NULL, msglevel))
+                {
+                    o->dns6[o->dns6_len++] = addr;
+                }
+            } else {
+                dhcp_option_address_parse("DNS", p[2], o->dns, &o->dns_len, msglevel);
             }
         }
         else if (streq(p[1], "WINS") && p[2])
@@ -7151,7 +7154,7 @@ add_option(struct options *options,
         /* flag that we have options to give to the TAP driver's DHCPv4 server
          *  - skipped for "DNS6", as that's not a DHCPv4 option
          */
-        if (!streq(p[1], "DNS6"))
+        if (!ipv6dns)
         {
             o->dhcp_options = true;
         }