From patchwork Wed Jan 17 02:49:09 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 196 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director4.mail.ord1d.rsapps.net ([172.30.191.6]) by backend31.mail.ord1d.rsapps.net (Dovecot) with LMTP id 1HGNBoxUX1q2TgAAgoeIoA for ; Wed, 17 Jan 2018 08:50:04 -0500 Received: from proxy13.mail.ord1d.rsapps.net ([172.30.191.6]) by director4.mail.ord1d.rsapps.net (Dovecot) with LMTP id EztzD4xUX1oDQQAAHDmxtw ; Wed, 17 Jan 2018 08:50:04 -0500 Received: from smtp31.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy13.mail.ord1d.rsapps.net (Dovecot) with LMTP id ufU+BIxUX1p+YwAAgjf6aA ; Wed, 17 Jan 2018 08:50:04 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.34.181.88] Authentication-Results: smtp31.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.34.181.88"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Classification-ID: 51133472-fb8d-11e7-9209-525400b3ac8c-1-1 Received: from [216.34.181.88] ([216.34.181.88:48530] helo=lists.sourceforge.net) by smtp31.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id C1/C5-13117-A845F5A5; Wed, 17 Jan 2018 08:50:02 -0500 Received: from localhost ([127.0.0.1] helo=sfs-ml-3.v29.ch3.sourceforge.com) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.89) (envelope-from ) id 1ebo5e-0002X2-Ne; Wed, 17 Jan 2018 13:49:18 +0000 Received: from sfi-mx-2.v28.ch3.sourceforge.com ([172.29.28.192] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from ) id 1ebo5d-0002Wv-Ek for openvpn-devel@lists.sourceforge.net; Wed, 17 Jan 2018 13:49:17 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:To: From:Sender:Reply-To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=VxsUdCNXSp42JFfO3WY+wt0wxJBpjvXwVk+fZtRasDw=; b=Fb1CW35ecnX/T0tcYfM0JZ3eTw MVFD/IuAIQ2GT8vyvSYL/u3M6nIo2KHaXRzrxurxoZUbZAODG7maryL9OSRRd38a47PglPDHDidud MJCSZMVZmvyVCXgA5M3VhT0tsI1UN+rxnZtw50OLfPne8ie39W4/FjbA7b7Mksn7sc9g=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=VxsUdCNXSp42JFfO3WY+wt0wxJBpjvXwVk+fZtRasDw=; b=GR6NPDO+OlLagdqE0mAws6fR23 0zDTGU1FfARu4DeQg/g7E8qOKCHp8xKhNb1mPG90b/PIkogIkIomya7cdrnasxx8kniOFCxnL3Wm3 Kjx3nQzwH8Ya7EYk41fWntyTZzMlPfYzruUHyJvBoBOqXho3CNTzLDP5JIfd8BumcRpM=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.ch3.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) id 1ebo5c-0004tt-0Y for openvpn-devel@lists.sourceforge.net; Wed, 17 Jan 2018 13:49:17 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.89 (FreeBSD)) (envelope-from ) id 1ebo5V-000I3g-RB for openvpn-devel@lists.sourceforge.net; Wed, 17 Jan 2018 14:49:09 +0100 Received: (nullmailer pid 29793 invoked by uid 10006); Wed, 17 Jan 2018 13:49:09 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Wed, 17 Jan 2018 14:49:09 +0100 Message-Id: <1516196949-29752-1-git-send-email-arne@rfc2549.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1516191454-29034-1-git-send-email-arne@rfc2549.org> References: <1516191454-29034-1-git-send-email-arne@rfc2549.org> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain X-Headers-End: 1ebo5c-0004tt-0Y Subject: [Openvpn-devel] [PATCH v2] Treat dhcp-option DNS6 and DNS identical X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox OpenVPN3 accepts both IPv4 and IPv6 with option-dhcp DNS but throws an error for option-dhcp DNS6. This patch makes OpenVPN2 accept IPv4/IPv6 for both DNS and DNS6 Patch V2: Put IPv6 parsing logic into own function similar as for for IPv4 DNS --- doc/openvpn.8 | 8 ++------ src/openvpn/options.c | 38 ++++++++++++++++++++++++-------------- 2 files changed, 26 insertions(+), 20 deletions(-) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index 43bbc217..f9ccbb30 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -5886,14 +5886,10 @@ across the VPN. Set Connection\-specific DNS Suffix. .B DNS addr \-\- -Set primary domain name server IPv4 address. Repeat +Set primary domain name server IPv4 or IPv6 address. Repeat this option to set secondary DNS server addresses. -.B DNS6 addr \-\- -Set primary domain name server IPv6 address. Repeat -this option to set secondary DNS server IPv6 addresses. - -Note: currently this is handled using netsh (the +Note: DNS IPv6 server are currently handled using netsh (the existing DHCP code can only do IPv4 DHCP, and that protocol only permits IPv4 addresses anywhere). The option will be put into the environment, so an diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 7c6528bc..d67044fc 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -1228,6 +1228,20 @@ show_tuntap_options(const struct tuntap_options *o) #if defined(_WIN32) || defined(TARGET_ANDROID) static void +dhcp_option_dns6_parse(const char *parm, struct in6_addr *dns6_list, int *len, int msglevel) +{ + struct in6_addr addr; + if (*len >= N_DHCP_ADDR) + { + msg(msglevel, "--dhcp-option DNS: maximum of %d IPv6 dns servers can be specified", + N_DHCP_ADDR); + } + else if (get_ipv6_addr(parm, &addr, NULL, msglevel)) + { + dns6_list[(*len)++] = addr; + } +} +static void dhcp_option_address_parse(const char *name, const char *parm, in_addr_t *array, int *len, int msglevel) { if (*len >= N_DHCP_ADDR) @@ -7088,6 +7102,7 @@ add_option(struct options *options, { struct tuntap_options *o = &options->tuntap_options; VERIFY_PERMISSION(OPT_P_IPWIN32); + bool ipv6dns = false; if (streq(p[1], "DOMAIN") && p[2]) { @@ -7108,22 +7123,17 @@ add_option(struct options *options, } o->netbios_node_type = t; } - else if (streq(p[1], "DNS") && p[2]) + else if ((streq(p[1], "DNS") || streq(p[1], "DNS6")) && p[2] && (!strstr(p[2], ":") || ipv6_addr_safe(p[2]))) { - dhcp_option_address_parse("DNS", p[2], o->dns, &o->dns_len, msglevel); - } - else if (streq(p[1], "DNS6") && p[2] && ipv6_addr_safe(p[2])) - { - struct in6_addr addr; - foreign_option(options, p, 3, es); - if (o->dns6_len >= N_DHCP_ADDR) + if (strstr(p[2], ":")) { - msg(msglevel, "--dhcp-option DNS6: maximum of %d dns servers can be specified", - N_DHCP_ADDR); - } - else if (get_ipv6_addr(p[2], &addr, NULL, msglevel)) + ipv6dns=true; + foreign_option(options, p, 3, es); + dhcp_option_dns6_parse(p[2], o->dns6, &o->dns6_len, msglevel); + } + else { - o->dns6[o->dns6_len++] = addr; + dhcp_option_address_parse("DNS", p[2], o->dns, &o->dns_len, msglevel); } } else if (streq(p[1], "WINS") && p[2]) @@ -7151,7 +7161,7 @@ add_option(struct options *options, /* flag that we have options to give to the TAP driver's DHCPv4 server * - skipped for "DNS6", as that's not a DHCPv4 option */ - if (!streq(p[1], "DNS6")) + if (!ipv6dns) { o->dhcp_options = true; }