From patchwork Mon Aug 15 12:39:41 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 2680 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director11.mail.ord1d.rsapps.net ([172.27.255.7]) by backend30.mail.ord1d.rsapps.net with LMTP id kBiSEH7L+mJ8PAAAIUCqbw (envelope-from ) for ; Mon, 15 Aug 2022 18:41:02 -0400 Received: from proxy11.mail.iad3a.rsapps.net ([172.27.255.7]) by director11.mail.ord1d.rsapps.net with LMTP id KJM0EH7L+mLaRQAAvGGmqA (envelope-from ) for ; Mon, 15 Aug 2022 18:41:02 -0400 Received: from smtp37.gate.iad3a ([172.27.255.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy11.mail.iad3a.rsapps.net with LMTPS id UFuCCX7L+mKvGgAAxCvdqw (envelope-from ) for ; Mon, 15 Aug 2022 18:41:02 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp37.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=unstable.cc; dmarc=fail (p=none; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: 566cc828-1ceb-11ed-8c84-525400dc5f6a-1-1 Received: from [216.105.38.7] ([216.105.38.7:34160] helo=lists.sourceforge.net) by smtp37.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id D6/8B-21623-D7BCAF26; Mon, 15 Aug 2022 18:41:01 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1oNika-0006fm-Hc; Mon, 15 Aug 2022 22:40:00 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1oNikZ-0006fg-9r for openvpn-devel@lists.sourceforge.net; Mon, 15 Aug 2022 22:39:59 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=vXxnrEC0P+NnJKhA2vtKjmj4Ge974ygfMNKEr1hlS0I=; b=dtWU9cFftVunRMCyXEq2/MbTLf JChT+EBbSOvUX5kwTMsbAm8OgCoqbyWyaSI7y74sXTKlbW7ukG8xOPEykzAiaWkPVEbDJouQrWIcX 6H/nZ74X+WX/IE8CkZaRldD1/L9Z7AMYc3NBEH+kJ7zUJ/4gaGyxu2LnHT1Q4i6AFM14=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=vXxnrEC0P+NnJKhA2vtKjmj4Ge974ygfMNKEr1hlS0I=; b=m fVsgX1o0zdvsQVo0RMFc3W3Y1kSvMDeJfLErhFEz30dg9ggSfQcbqF5a4wiHFJt246EXx4yNrTB5J +z3vQvD59Mn6ewaOlTsWVte67wVefLDqzivLGqwlceGNi3IVPZu8/MZsh7NKE7PWoPU0JFYE5HP6M ruY0i1VmFs9Ao8KU=; Received: from wilbur.contactoffice.com ([212.3.242.68]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1oNikX-003dWh-Fu for openvpn-devel@lists.sourceforge.net; Mon, 15 Aug 2022 22:39:59 +0000 Received: from smtpauth2.co-bxl (smtpauth2.co-bxl [10.2.0.24]) by wilbur.contactoffice.com (Postfix) with ESMTP id D52BF103D; Tue, 16 Aug 2022 00:39:50 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1660603190; s=20220809-q8oc; d=unstable.cc; i=a@unstable.cc; h=From:Cc:Date:Message-Id:MIME-Version:Content-Transfer-Encoding; l=2442; bh=vXxnrEC0P+NnJKhA2vtKjmj4Ge974ygfMNKEr1hlS0I=; b=UeTLGHSTwxGipTXEpZfm78KhNcKWsuTRKA55WO+dB4OhWBRfvGcx3pbrEeCH4K3N GOIBS6IPR6bRzyjx7Q61LpE62KDUF9GTmCN7l+oTkyCelvDlABVR8EMVzG4yX9SkJSv Ed3dT1+OaeJ6xWf7ivFX3fwNO6/rUwxHZgEuWVWyn1SgstKDxNPODoTg1KwlSNOuH8F WoD8ua+dxddjnUay0kjhqe6PFl9RwURB/AZLjn2GseTOtNv+/ojQAELrGMoMwWVUZw+ F41d/1H5qO1qAxKUcjMJR2fRProeNEVr162qrY64hqweibDPWVxo6KJDxr8J93qHR9V kOZ2OB2Ieg== Received: by smtp.mailfence.com with ESMTPSA ; Tue, 16 Aug 2022 00:39:46 +0200 (CEST) From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Tue, 16 Aug 2022 00:39:41 +0200 Message-Id: <20220815223941.26839-1-a@unstable.cc> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 X-Spam-Status: No, hits=-2.9 required=4.7 symbols=ALL_TRUSTED, BAYES_00, T_SCC_BODY_TEXT_LINE device=10.2.0.1 X-ContactOffice-Account: com:375058688 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: When adding a peer to a P2P interface, the VPN IPs are not really used by DCO as there is no routing happening in this mode. For this reason don't pass any VPN IP when adding a new peer in p2p mode. Signed-off-by: Antonio Quartulli --- src/openvpn/dco.c | 51 ++ 1 file changed, 2 insertions(+), 49 deletions(-) Content analysis details: (-0.9 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [212.3.242.68 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain X-Headers-End: 1oNikX-003dWh-Fu Subject: [Openvpn-devel] [PATCH] dco: don't pass VPN IPs to NEW_PEER API in P2P mode X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox When adding a peer to a P2P interface, the VPN IPs are not really used by DCO as there is no routing happening in this mode. For this reason don't pass any VPN IP when adding a new peer in p2p mode. Signed-off-by: Antonio Quartulli Acked-by: Gert Doering --- src/openvpn/dco.c | 51 ++--------------------------------------------- 1 file changed, 2 insertions(+), 49 deletions(-) diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c index 6933a50f..61cf4dd5 100644 --- a/src/openvpn/dco.c +++ b/src/openvpn/dco.c @@ -401,61 +401,14 @@ dco_p2p_add_new_peer(struct context *c) return 0; } - struct tls_multi *multi = c->c2.tls_multi; struct link_socket *ls = c->c2.link_socket; - struct in6_addr remote_ip6 = { 0 }; - struct in_addr remote_ip4 = { 0 }; - - struct in6_addr *remote_addr6 = NULL; - struct in_addr *remote_addr4 = NULL; - - const char *gw = NULL; - ASSERT(ls->info.connection_established); - /* In client mode if a P2P style topology is used we assume the - * remote-gateway is the IP of the peer */ - if (c->options.topology == TOP_NET30 || c->options.topology == TOP_P2P) - { - gw = c->options.ifconfig_remote_netmask; - } - if (c->options.route_default_gateway) - { - gw = c->options.route_default_gateway; - } - - /* These inet_pton conversion are fatal since options.c already implements - * checks to have only valid addresses when setting the options */ - if (c->options.ifconfig_ipv6_remote) - { - if (inet_pton(AF_INET6, c->options.ifconfig_ipv6_remote, &remote_ip6) != 1) - { - msg(M_FATAL, - "DCO peer init: problem converting IPv6 ifconfig remote address %s to binary", - c->options.ifconfig_ipv6_remote); - } - remote_addr6 = &remote_ip6; - } - - if (gw) - { - if (inet_pton(AF_INET, gw, &remote_ip4) != 1) - { - msg(M_FATAL, "DCO peer init: problem converting IPv4 ifconfig gateway address %s to binary", gw); - } - remote_addr4 = &remote_ip4; - } - else if (c->options.ifconfig_local) - { - msg(M_INFO, "DCO peer init: Need a peer VPN addresss to setup IPv4 (set --route-gateway)"); - } - struct sockaddr *remoteaddr = &ls->info.lsa->actual.dest.addr.sa; - + struct tls_multi *multi = c->c2.tls_multi; int ret = dco_new_peer(&c->c1.tuntap->dco, multi->peer_id, - c->c2.link_socket->sd, NULL, remoteaddr, - remote_addr4, remote_addr6); + c->c2.link_socket->sd, NULL, remoteaddr, NULL, NULL); if (ret < 0) { return ret;