From patchwork Tue Feb 7 14:54:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lev Stipakov X-Patchwork-Id: 3057 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp4015126dyk; Tue, 7 Feb 2023 06:55:34 -0800 (PST) X-Google-Smtp-Source: AK7set+BmnGyHMWA/ineqOQ/z/Aw59N7MNg6smcb8OEo9ShIXT3S7rLPcHhYi1fkKvLPcUiU/9fq X-Received: by 2002:a17:902:ecd1:b0:198:f45c:8558 with SMTP id a17-20020a170902ecd100b00198f45c8558mr3201443plh.48.1675781734708; Tue, 07 Feb 2023 06:55:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1675781734; cv=none; d=google.com; s=arc-20160816; b=G5AH/ooGBJbjfoKAWSfdBuS0n1O5qjuDmT3/ZOMn1kGHNTKJFNSctaNn0j09yTylPl WflfA42TAz9HUNrYx4pF6SCkl3UGGcacZ6WZZ3L193ZiJmR+rL+3l+SG6hx5Dx/+IEBo 7ATya4lJBGCD32g/igGDornbn9TIj2x353HQuiwptExvGbVOvCjjMmFf3Yu7oG9xsBVg g+j1FCkADsPO6QeKuyzG4ZnGiyd07Db57XUAlaDNEcOaZCPB+EIjhFJuOVDdqF/0694N lCbUwbtuvqCCwYGMOrAQ3kUtPbQkn8+gEW+IKW6cM5geEmfD9v4z5zi4awwlCbI+apBt 4jTw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=vDpiICIbNqfNbYe7RjPsWo2hqVg7fe2QabrkuOb+HZQ=; b=hvpdc4RHHJU88ekgfG/NWzFp6ExAaVk57ysMNWfv1tdzYbXQ98wVqwzJSv6K5BWefr hiaXOwnV4DPP3p+ZbH77Gw4LbpvmnlLDSOc3WLWnR8DCZ6IWBJXCPCBixUOgO56yinqH HMO9m7ZCy0JDEyPjNMduSSiWHbZbegmIKK5AN+5GKyfv1cEWQ+p8XBepW4LHhPPzAuvX eW7qpqLVTXLCtJh6wu0wI3tTnO5osovt6Sg0aXWsmIuLORefdqRHU0KK8z87sHzYnig7 96TF1+GMFdeXHQ4NCP2FkWxItJhmaLHPtCl3fwsRnw+MU1JkkD46LTCjd9I69nVuBY7x 1pWA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=Zu9TqsyC; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=gVQbRiEt; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=cX5OLRXY; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id z5-20020a170902ccc500b00192642943f3si14935942ple.281.2023.02.07.06.55.33 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 07 Feb 2023 06:55:34 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=Zu9TqsyC; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=gVQbRiEt; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=cX5OLRXY; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pPPMn-0004Ln-J8; Tue, 07 Feb 2023 14:54:40 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pPPMl-0004LV-CG for openvpn-devel@lists.sourceforge.net; Tue, 07 Feb 2023 14:54:38 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=QC4kaRWfCX+BAa74t6ifGlG002Ul041Nq35U2U2DvaM=; b=Zu9TqsyC4K89VIQvBksGU6glJ8 rYoMCXGjOZDFoDenNFbu1IV5m6Io8YfIFWDAjXukOchOxYMABaHcSWLCS0gIng7DJmzbreiViMwTP u9vDlXnRJSkWoVPKx/vZq8bZ+vD49GTCzVBGPglzWngoe6OCMADTBPtJOUAjzSp9kXqU=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=QC4kaRWfCX+BAa74t6ifGlG002Ul041Nq35U2U2DvaM=; b=gVQbRiEt/y9tYWnCOsDmqi57Zk 1PY6kSpuQ1Ogwe74WCKwuH/lERInxZBa9yT3a0gKLMitPmZPmNC0cu4DzB4JAHdoo9desQQX/kGmX LZjE74RJyDsVmKSL8uUcsARUywQoay0yHarmrg1jVxH/iTJaWMzeeXts/A5VZR72XOEo=; Received: from mail-lf1-f42.google.com ([209.85.167.42]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1pPPMh-00Dij9-5s for openvpn-devel@lists.sourceforge.net; Tue, 07 Feb 2023 14:54:38 +0000 Received: by mail-lf1-f42.google.com with SMTP id v17so22661781lfd.7 for ; Tue, 07 Feb 2023 06:54:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=QC4kaRWfCX+BAa74t6ifGlG002Ul041Nq35U2U2DvaM=; b=cX5OLRXYeB/nsLmlsYyLgbW4zydpbGfQIBxzsMCXYHGHKE6IGZoHwCqqPquxZ0WubE gDvs7esibgUjrFdTL1XUSww0/8Xsc0e1UN1+8RyVoidvhoLQXXdbJQWxmuBzT6kmXG4N 8GhBJJIuv9zfi+UtdfQDPuUTWozcRaCQtB0yS1JUD+wRxiRhNPJsW0odJ4+NFDEVo2BD ZdCdZZC1Qx8yqbjyhYDCy/BoH2tGJ+umImyq0PYxImtmlId3n+qEzFAhDdQDXt+63KoO +3sHU6s0fmgMzpcdZbz7c63/fsENBTfGYtT1IheMnmUI5gmVy3tM+0WY3bl/2Tg6PN45 OThw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=QC4kaRWfCX+BAa74t6ifGlG002Ul041Nq35U2U2DvaM=; b=BJOFtCzkwMtTdMtL4K7RDwdq7yg+DaaYMCgb1yAyWz39RRrzA/srwIIzeDEXZvslhC mn+Z8RjS5+LTiZVSUD0tuLNM/VW1e9s/pE2bSvUkv4KsjkBbKzGhGsOfIor0iKem5QuO +iLyR5vwYM+gnZrTHOne2CdrB1hak6rwTk7LWIUjFVCrgRwiNeA6E2sBTqmRZ4vnyfRZ iRk8uaGErdwNhN5WnEGCYSdjRtGFXnv4ygBV84duOBBlZsw/xfwiSpgOU5CN0yEn+0jM gJiPF6AkDj0hOOl5Fb8jSzhOv0TDAFdGh4lpc1uyy4zbwL1bCHOrMq49XvnIc15/k8cy wkKQ== X-Gm-Message-State: AO0yUKUtX2kEhvfkKPxgeoE5csayz6eE+GIbM2eH1cOdhCt9eMNiluF+ cJ+rXOF+kxB1tib6iNG7r3/EXr95QSY= X-Received: by 2002:a05:6512:404:b0:4b5:9043:2530 with SMTP id u4-20020a056512040400b004b590432530mr896025lfk.68.1675781668076; Tue, 07 Feb 2023 06:54:28 -0800 (PST) Received: from localhost.localdomain (dc7vc8yhyj21wbrmw-yhy-3.rev.dnainternet.fi. [2001:14ba:16e2:2e00:c03d:ab20:b952:f80c]) by smtp.gmail.com with ESMTPSA id y6-20020a0565123f0600b004cc94ce2cb4sm1038503lfa.233.2023.02.07.06.54.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 07 Feb 2023 06:54:27 -0800 (PST) From: Lev Stipakov To: openvpn-devel@lists.sourceforge.net Date: Tue, 7 Feb 2023 16:54:16 +0200 Message-Id: <20230207145416.1415-1-lstipakov@gmail.com> X-Mailer: git-send-email 2.23.0.windows.1 In-Reply-To: <2dfb7d11-1948-025b-f548-79c3ef1ca04e@unstable.cc> References: <2dfb7d11-1948-025b-f548-79c3ef1ca04e@unstable.cc> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Lev Stipakov Followin DHCP options: DOMAIN, ADAPTER_DOMAIN_SUFFIX, DNS, WINS Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [lstipakov[at]gmail.com] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.167.42 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.167.42 listed in wl.mailspike.net] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1pPPMh-00Dij9-5s Subject: [Openvpn-devel] [PATCH v3 release/2.6] Allow certain DHCP options to be used without DHCP server X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Lev Stipakov Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1757161817261485985?= X-GMAIL-MSGID: =?utf-8?q?1757184507992671110?= From: Lev Stipakov Followin DHCP options: DOMAIN, ADAPTER_DOMAIN_SUFFIX, DNS, WINS don't require DHCP server in order to be used. This change allows those options to be used with dco and wintun drivers. If an option specified which requires DHCP server and tap-windows6 driver is not used, print a clear error message instead of obscure reference to --ip-win32. Reported-by: Marek Zarychta Signed-off-by: Lev Stipakov Acked-by: Antonio Quartulli --- v3: replace SHOW_INT with SHOW_UNSIGNED v2: replace enum with defines, which are more suitable as bit flags src/openvpn/options.c | 39 +++++++++++++++++++++++---------------- src/openvpn/tun.h | 6 +++++- 2 files changed, 28 insertions(+), 17 deletions(-) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 6ae3faf8..8cbffc5c 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -1290,7 +1290,7 @@ show_tuntap_options(const struct tuntap_options *o) SHOW_INT(dhcp_masq_offset); SHOW_INT(dhcp_lease_time); SHOW_INT(tap_sleep); - SHOW_BOOL(dhcp_options); + SHOW_UNSIGNED(dhcp_options); SHOW_BOOL(dhcp_renew); SHOW_BOOL(dhcp_pre_release); SHOW_STR(domain); @@ -2478,12 +2478,20 @@ options_postprocess_verify_ce(const struct options *options, msg(M_USAGE, "On Windows, --ip-win32 doesn't make sense unless --ifconfig is also used"); } - if (options->tuntap_options.dhcp_options - && options->windows_driver != WINDOWS_DRIVER_WINTUN - && options->tuntap_options.ip_win32_type != IPW32_SET_DHCP_MASQ - && options->tuntap_options.ip_win32_type != IPW32_SET_ADAPTIVE) + if (options->tuntap_options.dhcp_options & DHCP_OPTIONS_DHCP_REQUIRED) { - msg(M_USAGE, "--dhcp-option requires --ip-win32 dynamic or adaptive"); + const char *prefix = "Some dhcp-options require DHCP server"; + if (options->windows_driver != WINDOWS_DRIVER_TAP_WINDOWS6) + { + msg(M_USAGE, "%s, which is not supported by selected %s driver", + prefix, print_windows_driver(options->windows_driver)); + } + else if (options->tuntap_options.ip_win32_type != IPW32_SET_DHCP_MASQ + && options->tuntap_options.ip_win32_type != IPW32_SET_ADAPTIVE) + { + msg(M_USAGE, "%s, which requires --ip-win32 dynamic or adaptive", + prefix); + } } if (options->windows_driver == WINDOWS_DRIVER_WINTUN && dev != DEV_TYPE_TUN) @@ -8083,16 +8091,17 @@ add_option(struct options *options, { struct tuntap_options *o = &options->tuntap_options; VERIFY_PERMISSION(OPT_P_DHCPDNS); - bool ipv6dns = false; if ((streq(p[1], "DOMAIN") || streq(p[1], "ADAPTER_DOMAIN_SUFFIX")) && p[2] && !p[3]) { o->domain = p[2]; + o->dhcp_options |= DHCP_OPTIONS_DHCP_OPTIONAL; } else if (streq(p[1], "NBS") && p[2] && !p[3]) { o->netbios_scope = p[2]; + o->dhcp_options |= DHCP_OPTIONS_DHCP_REQUIRED; } else if (streq(p[1], "NBT") && p[2] && !p[3]) { @@ -8104,31 +8113,35 @@ add_option(struct options *options, goto err; } o->netbios_node_type = t; + o->dhcp_options |= DHCP_OPTIONS_DHCP_REQUIRED; } else if ((streq(p[1], "DNS") || streq(p[1], "DNS6")) && p[2] && !p[3] && (!strstr(p[2], ":") || ipv6_addr_safe(p[2]))) { if (strstr(p[2], ":")) { - ipv6dns = true; dhcp_option_dns6_parse(p[2], o->dns6, &o->dns6_len, msglevel); } else { dhcp_option_address_parse("DNS", p[2], o->dns, &o->dns_len, msglevel); + o->dhcp_options |= DHCP_OPTIONS_DHCP_OPTIONAL; } } else if (streq(p[1], "WINS") && p[2] && !p[3]) { dhcp_option_address_parse("WINS", p[2], o->wins, &o->wins_len, msglevel); + o->dhcp_options |= DHCP_OPTIONS_DHCP_OPTIONAL; } else if (streq(p[1], "NTP") && p[2] && !p[3]) { dhcp_option_address_parse("NTP", p[2], o->ntp, &o->ntp_len, msglevel); + o->dhcp_options |= DHCP_OPTIONS_DHCP_REQUIRED; } else if (streq(p[1], "NBDD") && p[2] && !p[3]) { dhcp_option_address_parse("NBDD", p[2], o->nbdd, &o->nbdd_len, msglevel); + o->dhcp_options |= DHCP_OPTIONS_DHCP_REQUIRED; } else if (streq(p[1], "DOMAIN-SEARCH") && p[2] && !p[3]) { @@ -8141,10 +8154,12 @@ add_option(struct options *options, msg(msglevel, "--dhcp-option %s: maximum of %d search entries can be specified", p[1], N_SEARCH_LIST_LEN); } + o->dhcp_options |= DHCP_OPTIONS_DHCP_REQUIRED; } else if (streq(p[1], "DISABLE-NBT") && !p[2]) { o->disable_nbt = 1; + o->dhcp_options |= DHCP_OPTIONS_DHCP_REQUIRED; } #if defined(TARGET_ANDROID) else if (streq(p[1], "PROXY_HTTP") && p[3] && !p[4]) @@ -8158,14 +8173,6 @@ add_option(struct options *options, msg(msglevel, "--dhcp-option: unknown option type '%s' or missing or unknown parameter", p[1]); goto err; } - - /* flag that we have options to give to the TAP driver's DHCPv4 server - * - skipped for "DNS6", as that's not a DHCPv4 option - */ - if (!ipv6dns) - { - o->dhcp_options = true; - } } #endif /* if defined(_WIN32) || defined(TARGET_ANDROID) */ #ifdef _WIN32 diff --git a/src/openvpn/tun.h b/src/openvpn/tun.h index 3b0a0d24..e19e1a2e 100644 --- a/src/openvpn/tun.h +++ b/src/openvpn/tun.h @@ -62,6 +62,10 @@ enum windows_driver_type { #define IPW32_SET_ADAPTIVE_DELAY_WINDOW 300 #define IPW32_SET_ADAPTIVE_TRY_NETSH 20 +/* bit flags for DHCP options */ +#define DHCP_OPTIONS_DHCP_OPTIONAL (1<<0) +#define DHCP_OPTIONS_DHCP_REQUIRED (1<<1) + struct tuntap_options { /* --ip-win32 options */ bool ip_win32_defined; @@ -90,7 +94,7 @@ struct tuntap_options { /* --dhcp-option options */ - bool dhcp_options; + int dhcp_options; const char *domain; /* DOMAIN (15) */