From patchwork Wed Mar 1 09:18:48 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kristof Provost X-Patchwork-Id: 3098 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:2310:b0:9f:bfa4:120f with SMTP id r16csp2542291dye; Wed, 1 Mar 2023 01:49:25 -0800 (PST) X-Google-Smtp-Source: AK7set+SEs74pEq0ui4+4Qcv8E5C243JLGv2xTEnBOs0l0tDOzOVihrSYr2vhF8fVjiozRgL/RpW X-Received: by 2002:a17:903:1110:b0:19c:ba57:a869 with SMTP id n16-20020a170903111000b0019cba57a869mr6000467plh.13.1677664165300; Wed, 01 Mar 2023 01:49:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1677664165; cv=none; d=google.com; s=arc-20160816; b=04t40WS7wiLc1SII38GnISUJvo92TRPZt1USDUv5zWerUDJI80wzLcPlzr3XtPw5Yp s8vTfqQaiGQa3VA7NGeNNxBkzpMxJEv4vWgbNmR+oMAox0Mi7hzsvuwpDRO0Wd+jmg54 qCXqJsml75T2KsJkAob3GnUiIJE/LryvFjVlPBGZNR8gjWQTc5vGdLt7Z1oaidXk8uQG nhGNxdmQlw0q2OFB9CJzOrTBM0s7WH7Zw12Iw8KX0L83MDsS37nzsJkjBByuAvtGduVE sSuoledB1spFWpOIf81NezNN/HbT3qtfl+3CzCC0/PPldR2TG1I7eP9AvhppYJPvqCzl gIlg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:reply-to:from:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:message-id:date:to:dkim-signature :dkim-signature:dkim-signature; bh=R1DQGbaW6ZvSsWJHWcZ9JYzZcZI4jzgbGH4X3XJ/fog=; b=aekPsbZrCQjqDqajddbCD8h2yAt8V5lXYTa8qxULdhlNTCuOsyZ8mj2HH+zHs9F8Od lpRSMupV6OOLr3NNDfg0bXsxuacQAzsaVh+3cmz04dYFKUFFsgIIuuUnKOHg6Lapk7sR cBeEf7fbRiv/9sx1oF89W8AiaLQMB1xrGutu10iGtwZVE6D+28gfLOfYTwKHF9ilVAzA YmCcp5qsSmA7FtN5RkhqYMzgr7zZIMXyVnyNsmkQC68ZBlS+fvU/gouA0KZX+k95cjfV ZvPTTeGB7ZAJeUagwYTgLzt6qp58Jj3ujkxfCgL0c/0zvUKHwsTe7vH5q+qXCKDcDJwQ 2EpA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=cAoBNcgB; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=RDy93Dtw; dkim=neutral (body hash did not verify) header.i=@netgate.com header.s=google header.b=bK0M6z4p; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id u9-20020a170902e80900b0019e3ff97af3si3038180plg.338.2023.03.01.01.49.25 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 01 Mar 2023 01:49:25 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=cAoBNcgB; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=RDy93Dtw; dkim=neutral (body hash did not verify) header.i=@netgate.com header.s=google header.b=bK0M6z4p; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pXJ4a-0000EV-KI; Wed, 01 Mar 2023 09:48:31 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pXJ4O-0000Cs-Ve for openvpn-devel@lists.sourceforge.net; Wed, 01 Mar 2023 09:48:20 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=7U6uWQJgeq/lYtNyGFp02Y36YuHLhMnSTeuIMSjFV88=; b=cAoBNcgBLVS7t1pVSyQUy37Oyg IKThZpV6W5U0Cu1tm7pR/EWjwW9/b2/MDZseej/w70ozQDRkAa7dXU7tjgI0V/AoM7PdkaWIYLL4f LP45CzIgBiXeLsPQHx0kTIzxzVY2N879VZ7RZjq9KsKulI/hr9Yx4s/OBOMBRgrX1QOU=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:To:From: Sender:Reply-To:Cc:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=7U6uWQJgeq/lYtNyGFp02Y36YuHLhMnSTeuIMSjFV88=; b=R Dy93DtwOWiGXFt+zsq7AojwC0eijFnD6QcIK44vZNC21/xhhsunqcXhDP9vl00WRt83lkH1fulLkK DcIuE4ysg9X9HXdSJVeUghRzU+rEgB84gItRyV47X9K2JJ7Hf0EET6zzBRomAtEJ+OcZRdUIakP4V m69Ww0vVeddnJ89M=; Received: from mail-lf1-f54.google.com ([209.85.167.54]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1pXJ4L-0007XH-30 for openvpn-devel@lists.sourceforge.net; Wed, 01 Mar 2023 09:48:20 +0000 Received: by mail-lf1-f54.google.com with SMTP id bi9so16864087lfb.2 for ; Wed, 01 Mar 2023 01:48:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netgate.com; s=google; t=1677664091; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=7U6uWQJgeq/lYtNyGFp02Y36YuHLhMnSTeuIMSjFV88=; b=bK0M6z4pkQxDPf43iuwYzMhOZtNU56xBpFxZk3wnCACC0//eay1N3VA2DU14DAkEcA mFMO3hrpxIFdi7y2TZw5+DhTRM1UuttFenYgzAxxLiIvTN7uS2Y8PcGuv/XohJErxXLz 0P6X5VUveACF8pBzvmOdo35uITxnxkZjlknUU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1677664091; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=7U6uWQJgeq/lYtNyGFp02Y36YuHLhMnSTeuIMSjFV88=; b=p/CpUnSlKMXA90SVphuWmlK+HnKxdA+aQms7KLbHZjFR0ijcTxnx4EMYV6w3GhEJwD FCJoRGHsO046gNyf6ia0D+RhlkBM3EWnB93uYQgSaTDOSOp/ohbnV9VfSeeUgs/e/hDh q3RQipeMduCvTAMJCA+AUQOz0SHG95qi3KZcbqIraCexotzcLpDakVVI+qgC8GKCtuD2 Pw6VRgFbJ/UYLsIszHdrkPPUyX5bbIb5WXxT0wEWsrk3q0sW1NG0Ndj7Yt76s1ylJRn2 otP8ARlirJS7A5WBPKpTWofI4t9MZrWc8GvuDBJv2aEGhwxD2+4Dl2L5Lj7EXlFUJVVc 1++g== X-Gm-Message-State: AO0yUKVXkhkBFpwCcyEfCD2FW1ViDhyggXT7/Mv+/yGj69yURVyh3Je/ +e56jvGDrQT6Gcg4YNHS87DQtoKEPP6+T/AjHUc= X-Received: by 2002:a05:600c:170a:b0:3ea:ed4d:38f4 with SMTP id c10-20020a05600c170a00b003eaed4d38f4mr4029417wmn.41.1677662330032; Wed, 01 Mar 2023 01:18:50 -0800 (PST) Received: from nut.jupiter.sigsegv.be (ptr-8rfalzsse26o3oo9imw.18120a2.ip6.access.telenet.be. [2a02:1811:2402:bf00:f602:70ff:feae:6e98]) by smtp.googlemail.com with ESMTPSA id b10-20020adfee8a000000b002c54c8e70b1sm12661453wro.9.2023.03.01.01.18.49 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Mar 2023 01:18:49 -0800 (PST) To: openvpn-devel Date: Wed, 1 Mar 2023 10:18:48 +0100 Message-Id: <20230301091848.80760-1-kprovost@netgate.com> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Kristof Provost The libnv check doesn't work as expected on FreeBSD 14.x, because FreeBSD has namespaced libnv to avoid conflicts with libnvpair. This means that the naive check generated by AC_CHECK_LIB() fails to d [...] Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: netgate.com] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.167.54 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.167.54 listed in wl.mailspike.net] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1pXJ4L-0007XH-30 Subject: [Openvpn-devel] [PATCH 1/2] configure: improve FreeBSD DCO check X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Kristof Provost via Openvpn-devel From: Kristof Provost Reply-To: Kristof Provost Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1759158379662056983?= X-GMAIL-MSGID: =?utf-8?q?1759158379662056983?= From: Kristof Provost The libnv check doesn't work as expected on FreeBSD 14.x, because FreeBSD has namespaced libnv to avoid conflicts with libnvpair. This means that the naive check generated by AC_CHECK_LIB() fails to detect libnv even though it's present. Instead check for the if_ovpn.h header. This is a more accurate check anyway, as libnv is present on FreeBSD versions prior to 14 (which do not support DCO). Signed-off-by: Kristof Provost Acked-by: Gert Doering --- configure.ac | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac index 4c271464..67f680b2 100644 --- a/configure.ac +++ b/configure.ac @@ -832,9 +832,7 @@ if test "$enable_dco" != "no"; then fi ;; *-*-freebsd*) - AC_CHECK_LIB( - [nv], - [nvlist_create], + AC_CHECK_HEADERS([net/if_ovpn.h], [ LIBS="${LIBS} -lnv" AC_DEFINE(ENABLE_DCO, 1, [Enable data channel offload for FreeBSD]) @@ -842,7 +840,7 @@ if test "$enable_dco" != "no"; then ], [ enable_dco="no" - AC_MSG_WARN([Name/Value pair library not found.]) + AC_MSG_WARN([DCO header not found.]) ] ) if test "$enable_dco" = "no"; then From patchwork Wed Mar 1 09:18:51 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kristof Provost X-Patchwork-Id: 3097 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:2310:b0:9f:bfa4:120f with SMTP id r16csp2541072dye; Wed, 1 Mar 2023 01:46:33 -0800 (PST) X-Google-Smtp-Source: AK7set/MRMV7PL4ZiJh8yQqoGSpj7EmpTD8TykHjzoXds5tjkNf3Iua2IhPuC+mbV/6PqSg/Ytyk X-Received: by 2002:a17:903:41d1:b0:19d:1bd6:4b84 with SMTP id u17-20020a17090341d100b0019d1bd64b84mr7749827ple.17.1677663993214; Wed, 01 Mar 2023 01:46:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1677663993; cv=none; d=google.com; s=arc-20160816; b=vdQWxkr3JD7VnbQ0eY8lV5ST40+a1R3FBJyWO5+uWFaAW3r+KsdTiGjBe83KLwbxhU oUnEtYRI1LQdZEL1JxHOZvywF6Y85AjIGWfdby6fYMi8kfHamamgbfSkffxhpp5mTeB7 ALd+TM+XkQAtJF71X8sW86Mjs8+VwIv2Zw/PGPA3euP0+PkJh+lGq0rVKeTbMro2wDAB EpvHYgdS5/+9w9+KIJBN17XcS4KR2hAu2zcXIU33tVOt75nx5snLzrMvg+Ptwwjhms9A xtIkuu18R1bBnkh4dreJNrQAG98jcXIRm9VQG3F4Hmq95QEmbNhlF+MGPqlGpQZjYtC1 UUNQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:reply-to:from:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:message-id:date:to:dkim-signature :dkim-signature:dkim-signature; bh=hfbIMFpdzDxsfbQo83gvVWoC6UY5w5vRlSoOHuSyW4M=; b=zSnl3ThzG0fyE17H8a1AGk3yywYIwSYUZEdCgPyRHOHOBNpveH+TV3QIPFYZqKiHsQ eA8NOab9AGxCDSkYgqYmfMWMOMpxi9IftxJOvuOzjP5SMQ1JOheJzJNSwzUt+HNnA0hb 7lcZdXdvODMLRnO4cdCLjvbdMgZjlOuQbPkJATlD+zoc3/10HJ642AeK/FH1CdQavJIj 9ItI0IXWcwySCe9KjJdvuhNhBoZ7ULrfaAXSQDFeBKw4VHr/pDeFYXr/J8GldbM/Q0Iz eZZpcD0mzI00G6SKzz3dLkDcypU5Ym7NAnnVx8RTj/zTxFzPltR+PyoF2sd5Xv3GOiPD 6TLQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=GfQcNg59; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=XUsbytW4; dkim=neutral (body hash did not verify) header.i=@netgate.com header.s=google header.b=KJ7Zy5ZZ; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id n15-20020a170902d2cf00b0019cc45a0958si13758936plc.149.2023.03.01.01.46.32 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 01 Mar 2023 01:46:33 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=GfQcNg59; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=XUsbytW4; dkim=neutral (body hash did not verify) header.i=@netgate.com header.s=google header.b=KJ7Zy5ZZ; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pXJ1l-0008Jw-Dq; Wed, 01 Mar 2023 09:45:36 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pXJ1k-0008Jl-QN for openvpn-devel@lists.sourceforge.net; Wed, 01 Mar 2023 09:45:36 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=DGjFpWmqMX0Ai15tfXbaTUarlCgHnLh1uC0GXC34yr0=; b=GfQcNg59QfcirmhiKxKz1uaZ+Q AcscHc5FcU3Gmss8xQdGyAZXKq0iGBn3Rm+pKe/hLNy9QzeXqfIugXHsidLKQg1oLsAnIwuuYsmKh SY8Zddqy2OAXFQCdkJn9rqaINWTnO2nSIqRwZyPy+XQb6TLt33MOhMGKaXAhbsq6x4v4=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:To:From: Sender:Reply-To:Cc:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=DGjFpWmqMX0Ai15tfXbaTUarlCgHnLh1uC0GXC34yr0=; b=X UsbytW4g06r3pUNgABZL24Ed9j2iKz/nLI1LPnCOktKDjeA5Gt+6hXMAHOaTVT0iAZc11c8IZgtu6 U6o5sx1huiNrxkz/LO56EN2pZtMdfFyyBG64HedsRUAOzMJc9ZPjovoLpdq6E0q/g9G1HR/l1O37g 4KcFBc59uzbBo2HE=; Received: from mail-ed1-f48.google.com ([209.85.208.48]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1pXJ1e-00ALI2-HT for openvpn-devel@lists.sourceforge.net; Wed, 01 Mar 2023 09:45:35 +0000 Received: by mail-ed1-f48.google.com with SMTP id u9so1864930edd.2 for ; Wed, 01 Mar 2023 01:45:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netgate.com; s=google; t=1677663923; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=DGjFpWmqMX0Ai15tfXbaTUarlCgHnLh1uC0GXC34yr0=; b=KJ7Zy5ZZ/xsbsDaIneM6nqYjQa5/zosmZ8rjHJpSIF7j9zZFpWlLX5Da7TEKj0YuNw xR5Xo3Endvp+y9D90QaNW30MuE9uEpA3xwymSZz8otsYx2glzPrsjN+5N6xyBXgjzA9g 2Os25KaPRbxJB+pNXQW4ZOJyjohYVkLBhNhdo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1677663923; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=DGjFpWmqMX0Ai15tfXbaTUarlCgHnLh1uC0GXC34yr0=; b=2lPZjgOLv6h5w9zfCpFkcR0SCTUQR1Sh+Gmy5QcDHVBEQ7JnmYSUmgsxeXbGwkKhHN dHCmFULBkShjuyDiRBjrtGjYdo1oGY/C9GyJbIq8ZfwkhpIW71qpjr5hktwo/y30CKIe 7pAB/VABl1LduM4OZeLkrbnmihPJHR6zO3mUgxtN5GjTA/PD/5UJEBzrIVvrf5MypyKk oL4hpMX0TPoUCPZeOY4vM/mi+9v94UOLeER/UBezR6wzCjsHSCIINBW58yZ7bd1Qhy18 YHRPQ6ErZJtQykXaBsEOgBvqdR0Y3ZnyF0RHyUYsc/xYEDHaL1euytC+0DAoUsSjpJtF 9WJg== X-Gm-Message-State: AO0yUKURkvn6AD2tWV77rxiIGyBXkMmKhPnS2ruxKpf6DIt9JSsp78xN ijlLQtM5nzx3ajltfJArfbICvZnZjvrv8eXfoko= X-Received: by 2002:adf:e490:0:b0:2c5:c71:4a84 with SMTP id i16-20020adfe490000000b002c50c714a84mr4301303wrm.68.1677662333190; Wed, 01 Mar 2023 01:18:53 -0800 (PST) Received: from nut.jupiter.sigsegv.be (ptr-8rfalzsse26o3oo9imw.18120a2.ip6.access.telenet.be. [2a02:1811:2402:bf00:f602:70ff:feae:6e98]) by smtp.googlemail.com with ESMTPSA id i13-20020adfe48d000000b002c5539171d1sm12239362wrm.41.2023.03.01.01.18.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Mar 2023 01:18:52 -0800 (PST) To: openvpn-devel Date: Wed, 1 Mar 2023 10:18:51 +0100 Message-Id: <20230301091851.82243-1-kprovost@netgate.com> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Kristof Provost Very low values for 'fragment' can result in a division by zero in optimal_fragment_size() (because it rounds max_frag_size down with FRAG_SIZE_ROUND_MASK). Enforce a minimal fragment size of 68 bytes, based on RFC 791 ("Every internet module must be able to forward a datagram of 68 octets without further fragmentation.") Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.208.48 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: netgate.com] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.208.48 listed in wl.mailspike.net] X-Headers-End: 1pXJ1e-00ALI2-HT Subject: [Openvpn-devel] [PATCH 2/2] options.c: enforce a minimal fragment size X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Kristof Provost via Openvpn-devel From: Kristof Provost Reply-To: Kristof Provost Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1759158199257587208?= X-GMAIL-MSGID: =?utf-8?q?1759158199257587208?= From: Kristof Provost Very low values for 'fragment' can result in a division by zero in optimal_fragment_size() (because it rounds max_frag_size down with FRAG_SIZE_ROUND_MASK). Enforce a minimal fragment size of 68 bytes, based on RFC 791 ("Every internet module must be able to forward a datagram of 68 octets without further fragmentation.") Signed-off-by: Kristof Provost Acked-by: Gert Doering --- src/openvpn/options.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 9105449c..9f79da09 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -6549,6 +6549,12 @@ add_option(struct options *options, VERIFY_PERMISSION(OPT_P_MTU|OPT_P_CONNECTION); options->ce.fragment = positive_atoi(p[1]); + if (options->ce.fragment < 68) + { + msg(msglevel, "fragment needs to be at least 68"); + goto err; + } + if (p[2] && streq(p[2], "mtu")) { options->ce.fragment_encap = true;