From patchwork Thu Feb 15 15:59:02 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "plaisthos (Code Review)" X-Patchwork-Id: 3619 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:a042:b0:554:adf7:68e6 with SMTP id bi2csp489993mab; Thu, 15 Feb 2024 07:59:47 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCWqb/5F4woYne5lE4vRAZznazS+DBdywy4e3FbmwvnDQqEhRjV+Zi5pUNQsiA3R8cyjEeVYjYsn8+iSWoxq18ZBXHlWLM4= X-Google-Smtp-Source: AGHT+IHZiJX57maBJNH+f3YbtfKZCsacHFjjWzzcwEPuG1DpwtRKpk4+sC77bjMVHfvy2yTZHqhh X-Received: by 2002:a17:902:a382:b0:1d8:ca6d:ae90 with SMTP id x2-20020a170902a38200b001d8ca6dae90mr2124773pla.3.1708012786831; Thu, 15 Feb 2024 07:59:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1708012786; cv=none; d=google.com; s=arc-20160816; b=OUxIaNSe0GezoQFvBpRcCFmtg80gUQNPQ21xmMkQjYfx2vuPED5JMPGT7QNp/80c6B DijX5DaNnm7XaOVNUnaUNp6KnwjOoKeyQgReCz0DW4MKymw3xbeadA3FtzM5MFHQsKyj TFDl/9Rlhea4/NVDtQxhmLu8L2StjhiZnN4bqsdZwRHQz1nmxLODkndGhpRDi9fuVoXb B9l0lJ2qEVoLnhY9WiDQsVZdtOmUsQ6V4Am7Nb2DkHqhJz0pSuLtvMVYegCCPYmI8EZD Qgj1o7mE31NkcxJ7m+rbwhxMzFg64OCw7uaLAfnIOIi7Hp6hqhojyG5+5MnX46w87YKV oKTQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=K2YyRM5NauZJLzCmxsb0+08vTC50R6N2q6GIM0UKUrg=; fh=U7wEyxtwz2o5+UdevFSA47vNeG9knhWH0KV//QhD5a0=; b=JBpX9eaNd6uJ8kKSOzkJcQ/YjUnv4J9qqorBXE1HZov2QHFbU3exUtKI9P9ELzb83K moky8OEL+BeZJZ8iREkmXrypeJPZbctz595glX4yG2wy7QIx9p+j/3zou+jYN5vg1v/Z DRCGmFXbst1IqU0ir8OtQuqdKJGBQP+WtzcaDPDytJdOY5jI95+RTvhc3kV2fsbg0fPu tfujcg3RP3Q+5di+MzfAy81oOzjPr1CzakPHXUDHZM7/mKl2WzJICWJZCbwpCR3Ea+uA JtKrfFQDMEe2GNXY2vCo4joabJQpNdJsnHANhV/vXi89fq/rRoqXBdbVSeJfMb4cHBIi 2KkQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=PlAkRch0; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=an1ZIEoZ; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=QAPdvSLC; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id n3-20020a170902e54300b001d7852b689csi1322505plf.461.2024.02.15.07.59.46 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 15 Feb 2024 07:59:46 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=PlAkRch0; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=an1ZIEoZ; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=QAPdvSLC; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1rae8u-00016b-73; Thu, 15 Feb 2024 15:59:20 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1rae8s-00016K-31 for openvpn-devel@lists.sourceforge.net; Thu, 15 Feb 2024 15:59:18 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=V35SXVVOuyvnLQcOfi1tdbsX5YsuD8QpqJln+ZHySNw=; b=PlAkRch0GEs7HAE2WM0LqI+iWI Wf/1JsjSqv7z5qNGLgA51oagwpAF/wdeI/xgdjXeeHZUKAW3J5hLSZMvoLPThtJmXERUK8WRgEqe5 yD5HC5IDS33oj7NnHaX3ehUaOCXEipjZ09Olqshij79VJbKPO1KiOz0FcC5ti3tvLlvY=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=V35SXVVOuyvnLQcOfi1tdbsX5YsuD8QpqJln+ZHySNw=; b=a n1ZIEoZrIZDjXTrI5QJJI9v+kJjuaQWev608gFYVCESlqL7V18QFZeFTVCbOQu/whSttzVlZxjUnp 5+/5At6LlVqe+P5v3X5hxjwWcRF8pC8y2pplpiGoD0Q9cYTRY5IXGvsOoxlxZ+zH5WH/XRnnIak4K IKK1LyOnVeyikCyg=; Received: from mail-wr1-f48.google.com ([209.85.221.48]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1rae8o-0001ER-6f for openvpn-devel@lists.sourceforge.net; Thu, 15 Feb 2024 15:59:18 +0000 Received: by mail-wr1-f48.google.com with SMTP id ffacd0b85a97d-33934567777so603648f8f.1 for ; Thu, 15 Feb 2024 07:59:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1708012743; x=1708617543; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=V35SXVVOuyvnLQcOfi1tdbsX5YsuD8QpqJln+ZHySNw=; b=QAPdvSLCEeNctgE+dwjdsHqcslDQ60d7pl3VnVgbaab+OjRs7piLocx5S1b7MxZJIb MS1o7kAMJ38RDxdT6AE7XopQEsJF3B57wCYvMvkL/0pTY7jlCYatVrfTh8oZZ9xWXy/l pMe19gWsik7FoI7VDaWRH2Hi1fcBIZPFNvGaSY8YaK2ycCb1TB3kUIH75SRFnVhAA8/P 6jzF8zeLoCttBPga/Qp77E3PxJz3KKSqZrMVlWRm4JdLvFAohQnz6ZwRIm+SKdd7SR1X 3PC7Gupeof7KgmYDIbb8za63qW0K1XVmowFtoOcut/Wdq0E8hiA6GXr/4xPXEUYsMoNW R5mw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708012743; x=1708617543; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=V35SXVVOuyvnLQcOfi1tdbsX5YsuD8QpqJln+ZHySNw=; b=lxDf/ZlLJ8Yl9u4R7N4YGww61EN2daskIfL+/6ZP5Tx8vCc33kuxGu2UPBy9EnR7/6 kZ1IuYbJUhaybQPXtinWw6KxM61H+eQv5VcAYXfbTHaYUIHVc4ej1pJJ55+LqgUz0tcZ 34qtfYene7Oohn5ss+lPZYKQTgU7SRILV12zSkJULnc8Z3eO8XrxygnpkDgA1jqtfpNr 8Ax9NLlfm5HFizUtrMeZOGh79nN1Em7AolEReQwUJ1/2EIvZ1mE48W7GybH7pNnZDoNJ FacSRjt4lWfC2MFR/PSauoyEsrJqIFTO/xwk48c9XXCA2Obj/2yGWxI/dYsEHf19I1Ts onZA== X-Gm-Message-State: AOJu0YznR+r9ZGtDnMprNdW1fx0wx8QvkiIFO0BgPwvHKvDWnhn/TRIZ gpx6HrGutk7G6qTtCAEP7DiGYMDEw5S2OoN9NK2/jXRvUG8YZZ/U8ICK+2WH/Sc= X-Received: by 2002:a5d:6385:0:b0:33a:e6e4:945d with SMTP id p5-20020a5d6385000000b0033ae6e4945dmr1827357wru.2.1708012743121; Thu, 15 Feb 2024 07:59:03 -0800 (PST) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id bk30-20020a0560001d9e00b0033cff6da10bsm2326057wrb.89.2024.02.15.07.59.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 15 Feb 2024 07:59:02 -0800 (PST) From: "its_Giaan (Code Review)" X-Google-Original-From: "its_Giaan (Code Review)" X-Gerrit-PatchSet: 1 Date: Thu, 15 Feb 2024 15:59:02 +0000 To: plaisthos , flichtenheld Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: I4b5e8357d872c920efdb64632e9bce72cebee202 X-Gerrit-Change-Number: 525 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: b67719224531ef3e1c2024adfa600880c683786d References: Message-ID: MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.221.48 listed in wl.mailspike.net] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.221.48 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1rae8o-0001ER-6f Subject: [Openvpn-devel] [S] Change in openvpn[master]: Minor fix to process_ip_header X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: gianmarco@mandelbit.com, arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net, frank@lichtenheld.com Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1790981215861573537?= X-GMAIL-MSGID: =?utf-8?q?1790981215861573537?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/525?usp=email to review the following change. Change subject: Minor fix to process_ip_header ...................................................................... Minor fix to process_ip_header Introduced a bitmask to replace the previous check for individual option bits with a check for all possible combinations of options. Fixes: Trac https://community.openvpn.net/openvpn/ticket/269 Change-Id: I4b5e8357d872c920efdb64632e9bce72cebee202 Signed-off-by: Gianmarco De Gregori --- M src/openvpn/forward.c M src/openvpn/forward.h 2 files changed, 4 insertions(+), 12 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/25/525/1 diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 0443ca0..04bf407 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -1649,17 +1649,7 @@ if (buf->len > 0) { - /* - * The --passtos and --mssfix options require - * us to examine the IPv4 header. - */ - - if (flags & (PIP_MSSFIX -#if PASSTOS_CAPABILITY - | PIPV4_PASSTOS -#endif - | PIPV4_CLIENT_NAT - )) + if (flags & PIP_OPT_MASK) { struct buffer ipbuf = *buf; if (is_ipv4(TUNNEL_TYPE(c->c1.tuntap), &ipbuf)) diff --git a/src/openvpn/forward.h b/src/openvpn/forward.h index e19115e..8da1cc1 100644 --- a/src/openvpn/forward.h +++ b/src/openvpn/forward.h @@ -294,11 +294,13 @@ #define PIPV4_PASSTOS (1<<0) #define PIP_MSSFIX (1<<1) /* v4 and v6 */ -#define PIP_OUTGOING (1<<2) #define PIPV4_EXTRACT_DHCP_ROUTER (1<<3) #define PIPV4_CLIENT_NAT (1<<4) #define PIPV6_IMCP_NOHOST_CLIENT (1<<5) #define PIPV6_IMCP_NOHOST_SERVER (1<<6) +#define PIP_OPT_MASK 0xFFFF +#define PIP_OUTGOING (1<<16) + void process_ip_header(struct context *c, unsigned int flags, struct buffer *buf);