From patchwork Fri Mar 15 16:20:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Frank Lichtenheld X-Patchwork-Id: 3650 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:8444:b0:55c:c090:46f0 with SMTP id m4csp1179059mat; Fri, 15 Mar 2024 09:21:32 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXR+4U0YoApo0w6JjXl3gcICGx1ppS5KFt+bgvjeFfp1zy1FqiT7jhQ5eQrs7ctOiLy24Qd3ZhIRNrZ1JT8s8X/2g69Ttg= X-Google-Smtp-Source: AGHT+IHD6qnoWUNYhM1wIkJmW/7UJnfV6yybD231yJJCdeJO5bHPs+omvvelL68b/4T5qsDm4HU6 X-Received: by 2002:a17:903:186:b0:1dd:6f1a:2106 with SMTP id z6-20020a170903018600b001dd6f1a2106mr5919229plg.0.1710519692704; Fri, 15 Mar 2024 09:21:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1710519692; cv=none; d=google.com; s=arc-20160816; b=SYy6NMbKTR5Wo2i3Io4UVYo1EZIlxWS+CUOL5MsC9+ZPq0YeRx3ESwN4Cz/Se39P9C Z/3ZfZzHoGMvUEPmgnUjJuecAdwFdJThWfSKtHrqfyYLCpgqSmWMZIxtNXTQyqLQNONK DQD5ED88viWzPhD5Le//c3j90AKp3hnI8B+NbG90FtG23iHsXSgPVXrp1wYDnRetWDOY Fo3KsCihW9yPRn1BjbzKjVeWApJUxrq5N96sASTkuVXOYfi92s587RYGhzHd28xHDWx4 MpTL+NzX22f1SyglY7dZxirvsG+SHhBNulP+hepOmFLVysz5vNcIqDMbBeb+cqvBXqgf EzKQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=3l73yDJ64FFdjTiofUPagdzn1WCbDgE+R38ooVyxdXc=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=va5THrbHoQCR/TDu4dtz95lhcyTpeXAR9m/FWaBPlFUVPcwRLsFZAgrZxdMgJ24P5Q WoY4Qb29WDjsreYRLln29c2dtjp8UErFeKbxdr8nJB7zxW6YLtPFuYv/9RWZjx1ZL2GP eOWvn9Xd4DDEj43PwGv92qybppvK2Y1zbQBn4kvatmHPL6KfSFCGgex/KIAnK5qCQTSf UZ1qfitoBX86MEQ5Ruqm/asPvNuFV4haclVaM2wqv0yGfsvh18W3K7rJP6J057yVvx52 HzFYGP7IvsiWgnA9bYodqUSx7CPYG6Gt2YzvOeyp6IYUmp4eZ8Z1/080ZRpXA/7gFbJU /blQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=XbJ8HVLl; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="kG5/Yfx+"; dkim=neutral (body hash did not verify) header.i=@lichtenheld.com header.s=MBO0001 header.b=qktPte9R; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id jj5-20020a170903048500b001dda41fce92si3631473plb.627.2024.03.15.09.21.32 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 15 Mar 2024 09:21:32 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=XbJ8HVLl; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="kG5/Yfx+"; dkim=neutral (body hash did not verify) header.i=@lichtenheld.com header.s=MBO0001 header.b=qktPte9R; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1rlAIJ-0008FF-Sk; Fri, 15 Mar 2024 16:20:32 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1rlAIH-0008Et-3m for openvpn-devel@lists.sourceforge.net; Fri, 15 Mar 2024 16:20:29 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=oF/ntINczvI4VM/AJuzku+OryZtCiE4R+cczrKfxibo=; b=XbJ8HVLlkaX4hbV27b1sdf5+1J AXEFjSKMY7dDbompuAsQtmSrD3upVJAkO5LvIgvgNGiXk4VdOhSI2OhK5BceB7SRCEbRxN7lSPrUp uWJ96sG6qy2Ahfvx1ldvlwD1K3SI6yR0nIJXWRLAdijdUeZzofcMVufqdzhzB6jYxphA=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=oF/ntINczvI4VM/AJuzku+OryZtCiE4R+cczrKfxibo=; b=kG5/Yfx+BrGZCCEg6aYiwwPFXU NYhtlAx14+LPu5ufbQmJi4CtvtCEnft9Z26nTSqpTldGPCS446+Orhh2PbTNzHfuBd2hzpNAHGil6 nTkuY/TnmStKy2lSlpjH0YyENcaHXHLrTvpBBaORIoI/RpsoiBxdjnoBm3HwjAJVl/hk=; Received: from mout-p-101.mailbox.org ([80.241.56.151]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1rlAI1-0002CG-PL for openvpn-devel@lists.sourceforge.net; Fri, 15 Mar 2024 16:20:29 +0000 Received: from smtp102.mailbox.org (smtp102.mailbox.org [IPv6:2001:67c:2050:b231:465::102]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-101.mailbox.org (Postfix) with ESMTPS id 4Tx8bw6WYwz9sZL; Fri, 15 Mar 2024 17:20:12 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lichtenheld.com; s=MBO0001; t=1710519612; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=oF/ntINczvI4VM/AJuzku+OryZtCiE4R+cczrKfxibo=; b=qktPte9RagwWBclwPUZv/wgrjslx3VGwGaNYrud1MRooA0o6KhaHc0f/Ww+5oOVwuXYqrm u1gwoMvJYiMpJPJOEivjJvoxklvcf5txYjv582j5qy7hIam6twMw5xCUm+nineeEvepQCm eIQpRv47ftw2TjCSrfWZwmzr6RtJaodHo6GRo7yXgXH1wk0NBN6WvrLpl/O/PPkn7Nsl5Y RFmktGnshlvvFBXy5cAwL1KawPPE0tRoZcDbfxCcZZbjQXfJJiLG8Snp9hq7s1r+3qo1OJ kSNM7dsF74j9ug8idDgx9u/eXml+FNdQgB4nVqVM6CJcSyE6GWCcog5BexK1yQ== From: Frank Lichtenheld To: openvpn-devel@lists.sourceforge.net Date: Fri, 15 Mar 2024 17:20:11 +0100 Message-Id: <20240315162011.1661139-1-frank@lichtenheld.com> In-Reply-To: <20230830130502.1029-1-sandro.trianni@gmail.com> References: <20230830130502.1029-1-sandro.trianni@gmail.com> MIME-Version: 1.0 X-Rspamd-Queue-Id: 4Tx8bw6WYwz9sZL X-Spam-Score: -0.9 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: 5andr0 So far --server-poll-timeout was only applied for HTTP proxies, apply it also to SOCKS proxies. This removes the default 5 second socks connect timeout which can be too small depending on network setup and replaces it with the configurable overall connect timeout (default 120 seconds). Content analysis details: (-0.9 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [80.241.56.151 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1rlAI1-0002CG-PL Subject: [Openvpn-devel] [PATCH v2] Implement server_poll_timeout for socks X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1775659427042655475?= X-GMAIL-MSGID: =?utf-8?q?1793609896955174136?= From: 5andr0 So far --server-poll-timeout was only applied for HTTP proxies, apply it also to SOCKS proxies. This removes the default 5 second socks connect timeout which can be too small depending on network setup and replaces it with the configurable overall connect timeout (default 120 seconds). Trac: #328 Change-Id: I2b109f8c551c23045a1be355778b08f0fd4d309f Signed-off-by: 5andr0 Acked-by: Frank Lichtenheld --- src/openvpn/socket.c | 2 ++ src/openvpn/socks.c | 25 ++++++++++++++----------- src/openvpn/socks.h | 2 ++ 3 files changed, 18 insertions(+), 11 deletions(-) Trying to move this forward by adding a commit message. diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index 480f4e51..ecb408a3 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -2075,6 +2075,7 @@ phase2_tcp_client(struct link_socket *sock, struct signal_info *sig_info) sock->sd, sock->proxy_dest_host, sock->proxy_dest_port, + sock->server_poll_timeout, sig_info); } if (proxy_retry) @@ -2104,6 +2105,7 @@ phase2_socks_client(struct link_socket *sock, struct signal_info *sig_info) sock->ctrl_sd, sock->sd, &sock->socks_relay.dest, + sock->server_poll_timeout, sig_info); if (sig_info->signal_received) diff --git a/src/openvpn/socks.c b/src/openvpn/socks.c index a29eb83a..2cb83a66 100644 --- a/src/openvpn/socks.c +++ b/src/openvpn/socks.c @@ -42,6 +42,7 @@ #include "fdmisc.h" #include "misc.h" #include "proxy.h" +#include "forward.h" #include "memdbg.h" @@ -85,12 +86,12 @@ socks_proxy_close(struct socks_proxy_info *sp) static bool socks_username_password_auth(struct socks_proxy_info *p, socket_descriptor_t sd, + struct event_timeout *server_poll_timeout, volatile int *signal_received) { char to_send[516]; char buf[2]; int len = 0; - const int timeout_sec = 5; struct user_pass creds; ssize_t size; bool ret = false; @@ -129,7 +130,7 @@ socks_username_password_auth(struct socks_proxy_info *p, FD_ZERO(&reads); openvpn_fd_set(sd, &reads); - tv.tv_sec = timeout_sec; + tv.tv_sec = get_server_poll_remaining_time(server_poll_timeout); tv.tv_usec = 0; status = select(sd + 1, &reads, NULL, NULL, &tv); @@ -185,11 +186,11 @@ cleanup: static bool socks_handshake(struct socks_proxy_info *p, socket_descriptor_t sd, + struct event_timeout *server_poll_timeout, volatile int *signal_received) { char buf[2]; int len = 0; - const int timeout_sec = 5; ssize_t size; /* VER = 5, NMETHODS = 1, METHODS = [0 (no auth)] */ @@ -216,7 +217,7 @@ socks_handshake(struct socks_proxy_info *p, FD_ZERO(&reads); openvpn_fd_set(sd, &reads); - tv.tv_sec = timeout_sec; + tv.tv_sec = get_server_poll_remaining_time(server_poll_timeout); tv.tv_usec = 0; status = select(sd + 1, &reads, NULL, NULL, &tv); @@ -283,7 +284,7 @@ socks_handshake(struct socks_proxy_info *p, return false; } - if (!socks_username_password_auth(p, sd, signal_received)) + if (!socks_username_password_auth(p, sd, server_poll_timeout, signal_received)) { return false; } @@ -301,13 +302,13 @@ socks_handshake(struct socks_proxy_info *p, static bool recv_socks_reply(socket_descriptor_t sd, struct openvpn_sockaddr *addr, + struct event_timeout *server_poll_timeout, volatile int *signal_received) { char atyp = '\0'; int alen = 0; int len = 0; char buf[270]; /* 4 + alen(max 256) + 2 */ - const int timeout_sec = 5; if (addr != NULL) { @@ -326,7 +327,7 @@ recv_socks_reply(socket_descriptor_t sd, FD_ZERO(&reads); openvpn_fd_set(sd, &reads); - tv.tv_sec = timeout_sec; + tv.tv_sec = get_server_poll_remaining_time(server_poll_timeout); tv.tv_usec = 0; status = select(sd + 1, &reads, NULL, NULL, &tv); @@ -451,12 +452,13 @@ establish_socks_proxy_passthru(struct socks_proxy_info *p, socket_descriptor_t sd, /* already open to proxy */ const char *host, /* openvpn server remote */ const char *servname, /* openvpn server port */ + struct event_timeout *server_poll_timeout, struct signal_info *sig_info) { char buf[270]; size_t len; - if (!socks_handshake(p, sd, &sig_info->signal_received)) + if (!socks_handshake(p, sd, server_poll_timeout, &sig_info->signal_received)) { goto error; } @@ -494,7 +496,7 @@ establish_socks_proxy_passthru(struct socks_proxy_info *p, /* receive reply from Socks proxy and discard */ - if (!recv_socks_reply(sd, NULL, &sig_info->signal_received)) + if (!recv_socks_reply(sd, NULL, server_poll_timeout, &sig_info->signal_received)) { goto error; } @@ -512,9 +514,10 @@ establish_socks_proxy_udpassoc(struct socks_proxy_info *p, socket_descriptor_t ctrl_sd, /* already open to proxy */ socket_descriptor_t udp_sd, struct openvpn_sockaddr *relay_addr, + struct event_timeout *server_poll_timeout, struct signal_info *sig_info) { - if (!socks_handshake(p, ctrl_sd, &sig_info->signal_received)) + if (!socks_handshake(p, ctrl_sd, server_poll_timeout, &sig_info->signal_received)) { goto error; } @@ -535,7 +538,7 @@ establish_socks_proxy_udpassoc(struct socks_proxy_info *p, /* receive reply from Socks proxy */ CLEAR(*relay_addr); - if (!recv_socks_reply(ctrl_sd, relay_addr, &sig_info->signal_received)) + if (!recv_socks_reply(ctrl_sd, relay_addr, server_poll_timeout, &sig_info->signal_received)) { goto error; } diff --git a/src/openvpn/socks.h b/src/openvpn/socks.h index 3a89245b..a7094f06 100644 --- a/src/openvpn/socks.h +++ b/src/openvpn/socks.h @@ -52,12 +52,14 @@ void establish_socks_proxy_passthru(struct socks_proxy_info *p, socket_descriptor_t sd, /* already open to proxy */ const char *host, /* openvpn server remote */ const char *servname, /* openvpn server port */ + struct event_timeout *server_poll_timeout, struct signal_info *sig_info); void establish_socks_proxy_udpassoc(struct socks_proxy_info *p, socket_descriptor_t ctrl_sd, /* already open to proxy */ socket_descriptor_t udp_sd, struct openvpn_sockaddr *relay_addr, + struct event_timeout *server_poll_timeout, struct signal_info *sig_info); void socks_process_incoming_udp(struct buffer *buf,