From patchwork Wed Jul 24 14:14:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "plaisthos (Code Review)" X-Patchwork-Id: 3774 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:6242:b0:5a1:d4fc:4ac6 with SMTP id v2csp3044176mad; Wed, 24 Jul 2024 07:15:23 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXZvLyZ5/0leJ3ufdGalJoI9I8LkWOtvcPtLL9zrpYh2xT1igIhCEj+vAyjpvJNepHcP9mn+Y9EpuA=@openvpn.net X-Google-Smtp-Source: AGHT+IGPS+QZ7p/wEhTZRjPLSYUFvOdQQXmbLzqxt2eP4THBMwD3M2H24DnA4Q8CUDiDz2myzKrQ X-Received: by 2002:a05:6e02:1a0c:b0:376:3907:4912 with SMTP id e9e14a558f8ab-398e420f811mr83138255ab.1.1721830522695; Wed, 24 Jul 2024 07:15:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1721830522; cv=none; d=google.com; s=arc-20160816; b=a3W2hIOZ3FaLL9jy6KYUbmpZVTarKV+QLXFGkdnwUZKwOV6d2boP8AFOHjROjEaF4y MnnnbedyabWHhZxabNc0kGvu1VzoP9cL0NqqrGRUYwpClEC2q0gtRYthNPIfKqGTenPy HrgGrvQMtvfHDbOHSMHyuP4PhUSygfXf8Q2sNejZbS4+9yQsS85So/LLKqyjr5gr8hqI I1tvjtUVDWHYzjI0CuRWiWEAw0rkD3wIsPWfRZff6Nji0cdJkXgngnvDfLz9tXa+uYQo aD1XE+QHikbzELfuvW8NwKBwDIm3CAWcmNbBBXZUOs6Ekzp4THI/NKXEnEy725BUn8A5 3EKA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=n91FO7ABjTcgTHwGIt5NdT6MZEhKLlBOs/PBFac5Hr4=; fh=U7wEyxtwz2o5+UdevFSA47vNeG9knhWH0KV//QhD5a0=; b=KE6f2/BVHNeSS7kDGC/oIbOhG71ZUg4IwsO0gPH6JbKYM1+vX/wOtIIaaXqig6j2bk K0M0rOfuxxPYNjyM6tm2A1FOAX5Y5+hnKpdqVu8RufdA88YMr4j5qKDw9WqCgLBBPm1l x/eZzA1L0uRqzsb87L/4A2/Hlt8ttapNmkFbB2+SAf45vzkcLyi6iHjZKtMaza/gcxR6 wSBNKJRqqYJezvkKXmQ2c3cBcXPoPbERfG9FfVrccHJOntf1gco/B6BvQt0WNM0+JuMZ Hx7nA3emLqJpee2MVX2R+gZd0x3C6m018QfV6HY8R91JKckZPx8VVsOL7zT1wf+hJj2c 3fTg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=PzrdGwoW; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=XPbDNFtw; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=JS+CvNqi; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 41be03b00d2f7-79f0eaa0b0bsi10914535a12.359.2024.07.24.07.15.22 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 24 Jul 2024 07:15:22 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=PzrdGwoW; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=XPbDNFtw; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=JS+CvNqi; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1sWclT-0004Rp-G8; Wed, 24 Jul 2024 14:14:47 +0000 Received: from [172.30.29.67] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1sWclR-0004RZ-Qw for openvpn-devel@lists.sourceforge.net; Wed, 24 Jul 2024 14:14:45 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=FdDK4bHtdismJT2Hs6FQJ46vyllY9MSajK8A64EsgFg=; b=PzrdGwoWqqRCz3Mr4SyFKdEQGM gCJ8gnpvkc6TSfS/uKjxvoTS/9dxHsomrOTSSDujP+JSO+8o4OjbavIYLP2d285t/vu8zExlgOmF0 d1iTQozWDGBVw9LNtVrHJCZkyGVmop208RFIOMSDJ0HDQsyiVRBlYY8/M+d0gB5YOxlc=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=FdDK4bHtdismJT2Hs6FQJ46vyllY9MSajK8A64EsgFg=; b=X PbDNFtwJG935eL5ISLeToJ7j50YsNxcWOCoUwmFWPEm6suJOolIloEpzMGJCRKu8jLjCckya9iB8U SuUTfKesypG+9OXsuUQdqYK04zs0byb99ikzUNifZWyQ0P/k0e5cQj5ZgJFeYiAcwaBz3OSsnKn9g FVtEcdkh+XGNUliE=; Received: from mail-wm1-f45.google.com ([209.85.128.45]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1sWclQ-0003PB-U6 for openvpn-devel@lists.sourceforge.net; Wed, 24 Jul 2024 14:14:45 +0000 Received: by mail-wm1-f45.google.com with SMTP id 5b1f17b1804b1-4266fd39527so51992685e9.1 for ; Wed, 24 Jul 2024 07:14:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1721830478; x=1722435278; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=FdDK4bHtdismJT2Hs6FQJ46vyllY9MSajK8A64EsgFg=; b=JS+CvNqiz+JABjbcYrEZkJkbGJBQRSP5IncOmjKF4LllvyYzZUDqESMFUhtNU5IyH/ gpuSq+sQlFLMqCOINC0ZfTwXXC30jXj6hoApO1YIe+Sv6eSMZhuOaIylgrU/oawwVElO xNVnaSedvHj8l6fZ1z0VFA1yvUQayd2RsuuQv/4Wr5EnNaAvuhIbL9lM6303RzATb8j5 fxxhX8txP9+QV2K48k1OA3aZRuTE+t7+9KdHrYiqn/lv/tYOo6p4OUQqoqh/5g7+Wi0s 6TLg3Qx4fu0ChYdswMJn2F68xdzhDdorCLtMs6ouAFNnn1ZAqV1dHo9eXv11KHSJ7vgT ayhg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721830478; x=1722435278; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=FdDK4bHtdismJT2Hs6FQJ46vyllY9MSajK8A64EsgFg=; b=GVGlYnv3QPPLyJgU79zXw1ZYZzSwo7qfd2dNG4J1n64YtY025e6NyXEmSzNEwQkopw Kz+nUReoDehpL1RI+r9ddTDejNiaJRx8yUCYdjBWE6D99mP19hjiAtxAPM35MneAdN/m 7ztX2OYdWu3Cqbqf6f0Vmv+LKY/jjlhvaOiLWTop3UW4cqsv+jI5AvvOdApawnljwcAm X3QFkL3ygKDZQVR4bYfcUzVmZtHVT4UpUHE34Wo2fuAdTLCoTxr+L8oPVHrJiwCdfBA2 GMtIGtfAktejPj1Nj0PocWuhlQ8DRO2op2CyUZHEGGloLrjwMRe/0U6DsglOg/vwuR6x 3zJA== X-Gm-Message-State: AOJu0YzMaWbOaXIHe7lcKqVzy0Kta4bvxJ2kvFPdjzsfw3wpA4sHVwQU CETeKB+8i772Ir0ola48XLbtT+4DZTA1mLFWFhBtvWyh5/mqLCEf8RDsMmY6tHz1UF/k8jtVPYM M X-Received: by 2002:a05:6000:1a8a:b0:362:c7b3:764c with SMTP id ffacd0b85a97d-369f5af3b45mr2009746f8f.48.1721830478127; Wed, 24 Jul 2024 07:14:38 -0700 (PDT) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-3687868b24csm14435920f8f.25.2024.07.24.07.14.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jul 2024 07:14:37 -0700 (PDT) From: "d12fk (Code Review)" X-Google-Original-From: "d12fk (Code Review)" X-Gerrit-PatchSet: 1 Date: Wed, 24 Jul 2024 14:14:37 +0000 To: plaisthos , flichtenheld Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: I975057c20c1457ef88111f8d142ca3fd2039d5ff X-Gerrit-Change-Number: 680 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: 2788e96590cf24e9a0c0813efd82d3a489193ad7 References: Message-ID: <1f7a7eb17635cc300a54855f2a1b8aa86256e5d3-HTML@gerrit.openvpn.net> MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_DNSWL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to DNSWL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [209.85.128.45 listed in list.dnswl.org] 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: openvpn.net] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.128.45 listed in bl.score.senderscore.com] 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.128.45 listed in sa-trusted.bondedsender.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.45 listed in wl.mailspike.net] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML X-Headers-End: 1sWclQ-0003PB-U6 Subject: [Openvpn-devel] [XS] Change in openvpn[master]: add and send IV_PROTO_DNS_OPTION_V2 flag X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: heiko@openvpn.net, arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net, frank@lichtenheld.com Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1805470162244102162?= X-GMAIL-MSGID: =?utf-8?q?1805470162244102162?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/680?usp=email to review the following change. Change subject: add and send IV_PROTO_DNS_OPTION_V2 flag ...................................................................... add and send IV_PROTO_DNS_OPTION_V2 flag Incompatible changes to the --dns server address and --dns server exclude-domains options were introduced after the code for handling them was released. Add and send a new IV_PROTO flag, so servers which act on the flags set can differentiate between clients which have implemented --dns and those which just support the new option. This enables them to decide which variant of options to send to the client. Change-Id: I975057c20c1457ef88111f8d142ca3fd2039d5ff Signed-off-by: Heiko Hund --- M src/openvpn/ssl.c M src/openvpn/ssl.h 2 files changed, 6 insertions(+), 3 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/80/680/1 diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index e0e9591..14c38cf 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -1900,8 +1900,8 @@ /* support for P_DATA_V2 */ int iv_proto = IV_PROTO_DATA_V2; - /* support for the --dns option */ - iv_proto |= IV_PROTO_DNS_OPTION; + /* support for the latest --dns option */ + iv_proto |= IV_PROTO_DNS_OPTION_V2; /* support for exit notify via control channel */ iv_proto |= IV_PROTO_CC_EXIT_NOTIFY; diff --git a/src/openvpn/ssl.h b/src/openvpn/ssl.h index 1a45048..6c2bfc3 100644 --- a/src/openvpn/ssl.h +++ b/src/openvpn/ssl.h @@ -94,7 +94,7 @@ * result. */ #define IV_PROTO_NCP_P2P (1<<5) -/** Supports the --dns option introduced in version 2.6 */ +/** Supports the --dns option introduced in version 2.6. Not sent anymore. */ #define IV_PROTO_DNS_OPTION (1<<6) /** Support for explicit exit notify via control channel @@ -107,6 +107,9 @@ /** Support to dynamic tls-crypt (renegotiation with TLS-EKM derived tls-crypt key) */ #define IV_PROTO_DYN_TLS_CRYPT (1<<9) +/** Supports the --dns option after all the incompatible changes */ +#define IV_PROTO_DNS_OPTION_V2 (1<<11) + /* Default field in X509 to be username */ #define X509_USERNAME_FIELD_DEFAULT "CN"