From patchwork Thu Jul 25 11:22:48 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 3775 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:6242:b0:5a1:d4fc:4ac6 with SMTP id v2csp3566304mad; Thu, 25 Jul 2024 04:23:40 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWMp788D7YKqMoUtQAJ50iIENvZ1s0ghH5wl4E7xy74+J1wP2MkhohlcD9zTmmvlB0Rlozc3ozWuGU=@openvpn.net X-Google-Smtp-Source: AGHT+IHHaDn/3XgiLlLOK8blvSFiiCHYSOyZcwcMbmQcuLzu/YHF0KGJ6CuXk3riBxJU/mDQ0mPN X-Received: by 2002:a05:6a00:2176:b0:70a:efec:6b88 with SMTP id d2e1a72fcca58-70eaca874f9mr1377542b3a.3.1721906620117; Thu, 25 Jul 2024 04:23:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1721906620; cv=none; d=google.com; s=arc-20160816; b=OtdXgHWQoNcne7ipYmYtBQUmfeE5pdRPFC1MrDnte+NRhs95F7blIp5sz8ZIuq6wxg SFh6uSIZkMbhJWbOjIRIO1o8JTH30DfNeSBTBMWGqMeTsMV+ib4tWpnaXJG60/mOkwe/ 6vmwaDXKGBPea5d0Uk0qhxJD8TaS5XlYeAKshyUpVKY9SiLtJXvvd/tE5A5Y8CceqFpG ppZmtke3EkwW5y76vLx2JHZpyftCLVJ5ZkSTFya2fYwCamqR8dsNJ/2wKxBTmhX35S25 OUb+bMF11lw5FyjJzIw28fcCmp8t3wV19fX2qZQ2L+wygT+nRVBIwjiTJ8kadoNxvN3p ClrA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=pcKYHGSo9WcQOUHsX24CRYt22hP3yAsBI9PiNbeApVU=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=RCcfuNMkWqpSRcC4y5bCoGKtInNLxW17oysWYP6ZjhSev9XAIcWuDTvHt4D0bL2c6o STc0UkpjzpnLxiyOFcGhXz1xUtOgpkius7WZC8mcyrZUUX7VodPRuKak80vD4uDLNpME jBJJNgsoQ87Mayv0/QOsIDpWLAPf8p2IwDoiXdjaa+D0pqRNp/Ih+VcZqVx6QcI0CIRO ZN5MDPpqrT+anLUUG1zmiiSIX64bW329GR/rPk/DBca+fpSCJ8rzREEmlVpStUuOcArW WA2hXeZNZGqKZpY1f3QFW2HTcE7lhrO1LZ5fi1LjYDNXx9oWiX0O6lR/pwDHDdi8a/mJ u7xQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=mqSlc7qu; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="Mj1/wqlF"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id d2e1a72fcca58-70ead6ff3a5si1414749b3a.65.2024.07.25.04.23.39 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 25 Jul 2024 04:23:40 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=mqSlc7qu; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="Mj1/wqlF"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1sWwYt-0007Qb-4G; Thu, 25 Jul 2024 11:23:07 +0000 Received: from [172.30.29.67] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1sWwYq-0007QJ-MM for openvpn-devel@lists.sourceforge.net; Thu, 25 Jul 2024 11:23:04 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Pq9k66pCBc/YI6g3Selw8YbJvvUjS1NXjm3fpHRCnD8=; b=mqSlc7quoLwO+nl79MOKo7fR6q vpszOS0TBG5XAvfW7Lj1PvQmnR8Gup+JItuyB4SVCwevKKqHn1SDHcwp9IZjoiN33w2k7Mn4z+JfQ gy2+xFO9rlJECBqjHO/QkzYpnC2Wo+T70+MDu1pBEu0KUDVDE/e6vuQt0kwN/qOJHiBQ=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Pq9k66pCBc/YI6g3Selw8YbJvvUjS1NXjm3fpHRCnD8=; b=Mj1/wqlFl8JILQdI0TO2YLEKiB wyGTTwANjnOamqZuub83sCRoNacEgINSge1khGbcKSl0Uc6f4qW/uqTk4pZaxWxx6ORIioiVgcQGY m0PFyoOhFXEkio5mLQgDUbpqcZTA/tDaM5g2O9IO4j061o5O5CRLSsrnvvnrgoVpIR+8=; Received: from dhcp-174.greenie.muc.de ([193.149.48.174] helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1sWwYo-0000Eg-N9 for openvpn-devel@lists.sourceforge.net; Thu, 25 Jul 2024 11:23:04 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 46PBMoT0021085 for ; Thu, 25 Jul 2024 13:22:50 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 46PBMoJB021084 for openvpn-devel@lists.sourceforge.net; Thu, 25 Jul 2024 13:22:50 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Thu, 25 Jul 2024 13:22:48 +0200 Message-ID: <20240725112248.21075-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.44.2 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: -5.0 (-----) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Heiko Hund Incompatible changes to the --dns server address and --dns server exclude-domains options were introduced after the code for handling them was released. Add and send a new IV_PROTO flag, so servers wh [...] Content analysis details: (-5.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at https://www.dnswl.org/, high trust [193.149.48.174 listed in list.dnswl.org] 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [193.149.48.174 listed in sa-accredit.habeas.com] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [193.149.48.174 listed in bl.score.senderscore.com] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record X-Headers-End: 1sWwYo-0000Eg-N9 Subject: [Openvpn-devel] [PATCH v1] add and send IV_PROTO_DNS_OPTION_V2 flag X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1805549956089447227?= X-GMAIL-MSGID: =?utf-8?q?1805549956089447227?= From: Heiko Hund Incompatible changes to the --dns server address and --dns server exclude-domains options were introduced after the code for handling them was released. Add and send a new IV_PROTO flag, so servers which act on the flags set can differentiate between clients which have implemented --dns and those which just support the new option. This enables them to decide which variant of options to send to the client. Change-Id: I975057c20c1457ef88111f8d142ca3fd2039d5ff Signed-off-by: Heiko Hund Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/680 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Arne Schwabe diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index e0e9591..14c38cf 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -1900,8 +1900,8 @@ /* support for P_DATA_V2 */ int iv_proto = IV_PROTO_DATA_V2; - /* support for the --dns option */ - iv_proto |= IV_PROTO_DNS_OPTION; + /* support for the latest --dns option */ + iv_proto |= IV_PROTO_DNS_OPTION_V2; /* support for exit notify via control channel */ iv_proto |= IV_PROTO_CC_EXIT_NOTIFY; diff --git a/src/openvpn/ssl.h b/src/openvpn/ssl.h index 1a45048..6c2bfc3 100644 --- a/src/openvpn/ssl.h +++ b/src/openvpn/ssl.h @@ -94,7 +94,7 @@ * result. */ #define IV_PROTO_NCP_P2P (1<<5) -/** Supports the --dns option introduced in version 2.6 */ +/** Supports the --dns option introduced in version 2.6. Not sent anymore. */ #define IV_PROTO_DNS_OPTION (1<<6) /** Support for explicit exit notify via control channel @@ -107,6 +107,9 @@ /** Support to dynamic tls-crypt (renegotiation with TLS-EKM derived tls-crypt key) */ #define IV_PROTO_DYN_TLS_CRYPT (1<<9) +/** Supports the --dns option after all the incompatible changes */ +#define IV_PROTO_DNS_OPTION_V2 (1<<11) + /* Default field in X509 to be username */ #define X509_USERNAME_FIELD_DEFAULT "CN"