From patchwork Mon Dec 16 12:22:38 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: corubba <corubba@gmx.de>
X-Patchwork-Id: 4004
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7000:1f13:b0:5e7:b9eb:58e8 with SMTP id
 hs19csp2078336mab;
        Mon, 16 Dec 2024 04:23:03 -0800 (PST)
X-Forwarded-Encrypted: i=2;
 AJvYcCUEP0/6Mh0cUu5HX/9gkW+kr/QwSGdjwGxUbRGtj/Be8w68+PKMv6YW0OwsbkPZ8q+D8WDbQJMdJSU=@openvpn.net
X-Google-Smtp-Source: 
 AGHT+IGD8Fv+h6bmyK+IJwrJ9AhASanIc7rw+Eak+7FFVVr1EmK/PE17YVxoIADLtMKmyEs5v2ua
X-Received: by 2002:a05:6830:6c14:b0:71d:f429:7f95 with SMTP id
 46e09a7af769-71e3ba779d5mr7303552a34.29.1734351783048;
        Mon, 16 Dec 2024 04:23:03 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1734351783; cv=none;
        d=google.com; s=arc-20240605;
        b=A6GvRpH3PKoUWmhP4QQ7WGh7Y5/pk/ffFUEKr9vmzTd6fWALSmmucmKrUAH6iq5Qdh
         eiV/olePP07/9NcZn2YedWNQYgzS0/Nn0DxmFW79+l5n98fTuCY6iI3ksjYwf+I4Eez+
         UXQdCBFpnHQEDf/68T90tBn7iWPvDbVWdMsBee4S3VdcCS0TpG6OjUjaw1HRsfc2lIAD
         FaD+rgtikQU3iejlvPqYZ3nFvItwTkbjMvew1V6AUQe3iRf7Ii9GdWdafBhLgpgg2u/L
         Nzr+Ow++rsWdTCvXJ2PoqRLI/D2yYXOFXrADZOPjtFqonk3BUlB0mGXkeJnURegXRYXT
         /ejQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=errors-to:content-transfer-encoding:reply-to:from:list-subscribe
         :list-help:list-post:list-archive:list-unsubscribe:list-id
         :precedence:subject:ui-outboundreport:in-reply-to:content-language
         :references:to:user-agent:mime-version:date:message-id
         :dkim-signature:dkim-signature:dkim-signature;
        bh=q49Uh2LReDIdlyJPbiCN+xhNtm5wZgoPTu30v/I3jqo=;
        fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=;
        b=RzuERYWUtOTt7qOeGNxobz17bKHjX8G3rPWJz6H5NP2Z79s0MMfzH2SImr9EPCFLpC
         tiHP0TyxPA5hoysCUDSjeT4XmMqF8E+6Sn7VMjDMW1UbAzgGW4RfJ67xCjfuSg0KXvf0
         isARbY6VETG1B77f6dUAL3cKabX46VYYExKmu4h+DdlQwb6w6V2xQrrzngir9XVhFDOZ
         4BBfPCs5+xtlwu7ezTapikWHkQzLvDs9fhpGoGvPBwMSb64RqA9FcxmCmHSqateqqX2e
         E719dbOGTp5XHHu2XSpakKidLb0B/KcRgyr6W6kyyFJ2e/8mOxDxghZ3vxuuhkAn0VUg
         8J6g==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=H1GWv0lY;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=lyW11juS;
       dkim=neutral (body hash did not verify) header.i=@gmx.de
 header.s=s31663417 header.b=bhk5yVAu;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=sourceforge.net
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
        by mx.google.com with ESMTPS id
 46e09a7af769-71e48634c87si3134310a34.311.2024.12.16.04.23.02
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 16 Dec 2024 04:23:03 -0800 (PST)
Received-SPF: pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=H1GWv0lY;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=lyW11juS;
       dkim=neutral (body hash did not verify) header.i=@gmx.de
 header.s=s31663417 header.b=bhk5yVAu;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=sourceforge.net
Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com)
	by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1tNA7k-0000kC-Jd;
	Mon, 16 Dec 2024 12:22:56 +0000
Received: from [172.30.29.66] (helo=mx.sourceforge.net)
 by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
 (envelope-from <corubba@gmx.de>) id 1tNA7i-0000k5-NS
 for openvpn-devel@lists.sourceforge.net;
 Mon, 16 Dec 2024 12:22:54 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:
 From:References:To:Subject:MIME-Version:Date:Message-ID:Sender:Reply-To:Cc:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=+oOw2ImSOSFIaAxeJeppfl0aWLemECLILunreLvQoLM=; b=H1GWv0lYnRw+Ka9TS/YEqnU3CM
 xQPX9WmO98Xlc7wtKvLK4NXxtE0zwBkQlkkUjuNXLpoACxBEOol4xXPeaEhrK6UtEUoPAExaNO/Mj
 56ylfy57zo14VCuoGSW7ZKvra5Lv4rr7WGcsAYnvOVhxlrAY9/1xLa5oZsF1r2BP2kgQ=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Transfer-Encoding:Content-Type:In-Reply-To:From:References:To:
 Subject:MIME-Version:Date:Message-ID:Sender:Reply-To:Cc:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=+oOw2ImSOSFIaAxeJeppfl0aWLemECLILunreLvQoLM=; b=lyW11juSzTnBeJuyEn5e3n4Bzj
 x+irGkj/pfQdIqWC+HySToHs1zB9n8ua7hdMY+sZbHrJpSaeOJ6/W9C3POsdgerHHauB8Ke1X7IiI
 DCcStDIr9HwWucxK4oWFdHXvjr+df3hw90rqDmzzu9Yg1Urm7jUky4592B4C7zj21QQU=;
Received: from mout.gmx.net ([212.227.15.18])
 by sfi-mx-2.v28.lw.sourceforge.com with esmtps
 (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95)
 id 1tNA7h-0005OM-5l for openvpn-devel@lists.sourceforge.net;
 Mon, 16 Dec 2024 12:22:54 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmx.de;
 s=s31663417; t=1734351761; x=1734956561; i=corubba@gmx.de;
 bh=+oOw2ImSOSFIaAxeJeppfl0aWLemECLILunreLvQoLM=;
 h=X-UI-Sender-Class:Message-ID:Date:MIME-Version:Subject:To:
 References:From:In-Reply-To:Content-Type:
 Content-Transfer-Encoding:cc:content-transfer-encoding:
 content-type:date:from:message-id:mime-version:reply-to:subject:
 to;
 b=bhk5yVAu0XL4k1EUopM3VZdIYthjN4VJJnwVRxbAK52daDCjEdBCDPAuSgs0K4Lv
 08CIZ+F39EV3nGKtkr+hF/F6z9+/P/9o1yYgyudVzVauXGZj1VfmZoam6Dfn2mEVu
 XaHuhB0HpyZe/v3AQ9D+ZuyfJJkWKUEW7vn6kJuEWgU7AcEkTMFrmy4HAiZO6pRUF
 0GLKdITxH9t6gC90mZb9fuVPAyRYYZ/iP+Q/N0oZCsErev8RWhZqypQqedJ52GdMq
 78V/z5YfDexXJS0SZPWHb8sgslNgmVRhs4xKu1D0L7+Yvbxsa0QwMWgfgztiVNIbk
 uJwGKXioW3v/DtPeog==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from [192.168.44.3] ([83.135.91.229]) by mail.gmx.net (mrgmx005
 [212.227.17.190]) with ESMTPSA (Nemesis) id 1N8GQs-1taaJ71Wxk-00rTar for
 <openvpn-devel@lists.sourceforge.net>; Mon, 16 Dec 2024 13:22:41 +0100
Message-ID: <b16cab79-188f-41a3-af32-f944a387400f@gmx.de>
Date: Mon, 16 Dec 2024 13:22:38 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: openvpn-devel@lists.sourceforge.net
References: <7e42399c-3a94-40a2-bcaa-15545c3b761c@gmx.de>
 <6a00da72-dc11-409e-9d47-4694e1d6f02f@gmx.de>
 <a986633d-69d7-4bd1-b288-2f0de53b106e@unstable.cc>
Content-Language: de-CH
In-Reply-To: <a986633d-69d7-4bd1-b288-2f0de53b106e@unstable.cc>
X-Provags-ID: V03:K1:vPEEjTN6qoGpDthAkB4nazzvdcq4EVfOL07TviNsK+EuyhocdJR
 NUwhqkRbHtcQTvenluWwaHQ4zxd2VRRzjA2gpKNoti7dkgXtzOJCQ0idD3+vEwSQlKuB59J
 2kzoOUjD+NVJMU5MViW+Gq69i212OkzXpdiHf7c40xvRjylom3hW+rpD2OsKTFj9Ksp9l8m
 To5VNsZO3e3Lj0CAONmLg==
X-Spam-Flag: NO
UI-OutboundReport: notjunk:1;M01:P0:WtXevEflkVM=;2cU8obtMo7eU3vTZZOW0X/JYdwf
 A/ADvb7BktjO2eBg6gr30+irKKCCgKLMthSIrXOAf37kTyDVAMGD59ezMJJaTBkZwkUbabM4u
 mEe5wMtByLkBY+IE3RSeXV81EZXD4ll/gv7PK6H3ZJnxY1GQXmA4i/pCJTjM+lpig/14YFh60
 ZcsmzynwypFfj8a/HGGNQhN1Sl5/IJG4z46q0HfjPFUiAzEHs2xI3xHN7Yfq0SRslYyd8ZKz3
 f8uG2flhBFP/b/0k8eytqq3LEsySgYEQ9m71GRb/B6kI+pwshP5Q+kGrqMjWymL5xnNXHF4Nm
 ZsFRWiFkQmfZJ+Cvw1byRHwmOv5SMhZpWTHuxq87jpxVbR7XgxDrKD1smIdXO2pY2EMARm3Q8
 hgNcMVGT96uepuH9BnPTSe806O4niDbnuyUN1/wXxhJVzPEBNV+pVnHYp2oal51WfmAO3KSv5
 rUmWOAK2TxTrrsEK3IXQqD/VCmTDyPLierXN3sjoN2FINbk025Cf4/3MOROQ6WSNeENHN4A2e
 I4oKHMighu1U/poGIfQDR/kMnem84tpuNU9X22HWEmjHRJ5da63Kd8bsY0ZqbyH2l3W/Ntqse
 /IaUb06pFH2/QqEDgzvShPbF/IJEl66mbsouuFnIAhphQF/2crG24GgcuOfz6AyhnClwDYg3z
 gj93w5qUsBLLW/lEvj8AaB/GYatEhOEnpitPxNQff8zvxuOJKJlYL0xPKajXWw7ID60tEfyXj
 5xB0FBHkfWa1dT0RD8vNb74XK4Zc+VXSCEpziM2hA/K1awdoQu1ST7/WYqxtTiBRDn3NrH8V0
 Qmo/HCBgCbTTy5nn8dg0Kl/LVg2+zoEXTc0ldZnlHNlTAPW+5f3DeZgTBKYelJbT52SKYcs6H
 0gVw/0BT3tsvk4AkmWkeTWArBpgSC9lSDJ+dnh+oR76lsSq6r3xDZikw8KXTohykL6/py3C5Z
 wyDxhxiDSHZ3n/VGqOcUDGKLzEtocuHLLwUQs+Sx2tNrhdCKOVhPVUXgPpND9XKuOoJDZWZlY
 P5l3AWzrIw6ZGB8XWu+0FkymfPGH3prlgAPxfPUM7jcWa088YEtSG3ZW7rJ26mlcyA5lRL0Tx
 9Klv6/WocsOjdT5VMqfX1m5dChgwsM
X-Spam-Score: -0.9 (/)
X-Spam-Report: Spam detection software,
 running on the system "util-spamd-1.v13.lw.sourceforge.com",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: Before passing IPv4-mapped IPv6 addresses to the proxy
 journal,
 translate them to plain IPv4 addresses. Whether the connection was accepted
 by OpenVPN on a "dual stack" socket is of no importance to t [...]
 Content analysis details:   (-0.9 points, 6.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE:
 The query to Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243
 for more information.
 [212.227.15.18 listed in sa-accredit.habeas.com]
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
 query to Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243
 for more information.
 [212.227.15.18 listed in bl.score.senderscore.com]
 -0.7 RCVD_IN_DNSWL_LOW      RBL: Sender listed at https://www.dnswl.org/,
 low trust [212.227.15.18 listed in list.dnswl.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider [corubba[at]gmx.de]
 0.0 RCVD_IN_MSPIKE_H3      RBL: Good reputation (+3)
 [212.227.15.18 listed in wl.mailspike.net]
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
 author's domain
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily
 valid
 -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
 envelope-from domain
 0.0 RCVD_IN_MSPIKE_WL      Mailspike good senders
X-Headers-End: 1tNA7h-0005OM-5l
Subject: [Openvpn-devel] [PATCH v2 1/2] port-share: Normalize IPv4-mapped
 IPv6 addresses
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
X-Patchwork-Original-From: corubba via Openvpn-devel
 <openvpn-devel@lists.sourceforge.net>
From: corubba <corubba@gmx.de>
Reply-To: corubba <corubba@gmx.de>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1818459789447854206?=
X-GMAIL-MSGID: =?utf-8?q?1818599655231478933?=

Before passing IPv4-mapped IPv6 addresses to the proxy journal,
translate them to plain IPv4 addresses. Whether the connection was
accepted by OpenVPN on a "dual stack" socket is of no importance to the
proxy receiver.

Signed-off-by: Corubba Smith <corubba@gmx.de>
---
 src/openvpn/ps.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

--
2.47.1

diff --git a/src/openvpn/ps.c b/src/openvpn/ps.c
index 06bf91a8..36ea63b8 100644
--- a/src/openvpn/ps.c
+++ b/src/openvpn/ps.c
@@ -330,6 +330,22 @@ proxy_list_housekeeping(struct proxy_connection **list)
     }
 }

+/*
+ * In-place transformation of an openvpn_sockaddr with an IPv4-mapped IPv6
+ * address to one with a plain IPv4 address. No-op otherwise.
+ */
+static void
+transform_mapped_v4_sockaddr(struct openvpn_sockaddr *sock)
+{
+    if (sock->addr.sa.sa_family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(&sock->addr.in6.sin6_addr))
+    {
+        sock->addr.in4.sin_family = AF_INET;
+        /* sin_port and sin6_port are the same already */
+        memcpy(&sock->addr.in4.sin_addr, &sock->addr.in6.sin6_addr.s6_addr[12], 4);
+        memset(&sock->addr.in4 + 1, 0, sizeof(sock->addr) - sizeof(sock->addr.in4));
+    }
+}
+
 /*
  * Record IP/port of client in filesystem, so that server receiving
  * the proxy can determine true client origin.
@@ -349,6 +365,8 @@ journal_add(const char *journal_dir, struct proxy_connection *pc, struct proxy_c
     if (!getpeername(pc->sd, (struct sockaddr *) &from.addr.sa, &slen)
         && !getsockname(cp->sd, (struct sockaddr *) &to.addr.sa, &dlen))
     {
+        transform_mapped_v4_sockaddr(&from);
+        transform_mapped_v4_sockaddr(&to);
         const char *f = print_openvpn_sockaddr(&from, &gc);
         const char *t = print_openvpn_sockaddr(&to, &gc);
         fnlen =  strlen(journal_dir) + strlen(t) + 2;

From patchwork Mon Dec 16 12:22:51 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: corubba <corubba@gmx.de>
X-Patchwork-Id: 4005
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7000:1f13:b0:5e7:b9eb:58e8 with SMTP id
 hs19csp2078408mab;
        Mon, 16 Dec 2024 04:23:09 -0800 (PST)
X-Forwarded-Encrypted: i=2;
 AJvYcCX9BOTnDcs3tUugqyWqOJtlwEo9YSemAVntOpeudmIQHG1S+0PtMqqoTnfhzp9uEoYGvbGSuYmrTxc=@openvpn.net
X-Google-Smtp-Source: 
 AGHT+IGnj+5ip8jsOlR11Qc42rrQepChPKwvLrR0KK6CGXsViPSPWuP4XpuSW7oALNgdEvlXaCkR
X-Received: by 2002:a05:6808:bc4:b0:3ea:66c1:cbef with SMTP id
 5614622812f47-3eba698279amr5588476b6e.39.1734351789647;
        Mon, 16 Dec 2024 04:23:09 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1734351789; cv=none;
        d=google.com; s=arc-20240605;
        b=eVb+fMhpFXvrDR/bsoMuzOA92SnokVUYPbJeZWmur8WW1dC2nLFZ17IepUdgyAg7n/
         P1JwggBxbZe8FmieaJ5IwQjuW4B2hNwNPvApcmtwhJ9JQk+0SLyMrAXX22ixvWDuuyCN
         SY0X8FhYrdZubVVOzCPU4XyLm4mnbWveubgG69uj9Ul8GoLZ0y6ZtaJT1jaN2tSyk7Rk
         NiDKtMPn4oQY43oCBQ7TRoJw9T30r8E0UMMdUVZtxKigLJ4JvAVH3zvbcpDvSPrXYQH6
         oYtoAZQD7OyQCEq6z1GdCNdblcOtFvydQ0G2k5EGwMN2ew6Fho5yVpA2Z6GNTbh2CZxg
         evQQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=errors-to:content-transfer-encoding:reply-to:from:list-subscribe
         :list-help:list-post:list-archive:list-unsubscribe:list-id
         :precedence:subject:ui-outboundreport:in-reply-to:content-language
         :references:to:user-agent:mime-version:date:message-id
         :dkim-signature:dkim-signature:dkim-signature;
        bh=SYBQ3CGLYeIlLfIjwpJaEzTJx8JIyNfH9I0LFLm69aw=;
        fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=;
        b=EJimx0qLF89bG7dhFbaGcomH1i7J7AAQzZSHWx8xZjZoEdWMnGTHNv/9sFFYmgdBtM
         fKASTyF1ui3Vqrcwg5xCTRc3Pbkz7x0BS8wtdT93jxgMTpsUgdlGYIPynsgdTQqhL6Hm
         D2BsyPFTefpwET2hBzDV6rGQKDSRp17ai74NWuakfI8ywteppZP401KYHggOCMZ3Muvt
         2b5jd6jh89Nm07JmQpQynun6daXLKxvJudrIYWg9dfd53oTGtqTrk6T78ZBKKeaMN9mP
         fJns9wwBr4IKutrl2uYmmzQGbvYNRmv9jJIbmhx9YH54sdMnrI+pnC4FMRLHM4fKxeQ2
         m4eA==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=arC85tWt;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=VEqxLPk2;
       dkim=neutral (body hash did not verify) header.i=@gmx.de
 header.s=s31663417 header.b=sACo38Bl;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=sourceforge.net
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
        by mx.google.com with ESMTPS id
 5614622812f47-3ebb478b718si2871841b6e.30.2024.12.16.04.23.09
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 16 Dec 2024 04:23:09 -0800 (PST)
Received-SPF: pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=arC85tWt;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=VEqxLPk2;
       dkim=neutral (body hash did not verify) header.i=@gmx.de
 header.s=s31663417 header.b=sACo38Bl;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=sourceforge.net
Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com)
	by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1tNA7t-00041I-Fs;
	Mon, 16 Dec 2024 12:23:05 +0000
Received: from [172.30.29.66] (helo=mx.sourceforge.net)
 by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
 (envelope-from <corubba@gmx.de>) id 1tNA7s-00041C-9J
 for openvpn-devel@lists.sourceforge.net;
 Mon, 16 Dec 2024 12:23:04 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:
 From:References:To:Subject:MIME-Version:Date:Message-ID:Sender:Reply-To:Cc:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=Zozjrr5C5ak6/+nzGtzeG7Epmd7p6z5PCfQJD5ciGGs=; b=arC85tWtItV/XPHRPnf565uaoA
 wyQulKVwUVD2jkhqR+qQkDKjvul/opLhjZDv0AvSKpmdVP7f3WmjlJ89otTbXbOZxnKzaXqUDeiwN
 EG6nLMmjmdluqM8oFTTI7rnPqGHZZl6lTD7X8OINmC+AAK5NSiWlY7L9z/I1ECJYMb0k=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Transfer-Encoding:Content-Type:In-Reply-To:From:References:To:
 Subject:MIME-Version:Date:Message-ID:Sender:Reply-To:Cc:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=Zozjrr5C5ak6/+nzGtzeG7Epmd7p6z5PCfQJD5ciGGs=; b=VEqxLPk2/gQQxSPxJZUVRv7D5o
 mOOHWPE8VpOGRSozaICSPgHhYTUeBnul45lCHJKYo4TTxMLjFRod7NiyxetVaPk4ck4M2qg64wJ0x
 q4kTGfMw9n55nFnmAaP2/6/pxt2qkrSJmhR4wFr5QB5bRK1/bGmEqVJrARw5zLcITVcA=;
Received: from mout.gmx.net ([212.227.15.18])
 by sfi-mx-2.v28.lw.sourceforge.com with esmtps
 (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95)
 id 1tNA7r-0005P7-4W for openvpn-devel@lists.sourceforge.net;
 Mon, 16 Dec 2024 12:23:04 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmx.de;
 s=s31663417; t=1734351771; x=1734956571; i=corubba@gmx.de;
 bh=Zozjrr5C5ak6/+nzGtzeG7Epmd7p6z5PCfQJD5ciGGs=;
 h=X-UI-Sender-Class:Message-ID:Date:MIME-Version:Subject:To:
 References:From:In-Reply-To:Content-Type:
 Content-Transfer-Encoding:cc:content-transfer-encoding:
 content-type:date:from:message-id:mime-version:reply-to:subject:
 to;
 b=sACo38BlI1C/hRp/gJQ9K5M0pP1XRlcyS+lYxRO009ev5mcV33hURoycedQ5YWD4
 xNKIZ34RxuaQBrUPNaS1DYc7hZ1L2o4DmaTngyWagiVsDiJ7wELMTCG6+VtXhEQ4m
 04yJWyshJiDhUyDAw+wwSlFEGjD43gx0NrdMtKNzpO+k0We/Mb5rD3PvGeXikRxaQ
 F4ZnpbVgkM50WjVuuivuwxUkto9zdH0xTGODgs1fakU2HThUq4gryZyK1o9mTaYbu
 GD8y+vk3cBVaVaB13hg8W7AFb74JCMsKKrQ20AfPyUOGMQxQ5aFdKYVDmdYgTvapK
 vYaBsU4j2x8YLzsGJg==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from [192.168.44.3] ([83.135.91.229]) by mail.gmx.net (mrgmx005
 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MS3ir-1szseG2cBv-00OiHU for
 <openvpn-devel@lists.sourceforge.net>; Mon, 16 Dec 2024 13:22:51 +0100
Message-ID: <86c60a4f-685e-4157-ad10-6de03bb2eef0@gmx.de>
Date: Mon, 16 Dec 2024 13:22:51 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: openvpn-devel@lists.sourceforge.net
References: <7e42399c-3a94-40a2-bcaa-15545c3b761c@gmx.de>
 <6a00da72-dc11-409e-9d47-4694e1d6f02f@gmx.de>
 <a986633d-69d7-4bd1-b288-2f0de53b106e@unstable.cc>
Content-Language: de-CH
In-Reply-To: <a986633d-69d7-4bd1-b288-2f0de53b106e@unstable.cc>
X-Provags-ID: V03:K1:TqvMbsQGr9iRIDuez6lO8YtSQ/0IBdG0mqzutO3SEF7Pbql3auU
 pOCcRsO1u+NV998+JDUYq03S838ZoFqVDKlzYAQtqrlkibpjDLM7boOIxNb1llUX6Ihn2RS
 k61cOxPM2/8Ey8w24z0+k9pAGqawQrz0UNDy+Udyw+qjLv71GDVIXAGKFlBgab/puLePzVZ
 x2JhU3HTpjQyb5FcZv5fg==
X-Spam-Flag: NO
UI-OutboundReport: notjunk:1;M01:P0:Lm0Luzf0aD0=;+6auJRnDv9D1oXEmAF8++dxAUi/
 xwaaWF7NBGo89d6x2klQAwM96o1TId+KsL5RQpfJjNCzNml8qDSFJvTkBURMpEyTEHbuiyctT
 dYk8KbNpBTPFDnooee9h5tOH6hKwgF/h58nXFZGHYKqLoaGlSVE5K8m0nk0quh1O+SpX9e/Xi
 WK8t8cEB+z+HdwWDcfQq+f+vxQ/Hfz+uQce+UA7X6QwQsyI1+Djls2P+7iyuNchguxzDLva3F
 KtKdjfCm7HrHsoHL8o+GpmwxP5pUhFKy7ftHzvNqN8LC8FRfR0wnHhZA145eJYm4MeSJYPdh2
 NT5N2FdzSaS2uz+LnvoBe8xSs+uXLSurd+yKxs3UOSvigkcmvvMELeQ962nCuJgDbTDfu+SN+
 NYa+Iio0e4b3Q2NbmiC3YTf7O5b7NwQgAg02GExJBtxndUzxpAcAghBHHl6g7/420OwPA3lhh
 qJr68TAVPunQl/bqPffS5PQi0CvNjbfkMWSb2ZTy8A2P8FcVm4S02/5f7cwRsAdCuaFILy/gR
 Oquf0q5idzv2xF/U9zbL8qOEzPh4NM7kzOIYxQe2min9hFtIjJDQYuhPgUqYd0V4k3NL/1sml
 79GfyDjica8blsJEm8Qx7oKpg0+kv0JbAQRitHcISCjYr4dHiIgfEyNVLkE//l/seecpK3LjX
 AbFmIpva5ioNKHrP7PycXPit8XGLic/MNYaMYyhXWuhHM+Gigi+/BwqBFOD2nUOv5XVp8EdCy
 GiKzwqxO4pJPutHQdHNx3svF5Eph441QgH2K0dt2kXVd5Wxd3YHG3mDLhy7JNu4KFtkk3MiEa
 BXiW7q34LJ/maeWV9TxaFbuA3gcupIE6AdDNH7PE6EAYMGDe6pTh/sz56pTduxIE+EJRncCBs
 72Chmp9w4zxDx42W8BMwlk9jQcPOJIYR/H2WjmAk5b91Wj+Hc2lfY5Yn/2e06pmE3n8h3s4I8
 UWqlzYNAOtKxuIWE6ovFlI47KNVQeAORilyEEOjmw4B8V2xVNTDkMuwfx8yHXcCysgW/OXl/1
 pxfki4M1HNMtPoyFzdelcnCV07WMdPrs97myZnsYdk4n3yxTp9za5cj2uoenwvJRqbv3+Yjyi
 KiPjBvt/2oYr4PaPtBwQ5fgfyKiRS/
X-Spam-Score: -0.9 (/)
X-Spam-Report: Spam detection software,
 running on the system "util-spamd-1.v13.lw.sourceforge.com",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  In addition to the custom journal solution,
 also support the
 widely used binary PROXY protocol version 2 to convey the original client
 connection parameters to the proxy receiver. This makes the port- [...]
 Content analysis details:   (-0.9 points, 6.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 0.0 RCVD_IN_MSPIKE_H3      RBL: Good reputation (+3)
 [212.227.15.18 listed in wl.mailspike.net]
 -0.7 RCVD_IN_DNSWL_LOW      RBL: Sender listed at https://www.dnswl.org/,
 low trust [212.227.15.18 listed in list.dnswl.org]
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
 query to Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243
 for more information.
 [212.227.15.18 listed in bl.score.senderscore.com]
 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE:
 The query to Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243
 for more information.
 [212.227.15.18 listed in sa-trusted.bondedsender.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider [corubba[at]gmx.de]
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
 author's domain
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily
 valid
 -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
 envelope-from domain
 0.0 RCVD_IN_MSPIKE_WL      Mailspike good senders
X-Headers-End: 1tNA7r-0005P7-4W
Subject: [Openvpn-devel] [PATCH v2 2/2] port-share: Add proxy protocol v2
 support
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
X-Patchwork-Original-From: corubba via Openvpn-devel
 <openvpn-devel@lists.sourceforge.net>
From: corubba <corubba@gmx.de>
Reply-To: corubba <corubba@gmx.de>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1818459848478397102?=
X-GMAIL-MSGID: =?utf-8?q?1818599662568883772?=

In addition to the custom journal solution, also support the widely
used binary PROXY protocol version 2 to convey the original client
connection parameters to the proxy receiver. This makes the port-share
journal feature more accessable and easier to use, because one doesn't
need a custom integration.

While this is a spec-compliant sender implementation of the PROXY
protocol, it does not implement it in full. Version 1 was left out
entirely, in favour of the superior and easier-to-implement version 2.
The implementation was also kept minimal with regards to what OpenVPN
supports/requires: Local commands, unix sockets, UDP and TLVs are not
implemented.

Signed-off-by: Corubba Smith <corubba@gmx.de>
---
 doc/man-sections/server-options.rst |   4 +
 src/openvpn/ps.c                    | 110 +++++++++++++++++++++++++++-
 2 files changed, 113 insertions(+), 1 deletion(-)

--
2.47.1

diff --git a/doc/man-sections/server-options.rst b/doc/man-sections/server-options.rst
index 3fe9862c..5fdd4a22 100644
--- a/doc/man-sections/server-options.rst
+++ b/doc/man-sections/server-options.rst
@@ -435,6 +435,10 @@ fast hardware. SSL/TLS authentication must be used in this mode.
   the origin of the connection. Each generated file will be automatically
   deleted when the proxied connection is torn down.

+  ``dir`` can be set to the special value ``proxy_protocol_v2`` to make
+  OpenVPN use the binary PROXY protocol version 2 towards the proxy receiver.
+  No temporary files will be written in this mode.
+
   Not implemented on Windows.

 --push option
diff --git a/src/openvpn/ps.c b/src/openvpn/ps.c
index 36ea63b8..b5d04c5b 100644
--- a/src/openvpn/ps.c
+++ b/src/openvpn/ps.c
@@ -393,6 +393,107 @@ journal_add(const char *journal_dir, struct proxy_connection *pc, struct proxy_c
     gc_free(&gc);
 }

+/*
+ * Send the proxy protocol v2 binary header, so that the receiving
+ * server knows the true client connection parameters.
+ */
+static void
+send_proxy_protocol_v2_header(const struct proxy_connection *const pc, const struct proxy_connection *const cp)
+{
+    static const uint8_t PP2_AF_UNSPEC = 0x0, PP2_AF_INET = 0x1, PP2_AF_INET6 = 0x2;
+    static const uint8_t PP2_PROTO_STREAM = 0x1;
+
+    struct openvpn_sockaddr src, dst;
+    socklen_t src_len, dst_len;
+    unsigned char header[52] = {
+        "\x0D\x0A\x0D\x0A\x00\x0D\x0A\x51\x55\x49\x54\x0A" /* signature */
+        "\x21" /* version=2 + command=proxy */
+        /* initialize the rest to zero for now */
+    };
+    uint8_t addr_fam, header_len = 16;
+    uint16_t addr_len;
+
+    src_len = sizeof(src.addr);
+    dst_len = sizeof(dst.addr);
+    if (0 != getpeername(pc->sd, &src.addr.sa, &src_len)
+        || 0 != getsockname(pc->sd, &dst.addr.sa, &dst_len))
+    {
+        msg(M_WARN, "PORT SHARE PROXY: getting client connection parameters failed");
+        src.addr.sa.sa_family = dst.addr.sa.sa_family = AF_UNSPEC;
+    }
+
+    transform_mapped_v4_sockaddr(&src);
+    transform_mapped_v4_sockaddr(&dst);
+    if (src.addr.sa.sa_family != dst.addr.sa.sa_family)
+    {
+        msg(M_WARN, "PORT SHARE PROXY: address family mismatch between peer and socket");
+        /* src wins, because that is usually the more important info */
+        dst.addr.sa.sa_family = src.addr.sa.sa_family;
+    }
+
+    if (msg_test(D_PS_PROXY_DEBUG))
+    {
+        struct gc_arena gc = gc_new();
+        dmsg(D_PS_PROXY_DEBUG, "PORT SHARE PROXY: client connection is %s -> %s",
+             print_openvpn_sockaddr(&src, &gc), print_openvpn_sockaddr(&dst, &gc));
+        gc_free(&gc);
+    }
+
+    switch (src.addr.sa.sa_family)
+    {
+        case AF_INET:
+            addr_fam = PP2_AF_INET;
+            addr_len = 12;
+            ASSERT(4 >= sizeof(src.addr.in4.sin_addr));
+            ASSERT(4 >= sizeof(dst.addr.in4.sin_addr));
+            memcpy(&header[16], &src.addr.in4.sin_addr, sizeof(src.addr.in4.sin_addr));
+            memcpy(&header[20], &dst.addr.in4.sin_addr, sizeof(dst.addr.in4.sin_addr));
+            ASSERT(2 >= sizeof(src.addr.in4.sin_port));
+            ASSERT(2 >= sizeof(dst.addr.in4.sin_port));
+            memcpy(&header[24], &src.addr.in4.sin_port, sizeof(src.addr.in4.sin_port));
+            memcpy(&header[26], &dst.addr.in4.sin_port, sizeof(dst.addr.in4.sin_port));
+            break;
+
+        case AF_INET6:
+            addr_fam = PP2_AF_INET6;
+            addr_len = 36;
+            ASSERT(16 >= sizeof(src.addr.in6.sin6_addr));
+            ASSERT(16 >= sizeof(dst.addr.in6.sin6_addr));
+            memcpy(&header[16], &src.addr.in6.sin6_addr, sizeof(src.addr.in6.sin6_addr));
+            memcpy(&header[32], &dst.addr.in6.sin6_addr, sizeof(dst.addr.in6.sin6_addr));
+            ASSERT(2 >= sizeof(src.addr.in6.sin6_port));
+            ASSERT(2 >= sizeof(dst.addr.in6.sin6_port));
+            memcpy(&header[48], &src.addr.in6.sin6_port, sizeof(src.addr.in6.sin6_port));
+            memcpy(&header[50], &dst.addr.in6.sin6_port, sizeof(dst.addr.in6.sin6_port));
+            break;
+
+        /* AF_UNIX is currently not suppported by OpenVPN */
+
+        default:
+            addr_fam = PP2_AF_UNSPEC;
+            addr_len = 0;
+            break;
+    }
+
+    const uint8_t proto = PP2_PROTO_STREAM; /* DGRAM is currently not supported by port-share */
+    header[13] = (addr_fam << 4) | proto;
+
+    /* TLV is currently not implemented */
+
+    header_len += addr_len;
+    const uint16_t addr_len_n = htons(addr_len);
+    memcpy(&header[14], &addr_len_n, sizeof(addr_len_n));
+
+    ASSERT(header_len <= sizeof(header));
+    const socket_descriptor_t sd = cp->sd;
+    const int status = send(sd, header, header_len, MSG_NOSIGNAL);
+    dmsg(D_PS_PROXY_DEBUG, "PORT SHARE PROXY: proxy protocol v2 wrote[%d] %d", (int) sd, status);
+    if (status < (int) header_len)
+    {
+        msg(M_WARN, "PORT SHARE PROXY: failed to send proxy protocol v2 header");
+    }
+}
+
 /*
  * Cleanup function, on proxy process exit.
  */
@@ -488,7 +589,14 @@ proxy_entry_new(struct proxy_connection **list,
     /* add journal entry */
     if (journal_dir)
     {
-        journal_add(journal_dir, pc, cp);
+        if (0 == strcmp("proxy_protocol_v2", journal_dir))
+        {
+            send_proxy_protocol_v2_header(pc, cp);
+        }
+        else
+        {
+            journal_add(journal_dir, pc, cp);
+        }
     }

     dmsg(D_PS_PROXY_DEBUG, "PORT SHARE PROXY: NEW CONNECTION [c=%d s=%d]", (int)sd_client, (int)sd_server);

From patchwork Mon Dec 16 12:23:10 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: corubba <corubba@gmx.de>
X-Patchwork-Id: 4006
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7000:1f13:b0:5e7:b9eb:58e8 with SMTP id
 hs19csp2078660mab;
        Mon, 16 Dec 2024 04:23:32 -0800 (PST)
X-Forwarded-Encrypted: i=2;
 AJvYcCUkHtsSm1WSrJmlJdnUNcya4/elOZRakSbMiElVe+jICVEdS6kfg5/2EBNj2inEEQjytkbSXAP09Uk=@openvpn.net
X-Google-Smtp-Source: 
 AGHT+IHdfKtojbpqIMXEf910IhJFUzdhj9E6NdT5B4ktXDvGkXt3vnSkzkYq2wRYHKo0fx+6xti3
X-Received: by 2002:a05:6870:6492:b0:29e:58ec:2a11 with SMTP id
 586e51a60fabf-2a3ac7c20cemr7499745fac.21.1734351811887;
        Mon, 16 Dec 2024 04:23:31 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1734351811; cv=none;
        d=google.com; s=arc-20240605;
        b=G3zqrQMyhcuz0pWrYPUTILcuOaLtQA5ftomZps7ZBO2og82ys3VduTk9pYzduQ+Xk1
         wyhw+CkzEh+EtkIPsY0wWUJL5rQwNufQntsmlp9MCNg8FoEG6GJJ4pbwpFga7jaoL7nM
         7glhUsTDd96UNzMv9bsuC4c9SRApCgvfBlKL+o4+86cjX/OpcVWK50ba/Koeihm/J3Na
         yTfoDdv/OvsyOpVnGOFuyMlidBTb/LHW49NZaUc8JQTg2J4SB3iPObwLkXM8cwiEokXd
         s6fO5i2zPBgM+JPbR1em776/lIziZNm+/VzjhMBWpWjjBaFhUr+svKn4OU5U2D2cDLzv
         kQNw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=errors-to:content-transfer-encoding:reply-to:from:list-subscribe
         :list-help:list-post:list-archive:list-unsubscribe:list-id
         :precedence:subject:ui-outboundreport:in-reply-to:content-language
         :references:to:user-agent:mime-version:date:message-id
         :dkim-signature:dkim-signature:dkim-signature;
        bh=79znLNybZ/m0ItGdIun01YmJkEx4MvpNcB0b2IWH/oE=;
        fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=;
        b=jXUYS3HgQpy8I5tSZ2HynVFg7ULe+1OcJIblf4x1EU9KqaZBvwCRwwLrUPYq92MW5V
         R0w98/atbk3Cth+LGfDvlZzr27/Ub1WsQnDlS36X76IeTvQf7dHqwSxmpIPBEATGuCru
         Hl1BeDx/ZABo65C4pDpklw63uCE0MPwXBprILKeRHnfdgUtQ9rsh7k6uQjtcQukFffVj
         Ya/cF6zs+Tnux+J3SjpBJteNEoeDt3VD0sCKs6tTWenw3pEkZMh5pebiVRDlTA51LiJP
         dm+w1F+Iy5F6iVcK2nNc0KHp9TfL9p5TcIvoQJPvsjdlxr/MoJ+0YZvu32hGrC0hvSE1
         tb1w==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=TufBOjkf;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=Dc+zDwWf;
       dkim=neutral (body hash did not verify) header.i=@gmx.de
 header.s=s31663417 header.b=m01wCDyC;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=sourceforge.net
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
        by mx.google.com with ESMTPS id
 586e51a60fabf-2a3d2963455si3667298fac.136.2024.12.16.04.23.31
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 16 Dec 2024 04:23:31 -0800 (PST)
Received-SPF: pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=TufBOjkf;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=Dc+zDwWf;
       dkim=neutral (body hash did not verify) header.i=@gmx.de
 header.s=s31663417 header.b=m01wCDyC;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=sourceforge.net
Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com)
	by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1tNA8C-0000lc-UP;
	Mon, 16 Dec 2024 12:23:24 +0000
Received: from [172.30.29.66] (helo=mx.sourceforge.net)
 by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
 (envelope-from <corubba@gmx.de>) id 1tNA8B-0000lS-Ep
 for openvpn-devel@lists.sourceforge.net;
 Mon, 16 Dec 2024 12:23:22 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:
 From:References:To:Subject:MIME-Version:Date:Message-ID:Sender:Reply-To:Cc:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=NrObQtuA0cGO4Ik0ySB8kz0O5DlV/GzH6w+fPBmexXc=; b=TufBOjkf94/28FHqD8EdOkrIti
 WRDZsL/LLjIGm4RAD6PpD6IQGAsglTZ8aeSdGaiCCCkVe1ZYjuNls71p54c0BmZ7eM1BJLyc1vko7
 HfI42/QPKCYPiN04I35f+JTN0GrSDHFfvTwVjNzc5choq2tfDMixpqZcrnHoMB9EoDWE=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Transfer-Encoding:Content-Type:In-Reply-To:From:References:To:
 Subject:MIME-Version:Date:Message-ID:Sender:Reply-To:Cc:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=NrObQtuA0cGO4Ik0ySB8kz0O5DlV/GzH6w+fPBmexXc=; b=Dc+zDwWfz01lApk1XL+jNgDgMy
 8bQrVL7f+CC3ZZLRUXziSXJm17lxCOk+oM8nhcWTok9/S19lWptChtuYYFwGXrbuwuezk5ka2Z5l1
 gSZnI7GwCEZ/8ths1PrtDWT48m4FXTi2fRg59IHX5DNAjWxq0oSAiOO3RIBOKnwbt1NM=;
Received: from mout.gmx.net ([212.227.15.19])
 by sfi-mx-2.v28.lw.sourceforge.com with esmtps
 (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95)
 id 1tNA89-0005QM-TO for openvpn-devel@lists.sourceforge.net;
 Mon, 16 Dec 2024 12:23:22 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmx.de;
 s=s31663417; t=1734351790; x=1734956590; i=corubba@gmx.de;
 bh=NrObQtuA0cGO4Ik0ySB8kz0O5DlV/GzH6w+fPBmexXc=;
 h=X-UI-Sender-Class:Message-ID:Date:MIME-Version:Subject:To:
 References:From:In-Reply-To:Content-Type:
 Content-Transfer-Encoding:cc:content-transfer-encoding:
 content-type:date:from:message-id:mime-version:reply-to:subject:
 to;
 b=m01wCDyCmSJrIFZXWi65C2iP3oUBaC8OcLFzz7pM0JesFxTT4WUT71FnX048r+J9
 wXNnf6ZjnkflZHkzMpZq+mE9icwPRCl+xxAbDNj4pPDcBYtddZjae2ldwEIcXG2FH
 uTu8zPND/NemN2tbF2+4kDDCQPB7cC4s8jP0+fcOAX+A8ORCFXw0ViJCuzwgRjEYS
 ugW+34t7EcjDY9uMJr8XhEJBNZKkYPwVJkx7zXQ7BedJIr949rkrmoQqbz6N96x8Z
 gc6xF+8ZdIAsugWGr+7CG4Ix3WXgESwO2fxs4qP99NyUXJ8Is8oaFokHKRIDjjaBm
 sWHXKIoqooT6hFlB0g==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from [192.168.44.3] ([83.135.91.229]) by mail.gmx.net (mrgmx004
 [212.227.17.190]) with ESMTPSA (Nemesis) id 1Mt79P-1thQrn1dTl-013PMZ for
 <openvpn-devel@lists.sourceforge.net>; Mon, 16 Dec 2024 13:23:10 +0100
Message-ID: <14907efd-e18b-4bb2-94b7-51fe44011abd@gmx.de>
Date: Mon, 16 Dec 2024 13:23:10 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: openvpn-devel@lists.sourceforge.net
References: <7e42399c-3a94-40a2-bcaa-15545c3b761c@gmx.de>
 <6a00da72-dc11-409e-9d47-4694e1d6f02f@gmx.de>
 <a986633d-69d7-4bd1-b288-2f0de53b106e@unstable.cc>
Content-Language: de-CH
In-Reply-To: <a986633d-69d7-4bd1-b288-2f0de53b106e@unstable.cc>
X-Provags-ID: V03:K1:yq8L1ZNJHdn02ImJN/P4s/MnCkryl0X30kJaHc5BtIQOk7mrhGR
 QLWbQxoHvrA3ONOQWk89PPKjMp8nlTtwispDJLV25bJuQpTe00o2k44c9sjSQxQ9m56G9Gv
 nvwlRPJQHRSXBkRMZ2XETJLeoFZudVIYVYp267ywFbgobu1M9SeNW33lnXJcjsCczVlx8+V
 d9oq2in7FefeoVG5DR/sg==
X-Spam-Flag: NO
UI-OutboundReport: notjunk:1;M01:P0:FeOrGMSd6zI=;OCuIwH5wEH8rC2+tyeyQQarOrlx
 OBsKYLpcp5bZQRQUvqTmD19oHQTDjQmMXLCBq6aKQCRe7L5yIgbWNlGnwZrsQ4fn9ds08HHQ9
 LTtX1pT906jSsSi90hHXUE3XGfV2iIGygEIZQZ/NDgHLJTyNEGkJomoNY15TKKPJYuOybBDSc
 UumTrj4nsyCgLq8Rahm5x1RPHMD6TlLZ/8ZDBy4wtFiI7pBBjhj8wTNxMkkfO09USdGsPsU9f
 /YLTui9hFm4RHUkCk3EvJRHwxFrKD6pPGnD3O1VnedlmunjTeQjKkWrB95n14IZoKE9GIpbAB
 nQNJay2C4uKa2EWe+JbxDyn9oJLku+Deb9OfKQbl75frLS9j6wjB70kA32kkL2rK8dCqiDSkB
 Q5gYRpIbsgOZrlWWZIH588EOmu9101kmA/C30goVdVdBND241RLtdmOAfRzJJByH7woyIn7Ba
 T2nrnvVLQp0WURhuKjqxc3ZX+R1xts6WYi5CEi612DqAvgbBrCvwjCv8A6r1N9Y0f54D6i4B+
 9cq/mAsWjvAcZsikGLKPR/3DPP+ndG4i/N5g/ixHWtHSH3O2K5hTa0Jbv7Qn/hgU9Ikdcqejp
 l1zC/F0y0eKSVjn1ZPKczPBLODgD6DxL0dBtGJRblv5jiiD7XTZrdpRaWo59PGKKEnfgNwqy4
 HxQXkpLsRlwuRJpoLm1CvaP9o3pz76yb2ZIPI0F4WfGfpM1L+PJH2VEM+ot5IR/LdsDtxR45D
 UfbQRwq15q7xz9YxgaVEaVssin6T+ruQizoFoOi9nk8IjdpleDJ6hKAkkfuvBBbtuSRiFkTUM
 KTZ13C1UZYpQO+UGUBFntYAvWq9fmz9Ykc1mwqV5NOeHGPIAQL5m4Bzdd93YewWrR3amJSBSg
 dYGOpJP6A0gZqxGCr410F3ATAdY6H9wzuoIcdDtLd0ebrAn4NyzCKAm85Nyq2qI4r0ah7bzqP
 fyqEksueNCqKhNM05BN3f1+2ERdrhUpkO3WbnVWbSeV09Cedxsv53uJBcNzWrqoP8tV4YcfZ7
 PXLKNJxuniOzKpclVUp31P+AUN1XOgqz6A13Uf+y9rtzptqoLIp1SYlbhd1YAVAO/qH+V8e0k
 RSIR3qGxDL50IiUhF4/p7jD/ytQgCT
X-Spam-Score: -2.0 (--)
X-Spam-Report: Spam detection software,
 running on the system "util-spamd-1.v13.lw.sourceforge.com",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: Just in case it is ever needed. Signed-off-by: Corubba Smith
 --- src/openvpn/ps.c | 42 +++++++++++++++++++++++++++++++++++-------
 src/openvpn/socket.h
 | 1 + 2 files changed, 36 insertions(+), 7 deletions(-)
 Content analysis details:   (-2.0 points, 6.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
 query to Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243
 for more information.
 [212.227.15.19 listed in bl.score.senderscore.com]
 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE:
 The query to Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243
 for more information.
 [212.227.15.19 listed in sa-trusted.bondedsender.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider [corubba[at]gmx.de]
 -0.7 RCVD_IN_DNSWL_LOW      RBL: Sender listed at https://www.dnswl.org/,
 low trust [212.227.15.19 listed in list.dnswl.org]
 -1.1 RCVD_IN_MSPIKE_H2      RBL: Average reputation (+2)
 [212.227.15.19 listed in wl.mailspike.net]
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
 author's domain
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily
 valid
 -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
 envelope-from domain
X-Headers-End: 1tNA89-0005QM-TO
Subject: [Openvpn-devel] [PATCH v2 3/2] port-share: Add unix-socket and udp
 support for proxy protocol
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
X-Patchwork-Original-From: corubba via Openvpn-devel
 <openvpn-devel@lists.sourceforge.net>
From: corubba <corubba@gmx.de>
Reply-To: corubba <corubba@gmx.de>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1818459907126457218?=
X-GMAIL-MSGID: =?utf-8?q?1818599685508554290?=

Just in case it is ever needed.

Signed-off-by: Corubba Smith <corubba@gmx.de>
---
 src/openvpn/ps.c     | 42 +++++++++++++++++++++++++++++++++++-------
 src/openvpn/socket.h |  1 +
 2 files changed, 36 insertions(+), 7 deletions(-)

--
2.47.1

diff --git a/src/openvpn/ps.c b/src/openvpn/ps.c
index b5d04c5b..b34df315 100644
--- a/src/openvpn/ps.c
+++ b/src/openvpn/ps.c
@@ -400,18 +400,19 @@ journal_add(const char *journal_dir, struct proxy_connection *pc, struct proxy_c
 static void
 send_proxy_protocol_v2_header(const struct proxy_connection *const pc, const struct proxy_connection *const cp)
 {
-    static const uint8_t PP2_AF_UNSPEC = 0x0, PP2_AF_INET = 0x1, PP2_AF_INET6 = 0x2;
-    static const uint8_t PP2_PROTO_STREAM = 0x1;
+    static const uint8_t PP2_AF_UNSPEC = 0x0, PP2_AF_INET = 0x1, PP2_AF_INET6 = 0x2, PP2_AF_UNIX = 0x3;
+    static const uint8_t PP2_PROTO_UNSPEC = 0x0, PP2_PROTO_STREAM = 0x1, PP2_PROTO_DGRAM = 0x2;

     struct openvpn_sockaddr src, dst;
-    socklen_t src_len, dst_len;
-    unsigned char header[52] = {
+    socklen_t src_len, dst_len, socket_type_len;
+    unsigned char header[232] = {
         "\x0D\x0A\x0D\x0A\x00\x0D\x0A\x51\x55\x49\x54\x0A" /* signature */
         "\x21" /* version=2 + command=proxy */
         /* initialize the rest to zero for now */
     };
-    uint8_t addr_fam, header_len = 16;
+    uint8_t addr_fam, proto, header_len = 16;
     uint16_t addr_len;
+    int socket_type;

     src_len = sizeof(src.addr);
     dst_len = sizeof(dst.addr);
@@ -467,7 +468,14 @@ send_proxy_protocol_v2_header(const struct proxy_connection *const pc, const str
             memcpy(&header[50], &dst.addr.in6.sin6_port, sizeof(dst.addr.in6.sin6_port));
             break;

-        /* AF_UNIX is currently not suppported by OpenVPN */
+        case AF_UNIX:
+            addr_fam = PP2_AF_UNIX;
+            addr_len = 216;
+            ASSERT(108 >= sizeof(src.addr.un.sun_path));
+            ASSERT(108 >= sizeof(dst.addr.un.sun_path));
+            memcpy(&header[16], &src.addr.un.sun_path, 108);
+            memcpy(&header[124], &dst.addr.un.sun_path, 108);
+            break;

         default:
             addr_fam = PP2_AF_UNSPEC;
@@ -475,7 +483,27 @@ send_proxy_protocol_v2_header(const struct proxy_connection *const pc, const str
             break;
     }

-    const uint8_t proto = PP2_PROTO_STREAM; /* DGRAM is currently not supported by port-share */
+    socket_type_len = sizeof(socket_type);
+    if (0 != getsockopt(pc->sd, SOL_SOCKET, SO_TYPE, &socket_type, &socket_type_len))
+    {
+        msg(M_WARN, "PORT SHARE PROXY: getting socket type failed");
+        socket_type = -1; /* fallback to unspec */
+    }
+    switch (socket_type)
+    {
+        case SOCK_STREAM:
+            proto = PP2_PROTO_STREAM;
+            break;
+
+        case SOCK_DGRAM:
+            proto = PP2_PROTO_DGRAM;
+            break;
+
+        default:
+            proto = PP2_PROTO_UNSPEC;
+            break;
+    }
+
     header[13] = (addr_fam << 4) | proto;

     /* TLV is currently not implemented */
diff --git a/src/openvpn/socket.h b/src/openvpn/socket.h
index 465d92ba..3578b3c3 100644
--- a/src/openvpn/socket.h
+++ b/src/openvpn/socket.h
@@ -69,6 +69,7 @@ struct openvpn_sockaddr
         struct sockaddr sa;
         struct sockaddr_in in4;
         struct sockaddr_in6 in6;
+        struct sockaddr_un un;
     } addr;
 };