From patchwork Mon Jan 13 09:20:05 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "mrbff (Code Review)" X-Patchwork-Id: 4046 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:b7cb:b0:5e7:b9eb:58e8 with SMTP id en11csp1531512mab; Mon, 13 Jan 2025 01:20:21 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCUGr6XVKgyGm8OCTK0+mrE/CKPjC+0M+HoU78ezQn6KQNI4ueOVhhkHFbQz9MiUnp+q3Mnmdku0BJo=@openvpn.net X-Google-Smtp-Source: AGHT+IEMQhvXFQ3bs4v0PZ2p+MvWLpPJKcLJI3vQ5v6W2fm+O3cTGXu8cv7cNap//gXN+1VMK+NN X-Received: by 2002:a05:6871:2005:b0:29e:617f:c96 with SMTP id 586e51a60fabf-2aa06541debmr12484618fac.6.1736760021727; Mon, 13 Jan 2025 01:20:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1736760021; cv=none; d=google.com; s=arc-20240605; b=hCzOwdBfGyVFF7BxV7y9nzJe7uHRTnYa/1epgjnfKzLssRUs7k2rm4qmNM146lfdgL OqTX6LsLBX1jyi52C/O5338llntsdnqQqZ/41q77LVbzD3RM5DkNkYBk3r4M8jgGQLQ6 klOYouFyYOIGa+n5iNImfRc2YjYaGTrKxRcq+e0Wxht9jNgN9eV9jkRWDlc7qG9P+9Eh kQ63CFZDc5ZLR5wINZD9rxH/VtZLNnigl0lCn5DtPX8YEsacysUGkl0mXV5Qc1UCMbL9 iRSxv3wu0C+Xg/hWsRTtH1+0HSvS1zvNv9lYYmJ9adr0ffgjvAsZJSfWtGmp6fTOJeCR xFDg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=WrkdWI3P8LQeNaiEV/Isg+Ysx/PhRp5utrUkLawpaFw=; fh=U7wEyxtwz2o5+UdevFSA47vNeG9knhWH0KV//QhD5a0=; b=IpJOMnlHFiojb20OFDj1h1EoitvOuBCtYrptcP7N7fd1TYvnaP4tIYQWQOC1vPc50Q Ui9P2FMklOf6SNakZWwdLIA6DujyiBde+rDwBQTKDdBQ40ryT/p8yuV+6bUB1FtjqpJu 7ZvV81DQMB51eOImnWRJRIziyPl8oyKaFCuxk5UX0c1R+7BYDep9lO3FwB5MZMxM6oWM QmO4mqhYpIkJUTspDfnwqKYu7pJuoA+EPthCnqNPS/fU3PGgvJ5PGmcz37pIN6WtmUXX rqtcQfGNf15z57KO8Bb6vuNW7EQ79k7j4J9B37EHGsZtUs9VH0Smnr6PiFfYgE/IaLvD /nlg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=R7Kznzg+; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=YOsNcgDN; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b="OR2v/NvQ"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-2ad80ad1bc5si7121931fac.271.2025.01.13.01.20.21 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 13 Jan 2025 01:20:21 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=R7Kznzg+; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=YOsNcgDN; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b="OR2v/NvQ"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1tXGcJ-0000A9-RQ; Mon, 13 Jan 2025 09:20:15 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tXGcI-0000A1-Gf for openvpn-devel@lists.sourceforge.net; Mon, 13 Jan 2025 09:20:14 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=ow/e0tARzKsb9XJJ+ltl6PR1YU4cBE8WpJPj/XQhFOs=; b=R7Kznzg+wCMz8MmXHVsixo+Q9L VEElQKlmMwUWZVuJ+cg5dl4poonVw0DCkNsDKBR4HPK7k6IPzMHJuM7YU2fQFDI7d6WqfwkvdsY5M Q9aF298r9SveRrhw2og/3e+jbFUa6sv1gJVctSjHQBzN411wkN4jSDS5dqdDZjoehRP4=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=ow/e0tARzKsb9XJJ+ltl6PR1YU4cBE8WpJPj/XQhFOs=; b=Y OsNcgDN1WeNxcasNieOSgdvS4oR+aX6kqKe77QcgCn4boWSeiMxW94C6uM3qSgigrj5xEywlDK9FC lJXKz0inBQDAq0UffNVoZeORxDHEhZGkkbJcpZEsNxZFk1DioGjIzxKNCj//2yPUB3lIW92x+oRhO 59FKgONwULyD9eZs=; Received: from mail-wm1-f50.google.com ([209.85.128.50]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1tXGcH-0007rH-5r for openvpn-devel@lists.sourceforge.net; Mon, 13 Jan 2025 09:20:14 +0000 Received: by mail-wm1-f50.google.com with SMTP id 5b1f17b1804b1-436249df846so27503065e9.3 for ; Mon, 13 Jan 2025 01:20:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1736760007; x=1737364807; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=ow/e0tARzKsb9XJJ+ltl6PR1YU4cBE8WpJPj/XQhFOs=; b=OR2v/NvQbv7XQ6a5c2iXVgz3wf4ukgiBOw01eSqD4g9JM/efyLeMeqXpKQ2piPe+Fl ZQcyw86lDXKo1rdD4+ImgRiBGTX6A9ByuqUFPw6i0GRhZGqMoNfSiPQMZfp2aFydntXW JsoKNjkYgcqBqBRLA2cXDldmBL6o5eEGuAyt1pnntRVd4gfli+6CrwNgMiNAjxXHNMAv UkzaztZd2MVgXSEMK4C2sPL3jBaXM5kqho9OMqTCzy7G5C3MVJqv9XOol4c/ixpZGJ7w u21/tQcCxqgddq4jSNTQ+0FazSkXmnFxWKSPgdPOCOCJqQ6XDOoST5/Idgg18PDnePuF 6/Yg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736760007; x=1737364807; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=ow/e0tARzKsb9XJJ+ltl6PR1YU4cBE8WpJPj/XQhFOs=; b=mry31d+W5PN4eqZ9Xd1FvIAPsUhOP8JtM+DcJJade9eHHELzvSNS24MpicQInPGVUc RKK1umHcSNti9fUtB99REo5gxbssjh5FXjl6ZagsOLP4I8rOqmdZLZAF53mXj6c11PNY dH7m/FygT9HgtmQVKuSi5VH2+xYEiexT9fmvnxGDgY+QSp0egwmgrcmJyrweO1h7t6lx Yg0+pyY9lypDgkqK8WnyoQ6lm3v4Pu3t5U0SfdAA0/R87F4YjQzW9YU/qPUtKZ8mfpUc ZGaID0UYA2eQme6dD/BRT2NNobew8L+W5FvwE0aiYjh5xLdxRWTm4XmyHvaLbnjWyL4i 8O4A== X-Gm-Message-State: AOJu0YyHPz0MrfnPJx1NwIjss8wOl8mW/3T40lBz6c1JWJ2FudDn58Nr H1LUOJazfoE8b/WLanZFh7+ctrFvfvPQYygT7WiaAYh44S0XjdWN5PgcubyuTapQbBT9oG0oGg8 G X-Gm-Gg: ASbGncuMfkc3Zh18lkhw8ELt18FUR5yyD6bZJ0VRUyv4r0oo2N67jq2LjOQNVH1+38a APeCJt39NMSGtS0ZWO+eWrLerw88rcD53m+AlRi0zE8eUNx4k65ilBBulnxtoCTsEyTKvLETed7 ga7akaZylWWHmgJg57bYSM/9jbKhGaSc1TmUJgLaDCIPQ0X564on7SCv3tqxSUFQknh97fYv6Az it0+6Th5HlSJH2tXnfPbxY0HPz14uWaN5MNQNrq5oCAJFrpMmP4vR+9Yiz9XOkNCyVSBW/iUeLH F+4ZrhmOR7PDYe9sz/ve97ratjuvNtBxwjNZv3xvp5qay4G4 X-Received: by 2002:a05:600c:5698:b0:434:a7f1:6545 with SMTP id 5b1f17b1804b1-436e2d91910mr159515635e9.27.1736760006587; Mon, 13 Jan 2025 01:20:06 -0800 (PST) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-38a8e4b8180sm11625612f8f.76.2025.01.13.01.20.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 13 Jan 2025 01:20:06 -0800 (PST) From: "stipa (Code Review)" X-Google-Original-From: "stipa (Code Review)" X-Gerrit-PatchSet: 1 Date: Mon, 13 Jan 2025 09:20:05 +0000 To: plaisthos , flichtenheld Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: I1cac0f036504c87205a3c97589a94a662cf79b99 X-Gerrit-Change-Number: 856 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: c02304e26938d251b6a1fe50ff0c98e9a46d942e References: Message-ID: MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -2.0 (--) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit Content analysis details: (-2.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.128.50 listed in list.dnswl.org] 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.128.50 listed in sa-accredit.habeas.com] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.128.50 listed in bl.score.senderscore.com] -1.8 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.50 listed in wl.mailspike.net] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML X-Headers-End: 1tXGcH-0007rH-5r Subject: [Openvpn-devel] [S] Change in openvpn[master]: multi.c: add iroutes after dco peer is added X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: lstipakov@gmail.com, arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net, frank@lichtenheld.com Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1821124876622503087?= X-GMAIL-MSGID: =?utf-8?q?1821124876622503087?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/856?usp=email to review the following change. Change subject: multi.c: add iroutes after dco peer is added ...................................................................... multi.c: add iroutes after dco peer is added This doesn't matter for Linux and FreeBSD but matters for dco-win, where iroute subnet is mapped to a peer context, which means that peer has to be created before iroute is added. Change-Id: I1cac0f036504c87205a3c97589a94a662cf79b99 Signed-off-by: Lev Stipakov --- M src/openvpn/multi.c 1 file changed, 24 insertions(+), 24 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/56/856/1 diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index d1b2c8c..196174c 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -2441,6 +2441,30 @@ ifconfig_constraint_network, ifconfig_constraint_netmask); } + /* set our client's VPN endpoint for status reporting purposes */ + mi->reporting_addr = mi->context.c2.push_ifconfig_local; + mi->reporting_addr_ipv6 = mi->context.c2.push_ifconfig_ipv6_local; + + /* set context-level authentication flag */ + mi->context.c2.tls_multi->multi_state = CAS_CONNECT_DONE; + + /* authentication complete, calculate dynamic client specific options */ + if (!multi_client_set_protocol_options(&mi->context)) + { + mi->context.c2.tls_multi->multi_state = CAS_FAILED; + } + /* only continue if setting protocol options worked */ + else if (!multi_client_setup_dco_initial(m, mi, &gc)) + { + mi->context.c2.tls_multi->multi_state = CAS_FAILED; + } + /* Generate data channel keys only if setting protocol options + * and DCO initial setup has not failed */ + else if (!multi_client_generate_tls_keys(&mi->context)) + { + mi->context.c2.tls_multi->multi_state = CAS_FAILED; + } + /* * For routed tunnels, set up internal route to endpoint * plus add all iroute routes. @@ -2488,30 +2512,6 @@ multi_instance_string(mi, false, &gc)); } - /* set our client's VPN endpoint for status reporting purposes */ - mi->reporting_addr = mi->context.c2.push_ifconfig_local; - mi->reporting_addr_ipv6 = mi->context.c2.push_ifconfig_ipv6_local; - - /* set context-level authentication flag */ - mi->context.c2.tls_multi->multi_state = CAS_CONNECT_DONE; - - /* authentication complete, calculate dynamic client specific options */ - if (!multi_client_set_protocol_options(&mi->context)) - { - mi->context.c2.tls_multi->multi_state = CAS_FAILED; - } - /* only continue if setting protocol options worked */ - else if (!multi_client_setup_dco_initial(m, mi, &gc)) - { - mi->context.c2.tls_multi->multi_state = CAS_FAILED; - } - /* Generate data channel keys only if setting protocol options - * and DCO initial setup has not failed */ - else if (!multi_client_generate_tls_keys(&mi->context)) - { - mi->context.c2.tls_multi->multi_state = CAS_FAILED; - } - /* send push reply if ready */ if (mi->context.c2.push_request_received) {