From patchwork Tue Jan 14 13:14:14 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "mrbff (Code Review)" X-Patchwork-Id: 4055 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:b7cb:b0:5e7:b9eb:58e8 with SMTP id en11csp2231623mab; Tue, 14 Jan 2025 05:14:35 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCWdUFqXsatWvJcffh/Rt8OOxm1q1I2FZ+X0wEGS0B0A7kelvA2QJh7J3VJk4jlsEgCrgUdfYqvQS0Y=@openvpn.net X-Google-Smtp-Source: AGHT+IHti3CP7qKBfpmu7L7MgequSKO84RRnxe4CUE1Sr/w79qkg25YDPt8zA5hq/xVzBAxgPwrI X-Received: by 2002:a05:6830:6a16:b0:71a:8048:403c with SMTP id 46e09a7af769-721e2ec8eb3mr16181112a34.19.1736860475350; Tue, 14 Jan 2025 05:14:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1736860475; cv=none; d=google.com; s=arc-20240605; b=fwq+E0Q/nJhUtBEww7ORVQ1yuZq1/eBN9kaexTPjo2JID6/ISx72/MrHuBasAutWHI kPpxf56QKD23vthc5Yta/SKyg4fJs2m9DUrHvVNyvFoXn9O1CmgOP/TA7DUuiRmLqptw L6QUAL0MOPv669P8XLI4qrL0kh2luJ0CpizDnjPotWL9+raeSaN2lyyKiFzocbAK3sD2 XcoBOxvDSFDHWdkTRAwAaGhcTdxRpEVNOChHxSWCnEOVerKp8uQiSasbjy+/lCba593r LMvWS0dSFdVzAUaqjxzonXPEnrnBkRtxzskwIsfVi8isq4jfG+RO3HQAifNMq91hTVK6 Vt4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=viZh//qlB9uWzltpzNLUw/lHcmqUYRFZKD65r5nvWjw=; fh=GFP4qDxgyJ2WEPo/oeLZg3Mj4NqvY1j2nTvTt7psNwg=; b=CPnkqNTwhDy6u1hgRO3ZLpYmmISNxXlBH2mMcpFrX83yxKehgQYc1OGzgr1XJuKfKU D6Zk0yxfLLFMeOg+JB/crotQ5JdVxym7OhMvNlmsavOf+2NDivpfrXXcfWqPKSTNr5BY WhWvMcHVLbvG8+uwVBJL14p1w+E332gs+Iw92fRveaPM9ghTrokLNtrgPyiIT0Wq9u2Q D5dStCXN99t0XqJbq3Tw6vVC0C/yDaVwEIXwqWH6F5gwml0ailSlxnf1aEbN/xU/KWIl UtbXpofOnMmHg4U97QrwvNeBiIibXaJvtZVfjyGFZMzz9ZOqdifdYoDjhbKe+/HUnm5R LClA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="Ug/Wsyt+"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=d1O7993a; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=N19VD6+H; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 46e09a7af769-7231864a1aesi8421762a34.168.2025.01.14.05.14.35 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 14 Jan 2025 05:14:35 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="Ug/Wsyt+"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=d1O7993a; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=N19VD6+H; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1tXgkY-0005oE-Ub; Tue, 14 Jan 2025 13:14:30 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tXgkX-0005o3-RS for openvpn-devel@lists.sourceforge.net; Tue, 14 Jan 2025 13:14:29 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=F/PKmJCGTb+lJ6pgOs2iY7ayME3BQH+0rK8GMQ8iWJQ=; b=Ug/Wsyt+HF2rW73NrhALM43Kbf t+rolXZE3ZPw+U4a9VILb7MNLy2b9KbPfO7uAVYfbtojwjk1LF66CoZ8j1aooW6V4eso78NlmhvTu l2zG1vNi1mHhTlih989FOg173EYqZQf6aVohpMndEGxYmeLvSGAzqjH78EgdqPNFcwl0=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=F/PKmJCGTb+lJ6pgOs2iY7ayME3BQH+0rK8GMQ8iWJQ=; b=d 1O7993aCyzxu+xUVvqKGRjRPy8WM7sU56p7lRathBi/3rfMHVxV/6UpmNoikESomDQZGZ07N6QFTA jMMgY+l+BN2pkQWVKjw8/7/gNHkIkV0+mSusZGUtkHDhkZcQLcV1oknn3Bpm9Kju9DE4qm8ecn1He N8fPytw7cFuaTcPs=; Received: from mail-wr1-f47.google.com ([209.85.221.47]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1tXgkV-0003jG-9W for openvpn-devel@lists.sourceforge.net; Tue, 14 Jan 2025 13:14:29 +0000 Received: by mail-wr1-f47.google.com with SMTP id ffacd0b85a97d-3862d161947so2746383f8f.3 for ; Tue, 14 Jan 2025 05:14:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1736860456; x=1737465256; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=F/PKmJCGTb+lJ6pgOs2iY7ayME3BQH+0rK8GMQ8iWJQ=; b=N19VD6+Ha1SO5bviTG2Gs5fMEWYULhP425nKxLwm+Tu6KOT7+9zl4drJsojuNNozfR Hkz3I8TnXdB68LaxZEsJMngSAsxyx7Ao6XyW3s9POqlxOL41gFOJhYA/HZFYdJqPmP4m Fj0HVKZXNzgOzEKsVT5K3Nt5JY68hgpPG+CwhGygEuEw+TMUcaAyjwL6K9k64upK9b6E +akL3ceMB4BFONzv3kaLNKvhYlzjtrUawYEr6EuApIzuFMC2E5pn3Df9rfhv6FuVfZH5 aWhGV2WcA9R+YGN3uM/3kfO+fttupzHNeJhLrbkeonSDLaGLZsGog2lwZ459SLwBqYui O+lg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736860456; x=1737465256; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=F/PKmJCGTb+lJ6pgOs2iY7ayME3BQH+0rK8GMQ8iWJQ=; b=b4qW+To6iw9qQq1I2yUr4Y38XsB5gh7EWT98zhBpgrkN9j4mlpbvQUQSsmVVN4koeE V8riRtaz9dAxZHyvNWpYkWZOX62/vXS8gyuU9ka/+5f0fnSAE/5CK3K/d9biyyHT2g5l A7oAbngkZiojmE7sBF2FQbgtunOZ976kizdZ/sbU1PpuFEf/4vgd9gqkEzH/3Ns8j84o RNg0MIZU+RRMtdOdHOOn3nC6eYKqqiMGVEvXLcRjG/bV5lwh9YNGs8GlaDzcaC3pYHt0 mTGMlo7Wa+2+Rm5Q8vjqV4sRVVsU+XmuhOnk2svKJmORGVfKO7BbLblbE4D0iy/OwW2U xEpA== X-Gm-Message-State: AOJu0YynqsEIoDZRReXl4xPtUq9Udk3SsJKpfIIPN5K66gzp4tr7YwRW OybWZjZZEHt/FzwSDWOAx6tp5SNBl48bife5AMysJWLuugh/zZ7j0NUzKdgyxxumCro5aEUpf/8 O X-Gm-Gg: ASbGncuyNskETYq+j4A5isgOtxiYurRUGkt95WJaTnrzP/431WBM11Y5hx0gHbvbw3I eSrxS9zb8q26WYxeLBNRsZFyG6gh7ypjjeXog3lM8BqEELK0KlGzN+auaGsQPmBhWnlxuaxcz67 ynoj04f0hUn1TqGFztklO1XgUiL2U6s6x8VoDc1fvqBjb5+4KMKlerKMTCMvnE+l2Cld3mw/JXB YQyQXCJe4IwWhIxzidiMWzavUAUtMN6XwEoWtEZsi/FSDoIx10mhFUyVTHOfqtMOzDdQ8cdLY/Y raakSrY+apHrhVlnmV1dt3pbgfaBjyT5eBecMReY/LXyb6+y X-Received: by 2002:a5d:59ab:0:b0:385:fa26:f0d8 with SMTP id ffacd0b85a97d-38a872f6af0mr20955840f8f.8.1736860455670; Tue, 14 Jan 2025 05:14:15 -0800 (PST) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-38a8e38f0eesm15061602f8f.61.2025.01.14.05.14.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Jan 2025 05:14:15 -0800 (PST) From: "flichtenheld (Code Review)" X-Google-Original-From: "flichtenheld (Code Review)" X-Gerrit-PatchSet: 1 Date: Tue, 14 Jan 2025 13:14:14 +0000 To: plaisthos Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: If570253e57371e4126b0e8aa4c349e2051cb8b00 X-Gerrit-Change-Number: 863 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: f2ff24b4058724f423258bf41a1a33e9f070eb42 References: Message-ID: MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -2.0 (--) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: plaisthos. Hello plaisthos, I'd like you to do a code review. Please visit Content analysis details: (-2.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.221.47 listed in sa-accredit.habeas.com] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.221.47 listed in bl.score.senderscore.com] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.221.47 listed in list.dnswl.org] -1.8 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.221.47 listed in wl.mailspike.net] 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML X-Headers-End: 1tXgkV-0003jG-9W Subject: [Openvpn-devel] [M] Change in openvpn[master]: Remove unused function check_subnet_conflict X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: frank@lichtenheld.com, arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1821230209653901793?= X-GMAIL-MSGID: =?utf-8?q?1821230209653901793?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: plaisthos. Hello plaisthos, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/863?usp=email to review the following change. Change subject: Remove unused function check_subnet_conflict ...................................................................... Remove unused function check_subnet_conflict This has been #if 0 for over a decade. Let's just remove this. Change-Id: If570253e57371e4126b0e8aa4c349e2051cb8b00 Signed-off-by: Frank Lichtenheld --- M src/openvpn/route.c M src/openvpn/tun.c M src/openvpn/tun.h 3 files changed, 0 insertions(+), 52 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/63/863/1 diff --git a/src/openvpn/route.c b/src/openvpn/route.c index 278233f..b8ede01 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -1218,7 +1218,6 @@ for (r = rl->routes; r; r = r->next) { - check_subnet_conflict(r->network, r->netmask, "route"); if (flags & ROUTE_DELETE_FIRST) { delete_route(r, tt, flags, &rl->rgi, es, ctx); diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index 9dce8da..3f2ec4a 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -626,44 +626,6 @@ gc_free(&gc); } -/* - * Issue a warning if ip/netmask (on the virtual IP network) conflicts with - * the settings on the local LAN. This is designed to flag issues where - * (for example) the OpenVPN server LAN is running on 192.168.1.x, but then - * an OpenVPN client tries to connect from a public location that is also running - * off of a router set to 192.168.1.x. - */ -void -check_subnet_conflict(const in_addr_t ip, - const in_addr_t netmask, - const char *prefix) -{ -#if 0 /* too many false positives */ - struct gc_arena gc = gc_new(); - in_addr_t lan_gw = 0; - in_addr_t lan_netmask = 0; - - if (get_default_gateway(&lan_gw, &lan_netmask) && lan_netmask) - { - const in_addr_t lan_network = lan_gw & lan_netmask; - const in_addr_t network = ip & netmask; - - /* do the two subnets defined by network/netmask and lan_network/lan_netmask intersect? */ - if ((network & lan_netmask) == lan_network - || (lan_network & netmask) == network) - { - msg(M_WARN, "WARNING: potential %s subnet conflict between local LAN [%s/%s] and remote VPN [%s/%s]", - prefix, - print_in_addr_t(lan_network, 0, &gc), - print_in_addr_t(lan_netmask, 0, &gc), - print_in_addr_t(network, 0, &gc), - print_in_addr_t(netmask, 0, &gc)); - } - } - gc_free(&gc); -#endif /* if 0 */ -} - void warn_on_use_of_common_subnets(openvpn_net_ctx_t *ctx) { @@ -922,15 +884,6 @@ tt->remote_netmask); } } - - if (!tun_p2p) - { - check_subnet_conflict(tt->local, tt->remote_netmask, "TUN/TAP adapter"); - } - else - { - check_subnet_conflict(tt->local, IPV4_NETMASK_HOST, "TUN/TAP adapter"); - } } #ifdef _WIN32 diff --git a/src/openvpn/tun.h b/src/openvpn/tun.h index a5b9a48..911e58b 100644 --- a/src/openvpn/tun.h +++ b/src/openvpn/tun.h @@ -355,10 +355,6 @@ bool is_tun_p2p(const struct tuntap *tt); -void check_subnet_conflict(const in_addr_t ip, - const in_addr_t netmask, - const char *prefix); - void warn_on_use_of_common_subnets(openvpn_net_ctx_t *ctx); /**