From patchwork Tue Jan 28 13:57:52 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "cron2 (Code Review)" X-Patchwork-Id: 4096 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:6a49:b0:5e7:b9eb:58e8 with SMTP id v9csp442450mat; Tue, 28 Jan 2025 05:58:06 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCXQ1gV9Kn3OIZKpAyTXpXCeHR3bsDBkPi2amgmXAy0MMYP5ja3jRgafposeX3SQJpC/J8AkWCNlgs0=@openvpn.net X-Google-Smtp-Source: AGHT+IFzui68+ohnaSXphFMvhufnI8XGTkHUzP0emLgaLbbM6CA1syURWIUbkG4oigotYX3fNaXH X-Received: by 2002:a05:6808:190b:b0:3ea:aa8a:c115 with SMTP id 5614622812f47-3f19fca115cmr29883195b6e.21.1738072686749; Tue, 28 Jan 2025 05:58:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1738072686; cv=none; d=google.com; s=arc-20240605; b=GYtofmPqk129V3oVtoe7OhZjzctiGPqj6691eKeep+5CDUGfHwOxqunWKCxYcTOHOS TNyRuVr2X/+MV7vZigFVzKA2n8N7ig73By6c3jiSYmg298Fu2gVZsnBt3mxCqidwV7fH 62E0v3ligqe+/cx8Y+XgEEMvRt6EtGqBhc1Ghw8uPA4brSjToBTono3PAXAfjfFPFU4M ktWohQWcgP27KA6OKE9W5X7VWejKhjmRmlhNQwdGhtcZKhc6/+X9go4EtJHbPY9+VMc+ SVFiSTzihj5zJQtmBhHB9Dv5gLxdp9/deKYcM5MGPztjBZgr+PV69DtR0uSba5HxJXEm s5KQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=mxhe8BfsxNiQSSM5vE2IWFp+IPG4VHzfUTi3PUsU+FA=; fh=U7wEyxtwz2o5+UdevFSA47vNeG9knhWH0KV//QhD5a0=; b=R5mpkcL7UM3nNVf9iPt/1IYJ7s3RPlD+C5+ZTsSQLo/zTyWeyUj12CeqcK29SLD+GB JZF8sdxzmE22rnZBtEBYtkENvPrX4LNWRk3d/fM/htPaHsx9Rc3ADad1uyn23fY7mTv5 E7t50e8eCK56fikOwYenNEY3J6DE+6Demzi7oP9sDWCCsxzcWvlvLwa8Nks1JC3IQYCA UewNBgznw0BbKmXlI2DhZKeWbhrCwYLE30YXf3tPAX8BQ73/PjTgc31ZWsBjJjYb1Ncm SzbnArMFuRmRaXszIlxyjATZGY9RDnS17619iyFHGsMsBHuhQNG99JxTV78u1BY2w0Ze IF2g==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=eoetoZKu; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=DFNACm1t; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=B5ezAHXR; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 5614622812f47-3f1f09cbd5dsi1682397b6e.215.2025.01.28.05.58.06 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 28 Jan 2025 05:58:06 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=eoetoZKu; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=DFNACm1t; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=B5ezAHXR; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1tcm6M-0006ZI-9Y; Tue, 28 Jan 2025 13:58:03 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tcm6K-0006Yw-QH for openvpn-devel@lists.sourceforge.net; Tue, 28 Jan 2025 13:58:01 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=FGOgv9BDcl5zTSZSAyxNwRyHT1Jyhxp8LheAWvPBYdk=; b=eoetoZKu5raS97+Qtqkm7u2Kty pLqWDQuIPCwi3TR/ztLglBTk7346Nv2ajq0cFJ9tKkSkBZTkdPGS4UGtzYjknimGtXfGxTKugsbhP s7PeWnAZdXdrlZ8ooTK7TV58hDvYRceKqfT9vVlU4eSgyzKvJsA1B/0+o5GN0X8lg/AM=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=FGOgv9BDcl5zTSZSAyxNwRyHT1Jyhxp8LheAWvPBYdk=; b=D FNACm1tn0ZSLV4lGJAP+tYBvcosp4QvOtmNOAB5UYvu0qMFlLN5b8gyjsQMHH9Iap0WQyTGozzfzx URqXr4zs3Ve3ARlsdTGfoDhN745e4IV4LWeV4+v+4x5RgK3NUDfw2pwjbsfcJWnTHj8HJ48IPGMT4 pCj33AhAMOiRZ/d4=; Received: from mail-wr1-f54.google.com ([209.85.221.54]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1tcm6K-00070o-2K for openvpn-devel@lists.sourceforge.net; Tue, 28 Jan 2025 13:58:01 +0000 Received: by mail-wr1-f54.google.com with SMTP id ffacd0b85a97d-3862d16b4f5so3496847f8f.0 for ; Tue, 28 Jan 2025 05:57:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1738072673; x=1738677473; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=FGOgv9BDcl5zTSZSAyxNwRyHT1Jyhxp8LheAWvPBYdk=; b=B5ezAHXRqX2gyfpddR9iItc5gpdsXyG4riX24FwR/0V7GCWpjV4QMHVzHTkSZmMfYS eYvcuEYidx/0gBwY+vLGsN5+GEEjqHzFb+7UoI2M7BFil1XSTsT/5EUwQ52DBex+4gnG 0+iugvhUM8kxh3r4oubDK4Sp5POCt2OwUzPMELWtZd+wmhSWi2CK/EP4R68duJ7w2lAj /8sTRDjISIKZs8XCf/FAozsadMhiaJhKm9FDQrGvbMJp9JlbJCXZTpF15fVAfrY3gft1 uKPz1G5siTp8Ge51LcRZpxtC3JErqY3LquiSMbRhXNq4HvhkoSGuZEhSyDtjIu89Nr2K WjAA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738072673; x=1738677473; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=FGOgv9BDcl5zTSZSAyxNwRyHT1Jyhxp8LheAWvPBYdk=; b=McBA7F+9hp+dbDy96VReuA9sByJB/iFXY1VAVK87Twi8Ik6BQ81xre6rI07KugXDsA O0n5y/0fbrf+ONDucAGAXc9MRwlv+226sEqhRe360cP9RLIVV+joPATlUeGYUSlA8Crs 4bOK6fSEVUhNTJHCB54i9C7XxE0WWPbgBkJf+goKbHquwktptq1jJWGO7dKL/tyHz8hV SCAHcjau9acW0Zxgr+mti+VuLw3+vsypwSHqdfrOUhQG+dKUO5hNV+yllkL9YCnkvulU fA+k/yXrEX+o35t2L7P77047jT5jB9WcroEYX8Al8NZa6XdBCgqB3kG+CaRjUjZ0UO6u 2a6w== X-Gm-Message-State: AOJu0Yy7EV+dr2EC4o9hXaq2f6WfQk6g2evT7IuoCVZGqDWlyzeqfMUJ 1Zuv61aF1ktgMrPk+v990L3ZhWFdsZQGsDiXDrx6ji+g+CTIg97s2W9mMX7/xnI= X-Gm-Gg: ASbGnctJGeFLxnAyf7Zh8aLTyb88cQEUA0hRjpicf379Dp7UffFo9/RvNkblck8Ycoa KrXIWcCr+40+hG8lqpJeiF9Gjt55FBpL5YXMIYQpU4ZMq0EB/vtBJY93Bxac/piCPdy42JjlRqb 1ys+N4dM1G0RQP2mNDUVtDhRi26ztqr+WrpQHoR91b6KUsr95OtZ+k2YH+1DSQWai3uQFnjgFB9 LtLiyriE3sV6dvJve6OGIqoL4mY2+8NBEc8m+pF1XF3x2TZdLdPHYrA1PbJPF2OCCc1DrZZEZUh 5ovUblDUJs3VRrCAVRfh9C+RfXE8EJhzud7csEb8Sxbd3Jd3gUlPcAaaWhUYz84x6Z81lC3Jmeo PFvjhxjA= X-Received: by 2002:a5d:6481:0:b0:386:34af:9bae with SMTP id ffacd0b85a97d-38c49a051c8mr2714662f8f.4.1738072673357; Tue, 28 Jan 2025 05:57:53 -0800 (PST) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-38c2a1c403asm14419735f8f.93.2025.01.28.05.57.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Jan 2025 05:57:52 -0800 (PST) From: "its_Giaan (Code Review)" X-Google-Original-From: "its_Giaan (Code Review)" X-Gerrit-PatchSet: 1 Date: Tue, 28 Jan 2025 13:57:52 +0000 To: plaisthos , flichtenheld Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: I4be0ff4d308213d2ef8ba66bd3178eee1f60fff1 X-Gerrit-Change-Number: 880 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: 3e56b25f5c61d14a2ea07466416a7f43337e399f References: Message-ID: MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.221.54 listed in sa-accredit.habeas.com] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.221.54 listed in bl.score.senderscore.com] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.221.54 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.221.54 listed in wl.mailspike.net] 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1tcm6K-00070o-2K Subject: [Openvpn-devel] [S] Change in openvpn[master]: mroute/management: fix unitialized variable (UNINIT) X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: gianmarco@mandelbit.com, arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net, frank@lichtenheld.com Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1822501305862509077?= X-GMAIL-MSGID: =?utf-8?q?1822501305862509077?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/880?usp=email to review the following change. Change subject: mroute/management: fix unitialized variable (UNINIT) ...................................................................... mroute/management: fix unitialized variable (UNINIT) Fix issue reported by Coverity: CID 1641564: Uninitialized variables (UNINIT) Using unitialized value "maddr.proto" when calling "mroute_addr_equal()". Fix this by passing the proto along with IP:port. While at it, changed the mroute_addr_print_ex() format to display the protocol only in case of MR_WITH_PROTO avoid doing it on virtual addresses when MR_WITH_PORT is not specified. Change-Id: I4be0ff4d308213d2ef8ba66bd3178eee1f60fff1 Signed-off-by: Gianmarco De Gregori --- M Changes.rst M src/openvpn/manage.c M src/openvpn/manage.h M src/openvpn/mroute.c M src/openvpn/mroute.h M src/openvpn/mtcp.c M src/openvpn/multi.c 7 files changed, 37 insertions(+), 10 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/80/880/1 diff --git a/Changes.rst b/Changes.rst index 16ae6fc..d01816b 100644 --- a/Changes.rst +++ b/Changes.rst @@ -317,6 +317,9 @@ settings will contradict the setting of allow-compression as this almost always results in a non-working connection. +- The "kill" by addr management command now requires also the protocol + as string e.g. "udp", "tcp". + Common errors with OpenSSL 3.0 and OpenVPN 2.6 ---------------------------------------------- Both OpenVPN 2.6 and OpenSSL 3.0 tighten the security considerable, so some diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c index 0c77f85..037945c 100644 --- a/src/openvpn/manage.c +++ b/src/openvpn/manage.c @@ -544,13 +544,15 @@ struct buffer buf; char p1[128]; char p2[128]; + char p3[128]; int n_killed; buf_set_read(&buf, (uint8_t *) victim, strlen(victim) + 1); buf_parse(&buf, ':', p1, sizeof(p1)); buf_parse(&buf, ':', p2, sizeof(p2)); + buf_parse(&buf, ':', p3, sizeof(p3)); - if (strlen(p1) && strlen(p2)) + if (strlen(p1) && strlen(p2) && strlen(p3)) { /* IP:port specified */ bool status; @@ -558,21 +560,23 @@ if (status) { const int port = atoi(p2); + const int proto = (streq(p3, "tcp")) ? PROTO_TCP_SERVER : ascii2proto(p3); + if (port > 0 && port < 65536) { - n_killed = (*man->persist.callback.kill_by_addr)(man->persist.callback.arg, addr, port); + n_killed = (*man->persist.callback.kill_by_addr)(man->persist.callback.arg, addr, port, proto); if (n_killed > 0) { - msg(M_CLIENT, "SUCCESS: %d client(s) at address %s:%d killed", + msg(M_CLIENT, "SUCCESS: %d client(s) at address %s:%d:%s killed", n_killed, print_in_addr_t(addr, 0, &gc), - port); + port, p3); } else { - msg(M_CLIENT, "ERROR: client at address %s:%d not found", + msg(M_CLIENT, "ERROR: client at address %s:%d:%s not found", print_in_addr_t(addr, 0, &gc), - port); + port, p3); } } else diff --git a/src/openvpn/manage.h b/src/openvpn/manage.h index f501543..02ceb82 100644 --- a/src/openvpn/manage.h +++ b/src/openvpn/manage.h @@ -180,7 +180,7 @@ void (*status) (void *arg, const int version, struct status_output *so); void (*show_net) (void *arg, const int msglevel); int (*kill_by_cn) (void *arg, const char *common_name); - int (*kill_by_addr) (void *arg, const in_addr_t addr, const int port); + int (*kill_by_addr) (void *arg, const in_addr_t addr, const int port, const int proto); void (*delete_event) (void *arg, event_t event); int (*n_clients) (void *arg); bool (*send_cc_message) (void *arg, const char *message, const char *parameter); diff --git a/src/openvpn/mroute.c b/src/openvpn/mroute.c index 74923cf..45777e4 100644 --- a/src/openvpn/mroute.c +++ b/src/openvpn/mroute.c @@ -276,6 +276,10 @@ addr->len = 6; addr->v4.addr = osaddr->addr.in4.sin_addr.s_addr; addr->v4.port = osaddr->addr.in4.sin_port; + if (addr->proto != PROTO_NONE) + { + addr->type |= MR_WITH_PROTO; + } } else { @@ -295,6 +299,10 @@ addr->len = 18; addr->v6.addr = osaddr->addr.in6.sin6_addr; addr->v6.port = osaddr->addr.in6.sin6_port; + if (addr->proto != PROTO_NONE) + { + addr->type |= MR_WITH_PROTO; + } } else { @@ -403,6 +411,10 @@ { buf_printf(&out, "ARP/"); } + if (maddr.type & MR_WITH_PROTO) + { + buf_printf(&out, "%s:", proto2ascii(maddr.proto, AF_INET, false)); + } buf_printf(&out, "%s", print_in_addr_t(ntohl(maddr.v4.addr), (flags & MAPF_IA_EMPTY_IF_UNDEF) ? IA_EMPTY_IF_UNDEF : 0, gc)); if (maddr.type & MR_WITH_NETBITS) @@ -426,6 +438,10 @@ case MR_ADDR_IPV6: { + if ((maddr.type & MR_WITH_PROTO)) + { + buf_printf(&out, "%s:", proto2ascii(maddr.proto, AF_INET6, false)); + } if (IN6_IS_ADDR_V4MAPPED( &maddr.v6.addr ) ) { buf_printf(&out, "%s", print_in_addr_t(maddr.v4mappedv6.addr, @@ -454,7 +470,6 @@ buf_printf(&out, "UNKNOWN"); break; } - buf_printf(&out, "|%d", maddr.proto); return BSTR(&out); } else diff --git a/src/openvpn/mroute.h b/src/openvpn/mroute.h index 2659695..fbe102a 100644 --- a/src/openvpn/mroute.h +++ b/src/openvpn/mroute.h @@ -72,6 +72,9 @@ /* Indicates than IPv4 addr was extracted from ARP packet */ #define MR_ARP 16 +/* Address type mask indicating that proto # is part of address */ +#define MR_WITH_PROTO 32 + struct mroute_addr { uint8_t len; /* length of address */ uint8_t proto; diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c index 62ed044..9a8b1cb 100644 --- a/src/openvpn/mtcp.c +++ b/src/openvpn/mtcp.c @@ -111,6 +111,7 @@ ASSERT(mi->context.c2.link_sockets[0]->info.lsa->actual.dest.addr.sa.sa_family == AF_INET || mi->context.c2.link_sockets[0]->info.lsa->actual.dest.addr.sa.sa_family == AF_INET6 ); + mi->real.proto = mi->context.c2.link_sockets[0]->info.proto; if (!mroute_extract_openvpn_sockaddr(&mi->real, &mi->context.c2.link_sockets[0]->info.lsa->actual.dest, true)) diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 9c8c014..b0e1941 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -794,7 +794,6 @@ { goto err; } - mi->real.proto = ls->info.proto; generate_prefix(mi); } @@ -3942,7 +3941,8 @@ } static int -management_callback_kill_by_addr(void *arg, const in_addr_t addr, const int port) +management_callback_kill_by_addr(void *arg, const in_addr_t addr, + const int port, const int proto) { struct multi_context *m = (struct multi_context *) arg; struct hash_iterator hi; @@ -3957,6 +3957,7 @@ saddr.addr.in4.sin_port = htons(port); if (mroute_extract_openvpn_sockaddr(&maddr, &saddr, true)) { + maddr.proto = proto; hash_iterator_init(m->iter, &hi); while ((he = hash_iterator_next(&hi))) {