From patchwork Sun Mar 9 15:30:17 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4173 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:41ba:b0:60a:d70a:d3c7 with SMTP id a26csp583692mad; Sun, 9 Mar 2025 08:30:43 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVplP16VpLPrEM7Pt9ZzigKHIZdWLW7APikOhvFL88e0P71IYDMrmAPbL4fY65xrmNktC+yFydaOzc=@openvpn.net X-Google-Smtp-Source: AGHT+IGo1G6azrPoc6LMBFoapvuvs7HlpXi48QnbBB7S1W1JcvJ+EJahF8fNaKMY0SjxtghdF3xT X-Received: by 2002:a05:6808:1514:b0:3f4:e8d:ab8e with SMTP id 5614622812f47-3f697b18579mr6164716b6e.8.1741534243772; Sun, 09 Mar 2025 08:30:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1741534243; cv=none; d=google.com; s=arc-20240605; b=FN6D8f+B8TCLbH0g1H1Ag+9VnEYFqhHHAd/5MXa3ft1B/FQDhA5/Aw+FshQKWFEO04 i0L7/MLVHSTmoScx9w5p/CHlkGorcCkXHvckd8IdT/9h6b4SRnyIy2JxEzV6uEnoSK8r 0yMxwY2Ghk9JxZ7AJDdFvlx1DH2bWQQ0hd6gMTrSVO73mGAf6Nfve0n2mt6s2mxENaYR +2Jb20XNyZcSZb4QeYoinUr/PMJWAgW55a+2uNkQQoUENE32crmAE49HvUiTtlN7bid3 DE6ZPxwwC0LslJ8NaFaOeDPelfo9Yp4syOBZfEFCGhoc4DtWA6TELyBSuFL+AiRLt4BU wQsQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=SKAcytiFYeOSuhuUM1DzXwdjxrr0x1Aap3dwz25rERk=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=CzzCbrmJgi1ze40TxlSPVuRb9NCk99N9nFF4/7YMTAS+MmFOivUgL85PGzcNRNf4EY wsGpXUzMaL5OzBvZUEqstnGWP/ePrhiHiZORtaPKmhBBq6Viq9LJcw8wrKkW2sAiSQ2w ROtygVhz2tacg4tiunwwY3GnRYx7bmlov2a7ZxABb0W37q0F/XOMeIuUO0Wt+xfi6fM2 QF2BcEIMWVCFZpY24sAZKzNwrmiEg2rt5DGcGG1rI6D955DTueXVDDt1YCDIloPu16Wa YvfqinSXUjz7vDocH6Z18OLQo0QPfbbcoLCKzJJPFnU9GH9u69/1fg+UET2+NQtNVFu5 LrFg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="a/BUVLh6"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=ZGBPMB79; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 5614622812f47-3f6a538b563si2116482b6e.291.2025.03.09.08.30.43 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 09 Mar 2025 08:30:43 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="a/BUVLh6"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=ZGBPMB79; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1trIbv-0003IO-Kg; Sun, 09 Mar 2025 15:30:39 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1trIbt-0003IG-HY for openvpn-devel@lists.sourceforge.net; Sun, 09 Mar 2025 15:30:36 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=L6yJeV0Hfs8rBqDkoVp8fJqEZD3eSPt+uqbu4fegzKE=; b=a/BUVLh62LHQP69eIgk+qOj4v/ l4NyNBDn0Qx7Vg3LqW1Dv8BMNCbCzy/Z6eN2b6OUcD74/zGBx8VjULVRDYilZ249ouoGgYJPgek68 O3rxzgovgfYmpqzC+Oh01BPG3+dWhRQxs1bxeEfpiUfJT3HLKHpaTuH/ITUzFHDALSp8=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=L6yJeV0Hfs8rBqDkoVp8fJqEZD3eSPt+uqbu4fegzKE=; b=ZGBPMB79PZ/iWjhYd+7RZ1WAeu 3e+WgpDTGS9cQKJ1ngCBsU1zTSlOwUmj7xm36m0Ar30nDDCcgaH1O+n2tUiu8LvBKowAuOdZXBJSJ 5D6JLGh9xqAopgijegJePBbyDCmeoU0o1q34SbUc5JBfQxfmNWBoYgE9a6wMx4q+w8OA=; Received: from dhcp-174.greenie.muc.de ([193.149.48.174] helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1trIbh-0008W9-1h for openvpn-devel@lists.sourceforge.net; Sun, 09 Mar 2025 15:30:36 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 529FUIRM005183 for ; Sun, 9 Mar 2025 16:30:18 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 529FUIDZ005173 for openvpn-devel@lists.sourceforge.net; Sun, 9 Mar 2025 16:30:18 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Sun, 9 Mar 2025 16:30:17 +0100 Message-ID: <20250309153017.5163-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.45.2 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 0.0 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Antonio Quartulli TCP connected sockets do not need any remote addr because the destination is fixed. For this reason we can avoid sending the remote addr along the peer-new dco call. Content analysis details: (0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [193.149.48.174 listed in bl.score.senderscore.com] 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [193.149.48.174 listed in sa-trusted.bondedsender.org] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1trIbh-0008W9-1h Subject: [Openvpn-devel] [PATCH v2] dco: pass remoteaddr only for UDP peers X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1826131011029999626?= X-GMAIL-MSGID: =?utf-8?q?1826131011029999626?= From: Antonio Quartulli TCP connected sockets do not need any remote addr because the destination is fixed. For this reason we can avoid sending the remote addr along the peer-new dco call. This change is important on Linux because the new 'ovpn' kernel module is stricter when it comes to accepting netlink messages and will reject calls with TCP sockets if a remote address is specified. Change-Id: I76e2e616c6ffe436a9627fa71aaace74030b2f4a Signed-off-by: Antonio Quartulli Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/842 This mail reflects revision 2 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c index 02fae81..973c848 100644 --- a/src/openvpn/dco.c +++ b/src/openvpn/dco.c @@ -515,8 +515,9 @@ c->c2.tls_multi->dco_peer_id = -1; } #endif - int ret = dco_new_peer(&c->c1.tuntap->dco, multi->peer_id, - c->c2.link_sockets[0]->sd, NULL, remoteaddr, NULL, NULL); + int ret = dco_new_peer(&c->c1.tuntap->dco, multi->peer_id, sock->sd, NULL, + proto_is_dgram(sock->info.proto) ? remoteaddr : NULL, + NULL, NULL); if (ret < 0) { return ret;