From patchwork Wed Jun 25 16:26:31 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4290 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:76b0:b0:671:5a2c:6455 with SMTP id n16csp1511677mau; Wed, 25 Jun 2025 09:26:57 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXfGFpWXB10E/1pER+TX/RddITt21v1KX8k79W2fZLMpZLQb3NK3UOmWO6N8ddkxQw8bkxhHYfSItE=@openvpn.net X-Google-Smtp-Source: AGHT+IEGVpbIma8PENY0Ox3QNCeRYnx7k1D7PMJnlVMkAWMJzXbuoct+JS9UAw1IaxgDNr3HO5bt X-Received: by 2002:a05:6e02:74a:b0:3dd:f743:d182 with SMTP id e9e14a558f8ab-3df3dfd4c7dmr4795455ab.5.1750868817556; Wed, 25 Jun 2025 09:26:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1750868817; cv=none; d=google.com; s=arc-20240605; b=Nphb+yWAlOFAkqDUD54h0qnAzR+1YPD9cLimtQStxbtKolt3zk21Fu3dq8QQjq6f0o 4lS2TpdJsTxrQYkqlq9EpjISOLXwQBw6vyViSQ5Dw/cEkINHYtLuI1Lr18AsCTq546VR zR/J3kwDQWKtvdZxuyna9XOXLZymSVHBPXk9SoTJJPrhFch5mlKJ31UW/TvcumSlUnlZ OeADvIV+Cnq8U0fja3gaSacXpmC2LnCQSRnphr+2HromN48eVc9xwpBRDaGU40Cx1W9f I5m9XTxZ/211uBYAl8wWe5/wVmM/5Jb2dpmYZkJJewFdVxR5SN/34OoDxLZp2ZgitzCD CXnQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=TnE0k1cJ8U+Tj3DZTowun+ly8RJLs6bKpFu7MtxKggc=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=WTQ+BhGponav3IAuIWmhBFu0FKMBsBhuM3l56OMxyRoL91xphSQbJ1eLkwHElgjNAi fRkckPy+21LMxOi+Xjov+Ufi/dyRJ6tByG1F7uFGAft+CJy3BM2+7dTFNyX5aKjDYBMO ERJNtDK7XzFSc9SHwt9KGqj5Hff03P7/Vbk8BkxJJ6UUIUfyGTFdAeZko3EWvye/m9bm 0Z+UHsviyDzh4CXiuVDkCGTPa0FfnjWWW9rc/4S7GwXaWRZPTKrNlm9rfX4Rde+Mgmzn ND1LqmFr5HTqVHSAbC4OhZ7XsgCu4nLh0Fo8RHPPlQVx7c1/XZmFrBEJ5/9DmAEH/pMK CpPQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=M+ODzfZP; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=DsI2TTUz; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=L5Wmh36r; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 8926c6da1cb9f-5019df1b517si5508491173.47.2025.06.25.09.26.57 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 25 Jun 2025 09:26:57 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=M+ODzfZP; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=DsI2TTUz; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=L5Wmh36r; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=TnE0k1cJ8U+Tj3DZTowun+ly8RJLs6bKpFu7MtxKggc=; b=M+ODzfZPYsy3i89UY5rpX9kCN7 2ne1CT5x+7AjOzXz9akE2nJeu97zog+Nah0HRIPSbDzD3TPA7/+id0jzP0GUJ7V8W62+SpA7eQzHN PnDUjnEbmYxQBK0mfzppUFUDvOes22a5wXQ9NOQa2jhm1VVXLgCn+54I/GVEd5QbNO+8=; Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1uUSxa-00050y-P7; Wed, 25 Jun 2025 16:26:54 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1uUSxT-00050m-OV for openvpn-devel@lists.sourceforge.net; Wed, 25 Jun 2025 16:26:47 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=pF0PkzROf/CRlwJKvwkKdiPbqVv49vlhnf6ySCa80dQ=; b=DsI2TTUzAGajPp9vk5xe9lXEeb WAm/jQIyr3mTFJGnjCyMPAgOZhbD2Y5mpGIVJ+q81BC0GWOm+LnvYydmaFlUz3AG9Z6VUnlcuOXnr y8NjE70Sw8+A5hh8UYADhpzDwwP+riezXrU8C2VKlUny257qSDnHQhIIY0hiqJm+tPhE=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=pF0PkzROf/CRlwJKvwkKdiPbqVv49vlhnf6ySCa80dQ=; b=L5Wmh36rlcSBRfBBkKLzMCaXon L2QVpMLPHVu+vMwwzT5018raLyC6i/+yfzS15qXnI9HtsY3xUAqGNpwZ/2QBK3LUjR1bliCtdFJVg 4I7FBmmR6S9e9L76gvcYDOwC1KQsFuAs1QTNl01lfXlGRMtviModQmYrsKbO1tppSxEs=; Received: from [193.149.48.143] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1uUSxS-0001C1-8i for openvpn-devel@lists.sourceforge.net; Wed, 25 Jun 2025 16:26:47 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 55PGQc8L007794 for ; Wed, 25 Jun 2025 18:26:38 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 55PGQc6S007793 for openvpn-devel@lists.sourceforge.net; Wed, 25 Jun 2025 18:26:38 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Wed, 25 Jun 2025 18:26:31 +0200 Message-ID: <20250625162638.7769-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Ralf Lici When sending an OVPN_CMD_NEW_PEER netlink message to ovpn, we currently attempt to include the local port along with the local address. However, `dco_multi_get_localaddr()` does not record the port, s [...] Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_DNSWL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to DNSWL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#DnsBlocklists-dnsbl-block for more information. [193.149.48.143 listed in list.dnswl.org] 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URI: openvpn.net] 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1uUSxS-0001C1-8i Subject: [Openvpn-devel] [PATCH v1] dco linux: avoid sending local port to ovpn X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1835919021582948284?= X-GMAIL-MSGID: =?utf-8?q?1835919021582948284?= From: Ralf Lici When sending an OVPN_CMD_NEW_PEER netlink message to ovpn, we currently attempt to include the local port along with the local address. However, `dco_multi_get_localaddr()` does not record the port, so we end up sending a zero value. This zero is rejected by ovpn's netlink policy, leading to an error and aborted connection. Since openvpn does not actually need to send the local port because the module retrieves it directly from the socket, this commit ensures that only the local address is sent. Change-Id: I5d9535d46e5a5488f4a2b637a6fcb99aad668fee Signed-off-by: Ralf Lici Acked-by: Antonio Quartulli --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1068 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Antonio Quartulli diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c index 0345413..22a445a 100644 --- a/src/openvpn/dco_linux.c +++ b/src/openvpn/dco_linux.c @@ -265,13 +265,11 @@ { NLA_PUT(nl_msg, OVPN_A_PEER_LOCAL_IPV4, sizeof(struct in_addr), &((struct sockaddr_in *)localaddr)->sin_addr); - NLA_PUT_U16(nl_msg, OVPN_A_PEER_LOCAL_PORT, ((struct sockaddr_in *)localaddr)->sin_port); } else if (localaddr->sa_family == AF_INET6) { NLA_PUT(nl_msg, OVPN_A_PEER_LOCAL_IPV6, sizeof(struct in6_addr), &((struct sockaddr_in6 *)localaddr)->sin6_addr); - NLA_PUT_U16(nl_msg, OVPN_A_PEER_LOCAL_PORT, ((struct sockaddr_in6 *)localaddr)->sin6_port); } }