From patchwork Wed Nov 12 21:51:00 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4592 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:6d04:b0:7b1:439f:bdf with SMTP id e4csp437572may; Wed, 12 Nov 2025 13:51:23 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCUegYGW3P/UYy9KNm90AvUf/PEg3jzfSlz9xNLmsCV4ZsvdDLBDC99riuvz3wM9RLCMiPmMlxsg7OA=@openvpn.net X-Google-Smtp-Source: AGHT+IFat5IglDPI68ZiOpoVTXSf+gJ9wlNIt7mTaX6KuyAfOmududcA0gx5o0kQoXWJygKdDn2r X-Received: by 2002:a05:6808:6a83:b0:450:5e3a:6f1a with SMTP id 5614622812f47-450744e151cmr2274300b6e.20.1762984283756; Wed, 12 Nov 2025 13:51:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1762984283; cv=none; d=google.com; s=arc-20240605; b=d1L6+plG7w6sx8ZUhqn7fgiYnH0j1KPOGk6vt3NGP4k/7gahUZgXJXwHObDFWuNn9r o+NzhcfeqirxY6WZN/HgRWb74rvPgigamNZBShZ7vCLNvSsVJrnaKMnV1MS6j34I+ZQd 4ay4dGNz8RPwY6nv2nVQTvpWvaBnfrR/qFB7gPdu488usDxG5FsloJmv9wYbTTb3rQM7 Niyv0GWbKCRBZN9IQo7EvRRHcZq/KhfdKM4+ptyD4SCM327nCDolGQFArfqRpE612iHJ R+Cl6enmDvkgiXxz89VtNT/QHzHg3k3Bxgi3o3kIAvYrb5+hWzm2vzNBSexovTY0H2cK bg6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=d+CCo8orGG6fKe6lv0OlQ0rH1HAkq42X4aCIPKO4834=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=JzQX/hrVBBxxe2jP+ptwP4TQtZraRI2HOncfFWyzyxz0nUngy5r6gasvDh0t8tqCW/ b+CvvICHcU0hphJxxxONf8nLQmfXP/pLFqhcm6274ZZs+mAiLTqhs30GLUSWE2LNgUoR ROvGTGSoa9d0ka3VA3n6mvpecIHeMNL9nzDYLkaOICOw3bBsvaGA7Rc8UA/xKtYCxy79 Lk+T0LDfSoJn5pw/iMzX7f7t0oWDYH7pU5rf6BZqrneSZRaeNBIj+0/pXhHBQWZfX8cQ ShX1fTBGn2g73iK8WvVHkLujUUvC9MayBSYqfv0uY25NcYSzlpmnx1FoBXyrCvSi+gnZ nX4w==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=A4OO3i2K; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=gKsFdbJb; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=jzKSN3Dv; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 5614622812f47-45002749c2dsi6875076b6e.75.2025.11.12.13.51.23 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 12 Nov 2025 13:51:23 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=A4OO3i2K; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=gKsFdbJb; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=jzKSN3Dv; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=d+CCo8orGG6fKe6lv0OlQ0rH1HAkq42X4aCIPKO4834=; b=A4OO3i2Kf5bqIUa2X4y9OjmJTC QDkrT2qzPA2bX4Bj6U7KzdqnUPPrznQZKhOv5hHVRYnKyiDNvUc0BUg5pS1EDakijeLoI9vlUgzJz e/2+Jl/fPp9oG/ALnEVHiD6gcH2KW93pal3jV3oY/647jDh6FaFPKf3dVI/OfkTKcPBo=; Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1vJIkH-0006bW-5b; Wed, 12 Nov 2025 21:51:17 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1vJIkF-0006bO-4e for openvpn-devel@lists.sourceforge.net; Wed, 12 Nov 2025 21:51:15 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=V7ttdemZ/xqkyVGK7u2OWm5XE7gnNAZctFDFziRcQBg=; b=gKsFdbJb4NEuA8KELosErN3p3O dz812vwCgsi3hA0mExcWbPJtJAJRpTzfBUvK78LarHZTvP8z0xIox7MheJC4VXbEXzYjV5Q+UL4ty MfwvTuCUE5IDsC1lbOmcixitHfI8kj3TxO0gP7KgzU6epAIS91mtwfecY3BoN/JayXzg=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=V7ttdemZ/xqkyVGK7u2OWm5XE7gnNAZctFDFziRcQBg=; b=jzKSN3DviezVU5FIiw5Op0kDdp izJGKX/KpL8JYOxZdnIkcVW1r1gL61f9T5EO0usI+dm3yfQViTfSXHjeG6FAeEOt+D3xQadyJyZOI XyNisatsXCAQvhVVpZGNcH5UGMejrPXpS6PZp1BqLfDZVuEjF5WzY1pb2Lii+TSyxm1c=; Received: from [193.149.48.134] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1vJIkD-0006Dt-Vh for openvpn-devel@lists.sourceforge.net; Wed, 12 Nov 2025 21:51:15 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 5ACLp7w2014216 for ; Wed, 12 Nov 2025 22:51:07 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 5ACLp7cC014215 for openvpn-devel@lists.sourceforge.net; Wed, 12 Nov 2025 22:51:07 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Wed, 12 Nov 2025 22:51:00 +0100 Message-ID: <20251112215106.14182-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.49.1 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Heiko Hund When adding block rules, the interface metric of the VPN adapter is temporarily modified so that an old version of Windows 10 would pick it up first when looking up stuff via DNS. These metrics are re [...] Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1vJIkD-0006Dt-Vh Subject: [Openvpn-devel] [PATCH v2] iservice: use saved iface index to restore metric X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1848623008402335514?= X-GMAIL-MSGID: =?utf-8?q?1848623008402335514?= From: Heiko Hund When adding block rules, the interface metric of the VPN adapter is temporarily modified so that an old version of Windows 10 would pick it up first when looking up stuff via DNS. These metrics are reverted to the old value when the block is removed. When reverting them, instead of using the stored interface index where the original values were read from, we were using the interface index passed to the service with the wfp block message. That index could theoretically be different from the one stored, which would result in the metric being set to the wrong interface. Reported-by: stephan@srlabs.de Change-Id: Ia74a931c703d594bdf8ccada9b783b94608de278 Signed-off-by: Heiko Hund Acked-by: Lev Stipakov Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1363 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1363 This mail reflects revision 2 of this Change. Acked-by according to Gerrit (reflected above): Lev Stipakov diff --git a/src/openvpnserv/interactive.c b/src/openvpnserv/interactive.c index 0712986..33282c63 100644 --- a/src/openvpnserv/interactive.c +++ b/src/openvpnserv/interactive.c @@ -752,7 +752,7 @@ } static DWORD -DeleteWfpBlock(const wfp_block_message_t *msg, undo_lists_t *lists) +DeleteWfpBlock(undo_lists_t *lists) { DWORD err = 0; wfp_block_data_t *block_data = RemoveListItem(&(*lists)[wfp_block], CmpAny, NULL); @@ -762,11 +762,11 @@ err = delete_wfp_block_filters(block_data->engine); if (block_data->metric_v4 >= 0) { - set_interface_metric(msg->iface.index, AF_INET, block_data->metric_v4); + set_interface_metric(block_data->index, AF_INET, block_data->metric_v4); } if (block_data->metric_v6 >= 0) { - set_interface_metric(msg->iface.index, AF_INET6, block_data->metric_v6); + set_interface_metric(block_data->index, AF_INET6, block_data->metric_v6); } free(block_data); } @@ -829,7 +829,7 @@ if (err) { /* delete the filters, remove undo item and free interface data */ - DeleteWfpBlock(msg, lists); + DeleteWfpBlock(lists); engine = NULL; } } @@ -854,7 +854,7 @@ } else { - return DeleteWfpBlock(msg, lists); + return DeleteWfpBlock(lists); } }