From patchwork Mon Jan 12 17:11:12 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4699 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:b01a:b0:80a:3855:ce6a with SMTP id nz26csp3381681mab; Mon, 12 Jan 2026 09:11:40 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCUAmKN8xJpdXnLp27y5dvm7jw+iPIdJHzrQQ5tci5YnM1yBg85S9hVyhJd5D2f/6Rk/oJJQS/3Xyvc=@openvpn.net X-Google-Smtp-Source: AGHT+IH4+mEdNdOSBwb/bzsg3msVzmoGWaq3BwfznMXLJQ7+XDyb1dAGNdnNZmSuFmkshKklUzYt X-Received: by 2002:a05:6820:220a:b0:65f:6b62:1b5a with SMTP id 006d021491bc7-65f6b621fc1mr3968704eaf.39.1768237900096; Mon, 12 Jan 2026 09:11:40 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1768237900; cv=none; d=google.com; s=arc-20240605; b=c/5yJIxwHvcsI2eoigc6BK4RP60yunU24VULfBeZD3TFEqWeGirmbNwv7CiM5FBj+b sUkcOKtiwlZ1cbefWdrxmYLmBobBSls0mbM4JhLZaLEsnwonQ/0ssaoQ07C23K0BlE3M Oiz59yZmmXVbirfu1iZIo2Z14O8GkoAJmDTA4qf0UcISaaxCQ18jNJi5gIUdwPI1CmcZ EF1cR8B9BvrQg887YHlFYaUVMx11/19khym3pqctnMEvpDoS/r3DPLP3+t1gT81Tg4ph XvqClaAMkUfjhKNtg79b/ML3M/pJUf/Z3P5Q8qq8iJPHvHvppPwBP6UAmqJDPHHxKG+P 0bnw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=+axgfL38Ah8oI9T6CUU5jQFrcOjK07/ycm8AhuVDAAw=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=fe8k9BDmHqRKijN4B+l9MEc14NAuLchyVaFHt6AmWCjT4rFbK0JU26UaRk/CcGj5JH X/Iu3tkgosq8uVMVbHUFI/wvKhKZXUH6ehm8QvPb8JnOQSa9LatEvDs6MSSPyI5kEsjl hJhHr07AGxSSCmYkQ7dSAx8ZrbPXrqM3qfLv9OTUfhdCfTxOrEoL7Bux2hr8vUxNyK02 4gRnHKCb5TsapZ5KpvG/A3K5rsaFkyt9O1Y1ygSPe1HmjkKfdtBAr07/BWhxlHxnU6pt acjy1WPfCnAHAP8OQSx9ofUEQYYW3ATSUzpi/ZvIEnX2BiPA22N8KuLt9SYH4bZ27UrO RFLA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=AsdCQAtZ; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=h+I8SthE; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=YvoSsq2z; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 006d021491bc7-65f48d3fd6asi9977823eaf.81.2026.01.12.09.11.39 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 12 Jan 2026 09:11:39 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=AsdCQAtZ; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=h+I8SthE; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=YvoSsq2z; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=+axgfL38Ah8oI9T6CUU5jQFrcOjK07/ycm8AhuVDAAw=; b=AsdCQAtZ9G+rqPlecX7/FddZUL Bqe7CLTanQsJg2RsD+96jqJUmi6Z7pYdnvDxTuTHPXObm49Io0v7jmiod/WNUqGPNZU2HOh/JemR4 rB5uJhGR7ylS6yCXSRdtRvU1C2o/BemjTpgXFvaYCBIYoLW7i5pJvg03JAqGRexpoEJ8=; Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1vfLS1-0008Da-07; Mon, 12 Jan 2026 17:11:33 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1vfLRz-0008DT-Dd for openvpn-devel@lists.sourceforge.net; Mon, 12 Jan 2026 17:11:31 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=FcwX6gyMO7oJTO9pHrjfmdbrNvoRwBhvgxmsjWl/6ZA=; b=h+I8SthEGUMiziqHhs381vXLwo sQjVmA6EdLmnp5LpI4scYAlToAGq+sJvN5pIVB2VMLnG+6H+xHN1VIQAFIf66trBL/LYf43fgQU4h jNOz4YJ4vPOsWt6qEwrz7kTIbiXzbAjmfIGN/w5tTPBo6v3p2Puh5L1e19qR3d9Eises=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=FcwX6gyMO7oJTO9pHrjfmdbrNvoRwBhvgxmsjWl/6ZA=; b=YvoSsq2zAcPd22Ym4HnyF99o38 3K6S9wy3vxnnT4w6wuhFLJ4641h4Sw/bAeD8/akZbxFw84bM6/nafDXFgHnMWIyGdpk1QLQOUDX/A xF+V1hH+Mpeejcc2b1Ug6A2b2g4mEDkD8kbVluLA72em+K0MJluPNA4eKcfK8/9tOQU0=; Received: from [193.149.48.134] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1vfLRx-0006xU-SE for openvpn-devel@lists.sourceforge.net; Mon, 12 Jan 2026 17:11:31 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 60CHBM1X004017 for ; Mon, 12 Jan 2026 18:11:22 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 60CHBMbC004014 for openvpn-devel@lists.sourceforge.net; Mon, 12 Jan 2026 18:11:22 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Mon, 12 Jan 2026 18:11:12 +0100 Message-ID: <20260112171122.3994-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.51.2 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Frank Lichtenheld So that it is easier to check that we indeed have reserved this prior to assuming we have. Github: openvpn-private-issues#4 Change-Id: I0aca7e7d9aa190541f11745cf72193cb6b39540a Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe Gerrit [...] Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_DNSWL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to DNSWL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#DnsBlocklists-dnsbl-block for more information. [193.149.48.134 listed in list.dnswl.org] 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1vfLRx-0006xU-SE Subject: [Openvpn-devel] [PATCH v1] socks: Replace magic "10" for socks header with macro X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1854131824235618966?= X-GMAIL-MSGID: =?utf-8?q?1854131824235618966?= From: Frank Lichtenheld So that it is easier to check that we indeed have reserved this prior to assuming we have. Github: openvpn-private-issues#4 Change-Id: I0aca7e7d9aa190541f11745cf72193cb6b39540a Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1467 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1467 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Arne Schwabe diff --git a/src/openvpn/init.c b/src/openvpn/init.c index b690dff..4c23170 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -2927,7 +2927,7 @@ headroom += 4; /* socks proxy header */ - headroom += 10; + headroom += SOCKS_UDPv4_HEADROOM; /* compression header and fragment header (part of the encrypted payload) */ headroom += 1 + 1; diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c index 67ae67f..e5db8ab 100644 --- a/src/openvpn/mtu.c +++ b/src/openvpn/mtu.c @@ -66,11 +66,11 @@ bool tlsmode = options->tls_server || options->tls_client; - /* A socks proxy adds 10 byte of extra header to each packet + /* A socks proxy adds extra header to each packet * (we only support Socks with IPv4, this value is different for IPv6) */ if (options->ce.socks_proxy_server && proto_is_udp(options->ce.proto)) { - header_size += 10; + header_size += SOCKS_UDPv4_HEADROOM; } /* TCP stream based packets have a 16 bit length field */ diff --git a/src/openvpn/mtu.h b/src/openvpn/mtu.h index 29a7d04..ca8109c 100644 --- a/src/openvpn/mtu.h +++ b/src/openvpn/mtu.h @@ -94,6 +94,11 @@ */ #define PAYLOAD_ALIGN 4 +/* + * How many bytes we prepend for a SOCKS UDP proxy. + * This only handles IPv4 right now. + */ +#define SOCKS_UDPv4_HEADROOM 10 /**************************************************************************/ /** diff --git a/src/openvpn/socks.c b/src/openvpn/socks.c index 1e99c9a..078b4e1 100644 --- a/src/openvpn/socks.c +++ b/src/openvpn/socks.c @@ -434,7 +434,7 @@ } /* - * Remove the 10 byte socks5 header from an incoming + * Remove the socks5 header from an incoming * UDP packet, setting *from to the source address. * * Run after UDP read. @@ -444,7 +444,7 @@ { int atyp; - if (BLEN(buf) < 10) + if (BLEN(buf) < SOCKS_UDPv4_HEADROOM) { goto error; } @@ -471,7 +471,7 @@ } /* - * Add a 10 byte socks header prior to UDP write. + * Add a socks header prior to UDP write. * *to is the destination address. * * Run before UDP write. @@ -481,11 +481,11 @@ socks_process_outgoing_udp(struct buffer *buf, const struct link_socket_actual *to) { /* - * Get a 10 byte subset buffer prepended to buf -- + * Get a subset buffer prepended to buf -- * we expect these bytes will be here because * we always allocate space for these bytes */ - struct buffer head = buf_sub(buf, 10, true); + struct buffer head = buf_sub(buf, SOCKS_UDPv4_HEADROOM, true); /* crash if not enough headroom in buf */ ASSERT(buf_defined(&head)); @@ -496,5 +496,5 @@ buf_write(&head, &to->dest.addr.in4.sin_addr, sizeof(to->dest.addr.in4.sin_addr)); buf_write(&head, &to->dest.addr.in4.sin_port, sizeof(to->dest.addr.in4.sin_port)); - return 10; + return SOCKS_UDPv4_HEADROOM; }