From patchwork Tue Jun 9 22:45:49 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 1151 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director9.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id EPWoATKe4F5RTQAAIUCqbw for ; Wed, 10 Jun 2020 04:47:46 -0400 Received: from proxy4.mail.ord1d.rsapps.net ([172.30.191.6]) by director9.mail.ord1d.rsapps.net with LMTP id yMucATKe4F5GbgAAalYnBA ; Wed, 10 Jun 2020 04:47:46 -0400 Received: from smtp4.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy4.mail.ord1d.rsapps.net with LMTP id 6PlOATKe4F5XPAAAiYrejw ; Wed, 10 Jun 2020 04:47:46 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp4.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: 0da16efe-aaf7-11ea-9ffd-525400760ffc-1-1 Received: from [216.105.38.7] ([216.105.38.7:46998] helo=lists.sourceforge.net) by smtp4.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 4F/57-27120-13E90EE5; Wed, 10 Jun 2020 04:47:45 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1jiwNm-0001LV-IL; Wed, 10 Jun 2020 08:46:50 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jiwNl-0001KX-GE for openvpn-devel@lists.sourceforge.net; Wed, 10 Jun 2020 08:46:49 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=bkqpRlfAPgirTcekLbLY92XTE3eFdvFxom5mdU4V4K8=; b=OBqWCH9Ets6idZj/YNgtsLQXfM h//pmDjbSqdY4XMf8wGSkwuB6nMwEPMf5FKuO1+veAoO8QkXBxhps6Csp7y8oguxCINzBZMHXTRSq jBLw2nLXEfaxBWw9khXH15XGOi215NOeSFehrfKd4VjivUGy/DTF20A8lxAOhVR3gUHs=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=bkqpRlfAPgirTcekLbLY92XTE3eFdvFxom5mdU4V4K8=; b=f I8pvF4v1gE/ftUHI4H/3waIMtXRHbqrc3mvdI+7pVGoiUVzqUaebZ30mHNG7DzsKAV96QuvFhOosM eeosJIdyPAfJl8vxdUNx68qWtCx4JtCki8m3PWQCjVJk5i/+XM+X2QDSQL/c7ISyENW8Y97jot82a wvuwA+ZQ2AvEJ0bo=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1jiwNj-00Dupw-A4 for openvpn-devel@lists.sourceforge.net; Wed, 10 Jun 2020 08:46:49 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Wed, 10 Jun 2020 10:45:49 +0200 Message-Id: <20200610084549.4028-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: muc.de] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1jiwNj-00Dupw-A4 Subject: [Openvpn-devel] [PATCH] multi: skip IPv4 logic in multi_select_virtual_addr() if no pool is configured X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Gert Doering , Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox When no IPv4 pool is configured (but we have an IPv6 pool only), the multi_select_virtual_addr() function will spit a warning when allocating an address for a new client. This happens because the code will check for some IPv4 bits and will see that they are missing. However, these bits are not really important, because in this use case we don't want to configure any IPv4 address at all. For this reason it is safe to wrap this entire logic in an if-block that just does not execute when no IPv4 pool is configured. This avoids the warning and will also avoid any other hidden side effect. Reported-by: Gert Doering Signed-off-by: Antonio Quartulli Acked-by: Gert Doering --- src/openvpn/multi.c | 50 ++++++++++++++++++++++++--------------------- 1 file changed, 27 insertions(+), 23 deletions(-) diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 2fbbe9ec..99472f14 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -1504,36 +1504,40 @@ multi_select_virtual_addr(struct multi_context *m, struct multi_instance *mi) ? print_in6_addr( remote_ipv6, 0, &gc ) : "(Not enabled)") ); - /* set push_ifconfig_remote_netmask from pool ifconfig address(es) */ - mi->context.c2.push_ifconfig_local = remote; - if (tunnel_type == DEV_TYPE_TAP || (tunnel_type == DEV_TYPE_TUN && tunnel_topology == TOP_SUBNET)) + if (mi->context.options.ifconfig_pool_defined) { - mi->context.c2.push_ifconfig_remote_netmask = mi->context.options.ifconfig_pool_netmask; - if (!mi->context.c2.push_ifconfig_remote_netmask) + /* set push_ifconfig_remote_netmask from pool ifconfig address(es) */ + mi->context.c2.push_ifconfig_local = remote; + if (tunnel_type == DEV_TYPE_TAP || (tunnel_type == DEV_TYPE_TUN && tunnel_topology == TOP_SUBNET)) { - mi->context.c2.push_ifconfig_remote_netmask = mi->context.c1.tuntap->remote_netmask; + mi->context.c2.push_ifconfig_remote_netmask = mi->context.options.ifconfig_pool_netmask; + if (!mi->context.c2.push_ifconfig_remote_netmask) + { + mi->context.c2.push_ifconfig_remote_netmask = mi->context.c1.tuntap->remote_netmask; + } } - } - else if (tunnel_type == DEV_TYPE_TUN) - { - if (tunnel_topology == TOP_P2P) + else if (tunnel_type == DEV_TYPE_TUN) { - mi->context.c2.push_ifconfig_remote_netmask = mi->context.c1.tuntap->local; + if (tunnel_topology == TOP_P2P) + { + mi->context.c2.push_ifconfig_remote_netmask = mi->context.c1.tuntap->local; + } + else if (tunnel_topology == TOP_NET30) + { + mi->context.c2.push_ifconfig_remote_netmask = local; + } } - else if (tunnel_topology == TOP_NET30) + + if (mi->context.c2.push_ifconfig_remote_netmask) { - mi->context.c2.push_ifconfig_remote_netmask = local; + mi->context.c2.push_ifconfig_defined = true; + } + else + { + msg(D_MULTI_ERRORS, + "MULTI: no --ifconfig-pool netmask parameter is available to push to %s", + multi_instance_string(mi, false, &gc)); } - } - - if (mi->context.c2.push_ifconfig_remote_netmask) - { - mi->context.c2.push_ifconfig_defined = true; - } - else - { - msg(D_MULTI_ERRORS, "MULTI: no --ifconfig-pool netmask parameter is available to push to %s", - multi_instance_string(mi, false, &gc)); } if (mi->context.options.ifconfig_ipv6_pool_defined)