[Openvpn-devel] [M] Change in openvpn[master]: Minor fix to process_ip_header
cron2 has uploaded a new patch set (#6) to the change originally created by its_Giaan. ( http://gerrit.openvpn.net/c/openvpn/+/525?usp=email ) The following approvals got outdated and were removed: Code-Review+2 by flichtenheld, Code-Review+2 by plaisthos Change subject: Minor fix to process_ip_header .. Minor fix to process_ip_header Removed if-guard checking if any feature is enabled before performing per-feature check. It doesn't save us much but instead introduces uneeded complexity. While at it, fixed a typo IMCP -> ICMP for defined PIPV6_ICMP_NOHOST_CLIENT and PIPV6_ICMP_NOHOST_SERVER macros. Fixes: Trac https://community.openvpn.net/openvpn/ticket/269 Change-Id: I4b5e8357d872c920efdb64632e9bce72cebee202 Signed-off-by: Gianmarco De Gregori Acked-by: Arne Schwabe Acked-by: Frank Lichtenheld Message-Id: <20240307124616.16358-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28345.html Signed-off-by: Gert Doering --- M src/openvpn/forward.c M src/openvpn/forward.h M src/openvpn/multi.c 3 files changed, 49 insertions(+), 61 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/25/525/6 diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 0443ca0..556c465 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -1460,7 +1460,7 @@ * us to examine the IP header (IPv4 or IPv6). */ unsigned int flags = PIPV4_PASSTOS | PIP_MSSFIX | PIPV4_CLIENT_NAT - | PIPV6_IMCP_NOHOST_CLIENT; + | PIPV6_ICMP_NOHOST_CLIENT; process_ip_header(c, flags, >c2.buf); #ifdef PACKET_TRUNCATION_CHECK @@ -1644,73 +1644,60 @@ } if (!c->options.block_ipv6) { -flags &= ~(PIPV6_IMCP_NOHOST_CLIENT | PIPV6_IMCP_NOHOST_SERVER); +flags &= ~(PIPV6_ICMP_NOHOST_CLIENT | PIPV6_ICMP_NOHOST_SERVER); } if (buf->len > 0) { -/* - * The --passtos and --mssfix options require - * us to examine the IPv4 header. - */ - -if (flags & (PIP_MSSFIX -#if PASSTOS_CAPABILITY - | PIPV4_PASSTOS -#endif - | PIPV4_CLIENT_NAT - )) +struct buffer ipbuf = *buf; +if (is_ipv4(TUNNEL_TYPE(c->c1.tuntap), )) { -struct buffer ipbuf = *buf; -if (is_ipv4(TUNNEL_TYPE(c->c1.tuntap), )) -{ #if PASSTOS_CAPABILITY -/* extract TOS from IP header */ -if (flags & PIPV4_PASSTOS) -{ -link_socket_extract_tos(c->c2.link_socket, ); -} +/* extract TOS from IP header */ +if (flags & PIPV4_PASSTOS) +{ +link_socket_extract_tos(c->c2.link_socket, ); +} #endif -/* possibly alter the TCP MSS */ -if (flags & PIP_MSSFIX) -{ -mss_fixup_ipv4(, c->c2.frame.mss_fix); -} - -/* possibly do NAT on packet */ -if ((flags & PIPV4_CLIENT_NAT) && c->options.client_nat) -{ -const int direction = (flags & PIP_OUTGOING) ? CN_INCOMING : CN_OUTGOING; -client_nat_transform(c->options.client_nat, , direction); -} -/* possibly extract a DHCP router message */ -if (flags & PIPV4_EXTRACT_DHCP_ROUTER) -{ -const in_addr_t dhcp_router = dhcp_extract_router_msg(); -if (dhcp_router) -{ -route_list_add_vpn_gateway(c->c1.route_list, c->c2.es, dhcp_router); -} -} -} -else if (is_ipv6(TUNNEL_TYPE(c->c1.tuntap), )) +/* possibly alter the TCP MSS */ +if (flags & PIP_MSSFIX) { -/* possibly alter the TCP MSS */ -if (flags & PIP_MSSFIX) -{ -mss_fixup_ipv6(, c->c2.frame.mss_fix); -} -if (!(flags & PIP_OUTGOING) && (flags -&(PIPV6_IMCP_NOHOST_CLIENT | PIPV6_IMCP_NOHOST_SERVER))) -{ -ipv6_send_icmp_unreachable(c, buf, - (bool)(flags & PIPV6_IMCP_NOHOST_CLIENT)); -/* Drop the IPv6 packet */ -buf->len = 0; -} - +mss_fixup_ipv4(, c->c2.frame.mss_fix); } + +/* possibly do NAT on packet */ +if ((flags & PIPV4_CLIENT_NAT) && c->options.client_nat) +{ +const int direction = (flags & PIP_OUTGOING) ? CN_INCOMING : CN_OUTGOING; +
[Openvpn-devel] [M] Change in openvpn[master]: Minor fix to process_ip_header
cron2 has submitted this change. ( http://gerrit.openvpn.net/c/openvpn/+/525?usp=email ) Change subject: Minor fix to process_ip_header .. Minor fix to process_ip_header Removed if-guard checking if any feature is enabled before performing per-feature check. It doesn't save us much but instead introduces uneeded complexity. While at it, fixed a typo IMCP -> ICMP for defined PIPV6_ICMP_NOHOST_CLIENT and PIPV6_ICMP_NOHOST_SERVER macros. Fixes: Trac https://community.openvpn.net/openvpn/ticket/269 Change-Id: I4b5e8357d872c920efdb64632e9bce72cebee202 Signed-off-by: Gianmarco De Gregori Acked-by: Arne Schwabe Acked-by: Frank Lichtenheld Message-Id: <20240307124616.16358-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28345.html Signed-off-by: Gert Doering --- M src/openvpn/forward.c M src/openvpn/forward.h M src/openvpn/multi.c 3 files changed, 49 insertions(+), 61 deletions(-) diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 0443ca0..556c465 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -1460,7 +1460,7 @@ * us to examine the IP header (IPv4 or IPv6). */ unsigned int flags = PIPV4_PASSTOS | PIP_MSSFIX | PIPV4_CLIENT_NAT - | PIPV6_IMCP_NOHOST_CLIENT; + | PIPV6_ICMP_NOHOST_CLIENT; process_ip_header(c, flags, >c2.buf); #ifdef PACKET_TRUNCATION_CHECK @@ -1644,73 +1644,60 @@ } if (!c->options.block_ipv6) { -flags &= ~(PIPV6_IMCP_NOHOST_CLIENT | PIPV6_IMCP_NOHOST_SERVER); +flags &= ~(PIPV6_ICMP_NOHOST_CLIENT | PIPV6_ICMP_NOHOST_SERVER); } if (buf->len > 0) { -/* - * The --passtos and --mssfix options require - * us to examine the IPv4 header. - */ - -if (flags & (PIP_MSSFIX -#if PASSTOS_CAPABILITY - | PIPV4_PASSTOS -#endif - | PIPV4_CLIENT_NAT - )) +struct buffer ipbuf = *buf; +if (is_ipv4(TUNNEL_TYPE(c->c1.tuntap), )) { -struct buffer ipbuf = *buf; -if (is_ipv4(TUNNEL_TYPE(c->c1.tuntap), )) -{ #if PASSTOS_CAPABILITY -/* extract TOS from IP header */ -if (flags & PIPV4_PASSTOS) -{ -link_socket_extract_tos(c->c2.link_socket, ); -} +/* extract TOS from IP header */ +if (flags & PIPV4_PASSTOS) +{ +link_socket_extract_tos(c->c2.link_socket, ); +} #endif -/* possibly alter the TCP MSS */ -if (flags & PIP_MSSFIX) -{ -mss_fixup_ipv4(, c->c2.frame.mss_fix); -} - -/* possibly do NAT on packet */ -if ((flags & PIPV4_CLIENT_NAT) && c->options.client_nat) -{ -const int direction = (flags & PIP_OUTGOING) ? CN_INCOMING : CN_OUTGOING; -client_nat_transform(c->options.client_nat, , direction); -} -/* possibly extract a DHCP router message */ -if (flags & PIPV4_EXTRACT_DHCP_ROUTER) -{ -const in_addr_t dhcp_router = dhcp_extract_router_msg(); -if (dhcp_router) -{ -route_list_add_vpn_gateway(c->c1.route_list, c->c2.es, dhcp_router); -} -} -} -else if (is_ipv6(TUNNEL_TYPE(c->c1.tuntap), )) +/* possibly alter the TCP MSS */ +if (flags & PIP_MSSFIX) { -/* possibly alter the TCP MSS */ -if (flags & PIP_MSSFIX) -{ -mss_fixup_ipv6(, c->c2.frame.mss_fix); -} -if (!(flags & PIP_OUTGOING) && (flags -&(PIPV6_IMCP_NOHOST_CLIENT | PIPV6_IMCP_NOHOST_SERVER))) -{ -ipv6_send_icmp_unreachable(c, buf, - (bool)(flags & PIPV6_IMCP_NOHOST_CLIENT)); -/* Drop the IPv6 packet */ -buf->len = 0; -} - +mss_fixup_ipv4(, c->c2.frame.mss_fix); } + +/* possibly do NAT on packet */ +if ((flags & PIPV4_CLIENT_NAT) && c->options.client_nat) +{ +const int direction = (flags & PIP_OUTGOING) ? CN_INCOMING : CN_OUTGOING; +client_nat_transform(c->options.client_nat, , direction); +} +/* possibly extract a DHCP router message */ +if (flags & PIPV4_EXTRACT_DHCP_ROUTER) +{ +const in_addr_t dhcp_router =
[Openvpn-devel] [M] Change in openvpn[master]: Minor fix to process_ip_header
Attention is currently required from: its_Giaan, ordex. Hello flichtenheld, ordex, plaisthos, I'd like you to reexamine a change. Please visit http://gerrit.openvpn.net/c/openvpn/+/525?usp=email to look at the new patch set (#5). The change is no longer submittable: checks~ChecksSubmitRule is unsatisfied now. Change subject: Minor fix to process_ip_header .. Minor fix to process_ip_header Removed if-guard checking if any feature is enabled before performing per-feature check. It doesn't save us much but instead introduces uneeded complexity. While at it, fixed a typo IMCP -> ICMP for defined PIPV6_ICMP_NOHOST_CLIENT and PIPV6_ICMP_NOHOST_SERVER macros. Fixes: Trac https://community.openvpn.net/openvpn/ticket/269 Change-Id: I4b5e8357d872c920efdb64632e9bce72cebee202 Signed-off-by: Gianmarco De Gregori --- M src/openvpn/forward.c M src/openvpn/forward.h M src/openvpn/multi.c 3 files changed, 49 insertions(+), 61 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/25/525/5 diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 0443ca0..556c465 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -1460,7 +1460,7 @@ * us to examine the IP header (IPv4 or IPv6). */ unsigned int flags = PIPV4_PASSTOS | PIP_MSSFIX | PIPV4_CLIENT_NAT - | PIPV6_IMCP_NOHOST_CLIENT; + | PIPV6_ICMP_NOHOST_CLIENT; process_ip_header(c, flags, >c2.buf); #ifdef PACKET_TRUNCATION_CHECK @@ -1644,73 +1644,60 @@ } if (!c->options.block_ipv6) { -flags &= ~(PIPV6_IMCP_NOHOST_CLIENT | PIPV6_IMCP_NOHOST_SERVER); +flags &= ~(PIPV6_ICMP_NOHOST_CLIENT | PIPV6_ICMP_NOHOST_SERVER); } if (buf->len > 0) { -/* - * The --passtos and --mssfix options require - * us to examine the IPv4 header. - */ - -if (flags & (PIP_MSSFIX -#if PASSTOS_CAPABILITY - | PIPV4_PASSTOS -#endif - | PIPV4_CLIENT_NAT - )) +struct buffer ipbuf = *buf; +if (is_ipv4(TUNNEL_TYPE(c->c1.tuntap), )) { -struct buffer ipbuf = *buf; -if (is_ipv4(TUNNEL_TYPE(c->c1.tuntap), )) -{ #if PASSTOS_CAPABILITY -/* extract TOS from IP header */ -if (flags & PIPV4_PASSTOS) -{ -link_socket_extract_tos(c->c2.link_socket, ); -} +/* extract TOS from IP header */ +if (flags & PIPV4_PASSTOS) +{ +link_socket_extract_tos(c->c2.link_socket, ); +} #endif -/* possibly alter the TCP MSS */ -if (flags & PIP_MSSFIX) -{ -mss_fixup_ipv4(, c->c2.frame.mss_fix); -} - -/* possibly do NAT on packet */ -if ((flags & PIPV4_CLIENT_NAT) && c->options.client_nat) -{ -const int direction = (flags & PIP_OUTGOING) ? CN_INCOMING : CN_OUTGOING; -client_nat_transform(c->options.client_nat, , direction); -} -/* possibly extract a DHCP router message */ -if (flags & PIPV4_EXTRACT_DHCP_ROUTER) -{ -const in_addr_t dhcp_router = dhcp_extract_router_msg(); -if (dhcp_router) -{ -route_list_add_vpn_gateway(c->c1.route_list, c->c2.es, dhcp_router); -} -} -} -else if (is_ipv6(TUNNEL_TYPE(c->c1.tuntap), )) +/* possibly alter the TCP MSS */ +if (flags & PIP_MSSFIX) { -/* possibly alter the TCP MSS */ -if (flags & PIP_MSSFIX) -{ -mss_fixup_ipv6(, c->c2.frame.mss_fix); -} -if (!(flags & PIP_OUTGOING) && (flags -&(PIPV6_IMCP_NOHOST_CLIENT | PIPV6_IMCP_NOHOST_SERVER))) -{ -ipv6_send_icmp_unreachable(c, buf, - (bool)(flags & PIPV6_IMCP_NOHOST_CLIENT)); -/* Drop the IPv6 packet */ -buf->len = 0; -} - +mss_fixup_ipv4(, c->c2.frame.mss_fix); } + +/* possibly do NAT on packet */ +if ((flags & PIPV4_CLIENT_NAT) && c->options.client_nat) +{ +const int direction = (flags & PIP_OUTGOING) ? CN_INCOMING : CN_OUTGOING; +client_nat_transform(c->options.client_nat, , direction); +} +/* possibly extract a DHCP router message */ +if (flags &
[Openvpn-devel] [M] Change in openvpn[master]: Minor fix to process_ip_header
Attention is currently required from: its_Giaan, ordex. Hello flichtenheld, ordex, plaisthos, I'd like you to reexamine a change. Please visit http://gerrit.openvpn.net/c/openvpn/+/525?usp=email to look at the new patch set (#4). The change is no longer submittable: checks~ChecksSubmitRule is unsatisfied now. Change subject: Minor fix to process_ip_header .. Minor fix to process_ip_header Removed if-guard checking if any feature is enabled before performing per-feature check. It doesn't save us much but instead introduces uneeded complexity. While at it, fixed a typo IMCP -> ICMP for defined PIPV6_ICMP_NOHOST_CLIENT and PIPV6_ICMP_NOHOST_SERVER macros. Fixes: Trac https://community.openvpn.net/openvpn/ticket/269 Change-Id: I4b5e8357d872c920efdb64632e9bce72cebee202 Signed-off-by: Gianmarco De Gregori --- M src/openvpn/forward.c M src/openvpn/forward.h M src/openvpn/multi.c 3 files changed, 49 insertions(+), 61 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/25/525/4 diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 0443ca0..556c465 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -1460,7 +1460,7 @@ * us to examine the IP header (IPv4 or IPv6). */ unsigned int flags = PIPV4_PASSTOS | PIP_MSSFIX | PIPV4_CLIENT_NAT - | PIPV6_IMCP_NOHOST_CLIENT; + | PIPV6_ICMP_NOHOST_CLIENT; process_ip_header(c, flags, >c2.buf); #ifdef PACKET_TRUNCATION_CHECK @@ -1644,73 +1644,60 @@ } if (!c->options.block_ipv6) { -flags &= ~(PIPV6_IMCP_NOHOST_CLIENT | PIPV6_IMCP_NOHOST_SERVER); +flags &= ~(PIPV6_ICMP_NOHOST_CLIENT | PIPV6_ICMP_NOHOST_SERVER); } if (buf->len > 0) { -/* - * The --passtos and --mssfix options require - * us to examine the IPv4 header. - */ - -if (flags & (PIP_MSSFIX -#if PASSTOS_CAPABILITY - | PIPV4_PASSTOS -#endif - | PIPV4_CLIENT_NAT - )) +struct buffer ipbuf = *buf; +if (is_ipv4(TUNNEL_TYPE(c->c1.tuntap), )) { -struct buffer ipbuf = *buf; -if (is_ipv4(TUNNEL_TYPE(c->c1.tuntap), )) -{ #if PASSTOS_CAPABILITY -/* extract TOS from IP header */ -if (flags & PIPV4_PASSTOS) -{ -link_socket_extract_tos(c->c2.link_socket, ); -} +/* extract TOS from IP header */ +if (flags & PIPV4_PASSTOS) +{ +link_socket_extract_tos(c->c2.link_socket, ); +} #endif -/* possibly alter the TCP MSS */ -if (flags & PIP_MSSFIX) -{ -mss_fixup_ipv4(, c->c2.frame.mss_fix); -} - -/* possibly do NAT on packet */ -if ((flags & PIPV4_CLIENT_NAT) && c->options.client_nat) -{ -const int direction = (flags & PIP_OUTGOING) ? CN_INCOMING : CN_OUTGOING; -client_nat_transform(c->options.client_nat, , direction); -} -/* possibly extract a DHCP router message */ -if (flags & PIPV4_EXTRACT_DHCP_ROUTER) -{ -const in_addr_t dhcp_router = dhcp_extract_router_msg(); -if (dhcp_router) -{ -route_list_add_vpn_gateway(c->c1.route_list, c->c2.es, dhcp_router); -} -} -} -else if (is_ipv6(TUNNEL_TYPE(c->c1.tuntap), )) +/* possibly alter the TCP MSS */ +if (flags & PIP_MSSFIX) { -/* possibly alter the TCP MSS */ -if (flags & PIP_MSSFIX) -{ -mss_fixup_ipv6(, c->c2.frame.mss_fix); -} -if (!(flags & PIP_OUTGOING) && (flags -&(PIPV6_IMCP_NOHOST_CLIENT | PIPV6_IMCP_NOHOST_SERVER))) -{ -ipv6_send_icmp_unreachable(c, buf, - (bool)(flags & PIPV6_IMCP_NOHOST_CLIENT)); -/* Drop the IPv6 packet */ -buf->len = 0; -} - +mss_fixup_ipv4(, c->c2.frame.mss_fix); } + +/* possibly do NAT on packet */ +if ((flags & PIPV4_CLIENT_NAT) && c->options.client_nat) +{ +const int direction = (flags & PIP_OUTGOING) ? CN_INCOMING : CN_OUTGOING; +client_nat_transform(c->options.client_nat, , direction); +} +/* possibly extract a DHCP router message */ +if (flags &
[Openvpn-devel] [M] Change in openvpn[master]: Minor fix to process_ip_header
Attention is currently required from: its_Giaan, ordex. Hello flichtenheld, ordex, plaisthos, I'd like you to reexamine a change. Please visit http://gerrit.openvpn.net/c/openvpn/+/525?usp=email to look at the new patch set (#3). The change is no longer submittable: checks~ChecksSubmitRule is unsatisfied now. Change subject: Minor fix to process_ip_header .. Minor fix to process_ip_header Removed if-guard checking if any feature is enabled before performing per-feature check. It doesn't save us much but instead introduces uneeded complexity. While at it, fixed a typo IMCP -> ICMP for defined PIPV6_ICMP_NOHOST_CLIENT and PIPV6_ICMP_NOHOST_SERVER macros. Fixes: Trac https://community.openvpn.net/openvpn/ticket/269 Change-Id: I4b5e8357d872c920efdb64632e9bce72cebee202 Signed-off-by: Gianmarco De Gregori --- M src/openvpn/forward.c M src/openvpn/forward.h M src/openvpn/multi.c 3 files changed, 49 insertions(+), 61 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/25/525/3 diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 0443ca0..556c465 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -1460,7 +1460,7 @@ * us to examine the IP header (IPv4 or IPv6). */ unsigned int flags = PIPV4_PASSTOS | PIP_MSSFIX | PIPV4_CLIENT_NAT - | PIPV6_IMCP_NOHOST_CLIENT; + | PIPV6_ICMP_NOHOST_CLIENT; process_ip_header(c, flags, >c2.buf); #ifdef PACKET_TRUNCATION_CHECK @@ -1644,73 +1644,60 @@ } if (!c->options.block_ipv6) { -flags &= ~(PIPV6_IMCP_NOHOST_CLIENT | PIPV6_IMCP_NOHOST_SERVER); +flags &= ~(PIPV6_ICMP_NOHOST_CLIENT | PIPV6_ICMP_NOHOST_SERVER); } if (buf->len > 0) { -/* - * The --passtos and --mssfix options require - * us to examine the IPv4 header. - */ - -if (flags & (PIP_MSSFIX -#if PASSTOS_CAPABILITY - | PIPV4_PASSTOS -#endif - | PIPV4_CLIENT_NAT - )) +struct buffer ipbuf = *buf; +if (is_ipv4(TUNNEL_TYPE(c->c1.tuntap), )) { -struct buffer ipbuf = *buf; -if (is_ipv4(TUNNEL_TYPE(c->c1.tuntap), )) -{ #if PASSTOS_CAPABILITY -/* extract TOS from IP header */ -if (flags & PIPV4_PASSTOS) -{ -link_socket_extract_tos(c->c2.link_socket, ); -} +/* extract TOS from IP header */ +if (flags & PIPV4_PASSTOS) +{ +link_socket_extract_tos(c->c2.link_socket, ); +} #endif -/* possibly alter the TCP MSS */ -if (flags & PIP_MSSFIX) -{ -mss_fixup_ipv4(, c->c2.frame.mss_fix); -} - -/* possibly do NAT on packet */ -if ((flags & PIPV4_CLIENT_NAT) && c->options.client_nat) -{ -const int direction = (flags & PIP_OUTGOING) ? CN_INCOMING : CN_OUTGOING; -client_nat_transform(c->options.client_nat, , direction); -} -/* possibly extract a DHCP router message */ -if (flags & PIPV4_EXTRACT_DHCP_ROUTER) -{ -const in_addr_t dhcp_router = dhcp_extract_router_msg(); -if (dhcp_router) -{ -route_list_add_vpn_gateway(c->c1.route_list, c->c2.es, dhcp_router); -} -} -} -else if (is_ipv6(TUNNEL_TYPE(c->c1.tuntap), )) +/* possibly alter the TCP MSS */ +if (flags & PIP_MSSFIX) { -/* possibly alter the TCP MSS */ -if (flags & PIP_MSSFIX) -{ -mss_fixup_ipv6(, c->c2.frame.mss_fix); -} -if (!(flags & PIP_OUTGOING) && (flags -&(PIPV6_IMCP_NOHOST_CLIENT | PIPV6_IMCP_NOHOST_SERVER))) -{ -ipv6_send_icmp_unreachable(c, buf, - (bool)(flags & PIPV6_IMCP_NOHOST_CLIENT)); -/* Drop the IPv6 packet */ -buf->len = 0; -} - +mss_fixup_ipv4(, c->c2.frame.mss_fix); } + +/* possibly do NAT on packet */ +if ((flags & PIPV4_CLIENT_NAT) && c->options.client_nat) +{ +const int direction = (flags & PIP_OUTGOING) ? CN_INCOMING : CN_OUTGOING; +client_nat_transform(c->options.client_nat, , direction); +} +/* possibly extract a DHCP router message */ +if (flags &
[Openvpn-devel] [M] Change in openvpn[master]: Minor fix to process_ip_header
Attention is currently required from: its_Giaan, ordex. plaisthos has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/525?usp=email ) Change subject: Minor fix to process_ip_header .. Patch Set 2: Code-Review+2 (1 comment) Patchset: PS2: We could clean up this more but this is a good first step -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/525?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I4b5e8357d872c920efdb64632e9bce72cebee202 Gerrit-Change-Number: 525 Gerrit-PatchSet: 2 Gerrit-Owner: its_Giaan Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: ordex Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-Attention: its_Giaan Gerrit-Attention: ordex Gerrit-Comment-Date: Mon, 04 Mar 2024 16:36:25 + Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [M] Change in openvpn[master]: Minor fix to process_ip_header
Attention is currently required from: its_Giaan, ordex, plaisthos. flichtenheld has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/525?usp=email ) Change subject: Minor fix to process_ip_header .. Patch Set 2: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/525?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I4b5e8357d872c920efdb64632e9bce72cebee202 Gerrit-Change-Number: 525 Gerrit-PatchSet: 2 Gerrit-Owner: its_Giaan Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: ordex Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: its_Giaan Gerrit-Attention: ordex Gerrit-Comment-Date: Tue, 20 Feb 2024 14:49:44 + Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [M] Change in openvpn[master]: Minor fix to process_ip_header
Attention is currently required from: flichtenheld, its_Giaan, ordex, plaisthos. Hello flichtenheld, ordex, plaisthos, I'd like you to reexamine a change. Please visit http://gerrit.openvpn.net/c/openvpn/+/525?usp=email to look at the new patch set (#2). The following approvals got outdated and were removed: Code-Review-1 by ordex Change subject: Minor fix to process_ip_header .. Minor fix to process_ip_header Removed if-guard checking if any feature is enabled before performing per-feature check. It doesn't save us much but instead introduces uneeded complexity. While at it, fixed a typo IMCP -> ICMP for defined PIPV6_ICMP_NOHOST_CLIENT and PIPV6_ICMP_NOHOST_SERVER macros. Fixes: Trac https://community.openvpn.net/openvpn/ticket/269 Change-Id: I4b5e8357d872c920efdb64632e9bce72cebee202 Signed-off-by: Gianmarco De Gregori --- M src/openvpn/forward.c M src/openvpn/forward.h M src/openvpn/multi.c 3 files changed, 49 insertions(+), 61 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/25/525/2 diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 0443ca0..556c465 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -1460,7 +1460,7 @@ * us to examine the IP header (IPv4 or IPv6). */ unsigned int flags = PIPV4_PASSTOS | PIP_MSSFIX | PIPV4_CLIENT_NAT - | PIPV6_IMCP_NOHOST_CLIENT; + | PIPV6_ICMP_NOHOST_CLIENT; process_ip_header(c, flags, >c2.buf); #ifdef PACKET_TRUNCATION_CHECK @@ -1644,73 +1644,60 @@ } if (!c->options.block_ipv6) { -flags &= ~(PIPV6_IMCP_NOHOST_CLIENT | PIPV6_IMCP_NOHOST_SERVER); +flags &= ~(PIPV6_ICMP_NOHOST_CLIENT | PIPV6_ICMP_NOHOST_SERVER); } if (buf->len > 0) { -/* - * The --passtos and --mssfix options require - * us to examine the IPv4 header. - */ - -if (flags & (PIP_MSSFIX -#if PASSTOS_CAPABILITY - | PIPV4_PASSTOS -#endif - | PIPV4_CLIENT_NAT - )) +struct buffer ipbuf = *buf; +if (is_ipv4(TUNNEL_TYPE(c->c1.tuntap), )) { -struct buffer ipbuf = *buf; -if (is_ipv4(TUNNEL_TYPE(c->c1.tuntap), )) -{ #if PASSTOS_CAPABILITY -/* extract TOS from IP header */ -if (flags & PIPV4_PASSTOS) -{ -link_socket_extract_tos(c->c2.link_socket, ); -} +/* extract TOS from IP header */ +if (flags & PIPV4_PASSTOS) +{ +link_socket_extract_tos(c->c2.link_socket, ); +} #endif -/* possibly alter the TCP MSS */ -if (flags & PIP_MSSFIX) -{ -mss_fixup_ipv4(, c->c2.frame.mss_fix); -} - -/* possibly do NAT on packet */ -if ((flags & PIPV4_CLIENT_NAT) && c->options.client_nat) -{ -const int direction = (flags & PIP_OUTGOING) ? CN_INCOMING : CN_OUTGOING; -client_nat_transform(c->options.client_nat, , direction); -} -/* possibly extract a DHCP router message */ -if (flags & PIPV4_EXTRACT_DHCP_ROUTER) -{ -const in_addr_t dhcp_router = dhcp_extract_router_msg(); -if (dhcp_router) -{ -route_list_add_vpn_gateway(c->c1.route_list, c->c2.es, dhcp_router); -} -} -} -else if (is_ipv6(TUNNEL_TYPE(c->c1.tuntap), )) +/* possibly alter the TCP MSS */ +if (flags & PIP_MSSFIX) { -/* possibly alter the TCP MSS */ -if (flags & PIP_MSSFIX) -{ -mss_fixup_ipv6(, c->c2.frame.mss_fix); -} -if (!(flags & PIP_OUTGOING) && (flags -&(PIPV6_IMCP_NOHOST_CLIENT | PIPV6_IMCP_NOHOST_SERVER))) -{ -ipv6_send_icmp_unreachable(c, buf, - (bool)(flags & PIPV6_IMCP_NOHOST_CLIENT)); -/* Drop the IPv6 packet */ -buf->len = 0; -} - +mss_fixup_ipv4(, c->c2.frame.mss_fix); } + +/* possibly do NAT on packet */ +if ((flags & PIPV4_CLIENT_NAT) && c->options.client_nat) +{ +const int direction = (flags & PIP_OUTGOING) ? CN_INCOMING : CN_OUTGOING; +client_nat_transform(c->options.client_nat, , direction); +} +/* possibly extract a DHCP router message */ +if