From: David Sommerseth <d...@users.sourceforge.net> (I'm withdrawing the first version, and suggesting this patch to be used instead, as this one follows the new feature deprecation process.)
Based on a discussion on the mailing list and in the IRC meeting Feb 18, it was decided to remove get_random() from the getaddr() function as that can conflict with round-robin/randomization done by DNS servers. For now this feature is enabled by default, but can be disabled by running ./configure with --disable-depr-random-resolv. In the future this will be changed to being disabled by default before getting removed. Signed-off-by: David Sommerseth <d...@users.sourceforge.net> --- configure.ac | 17 +++++++++++++++++ socket.c | 14 +++++++++++--- 2 files changed, 28 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index 116ff7c..7ffa903 100644 --- a/configure.ac +++ b/configure.ac @@ -911,6 +911,23 @@ if test -z "${htmldir}"; then fi # end workaround +# +# Deprecated features +# +# See http://www.secure-computing.net/wiki/index.php/OpenVPN/Developer_documentation +# for more info about the feature deprecation process. +# + +AC_ARG_ENABLE(depr-random-resolv, + [ --disable-depr-random-resolv Deprecated feature: Randomization of hostname resolving when more than one IP address], + [DEPRECATE_RANDRESOLV="$enableval"], + [DEPRECATE_RANDRESOLV="yes"] +) +if test "$DEPRECATE_RANDRESOLV" = "yes"; then + AC_DEFINE(DEPRECATED_RANDOM_RESOLV, 1, [Deprecated feature: Randomization of hostname resolving when more than one IP address]) +fi + + AC_OUTPUT([ Makefile openvpn.spec diff --git a/socket.c b/socket.c index fecc398..c963a21 100644 --- a/socket.c +++ b/socket.c @@ -205,6 +205,10 @@ getaddr (unsigned int flags, { if (h->h_addr_list[1]) /* more than one address returned */ { +#ifdef DEPRECATED_RANDOM_RESOLV +#warning +#warning **** DEPRECATED FEATURE **** DEPRECATED_RANDOM_RESOLV is enabled +#warning int n = 0; /* count address list */ @@ -212,12 +216,16 @@ getaddr (unsigned int flags, ++n; ASSERT (n >= 2); - msg (D_RESOLVE_ERRORS, "RESOLVE: NOTE: %s resolves to %d addresses, choosing one by random", - hostname, - n); + msg (D_RESOLVE_ERRORS, "RESOLVE: NOTE: %s resolves to %d addresses, choosing one by random." + " [DEPRECATED FEATURE]", hostname, n); /* choose address randomly, for basic load-balancing capability */ ia.s_addr = *(in_addr_t *) (h->h_addr_list[get_random () % n]); + +#else /* preferred solution */ + msg (D_RESOLVE_ERRORS, "RESOLVE: NOTE: %s resolves to more than one IP address, will " + "use the first resolved address", hostname); +#endif /* ENABLE_RANDOM_RESOLV */ } } -- 1.6.6