Attention is currently required from: d12fk, plaisthos. flichtenheld has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/489?usp=email )
Change subject: Windows: enforce 'block-local' with WFP filters ...................................................................... Patch Set 1: Code-Review-1 (9 comments) File doc/man-sections/vpn-network-options.rst: http://gerrit.openvpn.net/c/openvpn/+/489/comment/fae460bf_083f3462 : PS1, Line 357: Push this flag to defend against the TunnelCrack attacks. Should explain a bit more what this protects against. A reference to TunnelCrack is fine but the documentation should be understandable without looking it up. File src/openvpn/init.c: http://gerrit.openvpn.net/c/openvpn/+/489/comment/c60f4d43_2e7f9790 : PS1, Line 1971: /* Fortify 'redirect-gateway block-local' with firewall rules? */ Since this hunk and the previous are completely identical I would move them to a separate function. 12 lines are definitely worth it IMHO. File src/openvpn/route.h: http://gerrit.openvpn.net/c/openvpn/+/489/comment/703fcdb5_6ee704b9 : PS1, Line 248: * is connected. This definatly returns false when not redirecting the gateway Typo "definatly" File src/openvpn/route.c: http://gerrit.openvpn.net/c/openvpn/+/489/comment/39e95055_e284408d : PS1, Line 612: size_t i; no reason to leave that on its own line File src/openvpn/wfp_block.c: http://gerrit.openvpn.net/c/openvpn/+/489/comment/d821e3e7_d0986f52 : PS1, Line 167: * Block outgoing port 53 traffic except for "port 53" needs to be changed to reflect the new functionality http://gerrit.openvpn.net/c/openvpn/+/489/comment/81797d0e_701d2e70 : PS1, Line 197: FWPM_FILTER_CONDITION0 Condition[2]; Why remove the "= {0}" here? http://gerrit.openvpn.net/c/openvpn/+/489/comment/d1a0883e_d9fb0c63 : PS1, Line 294: /* Third filter. Block IPv4 to port 53 or all besided loopback. */ "besides"? Or maybe "except"? http://gerrit.openvpn.net/c/openvpn/+/489/comment/919ec205_02180481 : PS1, Line 303: /* Forth filter. Block IPv6 to port 53 or all besides loopback */ "Fourth" File src/openvpn/win32.c: http://gerrit.openvpn.net/c/openvpn/+/489/comment/8c406c41_df81902d : PS1, Line 1225: if (ret == false) Simplify to "!win_get_exe_path(openvpnpath, _countof(openvpnpath))" -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/489?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ic9bf797bfc7e2d471998a84cb0f071db3e4832ba Gerrit-Change-Number: 489 Gerrit-PatchSet: 1 Gerrit-Owner: d12fk <he...@openvpn.net> Gerrit-Reviewer: flichtenheld <fr...@lichtenheld.com> Gerrit-Reviewer: plaisthos <arne-open...@rfc2549.org> Gerrit-CC: cron2 <g...@greenie.muc.de> Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net> Gerrit-Attention: plaisthos <arne-open...@rfc2549.org> Gerrit-Attention: d12fk <he...@openvpn.net> Gerrit-Comment-Date: Tue, 09 Jan 2024 09:15:29 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
