Attention is currently required from: d12fk, flichtenheld, plaisthos.
Hello flichtenheld, plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/904?usp=email
to look at the new patch set (#6).
Change subject: dns: clean up --dhcp-options when --dns is active
......................................................................
dns: clean up --dhcp-options when --dns is active
Since --dns settings overrule DNS related --dhcp-options,
remove the latter when we got some via --dns.
To stay as backward compatible as possible, the --dns server addresses
and search domains are added as foreign_options env vars, so that an
existing --up script can use them to set up DNS as before, without the
immediate need to change after an openvpn upgrade. Same goes for the
DNS information in struct tuntap_options, which is used by Android.
In case an --up script is defined, the --dns-updown is not run to
prevent potential double DNS configuration.
Change-Id: I635c4018fb43b5976a39b6a90cb2e9cb2570cd6a
Signed-off-by: Heiko Hund <he...@ist.eigentlich.net>
---
M src/openvpn/dns.c
M src/openvpn/options.c
2 files changed, 155 insertions(+), 1 deletion(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/04/904/6
diff --git a/src/openvpn/dns.c b/src/openvpn/dns.c
index 0ad8e44..6a5999a 100644
--- a/src/openvpn/dns.c
+++ b/src/openvpn/dns.c
@@ -703,7 +703,7 @@
static void
run_up_down_command(bool up, struct options *o, const struct tuntap *tt,
struct dns_updown_runner_info *updown_runner)
{
- if (!o->dns_options.updown)
+ if (!o->dns_options.updown || o->up_script)
{
return;
}
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index b63f929..966230a 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -4163,6 +4163,160 @@
if (success)
{
dns_options_postprocess_pull(&o->dns_options);
+ if (!o->dns_options.servers)
+ {
+ return true;
+ }
+
+#if defined(_WIN32) || defined(TARGET_ANDROID)
+ /* Remove DNS related --dhcp-options */
+ struct tuntap_options *tt = &o->tuntap_options;
+ tt->dns_len = 0;
+ tt->dns6_len = 0;
+ tt->domain = NULL;
+ tt->domain_search_list_len = 0;
+
+#if defined(TARGET_ANDROID)
+ /* Set options from --dns config */
+ const struct dns_domain *d = o->dns_options.search_domains;
+ while (d && tt->domain_search_list_len + 1 < N_SEARCH_LIST_LEN)
+ {
+ tt->domain_search_list[tt->domain_search_list_len++] = d->name;
+ d = d->next;
+ }
+
+ const struct dns_server *s = o->dns_options.servers;
+ while (s)
+ {
+ bool non_standard_server_port = false;
+ for (int i = 0; i < s->addr_count; ++i)
+ {
+ if (s->addr[i].port && s->addr[i].port != 53)
+ {
+ non_standard_server_port = true;
+ break;
+ }
+ }
+ if ((s->transport && s->transport != DNS_TRANSPORT_PLAIN)
+ || (s->dnssec && s->dnssec != DNS_SECURITY_NO)
+ || non_standard_server_port)
+ {
+ /* Skip servers requiring unsupported config to be set */
+ s = s->next;
+ }
+ else
+ {
+ for (int i = 0; i < s->addr_count; ++i)
+ {
+ if (s->addr[i].family == AF_INET && tt->dns_len + 1 <
N_DHCP_ADDR)
+ {
+ tt->dns[tt->dns_len++] = s->addr[i].in.a4.s_addr;
+ }
+ else if (tt->dns6_len + 1 < N_DHCP_ADDR)
+ {
+ tt->dns6[tt->dns6_len] = s->addr[i].in.a6;
+ }
+ }
+ break;
+ }
+ }
+#endif /* if defined(TARGET_ANDROID) */
+
+#else /* if defined(_WIN32) || defined(TARGET_ANDROID) */
+
+ /* Clean up env from --dhcp-option DNS config */
+ struct gc_arena gc = gc_new();
+ struct buffer name = alloc_buf_gc(OPTION_PARM_SIZE, &gc);
+ struct buffer value = alloc_buf_gc(OPTION_PARM_SIZE, &gc);
+
+ const int fo_count = o->foreign_option_index;
+ o->foreign_option_index = 0;
+
+ for (int i = 1; i <= fo_count; ++i)
+ {
+ buf_clear(&name);
+ buf_printf(&name, "foreign_option_%d", i);
+ const char *env_str = env_set_get(es, BSTR(&name));
+ const char *item_val = strchr(env_str, '=') + 1;
+ buf_clear(&value);
+ buf_printf(&value, "%s", item_val);
+
+ /* Remove foreign option item from env set */
+ env_set_del(es, BSTR(&name));
+
+ item_val = BSTR(&value);
+ if (strncmp(item_val, "dhcp-option ", 12) != 0
+ || (strncmp(item_val + 12, "ADAPTER-DOMAIN-SUFFIX ", 22) != 0
+ && strncmp(item_val + 12, "DOMAIN-SEARCH ", 14) != 0
+ && strncmp(item_val + 12, "DOMAIN ", 7) != 0
+ && strncmp(item_val + 12, "DNS6 ", 5) != 0
+ && strncmp(item_val + 12, "DNS ", 4) != 0))
+ {
+ /* Re-set the item with potentially updated name */
+ buf_clear(&name);
+ buf_printf(&name, "foreign_option_%d",
++o->foreign_option_index);
+ setenv_str(es, BSTR(&name), BSTR(&value));
+ }
+ }
+
+ /* Set foreign option env vars from --dns config */
+ if (!o->up_script)
+ {
+ /* No need to, when there is no --up script */
+ return true;
+ }
+ const char *p[] = { "dhcp-option", NULL, NULL };
+ size_t p_len = sizeof(p) / sizeof(p[0]);
+
+ p[1] = "DOMAIN";
+ const struct dns_domain *d = o->dns_options.search_domains;
+ while (d)
+ {
+ p[2] = d->name;
+ setenv_foreign_option(o, (const char **)p, p_len, es);
+ d = d->next;
+ }
+
+ const struct dns_server *s = o->dns_options.servers;
+ while (s)
+ {
+ bool non_standard_server_port = false;
+ for (int i = 0; i < s->addr_count; ++i)
+ {
+ if (s->addr[i].port && s->addr[i].port != 53)
+ {
+ non_standard_server_port = true;
+ break;
+ }
+ }
+ if ((s->transport && s->transport != DNS_TRANSPORT_PLAIN)
+ || (s->dnssec && s->dnssec != DNS_SECURITY_NO)
+ || non_standard_server_port)
+ {
+ /* Skip servers requiring unsupported config to be set */
+ s = s->next;
+ }
+ else
+ {
+ for (int i = 0; i < s->addr_count; ++i)
+ {
+ if (s->addr[i].family == AF_INET)
+ {
+ p[1] = "DNS";
+ p[2] = print_in_addr_t(s->addr[i].in.a4.s_addr,
IA_NET_ORDER, &gc);
+ }
+ else
+ {
+ p[1] = "DNS6";
+ p[2] = print_in6_addr(s->addr[i].in.a6, 0, &gc);
+ }
+ setenv_foreign_option(o, (const char **)p, p_len, es);
+ }
+ break;
+ }
+ }
+ gc_free(&gc);
+#endif /* defined(_WIN32) || defined(TARGET_ANDROID) */
}
return success;
}
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/904?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I635c4018fb43b5976a39b6a90cb2e9cb2570cd6a
Gerrit-Change-Number: 904
Gerrit-PatchSet: 6
Gerrit-Owner: d12fk <he...@openvpn.net>
Gerrit-Reviewer: flichtenheld <fr...@lichtenheld.com>
Gerrit-Reviewer: plaisthos <arne-open...@rfc2549.org>
Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net>
Gerrit-Attention: plaisthos <arne-open...@rfc2549.org>
Gerrit-Attention: flichtenheld <fr...@lichtenheld.com>
Gerrit-Attention: d12fk <he...@openvpn.net>
Gerrit-MessageType: newpatchset
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
