openvpn-devel Mailing List for OpenVPN

cron2 has uploaded a new patch set (#5) to the change originally created by plaisthos. ( http://gerrit.openvpn.net/c/openvpn/+/909?usp=email ) The following approvals got outdated and were removed: Code-Review+2 by cron2 Change subject: Mention address if not unspecific on DNS failure ...................................................................... Mention address if not unspecific on DNS failure With the recent changes breaking configs that included lport 0, it became apparent that having the address family in the error message when resolving fails, would have made diagnosis in this case and probably others much easier. Change-Id: I1c8fcd5bb6e1fa0020d52879eefbafdb2630e7b5 Signed-off-by: Arne Schwabe <ar...@rf...> Acked-by: Gert Doering <ge...@gr...> Message-Id: <202...@gr...> URL: https://www.mail-archive.com/ope...@li.../msg31237.html Signed-off-by: Gert Doering <ge...@gr...> --- M src/openvpn/socket.c 1 file changed, 19 insertions(+), 2 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/09/909/5 diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index 6b32e30..09de1b0 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -445,6 +445,22 @@ throw_signal_soft(SIGHUP, "Preresolving failed"); } +/** + * Small helper function for openvpn_getaddrinfo to print the address + * family when resolving fails + */ +static const char * +getaddrinfo_addr_family_name(int af) +{ + switch (af) + { + case AF_INET: return "[AF_INET]"; + + case AF_INET6: return "[AF_INET6]"; + } + return ""; +} + /* * Translate IPv4/IPv6 addr or hostname into struct addrinfo * If resolve error, try again for resolve_retry_seconds seconds. @@ -545,11 +561,11 @@ print_hostname = "undefined"; } - fmt = "RESOLVE: Cannot resolve host address: %s:%s (%s)"; + fmt = "RESOLVE: Cannot resolve host address: %s:%s%s (%s)"; if ((flags & GETADDR_MENTION_RESOLVE_RETRY) && !resolve_retry_seconds) { - fmt = "RESOLVE: Cannot resolve host address: %s:%s (%s) " + fmt = "RESOLVE: Cannot resolve host address: %s:%s%s (%s)" "(I would have retried this name query if you had " "specified the --resolv-retry option.)"; } @@ -639,6 +655,7 @@ fmt, print_hostname, print_servname, + getaddrinfo_addr_family_name(ai_family), gai_strerror(status)); if (--resolve_retries <= 0) -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/909?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I1c8fcd5bb6e1fa0020d52879eefbafdb2630e7b5 Gerrit-Change-Number: 909 Gerrit-PatchSet: 5 Gerrit-Owner: plaisthos <arn...@rf...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-MessageType: newpatchset 

cron2 has submitted this change. ( http://gerrit.openvpn.net/c/openvpn/+/909?usp=email ) Change subject: Mention address if not unspecific on DNS failure ...................................................................... Mention address if not unspecific on DNS failure With the recent changes breaking configs that included lport 0, it became apparent that having the address family in the error message when resolving fails, would have made diagnosis in this case and probably others much easier. Change-Id: I1c8fcd5bb6e1fa0020d52879eefbafdb2630e7b5 Signed-off-by: Arne Schwabe <ar...@rf...> Acked-by: Gert Doering <ge...@gr...> Message-Id: <202...@gr...> URL: https://www.mail-archive.com/ope...@li.../msg31237.html Signed-off-by: Gert Doering <ge...@gr...> --- M src/openvpn/socket.c 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index 6b32e30..09de1b0 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -445,6 +445,22 @@ throw_signal_soft(SIGHUP, "Preresolving failed"); } +/** + * Small helper function for openvpn_getaddrinfo to print the address + * family when resolving fails + */ +static const char * +getaddrinfo_addr_family_name(int af) +{ + switch (af) + { + case AF_INET: return "[AF_INET]"; + + case AF_INET6: return "[AF_INET6]"; + } + return ""; +} + /* * Translate IPv4/IPv6 addr or hostname into struct addrinfo * If resolve error, try again for resolve_retry_seconds seconds. @@ -545,11 +561,11 @@ print_hostname = "undefined"; } - fmt = "RESOLVE: Cannot resolve host address: %s:%s (%s)"; + fmt = "RESOLVE: Cannot resolve host address: %s:%s%s (%s)"; if ((flags & GETADDR_MENTION_RESOLVE_RETRY) && !resolve_retry_seconds) { - fmt = "RESOLVE: Cannot resolve host address: %s:%s (%s) " + fmt = "RESOLVE: Cannot resolve host address: %s:%s%s (%s)" "(I would have retried this name query if you had " "specified the --resolv-retry option.)"; } @@ -639,6 +655,7 @@ fmt, print_hostname, print_servname, + getaddrinfo_addr_family_name(ai_family), gai_strerror(status)); if (--resolve_retries <= 0) -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/909?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I1c8fcd5bb6e1fa0020d52879eefbafdb2630e7b5 Gerrit-Change-Number: 909 Gerrit-PatchSet: 5 Gerrit-Owner: plaisthos <arn...@rf...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-MessageType: merged 

Stared at it, and tested, and it's indeed quite useful (v3 had a stray "%s" which is fixed in v4). Without the patch, trying with "--local <v6 address>" + "--remote <v4only>" RESOLVE: Cannot resolve host address: v4only.v6.de:51194 (No address associated with hostname) with the patch: RESOLVE: Cannot resolve host address: v4only.v6.de:51194[AF_INET6] (No address associated with hostname) so when trying to diagnose user reports, this immediately points to "mmmh, something is forcing v6 here, why?". With no --local and no --proto udp4, nothing is forced, and thus: RESOLVE: Cannot resolve host address: nix.v6.de:51194 (Name or service not known) Your patch has been applied to the master branch. commit d16781531898b4c5a76cfe6cba02fccce9afb8ad Author: Arne Schwabe Date: Tue Mar 25 20:57:43 2025 +0100 Mention address if not unspecific on DNS failure Signed-off-by: Arne Schwabe <ar...@rf...> Acked-by: Gert Doering <ge...@gr...> Message-Id: <202...@gr...> URL: https://www.mail-archive.com/ope...@li.../msg31237.html Signed-off-by: Gert Doering <ge...@gr...> -- kind regards, Gert Doering 

Attention is currently required from: flichtenheld, plaisthos. cron2 has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/909?usp=email ) Change subject: Mention address if not unspecific on DNS failure ...................................................................... Patch Set 4: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/909?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I1c8fcd5bb6e1fa0020d52879eefbafdb2630e7b5 Gerrit-Change-Number: 909 Gerrit-PatchSet: 4 Gerrit-Owner: plaisthos <arn...@rf...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Comment-Date: Tue, 25 Mar 2025 19:57:33 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment 

From: Arne Schwabe <ar...@rf...> With the recent changes breaking configs that included lport 0, it became apparent that having the address family in the error message when resolving fails, would have made diagnosis in this case and probably others much easier. Change-Id: I1c8fcd5bb6e1fa0020d52879eefbafdb2630e7b5 Signed-off-by: Arne Schwabe <ar...@rf...> Acked-by: Gert Doering <ge...@gr...> --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/909 This mail reflects revision 4 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering <ge...@gr...> diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index 6b32e30..09de1b0 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -445,6 +445,22 @@ throw_signal_soft(SIGHUP, "Preresolving failed"); } +/** + * Small helper function for openvpn_getaddrinfo to print the address + * family when resolving fails + */ +static const char * +getaddrinfo_addr_family_name(int af) +{ + switch (af) + { + case AF_INET: return "[AF_INET]"; + + case AF_INET6: return "[AF_INET6]"; + } + return ""; +} + /* * Translate IPv4/IPv6 addr or hostname into struct addrinfo * If resolve error, try again for resolve_retry_seconds seconds. @@ -545,11 +561,11 @@ print_hostname = "undefined"; } - fmt = "RESOLVE: Cannot resolve host address: %s:%s (%s)"; + fmt = "RESOLVE: Cannot resolve host address: %s:%s%s (%s)"; if ((flags & GETADDR_MENTION_RESOLVE_RETRY) && !resolve_retry_seconds) { - fmt = "RESOLVE: Cannot resolve host address: %s:%s (%s) " + fmt = "RESOLVE: Cannot resolve host address: %s:%s%s (%s)" "(I would have retried this name query if you had " "specified the --resolv-retry option.)"; } @@ -639,6 +655,7 @@ fmt, print_hostname, print_servname, + getaddrinfo_addr_family_name(ai_family), gai_strerror(status)); if (--resolve_retries <= 0) 

Attention is currently required from: cron2, flichtenheld, plaisthos. Hello cron2, flichtenheld, I'd like you to reexamine a change. Please visit http://gerrit.openvpn.net/c/openvpn/+/909?usp=email to look at the new patch set (#4). The following approvals got outdated and were removed: Code-Review+2 by cron2 The change is no longer submittable: Code-Review and checks~ChecksSubmitRule are unsatisfied now. Change subject: Mention address if not unspecific on DNS failure ...................................................................... Mention address if not unspecific on DNS failure With the recent changes breaking configs that included lport 0, it became apparent that having the address family in the error message when resolving fails, would have made diagnosis in this case and probably others much easier. Change-Id: I1c8fcd5bb6e1fa0020d52879eefbafdb2630e7b5 Signed-off-by: Arne Schwabe <ar...@rf...> --- M src/openvpn/socket.c 1 file changed, 19 insertions(+), 2 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/09/909/4 diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index 6b32e30..09de1b0 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -445,6 +445,22 @@ throw_signal_soft(SIGHUP, "Preresolving failed"); } +/** + * Small helper function for openvpn_getaddrinfo to print the address + * family when resolving fails + */ +static const char * +getaddrinfo_addr_family_name(int af) +{ + switch (af) + { + case AF_INET: return "[AF_INET]"; + + case AF_INET6: return "[AF_INET6]"; + } + return ""; +} + /* * Translate IPv4/IPv6 addr or hostname into struct addrinfo * If resolve error, try again for resolve_retry_seconds seconds. @@ -545,11 +561,11 @@ print_hostname = "undefined"; } - fmt = "RESOLVE: Cannot resolve host address: %s:%s (%s)"; + fmt = "RESOLVE: Cannot resolve host address: %s:%s%s (%s)"; if ((flags & GETADDR_MENTION_RESOLVE_RETRY) && !resolve_retry_seconds) { - fmt = "RESOLVE: Cannot resolve host address: %s:%s (%s) " + fmt = "RESOLVE: Cannot resolve host address: %s:%s%s (%s)" "(I would have retried this name query if you had " "specified the --resolv-retry option.)"; } @@ -639,6 +655,7 @@ fmt, print_hostname, print_servname, + getaddrinfo_addr_family_name(ai_family), gai_strerror(status)); if (--resolve_retries <= 0) -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/909?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I1c8fcd5bb6e1fa0020d52879eefbafdb2630e7b5 Gerrit-Change-Number: 909 Gerrit-PatchSet: 4 Gerrit-Owner: plaisthos <arn...@rf...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: cron2 <ge...@gr...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-MessageType: newpatchset 

From: Antonio Quartulli <an...@ma...> When creating a socket to connect to a remote (this happens in client mode) always use the protocol specified for the remote. The listening protocol in this case is just ignored as it does not make any sense. Change-Id: I6d2ec69ac7a9ef5900d8f1d8541d6a19c9cb7df9 Signed-off-by: Antonio Quartulli <an...@ma...> Acked-by: Arne Schwabe <arn...@rf...> --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/911 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Arne Schwabe <arn...@rf...> diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index 6b32e30..ad97830 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -1886,6 +1886,11 @@ const char *remote_host = o->ce.remote; const char *remote_port = o->ce.remote_port; + if (remote_host) + { + proto = o->ce.proto; + } + if (c->mode == CM_CHILD_TCP || c->mode == CM_CHILD_UDP) { struct link_socket *tmp_sock = NULL; 

From: Arne Schwabe <ar...@rf...> With the recent changes breaking configs that included lport 0, it became apparent that having the address family in the error message when resolving fails, would have made diagnosis in this case and probably others much easier. Change-Id: I1c8fcd5bb6e1fa0020d52879eefbafdb2630e7b5 Signed-off-by: Arne Schwabe <ar...@rf...> Acked-by: Gert Doering <ge...@gr...> --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/909 This mail reflects revision 3 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering <ge...@gr...> diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index 6b32e30..bea5393 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -445,6 +445,22 @@ throw_signal_soft(SIGHUP, "Preresolving failed"); } +/** + * Small helper function for openvpn_getaddrinfo to print the address + * family when resolving fails + */ +static const char * +getaddrinfo_addr_family_name(int af) +{ + switch (af) + { + case AF_INET: return "[AF_INET]"; + + case AF_INET6: return "[AF_INET6]"; + } + return ""; +} + /* * Translate IPv4/IPv6 addr or hostname into struct addrinfo * If resolve error, try again for resolve_retry_seconds seconds. @@ -545,11 +561,11 @@ print_hostname = "undefined"; } - fmt = "RESOLVE: Cannot resolve host address: %s:%s (%s)"; + fmt = "RESOLVE: Cannot resolve host address: %s:%s%s (%s)"; if ((flags & GETADDR_MENTION_RESOLVE_RETRY) && !resolve_retry_seconds) { - fmt = "RESOLVE: Cannot resolve host address: %s:%s (%s) " + fmt = "RESOLVE: Cannot resolve host address: %s:%s%s (%s) %s" "(I would have retried this name query if you had " "specified the --resolv-retry option.)"; } @@ -639,6 +655,7 @@ fmt, print_hostname, print_servname, + getaddrinfo_addr_family_name(ai_family), gai_strerror(status)); if (--resolve_retries <= 0) 

Attention is currently required from: flichtenheld, plaisthos. cron2 has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/909?usp=email ) Change subject: Mention address if not unspecific on DNS failure ...................................................................... Patch Set 3: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/909?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I1c8fcd5bb6e1fa0020d52879eefbafdb2630e7b5 Gerrit-Change-Number: 909 Gerrit-PatchSet: 3 Gerrit-Owner: plaisthos <arn...@rf...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Comment-Date: Tue, 25 Mar 2025 10:54:24 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment 

Attention is currently required from: cron2, flichtenheld. Hello cron2, flichtenheld, I'd like you to reexamine a change. Please visit http://gerrit.openvpn.net/c/openvpn/+/909?usp=email to look at the new patch set (#3). Change subject: Mention address if not unspecific on DNS failure ...................................................................... Mention address if not unspecific on DNS failure With the recent changes breaking configs that included lport 0, it became apparent that having the address family in the error message when resolving fails, would have made diagnosis in this case and probably others much easier. Change-Id: I1c8fcd5bb6e1fa0020d52879eefbafdb2630e7b5 Signed-off-by: Arne Schwabe <ar...@rf...> --- M src/openvpn/socket.c 1 file changed, 19 insertions(+), 2 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/09/909/3 diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index 6b32e30..bea5393 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -445,6 +445,22 @@ throw_signal_soft(SIGHUP, "Preresolving failed"); } +/** + * Small helper function for openvpn_getaddrinfo to print the address + * family when resolving fails + */ +static const char * +getaddrinfo_addr_family_name(int af) +{ + switch (af) + { + case AF_INET: return "[AF_INET]"; + + case AF_INET6: return "[AF_INET6]"; + } + return ""; +} + /* * Translate IPv4/IPv6 addr or hostname into struct addrinfo * If resolve error, try again for resolve_retry_seconds seconds. @@ -545,11 +561,11 @@ print_hostname = "undefined"; } - fmt = "RESOLVE: Cannot resolve host address: %s:%s (%s)"; + fmt = "RESOLVE: Cannot resolve host address: %s:%s%s (%s)"; if ((flags & GETADDR_MENTION_RESOLVE_RETRY) && !resolve_retry_seconds) { - fmt = "RESOLVE: Cannot resolve host address: %s:%s (%s) " + fmt = "RESOLVE: Cannot resolve host address: %s:%s%s (%s) %s" "(I would have retried this name query if you had " "specified the --resolv-retry option.)"; } @@ -639,6 +655,7 @@ fmt, print_hostname, print_servname, + getaddrinfo_addr_family_name(ai_family), gai_strerror(status)); if (--resolve_retries <= 0) -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/909?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I1c8fcd5bb6e1fa0020d52879eefbafdb2630e7b5 Gerrit-Change-Number: 909 Gerrit-PatchSet: 3 Gerrit-Owner: plaisthos <arn...@rf...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: cron2 <ge...@gr...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-MessageType: newpatchset 

Attention is currently required from: cron2, flichtenheld. Hello cron2, flichtenheld, I'd like you to reexamine a change. Please visit http://gerrit.openvpn.net/c/openvpn/+/909?usp=email to look at the new patch set (#2). The following approvals got outdated and were removed: Code-Review-1 by cron2 Change subject: Mention address if not unspecific on DNS failure ...................................................................... Mention address if not unspecific on DNS failure With the recent changes breaking configs that included lport 0, it became apparent that having the address family in the error message when resolving fails, would have made diagnosis in this case and probably others much easier. Change-Id: I1c8fcd5bb6e1fa0020d52879eefbafdb2630e7b5 Signed-off-by: Arne Schwabe <ar...@rf...> --- M src/openvpn/socket.c 1 file changed, 20 insertions(+), 3 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/09/909/2 diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index 6b32e30..c5ed6b8 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -445,6 +445,22 @@ throw_signal_soft(SIGHUP, "Preresolving failed"); } +/** + * Small helper function for openvpn_getaddrinfo to print the address + * family when resolving fails + */ +static const char * +getaddrinfo_addr_family_name(int af) +{ + switch (af) + { + case AF_INET: return "[AF_INET]"; + + case AF_INET6: return "[AF_INET6]"; + } + return ""; +} + /* * Translate IPv4/IPv6 addr or hostname into struct addrinfo * If resolve error, try again for resolve_retry_seconds seconds. @@ -545,11 +561,11 @@ print_hostname = "undefined"; } - fmt = "RESOLVE: Cannot resolve host address: %s:%s (%s)"; + fmt = "RESOLVE: Cannot resolve host address: %s:%s%s (%s)"; if ((flags & GETADDR_MENTION_RESOLVE_RETRY) && !resolve_retry_seconds) { - fmt = "RESOLVE: Cannot resolve host address: %s:%s (%s) " + fmt = "RESOLVE: Cannot resolve host address: %s:%s%s (%s) %s" "(I would have retried this name query if you had " "specified the --resolv-retry option.)"; } @@ -639,7 +655,8 @@ fmt, print_hostname, print_servname, - gai_strerror(status)); + getaddrinfo_addr_family_name(ai_family), + ai_strerror(status)); if (--resolve_retries <= 0) { -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/909?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I1c8fcd5bb6e1fa0020d52879eefbafdb2630e7b5 Gerrit-Change-Number: 909 Gerrit-PatchSet: 2 Gerrit-Owner: plaisthos <arn...@rf...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: cron2 <ge...@gr...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-MessageType: newpatchset 

Attention is currently required from: cron2, flichtenheld. plaisthos has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/909?usp=email ) Change subject: Mention address if not unspecific on DNS failure ...................................................................... Patch Set 1: (3 comments) File src/openvpn/socket.c: http://gerrit.openvpn.net/c/openvpn/+/909/comment/6529663b_69928b7d : PS1, Line 453: gettaddrinfo_addr_family_name(int af) > is the "double t" intentional? ge`tt`addrinfo? no, wil fix. http://gerrit.openvpn.net/c/openvpn/+/909/comment/048e756c_48e56f66 : PS1, Line 581: > intentional extra blank line? Acknowledged http://gerrit.openvpn.net/c/openvpn/+/909/comment/ccb3ef36_580e41de : PS1, Line 660: gettaddrinfo_addr_family_name(ai_family), > double "t" Done -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/909?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I1c8fcd5bb6e1fa0020d52879eefbafdb2630e7b5 Gerrit-Change-Number: 909 Gerrit-PatchSet: 1 Gerrit-Owner: plaisthos <arn...@rf...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: cron2 <ge...@gr...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Comment-Date: Tue, 25 Mar 2025 09:05:37 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: cron2 <ge...@gr...> Gerrit-MessageType: comment 

From: Antonio Quartulli <an...@ma...> With the introduction of multisocket, we need to transfer the AI family of the bound address to the socket, as it may differ from what was set globally. However, this operation makes sense only when getaddrinfo() for bind is performed on a non-empty hostname. An empty hostname (ANY) may return AF_INET which will break following connection attempts to v6 only remotes. Change-Id: I27f305d3ae9bf650bab409e99173688d9f88ab65 Signed-off-by: Antonio Quartulli <an...@ma...> Acked-by: Arne Schwabe <arn...@rf...> --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/907 This mail reflects revision 2 of this Change. Acked-by according to Gerrit (reflected above): Arne Schwabe <arn...@rf...> diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index 6b32e30..be7395d 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -1724,9 +1724,19 @@ gai_strerror(status)); } - /* the resolved 'local entry' might have a different family than what - * was globally configured */ - sock->info.af = sock->info.lsa->bind_local->ai_family; + /* the address family returned by openvpn_getaddrinfo() should be + * taken into consideration only if we really passed an hostname + * to resolve. Otherwise its value is not useful to us and may + * actually break our socket, i.e. when it returns AF_INET + * but our remote is v6 only. + */ + if (sock->local_host) + { + /* the resolved 'local entry' might have a different family than + * what was globally configured + */ + sock->info.af = sock->info.lsa->bind_local->ai_family; + } } gc_free(&gc); 

Attention is currently required from: flichtenheld, ordex. plaisthos has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/907?usp=email ) Change subject: socket: don't transfer bind family to socket in case of ANY address ...................................................................... Patch Set 2: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/907?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I27f305d3ae9bf650bab409e99173688d9f88ab65 Gerrit-Change-Number: 907 Gerrit-PatchSet: 2 Gerrit-Owner: ordex <an...@ma...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Attention: ordex <an...@ma...> Gerrit-Comment-Date: Tue, 25 Mar 2025 08:56:01 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment 

Attention is currently required from: flichtenheld, ordex. plaisthos has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/911?usp=email ) Change subject: socket: use remote proto when creating client sockets ...................................................................... Patch Set 1: (1 comment) Patchset: PS1: This fixes the bug I am seeing and looks good. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/911?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I6d2ec69ac7a9ef5900d8f1d8541d6a19c9cb7df9 Gerrit-Change-Number: 911 Gerrit-PatchSet: 1 Gerrit-Owner: ordex <an...@ma...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Attention: ordex <an...@ma...> Gerrit-Comment-Date: Tue, 25 Mar 2025 08:55:11 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Gerrit-MessageType: comment 

Attention is currently required from: flichtenheld, ordex. plaisthos has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/911?usp=email ) Change subject: socket: use remote proto when creating client sockets ...................................................................... Patch Set 1: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/911?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I6d2ec69ac7a9ef5900d8f1d8541d6a19c9cb7df9 Gerrit-Change-Number: 911 Gerrit-PatchSet: 1 Gerrit-Owner: ordex <an...@ma...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Attention: ordex <an...@ma...> Gerrit-Comment-Date: Tue, 25 Mar 2025 08:54:54 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment