git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Gert Doering <gert@greenie.muc.de>
	Mon, 24 Mar 2025 18:27:26 +0000 (19:27 +0100)
committer	Gert Doering <gert@greenie.muc.de>
	Mon, 24 Mar 2025 21:13:05 +0000 (22:13 +0100)
commit	c91948a0e03f0ad03e7fdde59ed9fce87ba00885
tree	f9196f4602acb0f955ef41882727b35a489d895e	tree \| snapshot
parent	5c1c57684b6a1e6bce24605d55fe8dc3d9d3480e	commit \| diff

Make 'lport 0' no longer sufficient to do '--bind'.

'lport <anything>' used to trigger 'do socket bind', which is not
useful in itself for the 'lport 0' case (port 0 -> OS assigns a
random port, as it is done for unbound sockets) unless also binding
to a particular local IP address ('--local 192.0.2.1').

The trigger for 'lport has been used, do socket bind' is
ce.local_port_defined -> change the code to test for "0", and
only set this for non-0 ports (NOTE: this is a string match,
so if you really really want the old "lport 0" behaviour, using
"lport 00" still does that...).

The ce.local_port value is still set, so '--lport 0' together
with '--local 192.0.2.1' will give you a random port number
bound to that IP address - without 'lport 0' it would default
to 1194 or the value of '--port' (if not using '--rport').

Summary:  socket bind is now only done if one of these is set
  - --lport <port> with <port> not "0"
  - --bind  (default on the client is "--nobind")
  - --local <address>

Github: schwabe/ics-openvpn#1794

Change-Id: I1976307a7643c82f31d55ca32c79cbe64b6fffc6
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>
Message-Id: <20250324182735.12657-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg31222.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

doc/man-sections/link-options.rst		diff \| blob \| blame \| history
src/openvpn/options.c		diff \| blob \| blame \| history