From: Heiko Hund Date: Fri, 13 May 2022 09:37:40 +0000 (+0200) Subject: signal --dns support in peer info X-Git-Tag: v2.6_beta1~178 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1f7f7d2a8943b5e33f86f208cce8f5d10c91a8f4;p=thirdparty%2Fopenvpn.git signal --dns support in peer info Have clients set a bit in IV_PROTO, so that servers can make an informed decision on whether to push --dns to the client. While unknown options are ignored by clients when pushed, they generate a warning in the log. That can be circumvented by server backends by checking if bit 7 is set. Signed-off-by: Heiko Hund Acked-by: David Sommerseth Message-Id: <20220513093740.1091639-1-heiko@ist.eigentlich.net> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg24350.html Signed-off-by: Gert Doering --- diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 61dea996d..24d7f3f48 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -1940,6 +1940,9 @@ push_peer_info(struct buffer *buf, struct tls_session *session) /* support for P_DATA_V2 */ int iv_proto = IV_PROTO_DATA_V2; + /* support for the --dns option */ + iv_proto |= IV_PROTO_DNS_OPTION; + /* support for receiving push_reply before sending * push request, also signal that the client wants * to get push-reply messages without without requiring a round diff --git a/src/openvpn/ssl.h b/src/openvpn/ssl.h index 0ba86d3e6..c88027078 100644 --- a/src/openvpn/ssl.h +++ b/src/openvpn/ssl.h @@ -93,6 +93,9 @@ * result. */ #define IV_PROTO_NCP_P2P (1<<5) +/** Supports the --dns option introduced in version 2.6 */ +#define IV_PROTO_DNS_OPTION (1<<6) + /* Default field in X509 to be username */ #define X509_USERNAME_FIELD_DEFAULT "CN"