Date: Fri, 20 Feb 2026 22:32:42 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 286263] security/openvpn: requires legacy IP support for ovpn(4) DCO module to be operational Message-ID: <bug-286263-227-OZYqnNLSLS@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-286263-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=286263 --- Comment #4 from Gert Doering <gert@greenie.muc.de> --- Yeah, this is a bit nasty, especially as it has no logging at this point bool dco_available(msglvl_t msglevel) { ... fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); if (fd < 0) { return false; } ... this silently fails on a system built without INET, so the highlevel code gets "whoa, no DCO available" and falls back to userland - with no indication in the log why this happens. There's another AF_INET socket being opened in open_fd() - if I change both occurances to AF_INET6, DCO will work fine on a system without "options INET". Now, I'm reasonably sure this will break on a system with no INET6 - which is also not desirable. @kp: any suggestion how to fix this in a nice way? We can, of course, try AF_INET6 first, and if that fails, fall back to AF_INET, but that feels somewhat unelegant... -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-286263-227-OZYqnNLSLS>