Menu
▾
▴
openvpn-devel
|
From: d12fk (C. Review) <ge...@op...> - 2025-07-03 03:56:40
|
Attention is currently required from: flichtenheld, plaisthos.
Hello plaisthos, flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/1075?usp=email
to review the following change.
Change subject: mac dns: compare servers before restoring backup
......................................................................
mac dns: compare servers before restoring backup
In case anything changed the global DNS server addresses, while the
tunnel was connected, do not restore the backup of the global DNS
configuration we made when connecting. Doing so would likely change
DNS to something unexpected. Instead just clear the backup and leave
a message in the log.
Change-Id: I1aabd62e60dd18408a57baccbb0f4ebd6d2f8d67
Signed-off-by: Heiko Hund <he...@is...>
---
M distro/dns-scripts/macos-dns-updown.sh
1 file changed, 14 insertions(+), 4 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/75/1075/1
diff --git a/distro/dns-scripts/macos-dns-updown.sh b/distro/dns-scripts/macos-dns-updown.sh
index 56f1009..282b034 100644
--- a/distro/dns-scripts/macos-dns-updown.sh
+++ b/distro/dns-scripts/macos-dns-updown.sh
@@ -111,6 +111,10 @@
property_value State:/Network/Global/DNS SearchDomains
}
+function get_server_addresses {
+ property_value State:/Network/Global/DNS ServerAddresses
+}
+
function set_search_domains {
[ -n "$1" ] || return
local dns_key=$(primary_dns_key)
@@ -239,11 +243,10 @@
function unset_dns {
local n="$(find_compat_profile)"
- local addresses="$(addresses_string $n)"
- local search_domains="$(search_domains_string $n)"
local match_domains="$(match_domains_string $n)"
if [ -n "$match_domains" ]; then
+ local search_domains="$(search_domains_string $n)"
echo "remove ${itf_dns_key}" | /usr/sbin/scutil
unset_search_domains "$search_domains"
else
@@ -252,8 +255,15 @@
[[ "${dns_backup_key}" =~ ${dev}/ ]] || return
local cmds=""
- cmds+="get ${dns_backup_key}\n"
- cmds+="set $(primary_dns_key)\n"
+ local servers="$(get_server_addresses)"
+ local addresses="$(addresses_string $n)"
+ # Only restore backup if the server addresses match
+ if [ "${servers}" = "${addresses}" ]; then
+ cmds+="get ${dns_backup_key}\n"
+ cmds+="set $(primary_dns_key)\n"
+ else
+ echo "not restoring global DNS configuration, server addresses have changed"
+ fi
cmds+="remove ${dns_backup_key}\n"
echo -e "${cmds}" | /usr/sbin/scutil
fi
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1075?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I1aabd62e60dd18408a57baccbb0f4ebd6d2f8d67
Gerrit-Change-Number: 1075
Gerrit-PatchSet: 1
Gerrit-Owner: d12fk <he...@op...>
Gerrit-Reviewer: flichtenheld <fr...@li...>
Gerrit-Reviewer: plaisthos <arn...@rf...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-Attention: plaisthos <arn...@rf...>
Gerrit-Attention: flichtenheld <fr...@li...>
Gerrit-MessageType: newchange
|
|
From: flichtenheld (C. Review) <ge...@op...> - 2025-07-07 16:54:14
|
Attention is currently required from: d12fk, plaisthos. flichtenheld has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1075?usp=email ) Change subject: mac dns: compare servers before restoring backup ...................................................................... Patch Set 2: Code-Review-2 (1 comment) Patchset: PS2: Fails t_client tests on macos buildbot worker. After some investigation the problem seems to be that the IPv6 DNS server address is not shown in global DNS configuration: ``` > show Setup:/Network/Service/0347C55F-C172-49FF-BECC-C533F04B4B13/DNS <dictionary> { SearchDomains : <array> { 0 : open.vpn } SearchOrder : 5000 ServerAddresses : <array> { 0 : 10.194.0.1 1 : fd00:abcd:194::1 } } > show State:/Network/Global/DNS <dictionary> { SearchDomains : <array> { 0 : open.vpn } SearchOrder : 5000 ServerAddresses : <array> { 0 : 10.194.0.1 } __CONFIGURATION_ID__ : Default: 0 __FLAGS__ : 2 __ORDER__ : 0 } ``` -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1075?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I1aabd62e60dd18408a57baccbb0f4ebd6d2f8d67 Gerrit-Change-Number: 1075 Gerrit-PatchSet: 2 Gerrit-Owner: d12fk <he...@op...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: d12fk <he...@op...> Gerrit-Comment-Date: Mon, 07 Jul 2025 16:54:05 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment |
|
From: d12fk (C. Review) <ge...@op...> - 2025-07-08 14:21:22
|
Attention is currently required from: flichtenheld, plaisthos. d12fk has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1075?usp=email ) Change subject: mac dns: compare servers before restoring backup ...................................................................... Patch Set 2: (1 comment) Patchset: PS2: > Fails t_client tests on macos buildbot worker. […] Could you please also post the output of `show State:/Network/Service/0347C55F-C172-49FF-BECC-C533F04B4B13/DNS` -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1075?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I1aabd62e60dd18408a57baccbb0f4ebd6d2f8d67 Gerrit-Change-Number: 1075 Gerrit-PatchSet: 2 Gerrit-Owner: d12fk <he...@op...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Comment-Date: Tue, 08 Jul 2025 14:21:08 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: flichtenheld <fr...@li...> Gerrit-MessageType: comment |
|
From: flichtenheld (C. Review) <ge...@op...> - 2025-07-09 10:08:49
|
Attention is currently required from: d12fk, plaisthos. flichtenheld has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1075?usp=email ) Change subject: mac dns: compare servers before restoring backup ...................................................................... Patch Set 2: Code-Review-2 (1 comment) Patchset: PS2: > Could you please also post the output of `show State:/Network/Service/0347C55F-C172-49FF-BECC-C533F0 […] Before running the test: ``` > show State:/Network/Service/0347C55F-C172-49FF-BECC-C533F04B4B13/DNS <dictionary> { DomainName : flow.local ServerAddresses : <array> { 0 : 172.31.32.1 } } > show State:/Network/Global/DNS <dictionary> { SearchDomains : <array> { 0 : flow.local } ServerAddresses : <array> { 0 : 10.8.144.10 1 : 10.8.160.10 2 : 172.31.32.1 } __CONFIGURATION_ID__ : Default: 0 __FLAGS__ : 2 __ORDER__ : 0 } > show Setup:/Network/Service/0347C55F-C172-49FF-BECC-C533F04B4B13/DNS <dictionary> { ServerAddresses : <array> { 0 : 10.8.144.10 1 : 10.8.160.10 2 : 172.31.32.1 } } ``` After running the test: ``` > show State:/Network/Service/0347C55F-C172-49FF-BECC-C533F04B4B13/DNS <dictionary> { DomainName : flow.local ServerAddresses : <array> { 0 : 172.31.32.1 } } > show State:/Network/Global/DNS <dictionary> { SearchDomains : <array> { 0 : open.vpn } SearchOrder : 5000 ServerAddresses : <array> { 0 : 10.194.0.1 } __CONFIGURATION_ID__ : Default: 0 __FLAGS__ : 2 __ORDER__ : 0 } > show Setup:/Network/Service/0347C55F-C172-49FF-BECC-C533F04B4B13/DNS <dictionary> { SearchDomains : <array> { 0 : open.vpn } SearchOrder : 5000 ServerAddresses : <array> { 0 : 10.194.0.1 1 : fd00:abcd:194::1 } } ``` -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1075?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I1aabd62e60dd18408a57baccbb0f4ebd6d2f8d67 Gerrit-Change-Number: 1075 Gerrit-PatchSet: 2 Gerrit-Owner: d12fk <he...@op...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: d12fk <he...@op...> Gerrit-Comment-Date: Wed, 09 Jul 2025 10:08:40 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Comment-In-Reply-To: flichtenheld <fr...@li...> Comment-In-Reply-To: d12fk <he...@op...> Gerrit-MessageType: comment |
|
From: d12fk (C. Review) <ge...@op...> - 2025-07-09 10:25:17
|
Attention is currently required from: d12fk, plaisthos.
Hello flichtenheld, plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/1075?usp=email
to look at the new patch set (#4).
Change subject: mac dns: compare servers before restoring backup
......................................................................
mac dns: compare servers before restoring backup
In case anything changed the global DNS server addresses, while the
tunnel was connected, do not restore the backup of the global DNS
configuration we made when connecting. Doing so would likely change
DNS to something unexpected. Instead just clear the backup and leave
a message in the log.
Change-Id: I1aabd62e60dd18408a57baccbb0f4ebd6d2f8d67
Signed-off-by: Heiko Hund <he...@is...>
---
M distro/dns-scripts/macos-dns-updown.sh
1 file changed, 14 insertions(+), 4 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/75/1075/4
diff --git a/distro/dns-scripts/macos-dns-updown.sh b/distro/dns-scripts/macos-dns-updown.sh
index 56f1009..73bbee9 100644
--- a/distro/dns-scripts/macos-dns-updown.sh
+++ b/distro/dns-scripts/macos-dns-updown.sh
@@ -111,6 +111,10 @@
property_value State:/Network/Global/DNS SearchDomains
}
+function get_server_addresses {
+ property_value "$(primary_dns_key)" ServerAddresses
+}
+
function set_search_domains {
[ -n "$1" ] || return
local dns_key=$(primary_dns_key)
@@ -239,11 +243,10 @@
function unset_dns {
local n="$(find_compat_profile)"
- local addresses="$(addresses_string $n)"
- local search_domains="$(search_domains_string $n)"
local match_domains="$(match_domains_string $n)"
if [ -n "$match_domains" ]; then
+ local search_domains="$(search_domains_string $n)"
echo "remove ${itf_dns_key}" | /usr/sbin/scutil
unset_search_domains "$search_domains"
else
@@ -252,8 +255,15 @@
[[ "${dns_backup_key}" =~ ${dev}/ ]] || return
local cmds=""
- cmds+="get ${dns_backup_key}\n"
- cmds+="set $(primary_dns_key)\n"
+ local servers="$(get_server_addresses)"
+ local addresses="$(addresses_string $n)"
+ # Only restore backup if the server addresses match
+ if [ "${servers}" = "${addresses}" ]; then
+ cmds+="get ${dns_backup_key}\n"
+ cmds+="set $(primary_dns_key)\n"
+ else
+ echo "not restoring global DNS configuration, server addresses have changed"
+ fi
cmds+="remove ${dns_backup_key}\n"
echo -e "${cmds}" | /usr/sbin/scutil
fi
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1075?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I1aabd62e60dd18408a57baccbb0f4ebd6d2f8d67
Gerrit-Change-Number: 1075
Gerrit-PatchSet: 4
Gerrit-Owner: d12fk <he...@op...>
Gerrit-Reviewer: flichtenheld <fr...@li...>
Gerrit-Reviewer: plaisthos <arn...@rf...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-Attention: plaisthos <arn...@rf...>
Gerrit-Attention: d12fk <he...@op...>
Gerrit-MessageType: newpatchset
|
|
From: d12fk (C. Review) <ge...@op...> - 2025-07-09 10:25:32
|
Attention is currently required from: flichtenheld, plaisthos. d12fk has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1075?usp=email ) Change subject: mac dns: compare servers before restoring backup ...................................................................... Patch Set 3: (1 comment) Patchset: PS2: > Before running the test: […] Thanks -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1075?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I1aabd62e60dd18408a57baccbb0f4ebd6d2f8d67 Gerrit-Change-Number: 1075 Gerrit-PatchSet: 3 Gerrit-Owner: d12fk <he...@op...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Comment-Date: Wed, 09 Jul 2025 10:25:23 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: flichtenheld <fr...@li...> Comment-In-Reply-To: d12fk <he...@op...> Gerrit-MessageType: comment |
|
From: flichtenheld (C. Review) <ge...@op...> - 2025-07-09 15:25:05
|
Attention is currently required from: d12fk, plaisthos. flichtenheld has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1075?usp=email ) Change subject: mac dns: compare servers before restoring backup ...................................................................... Patch Set 4: -Code-Review (1 comment) Patchset: PS4: t_client now passes again -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1075?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I1aabd62e60dd18408a57baccbb0f4ebd6d2f8d67 Gerrit-Change-Number: 1075 Gerrit-PatchSet: 4 Gerrit-Owner: d12fk <he...@op...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: d12fk <he...@op...> Gerrit-Comment-Date: Wed, 09 Jul 2025 13:22:54 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment |
|
From: flichtenheld (C. Review) <ge...@op...> - 2025-07-11 15:22:46
|
Attention is currently required from: d12fk, plaisthos. flichtenheld has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1075?usp=email ) Change subject: mac dns: compare servers before restoring backup ...................................................................... Patch Set 4: Code-Review+2 (1 comment) Patchset: PS4: Works in t_client and in manual tests -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1075?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I1aabd62e60dd18408a57baccbb0f4ebd6d2f8d67 Gerrit-Change-Number: 1075 Gerrit-PatchSet: 4 Gerrit-Owner: d12fk <he...@op...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: d12fk <he...@op...> Gerrit-Comment-Date: Fri, 11 Jul 2025 15:22:36 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment |
|
From: Frank L. <fr...@li...> - 2025-07-11 15:23:26
|
From: Heiko Hund <he...@is...> In case anything changed the global DNS server addresses, while the tunnel was connected, do not restore the backup of the global DNS configuration we made when connecting. Doing so would likely change DNS to something unexpected. Instead just clear the backup and leave a message in the log. Change-Id: I1aabd62e60dd18408a57baccbb0f4ebd6d2f8d67 Signed-off-by: Heiko Hund <he...@is...> Acked-by: Frank Lichtenheld <fr...@li...> --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1075 This mail reflects revision 4 of this Change. Acked-by according to Gerrit (reflected above): Frank Lichtenheld <fr...@li...> diff --git a/distro/dns-scripts/macos-dns-updown.sh b/distro/dns-scripts/macos-dns-updown.sh index 56f1009..73bbee9 100644 --- a/distro/dns-scripts/macos-dns-updown.sh +++ b/distro/dns-scripts/macos-dns-updown.sh @@ -111,6 +111,10 @@ property_value State:/Network/Global/DNS SearchDomains } +function get_server_addresses { + property_value "$(primary_dns_key)" ServerAddresses +} + function set_search_domains { [ -n "$1" ] || return local dns_key=$(primary_dns_key) @@ -239,11 +243,10 @@ function unset_dns { local n="$(find_compat_profile)" - local addresses="$(addresses_string $n)" - local search_domains="$(search_domains_string $n)" local match_domains="$(match_domains_string $n)" if [ -n "$match_domains" ]; then + local search_domains="$(search_domains_string $n)" echo "remove ${itf_dns_key}" | /usr/sbin/scutil unset_search_domains "$search_domains" else @@ -252,8 +255,15 @@ [[ "${dns_backup_key}" =~ ${dev}/ ]] || return local cmds="" - cmds+="get ${dns_backup_key}\n" - cmds+="set $(primary_dns_key)\n" + local servers="$(get_server_addresses)" + local addresses="$(addresses_string $n)" + # Only restore backup if the server addresses match + if [ "${servers}" = "${addresses}" ]; then + cmds+="get ${dns_backup_key}\n" + cmds+="set $(primary_dns_key)\n" + else + echo "not restoring global DNS configuration, server addresses have changed" + fi cmds+="remove ${dns_backup_key}\n" echo -e "${cmds}" | /usr/sbin/scutil fi |
|
From: Gert D. <ge...@gr...> - 2025-07-15 14:02:42
|
This is a very welcome feature (... I regularily bump into this, when
moving "with VPN open" from LTE to wifi, then close VPN, and the restored
DNS is no longer working - Tunnelblick today, but I hear that our script
might become useful there too ;-) ).
I have not tested this, just skimmed the code change.
Your patch has been applied to the master branch.
commit c1f44ea8a24754139beee8758c15657fe367cbb0
Author: Heiko Hund
Date: Fri Jul 11 17:23:09 2025 +0200
mac dns: compare servers before restoring backup
Signed-off-by: Heiko Hund <he...@is...>
Acked-by: Frank Lichtenheld <fr...@li...>
Message-Id: <202...@li...>
URL: https://www.mail-archive.com/ope...@li.../msg32110.html
Signed-off-by: Gert Doering <ge...@gr...>
--
kind regards,
Gert Doering
|
|
From: cron2 (C. Review) <ge...@op...> - 2025-07-15 14:02:56
|
cron2 has uploaded a new patch set (#5) to the change originally created by d12fk. ( http://gerrit.openvpn.net/c/openvpn/+/1075?usp=email ) The following approvals got outdated and were removed: Code-Review+2 by flichtenheld Change subject: mac dns: compare servers before restoring backup ...................................................................... mac dns: compare servers before restoring backup In case anything changed the global DNS server addresses, while the tunnel was connected, do not restore the backup of the global DNS configuration we made when connecting. Doing so would likely change DNS to something unexpected. Instead just clear the backup and leave a message in the log. Change-Id: I1aabd62e60dd18408a57baccbb0f4ebd6d2f8d67 Signed-off-by: Heiko Hund <he...@is...> Acked-by: Frank Lichtenheld <fr...@li...> Message-Id: <202...@li...> URL: https://www.mail-archive.com/ope...@li.../msg32110.html Signed-off-by: Gert Doering <ge...@gr...> --- M distro/dns-scripts/macos-dns-updown.sh 1 file changed, 14 insertions(+), 4 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/75/1075/5 diff --git a/distro/dns-scripts/macos-dns-updown.sh b/distro/dns-scripts/macos-dns-updown.sh index 56f1009..73bbee9 100644 --- a/distro/dns-scripts/macos-dns-updown.sh +++ b/distro/dns-scripts/macos-dns-updown.sh @@ -111,6 +111,10 @@ property_value State:/Network/Global/DNS SearchDomains } +function get_server_addresses { + property_value "$(primary_dns_key)" ServerAddresses +} + function set_search_domains { [ -n "$1" ] || return local dns_key=$(primary_dns_key) @@ -239,11 +243,10 @@ function unset_dns { local n="$(find_compat_profile)" - local addresses="$(addresses_string $n)" - local search_domains="$(search_domains_string $n)" local match_domains="$(match_domains_string $n)" if [ -n "$match_domains" ]; then + local search_domains="$(search_domains_string $n)" echo "remove ${itf_dns_key}" | /usr/sbin/scutil unset_search_domains "$search_domains" else @@ -252,8 +255,15 @@ [[ "${dns_backup_key}" =~ ${dev}/ ]] || return local cmds="" - cmds+="get ${dns_backup_key}\n" - cmds+="set $(primary_dns_key)\n" + local servers="$(get_server_addresses)" + local addresses="$(addresses_string $n)" + # Only restore backup if the server addresses match + if [ "${servers}" = "${addresses}" ]; then + cmds+="get ${dns_backup_key}\n" + cmds+="set $(primary_dns_key)\n" + else + echo "not restoring global DNS configuration, server addresses have changed" + fi cmds+="remove ${dns_backup_key}\n" echo -e "${cmds}" | /usr/sbin/scutil fi -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1075?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I1aabd62e60dd18408a57baccbb0f4ebd6d2f8d67 Gerrit-Change-Number: 1075 Gerrit-PatchSet: 5 Gerrit-Owner: d12fk <he...@op...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-MessageType: newpatchset |
|
From: cron2 (C. Review) <ge...@op...> - 2025-07-15 14:02:57
|
cron2 has submitted this change. ( http://gerrit.openvpn.net/c/openvpn/+/1075?usp=email ) Change subject: mac dns: compare servers before restoring backup ...................................................................... mac dns: compare servers before restoring backup In case anything changed the global DNS server addresses, while the tunnel was connected, do not restore the backup of the global DNS configuration we made when connecting. Doing so would likely change DNS to something unexpected. Instead just clear the backup and leave a message in the log. Change-Id: I1aabd62e60dd18408a57baccbb0f4ebd6d2f8d67 Signed-off-by: Heiko Hund <he...@is...> Acked-by: Frank Lichtenheld <fr...@li...> Message-Id: <202...@li...> URL: https://www.mail-archive.com/ope...@li.../msg32110.html Signed-off-by: Gert Doering <ge...@gr...> --- M distro/dns-scripts/macos-dns-updown.sh 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/distro/dns-scripts/macos-dns-updown.sh b/distro/dns-scripts/macos-dns-updown.sh index 56f1009..73bbee9 100644 --- a/distro/dns-scripts/macos-dns-updown.sh +++ b/distro/dns-scripts/macos-dns-updown.sh @@ -111,6 +111,10 @@ property_value State:/Network/Global/DNS SearchDomains } +function get_server_addresses { + property_value "$(primary_dns_key)" ServerAddresses +} + function set_search_domains { [ -n "$1" ] || return local dns_key=$(primary_dns_key) @@ -239,11 +243,10 @@ function unset_dns { local n="$(find_compat_profile)" - local addresses="$(addresses_string $n)" - local search_domains="$(search_domains_string $n)" local match_domains="$(match_domains_string $n)" if [ -n "$match_domains" ]; then + local search_domains="$(search_domains_string $n)" echo "remove ${itf_dns_key}" | /usr/sbin/scutil unset_search_domains "$search_domains" else @@ -252,8 +255,15 @@ [[ "${dns_backup_key}" =~ ${dev}/ ]] || return local cmds="" - cmds+="get ${dns_backup_key}\n" - cmds+="set $(primary_dns_key)\n" + local servers="$(get_server_addresses)" + local addresses="$(addresses_string $n)" + # Only restore backup if the server addresses match + if [ "${servers}" = "${addresses}" ]; then + cmds+="get ${dns_backup_key}\n" + cmds+="set $(primary_dns_key)\n" + else + echo "not restoring global DNS configuration, server addresses have changed" + fi cmds+="remove ${dns_backup_key}\n" echo -e "${cmds}" | /usr/sbin/scutil fi -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1075?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I1aabd62e60dd18408a57baccbb0f4ebd6d2f8d67 Gerrit-Change-Number: 1075 Gerrit-PatchSet: 5 Gerrit-Owner: d12fk <he...@op...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-MessageType: merged |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X