[Openvpn-devel] Handle (DCO) timeouts in client mode

Message ID 20220426162934.12938-2-kprovost@netgate.com
State Superseded
Headers show
Series [Openvpn-devel] Handle (DCO) timeouts in client mode | expand

Commit Message

Kristof Provost via Openvpn-devel April 26, 2022, 6:29 a.m. UTC
From: Kristof Provost <kp@FreeBSD.org>

Handle the DCO driver telling us that the peer went away, even if we're
not running in multi-instance mode.

Signed-off-by:	Kristof Provost <kprovost@netgate.com>
---
 src/openvpn/forward.c | 6 ++++++
 1 file changed, 6 insertions(+)

Comments

Arne Schwabe April 26, 2022, 6:56 a.m. UTC | #1
Am 26.04.22 um 18:29 schrieb Kristof Provost via Openvpn-devel:
> From: Kristof Provost <kp@FreeBSD.org>
> 
> Handle the DCO driver telling us that the peer went away, even if we're
> not running in multi-instance mode.
> 
> Signed-off-by:	Kristof Provost <kprovost@netgate.com>
> ---
>   src/openvpn/forward.c | 6 ++++++
>   1 file changed, 6 insertions(+)
> 
> diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
> index 9ddea439..25fa300f 100644
> --- a/src/openvpn/forward.c
> +++ b/src/openvpn/forward.c
> @@ -1111,6 +1111,12 @@ process_incoming_dco(struct context *c)
>   
>       dco_do_read(dco);
>   
> +    if (dco->dco_message_type == OVPN_NOTIF_DEL_PEER)
> +    {
> +        register_signal(c, SIGTERM, "ping timeout");
> +        return;
> +    }

Have not really checked checked but I think it should be SIGUSR1 because 
a ping timeout should not termminate the client.

Arne
Arne Schwabe April 26, 2022, 6:59 a.m. UTC | #2
Am 26.04.22 um 18:56 schrieb Arne Schwabe:
> Am 26.04.22 um 18:29 schrieb Kristof Provost via Openvpn-devel:
>> From: Kristof Provost <kp@FreeBSD.org>
>>
>> Handle the DCO driver telling us that the peer went away, even if we're
>> not running in multi-instance mode.
>>
>> Signed-off-by:    Kristof Provost <kprovost@netgate.com>
>> ---
>>   src/openvpn/forward.c | 6 ++++++
>>   1 file changed, 6 insertions(+)
>>
>> diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
>> index 9ddea439..25fa300f 100644
>> --- a/src/openvpn/forward.c
>> +++ b/src/openvpn/forward.c
>> @@ -1111,6 +1111,12 @@ process_incoming_dco(struct context *c)
>>       dco_do_read(dco);
>> +    if (dco->dco_message_type == OVPN_NOTIF_DEL_PEER)
>> +    {
>> +        register_signal(c, SIGTERM, "ping timeout");
>> +        return;
>> +    }
> 
> Have not really checked checked but I think it should be SIGUSR1 because 
> a ping timeout should not termminate the client.
> 

Okay, looked at the code. You probably want to call 
trigger_ping_timeout_signal which uses SIGTERM or SIGUSR1 depending on 
the configuration


Arne

Patch

diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 9ddea439..25fa300f 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -1111,6 +1111,12 @@  process_incoming_dco(struct context *c)
 
     dco_do_read(dco);
 
+    if (dco->dco_message_type == OVPN_NOTIF_DEL_PEER)
+    {
+        register_signal(c, SIGTERM, "ping timeout");
+        return;
+    }
+
     if (dco->dco_message_type != OVPN_CMD_PACKET)
     {
         msg(D_DCO_DEBUG, "%s: received message of type %u - ignoring", __func__,