[Openvpn-devel,v5,07/14] client-connect: Change cas_context from int to enum

Message ID 20200711093655.23686-7-arne@rfc2549.org
State Accepted
Headers show
Series
  • [Openvpn-devel,v5,01/14] Allow changing fallback cipher from ccd files/client-connect
Related show

Commit Message

Arne Schwabe July 11, 2020, 9:36 a.m.
This deviates from Fabian's original patch that relied on the now
removed connection_established bool as pointer being NULL or non NULL as
implicit third state and makeing connection_established as a substate of
(cas_context == CAS_PENDING)

Signed-off-by: Arne Schwabe <arne@rfc2549.org>

Patch V5: extend cas_context with two new states instead adding an
          extra mini state machine.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
---
 src/openvpn/multi.c   |  2 +-
 src/openvpn/multi.h   |  1 +
 src/openvpn/openvpn.h | 24 +++++++++++++++++-------
 3 files changed, 19 insertions(+), 8 deletions(-)

Comments

tincanteksup July 13, 2020, 12:26 p.m. | #1
1x typo

On 11/07/2020 10:36, Arne Schwabe wrote:
> This deviates from Fabian's original patch that relied on the now
> removed connection_established bool as pointer being NULL or non NULL as
> implicit third state and makeing connection_established as a substate of

makeing -> making


> (cas_context == CAS_PENDING)
> 
> Signed-off-by: Arne Schwabe <arne@rfc2549.org>
> 
> Patch V5: extend cas_context with two new states instead adding an
>            extra mini state machine.
> 
> Signed-off-by: Arne Schwabe <arne@rfc2549.org>
> ---
>   src/openvpn/multi.c   |  2 +-
>   src/openvpn/multi.h   |  1 +
>   src/openvpn/openvpn.h | 24 +++++++++++++++++-------
>   3 files changed, 19 insertions(+), 8 deletions(-)
> 
> diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
> index 83848fdc..f9b8af80 100644
> --- a/src/openvpn/multi.c
> +++ b/src/openvpn/multi.c
> @@ -2163,7 +2163,7 @@ multi_client_connect_early_setup(struct multi_context *m,
>    * Try to source a dynamic config file from the
>    * --client-config-dir directory.
>    */
> -enum client_connect_return
> +static enum client_connect_return
>   multi_client_connect_source_ccd(struct multi_context *m,
>                                   struct multi_instance *mi,
>                                   unsigned int *option_types_found)
> diff --git a/src/openvpn/multi.h b/src/openvpn/multi.h
> index 4fb4d0b6..1d30dcc6 100644
> --- a/src/openvpn/multi.h
> +++ b/src/openvpn/multi.h
> @@ -62,6 +62,7 @@ struct deferred_signal_schedule_entry
>       struct timeval wakeup;
>   };
>   
> +
>   /**
>    * Server-mode state structure for one single VPN tunnel.
>    *
> diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h
> index a1308852..7c469b01 100644
> --- a/src/openvpn/openvpn.h
> +++ b/src/openvpn/openvpn.h
> @@ -210,6 +210,21 @@ struct context_1
>   #endif
>   };
>   
> +
> +/* client authentication state, CAS_SUCCEEDED must be 0 since
> + * non multi code path still checks this variable but does not initialise it
> + * so the code depends on zero initialisation */
> +enum client_connect_status {
> +    CAS_SUCCEEDED=0,
> +    CAS_PENDING,
> +    CAS_FAILED,
> +    CAS_PARTIAL,        /**< Variant of CAS_FAILED: at least one
> +                         * client-connect script/plugin succeeded
> +                         * while a later one in the chain failed
> +                         * (we still need cleanup compared to FAILED)
> +                         */
> +};
> +
>   /**
>    * Level 2 %context containing state that is reset on both \c SIGHUP and
>    * \c SIGUSR1 restarts.
> @@ -444,13 +459,8 @@ struct context_2
>       int push_ifconfig_ipv6_netbits;
>       struct in6_addr push_ifconfig_ipv6_remote;
>   
> -    /* client authentication state, CAS_SUCCEEDED must be 0 */
> -#define CAS_SUCCEEDED 0
> -#define CAS_PENDING   1
> -#define CAS_FAILED    2
> -#define CAS_PARTIAL   3  /* at least one client-connect script/plugin
> -                          * succeeded while a later one in the chain failed */
> -    int context_auth;
> +
> +    enum client_connect_status context_auth;
>   
>       struct event_timeout push_request_interval;
>       int n_sent_push_requests;
>
Gert Doering July 13, 2020, 2:06 p.m. | #2
Hi,

On Sat, Jul 11, 2020 at 11:36:48AM +0200, Arne Schwabe wrote:
> This deviates from Fabian's original patch that relied on the now
> removed connection_established bool as pointer being NULL or non NULL as
> implicit third state and makeing connection_established as a substate of
> (cas_context == CAS_PENDING)
> 
> Signed-off-by: Arne Schwabe <arne@rfc2549.org>
> 
> Patch V5: extend cas_context with two new states instead adding an
>           extra mini state machine.

23...
Test sets succeeded: 1 1a 1b 1d 2 2a 2b 2c 2d 3 4 5 6 8 8a 9.
Test sets failed: none.
24...
Test sets succeeded: 1 1a 1b 1c 1d 1e 2 2b 2c 2d 2e 3 4 4a 5 6 8 8a 9.
Test sets failed: 2a.
master...
Test sets succeeded: 1 1a 1b 1c 1d 1e 2 2a 2b 2c 2d 2e 3 4 5 6 7 7a 8 8a 9 2f 4b.
Test sets failed: none.


For the changes in this patch, this is a reasonably conclusive test.

gert
Antonio Quartulli July 14, 2020, 11:58 a.m. | #3
Hi,

On 11/07/2020 11:36, Arne Schwabe wrote:
> This deviates from Fabian's original patch that relied on the now
> removed connection_established bool as pointer being NULL or non NULL as
> implicit third state and makeing connection_established as a substate of
> (cas_context == CAS_PENDING)
> 
> Signed-off-by: Arne Schwabe <arne@rfc2549.org>
> 
> Patch V5: extend cas_context with two new states instead adding an
>           extra mini state machine.
> 
> Signed-off-by: Arne Schwabe <arne@rfc2549.org>
> ---
>  src/openvpn/multi.c   |  2 +-
>  src/openvpn/multi.h   |  1 +
>  src/openvpn/openvpn.h | 24 +++++++++++++++++-------
>  3 files changed, 19 insertions(+), 8 deletions(-)
> 
> diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
> index 83848fdc..f9b8af80 100644
> --- a/src/openvpn/multi.c
> +++ b/src/openvpn/multi.c
> @@ -2163,7 +2163,7 @@ multi_client_connect_early_setup(struct multi_context *m,
>   * Try to source a dynamic config file from the
>   * --client-config-dir directory.
>   */
> -enum client_connect_return
> +static enum client_connect_return

I don't think this change belongs to this patch .... ?

>  multi_client_connect_source_ccd(struct multi_context *m,
>                                  struct multi_instance *mi,
>                                  unsigned int *option_types_found)
> diff --git a/src/openvpn/multi.h b/src/openvpn/multi.h
> index 4fb4d0b6..1d30dcc6 100644
> --- a/src/openvpn/multi.h
> +++ b/src/openvpn/multi.h
> @@ -62,6 +62,7 @@ struct deferred_signal_schedule_entry
>      struct timeval wakeup;
>  };
>  
> +
>  /**
>   * Server-mode state structure for one single VPN tunnel.
>   *
> diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h
> index a1308852..7c469b01 100644
> --- a/src/openvpn/openvpn.h
> +++ b/src/openvpn/openvpn.h
> @@ -210,6 +210,21 @@ struct context_1
>  #endif
>  };
>  
> +
> +/* client authentication state, CAS_SUCCEEDED must be 0 since
> + * non multi code path still checks this variable but does not initialise it
> + * so the code depends on zero initialisation */
> +enum client_connect_status {
> +    CAS_SUCCEEDED=0,

Please add spaces around '='

> +    CAS_PENDING,
> +    CAS_FAILED,
> +    CAS_PARTIAL,        /**< Variant of CAS_FAILED: at least one
> +                         * client-connect script/plugin succeeded
> +                         * while a later one in the chain failed
> +                         * (we still need cleanup compared to FAILED)
> +                         */
> +};
> +
>  /**
>   * Level 2 %context containing state that is reset on both \c SIGHUP and
>   * \c SIGUSR1 restarts.
> @@ -444,13 +459,8 @@ struct context_2
>      int push_ifconfig_ipv6_netbits;
>      struct in6_addr push_ifconfig_ipv6_remote;
>  
> -    /* client authentication state, CAS_SUCCEEDED must be 0 */
> -#define CAS_SUCCEEDED 0
> -#define CAS_PENDING   1
> -#define CAS_FAILED    2
> -#define CAS_PARTIAL   3  /* at least one client-connect script/plugin
> -                          * succeeded while a later one in the chain failed */
> -    int context_auth;
> +
> +    enum client_connect_status context_auth;
>  
>      struct event_timeout push_request_interval;
>      int n_sent_push_requests;
> 


The rest looks good and makes sense. Using enum is always better as the
compiler (and the reader) has extra information about how a variable can
be used.

I believe the first chunk with the +static should be moved somewhere
else...but other than that and the missing-spaces comment:

Acked-by: Antonio Quartulli <antonio@openvpn.net>
Gert Doering July 15, 2020, 1:15 p.m. | #4
Your patch has been applied to the master branch.

Fixed the typo in the commit message as requested.

Tested yesterday on client and server testbed, which tests all these states.

I have not modified the "static" hunk - it would be a better fit in 
another patch, but it's useful, reasonably harmless and does not warrant 
a new round with a "v6" for two patches just to move this hunk.

commit 4d500451e8b19deadb619d4ecf977363c6560a2e
Author: Arne Schwabe
Date:   Sat Jul 11 11:36:48 2020 +0200

     client-connect: Change cas_context from int to enum

     Signed-off-by: Arne Schwabe <arne@rfc2549.org>
     Signed-off-by: Arne Schwabe <arne@rfc2549.org>
     Acked-by: Antonio Quartulli <a@unstable.cc>
     Message-Id: <20200711093655.23686-7-arne@rfc2549.org>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20292.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering

Patch

diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index 83848fdc..f9b8af80 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -2163,7 +2163,7 @@  multi_client_connect_early_setup(struct multi_context *m,
  * Try to source a dynamic config file from the
  * --client-config-dir directory.
  */
-enum client_connect_return
+static enum client_connect_return
 multi_client_connect_source_ccd(struct multi_context *m,
                                 struct multi_instance *mi,
                                 unsigned int *option_types_found)
diff --git a/src/openvpn/multi.h b/src/openvpn/multi.h
index 4fb4d0b6..1d30dcc6 100644
--- a/src/openvpn/multi.h
+++ b/src/openvpn/multi.h
@@ -62,6 +62,7 @@  struct deferred_signal_schedule_entry
     struct timeval wakeup;
 };
 
+
 /**
  * Server-mode state structure for one single VPN tunnel.
  *
diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h
index a1308852..7c469b01 100644
--- a/src/openvpn/openvpn.h
+++ b/src/openvpn/openvpn.h
@@ -210,6 +210,21 @@  struct context_1
 #endif
 };
 
+
+/* client authentication state, CAS_SUCCEEDED must be 0 since
+ * non multi code path still checks this variable but does not initialise it
+ * so the code depends on zero initialisation */
+enum client_connect_status {
+    CAS_SUCCEEDED=0,
+    CAS_PENDING,
+    CAS_FAILED,
+    CAS_PARTIAL,        /**< Variant of CAS_FAILED: at least one
+                         * client-connect script/plugin succeeded
+                         * while a later one in the chain failed
+                         * (we still need cleanup compared to FAILED)
+                         */
+};
+
 /**
  * Level 2 %context containing state that is reset on both \c SIGHUP and
  * \c SIGUSR1 restarts.
@@ -444,13 +459,8 @@  struct context_2
     int push_ifconfig_ipv6_netbits;
     struct in6_addr push_ifconfig_ipv6_remote;
 
-    /* client authentication state, CAS_SUCCEEDED must be 0 */
-#define CAS_SUCCEEDED 0
-#define CAS_PENDING   1
-#define CAS_FAILED    2
-#define CAS_PARTIAL   3  /* at least one client-connect script/plugin
-                          * succeeded while a later one in the chain failed */
-    int context_auth;
+
+    enum client_connect_status context_auth;
 
     struct event_timeout push_request_interval;
     int n_sent_push_requests;