From patchwork Thu Apr 8 02:00:27 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 1724 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director15.mail.ord1d.rsapps.net ([172.27.255.57]) by backend30.mail.ord1d.rsapps.net with LMTP id wP4hOLfwbmBmBQAAIUCqbw (envelope-from ) for ; Thu, 08 Apr 2021 08:01:59 -0400 Received: from proxy2.mail.iad3a.rsapps.net ([172.27.255.57]) by director15.mail.ord1d.rsapps.net with LMTP id MLPzN7fwbmC/FAAAIcMcQg (envelope-from ) for ; Thu, 08 Apr 2021 08:01:59 -0400 Received: from smtp15.gate.iad3a ([172.27.255.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy2.mail.iad3a.rsapps.net with LMTPS id qMR/MbfwbmBdFAAABcWvHw (envelope-from ) for ; Thu, 08 Apr 2021 08:01:59 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp15.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 383dd1d0-9862-11eb-b3bf-525400f46865-1-1 Received: from [216.105.38.7] ([216.105.38.7:54778] helo=lists.sourceforge.net) by smtp15.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 10/51-24765-6B0FE606; Thu, 08 Apr 2021 08:01:59 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1lUTLH-00082s-6e; Thu, 08 Apr 2021 12:00:59 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lUTLF-00082l-Go for openvpn-devel@lists.sourceforge.net; Thu, 08 Apr 2021 12:00:57 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc: MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=dXgcAwIKFgWYoL4d9wevVacR5X9HpMvWGMeYOWOo2cs=; b=CClvD5tHK+ruXfax/lEHl4gZAg vtCrzjvpCm2d+gRsnQlF5DGGBlSJzbT7OcWIMpnJNuuaAxVgJbKWKWxs7ATl33yjf6LJgjkcC4Kau oY15wmgdKYq/moEJjHiPf8g14sJQJH5n9vJLBqeTqzCcO6lRx9a3Y1JBaEyLkPVWWrwo=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=dXgcAwIKFgWYoL4d9wevVacR5X9HpMvWGMeYOWOo2cs=; b=YAa/ies9a4Cw0TyWfep+tM5fPM 20Popp2hHNJgWXPh3UuHCUWwtzeEmDVxjQm6nwNEjs4Ljz6B3fCLBpzfxNe8ia0TRscHbB11Eygkw E5KcFJQ/xm4QUfR+xA+k+Zdlju+WThoNZM3fCoghlDmPSL/x8aPP59lei6VgH5QGUqtw=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1lUTL2-004RWy-4b for openvpn-devel@lists.sourceforge.net; Thu, 08 Apr 2021 12:00:57 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94 (FreeBSD)) (envelope-from ) id 1lUTKn-000D7r-N5 for openvpn-devel@lists.sourceforge.net; Thu, 08 Apr 2021 14:00:29 +0200 Received: (nullmailer pid 19483 invoked by uid 10006); Thu, 08 Apr 2021 12:00:29 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Thu, 8 Apr 2021 14:00:27 +0200 Message-Id: <20210408120029.19438-1-arne@rfc2549.org> X-Mailer: git-send-email 2.17.1 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: rfc2549.org] 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-Headers-End: 1lUTL2-004RWy-4b Subject: [Openvpn-devel] [PATCH 1/3] Always save/restore pull options X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox The makes the code path for pull and non-pull more aligned and even though this might do extra work for non-pull scenarios, saving the few bytes of memory is not a worthwhile optimisation here. Additionally with the upcoming P2P mode NCP, the client needs to save/restore a subset of these options anyway. Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- src/openvpn/init.c | 6 ++-- src/openvpn/options.c | 66 +++++++++++++++++++++---------------------- src/openvpn/options.h | 8 +++--- 3 files changed, 38 insertions(+), 42 deletions(-) diff --git a/src/openvpn/init.c b/src/openvpn/init.c index fb3d6beaa..e62aace51 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -4052,10 +4052,8 @@ init_instance(struct context *c, const struct env_set *env, const unsigned int f } } - if (c->options.pull) - { - pre_pull_restore(&c->options, &c->c2.gc); - } + /* Resets all values to the initial values from the config where needed */ + pre_connect_restore(&c->options, &c->c2.gc); /* map in current connection entry */ next_connection_entry(c); diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 09e93df80..a72e1b9ae 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -3209,9 +3209,10 @@ options_postprocess_mutate(struct options *o) } /* - * Save certain parms before modifying options via --pull + * Save certain parms before modifying options during connect, especially + * when using --pull */ - pre_pull_save(o); + pre_connect_save(o); } /* @@ -3566,46 +3567,43 @@ options_postprocess(struct options *options) */ void -pre_pull_save(struct options *o) +pre_connect_save(struct options *o) { - if (o->pull) - { - ALLOC_OBJ_CLEAR_GC(o->pre_pull, struct options_pre_pull, &o->gc); - o->pre_pull->tuntap_options = o->tuntap_options; - o->pre_pull->tuntap_options_defined = true; - o->pre_pull->foreign_option_index = o->foreign_option_index; - if (o->routes) - { - o->pre_pull->routes = clone_route_option_list(o->routes, &o->gc); - o->pre_pull->routes_defined = true; - } - if (o->routes_ipv6) - { - o->pre_pull->routes_ipv6 = clone_route_ipv6_option_list(o->routes_ipv6, &o->gc); - o->pre_pull->routes_ipv6_defined = true; - } - if (o->client_nat) - { - o->pre_pull->client_nat = clone_client_nat_option_list(o->client_nat, &o->gc); - o->pre_pull->client_nat_defined = true; - } - - /* NCP related options that can be overwritten by a push */ - o->pre_pull->ciphername = o->ciphername; - o->pre_pull->authname = o->authname; + ALLOC_OBJ_CLEAR_GC(o->pre_connect, struct options_pre_connect, &o->gc); + o->pre_connect->tuntap_options = o->tuntap_options; + o->pre_connect->tuntap_options_defined = true; + o->pre_connect->foreign_option_index = o->foreign_option_index; - /* Ping related options should be reset to the config values on reconnect */ - o->pre_pull->ping_rec_timeout = o->ping_rec_timeout; - o->pre_pull->ping_rec_timeout_action = o->ping_rec_timeout_action; - o->pre_pull->ping_send_timeout = o->ping_send_timeout; + if (o->routes) + { + o->pre_connect->routes = clone_route_option_list(o->routes, &o->gc); + o->pre_connect->routes_defined = true; + } + if (o->routes_ipv6) + { + o->pre_connect->routes_ipv6 = clone_route_ipv6_option_list(o->routes_ipv6, &o->gc); + o->pre_connect->routes_ipv6_defined = true; } + if (o->client_nat) + { + o->pre_connect->client_nat = clone_client_nat_option_list(o->client_nat, &o->gc); + o->pre_connect->client_nat_defined = true; + } + + /* NCP related options that can be overwritten by a push */ + o->pre_connect->ciphername = o->ciphername; + o->pre_connect->authname = o->authname; + /* Ping related options should be reset to the config values on reconnect */ + o->pre_connect->ping_rec_timeout = o->ping_rec_timeout; + o->pre_connect->ping_rec_timeout_action = o->ping_rec_timeout_action; + o->pre_connect->ping_send_timeout = o->ping_send_timeout; } void -pre_pull_restore(struct options *o, struct gc_arena *gc) +pre_connect_restore(struct options *o, struct gc_arena *gc) { - const struct options_pre_pull *pp = o->pre_pull; + const struct options_pre_connect *pp = o->pre_connect; if (pp) { CLEAR(o->tuntap_options); diff --git a/src/openvpn/options.h b/src/openvpn/options.h index d3db33ece..078bed75b 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -59,7 +59,7 @@ extern const char title_string[]; /* certain options are saved before --pull modifications are applied */ -struct options_pre_pull +struct options_pre_connect { bool tuntap_options_defined; struct tuntap_options tuntap_options; @@ -493,7 +493,7 @@ struct options int push_continuation; unsigned int push_option_types_found; const char *auth_user_pass_file; - struct options_pre_pull *pre_pull; + struct options_pre_connect *pre_connect; int scheduled_exit_interval; @@ -787,9 +787,9 @@ char *options_string_extract_option(const char *options_string, void options_postprocess(struct options *options); -void pre_pull_save(struct options *o); +void pre_connect_save(struct options *o); -void pre_pull_restore(struct options *o, struct gc_arena *gc); +void pre_connect_restore(struct options *o, struct gc_arena *gc); bool apply_push_options(struct options *options, struct buffer *buf,