From patchwork Fri Apr 22 04:29:38 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2411 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director7.mail.ord1d.rsapps.net ([172.30.191.6]) by backend41.mail.ord1d.rsapps.net with LMTP id iNvkDG3YYmItLQAAqwncew (envelope-from ) for ; Fri, 22 Apr 2022 12:31:41 -0400 Received: from proxy11.mail.ord1d.rsapps.net ([172.30.191.6]) by director7.mail.ord1d.rsapps.net with LMTP id 2LfADm3YYmJzdQAAovjBpQ (envelope-from ) for ; Fri, 22 Apr 2022 12:31:41 -0400 Received: from smtp27.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy11.mail.ord1d.rsapps.net with LMTPS id SH+qBlbYYmL9YwAAgKDEHA (envelope-from ) for ; Fri, 22 Apr 2022 12:31:18 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp27.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: b01d8a0c-c259-11ec-a5e2-5254003773d7-1-1 Received: from [216.105.38.7] ([216.105.38.7:45790] helo=lists.sourceforge.net) by smtp27.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 6A/98-12939-C68D2626; Fri, 22 Apr 2022 12:31:41 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nhwAs-0004rm-60; Fri, 22 Apr 2022 16:30:24 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nhwAq-0004rf-Od for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 16:30:23 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Ly5vdbtcVDlT0XUFvWduXclWCsv7WnfMFUBLOCoB7oc=; b=a7gPitcAbdQxVOuaykAvyQUGPU 8zSU+rO0aC5yD4Ui+Nh5/aQTGsok4cEH4qtbSkg62zuJt34YdDPYHc7S+blcKAV2HTuQi117h18W8 eAED0kxEb+R1RGA3Cc2MJ0MJvHdjEUosApM1EUuYrvzjVzbE88FGs7QFJ/1ajA/MNr0A=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Ly5vdbtcVDlT0XUFvWduXclWCsv7WnfMFUBLOCoB7oc=; b=nVvm5iD19BC33crZB97+hgBtJC kRsH9oG0pEFwzzK9LcaaO8F+p70qZrolm6f8s/BNqSCALs4IbeQffDxM2okADEbpkKQslv8zHdWpH 52xs51PSzi/4M22J9PP69A3VjPjBObjyMHbVNd2M5fi2ho0mx/jmQ0A1eWgiZRem4dT0=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nhwAo-006hTI-75 for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 16:30:23 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1nhuID-00096T-FP for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 16:29:53 +0200 Received: (nullmailer pid 3805420 invoked by uid 10006); Fri, 22 Apr 2022 14:29:53 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 22 Apr 2022 16:29:38 +0200 Message-Id: <20220422142953.3805364-4-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220422142953.3805364-1-arne@rfc2549.org> References: <20220422134038.3801239-1-arne@rfc2549.org> <20220422142953.3805364-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This changes this macro to a better named inline function. This introduces a slight whitespace problem but the next refactoring will move the incorrectly intended block to its own function anyway. --- [...] Content analysis details: (0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1nhwAo-006hTI-75 Subject: [Openvpn-devel] [PATCH 13/28] Change FULL_SYNC macro to no_pending_reliable_packets function X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This changes this macro to a better named inline function. This introduces a slight whitespace problem but the next refactoring will move the incorrectly intended block to its own function anyway. --- src/openvpn/ssl.c | 100 ++++++++++++++++++++++++++-------------------- 1 file changed, 57 insertions(+), 43 deletions(-) diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index bad59f2a1..4ca093243 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -1774,8 +1774,10 @@ flush_payload_buffer(struct key_state *ks) } /* true if no in/out acknowledgements pending */ -#define FULL_SYNC \ - (reliable_empty(ks->send_reliable) && reliable_ack_empty(ks->rec_ack)) +static bool no_pending_reliable_packets(struct key_state *ks) +{ + return (reliable_empty(ks->send_reliable) && reliable_ack_empty(ks->rec_ack)); +} /* * Move the active key to the lame duck key and reinitialize the @@ -2428,6 +2430,54 @@ session_move_pre_start(const struct tls_session *session, return true; } + +/** + * Moves the key to state to S_ACTIVE and also advances the multi_state state + * machine if this is the initial connection. + */ +static void +session_move_active(struct tls_multi *multi, struct tls_session *session, + struct link_socket_info *to_link_socket_info, + struct key_state *ks) +{ + dmsg(D_TLS_DEBUG_MED, "STATE S_ACTIVE"); + + ks->established = now; + if (check_debug_level(D_HANDSHAKE)) + { + print_details(&ks->ks_ssl, "Control Channel:"); + } + ks->state = S_ACTIVE; + /* Cancel negotiation timeout */ + ks->must_negotiate = 0; + INCR_SUCCESS; + + /* Set outgoing address for data channel packets */ + link_socket_set_outgoing_addr(to_link_socket_info, &ks->remote_addr, + session->common_name, session->opt->es); + + /* Check if we need to advance the tls_multi state machine */ + if (multi->multi_state == CAS_NOT_CONNECTED) + { + if (session->opt->mode == MODE_SERVER) + { + /* On a server we continue with running connect scripts next */ + multi->multi_state = CAS_WAITING_AUTH; + } + else + { + /* Skip the connect script related states */ + multi->multi_state = CAS_WAITING_OPTIONS_IMPORT; + } + } + + /* Flush any payload packets that were buffered before our state transitioned to S_ACTIVE */ + flush_payload_buffer(ks); + +#ifdef MEASURE_TLS_HANDSHAKE_STATS + show_tls_performance_stats(); +#endif +} /* * This is the primary routine for processing TLS stuff inside the * the main event loop. When this routine exits @@ -2518,7 +2568,7 @@ tls_process(struct tls_multi *multi, } /* Wait for Initial Handshake ACK */ - if (ks->state == S_PRE_START && FULL_SYNC) + if (ks->state == S_PRE_START && no_pending_reliable_packets(ks)) { ks->state = S_START; state_change = true; @@ -2542,47 +2592,11 @@ tls_process(struct tls_multi *multi, /* Wait for ACK */ if (((ks->state == S_GOT_KEY && !session->opt->server) - || (ks->state == S_SENT_KEY && session->opt->server))) + || (ks->state == S_SENT_KEY && session->opt->server)) + && no_pending_reliable_packets(ks)) { - if (FULL_SYNC) - { - ks->established = now; - dmsg(D_TLS_DEBUG_MED, "STATE S_ACTIVE"); - if (check_debug_level(D_HANDSHAKE)) - { - print_details(&ks->ks_ssl, "Control Channel:"); - } - state_change = true; - ks->state = S_ACTIVE; - /* Cancel negotiation timeout */ - ks->must_negotiate = 0; - INCR_SUCCESS; - - /* Set outgoing address for data channel packets */ - link_socket_set_outgoing_addr(to_link_socket_info, &ks->remote_addr, session->common_name, session->opt->es); - - /* Check if we need to advance the tls_multi state machine */ - if (multi->multi_state == CAS_NOT_CONNECTED) - { - if (session->opt->mode == MODE_SERVER) - { - /* On a server we continue with running connect scripts next */ - multi->multi_state = CAS_WAITING_AUTH; - } - else - { - /* Skip the connect script related states */ - multi->multi_state = CAS_WAITING_OPTIONS_IMPORT; - } - } - - /* Flush any payload packets that were buffered before our state transitioned to S_ACTIVE */ - flush_payload_buffer(ks); - -#ifdef MEASURE_TLS_HANDSHAKE_STATS - show_tls_performance_stats(); -#endif - } + session_move_active(multi, session, to_link_socket_info, ks); + state_change = true; } /* Reliable buffer to outgoing TCP/UDP (send up to CONTROL_SEND_ACK_MAX ACKs