| Message ID | 20171101220342.14648-3-steffan@karger.me |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [Openvpn-devel,1/4,v3] pf: clean up temporary files if plugin init fails | expand |
On 02/11/17 06:03, Steffan Karger wrote: > This changes the behavior for pf plugins: instead of just not initializing > the firewall rules and happily continuing, this now rejects the client in > the case of an (unlikely) failure to initialize the pf. > > Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Antonio Quartulli <a@unstable.cc>
Your patch has been applied to the master branch.
commit 492e42d35f141346fe21b3e984ed1bd86e5aac40
Author: Steffan Karger
Date: Wed Nov 1 23:03:40 2017 +0100
pf: reject client if PF plugin is configured, but init fails
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <20171101220342.14648-3-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15704.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
--
kind regards,
Gert Doering
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
diff --git a/src/openvpn/pf.c b/src/openvpn/pf.c index e1b5b0e7..6e4107c5 100644 --- a/src/openvpn/pf.c +++ b/src/openvpn/pf.c @@ -638,10 +638,12 @@ pf_init_context(struct context *c) } #endif } - else - { - msg(M_WARN, "WARNING: OPENVPN_PLUGIN_ENABLE_PF disabled"); - } + } + if (!c->c2.pf.enabled) + { + msg(M_WARN, "WARNING: failed to init PF plugin, rejecting client."); + register_signal(c, SIGUSR1, "plugin-pf-init-failed"); + return; } } #endif /* ifdef PLUGIN_PF */
This changes the behavior for pf plugins: instead of just not initializing the firewall rules and happily continuing, this now rejects the client in the case of an (unlikely) failure to initialize the pf. Signed-off-by: Steffan Karger <steffan@karger.me> --- v3: return immediately after registering signal src/openvpn/pf.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-)