From patchwork Sun Dec 18 19:22:03 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 2924 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp2574564dyk; Sun, 18 Dec 2022 11:22:50 -0800 (PST) X-Google-Smtp-Source: AMrXdXuEsKMOAOX5knCaaH5GEVC/JNdFNy/Brv9kyXg7eq7xAQC4PYNgG737n1Hw68maRigsPSgL X-Received: by 2002:a05:6a20:1581:b0:a2:ed21:d820 with SMTP id h1-20020a056a20158100b000a2ed21d820mr8294740pzj.42.1671391370105; Sun, 18 Dec 2022 11:22:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1671391370; cv=none; d=google.com; s=arc-20160816; b=wsMpS14KbtziUVqyIax4xVPxIE9ZHNtpK+w2vWY6hpN3f3GrVujGu4uAvsK56lkCCv F/sq0/maDDVSf3gPf7Zhb0lFTzOp4hai9azOLy4aEoQaEv+DaJKqcNB0W6AdMAhL8EkF ZtbbW0TZTGtR3sRQ8hF8bR7NxqJLzXMPu66+DlppJJ3ND+LE6z3EQjQgE7l1+AWbkrE+ HSZzP8A9sDVc7jyIiAR/57Po/IW0Jf91TgWXuyAUJ9/PNB9FweV9l9/CxcV45G7Q2Bzd wj6ERc7kz9wIUpFW2NdXEPt0zUTbRfQ2f+6fUPBezC3R6+prZ7qZAAPPp3F5qqKEQc4w yNHw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:dkim-signature :dkim-signature; bh=15bdZV0ay/wU2JrsSxaHwsJaLq4l8CylfhAsP+eotFk=; b=HmnHoJsyp07eFr9f1VTj2/m0Lxoc4KSG1v0JJWb9Vw3hW717RE+UJ4LjEVcLz/zQxc AgwYrbJzUZEX/KC/dOhFFeOL+amtd04lyh6t/W61tyOcslUW2t00NAjvO3kmnQOKYY8R 1AEgxoDs0OzlaOaReZ3FAF79xovhUx0hxzSe+ncA0EVrz5Q8vItA1CIfUInRr7eKg8aD JOQaiuHqCteDRj+j04d3LtaR6FrQpuPoJEtQ2HwYv/7jew4F4t18FFoccrrvMhaBNxCP aq2H8uFhCx6bE79mxIUiiU/QqNUxRynAx7gWi2oGigfktVwlraGAXw+hfg76hSYeQ5Cl 2uKw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=dxi88LPm; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=CDuC+mxI; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=oOZxDeKw; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id r16-20020a63a550000000b0047798cc3c8asi8891189pgu.234.2022.12.18.11.22.49 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 18 Dec 2022 11:22:50 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=dxi88LPm; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=CDuC+mxI; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=oOZxDeKw; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1p6zEt-0001BO-I5; Sun, 18 Dec 2022 19:22:23 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1p6zEr-0001BH-NB for openvpn-devel@lists.sourceforge.net; Sun, 18 Dec 2022 19:22:21 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=1fx9KzqHjdI8abR/3unDMmeycBy8LEmnoueHsW6UMvo=; b=dxi88LPm91YQVb0xftHHSPuoa/ TMlfyfIpPf3/L9fSTKZ34j8BJ5uYMrb3/O2TTNGU3W3EaJHtwIM+qo8VbM2cX90tHGj8xImgUYqcl mbvRuhN+Phya7/nnA16vOq53LRri42s21LvzKZhBeaTa76vfs1Zj2wpFYhPnGFhuHxnY=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=1fx9KzqHjdI8abR/3unDMmeycBy8LEmnoueHsW6UMvo=; b=C DuC+mxINKov3GFPJGpCEQr4/FPXp8ljPttqBW47C6QnZM8VCu28YUbHRKc+LR5QYoReauB6YnpRiO 3RYvzlEVMvjxXnWrgovtdJ0irmy8zAJJlXGLiqIardTyF2Uf3XAFlD/sGAoFmLQC/wjNxG2q2jbYp zHDjLtNACjHHjDsg=; Received: from mail-io1-f41.google.com ([209.85.166.41]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1p6zEr-0041cl-4x for openvpn-devel@lists.sourceforge.net; Sun, 18 Dec 2022 19:22:21 +0000 Received: by mail-io1-f41.google.com with SMTP id n63so3733868iod.7 for ; Sun, 18 Dec 2022 11:22:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=1fx9KzqHjdI8abR/3unDMmeycBy8LEmnoueHsW6UMvo=; b=oOZxDeKwnlbO8Bo4pkLWECAAa5ecvAsjFMbcILm+V1b9LFw7XzYw52NZ1iDLUib3Rq 11uxdoFyxxu8ZuO9TKupP77qmdVySDN1sHZmZMtqSJTy7i8p9dKAznLZbHqit8vz4AJ0 X0QcesxzcLDmWsf1MqKH2n7IQhciJPMnlix2dXQLxYwoeEKUT7tMv2tbieUcCRDrDZ81 XBxOZMpFsSODnf+4nI1p7jtoKkF0DgMAj/ta2uJl0PMSdbYLH56cF13/hM0hAJMvm0hB 7MUVFLGcQt5+RQT+fXlGNF8ms/ln5O8mN8dghK4ih2XPh3K+2lKRE7FUf8XcheV/GgFo 6/qg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=1fx9KzqHjdI8abR/3unDMmeycBy8LEmnoueHsW6UMvo=; b=Pt2LIFvwPhg1lG6oGxjN9at35xI/azGqWKsfXPTFg8JizryCwM9lFBiHjeByDczf8Q ORO2kBO0gL2BY9ac9m1/kIojR0m4CxhcIC8naPIYJWwoDR+qHJGAUADFm2Ke4rf7ILJt qcLdHUtMAv/xsie379ST7NqEKW5qvgJ60hiKqnsc0t3S3NPv5qX00YNOvFMxvZxvsg2B TFiFS4G+rQud+r4x/coO4RMpS/ulMoQwODI7XSyrkX/nGXp3AuqNYnjRNjAyAa4pLw+P zvnGPxsWsj8jssT/xzI6ro1SXoUR8K7Y327Iqdjdb/znCIkDL9zAjmMrG9quw55/Cplg 9kqw== X-Gm-Message-State: ANoB5pknF1z2xGOgQfUKCrbdK5dkVubou4GZ+3z3UOmE2R5/WAlb9jnx DAL0t7lf24htk1ixrMlMxdOohiZxGmdBIA== X-Received: by 2002:a05:6602:21c2:b0:6e2:d939:4f30 with SMTP id c2-20020a05660221c200b006e2d9394f30mr4378911ioc.0.1671391333654; Sun, 18 Dec 2022 11:22:13 -0800 (PST) Received: from uranus.sansel.ca (bras-vprn-tnhlon4053w-lp130-01-70-51-222-66.dsl.bell.ca. [70.51.222.66]) by smtp.gmail.com with ESMTPSA id a9-20020a027a09000000b00371caa7ef7csm2768877jac.2.2022.12.18.11.22.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 18 Dec 2022 11:22:13 -0800 (PST) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Sun, 18 Dec 2022 14:22:03 -0500 Message-Id: <20221218192203.1214943-1-selva.nair@gmail.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Selva Nair As change in auth-token is common on restart and does not require tun-reopen, exclude it from the "pulled options digest" calculation. Without this tun is always re-opened on SIGUSR1 if auth-token is [...] Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.166.41 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [selva.nair[at]gmail.com] -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.166.41 listed in wl.mailspike.net] X-Headers-End: 1p6zEr-0041cl-4x Subject: [Openvpn-devel] [PATCH] Do not include auth-token in pulled option digest X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1752580877071274137?= X-GMAIL-MSGID: =?utf-8?q?1752580877071274137?= From: Selva Nair As change in auth-token is common on restart and does not require tun-reopen, exclude it from the "pulled options digest" calculation. Without this tun is always re-opened on SIGUSR1 if auth-token is in use which breaks persist-tun. Fixes #200 Signed-off-by: Selva Nair Acked-By: Arne Schwabe --- src/openvpn/push.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/openvpn/push.c b/src/openvpn/push.c index ad2f3c65..95e3ae49 100644 --- a/src/openvpn/push.c +++ b/src/openvpn/push.c @@ -989,8 +989,8 @@ push_update_digest(md_ctx_t *ctx, struct buffer *buf, const struct options *opt) char line[OPTION_PARM_SIZE]; while (buf_parse(buf, ',', line, sizeof(line))) { - /* peer-id might change on restart and this should not trigger reopening tun */ - if (strprefix(line, "peer-id ")) + /* peer-id and auth-token might change on restart and this should not trigger reopening tun */ + if (strprefix(line, "peer-id ") || strprefix(line, "auth-token")) { continue; }