From patchwork Sat Dec 24 19:42:49 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2934 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp1133662dyk; Sat, 24 Dec 2022 11:43:29 -0800 (PST) X-Google-Smtp-Source: AMrXdXuqW7BiBybRylbhnlbPI5+9Xb6yGVmZBSQBD4FMbk6dMmKfmn7aM5h+802OWIA1Aaxi9dl8 X-Received: by 2002:a17:902:f78e:b0:186:a43b:a5 with SMTP id q14-20020a170902f78e00b00186a43b00a5mr16765938pln.13.1671911008921; Sat, 24 Dec 2022 11:43:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1671911008; cv=none; d=google.com; s=arc-20160816; b=uPUMT4Lfpmcy4PMWfTuCdpjY0PDk++xZqH5UVT0Az8IcVa7o8N41xT+26kagpwpBSl SbN5ZIrhX4GeU0QgeEspjja5tPCCJdbFxjRhEH+sQZIl1e4DoySg9/v6X86VHtgjKEJb 6BOyU7dVVWW1XsiMt1+bmr1HUxZ44zdRnYUQ4BAbMX90fqWzAdMDJefcSRq0Lj0xqG3r nnUVMOUhDMmQnP5cB0ITT+zLdKdgfyhiDjNO27kGKkj54/fZaw76OoFMWxgfN9FfnWIt 752zsEvHTExuMJGlcdu116l029ikX1GjuhOoUyNS2gOLV+sdTo09+0V2AtcGMeEcRcA3 hg5w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=8nHX94vdAhWn6cd9yuIiMGYnw3cqjNszLBcs/AfdcJE=; b=grc7IAtPEn+OrKVxA3FsbmbHglyl29tz7LCmaxNktpYfwmbQe89d4hXHlittOntQlL 7QLO87cbdcRkyQWGzvjEF8UxzpdRqNvvR5tXIrGqRrFGKuMeJLwIuxLA/Xsl2LSRpt4B pQiMUuLaFskqSrQDZ3p8WkQesZ0qmCtdhCXTUlAnLxXCd55xyyM+SLpX1JGrGrhyxou3 SDxmMzJamlq9LEhu1kmB89s1tYp8WKbUiknRMnW5LA4rlf7BXZv/609aPHC1cdLasgxd oKEcaSaxalKLmwOGWo9FE8KuqbFP9HtPPGnUZmxADZTwhUco7mT/H3hADUWJG9GxMPL8 7msQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=VEnuhNoz; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=Q1MHvtMr; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id x21-20020a17090300d500b001868a25da0dsi6203730plc.40.2022.12.24.11.43.28 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 24 Dec 2022 11:43:28 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=VEnuhNoz; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=Q1MHvtMr; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1p9AQJ-0003YL-B6; Sat, 24 Dec 2022 19:43:11 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1p9AQE-0003Xs-UZ for openvpn-devel@lists.sourceforge.net; Sat, 24 Dec 2022 19:43:06 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=luCr8O6/7uRwW5lWyV2TtitctJUVe6ibsEBpWDTmr7Y=; b=VEnuhNoz5zjpEp7ezMob8sDaCz /J3OBPlqt6uCPhdwTTPNKm8+DA+doIRJtJOlqX5dwXrw2WYFugQVc+kvyDteFH17tGC8OzWckiPzx wnE5qaqyIHk1sUXBV8zndgk4hZ5+TmfSnkcdOiTmGa+5B+fxZk5Tuo0Ru8S45MoDORdk=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=luCr8O6/7uRwW5lWyV2TtitctJUVe6ibsEBpWDTmr7Y=; b=Q1MHvtMrQfFF+uwZxTA2uRmPpy uds+KC9aXfTmNF67EvKiZu7+dSqOZNyWWFh4P/f/2/lirK8qSJX6a/0y8PNcOu8mtoeFV2eTILYso ytJfU2Jn6sBa8rWkxxKupz/TrNDF2PiyQ/Gs23yE1i/vpDmjAHFrvtIcAELldyGaaEHQ=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1p9AQE-00BPfL-E1 for openvpn-devel@lists.sourceforge.net; Sat, 24 Dec 2022 19:43:06 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1p9AQ1-000H1d-N9 for openvpn-devel@lists.sourceforge.net; Sat, 24 Dec 2022 20:42:53 +0100 Received: (nullmailer pid 3202291 invoked by uid 10006); Sat, 24 Dec 2022 19:42:53 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Sat, 24 Dec 2022 20:42:49 +0100 Message-Id: <20221224194253.3202231-6-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221224194253.3202231-1-arne@rfc2549.org> References: <20221224194253.3202231-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Score: 0.3 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: If we get a message from a mismatched packet we need to clear the incoming message buffer to ensure we can receive another packet. Signed-off-by: Arne Schwabe --- src/openvpn/forward.c | 2 ++ src/openvpn/multi.c | 2 ++ 2 files changed, 4 insertions(+) Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1p9AQE-00BPfL-E1 Subject: [Openvpn-devel] [PATCH 5/9] Also drop incoming dco packet content when dropping the packet X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1753125758129982384?= X-GMAIL-MSGID: =?utf-8?q?1753125758129982384?= If we get a message from a mismatched packet we need to clear the incoming message buffer to ensure we can receive another packet. Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- src/openvpn/forward.c | 2 ++ src/openvpn/multi.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 17a14f0bd..61caf1146 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -1194,6 +1194,8 @@ process_incoming_dco(struct context *c) msg(D_DCO_DEBUG, "%s: received message for mismatching peer-id %d, " "expected %d", __func__, dco->dco_message_peer_id, c->c2.tls_multi->dco_peer_id); + /* ensure we also drop a message if there is one in the buffer */ + buf_init(&dco->dco_packet_in, 0); return; } diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index fcb308151..9a20112e2 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -3276,6 +3276,8 @@ multi_process_incoming_dco(struct multi_context *m) else { msg(D_DCO, "Received packet for peer-id unknown to OpenVPN: %d", peer_id); + /* Also clear the buffer if this was incoming packet for a dropped peer */ + buf_init(&dco->dco_packet_in, 0); } dco->dco_message_type = 0;