From patchwork Mon Jan 9 20:00:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 2986 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp3103749dyk; Mon, 9 Jan 2023 12:01:27 -0800 (PST) X-Google-Smtp-Source: AMrXdXsianBkVY5+lj4uA62r84DeKKo0SrkGRdpl511vqTB0pjUo+brgv8JevbdoNqHPEpnzQ9NI X-Received: by 2002:a17:903:41cd:b0:192:dfdb:9ebe with SMTP id u13-20020a17090341cd00b00192dfdb9ebemr30737487ple.10.1673294487572; Mon, 09 Jan 2023 12:01:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1673294487; cv=none; d=google.com; s=arc-20160816; b=bjIrZJHVwYJYxTYyVlhEdFEzn7HAcGHRn0PMmIMTt4M3TbxUIXSVkbtQKl8Kpe1V6t BwBgOiyCfsXoCYJMEWdt1XQQ3gg5bxXZ7qQaeCPjc8enzLrzbs7fsiZwDdWyOEP2mw+l vslpyt6z7BBFWkmWAbDaOVa8Ribm36WyjyYDqXsvM0TUCsiMPWRcsORcH8gPTmjgXCUN Ee6yodN9KMuMeQIgT4b0BeW8kIp6bcu/OiBHE0VXN9J+TBoJEvuusMoKDedU93cMMPm/ wveY7qicVEaymkdZRswU9chqF+5ExSd7ES37qY2/id1dj5E93nuSWW4S3AQMjKpQQ91C pYQg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:dkim-signature; bh=SyXjCRgBhNV3ZsHR4sDgx9nrZKkqQKT6pbdqgBE6wZc=; b=gYGPrGvlTOFDfNU3T2sBRVc9cZP7uscaTCvxLxUpbL6d/N7MYTLZRJYa8IrOJWeHYG R5Jt4UjnEO8rSanHsX8O7Iqhf/zlcMbt5rNfb5Un6ggY+X0tld2fX86ADQqLc+5dxmB2 qUcGoD3UKjTbiR6bH5xyZ9G/yaB5ELao7BwY12GdnnDAzGT5M0pUzjDwcXo841q8xi/S KknhialcyOoZ0JCsBy/rAdRgdkPn4IpUfQc36s1zZ85QvGbEod/E3tNUxswGkE8xYpz6 h3ZwKI9YgWdR5QX2Kzl7NZ3ERliozTt4FynzJQ51HJiuNhw/4jYyyrd9kQOSa8J0JZD+ 3Ovg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=OkwROBdg; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=bKSH5507; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id q14-20020a170902f78e00b00189a6834dbesi9371258pln.103.2023.01.09.12.01.26 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 09 Jan 2023 12:01:27 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=OkwROBdg; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=bKSH5507; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pEyJm-0000Y0-J8; Mon, 09 Jan 2023 20:00:26 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pEyJk-0000Xu-7r for openvpn-devel@lists.sourceforge.net; Mon, 09 Jan 2023 20:00:24 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=NTUeLybvLUjjQ9Cwsv3QCBwBhSSxvp6QaZdX6AjLvbY=; b=OkwROBdg5DxVISgaaZXb5nauRE UtnkH3JeonNLTS2x19/8j05SNylzLRx62/zGJ1+kH+vOsJrxCvmnyA25RDGiNadJIDYhGWcc/eYwZ cb0tHswJjBvfocLxjgeq+u3ZsNE6jVux4DHL4Ssgb/LcroF9MmAhEuLvPk9hDlNKljg0=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:To:From: Sender:Reply-To:Cc:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=NTUeLybvLUjjQ9Cwsv3QCBwBhSSxvp6QaZdX6AjLvbY=; b=b KSH5507b0PmVKYNNSCpitdCdU997Mex/uqAUR7/jbBNbFOHQVZSSz6oPukKA/q7DJySvnvZVoLQ63 OyI3mb5QiL7zFJdpty0UkaIVZ9WLZIF4bdZErg9G9xNGai7MxLL6+Coa9nP0KlzNIuof1rOSPH9xP EGSK+SNW3VuceCVk=; Received: from vmail1.greenie.net ([195.30.8.66]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1pEyJh-00Bt0S-QH for openvpn-devel@lists.sourceforge.net; Mon, 09 Jan 2023 20:00:23 +0000 Received: from ubuntu2004.ov.greenie.net (ubuntu2004.ov.greenie.net [IPv6:2001:608:1:995a:250:56ff:febb:2084]) by vmail1.greenie.net (8.17.1/8.16.1) with SMTP id 309K0Bth098259 for ; Mon, 9 Jan 2023 21:00:11 +0100 (CET) Received: (nullmailer pid 2525391 invoked by uid 1000); Mon, 09 Jan 2023 20:00:11 -0000 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Mon, 9 Jan 2023 21:00:11 +0100 Message-Id: <20230109200011.2525342-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.4 (vmail1.greenie.net [IPv6:2001:608:1:995a:20c:29ff:feb8:10eb]); Mon, 09 Jan 2023 21:00:11 +0100 (CET) X-Spam-Score: -2.0 (--) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: p2p --tls-server with no active client/peer logs once per second "dco_update_keys: peer_id=-1" which does exactly nothing, except fill the disk. So skip the call to dco_update_keys() if peer_id == -1. Content analysis details: (-2.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/, medium trust [195.30.8.66 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1pEyJh-00Bt0S-QH Subject: [Openvpn-devel] [PATCH] Reduce logspam about 'dco_update_keys: peer_id=-1' in p2p server mode X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1754576440483114940?= X-GMAIL-MSGID: =?utf-8?q?1754576440483114940?= p2p --tls-server with no active client/peer logs once per second "dco_update_keys: peer_id=-1" which does exactly nothing, except fill the disk. So skip the call to dco_update_keys() if peer_id == -1. Signed-off-by: Gert Doering Acked-by: Antonio Quartulli --- src/openvpn/forward.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index ae0512fc..2ba8b0fa 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -151,6 +151,12 @@ check_dco_key_status(struct context *c) return; } + /* no active peer (p2p tls-server mode) */ + if (c->c2.tls_multi->dco_peer_id == -1 ) + { + return; + } + if (!dco_update_keys(&c->c1.tuntap->dco, c->c2.tls_multi)) { /* Something bad happened. Kill the connection to