From patchwork Wed Mar 17 05:00:36 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 1621 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director7.mail.ord1d.rsapps.net ([172.27.255.54]) by backend30.mail.ord1d.rsapps.net with LMTP id aNXLIxMoUmBxMgAAIUCqbw (envelope-from ) for ; Wed, 17 Mar 2021 12:02:27 -0400 Received: from proxy17.mail.iad3a.rsapps.net ([172.27.255.54]) by director7.mail.ord1d.rsapps.net with LMTP id IK2qIxMoUmCUawAAovjBpQ (envelope-from ) for ; Wed, 17 Mar 2021 12:02:27 -0400 Received: from smtp50.gate.iad3a ([172.27.255.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy17.mail.iad3a.rsapps.net with LMTPS id cFWtGRMoUmCNJQAAR4KW9A (envelope-from ) for ; Wed, 17 Mar 2021 12:02:27 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp50.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 2a49ee76-873a-11eb-b4ba-525400c2fb51-1-1 Received: from [216.105.38.7] ([216.105.38.7:52786] helo=lists.sourceforge.net) by smtp50.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 5A/86-24917-11822506; Wed, 17 Mar 2021 12:02:26 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1lMYcH-0001BQ-R6; Wed, 17 Mar 2021 16:01:49 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lMYbK-0000lr-Pu for openvpn-devel@lists.sourceforge.net; Wed, 17 Mar 2021 16:00:50 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc: MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=+UYqGTgQdpjxSLYxp2wh00IuVcWBW2uyS4TT7KrAyr8=; b=Z4mgMgc6Wss+fCLqGgQGSOl+9K quZ/pf4nlL0wOj3JCrrodAkq/T9MS7iubtm+dyqiG3ztsfW1xkBsEsNs1iWHZePwU93J1TrHwp3n0 QkxaWSzhJ0v+G9biH86W8Cp4uWlzage2WkQy7QxzM4sSt93dDapfGmiufZVgUjdJzktk=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=+UYqGTgQdpjxSLYxp2wh00IuVcWBW2uyS4TT7KrAyr8=; b=Hj0J9Pc3769YAzicvPu1GoosAh 1FH+O6L5X+C7PL+Kd7IefPre1e/h+LYElL8nJo0DPXJSSd2NmdTu/+ZLEuWw+qEY4Zw1P0OwyS30T 7GAGFesyjRZx9H+x4OaarEV8ng0hnZdF0gFwjeJkr/bZ2dkw2w361TrjxbzltS9gjwLY=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1lMYbF-0004wL-Ps for openvpn-devel@lists.sourceforge.net; Wed, 17 Mar 2021 16:00:50 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94 (FreeBSD)) (envelope-from ) id 1lMYb8-000GKU-Iu for openvpn-devel@lists.sourceforge.net; Wed, 17 Mar 2021 17:00:38 +0100 Received: (nullmailer pid 25872 invoked by uid 10006); Wed, 17 Mar 2021 16:00:38 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Wed, 17 Mar 2021 17:00:36 +0100 Message-Id: <20210317160038.25828-1-arne@rfc2549.org> X-Mailer: git-send-email 2.17.1 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: rfc2549.org] 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-Headers-End: 1lMYbF-0004wL-Ps Subject: [Openvpn-devel] [PATCH v2 1/3] Move restoring pre pull options to initialising of c2 context X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox We currently delay restoring these options until we actually must restore them. Since there is no reason to do so apart from the very minor saving to not have to execute that code when a connection fails, move them it into the general context_2 initialisation. Patch V2: rebase on master. Signed-off-by: Arne Schwabe Acked-by: Antonio Quartulli --- src/openvpn/init.c | 5 +++++ src/openvpn/openvpn.h | 1 - src/openvpn/push.c | 5 ----- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/src/openvpn/init.c b/src/openvpn/init.c index d234729c..81aaa6c9 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -4165,6 +4165,11 @@ init_instance(struct context *c, const struct env_set *env, const unsigned int f } } + if (c->options.pull) + { + pre_pull_restore(&c->options, &c->c2.gc); + } + /* map in current connection entry */ next_connection_entry(c); diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h index e9bc7dad..436c10ee 100644 --- a/src/openvpn/openvpn.h +++ b/src/openvpn/openvpn.h @@ -463,7 +463,6 @@ struct context_2 struct event_timeout push_request_interval; time_t push_request_timeout; - bool did_pre_pull_restore; /* hash of pulled options, so we can compare when options change */ bool pulled_options_digest_init_done; diff --git a/src/openvpn/push.c b/src/openvpn/push.c index 320ad737..580c16bd 100644 --- a/src/openvpn/push.c +++ b/src/openvpn/push.c @@ -929,11 +929,6 @@ process_incoming_push_reply(struct context *c, md_ctx_init(c->c2.pulled_options_state, md_kt_get("SHA256")); c->c2.pulled_options_digest_init_done = true; } - if (!c->c2.did_pre_pull_restore) - { - pre_pull_restore(&c->options, &c->c2.gc); - c->c2.did_pre_pull_restore = true; - } if (apply_push_options(&c->options, buf, permission_mask, From patchwork Wed Mar 17 05:00:37 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 1620 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director10.mail.ord1d.rsapps.net ([172.27.255.8]) by backend30.mail.ord1d.rsapps.net with LMTP id SL2NF/AnUmD7QgAAIUCqbw (envelope-from ) for ; Wed, 17 Mar 2021 12:01:52 -0400 Received: from proxy14.mail.iad3a.rsapps.net ([172.27.255.8]) by director10.mail.ord1d.rsapps.net with LMTP id eFYLF/AnUmAcEwAApN4f7A (envelope-from ) for ; Wed, 17 Mar 2021 12:01:52 -0400 Received: from smtp40.gate.iad3a ([172.27.255.8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy14.mail.iad3a.rsapps.net with LMTPS id yCsCLfEnUmCyegAA1+b4IQ (envelope-from ) for ; Wed, 17 Mar 2021 12:01:53 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp40.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 159df3fa-873a-11eb-b437-5254003a14f9-1-1 Received: from [216.105.38.7] ([216.105.38.7:56088] helo=lists.sourceforge.net) by smtp40.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 83/EE-04041-FE722506; Wed, 17 Mar 2021 12:01:51 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.92.3) (envelope-from ) id 1lMYbT-0002oZ-CU; Wed, 17 Mar 2021 16:00:59 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) (envelope-from ) id 1lMYbR-0002oR-GY for openvpn-devel@lists.sourceforge.net; Wed, 17 Mar 2021 16:00:57 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:To: From:Sender:Reply-To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=E4TAvaRrePbOGEPsXoegO2bsNjuI1ZNtp34gTIh/hkI=; b=gMvQonXyKtLP3/Qf4hLuixzf26 FwQhswGmAEmjjM3J0wI/jasztZp4RVcQccbFwYNvgjeZzVS8U9PMKYQ6+oVi5Xfqj3fYhFDaU6EmV 6sbQJICcUZsNI5kGjIQeBh2TAujh/WPIfeK34dCz5M/PAYYI8lLRE6F1AjRxz2oDX1tU=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=E4TAvaRrePbOGEPsXoegO2bsNjuI1ZNtp34gTIh/hkI=; b=NTIGvyJ56YLdtFyt4YF20PLI9S lsvSX0w3mQX8BqMipk04d3j+LBY9sNhVVOIH9YfGvE+WvIpzPfQGYXU90Df7/Ju1zR3e81GSfbedL ZC5q9Xxh0P/hvbKdrVQ42MTzYALlpeQz0JKLf2vavHGAMkvAGKXu6JNaBnqQm8W/UeoQ=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1lMYbF-00B7Ix-S4 for openvpn-devel@lists.sourceforge.net; Wed, 17 Mar 2021 16:00:57 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94 (FreeBSD)) (envelope-from ) id 1lMYb8-000GKX-Le for openvpn-devel@lists.sourceforge.net; Wed, 17 Mar 2021 17:00:38 +0100 Received: (nullmailer pid 25877 invoked by uid 10006); Wed, 17 Mar 2021 16:00:38 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Wed, 17 Mar 2021 17:00:37 +0100 Message-Id: <20210317160038.25828-2-arne@rfc2549.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210317160038.25828-1-arne@rfc2549.org> References: <20210317160038.25828-1-arne@rfc2549.org> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: rfc2549.org] 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-Headers-End: 1lMYbF-00B7Ix-S4 Subject: [Openvpn-devel] [PATCH v2 2/3] Move NCP saving and restore to the prepush restore code X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This unifies save/restoring options that might be changed by a push from the server. It also removes using the context_1 to store something that is not related to a SIGHUP lifetime. Patch v2: rebase on master. Signed-off-by: Arne Schwabe Acked-by: Antonio Quartulli --- src/openvpn/init.c | 36 +++++------------------------------- src/openvpn/openvpn.h | 4 ---- src/openvpn/options.c | 11 +++++++++++ src/openvpn/options.h | 4 ++++ 4 files changed, 20 insertions(+), 35 deletions(-) diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 81aaa6c9..74c42c2c 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -668,28 +668,6 @@ uninit_proxy(struct context *c) uninit_proxy_dowork(c); } -/* - * Saves the initial state of NCP-regotiable - * options into a storage which persists over SIGUSR1. - */ -static void -save_ncp_options(struct context *c) -{ - c->c1.ciphername = c->options.ciphername; - c->c1.authname = c->options.authname; - c->c1.keysize = c->options.keysize; -} - -/* Restores NCP-negotiable options to original values */ -static void -restore_ncp_options(struct context *c) -{ - c->options.ciphername = c->c1.ciphername; - c->options.authname = c->c1.authname; - c->options.keysize = c->c1.keysize; - c->options.data_channel_use_ekm = false; -} - void context_init_1(struct context *c) { @@ -699,8 +677,6 @@ context_init_1(struct context *c) init_connection_list(c); - save_ncp_options(c); - #if defined(ENABLE_PKCS11) if (c->first_time) { @@ -2868,8 +2844,8 @@ do_init_crypto_tls(struct context *c, const unsigned int flags) to.replay_window = options->replay_window; to.replay_time = options->replay_time; to.tcp_mode = link_socket_proto_connection_oriented(options->ce.proto); - to.config_ciphername = c->c1.ciphername; - to.config_ncp_ciphers = options->ncp_ciphers; + to.config_ciphername = c->options.ciphername; + to.config_ncp_ciphers = c->options.ncp_ciphers; to.ncp_enabled = options->ncp_enabled; to.transition_window = options->transition_window; to.handshake_window = options->handshake_window; @@ -4465,8 +4441,6 @@ close_instance(struct context *c) /* free key schedules */ do_close_free_key_schedule(c, (c->mode == CM_P2P || c->mode == CM_TOP)); - restore_ncp_options(c); - /* close TCP/UDP connection */ do_close_link_socket(c); @@ -4537,9 +4511,9 @@ inherit_context_child(struct context *dest, dest->c1.ks.tls_auth_key_type = src->c1.ks.tls_auth_key_type; dest->c1.ks.tls_crypt_v2_server_key = src->c1.ks.tls_crypt_v2_server_key; /* inherit pre-NCP ciphers */ - dest->c1.ciphername = src->c1.ciphername; - dest->c1.authname = src->c1.authname; - dest->c1.keysize = src->c1.keysize; + dest->options.ciphername = src->options.ciphername; + dest->options.authname = src->options.authname; + dest->options.keysize = src->options.keysize; /* inherit auth-token */ dest->c1.ks.auth_token_key = src->c1.ks.auth_token_key; diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h index 436c10ee..3cef2638 100644 --- a/src/openvpn/openvpn.h +++ b/src/openvpn/openvpn.h @@ -203,10 +203,6 @@ struct context_1 struct user_pass *auth_user_pass; /**< Username and password for * authentication. */ - - const char *ciphername; /**< Data channel cipher from config file */ - const char *authname; /**< Data channel auth from config file */ - int keysize; /**< Data channel keysize from config file */ #endif }; diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 0eb049d8..645fc38b 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -3535,7 +3535,13 @@ pre_pull_save(struct options *o) o->pre_pull->client_nat = clone_client_nat_option_list(o->client_nat, &o->gc); o->pre_pull->client_nat_defined = true; } + + /* NCP related options that can be overwritten by a push */ + o->pre_pull->ciphername = o->ciphername; + o->pre_pull->authname = o->authname; + o->pre_pull->keysize = o->keysize; } + } void @@ -3581,10 +3587,15 @@ pre_pull_restore(struct options *o, struct gc_arena *gc) } o->foreign_option_index = pp->foreign_option_index; + + o->ciphername = pp->ciphername; + o->authname = pp->authname; + o->keysize = pp->keysize; } o->push_continuation = 0; o->push_option_types_found = 0; + o->data_channel_use_ekm = false; } #endif /* if P2MP */ diff --git a/src/openvpn/options.h b/src/openvpn/options.h index 56228668..fe67ec72 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -75,6 +75,10 @@ struct options_pre_pull bool client_nat_defined; struct client_nat_option_list *client_nat; + const char* ciphername; + const char* authname; + int keysize; + int foreign_option_index; }; From patchwork Wed Mar 17 05:00:38 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 1619 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director7.mail.ord1d.rsapps.net ([172.27.255.57]) by backend30.mail.ord1d.rsapps.net with LMTP id 2NzaGusnUmD0AQAAIUCqbw (envelope-from ) for ; Wed, 17 Mar 2021 12:01:47 -0400 Received: from proxy20.mail.iad3a.rsapps.net ([172.27.255.57]) by director7.mail.ord1d.rsapps.net with LMTP id 4H25GusnUmD2aAAAovjBpQ (envelope-from ) for ; Wed, 17 Mar 2021 12:01:47 -0400 Received: from smtp39.gate.iad3a ([172.27.255.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy20.mail.iad3a.rsapps.net with LMTPS id eLwSE+snUmC4EQAAtfLT2w (envelope-from ) for ; Wed, 17 Mar 2021 12:01:47 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp39.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 1243fc5e-873a-11eb-bd73-525400eea4e4-1-1 Received: from [216.105.38.7] ([216.105.38.7:56068] helo=lists.sourceforge.net) by smtp39.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id CA/73-21930-9E722506; Wed, 17 Mar 2021 12:01:46 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.92.3) (envelope-from ) id 1lMYbN-0002o5-79; Wed, 17 Mar 2021 16:00:53 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) (envelope-from ) id 1lMYbK-0002nv-Pt for openvpn-devel@lists.sourceforge.net; Wed, 17 Mar 2021 16:00:50 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:To: From:Sender:Reply-To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=A2QhbEt2j60FVTXFgiQVvU8ciIzgiK30yQv9EYQCkD0=; b=VHdVZZCiq0AMpIdIPLpsvznW2k B0bAvoG1DHd/tpjJ/q4vJFqazs2XVwM6d9OIy1Uz5WYm6amQoCE6Z2qbyoNO9TYXxSN3lS5cTK6Q2 ZAGw8cpa9gt9oYg9Yonn/Vph2JB7q02RaclKUKxHx5xWaHywCYfvqMrgh2UaNdcHAhdY=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=A2QhbEt2j60FVTXFgiQVvU8ciIzgiK30yQv9EYQCkD0=; b=d7v/bwTmtbFD3m5UrLSbJv13A6 TAowrHB9nMOsv+PHC0DIarmdD5JebSmHhDBgtSlU1xgvljZdcy6KFT/c0H8po28rrOhT+SsaWxEn5 VCQHQ3SP7TjXdXPWuVvRUB+AHS8dj0D7tYJCQiYmXSgn6RH2QFboR8wLnC+FskMK3xq0=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1lMYbF-0004wM-Pt for openvpn-devel@lists.sourceforge.net; Wed, 17 Mar 2021 16:00:50 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94 (FreeBSD)) (envelope-from ) id 1lMYb8-000GKa-O7 for openvpn-devel@lists.sourceforge.net; Wed, 17 Mar 2021 17:00:38 +0100 Received: (nullmailer pid 25880 invoked by uid 10006); Wed, 17 Mar 2021 16:00:38 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Wed, 17 Mar 2021 17:00:38 +0100 Message-Id: <20210317160038.25828-3-arne@rfc2549.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210317160038.25828-1-arne@rfc2549.org> References: <20210317160038.25828-1-arne@rfc2549.org> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: rfc2549.org] 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-Headers-End: 1lMYbF-0004wM-Pt Subject: [Openvpn-devel] [PATCH v2 3/3] Restore also ping related options on a reconnect X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This fixes the issue that if a client reconnects the next connection entries inherits the keepalive settings that were pushed or set by the previous entry. Since UDP+PULL entries have an implicit 120s timeout, this timeout also got applied to a TCP session after an UDP entry. Patch v2: rebase on master Reported-By: Jan Just Keijser Signed-off-by: Arne Schwabe Acked-by: Antonio Quartulli --- src/openvpn/options.c | 9 +++++++++ src/openvpn/options.h | 4 ++++ 2 files changed, 13 insertions(+) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 645fc38b..42681b71 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -3540,6 +3540,11 @@ pre_pull_save(struct options *o) o->pre_pull->ciphername = o->ciphername; o->pre_pull->authname = o->authname; o->pre_pull->keysize = o->keysize; + + /* Ping related options should be reset to the config values on reconnect */ + o->pre_pull->ping_rec_timeout = o->ping_rec_timeout; + o->pre_pull->ping_rec_timeout_action = o->ping_rec_timeout_action; + o->pre_pull->ping_send_timeout = o->ping_send_timeout; } } @@ -3591,6 +3596,10 @@ pre_pull_restore(struct options *o, struct gc_arena *gc) o->ciphername = pp->ciphername; o->authname = pp->authname; o->keysize = pp->keysize; + + o->ping_rec_timeout = pp->ping_rec_timeout; + o->ping_rec_timeout_action = pp->ping_rec_timeout_action; + o->ping_send_timeout = pp->ping_send_timeout; } o->push_continuation = 0; diff --git a/src/openvpn/options.h b/src/openvpn/options.h index fe67ec72..5317a60e 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -79,6 +79,10 @@ struct options_pre_pull const char* authname; int keysize; + int ping_send_timeout; + int ping_rec_timeout; + int ping_rec_timeout_action; + int foreign_option_index; };