From patchwork Tue Sep 7 12:36:14 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 1945 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director14.mail.ord1d.rsapps.net ([172.28.255.1]) by backend30.mail.ord1d.rsapps.net with LMTP id uH3BMJvpN2HfXwAAIUCqbw (envelope-from ) for ; Tue, 07 Sep 2021 18:37:15 -0400 Received: from proxy3.mail.ord1c.rsapps.net ([172.28.255.1]) by director14.mail.ord1d.rsapps.net with LMTP id uBt+MJvpN2HLCQAAeJ7fFg (envelope-from ) for ; Tue, 07 Sep 2021 18:37:15 -0400 Received: from smtp4.gate.ord1c ([172.28.255.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy3.mail.ord1c.rsapps.net with LMTPS id sFTVL5vpN2HXUAAANIxBXg (envelope-from ) for ; Tue, 07 Sep 2021 18:37:15 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp4.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=gmail.com; dmarc=fail (p=none; dis=none) header.from=gmail.com X-Suspicious-Flag: YES X-Classification-ID: 262ff6f2-102c-11ec-b198-0024e87f2f2c-1-1 Received: from [216.105.38.7] ([216.105.38.7:44950] helo=lists.sourceforge.net) by smtp4.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id A6/9C-14141-B99E7316; Tue, 07 Sep 2021 18:37:15 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1mNjhj-0001FA-2N; Tue, 07 Sep 2021 22:36:35 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mNjhZ-0001Es-LH for openvpn-devel@lists.sourceforge.net; Tue, 07 Sep 2021 22:36:25 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=tvjEV9Ukb3wFB65PlmIRikAR+cQ7qQONhX0RbEw4KG0=; b=Rfa/P20u77ezjlKYdq2Qv8uPWE 0gMqPP8eZR9ZMtbAMODxPao18zrAFyzDqzAyItt8CWXC+M96k5qeYgjZ54yr1YWugCbA9RKijEAAH 4coMEZD2t8yW9zOW18GxGreUbNJGzl8Y4MADJ+sj5dMc+no6M+hNHIyisjRnTi+/o7R0=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=tvjEV9Ukb3wFB65PlmIRikAR+cQ7qQONhX0RbEw4KG0=; b=S S4qCa7+CWynHOAZ+2cODDrAxPkcJqFjlU3rZN91vtQ2GobQn4RKKFEn/ieI/2F9l6qZPQGV+yAfDg JsZFVGP4ZOOl4C0REF4pOR2CtV7SI/avc1tz1iXEMCL2+POC1/yVRubJsrkSZYOHicsDJMXta+jQm QHxjcOxDByNEae0o=; Received: from mail-il1-f181.google.com ([209.85.166.181]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92.3) id 1mNjhX-001afN-QC for openvpn-devel@lists.sourceforge.net; Tue, 07 Sep 2021 22:36:25 +0000 Received: by mail-il1-f181.google.com with SMTP id b4so243411ilr.11 for ; Tue, 07 Sep 2021 15:36:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=tvjEV9Ukb3wFB65PlmIRikAR+cQ7qQONhX0RbEw4KG0=; b=ewXmnK8ABFmmRPX2WQbh4e5moZ9CPJriRl3n12fIhDC6Osei7BGZpOTGAsh24LVAmX VVqVilns9UX38jljb1nFNNLsLuZaQeMI6OidmOYnnhC/l4ETrn12bWvtJ8mTQVL20XIq UEPLtOSLopICh8G3UZBca+D79XaBtmNN4aKnHq60VfCw8wCDPWjlAwYNLTgUm7pdDThJ 4JBi04PIHJMNQ4eW7y5fx8sycWvQcUV4Is6XQeizcKUbOmf/AChmibtqqkoirgSMKoq/ QwPIBI84+lkI0NFsG3FxmCW9wXE6twZA2XibdbSMcC7xWK7FmkFTCl8IagvNUsNii5Va 7MAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=tvjEV9Ukb3wFB65PlmIRikAR+cQ7qQONhX0RbEw4KG0=; b=a+ncFoq6R4kMk284IQZkkw3+jv9wePGSMLcCLarMaUxAIZtGjK1LEUdMXydZk3TVnx w66vctEz7KRque2mXNMwEAFJGVK9w7cbpJFVpCvZ5A4d5P5hyB1g9dVhoBQor6dPXAjI BAeIrzvsRFvJejEK/Gjnm1jBpn81/WOrwQWOhrNDb1JbGv0HScTW/uPq6wAogKKqcciS KvhV3dQYBkiFAEPzifGXCzk9mHW08WX7jWx7NYRxQZr+60/ujkcgrqmm/Qln4MGwlQBs zGzmAZxwhRVic8Ww9ttxATCxwMSSlENcGhQsR+V2b+d+7QdMzIAjtMtWGVTnfeb43noj dFxw== X-Gm-Message-State: AOAM531TnFHlXo6WOSdjShGVg/mCnpp+Mk8xFBkaBkeaCn7zvEPpuM20 psFELEFZRI0RuNwR4maXMbRVz/0lwN0= X-Google-Smtp-Source: ABdhPJyTG4Syai8vbsy9GLkpw8BTuiDOoHdz71qZXifCCdIaAfTqLsi/cgkbHG2sMpVoIck3a4vbdA== X-Received: by 2002:a05:6e02:198d:: with SMTP id g13mr391002ilf.319.1631054178021; Tue, 07 Sep 2021 15:36:18 -0700 (PDT) Received: from uranus.home.sansel.ca (bras-vprn-tnhlon4053w-lp130-02-70-51-223-174.dsl.bell.ca. [70.51.223.174]) by smtp.gmail.com with ESMTPSA id b10sm229175ils.13.2021.09.07.15.36.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Sep 2021 15:36:17 -0700 (PDT) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Tue, 7 Sep 2021 18:36:14 -0400 Message-Id: <20210907223614.8574-1-selva.nair@gmail.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Selva Nair The mamangement command "remote SKIP" is extended with an optional parameter 'count' > 0. If count is greater than number of connection entries (len), count % len is used. On going past the index of t [...] Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.166.181 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.166.181 listed in wl.mailspike.net] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [selva.nair[at]gmail.com] -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1mNjhX-001afN-QC Subject: [Openvpn-devel] [PATCH] Allow skipping multple remotes via management interface X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Selva Nair The mamangement command "remote SKIP" is extended with an optional parameter 'count' > 0. If count is greater than number of connection entries (len), count % len is used. On going past the index of the last connection entry, counting is restarted from the first connection entry. Without this, use of management-query-remote from a UI is virtually impractical except when there are only a handful of remote entries. Skipping the entries one by one takes a long time when there are many entries to be skipped (~ 1 second per entry). Use of "remote MOD" is not an option as change of protocol is not supported. Management clients can determine the availablity of this feature by checking that the management interface version is > 3. Older versions will ignore the count parameter and behave identically to using count = 1. Signed-off-by: Selva Nair Acked-By: Arne Schwabe --- doc/management-notes.txt | 7 +++++++ src/openvpn/init.c | 20 ++++++++++++++++---- src/openvpn/options.h | 2 ++ 3 files changed, 25 insertions(+), 4 deletions(-) diff --git a/doc/management-notes.txt b/doc/management-notes.txt index 84e3d04b..ff0695a0 100644 --- a/doc/management-notes.txt +++ b/doc/management-notes.txt @@ -929,6 +929,13 @@ use this command: remote SKIP +Starting OpenVPN version 2.6 (management version > 3), skip +multiple remotes using: + + remote SKIP n + +where n > 0 is the number of remotes to skip. + COMMAND -- proxy (OpenVPN 2.3 or higher) -------------------------------------------- diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 386aee23..73ce3bb1 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -348,6 +348,7 @@ management_callback_remote_cmd(void *arg, const char **p) { flags = CE_MAN_QUERY_REMOTE_SKIP; ret = true; + c->options.ce_advance_count = (p[2]) ? atoi(p[2]) : 1; } else if (!strcmp(p[1], "MOD") && p[2] && p[3]) { @@ -520,18 +521,28 @@ next_connection_entry(struct context *c) c->c1.link_socket_addr.remote_list; } + int advance_count = 1; + + /* If previous connection entry was skipped by management client + * with a count to advance by, apply it. + */ + if (c->options.ce_advance_count > 0) + { + advance_count = c->options.ce_advance_count; + } + /* * Increase the number of connection attempts * If this is connect-retry-max * size(l) * OpenVPN will quit */ - c->options.unsuccessful_attempts++; + c->options.unsuccessful_attempts += advance_count; + l->current += advance_count; - if (++l->current >= l->len) + if (l->current >= l->len) { - - l->current = 0; + l->current %= l->len; if (++n_cycles >= 2) { msg(M_FATAL, "No usable connection profiles are present"); @@ -540,6 +551,7 @@ next_connection_entry(struct context *c) } } + c->options.ce_advance_count = 1; ce = l->array[l->current]; if (ce->flags & CE_DISABLED) diff --git a/src/openvpn/options.h b/src/openvpn/options.h index b0e40cb7..ea7ee96e 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -253,6 +253,8 @@ struct options bool no_advance; /* Counts the number of unsuccessful connection attempts */ unsigned int unsuccessful_attempts; + /* count of connection entries to advance by when no_advance is not set */ + int ce_advance_count; #if ENABLE_MANAGEMENT struct http_proxy_options *http_proxy_override;