From patchwork Sat Jul 25 13:48:02 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 1336 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director9.mail.ord1d.rsapps.net ([172.31.255.6]) by backend30.mail.ord1d.rsapps.net with LMTP id KA6UHPvEHF9hEQAAIUCqbw for ; Sat, 25 Jul 2020 19:49:15 -0400 Received: from proxy12.mail.iad3b.rsapps.net ([172.31.255.6]) by director9.mail.ord1d.rsapps.net with LMTP id 4NplG/vEHF/UPQAAalYnBA (envelope-from ) for ; Sat, 25 Jul 2020 19:49:15 -0400 Received: from smtp10.gate.iad3b ([172.31.255.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy12.mail.iad3b.rsapps.net with LMTP id oH+TFfvEHF/CGAAAEsW3lA ; Sat, 25 Jul 2020 19:49:15 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp10.gate.iad3b.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 71e68e3c-ced1-11ea-a738-52540055034d-1-1 Received: from [216.105.38.7] ([216.105.38.7:43568] helo=lists.sourceforge.net) by smtp10.gate.iad3b.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 00/02-18108-AF4CC1F5; Sat, 25 Jul 2020 19:49:15 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1jzTts-0002x5-KQ; Sat, 25 Jul 2020 23:48:20 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jzTtr-0002wy-Df for openvpn-devel@lists.sourceforge.net; Sat, 25 Jul 2020 23:48:19 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc: MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=XixLgLplWmeu90ZnCEj8+u2nyAAkRccFnDdxvRh1Udw=; b=FUMOfVv/IFw+GNWRBox0RRSDhj WIsMBzD7tdp+UNIMzmmHMPempxP08oyF26ouJUnQnbWXWtCwEjB5njDoqnjU70YviM10q8vL1H+l5 T4wemRy1nHFPNQOqLsiguiUJjRTNlNuBsRtdmCfsJz3sAVgvOwmPrDiIiFepQi8d28d0=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=XixLgLplWmeu90ZnCEj8+u2nyAAkRccFnDdxvRh1Udw=; b=eWHNkaCwv9aA4/mOtxzaojfeQ5 9GuvCj6L1gDQx7H2EjIFoda8xe0vzCuzPzra231Biuy1MDniyNg6WUIyq+LKZRhq/ubT46oYhAkQJ XBK+SAFMSIqVRt8/RtqWSuwDI6NBw3yI2D/12XTK0POLIwxRiz3Quxe8Npt8qOTEg0zs=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1jzTtp-0097GT-F3 for openvpn-devel@lists.sourceforge.net; Sat, 25 Jul 2020 23:48:19 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94 (FreeBSD)) (envelope-from ) id 1jzTtb-0006si-PY for openvpn-devel@lists.sourceforge.net; Sun, 26 Jul 2020 01:48:03 +0200 Received: (nullmailer pid 22103 invoked by uid 10006); Sat, 25 Jul 2020 23:48:03 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Sun, 26 Jul 2020 01:48:02 +0200 Message-Id: <20200725234803.22058-1-arne@rfc2549.org> X-Mailer: git-send-email 2.17.1 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: rfc2549.org] 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-Headers-End: 1jzTtp-0097GT-F3 Subject: [Openvpn-devel] [PATCH 1/2] Simplify calling logic of check_connection_established_dowork X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox The check event_timeout_defined in check_connection_established is completely redundant as event_timeout_trigger will do the very same check as first action. Removing this check makes the function superfluous. To further improve the code move the call check if the time is expired into process_coarse_timers Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- src/openvpn/forward.c | 77 +++++++++++++++++++------------------------ src/openvpn/forward.h | 2 +- 2 files changed, 34 insertions(+), 45 deletions(-) diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 3d462d0a..30a3fd46 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -138,21 +138,6 @@ check_incoming_control_channel(struct context *c) #endif } -/* - * Options like --up-delay need to be triggered by this function which - * checks for connection establishment. - */ -static inline void -check_connection_established(struct context *c) -{ - void check_connection_established_dowork(struct context *c); - - if (event_timeout_defined(&c->c2.wait_for_connect)) - { - check_connection_established_dowork(c); - } -} - /* * Should we add routes? */ @@ -437,43 +422,45 @@ check_push_request_dowork(struct context *c) /* * Things that need to happen immediately after connection initiation should go here. + * + * Options like --up-delay need to be triggered by this function which + * checks for connection establishment. */ void -check_connection_established_dowork(struct context *c) +check_connection_established(struct context *c) { - if (event_timeout_trigger(&c->c2.wait_for_connect, &c->c2.timeval, ETT_DEFAULT)) + + if (CONNECTION_ESTABLISHED(c)) { - if (CONNECTION_ESTABLISHED(c)) - { #if P2MP - /* if --pull was specified, send a push request to server */ - if (c->c2.tls_multi && c->options.pull) - { + /* if --pull was specified, send a push request to server */ + if (c->c2.tls_multi && c->options.pull) + { #ifdef ENABLE_MANAGEMENT - if (management) - { - management_set_state(management, - OPENVPN_STATE_GET_CONFIG, - NULL, - NULL, - NULL, - NULL, - NULL); - } -#endif - /* fire up push request right away (already 1s delayed) */ - event_timeout_init(&c->c2.push_request_interval, 0, now); - reset_coarse_timers(c); - } - else -#endif /* if P2MP */ + if (management) { - do_up(c, false, 0); + management_set_state(management, + OPENVPN_STATE_GET_CONFIG, + NULL, + NULL, + NULL, + NULL, + NULL); } - - event_timeout_clear(&c->c2.wait_for_connect); +#endif + /* fire up push request right away (already 1s delayed) */ + event_timeout_init(&c->c2.push_request_interval, 0, now); + reset_coarse_timers(c); } + else +#endif /* if P2MP */ + { + do_up(c, false, 0); + } + + event_timeout_clear(&c->c2.wait_for_connect); } + } bool @@ -777,8 +764,10 @@ process_coarse_timers(struct context *c) check_status_file(c); /* process connection establishment items */ - check_connection_established(c); - + if (event_timeout_trigger(&c->c2.wait_for_connect, &c->c2.timeval, ETT_DEFAULT)) + { + check_connection_established(c); + } #if P2MP /* see if we should send a push_request in response to --pull */ check_push_request(c); diff --git a/src/openvpn/forward.h b/src/openvpn/forward.h index ff898133..635e84ae 100644 --- a/src/openvpn/forward.h +++ b/src/openvpn/forward.h @@ -88,7 +88,7 @@ void check_fragment_dowork(struct context *c); #endif /* ENABLE_FRAGMENT */ -void check_connection_established_dowork(struct context *c); +void check_connection_established(struct context *c); void check_add_routes_dowork(struct context *c); From patchwork Sat Jul 25 13:48:03 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 1335 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director7.mail.ord1d.rsapps.net ([172.31.255.6]) by backend30.mail.ord1d.rsapps.net with LMTP id UGwhMfjEHF/1TwAAIUCqbw for ; Sat, 25 Jul 2020 19:49:12 -0400 Received: from proxy5.mail.iad3b.rsapps.net ([172.31.255.6]) by director7.mail.ord1d.rsapps.net with LMTP id CO7AL/jEHF+IOgAAovjBpQ (envelope-from ) for ; Sat, 25 Jul 2020 19:49:12 -0400 Received: from smtp39.gate.iad3b ([172.31.255.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy5.mail.iad3b.rsapps.net with LMTP id cBJzKPjEHF/oXgAA13hMnw ; Sat, 25 Jul 2020 19:49:12 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp39.gate.iad3b.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 706935f0-ced1-11ea-9642-5254002be87c-1-1 Received: from [216.105.38.7] ([216.105.38.7:40180] helo=lists.sourceforge.net) by smtp39.gate.iad3b.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 34/73-20483-8F4CC1F5; Sat, 25 Jul 2020 19:49:12 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1jzTtt-0003zw-4p; Sat, 25 Jul 2020 23:48:21 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jzTtr-0003zp-Ck for openvpn-devel@lists.sourceforge.net; Sat, 25 Jul 2020 23:48:19 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:To: From:Sender:Reply-To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=hfUxdIe14prPcM93VoOdAxgYwdfMeH82r5oMZlvJUiE=; b=AkUyvTXCbZU9eaQmbKVAjFLOZg 3TKwRCKVW9IqzsWOpE5VUmNnnQaGfVOMUap53nEin6uUAyavkhcOIEUL5DWAcnJwbmx13OhjeOhM4 ryd1zwes2RCLk3IszYNv+z+in4ETDb+O823gNvi0ilBLVdt7hPmRg6I9a6ADeDRhVPxc=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=hfUxdIe14prPcM93VoOdAxgYwdfMeH82r5oMZlvJUiE=; b=TNI6ckwQRdmmgv4CZblplPcufF PYZb1+m/05cqwXaq+AEn+Qq14TJjPyHa3XX9LOwEkbB8PIQU2imA5CuYuejBlpItv1ChmmqBAm8uT t5QKlCEVdtR3qC2cQmnnCCadbY2HsJNkiXbuWuZjO/HRpteluTqs4uvU3C4atav6hA9g=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1jzTtp-0097GE-4w for openvpn-devel@lists.sourceforge.net; Sat, 25 Jul 2020 23:48:19 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94 (FreeBSD)) (envelope-from ) id 1jzTtb-0006sk-Rs for openvpn-devel@lists.sourceforge.net; Sun, 26 Jul 2020 01:48:03 +0200 Received: (nullmailer pid 22106 invoked by uid 10006); Sat, 25 Jul 2020 23:48:03 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Sun, 26 Jul 2020 01:48:03 +0200 Message-Id: <20200725234803.22058-2-arne@rfc2549.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200725234803.22058-1-arne@rfc2549.org> References: <20200725234803.22058-1-arne@rfc2549.org> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: rfc2549.org] 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-Headers-End: 1jzTtp-0097GE-4w Subject: [Openvpn-devel] [PATCH 2/2] Avoid sending push request after receving push reply X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox The introduction of IV_PROTO_REQUEST_PUSH (c290df55) sometimes causes the server to reply before we setup the push timer. The push reply will then clear a timer that has not been setup yet. We then start sending push request after we have gone through the whole initialisation already. This patch also clears the connestion_established timer that sets up the push request timer. This lead to the management_set_state(management, OPENVPN_STATE_GET_CONFIG, ...) function not being called. But a to display "waiting for configuration..." or sending a "getting config state" after "initialisation" does not make sense anyway. Also add the IV_PROTO_REQUEST_PUSH feature as new feature in Changes.rst Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- Changes.rst | 11 +++++++++++ src/openvpn/forward.c | 3 +++ src/openvpn/push.c | 1 + 3 files changed, 15 insertions(+) diff --git a/Changes.rst b/Changes.rst index 8fbaf419..e377a36c 100644 --- a/Changes.rst +++ b/Changes.rst @@ -37,6 +37,13 @@ Deferred client-connect asynchronous/deferred return of the configuration file in the same way as the auth-plugin. +Faster connection setup + A client will signal in the ``IV_PROTO`` variable that is in pull + mode. This allows the server to push the configuration options to + the client without waiting for a ``PULL_REQUEST`` message. The feature + is automatically enabled if both client and server support it and + reduces the of connection setup time by one round-trip time. + Deprecated features ------------------- For an up-to-date list of all deprecated options, see this wiki page: @@ -72,6 +79,10 @@ User-visible Changes - Support for building with OpenSSL 1.0.1 has been removed. The minimum supported OpenSSL version is now 1.0.2. +- The GET_CONFIG management state is ommited if the server pushes + the client configuration almost immediately as result of the + faster connection setup feature. + Overview of changes in 2.4 ========================== diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 30a3fd46..759fdbe1 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -425,6 +425,9 @@ check_push_request_dowork(struct context *c) * * Options like --up-delay need to be triggered by this function which * checks for connection establishment. + * + * Note: The process_incoming_push_reply currently assumes that this function + * only sets ups the pull request timer when pull is enabled. */ void check_connection_established(struct context *c) diff --git a/src/openvpn/push.c b/src/openvpn/push.c index 84193afe..9c720b42 100644 --- a/src/openvpn/push.c +++ b/src/openvpn/push.c @@ -358,6 +358,7 @@ incoming_push_message(struct context *c, const struct buffer *buffer) } } event_timeout_clear(&c->c2.push_request_interval); + event_timeout_clear(&c->c2.wait_for_connect); } goto cleanup;