From patchwork Wed Dec  9 03:20:43 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Arne Schwabe <arne@rfc2549.org>
X-Patchwork-Id: 1545
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director12.mail.ord1d.rsapps.net ([172.27.255.51])
	by backend30.mail.ord1d.rsapps.net with LMTP
	id kNX+GITd0F/tQgAAIUCqbw
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Wed, 09 Dec 2020 09:21:56 -0500
Received: from proxy13.mail.iad3a.rsapps.net ([172.27.255.51])
	by director12.mail.ord1d.rsapps.net with LMTP
	id 8ORnGITd0F8aIwAAIasKDg
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Wed, 09 Dec 2020 09:21:56 -0500
Received: from smtp10.gate.iad3a ([172.27.255.51])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy13.mail.iad3a.rsapps.net with LMTPS
	id 8M2GEITd0F84FQAAwhxzoA
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Wed, 09 Dec 2020 09:21:56 -0500
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: openvpnslackdevel@openvpn.net
X-Originating-Ip: [216.105.38.7]
Authentication-Results: smtp10.gate.iad3a.rsapps.net;
 iprev=pass policy.iprev="216.105.38.7";
 spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net"
 smtp.helo="lists.sourceforge.net";
 dkim=fail (signature verification failed) header.d=sourceforge.net;
 dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil;
 dis=none) header.from=rfc2549.org
X-Suspicious-Flag: YES
X-Classification-ID: e3661d48-3a29-11eb-9e7c-525400a8203f-1-1
Received: from [216.105.38.7] ([216.105.38.7:49332]
 helo=lists.sourceforge.net)
	by smtp10.gate.iad3a.rsapps.net (envelope-from
 <openvpn-devel-bounces@lists.sourceforge.net>)
	(ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384)
	id 75/63-26703-38DD0DF5; Wed, 09 Dec 2020 09:21:55 -0500
Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com)
	by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1kn0Kw-0001MH-Ng; Wed, 09 Dec 2020 14:20:58 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
 by sfs-ml-1.v29.lw.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1)
 (envelope-from <arne@kamera.blinkt.de>) id 1kn0Kv-0001Lt-E7
 for openvpn-devel@lists.sourceforge.net; Wed, 09 Dec 2020 14:20:57 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:
 MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=rZo/L2DzBD1c9OcYCL7TSFWEucrW+H1rFHrUMINkSZI=; b=F9Zv7jyIwvJcgJQaeXax9QGQZy
 3nTvjEq3eMUJWUbJKcjBbbhxcLDZLU6aPHq1tR7opXAUFZA8hdov+qTY6v/kgGVICp/THI6fn9ViQ
 aIinpBQR9qQCZ8nSfclK27OsP3SOL2aCE7zQZExeowja7iULlFx9RM5nJM1wpjY3+BNw=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:MIME-Version:
 Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:
 Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
 In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=rZo/L2DzBD1c9OcYCL7TSFWEucrW+H1rFHrUMINkSZI=; b=k8OIoFqK1T3wc5IVfCI1Vbijpl
 DwIyhjMzTiweIM15Xgcy2TnWGRHgHRXrOeajz6t9QFlpg3lqV04AWwf5tVBoBa/r9uH0wsWC6zknQ
 C2f3F4udOTPLuNviumMgbZOShMv1jHQKCC1loLwvrFCpIrJ4VORbP7HJk3DmmpvWjsh8=;
Received: from mail.blinkt.de ([192.26.174.232])
 by sfi-mx-3.v28.lw.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2)
 id 1kn0Kq-007oZg-Tp
 for openvpn-devel@lists.sourceforge.net; Wed, 09 Dec 2020 14:20:57 +0000
Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c])
 by mail.blinkt.de with smtp (Exim 4.94 (FreeBSD))
 (envelope-from <arne@kamera.blinkt.de>) id 1kn0Kj-000E0X-M1
 for openvpn-devel@lists.sourceforge.net; Wed, 09 Dec 2020 15:20:45 +0100
Received: (nullmailer pid 4534 invoked by uid 10006);
 Wed, 09 Dec 2020 14:20:45 -0000
From: Arne Schwabe <arne@rfc2549.org>
To: openvpn-devel@lists.sourceforge.net
Date: Wed,  9 Dec 2020 15:20:43 +0100
Message-Id: <20201209142045.4489-1-arne@rfc2549.org>
X-Mailer: git-send-email 2.17.1
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
 See http://spamassassin.org/tag/ for more details.
 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
 See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
 for more information. [URIs: rfc2549.org]
 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
 domains are different
 0.0 SPF_NONE               SPF: sender does not publish an SPF Record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
X-Headers-End: 1kn0Kq-007oZg-Tp
Subject: [Openvpn-devel] [PATCH 1/3] Move restoring pr pull options to
 initialising of c2 context
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
MIME-Version: 1.0
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox

We currently delay restoring these options until we actually must
restore them. Since there is no reason to do so apart from the very
minor saving to not have to execute that code when a connection fails,
move them it into the general context_2 initialisation.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
---
 src/openvpn/init.c    | 5 +++++
 src/openvpn/openvpn.h | 1 -
 src/openvpn/push.c    | 5 -----
 3 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index c3493c42..2f44befe 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -4184,6 +4184,11 @@ init_instance(struct context *c, const struct env_set *env, const unsigned int f
         }
     }
 
+    if (c->options.pull)
+    {
+        pre_pull_restore(&c->options, &c->c2.gc);
+    }
+
     /* map in current connection entry */
     next_connection_entry(c);
 
diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h
index 4ca89ba9..ece85e88 100644
--- a/src/openvpn/openvpn.h
+++ b/src/openvpn/openvpn.h
@@ -463,7 +463,6 @@ struct context_2
 
     struct event_timeout push_request_interval;
     int n_sent_push_requests;
-    bool did_pre_pull_restore;
 
     /* hash of pulled options, so we can compare when options change */
     bool pulled_options_digest_init_done;
diff --git a/src/openvpn/push.c b/src/openvpn/push.c
index 26a6201f..95c28ff1 100644
--- a/src/openvpn/push.c
+++ b/src/openvpn/push.c
@@ -812,11 +812,6 @@ process_incoming_push_reply(struct context *c,
             md_ctx_init(c->c2.pulled_options_state, md_kt_get("SHA256"));
             c->c2.pulled_options_digest_init_done = true;
         }
-        if (!c->c2.did_pre_pull_restore)
-        {
-            pre_pull_restore(&c->options, &c->c2.gc);
-            c->c2.did_pre_pull_restore = true;
-        }
         if (apply_push_options(&c->options,
                                buf,
                                permission_mask,

From patchwork Wed Dec  9 03:20:44 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Arne Schwabe <arne@rfc2549.org>
X-Patchwork-Id: 1546
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director12.mail.ord1d.rsapps.net ([172.27.255.9])
	by backend30.mail.ord1d.rsapps.net with LMTP
	id GGvRI4Td0F9dRAAAIUCqbw
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Wed, 09 Dec 2020 09:21:56 -0500
Received: from proxy20.mail.iad3a.rsapps.net ([172.27.255.9])
	by director12.mail.ord1d.rsapps.net with LMTP
	id EABtI4Td0F+OIwAAIasKDg
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Wed, 09 Dec 2020 09:21:56 -0500
Received: from smtp36.gate.iad3a ([172.27.255.9])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy20.mail.iad3a.rsapps.net with LMTPS
	id wAnjG4Td0F8nIgAAtfLT2w
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Wed, 09 Dec 2020 09:21:56 -0500
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: openvpnslackdevel@openvpn.net
X-Originating-Ip: [216.105.38.7]
Authentication-Results: smtp36.gate.iad3a.rsapps.net;
 iprev=pass policy.iprev="216.105.38.7";
 spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net"
 smtp.helo="lists.sourceforge.net";
 dkim=fail (signature verification failed) header.d=sourceforge.net;
 dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil;
 dis=none) header.from=rfc2549.org
X-Suspicious-Flag: YES
X-Classification-ID: e389fc04-3a29-11eb-8a19-525400575b2b-1-1
Received: from [216.105.38.7] ([216.105.38.7:42234]
 helo=lists.sourceforge.net)
	by smtp36.gate.iad3a.rsapps.net (envelope-from
 <openvpn-devel-bounces@lists.sourceforge.net>)
	(ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384)
	id 54/2A-21703-38DD0DF5; Wed, 09 Dec 2020 09:21:55 -0500
Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com)
	by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.90_1)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1kn0L7-0004TI-TL; Wed, 09 Dec 2020 14:21:09 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
 by sfs-ml-2.v29.lw.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1)
 (envelope-from <arne@kamera.blinkt.de>) id 1kn0L7-0004TC-Bb
 for openvpn-devel@lists.sourceforge.net; Wed, 09 Dec 2020 14:21:09 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:To:
 From:Sender:Reply-To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=09kaajbp0CpL48SGFp27KI2vHuqNGReZo7h+HAgbaqE=; b=fEZ5y+3sYRzkpNLwQus9uqQwqw
 t2ucgvhtSLsr759Iszj3Te2CeBmoyqincXmDqiQmqYD3rcrQQOC137f7yesqxoS9LouMFI/eANYX0
 bz5lc0G7D2t7V+ExURdAtTSaG/Fz3EXCIVt5s714ou20ZHV+hR1Uu9dDywiRix9OnvnI=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=References:In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc
 :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=09kaajbp0CpL48SGFp27KI2vHuqNGReZo7h+HAgbaqE=; b=bQvteq9A8SjLjdbMdSW7JIZraC
 I5N0J5vYScD1kyuAJqZKGhWdXuhKUo7W+66AboD3QopVDbSaVt2cJvjv+4Ervmi4X/UtL4QXUWfs+
 EvMAIEjp7nInoQpYZegJWGey7zKVqN9a72j0ePl9LQBYO5k54oEgTJFA9RVqH8Qby04c=;
Received: from mail.blinkt.de ([192.26.174.232])
 by sfi-mx-1.v28.lw.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2)
 id 1kn0Ku-0053zg-Jk
 for openvpn-devel@lists.sourceforge.net; Wed, 09 Dec 2020 14:21:09 +0000
Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c])
 by mail.blinkt.de with smtp (Exim 4.94 (FreeBSD))
 (envelope-from <arne@kamera.blinkt.de>) id 1kn0Kj-000E0Z-Nm
 for openvpn-devel@lists.sourceforge.net; Wed, 09 Dec 2020 15:20:45 +0100
Received: (nullmailer pid 4537 invoked by uid 10006);
 Wed, 09 Dec 2020 14:20:45 -0000
From: Arne Schwabe <arne@rfc2549.org>
To: openvpn-devel@lists.sourceforge.net
Date: Wed,  9 Dec 2020 15:20:44 +0100
Message-Id: <20201209142045.4489-2-arne@rfc2549.org>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20201209142045.4489-1-arne@rfc2549.org>
References: <20201209142045.4489-1-arne@rfc2549.org>
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
 See http://spamassassin.org/tag/ for more details.
 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
 See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
 for more information. [URIs: rfc2549.org]
 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
 domains are different
 0.0 SPF_NONE               SPF: sender does not publish an SPF Record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
X-Headers-End: 1kn0Ku-0053zg-Jk
Subject: [Openvpn-devel] [PATCH 2/3] Move NCP saving and restore to the
 prepush restore code
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
MIME-Version: 1.0
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox

This unifies save/restoring options that might be changed by a push
from the server. It also removes using the context_1 to store something
that is not related to a SIGHUP lifetime.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
---
 src/openvpn/init.c    | 36 +++++-------------------------------
 src/openvpn/openvpn.h |  4 ----
 src/openvpn/options.c | 11 +++++++++++
 src/openvpn/options.h |  4 ++++
 4 files changed, 20 insertions(+), 35 deletions(-)

diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 2f44befe..089ce34e 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -668,28 +668,6 @@ uninit_proxy(struct context *c)
     uninit_proxy_dowork(c);
 }
 
-/*
- * Saves the initial state of NCP-regotiable
- * options into a storage which persists over SIGUSR1.
- */
-static void
-save_ncp_options(struct context *c)
-{
-    c->c1.ciphername = c->options.ciphername;
-    c->c1.authname = c->options.authname;
-    c->c1.keysize = c->options.keysize;
-}
-
-/* Restores NCP-negotiable options to original values */
-static void
-restore_ncp_options(struct context *c)
-{
-    c->options.ciphername = c->c1.ciphername;
-    c->options.authname = c->c1.authname;
-    c->options.keysize = c->c1.keysize;
-    c->options.data_channel_use_ekm = false;
-}
-
 void
 context_init_1(struct context *c)
 {
@@ -699,8 +677,6 @@ context_init_1(struct context *c)
 
     init_connection_list(c);
 
-    save_ncp_options(c);
-
 #if defined(ENABLE_PKCS11)
     if (c->first_time)
     {
@@ -2869,8 +2845,8 @@ do_init_crypto_tls(struct context *c, const unsigned int flags)
     to.replay_window = options->replay_window;
     to.replay_time = options->replay_time;
     to.tcp_mode = link_socket_proto_connection_oriented(options->ce.proto);
-    to.config_ciphername = c->c1.ciphername;
-    to.config_ncp_ciphers = options->ncp_ciphers;
+    to.config_ciphername = c->options.ciphername;
+    to.config_ncp_ciphers = c->options.ncp_ciphers;
     to.ncp_enabled = options->ncp_enabled;
     to.transition_window = options->transition_window;
     to.handshake_window = options->handshake_window;
@@ -4487,8 +4463,6 @@ close_instance(struct context *c)
         /* free key schedules */
         do_close_free_key_schedule(c, (c->mode == CM_P2P || c->mode == CM_TOP));
 
-        restore_ncp_options(c);
-
         /* close TCP/UDP connection */
         do_close_link_socket(c);
 
@@ -4559,9 +4533,9 @@ inherit_context_child(struct context *dest,
     dest->c1.ks.tls_auth_key_type = src->c1.ks.tls_auth_key_type;
     dest->c1.ks.tls_crypt_v2_server_key = src->c1.ks.tls_crypt_v2_server_key;
     /* inherit pre-NCP ciphers */
-    dest->c1.ciphername = src->c1.ciphername;
-    dest->c1.authname = src->c1.authname;
-    dest->c1.keysize = src->c1.keysize;
+    dest->options.ciphername = src->options.ciphername;
+    dest->options.authname = src->options.authname;
+    dest->options.keysize = src->options.keysize;
 
     /* inherit auth-token */
     dest->c1.ks.auth_token_key = src->c1.ks.auth_token_key;
diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h
index ece85e88..f80b9667 100644
--- a/src/openvpn/openvpn.h
+++ b/src/openvpn/openvpn.h
@@ -203,10 +203,6 @@ struct context_1
     struct user_pass *auth_user_pass;
     /**< Username and password for
      *   authentication. */
-
-    const char *ciphername;     /**< Data channel cipher from config file */
-    const char *authname;       /**< Data channel auth from config file */
-    int keysize;                /**< Data channel keysize from config file */
 #endif
 };
 
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index ff3954d5..9ab2ead2 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -3595,7 +3595,13 @@ pre_pull_save(struct options *o)
             o->pre_pull->client_nat = clone_client_nat_option_list(o->client_nat, &o->gc);
             o->pre_pull->client_nat_defined = true;
         }
+
+        /* NCP related options that can be overwritten by a push */
+        o->pre_pull->ciphername = o->ciphername;
+        o->pre_pull->authname = o->authname;
+        o->pre_pull->keysize = o->keysize;
     }
+
 }
 
 void
@@ -3641,10 +3647,15 @@ pre_pull_restore(struct options *o, struct gc_arena *gc)
         }
 
         o->foreign_option_index = pp->foreign_option_index;
+
+        o->ciphername = pp->ciphername;
+        o->authname = pp->authname;
+        o->keysize = pp->keysize;
     }
 
     o->push_continuation = 0;
     o->push_option_types_found = 0;
+    o->data_channel_use_ekm = false;
 }
 
 #endif /* if P2MP */
diff --git a/src/openvpn/options.h b/src/openvpn/options.h
index 5b6d9441..df0b4030 100644
--- a/src/openvpn/options.h
+++ b/src/openvpn/options.h
@@ -75,6 +75,10 @@ struct options_pre_pull
     bool client_nat_defined;
     struct client_nat_option_list *client_nat;
 
+    const char* ciphername;
+    const char* authname;
+    int keysize;
+
     int foreign_option_index;
 };
 

From patchwork Wed Dec  9 03:20:45 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Arne Schwabe <arne@rfc2549.org>
X-Patchwork-Id: 1544
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director11.mail.ord1d.rsapps.net ([172.27.255.7])
	by backend30.mail.ord1d.rsapps.net with LMTP
	id 4PhJCoTd0F/tQgAAIUCqbw
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Wed, 09 Dec 2020 09:21:56 -0500
Received: from proxy11.mail.iad3a.rsapps.net ([172.27.255.7])
	by director11.mail.ord1d.rsapps.net with LMTP
	id CJlKCoTd0F9KIwAAvGGmqA
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Wed, 09 Dec 2020 09:21:56 -0500
Received: from smtp23.gate.iad3a ([172.27.255.7])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy11.mail.iad3a.rsapps.net with LMTPS
	id 8EP3AYTd0F/qTQAAxCvdqw
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Wed, 09 Dec 2020 09:21:56 -0500
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: openvpnslackdevel@openvpn.net
X-Originating-Ip: [216.105.38.7]
Authentication-Results: smtp23.gate.iad3a.rsapps.net;
 iprev=pass policy.iprev="216.105.38.7";
 spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net"
 smtp.helo="lists.sourceforge.net";
 dkim=fail (signature verification failed) header.d=sourceforge.net;
 dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil;
 dis=none) header.from=rfc2549.org
X-Suspicious-Flag: YES
X-Classification-ID: e361d882-3a29-11eb-a843-52540033eb40-1-1
Received: from [216.105.38.7] ([216.105.38.7:49328]
 helo=lists.sourceforge.net)
	by smtp23.gate.iad3a.rsapps.net (envelope-from
 <openvpn-devel-bounces@lists.sourceforge.net>)
	(ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384)
	id 0F/3E-01215-38DD0DF5; Wed, 09 Dec 2020 09:21:55 -0500
Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com)
	by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1kn0L2-0001Nw-Qo; Wed, 09 Dec 2020 14:21:04 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
 by sfs-ml-1.v29.lw.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1)
 (envelope-from <arne@kamera.blinkt.de>) id 1kn0L1-0001Nf-Jd
 for openvpn-devel@lists.sourceforge.net; Wed, 09 Dec 2020 14:21:03 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:To:
 From:Sender:Reply-To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=34w9Mah9N+JN2/Sci+MBmsNPKADcgmdQJtagjL8RvrQ=; b=LS6nv5xFOW1XCwVIwEVLm2km3M
 i3DRgdVGfikPjj27E3wpZ3uocRf5G+wJFbBz/rXKqs7L0hbRpVskf0H+oUgHLupJ41X5zHXsdTfVM
 Wq6mDw9vNZZM6mmxS60RdZN/RZ+sMifuAVMFth6TXGmkCNrt/+s64+DuqwEMj/WO4FWY=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=References:In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc
 :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=34w9Mah9N+JN2/Sci+MBmsNPKADcgmdQJtagjL8RvrQ=; b=mDEwEw56fFMH2vBl9tWdBxBYI7
 s5hQAvcqr7ZQTOWnjM+u39EgEJWf9ooceT57hTUyh8PUHfE1gn/8Fm0dufavMhJLhPeRCGxBrxu8h
 xC+nmZ7490Z/kCE8ZioHsNlf0tG5xQ7rJaANil2jQlHLdnHbeBLQy0B7GvugvuplaYD4=;
Received: from mail.blinkt.de ([192.26.174.232])
 by sfi-mx-3.v28.lw.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2)
 id 1kn0Kz-007oa1-9I
 for openvpn-devel@lists.sourceforge.net; Wed, 09 Dec 2020 14:21:03 +0000
Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c])
 by mail.blinkt.de with smtp (Exim 4.94 (FreeBSD))
 (envelope-from <arne@kamera.blinkt.de>) id 1kn0Kj-000E0d-PV
 for openvpn-devel@lists.sourceforge.net; Wed, 09 Dec 2020 15:20:45 +0100
Received: (nullmailer pid 4540 invoked by uid 10006);
 Wed, 09 Dec 2020 14:20:45 -0000
From: Arne Schwabe <arne@rfc2549.org>
To: openvpn-devel@lists.sourceforge.net
Date: Wed,  9 Dec 2020 15:20:45 +0100
Message-Id: <20201209142045.4489-3-arne@rfc2549.org>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20201209142045.4489-1-arne@rfc2549.org>
References: <20201209142045.4489-1-arne@rfc2549.org>
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
 See http://spamassassin.org/tag/ for more details.
 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
 See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
 for more information. [URIs: rfc2549.org]
 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
 domains are different
 0.0 SPF_NONE               SPF: sender does not publish an SPF Record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
X-Headers-End: 1kn0Kz-007oa1-9I
Subject: [Openvpn-devel] [PATCH 3/3] Restore also ping related options on a
 reconnect
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
MIME-Version: 1.0
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox

This fixes the issue that if a client reconnects the next connection
entries inherits the keepalive settings that were pushed or set by
the previous entry. Since UDP+PULL entries have an implicit 120s
timeout, this timeout also got applied to a TCP session after an
UDP entry.

Reported-By: Jan Just Keijser <janjust@nikhef.nl>
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
---
 src/openvpn/options.c | 9 +++++++++
 src/openvpn/options.h | 4 ++++
 2 files changed, 13 insertions(+)

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 9ab2ead2..95201094 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -3600,6 +3600,11 @@ pre_pull_save(struct options *o)
         o->pre_pull->ciphername = o->ciphername;
         o->pre_pull->authname = o->authname;
         o->pre_pull->keysize = o->keysize;
+
+        /* Ping related options should be reset to the config values on reconnect */
+        o->pre_pull->ping_rec_timeout = o->ping_rec_timeout;
+        o->pre_pull->ping_rec_timeout_action = o->ping_rec_timeout_action;
+        o->pre_pull->ping_send_timeout = o->ping_send_timeout;
     }
 
 }
@@ -3651,6 +3656,10 @@ pre_pull_restore(struct options *o, struct gc_arena *gc)
         o->ciphername = pp->ciphername;
         o->authname = pp->authname;
         o->keysize = pp->keysize;
+
+        o->ping_rec_timeout = pp->ping_rec_timeout;
+        o->ping_rec_timeout_action = pp->ping_rec_timeout_action;
+        o->ping_send_timeout = pp->ping_send_timeout;
     }
 
     o->push_continuation = 0;
diff --git a/src/openvpn/options.h b/src/openvpn/options.h
index df0b4030..830ede47 100644
--- a/src/openvpn/options.h
+++ b/src/openvpn/options.h
@@ -79,6 +79,10 @@ struct options_pre_pull
     const char* authname;
     int keysize;
 
+    int ping_send_timeout;
+    int ping_rec_timeout;
+    int ping_rec_timeout_action;
+
     int foreign_option_index;
 };