Hi,
On 09/01/2023 21:00, Gert Doering wrote:
p2p --tls-server with no active client/peer logs once per second
"dco_update_keys: peer_id=-1"
which does exactly nothing, except fill the disk. So skip the call to
dco_update_keys() if peer_id == -1.
Signed-off-by: Gert Doering <g...@greenie.muc.de>
---
src/openvpn/forward.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index ae0512fc..2ba8b0fa 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -151,6 +151,12 @@ check_dco_key_status(struct context *c)
return;
}
+ /* no active peer (p2p tls-server mode) */
+ if (c->c2.tls_multi->dco_peer_id == -1 )
Please remove the space after -1 (not sure why uncrustify hasn't caught it).
+ {
+ return;
+ }
+
if (!dco_update_keys(&c->c1.tuntap->dco, c->c2.tls_multi))
{
/* Something bad happened. Kill the connection to
Rest looks good. Thanks!
Acked-by: Antonio Quartulli <a...@unstable.cc>
However, as discussed on IRC: *why* are we running the check_tls code is
the peer has gone away and we have switched the peer-id to -1?
This is the real question.
--
Antonio Quartulli
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel