Attention is currently required from: flichtenheld.
Hello flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/794?usp=email
to review the following change.
Change subject: Move should_trigger_renegotiation into its own function
......................................................................
Move should_trigger_renegotiation into its own function
The if statement has become quite large and unreadable. Reformat it
and move it to a separate function.
Change-Id: I210fa255921e7115bd66ba5f3e431562552e3335
Signed-off-by: Arne Schwabe <[email protected]>
---
M src/openvpn/ssl.c
1 file changed, 36 insertions(+), 8 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/94/794/1
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index 93e31f1..c48a85c 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -2962,8 +2962,42 @@
return true;
}
+/**
+ * Determines if a renegotiation should be triggerred based on the various
+ * factors that can trigger one
+ */
+static bool
+should_trigger_renegotiation(const struct tls_session *session, const struct
key_state *ks)
+{
+ /* Time limit */
+ if (session->opt->renegotiate_seconds
+ && now >= ks->established + session->opt->renegotiate_seconds)
+ {
+ return true;
+ }
+ /* Byte limit */
+ if (session->opt->renegotiate_bytes > 0
+ && ks->n_bytes >= session->opt->renegotiate_bytes)
+ {
+ return true;
+ }
+ /* Packet limit */
+ if (session->opt->renegotiate_packets
+ && ks->n_packets >= session->opt->renegotiate_packets)
+ {
+ return true;
+ }
+
+ /* Packet id approach the limit of the packet id */
+ if (packet_id_close_to_wrapping(&ks->crypto_options.packet_id.send))
+ {
+ return true;
+ }
+
+ return false;
+}
/*
* This is the primary routine for processing TLS stuff inside the
* the main event loop. When this routine exits
@@ -2991,14 +3025,8 @@
/* Should we trigger a soft reset? -- new key, keeps old key for a while */
if (ks->state >= S_GENERATED_KEYS
- && ((session->opt->renegotiate_seconds
- && now >= ks->established + session->opt->renegotiate_seconds)
- || (session->opt->renegotiate_bytes > 0
- && ks->n_bytes >= session->opt->renegotiate_bytes)
- || (session->opt->renegotiate_packets
- && ks->n_packets >= session->opt->renegotiate_packets)
- ||
(packet_id_close_to_wrapping(&ks->crypto_options.packet_id.send))))
- {
+ && should_trigger_renegotiation(session, ks))
+ {
msg(D_TLS_DEBUG_LOW, "TLS: soft reset sec=%d/%d bytes=" counter_format
"/%d pkts=" counter_format "/%d",
(int) (now - ks->established), session->opt->renegotiate_seconds,
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/794?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I210fa255921e7115bd66ba5f3e431562552e3335
Gerrit-Change-Number: 794
Gerrit-PatchSet: 1
Gerrit-Owner: plaisthos <[email protected]>
Gerrit-Reviewer: flichtenheld <[email protected]>
Gerrit-CC: openvpn-devel <[email protected]>
Gerrit-Attention: flichtenheld <[email protected]>
Gerrit-MessageType: newchange
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
