Attention is currently required from: plaisthos.
Hello plaisthos,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/1473?usp=email
to review the following change.
Change subject: Repair interaction between DCO and persist-tun after
reconnection
......................................................................
Repair interaction between DCO and persist-tun after reconnection
When --persist-tun is active, openvpn userland Linux and FreeBSD fails
to re-enable "poll for DCO events" after a reconnect (e.g. triggered by
a ping timeout). The reconnect will still work fine, but on the *next*
DCO event from the kernel, OpenVPN userland will not notice, and so
the system will get into an inconsistent state (Userland assumes "all is
well", kernel DCO has disconnected the peer, connection is broken until
the next tls-renegotion and/or manual restart, *and* the next DCO key
setup might fail due to "peer id gone").
This only affects client side, --server tun is always "persistent", and
there is no "full restart" (and the code path in question is also
only used for client and p2p server).
The root cause is an incorrect check for "is this interface up?" when
calling dco_event_set() in forard.c::io_wait() - "c2.did_open_tun" is
only true if the tun interface was actually configured on this reconnect,
which it isn't if --persist-tun is active. Replace with a check for
"do we have a tuntap structure, and if yes, do we have active DCO?"
which reflects the original intent much better.
The original code also had a check for "out_socket & EVENT_READ" there,
which did to some extend avoid calling dco_event_set() for every single
UDP packet sent and received by userland - but this only worked on initial
connection, and is always true on reconnect, so this condition was removed
for simplicity. We should come back here...
Github: OpenVPN/openvpn#947
Change-Id: Idbd0a47ba4d297a833a350611a23f19fd9a797b5
---
M src/openvpn/forward.c
1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/73/1473/1
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index d208c21..87aeaa1 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -2197,7 +2197,7 @@
multi_io_process_flags(c, c->c2.event_set, flags, &out_socket,
&out_tuntap);
#if defined(TARGET_LINUX) || defined(TARGET_FREEBSD)
- if (out_socket & EVENT_READ && c->c2.did_open_tun)
+ if (c->c1.tuntap && c->c1.tuntap->dco.open)
{
dco_event_set(&c->c1.tuntap->dco, c->c2.event_set, (void *)dco_shift);
}
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1473?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings?usp=email
Gerrit-MessageType: newchange
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Idbd0a47ba4d297a833a350611a23f19fd9a797b5
Gerrit-Change-Number: 1473
Gerrit-PatchSet: 1
Gerrit-Owner: cron2 <[email protected]>
Gerrit-Reviewer: plaisthos <[email protected]>
Gerrit-CC: openvpn-devel <[email protected]>
Gerrit-Attention: plaisthos <[email protected]>
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
