So, the need for this is "not directly obvious", because, "everything
works fine", no...?
Discussed this on IRC with Antonio and Gianmarco, and the finding they
made is that basically this is just working by accident, given that the
event handler does not work really well for setups with multiple UDP
sockets having activity at the same time. Gerrit#1635 sets out to fix
this - and uncovers that our "initial packet reply" code is misbehaving,
so if you have multiple sockets receiving RESET packets at the same time,
replies get sent to the wrong address. Very bad.
Now, to trigger this, you need to actually have multiple sockets at
the same time, *and* lots of concurrent connection activities - which
is not very typical at steady state, but after restarting a busy server,
this might get hit.
I have stared at it "and it seems to make sense", and also my t_server
testbed passes all server side tests just fine - so it's not breaking
anything ;-) - also, Arne had a close look and since he understands the
initial handshake bits best, if he's fine, so am I.
(v2 differs from v1 only in comment and msg() placement, the
actual patch is the same)
Your patch has been applied to the master and release/2.7 branch (bugfix).
commit 9bad30f6d9884d48db57106ce078bfd7b2a73df9 (master)
commit dd26557a8f88cc324e4c10915536687549a50283 (release/2.7)
Author: Antonio Quartulli
Date: Tue Jun 9 09:54:07 2026 +0200
mudp: send HMAC reset reply synchronously
Signed-off-by: Antonio Quartulli <[email protected]>
Acked-by: Gert Doering <[email protected]>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1702
Message-Id: <[email protected]>
URL:
https://www.mail-archive.com/[email protected]/msg37117.html
Signed-off-by: Gert Doering <[email protected]>
--
kind regards,
Gert Doering
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
