Re: [Openvpn-devel] [PATCH] Support for disabled peer-id

2016-04-27 Thread Lev Stipakov 

Yep, was a bit busy with other stuff last weeks.

On 27.04.2016 11:16, Arne Schwabe wrote:


I am just going through the patches. Lev, do you plan a follow up for this?

Arne

Re: [Openvpn-devel] [PATCH] Support for disabled peer-id

2016-04-27 Thread Arne Schwabe 
Am 09.10.15 um 16:39 schrieb Gert Doering:
> Hi,
> 
> On Fri, Oct 09, 2015 at 03:29:17PM +0300, Lev Stipakov wrote:
>> +  peer_id_disabled = peer_id == 0xFF;
> 
> The general patch is fine, but while this line is technical correct, I don't
> think we should do so...  please add least add some brackets...
> 
> peer_id_disabled = (peer_id == 0xFF);
> 
> 
>> +  /* TODO: support for disabled peer-id */
> 
> What is this TODO about?
> 

I am just going through the patches. Lev, do you plan a follow up for this?

Arne




signature.asc
Description: OpenPGP digital signature

Re: [Openvpn-devel] [PATCH] Support for disabled peer-id

2015-10-09 Thread Gert Doering 
Hi,

On Fri, Oct 09, 2015 at 03:29:17PM +0300, Lev Stipakov wrote:
> +   peer_id_disabled = peer_id == 0xFF;

The general patch is fine, but while this line is technical correct, I don't
think we should do so...  please add least add some brackets...

  peer_id_disabled = (peer_id == 0xFF);


> +   /* TODO: support for disabled peer-id */

What is this TODO about?

gert
-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


signature.asc
Description: PGP signature

[Openvpn-devel] [PATCH] Support for disabled peer-id

2015-10-09 Thread Lev Stipakov 
When peer-id value is 0xFF, server should ignore it and treat packet
in a same way as P_DATA_V1.

Make sure that issued peer-id does not exceed 0xFF.
---
 src/openvpn/mudp.c  | 15 ---
 src/openvpn/multi.c |  3 ++-
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c
index 57118f8..43b4f06 100644
--- a/src/openvpn/mudp.c
+++ b/src/openvpn/mudp.c
@@ -60,12 +60,16 @@ multi_get_create_instance_udp (struct multi_context *m, 
bool *floated)
   struct hash_bucket *bucket = hash_bucket (hash, hv);
   uint8_t* ptr = BPTR(>top.c2.buf);
   uint8_t op = ptr[0] >> P_OPCODE_SHIFT;
+  bool v2 = (op == P_DATA_V2) && (m->top.c2.buf.len >= (1 + 3));
+  bool peer_id_disabled = false;

   /* make sure buffer has enough length to read opcode (1 byte) and 
peer-id (3 bytes) */
-  if (op == P_DATA_V2 && m->top.c2.buf.len >= (1 + 3))
+  if (v2)
{
  uint32_t peer_id = ntohl(*(uint32_t*)ptr) & 0xFF;
- if ((peer_id < m->max_clients) && (m->instances[peer_id]))
+ peer_id_disabled = peer_id == 0xFF;
+
+ if (!peer_id_disabled && (peer_id < m->max_clients) && 
(m->instances[peer_id]))
{
  mi = m->instances[peer_id];

@@ -80,7 +84,7 @@ multi_get_create_instance_udp (struct multi_context *m, bool 
*floated)
  }
}
}
-  else
+  if (!v2 || peer_id_disabled)
{
  he = hash_lookup_fast (hash, bucket, , hv);
  if (he)
@@ -103,11 +107,16 @@ multi_get_create_instance_udp (struct multi_context *m, 
bool *floated)
  hash_add_fast (hash, bucket, >real, hv, mi);
  mi->did_real_hash = true;

+ /* TODO: support for disabled peer-id */
  for (i = 0; i < m->max_clients; ++i)
{
  if (!m->instances[i])
{
+ /* issued peer-id should fit into 3 bytes to 
avoid wrap and cannot have reserved value 0xFF */
+ ASSERT(i < 0xFF);
+
  mi->context.c2.tls_multi->peer_id = i;
+
  m->instances[i] = mi;
  break;
}
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index 902c4dc..76f5a44 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -562,7 +562,8 @@ multi_close_instance (struct multi_context *m,
}
 #endif

-  m->instances[mi->context.c2.tls_multi->peer_id] = NULL;
+  if (mi->context.c2.tls_multi->peer_id != 0xFF)
+m->instances[mi->context.c2.tls_multi->peer_id] = NULL;

   schedule_remove_entry (m->schedule, (struct schedule_entry *) mi);

-- 
1.9.1