Re: [Openvpn-devel] [PATCH master] Exclude peer-id from pulled options digest

2016-10-04 Thread Steffan Karger 
Hi,

On 24-09-16 17:54, Lev Stipakov wrote:
> Peer-id might change on restart and this should not trigger reopening
> tun.
> 
> Trac #649

Feature-ACK.

The same holds for ncp stuff though, so I think we should do the same
for cipher, auth and keysize.  Unless those change the tun-mtu, hmm...
That might need further investigation, so maybe keep that separate from
the peer-id issue.

> +   char line[OPTION_PARM_SIZE];
> +   while (buf_parse (_orig, ',', line, sizeof (line)))
> + {
> +   /* peer-id might change on restart and this should not 
> trigger reopening tun */
> +   if (strstr (line, "peer-id ") != line)
> + {
> +   md_ctx_update (>c2.pulled_options_state, (const 
> uint8_t *) line, strlen(line));
> + }
> + }

This looks like it should be a separate (static) function
'push_update_digest(state, msg)', or something like that.

> + md_ctx_cleanup (>c2.pulled_options_state);

Are you sure?  I don't see a "-md_ctx_cleanup (...)" in the patch
for master (there is in 2.3 though).  Do you fix a bug here, or is this
a cherry-picking mistake?

-Steffan

--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH master] Exclude peer-id from pulled options digest

2016-09-24 Thread Lev Stipakov 
Peer-id might change on restart and this should not trigger reopening
tun.

Trac #649
---
 src/openvpn/push.c | 39 ---
 1 file changed, 24 insertions(+), 15 deletions(-)

diff --git a/src/openvpn/push.c b/src/openvpn/push.c
index a1b999e..d7d54bf 100644
--- a/src/openvpn/push.c
+++ b/src/openvpn/push.c
@@ -636,21 +636,30 @@ process_incoming_push_msg (struct context *c,
  permission_mask,
  option_types_found,
  c->c2.es))
-   switch (c->options.push_continuation)
- {
- case 0:
- case 1:
-   md_ctx_update (>c2.pulled_options_state, BPTR(_orig), 
BLEN(_orig));
-   md_ctx_final (>c2.pulled_options_state, 
c->c2.pulled_options_digest.digest);
-   md_ctx_cleanup (>c2.pulled_options_state);
-   c->c2.pulled_options_md5_init_done = false;
-   ret = PUSH_MSG_REPLY;
-   break;
- case 2:
-   md_ctx_update (>c2.pulled_options_state, BPTR(_orig), 
BLEN(_orig));
-   ret = PUSH_MSG_CONTINUATION;
-   break;
- }
+   {
+ char line[OPTION_PARM_SIZE];
+ while (buf_parse (_orig, ',', line, sizeof (line)))
+   {
+ /* peer-id might change on restart and this should not 
trigger reopening tun */
+ if (strstr (line, "peer-id ") != line)
+   {
+ md_ctx_update (>c2.pulled_options_state, (const 
uint8_t *) line, strlen(line));
+   }
+   }
+ switch (c->options.push_continuation)
+   {
+ case 0:
+ case 1:
+   md_ctx_final (>c2.pulled_options_state, 
c->c2.pulled_options_digest.digest);
+   md_ctx_cleanup (>c2.pulled_options_state);
+   c->c2.pulled_options_md5_init_done = false;
+   ret = PUSH_MSG_REPLY;
+   break;
+ case 2:
+   ret = PUSH_MSG_CONTINUATION;
+   break;
+   }
+   }
}
   else if (ch == '\0')
{
-- 
1.9.1


--
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel