cron2 has uploaded a new patch set (#2) to the change originally created by plaisthos. ( http://gerrit.openvpn.net/c/openvpn/+/794?usp=email )
The following approvals got outdated and were removed: Code-Review+2 by cron2 Change subject: Move should_trigger_renegotiation into its own function ...................................................................... Move should_trigger_renegotiation into its own function The if statement has become quite large and unreadable. Reformat it and move it to a separate function. Change-Id: I210fa255921e7115bd66ba5f3e431562552e3335 Signed-off-by: Arne Schwabe <a...@rfc2549.org> Acked-by: Gert Doering <g...@greenie.muc.de> Message-Id: <20241111074355.17918-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29740.html Signed-off-by: Gert Doering <g...@greenie.muc.de> --- M src/openvpn/ssl.c 1 file changed, 35 insertions(+), 7 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/94/794/2 diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 93e31f1..d44185e 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -2962,8 +2962,42 @@ return true; } +/** + * Determines if a renegotiation should be triggerred based on the various + * factors that can trigger one + */ +static bool +should_trigger_renegotiation(const struct tls_session *session, const struct key_state *ks) +{ + /* Time limit */ + if (session->opt->renegotiate_seconds + && now >= ks->established + session->opt->renegotiate_seconds) + { + return true; + } + /* Byte limit */ + if (session->opt->renegotiate_bytes > 0 + && ks->n_bytes >= session->opt->renegotiate_bytes) + { + return true; + } + /* Packet limit */ + if (session->opt->renegotiate_packets + && ks->n_packets >= session->opt->renegotiate_packets) + { + return true; + } + + /* Packet id approach the limit of the packet id */ + if (packet_id_close_to_wrapping(&ks->crypto_options.packet_id.send)) + { + return true; + } + + return false; +} /* * This is the primary routine for processing TLS stuff inside the * the main event loop. When this routine exits @@ -2991,13 +3025,7 @@ /* Should we trigger a soft reset? -- new key, keeps old key for a while */ if (ks->state >= S_GENERATED_KEYS - && ((session->opt->renegotiate_seconds - && now >= ks->established + session->opt->renegotiate_seconds) - || (session->opt->renegotiate_bytes > 0 - && ks->n_bytes >= session->opt->renegotiate_bytes) - || (session->opt->renegotiate_packets - && ks->n_packets >= session->opt->renegotiate_packets) - || (packet_id_close_to_wrapping(&ks->crypto_options.packet_id.send)))) + && should_trigger_renegotiation(session, ks)) { msg(D_TLS_DEBUG_LOW, "TLS: soft reset sec=%d/%d bytes=" counter_format "/%d pkts=" counter_format "/%d", -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/794?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I210fa255921e7115bd66ba5f3e431562552e3335 Gerrit-Change-Number: 794 Gerrit-PatchSet: 2 Gerrit-Owner: plaisthos <arne-open...@rfc2549.org> Gerrit-Reviewer: cron2 <g...@greenie.muc.de> Gerrit-Reviewer: flichtenheld <fr...@lichtenheld.com> Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net> Gerrit-MessageType: newpatchset
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
