Attention is currently required from: flichtenheld, plaisthos.
Hello plaisthos, flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/844?usp=email
to review the following change.
Change subject: Fix float support in P2P topology
......................................................................
Fix float support in P2P topology
Fix the handling of floating operations in P2P topology, where new UDP
endpoints were previously ignored. When floating occurs, this update
processes the new endpoints and updates the address if the `--float`
option is specified or `--remote` is omitted.
Since the same code path is used for clients in MP topology, this change
also enables processing of server floating operations from the client
perspective.
Change-Id: I806757a8c6f9a589665624f176391b5f7b87f581
Signed-off-by: Ralf Lici <r...@mandelbit.com>
---
M src/openvpn/forward.c
1 file changed, 23 insertions(+), 2 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/44/844/1
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 2c72001..5feffba 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -1227,12 +1227,33 @@
{
perf_push(PERF_PROC_IN_LINK);
+ struct gc_arena gc = gc_new();
+ bool floated = false;
struct link_socket_info *lsi = &sock->info;
const uint8_t *orig_buf = c->c2.buf.data;
+ const struct link_socket_actual *incoming = &c->c2.from;
+ struct link_socket_actual *remote = c->c2.to_link_addr;
+ const sa_family_t family = incoming->dest.addr.sa.sa_family;
- process_incoming_link_part1(c, lsi, false);
- process_incoming_link_part2(c, lsi, orig_buf);
+ if (remote && (family == AF_INET || family == AF_INET6))
+ {
+ floated = !link_socket_actual_match(incoming, remote);
+ }
+ if (process_incoming_link_part1(c, lsi, floated))
+ {
+ if (floated && c->c2.buf.len > 0)
+ {
+ msg(D_LOW, "peer floated from %s to %s",
+ print_link_socket_actual(remote, &gc),
+ print_link_socket_actual(incoming, &gc));
+ link_socket_set_outgoing_addr(lsi, &c->c2.from, NULL, c->c2.es);
+ tls_update_remote_addr(c->c2.tls_multi, incoming);
+ }
+ process_incoming_link_part2(c, lsi, orig_buf);
+ }
+
+ gc_free(&gc);
perf_pop();
}
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/844?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I806757a8c6f9a589665624f176391b5f7b87f581
Gerrit-Change-Number: 844
Gerrit-PatchSet: 1
Gerrit-Owner: ralf_lici <r...@mandelbit.com>
Gerrit-Reviewer: flichtenheld <fr...@lichtenheld.com>
Gerrit-Reviewer: plaisthos <arne-open...@rfc2549.org>
Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net>
Gerrit-Attention: plaisthos <arne-open...@rfc2549.org>
Gerrit-Attention: flichtenheld <fr...@lichtenheld.com>
Gerrit-MessageType: newchange
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
