Attention is currently required from: cron2, flichtenheld, plaisthos.
Hello cron2, flichtenheld, plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/1245?usp=email
to look at the new patch set (#5).
Change subject: PUSH_UPDATE: disabling PUSH_UPDATE server and client if DCO is
enabled
......................................................................
PUSH_UPDATE: disabling PUSH_UPDATE server and client if DCO is enabled
The PUSH_UPDATE currently doesn't work with DCO.
For example, in server, if a new ifconfig is sent, the DCO
doesn't receive the new peer address and the connection drops.
Similarly in the client when a PUSH_UPDATE is received, the tun is
closed and reopened but the DCO doesn't receive the peer info.
Change-Id: Ibe78949435bb2f26ad68301e2710321bf37c9486
Signed-off-by: Marco Baffo <[email protected]>
---
M src/openvpn/push.c
M src/openvpn/push_util.c
M src/openvpn/ssl.c
3 files changed, 28 insertions(+), 3 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/45/1245/5
diff --git a/src/openvpn/push.c b/src/openvpn/push.c
index e7fc50c..e5f090f 100644
--- a/src/openvpn/push.c
+++ b/src/openvpn/push.c
@@ -1112,6 +1112,12 @@
}
else if (honor_received_options && buf_string_compare_advance(&buf,
push_update_cmd))
{
+ if (dco_enabled(&c->options))
+ {
+ msg(M_WARN, "WARN: PUSH_UPDATE messages cannot currently be
received while DCO is enabled, ignoring."
+ " To receive PUSH_UPDATE messages, be sure to use the
--disable-dco option.");
+ return PUSH_MSG_ERROR;
+ }
return process_incoming_push_update(c, permission_mask,
option_types_found, &buf, false);
}
else
diff --git a/src/openvpn/push_util.c b/src/openvpn/push_util.c
index 9138bdb..bbca00f 100644
--- a/src/openvpn/push_util.c
+++ b/src/openvpn/push_util.c
@@ -294,10 +294,17 @@
} \
} while (0)
-
bool
management_callback_send_push_update_broadcast(void *arg, const char *options)
{
+ struct multi_context *m = arg;
+ if (dco_enabled(&m->top.options))
+ {
+ msg(M_WARN, "WARN: PUSH_UPDATE messages cannot currently be sent while
DCO is enabled."
+ " To send a PUSH_UPDATE message, be sure to use the
--disable-dco option.");
+ return false;
+ }
+
int n_sent = send_push_update(arg, NULL, options, UPT_BROADCAST,
PUSH_BUNDLE_SIZE);
RETURN_UPDATE_STATUS(n_sent);
@@ -306,6 +313,14 @@
bool
management_callback_send_push_update_by_cid(void *arg, unsigned long cid,
const char *options)
{
+ struct multi_context *m = arg;
+ if (dco_enabled(&m->top.options))
+ {
+ msg(M_WARN, "WARN: PUSH_UPDATE messages cannot currently be sent while
DCO is enabled."
+ " To send a PUSH_UPDATE message, be sure to use the
--disable-dco option.");
+ return false;
+ }
+
int n_sent = send_push_update(arg, &cid, options, UPT_BY_CID,
PUSH_BUNDLE_SIZE);
RETURN_UPDATE_STATUS(n_sent);
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index 34036f2..567560f 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -1926,8 +1926,12 @@
/* support for exit notify via control channel */
iv_proto |= IV_PROTO_CC_EXIT_NOTIFY;
- /* support push-updates */
- iv_proto |= IV_PROTO_PUSH_UPDATE;
+ /* currently push-update is not supported when DCO is enabled */
+ if (!session->opt->dco_enabled)
+ {
+ /* support push-updates */
+ iv_proto |= IV_PROTO_PUSH_UPDATE;
+ }
if (session->opt->pull)
{
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1245?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings?usp=email
Gerrit-MessageType: newpatchset
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Ibe78949435bb2f26ad68301e2710321bf37c9486
Gerrit-Change-Number: 1245
Gerrit-PatchSet: 5
Gerrit-Owner: mrbff <[email protected]>
Gerrit-Reviewer: cron2 <[email protected]>
Gerrit-Reviewer: flichtenheld <[email protected]>
Gerrit-Reviewer: plaisthos <[email protected]>
Gerrit-CC: openvpn-devel <[email protected]>
Gerrit-Attention: plaisthos <[email protected]>
Gerrit-Attention: cron2 <[email protected]>
Gerrit-Attention: flichtenheld <[email protected]>
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
