cron2 has uploaded a new patch set (#7) to the change originally created by mrbff. ( http://gerrit.openvpn.net/c/openvpn/+/1245?usp=email )
The following approvals got outdated and were removed: Code-Review+2 by ordex Change subject: PUSH_UPDATE: disabling PUSH_UPDATE server and client if DCO is enabled ...................................................................... PUSH_UPDATE: disabling PUSH_UPDATE server and client if DCO is enabled The PUSH_UPDATE currently doesn't work with DCO. For example, in server, if a new ifconfig is sent, the DCO doesn't receive the new peer address and the connection drops. Similarly in the client when a PUSH_UPDATE is received, the tun is closed and reopened but the DCO doesn't receive the peer info. Change-Id: Ibe78949435bb2f26ad68301e2710321bf37c9486 Signed-off-by: Marco Baffo <[email protected]> Acked-by: Antonio Quartulli <[email protected]> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1245 Message-Id: <[email protected]> URL: https://sourceforge.net/p/openvpn/mailman/message/59243711/ Signed-off-by: Gert Doering <[email protected]> --- M src/openvpn/push.c M src/openvpn/push_util.c M src/openvpn/ssl.c M tests/unit_tests/openvpn/test_push_update_msg.c 4 files changed, 20 insertions(+), 3 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/45/1245/7 diff --git a/src/openvpn/push.c b/src/openvpn/push.c index e7fc50c..0c8eb84 100644 --- a/src/openvpn/push.c +++ b/src/openvpn/push.c @@ -1112,6 +1112,12 @@ } else if (honor_received_options && buf_string_compare_advance(&buf, push_update_cmd)) { + if (dco_enabled(&c->options)) + { + msg(M_WARN, "WARN: PUSH_UPDATE messages cannot currently be processed in client mode while DCO is enabled, ignoring." + " To be able to process PUSH_UPDATE messages, be sure to use the --disable-dco option."); + return PUSH_MSG_ERROR; + } return process_incoming_push_update(c, permission_mask, option_types_found, &buf, false); } else diff --git a/src/openvpn/push_util.c b/src/openvpn/push_util.c index 9138bdb..f306104 100644 --- a/src/openvpn/push_util.c +++ b/src/openvpn/push_util.c @@ -191,6 +191,13 @@ int send_push_update(struct multi_context *m, const void *target, const char *msg, const push_update_type type, const int push_bundle_size) { + if (dco_enabled(&m->top.options)) + { + msg(M_WARN, "WARN: PUSH_UPDATE messages cannot currently be sent while DCO is enabled." + " To send a PUSH_UPDATE message, be sure to use the --disable-dco option."); + return 0; + } + if (!msg || !*msg || !m || (!target && type != UPT_BROADCAST)) { @@ -294,7 +301,6 @@ } \ } while (0) - bool management_callback_send_push_update_broadcast(void *arg, const char *options) { diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 34036f2..567560f 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -1926,8 +1926,12 @@ /* support for exit notify via control channel */ iv_proto |= IV_PROTO_CC_EXIT_NOTIFY; - /* support push-updates */ - iv_proto |= IV_PROTO_PUSH_UPDATE; + /* currently push-update is not supported when DCO is enabled */ + if (!session->opt->dco_enabled) + { + /* support push-updates */ + iv_proto |= IV_PROTO_PUSH_UPDATE; + } if (session->opt->pull) { diff --git a/tests/unit_tests/openvpn/test_push_update_msg.c b/tests/unit_tests/openvpn/test_push_update_msg.c index 8a5beeb..6e49f14 100644 --- a/tests/unit_tests/openvpn/test_push_update_msg.c +++ b/tests/unit_tests/openvpn/test_push_update_msg.c @@ -465,6 +465,7 @@ m->instances = calloc(1, sizeof(struct multi_instance *)); struct multi_instance *mi = calloc(1, sizeof(struct multi_instance)); *(m->instances) = mi; + m->top.options.disable_dco = true; *state = m; return 0; } -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1245?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: newpatchset Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ibe78949435bb2f26ad68301e2710321bf37c9486 Gerrit-Change-Number: 1245 Gerrit-PatchSet: 7 Gerrit-Owner: mrbff <[email protected]> Gerrit-Reviewer: cron2 <[email protected]> Gerrit-Reviewer: flichtenheld <[email protected]> Gerrit-Reviewer: ordex <[email protected]> Gerrit-Reviewer: plaisthos <[email protected]> Gerrit-CC: openvpn-devel <[email protected]>
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
