Attention is currently required from: cron2, flichtenheld, mrbff, plaisthos.
Hello cron2, flichtenheld, plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/1245?usp=email
to look at the new patch set (#6).
Change subject: PUSH_UPDATE: disabling PUSH_UPDATE server and client if DCO is
enabled
......................................................................
PUSH_UPDATE: disabling PUSH_UPDATE server and client if DCO is enabled
The PUSH_UPDATE currently doesn't work with DCO.
For example, in server, if a new ifconfig is sent, the DCO
doesn't receive the new peer address and the connection drops.
Similarly in the client when a PUSH_UPDATE is received, the tun is
closed and reopened but the DCO doesn't receive the peer info.
Change-Id: Ibe78949435bb2f26ad68301e2710321bf37c9486
Signed-off-by: Marco Baffo <[email protected]>
---
M src/openvpn/push.c
M src/openvpn/push_util.c
M src/openvpn/ssl.c
M tests/unit_tests/openvpn/test_push_update_msg.c
4 files changed, 20 insertions(+), 3 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/45/1245/6
diff --git a/src/openvpn/push.c b/src/openvpn/push.c
index e7fc50c..0c8eb84 100644
--- a/src/openvpn/push.c
+++ b/src/openvpn/push.c
@@ -1112,6 +1112,12 @@
}
else if (honor_received_options && buf_string_compare_advance(&buf,
push_update_cmd))
{
+ if (dco_enabled(&c->options))
+ {
+ msg(M_WARN, "WARN: PUSH_UPDATE messages cannot currently be
processed in client mode while DCO is enabled, ignoring."
+ " To be able to process PUSH_UPDATE messages, be sure
to use the --disable-dco option.");
+ return PUSH_MSG_ERROR;
+ }
return process_incoming_push_update(c, permission_mask,
option_types_found, &buf, false);
}
else
diff --git a/src/openvpn/push_util.c b/src/openvpn/push_util.c
index 9138bdb..f306104 100644
--- a/src/openvpn/push_util.c
+++ b/src/openvpn/push_util.c
@@ -191,6 +191,13 @@
int
send_push_update(struct multi_context *m, const void *target, const char *msg,
const push_update_type type, const int push_bundle_size)
{
+ if (dco_enabled(&m->top.options))
+ {
+ msg(M_WARN, "WARN: PUSH_UPDATE messages cannot currently be sent while
DCO is enabled."
+ " To send a PUSH_UPDATE message, be sure to use the
--disable-dco option.");
+ return 0;
+ }
+
if (!msg || !*msg || !m
|| (!target && type != UPT_BROADCAST))
{
@@ -294,7 +301,6 @@
} \
} while (0)
-
bool
management_callback_send_push_update_broadcast(void *arg, const char *options)
{
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index 34036f2..567560f 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -1926,8 +1926,12 @@
/* support for exit notify via control channel */
iv_proto |= IV_PROTO_CC_EXIT_NOTIFY;
- /* support push-updates */
- iv_proto |= IV_PROTO_PUSH_UPDATE;
+ /* currently push-update is not supported when DCO is enabled */
+ if (!session->opt->dco_enabled)
+ {
+ /* support push-updates */
+ iv_proto |= IV_PROTO_PUSH_UPDATE;
+ }
if (session->opt->pull)
{
diff --git a/tests/unit_tests/openvpn/test_push_update_msg.c
b/tests/unit_tests/openvpn/test_push_update_msg.c
index 8a5beeb..6e49f14 100644
--- a/tests/unit_tests/openvpn/test_push_update_msg.c
+++ b/tests/unit_tests/openvpn/test_push_update_msg.c
@@ -465,6 +465,7 @@
m->instances = calloc(1, sizeof(struct multi_instance *));
struct multi_instance *mi = calloc(1, sizeof(struct multi_instance));
*(m->instances) = mi;
+ m->top.options.disable_dco = true;
*state = m;
return 0;
}
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1245?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings?usp=email
Gerrit-MessageType: newpatchset
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Ibe78949435bb2f26ad68301e2710321bf37c9486
Gerrit-Change-Number: 1245
Gerrit-PatchSet: 6
Gerrit-Owner: mrbff <[email protected]>
Gerrit-Reviewer: cron2 <[email protected]>
Gerrit-Reviewer: flichtenheld <[email protected]>
Gerrit-Reviewer: plaisthos <[email protected]>
Gerrit-CC: openvpn-devel <[email protected]>
Gerrit-CC: ordex <[email protected]>
Gerrit-Attention: plaisthos <[email protected]>
Gerrit-Attention: cron2 <[email protected]>
Gerrit-Attention: flichtenheld <[email protected]>
Gerrit-Attention: mrbff <[email protected]>
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
