So, this took a bit - the change itself seems trivially correct, but
after Arne's comment about "make sure that this does not break the
port share proxy" I needed to test this in more detail - and I can
confirm that it still works.
I have no real idea how the PS proxy works, but there is "a socketpair()
between openvpn/main and ps proxy process" and "event stuff" involved.
It certainly doesn't fork() for each individual TCP connect. What strace
suggests to me is "openvpn sends the original TCP data stream to the
PS proxy, and the responses go back via PS proxy -> openvpn main -> client",
so that wouldn't need to see the freshly accept()ed socket ever.
Your patch has been applied to the master and release/2.6 branch (bugfix).
commit c0d96fd8732bd903ab390bb5047a13880cdcac9b (master)
commit 2aa8550d44440a039da509a7afebfeacf0886a32 (release/2.6)
Author: Joshua Rogers
Date: Wed Oct 22 01:20:52 2025 +0800
tcp: apply CLOEXEC to accepted socket, not listener
Signed-off-by: Joshua Rogers <[email protected]>
Acked-by: Gert Doering <[email protected]>
Message-Id:
<-MNw5Hu8h0rHV18x36ISt7V0UHchIO4i-JoAeV_wlxS1AmDIAe7YVYNput3_r2hiu3HhwxkhGyUhv4-iH_E7mf7nGjvocmGXlDq7Tjly5cE=@joshua.hu>
URL:
https://www.mail-archive.com/[email protected]/msg33823.html
Signed-off-by: Gert Doering <[email protected]>
--
kind regards,
Gert Doering
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
