cron2 has uploaded a new patch set (#2) to the change originally created by plaisthos. ( http://gerrit.openvpn.net/c/openvpn/+/1321?usp=email )
The following approvals got outdated and were removed: Code-Review+2 by cron2 Change subject: Fix logic when pushed cipher triggers tun reopen and ignore more options ...................................................................... Fix logic when pushed cipher triggers tun reopen and ignore more options The logic was inverted. Only when link-mtu is used, pushing a cipher can change the MTU and not the other way round. (found by zeropath) Also ignore a few more options that should not trigger a reopen of tun in push message. Reported-by: Joshua Rogers <[email protected]> Found-by: ZeroPath (https://zeropath.com/) Change-Id: I76eb584024610a6054a069340adbac988abf686c Signed-off-by: Arne Schwabe <[email protected]> Acked-by: Gert Doering <[email protected]> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1321 Message-Id: <[email protected]> URL: https://www.mail-archive.com/[email protected]/msg33989.html Signed-off-by: Gert Doering <[email protected]> --- M src/openvpn/push.c 1 file changed, 14 insertions(+), 4 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/21/1321/2 diff --git a/src/openvpn/push.c b/src/openvpn/push.c index 6f146fc..7852d36 100644 --- a/src/openvpn/push.c +++ b/src/openvpn/push.c @@ -1029,15 +1029,25 @@ char line[OPTION_PARM_SIZE]; while (buf_parse(buf, ',', line, sizeof(line))) { - /* peer-id and auth-token might change on restart and this should not trigger reopening tun + /* peer-id and auth-token might change on restart and this should not + * trigger reopening tun + * Also other options that only affect the control channel should + * not trigger a reopen of the tun device */ - if (strprefix(line, "peer-id ") || strprefix(line, "auth-token ") - || strprefix(line, "auth-token-user ")) + if (strprefix(line, "peer-id ") + || strprefix(line, "auth-token ") + || strprefix(line, "auth-token-user") + || strprefix(line, "protocol-flags ") + || strprefix(line, "key-derivation ") + || strprefix(line, "explicit-exit-notify ") + || strprefix(line, "ping ") + || strprefix(line, "ping-restart ") + || strprefix(line, "ping-timer ")) { continue; } /* tun reopen only needed if cipher change can change tun MTU */ - if (strprefix(line, "cipher ") && !opt->ce.tun_mtu_defined) + if (strprefix(line, "cipher ") && opt->ce.tun_mtu_defined) { continue; } -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1321?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: newpatchset Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I76eb584024610a6054a069340adbac988abf686c Gerrit-Change-Number: 1321 Gerrit-PatchSet: 2 Gerrit-Owner: plaisthos <[email protected]> Gerrit-Reviewer: cron2 <[email protected]> Gerrit-Reviewer: flichtenheld <[email protected]> Gerrit-CC: openvpn-devel <[email protected]>
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
