[Openvpn-devel] [PATCH v5] event/multi: add event_arg object to make event handling more generic

From: Antonio Quartulli In order to prepare the event handling code to deal with multiple listening sockets, we have to make sure that it is possible to distinguish which of these sockets have been poked by an incoming connection request. To achieve that, this patch changes the object being pass

[Openvpn-devel] [PATCH v5] pass link_socket object to i/o functions

From: Antonio Quartulli In order to prepare the code to work with distinct sockets, it is essential that i/o functions do not operate on any hard-coded socket object (i.e. c->c2.link_socket). This patch changes all the low-level i/o functionis to work with a socket specified as argument rather t

[Openvpn-devel] [PATCH v5] io_work: convert shift argument to uintptr_t

From: Antonio Quartulli Instead of passing the shift argument as pointer, pass directly its integer value. This will allow the code to distinguish a shift value from a real object pointer, like we already do in multi_tcp_process_io(). This change will allow us later to pass an event_arg object a

[Openvpn-devel] [M] Change in openvpn[master]: event/multi: add event_arg object to make event handling more generic

cron2 has submitted this change. ( http://gerrit.openvpn.net/c/openvpn/+/757?usp=email ) Change subject: event/multi: add event_arg object to make event handling more generic .. event/multi: add event_arg object to make event h

[Openvpn-devel] [M] Change in openvpn[master]: event/multi: add event_arg object to make event handling more generic

cron2 has uploaded a new patch set (#6) to the change originally created by its_Giaan. ( http://gerrit.openvpn.net/c/openvpn/+/757?usp=email ) The following approvals got outdated and were removed: Code-Review+2 by flichtenheld Change subject: event/multi: add event_arg object to make event han

Re: [Openvpn-devel] [PATCH applied] Re: event/multi: add event_arg object to make event handling more generic

Hi, On Wed, Oct 23, 2024 at 10:49:18AM +0200, Gert Doering wrote: > I've lightly tested this on the server testbed (it has TCP listeners, > and extensive t_client tests - everyhing is fine), and also stared a > bit at the code (which seems reasonable, and Frank has more extensibly > reviewed it al

[Openvpn-devel] [PATCH applied] Re: event/multi: add event_arg object to make event handling more generic

I've lightly tested this on the server testbed (it has TCP listeners, and extensive t_client tests - everyhing is fine), and also stared a bit at the code (which seems reasonable, and Frank has more extensibly reviewed it already). There's some questions I do not understand (like, why not store th

[Openvpn-devel] [S] Change in openvpn[master]: io_work: convert shift argument to uintptr_t

Attention is currently required from: its_Giaan, plaisthos. Hello flichtenheld, ordex, plaisthos, I'd like you to reexamine a change. Please visit http://gerrit.openvpn.net/c/openvpn/+/759?usp=email to look at the new patch set (#6). The change is no longer submittable: checks~ChecksSubmit

[Openvpn-devel] [XS] Change in openvpn[master]: Fix for msbuild/mingw GHA failures

Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/785?usp=email to review the following change. Change subject: Fix for msbuild/mingw GHA failures .

[Openvpn-devel] [S] Change in openvpn[master]: io_work: pass event_arg object to event handler in case of socket event

Attention is currently required from: flichtenheld, its_Giaan, plaisthos. Hello flichtenheld, ordex, plaisthos, I'd like you to reexamine a change. Please visit http://gerrit.openvpn.net/c/openvpn/+/760?usp=email to look at the new patch set (#6). The following approvals got outdated and w

[Openvpn-devel] [XS] Change in openvpn[master]: Fix for msbuild/mingw GHA failures

Attention is currently required from: flichtenheld, its_Giaan, plaisthos. cron2 has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/785?usp=email ) Change subject: Fix for msbuild/mingw GHA failures ..

[Openvpn-devel] [PATCH v1] Fix for msbuild/mingw GHA failures

From: Gianmarco De Gregori Commit ("event/multi: add event_arg object to make event handling more generic") accidentally removed a variable declaration and its usage because of a rebase, this fix restore the wiped out unsigned int *persistent in multi_tcp_wait(). Change-Id: I8526aadb5151ddc997c8

[Openvpn-devel] [XS] Change in openvpn[master]: Fix for msbuild/mingw GHA failures

cron2 has submitted this change. ( http://gerrit.openvpn.net/c/openvpn/+/785?usp=email ) Change subject: Fix for msbuild/mingw GHA failures .. Fix for msbuild/mingw GHA failures Commit cd8e25a6e9 removed a variable because it l

[Openvpn-devel] [PATCH applied] Re: Fix for msbuild/mingw GHA failures

Thanks for quickly fixing this. (Morale 1: don't do "while I am here, let's clean up this other thing" changes..., Morale 2: we need windows builds in gerrit/buildbot) I've reworded the commit message a bit, to reference the actual commit ID in question, and to make it more clear what happened.

[Openvpn-devel] [XS] Change in openvpn[master]: Fix for msbuild/mingw GHA failures

cron2 has uploaded a new patch set (#2) to the change originally created by its_Giaan. ( http://gerrit.openvpn.net/c/openvpn/+/785?usp=email ) The following approvals got outdated and were removed: Code-Review+2 by cron2 Change subject: Fix for msbuild/mingw GHA failures ...

Re: [Openvpn-devel] [PATCH] Allow setting an empty auth-token in push replies

On Wed, Oct 23, 2024 at 11:03 AM Razvan Cojocaru wrote: > On 10/23/24 17:50, Gert Doering wrote: > > OK, so I see what is happening - you're sending an AUTH_FAILED "out of > > the blue", not in response to a client handshake, right? > > Exactly. In response to a client handshake there's no proble

[Openvpn-devel] [PATCH] Allow setting an empty auth-token in push replies

This in turn allows the server to signal to the client that it should no longer attempt to reconnect, if it wants to keep the client out after an AUTH_FAILED. Signed-off-by: Razvan Cojocaru --- src/openvpn/misc.c | 5 + 1 file changed, 5 insertions(+) diff --git a/src/openvpn/misc.c b/src/o

Re: [Openvpn-devel] [PATCH] Allow setting an empty auth-token in push replies

On 10/23/24 17:23, Gert Doering wrote: Hi, On Wed, Oct 23, 2024 at 04:49:03PM +0300, Razvan Cojocaru wrote: This in turn allows the server to signal to the client that it should no longer attempt to reconnect, if it wants to keep the client out after an AUTH_FAILED. This should not be necessa

Re: [Openvpn-devel] [PATCH] Allow setting an empty auth-token in push replies

Hi, On Wed, Oct 23, 2024 at 05:40:43PM +0300, Razvan Cojocaru wrote: > In this case, we want to disconnect the client and it should stay > disconnected. A simple AUTH_FAILED for this scenario will have the client > attempt another connection. But if we invalidate the token, then the client > will

Re: [Openvpn-devel] [PATCH] Allow setting an empty auth-token in push replies

On 10/23/24 17:43, Gert Doering wrote: Hi, On Wed, Oct 23, 2024 at 05:40:43PM +0300, Razvan Cojocaru wrote: In this case, we want to disconnect the client and it should stay disconnected. A simple AUTH_FAILED for this scenario will have the client attempt another connection. But if we invalidat

[Openvpn-devel] [PATCH v6] io_work: pass event_arg object to event handler in case of socket event

From: Antonio Quartulli In order to allow the code to work with multiple listening sockets it is essential to allow the generic multi_io event handler to distinguish between the various socket objects. This can be achieved by passing an event_arg object that contains a pointer to the link_socket

Re: [Openvpn-devel] [PATCH] Allow setting an empty auth-token in push replies

Hi, On Wed, Oct 23, 2024 at 04:49:03PM +0300, Razvan Cojocaru wrote: > This in turn allows the server to signal to the client that it > should no longer attempt to reconnect, if it wants to keep the > client out after an AUTH_FAILED. This should not be necessary. After an AUTH_FAILED the token i

[Openvpn-devel] [PATCH applied] Re: io_work: convert shift argument to uintptr_t

This code really wants improvement later on, which is promised by the commit message... so I hope for the best. Tested on the server testbed, and while I wouldn't trust myself to state "this patch does not break anything", *these* code paths are really well-excercised there - and the patch does n

[Openvpn-devel] [S] Change in openvpn[master]: io_work: convert shift argument to uintptr_t

cron2 has uploaded a new patch set (#7) to the change originally created by its_Giaan. ( http://gerrit.openvpn.net/c/openvpn/+/759?usp=email ) The following approvals got outdated and were removed: Code-Review+2 by flichtenheld Change subject: io_work: convert shift argument to uintptr_t ..

[Openvpn-devel] [S] Change in openvpn[master]: io_work: convert shift argument to uintptr_t

cron2 has submitted this change. ( http://gerrit.openvpn.net/c/openvpn/+/759?usp=email ) Change subject: io_work: convert shift argument to uintptr_t .. io_work: convert shift argument to uintptr_t Instead of passing the shift

[Openvpn-devel] [XL] Change in openvpn[master]: multiproto: move generic event handling code in dedicated files

Attention is currently required from: flichtenheld, plaisthos. its_Giaan has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/763?usp=email ) Change subject: multiproto: move generic event handling code in dedicated files ...

[Openvpn-devel] [M] Change in openvpn[master]: pass link_socket object to i/o functions

cron2 has uploaded a new patch set (#7) to the change originally created by its_Giaan. ( http://gerrit.openvpn.net/c/openvpn/+/758?usp=email ) The following approvals got outdated and were removed: Code-Review+2 by flichtenheld Change subject: pass link_socket object to i/o functions ..

[Openvpn-devel] [M] Change in openvpn[master]: pass link_socket object to i/o functions

cron2 has submitted this change. ( http://gerrit.openvpn.net/c/openvpn/+/758?usp=email ) Change subject: pass link_socket object to i/o functions .. pass link_socket object to i/o functions In order to prepare the code to work

[Openvpn-devel] [PATCH applied] Re: pass link_socket object to i/o functions

Tested on the server testbed, which has all the relevant operations here - UDP/TCP client, UDP/TCP servers, ... - all works fine. The code change itself touches many places, but is actually quite straightforward here - "c->c2.link_socket->..." gets replaced by "sock->...", with "sock" passed in a

Re: [Openvpn-devel] [PATCH] Allow setting an empty auth-token in push replies

Hi, On Wed, Oct 23, 2024 at 05:47:51PM +0300, Razvan Cojocaru wrote: > > AUTH_FAILED should do this automatically - invalidate the token, that is. > > Can you show a log where this is (not) happening? > > Of course: > > 2024-10-23 14:52:06 us=368754 PUSH: Received control message: > 'PUSH_REPLY,

Re: [Openvpn-devel] [PATCH] Allow setting an empty auth-token in push replies

On 10/23/24 17:50, Gert Doering wrote: OK, so I see what is happening - you're sending an AUTH_FAILED "out of the blue", not in response to a client handshake, right? Exactly. In response to a client handshake there's no problem. OpenVPN 2 *should* invalidate the token upon the reconnect (and

[Openvpn-devel] IRC community meeting summary

Meeting summary for 23 October 2024: * *Updated: data format v3 / epoch data keys* /plaisthos has written a new draft for new key handling for the data channel based on discussions in Karlsruhe./ /See​https://github.com/OpenVPN/openvpn-rfc/pull/5

Re: [Openvpn-devel] [PATCH] Allow setting an empty auth-token in push replies

On Wed, Oct 23, 2024 at 11:47 AM Razvan Cojocaru wrote: > On 10/23/24 18:25, Selva Nair wrote: > > Wouldn't pushing "HALT" instead of "AUTH_FAILED" work in this case? > > As in the management command "client-kill {cid} HALT" which calls > > send_restart() with kill_msg = "HALT". > > Possibly, how

Re: [Openvpn-devel] [PATCH] Allow setting an empty auth-token in push replies

On 10/23/24 18:25, Selva Nair wrote: Wouldn't pushing "HALT" instead of "AUTH_FAILED" work in this case? As in the management command "client-kill {cid} HALT" which calls send_restart() with kill_msg = "HALT". Possibly, however the intent has always been to use this feature to reject (authoriz

[Openvpn-devel] [S] Change in openvpn[master]: io_work: pass event_arg object to event handler in case of socket event

cron2 has uploaded a new patch set (#7) to the change originally created by its_Giaan. ( http://gerrit.openvpn.net/c/openvpn/+/760?usp=email ) Change subject: io_work: pass event_arg object to event handler in case of socket event

[Openvpn-devel] [S] Change in openvpn[master]: io_work: pass event_arg object to event handler in case of socket event

cron2 has submitted this change. ( http://gerrit.openvpn.net/c/openvpn/+/760?usp=email ) Change subject: io_work: pass event_arg object to event handler in case of socket event .. io_work: pass event_arg object to event handler

[Openvpn-devel] [S] Change in openvpn[master]: if a local IPv6 address is provided, socket must be v6-only

Attention is currently required from: flichtenheld, its_Giaan, plaisthos. cron2 has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/761?usp=email ) Change subject: if a local IPv6 address is provided, socket must be v6-only

[Openvpn-devel] [S] Change in openvpn[master]: t_server_null: forcibly kill misbehaving servers

Attention is currently required from: flichtenheld, mattock, plaisthos. cron2 has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/775?usp=email ) Change subject: t_server_null: forcibly kill misbehaving servers .

[Openvpn-devel] [PATCH applied] Re: io_work: pass event_arg object to event handler in case of socket event

Tested on the server testbed (and GHA, for good measure). The code change looks okayish. "struct ta_iow_flags" is not used yet, but hints at interesting things to come :-) Your patch has been applied to the master branch. commit 58612741680994928e67a0e981c91bbffb7a2d20 Author: Antonio Quartulli