git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Arne Schwabe <arne@rfc2549.org>
	Sun, 27 Nov 2022 09:07:42 +0000 (10:07 +0100)
committer	Gert Doering <gert@greenie.muc.de>
	Sun, 27 Nov 2022 13:59:39 +0000 (14:59 +0100)
commit	8d4dbb56e7dda87ef031fdf52c6d87e533250ff3
tree	6863392f031cdfae30f0a7dd4aab208f13969b7d	tree \| snapshot
parent	4cf58f4920b430481b772e5f9e9877f9686d3995	commit \| diff

Use dedicated multi->dco_peer_id for DCO instead of multi->peer_id

The lifetime and state machine of multi->peer_id does not exactly the
lifetime/state of DCO. This is especially for p2p NCP where a reconnection
can change the peer id. Also use this new field with value -1 to mean
not installed, replacing the dco_peer_added field.

Also ensure that we have a failure adding a new peer, we don't try to
set options for that peer or generating keys for it.

Patch v2: fix one comparison checking for 0 instead of -1
Patch v3: make recovery after failing dco_add_peer more robust
and the comparison that lead to not deleting a peer.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20221127090742.3487997-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/search?l=mid&q=20221127090742.3487997-1-arne@rfc2549.org
Signed-off-by: Gert Doering <gert@greenie.muc.de>

src/openvpn/dco.c		diff \| blob \| blame \| history
src/openvpn/forward.c		diff \| blob \| blame \| history
src/openvpn/init.c		diff \| blob \| blame \| history
src/openvpn/multi.c		diff \| blob \| blame \| history
src/openvpn/ssl.c		diff \| blob \| blame \| history
src/openvpn/ssl_common.h		diff \| blob \| blame \| history