Avoid sending push request after receving push reply

The introduction of IV_PROTO_REQUEST_PUSH (c290df55) sometimes causes the
server to reply before we setup the push timer. The push reply will then
clear a timer that has not been setup yet. We then start sending push
request after we have gone through the whole initialisation already.

This patch also clears the connestion_established timer that sets up the
push request timer. This lead to the

  management_set_state(management,  OPENVPN_STATE_GET_CONFIG, ...)

function not being called. But to display "waiting for configuration..." or
sending a "getting config state" after "initialisation" does not make sense
anyway.

Also add the IV_PROTO_REQUEST_PUSH feature as new feature in Changes.rst

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20200725234803.22058-2-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20589.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/Changes.rst b/Changes.rst
index e779f19c1aefa8c9e399674bfc904b6ce77b89e4..17be0e15427e912c444dd0ef41e544522af00968 100644 (file)
--- a/Changes.rst
+++ b/Changes.rst
@@ -25,6 +25,14 @@ Improved Data channel cipher negotiation
 Asynchronous (deferred) authentication support for auth-pam plugin.
     See src/plugins/auth-pam/README.auth-pam for details.
 
+Faster connection setup
+    A client will signal in the ``IV_PROTO`` variable that it is in pull
+    mode. This allows the server to push the configuration options to
+    the client without waiting for a ``PULL_REQUEST`` message. The feature
+    is automatically enabled if both client and server support it and
+    significantly reduces the connection setup time by avoiding one
+    extra packet round-trip and 1s of internal event delays.
+
 Deprecated features
 -------------------
 For an up-to-date list of all deprecated options, see this wiki page:
@@ -60,6 +68,10 @@ User-visible Changes
 - Support for building with OpenSSL 1.0.1 has been removed. The minimum
   supported OpenSSL version is now 1.0.2.
 
+- The GET_CONFIG management state is omitted if the server pushes
+  the client configuration almost immediately as result of the
+  faster connection setup feature.
+
 
 Overview of changes in 2.4
 ==========================

diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 30a3fd46df49ec80c476a23a8116ecca0c0da0b7..79c07e46ef74cc7b7d9ba22b787631f95f6d8318 100644 (file)
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -425,6 +425,9 @@ check_push_request_dowork(struct context *c)
  *
  * Options like --up-delay need to be triggered by this function which
  * checks for connection establishment.
+ *
+ * Note: The process_incoming_push_reply currently assumes that this function
+ * only sets up the pull request timer when pull is enabled.
  */
 void
 check_connection_established(struct context *c)

diff --git a/src/openvpn/push.c b/src/openvpn/push.c
index 1c4f2033bb9ba71560641d3880dc8966f2ca3530..f10021f85d4c9c3c4d3f004fe28254f2e1e7711b 100644 (file)
--- a/src/openvpn/push.c
+++ b/src/openvpn/push.c
@@ -358,6 +358,7 @@ incoming_push_message(struct context *c, const struct buffer *buffer)
             }
         }
         event_timeout_clear(&c->c2.push_request_interval);
+        event_timeout_clear(&c->c2.wait_for_connect);
     }
 
     goto cleanup;