From: Arne Schwabe Date: Sat, 25 Jul 2020 23:48:03 +0000 (+0200) Subject: Avoid sending push request after receving push reply X-Git-Tag: v2.5_beta1~32 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a3b21a76b87fedf045c409481f55c34486d8cd27;p=thirdparty%2Fopenvpn.git Avoid sending push request after receving push reply The introduction of IV_PROTO_REQUEST_PUSH (c290df55) sometimes causes the server to reply before we setup the push timer. The push reply will then clear a timer that has not been setup yet. We then start sending push request after we have gone through the whole initialisation already. This patch also clears the connestion_established timer that sets up the push request timer. This lead to the management_set_state(management, OPENVPN_STATE_GET_CONFIG, ...) function not being called. But to display "waiting for configuration..." or sending a "getting config state" after "initialisation" does not make sense anyway. Also add the IV_PROTO_REQUEST_PUSH feature as new feature in Changes.rst Signed-off-by: Arne Schwabe Acked-by: Gert Doering Message-Id: <20200725234803.22058-2-arne@rfc2549.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20589.html Signed-off-by: Gert Doering --- diff --git a/Changes.rst b/Changes.rst index e779f19c1..17be0e154 100644 --- a/Changes.rst +++ b/Changes.rst @@ -25,6 +25,14 @@ Improved Data channel cipher negotiation Asynchronous (deferred) authentication support for auth-pam plugin. See src/plugins/auth-pam/README.auth-pam for details. +Faster connection setup + A client will signal in the ``IV_PROTO`` variable that it is in pull + mode. This allows the server to push the configuration options to + the client without waiting for a ``PULL_REQUEST`` message. The feature + is automatically enabled if both client and server support it and + significantly reduces the connection setup time by avoiding one + extra packet round-trip and 1s of internal event delays. + Deprecated features ------------------- For an up-to-date list of all deprecated options, see this wiki page: @@ -60,6 +68,10 @@ User-visible Changes - Support for building with OpenSSL 1.0.1 has been removed. The minimum supported OpenSSL version is now 1.0.2. +- The GET_CONFIG management state is omitted if the server pushes + the client configuration almost immediately as result of the + faster connection setup feature. + Overview of changes in 2.4 ========================== diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 30a3fd46d..79c07e46e 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -425,6 +425,9 @@ check_push_request_dowork(struct context *c) * * Options like --up-delay need to be triggered by this function which * checks for connection establishment. + * + * Note: The process_incoming_push_reply currently assumes that this function + * only sets up the pull request timer when pull is enabled. */ void check_connection_established(struct context *c) diff --git a/src/openvpn/push.c b/src/openvpn/push.c index 1c4f2033b..f10021f85 100644 --- a/src/openvpn/push.c +++ b/src/openvpn/push.c @@ -358,6 +358,7 @@ incoming_push_message(struct context *c, const struct buffer *buffer) } } event_timeout_clear(&c->c2.push_request_interval); + event_timeout_clear(&c->c2.wait_for_connect); } goto cleanup;