git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Arne Schwabe <arne@rfc2549.org>
	Sun, 16 Oct 2022 15:49:53 +0000 (17:49 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Mon, 17 Oct 2022 08:24:42 +0000 (10:24 +0200)
commit	d468dff7bdfd79059818c190ddf41b125bb658de
tree	60d1d9c189bf696730fb9e2780b793d37124aea2	tree
parent	6bbd89c5c82e7a2366ecac969b35f88797a73763	commit \| diff

Change exit signal in P2P to be a SIGUSR1 and delayed CC exit in P2MP

From the implemention of explicit-notify and the fact that it is a an
OCC message (basically the rudimentary predecessor to control channel),
this message is very old.

I think in the past this feature fit nicely to the weird inetd + openvpn
mode that seems to have far to many hacks still left in our code. With
inetd, it made sense that the server instance quits if you press C-c
on the client.

In our current state where inetd is no longer supported, this behaviour
to exit makes little sense and this patch changes the behaviour to SIGUSR1.

Testing this lead to a confused v2 of the patch and also finally the
insight that if a CC channel exit is triggered too early the remaining
control channel packets coming in after that can trigger the HMAC code
to open a sessions again if the whole session lasted less than two
minutes (with default settings).

Patch v2: use different signals for p2mp and p2p
Patch v3: use delayed exit for P2MP/CC exit and USR1 for everything else

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20221016154953.2483509-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25403.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

Changes.rst		diff \| blob \| blame \| history
src/openvpn/occ.c		diff \| blob \| blame \| history
src/openvpn/push.c		diff \| blob \| blame \| history