From: Arne Schwabe Date: Tue, 26 Apr 2022 13:23:24 +0000 (+0200) Subject: Extract session_move_active into its own function X-Git-Tag: v2.6_beta1~220 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4dbe508ab6d011d57f4acc71f3c0330deb852206;p=thirdparty%2Fopenvpn.git Extract session_move_active into its own function This makes the tls_process function smaller and easier to understand and this state easier to understand in its own function. Acked-by: Gert Doering Message-Id: <20220426132324.76517-2-arne@rfc2549.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg24212.html Signed-off-by: Gert Doering --- diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 6c6648afa..2aa9228d7 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -2431,6 +2431,54 @@ session_move_pre_start(const struct tls_session *session, return true; } + +/** + * Moves the key to state to S_ACTIVE and also advances the multi_state state + * machine if this is the initial connection. + */ +static void +session_move_active(struct tls_multi *multi, struct tls_session *session, + struct link_socket_info *to_link_socket_info, + struct key_state *ks) +{ + dmsg(D_TLS_DEBUG_MED, "STATE S_ACTIVE"); + + ks->established = now; + if (check_debug_level(D_HANDSHAKE)) + { + print_details(&ks->ks_ssl, "Control Channel:"); + } + ks->state = S_ACTIVE; + /* Cancel negotiation timeout */ + ks->must_negotiate = 0; + INCR_SUCCESS; + + /* Set outgoing address for data channel packets */ + link_socket_set_outgoing_addr(to_link_socket_info, &ks->remote_addr, + session->common_name, session->opt->es); + + /* Check if we need to advance the tls_multi state machine */ + if (multi->multi_state == CAS_NOT_CONNECTED) + { + if (session->opt->mode == MODE_SERVER) + { + /* On a server we continue with running connect scripts next */ + multi->multi_state = CAS_WAITING_AUTH; + } + else + { + /* Skip the connect script related states */ + multi->multi_state = CAS_WAITING_OPTIONS_IMPORT; + } + } + + /* Flush any payload packets that were buffered before our state transitioned to S_ACTIVE */ + flush_payload_buffer(ks); + +#ifdef MEASURE_TLS_HANDSHAKE_STATS + show_tls_performance_stats(); +#endif +} /* * This is the primary routine for processing TLS stuff inside the * the main event loop. When this routine exits @@ -2545,47 +2593,11 @@ tls_process(struct tls_multi *multi, /* Wait for ACK */ if (((ks->state == S_GOT_KEY && !session->opt->server) - || (ks->state == S_SENT_KEY && session->opt->server))) + || (ks->state == S_SENT_KEY && session->opt->server)) + && no_pending_reliable_packets(ks)) { - if (no_pending_reliable_packets(ks)) - { - ks->established = now; - dmsg(D_TLS_DEBUG_MED, "STATE S_ACTIVE"); - if (check_debug_level(D_HANDSHAKE)) - { - print_details(&ks->ks_ssl, "Control Channel:"); - } - state_change = true; - ks->state = S_ACTIVE; - /* Cancel negotiation timeout */ - ks->must_negotiate = 0; - INCR_SUCCESS; - - /* Set outgoing address for data channel packets */ - link_socket_set_outgoing_addr(to_link_socket_info, &ks->remote_addr, session->common_name, session->opt->es); - - /* Check if we need to advance the tls_multi state machine */ - if (multi->multi_state == CAS_NOT_CONNECTED) - { - if (session->opt->mode == MODE_SERVER) - { - /* On a server we continue with running connect scripts next */ - multi->multi_state = CAS_WAITING_AUTH; - } - else - { - /* Skip the connect script related states */ - multi->multi_state = CAS_WAITING_OPTIONS_IMPORT; - } - } - - /* Flush any payload packets that were buffered before our state transitioned to S_ACTIVE */ - flush_payload_buffer(ks); - -#ifdef MEASURE_TLS_HANDSHAKE_STATS - show_tls_performance_stats(); -#endif - } + session_move_active(multi, session, to_link_socket_info, ks); + state_change = true; } /* Reliable buffer to outgoing TCP/UDP (send up to CONTROL_SEND_ACK_MAX ACKs