From: Steffan Karger <steffan.karger@fox-it.com>
Date: Thu, 4 Jan 2018 12:07:50 +0000 (+0100)
Subject: Check for more data in control channel
X-Git-Tag: v2.4.6~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8f15fa94dd9d7c4ce2dfe3378bd6311e2ad121ba;p=thirdparty%2Fopenvpn.git

Check for more data in control channel

If control channel packets arrive quickly after each other, or out of
order, there might be more data available than we can read in one
tls_process() call.  If that happened, and no further control channel
packet arrived (e.g. because the last two packets arrived out-of-order),
we would wait for 16 second ("coarse timer") before we would read the
remaining data.  To avoid that, always schedule ourself again if there
was control channel data, to check whether more data is available.

For mbedtls, we could implement a slightly more elegant "is there more
data?" function, instead of blindly rescheduling.  But I can't find a way
to implement that for OpenSSL, and the current solution is very simple and
still has quite low overhead.

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <1515067670-13094-1-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg16151.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
(cherry picked from commit b00d56e1b0cf4d71dc4944ef14ea7eca2fc8c519)
---

diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index effb8b232..ab42f0c2c 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -2946,6 +2946,9 @@ tls_process(struct tls_multi *multi,
             {
                 state_change = true;
                 dmsg(D_TLS_DEBUG, "TLS -> Incoming Plaintext");
+
+                /* More data may be available, wake up again asap to check. */
+                *wakeup = 0;
             }
         }