From b00d56e1b0cf4d71dc4944ef14ea7eca2fc8c519 Mon Sep 17 00:00:00 2001 From: Steffan Karger Date: Thu, 4 Jan 2018 13:07:50 +0100 Subject: [PATCH] Check for more data in control channel If control channel packets arrive quickly after each other, or out of order, there might be more data available than we can read in one tls_process() call. If that happened, and no further control channel packet arrived (e.g. because the last two packets arrived out-of-order), we would wait for 16 second ("coarse timer") before we would read the remaining data. To avoid that, always schedule ourself again if there was control channel data, to check whether more data is available. For mbedtls, we could implement a slightly more elegant "is there more data?" function, instead of blindly rescheduling. But I can't find a way to implement that for OpenSSL, and the current solution is very simple and still has quite low overhead. Signed-off-by: Steffan Karger Acked-by: David Sommerseth Message-Id: <1515067670-13094-1-git-send-email-steffan.karger@fox-it.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg16151.html Signed-off-by: David Sommerseth --- src/openvpn/ssl.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index d758c31a2..669f941b3 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -2942,6 +2942,9 @@ tls_process(struct tls_multi *multi, { state_change = true; dmsg(D_TLS_DEBUG, "TLS -> Incoming Plaintext"); + + /* More data may be available, wake up again asap to check. */ + *wakeup = 0; } } -- 2.47.2