Menu
▾
▴
[Openvpn-devel] [XS] Change in openvpn[master]: dco: drop client prefix after DCO PEER_FLOAT notification
|
From: cron2 (C. Review) <ge...@op...> - 2025-07-27 11:02:45
|
Attention is currently required from: flichtenheld, ordex, plaisthos. cron2 has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1116?usp=email ) Change subject: dco: drop client prefix after DCO PEER_FLOAT notification ...................................................................... Patch Set 2: (1 comment) Patchset: PS2: Here's another one... counter timer triggering while an outgoing TLS renegotiation is in progress ``` Jul 27 12:33:36 ubuntu2004 tun-udp-p2mp[298589]: udp6:[2001:608:0:814::fb00:14]:33827 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bits RSA, signature: RSA-SHA256, peer temporary key: 253 bits X25519, peer signing digest/type: SHA256 RSASSA-PSS Jul 27 12:33:36 ubuntu2004 kernel: [443346.370968] tun1: del peer 1 Jul 27 12:33:36 ubuntu2004 kernel: [443346.370974] tun1: deleting peer with id 1, reason 1 Jul 27 12:33:36 ubuntu2004 tun-udp-p2mp[298589]: udp6:[2001:608:0:814::fb00:14]:33827 [freebsd-14-amd64] Peer Connection Initiated with [AF_INET6]2001:608:0:814::fb00:14:33827 Jul 27 12:33:36 ubuntu2004 tun-udp-p2mp[298589]: freebsd-14-amd64/udp6:[2001:608:0:814::fb00:14]:33827 peer-id=2 dco_get_peer: peer-id -1 Jul 27 12:33:36 ubuntu2004 tun-udp-p2mp[298589]: freebsd-14-amd64/udp6:[2001:608:0:814::fb00:14]:33827 peer-id=2 ovpn-dco: received netlink message type=31 cmd=3 flags=0x0002 Jul 27 12:33:36 ubuntu2004 tun-udp-p2mp[298589]: freebsd-14-amd64/udp6:[2001:608:0:814::fb00:14]:33827 peer-id=2 ovpn_handle_peer: parsing message for peer 0... Jul 27 12:33:36 ubuntu2004 tun-udp-p2mp[298589]: freebsd-14-amd64/udp6:[2001:608:0:814::fb00:14]:33827 peer-id=2 dco_update_peer_stat / dco_read_bytes(0): 440 Jul 27 12:33:36 ubuntu2004 tun-udp-p2mp[298589]: freebsd-14-amd64/udp6:[2001:608:0:814::fb00:14]:33827 peer-id=2 dco_update_peer_stat / dco_write_bytes(0): 480 ``` in this case resetting the prefix would mess up prefix logging for the TLS handshake, so it's not the right approach anyway. Digging through error.c I found something half-forgotten... ``` /* set up client prefix */ if (flags & M_NOIPREFIX) { prefix = NULL; } else { prefix = msg_get_prefix(); } ``` so I think the *right* approach is to use `msg(...|M_NOIPREFIX, ...)` for everything that is not normally related to a particular MI instance - like, most of the DCO events. Magic -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1116?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I1ad5df0f6785ffe9becd9f83329a9335d1a36f24 Gerrit-Change-Number: 1116 Gerrit-PatchSet: 2 Gerrit-Owner: ordex <an...@ma...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Attention: ordex <an...@ma...> Gerrit-Comment-Date: Sun, 27 Jul 2025 11:02:31 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Gerrit-MessageType: comment |
