Menu
▾
▴
[Openvpn-devel] [M] Change in openvpn[master]: multipeer: introduce asymmetric peer-id
|
From: its_Giaan (C. Review) <ge...@op...> - 2025-10-27 13:47:12
|
Attention is currently required from: cron2, flichtenheld, plaisthos. its_Giaan has posted comments on this change by its_Giaan. ( http://gerrit.openvpn.net/c/openvpn/+/1089?usp=email ) Change subject: multipeer: introduce asymmetric peer-id ...................................................................... Patch Set 5: (8 comments) Patchset: PS4: > The part that picks the "peer-id" pushed and parsed options. […] Done File src/openvpn/ssl.c: http://gerrit.openvpn.net/c/openvpn/+/1089/comment/483a5681_27b0022b?usp=email : PS4, Line 1179: ret->rx_peer_id = MAX_PEER_ID; > Add comment here that we also use the rx peer id to identify DCO clients as this has become now a im […] Done http://gerrit.openvpn.net/c/openvpn/+/1089/comment/d7cabc51_e6990ae0?usp=email : PS4, Line 1982: } > This is still not guarded by DCO capability. […] Done http://gerrit.openvpn.net/c/openvpn/+/1089/comment/c0fec251_e0eada21?usp=email : PS4, Line 2165: if (multi->rx_peer_id == MAX_PEER_ID && session->opt->mode != MODE_SERVER) > This feel be a very hacky place to set the multi rx peer id. […] I moved this into tls_multi_init_finalize(), hope that's fine. File src/openvpn/ssl_ncp.c: http://gerrit.openvpn.net/c/openvpn/+/1089/comment/74331eed_c592a014?usp=email : PS4, Line 425: if (tx_peer_id) > This also need to take DCO capability into account. Done http://gerrit.openvpn.net/c/openvpn/+/1089/comment/c5e954b4_8a6a0a93?usp=email : PS4, Line 450: if (multi->use_peer_id) > I think this parts needs to be skipped if we are using/negotiated asymmetric peer-id as it would ove […] Done File src/openvpn/ssl_util.h: http://gerrit.openvpn.net/c/openvpn/+/1089/comment/be89150e_3068de2f?usp=email : PS4, Line 56: uint32_t extract_asymmetric_peer_id(const char *peer_info); > Add doxygen please Done File src/openvpn/ssl_util.c: http://gerrit.openvpn.net/c/openvpn/+/1089/comment/c1989b67_8f07aa92?usp=email : PS4, Line 90: return 0; > 0 is a valid peer id. […] Done -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1089?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I0a13ee90b6706acf20eabcee3bab3f2dff639bf9 Gerrit-Change-Number: 1089 Gerrit-PatchSet: 5 Gerrit-Owner: its_Giaan <gia...@ma...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: cron2 <ge...@gr...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Comment-Date: Mon, 27 Oct 2025 13:47:02 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: plaisthos <arn...@rf...> |
