GitList

Browse code

Allow reconnecting in p2p mode work under FreeBSD

This commit consists of two parts.
- explicitly removing an existing peer in p2p mode
- ignoring the ping timeout notification that is generated by the first
part

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20221201110128.271064-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25602.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

Arne Schwabe authored on 2022/12/01 20:01:28
Showing 3 changed files

src/openvpn/dco.c index 47fb000..b1a3e78 100644
src/openvpn/dco_freebsd.c index 4e03f52..a52ac8c 100644
src/openvpn/forward.c index 1b418b1..5cd7eaa 100644

src/openvpn/dco.c

History View file @ 0f7c5dd

@@ -458,6 +458,15 @@ dco_p2p_add_new_peer(struct context *c)
                          struct sockaddr *remoteaddr = &ls->info.lsa->actual.dest.addr.sa;
                          struct tls_multi *multi = c->c2.tls_multi;
                     +#ifdef TARGET_FREEBSD
                     +    /* In Linux in P2P mode the kernel automatically removes an existing peer
                     +     * when adding a new peer. FreeBSD needs to explicitly be told to do that */
                     +    if (c->c2.tls_multi->dco_peer_id != -1)
                     +    {
                     +        dco_del_peer(&c->c1.tuntap->dco, c->c2.tls_multi->dco_peer_id);
                     +        c->c2.tls_multi->dco_peer_id = -1;
                     +    }
                     +#endif
                          int ret = dco_new_peer(&c->c1.tuntap->dco, multi->peer_id,
                                                 c->c2.link_socket->sd, NULL, remoteaddr, NULL, NULL);
                          if (ret < 0)

src/openvpn/dco_freebsd.c

History View file @ 0f7c5dd

@@ -312,6 +312,8 @@ dco_del_peer(dco_context_t *dco, unsigned int peerid)
                          nvlist_t *nvl;
                          int ret;
                     +    msg(D_DCO_DEBUG, "%s: peer-id %d", __func__, peerid);
+                    +
                          nvl = nvlist_create(0);
                          nvlist_add_number(nvl, "peerid", peerid);

src/openvpn/forward.c

History View file @ 0f7c5dd

@@ -1174,9 +1174,22 @@ process_incoming_dco(struct context *c)
                          dco_do_read(dco);
                     +    /* FreeBSD currently sends us removal notifcation with the old peer-id in
                     +     * p2p mode with the ping timeout reason, so ignore that one to not shoot
                     +     * ourselves in the foot and removing the just established session */
                     +    if (dco->dco_message_peer_id != c->c2.tls_multi->dco_peer_id)
                     +    {
                     +        msg(D_DCO_DEBUG, "%s: received message for mismatching peer-id %d, "
                     +            "expected %d", __func__, dco->dco_message_peer_id,
                     +            c->c2.tls_multi->dco_peer_id);
                     +        return;
                     +    }
+                    +
                          if ((dco->dco_message_type == OVPN_CMD_DEL_PEER)
                              && (dco->dco_del_peer_reason == OVPN_DEL_PEER_REASON_EXPIRED))
+                         {
                     +        msg(D_DCO_DEBUG, "%s: received peer expired notification of for peer-id "
                     +            "%d", __func__, dco->dco_message_peer_id);
                              trigger_ping_timeout_signal(c);
                              return;
+                         }