Avoid sending push request after receving push reply
The introduction of IV_PROTO_REQUEST_PUSH (c290df55) sometimes causes the
server to reply before we setup the push timer. The push reply will then
clear a timer that has not been setup yet. We then start sending push
request after we have gone through the whole initialisation already.
This patch also clears the connestion_established timer that sets up the
push request timer. This lead to the
management_set_state(management, OPENVPN_STATE_GET_CONFIG, ...)
function not being called. But to display "waiting for configuration..." or
sending a "getting config state" after "initialisation" does not make sense
anyway.
Also add the IV_PROTO_REQUEST_PUSH feature as new feature in Changes.rst
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20200725234803.22058-2-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20589.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Arne Schwabe authored on 2020/07/26 08:48:03Showing 3 changed files
| ... | ... |
@@ -25,6 +25,14 @@ Improved Data channel cipher negotiation |
| 25 | 25 |
Asynchronous (deferred) authentication support for auth-pam plugin. |
| 26 | 26 |
See src/plugins/auth-pam/README.auth-pam for details. |
| 27 | 27 |
|
| 28 |
+Faster connection setup |
|
| 29 |
+ A client will signal in the ``IV_PROTO`` variable that it is in pull |
|
| 30 |
+ mode. This allows the server to push the configuration options to |
|
| 31 |
+ the client without waiting for a ``PULL_REQUEST`` message. The feature |
|
| 32 |
+ is automatically enabled if both client and server support it and |
|
| 33 |
+ significantly reduces the connection setup time by avoiding one |
|
| 34 |
+ extra packet round-trip and 1s of internal event delays. |
|
| 35 |
+ |
|
| 28 | 36 |
Deprecated features |
| 29 | 37 |
------------------- |
| 30 | 38 |
For an up-to-date list of all deprecated options, see this wiki page: |
| ... | ... |
@@ -60,6 +68,10 @@ User-visible Changes |
| 60 | 60 |
- Support for building with OpenSSL 1.0.1 has been removed. The minimum |
| 61 | 61 |
supported OpenSSL version is now 1.0.2. |
| 62 | 62 |
|
| 63 |
+- The GET_CONFIG management state is omitted if the server pushes |
|
| 64 |
+ the client configuration almost immediately as result of the |
|
| 65 |
+ faster connection setup feature. |
|
| 66 |
+ |
|
| 63 | 67 |
|
| 64 | 68 |
Overview of changes in 2.4 |
| 65 | 69 |
========================== |
| ... | ... |
@@ -425,6 +425,9 @@ check_push_request_dowork(struct context *c) |
| 425 | 425 |
* |
| 426 | 426 |
* Options like --up-delay need to be triggered by this function which |
| 427 | 427 |
* checks for connection establishment. |
| 428 |
+ * |
|
| 429 |
+ * Note: The process_incoming_push_reply currently assumes that this function |
|
| 430 |
+ * only sets up the pull request timer when pull is enabled. |
|
| 428 | 431 |
*/ |
| 429 | 432 |
void |
| 430 | 433 |
check_connection_established(struct context *c) |