GitList

Browse code

Check for more data in control channel

If control channel packets arrive quickly after each other, or out of
order, there might be more data available than we can read in one
tls_process() call. If that happened, and no further control channel
packet arrived (e.g. because the last two packets arrived out-of-order),
we would wait for 16 second ("coarse timer") before we would read the
remaining data. To avoid that, always schedule ourself again if there
was control channel data, to check whether more data is available.

For mbedtls, we could implement a slightly more elegant "is there more
data?" function, instead of blindly rescheduling. But I can't find a way
to implement that for OpenSSL, and the current solution is very simple and
still has quite low overhead.

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <1515067670-13094-1-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg16151.html
Signed-off-by: David Sommerseth <davids@openvpn.net>

Steffan Karger authored on 2018/01/04 21:07:50
Showing 1 changed files

src/openvpn/ssl.c index d758c31..669f941 100644

src/openvpn/ssl.c

History View file @ b00d56e

@@ -2942,6 +2942,9 @@ tls_process(struct tls_multi *multi,
             {
                 state_change = true;
                 dmsg(D_TLS_DEBUG, "TLS -> Incoming Plaintext");
+
+                /* More data may be available, wake up again asap to check. */
+                *wakeup = 0;
             }
         }
 

...	...	@@ -2942,6 +2942,9 @@ tls_process(struct tls_multi *multi,
2942	2942	{
2943	2943	state_change = true;
2944	2944	dmsg(D_TLS_DEBUG, "TLS -> Incoming Plaintext");
	2945	+
	2946	+ /* More data may be available, wake up again asap to check. */
	2947	+ *wakeup = 0;
2945	2948	}
2946	2949	}
2947	2950