From nobody Wed Dec 18 16:17:45 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCzNn6rChz5hY4v; Wed, 18 Dec 2024 16:17:45 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCzNn5jnGz4VqN; Wed, 18 Dec 2024 16:17:45 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734538665; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Ek+jmvOCdJd5fqva2h3QxkTKkLfti45bXd+w/gbEj50=; b=diaJxYZpSGLiGNZhT0KZeeSR5cM017zEz5Kkl74mJ/k/zDEYt34cKaN1MOl7v/quIjvFC+ gsGSA0ceBfigoj2iC8S+x1sehMr1Qyf46sjJz1qt52LHCl8aaPdscT8g6x2awupHQD++h+ cI7Si8D++fMjhwDfa7MnVvtJBOSj3sUKmsraofvcHAZLe77cGEKLJnV2SpEN1e64LGvg9c y8bh+61qItlqoHl89hgo9X8TQwIbzizhT685DA5mkSZgHFGRWND0rofpvtw0RZiTHLQbah gWodC1EP2Yt3cu+C5TxOkIxJ25GGqOFKj52+T5l85ure8UoFcrw9IFxOlJK1gg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734538665; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Ek+jmvOCdJd5fqva2h3QxkTKkLfti45bXd+w/gbEj50=; b=O10Fe4vkAJGldbfysvwvsNSwx3jLDARy7FmxaOAu9LIDby9UVZbQHH8UmCtSkSwkz6dk/Q ZNc11ExrT9w+Kk5GjfdhpGpr4I9yK1cGlGABP96n8VogyIc+OYJriPa3uDLLXNi0fN++Ai YaSLn7gtQnRLX4+skqoXXW9Lxihyf0rP34uYVJfo/qQrp3CX87Pbkg07juzPiaeNRD5/rr Kqpp1P2k3VCKWZj0zPasYOo/5GnU2pRMTVH/+cMTn628RljQvnTjL207en7kTn3ThEa6ZI CpMU9zkPtiLrLFKvS/lp3t3up5Mso3SYptsnFe1k627a9PoUiwmJsLLqe2ygQQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734538665; a=rsa-sha256; cv=none; b=I9YMasqCpjaFybaWWyajbjdg0tKXNKO/eiXZhFoGAISoCdt3sbwIYXWLDpjrLD5nOpNL+p mtSaCOXc4PxA2y9egtyZ0vrXFT07IzppZ8HhgnIPnfYq8gl58uBOau9WtA9E0KZfQRzvt1 sLe6cfqKelDC/L5lzmAu2jJnoLX0EpyttmWW54IszSen6B03/55uwp20Zz9N0oB1duRcq2 IuDY+Q/Zlpjhgp2Iybys8hlNt5OMWWD7Fbe9R6xpasNuvyOv4qnbltr3i+OFPXAZhHmzLd T9OIQGTDR1cTC0jhzn5QDwIYK33a/AAZTruu3UBHHC+rm1VufrFo1BrvFn0zMg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCzNn5KTfzFk6; Wed, 18 Dec 2024 16:17:45 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BIGHjcT099405; Wed, 18 Dec 2024 16:17:45 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BIGHjw1099402; Wed, 18 Dec 2024 16:17:45 GMT (envelope-from git) Date: Wed, 18 Dec 2024 16:17:45 GMT Message-Id: <202412181617.4BIGHjw1099402@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 3624de539499 - main - if_ovpn: improve reconnect handling List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 3624de5394991c0cacd42d5a3b33e35c1a002e09 Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=3624de5394991c0cacd42d5a3b33e35c1a002e09 commit 3624de5394991c0cacd42d5a3b33e35c1a002e09 Author: Kristof Provost AuthorDate: 2024-12-18 16:10:29 +0000 Commit: Kristof Provost CommitDate: 2024-12-18 16:10:29 +0000 if_ovpn: improve reconnect handling When a DCO client reconnects (e.g. on server restart) OpenVPN may create a new socket rather than reusing the existing one. This used to be rejected because we expect all peers to use the same socket. However, if there are no peers it's safe to release the previous socket and install the tunnel function on the new one. See also: https://redmine.pfsense.org/issues/15928 MFC after: 2 weeks Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/net/if_ovpn.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/sys/net/if_ovpn.c b/sys/net/if_ovpn.c index b269742ed8b9..8dc90ecce725 100644 --- a/sys/net/if_ovpn.c +++ b/sys/net/if_ovpn.c @@ -622,8 +622,20 @@ ovpn_new_peer(struct ifnet *ifp, const nvlist_t *nvl) } /* Must be the same socket as for other peers on this interface. */ - if (sc->so != NULL && so != sc->so) - goto error_locked; + if (sc->so != NULL && so != sc->so) { + if (! RB_EMPTY(&sc->peers)) { + ret = EBUSY; + goto error_locked; + } + + /* + * If we have no peers we can safely release the socket and accept + * a new one. + */ + ret = udp_set_kernel_tunneling(sc->so, NULL, NULL, NULL); + sorele(sc->so); + sc->so = NULL; + } if (sc->so == NULL) { sc->so = so;