From nobody Mon Dec 30 20:45:04 2024
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YMSlj0xWBz5j0VJ;
	Mon, 30 Dec 2024 20:45:05 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4YMSlh6kKZz4J12;
	Mon, 30 Dec 2024 20:45:04 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1735591504;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=/KzM2XCRZlp6/zh2UTPZfbTJz+naX66Zk8KE54EZbQs=;
	b=Lwstmzj24TL8E238FT5nT2Ph1dGuah8TzrtU4cwBzFKBS1s5cy1D3Hbacl88Dj2LUtTet1
	3Z7GeR0tp6gg+40rA3tQTq5VBSIKHjtAwW63bnH2czaAFnI6pXr7P5kW+/LFLAfbw8FEWl
	j5rHtMWSF2v+MqBbikE9OpcJ62eGxF8P3KWpTOzESuhvmOgBtBkETx4mJI/SZsqBN0p2qP
	OZekH6GRTjfVJaGvBT3zo3KeiR9sWyh4inneZWCbcohLfK4VaV+T3/ZUoag+wJ+MFBDfMC
	57Subfqwgu2QP0HWbSgO85nDDJSELPQqqg8QKMaQKyLZDKy8Hvv1RXAKj1pO9w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1735591504;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=/KzM2XCRZlp6/zh2UTPZfbTJz+naX66Zk8KE54EZbQs=;
	b=u7PRJuXUVuTv5BjDfGjlBdYUsXK0bT0d3I7EZUR+kQVAsLeedJo8bycynFsHBJzqHCj0L6
	6HelKNRWzjfGn7Q0kFHFZf7IPuArsupEobuSqiLTchypmzlrcNx3ivD6YLh4BG/PH+kFnz
	9VDJvq75ZXbKKDJoXar3wbDQG9gQNGUqG0/VgVIVbHzBLAHiXz5K94w1SMKANqO3DYHy4e
	+vqrWf0Ph7jst+9ixEAhxD0nDQLFCwlKPyye0pBvkc3RYoH7aXK5RRZmQ4IN0MZKntqbuM
	8JliwhHNQ/RG7BWdF/KjE4U4k+q57BU/dXybmbx8c6gzybEf+2m3CD5Vse1Wyg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1735591504; a=rsa-sha256; cv=none;
	b=chWpgljZP6s6yv2VgE+1+HKfJjs3JSVvU/BHYQKeL0VxJmZ0ydxZSpJGojBhNKmtQWYppn
	QcBHAzLgD19+u6yYPIyouy2iS8mWdO/bUlMo4vUcpkWYv76Odd4n5Q5bOnDl4/6XCm+piu
	J32UaZRAWZTJxQ4bNUlMYx2Av1/XVqpG2Frl5tZgQcFZY6tJJjTq4Qoya/pn6VgdK4X5al
	2rFOBQQKUGFmMHti/mHhvNIxl2LL8XVMEwR0yM3oS3lGJX4//FqtvmxYR8AWnqdr4SNyMA
	voQ2qBgYlhmUjw2lYrrle0cq/Sf//qMGbgvRLbIDVP5fDS+U6AMkIZAoLYt3lA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YMSlh6HtQz18dd;
	Mon, 30 Dec 2024 20:45:04 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BUKj4gI020608;
	Mon, 30 Dec 2024 20:45:04 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BUKj4YS020605;
	Mon, 30 Dec 2024 20:45:04 GMT
	(envelope-from git)
Date: Mon, 30 Dec 2024 20:45:04 GMT
Message-Id: <202412302045.4BUKj4YS020605@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Kristof Provost <kp@FreeBSD.org>
Subject: git: e0a1a2e47fbf - stable/14 - if_ovpn: improve reconnect
  handling
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kp
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: e0a1a2e47fbf1df75e054acced189819eaf7c4e7
Auto-Submitted: auto-generated

The branch stable/14 has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=e0a1a2e47fbf1df75e054acced189819eaf7c4e7

commit e0a1a2e47fbf1df75e054acced189819eaf7c4e7
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2024-12-18 16:10:29 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2024-12-30 20:42:57 +0000

    if_ovpn: improve reconnect handling
    
    When a DCO client reconnects (e.g. on server restart) OpenVPN may create a new
    socket rather than reusing the existing one. This used to be rejected because we
    expect all peers to use the same socket. However, if there are no peers it's
    safe to release the previous socket and install the tunnel function on the new
    one.
    
    See also:       https://redmine.pfsense.org/issues/15928
    MFC after:      2 weeks
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    
    (cherry picked from commit 3624de5394991c0cacd42d5a3b33e35c1a002e09)
---
 sys/net/if_ovpn.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/sys/net/if_ovpn.c b/sys/net/if_ovpn.c
index be75eff74d34..de7920981027 100644
--- a/sys/net/if_ovpn.c
+++ b/sys/net/if_ovpn.c
@@ -628,8 +628,20 @@ ovpn_new_peer(struct ifnet *ifp, const nvlist_t *nvl)
 	}
 
 	/* Must be the same socket as for other peers on this interface. */
-	if (sc->so != NULL && so != sc->so)
-		goto error_locked;
+	if (sc->so != NULL && so != sc->so) {
+		if (! RB_EMPTY(&sc->peers)) {
+			ret = EBUSY;
+			goto error_locked;
+		}
+
+		/*
+		 * If we have no peers we can safely release the socket and accept
+		 * a new one.
+		 */
+		ret = udp_set_kernel_tunneling(sc->so, NULL, NULL, NULL);
+		sorele(sc->so);
+		sc->so = NULL;
+	}
 
 	if (sc->so == NULL)
 		sc->so = so;