[Openvpn-devel] [PATCH applied] Re: Implement exit notification via control channel

Sun, 18 Sep 2022 09:14:14 -0700 

Acked-by: Gert Doering <g...@greenie.muc.de>

Adding my ACK to Heiko's, because the push_option_fmt() thing is sufficiently
different from v3 so I had a very close look.

Testing this is not very easy with the current test framework, as it needs
this patch on both ends to become effective.

This said, I've subjected this to extensive client/server tests against
2.3...master peers, to see if it would break compat with anything 
(no tls-ekm, old tls-ekm, new tls-ekm) - seems not so :-)

Testing client and server both with this patch leads to the expected
protocol-flags message:

 ... peer info: IV_PROTO=222
 ... SENT CONTROL ... protocol-flags cc-exit tls-ekm' (status=1)

and on ctrl-c, to 

client:
 2022-09-18 17:10:59 SIGTERM received, sending exit notification to peer
 2022-09-18 17:10:59 SENT CONTROL [server]: 'EXIT' (status=1)

server:

 Sep 18 17:10:59 ... Exit message received by peer
 Sep 18 17:10:59 ... SIGTERM[soft,remote-exit] received, client-instance exiting

(and of course, --explicit-exit-notify with old<->new client/server
combinations also still works, showing the "old" messages)

Testing this against a DCO enabled p2mp server also makes client-to-server
--explicit-exit-notify work now.  Did not test DCO P2P.


NOTE: the commit message does not mention this, but the manpage says
so, without it being clear to the uninvited - p2mp server to client
will never use this new EXIT message or the old OCC_EXIT signalling,
and has always sent "RESTART..." control-channel messages.  This was not
really clear to me before I started untangling this...

NOTE2: p2p peers still exit() on receipt of --explicit-exit-notify
messages.  Not sure if we consider this reasonable behaviour (see
separate mail thread).


Your patch has been applied to the master branch.

commit 179b3728b71013413885e453e477997f5a396f78
Author: Arne Schwabe
Date:   Wed Sep 14 18:50:41 2022 +0200

     Implement exit notification via control channel

     Signed-off-by: Arne Schwabe <a...@rfc2549.org>
     Acked-by: Heiko Hund <he...@ist.eigentlich.net>
     Acked-by: Gert Doering <g...@greenie.muc.de>
     Message-Id: <20220914165041.2658423-1-a...@rfc2549.org>
     URL: 
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25209.html
     Signed-off-by: Gert Doering <g...@greenie.muc.de>


--
kind regards,

Gert Doering



_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to