mirror/openvpn
0
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2024-09-20 03:52:28 +02:00
Code

Extract session_move_active into its own function

Browse Source 
This makes the tls_process function smaller and easier to understand and
this state easier to understand in its own function.

Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20220426132324.76517-2-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg24212.html

Signed-off-by: Gert Doering <gert@greenie.muc.de>
This commit is contained in:
Arne Schwabe 2022-04-26 15:23:24 +02:00 committed by Gert Doering
parent 04c3779922
commit 4dbe508ab6
1 changed files with 52 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
src/openvpn/ssl.c
View File

@ -2431,6 +2431,54 @@ session_move_pre_start(const struct tls_session *session,
return true;
}
/**
* Moves the key to state to S_ACTIVE and also advances the multi_state state
* machine if this is the initial connection.
*/
static void
session_move_active(struct tls_multi *multi, struct tls_session *session,
struct link_socket_info *to_link_socket_info,
struct key_state *ks)
{
dmsg(D_TLS_DEBUG_MED, "STATE S_ACTIVE");
ks->established = now;
if (check_debug_level(D_HANDSHAKE))
{
print_details(&ks->ks_ssl, "Control Channel:");
}
ks->state = S_ACTIVE;
/* Cancel negotiation timeout */
ks->must_negotiate = 0;
INCR_SUCCESS;
/* Set outgoing address for data channel packets */
link_socket_set_outgoing_addr(to_link_socket_info, &ks->remote_addr,
session->common_name, session->opt->es);
/* Check if we need to advance the tls_multi state machine */
if (multi->multi_state == CAS_NOT_CONNECTED)
{
if (session->opt->mode == MODE_SERVER)
{
/* On a server we continue with running connect scripts next */
multi->multi_state = CAS_WAITING_AUTH;
}
else
{
/* Skip the connect script related states */
multi->multi_state = CAS_WAITING_OPTIONS_IMPORT;
}
}
/* Flush any payload packets that were buffered before our state transitioned to S_ACTIVE */
flush_payload_buffer(ks);
#ifdef MEASURE_TLS_HANDSHAKE_STATS
show_tls_performance_stats();
#endif
}
/*
* This is the primary routine for processing TLS stuff inside the
* the main event loop. When this routine exits
@ -2545,47 +2593,11 @@ tls_process(struct tls_multi *multi,
/* Wait for ACK */
if (((ks->state == S_GOT_KEY && !session->opt->server)
|| (ks->state == S_SENT_KEY && session->opt->server)))
|| (ks->state == S_SENT_KEY && session->opt->server))
&& no_pending_reliable_packets(ks))
{
if (no_pending_reliable_packets(ks))
{
ks->established = now;
dmsg(D_TLS_DEBUG_MED, "STATE S_ACTIVE");
if (check_debug_level(D_HANDSHAKE))
{
print_details(&ks->ks_ssl, "Control Channel:");
}
session_move_active(multi, session, to_link_socket_info, ks);
state_change = true;
ks->state = S_ACTIVE;
/* Cancel negotiation timeout */
ks->must_negotiate = 0;
INCR_SUCCESS;
/* Set outgoing address for data channel packets */
link_socket_set_outgoing_addr(to_link_socket_info, &ks->remote_addr, session->common_name, session->opt->es);
/* Check if we need to advance the tls_multi state machine */
if (multi->multi_state == CAS_NOT_CONNECTED)
{
if (session->opt->mode == MODE_SERVER)
{
/* On a server we continue with running connect scripts next */
multi->multi_state = CAS_WAITING_AUTH;
}
else
{
/* Skip the connect script related states */
multi->multi_state = CAS_WAITING_OPTIONS_IMPORT;
}
}
/* Flush any payload packets that were buffered before our state transitioned to S_ACTIVE */
flush_payload_buffer(ks);
#ifdef MEASURE_TLS_HANDSHAKE_STATS
show_tls_performance_stats();
#endif
}
}
/* Reliable buffer to outgoing TCP/UDP (send up to CONTROL_SEND_ACK_MAX ACKs