Opened 10 years ago

Closed 8 years ago

#109 closed Bug / Defect (fixed)

Error not flushed to management interface during FATAL errors

Reported by: crookies Owned by:
Priority: major Milestone:
Component: Generic / unclassified Version: OpenVPN 2.1.0 / 2.1.1 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

When a FATAL error occurs, the management interface client is disconnected before whole messages have been sent on the socket.

Example:

Management interface output

1024 bit RSA
>LOG:1301498789,I,[197176-app1.apro.talk2m.com_client] Peer Connection Initiated
 with 10.0.0.14:3128
>LOG:1301498790,,MANAGEMENT: >STATE:1301498790,GET_CONFIG,,,
>STATE:1301498790,GET_CONFIG,,,
>LOG:1301498792,,SENT CONTROL [197176-app1.apro.talk2m.com_client]: 'PUSH_REQUES
T' (status=1)


Connection to host lost.

Corresponding Log output

Wed Mar 30 17:26:29 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Mar 30 17:26:29 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Mar 30 17:26:29 2011 [197176-app1.apro.talk2m.com_client] Peer Connection Initiated with 10.0.0.14:3128
Wed Mar 30 17:26:30 2011 MANAGEMENT: >STATE:1301498790,GET_CONFIG,,,
Wed Mar 30 17:26:32 2011 SENT CONTROL [197176-app1.apro.talk2m.com_client]: 'PUSH_REQUEST' (status=1)
Wed Mar 30 17:26:32 2011 PUSH: Received control message: 'PUSH_REPLY,ping 10,ping-exit 40,ifconfig 10.7.0.2 255.254.0.0'
Wed Mar 30 17:26:32 2011 OPTIONS IMPORT: timers and/or timeouts modified
Wed Mar 30 17:26:32 2011 OPTIONS IMPORT: --ifconfig/up options modified
Wed Mar 30 17:26:32 2011 MANAGEMENT: Client disconnected
Wed Mar 30 17:26:32 2011 There are no TAP-Win32 adapters on this system.  You should be able to create a TAP-Win32 adapter by going to Start -> All Programs -> OpenVPN -> Add a new TAP-Win32 virtual ethernet adapter.
Wed Mar 30 17:26:32 2011 Exiting

If we look at the manage.c file, the man_output_list_push_finalize function is called after the man_reset_client_socket is called

This was tested in 2.1.4 (the problem does not appear in 2.0.5)

Change History (2)

comment:1 Changed 10 years ago by David Sommerseth

Can you please attach client and server configuration files which can be used for testing? If you use SSL key/certificates, please use those found in the source tree under ./sample-keys/

Further can you explain exactly how this FATAL error is triggered?

comment:2 Changed 8 years ago by Samuli Seppänen

Resolution: fixed
Status: newclosed

This was fixed in James' SVN tree at revision 7587:

r7587 | james | 2011-09-03 02:49:45 +0300 (sab, 03 set 2011) | 7 lines

Fixed management interface bug where >FATAL notifications were
not being output properly because the management interface
socket was being closed before the >FATAL notification could
be transmitted.

Version 2.1.14

Also, if we look at src/openvpn/manage.c, we see that the man_output_list_push_finalize function is called before the man_reset_client_socket function now. Closing this bug...

Note: See TracTickets for help on using tickets.