On 05/03/2025 00:19, Antonio Quartulli wrote:
On 04/03/2025 19:37, Sabrina Dubroca wrote:
2025-03-04, 01:33:48 +0100, Antonio Quartulli wrote:
A peer connected via UDP may change its IP address without reconnecting
(float).
Should that trigger a reset of the peer->dst_cache? And same when
userspace updates the remote address? Otherwise it seems we could be
stuck with a cached dst that cannot reach the peer.
Yeah, that make sense, otherwise ovpn_udpX_output would just try over
and over to re-use the cached source address (unless it becomes
unavailable).
I spent some more time thinking about this.
It makes sense to reset the dst cache when the local address changes,
but not in case of float (remote address changed).
That's because we always want to first attempt sending packets using the
address where the remote peer sent the traffic to.
Should that not work (quite rare), then we have code in ovpn_udpX_output
that will reset the cache and attempt a different address.
Cheers,
--
Antonio Quartulli
OpenVPN Inc.
