From 278c2bc4ce7fa7c69dcb19999ea0c8bc12348eb8 Mon Sep 17 00:00:00 2001
From: Razvan Cojocaru <razvan.cojocaru@openvpn.com>
Date: Wed, 30 Oct 2024 12:28:06 +0200
Subject: [PATCH] ServerProto: Support IV_PROTO_REQUEST_PUSH

For clients that support IV_PROTO_REQUEST_PUSH, an additional
round-trip can be avoided by sending a push reply immediately once
the connection becomes active, instead of waiting for a subsequent
explicit PUSH_REQUEST.

Signed-off-by: Razvan Cojocaru <razvan.cojocaru@openvpn.com>
---
 openvpn/server/servproto.hpp | 9 +++++----
 openvpn/ssl/proto.hpp        | 5 +++++
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/openvpn/server/servproto.hpp b/openvpn/server/servproto.hpp
index 71eec0b7..ec8b9dd8 100644
--- a/openvpn/server/servproto.hpp
+++ b/openvpn/server/servproto.hpp
@@ -334,6 +334,7 @@ class ServerProto
                 AuthCreds::Ptr auth_creds(new AuthCreds(Unicode::utf8_printable(username, MAX_USERNAME_SIZE | Unicode::UTF8_FILTER),
                                                         Unicode::utf8_printable(password, MAX_PASSWORD_SIZE | Unicode::UTF8_FILTER | Unicode::UTF8_PASS_FMT),
                                                         Unicode::utf8_printable(peer_info, Unicode::UTF8_FILTER | Unicode::UTF8_PASS_FMT)));
+                proto_request_push = ProtoContext::IvProtoHelper(auth_creds->peer_info).client_supports_request_push();
                 ManLink::send->auth_request(auth_creds, auth_cert, peer_addr);
             }
         }
@@ -370,10 +371,8 @@ class ServerProto
 
         void active(bool primary) override
         {
-            /* Currently the server does not do anything special when the connection
-             * is ready (control channel fully established). We probably should trigger
-             * sending a PUSH_REPLY here, when the client requested it via
-             * IV_PROTO_REQUEST_PUSH instead waiting for an explicit PUSH_REQUEST */
+            if (proto_request_push && get_management())
+                ManLink::send->push_request(proto_context.conf_ptr());
         }
 
         void auth_failed(const std::string &reason,
@@ -768,6 +767,8 @@ class ServerProto
 
         ManClientInstance::Factory::Ptr man_factory;
         TunClientInstance::Factory::Ptr tun_factory;
+
+        bool proto_request_push = false;
     };
 };
 
diff --git a/openvpn/ssl/proto.hpp b/openvpn/ssl/proto.hpp
index 73ff945a..e8086d95 100644
--- a/openvpn/ssl/proto.hpp
+++ b/openvpn/ssl/proto.hpp
@@ -3572,6 +3572,11 @@ class ProtoContext : public logging::LoggingMixin<OPENVPN_DEBUG_PROTO,
             return proto_field_ & iv_proto_flag::IV_PROTO_PUSH_UPDATE;
         }
 
+        bool client_supports_request_push() const
+        {
+            return proto_field_ & iv_proto_flag::IV_PROTO_REQUEST_PUSH;
+        }
+
       private:
         unsigned int proto_field_;
     };