)]}'
{"id":"openvpn~1744","triplet_id":"openvpn~master~I930d3789e0313aa0c3bc51ee5fd1d108343d59f0","project":"openvpn","branch":"master","attention_set":{"1000003":{"account":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"last_update":"2026-06-29 07:58:37.000000000","reason":"Reviewer was added"}},"removed_from_attention_set":{},"hashtags":[],"change_id":"I930d3789e0313aa0c3bc51ee5fd1d108343d59f0","subject":"oob: Answer SERVER_PROBE on the server (P_CONTROL_OOB_V1)","status":"NEW","created":"2026-06-29 07:58:31.000000000","updated":"2026-07-02 12:30:33.000000000","submit_type":"CHERRY_PICK","submittable":false,"total_comment_count":0,"unresolved_comment_count":0,"has_review_started":true,"meta_rev_id":"a30e02097c429c4bab75d3a7d2dc2ff8c11fd11e","_number":1744,"virtual_id_number":1744,"owner":{"_account_id":1000008,"name":"stipa","display_name":"Lev Stipakov","email":"lstipakov@gmail.com","username":"stipa"},"actions":{},"labels":{"Code-Review":{"all":[{"value":0,"permitted_voting_range":{"min":-2,"max":2},"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"}],"values":{"-2":"This shall not be submitted","-1":"I would prefer this is not submitted as is"," 0":"No score","+1":"Looks good to me, but someone else must approve","+2":"Looks good to me, approved"},"description":"","default_value":0}},"removable_reviewers":[],"reviewers":{"REVIEWER":[{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"}],"CC":[{"_account_id":1000026,"name":"openvpn-devel","email":"openvpn-devel@lists.sourceforge.net","username":"openvpn-devel"}]},"pending_reviewers":{},"reviewer_updates":[{"updated":"2026-06-29 07:58:37.000000000","updated_by":{"_account_id":1000008,"name":"stipa","display_name":"Lev Stipakov","email":"lstipakov@gmail.com","username":"stipa"},"reviewer":{"_account_id":1000026,"name":"openvpn-devel","email":"openvpn-devel@lists.sourceforge.net","username":"openvpn-devel"},"state":"CC"},{"updated":"2026-06-29 07:58:37.000000000","updated_by":{"_account_id":1000008,"name":"stipa","display_name":"Lev Stipakov","email":"lstipakov@gmail.com","username":"stipa"},"reviewer":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"state":"REVIEWER"}],"messages":[{"id":"46eacca47ad175060dfb4606d0bad7560dd49c56","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":1000008,"name":"stipa","display_name":"Lev Stipakov","email":"lstipakov@gmail.com","username":"stipa"},"date":"2026-06-29 07:58:31.000000000","message":"Uploaded patch set 1.","accounts_in_message":[],"_revision_number":1},{"id":"903e86e51dcb8a6224bd13fa6b2029aaffdce452","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":1000008,"name":"stipa","display_name":"Lev Stipakov","email":"lstipakov@gmail.com","username":"stipa"},"date":"2026-06-29 12:37:47.000000000","message":"Uploaded patch set 2: Patch Set 1 was rebased.","accounts_in_message":[],"_revision_number":2},{"id":"a30e02097c429c4bab75d3a7d2dc2ff8c11fd11e","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":1000008,"name":"stipa","display_name":"Lev Stipakov","email":"lstipakov@gmail.com","username":"stipa"},"date":"2026-07-02 12:30:33.000000000","message":"Uploaded patch set 3: Patch Set 2 was rebased. Commit message was updated.","accounts_in_message":[],"_revision_number":3}],"current_revision_number":3,"current_revision":"b1489c94ae9907d1f279ee9a9b1d9e4386eac51c","revisions":{"ba0990d5a06591518855e29695471871e113fbb5":{"kind":"REWORK","_number":1,"created":"2026-06-29 07:58:31.000000000","uploader":{"_account_id":1000008,"name":"stipa","display_name":"Lev Stipakov","email":"lstipakov@gmail.com","username":"stipa"},"ref":"refs/changes/44/1744/1","fetch":{"anonymous http":{"url":"http://gerrit.openvpn.net/openvpn","ref":"refs/changes/44/1744/1","commands":{"Branch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/44/1744/1 \u0026\u0026 git checkout -b change-1744 FETCH_HEAD","Checkout":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/44/1744/1 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/44/1744/1 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/44/1744/1 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull http://gerrit.openvpn.net/openvpn refs/changes/44/1744/1","Reset To":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/44/1744/1 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"4affc7258b2f3dffdf52640e3ba3705f405fae9e","subject":"mudp: extract send_standalone_reply() helper"}],"author":{"name":"Lev Stipakov","email":"lev@openvpn.net","date":"2026-06-18 13:00:14.000000000","tz":180},"committer":{"name":"Lev Stipakov","email":"lev@openvpn.net","date":"2026-06-29 07:58:02.000000000","tz":180},"subject":"oob: Answer SERVER_PROBE on the server (P_CONTROL_OOB_V1)","message":"oob: Answer SERVER_PROBE on the server (P_CONTROL_OOB_V1)\n\nMake a --mode server UDP listener answer an out-of-band SERVER_PROBE without\ncreating a session:\n\n  - tls_pre_decrypt_lite() accepts P_CONTROL_OOB_V1 and returns the new\n    VERDICT_VALID_OOB_V1 verdict.\n  - tls_wrap_oob_standalone() builds a session-less P_CONTROL_OOB_V1 packet:\n    opcode + session id + the usual tls-auth/tls-crypt wrapping around a bare\n    TLV payload (no reliability/ACK fields), mirroring tls_reset_standalone().\n  - do_pre_decrypt_check() handles the new verdict: it asks\n    oob_build_probe_reply() whether to answer, and if so sends a PROBE_REPLY\n    via send_probe_reply() (synchronous, stateless, like the HMAC reset path)\n    and returns false so no session is created.\n\nThe reply\u0027s own session id is the stateless SYN-cookie used by the three-way\nhandshake, so the responder keeps no state and the reply can later serve as\nthe handshake reset (connect_lifetime shortcut).\n\nP_LAST_OPCODE is intentionally not widened: the server path uses the\ntls_pre_decrypt_lite() allowlist and tls_wrap_control() directly, so opcode 12\nneed not pass the established-session opcode gate yet. That gate (and the\nmatching tls_pre_decrypt() handler) is widened together with the client\nreceive path.\n\noob.c is now wired into the openvpn build as it has a real caller.\n\nChange-Id: I930d3789e0313aa0c3bc51ee5fd1d108343d59f0\nSigned-off-by: Lev Stipakov \u003clev@openvpn.net\u003e\n"},"branch":"refs/heads/master"},"1982fb92635656a27559b8dde680921cb44f5e14":{"kind":"TRIVIAL_REBASE","_number":2,"created":"2026-06-29 12:37:47.000000000","uploader":{"_account_id":1000008,"name":"stipa","display_name":"Lev Stipakov","email":"lstipakov@gmail.com","username":"stipa"},"ref":"refs/changes/44/1744/2","fetch":{"anonymous http":{"url":"http://gerrit.openvpn.net/openvpn","ref":"refs/changes/44/1744/2","commands":{"Branch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/44/1744/2 \u0026\u0026 git checkout -b change-1744 FETCH_HEAD","Checkout":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/44/1744/2 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/44/1744/2 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/44/1744/2 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull http://gerrit.openvpn.net/openvpn refs/changes/44/1744/2","Reset To":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/44/1744/2 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"f97b53396d0eedce335444a305505194107f6d13","subject":"mudp: extract send_standalone_reply() helper"}],"author":{"name":"Lev Stipakov","email":"lev@openvpn.net","date":"2026-06-18 13:00:14.000000000","tz":180},"committer":{"name":"Lev Stipakov","email":"lev@openvpn.net","date":"2026-06-29 12:32:06.000000000","tz":180},"subject":"oob: Answer SERVER_PROBE on the server (P_CONTROL_OOB_V1)","message":"oob: Answer SERVER_PROBE on the server (P_CONTROL_OOB_V1)\n\nMake a --mode server UDP listener answer an out-of-band SERVER_PROBE without\ncreating a session:\n\n  - tls_pre_decrypt_lite() accepts P_CONTROL_OOB_V1 and returns the new\n    VERDICT_VALID_OOB_V1 verdict.\n  - tls_wrap_oob_standalone() builds a session-less P_CONTROL_OOB_V1 packet:\n    opcode + session id + the usual tls-auth/tls-crypt wrapping around a bare\n    TLV payload (no reliability/ACK fields), mirroring tls_reset_standalone().\n  - do_pre_decrypt_check() handles the new verdict: it asks\n    oob_build_probe_reply() whether to answer, and if so sends a PROBE_REPLY\n    via send_probe_reply() (synchronous, stateless, like the HMAC reset path)\n    and returns false so no session is created.\n\nThe reply\u0027s own session id is the stateless SYN-cookie used by the three-way\nhandshake, so the responder keeps no state and the reply can later serve as\nthe handshake reset (connect_lifetime shortcut).\n\nP_LAST_OPCODE is intentionally not widened: the server path uses the\ntls_pre_decrypt_lite() allowlist and tls_wrap_control() directly, so opcode 12\nneed not pass the established-session opcode gate yet. That gate (and the\nmatching tls_pre_decrypt() handler) is widened together with the client\nreceive path.\n\noob.c is now wired into the openvpn build as it has a real caller.\n\nChange-Id: I930d3789e0313aa0c3bc51ee5fd1d108343d59f0\nSigned-off-by: Lev Stipakov \u003clev@openvpn.net\u003e\n"},"branch":"refs/heads/master"},"b1489c94ae9907d1f279ee9a9b1d9e4386eac51c":{"kind":"TRIVIAL_REBASE_WITH_MESSAGE_UPDATE","_number":3,"created":"2026-07-02 12:30:33.000000000","uploader":{"_account_id":1000008,"name":"stipa","display_name":"Lev Stipakov","email":"lstipakov@gmail.com","username":"stipa"},"ref":"refs/changes/44/1744/3","fetch":{"anonymous http":{"url":"http://gerrit.openvpn.net/openvpn","ref":"refs/changes/44/1744/3","commands":{"Branch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/44/1744/3 \u0026\u0026 git checkout -b change-1744 FETCH_HEAD","Checkout":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/44/1744/3 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/44/1744/3 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/44/1744/3 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull http://gerrit.openvpn.net/openvpn refs/changes/44/1744/3","Reset To":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/44/1744/3 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"7f5cd4fa48a346b91bbc1e7c52c1d6351e8cc61c","subject":"mudp: extract send_standalone_reply() helper"}],"author":{"name":"Lev Stipakov","email":"lev@openvpn.net","date":"2026-06-18 13:00:14.000000000","tz":180},"committer":{"name":"Lev Stipakov","email":"lev@openvpn.net","date":"2026-07-02 12:11:48.000000000","tz":180},"subject":"oob: Answer SERVER_PROBE on the server (P_CONTROL_OOB_V1)","message":"oob: Answer SERVER_PROBE on the server (P_CONTROL_OOB_V1)\n\nMake a --mode server UDP listener answer an out-of-band SERVER_PROBE without\ncreating a session:\n\n  - tls_pre_decrypt_lite() accepts P_CONTROL_OOB_V1 and returns the new\n    VERDICT_VALID_OOB_V1 verdict.\n  - tls_wrap_oob_standalone() builds a session-less P_CONTROL_OOB_V1 packet:\n    opcode + session id + the usual tls-auth/tls-crypt wrapping around a bare\n    TLV payload (no reliability/ACK fields), mirroring tls_reset_standalone().\n  - do_pre_decrypt_check() handles the new verdict: it asks\n    oob_build_probe_reply() whether to answer, and if so sends a PROBE_REPLY\n    via send_probe_reply() (synchronous, stateless, like the HMAC reset path)\n    and returns false so no session is created.\n\nThe reply\u0027s own session id is the stateless SYN-cookie used by the three-way\nhandshake, so the responder keeps no state and the reply can later serve as\nthe handshake reset (connect_lifetime shortcut).\n\nP_LAST_OPCODE is intentionally not widened: the server path uses the\ntls_pre_decrypt_lite() allowlist and tls_wrap_control() directly, so opcode 12\nneed not pass the established-session opcode gate yet. That gate (and the\nmatching tls_pre_decrypt() handler) is widened together with the client\nreceive path.\n\nChange-Id: I930d3789e0313aa0c3bc51ee5fd1d108343d59f0\nSigned-off-by: Lev Stipakov \u003clev@openvpn.net\u003e\n"},"branch":"refs/heads/master"}},"requirements":[{"status":"NOT_READY","fallback_text":"All required checks must pass","type":"checks_pass"}],"submit_records":[{"rule_name":"gerrit~DefaultSubmitRule","status":"NOT_READY","labels":[{"label":"Code-Review","status":"NEED"}]},{"rule_name":"checks~ChecksSubmitRule","status":"NOT_READY","requirements":[{"status":"NOT_READY","fallback_text":"All required checks must pass","type":"checks_pass"}]}],"submit_requirements":[{"name":"Code-Review","status":"UNSATISFIED","is_legacy":true,"submittability_expression_result":{"expression":"label:Code-Review\u003dMAX -label:Code-Review\u003dMIN","fulfilled":false,"status":"FAIL","passing_atoms":[],"failing_atoms":["label:Code-Review\u003dMAX","-label:Code-Review\u003dMIN"]}},{"name":"checks~ChecksSubmitRule","status":"UNSATISFIED","is_legacy":true,"submittability_expression_result":{"expression":"rule:checks~ChecksSubmitRule","fulfilled":false,"status":"FAIL","passing_atoms":[],"failing_atoms":["checks~ChecksSubmitRule"]}}]}
