OpenVPN
diff --git a/‎src/openvpn/auth_token.c‎
Lines changed: 17 additions & 12 deletions b/‎src/openvpn/auth_token.c‎
Lines changed: 17 additions & 12 deletions
diff --git a/‎src/openvpn/auth_token.h‎
Lines changed: 1 addition & 1 deletion b/‎src/openvpn/auth_token.h‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/openvpn/forward.c‎
Lines changed: 48 additions & 35 deletions b/‎src/openvpn/forward.c‎
Lines changed: 48 additions & 35 deletions
diff --git a/‎src/openvpn/forward.h‎
Lines changed: 9 additions & 8 deletions b/‎src/openvpn/forward.h‎
Lines changed: 9 additions & 8 deletions
@@ -35,15 +35,15 @@ auth_token_kt(void)
 }
 
 void
-add_session_token_env(struct tls_session *session, struct tls_multi *multi,
-                      const struct user_pass *up)
+add_session_token_env(struct tls_session *session, struct tls_multi *multi, const struct user_pass *up)
 {
     if (!multi->opt.auth_token_generate)
     {
         return;
     }
 
-    int auth_token_state_flags = session->key[KS_PRIMARY].auth_token_state_flags;
+    struct key_state *ks = tls_select_encryption_key_init(multi);
+    int auth_token_state_flags = ks->auth_token_state_flags;
 
     const char *state;
 
@@ -81,7 +81,7 @@ add_session_token_env(struct tls_session *session, struct tls_multi *multi,
         state = "Invalid";
     }
 
-    setenv_str(session->opt->es, "session_state", state);
+    setenv_str(multi->opt.es, "session_state", state);
 
     /* We had a valid session id before */
     const char *session_id_source;
@@ -111,7 +111,7 @@ add_session_token_env(struct tls_session *session, struct tls_multi *multi,
     memcpy(session_id, session_id_source + strlen(SESSION_ID_PREFIX),
            AUTH_TOKEN_SESSION_ID_LEN * 8 / 6);
 
-    setenv_str(session->opt->es, "session_id", session_id);
+    setenv_str(multi->opt.es, "session_id", session_id);
 }
 
 void
@@ -217,8 +217,8 @@ generate_auth_token(const struct user_pass *up, struct tls_multi *multi)
      * a new token with the empty username since we do not want to loose
      * the information that the username cannot be trusted
      */
-    struct key_state *ks = &multi->session[TM_ACTIVE].key[KS_PRIMARY];
-    if (ks->auth_token_state_flags & AUTH_TOKEN_VALID_EMPTYUSER)
+    struct key_state *ks = tls_select_encryption_key_init(multi);
+    if (ks && ks->auth_token_state_flags & AUTH_TOKEN_VALID_EMPTYUSER)
     {
         hmac_ctx_update(ctx, (const uint8_t *)"", 0);
     }
@@ -415,10 +415,15 @@ void
 check_send_auth_token(struct context *c)
 {
     struct tls_multi *multi = c->c2.tls_multi;
-    struct tls_session *session = &multi->session[TM_ACTIVE];
 
-    if (get_primary_key(multi)->state < S_GENERATED_KEYS
-        || get_primary_key(multi)->authenticated != KS_AUTH_TRUE)
+    if (!multi)
+    {
+        return;
+    }
+
+    struct key_state *ks = tls_select_encryption_key_init(multi);
+
+    if (ks->state < S_GENERATED_KEYS || ks->authenticated != KS_AUTH_TRUE)
     {
         /* the currently active session is still in renegotiation or another
          * not fully authorized state. We are either very close to a
@@ -447,11 +452,11 @@ check_send_auth_token(struct context *c)
 
     generate_auth_token(&up, multi);
 
-    resend_auth_token_renegotiation(multi, session);
+    resend_auth_token_renegotiation(multi);
 }
 
 void
-resend_auth_token_renegotiation(struct tls_multi *multi, struct tls_session *session)
+resend_auth_token_renegotiation(struct tls_multi *multi)
 {
     /*
      * Auth token already sent to client, update auth-token on client.
 
@@ -128,7 +128,7 @@ is_auth_token(const char *password)
  * @param multi     Pointer the multi object of the TLS session
  * @param session   Pointer to the TLS session itself
  */
-void resend_auth_token_renegotiation(struct tls_multi *multi, struct tls_session *session);
+void resend_auth_token_renegotiation(struct tls_multi *multi);
 
 
 /**
 
@@ -292,7 +292,7 @@ check_incoming_control_channel(struct context *c)
 
     struct gc_arena gc = gc_new();
     struct buffer buf = alloc_buf_gc(len, &gc);
-    if (tls_rec_payload(c->c2.tls_multi, &buf))
+    while (tls_rec_payload(c->c2.tls_multi, &buf))
     {
         while (BLEN(&buf) > 1)
         {
@@ -304,10 +304,6 @@ check_incoming_control_channel(struct context *c)
             }
         }
     }
-    else
-    {
-        msg(D_PUSH_ERRORS, "WARNING: Receive control message failed");
-    }
 
     gc_free(&gc);
 }
@@ -376,20 +372,18 @@ check_connection_established(struct context *c)
 #endif
 
 bool
-send_control_channel_string_dowork(struct tls_session *session, const char *str,
-                                   msglvl_t msglevel)
+send_control_channel_string_dowork(struct tls_multi *multi, struct key_state *ks, const char *str, msglvl_t msglevel)
 {
     struct gc_arena gc = gc_new();
     bool stat;
 
-    ASSERT(session);
-    struct key_state *ks = &session->key[KS_PRIMARY];
+    ASSERT(multi);
 
     /* buffered cleartext write onto TLS control channel */
     stat = tls_send_payload(ks, (uint8_t *)str, strlen(str) + 1);
 
     msg(msglevel, "SENT CONTROL [%s]: '%s' (status=%d)",
-        session->common_name ? session->common_name : "UNDEF", sanitize_control_message(str, &gc),
+        multi->common_name ? multi->common_name : "UNDEF", sanitize_control_message(str, &gc),
         (int)stat);
 
     gc_free(&gc);
@@ -406,12 +400,12 @@ reschedule_multi_process(struct context *c)
 bool
 send_control_channel_string(struct context *c, const char *str, msglvl_t msglevel)
 {
-    if (c->c2.tls_multi)
+    struct tls_multi *multi = c->c2.tls_multi;
+    if (multi)
     {
-        struct tls_session *session = &c->c2.tls_multi->session[TM_ACTIVE];
-        bool ret = send_control_channel_string_dowork(session, str, msglevel);
+        struct key_state *ks = tls_select_encryption_key_init(multi);
+        bool ret = send_control_channel_string_dowork(multi, ks, str, msglevel);
         reschedule_multi_process(c);
-
         return ret;
     }
     return true;
@@ -2358,11 +2352,13 @@ get_io_flags_udp(struct context *c, struct multi_io *multi_io, const unsigned in
 }
 
 void
-io_wait_dowork(struct context *c, const unsigned int flags)
+io_wait_dowork(struct context *c, const unsigned int flags, int t)
 {
     unsigned int out_socket;
     unsigned int out_tuntap;
     struct event_set_return esr[4];
+    struct event_set *event_set = ((t & THREAD_RTWL) != 0) ? c->c2.event_set : c->c2.event_set2;
+    unsigned int *event_set_status = ((t & THREAD_RTWL) != 0) ? &(c->c2.event_set_status) : &(c->c2.event_set_status2);
 
     /* These shifts all depend on EVENT_READ and EVENT_WRITE */
     static uintptr_t socket_shift = SOCKET_SHIFT; /* depends on SOCKET_READ and SOCKET_WRITE */
@@ -2380,29 +2376,29 @@ io_wait_dowork(struct context *c, const unsigned int flags)
     /*
      * Decide what kind of events we want to wait for.
      */
-    event_reset(c->c2.event_set);
+    event_reset(event_set);
 
-    multi_io_process_flags(c, c->c2.event_set, flags, &out_socket, &out_tuntap);
+    multi_io_process_flags(c, event_set, flags, &out_socket, &out_tuntap);
 
 #if defined(TARGET_LINUX) || defined(TARGET_FREEBSD)
     if (out_socket & EVENT_READ && c->c2.did_open_tun)
     {
-        dco_event_set(&c->c1.tuntap->dco, c->c2.event_set, (void *)dco_shift);
+        dco_event_set(&c->c1.tuntap->dco, event_set, (void *)dco_shift);
     }
 #endif
 
 #ifdef ENABLE_MANAGEMENT
     if (management)
     {
-        management_socket_set(management, c->c2.event_set, (void *)management_shift, NULL);
+        management_socket_set(management, event_set, (void *)management_shift, NULL);
     }
 #endif
 
 #ifdef ENABLE_ASYNC_PUSH
     /* arm inotify watcher */
     if (c->options.mode == MODE_SERVER)
     {
-        event_ctl(c->c2.event_set, c->c2.inotify_fd, EVENT_READ, (void *)file_shift);
+        event_ctl(event_set, c->c2.inotify_fd, EVENT_READ, (void *)file_shift);
     }
 #endif
 
@@ -2416,7 +2412,7 @@ io_wait_dowork(struct context *c, const unsigned int flags)
      *  (6) timeout (tv) expired
      */
 
-    c->c2.event_set_status = ES_ERROR;
+    *event_set_status = ES_ERROR;
 
     if (!c->sig->signal_received)
     {
@@ -2434,14 +2430,14 @@ io_wait_dowork(struct context *c, const unsigned int flags)
             /*
              * Wait for something to happen.
              */
-            status = event_wait(c->c2.event_set, &c->c2.timeval, esr, SIZE(esr));
+            status = event_wait(event_set, &c->c2.timeval, esr, SIZE(esr));
 
             check_status(status, "event_wait", NULL, NULL);
 
             if (status > 0)
             {
                 int i;
-                c->c2.event_set_status = 0;
+                *event_set_status = 0;
                 for (i = 0; i < status; ++i)
                 {
                     const struct event_set_return *e = &esr[i];
@@ -2452,7 +2448,7 @@ io_wait_dowork(struct context *c, const unsigned int flags)
                         struct event_arg *ev_arg = (struct event_arg *)e->arg;
                         if (ev_arg->type != EVENT_ARG_LINK_SOCKET)
                         {
-                            c->c2.event_set_status = ES_ERROR;
+                            *event_set_status = ES_ERROR;
                             msg(D_LINK_ERRORS, "io_work: non socket event delivered");
                             return;
                         }
@@ -2464,30 +2460,30 @@ io_wait_dowork(struct context *c, const unsigned int flags)
                         shift = (uintptr_t)e->arg;
                     }
 
-                    c->c2.event_set_status |= ((e->rwflags & 3) << shift);
+                    *event_set_status |= ((e->rwflags & 3) << shift);
                 }
             }
             else if (status == 0)
             {
-                c->c2.event_set_status = ES_TIMEOUT;
+                *event_set_status = ES_TIMEOUT;
             }
         }
         else
         {
-            c->c2.event_set_status = SOCKET_READ;
+            *event_set_status = SOCKET_READ;
         }
     }
 
     /* 'now' should always be a reasonably up-to-date timestamp */
     update_time();
 
     /* set signal_received if a signal was received */
-    if (c->c2.event_set_status & ES_ERROR)
+    if (*event_set_status & ES_ERROR)
     {
         get_signal(&c->sig->signal_received);
     }
 
-    dmsg(D_EVENT_WAIT, "I/O WAIT status=0x%04x", c->c2.event_set_status);
+    dmsg(D_EVENT_WAIT, "I/O WAIT status=0x%04x", *event_set_status);
 }
 
 void threaded_fwd_inp_intf(struct context *c, struct link_socket *sock, struct thread_pointer *b)
@@ -2507,7 +2503,7 @@ void threaded_fwd_inp_intf(struct context *c, struct link_socket *sock, struct t
 }
 
 void
-process_io(struct context *c, struct link_socket *sock, struct thread_pointer *b)
+process_io(struct context *c, struct link_socket *sock, struct thread_pointer *b, int t)
 {
     const unsigned int status = c->c2.event_set_status;
 
@@ -2520,17 +2516,17 @@ process_io(struct context *c, struct link_socket *sock, struct thread_pointer *b
 #endif
 
     /* TCP/UDP port ready to accept write */
-    if (status & SOCKET_WRITE)
+    if ((status & SOCKET_WRITE) && ((t & THREAD_RTWL) != 0))
     {
         process_outgoing_link(c, sock);
     }
     /* TUN device ready to accept write */
-    else if (status & TUN_WRITE)
+    else if ((status & TUN_WRITE) && ((t & THREAD_RLWT) != 0))
     {
         process_outgoing_tun(c, sock);
     }
     /* Incoming data on TCP/UDP port */
-    else if (status & SOCKET_READ)
+    else if ((status & SOCKET_READ) && ((t & THREAD_RLWT) != 0))
     {
         read_incoming_link(c, sock);
         if (!IS_SIG(c))
@@ -2539,15 +2535,32 @@ process_io(struct context *c, struct link_socket *sock, struct thread_pointer *b
         }
     }
     /* Incoming data on TUN device */
-    else if (status & TUN_READ)
+    else if ((status & TUN_READ) && ((t & THREAD_RTWL) != 0))
     {
         threaded_fwd_inp_intf(c, sock, b);
     }
-    else if (status & DCO_READ)
+    else if ((status & DCO_READ) && ((t & THREAD_RTWL) != 0))
     {
         if (!IS_SIG(c))
         {
             process_incoming_dco(c);
         }
     }
 }
+
+void *threaded_process_io(void *a)
+{
+    struct dual_args *d = (struct dual_args *)a;
+    struct thread_pointer *b = d->b;
+    int t = d->t;
+    while (true)
+    {
+        if (b->p->z != 1) { break; }
+        pthread_mutex_lock(&(d->i));
+        if (b->p->z != 1) { break; }
+        struct context *c = d->c;
+        process_io(c, c->c2.link_sockets[0], b, t);
+        pthread_mutex_unlock(&(d->o));
+    }
+    return NULL;
+}
@@ -72,16 +72,18 @@ extern counter_type link_read_bytes_global;
 
 extern counter_type link_write_bytes_global;
 
-void get_io_flags_dowork_udp(struct context *c, struct multi_io *multi_io,
-                             const unsigned int flags);
+
+void get_io_flags_dowork_udp(struct context *c, struct multi_io *multi_io, const unsigned int flags);
 
 void get_io_flags_udp(struct context *c, struct multi_io *multi_io, const unsigned int flags);
 
-void io_wait_dowork(struct context *c, const unsigned int flags);
+void io_wait_dowork(struct context *c, const unsigned int flags, int t);
 
 void pre_select(struct context *c);
 
-void process_io(struct context *c, struct link_socket *sock, struct thread_pointer *b);
+void process_io(struct context *c, struct link_socket *sock, struct thread_pointer *b, int t);
+
+void *threaded_process_io(void *a);
 
 
 /**********************************************************************/
@@ -309,8 +311,7 @@ bool send_control_channel_string(struct context *c, const char *str, msglvl_t ms
  * @param msglevel   - Message level to use for logging
  */
 
-bool send_control_channel_string_dowork(struct tls_session *session, const char *str,
-                                        msglvl_t msglevel);
+bool send_control_channel_string_dowork(struct tls_multi *multi, struct key_state *ks, const char *str, msglvl_t msglevel);
 
 
 /**
@@ -386,7 +387,7 @@ p2p_iow_flags(const struct context *c)
  * for the top-level server sockets.
  */
 static inline void
-io_wait(struct context *c, const unsigned int flags)
+io_wait(struct context *c, const unsigned int flags, int t)
 {
     if (proto_is_dgram(c->c2.link_sockets[0]->info.proto) && c->c2.fast_io
         && (flags & (IOW_TO_TUN | IOW_TO_LINK | IOW_MBUF)))
@@ -406,7 +407,7 @@ io_wait(struct context *c, const unsigned int flags)
     else
     {
         /* slow path */
-        io_wait_dowork(c, flags);
+        io_wait_dowork(c, flags, t);
     }
 }
Original file line number	Diff line number	Diff line change
`@@ -35,15 +35,15 @@ auth_token_kt(void)`
`35`	`35`	`}`
`36`	`36`
`37`	`37`	`void`
`38`		`-add_session_token_env(struct tls_session session, struct tls_multi multi,`
`39`		`- const struct user_pass *up)`
	`38`	`+add_session_token_env(struct tls_session session, struct tls_multi multi, const struct user_pass *up)`
`40`	`39`	`{`
`41`	`40`	`if (!multi->opt.auth_token_generate)`
`42`	`41`	`{`
`43`	`42`	`return;`
`44`	`43`	`}`
`45`	`44`
`46`		`- int auth_token_state_flags = session->key[KS_PRIMARY].auth_token_state_flags;`
	`45`	`+ struct key_state *ks = tls_select_encryption_key_init(multi);`
	`46`	`+ int auth_token_state_flags = ks->auth_token_state_flags;`
`47`	`47`
`48`	`48`	`const char *state;`
`49`	`49`
`@@ -81,7 +81,7 @@ add_session_token_env(struct tls_session session, struct tls_multi multi,`
`81`	`81`	`state = "Invalid";`
`82`	`82`	`}`
`83`	`83`
`84`		`- setenv_str(session->opt->es, "session_state", state);`
	`84`	`+ setenv_str(multi->opt.es, "session_state", state);`
`85`	`85`
`86`	`86`	`/* We had a valid session id before */`
`87`	`87`	`const char *session_id_source;`
`@@ -111,7 +111,7 @@ add_session_token_env(struct tls_session session, struct tls_multi multi,`
`111`	`111`	`memcpy(session_id, session_id_source + strlen(SESSION_ID_PREFIX),`
`112`	`112`	`AUTH_TOKEN_SESSION_ID_LEN * 8 / 6);`
`113`	`113`
`114`		`- setenv_str(session->opt->es, "session_id", session_id);`
	`114`	`+ setenv_str(multi->opt.es, "session_id", session_id);`
`115`	`115`	`}`
`116`	`116`
`117`	`117`	`void`
`@@ -217,8 +217,8 @@ generate_auth_token(const struct user_pass up, struct tls_multi multi)`
`217`	`217`	`* a new token with the empty username since we do not want to loose`
`218`	`218`	`* the information that the username cannot be trusted`
`219`	`219`	`*/`
`220`		`- struct key_state *ks = &multi->session[TM_ACTIVE].key[KS_PRIMARY];`
`221`		`- if (ks->auth_token_state_flags & AUTH_TOKEN_VALID_EMPTYUSER)`
	`220`	`+ struct key_state *ks = tls_select_encryption_key_init(multi);`
	`221`	`+ if (ks && ks->auth_token_state_flags & AUTH_TOKEN_VALID_EMPTYUSER)`
`222`	`222`	`{`
`223`	`223`	`hmac_ctx_update(ctx, (const uint8_t *)"", 0);`
`224`	`224`	`}`
`@@ -415,10 +415,15 @@ void`
`415`	`415`	`check_send_auth_token(struct context *c)`
`416`	`416`	`{`
`417`	`417`	`struct tls_multi *multi = c->c2.tls_multi;`
`418`		`- struct tls_session *session = &multi->session[TM_ACTIVE];`
`419`	`418`
`420`		`- if (get_primary_key(multi)->state < S_GENERATED_KEYS`
`421`		`- \|\| get_primary_key(multi)->authenticated != KS_AUTH_TRUE)`
	`419`	`+ if (!multi)`
	`420`	`+ {`
	`421`	`+ return;`
	`422`	`+ }`
	`423`	`+`
	`424`	`+ struct key_state *ks = tls_select_encryption_key_init(multi);`
	`425`	`+`
	`426`	`+ if (ks->state < S_GENERATED_KEYS \|\| ks->authenticated != KS_AUTH_TRUE)`
`422`	`427`	`{`
`423`	`428`	`/* the currently active session is still in renegotiation or another`
`424`	`429`	`* not fully authorized state. We are either very close to a`
`@@ -447,11 +452,11 @@ check_send_auth_token(struct context *c)`
`447`	`452`
`448`	`453`	`generate_auth_token(&up, multi);`
`449`	`454`
`450`		`- resend_auth_token_renegotiation(multi, session);`
	`455`	`+ resend_auth_token_renegotiation(multi);`
`451`	`456`	`}`
`452`	`457`
`453`	`458`	`void`
`454`		`-resend_auth_token_renegotiation(struct tls_multi multi, struct tls_session session)`
	`459`	`+resend_auth_token_renegotiation(struct tls_multi *multi)`
`455`	`460`	`{`
`456`	`461`	`/*`
`457`	`462`	`* Auth token already sent to client, update auth-token on client.`
Original file line number	Diff line number	Diff line change
`@@ -292,7 +292,7 @@ check_incoming_control_channel(struct context *c)`
`292`	`292`
`293`	`293`	`struct gc_arena gc = gc_new();`
`294`	`294`	`struct buffer buf = alloc_buf_gc(len, &gc);`
`295`		`- if (tls_rec_payload(c->c2.tls_multi, &buf))`
	`295`	`+ while (tls_rec_payload(c->c2.tls_multi, &buf))`
`296`	`296`	`{`
`297`	`297`	`while (BLEN(&buf) > 1)`
`298`	`298`	`{`
`@@ -304,10 +304,6 @@ check_incoming_control_channel(struct context *c)`
`304`	`304`	`}`
`305`	`305`	`}`
`306`	`306`	`}`
`307`		`- else`
`308`		`- {`
`309`		`- msg(D_PUSH_ERRORS, "WARNING: Receive control message failed");`
`310`		`- }`
`311`	`307`
`312`	`308`	`gc_free(&gc);`
`313`	`309`	`}`
`@@ -376,20 +372,18 @@ check_connection_established(struct context *c)`
`376`	`372`	`#endif`
`377`	`373`
`378`	`374`	`bool`
`379`		`-send_control_channel_string_dowork(struct tls_session session, const char str,`
`380`		`- msglvl_t msglevel)`
	`375`	`+send_control_channel_string_dowork(struct tls_multi multi, struct key_state ks, const char *str, msglvl_t msglevel)`
`381`	`376`	`{`
`382`	`377`	`struct gc_arena gc = gc_new();`
`383`	`378`	`bool stat;`
`384`	`379`
`385`		`- ASSERT(session);`
`386`		`- struct key_state *ks = &session->key[KS_PRIMARY];`
	`380`	`+ ASSERT(multi);`
`387`	`381`
`388`	`382`	`/* buffered cleartext write onto TLS control channel */`
`389`	`383`	`stat = tls_send_payload(ks, (uint8_t *)str, strlen(str) + 1);`
`390`	`384`
`391`	`385`	`msg(msglevel, "SENT CONTROL [%s]: '%s' (status=%d)",`
`392`		`- session->common_name ? session->common_name : "UNDEF", sanitize_control_message(str, &gc),`
	`386`	`+ multi->common_name ? multi->common_name : "UNDEF", sanitize_control_message(str, &gc),`
`393`	`387`	`(int)stat);`
`394`	`388`
`395`	`389`	`gc_free(&gc);`
`@@ -406,12 +400,12 @@ reschedule_multi_process(struct context *c)`
`406`	`400`	`bool`
`407`	`401`	`send_control_channel_string(struct context c, const char str, msglvl_t msglevel)`
`408`	`402`	`{`
`409`		`- if (c->c2.tls_multi)`
	`403`	`+ struct tls_multi *multi = c->c2.tls_multi;`
	`404`	`+ if (multi)`
`410`	`405`	`{`
`411`		`- struct tls_session *session = &c->c2.tls_multi->session[TM_ACTIVE];`
`412`		`- bool ret = send_control_channel_string_dowork(session, str, msglevel);`
	`406`	`+ struct key_state *ks = tls_select_encryption_key_init(multi);`
	`407`	`+ bool ret = send_control_channel_string_dowork(multi, ks, str, msglevel);`
`413`	`408`	`reschedule_multi_process(c);`
`414`		`-`
`415`	`409`	`return ret;`
`416`	`410`	`}`
`417`	`411`	`return true;`
`@@ -2358,11 +2352,13 @@ get_io_flags_udp(struct context c, struct multi_io multi_io, const unsigned in`
`2358`	`2352`	`}`
`2359`	`2353`
`2360`	`2354`	`void`
`2361`		`-io_wait_dowork(struct context *c, const unsigned int flags)`
	`2355`	`+io_wait_dowork(struct context *c, const unsigned int flags, int t)`
`2362`	`2356`	`{`
`2363`	`2357`	`unsigned int out_socket;`
`2364`	`2358`	`unsigned int out_tuntap;`
`2365`	`2359`	`struct event_set_return esr[4];`
	`2360`	`+ struct event_set *event_set = ((t & THREAD_RTWL) != 0) ? c->c2.event_set : c->c2.event_set2;`
	`2361`	`+ unsigned int *event_set_status = ((t & THREAD_RTWL) != 0) ? &(c->c2.event_set_status) : &(c->c2.event_set_status2);`
`2366`	`2362`
`2367`	`2363`	`/* These shifts all depend on EVENT_READ and EVENT_WRITE */`
`2368`	`2364`	`static uintptr_t socket_shift = SOCKET_SHIFT; /* depends on SOCKET_READ and SOCKET_WRITE */`
`@@ -2380,29 +2376,29 @@ io_wait_dowork(struct context *c, const unsigned int flags)`
`2380`	`2376`	`/*`
`2381`	`2377`	`* Decide what kind of events we want to wait for.`
`2382`	`2378`	`*/`
`2383`		`- event_reset(c->c2.event_set);`
	`2379`	`+ event_reset(event_set);`
`2384`	`2380`
`2385`		`- multi_io_process_flags(c, c->c2.event_set, flags, &out_socket, &out_tuntap);`
	`2381`	`+ multi_io_process_flags(c, event_set, flags, &out_socket, &out_tuntap);`
`2386`	`2382`
`2387`	`2383`	`#if defined(TARGET_LINUX) \|\| defined(TARGET_FREEBSD)`
`2388`	`2384`	`if (out_socket & EVENT_READ && c->c2.did_open_tun)`
`2389`	`2385`	`{`
`2390`		`- dco_event_set(&c->c1.tuntap->dco, c->c2.event_set, (void *)dco_shift);`
	`2386`	`+ dco_event_set(&c->c1.tuntap->dco, event_set, (void *)dco_shift);`
`2391`	`2387`	`}`
`2392`	`2388`	`#endif`
`2393`	`2389`
`2394`	`2390`	`#ifdef ENABLE_MANAGEMENT`
`2395`	`2391`	`if (management)`
`2396`	`2392`	`{`
`2397`		`- management_socket_set(management, c->c2.event_set, (void *)management_shift, NULL);`
	`2393`	`+ management_socket_set(management, event_set, (void *)management_shift, NULL);`
`2398`	`2394`	`}`
`2399`	`2395`	`#endif`
`2400`	`2396`
`2401`	`2397`	`#ifdef ENABLE_ASYNC_PUSH`
`2402`	`2398`	`/* arm inotify watcher */`
`2403`	`2399`	`if (c->options.mode == MODE_SERVER)`
`2404`	`2400`	`{`
`2405`		`- event_ctl(c->c2.event_set, c->c2.inotify_fd, EVENT_READ, (void *)file_shift);`
	`2401`	`+ event_ctl(event_set, c->c2.inotify_fd, EVENT_READ, (void *)file_shift);`
`2406`	`2402`	`}`
`2407`	`2403`	`#endif`
`2408`	`2404`
`@@ -2416,7 +2412,7 @@ io_wait_dowork(struct context *c, const unsigned int flags)`
`2416`	`2412`	`* (6) timeout (tv) expired`
`2417`	`2413`	`*/`
`2418`	`2414`
`2419`		`- c->c2.event_set_status = ES_ERROR;`
	`2415`	`+ *event_set_status = ES_ERROR;`
`2420`	`2416`
`2421`	`2417`	`if (!c->sig->signal_received)`
`2422`	`2418`	`{`
`@@ -2434,14 +2430,14 @@ io_wait_dowork(struct context *c, const unsigned int flags)`
`2434`	`2430`	`/*`
`2435`	`2431`	`* Wait for something to happen.`
`2436`	`2432`	`*/`
`2437`		`- status = event_wait(c->c2.event_set, &c->c2.timeval, esr, SIZE(esr));`
	`2433`	`+ status = event_wait(event_set, &c->c2.timeval, esr, SIZE(esr));`
`2438`	`2434`
`2439`	`2435`	`check_status(status, "event_wait", NULL, NULL);`
`2440`	`2436`
`2441`	`2437`	`if (status > 0)`
`2442`	`2438`	`{`
`2443`	`2439`	`int i;`
`2444`		`- c->c2.event_set_status = 0;`
	`2440`	`+ *event_set_status = 0;`
`2445`	`2441`	`for (i = 0; i < status; ++i)`
`2446`	`2442`	`{`
`2447`	`2443`	`const struct event_set_return *e = &esr[i];`
`@@ -2452,7 +2448,7 @@ io_wait_dowork(struct context *c, const unsigned int flags)`
`2452`	`2448`	`struct event_arg ev_arg = (struct event_arg )e->arg;`
`2453`	`2449`	`if (ev_arg->type != EVENT_ARG_LINK_SOCKET)`
`2454`	`2450`	`{`
`2455`		`- c->c2.event_set_status = ES_ERROR;`
	`2451`	`+ *event_set_status = ES_ERROR;`
`2456`	`2452`	`msg(D_LINK_ERRORS, "io_work: non socket event delivered");`
`2457`	`2453`	`return;`
`2458`	`2454`	`}`
`@@ -2464,30 +2460,30 @@ io_wait_dowork(struct context *c, const unsigned int flags)`
`2464`	`2460`	`shift = (uintptr_t)e->arg;`
`2465`	`2461`	`}`
`2466`	`2462`
`2467`		`- c->c2.event_set_status \|= ((e->rwflags & 3) << shift);`
	`2463`	`+ *event_set_status \|= ((e->rwflags & 3) << shift);`
`2468`	`2464`	`}`
`2469`	`2465`	`}`
`2470`	`2466`	`else if (status == 0)`
`2471`	`2467`	`{`
`2472`		`- c->c2.event_set_status = ES_TIMEOUT;`
	`2468`	`+ *event_set_status = ES_TIMEOUT;`
`2473`	`2469`	`}`
`2474`	`2470`	`}`
`2475`	`2471`	`else`
`2476`	`2472`	`{`
`2477`		`- c->c2.event_set_status = SOCKET_READ;`
	`2473`	`+ *event_set_status = SOCKET_READ;`
`2478`	`2474`	`}`
`2479`	`2475`	`}`
`2480`	`2476`
`2481`	`2477`	`/* 'now' should always be a reasonably up-to-date timestamp */`
`2482`	`2478`	`update_time();`
`2483`	`2479`
`2484`	`2480`	`/* set signal_received if a signal was received */`
`2485`		`- if (c->c2.event_set_status & ES_ERROR)`
	`2481`	`+ if (*event_set_status & ES_ERROR)`
`2486`	`2482`	`{`
`2487`	`2483`	`get_signal(&c->sig->signal_received);`
`2488`	`2484`	`}`
`2489`	`2485`
`2490`		`- dmsg(D_EVENT_WAIT, "I/O WAIT status=0x%04x", c->c2.event_set_status);`
	`2486`	`+ dmsg(D_EVENT_WAIT, "I/O WAIT status=0x%04x", *event_set_status);`
`2491`	`2487`	`}`
`2492`	`2488`
`2493`	`2489`	`void threaded_fwd_inp_intf(struct context c, struct link_socket sock, struct thread_pointer *b)`
`@@ -2507,7 +2503,7 @@ void threaded_fwd_inp_intf(struct context c, struct link_socket sock, struct t`
`2507`	`2503`	`}`
`2508`	`2504`
`2509`	`2505`	`void`
`2510`		`-process_io(struct context c, struct link_socket sock, struct thread_pointer *b)`
	`2506`	`+process_io(struct context c, struct link_socket sock, struct thread_pointer *b, int t)`
`2511`	`2507`	`{`
`2512`	`2508`	`const unsigned int status = c->c2.event_set_status;`
`2513`	`2509`
`@@ -2520,17 +2516,17 @@ process_io(struct context c, struct link_socket sock, struct thread_pointer *b`
`2520`	`2516`	`#endif`
`2521`	`2517`
`2522`	`2518`	`/* TCP/UDP port ready to accept write */`
`2523`		`- if (status & SOCKET_WRITE)`
	`2519`	`+ if ((status & SOCKET_WRITE) && ((t & THREAD_RTWL) != 0))`
`2524`	`2520`	`{`
`2525`	`2521`	`process_outgoing_link(c, sock);`
`2526`	`2522`	`}`
`2527`	`2523`	`/* TUN device ready to accept write */`
`2528`		`- else if (status & TUN_WRITE)`
	`2524`	`+ else if ((status & TUN_WRITE) && ((t & THREAD_RLWT) != 0))`
`2529`	`2525`	`{`
`2530`	`2526`	`process_outgoing_tun(c, sock);`
`2531`	`2527`	`}`
`2532`	`2528`	`/* Incoming data on TCP/UDP port */`
`2533`		`- else if (status & SOCKET_READ)`
	`2529`	`+ else if ((status & SOCKET_READ) && ((t & THREAD_RLWT) != 0))`
`2534`	`2530`	`{`
`2535`	`2531`	`read_incoming_link(c, sock);`
`2536`	`2532`	`if (!IS_SIG(c))`
`@@ -2539,15 +2535,32 @@ process_io(struct context c, struct link_socket sock, struct thread_pointer *b`
`2539`	`2535`	`}`
`2540`	`2536`	`}`
`2541`	`2537`	`/* Incoming data on TUN device */`
`2542`		`- else if (status & TUN_READ)`
	`2538`	`+ else if ((status & TUN_READ) && ((t & THREAD_RTWL) != 0))`
`2543`	`2539`	`{`
`2544`	`2540`	`threaded_fwd_inp_intf(c, sock, b);`
`2545`	`2541`	`}`
`2546`		`- else if (status & DCO_READ)`
	`2542`	`+ else if ((status & DCO_READ) && ((t & THREAD_RTWL) != 0))`
`2547`	`2543`	`{`
`2548`	`2544`	`if (!IS_SIG(c))`
`2549`	`2545`	`{`
`2550`	`2546`	`process_incoming_dco(c);`
`2551`	`2547`	`}`
`2552`	`2548`	`}`
`2553`	`2549`	`}`
	`2550`	`+`
	`2551`	`+void threaded_process_io(void a)`
	`2552`	`+{`
	`2553`	`+ struct dual_args d = (struct dual_args )a;`
	`2554`	`+ struct thread_pointer *b = d->b;`
	`2555`	`+ int t = d->t;`
	`2556`	`+ while (true)`
	`2557`	`+ {`
	`2558`	`+ if (b->p->z != 1) { break; }`
	`2559`	`+ pthread_mutex_lock(&(d->i));`
	`2560`	`+ if (b->p->z != 1) { break; }`
	`2561`	`+ struct context *c = d->c;`
	`2562`	`+ process_io(c, c->c2.link_sockets[0], b, t);`
	`2563`	`+ pthread_mutex_unlock(&(d->o));`
	`2564`	`+ }`
	`2565`	`+ return NULL;`
	`2566`	`+}`