Avoid sending push request after receving push reply

The introduction of IV_PROTO_REQUEST_PUSH (c290df55) sometimes causes the
server to reply before we setup the push timer. The push reply will then
clear a timer that has not been setup yet. We then start sending push
request after we have gone through the whole initialisation already.

This patch also clears the connestion_established timer that sets up the
push request timer. This lead to the

  management_set_state(management,  OPENVPN_STATE_GET_CONFIG, ...)

function not being called. But to display "waiting for configuration..." or
sending a "getting config state" after "initialisation" does not make sense
anyway.

Also add the IV_PROTO_REQUEST_PUSH feature as new feature in Changes.rst

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20200725234803.22058-2-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20589.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

Changes.rst

@@ -25,6 +25,14 @@ Improved Data channel cipher negotiation
 Asynchronous (deferred) authentication support for auth-pam plugin.
     See src/plugins/auth-pam/README.auth-pam for details.
 
+Faster connection setup
+    A client will signal in the ``IV_PROTO`` variable that it is in pull
+    mode. This allows the server to push the configuration options to
+    the client without waiting for a ``PULL_REQUEST`` message. The feature
+    is automatically enabled if both client and server support it and
+    significantly reduces the connection setup time by avoiding one
+    extra packet round-trip and 1s of internal event delays.
+
 Deprecated features
 -------------------
 For an up-to-date list of all deprecated options, see this wiki page:
@@ -60,6 +68,10 @@ User-visible Changes
 - Support for building with OpenSSL 1.0.1 has been removed. The minimum
   supported OpenSSL version is now 1.0.2.
 
+- The GET_CONFIG management state is omitted if the server pushes
+  the client configuration almost immediately as result of the
+  faster connection setup feature.
+
 
 Overview of changes in 2.4
 ==========================

src/openvpn/forward.c

@@ -425,6 +425,9 @@ check_push_request_dowork(struct context *c)
  *
  * Options like --up-delay need to be triggered by this function which
  * checks for connection establishment.
+ *
+ * Note: The process_incoming_push_reply currently assumes that this function
+ * only sets up the pull request timer when pull is enabled.
  */
 void
 check_connection_established(struct context *c)

src/openvpn/push.c

@@ -358,6 +358,7 @@ incoming_push_message(struct context *c, const struct buffer *buffer)
             }
         }
         event_timeout_clear(&c->c2.push_request_interval);
+        event_timeout_clear(&c->c2.wait_for_connect);
     }
 
     goto cleanup;