From patchwork Tue Dec 7 06:01:53 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2132 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director11.mail.ord1d.rsapps.net ([172.27.255.1]) by backend41.mail.ord1d.rsapps.net with LMTP id 4JCDH8+Tr2ELUwAAqwncew (envelope-from ) for ; Tue, 07 Dec 2021 12:03:11 -0500 Received: from proxy19.mail.iad3a.rsapps.net ([172.27.255.1]) by director11.mail.ord1d.rsapps.net with LMTP id 8GsgAdCTr2EidwAAvGGmqA (envelope-from ) for ; Tue, 07 Dec 2021 12:03:12 -0500 Received: from smtp23.gate.iad3a ([172.27.255.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy19.mail.iad3a.rsapps.net with LMTPS id mCCSGY+Sr2GTZAAAXy6Yeg (envelope-from ) for ; Tue, 07 Dec 2021 11:57:51 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp23.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 8e8a1ff8-577f-11ec-9dd0-52540033eb40-1-1 Received: from [216.105.38.7] ([216.105.38.7:36826] helo=lists.sourceforge.net) by smtp23.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id B7/91-26857-FC39FA16; Tue, 07 Dec 2021 12:03:11 -0500 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1mudrK-0002qq-6Q; Tue, 07 Dec 2021 17:02:30 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1mudrF-0002oq-MV for openvpn-devel@lists.sourceforge.net; Tue, 07 Dec 2021 17:02:25 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=VfKKI4xQ2zPbYgAIPtQ6sKdoTIaiSZ2/1KI7O8SSDNM=; b=jLRIHdU73/aOxsvDPb5L8JECMZ qMjuKiBWDZx4Zx8e8tQN8k7Oj/oQgoawcTqIs0pT3RfRU/waJzkM80xAEjIxmXRbgHpTh630UukMM OPBMu7vW4s+iEyFVYWmAxtZKlaAhyakqNL/Rg9eZxmswYSfIla9gvUg1FLluG3mLthHg=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=VfKKI4xQ2zPbYgAIPtQ6sKdoTIaiSZ2/1KI7O8SSDNM=; b=C8AlPxVp9DNmNIQnZ4czhlM812 MCXntsImGvXFLkc2bBsaWoB4U3+t1zYDoDAzzmB4sDWWMwhEOOTclgoXdfAswnKz+aEPkPSHWQQfu qDMuFusMwtuwewdO0gn6QdNMDg9h9efbvirBBKhlC85j9MjBDZNNGwG11oR6wuobMNEU=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1mudrD-0006Mo-Qc for openvpn-devel@lists.sourceforge.net; Tue, 07 Dec 2021 17:02:25 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94.2 (FreeBSD)) (envelope-from ) id 1mudr1-000Idk-Ei for openvpn-devel@lists.sourceforge.net; Tue, 07 Dec 2021 18:02:11 +0100 Received: (nullmailer pid 3275894 invoked by uid 10006); Tue, 07 Dec 2021 17:02:11 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Tue, 7 Dec 2021 18:01:53 +0100 Message-Id: <20211207170211.3275837-4-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20211207170211.3275837-1-arne@rfc2549.org> References: <20211207170211.3275837-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: The align_adjust variable was only set to a non-zero value when no cipher was used for the data channel. Since we no longer want to optimise non encrypted data channel traffic, remove this optimisatio [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1mudrD-0006Mo-Qc Subject: [Openvpn-devel] [PATCH 03/21] Remove align_adjust frame code X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox The align_adjust variable was only set to a non-zero value when no cipher was used for the data channel. Since we no longer want to optimise non encrypted data channel traffic, remove this optimisation and simplify the code. Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- src/openvpn/crypto.c | 4 ++-- src/openvpn/forward.c | 2 +- src/openvpn/fragment.c | 2 +- src/openvpn/init.c | 13 ------------- src/openvpn/mtu.c | 9 ++------- src/openvpn/mtu.h | 38 ++++++++------------------------------ src/openvpn/socket.c | 3 +-- src/openvpn/win32.c | 2 +- 8 files changed, 16 insertions(+), 57 deletions(-) diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index 36f880433..cd791ab8a 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -370,7 +370,7 @@ openvpn_decrypt_aead(struct buffer *buf, struct buffer work, ASSERT(ad_start >= buf->data && ad_start <= BPTR(buf)); - ASSERT(buf_init(&work, FRAME_HEADROOM_ADJ(frame, FRAME_HEADROOM_MARKER_DECRYPT))); + ASSERT(buf_init(&work, FRAME_HEADROOM(frame))); /* IV and Packet ID required for this mode */ ASSERT(packet_id_initialized(&opt->packet_id)); @@ -533,7 +533,7 @@ openvpn_decrypt_v1(struct buffer *buf, struct buffer work, int outlen; /* initialize work buffer with FRAME_HEADROOM bytes of prepend capacity */ - ASSERT(buf_init(&work, FRAME_HEADROOM_ADJ(frame, FRAME_HEADROOM_MARKER_DECRYPT))); + ASSERT(buf_init(&work, FRAME_HEADROOM(frame))); /* read the IV from the packet */ if (buf->len < iv_size) diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 41ef12e30..29efcd3b9 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -803,7 +803,7 @@ read_incoming_link(struct context *c) perf_push(PERF_READ_IN_LINK); c->c2.buf = c->c2.buffers->read_link_buf; - ASSERT(buf_init(&c->c2.buf, FRAME_HEADROOM_ADJ(&c->c2.frame, FRAME_HEADROOM_MARKER_READ_LINK))); + ASSERT(buf_init(&c->c2.buf, FRAME_HEADROOM(&c->c2.frame))); status = link_socket_read(c->c2.link_socket, &c->c2.buf, diff --git a/src/openvpn/fragment.c b/src/openvpn/fragment.c index aba611fa0..6f8fb4476 100644 --- a/src/openvpn/fragment.c +++ b/src/openvpn/fragment.c @@ -214,7 +214,7 @@ fragment_incoming(struct fragment_master *f, struct buffer *buf, frag->defined = true; frag->max_frag_size = size; frag->map = 0; - ASSERT(buf_init(&frag->buf, FRAME_HEADROOM_ADJ(frame, FRAME_HEADROOM_MARKER_FRAGMENT))); + ASSERT(buf_init(&frag->buf, FRAME_HEADROOM(frame))); } /* copy the data to fragment buffer */ diff --git a/src/openvpn/init.c b/src/openvpn/init.c index f8a13fdfa..0009bcb72 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -2461,19 +2461,6 @@ frame_finalize_options(struct context *c, const struct options *o) o = &c->options; } - /* - * Set adjustment factor for buffer alignment when no - * cipher is used. - */ - if (!cipher_defined(c->c1.ks.key_type.cipher)) - { - frame_align_to_extra_frame(&c->c2.frame); - frame_or_align_flags(&c->c2.frame, - FRAME_HEADROOM_MARKER_FRAGMENT - |FRAME_HEADROOM_MARKER_READ_LINK - |FRAME_HEADROOM_MARKER_READ_STREAM); - } - frame_add_to_extra_buffer(&c->c2.frame, PAYLOAD_ALIGN); frame_finalize(&c->c2.frame, o->ce.link_mtu_defined, diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c index e4143e267..0ab716d7a 100644 --- a/src/openvpn/mtu.c +++ b/src/openvpn/mtu.c @@ -42,12 +42,11 @@ void alloc_buf_sock_tun(struct buffer *buf, const struct frame *frame, - const bool tuntap_buffer, - const unsigned int align_mask) + const bool tuntap_buffer) { /* allocate buffer for overlapped I/O */ *buf = alloc_buf(BUF_SIZE(frame)); - ASSERT(buf_init(buf, FRAME_HEADROOM_ADJ(frame, align_mask))); + ASSERT(buf_init(buf, FRAME_HEADROOM(frame))); buf->len = tuntap_buffer ? MAX_RW_SIZE_TUN(frame) : MAX_RW_SIZE_LINK(frame); ASSERT(buf_safe(buf, 0)); } @@ -153,10 +152,6 @@ frame_print(const struct frame *frame, buf_printf(&out, " EB:%d", frame->extra_buffer); buf_printf(&out, " ET:%d", frame->extra_tun); buf_printf(&out, " EL:%d", frame->extra_link); - if (frame->align_flags && frame->align_adjust) - { - buf_printf(&out, " AF:%u/%d", frame->align_flags, frame->align_adjust); - } buf_printf(&out, " ]"); msg(level, "%s", out.data); diff --git a/src/openvpn/mtu.h b/src/openvpn/mtu.h index 7b18b3621..72a9e515b 100644 --- a/src/openvpn/mtu.h +++ b/src/openvpn/mtu.h @@ -121,17 +121,10 @@ struct frame { int extra_link; /**< Maximum number of bytes in excess of * external network interface's MTU that - * might be read from or written to it. */ - - /* - * Alignment control - */ -#define FRAME_HEADROOM_MARKER_DECRYPT (1<<0) -#define FRAME_HEADROOM_MARKER_FRAGMENT (1<<1) -#define FRAME_HEADROOM_MARKER_READ_LINK (1<<2) -#define FRAME_HEADROOM_MARKER_READ_STREAM (1<<3) - unsigned int align_flags; - int align_adjust; + * might be read from or written to it. + * + * Used by peer-id (3) and + * socks UDP (10) */ }; /* Forward declarations, to prevent includes */ @@ -184,8 +177,7 @@ struct options; * Control buffer headroom allocations to allow for efficient prepending. */ #define FRAME_HEADROOM_BASE(f) (TUN_LINK_DELTA(f) + (f)->extra_buffer + (f)->extra_link) -#define FRAME_HEADROOM(f) frame_headroom(f, 0) -#define FRAME_HEADROOM_ADJ(f, fm) frame_headroom(f, fm) +#define FRAME_HEADROOM(f) frame_headroom(f) /* * Max size of a buffer used to build a packet for output to @@ -227,8 +219,7 @@ void frame_set_mtu_dynamic(struct frame *frame, int mtu, unsigned int flags); */ void alloc_buf_sock_tun(struct buffer *buf, const struct frame *frame, - const bool tuntap_buffer, - const unsigned int align_mask); + const bool tuntap_buffer); /** Set the --mssfix option. */ void frame_init_mssfix(struct frame *frame, const struct options *options); @@ -252,11 +243,10 @@ const char *format_extended_socket_error(int fd, int *mtu, struct gc_arena *gc); * headroom and alignment issues. */ static inline int -frame_headroom(const struct frame *f, const unsigned int flag_mask) +frame_headroom(const struct frame *f) { const int offset = FRAME_HEADROOM_BASE(f); - const int adjust = (flag_mask & f->align_flags) ? f->align_adjust : 0; - const int delta = ((PAYLOAD_ALIGN << 24) - (offset + adjust)) & (PAYLOAD_ALIGN - 1); + const int delta = ((PAYLOAD_ALIGN << 24) - offset) & (PAYLOAD_ALIGN - 1); return offset + delta; } @@ -300,18 +290,6 @@ frame_add_to_extra_buffer(struct frame *frame, const int increment) frame->extra_buffer += increment; } -static inline void -frame_align_to_extra_frame(struct frame *frame) -{ - frame->align_adjust = frame->extra_frame + frame->extra_link; -} - -static inline void -frame_or_align_flags(struct frame *frame, const unsigned int flag_mask) -{ - frame->align_flags |= flag_mask; -} - static inline bool frame_defined(const struct frame *frame) { diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index 72062cd08..df7367469 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -1645,8 +1645,7 @@ socket_frame_init(const struct frame *frame, struct link_socket *sock) #else alloc_buf_sock_tun(&sock->stream_buf_data, frame, - false, - FRAME_HEADROOM_MARKER_READ_STREAM); + false); stream_buf_init(&sock->stream_buf, &sock->stream_buf_data, diff --git a/src/openvpn/win32.c b/src/openvpn/win32.c index fd1246cde..1dc1c5e77 100644 --- a/src/openvpn/win32.c +++ b/src/openvpn/win32.c @@ -186,7 +186,7 @@ overlapped_io_init(struct overlapped_io *o, } /* allocate buffer for overlapped I/O */ - alloc_buf_sock_tun(&o->buf_init, frame, tuntap_buffer, 0); + alloc_buf_sock_tun(&o->buf_init, frame, tuntap_buffer); } void