Message ID | 20220814085117.7128-1-a@unstable.cc |
---|---|
State | Accepted |
Headers | show |
Series | None | expand |
Taking the ACK from Lev on 102, applying to 103 - which mostly has "better wording". I have tested this on the DCO test rig, and it's fine with the change. I wouldn't be surprised to see more work in this area for "we need to be able to send packets to not-yet-authenticated remotes in p2p mode", though... :-) Your patch has been applied to the master branch. commit d4f2209cdb4dfda32f36fa750d97b7e1ba751a4d Author: Antonio Quartulli Date: Sun Aug 14 10:51:17 2022 +0200 dco-win: ensure the DCO API is not used when running on Windows Signed-off-by: Antonio Quartulli <a@unstable.cc> Acked-by: Lev Stipakov <lstipakov@gmail.com> Message-Id: <20220814085117.7128-1-a@unstable.cc> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg24929.html Signed-off-by: Gert Doering <gert@greenie.muc.de> -- kind regards, Gert Doering
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index f6d416a3..e45aa0f9 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -1601,6 +1601,26 @@ process_ip_header(struct context *c, unsigned int flags, struct buffer *buf) } } +/* Linux-like DCO implementations pass the socket to the kernel and + * disallow usage of it from userland, so (control) packets sent and + * received by OpenVPN need to go through the DCO interface. + * + * Windows DCO needs control packets to be sent via the normal + * standard Overlapped I/O. + * + * Hide that complexity (...especially if more platforms show up + * in future...) in a small inline function. + */ +static inline bool +should_use_dco_socket(struct link_socket *sock) +{ +#if defined(TARGET_LINUX) || defined(TARGET_FREEBSD) + return sock->info.dco_installed; +#else + return false; +#endif +} + /* * Input: c->c2.to_link */ @@ -1674,7 +1694,7 @@ process_outgoing_link(struct context *c) socks_preprocess_outgoing_link(c, &to_addr, &size_delta); /* Send packet */ - if (c->c2.link_socket->info.dco_installed) + if (should_use_dco_socket(c->c2.link_socket)) { size = dco_do_write(&c->c1.tuntap->dco, c->c2.tls_multi->peer_id,
On Windows the high level API should still use the link_socket object to read and write packets. For this reason, even if dco_installed is true, we still need to rely on the classic link_socket object. Signed-off-by: Antonio Quartulli <a@unstable.cc> --- Changes from v102: * mark helper as 'inline' * improve comment wording (by Lev) Changes from v101: * add defined(TARGET_FREEBSD) to the #if guard Changes from v100: * removed ASSERTs (moved to previous patch) * improve comment text in forward.c --- src/openvpn/forward.c | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-)