[Openvpn-devel,1/2] dco: process DCO control packets

Message ID	20220224165557.22060-2-kprovost@netgate.com
State	Awaiting Upstream
Headers	show Return-Path: <openvpn-devel-bounces@lists.sourceforge.net> To: openvpn-devel <openvpn-devel@lists.sourceforge.net> Date: Thu, 24 Feb 2022 17:55:56 +0100 Message-Id: <20220224165557.22060-2-kprovost@netgate.com> In-Reply-To: <20220224165557.22060-1-kprovost@netgate.com> References: <20220224165557.22060-1-kprovost@netgate.com> MIME-Version: 1.0 preview: From: Kristof Provost <kp@FreeBSD.org> If control packets come in through the DCO interface (i.e. via dco_do_read()) we must process them through process_incoming_link(). This doesn't currently manifest, because Linux passes control packet [...] Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.128.48 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.48 listed in wl.mailspike.net] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.0 T_SCC_BODY_TEXT_LINE No description available. Subject: [Openvpn-devel] [PATCH 1/2] dco: process DCO control packets Precedence: list From: Kristof Provost via Openvpn-devel <openvpn-devel@lists.sourceforge.net> Reply-To: Kristof Provost <kprovost@netgate.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox
Series	[Openvpn-devel,1/2] dco: process DCO control packets \| expand [Openvpn-devel,1/2] dco: process DCO control packets [Openvpn-devel,2/2] ovpn-dco: introduce FreeBSD data-channel offload support

Message ID

20220224165557.22060-2-kprovost@netgate.com

State

Awaiting Upstream

Headers

To: openvpn-devel <openvpn-devel@lists.sourceforge.net>
Date: Thu, 24 Feb 2022 17:55:56 +0100
Message-Id: <20220224165557.22060-2-kprovost@netgate.com>
In-Reply-To: <20220224165557.22060-1-kprovost@netgate.com>
References: <20220224165557.22060-1-kprovost@netgate.com>
MIME-Version: 1.0
Subject: [Openvpn-devel] [PATCH 1/2] dco: process DCO control packets
Precedence: list
From: Kristof Provost via Openvpn-devel <openvpn-devel@lists.sourceforge.net>
Reply-To: Kristof Provost <kprovost@netgate.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: openvpn-devel-bounces@lists.sourceforge.net

Series

[Openvpn-devel,1/2] dco: process DCO control packets | expand

Commit Message

Kristof Provost via Openvpn-devel Feb. 24, 2022, 5:55 a.m. UTC

From: Kristof Provost <kp@FreeBSD.org>

If control packets come in through the DCO interface (i.e. via
dco_do_read()) we must process them through process_incoming_link().
This doesn't currently manifest, because Linux passes control packets
through the regular socket, not via the DCO netlink interface, but other
platforms will not.

Signed-off-by: Kristof Provost <kprovost@netgate.com>
---
 src/openvpn/forward.c | 8 ++++++++
 1 file changed, 8 insertions(+)

Comments

Antonio Quartulli March 8, 2022, 9:35 p.m. UTC | #1

Hi Kristof,

On 24/02/2022 17:55, Kristof Provost via Openvpn-devel wrote:
> From: Kristof Provost <kp@FreeBSD.org>
> 
> If control packets come in through the DCO interface (i.e. via
> dco_do_read()) we must process them through process_incoming_link().
> This doesn't currently manifest, because Linux passes control packets
> through the regular socket, not via the DCO netlink interface, but other
> platforms will not.

This is an interesting catch - actually also ovpn-dco on Linux is 
expected to send control packets over netlink.

However, due to a little glitch packets were still sent over the UDP 
socket (this is expected only for the initial handshake).

Once this bug has been fixed, I could see that indeed 
process_incoming_dco() wasn't operating as it should and this patch was 
required.

I have squashed a modified version of this patch directly in my dco 
branch as it is needed to make ovpn-dco work.

Thanks a lot!

Best Regards,

diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index cd956cb3..c16f32fc 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -1104,8 +1104,16 @@  process_incoming_link(struct context *c)
 static void
 process_incoming_dco(struct context *c)
 {
+    struct link_socket_info *lsi = get_link_socket_info(c);
+
     msg(M_INFO, __func__);
     dco_do_read(&c->c1.tuntap->dco);
+
+    c->c2.buf = c->c1.tuntap->dco.dco_packet_in;
+    c->c2.from = lsi->lsa->actual;
+
+    process_incoming_link(c);
+    buf_init(&c->c1.tuntap->dco.dco_packet_in, 0);
 }
 
 /*

[Openvpn-devel,1/2] dco: process DCO control packets

Commit Message

Comments

Patch