From patchwork Thu Jun 23 22:37:52 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 2525 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director7.mail.ord1d.rsapps.net ([172.30.191.6]) by backend41.mail.ord1d.rsapps.net with LMTP id 8FCSDjF4tWKjTwAAqwncew (envelope-from ) for ; Fri, 24 Jun 2022 04:39:13 -0400 Received: from proxy1.mail.ord1d.rsapps.net ([172.30.191.6]) by director7.mail.ord1d.rsapps.net with LMTP id kPZ5DjF4tWJnLgAAovjBpQ (envelope-from ) for ; Fri, 24 Jun 2022 04:39:13 -0400 Received: from smtp22.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy1.mail.ord1d.rsapps.net with LMTPS id mDsUDjF4tWIIFwAAasrz9Q (envelope-from ) for ; Fri, 24 Jun 2022 04:39:13 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp22.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: 1f73ceb4-f399-11ec-abac-5254001a15c2-1-1 Received: from [216.105.38.7] ([216.105.38.7:36260] helo=lists.sourceforge.net) by smtp22.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id A2/21-14080-03875B26; Fri, 24 Jun 2022 04:39:13 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1o4epT-0008Ot-PB; Fri, 24 Jun 2022 08:38:14 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1o4epS-0008Oc-6l for openvpn-devel@lists.sourceforge.net; Fri, 24 Jun 2022 08:38:13 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=rrtxttVaUtl+CPPKQipdMV92bckpzlwmai2ZFPGuI5c=; b=L4UKfgFM63HeftxEOsNfLsK7nN jpSOXj0DZ2+sYnr4bMmWn829x41/RmXjAwJFdcRTRadsh++IzYvSDAKuKHlrn0CRdQDD6OIpTKPoo bWpMmFNJPmRZrujDjwMsw2zu8aliq9uoh0N08gkF4nl7XbsNEUN7XaohlYWrY7fzg7y8=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=rrtxttVaUtl+CPPKQipdMV92bckpzlwmai2ZFPGuI5c=; b=DApCBTvZ3dP5NksNWD2OOh63eG jc+DdzRzZ8HGNLs1opQFK1Zf3spNeFWvYFdHKp/u1tDIboVZIwjIo7fg6XijOI/7kfMGtmIrkOkUu UhYfwKeK8KcnwNQ3sVkXnDFVwSjqUQZakCQ9L0AjMHG4AAy2kr9+SWbm4gMmYp+A+ekc=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1o4epM-0004EO-EZ for openvpn-devel@lists.sourceforge.net; Fri, 24 Jun 2022 08:38:12 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Fri, 24 Jun 2022 10:37:52 +0200 Message-Id: <20220624083809.23487-9-a@unstable.cc> In-Reply-To: <20220624083809.23487-1-a@unstable.cc> References: <20220624083809.23487-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Signed-off-by: Antonio Quartulli --- src/openvpn/options.c | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 9a0634a5..7b450296 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -61, 6 +61, 7 @@ #include "ssl_verify.h" #include "p [...] Content analysis details: (-0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1o4epM-0004EO-EZ Subject: [Openvpn-devel] [PATCH 08/25] dco: allow user to disable it at runtime X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Signed-off-by: Antonio Quartulli --- src/openvpn/options.c | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 9a0634a5..7b450296 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -61,6 +61,7 @@ #include "ssl_verify.h" #include "platform.h" #include "xkey_common.h" +#include "dco.h" #include #include "memdbg.h" @@ -106,6 +107,9 @@ const char title_string[] = #endif #endif " [AEAD]" +#ifdef ENABLE_DCO + " [DCO]" +#endif " built on " __DATE__ ; @@ -177,6 +181,9 @@ static const char usage_message[] = " does not begin with \"tun\" or \"tap\".\n" "--dev-node node : Explicitly set the device node rather than using\n" " /dev/net/tun, /dev/tun, /dev/tap, etc.\n" +#if defined(ENABLE_DCO) && defined(TARGET_LINUX) + "--disable-dco : Do not attempt using Data Channel Offload.\n" +#endif "--lladdr hw : Set the link layer address of the tap device.\n" "--topology t : Set --dev tun topology: 'net30', 'p2p', or 'subnet'.\n" #ifdef ENABLE_IPROUTE @@ -1711,6 +1718,9 @@ show_settings(const struct options *o) SHOW_STR(dev); SHOW_STR(dev_type); SHOW_STR(dev_node); +#if defined(ENABLE_DCO) && defined(TARGET_LINUX) + SHOW_BOOL(tuntap_options.disable_dco); +#endif SHOW_STR(lladdr); SHOW_INT(topology); SHOW_STR(ifconfig_local); @@ -3210,6 +3220,14 @@ options_postprocess_verify(const struct options *o) } dns_options_verify(M_FATAL, &o->dns_options); + + if (dco_enabled(o) && o->enable_c2c) + { + msg(M_WARN, "Note: --client-to-client has no effect when using data " + "channel offload: packets are always sent to the VPN " + "interface and then routed based on the system routing " + "table"); + } } /** @@ -3454,6 +3472,11 @@ options_postprocess_mutate(struct options *o) o->verify_hash_no_ca = true; } + /* check if any option should force disabling DCO */ +#if defined(TARGET_LINUX) + o->tuntap_options.disable_dco = !dco_check_option_conflict(D_DCO, o); +#endif + /* * Save certain parms before modifying options during connect, especially * when using --pull @@ -5759,6 +5782,12 @@ add_option(struct options *options, options->windows_driver = parse_windows_driver(p[1], M_FATAL); } #endif + else if (streq(p[0], "disable-dco") || streq(p[0], "dco-disable")) + { +#if defined(TARGET_LINUX) + options->tuntap_options.disable_dco = true; +#endif + } else if (streq(p[0], "dev-node") && p[1] && !p[2]) { VERIFY_PERMISSION(OPT_P_GENERAL);