From patchwork Fri Aug 12 03:06:54 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 2656 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director13.mail.ord1d.rsapps.net ([172.27.255.58]) by backend30.mail.ord1d.rsapps.net with LMTP id 6J+FJKtQ9mJdMwAAIUCqbw (envelope-from ) for ; Fri, 12 Aug 2022 09:07:55 -0400 Received: from proxy18.mail.iad3a.rsapps.net ([172.27.255.58]) by director13.mail.ord1d.rsapps.net with LMTP id ACZvJKtQ9mI0YQAA91zNiA (envelope-from ) for ; Fri, 12 Aug 2022 09:07:55 -0400 Received: from smtp16.gate.iad3a ([172.27.255.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy18.mail.iad3a.rsapps.net with LMTPS id 4E04HKtQ9mJTGgAAon3hFg (envelope-from ) for ; Fri, 12 Aug 2022 09:07:55 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp16.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=fail (p=none; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: c6eff1f0-1a3f-11ed-b777-5254004ee196-1-1 Received: from [216.105.38.7] ([216.105.38.7:60426] helo=lists.sourceforge.net) by smtp16.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id F8/EF-22520-AA056F26; Fri, 12 Aug 2022 09:07:55 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1oMUN0-0001lg-Qe; Fri, 12 Aug 2022 13:06:34 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1oMUMz-0001lM-7A for openvpn-devel@lists.sourceforge.net; Fri, 12 Aug 2022 13:06:33 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=zJQJ5U1Hzz3miLQwSoS4A08PNks6DlV9DF1qkoN64wc=; b=Sl8gGVwERPvNzjb67sF7YdAPkP +7Q65STSo+FmBVT96hUkxEw8ZlarppqqaZZ/9BfNeZkZLrdAH/0Fcd4GgfQWxQanMwoMol69hBMsj 47V4PgxHbzciGcZ3+bJmnLK/kYToOvFO72g/nd1KjCxZNFtmi7DL27jMs3wwLsCisZ38=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=zJQJ5U1Hzz3miLQwSoS4A08PNks6DlV9DF1qkoN64wc=; b=T31ijOo8OkkHFzvqddZwCIJfEw ydD39Vm7JnWgKxsNnI8dnev++8wks3MdeshZNJDLEdGsD34yip9Zluk2Y6mSeryGeHdZt5E4M/OrR QSlQ2q3xl8b2udIdiXJLICGSpWmcuqOdeqP8phJELW97QGgem+R85cuX7GmGA2EhxFCQ=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1oMUMy-00DFXp-8U for openvpn-devel@lists.sourceforge.net; Fri, 12 Aug 2022 13:06:32 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Fri, 12 Aug 2022 15:06:54 +0200 Message-Id: <20220812130657.29899-8-a@unstable.cc> In-Reply-To: <20220812130657.29899-1-a@unstable.cc> References: <20220812130657.29899-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: On Windows the high level API should still use the link_socket object to read and write packets. For this reason, even if dco_installed is true, we still need to rely on the classic link_socket object [...] Content analysis details: (1.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) X-Headers-End: 1oMUMy-00DFXp-8U Subject: [Openvpn-devel] [PATCH v100 07/10] dco-win: ensure the DCO API is not used when running on Windows X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox On Windows the high level API should still use the link_socket object to read and write packets. For this reason, even if dco_installed is true, we still need to rely on the classic link_socket object. Signed-off-by: Antonio Quartulli --- src/openvpn/dco_win.c | 4 ++-- src/openvpn/forward.c | 23 ++++++++++++++++++++++- 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/src/openvpn/dco_win.c b/src/openvpn/dco_win.c index f1160c7d..18ce9f3a 100644 --- a/src/openvpn/dco_win.c +++ b/src/openvpn/dco_win.c @@ -355,14 +355,14 @@ dco_available(int msglevel) int dco_do_read(dco_context_t *dco) { - /* no-op on windows */ + ASSERT(false); return 0; } int dco_do_write(dco_context_t *dco, int peer_id, struct buffer *buf) { - /* no-op on windows */ + ASSERT(false); return 0; } diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 650f7c59..8af41072 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -1601,6 +1601,27 @@ process_ip_header(struct context *c, unsigned int flags, struct buffer *buf) } } +/* Depending on the platform, we may have to not use the DCO socket, even if DCO + * is being used for a specific link. + * + * This happens with Windows, where the standard link_socket API have to be used + * also with DCO. + * + * For this reason we must make the right decision and not always look at + * dco_installed. Note that on Windows the dco_installed field is still supposed + * to be true, because it is used in the lower level code to use the proper API + * (socket vs handle). This is why we need this function with some ifdef sauce + */ +static bool +should_use_dco_socket(struct link_socket *sock) +{ +#if defined(TARGET_LINUX) + return sock->info.dco_installed; +#else + return false; +#endif +} + /* * Input: c->c2.to_link */ @@ -1674,7 +1695,7 @@ process_outgoing_link(struct context *c) socks_preprocess_outgoing_link(c, &to_addr, &size_delta); /* Send packet */ - if (c->c2.link_socket->info.dco_installed) + if (should_use_dco_socket(c->c2.link_socket)) { size = dco_do_write(&c->c1.tuntap->dco, c->c2.tls_multi->peer_id,