From patchwork Wed Oct 12 13:34:54 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2816 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director12.mail.ord1d.rsapps.net ([172.27.255.55]) by backend30.mail.ord1d.rsapps.net with LMTP id JqZHOabCRmM5MAAAIUCqbw (envelope-from ) for ; Wed, 12 Oct 2022 09:35:34 -0400 Received: from proxy5.mail.iad3a.rsapps.net ([172.27.255.55]) by director12.mail.ord1d.rsapps.net with LMTP id 0GNrOKbCRmPPaAAAIasKDg (envelope-from ) for ; Wed, 12 Oct 2022 09:35:34 -0400 Received: from smtp34.gate.iad3a ([172.27.255.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy5.mail.iad3a.rsapps.net with LMTPS id 4Cm6MabCRmOOZQAAhn5joQ (envelope-from ) for ; Wed, 12 Oct 2022 09:35:34 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp34.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: bf467a96-4a32-11ed-bae5-525400865cc7-1-1 Received: from [216.105.38.7] ([216.105.38.7:54472] helo=lists.sourceforge.net) by smtp34.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id EE/12-18403-6A2C6436; Wed, 12 Oct 2022 09:35:34 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1oibt8-0001kN-1d; Wed, 12 Oct 2022 13:35:10 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1oibt4-0001kF-NU for openvpn-devel@lists.sourceforge.net; Wed, 12 Oct 2022 13:35:06 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=+t+iwlr2XwFhXOUgvzqjqHPC7Pw/NCtOm2vyvfGisUw=; b=OtVwe6PBvarvXgbh5/j0ljqsk5 z5puexUGAVZyF6WdejWn2H+1WBtsEPte8VQ0WGgmpAE1m744jr63NPFl8MTOYMMjHIRlQq0Rl2V9K 8t/Uh3YT/ZoBj+e9gkeUXNoIhugfeF4hmCycxfXlKx6aqN0qpB1DweyeZB8b4mk9eIWk=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:To:From: Sender:Reply-To:Cc:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=+t+iwlr2XwFhXOUgvzqjqHPC7Pw/NCtOm2vyvfGisUw=; b=Z C8rkWgM8w+3UKM+VZtnGG87beW/gQRT7mALjQPvR6puYY7cxYWbh9GwNle4ejI3vMKsMoen9BW2NS 83/Dbz8XnAXfJLC5X7Ez6yHMo98SAa88D/Ie6/wozxFdjBLC+qqUQCKsiyAnuRFUAIMYX758qT5DO NUUM8TtfcEvyJvPg=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1oibt3-001AOm-2b for openvpn-devel@lists.sourceforge.net; Wed, 12 Oct 2022 13:35:06 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1oibsv-0000gf-1D for openvpn-devel@lists.sourceforge.net; Wed, 12 Oct 2022 15:34:57 +0200 Received: (nullmailer pid 1927917 invoked by uid 10006); Wed, 12 Oct 2022 13:34:57 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Wed, 12 Oct 2022 15:34:54 +0200 Message-Id: <20221012133457.1927871-1-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: For tcp this makes no difference as the remote address of the socket never changes. For udp this allows OpenVPN to differentiate if a reconnecting client is using the same address as before or from a [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1oibt3-001AOm-2b Subject: [Openvpn-devel] [PATCH 1/3] Move dco_installed from sock->info to sock->info.lsa.actual X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox For tcp this makes no difference as the remote address of the socket never changes. For udp this allows OpenVPN to differentiate if a reconnecting client is using the same address as before or from a different one. This allow sending via the normal userspace socket in that case. Signed-off-by: Arne Schwabe --- src/openvpn/dco.c | 7 ++++--- src/openvpn/dco_linux.c | 2 +- src/openvpn/forward.c | 8 ++++---- src/openvpn/init.c | 2 +- src/openvpn/mtcp.c | 6 +++--- src/openvpn/socket.h | 6 +++--- 6 files changed, 16 insertions(+), 15 deletions(-) diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c index a76cdd0cd..1f402bfc2 100644 --- a/src/openvpn/dco.c +++ b/src/openvpn/dco.c @@ -448,7 +448,7 @@ dco_p2p_add_new_peer(struct context *c) } c->c2.tls_multi->dco_peer_added = true; - c->c2.link_socket->info.dco_installed = true; + c->c2.link_socket->info.lsa->actual.dco_installed = true; return 0; } @@ -522,7 +522,7 @@ dco_multi_add_new_peer(struct multi_context *m, struct multi_instance *mi) { struct context *c = &mi->context; - int peer_id = mi->context.c2.tls_multi->peer_id; + int peer_id = c->c2.tls_multi->peer_id; struct sockaddr *remoteaddr, *localaddr = NULL; struct sockaddr_storage local = { 0 }; int sd = c->c2.link_socket->sd; @@ -531,6 +531,7 @@ dco_multi_add_new_peer(struct multi_context *m, struct multi_instance *mi) { /* the remote address will be inferred from the TCP socket endpoint */ remoteaddr = NULL; + c->c2.link_socket->info.lsa->actual.dco_installed = true; } else { @@ -575,7 +576,7 @@ dco_multi_add_new_peer(struct multi_context *m, struct multi_instance *mi) { msg(D_DCO|M_ERRNO, "error closing TCP socket after DCO handover"); } - c->c2.link_socket->info.dco_installed = true; + c->c2.link_socket->info.lsa->actual.dco_installed = true; c->c2.link_socket->sd = SOCKET_UNDEFINED; } diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c index 98e10507b..109358205 100644 --- a/src/openvpn/dco_linux.c +++ b/src/openvpn/dco_linux.c @@ -285,7 +285,7 @@ ovpn_nl_cb_finish(struct nl_msg (*msg) __attribute__ ((unused)), void *arg) * * We pass the error code to the user by means of a variable pointed by *arg * (supplied by the user when setting this callback) and we parse the kernel - * reply to see if it contains a human readable error. If found, it is printed. + * reply to see if it contains a human-readable error. If found, it is printed. */ static int ovpn_nl_cb_error(struct sockaddr_nl (*nla) __attribute__ ((unused)), diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index bee24f0d4..18308c2c5 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -1636,13 +1636,13 @@ process_ip_header(struct context *c, unsigned int flags, struct buffer *buf) * standard Overlapped I/O. * * Hide that complexity (...especially if more platforms show up - * in future...) in a small inline function. + * in the future...) in a small inline function. */ static inline bool -should_use_dco_socket(struct link_socket *sock) +should_use_dco_socket(struct link_socket_actual *actual) { #if defined(TARGET_LINUX) || defined(TARGET_FREEBSD) - return sock->info.dco_installed; + return actual->dco_installed; #else return false; #endif @@ -1721,7 +1721,7 @@ process_outgoing_link(struct context *c) socks_preprocess_outgoing_link(c, &to_addr, &size_delta); /* Send packet */ - if (should_use_dco_socket(c->c2.link_socket)) + if (should_use_dco_socket(c->c2.to_link_addr)) { size = dco_do_write(&c->c1.tuntap->dco, c->c2.tls_multi->peer_id, diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 5141a35c2..351515aa2 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -3625,7 +3625,7 @@ do_close_link_socket(struct context *c) * closed in do_close_tun(). Set it to UNDEFINED so * we won't use WinSock API to close it. */ if (tuntap_is_dco_win(c->c1.tuntap) && c->c2.link_socket - && c->c2.link_socket->info.dco_installed) + && c->c2.link_socket->info.lsa->actual.dco_installed) { c->c2.link_socket->sd = SOCKET_UNDEFINED; } diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c index 1abb903f2..07da15a6d 100644 --- a/src/openvpn/mtcp.c +++ b/src/openvpn/mtcp.c @@ -402,7 +402,7 @@ multi_tcp_wait_lite(struct multi_context *m, struct multi_instance *mi, const in tv_clear(&c->c2.timeval); /* ZERO-TIMEOUT */ - if (mi && mi->context.c2.link_socket->info.dco_installed) + if (mi && mi->context.c2.link_socket->info.lsa->actual.dco_installed) { /* If we got a socket that has been handed over to the kernel * we must not call the normal socket function to figure out @@ -537,7 +537,7 @@ multi_tcp_dispatch(struct multi_context *m, struct multi_instance *mi, const int case TA_INITIAL: ASSERT(mi); - if (!mi->context.c2.link_socket->info.dco_installed) + if (!mi->context.c2.link_socket->info.lsa->actual.dco_installed) { multi_tcp_set_global_rw_flags(m, mi); } @@ -590,7 +590,7 @@ multi_tcp_post(struct multi_context *m, struct multi_instance *mi, const int act } else { - if (!c->c2.link_socket->info.dco_installed) + if (!c->c2.link_socket->info.lsa->actual.dco_installed) { multi_tcp_set_global_rw_flags(m, mi); } diff --git a/src/openvpn/socket.h b/src/openvpn/socket.h index 462afa31b..11b37d005 100644 --- a/src/openvpn/socket.h +++ b/src/openvpn/socket.h @@ -88,6 +88,7 @@ struct link_socket_actual /*int dummy;*/ /* add offset to force a bug if dest not explicitly dereferenced */ struct openvpn_sockaddr dest; + bool dco_installed; #if ENABLE_IP_PKTINFO union { #if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) @@ -121,7 +122,6 @@ struct link_socket_info sa_family_t af; /* Address family like AF_INET, AF_INET6 or AF_UNSPEC*/ bool bind_ipv6_only; int mtu_changed; /* Set to true when mtu value is changed */ - bool dco_installed; }; /* @@ -1073,7 +1073,7 @@ link_socket_read(struct link_socket *sock, struct link_socket_actual *from) { if (proto_is_udp(sock->info.proto) - || sock->info.dco_installed) + || sock->info.lsa->actual.dco_installed) /* unified UDPv4 and UDPv6, for DCO the kernel * will strip the length header */ { @@ -1190,7 +1190,7 @@ link_socket_write(struct link_socket *sock, struct buffer *buf, struct link_socket_actual *to) { - if (proto_is_udp(sock->info.proto) || sock->info.dco_installed) + if (proto_is_udp(sock->info.proto) || to->dco_installed) { /* unified UDPv4 and UDPv6 and DCO (kernel adds size header) */ return link_socket_write_udp(sock, buf, to);