From patchwork Sat Dec 24 19:42:47 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2942 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp1133877dyk; Sat, 24 Dec 2022 11:43:58 -0800 (PST) X-Google-Smtp-Source: AMrXdXuEbXaBQvpaszA+M6iWYtfVlQpRU4EGwwR7inKhk7rQeVIBXStuw+OZ9+zrUjI5Zkhs8DPh X-Received: by 2002:a17:902:ff0f:b0:186:b88c:2c5e with SMTP id f15-20020a170902ff0f00b00186b88c2c5emr17005379plj.4.1671911038755; Sat, 24 Dec 2022 11:43:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1671911038; cv=none; d=google.com; s=arc-20160816; b=zg5L3l5LZXSHaHMe3uLXfKFhx8PzWVxArhJB7zDBNjzOYECcWKokqQ0AA99Dmc/o5M zIAVgKnZJ3jrIwedTWS0kwOGzelA26XuNLR4dfgcEcL4vc5a0aZ19z+BHIk+/TKbugHV eaS8p9bnpzUE0pQt8+7olTD7vlOZ1mvvCI46/eWEHGCPVHPWc+j2bD/Qhthy+nxfryQz BccZX7WMN3hWyRxz6tVm7HICJo/Y7fKVWadGwDhY9EvKeHoOC1yyKh1EMiUBFJNBKOqv 7GTJSABd+JUbEw8+OYC39/9Cog2xRc867VnMUZipFWb8RlHUCyhJT3ThS/X06xjYkf1W UK1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=qd8ElWy/pej+PS6G2edJju0ppY3Q4d0QjtcTdlr3nbA=; b=YJIoGa8jTJvJ03yCOFBWxrtWYwi+m0ygQzUjBu8f+joBGeSNcVno8n4nbUICk5v5Ll GXhiTGp0DwaE97gCMiQZfyIzJn7wD1Enj9qbOHQPNsjIsNenl11n9c4xCy3z/kI4zr/X 4JJVChhHEMU4aIyY8felNDVoEM0iKbVK0XomdUHND387OrSAWqJADfNjhTBsfzd+dh2S 5kgPjle1t5hqwuNxhvsfo5ssm2Q4VyoVsVLkb9yuNKq246uIpBIei6MJCMkalfFvA246 rbp8ZRxzlfmuJn3LRQJJuSXFspcUcpoNsRDg/UpfEu3W0xkGUf7u0YUs68iVIxG4GZCh 63cw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=PKE6kx1H; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="K6/sLikU"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id d3-20020a170903230300b0018862b71d11si7066703plh.381.2022.12.24.11.43.58 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 24 Dec 2022 11:43:58 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=PKE6kx1H; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="K6/sLikU"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1p9AQJ-0003YA-0Q; Sat, 24 Dec 2022 19:43:11 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1p9AQC-0003Xl-Rw for openvpn-devel@lists.sourceforge.net; Sat, 24 Dec 2022 19:43:04 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=DRtnFvJG6Th1zByGOkUEQJS02PKb168Ths5+cnOUl3M=; b=PKE6kx1HZ/QKhAM/MR8jvYQn5Q /eBia68oRfiaqpAQDtVaHLblv7Eia3Tsqhq90n5Ci0H1Im9cb8gJmzV/SW/cegzK0LuLLZ/YwAo0U WAdhLW5nDjuqdB2a67hYQbnPFRohpQLUDQ5pS//WmQev1LavcUNqhLXHmy/4HDeG2HbU=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=DRtnFvJG6Th1zByGOkUEQJS02PKb168Ths5+cnOUl3M=; b=K6/sLikUDjVFDP46zDtyRjIvjs xO5O8FlqQElD8G65aFENIVCit2re3QmWRyj/MY5qxhegsrRocBTCxH7vW7iKTm8QvwfZtRcxp1Crs 0k5N76TZKNbQUYrqM7HPStff3sfXQUGrwCQkeuJ8RxZKuXftSh/gShoLBdRPGtProYco=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1p9AQA-0000xe-LD for openvpn-devel@lists.sourceforge.net; Sat, 24 Dec 2022 19:43:04 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1p9AQ1-000H1Z-Ll for openvpn-devel@lists.sourceforge.net; Sat, 24 Dec 2022 20:42:53 +0100 Received: (nullmailer pid 3202285 invoked by uid 10006); Sat, 24 Dec 2022 19:42:53 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Sat, 24 Dec 2022 20:42:47 +0100 Message-Id: <20221224194253.3202231-4-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221224194253.3202231-1-arne@rfc2549.org> References: <20221224194253.3202231-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Score: 0.3 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: this change was done in order to be able to differentiate when needing to use dco and when to use normal socket sendto. Since we want to eventually completely use the userspace sockets for sending/rec [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1p9AQA-0000xe-LD Subject: [Openvpn-devel] [PATCH 3/9] Move dco_installed back to link_socket from link_socket.info.actual X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1753125789340876816?= X-GMAIL-MSGID: =?utf-8?q?1753125789340876816?= this change was done in order to be able to differentiate when needing to use dco and when to use normal socket sendto. Since we want to eventually completely use the userspace sockets for sending/receiving, we just switch to always use UDP sendto even if the socket is already installed in the kernel. Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- src/openvpn/dco.c | 23 ++--------------------- src/openvpn/forward.c | 13 +++++++------ src/openvpn/init.c | 2 +- src/openvpn/mtcp.c | 6 +++--- src/openvpn/socket.c | 8 ++++---- src/openvpn/socket.h | 11 +++++------ 6 files changed, 22 insertions(+), 41 deletions(-) diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c index 993265188..2f4d0f779 100644 --- a/src/openvpn/dco.c +++ b/src/openvpn/dco.c @@ -456,22 +456,6 @@ dco_check_pull_options(int msglevel, const struct options *o) return true; } -static void -addr_set_dco_installed(struct context *c) -{ - /* We ensure that all addresses we currently hold have the dco_installed - * bit set */ - for (int i = 0; i < KEY_SCAN_SIZE; ++i) - { - struct key_state *ks = get_key_scan(c->c2.tls_multi, i); - if (ks) - { - ks->remote_addr.dco_installed = true; - } - } - get_link_socket_info(c)->lsa->actual.dco_installed = true; -} - int dco_p2p_add_new_peer(struct context *c) { @@ -484,8 +468,6 @@ dco_p2p_add_new_peer(struct context *c) ASSERT(ls->info.connection_established); - addr_set_dco_installed(c); - struct sockaddr *remoteaddr = &ls->info.lsa->actual.dest.addr.sa; struct tls_multi *multi = c->c2.tls_multi; #ifdef TARGET_FREEBSD @@ -505,7 +487,7 @@ dco_p2p_add_new_peer(struct context *c) } c->c2.tls_multi->dco_peer_id = multi->peer_id; - c->c2.link_socket->info.lsa->actual.dco_installed = true; + c->c2.link_socket->dco_installed = true; return 0; } @@ -595,7 +577,6 @@ dco_multi_add_new_peer(struct multi_context *m, struct multi_instance *mi) ASSERT(c->c2.link_socket_info->connection_established); remoteaddr = &c->c2.link_socket_info->lsa->actual.dest.addr.sa; } - addr_set_dco_installed(c); /* In server mode we need to fetch the remote addresses from the push config */ struct in_addr vpn_ip4 = { 0 }; @@ -633,7 +614,7 @@ dco_multi_add_new_peer(struct multi_context *m, struct multi_instance *mi) { msg(D_DCO|M_ERRNO, "error closing TCP socket after DCO handover"); } - c->c2.link_socket->info.lsa->actual.dco_installed = true; + c->c2.link_socket->dco_installed = true; c->c2.link_socket->sd = SOCKET_UNDEFINED; } diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index c04511ee1..64c8ee6a0 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -1674,9 +1674,10 @@ process_ip_header(struct context *c, unsigned int flags, struct buffer *buf) } } -/* Linux DCO implementations pass the socket to the kernel and - * disallow usage of it from userland, so (control) packets sent and - * received by OpenVPN need to go through the DCO interface. +/* + * Linux DCO implementations pass the socket to the kernel and + * disallow usage of it from userland for TCP, so (control) packets + * sent and received by OpenVPN need to go through the DCO interface. * * Windows DCO needs control packets to be sent via the normal * standard Overlapped I/O. @@ -1688,10 +1689,10 @@ process_ip_header(struct context *c, unsigned int flags, struct buffer *buf) * in the future...) in a small inline function. */ static inline bool -should_use_dco_socket(struct link_socket_actual *actual) +should_use_dco_socket(struct link_socket *ls) { #if defined(TARGET_LINUX) - return actual->dco_installed; + return ls->dco_installed && proto_is_tcp(ls->info.proto); #else return false; #endif @@ -1770,7 +1771,7 @@ process_outgoing_link(struct context *c) socks_preprocess_outgoing_link(c, &to_addr, &size_delta); /* Send packet */ - if (should_use_dco_socket(c->c2.to_link_addr)) + if (should_use_dco_socket(c->c2.link_socket)) { size = dco_do_write(&c->c1.tuntap->dco, c->c2.tls_multi->dco_peer_id, diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 409a8be2a..3380ed9e6 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -3696,7 +3696,7 @@ do_close_link_socket(struct context *c) * closed in do_close_tun(). Set it to UNDEFINED so * we won't use WinSock API to close it. */ if (tuntap_is_dco_win(c->c1.tuntap) && c->c2.link_socket - && c->c2.link_socket->info.lsa->actual.dco_installed) + && c->c2.link_socket->dco_installed) { c->c2.link_socket->sd = SOCKET_UNDEFINED; } diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c index 07da15a6d..ac06ddc64 100644 --- a/src/openvpn/mtcp.c +++ b/src/openvpn/mtcp.c @@ -402,7 +402,7 @@ multi_tcp_wait_lite(struct multi_context *m, struct multi_instance *mi, const in tv_clear(&c->c2.timeval); /* ZERO-TIMEOUT */ - if (mi && mi->context.c2.link_socket->info.lsa->actual.dco_installed) + if (mi && mi->context.c2.link_socket->dco_installed) { /* If we got a socket that has been handed over to the kernel * we must not call the normal socket function to figure out @@ -537,7 +537,7 @@ multi_tcp_dispatch(struct multi_context *m, struct multi_instance *mi, const int case TA_INITIAL: ASSERT(mi); - if (!mi->context.c2.link_socket->info.lsa->actual.dco_installed) + if (!mi->context.c2.link_socket->dco_installed) { multi_tcp_set_global_rw_flags(m, mi); } @@ -590,7 +590,7 @@ multi_tcp_post(struct multi_context *m, struct multi_instance *mi, const int act } else { - if (!c->c2.link_socket->info.lsa->actual.dco_installed) + if (!c->c2.link_socket->dco_installed) { multi_tcp_set_global_rw_flags(m, mi); } diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index 82787f9f2..c7ec0e06d 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -2147,7 +2147,7 @@ create_socket_dco_win(struct context *c, struct link_socket *sock, get_server_poll_remaining_time(sock->server_poll_timeout), signal_received); - sock->info.lsa->actual.dco_installed = true; + sock->dco_installed = true; if (*signal_received) { @@ -3480,7 +3480,7 @@ link_socket_write_udp_posix_sendmsg(struct link_socket *sock, static int socket_get_last_error(const struct link_socket *sock) { - if (sock->info.lsa->actual.dco_installed) + if (sock->dco_installed) { return GetLastError(); } @@ -3521,7 +3521,7 @@ socket_recv_queue(struct link_socket *sock, int maxsize) ASSERT(ResetEvent(sock->reads.overlapped.hEvent)); sock->reads.flags = 0; - if (sock->info.lsa->actual.dco_installed) + if (sock->dco_installed) { status = ReadFile((HANDLE)sock->sd, wsabuf[0].buf, wsabuf[0].len, &sock->reads.size, &sock->reads.overlapped); @@ -3626,7 +3626,7 @@ socket_send_queue(struct link_socket *sock, struct buffer *buf, const struct lin ASSERT(ResetEvent(sock->writes.overlapped.hEvent)); sock->writes.flags = 0; - if (sock->info.lsa->actual.dco_installed) + if (sock->dco_installed) { status = WriteFile((HANDLE)sock->sd, wsabuf[0].buf, wsabuf[0].len, &sock->writes.size, &sock->writes.overlapped); diff --git a/src/openvpn/socket.h b/src/openvpn/socket.h index 929ef8187..05c31b104 100644 --- a/src/openvpn/socket.h +++ b/src/openvpn/socket.h @@ -88,7 +88,6 @@ struct link_socket_actual /*int dummy;*/ /* add offset to force a bug if dest not explicitly dereferenced */ struct openvpn_sockaddr dest; - bool dco_installed; #if ENABLE_IP_PKTINFO union { #if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) @@ -169,6 +168,7 @@ struct link_socket socket_descriptor_t sd; socket_descriptor_t ctrl_sd; /* only used for UDP over Socks */ + bool dco_installed; #ifdef _WIN32 struct overlapped_io reads; @@ -1036,7 +1036,7 @@ link_socket_read_udp_win32(struct link_socket *sock, struct link_socket_actual *from) { sockethandle_t sh = { .s = sock->sd }; - if (sock->info.lsa->actual.dco_installed) + if (sock->dco_installed) { *from = sock->info.lsa->actual; sh.is_handle = true; @@ -1058,8 +1058,7 @@ link_socket_read(struct link_socket *sock, struct buffer *buf, struct link_socket_actual *from) { - if (proto_is_udp(sock->info.proto) - || sock->info.lsa->actual.dco_installed) + if (proto_is_udp(sock->info.proto) || sock->dco_installed) /* unified UDPv4 and UDPv6, for DCO the kernel * will strip the length header */ { @@ -1102,7 +1101,7 @@ link_socket_write_win32(struct link_socket *sock, { int err = 0; int status = 0; - sockethandle_t sh = { .s = sock->sd, .is_handle = sock->info.lsa->actual.dco_installed }; + sockethandle_t sh = { .s = sock->sd, .is_handle = sock->dco_installed }; if (overlapped_io_active(&sock->writes)) { status = sockethandle_finalize(sh, &sock->writes, NULL, NULL); @@ -1176,7 +1175,7 @@ link_socket_write(struct link_socket *sock, struct buffer *buf, struct link_socket_actual *to) { - if (proto_is_udp(sock->info.proto) || to->dco_installed) + if (proto_is_udp(sock->info.proto) || sock->dco_installed) { /* unified UDPv4 and UDPv6 and DCO (kernel adds size header) */ return link_socket_write_udp(sock, buf, to);