From patchwork Sat Dec 24 19:42:48 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2939 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp1133851dyk; Sat, 24 Dec 2022 11:43:56 -0800 (PST) X-Google-Smtp-Source: AMrXdXtpZL58tou+iNAhRpFAgRViFkuQrm4oudi10KoEYLS+IBpTXkDW9CYaCwvvietQMaKchNVw X-Received: by 2002:aa7:9382:0:b0:56b:da42:95c7 with SMTP id t2-20020aa79382000000b0056bda4295c7mr15196092pfe.30.1671911035991; Sat, 24 Dec 2022 11:43:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1671911035; cv=none; d=google.com; s=arc-20160816; b=FiGhDUpJAlFv5+vpD84A8IebAFUjwdmvUyGA0kzJbUBT04r80MlEdkkS3l9VnEgf0j RheepefdNE5XKPrVYXFNdD55wNgUveUgUT3Wy1wQahwqQqYDNh3rbJyCkXmoCwWyL+dd HhOOzAj189IOJY2DtWdDDIrph4LLh+Qb4E7ekcEaSK2DpoSSV5hOUcYhq0GDvNwSYPuf ElTm6AvQSNolRyPYHV/N7j9LMk9kHf1QJYtCWxB3/NFCiFljIn2rKBLnHroqQ14GEd04 QmBJpGzZk5ciWqJ6E9PpW7rzHxKN8ZNBrptXkxpszOv6hpM0QvDtyWzVpWBM+XTrSlFV fI7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=ItpvfTXAS6tYZDBS1f/KZHDXe9/u0sOHm9HhLF+5Z8U=; b=Tz18QSCO/mYmWT3qMA7ErWEdwVZWtnKOFQ3K3Zt+IS5EWQ878uXA3zG+U1cDxBGuG/ 8kjRs5dlnCBRnUWs7FIL9uT6haFcJQjfuGuvQyzzhJq/bH+cZAuJ3cK5YT7No2l7AC8u mZvCIrnFVrexKdM3shN6MTA/uekP2OGjDrzTym/LIpFPDA3iOrE+aj1YdOdeV1LYVFrM 2NormbDIml4ghXGVDLby6ZTs8DZsk8yMIJHUGx/VnsqKASPwR7vOWw4bk9dm6+T42W3w 5wonhBBWaOoGrq0GRN9SW84t3Cn1MzljjvS1rJRmxyuBpyVToYjEkxFVFS6zsPNeQTMN yDnA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=SEROSpco; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=OY2txT1m; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id bd9-20020a056a00278900b00557eeba9fa4si4651836pfb.91.2022.12.24.11.43.55 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 24 Dec 2022 11:43:55 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=SEROSpco; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=OY2txT1m; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1p9AQE-0005pq-4K; Sat, 24 Dec 2022 19:43:06 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1p9AQC-0005pj-4R for openvpn-devel@lists.sourceforge.net; Sat, 24 Dec 2022 19:43:04 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=565cBcpC2mPGJMkWRUChrkTHAwcVg/S5aSsSVzDpXqM=; b=SEROSpcoExLnkc7vKDI6C8N4oC hhfIR4HbQBv1mUaHTzjrQx8pqMKRtho86k3udRvnikdDb9Cr+hoT1i/oBZc/1AUyA6cUNgw00+coh HXWPwKVR5FTMGeDR2eYry3EUmq61y+H07DncxlrJPlfAh+CTeIGNrw2PqpAyOxue8cIM=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=565cBcpC2mPGJMkWRUChrkTHAwcVg/S5aSsSVzDpXqM=; b=OY2txT1mTCFKXCfJmBLlSeN76+ R3nrNlhcF9S5fbSGkspSho92jHyEfJYKpOOYLRt2tCaBvhC1Ajk7nR9NR2F3BsbVNnKD2bU68FCPn zBKqOZvsXW8Xoz5AZEYuofGbysKGIH4jaWEzgwRisJDkbGiKBanPgO/zbrK+4knC/Iqw=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1p9AQA-0000xd-LO for openvpn-devel@lists.sourceforge.net; Sat, 24 Dec 2022 19:43:04 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1p9AQ1-000H1b-MT for openvpn-devel@lists.sourceforge.net; Sat, 24 Dec 2022 20:42:53 +0100 Received: (nullmailer pid 3202288 invoked by uid 10006); Sat, 24 Dec 2022 19:42:53 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Sat, 24 Dec 2022 20:42:48 +0100 Message-Id: <20221224194253.3202231-5-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221224194253.3202231-1-arne@rfc2549.org> References: <20221224194253.3202231-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Score: 0.3 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: with dco sometimes we end up promoting a timeout event to write event or read event. For the residual read, this problem is probably not solvable without changing the kernel DCO API Signed-off-by: Arne Schwabe --- src/openvpn/forward.c | 24 src/openvpn/forward.h | 30 ++++++++++++++++++++++++++++++ src/openvpn/mtcp.c | 14 ++++++++++++-- [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1p9AQA-0000xd-LO Subject: [Openvpn-devel] [PATCH 4/9] Ensure we do not promote a TA_TIMEOUT to a TA_WRITE/TA_READ event with dco X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1753125786838292022?= X-GMAIL-MSGID: =?utf-8?q?1753125786838292022?= with dco sometimes we end up promoting a timeout event to write event or read event. For the residual read, this problem is probably not solvable without changing the kernel DCO API Signed-off-by: Arne Schwabe --- src/openvpn/forward.c | 24 ------------------------ src/openvpn/forward.h | 30 ++++++++++++++++++++++++++++++ src/openvpn/mtcp.c | 14 ++++++++++++-- 3 files changed, 42 insertions(+), 26 deletions(-) diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 64c8ee6a0..17a14f0bd 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -1674,30 +1674,6 @@ process_ip_header(struct context *c, unsigned int flags, struct buffer *buf) } } -/* - * Linux DCO implementations pass the socket to the kernel and - * disallow usage of it from userland for TCP, so (control) packets - * sent and received by OpenVPN need to go through the DCO interface. - * - * Windows DCO needs control packets to be sent via the normal - * standard Overlapped I/O. - * - * FreeBSD DCO allows control packets to pass through the socket in both - * directions. - * - * Hide that complexity (...especially if more platforms show up - * in the future...) in a small inline function. - */ -static inline bool -should_use_dco_socket(struct link_socket *ls) -{ -#if defined(TARGET_LINUX) - return ls->dco_installed && proto_is_tcp(ls->info.proto); -#else - return false; -#endif -} - /* * Input: c->c2.to_link */ diff --git a/src/openvpn/forward.h b/src/openvpn/forward.h index bd2d96010..e50f235da 100644 --- a/src/openvpn/forward.h +++ b/src/openvpn/forward.h @@ -424,4 +424,34 @@ connection_established(struct context *c) } } + +/** + * @param ls the link_socket the decision should be made for + * @return if we should use the dco kernel api or normal socket APIs for + * write/send + * + * + * Linux DCO implementations pass the socket to the kernel and + * disallow usage of it from userland for TCP, so (control) packets + * sent and received by OpenVPN need to go through the DCO interface. + * + * Windows DCO needs control packets to be sent via the normal + * standard Overlapped I/O. + * + * FreeBSD DCO allows control packets to pass through the socket in both + * directions. + * + * Hide that complexity (...especially if more platforms show up + * in the future...) in a small inline function. + */ +static inline bool +should_use_dco_socket(struct link_socket *ls) +{ +#if defined(TARGET_LINUX) + return ls->dco_installed && proto_is_tcp(ls->info.proto); +#else + return false; +#endif +} + #endif /* FORWARD_H */ diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c index ac06ddc64..263f4d994 100644 --- a/src/openvpn/mtcp.c +++ b/src/openvpn/mtcp.c @@ -407,7 +407,7 @@ multi_tcp_wait_lite(struct multi_context *m, struct multi_instance *mi, const in /* If we got a socket that has been handed over to the kernel * we must not call the normal socket function to figure out * if it is readable or writable */ - /* Assert that we only have the DCO exptected flags */ + /* Assert that we only have the DCO expected flags */ ASSERT(action & (TA_SOCKET_READ | TA_SOCKET_WRITE)); /* We are always ready! */ @@ -567,7 +567,7 @@ multi_tcp_post(struct multi_context *m, struct multi_instance *mi, const int act { flags |= MTP_TUN_OUT; } - if (LINK_OUT(c)) + if (LINK_OUT(c) && !should_use_dco_socket(c->c2.link_socket)) { flags |= MTP_LINK_OUT; } @@ -586,6 +586,16 @@ multi_tcp_post(struct multi_context *m, struct multi_instance *mi, const int act case MTP_NONE: if (mi && socket_read_residual(c->c2.link_socket)) { + if (should_use_dco_socket(c->c2.link_socket)) + { + struct gc_arena gc = gc_new(); + msg(M_INFO, "ovpn-dco installed socket with residual read " + "len=%d, mi=%s. This connection will probably" + " break.", BLEN(&c->c2.link_socket->stream_buf.residual), + multi_instance_string(mi, false, &gc)); + gc_free(&gc); + break; + } newaction = TA_SOCKET_READ_RESIDUAL; } else