| Message ID | 20230112163737.1240059-1-arne@rfc2549.org |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [Openvpn-devel] Workaround: make ovpn-dco more reliable | expand |
Hi, On 12/01/2023 17:37, Arne Schwabe wrote: > This workaround avoids the kernel trigger ENOBUFS when the kernel > internal queue is overrun with events of disconnectingh clients or > similar. This is a workaround until we come up with a more permanent > solution. > > Signed-off-by: Arne Schwabe <arne@rfc2549.org> After further discussion and deeper testing, we concluded that it is possible to generate so much netlink traffic that we can easily fill the buffers and start losing message or get desync'd with kernelspace. The long term solution is improving ovpn-dco (kernel module) to reduce such traffic, however, for now it makes sense to extend the userspace buffer in order to decrease the likelihood of filling it up during normal operations. Therefore this patch gets my ACK: Acked-by: Antonio Quartulli <a@unstable.cc> [please add spaces around the '*' operator] > --- > src/openvpn/dco_linux.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c > index 5524cdbcd..c84f9cfe1 100644 > --- a/src/openvpn/dco_linux.c > +++ b/src/openvpn/dco_linux.c > @@ -375,6 +375,11 @@ ovpn_dco_init_netlink(dco_context_t *dco) > * wrong sequence numbers (NLE_SEQ_MISMATCH), so disable libnl's sequence > * number check */ > nl_socket_disable_seq_check(dco->nl_sock); > + > + /* nl library sets the buffer size to 32k/32k by default which is sometimes > + * overrun with very fast connecting/disconnecting clients. > + * TODO: fix this in a better and more reliable way */ > + ASSERT(!nl_socket_set_buffer_size(dco->nl_sock, 1024*1024, 1024*1024)); > } > > bool
"Another bandaid so 2.6 does not fall apart right away"... but anyway,
while not pretty, it seems to get the job done...
Tested on the Ubuntu 20.04 / DCO server, client and server.
Your patch has been applied to the master and release/2.6 branch.
commit f84a9fc5d4ac0f24912d239a3fccf3701926a50c (master)
commit 74a7cf9b9b9a4cb04d0bff9a85880e9bafbefca8 (release/2.6)
Author: Arne Schwabe
Date: Thu Jan 12 17:37:37 2023 +0100
Workaround: make ovpn-dco more reliable
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <20230112163737.1240059-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25988.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
--
kind regards,
Gert Doering
diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c index 5524cdbcd..c84f9cfe1 100644 --- a/src/openvpn/dco_linux.c +++ b/src/openvpn/dco_linux.c @@ -375,6 +375,11 @@ ovpn_dco_init_netlink(dco_context_t *dco) * wrong sequence numbers (NLE_SEQ_MISMATCH), so disable libnl's sequence * number check */ nl_socket_disable_seq_check(dco->nl_sock); + + /* nl library sets the buffer size to 32k/32k by default which is sometimes + * overrun with very fast connecting/disconnecting clients. + * TODO: fix this in a better and more reliable way */ + ASSERT(!nl_socket_set_buffer_size(dco->nl_sock, 1024*1024, 1024*1024)); } bool
This workaround avoids the kernel trigger ENOBUFS when the kernel internal queue is overrun with events of disconnectingh clients or similar. This is a workaround until we come up with a more permanent solution. Signed-off-by: Arne Schwabe <arne@rfc2549.org> --- src/openvpn/dco_linux.c | 5 +++++ 1 file changed, 5 insertions(+)