From patchwork Wed Sep 25 06:30:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 3871 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:6c93:b0:5b9:581e:f939 with SMTP id p19csp149342may; Tue, 24 Sep 2024 23:30:43 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCUhIz/fDepX+8h8pffL/Ib9yFJvp3C2itrqpqKZBehadGgXQgeq9On8qqlxr2+/ZTXiVFcE7ZGneFc=@openvpn.net X-Google-Smtp-Source: AGHT+IGugC8z9Vd7gcaBUerRelZt5JEbVWRjkSjGgnBz50Vzj0AYlb/+gzFVTBx+gxvAooCs5mNg X-Received: by 2002:a05:6830:2b2c:b0:710:e6a9:e39c with SMTP id 46e09a7af769-713c7d94cf3mr1282329a34.5.1727245843532; Tue, 24 Sep 2024 23:30:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1727245843; cv=none; d=google.com; s=arc-20240605; b=KvJiK7QTc0sU96c4UxcZHPT0KPSnVuiyblXY8K9oxpYJd2dfqTFxZRvycjEHyJBQ3p IdjEyC+e2NQpP1I7dEGJuJEDZDCspvfhCU6vow6epGrsWdo4p/dUSC/xFSi5RcFSDjGw +GQswRd5yNNUsJ8s0I2pcikTbZNUZPqtLhmrECCRUI6Vr0cZcG0bfb1sJFenR/GKmtkm rPZCiMuyP07ux54nxXSTdlcQk4P0S0s1c3hUgAZd9oi4+LH1j2PRUl/pQObvYiE7mbrZ ZIAUiAr3GPXPRtv9uMBs5cGfIAjQf0pqxM86p7hYO8jgiiZTBeZrvHomZMzcWTGVkd5e IQ+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=tbRR5ajywZuqll+Ks2KyY5n+9EYL3uotZ+IHfj0t/+8=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=jvAvvjACQhg1btjmhpOFMV8XvKNSXgfHXkwbuS/BZaTta9+Em3EWE44A0hGYYRj1le AlUAdBurFHFH9uFmDJlbopnm9vRg3ro4kiYqDBotUV+pgAt08iCrNyq87/UmyGHwf8H/ 0plCGaEbWLNP5FwI8k2p3s2tMDDYrQjhnmTPhD3ogs4K5Hzc3QhSuEIPjB7BxiF0QbW6 66dATj7yUTGWHwz/uXivAoq9JDkb9gW0mkiTQmjHud7kwCNeRtuSe9ChlV/pd/7+a0CS eV9qNPCuDxAMGJx3xBTMhswtQf9nBqlHjmLe6XwXw8ffq9pJjxiYSAhGRS5+56BP2MlT vXXA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=CfH0lS+W; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=hQlpsJRL; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 46e09a7af769-713beb6e5c9si1363151a34.238.2024.09.24.23.30.43 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 24 Sep 2024 23:30:43 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=CfH0lS+W; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=hQlpsJRL; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1stLXj-0004nW-FP; Wed, 25 Sep 2024 06:30:30 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1stLXg-0004nP-Qv for openvpn-devel@lists.sourceforge.net; Wed, 25 Sep 2024 06:30:28 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=8ntJFfb3FpjxzNFezy4QXI9J1Y/wDD+TWCw4mlfbuYI=; b=CfH0lS+WkHgYGHvTQAfQuKD7XY piGUMwuN49zxMQN7bm+wcul6QrhyhZ5dxU3M6hsCK+afTsty4heajwbLF7oCeHbacw0QhWbes9CU9 PzPlK2PeHHl6zwxluHL8uuuK236w3KKua+PaOsGIJY4whX0JnpZlgJ9fQk2j1Y5FvvvM=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=8ntJFfb3FpjxzNFezy4QXI9J1Y/wDD+TWCw4mlfbuYI=; b=hQlpsJRLbz6j3kQ7JHtrqC5eU1 JS145CQTONMS2jN2XBquMxbvrUQf4zQ1Gi5Yhw66wcOGlq2GfnjCAjlJ0g/S6HKTvD1JnDTDCJLzD Q5iSuNZWbvMWXZ9wfIT7algeJ0nIHaupLUqQef4QyPY0g4kJ95Enx83bRXjlyWQ7jr4A=; Received: from dhcp-174.greenie.muc.de ([193.149.48.174] helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1stLXc-00047I-3J for openvpn-devel@lists.sourceforge.net; Wed, 25 Sep 2024 06:30:28 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 48P6UHF7022544 for ; Wed, 25 Sep 2024 08:30:17 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 48P6UHHC022543 for openvpn-devel@lists.sourceforge.net; Wed, 25 Sep 2024 08:30:17 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Wed, 25 Sep 2024 08:30:16 +0200 Message-ID: <20240925063016.22532-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.44.2 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: -0.0 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Arne Schwabe Without this change, pinging a lwipovpn client with something like a 3000 byte payload on macOS often fails as the default buffer sizes on macOS are 2048 for send and 4096 for receive. Content analysis details: (-0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record X-Headers-End: 1stLXc-00047I-3J Subject: [Openvpn-devel] [PATCH v2] Ensure that the AF_UNIX socket pair has at least 65k of buffer space X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1811148537881034658?= X-GMAIL-MSGID: =?utf-8?q?1811148537881034658?= From: Arne Schwabe Without this change, pinging a lwipovpn client with something like a 3000 byte payload on macOS often fails as the default buffer sizes on macOS are 2048 for send and 4096 for receive. Change-Id: Ice015df81543c01094479929f0cb3075ca4f3813 Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/754 This mail reflects revision 2 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index 6c790a0..7b1e603 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -890,20 +890,23 @@ #endif } -static void -socket_set_buffers(socket_descriptor_t fd, const struct socket_buffer_size *sbs) +void +socket_set_buffers(socket_descriptor_t fd, const struct socket_buffer_size *sbs, + bool reduce_size) { if (sbs) { const int sndbuf_old = socket_get_sndbuf(fd); const int rcvbuf_old = socket_get_rcvbuf(fd); - if (sbs->sndbuf) + if (sbs->sndbuf + && (reduce_size || sndbuf_old < sbs->sndbuf)) { socket_set_sndbuf(fd, sbs->sndbuf); } - if (sbs->rcvbuf) + if (sbs->rcvbuf + && (reduce_size || rcvbuf_old < sbs->rcvbuf)) { socket_set_rcvbuf(fd, sbs->rcvbuf); } @@ -986,7 +989,7 @@ { ls->socket_buffer_sizes.sndbuf = sndbuf; ls->socket_buffer_sizes.rcvbuf = rcvbuf; - socket_set_buffers(ls->sd, &ls->socket_buffer_sizes); + socket_set_buffers(ls->sd, &ls->socket_buffer_sizes, true); } } @@ -1136,7 +1139,7 @@ sock->info.af = addr->ai_family; /* set socket buffers based on --sndbuf and --rcvbuf options */ - socket_set_buffers(sock->sd, &sock->socket_buffer_sizes); + socket_set_buffers(sock->sd, &sock->socket_buffer_sizes, true); /* set socket to --mark packets with given value */ socket_set_mark(sock->sd, sock->mark); diff --git a/src/openvpn/socket.h b/src/openvpn/socket.h index bbdabfb..2e583af 100644 --- a/src/openvpn/socket.h +++ b/src/openvpn/socket.h @@ -157,6 +157,18 @@ int sndbuf; }; +/** + * Sets the receive and send buffer sizes of a socket descriptor. + * + * @param fd The socket to modify + * @param sbs new sizes. + * @param reduce_size apply the new size even if smaller than current one + */ +void +socket_set_buffers(socket_descriptor_t fd, + const struct socket_buffer_size *sbs, + bool reduce_size); + /* * This is the main socket structure used by OpenVPN. The SOCKET_ * defines try to abstract away our implementation differences between diff --git a/src/openvpn/tun_afunix.c b/src/openvpn/tun_afunix.c index f4ce4b7..6b6c159 100644 --- a/src/openvpn/tun_afunix.c +++ b/src/openvpn/tun_afunix.c @@ -35,6 +35,7 @@ #include "wfp_block.h" #include "argv.h" #include "options.h" +#include "socket.h" #ifndef WIN32 /* Windows does implement some AF_UNIX functionality but key features @@ -80,6 +81,13 @@ return; } + + /* Ensure that the buffer sizes are decently sized. Otherwise macOS will + * just have 2048 */ + struct socket_buffer_size newsizes = {65536, 65536 }; + socket_set_buffers(fds[0], &newsizes, false); + socket_set_buffers(fds[1], &newsizes, false); + /* Use the first file descriptor for our side and avoid passing it * to the child */ tt->fd = fds[1];