diff mbox series

[Openvpn-devel,v1] Fix FreeBSD-DCO and Multisocket interaction

Message ID 20250402132148.18810-1-gert@greenie.muc.de
State Accepted
Headers show
Series [Openvpn-devel,v1] Fix FreeBSD-DCO and Multisocket interaction | expand

Commit Message

Gert Doering April 2, 2025, 1:21 p.m. UTC 
From: Gianmarco De Gregori <gianmarco@mandelbit.com>

FreeBSD-DCO does not support TCP as transport protocol so in order to
be able to use DCO in a multi-socket environment we need to check the
local_list entries and disable DCO if any of the listening socket
is TCP.

While at it, removed some dead code left from Multisocket polishing.

Github: closes OpenVPN/openvpn#710

Change-Id: I9b6359076a61ae2bbb8e5cea00e33969cb5f92cf
Signed-off-by: Gianmarco De Gregori <gianmarco@mandelbit.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/925
This mail reflects revision 1 of this Change.

Acked-by according to Gerrit (reflected above):
Gert Doering <gert@greenie.muc.de>

Comments

Gert Doering April 2, 2025, 6:31 p.m. UTC | #1 
Thanks for fixing this.  Stared at the code, discussed a bit, and actually
went out and tested (on FreeBSD 14 server test set).  Without the patch
an instance with both UDP and TCP starts with DCO and dies miserably
when a TCP connection comes in - with the patch, it will disable DCO,
and do UDP+TCP in userland (kernel doesn't do TCP, so there is nothing
we can do).  With multiple UDP sockets, DCO works.

Your patch has been applied to the master branch.

commit a061b3a94c5489a2f207189343f1c235e8181b87
Author: Gianmarco De Gregori
Date:   Wed Apr 2 15:21:42 2025 +0200

     Fix FreeBSD-DCO and Multisocket interaction

     Signed-off-by: Gianmarco De Gregori <gianmarco@mandelbit.com>
     Acked-by: Gert Doering <gert@greenie.muc.de>
     Message-Id: <20250402132148.18810-1-gert@greenie.muc.de>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg31324.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering
diff mbox series

Patch

diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index d00958d..7ad9cb3 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -260,10 +260,16 @@ 
     }
 
 #if defined(TARGET_FREEBSD)
-    if (!proto_is_udp(ce->proto))
+    if (ce->local_list)
     {
-        msg(msglevel, "NOTE: TCP transport disables data channel offload on FreeBSD.");
-        return false;
+        for (int i = 0; i < ce->local_list->len; i++)
+        {
+            if (!proto_is_dgram(ce->local_list->array[i]->proto))
+            {
+                msg(msglevel, "NOTE: TCP transport disables data channel offload on FreeBSD.");
+                return false;
+            }
+        }
     }
 #endif
 
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 99dd60a..6605a42 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -9577,20 +9577,3 @@ 
 
     return false;
 }
-
-bool
-has_tcp_in_local_list(const struct options *options)
-{
-    if (options->ce.local_list)
-    {
-        for (int i = 0; i < options->ce.local_list->len; i++)
-        {
-            if (!proto_is_dgram(options->ce.local_list->array[i]->proto))
-            {
-                return true;
-            }
-        }
-    }
-
-    return false;
-}
diff --git a/src/openvpn/options.h b/src/openvpn/options.h
index fa617c8..8d1ef6c 100644
--- a/src/openvpn/options.h
+++ b/src/openvpn/options.h
@@ -921,8 +921,6 @@ 
 
 bool has_udp_in_local_list(const struct options *options);
 
-bool has_tcp_in_local_list(const struct options *options);
-
 /**
  * Returns whether the current configuration has dco enabled.
  */