From patchwork Tue Dec 9 15:38:56 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4670 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:29c3:b0:7b1:439f:bdf with SMTP id g3csp1416985max; Tue, 9 Dec 2025 07:39:18 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCXI/SSVRELifGKTpxMV5qLG9vcF/UNwiyvE/kC72eOLTc8/5QyE4aQYGplBJX5ikmXI3GLykOrhF1A=@openvpn.net X-Google-Smtp-Source: AGHT+IFJphJsqzcBei4uJyK2aja6oUoVGX4QDkVZQdbyNxdsfmNkpta1a0NK+Xayx7mIU4Tfhv7T X-Received: by 2002:a05:6870:d8cb:b0:3e8:172f:da82 with SMTP id 586e51a60fabf-3f543e8aec6mr4561527fac.19.1765294758062; Tue, 09 Dec 2025 07:39:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1765294758; cv=none; d=google.com; s=arc-20240605; b=cKrNmHgbyefbu73k16m26FxHaxRL2Fv+LyRXufI4x46mKoVz8iBUKCMex9CsnmvcVr 6ACnLMVQPK0Mv2kjlDnb0sHpy3ECSrOMTL6ZijZ+yTVbIoj4PtM6YvgSIOQ9Xvbd0SRt wA2qjatrlq6D0sGGlkhwEulV0SZ3cnGbW6BXkoq96F5l7hM900DVHirQgRXgJK7WMJ+Y m2O2p2TfaMCqGT6HACYBUUY5kxBgo1d290RltzoprM76wGDp3VQ7inWTUQgZfdW+MVOc JNCQpwa6vpxSUFuPCGaBeV7PftdaSgzqVqwrF10ZhKziPyHbmX7rDuRhrv6bef2Tr1BA irJw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=UOazoTR8FnREev3Idklh8+fcSZMYeYCvHAbhZt5mCxY=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=hi8PRI3IkhgdRejM29+k8ZYl/jd2EpQ7Qu+e8APN4LMvI4dBVqkguOtbPVdpcLA0sh XYxSGVYEE9q9j4KTHImoZyWn6c8pflmOC6TiHy7XDqBlxfv/5FtBKglKRwZEOzU/SAN9 cb9Qi66+PfmtMoU9kZPNKtM7BywVRg9bUFYgFFunP2CL7/vbJaN0bt4khBZyfs+iWCTz JfKPnzXElINX/d1klKdQFbzvbsu1eB+ApDe6XryK1KEsrgXbV7Myxm3s+hJcdVwsf6Fg tVy58Hqo0ESN+dtEnbecHAmTazfGVEoUG9BnxM4vbLqsqtY4WIp2eJKAghQe++n9JiqL LY/Q==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=l5F2FGKp; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=cSpdlxPC; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=ePHfrsq7; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-3f50aa1e2a9si9024549fac.200.2025.12.09.07.39.17 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 09 Dec 2025 07:39:18 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=l5F2FGKp; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=cSpdlxPC; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=ePHfrsq7; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=UOazoTR8FnREev3Idklh8+fcSZMYeYCvHAbhZt5mCxY=; b=l5F2FGKpR/C6zm7lxQ/HYA8mtZ rsvaaD+E9x373nIgqiqgKQSRXWZ9gN1pC4UPTB5UwKvPnGE2V98Vs2fVdvSnrZKaOkMksF2opOTNv MnuVRglom8HBbfv5f7tRyWp4sDagh6RJcrfMjtUH78jRqaqm9Tpw8YWskDmeAzfxtV7k=; Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1vSzo3-0007hs-Ly; Tue, 09 Dec 2025 15:39:15 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1vSzo3-0007hk-0X for openvpn-devel@lists.sourceforge.net; Tue, 09 Dec 2025 15:39:15 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=RIH5357HYaCzhUARlp3CqVcng/wslVipkql5lQYdNik=; b=cSpdlxPCPojLRDNOzS6oQMCWPe mqZJ8dLaOcVzRd4fcNubOM4eRKcQ2uOkjmNZhaLP9APeNE2jeQfIea2QDlISgrQFKHX+1GGiRNR3n IJY+hzqDMGHmqqe0lJIXh+2MMPCwtDgorrDOKSo/8FvClSGMCVDEBks2viUNM2jEMcn8=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=RIH5357HYaCzhUARlp3CqVcng/wslVipkql5lQYdNik=; b=ePHfrsq7jAhi+uxdiW5hNiIAru nsiQFalCpHESu2LhohDf3L37Qm2QTEjAEY7VNAthLHNSq08lbKUYJga3Ns0YfhEnuHDwHp6rNrNwv D6HJEqPC4Hyi/IdNLICAXGtfnk449uECjD83QqIn4H9I12qZEnu0IWpDsKRv2Cskme0o=; Received: from [193.149.48.134] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1vSzo1-0007E4-V2 for openvpn-devel@lists.sourceforge.net; Tue, 09 Dec 2025 15:39:14 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 5B9Fd2EG016061 for ; Tue, 9 Dec 2025 16:39:02 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 5B9Fd2Tm016046 for openvpn-devel@lists.sourceforge.net; Tue, 9 Dec 2025 16:39:02 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Tue, 9 Dec 2025 16:38:56 +0100 Message-ID: <20251209153901.16027-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.51.2 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Gianmarco De Gregori Recent changes to the event loop revealed that the --fast-io option is now partially broken and may cause "unroutable control packet" issues. As agreed during the last hackathon, this patch turns --fast-io into a no-op and emits a warning when it is used. Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1vSzo1-0007E4-V2 Subject: [Openvpn-devel] [PATCH v4] Deprecate --fast-io option X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1851045716563350198?= X-GMAIL-MSGID: =?utf-8?q?1851045716563350198?= From: Gianmarco De Gregori Recent changes to the event loop revealed that the --fast-io option is now partially broken and may cause "unroutable control packet" issues. As agreed during the last hackathon, this patch turns --fast-io into a no-op and emits a warning when it is used. Change-Id: I2c0a0b55ad56e704d4bd19f1fbc1c30c83fae14c Signed-off-by: Gianmarco De Gregori Acked-by: Frank Lichtenheld Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1425 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1425 This mail reflects revision 4 of this Change. Acked-by according to Gerrit (reflected above): Frank Lichtenheld diff --git a/doc/man-sections/generic-options.rst b/doc/man-sections/generic-options.rst index 882cf28..a9232ce 100644 --- a/doc/man-sections/generic-options.rst +++ b/doc/man-sections/generic-options.rst @@ -211,18 +211,6 @@ ``--show-engines`` standalone option to list the crypto engines which are supported by OpenSSL. ---fast-io - Optimize TUN/TAP/UDP I/O writes by avoiding a call to - poll/epoll/select prior to the write operation. The purpose of such a - call would normally be to block until the device or socket is ready to - accept the write. Such blocking is unnecessary on some platforms which - don't support write blocking on UDP sockets or TUN/TAP devices. In such - cases, one can optimize the event loop by avoiding the poll/epoll/select - call, improving CPU efficiency by 5% to 10%. - - This option can only be used on non-Windows systems, when ``--proto - udp`` is specified, and when ``--shaper`` is *NOT* specified. - --group group Similar to the ``--user`` option, this option changes the group ID of the OpenVPN process to ``group`` after initialization. diff --git a/doc/man-sections/unsupported-options.rst b/doc/man-sections/unsupported-options.rst index e8e76eb..eec75c3 100644 --- a/doc/man-sections/unsupported-options.rst +++ b/doc/man-sections/unsupported-options.rst @@ -9,6 +9,10 @@ Removed in OpenVPN 2.5. This should be replaxed with ``--verify-client-cert none``. +--fast-io + Ignored since OpenVPN 2.7. This option became broken due to changes + to the event loop. + --ifconfig-pool-linear Removed in OpenVPN 2.5. This should be replaced with ``--topology p2p``. @@ -48,4 +52,4 @@ --opt-verify Removed in OpenVPN 2.7. This option does not make sense anymore as option - strings may not match due to the introduction of parameters negotiation. + strings may not match due to the introduction of parameters negotiation. \ No newline at end of file diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 6f1bc0c..eb77a1d 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -2154,13 +2154,12 @@ } /* - * Wait for I/O events. Used for both TCP & UDP sockets - * in point-to-point mode and for UDP sockets in + * Wait for I/O events. Used for UDP sockets in * point-to-multipoint mode. */ void -get_io_flags_dowork_udp(struct context *c, struct multi_io *multi_io, const unsigned int flags) +get_io_flags_udp(struct context *c, struct multi_io *multi_io, const unsigned int flags) { unsigned int out_socket; @@ -2168,33 +2167,12 @@ multi_io->udp_flags = (out_socket << SOCKET_SHIFT); } +/* + * This is the core I/O wait function, used for all I/O waits except + * for the top-level server sockets. + */ void -get_io_flags_udp(struct context *c, struct multi_io *multi_io, const unsigned int flags) -{ - multi_io->udp_flags = ES_ERROR; - if (c->c2.fast_io && (flags & (IOW_TO_TUN | IOW_TO_LINK | IOW_MBUF))) - { - /* fast path -- only for TUN/TAP/UDP writes */ - unsigned int ret = 0; - if (flags & IOW_TO_TUN) - { - ret |= TUN_WRITE; - } - if (flags & (IOW_TO_LINK | IOW_MBUF)) - { - ret |= SOCKET_WRITE; - } - multi_io->udp_flags = ret; - } - else - { - /* slow path - delegate to io_wait_dowork_udp to calculate flags */ - get_io_flags_dowork_udp(c, multi_io, flags); - } -} - -void -io_wait_dowork(struct context *c, const unsigned int flags) +io_wait(struct context *c, const unsigned int flags) { unsigned int out_socket; unsigned int out_tuntap; diff --git a/src/openvpn/forward.h b/src/openvpn/forward.h index 06808b9..7f6f666 100644 --- a/src/openvpn/forward.h +++ b/src/openvpn/forward.h @@ -68,12 +68,9 @@ extern counter_type link_write_bytes_global; -void get_io_flags_dowork_udp(struct context *c, struct multi_io *multi_io, - const unsigned int flags); - void get_io_flags_udp(struct context *c, struct multi_io *multi_io, const unsigned int flags); -void io_wait_dowork(struct context *c, const unsigned int flags); +void io_wait(struct context *c, const unsigned int flags); void pre_select(struct context *c); @@ -382,34 +379,6 @@ return flags; } -/* - * This is the core I/O wait function, used for all I/O waits except - * for the top-level server sockets. - */ -static inline void -io_wait(struct context *c, const unsigned int flags) -{ - if (proto_is_dgram(c->c2.link_sockets[0]->info.proto) && c->c2.fast_io - && (flags & (IOW_TO_TUN | IOW_TO_LINK | IOW_MBUF))) - { - /* fast path -- only for TUN/TAP/UDP writes */ - unsigned int ret = 0; - if (flags & IOW_TO_TUN) - { - ret |= TUN_WRITE; - } - if (flags & (IOW_TO_LINK | IOW_MBUF)) - { - ret |= SOCKET_WRITE; - } - c->c2.event_set_status = ret; - } - else - { - /* slow path */ - io_wait_dowork(c, flags); - } -} static inline bool connection_established(struct context *c) diff --git a/src/openvpn/init.c b/src/openvpn/init.c index fc079e1..cd01520 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -4139,34 +4139,6 @@ } } -/* - * Fast I/O setup. Fast I/O is an optimization which only works - * if all of the following are true: - * - * (1) The platform is not Windows - * (2) --proto udp is enabled - * (3) --shaper is disabled - */ -static void -do_setup_fast_io(struct context *c) -{ - if (c->options.fast_io) - { -#ifdef _WIN32 - msg(M_INFO, "NOTE: --fast-io is disabled since we are running on Windows"); -#else - if (c->options.shaper) - { - msg(M_INFO, "NOTE: --fast-io is disabled since we are using --shaper"); - } - else - { - c->c2.fast_io = true; - } -#endif - } -} - static void do_signal_on_tls_errors(struct context *c) { @@ -4513,12 +4485,6 @@ } #endif - /* should we enable fast I/O? */ - if (c->mode == CM_P2P || c->mode == CM_TOP) - { - do_setup_fast_io(c); - } - /* should we throw a signal on TLS errors? */ do_signal_on_tls_errors(c); diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c index b03e165..bf115e6 100644 --- a/src/openvpn/mudp.c +++ b/src/openvpn/mudp.c @@ -339,9 +339,7 @@ multi_process_io_udp(struct multi_context *m, struct link_socket *sock) { const unsigned int status = m->multi_io->udp_flags; - const unsigned int mpp_flags = m->top.c2.fast_io - ? (MPP_CONDITIONAL_PRE_SELECT | MPP_CLOSE_ON_SIGNAL) - : (MPP_PRE_SELECT | MPP_CLOSE_ON_SIGNAL); + const unsigned int mpp_flags = (MPP_PRE_SELECT | MPP_CLOSE_ON_SIGNAL); /* UDP port ready to accept write */ if (status & SOCKET_WRITE) diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h index a198fcf..3e1ae78 100644 --- a/src/openvpn/openvpn.h +++ b/src/openvpn/openvpn.h @@ -420,9 +420,6 @@ struct env_set *es; bool es_owned; - /* don't wait for TUN/TAP/UDP to be ready to accept write */ - bool fast_io; - /* --ifconfig endpoints to be pushed to client */ bool push_request_received; bool push_ifconfig_defined; diff --git a/src/openvpn/options.c b/src/openvpn/options.c index a3fc19d..7556178 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -285,7 +285,6 @@ #if ENABLE_IP_PKTINFO "--multihome : Configure a multi-homed UDP server.\n" #endif - "--fast-io : Optimize TUN/TAP/UDP writes.\n" "--remap-usr1 s : On SIGUSR1 signals, remap signal (s='SIGHUP' or 'SIGTERM').\n" "--persist-tun : Keep tun/tap device open across SIGUSR1 or --ping-restart.\n" "--persist-remote-ip : Keep remote IP address across SIGUSR1 or --ping-restart.\n" @@ -1795,8 +1794,6 @@ #endif SHOW_INT(sockflags); - SHOW_BOOL(fast_io); - SHOW_INT(comp.alg); SHOW_INT(comp.flags); @@ -6600,7 +6597,7 @@ else if (streq(p[0], "fast-io") && !p[1]) { VERIFY_PERMISSION(OPT_P_GENERAL); - options->fast_io = true; + msg(M_WARN, "DEPRECATED OPTION: --fast-io option ignored."); } else if (streq(p[0], "inactive") && p[1] && !p[3]) { diff --git a/src/openvpn/options.h b/src/openvpn/options.h index 42db9ca..41212fb 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -406,9 +406,6 @@ int status_file_version; int status_file_update_freq; - /* optimize TUN/TAP/UDP writes */ - bool fast_io; - struct compress_options comp; /* buffer sizes */