| Message ID | 20260114102052.940-1-gert@greenie.muc.de |
|---|---|
| State | New |
| Headers | show
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7000:9186:b0:80a:3855:ce6a with SMTP id j6csp123656maf;
Wed, 14 Jan 2026 02:21:13 -0800 (PST)
X-Forwarded-Encrypted: i=2;
AJvYcCWNUyrAjDAb5DoivMj5rW+Z1VzXNeDF9WaVHsNmwx3YJ4iuyZLpeTk9Qf+cOZGTrc+mYgaKSU3mfhU=@openvpn.net
X-Received: by 2002:a05:6830:2b0e:b0:7c7:6850:81a2 with SMTP id
46e09a7af769-7cfc8b29f6cmr1827606a34.24.1768386072800;
Wed, 14 Jan 2026 02:21:12 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1768386072; cv=none;
d=google.com; s=arc-20240605;
b=iw3JXeJsUpY9lEA95FNxBuaKqFq6F76VEsrSsEGjgRsWi+ysGxQ2u5/0gDcVoFlOUZ
61kxwXw0Qk8+r5hwopT0FaIGRE+4aA8QGNfEwETtPXgm60n9rB/0YVxI4MD5nyQ9dJAv
vjZqbqLPaDnMQM3Wrg3MxQ7/PLBIchQekgQJoarOSzNkpvFLhRCqDXklU/wmoW0tGtiJ
Ef4HS0FO+GP5hYdtnabe7/nD3RgcN3jU8bjvUmqEkoGbo9BnoZH8ct3iuH/Jn6VCqQtN
0up06Q95c86DfpQ9zfYv3LVcZJL9Ko4l3347H0lTmIWHFDtptOtlGw1gyk1u7sYLpsvY
fCAA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20240605;
h=errors-to:content-transfer-encoding:list-subscribe:list-help
:list-post:list-archive:list-unsubscribe:list-id:precedence:subject
:mime-version:references:in-reply-to:message-id:date:to:from
:dkim-signature:dkim-signature:dkim-signature;
bh=qoultI5IUSZzYM+MdLe0SSKB8Ahd3vss/G1wHqcvQRA=;
fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=;
b=bqRd7w4f09GjIxs2q8yuOcQcsCDmIy1m7/V25nXc/bt4/NdVXan0wBssOyT6yh9Oxa
7eqGAURwzSmYjM/q925c2+TSNvG1tuVeyiMbYN2PZv4f+PEUI5tcqIp4/r3poh6Zua9D
WfoS0R4ztnl8U0pYFA4LBEIALGmCMHVqrJRui/G7ZjEog/vm1Wa41/9mE9maA1L0+hKP
nipwzBDplTeY0OWt8AwZe3jAD6hoDSqxD9eaQEKx+xaXmt4C+WpQODtkiciwIYrNX1gg
vu4P/HvlovylPuCJAyV2TaDuGx6YlcKsMWndVnZiduZtoyOTcBCsseMoZtBSWkZYfnTN
jLnA==;
dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@lists.sourceforge.net header.s=beta
header.b=fKsRoWH1;
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b=GfT3sXiE;
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b=da0BdXcQ;
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
by mx.google.com with ESMTPS id
46e09a7af769-7ce478b5086si14535596a34.108.2026.01.14.02.21.12
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Wed, 14 Jan 2026 02:21:12 -0800 (PST)
Received-SPF: pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
dkim=pass header.i=@lists.sourceforge.net header.s=beta
header.b=fKsRoWH1;
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b=GfT3sXiE;
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b=da0BdXcQ;
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:
List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:
Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender:
Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:
Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
bh=qoultI5IUSZzYM+MdLe0SSKB8Ahd3vss/G1wHqcvQRA=; b=fKsRoWH17Aggkm9e4i2Y0CxdnH
YE03w56ONDOh+45/rfhdXkOWUrkLytOY2YoxnmENWX+FCGaAoEPF7vpl/OZKd5krAolmUE16vBRU7
vlRWUnJmREPSyD0QHnWrwQNlPGBNTXykKiFkGZEQLSlBbcAOkBlA6ah2UnJPpP56CTS8=;
Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com)
by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95)
(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
id 1vfxzw-0003Fl-Em;
Wed, 14 Jan 2026 10:21:08 +0000
Received: from [172.30.29.66] (helo=mx.sourceforge.net)
by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
(envelope-from <gert@blue4.greenie.muc.de>) id 1vfxzu-0003Fe-PV
for openvpn-devel@lists.sourceforge.net;
Wed, 14 Jan 2026 10:21:06 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References:
In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:
Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
List-Subscribe:List-Post:List-Owner:List-Archive;
bh=LbCz8Bn2LEpNciIB5IRRlu5u5Ci8LlE9ZzccZLwC2TE=; b=GfT3sXiEPDLWboTyFGjJWq8+FR
YUEG7/MpeIuc+Y+1DLeoHbtOtR9M7ensmpePjuNYPbEru4/kSa9U3f0NJZZuHZJFGPEgaqgblMQSA
W1CV9OXpTsWWX6krcKp8y2TG6G41yuz5k8JOVreySv3MeM4eZpER96F+4YzD2C5G0UVw=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
;
h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:
Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID:
Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
List-Post:List-Owner:List-Archive;
bh=LbCz8Bn2LEpNciIB5IRRlu5u5Ci8LlE9ZzccZLwC2TE=; b=da0BdXcQbMHbnGdwh0dhpwaG6K
kf1egn909EZDR8N9R6AGajDNS0QPPeSplBv+ClPukwn4gtYjRGsLD+lVwZl9iSezso/UYxdz4HQUN
w8o0/YOs+F7h4LFCMNCSfJx+wMyJqxiwfF5s+v58Gof6mHeL4mdkeAZNKrUZuZXM+HFQ=;
Received: from [193.149.48.134] (helo=blue.greenie.muc.de)
by sfi-mx-2.v28.lw.sourceforge.com with esmtps
(TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95)
id 1vfxzt-0004rc-93 for openvpn-devel@lists.sourceforge.net;
Wed, 14 Jan 2026 10:21:06 +0000
Received: from blue.greenie.muc.de (localhost [127.0.0.1])
by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 60EAKrc7000990
for <openvpn-devel@lists.sourceforge.net>; Wed, 14 Jan 2026 11:20:53 +0100
Received: (from gert@localhost)
by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 60EAKrUq000989
for openvpn-devel@lists.sourceforge.net; Wed, 14 Jan 2026 11:20:53 +0100
From: Gert Doering <gert@greenie.muc.de>
To: openvpn-devel@lists.sourceforge.net
Date: Wed, 14 Jan 2026 11:20:45 +0100
Message-ID: <20260114102052.940-1-gert@greenie.muc.de>
X-Mailer: git-send-email 2.51.2
In-Reply-To:
<gerrit.1768377240000.Idbd0a47ba4d297a833a350611a23f19fd9a797b5@gerrit.openvpn.net>
References:
<gerrit.1768377240000.Idbd0a47ba4d297a833a350611a23f19fd9a797b5@gerrit.openvpn.net>
MIME-Version: 1.0
X-Spam-Score: 1.3 (+)
X-Spam-Report: Spam detection software,
running on the system "sfi-spamd-1.hosts.colo.sdot.me",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: When --persist-tun is active, openvpn userland on Linux and
FreeBSD fails to re-enable "poll for DCO events" after a reconnect (e.g.
triggered by a ping timeout). The reconnect will still work fine, b [...]
Content analysis details: (1.3 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
X-Headers-End: 1vfxzt-0004rc-93
Subject: [Openvpn-devel] [PATCH v2] Repair interaction between DCO and
persist-tun after reconnection
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive:
<http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1854287194801786674?=
X-GMAIL-MSGID: =?utf-8?q?1854287194801786674?=
|
| Series |
[Openvpn-devel,v2] Repair interaction between DCO and persist-tun after reconnection
|
expand
|
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index d208c21..39ac3b3 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -2197,7 +2197,7 @@ multi_io_process_flags(c, c->c2.event_set, flags, &out_socket, &out_tuntap); #if defined(TARGET_LINUX) || defined(TARGET_FREEBSD) - if (out_socket & EVENT_READ && c->c2.did_open_tun) + if (c->c1.tuntap) { dco_event_set(&c->c1.tuntap->dco, c->c2.event_set, (void *)dco_shift); }
When --persist-tun is active, openvpn userland on Linux and FreeBSD fails to re-enable "poll for DCO events" after a reconnect (e.g. triggered by a ping timeout). The reconnect will still work fine, but the *next* DCO event notification from the kernel will not be received by OpenVPN userland, and so the system will get into an inconsistent state (Userland assumes "all is well", kernel DCO has disconnected the peer, connection is broken until the next tls-renegotion and/or manual restart, *and* the next DCO key setup might fail due to "peer id gone"). This only affects client side, --server tun is always "persistent", and there is no "full restart" (and the code path in question is also only used for client and p2p server). The root cause is an incorrect check for "is this interface up?" when calling dco_event_set() in forard.c::io_wait() - "c2.did_open_tun" is only true if the tun interface was actually configured on this reconnect, which it isn't if --persist-tun is active. Replace with a check for "do we have a tuntap structure, and if yes, do we have active DCO?" which reflects the original intent much better. The original code also had a check for "out_socket & EVENT_READ" there, which did to some extend avoid calling dco_event_set() for every single UDP packet sent and received by userland - but this only worked on initial connection, and is always true on reconnect, so this condition was removed for simplicity. We should come back here... v2: - some language fixes on the commit message - do not check ->dco.open in forward.c, as this is not available if not on FreeBSD, or if compiled with --disable-dco. FreeBSD DCO does the "if (!dco || !dco->open)" check in dco_event_set() anyway, so it's not needed, and Linux DCO has "dco->nl_sock", which is also reliably set/unset, and checked by dco_event_set() already. Github: OpenVPN/openvpn#947 Change-Id: Idbd0a47ba4d297a833a350611a23f19fd9a797b5 Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Antonio Quartulli <antonio@mandelbit.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1473 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1473 This mail reflects revision 2 of this Change. Signed-off-by line for the author was added as per our policy. Acked-by according to Gerrit (reflected above): Antonio Quartulli <antonio@mandelbit.com>