From patchwork Sun Jun 28 15:02:30 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 5039 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7001:a48a:b0:861:c897:cb9d with SMTP id vp10csp3128555mab; Sun, 28 Jun 2026 08:02:55 -0700 (PDT) X-Forwarded-Encrypted: i=2; AFNElJ+SNSOgeC5AUivi8qc9GDtDVnJvDbd+N3ueKgcmEoxnHplhVU9HjxEQV+Hal2Y6ieiCB9v4Mx7TlYs=@openvpn.net X-Received: by 2002:a05:6820:1518:b0:69d:fcff:a3b6 with SMTP id 006d021491bc7-6a14fd226e6mr4932741eaf.9.1782658974902; Sun, 28 Jun 2026 08:02:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1782658974; cv=none; d=google.com; s=arc-20260327; b=CFEzi8pLhxewINiv8xFZlckOI4CJOJCjKcOWkeapFDc4UVcZCXTnM5ISXf6s0tTDc8 updU2Duxld0Ms955m6e8xlCS6yDpyKowe0WDg1nq9ZdkqyXaOz9KUs4djYUl+KFcV+J0 EyvJLN0Xf4AXuaI3Hc2Rp59Y8fSySWvI4Zsg7X3HdG4vdB248c9ubmne0u18vKIZ1XbT 5bkPhGRq+bDkJ7/VwHLdJl9EtBrByKv13gCEV7hLpFm3CAVkCcgwQNBb7UjI8UqN39Xq bM8YpxJZsHqV7dpmap/5lE2L+AJOWNL55bf8of0SStgQXQ1dfk3CGbdp3QrzIzygBdOo z/BA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=x7zw7wcLE9oHiEcJ9NzaoSRdvRVSBXRcSauduzUI0kM=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=krKcX9N050nWGSXgREl1UbTJ3RIkohwkWZCGwiIgcEO4ZHxnFjxMq46SFdCuua3AFE /EQsHCkTIQ68ssScCaTLclGaUvuoi57I24N/xddtemfIAtAQUgDptEsXDTbXYtEbBkQR Ki/MvjcXA5CpF1l20Aawo8dNQfgAFyTosOg90OlDMsiplM2yA1Yo4rYsJapeVFtsXBPc WgUU0l4kkzDOcYm+ShV2HVQmhXL9F8dOT+ZGOCrL90iRPhKLw4YKyb3T0bIwueziH6h4 RrEEui2n8SBPBo7e0DZG4xubXtJE+3kWmW4WNqFMG2B0MiwJkik9d40bMfRZ9jMQNKKP DBHw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=PMJW1FgM; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=Jlwsi28O; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=c0XVstK5; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 006d021491bc7-6a1410455e7si5222339eaf.0.2026.06.28.08.02.54 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 28 Jun 2026 08:02:54 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=PMJW1FgM; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=Jlwsi28O; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=c0XVstK5; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=x7zw7wcLE9oHiEcJ9NzaoSRdvRVSBXRcSauduzUI0kM=; b=PMJW1FgMn6xqY8h4ZKEyOhPtl3 x9JqygxrZK/0aau7wOkeFOeAuUUidm93qDbI47kVp01kFjGtA8vZ3It8TXhds0wuPDzrrJBl5fu2s yzHC1Q4ZvpR6oCdTT4Ftz75Btq98LSWWFOvf8OtP4HYIv4z5FK9n3Pgh/1YfMLKQJ0EM=; Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1wdr22-0007c7-M7; Sun, 28 Jun 2026 15:02:50 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1wdr21-0007c0-OY for openvpn-devel@lists.sourceforge.net; Sun, 28 Jun 2026 15:02:49 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=25tpo7obs8LyC5hAQpsBe5y8uXSCXHOaBfDuQA7Mom0=; b=Jlwsi28O8WVi4tRZSG3aReW0/g HRUSX/lKeTnaLdqsTAb3DGj7t97/4i6FykXD0xxA4hzlUTWHmmpFhbtFQrub4eB0+Ig/vTDeAvOwK jNoZ2Ao9IeuSGRr8qEJpSTWn94cowLCCNXTcoWjk2UyJnYu9rve+Y196oQONAmoSLVbU=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=25tpo7obs8LyC5hAQpsBe5y8uXSCXHOaBfDuQA7Mom0=; b=c0XVstK5Y+n8c4cPe7w/KpTT4j 74V8lbHUza3g1D7lOqhBdEvyezsTjkxqcaIQdrVLVrIj7SSbjtWE86JTBLes4U03XQ3YiRYO8jDRn cc/us3YMwYJ1/LkMU7Mxn4EaS33wlcUaRL9tlKY3sacedHrTAb40pyo6Go8Zhdg4UAEU=; Received: from [193.149.48.129] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1wdr1z-0006ru-DS for openvpn-devel@lists.sourceforge.net; Sun, 28 Jun 2026 15:02:49 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 65SF2ahe013145 for ; Sun, 28 Jun 2026 17:02:36 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.2/8.18.1/Submit) id 65SF2ZWS013144 for openvpn-devel@lists.sourceforge.net; Sun, 28 Jun 2026 17:02:35 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Sun, 28 Jun 2026 17:02:30 +0200 Message-ID: <20260628150235.13113-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.53.0 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Arne Schwabe This also move the gc area acquire release to the small parts where they are actually used. Change-Id: I401aab94993b62bf18e66561532085f99e62f745 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld Gerrit URL: https://gerrit.openvpn.net/c/openvpn [...] Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1wdr1z-0006ru-DS Subject: [Openvpn-devel] [PATCH v3] Remove an indention layer from multi_process_incoming_link X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: 1869253417523944835 X-GMAIL-MSGID: 1869253417523944835 From: Arne Schwabe This also move the gc area acquire release to the small parts where they are actually used. Change-Id: I401aab94993b62bf18e66561532085f99e62f745 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1721 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1721 This mail reflects revision 3 of this Change. Acked-by according to Gerrit (reflected above): Frank Lichtenheld diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index b4dc13d..f19433b 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -3311,8 +3311,6 @@ multi_process_incoming_link(struct multi_context *m, struct multi_instance *instance, const unsigned int mpp_flags, struct link_socket *sock) { - struct gc_arena gc = gc_new(); - struct context *c; struct mroute_addr src, dest; unsigned int mroute_flags; @@ -3337,167 +3335,171 @@ multi_set_pending(m, instance); } - if (m->pending) + if (!m->pending) { - set_prefix(m->pending); + return true; + } + set_prefix(m->pending); - /* get instance context */ - c = &m->pending->context; + /* get instance context */ + c = &m->pending->context; - if (!instance) + if (!instance) + { + /* transfer packet pointer from top-level context buffer to instance */ + c->c2.buf = m->top.c2.buf; + + /* transfer from-addr from top-level context buffer to instance */ + if (!floated) { - /* transfer packet pointer from top-level context buffer to instance */ - c->c2.buf = m->top.c2.buf; + c->c2.from = m->top.c2.from; + } + } - /* transfer from-addr from top-level context buffer to instance */ - if (!floated) + if (BLEN(&c->c2.buf) > 0) + { + struct link_socket_info *lsi; + const uint8_t *orig_buf; + + /* decrypt in instance context */ + + lsi = &sock->info; + orig_buf = c->c2.buf.data; + if (process_incoming_link_part1(c, lsi, floated)) + { + /* nonzero length means that we have a valid, decrypted packed */ + if (floated && c->c2.buf.len > 0) { - c->c2.from = m->top.c2.from; + multi_process_float(m, m->pending, sock); } + + process_incoming_link_part2(c, lsi, orig_buf); } - if (BLEN(&c->c2.buf) > 0) + if (TUNNEL_TYPE(m->top.c1.tuntap) == DEV_TYPE_TUN) { - struct link_socket_info *lsi; - const uint8_t *orig_buf; + /* extract packet source and dest addresses */ + mroute_flags = + mroute_extract_addr_from_packet(&src, &dest, 0, &c->c2.to_tun, DEV_TYPE_TUN); - /* decrypt in instance context */ - - lsi = &sock->info; - orig_buf = c->c2.buf.data; - if (process_incoming_link_part1(c, lsi, floated)) + /* drop packet if extract failed */ + if (!(mroute_flags & MROUTE_EXTRACT_SUCCEEDED)) { - /* nonzero length means that we have a valid, decrypted packed */ - if (floated && c->c2.buf.len > 0) - { - multi_process_float(m, m->pending, sock); - } - - process_incoming_link_part2(c, lsi, orig_buf); + c->c2.to_tun.len = 0; } - - if (TUNNEL_TYPE(m->top.c1.tuntap) == DEV_TYPE_TUN) + /* make sure that source address is associated with this client */ + else if (multi_get_instance_by_virtual_addr(m, &src, true) != m->pending) { - /* extract packet source and dest addresses */ - mroute_flags = - mroute_extract_addr_from_packet(&src, &dest, 0, &c->c2.to_tun, DEV_TYPE_TUN); - - /* drop packet if extract failed */ - if (!(mroute_flags & MROUTE_EXTRACT_SUCCEEDED)) + /* IPv6 link-local address (fe80::xxx)? */ + if ((src.type & MR_ADDR_MASK) == MR_ADDR_IPV6 + && IN6_IS_ADDR_LINKLOCAL(&src.v6.addr)) { - c->c2.to_tun.len = 0; + /* do nothing, for now. TODO: add address learning */ } - /* make sure that source address is associated with this client */ - else if (multi_get_instance_by_virtual_addr(m, &src, true) != m->pending) + else { - /* IPv6 link-local address (fe80::xxx)? */ - if ((src.type & MR_ADDR_MASK) == MR_ADDR_IPV6 - && IN6_IS_ADDR_LINKLOCAL(&src.v6.addr)) - { - /* do nothing, for now. TODO: add address learning */ - } - else - { - msg(D_MULTI_DROPPED, - "MULTI: bad source address from client [%s], packet dropped", - mroute_addr_print(&src, &gc)); - } - c->c2.to_tun.len = 0; + struct gc_arena gc = gc_new(); + msg(D_MULTI_DROPPED, + "MULTI: bad source address from client [%s], packet dropped", + mroute_addr_print(&src, &gc)); + gc_free(&gc); } - /* client-to-client communication enabled? */ - else if (m->enable_c2c) + c->c2.to_tun.len = 0; + } + /* client-to-client communication enabled? */ + else if (m->enable_c2c) + { + /* multicast? */ + if (mroute_flags & MROUTE_EXTRACT_MCAST) { - /* multicast? */ - if (mroute_flags & MROUTE_EXTRACT_MCAST) - { - /* for now, treat multicast as broadcast */ - multi_bcast(m, &c->c2.to_tun, m->pending, 0); - } - else /* possible client to client routing */ - { - ASSERT(!(mroute_flags & MROUTE_EXTRACT_BCAST)); - mi = multi_get_instance_by_virtual_addr(m, &dest, true); + /* for now, treat multicast as broadcast */ + multi_bcast(m, &c->c2.to_tun, m->pending, 0); + } + else /* possible client to client routing */ + { + ASSERT(!(mroute_flags & MROUTE_EXTRACT_BCAST)); + mi = multi_get_instance_by_virtual_addr(m, &dest, true); - /* if dest addr is a known client, route to it */ - if (mi) + /* if dest addr is a known client, route to it */ + if (mi) + { { + multi_unicast(m, &c->c2.to_tun, mi); + register_activity(c, BLEN(&c->c2.to_tun)); + } + c->c2.to_tun.len = 0; + } + } + } + } + else if (TUNNEL_TYPE(m->top.c1.tuntap) == DEV_TYPE_TAP) + { + uint16_t vid = 0; + + if (m->top.options.vlan_tagging) + { + if (vlan_is_tagged(&c->c2.to_tun)) + { + /* Drop VLAN-tagged frame. */ + msg(D_VLAN_DEBUG, "dropping incoming VLAN-tagged frame"); + c->c2.to_tun.len = 0; + } + else + { + vid = c->options.vlan_pvid; + } + } + /* extract packet source and dest addresses */ + mroute_flags = + mroute_extract_addr_from_packet(&src, &dest, vid, &c->c2.to_tun, DEV_TYPE_TAP); + + if (mroute_flags & MROUTE_EXTRACT_SUCCEEDED) + { + if (multi_learn_addr(m, m->pending, &src, 0) == m->pending) + { + /* check for broadcast */ + if (m->enable_c2c) + { + if (mroute_flags & (MROUTE_EXTRACT_BCAST | MROUTE_EXTRACT_MCAST)) + { + multi_bcast(m, &c->c2.to_tun, m->pending, vid); + } + else /* try client-to-client routing */ + { + mi = multi_get_instance_by_virtual_addr(m, &dest, false); + + /* if dest addr is a known client, route to it */ + if (mi) { multi_unicast(m, &c->c2.to_tun, mi); register_activity(c, BLEN(&c->c2.to_tun)); - } - c->c2.to_tun.len = 0; - } - } - } - } - else if (TUNNEL_TYPE(m->top.c1.tuntap) == DEV_TYPE_TAP) - { - uint16_t vid = 0; - - if (m->top.options.vlan_tagging) - { - if (vlan_is_tagged(&c->c2.to_tun)) - { - /* Drop VLAN-tagged frame. */ - msg(D_VLAN_DEBUG, "dropping incoming VLAN-tagged frame"); - c->c2.to_tun.len = 0; - } - else - { - vid = c->options.vlan_pvid; - } - } - /* extract packet source and dest addresses */ - mroute_flags = - mroute_extract_addr_from_packet(&src, &dest, vid, &c->c2.to_tun, DEV_TYPE_TAP); - - if (mroute_flags & MROUTE_EXTRACT_SUCCEEDED) - { - if (multi_learn_addr(m, m->pending, &src, 0) == m->pending) - { - /* check for broadcast */ - if (m->enable_c2c) - { - if (mroute_flags & (MROUTE_EXTRACT_BCAST | MROUTE_EXTRACT_MCAST)) - { - multi_bcast(m, &c->c2.to_tun, m->pending, vid); - } - else /* try client-to-client routing */ - { - mi = multi_get_instance_by_virtual_addr(m, &dest, false); - - /* if dest addr is a known client, route to it */ - if (mi) - { - multi_unicast(m, &c->c2.to_tun, mi); - register_activity(c, BLEN(&c->c2.to_tun)); - c->c2.to_tun.len = 0; - } + c->c2.to_tun.len = 0; } } } - else - { - msg(D_MULTI_DROPPED, - "MULTI: bad source address from client [%s], packet dropped", - mroute_addr_print(&src, &gc)); - c->c2.to_tun.len = 0; - } } else { + struct gc_arena gc = gc_new(); + msg(D_MULTI_DROPPED, + "MULTI: bad source address from client [%s], packet dropped", + mroute_addr_print(&src, &gc)); c->c2.to_tun.len = 0; + gc_free(&gc); } } + else + { + c->c2.to_tun.len = 0; + } } - - /* postprocess and set wakeup */ - ret = multi_process_post(m, m->pending, mpp_flags); - - clear_prefix(); } - gc_free(&gc); + /* postprocess and set wakeup */ + ret = multi_process_post(m, m->pending, mpp_flags); + + clear_prefix(); + return ret; } @@ -3539,7 +3541,6 @@ * Route an incoming tun/tap packet to * the appropriate multi_instance object. */ - mroute_flags = mroute_extract_addr_from_packet(&src, &dest, vid, &m->top.c2.buf, dev_type); if (mroute_flags & MROUTE_EXTRACT_SUCCEEDED)