| Message ID | 7dc953fc5d0953c52e177890fb6563d0ec2211be-HTML@gerrit.openvpn.net |
|---|---|
| State | Superseded |
| Headers | show
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7300:b412:b0:f2:62eb:61c1 with SMTP id
dj18csp1022927dyb;
Sat, 7 Oct 2023 06:27:50 -0700 (PDT)
X-Google-Smtp-Source:
AGHT+IFkr3H74NugLOsK1I1XrjDP2nEG6QTqxEn1geJugCIXFagkScNbJPJrI+WCNwUtAGmt8fD1
X-Received: by 2002:a05:6a20:7f84:b0:15a:4634:e4c with SMTP id
d4-20020a056a207f8400b0015a46340e4cmr10205811pzj.5.1696685270292;
Sat, 07 Oct 2023 06:27:50 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1696685270; cv=none;
d=google.com; s=arc-20160816;
b=R9v1PutXeOBXJLEXweUwAKZxitbgkgZ++xCpphhawA+3ZP0cUVs8izg9hQmCEXoTVJ
8GOeQGtTQ7KoGg6jqewyGSFpnXHR4UuNll3zRAj/jBGzJnLqwy3tHo9MBbe6FbKLmigk
2kBzdA73IkUuPKIhqW3zuS9FUKr5UGMvu1qI6P8OE1Og1jzOMC0wQYUWeXHMW7pQMwk0
8/Iu6SuNPKoKpQiaqqsG5mucexkAJAP65HuavszNrEweWvT84r0JmyJdFMrRHEw8JaFv
cot1AoxUjHdH9vcD4Ka7I9zuMwsWlulhTr2kMYv4YwJfZo5SErCi4MM9kGnOrAGdZL43
i3Rw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=errors-to:cc:reply-to:list-subscribe:list-help:list-post
:list-archive:list-unsubscribe:list-id:precedence:subject:user-agent
:mime-version:message-id:references:auto-submitted:to:date:from
:dkim-signature:dkim-signature:dkim-signature;
bh=NwTtBBQDOGWYbtNEY373a/xQMkhy8g8Xb+DuFLuwJHg=;
fh=lm0MLPW7DntlrDqRECIiC9JlE1uPxhepE0URYHIf+eE=;
b=0IUZO5UTYMfPlPoFzHeGtZC81L4V0f8qTujUWK+tQjvgVsLj947OjS7cy6jTZqPAWf
a1MBZaCHbTLtSwEfxCzFmttdmFrdFIvtPCILLyPOib2tVALdGHcrtoAGgM3CSvLLDrU+
vG0CJpvNJJXyqWayuLo58+69Q0N0Xxwhy+FAVHOxyHT1OP2qb/+GHJtxzTmJ3z8I5hB2
y/qlMvgqVhGakF9Cgci6usiWe7LuxAmgljpgUluHpD5bXThGARrQy1DV94OxNULqW1ts
uAYa13bZo/VMaPgRbfXadLsgibN7Cc51x2Yw3oixLd+mUb4aKjr6AMZ5SrQ6M+iPerbp
3whw==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b=awdaJlzG;
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b=aLX4pGwh;
dkim=neutral (body hash did not verify) header.i=@openvpn.net
header.s=google header.b="D/KA/tDL";
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
by mx.google.com with ESMTPS id
m4-20020a633f04000000b00578a79e8f8bsi5510205pga.551.2023.10.07.06.27.49
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Sat, 07 Oct 2023 06:27:50 -0700 (PDT)
Received-SPF: pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b=awdaJlzG;
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b=aLX4pGwh;
dkim=neutral (body hash did not verify) header.i=@openvpn.net
header.s=google header.b="D/KA/tDL";
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net
Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com)
by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95)
(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
id 1qp7Kc-0005Pd-NC;
Sat, 07 Oct 2023 13:26:59 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
(envelope-from <gerrit@openvpn.net>) id 1qp7Kb-0005PX-FX
for openvpn-devel@lists.sourceforge.net;
Sat, 07 Oct 2023 13:26:58 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version
:Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:
From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From:
Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:
List-Subscribe:List-Post:List-Owner:List-Archive;
bh=esMf0XTYHTNIkQyeJcIVeDcNRThSICQtOk6WEUg5eYY=; b=awdaJlzG+R29uHeW/AW01EWND4
PW7zwAUA8L1LmpjS2h9o2Bd+XLCI3BaRDSoZvdDlR3Saaca7hvXvmVC+eYCCFMBFz8axgKWN7bd9Q
sSYWWjgoZNJGpszkewBZ2xNZPQ0Hhft+8fjBo8m+eqMoyUGP0+ug6cDLuvS8A8DF6tGc=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
;
h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To:
References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID
:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:
Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post:
List-Owner:List-Archive; bh=esMf0XTYHTNIkQyeJcIVeDcNRThSICQtOk6WEUg5eYY=; b=a
LX4pGwhWKENhbsv8rk1/aOUY/VDaKsH1/jZSvRGYnhQyaqeflmrt1ujj71zZOW77KY1UkmMCGrsmp
LIPdM1+BOMrWbC14pZXj/nLl2FdkbOlgeq11Rv6+05WW33RfjziJ0liiRJ6Ot5lGkJgkhiNuJeadN
F3tH2t7HsxrEwlLU=;
Received: from mail-lj1-f169.google.com ([209.85.208.169])
by sfi-mx-2.v28.lw.sourceforge.com with esmtps
(TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95)
id 1qp7KQ-0000aV-EA for openvpn-devel@lists.sourceforge.net;
Sat, 07 Oct 2023 13:26:58 +0000
Received: by mail-lj1-f169.google.com with SMTP id
38308e7fff4ca-2bffc55af02so35799741fa.2
for <openvpn-devel@lists.sourceforge.net>;
Sat, 07 Oct 2023 06:26:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=openvpn.net; s=google; t=1696685199; x=1697289999;
darn=lists.sourceforge.net;
h=user-agent:content-disposition:content-transfer-encoding
:mime-version:message-id:reply-to:references:subject
:list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc
:subject:date:message-id:reply-to;
bh=esMf0XTYHTNIkQyeJcIVeDcNRThSICQtOk6WEUg5eYY=;
b=D/KA/tDLkopBJJaRkigd+9kdV0G3YO8zFk9fKXnAYgq/Nm9Mxl62jQnewybmoAer3L
Sc2wtUZbslrvOui1RakzTt8AIW5TcaQpxVEekaH1vxA+seWflkB/fTnM9aBRNF1B+bLt
CyeuQip9TpJupQRJEZIOGASZEKm81JLsd7ytSbDISRCdnily98HM/L0zBL9teg/xft8Z
EnxNQZqTYk3CdycSgrdNRli8DVudD7UBR7ZbcIP7OWIig6d2rlYltsxx0IRyauQlpOcU
JHEWJeMF3UxYvCffwpGu9gSVGza6hprSMY1rlYEs2s+KR1YJxk1u+3gnEA2e68gTwbyD
f5mA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1696685199; x=1697289999;
h=user-agent:content-disposition:content-transfer-encoding
:mime-version:message-id:reply-to:references:subject
:list-unsubscribe:list-id:auto-submitted:cc:to:date:from
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=esMf0XTYHTNIkQyeJcIVeDcNRThSICQtOk6WEUg5eYY=;
b=MrKr4AIOUob3xgjRhbU5IJEtegrafr73YqMfxZ26ZxDxsmLHxgAyYcnwGXRh8eNaj1
Fo/rM6gksZMZtEEgSSF5MvP1YLYO+y9cL4g0fsxIdk5xNGiuIe8UE4iEU1NdItPqVHJz
jWP+JqdByGxh9swOVum+3o0hy5E2lnqoYs0H/kALtcU/TlpmDq93h/QoWUy3DdaBZbkT
cp2Y+EWGndivlC8FholT5cObpDRFVqFeDad9Y5A81udmGLiF8rDGGIJXK8JMpf+jNjPN
f5jL4zJM98i47N38jqMyGdPT/Q6uKvvivo26ICRdH8mpwmsn0EaMo44SGMGo76AosDdo
iMig==
X-Gm-Message-State: AOJu0YzFzi6mWZoCFkPeNWWaEwN7VyxCf3sDXeI7wJckDclUFCZdfNnd
s2FjIabi0Uk1Gfdb/aAcrgPXdwCkKsVgha8pKK0=
X-Received: by 2002:a05:6512:32d1:b0:500:c292:e44e with SMTP id
f17-20020a05651232d100b00500c292e44emr10456080lfg.54.1696685199442;
Sat, 07 Oct 2023 06:26:39 -0700 (PDT)
Received: from gerrit.openvpn.in
(ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78])
by smtp.gmail.com with ESMTPSA id
y11-20020a05600c364b00b004063977eccesm8472132wmq.42.2023.10.07.06.26.38
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sat, 07 Oct 2023 06:26:38 -0700 (PDT)
From: "stipa (Code Review)" <gerrit@openvpn.net>
X-Google-Original-From: "stipa (Code Review)" <gerrit@gerrit.openvpn.in>
X-Gerrit-PatchSet: 1
Date: Sat, 7 Oct 2023 13:26:38 +0000
To: flichtenheld <frank@lichtenheld.com>
Auto-Submitted: auto-generated
X-Gerrit-MessageType: newchange
X-Gerrit-Change-Id: I8cb2cb083e3cdadf187b7874979d79af3974e759
X-Gerrit-Change-Number: 368
X-Gerrit-Project: openvpn
X-Gerrit-ChangeURL: <http://gerrit.openvpn.net/c/openvpn/+/368?usp=email>
X-Gerrit-Commit: d8d2d6bdd34610b7ef8e3d5e9fabb5eed6da83e0
References:
<gerrit.1696685196000.I8cb2cb083e3cdadf187b7874979d79af3974e759@gerrit.openvpn.net>
Message-ID: <7dc953fc5d0953c52e177890fb6563d0ec2211be-HTML@gerrit.openvpn.net>
MIME-Version: 1.0
User-Agent: Gerrit/3.8.2
X-Spam-Score: -0.6 (/)
X-Spam-Report: Spam detection software,
running on the system "util-spamd-1.v13.lw.sourceforge.com",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Attention is currently required from: flichtenheld. Hello
flichtenheld, I'd like you to do a code review. Please visit
Content analysis details: (-0.6 points, 6.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
no trust [209.85.208.169 listed in list.dnswl.org]
-0.4 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.208.169 listed in wl.mailspike.net]
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily
valid
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted
Colors in HTML
X-Headers-End: 1qp7KQ-0000aV-EA
Subject: [Openvpn-devel] [S] Change in openvpn[release/2.6]: dco: warn if
DATA_V1 packets are sent to userspace
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive:
<http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Reply-To: lstipakov@gmail.com, openvpn-devel@lists.sourceforge.net,
frank@lichtenheld.com
Cc: openvpn-devel <openvpn-devel@lists.sourceforge.net>
Content-Type: multipart/mixed; boundary="===============6060162794640313839=="
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1779103454040992689?=
X-GMAIL-MSGID: =?utf-8?q?1779103454040992689?=
X-getmail-filter-classifier: gerrit message type newchange
|
| Series |
[Openvpn-devel,S] Change in openvpn[release/2.6]: dco: warn if DATA_V1 packets are sent to userspace
|
expand
|
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index d8ad0d1..66843b4 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -1058,8 +1058,16 @@ * and return false. */ uint8_t opcode = *BPTR(&c->c2.buf) >> P_OPCODE_SHIFT; - if (tls_pre_decrypt(c->c2.tls_multi, &c->c2.from, &c->c2.buf, &co, - floated, &ad_start)) + + if ((opcode == P_DATA_V1) && dco_enabled(&c->options)) + { + msg(D_LINK_ERRORS, + "Data Channel Offload doesn't support DATA_V1 packets. " + "Upgrade your server to 2.4.5 or newer."); + c->c2.buf.len = 0; + } + else if (tls_pre_decrypt(c->c2.tls_multi, &c->c2.from, &c->c2.buf, + &co, floated, &ad_start)) { /* Restore pre-NCP frame parameters */ if (is_hard_reset_method2(opcode))
Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/368?usp=email to review the following change. Change subject: dco: warn if DATA_V1 packets are sent to userspace ...................................................................... dco: warn if DATA_V1 packets are sent to userspace Servers 2.4.0 - 2.4.4 support peer-id and AEAD ciphers, but only send DATA_V1 packets. With DCO enabled on the client, connection is established but not working. This is because DCO driver(s) are unable to handle DATA_V1 packets and forwards them to userspace, where they silently disappear since crypto context is in DCO and not in userspace. Starting from 2.4.5 server sends DATA_V2 so problem doesn't happen. We cannot switch to non-DCO on the fly, so we log this and advice user to upgrade the server to 2.4.5 or newer. This fixes https://github.com/OpenVPN/openvpn/issues/422 Change-Id: I8cb2cb083e3cdadf187b7874979d79af3974e759 Signed-off-by: Lev Stipakov <lev@openvpn.net> --- M src/openvpn/forward.c 1 file changed, 10 insertions(+), 2 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/68/368/1