From patchwork Mon Dec 5 16:41:00 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kristof Provost X-Patchwork-Id: 2886 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:622a:418d:b0:3a5:7962:c21f with SMTP id cd13csp1984087qtb; Mon, 5 Dec 2022 09:44:23 -0800 (PST) X-Google-Smtp-Source: AA0mqf7JygOXLur/86qjOMBMyrVad9KznpQSdNWvXDAEkRp7mNeEYtEwiFa05AAoU6cOuBBjC7MD X-Received: by 2002:a17:903:186:b0:189:e149:a1ae with SMTP id z6-20020a170903018600b00189e149a1aemr2824018plg.72.1670262262797; Mon, 05 Dec 2022 09:44:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1670262262; cv=none; d=google.com; s=arc-20160816; b=ByuxBOd2OtIa1FMto+9GwmmzqITpgiOqdGf3ZbjfKoVr9w8EaaNRQWBQJFs8wSlyya vyoT8c2UQew5hlKAJqmghkqRtfsv3mYqTDx3V+Ncr3VGBLXwGL+PXRWBy7KMwnTI3wzY zWm0ANKiVKyiJCsbGn/rREQKf6kveCtNoFmyvcb7WvKdpE96m1IzSSHCgi98Nu3yvVuX JkK/4QtL1wwjUH6mwY6AwRfigeZ6allsodakHP3CCx0GwhYM51TpkO12GxIGp4Lis2rd fR24N35TTmpuDo93x/tRJLKYVRkJJDr0+CBYgTHy2r0dgGKJFBYeqRwtiSxmt9iWNbwv VVtQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:reply-to:from:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:references:in-reply-to:message-id :date:to:dkim-signature:dkim-signature:dkim-signature; bh=+ozOHnh2JxZvLLdI/xas/f/2uxTgZ2gRMdO1pQt7ea8=; b=QcX9iyUVD8tNpfe98Q8jCog+CkydoW7YFYRrwoHxetPJIulAInSa9AqBaMEBUmN9iR 708kSluVE1GCrUyktR516uZlWVcWdxqyuKzxDe/0NIfeshoiDv8lf6mprutkNPnsz6eR z7QpPKXNnxQSe43f0fmo3cqY+BvlEJZyzmcLJOflK9fvD/1j0VEnN22p08Hpa9vsSD3L bXf9dMippWkE9GMhW16hVrxBXL6atC29X8QiFXVxRu6+TmVYTdmkPT5Ua1sWr949Ki8+ PBegHFYXkwMHwvnh9eTWqeSClb4cIvNfB83XN2PoXgy6mPHcdlj2rZ3jwQdCaYcikIz9 zipA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=OEvF4QaH; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=gFudvMVZ; dkim=neutral (body hash did not verify) header.i=@netgate.com header.s=google header.b=Yxi+m1oV; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id p39-20020a056a000a2700b0056cb4662b9csi16273720pfh.16.2022.12.05.09.44.22 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 05 Dec 2022 09:44:22 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=OEvF4QaH; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=gFudvMVZ; dkim=neutral (body hash did not verify) header.i=@netgate.com header.s=google header.b=Yxi+m1oV; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1p2FUy-0001I2-7n; Mon, 05 Dec 2022 17:43:24 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1p2FUw-0001Hw-ON for openvpn-devel@lists.sourceforge.net; Mon, 05 Dec 2022 17:43:22 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=z0BSUrxRbYU1z9GrIWvD2IC2EGzqURpyG6MLJ0cUo+Q=; b=OEvF4QaHmNAMUVI52FQ4Ogw5OW 3ktH9IAK0Quk5u/AjPEDUmJYr4RfgJcY16+GxQBfpFz/skWn5PLtdlLdZ1Cv4PWsMv8dYIHYBcXj/ DM9GF7/qBJNFE94jkHF5tb/us1d3ZRbO44RBgM/zFpCD6zk2K3choNRK2zi1RP3hrfik=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=z0BSUrxRbYU1z9GrIWvD2IC2EGzqURpyG6MLJ0cUo+Q=; b=gFudvMVZiyKt3mN+tPvbtQQz3P B5f3VysRy0wcB8tDJLTQigOVzNWaIsYaoOR5vTWMCJG/VvWA865YPoQS7X/cM/AlxvQkYKyNAD/Qi DHs5+tdfYG+YqWcfelP1oj6vZeVTDOL40gVkOf/E/EF5nPnwQmytWQrrwjl9fAUDPfuo=; Received: from mail-ej1-f43.google.com ([209.85.218.43]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1p2FUu-0004Iu-3c for openvpn-devel@lists.sourceforge.net; Mon, 05 Dec 2022 17:43:22 +0000 Received: by mail-ej1-f43.google.com with SMTP id fc4so236753ejc.12 for ; Mon, 05 Dec 2022 09:43:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netgate.com; s=google; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=z0BSUrxRbYU1z9GrIWvD2IC2EGzqURpyG6MLJ0cUo+Q=; b=Yxi+m1oVClIwyCLjAOk2W/0Ja9pamAEN4vMUu8D5hNl0UVRKiKklfVhlATEByiUpfw OTwuqIpCXwtAjgYQ60cADpp85UINhRUBxIyYteukKUQZ+IRCpzk0Qo3Jbg4Hjdes3LUq j5v7VDUVHbhrMLdlWjNXrgJErvtZrwsQw+C4U= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=z0BSUrxRbYU1z9GrIWvD2IC2EGzqURpyG6MLJ0cUo+Q=; b=ElaiOmqiBWjbe5kBBL0JtPFEM6X3iyQMsXcafUteHD8IBvrjDHT1/umwYtXDQuINOv xy+wYY+1ykUA5+SvB+9XibP+CMIB+wO9Qtakntn+BHlEgpjKPtkjvCHBcDM8HI8Ffw8t nWvBdbFNPc7vxQkFl6Ia5Bi49qfwPaOUp2ExXVCUHgioR9s4IpQPseUcpUNDmj4a/SLH AT1vYzhl68621M6jEuarU518xXDTHrjIx621q28hr//22RiJuYNTb9KwAQQBOnKC8uPb H/S8T6d1Hay5gFyxfKikA66j3S/1TlJx93uopblV/AfYbEhI0ylYfhxCo3RfpQEAzBjp 0KJw== X-Gm-Message-State: ANoB5pnlqT3aQGzck8Ml0aP1rf9yoF2Thp/0cjTS5oZ2PRnWJBf0xT7c 7jF2X5zoTZgIYdEVf9rUEGSgswCALGmemVhB X-Received: by 2002:aa7:d417:0:b0:46b:203:f389 with SMTP id z23-20020aa7d417000000b0046b0203f389mr35457487edq.303.1670258466786; Mon, 05 Dec 2022 08:41:06 -0800 (PST) Received: from nut.jupiter.sigsegv.be (ptr-8rfalzsse26o3oo9imw.18120a2.ip6.access.telenet.be. [2a02:1811:2402:bf00:f602:70ff:feae:6e98]) by smtp.googlemail.com with ESMTPSA id 1-20020a170906310100b0073ae9ba9ba8sm6389266ejx.3.2022.12.05.08.41.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 05 Dec 2022 08:41:06 -0800 (PST) To: openvpn-devel Date: Mon, 5 Dec 2022 17:41:00 +0100 Message-Id: <20221205164103.9190-2-kprovost@netgate.com> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221205164103.9190-1-kprovost@netgate.com> References: <20221205164103.9190-1-kprovost@netgate.com> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Kristof Provost When DCO is active userspace doesn't see all of the traffic, so when we access these stats we must update them. Retrieve kernel statistics every time we access the link_(read|write)_bytes values. Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.218.43 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.218.43 listed in wl.mailspike.net] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain X-Headers-End: 1p2FUu-0004Iu-3c Subject: [Openvpn-devel] [PATCH 1/4] Read DCO traffic stats from the kernel X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Kristof Provost via Openvpn-devel From: Kristof Provost Reply-To: Kristof Provost Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1751396922461180716?= X-GMAIL-MSGID: =?utf-8?q?1751396922461180716?= From: Kristof Provost When DCO is active userspace doesn't see all of the traffic, so when we access these stats we must update them. Retrieve kernel statistics every time we access the link_(read|write)_bytes values. Introduce a dco_(read|write)_bytes so that we don't clobber the existing statistics, which still count control packets, sent or received directly through the socket. Signed-off-by: Kristof Provost Acked-by: Antonio Quartulli --- src/openvpn/dco.h | 8 ++++ src/openvpn/dco_freebsd.c | 78 ++++++++++++++++++++++++++++++++++ src/openvpn/dco_linux.c | 7 +++ src/openvpn/dco_win.c | 7 +++ src/openvpn/multi.c | 30 +++++++------ src/openvpn/openvpn.h | 2 + src/openvpn/ovpn_dco_freebsd.h | 1 + 7 files changed, 120 insertions(+), 13 deletions(-) diff --git a/src/openvpn/dco.h b/src/openvpn/dco.h index e051db06..e5d89358 100644 --- a/src/openvpn/dco.h +++ b/src/openvpn/dco.h @@ -225,6 +225,14 @@ void dco_install_iroute(struct multi_context *m, struct multi_instance *mi, */ void dco_delete_iroutes(struct multi_context *m, struct multi_instance *mi); +/** + * Update traffic statistics for all peers + * + * @param dco DCO device context + * @param m the server context + **/ +int dco_get_peer_stats(dco_context_t *dco, struct multi_context *m); + /** * Retrieve the list of ciphers supported by the current platform * diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c index a52ac8c1..5b352859 100644 --- a/src/openvpn/dco_freebsd.c +++ b/src/openvpn/dco_freebsd.c @@ -37,6 +37,7 @@ #include "dco.h" #include "tun.h" #include "crypto.h" +#include "multi.h" #include "ssl_common.h" static nvlist_t * @@ -641,6 +642,83 @@ dco_event_set(dco_context_t *dco, struct event_set *es, void *arg) nvlist_destroy(nvl); } +static void +dco_update_peer_stat(struct multi_context *m, uint32_t peerid, const nvlist_t *nvl) +{ + struct hash_element *he; + struct hash_iterator hi; + + hash_iterator_init(m->hash, &hi); + + while ((he = hash_iterator_next(&hi))) + { + struct multi_instance *mi = (struct multi_instance *) he->value; + + if (mi->context.c2.tls_multi->peer_id != peerid) + continue; + + mi->context.c2.dco_read_bytes = nvlist_get_number(nvl, "in"); + mi->context.c2.dco_write_bytes = nvlist_get_number(nvl, "out"); + + return; + } + + msg(M_INFO, "Peer %d returned by kernel, but not found locally", peerid); +} + +int +dco_get_peer_stats(dco_context_t *dco, struct multi_context *m) +{ + + struct ifdrv drv; + uint8_t buf[4096]; + nvlist_t *nvl; + const nvlist_t *const *nvpeers; + size_t npeers; + int ret; + + if (!dco || !dco->open) + { + return 0; + } + + CLEAR(drv); + snprintf(drv.ifd_name, IFNAMSIZ, "%s", dco->ifname); + drv.ifd_cmd = OVPN_GET_PEER_STATS; + drv.ifd_len = sizeof(buf); + drv.ifd_data = buf; + + ret = ioctl(dco->fd, SIOCGDRVSPEC, &drv); + if (ret) + { + msg(M_WARN | M_ERRNO, "Failed to get peer stats"); + return -EINVAL; + } + + nvl = nvlist_unpack(buf, drv.ifd_len, 0); + if (! nvl) + { + msg(M_WARN, "Failed to unpack nvlist"); + return -EINVAL; + } + + if (! nvlist_exists_nvlist_array(nvl, "peers")) { + /* no peers */ + return 0; + } + + nvpeers = nvlist_get_nvlist_array(nvl, "peers", &npeers); + for (size_t i = 0; i < npeers; i++) + { + const nvlist_t *peer = nvpeers[i]; + uint32_t peerid = nvlist_get_number(peer, "peerid"); + + dco_update_peer_stat(m, peerid, nvlist_get_nvlist(peer, "bytes")); + } + + return 0; +} + const char * dco_get_supported_ciphers() { diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c index 10935820..0306cec3 100644 --- a/src/openvpn/dco_linux.c +++ b/src/openvpn/dco_linux.c @@ -911,6 +911,13 @@ nla_put_failure: return ret; } +int +dco_get_peer_stats(dco_context_t *dco, struct multi_context *m) +{ + /* Not implemented. */ + return 0; +} + bool dco_available(int msglevel) { diff --git a/src/openvpn/dco_win.c b/src/openvpn/dco_win.c index 48a1755a..68ec931c 100644 --- a/src/openvpn/dco_win.c +++ b/src/openvpn/dco_win.c @@ -399,6 +399,13 @@ dco_do_write(dco_context_t *dco, int peer_id, struct buffer *buf) return 0; } +int +dco_get_peer_stats(dco_context_t *dco, struct multi_context *m) +{ + /* Not implemented. */ + return 0; +} + void dco_event_set(dco_context_t *dco, struct event_set *es, void *arg) { diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 0a23c2bc..38da87b8 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -538,29 +538,31 @@ multi_del_iroutes(struct multi_context *m, } static void -setenv_stats(struct context *c) +setenv_stats(struct multi_context *m, struct context *c) { - setenv_counter(c->c2.es, "bytes_received", c->c2.link_read_bytes); - setenv_counter(c->c2.es, "bytes_sent", c->c2.link_write_bytes); + dco_get_peer_stats(&m->top.c1.tuntap->dco, m); + + setenv_counter(c->c2.es, "bytes_received", c->c2.link_read_bytes + c->c2.dco_read_bytes); + setenv_counter(c->c2.es, "bytes_sent", c->c2.link_write_bytes + c->c2.dco_write_bytes); } static void -multi_client_disconnect_setenv(struct multi_instance *mi) +multi_client_disconnect_setenv(struct multi_context *m, struct multi_instance *mi) { /* setenv client real IP address */ setenv_trusted(mi->context.c2.es, get_link_socket_info(&mi->context)); /* setenv stats */ - setenv_stats(&mi->context); + setenv_stats(m, &mi->context); /* setenv connection duration */ setenv_long_long(mi->context.c2.es, "time_duration", now - mi->created); } static void -multi_client_disconnect_script(struct multi_instance *mi) +multi_client_disconnect_script(struct multi_context *m, struct multi_instance *mi) { - multi_client_disconnect_setenv(mi); + multi_client_disconnect_setenv(m, mi); if (plugin_defined(mi->context.plugins, OPENVPN_PLUGIN_CLIENT_DISCONNECT)) { @@ -667,7 +669,7 @@ multi_close_instance(struct multi_context *m, if (mi->context.c2.tls_multi->multi_state >= CAS_CONNECT_DONE) { - multi_client_disconnect_script(mi); + multi_client_disconnect_script(m, mi); } close_context(&mi->context, SIGTERM, CC_GC_FREE); @@ -837,6 +839,8 @@ multi_print_status(struct multi_context *m, struct status_output *so, const int status_reset(so); + dco_get_peer_stats(&m->top.c1.tuntap->dco, m); + if (version == 1) { /* @@ -856,8 +860,8 @@ multi_print_status(struct multi_context *m, struct status_output *so, const int status_printf(so, "%s,%s," counter_format "," counter_format ",%s", tls_common_name(mi->context.c2.tls_multi, false), mroute_addr_print(&mi->real, &gc), - mi->context.c2.link_read_bytes, - mi->context.c2.link_write_bytes, + mi->context.c2.link_read_bytes + mi->context.c2.dco_read_bytes, + mi->context.c2.link_write_bytes + mi->context.c2.dco_write_bytes, time_string(mi->created, 0, false, &gc)); } gc_free(&gc); @@ -932,8 +936,8 @@ multi_print_status(struct multi_context *m, struct status_output *so, const int sep, mroute_addr_print(&mi->real, &gc), sep, print_in_addr_t(mi->reporting_addr, IA_EMPTY_IF_UNDEF, &gc), sep, print_in6_addr(mi->reporting_addr_ipv6, IA_EMPTY_IF_UNDEF, &gc), - sep, mi->context.c2.link_read_bytes, - sep, mi->context.c2.link_write_bytes, + sep, mi->context.c2.link_read_bytes + mi->context.c2.dco_read_bytes, + sep, mi->context.c2.link_write_bytes + mi->context.c2.dco_write_bytes, sep, time_string(mi->created, 0, false, &gc), sep, (unsigned int)mi->created, sep, tls_username(mi->context.c2.tls_multi, false), @@ -2752,7 +2756,7 @@ multi_connection_established(struct multi_context *m, struct multi_instance *mi) * did not fail */ if (mi->context.c2.tls_multi->multi_state == CAS_PENDING_DEFERRED_PARTIAL) { - multi_client_disconnect_script(mi); + multi_client_disconnect_script(m, mi); } mi->context.c2.tls_multi->multi_state = CAS_FAILED; diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h index c543cbf6..5981e4d5 100644 --- a/src/openvpn/openvpn.h +++ b/src/openvpn/openvpn.h @@ -267,8 +267,10 @@ struct context_2 counter_type tun_read_bytes; counter_type tun_write_bytes; counter_type link_read_bytes; + counter_type dco_read_bytes; counter_type link_read_bytes_auth; counter_type link_write_bytes; + counter_type dco_write_bytes; #ifdef PACKET_TRUNCATION_CHECK counter_type n_trunc_tun_read; counter_type n_trunc_tun_write; diff --git a/src/openvpn/ovpn_dco_freebsd.h b/src/openvpn/ovpn_dco_freebsd.h index cf92d597..cc90111e 100644 --- a/src/openvpn/ovpn_dco_freebsd.h +++ b/src/openvpn/ovpn_dco_freebsd.h @@ -61,5 +61,6 @@ enum ovpn_key_cipher { #define OVPN_POLL_PKT _IO('D', 10) #define OVPN_GET_PKT _IO('D', 11) #define OVPN_SET_IFMODE _IO('D', 12) +#define OVPN_GET_PEER_STATS _IO('D', 13) #endif /* ifndef _NET_IF_OVPN_H_ */ From patchwork Mon Dec 5 16:41:01 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kristof Provost X-Patchwork-Id: 2883 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:622a:418d:b0:3a5:7962:c21f with SMTP id cd13csp1957752qtb; Mon, 5 Dec 2022 08:42:02 -0800 (PST) X-Google-Smtp-Source: AA0mqf68mp1veYnJv5qJUEUvGyx80vOajUYyHcSLdpVVqk7Y7ekXZIhxw7X8krOHWJ8fHfmNa/qY X-Received: by 2002:a17:902:bc4a:b0:189:6795:d945 with SMTP id t10-20020a170902bc4a00b001896795d945mr49110301plz.136.1670258522790; Mon, 05 Dec 2022 08:42:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1670258522; cv=none; d=google.com; s=arc-20160816; b=PoboxkGcr7vL2Gja62hvFzx3omTU4MR8RJkuzPM1SdZ1dgGikLR3rMpl2eJYloRCEu Bf4JTsunr9wGKMofScd37noVq5T6vWxAPamJETxpPeETL6XK7jrS9zAW//z5lMp4d+S4 j6cZevAUM7F1Y7XxmDf8u9neMzGevHklJN8z9BxdxGtWH1fm4gF4743uzMjrgXPOAyiA hV6QZl0icxnDPzDM/+FWB7Kqe9t1QizqEMLR/YJosN/NynyC+4cGzI1c1pv6qVVbgOyj m55LPZaunJlZTgKjbsBWr5THZgAZqXpV6L5bgsY3NakLHc1gKSG4RxCcMP233ZUHgr6t PZAQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:reply-to:from:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:references:in-reply-to:message-id :date:to:dkim-signature:dkim-signature:dkim-signature; bh=Q/UGLgY6+//DuHNHMDk3yyjaVijEszkgNqSuGuQ6d4I=; b=ryT1CovCWx0Q1wbVAAp/D8HJhlrryyyPU7n7Zy6JPm2qJjZ/EgSaZDhIHs91cT79rR Sxp0Nz3ilHafJBzfmOmidSMCWM9DlatueYqJOmMJW0bMvBf2r40ShMDGChEZ89gRZRxe B7FuQHBWaCJzwslEtQmRC1/wgFYTdpqRs/GWH0mqbWwfnEvMvMtitAKZbG4JCWBmf6T1 iTxHC39wtu2vBGUDCUHTq0PdSEhmjw2fGQBA8I2z10gIkBBDNcDIs/iTub7ta7xLOiL/ fP5uBVR8T6vSQF1IlDDbSEonQ23DaEjJk9SYH/tXldJ8gy5sT11ceOhGytWlGn+ixSgl O2yA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=STWJvzNs; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=Ug1yonhX; dkim=neutral (body hash did not verify) header.i=@netgate.com header.s=google header.b="i/kA6fao"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id k69-20020a638448000000b004786b7afaabsi13751537pgd.192.2022.12.05.08.42.02 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 05 Dec 2022 08:42:02 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=STWJvzNs; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=Ug1yonhX; dkim=neutral (body hash did not verify) header.i=@netgate.com header.s=google header.b="i/kA6fao"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1p2EWs-00040J-Fm; Mon, 05 Dec 2022 16:41:18 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1p2EWr-00040D-Mq for openvpn-devel@lists.sourceforge.net; Mon, 05 Dec 2022 16:41:17 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=iueTsI1+wcrTM8asvYM0LafcuRALZ89Y0/C4emrYSkI=; b=STWJvzNsybgkKhlcuige5vdm6H iKld8hxDEi3+LySrcApBfQ6D7nvUkbbIrXncB5xS10j6Q0tgId2irE0j+t6p3vkq4dPG9R+ctUvMs l0hPjSW4lfOTIFfW66IfqIYjs94KXaGNjKgyQccoJG3BBNrJQz+t14JdkbBrf62Troak=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=iueTsI1+wcrTM8asvYM0LafcuRALZ89Y0/C4emrYSkI=; b=Ug1yonhX4xCvEv8oZ4ouZ5OI+G 6VremAKjJXEUuWMCXW2r320j14HfAhSz+t1E3G+kFy3ja0C+zAAo3dcxov6KQ+a8Tmv0NAGoFFYpC RE59OX0zF3k0+XFYcyEohPjEd1+QF3H0H+Rtp2xiZOoIfxqFgUXtaMdOizUbpJ0a91x4=; Received: from mail-ej1-f44.google.com ([209.85.218.44]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1p2EWo-000204-29 for openvpn-devel@lists.sourceforge.net; Mon, 05 Dec 2022 16:41:17 +0000 Received: by mail-ej1-f44.google.com with SMTP id bj12so29179577ejb.13 for ; Mon, 05 Dec 2022 08:41:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netgate.com; s=google; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=iueTsI1+wcrTM8asvYM0LafcuRALZ89Y0/C4emrYSkI=; b=i/kA6fao/UyUTaJkEsZur/A8YZ/+Mr2FlLaFWpbw3U/BEcIjuIioM5A3ABlihoJ1Co 4H5j0jAA92VWsG2//773aQVVrKfaoKuZCeXJUXfa3MPivMVtFDHKWrVzY+UIkLUY4Vr7 GVX02mySGqgOwDCzptqdjOzniHN8JdpivjdpQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=iueTsI1+wcrTM8asvYM0LafcuRALZ89Y0/C4emrYSkI=; b=HtW7+/QwnWN1K4aI2wIdAoTcDrNjCHcnkryWxgwoFKWQ7Dsa1r2dBc8RcwjURA0Jo6 QcAYr+EI33dMFZSrFqtc242O3MKIDJzKtjiN6TGw0ydWdzrDTmt6NZUnx7Y25WZQta7j IXvbXs3SFwNmvn6kDjWNud+GNEJnyYrJ45hVk0bXUOzlxFZEaBM7tRlQb++cvTwHtWXB TJKb1CCwXTJ5QUGfZ56PJ+qRT7ZIS+YVerFdRxeATYAnND3c4zz9411tD0r/bKN5B9gU f/Buk4PS4Bp0LcRj3Z2ElfsELMgSL9gFsD+u86dm2IlQoAVgFs6jCrlWglXg+HyxhVXd MPWg== X-Gm-Message-State: ANoB5plc7xIgEIRUo6mJVap/5JdVj7ZwU+RA2NWFCh/lsTqgsZ/xSPLh fqX0+JSwfEgJqMTq3qGAkkn1rUUK8Owgg9MW X-Received: by 2002:a17:907:138d:b0:7bc:2ad:fae with SMTP id vs13-20020a170907138d00b007bc02ad0faemr43525011ejb.724.1670258467444; Mon, 05 Dec 2022 08:41:07 -0800 (PST) Received: from nut.jupiter.sigsegv.be (ptr-8rfalzsse26o3oo9imw.18120a2.ip6.access.telenet.be. [2a02:1811:2402:bf00:f602:70ff:feae:6e98]) by smtp.googlemail.com with ESMTPSA id 1-20020a170906310100b0073ae9ba9ba8sm6389266ejx.3.2022.12.05.08.41.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 05 Dec 2022 08:41:06 -0800 (PST) To: openvpn-devel Date: Mon, 5 Dec 2022 17:41:01 +0100 Message-Id: <20221205164103.9190-3-kprovost@netgate.com> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221205164103.9190-1-kprovost@netgate.com> References: <20221205164103.9190-1-kprovost@netgate.com> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Kristof Provost When the kernel module (Linux or FreeBSD) notifies us that a peer has disconnected we'd like to get a final count of the in/out bytes for that peer. We can't request that information any more, because [...] Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.218.44 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.218.44 listed in wl.mailspike.net] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1p2EWo-000204-29 Subject: [Openvpn-devel] [PATCH 2/4] dco: Update counters when a client disconnects X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Kristof Provost via Openvpn-devel From: Kristof Provost Reply-To: Kristof Provost Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1751393000690460520?= X-GMAIL-MSGID: =?utf-8?q?1751393000690460520?= From: Kristof Provost When the kernel module (Linux or FreeBSD) notifies us that a peer has disconnected we'd like to get a final count of the in/out bytes for that peer. We can't request that information any more, because the kernel has already removed the peer at that point. Have the kernel send that information as part of the "delete peer" notification, and update the counters a final time. This implements the FreeBSD-specific DCO code, but not the Linux-specific code. It will simply add 0 to the count on Linux. Signed-off-by: Kristof Provost Acked-by: Gert Doering --- src/openvpn/dco_freebsd.c | 9 +++++++++ src/openvpn/dco_freebsd.h | 2 ++ src/openvpn/dco_linux.h | 2 ++ src/openvpn/multi.c | 4 ++++ 4 files changed, 17 insertions(+) diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c index 5b352859..2ae46589 100644 --- a/src/openvpn/dco_freebsd.c +++ b/src/openvpn/dco_freebsd.c @@ -528,6 +528,15 @@ dco_do_read(dco_context_t *dco) else { dco->dco_del_peer_reason = OVPN_DEL_PEER_REASON_EXPIRED; + + if (nvlist_exists_nvlist(nvl, "bytes")) + { + const nvlist_t *bytes = nvlist_get_nvlist(nvl, "bytes"); + + dco->dco_read_bytes = nvlist_get_number(bytes, "in"); + dco->dco_write_bytes = nvlist_get_number(bytes, "out"); + } + dco->dco_message_type = OVPN_CMD_DEL_PEER; } diff --git a/src/openvpn/dco_freebsd.h b/src/openvpn/dco_freebsd.h index 7de11697..0d059dda 100644 --- a/src/openvpn/dco_freebsd.h +++ b/src/openvpn/dco_freebsd.h @@ -55,6 +55,8 @@ typedef struct dco_context { int dco_message_type; int dco_message_peer_id; int dco_del_peer_reason; + uint64_t dco_read_bytes; + uint64_t dco_write_bytes; } dco_context_t; #endif /* defined(ENABLE_DCO) && defined(TARGET_FREEBSD) */ diff --git a/src/openvpn/dco_linux.h b/src/openvpn/dco_linux.h index 416ea30a..7d56308b 100644 --- a/src/openvpn/dco_linux.h +++ b/src/openvpn/dco_linux.h @@ -53,6 +53,8 @@ typedef struct int dco_message_type; int dco_message_peer_id; int dco_del_peer_reason; + uint64_t dco_read_bytes; + uint64_t dco_write_bytes; } dco_context_t; #endif /* defined(ENABLE_DCO) && defined(TARGET_LINUX) */ diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 38da87b8..74671303 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -3245,6 +3245,8 @@ process_incoming_del_peer(struct multi_context *m, struct multi_instance *mi, * installed, and we do not need to clean up the state in the kernel */ mi->context.c2.tls_multi->dco_peer_id = -1; mi->context.sig->signal_text = reason; + mi->context.c2.dco_read_bytes = dco->dco_read_bytes; + mi->context.c2.dco_write_bytes = dco->dco_write_bytes; multi_signal_instance(m, mi, SIGTERM); } @@ -3278,6 +3280,8 @@ multi_process_incoming_dco(struct multi_context *m) dco->dco_message_type = 0; dco->dco_message_peer_id = -1; + dco->dco_read_bytes = 0; + dco->dco_write_bytes = 0; return ret > 0; } #endif /* if defined(ENABLE_DCO) && defined(TARGET_LINUX) */ From patchwork Mon Dec 5 16:41:02 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kristof Provost X-Patchwork-Id: 2885 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:622a:418d:b0:3a5:7962:c21f with SMTP id cd13csp1969193qtb; Mon, 5 Dec 2022 09:09:06 -0800 (PST) X-Google-Smtp-Source: AA0mqf4aeEx6/9WIXko2ZNrMSDj7vRGDzT6mc3tosVrzG0EMuoIlIPBEANfYVUSpwNg+ZnQS1EKj X-Received: by 2002:a63:d356:0:b0:477:1a2:390e with SMTP id u22-20020a63d356000000b0047701a2390emr75393654pgi.83.1670260146736; Mon, 05 Dec 2022 09:09:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1670260146; cv=none; d=google.com; s=arc-20160816; b=NI4P8I1e/KD/bkMhbvS7Gu6SiKpgJeAUiNcKpkgms/1A+6Ra0ecRXavpMVf0YQ5S3o fONzdFriGGEFKPzACii+4riGWr+fXzj/eZryQAd8dP9RPXP/GQ5TML7CvgsSE8QUQSsg JpDCBgFQZXQg0RMNuI8qn7NptUwjLqrPOOXPRfC1qcL8AqxCnz6hnKrB5KR29YQxdCzY 2heTWXoPnGXQYBq9sUe6RRgJoqFEIasOUhQmiwbPbys0kDZI1kvWsZS4NY3rvWnBy3Y7 OFfzKQsyQx+ThApEyxm1hAVFWSTzzXwUo2oKgg0TFL5SjibC2pV8U258nqkKzbVfKzVI FYNw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:reply-to:from:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:references:in-reply-to:message-id :date:to:dkim-signature:dkim-signature:dkim-signature; bh=Sm9EXndFihuhzEaclC7VzcoisgmXZORi9NyjYm4mlrs=; b=XnxVHH113C7cVPlg/XaWpFcpxgF+pQ5MtD+5bsJfDFFphllH8bs+5AF7F1LpQSiXFD NGa6Aq2nb2Ym3pbyYLP2P5GGVxoDhEZVnA7P/rFDzfSOhE57Nva5Syz7V+e2RgMN9GP2 rwi6BjqNr3yEaUfNaZPNwRS8R/srsmgKvkxTBjSutek+xWR+806s2O1YHfSuFO0nPQu4 pvIjzHUqe74mt5HiYqf7WLOvaKIzM/xw/eVyPxYk7mxNFdNWPtQ5OkexAky0dc+sFvom jeLZlp76m31F+JkQfo+CBS3rwfJlR4I7LmoGI5QOB/R2PMsceb7HaHMxGBZ1qmmY+lnI FGXA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=jsagfCP4; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=Ou0zhZj2; dkim=neutral (body hash did not verify) header.i=@netgate.com header.s=google header.b=UUCt5gB5; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id x5-20020a654145000000b004780221f08bsi14863134pgp.853.2022.12.05.09.09.06 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 05 Dec 2022 09:09:06 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=jsagfCP4; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=Ou0zhZj2; dkim=neutral (body hash did not verify) header.i=@netgate.com header.s=google header.b=UUCt5gB5; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1p2Ex8-00063d-2t; Mon, 05 Dec 2022 17:08:26 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1p2Ex6-00063X-RK for openvpn-devel@lists.sourceforge.net; Mon, 05 Dec 2022 17:08:24 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Ou/Y6MoWdZUwLJaTejYS2ymKTTMcEKfupS/h+Cz5aa0=; b=jsagfCP42PJi3JSUefLNKtSTU2 +leO2h01SHcHJJ8b8J6FPbl+wnx78xGB1x3hxEUhkh+izzUaKUpOb4YKQkwuebOpGIAi5MhHTpXce lDlHCSJhLAJJfchoesFjrGt+ThN+99NKTSfoKfw3m+YHQfkEP8CRj2hLlBp/Qlz0kiIw=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Ou/Y6MoWdZUwLJaTejYS2ymKTTMcEKfupS/h+Cz5aa0=; b=Ou0zhZj2BCezSBdpy+bmtmXnh/ v2nHG/uu90AJgIBBWmQopOr0AWv4+J360lNugpizBJFLeT2bGqdYpMyJJrJD9Jy9huEgOUfgQoKPB BO0k/WaNyqbjcaFFSJkv/CnZ9LmdQB45fC1i6UIy60YMOu69WzbzlvDwdCQso0hgYHqc=; Received: from mail-lj1-f172.google.com ([209.85.208.172]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1p2Ex4-00033h-UY for openvpn-devel@lists.sourceforge.net; Mon, 05 Dec 2022 17:08:24 +0000 Received: by mail-lj1-f172.google.com with SMTP id z4so14284317ljq.6 for ; Mon, 05 Dec 2022 09:08:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netgate.com; s=google; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Ou/Y6MoWdZUwLJaTejYS2ymKTTMcEKfupS/h+Cz5aa0=; b=UUCt5gB5VCjW6GSTWG2sHw8eEpdO1XZ35uvoPkDojvlXDNSKrcn+WcanhU8poBLFUf ZuivKwN0cfAGFTwcSgVBy9S0+xUILiHRVNRbmQ2m789U9vC6oKbf7kq1ggLz/QjWyENc AYBxuyVV7ltw4UYe4Aje34AaP/UqJvtd291sk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Ou/Y6MoWdZUwLJaTejYS2ymKTTMcEKfupS/h+Cz5aa0=; b=BqB2mmq5cNObSfr+TKWHU0sa4E9i81zi2i1Zkyw1sJvjWTQvRwRX8mnZ/43/FZvIoG mwGL2PUVvPxx/DJXQLkNmOKhz916b/gnAQjiejawiDO40ma3MRmF46vGzalPlfT5eZi3 2vQ8BKJJ/ArsKqhNVJZWvZL2Xk2jtyazWy0vNxtgMXSaHjLR8nLJkbLWrA+dRh38tAut TSzqAF4lX2LM5o4czr0LARKyfUTsSA2KUhMYbXeFCTkC7gEl2fXMwWUssEnJRFoJL+zc bgZLbuHyooaGlvNQQ0x2bOEdaZCT+hf0fek45wo7X2148m0f28XG3XSkvAvpwLKgRJsM k93g== X-Gm-Message-State: ANoB5pmRYZalSoCCY0m/lG98AB65Nwnr0Hx6V1EQXk1SBf/O5dKgw1YK ZznSBMSbXnOGnEyJlqhWAWJO+REVvN2F3+uv X-Received: by 2002:a05:6402:528d:b0:468:dc9:ec08 with SMTP id en13-20020a056402528d00b004680dc9ec08mr60394862edb.17.1670258468062; Mon, 05 Dec 2022 08:41:08 -0800 (PST) Received: from nut.jupiter.sigsegv.be (ptr-8rfalzsse26o3oo9imw.18120a2.ip6.access.telenet.be. [2a02:1811:2402:bf00:f602:70ff:feae:6e98]) by smtp.googlemail.com with ESMTPSA id 1-20020a170906310100b0073ae9ba9ba8sm6389266ejx.3.2022.12.05.08.41.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 05 Dec 2022 08:41:07 -0800 (PST) To: openvpn-devel Date: Mon, 5 Dec 2022 17:41:02 +0100 Message-Id: <20221205164103.9190-4-kprovost@netgate.com> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221205164103.9190-1-kprovost@netgate.com> References: <20221205164103.9190-1-kprovost@netgate.com> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Kristof Provost Recent FreeBSD kernels supply a reason for the OVPN_NOTIF_DEL_PEER notification. Parse this from the nvlist so we can distinguish user-requested removals from timeouts. Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.208.172 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.208.172 listed in wl.mailspike.net] X-Headers-End: 1p2Ex4-00033h-UY Subject: [Openvpn-devel] [PATCH 3/4] Read the peer deletion reason from the kernel X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Kristof Provost via Openvpn-devel From: Kristof Provost Reply-To: Kristof Provost Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1751394703849576544?= X-GMAIL-MSGID: =?utf-8?q?1751394703849576544?= From: Kristof Provost Recent FreeBSD kernels supply a reason for the OVPN_NOTIF_DEL_PEER notification. Parse this from the nvlist so we can distinguish user-requested removals from timeouts. Signed-off-by: Kristof Provost Acked-by: Gert Doering --- src/openvpn/dco_freebsd.c | 13 +++++++++++++ src/openvpn/ovpn_dco_freebsd.h | 5 +++++ 2 files changed, 18 insertions(+) diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c index 2ae46589..8d7ceb70 100644 --- a/src/openvpn/dco_freebsd.c +++ b/src/openvpn/dco_freebsd.c @@ -529,6 +529,19 @@ dco_do_read(dco_context_t *dco) { dco->dco_del_peer_reason = OVPN_DEL_PEER_REASON_EXPIRED; + if (nvlist_exists_number(nvl, "del_reason")) + { + uint32_t reason = nvlist_get_number(nvl, "del_reason"); + if (reason == OVPN_DEL_REASON_TIMEOUT) + { + dco->dco_del_peer_reason = OVPN_DEL_PEER_REASON_EXPIRED; + } + else + { + dco->dco_del_peer_reason = OVPN_DEL_PEER_REASON_USERSPACE; + } + } + if (nvlist_exists_nvlist(nvl, "bytes")) { const nvlist_t *bytes = nvlist_get_nvlist(nvl, "bytes"); diff --git a/src/openvpn/ovpn_dco_freebsd.h b/src/openvpn/ovpn_dco_freebsd.h index cc90111e..fec33835 100644 --- a/src/openvpn/ovpn_dco_freebsd.h +++ b/src/openvpn/ovpn_dco_freebsd.h @@ -38,6 +38,11 @@ enum ovpn_notif_type { OVPN_NOTIF_DEL_PEER, }; +enum ovpn_del_reason { + OVPN_DEL_REASON_REQUESTED = 0, + OVPN_DEL_REASON_TIMEOUT = 1 +}; + enum ovpn_key_slot { OVPN_KEY_SLOT_PRIMARY = 0, OVPN_KEY_SLOT_SECONDARY = 1 From patchwork Mon Dec 5 16:41:03 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kristof Provost X-Patchwork-Id: 2884 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:622a:418d:b0:3a5:7962:c21f with SMTP id cd13csp1960068qtb; Mon, 5 Dec 2022 08:47:49 -0800 (PST) X-Google-Smtp-Source: AA0mqf7UxGynTfl+GUamt4Zrrtj0EbjGKWg3q1eH79YKv44+UYS9ybFvi8tQ5RvFsGDLeM5Q/oKv X-Received: by 2002:a17:90a:5b09:b0:218:a0cd:5a99 with SMTP id o9-20020a17090a5b0900b00218a0cd5a99mr79466830pji.76.1670258868936; Mon, 05 Dec 2022 08:47:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1670258868; cv=none; d=google.com; s=arc-20160816; b=o328sQ+rtPRX9s8kWGXra1zSUtrTUXYSkYxiLJvR9XcBqtMgrHlJOnruBR6GWdLPP4 ex7vyN4ZjWuvShgMrTEdY48/kbRAuKrErNa7swuAqCqTBT0qXeTKskn47Rwkkz4Dx7Zl W7VFbjqISZr21dekB/SB2OR+kxqEOUSMQKsycLHNlbgE59huCBhX/DSz7joxMOcZIl5u 1i3+zAP56IWmT5CUPhuy6grEPIhWUs+bcraQeIyfRmXuK8+FhgLSxrECC7Vk6R73S1cT OLaG00kLdUH6LvI7GCnZtbyyc2s9IafbJ4Nn7uTyBlzO8By5sM12wXoes+tnViM1Sonk fp9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:reply-to:from:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:references:in-reply-to:message-id :date:to:dkim-signature:dkim-signature:dkim-signature; bh=ef4yM/JyKATOq6EuelALpZJhZnOrm/RTYqqaS0kaHHk=; b=CKc0v4C6vOtG/aNTe4rMMKHZXVVQ/KGGuvMgX43ZO+Zh+H8cJvjjIkzZmfPwyJLkeN z68awJ/kkU5lq2LvVRW7VQPpJ9UE7/RuxvVTZ98OvFhbT0HL4OeH7D9o6kFRXKBOq+DI bEEjpv3U7tHWdfoddLEktx9taazjUcR8kYkd7dLfDOrOPrbA9pC76G8+bfE2Hffe0W+I CrlMjpqZ273y0paQzP4ZDIVJFdbTB0vOdLwoF4tQ7HcCwS+Gx2OkPpmrAvZlIjADruNh zsOER0UKhmEjfEME6pyQi+KDTRD1H4N9TcV7RjDhvKFo8PpDFcJQpUZq/f6K4il5Q983 EIGQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=bNMCXg4c; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=EWaZzSNe; dkim=neutral (body hash did not verify) header.i=@netgate.com header.s=google header.b=VK2PeapD; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id qa8-20020a17090b4fc800b00219ed0bf12esi743511pjb.190.2022.12.05.08.47.48 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 05 Dec 2022 08:47:48 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=bNMCXg4c; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=EWaZzSNe; dkim=neutral (body hash did not verify) header.i=@netgate.com header.s=google header.b=VK2PeapD; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1p2Ece-00047u-EN; Mon, 05 Dec 2022 16:47:16 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1p2Ecd-00047o-Te for openvpn-devel@lists.sourceforge.net; Mon, 05 Dec 2022 16:47:15 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=IMezvPwB+UDH8zLw4w0ahfyCbcDyq2nUvn5R9LJdW3Q=; b=bNMCXg4cyGyyLsu9CKBbYNy/e2 T5RfZogGydEuWWtRfjg4g45IlvUYluefpAFLeTL4FIQH2NulPGYY0l+oMKlythO7FRRWoPGikMalr QrzOpA7bCK3xL5VGQPxpV7NWVO5Mh4BFNhzHjUFyXpNJ7TwUOy3dSf+eDf25h1lNvigM=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=IMezvPwB+UDH8zLw4w0ahfyCbcDyq2nUvn5R9LJdW3Q=; b=EWaZzSNeyA9Y3xvIAleR1PCw9p Y8xYOYkh4ZwME0FwghmGj+RfbYUNqDl/+sMxfhF2ThmrvLxLFVb7HZcgLANBn5i6gYjlwVmDZCre5 l+ZyZn4Fz+Sm2d3Psqw4/diXN7l604yF79rVZURZPi1XMmBa9kQ4B4gtyhhmWL+cyNkk=; Received: from mail-ej1-f46.google.com ([209.85.218.46]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1p2Eca-006xNd-Dl for openvpn-devel@lists.sourceforge.net; Mon, 05 Dec 2022 16:47:15 +0000 Received: by mail-ej1-f46.google.com with SMTP id td2so29214971ejc.5 for ; Mon, 05 Dec 2022 08:47:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netgate.com; s=google; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=IMezvPwB+UDH8zLw4w0ahfyCbcDyq2nUvn5R9LJdW3Q=; b=VK2PeapDvJkzq6iM0MSgZu+emlZKK2TNUjUmqdCXJkilrZKlDff/mhZuMc055W3qHe clsHXFgbkBuECfGpDqBxNzCkSzKsD/DVtVVEoA7oHCm2yDSzIRC4nrEyiNV6YcrmfXhD 95kAPUqXYsCxnGBHbYKgrMktX07LSZXlPbn14= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=IMezvPwB+UDH8zLw4w0ahfyCbcDyq2nUvn5R9LJdW3Q=; b=nyTkFd3mWPRyJ+fl2F6Hhk83yr1bguLLicWfFSEWp+70eHcidyvbgGde7fT57kx0B7 B6VmStgdQqPhHV5qSmDJ2TPhU7/4NN1O5f9KBQ35VHMWwkZmuXqz4sS8NNNHmy5/pbXG jZCvRDU/2fKRjhW4wB7apqbKwLUaobMI/t08sQ9EWtUcCKJq8R4nGsJ6uFZDuKhH4xDK 9h2pNwhljJkTV62Tv5smmRk0cuRUe0pkhZSUuOv1mZwZSHR9NbRnMObk5xnmQdxmy2fm 4DoM0ISsBXMWuUnOFd/CmfCM6Gpi9MimWpA5D4TiwnmXgjEMB+kA1AvGh6UFihQFmoXF vVBg== X-Gm-Message-State: ANoB5pk8jBI04VpAqxoV0dczkNEF4YGQQQIoRPBGxT5jLdmn9aVs6O77 1AppMwM2aqBhg8LPsV83MaGB8/l3juAnlo6g X-Received: by 2002:a50:ed90:0:b0:46a:e6e3:b3cf with SMTP id h16-20020a50ed90000000b0046ae6e3b3cfmr37984547edr.333.1670258468753; Mon, 05 Dec 2022 08:41:08 -0800 (PST) Received: from nut.jupiter.sigsegv.be (ptr-8rfalzsse26o3oo9imw.18120a2.ip6.access.telenet.be. [2a02:1811:2402:bf00:f602:70ff:feae:6e98]) by smtp.googlemail.com with ESMTPSA id 1-20020a170906310100b0073ae9ba9ba8sm6389266ejx.3.2022.12.05.08.41.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 05 Dec 2022 08:41:08 -0800 (PST) To: openvpn-devel Date: Mon, 5 Dec 2022 17:41:03 +0100 Message-Id: <20221205164103.9190-5-kprovost@netgate.com> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221205164103.9190-1-kprovost@netgate.com> References: <20221205164103.9190-1-kprovost@netgate.com> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Kristof Provost Remove support for reading packets through the control interface. FreeBSD no longer does this, so there's no point in keeping the code for it. While here also check that we know what type of notification we're getting. There's currently only one, but we should check anyway. Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [209.85.218.46 listed in wl.mailspike.net] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.218.46 listed in list.dnswl.org] 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders X-Headers-End: 1p2Eca-006xNd-Dl Subject: [Openvpn-devel] [PATCH 4/4] dco: cleanup FreeBSD dco_do_read() X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Kristof Provost via Openvpn-devel From: Kristof Provost Reply-To: Kristof Provost Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1751393363694534649?= X-GMAIL-MSGID: =?utf-8?q?1751393363694534649?= From: Kristof Provost Remove support for reading packets through the control interface. FreeBSD no longer does this, so there's no point in keeping the code for it. While here also check that we know what type of notification we're getting. There's currently only one, but we should check anyway. Signed-off-by: Kristof Provost Acked-by: Gert Doering --- src/openvpn/dco_freebsd.c | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c index 8d7ceb70..b6d869b0 100644 --- a/src/openvpn/dco_freebsd.c +++ b/src/openvpn/dco_freebsd.c @@ -489,8 +489,7 @@ dco_do_read(dco_context_t *dco) struct ifdrv drv; uint8_t buf[4096]; nvlist_t *nvl; - const uint8_t *pkt; - size_t pktlen; + enum ovpn_notif_type type; int ret; /* Flush any pending data from the pipe. */ @@ -518,15 +517,9 @@ dco_do_read(dco_context_t *dco) dco->dco_message_peer_id = nvlist_get_number(nvl, "peerid"); - if (nvlist_exists_binary(nvl, "packet")) - { - pkt = nvlist_get_binary(nvl, "packet", &pktlen); - memcpy(BPTR(&dco->dco_packet_in), pkt, pktlen); - dco->dco_packet_in.len = pktlen; - dco->dco_message_type = OVPN_CMD_PACKET; - } - else - { + type = nvlist_get_number(nvl, "notification"); + switch (type) { + case OVPN_NOTIF_DEL_PEER: dco->dco_del_peer_reason = OVPN_DEL_PEER_REASON_EXPIRED; if (nvlist_exists_number(nvl, "del_reason")) @@ -551,6 +544,10 @@ dco_do_read(dco_context_t *dco) } dco->dco_message_type = OVPN_CMD_DEL_PEER; + break; + default: + msg(M_WARN, "Unknown kernel notification %d", type); + break; } nvlist_destroy(nvl);