From patchwork Mon Dec 19 17:40:27 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2931 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp3186103dyk; Mon, 19 Dec 2022 09:40:55 -0800 (PST) X-Google-Smtp-Source: AA0mqf44izoo6FVRpvWgB7BXtiX27j/0qSc7vdTmWh5IaHhTSJUui7hqcp8a706MsHOiASP7Hk3C X-Received: by 2002:a62:f251:0:b0:577:ad:49c5 with SMTP id y17-20020a62f251000000b0057700ad49c5mr38720589pfl.9.1671471655757; Mon, 19 Dec 2022 09:40:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1671471655; cv=none; d=google.com; s=arc-20160816; b=WNLskSvo+SiQiHRbUPpqECRKtphBWKCtveIPADHN7mUANiRxkAQkD2i8x/HjtXBDow jCmi+AmQ4aU3E/QPnBFZWbJMZtwVV8/+ASlZgfNaeMOpsP111cgLSPoBixPw2Nf05zr0 NQ3bl5fB1dOzJryEZtki3DXvLXBtNCpAcF5cQqg4HRpIPrJQb9joyRz8/N57MhNaXTXG FVVOBI2PKTIKmcnYrewAlS0HhkQ0iv2bCwBaMzoJQ24B2vpdE1K43EfGUzl+UESq80IT 8ntFnPSco7hKErqmU36t9hUQOUxjx3TC2+Ot9BDPrNkpp9Qa6Eb3AKmV4KrmSBWsKpWf OIrg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:dkim-signature; bh=8jRebO3205ZmdsEFtF8IcsR+QdBJ02LXn2eF/SoJ6cU=; b=bFMmpG4sa9ta/IvLAvP+eYzn3LCDbmTi0VyjA8xS+HdJO8pp2Q0xwqma4k4ynPR2lZ gsdqzJXQllb53XH2SXnP+FuDCfHh4oXVfCVJ6Rhq6tXGqKmSPPUcmWYFNct4m7qmiF7I MLgy4ZwAojwK5WC1LihUeGoJo3aSeP1ItmqkRKWW12Vx9EcAedr69TeQEFvZDYhdyaoF Dn1VlvqZGA9TXzYG6birm+zJqj7WbvYnGXOxqUG9AxJzOSf12+FhPV0hHpDIsIpzo6VE yNii/I7eIOqUSLhPnsXOEqR5m7xxOegfX8Nn2P54jHYI1QYZmgj2KiOpm2bOpGwSKcRU qJMQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=UrnTeFvp; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=KA+XONH2; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id j10-20020a056a00234a00b0057fd681788asi3197123pfj.225.2022.12.19.09.40.55 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 19 Dec 2022 09:40:55 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=UrnTeFvp; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=KA+XONH2; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1p7K80-0008Jg-4k; Mon, 19 Dec 2022 17:40:40 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1p7K7w-0008JY-43 for openvpn-devel@lists.sourceforge.net; Mon, 19 Dec 2022 17:40:37 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=vjy8dqCI3xyJL7A5bh4mIEDApIGe5mYlnDelSJnLO14=; b=UrnTeFvps/rJUPSyw9Sea+BGse RczPOjNGSnTn8kA/bbf+XJc0s4wuNGDTZheMlE/PMySJfw8S6JyG34YpaW/92qMIu3JsTlu1ASHPe lFXyka+412b++HPIVs+M6bR612k93VNfee40C1nKIPpd31aARfI8OQHgeHQobSkdSfGg=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:To:From: Sender:Reply-To:Cc:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=vjy8dqCI3xyJL7A5bh4mIEDApIGe5mYlnDelSJnLO14=; b=K A+XONH2n4gNcom1bsgOo1dNUfg5S6+4cdssXxRL147Pk+BbdKuZy+8yb53leDB9TnH1i6bpMQxFCJ NNznwZmylF41uall+JzzcCSCqJmAL6o36CCOQVhNbxaNCdynlM1T3wIRcRr2nm0MXSpvVcqPa5xa9 fB8gx1IjK/xojrw8=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1p7K7u-0006cU-1s for openvpn-devel@lists.sourceforge.net; Mon, 19 Dec 2022 17:40:34 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1p7K7n-000FQ5-Gj for openvpn-devel@lists.sourceforge.net; Mon, 19 Dec 2022 18:40:27 +0100 Received: (nullmailer pid 2567551 invoked by uid 10006); Mon, 19 Dec 2022 17:40:27 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Mon, 19 Dec 2022 18:40:27 +0100 Message-Id: <20221219174027.2567505-1-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Spam-Score: 0.3 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Signed-off-by: Arne Schwabe --- src/openvpn/dco_freebsd.c | 3 +++ src/openvpn/init.c | 42 ++++++++++++++++++++++++ 2 files changed, 29 insertions(+), 16 deletions(-) Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1p7K7u-0006cU-1s Subject: [Openvpn-devel] [PATCH] Ensure that dco keepalive and mssfix options are also set in pure p2p mode X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1752665062619036659?= X-GMAIL-MSGID: =?utf-8?q?1752665062619036659?= Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- src/openvpn/dco_freebsd.c | 3 +++ src/openvpn/init.c | 42 ++++++++++++++++++++++++--------------- 2 files changed, 29 insertions(+), 16 deletions(-) diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c index 7f5e69e3e..cd4083c49 100644 --- a/src/openvpn/dco_freebsd.c +++ b/src/openvpn/dco_freebsd.c @@ -461,6 +461,9 @@ dco_set_peer(dco_context_t *dco, unsigned int peerid, nvlist_t *nvl; int ret; + msg(D_DCO_DEBUG, "%s: peer-id %d, ping interval %d, ping timeout %d", + __func__, peerid, keepalive_interval, keepalive_timeout); + nvl = nvlist_create(0); nvlist_add_number(nvl, "peerid", peerid); nvlist_add_number(nvl, "interval", keepalive_interval); diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 88f0747f9..71d0804fa 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -2119,6 +2119,26 @@ options_hash_changed_or_zero(const struct sha256_digest *a, || !memcmp(a, &zero, sizeof(struct sha256_digest)); } +static bool +p2p_set_dco_keepalive(struct context *c) +{ + if (dco_enabled(&c->options) + && (c->options.ping_send_timeout || c->c2.frame.mss_fix)) + { + int ret = dco_set_peer(&c->c1.tuntap->dco, + c->c2.tls_multi->dco_peer_id, + c->options.ping_send_timeout, + c->options.ping_rec_timeout, + c->c2.frame.mss_fix); + if (ret < 0) + { + msg(D_DCO, "Cannot set parameters for DCO peer (id=%u): %s", + c->c2.tls_multi->dco_peer_id, strerror(-ret)); + return false; + } + } + return true; +} /** * This function is expected to be invoked after open_tun() was performed. * @@ -2147,22 +2167,6 @@ do_deferred_options_part2(struct context *c) return false; } - if (dco_enabled(&c->options) - && (c->options.ping_send_timeout || c->c2.frame.mss_fix)) - { - int ret = dco_set_peer(&c->c1.tuntap->dco, - c->c2.tls_multi->dco_peer_id, - c->options.ping_send_timeout, - c->options.ping_rec_timeout, - c->c2.frame.mss_fix); - if (ret < 0) - { - msg(D_DCO, "Cannot set parameters for DCO peer (id=%u): %s", - c->c2.tls_multi->dco_peer_id, strerror(-ret)); - return false; - } - } - return true; } @@ -2265,6 +2269,12 @@ do_up(struct context *c, bool pulled_options, unsigned int option_types_found) } } + if (c->mode == MODE_POINT_TO_POINT && !p2p_set_dco_keepalive(c)) + { + msg(D_TLS_ERRORS, "ERROR: Failed to apply DCO keepalive or MSS fix parameters"); + return false; + } + if (c->c2.did_open_tun) { c->c1.pulled_options_digest_save = c->c2.pulled_options_digest;