From patchwork Tue Dec 27 02:24:01 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2946 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp2355435dyk; Mon, 26 Dec 2022 18:25:05 -0800 (PST) X-Google-Smtp-Source: AMrXdXuDyaParukQUT3i2avpUJRfRhCK4PPiETOgVKO/hEhHPSPDGEmzBi4tIY6XHgJzEmNoxEm/ X-Received: by 2002:a05:6a20:4c20:b0:b0:c30:1de with SMTP id fm32-20020a056a204c2000b000b00c3001demr21932855pzb.61.1672107904850; Mon, 26 Dec 2022 18:25:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1672107904; cv=none; d=google.com; s=arc-20160816; b=xUqPqMn1xFsu+fa2brZU/FrJjlr4w7ppApqWiQtlvthwNEHEsxsmmovooTUFF9aUoR mZPcKfDVdbXo4mB2J0xsz/TTiD7HVL0crtZIwbL1bVXQ317/wh+2kYJ+RF5ZRZi+IUMD OURwNg229AFpXHs9Mgz299hy43FYrQE2Z9cKsxGxr/16AeHV4HFwTQeagPrQe79ovJLb 7cJD7WdHOrH9Bd9wI4Wx7SihO1P4fszv0Svq4Fnya0HM7OiUmVPie6eEWnDzKqfFTdx+ Kf//WKCXNHsoIufxDwk5LVuFsve5jbNehzXwv087CJTTAd+Xp1XXY4JCmbK5r1kR/ocB 048w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:dkim-signature; bh=O7xwLfvaDwTDAnLqc6u7MG7GiuVLnK5qOBh391a30q8=; b=TxgHaA7xO2b0gtcdM82+oBjfgswEL3jWEUzkuFfx9hXdLS/hskZD/m39XPlo1f7dFi idKr1MH3r3yUqbIHENIqgr5/Fi2MWktoGj2CVEgX76UOEg5plxRTPxKqcf/pITYuBXbs w0sis9dqQb1oY4IczZCOikcXD5xGq6Xm0Vp/MwbWyoeDcjVGUTiVvVU3rpYXakX+QqJt ehRaRtZErlfBTbOy39vzq2d9bINDbgifYsSMh3nPNruUN+8ZQWDnSef50R+7RY4fPZac J5rJGT1tFowm2QUgYu5fuWl7uDdL8EwikULO9PbtM7sMbITwD/j/tkK94Q2OnpeC7rPL 8Xug== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=ZKfYhQsj; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="FAE/NEmG"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id m65-20020a633f44000000b00489c72b232fsi12831065pga.707.2022.12.26.18.25.04 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 26 Dec 2022 18:25:04 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=ZKfYhQsj; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="FAE/NEmG"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1p9zda-0005EU-1k; Tue, 27 Dec 2022 02:24:18 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1p9zdX-0005EN-LV for openvpn-devel@lists.sourceforge.net; Tue, 27 Dec 2022 02:24:15 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=3MXS/Qvsb0mRJ3JfZbEomviQOMWxkLs6m1hwLtiiwQQ=; b=ZKfYhQsjClosopTbrUXoKoVIh3 3AsvglCHgX4AK8uZIBL5pMWBYtA6hYxmdhsNn84+F1+8vAvd9V0aLYmFlgjDWjbMFxZb5TRiJC2mD O3ulo/ByCUtHWHKNLLSmnKvbHkhQA8TCtL0FhUUG/qyR8SfBVpf0GPE0qWwVwq6q38hA=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:To:From: Sender:Reply-To:Cc:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=3MXS/Qvsb0mRJ3JfZbEomviQOMWxkLs6m1hwLtiiwQQ=; b=F AE/NEmG6141rvpYmR349Km6YjlbPUj1/OjfPbx8PKMhfcelMWbeX0WLEKEh6XmVuf6nZb4l/Us0mb 8nUD0WJp8UJHrTMwqV980+oFNtSIpZbtfPNlzc487xWqAkdT86EBDeOfaSosbx/ySrQX+hho6XQih +hKeck3LdBWTrau0=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1p9zdT-00DihJ-Ct for openvpn-devel@lists.sourceforge.net; Tue, 27 Dec 2022 02:24:15 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1p9zdM-0002IU-1h for openvpn-devel@lists.sourceforge.net; Tue, 27 Dec 2022 03:24:04 +0100 Received: (nullmailer pid 3468183 invoked by uid 10006); Tue, 27 Dec 2022 02:24:04 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Tue, 27 Dec 2022 03:24:01 +0100 Message-Id: <20221227022404.3468137-1-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Spam-Score: 0.3 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: with dco sometimes we end up promoting a timeout event to read event. For the residual read, this problem is probably not solvable without changing the kernel DCO API (ie. passing our residual on new_ [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-Headers-End: 1p9zdT-00DihJ-Ct Subject: [Openvpn-devel] [PATCH v2 1/4] Ensure we do not promote a TA_TIMEOUT to a TA_READ event with dco X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1753332218565417705?= X-GMAIL-MSGID: =?utf-8?q?1753332218565417705?= with dco sometimes we end up promoting a timeout event to read event. For the residual read, this problem is probably not solvable without changing the kernel DCO API (ie. passing our residual on new_peer to let the kernel handle assembling the next packet.) Signed-off-by: Arne Schwabe --- src/openvpn/forward.c | 24 ------------------------ src/openvpn/forward.h | 30 ++++++++++++++++++++++++++++++ src/openvpn/mtcp.c | 12 +++++++++++- 3 files changed, 41 insertions(+), 25 deletions(-) diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index af4ed05da..61caf1146 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -1676,30 +1676,6 @@ process_ip_header(struct context *c, unsigned int flags, struct buffer *buf) } } -/* - * Linux DCO implementations pass the socket to the kernel and - * disallow usage of it from userland for TCP, so (control) packets - * sent and received by OpenVPN need to go through the DCO interface. - * - * Windows DCO needs control packets to be sent via the normal - * standard Overlapped I/O. - * - * FreeBSD DCO allows control packets to pass through the socket in both - * directions. - * - * Hide that complexity (...especially if more platforms show up - * in the future...) in a small inline function. - */ -static inline bool -should_use_dco_socket(struct link_socket *ls) -{ -#if defined(TARGET_LINUX) - return ls->dco_installed && proto_is_tcp(ls->info.proto); -#else - return false; -#endif -} - /* * Input: c->c2.to_link */ diff --git a/src/openvpn/forward.h b/src/openvpn/forward.h index bd2d96010..5cddb5995 100644 --- a/src/openvpn/forward.h +++ b/src/openvpn/forward.h @@ -424,4 +424,34 @@ connection_established(struct context *c) } } + +/** + * @param ls the link_socket the decision should be made for + * @return if we should use the dco kernel api or normal socket APIs for + * write/send + * + * + * Linux DCO implementations pass the socket to the kernel and + * disallow usage of it from userland for TCP, so (control) packets + * sent and received by OpenVPN need to go through the DCO interface. + * + * Windows DCO needs control packets to be sent via the normal + * standard Overlapped I/O. + * + * FreeBSD DCO allows control packets to pass through the socket in both + * directions. + * + * Hide that complexity (...especially if more platforms show up + * in the future...) in a small inline function. + */ +static inline bool +should_use_dco_socket(const struct link_socket *ls) +{ +#if defined(TARGET_LINUX) + return ls->dco_installed && proto_is_tcp(ls->info.proto); +#else + return false; +#endif +} + #endif /* FORWARD_H */ diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c index ac06ddc64..519630544 100644 --- a/src/openvpn/mtcp.c +++ b/src/openvpn/mtcp.c @@ -407,7 +407,7 @@ multi_tcp_wait_lite(struct multi_context *m, struct multi_instance *mi, const in /* If we got a socket that has been handed over to the kernel * we must not call the normal socket function to figure out * if it is readable or writable */ - /* Assert that we only have the DCO exptected flags */ + /* Assert that we only have the DCO expected flags */ ASSERT(action & (TA_SOCKET_READ | TA_SOCKET_WRITE)); /* We are always ready! */ @@ -586,6 +586,16 @@ multi_tcp_post(struct multi_context *m, struct multi_instance *mi, const int act case MTP_NONE: if (mi && socket_read_residual(c->c2.link_socket)) { + if (should_use_dco_socket(c->c2.link_socket)) + { + struct gc_arena gc = gc_new(); + msg(M_INFO, "ovpn-dco installed socket with residual read " + "len=%d, mi=%s. This connection will probably" + " break.", BLEN(&c->c2.link_socket->stream_buf.residual), + multi_instance_string(mi, false, &gc)); + gc_free(&gc); + break; + } newaction = TA_SOCKET_READ_RESIDUAL; } else From patchwork Tue Dec 27 02:24:02 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2944 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp2355300dyk; Mon, 26 Dec 2022 18:24:38 -0800 (PST) X-Google-Smtp-Source: AMrXdXu3A7WDnyZn/NGcMXV6xbSxb2CsEsCW73sD2kuePlDQJSWikF4+jOYefZBgnlJmfdr2KY5a X-Received: by 2002:aa7:9255:0:b0:566:900e:1023 with SMTP id 21-20020aa79255000000b00566900e1023mr21767940pfp.3.1672107878524; Mon, 26 Dec 2022 18:24:38 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1672107878; cv=none; d=google.com; s=arc-20160816; b=j2Mai8IQNcf8YYKxy6XqkMGInY4brbN3MtVumVM7aq4v2/mKf8YpSYu/cqJ+A5JtbO RgQgT2I4f77QLbIYtg1Csj3J3Q/S+GvxlUAux3Jg1RUxBst5mtTU/ao76wiOw/Up3Yxs wIb7rmRgecUfSPh5BRW+TCNxuW/8vS7mpYynSu/LcZoiAnOdeGTSxytdA9wUKlK/ewWt RkA3XhhEobd6vjXuDIF899vf7hkvxHAG0G9WuwhIn4z545QB86HGPRuXd6JVQMy08HIq 67s9z2235cW7BlWypwosF2kq+l7X/VzJarCbHBetAHFr9y7dViMmQ4gluSxfo5B868hh 16Nw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=dG8jnEUPlJMZNpdPo3jJ7+guru0S0IfNIfsYBGVLczM=; b=luyVHUp5OSaSVXLiBcvztj1zGCXA0lshpKSfZOvVoIO2rgtsMzcNGdTltzNuRSEgkD A5sAllpl5CCb6eFDsLQ0Vgb0QIF2F6CVA0Gzc2TvmV+s3qUrNKp7sbaaOGC0fTxv744R TUPnDNluofZkKUz+8FHm72K3gc/nXhahs/43gx3UliOvTy5nOTrs8zjnomuthnaANbM9 B//AlvWfEGap64NbAVMwCznd1pPSyOKvEdgsJAClmUChfg4i4z5Z95+UjVTJv3YawYe6 l9CnfQqyNrRYbbYhmT/OI85V7RkYFfgzEj0vglQdJLXI6Nl++4r1wVI3EaNqQ/qjlwGs cA0Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=cpxQRj6l; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="XG/LV7j7"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id s9-20020a056a00194900b0054114c6685asi13077202pfk.129.2022.12.26.18.24.38 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 26 Dec 2022 18:24:38 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=cpxQRj6l; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="XG/LV7j7"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1p9zdZ-0002fL-Rb; Tue, 27 Dec 2022 02:24:17 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1p9zdX-0002fE-Tu for openvpn-devel@lists.sourceforge.net; Tue, 27 Dec 2022 02:24:15 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=lqQgkiBdZd6xFqK4UJvEb/XpGvl9w9hUilpgb5nQHzo=; b=cpxQRj6l85nVlOi+NEUvKFp98E 8ljm/G0vDDKbICujI2kKbAGwgnKHm98v3xxLvegbRFLt6Jl/4ea5GHzIgYeS+7kzQCEKS6NCyvD+9 m1zwqh1Fc0CzhxNpqDPiaTvU2ZmfR9dRfqxMMiSyu8OIqiNQQ3JZO1y3Mq9kb/vQHhj0=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=lqQgkiBdZd6xFqK4UJvEb/XpGvl9w9hUilpgb5nQHzo=; b=XG/LV7j7hQIyQnhhMvPxwuupCp GNusFUPWIYwOCHgVAtA3f50t6I87Sl8evTTK96kqIRhA0MndG75RpDDA/jGtzzAkhlxxElRGNFy5Z iS1aEjy4uhp9+vHnkIntxhBDRwzXE7hRf5Jd6BqbvncSTl0i2py0jlDRbddOIOdJMeUk=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1p9zdT-0007HE-D0 for openvpn-devel@lists.sourceforge.net; Tue, 27 Dec 2022 02:24:15 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1p9zdM-0002IW-2Y for openvpn-devel@lists.sourceforge.net; Tue, 27 Dec 2022 03:24:04 +0100 Received: (nullmailer pid 3468186 invoked by uid 10006); Tue, 27 Dec 2022 02:24:04 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Tue, 27 Dec 2022 03:24:02 +0100 Message-Id: <20221227022404.3468137-2-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221227022404.3468137-1-arne@rfc2549.org> References: <20221227022404.3468137-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Score: 0.3 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Instead of getting the server in a very weird state, we bail out here. This is only a bandaid solution but better than the alternatives. Signed-off-by: Arne Schwabe --- src/openvpn/mtcp.c | 2 +- src/openvpn/multi.c | 10 +++++++++- 2 files changed, 10 insertions(+), 2 deletions(-) Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-Headers-End: 1p9zdT-0007HE-D0 Subject: [Openvpn-devel] [PATCH v2 2/4] Bail out when trying to install a TCP socket with residual data to DCO X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1753332190839362491?= X-GMAIL-MSGID: =?utf-8?q?1753332190839362491?= Instead of getting the server in a very weird state, we bail out here. This is only a bandaid solution but better than the alternatives. Signed-off-by: Arne Schwabe --- src/openvpn/mtcp.c | 2 +- src/openvpn/multi.c | 10 +++++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c index 519630544..c07b5d592 100644 --- a/src/openvpn/mtcp.c +++ b/src/openvpn/mtcp.c @@ -591,7 +591,7 @@ multi_tcp_post(struct multi_context *m, struct multi_instance *mi, const int act struct gc_arena gc = gc_new(); msg(M_INFO, "ovpn-dco installed socket with residual read " "len=%d, mi=%s. This connection will probably" - " break.", BLEN(&c->c2.link_socket->stream_buf.residual), + " break.", BLEN(&c->c2.link_socket->stream_buf.buf), multi_instance_string(mi, false, &gc)); gc_free(&gc); break; diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 92e63dd26..6c6385c6e 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -2316,9 +2316,17 @@ multi_client_setup_dco_initial(struct multi_context *m, { if (!dco_enabled(&mi->context.options)) { - /* DCO not enabled, nothing to do, return sucess */ + /* DCO not enabled, nothing to do, return success */ return true; } + + if (socket_read_residual(mi->context.c2.link_socket)) + { + msg(M_INFO, "TCP socket with half read packet. Cannot install to " + "DCO: %s", multi_instance_string(mi, false, gc)); + return false; + } + int ret = dco_multi_add_new_peer(m, mi); if (ret < 0) { From patchwork Tue Dec 27 02:24:03 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2947 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp2355469dyk; Mon, 26 Dec 2022 18:25:11 -0800 (PST) X-Google-Smtp-Source: AMrXdXuGvQqTONNXe7vrdJJGaAZLsvtP71xI4OEfbe4A8zur47TSmkHjMyF8Mdhae9mXPrDo04oB X-Received: by 2002:a05:6a00:e16:b0:581:12c5:1356 with SMTP id bq22-20020a056a000e1600b0058112c51356mr5365506pfb.30.1672107911042; Mon, 26 Dec 2022 18:25:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1672107911; cv=none; d=google.com; s=arc-20160816; b=neLv4y7p+H5iuP+872zzAnlpxdEtgkevPcjPBQkMbkxGQFeRBHlY+n63uYfnjX1MAI Qwb4HnRurBZcNL3F2M7OV2BUj6KrUhJD2zVbF2wFzlkKQz7uCK5RptEt+YQXf7e27CgX moBHshbFBR9SncM9vdOlCmwW9dTKdkIxsuSVdG9upya+KAhydka0ZKbH/t93Cm4OP1oE 8aosv3sgg8LgRt8M9ehEwsU8B30Lfj0jNr5+WQvmwm4foQ3PEk08gsGEfAOipufr83W8 8TN6eQvmige6YVvYkaOes5WzSE0TyhvbpBXF2o1KzVQnnH1E6OMVDCu9XsfdveRfuGu7 oNhA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=ywxBa0UAKwO0khpgOjEq9Liy6C7G9cjMzY2uH3a/wJs=; b=o1SYogyYNxYwbbhL3w0E0fSoK3pZXmmEz+5WbpqTjbuNkPIqQxIE8WeTC8O0Wy48Aa fFTwyNfHt9UjKUTTM2fdKGqMlKGYZ84Zta0SBifipJTOg8pmQIa3Sjinr5GzPOs4R9ku Un2kEwCpoF+lDXCeI6zOW0MuBbYWwfof+/b4OefKecT0msnkvcwKDPwT85tWMO0WsoY9 TaeCf0iL442QTTx41/FwB/B8YiDepzWhTUhple2Mh4fE29lyl0ere5UWJt8zV2mNGKbu PwbOshD2a0ysYFcNJHKlHRgt5XEsdLoDh9+TTzyptOfK1t1A/F/6oUa3RBwAuukPqXRE jUsQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=IVdqkBj5; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="j/W3gDXH"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id h9-20020aa79f49000000b0057ffe8888e8si12379957pfr.321.2022.12.26.18.25.10 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 26 Dec 2022 18:25:11 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=IVdqkBj5; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="j/W3gDXH"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1p9zdj-0005Ep-CJ; Tue, 27 Dec 2022 02:24:27 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1p9zdf-0005Ei-Ov for openvpn-devel@lists.sourceforge.net; Tue, 27 Dec 2022 02:24:23 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=7Xv2s85sDzdkU/BT8j25i77TwfMabf0zBEsyomcdXGU=; b=IVdqkBj59qdqFNqxNkhHq+JzGr ZMRDbxqZeatJJ4dq0a0B7jghPJLO06xKum2i+JDrg99eIbXn+oi9hy924szUta73NVnvdcBwBcwyr xAoazsh2IGc3gU9tdFLOp6uhE/bW6WEfMUbB5HJ4fFu3qkAmcslk9JKBf0jeHqBw7Kgg=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=7Xv2s85sDzdkU/BT8j25i77TwfMabf0zBEsyomcdXGU=; b=j/W3gDXHir633/h17z1bG5/88q UCHwKwFr7yP9c6XIB9KZh0ug5suKILVFjkvTA9g24APyfkpZleRsb7mLkbAJOVwwtP2sgmDLhyrTn Sm3EoUp7R0O83k8nQ9WgljmE75Ve1z5u/ZE+VUIC/7KBJdYxC0Kc/tcDxaNQwpUiDi58=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1p9zdT-0007HD-DF for openvpn-devel@lists.sourceforge.net; Tue, 27 Dec 2022 02:24:18 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1p9zdM-0002Ia-47 for openvpn-devel@lists.sourceforge.net; Tue, 27 Dec 2022 03:24:04 +0100 Received: (nullmailer pid 3468188 invoked by uid 10006); Tue, 27 Dec 2022 02:24:04 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Tue, 27 Dec 2022 03:24:03 +0100 Message-Id: <20221227022404.3468137-3-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221227022404.3468137-1-arne@rfc2549.org> References: <20221227022404.3468137-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Score: 0.3 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Signed-off-by: Arne Schwabe --- src/openvpn/multi.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 6c6385c6e..50d88f19a 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -3243, 10 +3243, 19 @@ process_incoming_del_peer(struct mu [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-Headers-End: 1p9zdT-0007HD-DF Subject: [Openvpn-devel] [PATCH v2 3/4] Ignore OVPN_DEL_PEER_REASON_USERSPACE to avoid race conditions X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1753332224651818398?= X-GMAIL-MSGID: =?utf-8?q?1753332224651818398?= Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- src/openvpn/multi.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 6c6385c6e..50d88f19a 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -3243,10 +3243,19 @@ process_incoming_del_peer(struct multi_context *m, struct multi_instance *mi, break; case OVPN_DEL_PEER_REASON_USERSPACE: - /* This very likely ourselves but might be another process, so - * still process it */ - reason = "ovpn-dco: userspace request"; - break; + /* We assume that is ourselves. UUnfortunately, sometimes these + * events happen with enough delay that they can have an order of + * + * dco_del_peer x + * [new client connecting] + * dco_new_peer x + * event from dco_del_peer arrives. + * + * if we do not ignore this we get desynced with the kernel + * since we assume the peer-id is free again. The other way would + * be to send a dco_del_peer again + */ + return; } /* When kernel already deleted the peer, the socket is no longer From patchwork Tue Dec 27 02:24:04 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2945 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp2355355dyk; Mon, 26 Dec 2022 18:24:52 -0800 (PST) X-Google-Smtp-Source: AMrXdXvqGTz/AivivOeY6n0r3VT7yEpHrhAoxhyKenHjD/nbSY244vwLQgSKh1CYNm2K4q8WG8fs X-Received: by 2002:a05:6a00:1255:b0:576:b8e1:862b with SMTP id u21-20020a056a00125500b00576b8e1862bmr26589447pfi.14.1672107891999; Mon, 26 Dec 2022 18:24:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1672107891; cv=none; d=google.com; s=arc-20160816; b=OogkQqI7lY7pyslW0he4D7jI8WN94l8ad2aa0QLo9QusIdnq4k+ySGwBkQ3zW1PDqv 657R9bQjviSukVXeGpkmVXHlSlXT3eAhpsBEoW9ujEwOL0L3YKQkNQS1Oyl3Moiaxx8Y s7XTJyJLtIivCmYIBImXaBgZ9LCyc67fPma+7rHax0oUnnWf0C2LlxIlX6DRTbx3chQe H6vCGj6g8/K7JRi0MxaXRdDaoZjF92542+JlSM8AUqN03ZBrW5aHdLqbx0jUPbXLnSeA clNkN1Aj2aYtmZBmg9izGBg1edczZUoB8MrI75sZWt6HCx6DpgyXeBBBlrOMLqMt4MZA +IYg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=xdgg0K2ljkRnGu70qTnduUVKqWf7rICVOoLDHJBMHQw=; b=0KvWGZQKbYlUGiX8/Bb4dDDltx8g1ctKkEfmTH6O+fBv1zCY8xNOAWcXHH3NTK3oi4 24vFvGX/3etin7xH1CtL/iS8bRRt7zKHtnRVYR5Q+rFQFSPWhBvxSyYNsBmTUyi3sKVu KuEFkFcR9bFSN4cFnE6imkgM4greDaNlSVeDRi8sboFQe+XnY8EESBCgOsJ20nLnkVCQ XnBVZbsdSHc7qUwbNREosW0sqg2B6x5da8GBlXbSEM9zrwuW9TKTtRHtr3cwYMqjDmmT t2aTbAir3u6IEyfoSCVcVL0UrlnfzFgVSMMOLlLWTiGX/5IUM92hHXKnBPJe5A9/f+CR uvKw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=I1SH1THy; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="NfnEaKu/"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id q15-20020a056a00150f00b0054252c63d75si11763623pfu.98.2022.12.26.18.24.51 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 26 Dec 2022 18:24:51 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=I1SH1THy; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="NfnEaKu/"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1p9zdj-0005qY-0l; Tue, 27 Dec 2022 02:24:27 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1p9zdX-0005qM-Lc for openvpn-devel@lists.sourceforge.net; Tue, 27 Dec 2022 02:24:16 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=hyxCxazwdCYX2DHq09F0tFh/rOvhE6tIv1pWUbyKNKE=; b=I1SH1THywP+1zAj2YDdl9HTb3k 8b9dWJxKjJMwPGz6o9y1lDIBmEE+JlBLGdBayhCp31kYqsOnBMI4UKepvzSf4rktJX6Y126HHEYst VVA2jk2cU8lUP7VKK/ASGtU+fOnwjGlcIDvIVIhlWx39gNG05p5/T4nAJyJ63u2cknt4=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=hyxCxazwdCYX2DHq09F0tFh/rOvhE6tIv1pWUbyKNKE=; b=NfnEaKu/1xd+No3BPGDKoy9xu4 WOBqofmV0NewjmnGjV1QBzG84QzBJcoWDeFXwQdYPvm2EVwvQRDNdX6Nw6a3E//0rLSepJJ5auwPO 5NWwsKOQ3QSv5s2aI0yH2ssCpTGNr7BZH7A0E9BK7LUgyrCE9bAWIRzO3fUTQnync8t4=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1p9zdT-00DihK-D0 for openvpn-devel@lists.sourceforge.net; Tue, 27 Dec 2022 02:24:15 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1p9zdM-0002IY-3I for openvpn-devel@lists.sourceforge.net; Tue, 27 Dec 2022 03:24:04 +0100 Received: (nullmailer pid 3468191 invoked by uid 10006); Tue, 27 Dec 2022 02:24:04 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Tue, 27 Dec 2022 03:24:04 +0100 Message-Id: <20221227022404.3468137-4-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221227022404.3468137-1-arne@rfc2549.org> References: <20221227022404.3468137-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Score: 0.3 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This enables logging the peer id in p2mp mode if dco is enabled and the log level is high enough Signed-off-by: Arne Schwabe --- src/openvpn/multi.c | 6 ++++++ 1 file changed, 6 insertions(+) Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1p9zdT-00DihK-D0 Subject: [Openvpn-devel] [PATCH v2 4/4] Log peer-id if loglevel is D_DCO_DEBUG and dco is enabled X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1753332204756481170?= X-GMAIL-MSGID: =?utf-8?q?1753332204756481170?= This enables logging the peer id in p2mp mode if dco is enabled and the log level is high enough Signed-off-by: Arne Schwabe --- src/openvpn/multi.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 50d88f19a..f8366be28 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -473,6 +473,12 @@ multi_instance_string(const struct multi_instance *mi, bool null, struct gc_aren buf_printf(&out, "%s/", cn); } buf_printf(&out, "%s", mroute_addr_print(&mi->real, gc)); + if (mi->context.c2.tls_multi + && mi->context.options.verbosity >= D_DCO_DEBUG + && dco_enabled(&mi->context.options)) + { + buf_printf(&out, " peer-id=%d", mi->context.c2.tls_multi->peer_id); + } return BSTR(&out); } else if (null)