From patchwork Tue Dec 27 14:02:46 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2951 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp2650242dyk; Tue, 27 Dec 2022 06:03:33 -0800 (PST) X-Google-Smtp-Source: AMrXdXtQMxhglrowlmGHXky1+F8gfa68dkQURwknhn2DVxRSeUfAwMTS0uEVqUSpQRc/KR8V/O41 X-Received: by 2002:a05:6870:ea06:b0:14b:d55e:210a with SMTP id g6-20020a056870ea0600b0014bd55e210amr10393395oap.9.1672149813496; Tue, 27 Dec 2022 06:03:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1672149813; cv=none; d=google.com; s=arc-20160816; b=ABbtLMQFIvh8Qqp2DsU4KFWUCQCuwJnFy3v1c6IeMxhwk8J85q+uO2LBj17yqf8wa8 dPzdfRCkTl2kBjuhugTt1ReVr7cXVFHCbNzOuKxNqEnIOnby4igxsMUoDrfMgN1ZV6eD byIQu/onZb841Mka1nqYDdUHSP/0Jc7ZfLN9Ok6vGiaZ5iKyzCYEeK8y1xqmJ8BiicMI 9hbrGMrYoEDSkqwzj47c88Q2o0Fv+KKUl+R38DIMC9NjFfgY7+cNzoviX9Wk67/hkeD4 glLgY5BAm7yN5CmAbneALPd0No9fgE+l16E02uXyvZleMr2+0paBkBgVWplldEM28SgJ dNyg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=O7xwLfvaDwTDAnLqc6u7MG7GiuVLnK5qOBh391a30q8=; b=bKlJwReevTnheYBHh7JOW75NY+3/QH/lBVauSsRjHndhk0BM3ZdpwHT3zSt+Ab0TOY 6qYa90+5VEXlL88TONjF5PhkDC+aog7zwXHydhfmpqOFMGIMXhzJIyp4QVp25SE+esoH BSbYXySRAwbRqsMaLPi99WUaFiMP6S+8MS0RiKjAo6cjGJ/kTDCywjo2Dfa2IOF1woNY JCJZ6r1Or9JW+oZA/3oMACilIvT7H+5EKyreWq/KCSDKBWtwOVZRwgZ4lZ9hoCRkubK/ SiPMYlwT1FznMTUCGsga8Qbo4j2YQjxSwZpP6dB1O3TlzCHZ5qxoCJGPvx7Jm/yFvwFf vZPQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=DRWODdST; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=HnjL7izY; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id x37-20020a056870a7a500b0013690c50a74si10206972oao.211.2022.12.27.06.03.33 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 27 Dec 2022 06:03:33 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=DRWODdST; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=HnjL7izY; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pAAXn-0003Rp-6A; Tue, 27 Dec 2022 14:03:03 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pAAXi-00032h-4w for openvpn-devel@lists.sourceforge.net; Tue, 27 Dec 2022 14:02:58 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=3MXS/Qvsb0mRJ3JfZbEomviQOMWxkLs6m1hwLtiiwQQ=; b=DRWODdST383g5dORkaXEn3dKZ0 4B0GnwK5fgQ0t7gCmS0Zdv8y2YIqSH5VlmBuu7iSjYxd+EF7LUlcY8odPf82TXdET5ifK5i1/FiIn IExrQOC8N4PyZyDYRFJVIUIUjIhp2CP29W6vNVQqK7ctaXKnaAEtMsljNdzHwcOh8D1Q=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=3MXS/Qvsb0mRJ3JfZbEomviQOMWxkLs6m1hwLtiiwQQ=; b=HnjL7izYdTmQ7ZeoNw/IYF/HTk qgOnqvjh3TJPg0eQob2kdmJWKQdO6ikpveNOZdzIrmTiQDW6hK3FyX3wEBq7QNCQsdr36vY46Lt71 rsDD3Egu1Q+V+le2LHn1Nt9vXxhfjFqQuHpbZZBFg5R1cAFTt5h1RBHy3GY1OcS9u6xQ=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1pAAXg-0007sW-LD for openvpn-devel@lists.sourceforge.net; Tue, 27 Dec 2022 14:02:58 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1pAAXZ-0004uK-7Z for openvpn-devel@lists.sourceforge.net; Tue, 27 Dec 2022 15:02:49 +0100 Received: (nullmailer pid 3524994 invoked by uid 10006); Tue, 27 Dec 2022 14:02:49 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Tue, 27 Dec 2022 15:02:46 +0100 Message-Id: <20221227140249.3524943-3-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221227140249.3524943-1-arne@rfc2549.org> References: <20221227140249.3524943-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Score: 0.3 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: with dco sometimes we end up promoting a timeout event to read event. For the residual read, this problem is probably not solvable without changing the kernel DCO API (ie. passing our residual on new_ [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1pAAXg-0007sW-LD Subject: [Openvpn-devel] [PATCH v2 1/4] Ensure we do not promote a TA_TIMEOUT to a TA_READ event with dco X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1753376162717740244?= X-GMAIL-MSGID: =?utf-8?q?1753376162717740244?= with dco sometimes we end up promoting a timeout event to read event. For the residual read, this problem is probably not solvable without changing the kernel DCO API (ie. passing our residual on new_peer to let the kernel handle assembling the next packet.) Signed-off-by: Arne Schwabe --- src/openvpn/forward.c | 24 ------------------------ src/openvpn/forward.h | 30 ++++++++++++++++++++++++++++++ src/openvpn/mtcp.c | 12 +++++++++++- 3 files changed, 41 insertions(+), 25 deletions(-) diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index af4ed05da..61caf1146 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -1676,30 +1676,6 @@ process_ip_header(struct context *c, unsigned int flags, struct buffer *buf) } } -/* - * Linux DCO implementations pass the socket to the kernel and - * disallow usage of it from userland for TCP, so (control) packets - * sent and received by OpenVPN need to go through the DCO interface. - * - * Windows DCO needs control packets to be sent via the normal - * standard Overlapped I/O. - * - * FreeBSD DCO allows control packets to pass through the socket in both - * directions. - * - * Hide that complexity (...especially if more platforms show up - * in the future...) in a small inline function. - */ -static inline bool -should_use_dco_socket(struct link_socket *ls) -{ -#if defined(TARGET_LINUX) - return ls->dco_installed && proto_is_tcp(ls->info.proto); -#else - return false; -#endif -} - /* * Input: c->c2.to_link */ diff --git a/src/openvpn/forward.h b/src/openvpn/forward.h index bd2d96010..5cddb5995 100644 --- a/src/openvpn/forward.h +++ b/src/openvpn/forward.h @@ -424,4 +424,34 @@ connection_established(struct context *c) } } + +/** + * @param ls the link_socket the decision should be made for + * @return if we should use the dco kernel api or normal socket APIs for + * write/send + * + * + * Linux DCO implementations pass the socket to the kernel and + * disallow usage of it from userland for TCP, so (control) packets + * sent and received by OpenVPN need to go through the DCO interface. + * + * Windows DCO needs control packets to be sent via the normal + * standard Overlapped I/O. + * + * FreeBSD DCO allows control packets to pass through the socket in both + * directions. + * + * Hide that complexity (...especially if more platforms show up + * in the future...) in a small inline function. + */ +static inline bool +should_use_dco_socket(const struct link_socket *ls) +{ +#if defined(TARGET_LINUX) + return ls->dco_installed && proto_is_tcp(ls->info.proto); +#else + return false; +#endif +} + #endif /* FORWARD_H */ diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c index ac06ddc64..519630544 100644 --- a/src/openvpn/mtcp.c +++ b/src/openvpn/mtcp.c @@ -407,7 +407,7 @@ multi_tcp_wait_lite(struct multi_context *m, struct multi_instance *mi, const in /* If we got a socket that has been handed over to the kernel * we must not call the normal socket function to figure out * if it is readable or writable */ - /* Assert that we only have the DCO exptected flags */ + /* Assert that we only have the DCO expected flags */ ASSERT(action & (TA_SOCKET_READ | TA_SOCKET_WRITE)); /* We are always ready! */ @@ -586,6 +586,16 @@ multi_tcp_post(struct multi_context *m, struct multi_instance *mi, const int act case MTP_NONE: if (mi && socket_read_residual(c->c2.link_socket)) { + if (should_use_dco_socket(c->c2.link_socket)) + { + struct gc_arena gc = gc_new(); + msg(M_INFO, "ovpn-dco installed socket with residual read " + "len=%d, mi=%s. This connection will probably" + " break.", BLEN(&c->c2.link_socket->stream_buf.residual), + multi_instance_string(mi, false, &gc)); + gc_free(&gc); + break; + } newaction = TA_SOCKET_READ_RESIDUAL; } else