From patchwork Mon Mar 13 10:06:01 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Lev Stipakov <lstipakov@gmail.com>
X-Patchwork-Id: 3124
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7300:2310:b0:9f:bfa4:120f with SMTP id r16csp1380855dye;
        Mon, 13 Mar 2023 03:06:59 -0700 (PDT)
X-Google-Smtp-Source: 
 AK7set/jobDEUy1sjOsgZjHP1m0FjZdPkTjVFUVJUnA7i5FKG2YrssWgOjdTMqSOyOyrOp5eZY/4
X-Received: by 2002:a05:6a20:918a:b0:be:ea27:3c16 with SMTP id
 v10-20020a056a20918a00b000beea273c16mr33042832pzd.35.1678702019502;
        Mon, 13 Mar 2023 03:06:59 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1678702019; cv=none;
        d=google.com; s=arc-20160816;
        b=viek89URgAgihs1nwQHwLRAWIpNE2mN0ALQ9I9+DNkayRoUzymlpeyohWN1FvwCmHC
         cy3jOFW9wz7EKBDJBn/0e3v2DfksLocrF5KQayyCg6hTqdLlItXyh0pGsOPKfm3b7iNH
         bBBUEYcXl+po9L18bDczVa8XXnMI0BZB7DZxA/RytX821Dd702NypgDZPOZbmb5nSYyL
         qTW6ZQ6ym95uad8lGhQp7jctooh/7zVQx2PghAJuVMwqhHCZSa2J+2wDi71WYZj1SXEf
         1O4j5xvPn0skcOdi75R3KHLGh87Fq2NGn2YDZzdB9fDRvqV2TziQi4lu+FmcvcEQUy/5
         IlXw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help
         :list-post:list-archive:list-unsubscribe:list-id:precedence:subject
         :mime-version:message-id:date:to:from:dkim-signature:dkim-signature
         :dkim-signature;
        bh=H/LU//PjO2gU2SuCiSeSyXoKTjxkuQp2tWlmC6kRLbI=;
        b=J9WzD7iUC/etvo6s/O/fskZw4FBW7t6bKDOhEJvpEql2UHYtzGIc6Nk0rnzbJ6D3HY
         0DWU4XvDJ/IqKdt3vDdramtkOz27OjySU3saX1i0nghYRdqoc+n2mA9chWk1wRIMx8tO
         EJ3eapwKGvoy9jcF2UaNZ/YYTiF/xfgXSEyw10rGwPlfcNf9xkmF8IYwgOltlglEWUqs
         nrpH763COFNE161cotzAG0BnR8RGtdWXheEJxtzRye4+MhBO2WF5AcEZog/uNlBQPChf
         31dmHdu8Fkx3p1pagHtq3IvqLf7lrw/C3aAuMzyM8BvoxnEtjUPoM+InzpQyQrnC1LLI
         T2XQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=FUsZgAQG;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=ieoU+0Kz;
       dkim=neutral (body hash did not verify) header.i=@gmail.com
 header.s=20210112 header.b=pOqNY7xD;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
        by mx.google.com with ESMTPS id
 y26-20020aa7943a000000b005a8bc2293c3si5966025pfo.263.2023.03.13.03.06.58
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 13 Mar 2023 03:06:59 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=FUsZgAQG;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=ieoU+0Kz;
       dkim=neutral (body hash did not verify) header.i=@gmail.com
 header.s=20210112 header.b=pOqNY7xD;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com)
	by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1pbf4U-0006Jg-6m;
	Mon, 13 Mar 2023 10:06:27 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
 by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
 (envelope-from <lstipakov@gmail.com>) id 1pbf4S-0006Ja-6y
 for openvpn-devel@lists.sourceforge.net;
 Mon, 13 Mar 2023 10:06:25 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id:
 Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=CBOsO5FzH6lC3SIHX9eoIsKXXmtuXXSgVXSItXaTIZM=; b=FUsZgAQGzRelSpoXPWl0a3okig
 g0/8BuxzxHQSayu5bFoqXw3e5/2Vuafy0KptdZJje09/UYThWarUIsx94JfRyV7P/rSCFv8canDZj
 kFGP79Q8lac+q7YbJQVFmmV7yoDMvbCsAV87ARfloiB4NJY9f9+6BffimWyNrTfVSHnY=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From
 :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:
 Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:
 References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:
 List-Owner:List-Archive; bh=CBOsO5FzH6lC3SIHX9eoIsKXXmtuXXSgVXSItXaTIZM=; b=i
 eoU+0KzeXpLfCxpb+4NJH2beDNXhH9+V+A4p9Wx88k4EgP7Crc7PJ7KDWQWJTt5bMly1g0lYgxOUX
 aWxTAELTXupDUXjFXV2VO2SQZObcVvDCYjY6+RPYk4gRKh/klDy3UObb8GeKyuqSg5f6UMDE7Lvuh
 jOzic1oaS8RJC4/U=;
Received: from mail-lj1-f169.google.com ([209.85.208.169])
 by sfi-mx-1.v28.lw.sourceforge.com with esmtps
 (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95)
 id 1pbf4R-006Od9-2T for openvpn-devel@lists.sourceforge.net;
 Mon, 13 Mar 2023 10:06:24 +0000
Received: by mail-lj1-f169.google.com with SMTP id b13so12005995ljf.6
 for <openvpn-devel@lists.sourceforge.net>;
 Mon, 13 Mar 2023 03:06:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20210112; t=1678701976;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:from:to:cc:subject:date:message-id:reply-to;
 bh=CBOsO5FzH6lC3SIHX9eoIsKXXmtuXXSgVXSItXaTIZM=;
 b=pOqNY7xDIX9XAOwLAhpHOeG2mjk7zSWGJQtIEVG09rvQllZwuzsp4356jmXmtD9uvr
 4S0QSDTTS7qZTLVE+x533HN+IEOkZK+zJYVLdqFoUpl9ORUf6mZZwfsnW+ruRwywsFWT
 V+RJXGfSdKx2GMZsIHW6LP12+6HvNa2SMKZk4GQiFTkLdY0sRB3VlgqNnpcgci8Yfkn2
 oRZijWS1nFJdhFmmD/jKv8ee6yAMzM+IwebXXDMMJiV9klGg9N6fEjPy8U94vasYG8GI
 ptxWIB38Zh2P9ALA2FiEdqizEKYUxCLw57qluDKtpDZ6dnYdea8BPZ/p5qsd6JVpXQdA
 Ub3w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112; t=1678701976;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
 :reply-to;
 bh=CBOsO5FzH6lC3SIHX9eoIsKXXmtuXXSgVXSItXaTIZM=;
 b=jpCrbxYeoWwGxdMa0ui3QjB/lNgUCua/7nLN5WZhyIedFIHErL0D5Y2oPsSk0H8hIA
 kgGXcDU0N60GhAS+xUrP1ZteGgf8+c/uWdm9IIkcVV9kzHvavQ14tANvw3lLmTAPRtcI
 cd57nBPWJZEnS1blEOZcnqgKQbOV8o5ZRfEJ61aP8N1MNV+ct07IPm55qRe3tiHd/rqg
 E89Lhcj938kJknzWc8hggDjfcuUuH76M6Al8e7FoFk/+2BOikHkrLaK4Fgf0fk6Tviy9
 cC/3jeUh1rOmoQd1JOVmPEclf/zzpgsJ8e5/aIKOG580MZhxHjJPLdGjPCpM0wPYI+y3
 DLzQ==
X-Gm-Message-State: AO0yUKWeWi6hFkkpQdpIsNODowNTczetQ4pmEbw6aETSRqwJkpgAdZxb
 +N9VFar6adUs2a0MX7CFECEfp+lkKQI=
X-Received: by 2002:a2e:9bd5:0:b0:298:6e9c:1913 with SMTP id
 w21-20020a2e9bd5000000b002986e9c1913mr5578540ljj.30.1678701975983;
 Mon, 13 Mar 2023 03:06:15 -0700 (PDT)
Received: from localhost.localdomain (nat2.panoulu.net. [185.38.2.2])
 by smtp.gmail.com with ESMTPSA id
 h1-20020a2ea481000000b0029353caa593sm970518lji.5.2023.03.13.03.06.14
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Mon, 13 Mar 2023 03:06:15 -0700 (PDT)
From: Lev Stipakov <lstipakov@gmail.com>
To: openvpn-devel@lists.sourceforge.net
Date: Mon, 13 Mar 2023 12:06:01 +0200
Message-Id: <20230313100601.2146-1-lstipakov@gmail.com>
X-Mailer: git-send-email 2.23.0.windows.1
MIME-Version: 1.0
X-Spam-Score: -0.2 (/)
X-Spam-Report: Spam detection software,
 running on the system "util-spamd-1.v13.lw.sourceforge.com",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  From: Lev Stipakov When DCO is in use, userland doesn't see
 any traffic which breaks --inactive option. Fix by adding inactivity check
 to inactivity timeout callback. Get the cumulative tun bytes count (ping
 packets are excluded) from DCO and compare it to the previous value stored
 in c2.inactivity_byte [...]
 Content analysis details:   (-0.2 points, 6.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider [lstipakov[at]gmail.com]
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
 no trust [209.85.208.169 listed in list.dnswl.org]
 -0.0 RCVD_IN_MSPIKE_H2      RBL: Average reputation (+2)
 [209.85.208.169 listed in wl.mailspike.net]
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
 envelope-from domain
 -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily
 valid
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
 author's domain
X-Headers-End: 1pbf4R-006Od9-2T
Subject: [Openvpn-devel] [PATCH] Support --inactive option for DCO
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Cc: Lev Stipakov <lev@openvpn.net>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1760246648451982866?=
X-GMAIL-MSGID: =?utf-8?q?1760246648451982866?=

From: Lev Stipakov <lev@openvpn.net>

When DCO is in use, userland doesn't see any traffic
which breaks --inactive option.

Fix by adding inactivity check to inactivity timeout
callback. Get the cumulative tun bytes count (ping packets
are excluded) from DCO and compare it to the previous value
stored in c2.inactivity_bytes. Reset inactivity timer and
update c2.inactivity_bytes if amount of new bytes exceeds
inactivity_minimum_bytes, otherwise terminate session
due to inactivity.

Fixes https://github.com/OpenVPN/openvpn/issues/228

Currently works only on Windows, since we do't have
since peer stats implementation yet for Linux and FreeBSD.

Change-Id: Ib417b965bc4a2c17b51935b43c9627b106716526
Signed-off-by: Lev Stipakov <lev@openvpn.net>
---
 src/openvpn/dco_win.c |  2 ++
 src/openvpn/forward.c | 20 +++++++++++++++++++-
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/src/openvpn/dco_win.c b/src/openvpn/dco_win.c
index 0931fb30..aae6b4b5 100644
--- a/src/openvpn/dco_win.c
+++ b/src/openvpn/dco_win.c
@@ -431,6 +431,8 @@ dco_get_peer_stats(struct context *c)
 
     c->c2.dco_read_bytes = stats.TransportBytesReceived;
     c->c2.dco_write_bytes = stats.TransportBytesSent;
+    c->c2.tun_read_bytes = stats.TunBytesReceived;
+    c->c2.tun_write_bytes = stats.TunBytesSent;
 
     return 0;
 }
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 257c7c75..21800dc9 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -724,7 +724,25 @@ process_coarse_timers(struct context *c)
     if (c->options.inactivity_timeout
         && event_timeout_trigger(&c->c2.inactivity_interval, &c->c2.timeval, ETT_DEFAULT))
     {
-        check_inactivity_timeout(c);
+        if (dco_enabled(&c->options) && dco_get_peer_stats(c) == 0)
+        {
+            int64_t tot_bytes = c->c2.tun_read_bytes + c->c2.tun_write_bytes;
+            int64_t new_bytes = tot_bytes - c->c2.inactivity_bytes;
+
+            if (new_bytes >= c->options.inactivity_minimum_bytes)
+            {
+                c->c2.inactivity_bytes = tot_bytes;
+                event_timeout_reset(&c->c2.inactivity_interval);
+            }
+            else
+            {
+                check_inactivity_timeout(c);
+            }
+        }
+        else
+        {
+            check_inactivity_timeout(c);
+        }
     }
 
     if (c->sig->signal_received)