From patchwork Wed Mar 15 13:38:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lev Stipakov X-Patchwork-Id: 3135 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:2310:b0:9f:bfa4:120f with SMTP id r16csp3039490dye; Wed, 15 Mar 2023 06:39:23 -0700 (PDT) X-Google-Smtp-Source: AK7set+Xt+zdC5QTLeX/NE3O3ESsK4Mcm/hPfp3xNw9xS1mDXpfHp0GX5MDbht7YC0F4kChGBStb X-Received: by 2002:a17:903:228b:b0:19c:bae2:681a with SMTP id b11-20020a170903228b00b0019cbae2681amr2963281plh.66.1678887562807; Wed, 15 Mar 2023 06:39:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1678887562; cv=none; d=google.com; s=arc-20160816; b=GUYdL6IWxL8qJ2yj9NtrictFr/9OZWHoRxQykfEhEcd0VH1AqchnE1HlgdVdqbhiBr YLAAZuP9fw3Z0usn548E9Ynb7L0n9bv9oye4xsejDck89kH09y2oBOBxFvjdoQkT+vE+ X//ExbBHnd29OOiE3WnXItHM3+Eu8kU1A3tKuti1grhVfFUvgCVi1odl0qX2XuMe9YOx B5V1lGhw8VcQjtZ9RufEez2L9LwtbaVOKS/qkUeFM++La/jtIvCsPaG+6c6+r1MnfAcG Z9pwvzG6HlDzpOhJaxJtvFej2O5QOfY9JpmJ7ViEzR7fnIwkLZbf/+4Xml1GLPIKEWkx Tstw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:dkim-signature :dkim-signature; bh=nQ3u6Jl8O4aWxbkPcn/bC4JB3585T7X/BVNlSMfvmPQ=; b=d9vRZvWS9UzDygftbyhyhzPph57C/xG44co4XlRDyjj0lmz5G+jS3uy6BdC5iRjI+A binZ3yxUcJkR3dr5P2gUM7kcGQxCOjSWkO/iG/bblbFYU22yZZt07rWtarIdFo8eqIiN hAqcjncWs2zm7rG2hpJxnSTWaRStB1AOm0UYpG9WA/vlauKXP/wM3pO5oAceFGq2ym0O +fZL0vbQcp8fxlJ/rdAn+fm8tYoTdUymjtgNJPCjir1Em4zJ07DReTgjZNTgfaEKtZfD odcc3DWpAGcO6KJ28ITs4h7bePrlcUFQdku+C+/trywT7MaHFyyYZP9rAUsbleqEE/pv KvXw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=dTPOfprR; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=gWSgE5GB; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=CCCofqb5; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id kp15-20020a170903280f00b001a0492c419csi5027367plb.523.2023.03.15.06.39.22 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 15 Mar 2023 06:39:22 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=dTPOfprR; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=gWSgE5GB; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=CCCofqb5; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pcRKu-0002IH-4g; Wed, 15 Mar 2023 13:38:36 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pcRKq-0002I8-MZ for openvpn-devel@lists.sourceforge.net; Wed, 15 Mar 2023 13:38:33 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=/oqtnTM7jN96oTjDWZyv757BifWQki8Nv0bEy257Jlc=; b=dTPOfprR+4qq7oS/W7gsrBi6FD VajKzj+TE44rWYq8sLSC8CGPnZxlTwvQnPpBgDnoBEoFCp1pwEyu2wPfqmYsy6JP3Iv96ODm3S/5U H4uM2rQOA3qCBY9Xuo90ZIeBj7HdFbfe+y+y3Pe7g+6dsuBpShKy5k/D0KZYR7eupgoE=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=/oqtnTM7jN96oTjDWZyv757BifWQki8Nv0bEy257Jlc=; b=g WSgE5GBYFIx6Rd3+GZhiJ96schy1EJYK3KxEs45FkNRQPiH+H9wgMZrBg6hrmiOYB0rDlk+oHf9qd h427CfEW7uCkxlgf+2RXOAWfcQzn0UFEDV0r7ljetn/HeOIMt2zRfVo66XIbHtcWOR0A2evn+ujaW E5rqfPdPZJMQ5dO0=; Received: from mail-lf1-f45.google.com ([209.85.167.45]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1pcRKp-0006Ul-Q8 for openvpn-devel@lists.sourceforge.net; Wed, 15 Mar 2023 13:38:32 +0000 Received: by mail-lf1-f45.google.com with SMTP id x17so8217181lfu.5 for ; Wed, 15 Mar 2023 06:38:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1678887505; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=/oqtnTM7jN96oTjDWZyv757BifWQki8Nv0bEy257Jlc=; b=CCCofqb5gNA2I9NhfAz4Vz7pqzkb8+m3qDgsLCtaIbKCw7/zHxabMsoni6bmH1OUmz nX8qVLTyMtzH99JsV8iHYB8IqY8xDz9cKb10cK+v+XzAkThK2iR37gALkLmUXn7NnDIs lzKh1hwh9vWB+yAls2AnCCxAePD5ZLJEHyNo5M6ExPy0s4pkBTvCDj3Oqm5vXtzFXnj1 IyyWAXWxTsKPCtzw8OWJ0vHHK1nYEyPjHirK81FccLWmiuX2QzcOYiecxZQP2/+I8udc 8qUktDXvV95YuH/Z1LGvkQPDV/Z1fAkdpi8T5TpmpXhdkpsbqIGizTunjLIP2122uCva qQ/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678887505; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=/oqtnTM7jN96oTjDWZyv757BifWQki8Nv0bEy257Jlc=; b=1rK6KrhZDXJ+zaZElu545v57MJHr7twa4w30QPrSUjBQscvbXyQpeEuAlVKW8J6Jmy j3zkYD77JH7j10sVzqmLfMq4sePk5GDmry65nP0YhwGrz8xm27zqcZj9kEz268ZZ/421 BTedL23Vq5AkVpdTh0ERe3NZEt0/PxFWp6GSqQ381waFNQQVpM2x+JHMTAtnsjYU12JK AB1D4PDuaZvm54NR5U+hhf3Bk345M+JoDVitoQVCnNEZhRgM2M6wLxf5ZDzBlU3ysYJz /6B3gkKcG3Kt6pSoA443a6l736+i/giljed6lxjLYcV4mh4WQPQCzQ9gPPYpnInl+mUO gE4g== X-Gm-Message-State: AO0yUKWKJJYSV2zMze0fGacGTKSMOsr46XcfXwZyZZbEgxflxS/x/zAA 864QygwQgLyJa/kHHfkGkey7/cqvb/c= X-Received: by 2002:ac2:5582:0:b0:4e8:4a21:9c9d with SMTP id v2-20020ac25582000000b004e84a219c9dmr1782924lfg.57.1678887504623; Wed, 15 Mar 2023 06:38:24 -0700 (PDT) Received: from localhost.localdomain ([2a00:1d50:3:0:c20:1f38:52b4:1c46]) by smtp.gmail.com with ESMTPSA id c12-20020a19760c000000b004b581ab4c77sm822338lff.78.2023.03.15.06.38.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 15 Mar 2023 06:38:24 -0700 (PDT) From: Lev Stipakov To: openvpn-devel@lists.sourceforge.net Date: Wed, 15 Mar 2023 15:38:08 +0200 Message-Id: <20230315133808.1550-1-lstipakov@gmail.com> X-Mailer: git-send-email 2.38.1.windows.1 MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Lev Stipakov When DCO is in use, userland doesn't see any traffic which breaks --inactive option. Fix by adding inactivity check to inactivity timeout callback. Get the cumulative tun bytes count (ping packets are excluded) from DCO and compare it to the previous value stored in c2.inactivity_byte [...] Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [lstipakov[at]gmail.com] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.167.45 listed in wl.mailspike.net] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.167.45 listed in list.dnswl.org] -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1pcRKp-0006Ul-Q8 Subject: [Openvpn-devel] [PATCH] Support --inactive option for DCO X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Lev Stipakov Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1760441205006494242?= X-GMAIL-MSGID: =?utf-8?q?1760441205006494242?= From: Lev Stipakov When DCO is in use, userland doesn't see any traffic which breaks --inactive option. Fix by adding inactivity check to inactivity timeout callback. Get the cumulative tun bytes count (ping packets are excluded) from DCO and compare it to the previous value stored in c2.inactivity_bytes. Reset inactivity timer and update c2.inactivity_bytes if amount of new bytes exceeds inactivity_minimum_bytes, otherwise terminate session due to inactivity. Fixes https://github.com/OpenVPN/openvpn/issues/228 Currently works only on Windows, since we don't yet have single peer stats implementation for Linux and FreeBSD. Change-Id: Ib417b965bc4a2c17b51935b43c9627b106716526 Signed-off-by: Lev Stipakov Acked-by: Heiko Hund --- src/openvpn/dco_win.c | 2 ++ src/openvpn/forward.c | 14 ++++++++++++++ 2 files changed, 16 insertions(+) diff --git a/src/openvpn/dco_win.c b/src/openvpn/dco_win.c index 0931fb30..aae6b4b5 100644 --- a/src/openvpn/dco_win.c +++ b/src/openvpn/dco_win.c @@ -431,6 +431,8 @@ dco_get_peer_stats(struct context *c) c->c2.dco_read_bytes = stats.TransportBytesReceived; c->c2.dco_write_bytes = stats.TransportBytesSent; + c->c2.tun_read_bytes = stats.TunBytesReceived; + c->c2.tun_write_bytes = stats.TunBytesSent; return 0; } diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 257c7c75..923c04f2 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -464,6 +464,20 @@ check_add_routes(struct context *c) static void check_inactivity_timeout(struct context *c) { + if (dco_enabled(&c->options) && dco_get_peer_stats(c) == 0) + { + int64_t tot_bytes = c->c2.tun_read_bytes + c->c2.tun_write_bytes; + int64_t new_bytes = tot_bytes - c->c2.inactivity_bytes; + + if (new_bytes >= c->options.inactivity_minimum_bytes) + { + c->c2.inactivity_bytes = tot_bytes; + event_timeout_reset(&c->c2.inactivity_interval); + + return; + } + } + msg(M_INFO, "Inactivity timeout (--inactive), exiting"); register_signal(c->sig, SIGTERM, "inactive"); }