From patchwork Thu Sep 19 14:06:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "plaisthos (Code Review)" X-Patchwork-Id: 3847 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:10cd:b0:5b9:581e:f939 with SMTP id j13csp236726mae; Thu, 19 Sep 2024 07:07:27 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVIDWiLE8Ko86HZnLDApGBBTSemdYhB0Zgq4wq4g4VRH1F9FCSI0AMymRHOmZLLr0jK13mr/rI9eJM=@openvpn.net X-Google-Smtp-Source: AGHT+IH000KERvmvBmD6l4I6ahlg2LBW90etpbkINi7tIqv7KliObEu0SD3kF/e21SETpyMkUwSn X-Received: by 2002:a05:6808:14cf:b0:3e0:4cc2:86d8 with SMTP id 5614622812f47-3e071ab9af5mr15766492b6e.13.1726754846893; Thu, 19 Sep 2024 07:07:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1726754846; cv=none; d=google.com; s=arc-20240605; b=e6y8eudtxedCkoTzIUQUVRAlbgrKrgXGjZFKQU8gpNsDts2bI3VGxh6M5myzpRX6qO xPimSa1DZa8v9/FrMz3/Ff3DJPh2a0mRdcwzLudtnwDkJO1XY5ClFZPkizG9Q5AELZQZ 73RbnEmAMQNdLWLaml/RCitU79AUJKasYNfqsm2W15gdLbKejzRy2pqKUYsRtUGVdiLG CC7dYe7Xcf79aW9DhJ4G0/vQCutLnbNEox9yleL12r/sVyNx2hLr6eXvNm+HjLqlxxT+ ytdnhS96lUYfTUbkhacfkWDpjImuZzO/bzge7qZ4YDknMDAGTgW6+Tzg5M0ULpJxEXEZ DbGA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=BOCYS4y7O6fm3ergUIIVjyya1JkTAyzGRAjogvDzDB0=; fh=lm0MLPW7DntlrDqRECIiC9JlE1uPxhepE0URYHIf+eE=; b=bq/j+wBiU3ac8QaNIwrO/kf96uDC2CduRwiKCszChnSSlqdqvJBOgvUmKG+cBNtZXv hJjmVqFWha9zkEiZvT67Im/UsQczBct9D7ZX+3LtIfkwJJu9D6ukDojwoRM9niY74n/u lSLsjqirecLxEFsOcCXQ0yEx8pc1lW5VoGnVSB1QfXNwi7jmZE9g+IeHnqZqpSs+bE2O PeZlG4b9f/kJBQWsxNYSv27XzfOo/6FZ25t3vQLzHr7LTTZw+xVU6/j4BIu9wIPLBP4l /jzpFx145BEirqkOs77ZAoTAjpaXLVB38IswKv/nbN4cN+KHNWaccwPvUP0ix5OFVdbv yfJw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=j2Bluwtz; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=JfFVTEAb; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=hKzm5XZf; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 5614622812f47-3e26b720174si774416b6e.299.2024.09.19.07.07.26 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 19 Sep 2024 07:07:26 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=j2Bluwtz; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=JfFVTEAb; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=hKzm5XZf; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1srHoK-00037P-Bi; Thu, 19 Sep 2024 14:07:09 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1srHoJ-00037I-6s for openvpn-devel@lists.sourceforge.net; Thu, 19 Sep 2024 14:07:07 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=JpBSC09fmtGH+b9VJfIz5sch97IUwSgEBcgdzsJ3pGw=; b=j2BluwtzXmFLNbDYS3niaXWgDR OxSrQGREcEqxV49sq58PvRIgtZbTiq5ARJTFHJ8FUC5LiZyKeGpPPttdeK2VNFDZQMTA6/x0ALlc0 c/rz3zq0MxLgR7dBnlQJ3nFXgDfn+r3ExYDoaXBExN03ysSd+v9B0Z6lxy15D+Xa1ng8=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=JpBSC09fmtGH+b9VJfIz5sch97IUwSgEBcgdzsJ3pGw=; b=J fFVTEAbiWOPov/VZyIHYd8SjxGPKN4KvUciWV4LPGIFoE6OBjrstRUJG4WmJKnot6u/15L8YiMBb9 QXdtjHVYyJ9ak+DiRnf9YKDLDQuUDOn1zA64E2id/O0dPc9u1QO5PIhrhLuMQCoXsk9HiHTtLMtoz zytkE41sk/kwUeqg=; Received: from mail-wr1-f44.google.com ([209.85.221.44]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1srHoF-0002LO-Ha for openvpn-devel@lists.sourceforge.net; Thu, 19 Sep 2024 14:07:07 +0000 Received: by mail-wr1-f44.google.com with SMTP id ffacd0b85a97d-374bd0da617so596427f8f.3 for ; Thu, 19 Sep 2024 07:07:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1726754812; x=1727359612; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=JpBSC09fmtGH+b9VJfIz5sch97IUwSgEBcgdzsJ3pGw=; b=hKzm5XZfR8YdD5E8473hRjSZ2E+z7L3tdyx91yoR2JQkbdy/guvQoZZm9YwxkU6cOT JLLDsrv9TPNTSnU59QHfr400dDpQw0UtpdVGh47O56wyXhXWWN2OKfTM3+fYbgEoDTUk MhorR1PM6jaqF0Up31X0OYPZUpNcobKDMrcDFYKUW0MVQsGhsabKfcms831f8/P7z8ZN 82FCIhOBvGgEpIvAYYBGkjWpeQe4tBylz3GjODPChwgZQ+dM7YCrp6yWX+QOAKCxIwJa +wCYSUDPwExO1jyN1GbjDIksCyS/lbNAMDNoH2wVs2dPINEn4xZsG4cb0WGzI+V/z97m uMyg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726754812; x=1727359612; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=JpBSC09fmtGH+b9VJfIz5sch97IUwSgEBcgdzsJ3pGw=; b=S4pPkq2W1GSYJymBqyRSx4QQVspBA3veH3/cQoBxwOJ8YGAy4UPDeEeSolyGiPBHOw gWVM9I6yHN9+ZePPYhMYYzS1+0FZvgyE70MBEoLMrB5OpCy5UXg87uEFpXLTSvQrTnhP L+yY9G+j3bueijUVlDUZWM9x0pgVv06JJoS4Wmwh7OjshvV1pTncG3ERb/bjAPemLQoN RC6mLYTpF/M6VU+O31El4VebcDmE86tcnJXi8KawEWUDeJXxdsrk+jxwwSe+2G5wvFNG 3glPIrZUOIHofChLBlq2e0nRYe0wOw5PCLRvLP4MGdXpah0A2bOaN/EcC8iYSCsACkzh xsQA== X-Gm-Message-State: AOJu0YyC7W5/q1PnoSm0gyaUnKW0xpae8cFDEwFxiXE/sE9CxOV2e9oX HOj8xYOWBpCj1nTwfmkLVF//NOgKnmcn3+ip04qNjvDDxpEZAKWaWrSPF8jAfGFWrS+9tdIiZNM b X-Received: by 2002:a5d:6e8a:0:b0:35f:d70:6193 with SMTP id ffacd0b85a97d-378c2d4c8e8mr14782435f8f.41.1726754811455; Thu, 19 Sep 2024 07:06:51 -0700 (PDT) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-378e71f062esm15278884f8f.7.2024.09.19.07.06.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 19 Sep 2024 07:06:50 -0700 (PDT) From: "plaisthos (Code Review)" X-Google-Original-From: "plaisthos (Code Review)" X-Gerrit-PatchSet: 1 Date: Thu, 19 Sep 2024 14:06:50 +0000 To: flichtenheld Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: Ice015df81543c01094479929f0cb3075ca4f3813 X-Gerrit-Change-Number: 754 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: 341e3111ed2772ca90a4077adaf026a5e510eb5a References: Message-ID: MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -1.2 (-) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit Content analysis details: (-1.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.221.44 listed in list.dnswl.org] -1.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.221.44 listed in wl.mailspike.net] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML X-Headers-End: 1srHoF-0002LO-Ha Subject: [Openvpn-devel] [S] Change in openvpn[master]: Ensure that the AF_UNIX socket pair has at least 65k of buffer space X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net, frank@lichtenheld.com Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1810633690195663920?= X-GMAIL-MSGID: =?utf-8?q?1810633690195663920?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/754?usp=email to review the following change. Change subject: Ensure that the AF_UNIX socket pair has at least 65k of buffer space ...................................................................... Ensure that the AF_UNIX socket pair has at least 65k of buffer space Without this change, pinging a lwipovpn client with something like a 3000 byte payload on macOS often fails as the default buffer sizes on macOS are 2048 for send and 4096 for receive. Change-Id: Ice015df81543c01094479929f0cb3075ca4f3813 Signed-off-by: Arne Schwabe --- M src/openvpn/socket.c M src/openvpn/socket.h M src/openvpn/tun_afunix.c 3 files changed, 29 insertions(+), 6 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/54/754/1 diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index 6c790a0..7b1e603 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -890,20 +890,23 @@ #endif } -static void -socket_set_buffers(socket_descriptor_t fd, const struct socket_buffer_size *sbs) +void +socket_set_buffers(socket_descriptor_t fd, const struct socket_buffer_size *sbs, + bool reduce_size) { if (sbs) { const int sndbuf_old = socket_get_sndbuf(fd); const int rcvbuf_old = socket_get_rcvbuf(fd); - if (sbs->sndbuf) + if (sbs->sndbuf + && (reduce_size || sndbuf_old < sbs->sndbuf)) { socket_set_sndbuf(fd, sbs->sndbuf); } - if (sbs->rcvbuf) + if (sbs->rcvbuf + && (reduce_size || rcvbuf_old < sbs->rcvbuf)) { socket_set_rcvbuf(fd, sbs->rcvbuf); } @@ -986,7 +989,7 @@ { ls->socket_buffer_sizes.sndbuf = sndbuf; ls->socket_buffer_sizes.rcvbuf = rcvbuf; - socket_set_buffers(ls->sd, &ls->socket_buffer_sizes); + socket_set_buffers(ls->sd, &ls->socket_buffer_sizes, true); } } @@ -1136,7 +1139,7 @@ sock->info.af = addr->ai_family; /* set socket buffers based on --sndbuf and --rcvbuf options */ - socket_set_buffers(sock->sd, &sock->socket_buffer_sizes); + socket_set_buffers(sock->sd, &sock->socket_buffer_sizes, true); /* set socket to --mark packets with given value */ socket_set_mark(sock->sd, sock->mark); diff --git a/src/openvpn/socket.h b/src/openvpn/socket.h index bbdabfb..2e583af 100644 --- a/src/openvpn/socket.h +++ b/src/openvpn/socket.h @@ -157,6 +157,18 @@ int sndbuf; }; +/** + * Sets the receive and send buffer sizes of a socket descriptor. + * + * @param fd The socket to modify + * @param sbs new sizes. + * @param reduce_size apply the new size even if smaller than current one + */ +void +socket_set_buffers(socket_descriptor_t fd, + const struct socket_buffer_size *sbs, + bool reduce_size); + /* * This is the main socket structure used by OpenVPN. The SOCKET_ * defines try to abstract away our implementation differences between diff --git a/src/openvpn/tun_afunix.c b/src/openvpn/tun_afunix.c index 27cdb01..d41c05a 100644 --- a/src/openvpn/tun_afunix.c +++ b/src/openvpn/tun_afunix.c @@ -35,6 +35,7 @@ #include "wfp_block.h" #include "argv.h" #include "options.h" +#include "socket.h" #if defined(AF_UNIX) && !defined(WIN32) /* Windows does implement some AF_UNIX functionality but key features @@ -80,6 +81,13 @@ return; } + + /* Ensure that the buffer sizes are decently sized. Otherwise macOS will + * just have 2048 */ + struct socket_buffer_size newsizes = {65536, 65536 }; + socket_set_buffers(fds[0], &newsizes, false); + socket_set_buffers(fds[1], &newsizes, false); + /* Use the first file descriptor for our side and avoid passing it * to the child */ tt->fd = fds[1];