From patchwork Mon Sep 23 13:41:33 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "flichtenheld (Code Review)" X-Patchwork-Id: 3861 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:10cd:b0:5b9:581e:f939 with SMTP id j13csp2172126mae; Mon, 23 Sep 2024 06:42:02 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXQFPIEd691f2ZeeTBObPpNDvcYTuNk8+UAEbhypfF9WK82U9o9GH+4rSEh8w3jovW60v7UFme1ltM=@openvpn.net X-Google-Smtp-Source: AGHT+IEWkc6RrdDGywzBuWm8ugnYSYfJCDKZmE4a8I5n8yP+k1zO4lEJZgpUR6A13PHkWQhTgeyO X-Received: by 2002:a92:ca05:0:b0:397:a41d:aa8e with SMTP id e9e14a558f8ab-3a0c8b63c71mr96198995ab.0.1727098922317; Mon, 23 Sep 2024 06:42:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1727098922; cv=none; d=google.com; s=arc-20240605; b=N1ce1y9JqxgPakeT96zt4uZYvMYb/GZ+a7lCN+3XjrhceSxAZdH6FOQpOAAlhP2u0e m5VXm5MCV27fUsPF6GzhETkRsbXq4Yqu4OrvnJclpMeWjWkGwxIF/EUYN687VFtN6uL0 /IQrt0p+Gt9irgheziEJUYF3LEE9YiOtWECmuGQYp/X0uxXysgrfEQu8BJhGsV6mIldm w7OQgf4fu8vdEMKgkFJ4xkzi4SsdSEuaQxCaVHeq294G4vA8d3pn9Mi34qubFTUNgw2W nn/SldQpRm6JVfmX0laxHtaMvw5t66UFQWr8wnO9EQUbuc5uM8Di8F8vW3ivFNUvaRx6 h8Gg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=Jjv5Sf7hMTs8w8Q/H/HX9xuiA6+rj+eqV5zpA0wdYfE=; fh=U7wEyxtwz2o5+UdevFSA47vNeG9knhWH0KV//QhD5a0=; b=Rg7y//VJR5iQE588xzHH8phtvLqikAUC8PMkNR+vY2n2YKJsbRAonO/0vEVsIbiRhK g6sQgZxYnU5W3gX4o+x3rxDSsaAwC+E6uAUenstpkBHLhFzO09kzikMvRNHwjxg7TPGO C6aRZ2gLDDFPedaFFAKY9Y6xOs0rSWwH55xFEukygicI8aBZRfDhhe6yMyvbTOwtBU8W xaf/QbPXD2E6l8tZttEsWkLKol2l7o2AedP9iGIQyOu/iPD92GzD217la2a2VUd/enIo rb81x02hC8saXNDjPTuZzYaTlmmvBeo+O5VwudPzVp05SSXXF6QT2wLQ03QKOcIfzWQ3 QI7g==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=UQmtzEEj; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=JIFJOLzm; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=G8etPmaL; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id e9e14a558f8ab-3a092e8f65fsi92272495ab.152.2024.09.23.06.42.02 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 23 Sep 2024 06:42:02 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=UQmtzEEj; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=JIFJOLzm; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=G8etPmaL; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1ssjK3-0001u3-Hm; Mon, 23 Sep 2024 13:41:51 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1ssjK0-0001tk-EM for openvpn-devel@lists.sourceforge.net; Mon, 23 Sep 2024 13:41:48 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=1lmxiZbZtQFmK5IlrNHsJO4qogCScq8ZTFeXbRxEvzs=; b=UQmtzEEjdpqBRFXUxK9ExuhWvD p9NXLB6tTnAaLgXxBRdfiOqNCGD61+X3WaKBu4ZhoJ0C31YyATMxfq8j51iNXt1pPc7HSGlKXzOH9 9XmdQI29hBAldjWJtdtA6FugxsrajDHn81XNARexBe7Xsuk/dXX+OOjXOapCdmVOJ3Rg=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=1lmxiZbZtQFmK5IlrNHsJO4qogCScq8ZTFeXbRxEvzs=; b=J IFJOLzm5ObLAfeJnIwquGUEL4D9U9Ww4KPWD338SaE3GnT+8eE6NSKp9nJfzv1KppwGj8LLqaR/JW 3HEPhoB35ivYnjR32bHVefpg5TXPmMPN69h0Be8vKZScPmmjhmNyG8NXynFhMvmzXCDNzmseaG6H7 ipSssi1oA3/rVGNI=; Received: from mail-wm1-f45.google.com ([209.85.128.45]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1ssjJy-0006s0-4s for openvpn-devel@lists.sourceforge.net; Mon, 23 Sep 2024 13:41:48 +0000 Received: by mail-wm1-f45.google.com with SMTP id 5b1f17b1804b1-42cb7a2e4d6so39791025e9.0 for ; Mon, 23 Sep 2024 06:41:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1727098894; x=1727703694; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=1lmxiZbZtQFmK5IlrNHsJO4qogCScq8ZTFeXbRxEvzs=; b=G8etPmaLQdqZ8zN0AXOF9KCO85B1jjcmhAEsedMFRDTo0zHz4nTsKmugWG0S+nDg8Y AecsvicNz1R35SFONZ0vS0V2x/UBHlCrvHKVpJanyfF2HYWOsWGEHPlOzFQc/aK2sQw9 hg37d+IMWZtjgS3NRdeIrxQdVjPnnfoTK/kk4slQ66KjzsdgpLQQ7iy/ANLIELxNpbRT JfNq6O+3halnReUQ1nmYOcHhNeULwtNn8v6MiVTYWZSXHo6shQGgKj3GcXCVDi6pg5zG Zu1xxRCTxFlOaWo5rHAG6SuUciS25ojs+P7M3+XKHA1GqY6SIr32YYr8Kt6RVuHtRTv0 D5zw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727098894; x=1727703694; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=1lmxiZbZtQFmK5IlrNHsJO4qogCScq8ZTFeXbRxEvzs=; b=qrT0rdy/jhBs6VkD8L9PQq+3UHKjCOCW4+l5s+ee2/73SZ+00gKwHWmp4nptxjESNz Xw+RJfPkSvM43yGY2FUfjZRHYQshBNJ22dS7TMGBExmwfFrUBXwb+M3FS2QutYCeE43x 0tC0dS30GFcDeSpfdwCBupsGJCANZna9Nzoj+4N5G0jYd6MrlDxpPCcE+7nhQuuUEq63 aDVFXRnPcuV8950ERS0cWyh5DqMmHEmBoXO50wlZQH/zXzrnFL9k3OzRdqzcDdwiBt19 jVStiClKVJX061W5fLE99ITr/5zwUZ1zyq44M/B7YhXYtEPLtQLVJhVajilRscez5xBU KCcQ== X-Gm-Message-State: AOJu0YwlCZ25y6/6gduN/KMhEn6ukOH6BojvtMVnQFuT5jXjNDoP1Au3 sRLrQnsqEdu4j8pN5ZEoUI+RxwY8aBRc6KJb9nkCUsWZLSCLSonyF4hEGs1hnAs= X-Received: by 2002:a05:600c:310a:b0:42c:a89e:b0e6 with SMTP id 5b1f17b1804b1-42e7abe8e3emr85388865e9.11.1727098894100; Mon, 23 Sep 2024 06:41:34 -0700 (PDT) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-42e7ae60ad0sm102770675e9.1.2024.09.23.06.41.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Sep 2024 06:41:33 -0700 (PDT) From: "its_Giaan (Code Review)" X-Google-Original-From: "its_Giaan (Code Review)" X-Gerrit-PatchSet: 1 Date: Mon, 23 Sep 2024 13:41:33 +0000 To: plaisthos , flichtenheld Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: Ibe0614bf6ced210c136b2d13036048188196f7ef X-Gerrit-Change-Number: 766 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: f47aa90bd4ac633cc0f91007d9793f7b133b72c1 References: Message-ID: MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -1.1 (-) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit Content analysis details: (-1.1 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.128.45 listed in list.dnswl.org] -0.9 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.45 listed in wl.mailspike.net] 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML X-Headers-End: 1ssjJy-0006s0-4s Subject: [Openvpn-devel] [M] Change in openvpn[master]: Refinement to handle simultaneous UDP and TCP connections X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: gianmarco@mandelbit.com, arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net, frank@lichtenheld.com Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1810994479488774839?= X-GMAIL-MSGID: =?utf-8?q?1810994479488774839?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/766?usp=email to review the following change. Change subject: Refinement to handle simultaneous UDP and TCP connections ...................................................................... Refinement to handle simultaneous UDP and TCP connections MULTI: properly remove TCP instances by checking the multi_instance protocol instead of the global one. TLS: set the tls_option xmit_hold bool value to true only in case of TCP child instance to avoid checking the global protocol value. INIT: initialize the c->c2.event_set in the inherit_context_top() by default and not only in case of UDP since we could have multiple different sockets. Change-Id: Ibe0614bf6ced210c136b2d13036048188196f7ef Signed-off-by: Gianmarco De Gregori --- M src/openvpn/forward.c M src/openvpn/init.c M src/openvpn/mtcp.c M src/openvpn/mudp.c M src/openvpn/multi.c M src/openvpn/multi.h M src/openvpn/multi_io.c M src/openvpn/options.c M src/openvpn/options.h 9 files changed, 143 insertions(+), 54 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/66/766/1 diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 1357cad..c37095d 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -2358,7 +2358,7 @@ #if defined(TARGET_LINUX) || defined(TARGET_FREEBSD) if (socket & EVENT_READ && c->c2.did_open_tun) { - dco_event_set(&c->c1.tuntap->dco, c->c2.event_set, (void *)&dco_shift); + dco_event_set(&c->c1.tuntap->dco, c->c2.event_set, (void *)dco_shift); } #endif diff --git a/src/openvpn/init.c b/src/openvpn/init.c index c817ce6..51b49f2 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -224,7 +224,7 @@ if (streq(p[1], "HTTP")) { struct http_proxy_options *ho; - if (ce->proto != PROTO_TCP && ce->proto != PROTO_TCP_CLIENT) + if (ce->proto != PROTO_TCP && c->mode != CM_CHILD_TCP) { msg(M_WARN, "HTTP proxy support only works for TCP based connections"); return false; @@ -601,7 +601,10 @@ ce_defined = false; } + int proto = c->options.ce.proto; c->options.ce = *ce; + c->options.ce.proto = proto; + #ifdef ENABLE_MANAGEMENT if (ce_defined && management && management_query_remote_enabled(management)) { @@ -2600,7 +2603,7 @@ if (found & OPT_P_EXPLICIT_NOTIFY) { - if (!proto_is_udp(c->options.ce.proto) && c->options.ce.explicit_exit_notification) + if (!proto_is_udp(c->c2.link_sockets[0]->info.proto) && c->options.ce.explicit_exit_notification) { msg(D_PUSH, "OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp"); c->options.ce.explicit_exit_notification = 0; @@ -2760,14 +2763,21 @@ int sec = 2; int backoff = 0; - switch (c->options.ce.proto) + switch (c->mode) { - case PROTO_TCP_SERVER: - sec = 1; + case CM_TOP: + if (has_udp_in_local_list(&c->options)) + { + sec = c->options.ce.connect_retry_seconds; + } + else + { + sec = 1; + } break; - case PROTO_UDP: - case PROTO_TCP_CLIENT: + case CM_CHILD_UDP: + case CM_CHILD_TCP: sec = c->options.ce.connect_retry_seconds; break; } @@ -2785,7 +2795,7 @@ } /* Slow down reconnection after 5 retries per remote -- for TCP client or UDP tls-client only */ - if (c->options.ce.proto == PROTO_TCP_CLIENT + if (c->mode == CM_CHILD_TCP || (c->options.ce.proto == PROTO_UDP && c->options.tls_client)) { backoff = (c->options.unsuccessful_attempts / c->options.connection_list->len) - 4; @@ -3265,7 +3275,21 @@ to.server = options->tls_server; to.replay_window = options->replay_window; to.replay_time = options->replay_time; - to.tcp_mode = link_socket_proto_connection_oriented(options->ce.proto); + + if (c->options.ce.local_list->len > 1) + { + for (int i = 0; i < c->options.ce.local_list->len; i++) + { + if (proto_is_dgram(c->options.ce.local_list->array[i]->proto)) + { + to.tcp_mode = false; + } + } + } + else + { + to.tcp_mode = link_socket_proto_connection_oriented(c->options.ce.local_list->array[0]->proto); + } to.config_ciphername = c->options.ciphername; to.config_ncp_ciphers = c->options.ncp_ciphers; to.transition_window = options->transition_window; @@ -3310,7 +3334,7 @@ /* should we not xmit any packets until we get an initial * response from client? */ - if (to.server && options->ce.proto == PROTO_TCP_SERVER) + if (to.server && c->mode == CM_CHILD_TCP) { to.xmit_hold = true; } @@ -4214,20 +4238,13 @@ #ifdef _WIN32 msg(M_INFO, "NOTE: --fast-io is disabled since we are running on Windows"); #else - if (!proto_is_udp(c->options.ce.proto)) + if (c->options.shaper) { - msg(M_INFO, "NOTE: --fast-io is disabled since we are not using UDP"); + msg(M_INFO, "NOTE: --fast-io is disabled since we are using --shaper"); } else { - if (c->options.shaper) - { - msg(M_INFO, "NOTE: --fast-io is disabled since we are using --shaper"); - } - else - { - c->c2.fast_io = true; - } + c->c2.fast_io = true; } #endif } @@ -4924,6 +4941,7 @@ /* options */ dest->options = src->options; + dest->options.ce.proto = ls->info.proto; options_detach(&dest->options); dest->c2.event_set = src->c2.event_set; @@ -5022,10 +5040,7 @@ dest->c2.es_owned = false; dest->c2.event_set = NULL; - if (proto_is_dgram(src->options.ce.proto)) - { - do_event_set_init(dest, false); - } + do_event_set_init(dest, false); #ifdef USE_COMP dest->c2.comp_context = NULL; diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c index 1eb28ec..ba705a8 100644 --- a/src/openvpn/mtcp.c +++ b/src/openvpn/mtcp.c @@ -153,12 +153,19 @@ { if (mi) { - mi->socket_set_called = true; - socket_set(mi->context.c2.link_sockets[0], - m->multi_io->es, - mbuf_defined(mi->tcp_link_out_deferred) ? EVENT_WRITE : EVENT_READ, - &mi->ev_arg, - &mi->tcp_rwflags); + if (proto_is_dgram(mi->context.c2.link_sockets[0]->info.proto)) + { + return; + } + else + { + mi->socket_set_called = true; + socket_set(mi->context.c2.link_sockets[0], + m->multi_io->es, + mbuf_defined(mi->tcp_link_out_deferred) ? EVENT_WRITE : EVENT_READ, + &mi->ev_arg, + &mi->tcp_rwflags); + } } } diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c index f9efcd5..9edd6ad 100644 --- a/src/openvpn/mudp.c +++ b/src/openvpn/mudp.c @@ -194,6 +194,7 @@ struct hash *hash = m->hash; real.proto = ls->info.proto; m->local.proto = real.proto; + m->hmac_reply_ls = ls; if (mroute_extract_openvpn_sockaddr(&real, &m->top.c2.from.dest, true) && m->top.c2.buf.len > 0) @@ -320,15 +321,8 @@ msg_set_prefix("Connection Attempt"); m->top.c2.to_link = m->hmac_reply; m->top.c2.to_link_addr = m->hmac_reply_dest; - for (int i = 0; i < m->top.c1.link_sockets_num; i++) - { - if (!proto_is_dgram(m->top.c2.link_sockets[i]->info.proto)) - { - continue; - } - - process_outgoing_link(&m->top, m->top.c2.link_sockets[i]); - } + process_outgoing_link(&m->top, m->hmac_reply_ls); + m->hmac_reply_ls = NULL; m->hmac_reply_dest = NULL; } } diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 4a6dd52..a6cdb67 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -606,6 +606,7 @@ ASSERT(!mi->halt); mi->halt = true; + bool is_dgram = proto_is_dgram(mi->context.c2.link_sockets[0]->info.proto); dmsg(D_MULTI_DEBUG, "MULTI: multi_close_instance called"); @@ -664,7 +665,7 @@ mi->did_iroutes = false; } - if (m->multi_io && !proto_is_dgram(m->top.options.ce.proto)) + if (!is_dgram) { multi_tcp_dereference_instance(m->multi_io, mi); } @@ -3400,7 +3401,7 @@ /* decrypt in instance context */ perf_push(PERF_PROC_IN_LINK); - lsi = get_link_socket_info(c); + lsi = &ls->info; orig_buf = c->c2.buf.data; if (process_incoming_link_part1(c, lsi, floated)) { @@ -3851,7 +3852,7 @@ while ((he = hash_iterator_next(&hi))) { struct multi_instance *mi = (struct multi_instance *) he->value; - if (!mi->halt) + if (!mi->halt && proto_is_dgram(mi->context.options.ce.proto)) { send_control_channel_string(&mi->context, next_server ? "RESTART,[N]" : "RESTART", D_PUSH); multi_schedule_context_wakeup(m, mi); @@ -3889,13 +3890,15 @@ status_close(so); return false; } - else if (proto_is_dgram(m->top.options.ce.proto) - && is_exit_restart(m->top.sig->signal_received) - && (m->deferred_shutdown_signal.signal_received == 0) - && m->top.options.ce.explicit_exit_notification != 0) + else if (has_udp_in_local_list(&m->top.options)) { - multi_push_restart_schedule_exit(m, m->top.options.ce.explicit_exit_notification == 2); - return false; + if (is_exit_restart(m->top.sig->signal_received) + && (m->deferred_shutdown_signal.signal_received == 0) + && m->top.options.ce.explicit_exit_notification != 0) + { + multi_push_restart_schedule_exit(m, m->top.options.ce.explicit_exit_notification == 2); + return false; + } } return true; } diff --git a/src/openvpn/multi.h b/src/openvpn/multi.h index 65fd320..670826e 100644 --- a/src/openvpn/multi.h +++ b/src/openvpn/multi.h @@ -200,6 +200,7 @@ struct buffer hmac_reply; struct link_socket_actual *hmac_reply_dest; + struct link_socket *hmac_reply_ls; /* * Timer object for stale route check diff --git a/src/openvpn/multi_io.c b/src/openvpn/multi_io.c index 57ed10e..269b045 100644 --- a/src/openvpn/multi_io.c +++ b/src/openvpn/multi_io.c @@ -142,6 +142,11 @@ &m->top.c2.link_sockets[i]->ev_arg); } + if (has_udp_in_local_list(&m->top.options)) + { + get_io_flags_udp(&m->top, m->multi_io, p2mp_iow_flags(m)); + } + #ifdef _WIN32 if (tuntap_is_wintun(m->top.c1.tuntap)) { @@ -396,6 +401,10 @@ multi_protocol_process_io(struct multi_context *m) { struct multi_protocol *multi_io = m->multi_io; + const unsigned int udp_status = multi_io->udp_flags; + const unsigned int mpp_flags = m->top.c2.fast_io + ? (MPP_CONDITIONAL_PRE_SELECT | MPP_CLOSE_ON_SIGNAL) + : (MPP_PRE_SELECT | MPP_CLOSE_ON_SIGNAL); int i; for (i = 0; i < multi_io->n_esr; ++i) @@ -447,6 +456,39 @@ } break; } + else + { + if (e->arg >= MULTI_N) + { + struct event_arg *ev_arg = (struct event_arg *)e->arg; + if (ev_arg->type != EVENT_ARG_LINK_SOCKET) + { + multi_io->udp_flags = ES_ERROR; + msg(D_LINK_ERRORS, + "MULTI PROTOCOL: io_work: non socket event delivered"); + break; + } + } + else + { + ev_arg->pending = true; + } + + if (udp_status & SOCKET_READ) + { + read_incoming_link(&m->top, ev_arg->u.ls); + if (!IS_SIG(&m->top)) + { + multi_process_incoming_link(m, NULL, mpp_flags, + ev_arg->u.ls); + } + } + else + { + multi_process_io_udp(m); + } + break; + } } } else diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 42210da..a06813e 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -993,10 +993,13 @@ const struct connection_entry *e, const int i) { - setenv_str_i(es, "proto", proto2ascii(e->proto, e->af, false), i); - /* expected to befor single socket contexts only */ - setenv_str_i(es, "local", e->local_list->array[0]->local, i); - setenv_str_i(es, "local_port", e->local_list->array[0]->port, i); + for (int j = 0; j < e->local_list->len; j++) + { + setenv_str_i(es, "proto", proto2ascii(e->local_list->array[j]->proto, e->af, false), i); + /* expected to befor single socket contexts only */ + setenv_str_i(es, "local", e->local_list->array[j]->local, i); + setenv_str_i(es, "local_port", e->local_list->array[j]->port, i); + } setenv_str_i(es, "remote", e->remote, i); setenv_str_i(es, "remote_port", e->remote_port, i); @@ -2466,7 +2469,7 @@ { struct local_entry *le = ce->local_list->array[i]; - if (proto_is_net(ce->proto) + if (proto_is_net(le->proto) && string_defined_equal(le->local, ce->remote) && string_defined_equal(le->port, ce->remote_port)) { @@ -3828,6 +3831,12 @@ options_postprocess_mutate_ce(o, o->connection_list->array[i]); } + if (!has_udp_in_local_list(o)) + { + o->fast_io = false; + msg(M_INFO, "NOTE: --fast-io is disabled while using multi-socket"); + } + if (o->ce.local_list) { for (i = 0; i < o->ce.local_list->len; i++) @@ -9722,3 +9731,19 @@ err: gc_free(&gc); } + +bool +has_udp_in_local_list(const struct options *options) +{ + if (options->ce.local_list) + { + for (int i = 0; i < options->ce.local_list->len; i++) + { + if (proto_is_dgram(options->ce.local_list->array[i]->proto)) + { + return true; + } + } + } + return false; +} diff --git a/src/openvpn/options.h b/src/openvpn/options.h index f3cf7e5..30bd5aa 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -917,6 +917,8 @@ bool key_is_external(const struct options *options); +bool has_udp_in_local_list(const struct options *options); + /** * Returns whether the current configuration has dco enabled. */