From patchwork Tue Dec 10 16:53:32 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "ralf_lici (Code Review)" X-Patchwork-Id: 3984 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:750c:b0:5e7:b9eb:58e8 with SMTP id r12csp266632mai; Tue, 10 Dec 2024 08:53:58 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCWZI2yxYc9Z9mwHCYyQh2DBOu3HLwZWc3yl+bBu6d4VChjcHseSVELbsC4CT9Gmqq2k1kX3jFJL4zY=@openvpn.net X-Google-Smtp-Source: AGHT+IEHY2wqBuEOtTmEEQQ7d/ikwVbbZkb9BPNxwLbo6m4fzH8jsc48rw26+CLCRGEfjFZ8auN5 X-Received: by 2002:a05:6830:926:b0:71e:5d8:4dfc with SMTP id 46e09a7af769-71e05d86d0emr2004957a34.29.1733849638185; Tue, 10 Dec 2024 08:53:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1733849638; cv=none; d=google.com; s=arc-20240605; b=dh7S6VDzCdsc4EjJY3glYAbUupjqIOpZDPA2KOiMZ9cpRAWsGyyKwPwDmBTi4OZi5z Q5NDYeoudMEV8GM83x56BMveB4Yy+3DpEsLKFHfo4BYG+Olp71RkY/PzmbZjUJ8nC+U0 Fy/rOFcGu4m/5dJZ0aVJB0sJLbzkAt22Fn1/zcgWsHL4Ldms7lcG+AWUTuPnZ111TjoN hf0NWXZFxPSi9zhiF0f5cCc7//cqvVjEaIc6z2Qkt/U44+4Dv3tjKv7vm9wQ/TJK6xGZ QRiByu3DHUfQ6Y5i9D0PNB2CuaJC2E30TVzoqZDLQPe36GqmsxitKysezawU6xbPlGpo Tp7w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=S3JvetbvtQy2R7n++2H2teYf+UNVuo5lQlyCAfQlE0U=; fh=U7wEyxtwz2o5+UdevFSA47vNeG9knhWH0KV//QhD5a0=; b=aWWQQ1+7GyY3DhRPl6p4u4OcLay4Zp/SXmoUzLw8zm4sbTTZdPNlaIKx7vmxP5HtCn xrmE6jTTDtIsoXq9LvANgxhuxeEcv3W1Rwu5mp46MidUT4rVJX5cErZVbPngGMbbSMM3 VcarncifkiiMZfpLmmoW7Kv+Q9Lbzr8be0YXjlR4UGi4FI1LMPnLDXwVxu+OvCoOBWRg c/fgTTsmy4EF1YCUp3bqjrCUS9fSJZvD7CKwuV5QzmrXqc29o74xUHvsCQ1RMBHchsNu MjfXb/SAYXRBYty59yOnUYmIWFOxvCrDedNMXAoX60T+0QM9CQMfWWV1vlu6b/0rivTb dQkw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=kJOWEsM2; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=heK8ZINo; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=YNt16QMV; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 46e09a7af769-71dfd25c82dsi1942849a34.115.2024.12.10.08.53.57 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 10 Dec 2024 08:53:58 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=kJOWEsM2; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=heK8ZINo; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=YNt16QMV; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1tL3Ud-0007xD-0A; Tue, 10 Dec 2024 16:53:51 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tL3UY-0007x4-5G for openvpn-devel@lists.sourceforge.net; Tue, 10 Dec 2024 16:53:46 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=27xE//G/FWAUCkcMEXyAYNqC7HrR3g5fTj+jwJGnslw=; b=kJOWEsM2Z8jpl/76Wx3XA3CDFq LhUSBy3Uwpb9u9zbWj/AEEchScX35DFobwW8KZlbSp9bhVYVJRBKKuAKBvu81xf+YedlQmB/9hVgn 6MOXtPCmOa10iu8hUPijdqdwbdSyhy0+QASS6V5GZjDps8MT/D2XlWFzctC4zCAmQvHA=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=27xE//G/FWAUCkcMEXyAYNqC7HrR3g5fTj+jwJGnslw=; b=h eK8ZINouNiJV222q/YLGZXlY+mph0QxTs18TW1lvFZiGnKXq2v6d+jwyQ310JGF1bumWXp43/Voew BOL3iGslsiL4cdLH5kSZJOT5qIHR1XP07U1O7iiQw7E8cvWnoMpwBbS8p4n6whSyQPQPmy6vUh6WO oeXf/YcJ9N54v1Bw=; Received: from mail-wm1-f53.google.com ([209.85.128.53]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1tL3UW-0005Py-NR for openvpn-devel@lists.sourceforge.net; Tue, 10 Dec 2024 16:53:46 +0000 Received: by mail-wm1-f53.google.com with SMTP id 5b1f17b1804b1-435004228c0so18223855e9.0 for ; Tue, 10 Dec 2024 08:53:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1733849613; x=1734454413; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=27xE//G/FWAUCkcMEXyAYNqC7HrR3g5fTj+jwJGnslw=; b=YNt16QMVbouyIa1hLjK3pvfHE3/W2xLEMlHZw84faQb3NgMbOXkKFkNJRRL5ocIGrU Vbu4E6sBCfZDgVpqqXcFJmQxHl/CdkSWsnXNUnKzSj6X8xf5GRpHPvSN6Vm7hWGh961Z NlNX3jzRNV4bH6y9F8hzu/8ZOeZplP/WRYVAHESe4+Xw9VcHp4NoveovhBQtm3ZK/C7h lKR6qsCEaNFqFmylY6/TsSyogLmGD79OT+sVG3SpjvOXjrv5hti3m16jLX5f4NfKAX3Z GPEZEleHOA7XkIy1TR8UGXYxgoo/eL/H+MX0h3bLC4kIhdjHks6pdDc8cLMCKt0NamBt +9zQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733849613; x=1734454413; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=27xE//G/FWAUCkcMEXyAYNqC7HrR3g5fTj+jwJGnslw=; b=lkMDucsIiaoykV3XGy+ja+u2CyRHCg0VXJeWDjDw0275DCvGUYkMoMSm8Tjaig0tNf +Ks/JBLQnsYyPXGxA2QQ4EsTd+/X9Oz7WDohJF/LPtfpRM5jaimMPxLUWhG7KVTm6RVi gCxrFuYLv5y6HqvRb3X4yJo3OvrT2MhF5fxCMnZLQZ3xmh3rZMI9+8EBfDgfAHV2fht8 rkJywkLYchpywgmnEnVGa1ga0ZxphNnjB24kraa58PILUrooaA9Di/nzRkwzuGRnuuhp SBzJSbdP9jnhQnv1rHS5I1XHAewY/eqPBwevdLyOm3oS+xClFoTXrn606N33/hLPsIW+ ug4g== X-Gm-Message-State: AOJu0Yxwduy7mL9WQfGQSbxFilyCa+LItPevJduOggKLltyE2i+l+8BT PBgmDI4Efx9sJxHt6uFCe7Zo1x6Pr2sRzAqYTezRrZzIYveVMcN+McFP1YH+gU2f7rVcCva0keS R X-Gm-Gg: ASbGncsQ+cDXvcvg0RMtWhMUyYnN9aXQY4zyNDscsP84DfsPzZqB/ZSl1i/4efL4JJb UQeFIXv+bg04n7LPexHZt355WuTrUQgJS7lPLdMME7mp2myTN6NJ6ujIX5tlhYrum5NLKGzYhgW VTiVwuIctC/Us8YDLNKN07c6ewbNnTcWF0sZpR75UI1lxqu8xrB2RNh/MpEPfO7m5+82dX8tDkT uTbQiJGpaKjSRzQQj+uj1l+lSDqFRp77sorD9cCHazwa3gzLQfu7Pu3us966r/Y1CybkQrvDV0A urWVXWFGbtYc/6KcLxDl3s85UnY2FAEyV+OCZGegmSofNw== X-Received: by 2002:a05:600c:5114:b0:434:a802:e9a6 with SMTP id 5b1f17b1804b1-434fff30ed9mr56294305e9.7.1733849613035; Tue, 10 Dec 2024 08:53:33 -0800 (PST) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-434f43a58b1sm97266785e9.13.2024.12.10.08.53.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Dec 2024 08:53:32 -0800 (PST) From: "ralf_lici (Code Review)" X-Google-Original-From: "ralf_lici (Code Review)" X-Gerrit-PatchSet: 1 Date: Tue, 10 Dec 2024 16:53:32 +0000 To: plaisthos , flichtenheld Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: Ib118426c5a69256894040c69856a4003d9f4637c X-Gerrit-Change-Number: 831 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: c5474896af9e1f075123fb7b743af86f2a680367 References: Message-ID: <60542e3cbcd523a4391cc3a40577d474b02c4499-HTML@gerrit.openvpn.net> MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.128.53 listed in bl.score.senderscore.com] 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.128.53 listed in sa-trusted.bondedsender.org] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.53 listed in wl.mailspike.net] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.128.53 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML X-Headers-End: 1tL3UW-0005Py-NR Subject: [Openvpn-devel] [M] Change in openvpn[master]: Handle missing DCO peer by restarting the session X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ralf@mandelbit.com, arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net, frank@lichtenheld.com Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1818073117923307737?= X-GMAIL-MSGID: =?utf-8?q?1818073117923307737?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/831?usp=email to review the following change. Change subject: Handle missing DCO peer by restarting the session ...................................................................... Handle missing DCO peer by restarting the session Occasionally, CMD_DEL_PEER is not delivered to userspace, preventing the openvpn process from registering the event. To handle this case, we check if calls to the DCO module return an error, and, if so, send a SIGUSR1 signal to reset the session. Change-Id: Ib118426c5a69256894040c69856a4003d9f4637c Signed-off-by: Ralf Lici --- M src/openvpn/dco_linux.c M src/openvpn/forward.c M src/openvpn/manage.c M src/openvpn/multi.c M src/openvpn/sig.c 5 files changed, 61 insertions(+), 14 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/31/831/1 diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c index b038382..3f8e206 100644 --- a/src/openvpn/dco_linux.c +++ b/src/openvpn/dco_linux.c @@ -979,7 +979,12 @@ int dco_get_peer_stats(struct context *c) { - uint32_t peer_id = c->c2.tls_multi->dco_peer_id; + int peer_id = c->c2.tls_multi->dco_peer_id; + if (peer_id == -1) + { + return 0; + } + msg(D_DCO_DEBUG, "%s: peer-id %d", __func__, peer_id); if (!c->c1.tuntap) diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index d50b24c..4c4f3f7 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -483,16 +483,27 @@ static void check_inactivity_timeout(struct context *c) { - if (dco_enabled(&c->options) && dco_get_peer_stats(c) == 0) + if (dco_enabled(&c->options)) { - int64_t tot_bytes = c->c2.tun_read_bytes + c->c2.tun_write_bytes; - int64_t new_bytes = tot_bytes - c->c2.inactivity_bytes; - - if (new_bytes > c->options.inactivity_minimum_bytes) + const int stats_request = dco_get_peer_stats(c); + if (stats_request == 0) { - c->c2.inactivity_bytes = tot_bytes; - event_timeout_reset(&c->c2.inactivity_interval); + int64_t tot_bytes = c->c2.tun_read_bytes + c->c2.tun_write_bytes; + int64_t new_bytes = tot_bytes - c->c2.inactivity_bytes; + if (new_bytes > c->options.inactivity_minimum_bytes) + { + c->c2.inactivity_bytes = tot_bytes; + event_timeout_reset(&c->c2.inactivity_interval); + + return; + } + } + else if (stats_request < 0) + { + msg(M_WARN, "Error requesting peer %d DCO stats (%s). Restarting the session", + c->c2.tls_multi->dco_peer_id, strerror(-stats_request)); + register_signal(c->sig, SIGUSR1, "dco peer stats error"); return; } } diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c index e79a118..be2da4a 100644 --- a/src/openvpn/manage.c +++ b/src/openvpn/manage.c @@ -4138,10 +4138,21 @@ counter_type dco_read_bytes = 0; counter_type dco_write_bytes = 0; - if (dco_enabled(&c->options) && (dco_get_peer_stats(c) == 0)) + if (dco_enabled(&c->options) && c->c2.tls_multi->peer_id != -1) { - dco_read_bytes = c->c2.dco_read_bytes; - dco_write_bytes = c->c2.dco_write_bytes; + const int stats_request = dco_get_peer_stats(c); + if (stats_request == 0) + { + dco_read_bytes = c->c2.dco_read_bytes; + dco_write_bytes = c->c2.dco_write_bytes; + } + else if (stats_request < 0) + { + msg(D_MANAGEMENT, "MANAGEMENT: Error requesting peer %d DCO stats (%s). Restarting the session", + c->c2.tls_multi->dco_peer_id, strerror(-stats_request)); + register_signal(c->sig, SIGUSR1, "dco peer stats error"); + return; + } } if (!(man->persist.callback.flags & MCF_SERVER)) diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 45b3cfa..20724a0 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -549,7 +549,13 @@ { if (dco_enabled(&m->top.options)) { - dco_get_peer_stats_multi(&m->top.c1.tuntap->dco, m); + const int stats_request = dco_get_peer_stats_multi(&m->top.c1.tuntap->dco, m); + if (stats_request < 0) + { + msg(D_DCO, "Error requesting peer %d DCO stats (%s)", + c->c2.tls_multi->dco_peer_id, strerror(-stats_request)); + return; + } } setenv_counter(c->c2.es, "bytes_received", c->c2.link_read_bytes + c->c2.dco_read_bytes); @@ -855,7 +861,14 @@ if (dco_enabled(&m->top.options)) { - dco_get_peer_stats_multi(&m->top.c1.tuntap->dco, m); + const int stats_request = dco_get_peer_stats_multi(&m->top.c1.tuntap->dco, m); + if (stats_request == -ENOENT) + { + msg(M_WARN, "Error requesting peer DCO stats (%s)", + strerror(-stats_request)); + register_signal(m->top.sig, SIGUSR1, "dco peer stats error"); + return; + } } if (version == 1) diff --git a/src/openvpn/sig.c b/src/openvpn/sig.c index 8323f0d..3654033 100644 --- a/src/openvpn/sig.c +++ b/src/openvpn/sig.c @@ -489,7 +489,14 @@ if (dco_enabled(&c->options)) { - dco_get_peer_stats(c); + const int stats_request = dco_get_peer_stats(c); + if (stats_request < 0) + { + msg(M_WARN, "Error requesting peer %d DCO stats (%s). Restarting the session", + c->c2.tls_multi->dco_peer_id, strerror(-stats_request)); + register_signal(c->sig, SIGUSR1, "dco peer stats error"); + return; + } } status_printf(so, "OpenVPN STATISTICS");