Menu
▾
▴
openvpn-devel — OpenVPN developers list
You can subscribe to this list here.
| 2002 |
Jan
|
Feb
|
Mar
|
Apr
(24) |
May
(14) |
Jun
(29) |
Jul
(33) |
Aug
(3) |
Sep
(8) |
Oct
(18) |
Nov
(1) |
Dec
(10) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2003 |
Jan
(3) |
Feb
(33) |
Mar
(7) |
Apr
(28) |
May
(30) |
Jun
(5) |
Jul
(10) |
Aug
(7) |
Sep
(32) |
Oct
(41) |
Nov
(20) |
Dec
(10) |
| 2004 |
Jan
(24) |
Feb
(18) |
Mar
(57) |
Apr
(40) |
May
(55) |
Jun
(48) |
Jul
(77) |
Aug
(15) |
Sep
(56) |
Oct
(80) |
Nov
(74) |
Dec
(52) |
| 2005 |
Jan
(38) |
Feb
(42) |
Mar
(39) |
Apr
(56) |
May
(79) |
Jun
(73) |
Jul
(16) |
Aug
(23) |
Sep
(68) |
Oct
(77) |
Nov
(52) |
Dec
(27) |
| 2006 |
Jan
(27) |
Feb
(18) |
Mar
(51) |
Apr
(62) |
May
(28) |
Jun
(50) |
Jul
(36) |
Aug
(33) |
Sep
(47) |
Oct
(50) |
Nov
(77) |
Dec
(13) |
| 2007 |
Jan
(15) |
Feb
(8) |
Mar
(14) |
Apr
(18) |
May
(25) |
Jun
(16) |
Jul
(16) |
Aug
(19) |
Sep
(32) |
Oct
(17) |
Nov
(5) |
Dec
(5) |
| 2008 |
Jan
(64) |
Feb
(25) |
Mar
(25) |
Apr
(6) |
May
(28) |
Jun
(20) |
Jul
(10) |
Aug
(27) |
Sep
(28) |
Oct
(59) |
Nov
(37) |
Dec
(43) |
| 2009 |
Jan
(40) |
Feb
(25) |
Mar
(12) |
Apr
(57) |
May
(46) |
Jun
(29) |
Jul
(39) |
Aug
(10) |
Sep
(20) |
Oct
(42) |
Nov
(50) |
Dec
(57) |
| 2010 |
Jan
(82) |
Feb
(165) |
Mar
(256) |
Apr
(260) |
May
(36) |
Jun
(87) |
Jul
(53) |
Aug
(89) |
Sep
(107) |
Oct
(51) |
Nov
(88) |
Dec
(117) |
| 2011 |
Jan
(69) |
Feb
(60) |
Mar
(113) |
Apr
(71) |
May
(67) |
Jun
(90) |
Jul
(88) |
Aug
(90) |
Sep
(48) |
Oct
(64) |
Nov
(69) |
Dec
(118) |
| 2012 |
Jan
(49) |
Feb
(528) |
Mar
(351) |
Apr
(190) |
May
(238) |
Jun
(193) |
Jul
(104) |
Aug
(100) |
Sep
(57) |
Oct
(41) |
Nov
(47) |
Dec
(51) |
| 2013 |
Jan
(94) |
Feb
(57) |
Mar
(96) |
Apr
(105) |
May
(77) |
Jun
(102) |
Jul
(27) |
Aug
(81) |
Sep
(32) |
Oct
(53) |
Nov
(127) |
Dec
(65) |
| 2014 |
Jan
(113) |
Feb
(59) |
Mar
(104) |
Apr
(259) |
May
(70) |
Jun
(70) |
Jul
(146) |
Aug
(45) |
Sep
(58) |
Oct
(149) |
Nov
(77) |
Dec
(83) |
| 2015 |
Jan
(53) |
Feb
(66) |
Mar
(86) |
Apr
(50) |
May
(135) |
Jun
(76) |
Jul
(151) |
Aug
(83) |
Sep
(97) |
Oct
(262) |
Nov
(245) |
Dec
(231) |
| 2016 |
Jan
(131) |
Feb
(233) |
Mar
(97) |
Apr
(138) |
May
(221) |
Jun
(254) |
Jul
(92) |
Aug
(248) |
Sep
(168) |
Oct
(275) |
Nov
(477) |
Dec
(445) |
| 2017 |
Jan
(218) |
Feb
(217) |
Mar
(146) |
Apr
(172) |
May
(216) |
Jun
(252) |
Jul
(164) |
Aug
(192) |
Sep
(190) |
Oct
(143) |
Nov
(255) |
Dec
(182) |
| 2018 |
Jan
(295) |
Feb
(164) |
Mar
(113) |
Apr
(147) |
May
(64) |
Jun
(262) |
Jul
(184) |
Aug
(90) |
Sep
(69) |
Oct
(364) |
Nov
(102) |
Dec
(101) |
| 2019 |
Jan
(119) |
Feb
(64) |
Mar
(64) |
Apr
(102) |
May
(57) |
Jun
(154) |
Jul
(84) |
Aug
(81) |
Sep
(76) |
Oct
(102) |
Nov
(233) |
Dec
(89) |
| 2020 |
Jan
(38) |
Feb
(170) |
Mar
(155) |
Apr
(172) |
May
(120) |
Jun
(223) |
Jul
(461) |
Aug
(227) |
Sep
(268) |
Oct
(113) |
Nov
(56) |
Dec
(124) |
| 2021 |
Jan
(121) |
Feb
(48) |
Mar
(334) |
Apr
(345) |
May
(207) |
Jun
(136) |
Jul
(71) |
Aug
(112) |
Sep
(122) |
Oct
(173) |
Nov
(184) |
Dec
(223) |
| 2022 |
Jan
(197) |
Feb
(206) |
Mar
(156) |
Apr
(212) |
May
(192) |
Jun
(170) |
Jul
(143) |
Aug
(380) |
Sep
(182) |
Oct
(148) |
Nov
(128) |
Dec
(269) |
| 2023 |
Jan
(248) |
Feb
(196) |
Mar
(264) |
Apr
(36) |
May
(123) |
Jun
(66) |
Jul
(120) |
Aug
(48) |
Sep
(157) |
Oct
(198) |
Nov
(300) |
Dec
(273) |
| 2024 |
Jan
(271) |
Feb
(147) |
Mar
(207) |
Apr
(78) |
May
(107) |
Jun
(168) |
Jul
(151) |
Aug
(51) |
Sep
(438) |
Oct
(221) |
Nov
(302) |
Dec
(357) |
| 2025 |
Jan
(451) |
Feb
(219) |
Mar
(326) |
Apr
(232) |
May
(306) |
Jun
(181) |
Jul
(452) |
Aug
(171) |
Sep
|
Oct
|
Nov
|
Dec
|
|
From: ordex (C. Review) <ge...@op...> - 2025-07-23 10:00:00
|
Attention is currently required from: flichtenheld, plaisthos.
Hello flichtenheld, plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/1100?usp=email
to look at the new patch set (#3).
Change subject: dco_linux: fix async message reception
......................................................................
dco_linux: fix async message reception
Currently whenever we send a PEER_GET request to ovpn, we also
set the CB that is supposed to parse the reply.
However, due to the async nature of netlink messages, we could
get an unrelated notification, sent by ovpn upon some event,
after having set the CB, but before parsing the awaited reply.
When this happens, the notification is then parsed with the
configured CB instead of the notification parser, thus effectively
rejecting the notification and losing the event.
To fix this inconsistency, make ovpn_handle_msg() the default and
only netlink parser CB. It is configured upon DCO initialization
and is never removed.
ovpn_handle_msg() will check the message type and will call the
according parser. This way, no matter what message we get at
what time, but we'll always parse it correctly.
As a bonus we can also simplify the nl_sendmsg() API as we
don't need to pass the cb and its argument anymore.
The ID of the NLCTRL family is now also stored in the DCO
context as we need it to check when we receive a mcast ID
lookup message.
Change-Id: I23ad79e14844aefde9ece34dadef0b75ff267201
Github: OpenVPN/openvpn#793
Signed-off-by: Antonio Quartulli <an...@ma...>
---
M src/openvpn/dco_linux.c
M src/openvpn/dco_linux.h
2 files changed, 130 insertions(+), 85 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/00/1100/3
diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c
index 0a22879..62052f3 100644
--- a/src/openvpn/dco_linux.c
+++ b/src/openvpn/dco_linux.c
@@ -172,18 +172,14 @@
* The method will also free nl_msg
* @param dco The dco context to use
* @param nl_msg the message to use
- * @param cb An optional callback if the caller expects an answer
- * @param cb_arg An optional param to pass to the callback
* @param prefix A prefix to report in the error message to give the user context
* @return status of sending the message
*/
static int
-ovpn_nl_msg_send(dco_context_t *dco, struct nl_msg *nl_msg, ovpn_nl_cb cb,
- void *cb_arg, const char *prefix)
+ovpn_nl_msg_send(dco_context_t *dco, struct nl_msg *nl_msg, const char *prefix)
{
dco->status = 1;
- nl_cb_set(dco->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, cb, cb_arg);
nl_send_auto(dco->nl_sock, nl_msg);
while (dco->status == 1)
@@ -285,7 +281,7 @@
}
nla_nest_end(nl_msg, attr);
- ret = ovpn_nl_msg_send(dco, nl_msg, NULL, NULL, __func__);
+ ret = ovpn_nl_msg_send(dco, nl_msg, __func__);
nla_put_failure:
nlmsg_free(nl_msg);
@@ -385,6 +381,29 @@
}
static void
+ovpn_dco_register(dco_context_t *dco)
+{
+ msg(D_DCO_DEBUG, __func__);
+ ovpn_get_mcast_id(dco);
+
+ if (dco->ovpn_dco_mcast_id < 0)
+ {
+ msg(M_FATAL, "cannot get mcast group: %s", nl_geterror(dco->ovpn_dco_mcast_id));
+ }
+
+ /* Register for ovpn-dco specific multicast messages that the kernel may
+ * send
+ */
+ int ret = nl_socket_add_membership(dco->nl_sock, dco->ovpn_dco_mcast_id);
+ if (ret)
+ {
+ msg(M_FATAL, "%s: failed to join groups: %d", __func__, ret);
+ }
+}
+
+static int ovpn_handle_msg(struct nl_msg *msg, void *arg);
+
+static void
ovpn_dco_init_netlink(dco_context_t *dco)
{
dco->ovpn_dco_id = resolve_ovpn_netlink_id(M_FATAL);
@@ -420,11 +439,15 @@
nl_socket_set_cb(dco->nl_sock, dco->nl_cb);
+ dco->dco_message_peer_id = -1;
nl_cb_err(dco->nl_cb, NL_CB_CUSTOM, ovpn_nl_cb_error, &dco->status);
nl_cb_set(dco->nl_cb, NL_CB_FINISH, NL_CB_CUSTOM, ovpn_nl_cb_finish,
&dco->status);
nl_cb_set(dco->nl_cb, NL_CB_ACK, NL_CB_CUSTOM, ovpn_nl_cb_finish,
&dco->status);
+ nl_cb_set(dco->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, ovpn_handle_msg, dco);
+
+ ovpn_dco_register(dco);
/* The async PACKET messages confuse libnl and it will drop them with
* wrong sequence numbers (NLE_SEQ_MISMATCH), so disable libnl's sequence
@@ -476,27 +499,6 @@
CLEAR(dco);
}
-static void
-ovpn_dco_register(dco_context_t *dco)
-{
- msg(D_DCO_DEBUG, __func__);
- ovpn_get_mcast_id(dco);
-
- if (dco->ovpn_dco_mcast_id < 0)
- {
- msg(M_FATAL, "cannot get mcast group: %s", nl_geterror(dco->ovpn_dco_mcast_id));
- }
-
- /* Register for ovpn-dco specific multicast messages that the kernel may
- * send
- */
- int ret = nl_socket_add_membership(dco->nl_sock, dco->ovpn_dco_mcast_id);
- if (ret)
- {
- msg(M_FATAL, "%s: failed to join groups: %d", __func__, ret);
- }
-}
-
int
open_tun_dco(struct tuntap *tt, openvpn_net_ctx_t *ctx, const char *dev)
{
@@ -516,10 +518,6 @@
msg(M_FATAL, "DCO: cannot retrieve ifindex for interface %s", dev);
}
- tt->dco.dco_message_peer_id = -1;
-
- ovpn_dco_register(&tt->dco);
-
return 0;
}
@@ -548,7 +546,7 @@
NLA_PUT_U32(nl_msg, OVPN_A_KEYCONF_PEER_ID, peerid);
nla_nest_end(nl_msg, attr);
- ret = ovpn_nl_msg_send(dco, nl_msg, NULL, NULL, __func__);
+ ret = ovpn_nl_msg_send(dco, nl_msg, __func__);
nla_put_failure:
nlmsg_free(nl_msg);
@@ -572,7 +570,7 @@
NLA_PUT_U32(nl_msg, OVPN_A_PEER_ID, peerid);
nla_nest_end(nl_msg, attr);
- ret = ovpn_nl_msg_send(dco, nl_msg, NULL, NULL, __func__);
+ ret = ovpn_nl_msg_send(dco, nl_msg, __func__);
nla_put_failure:
nlmsg_free(nl_msg);
@@ -598,7 +596,7 @@
NLA_PUT_U32(nl_msg, OVPN_A_KEYCONF_SLOT, slot);
nla_nest_end(nl_msg, keyconf);
- ret = ovpn_nl_msg_send(dco, nl_msg, NULL, NULL, __func__);
+ ret = ovpn_nl_msg_send(dco, nl_msg, __func__);
nla_put_failure:
nlmsg_free(nl_msg);
@@ -657,7 +655,7 @@
nla_nest_end(nl_msg, key_conf);
- ret = ovpn_nl_msg_send(dco, nl_msg, NULL, NULL, __func__);
+ ret = ovpn_nl_msg_send(dco, nl_msg, __func__);
nla_put_failure:
nlmsg_free(nl_msg);
@@ -686,7 +684,7 @@
keepalive_timeout);
nla_nest_end(nl_msg, attr);
- ret = ovpn_nl_msg_send(dco, nl_msg, NULL, NULL, __func__);
+ ret = ovpn_nl_msg_send(dco, nl_msg, __func__);
nla_put_failure:
nlmsg_free(nl_msg);
@@ -754,7 +752,7 @@
/* Even though 'nlctrl' is a constant, there seem to be no library
* provided define for it */
- int ctrlid = genl_ctrl_resolve(dco->nl_sock, "nlctrl");
+ dco->ctrlid = genl_ctrl_resolve(dco->nl_sock, "nlctrl");
struct nl_msg *nl_msg = nlmsg_alloc();
if (!nl_msg)
@@ -762,12 +760,12 @@
return -ENOMEM;
}
- genlmsg_put(nl_msg, 0, 0, ctrlid, 0, 0, CTRL_CMD_GETFAMILY, 0);
+ genlmsg_put(nl_msg, 0, 0, dco->ctrlid, 0, 0, CTRL_CMD_GETFAMILY, 0);
int ret = -EMSGSIZE;
NLA_PUT_STRING(nl_msg, CTRL_ATTR_FAMILY_NAME, OVPN_FAMILY_NAME);
- ret = ovpn_nl_msg_send(dco, nl_msg, mcast_family_handler, dco, __func__);
+ ret = ovpn_nl_msg_send(dco, nl_msg, __func__);
nla_put_failure:
nlmsg_free(nl_msg);
@@ -879,23 +877,26 @@
}
static int
-dco_parse_peer_multi(struct nl_msg *msg, void *arg)
+ovpn_handle_peer_multi(dco_context_t *dco, struct nlattr *attrs[])
{
- struct nlattr *tb[OVPN_A_MAX + 1];
- struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
-
msg(D_DCO_DEBUG, "%s: parsing message...", __func__);
- nla_parse(tb, OVPN_A_MAX, genlmsg_attrdata(gnlh, 0),
- genlmsg_attrlen(gnlh, 0), NULL);
+ /* this function assumes openvpn is running in multipeer mode as
+ * it accesses c->multi
+ */
+ if (dco->ifmode != OVPN_MODE_MP)
+ {
+ msg(M_WARN, "%s: can't parse 'multi-peer' message on P2P instance", __func__);
+ return NL_SKIP;
+ }
- if (!tb[OVPN_A_PEER])
+ if (!attrs[OVPN_A_PEER])
{
return NL_SKIP;
}
struct nlattr *tb_peer[OVPN_A_PEER_MAX + 1];
- nla_parse_nested(tb_peer, OVPN_A_PEER_MAX, tb[OVPN_A_PEER], NULL);
+ nla_parse_nested(tb_peer, OVPN_A_PEER_MAX, attrs[OVPN_A_PEER], NULL);
if (!tb_peer[OVPN_A_PEER_ID])
{
@@ -903,7 +904,7 @@
return NL_SKIP;
}
- struct multi_context *m = arg;
+ struct multi_context *m = dco->c->multi;
uint32_t peer_id = nla_get_u32(tb_peer[OVPN_A_PEER_ID]);
if (peer_id >= m->max_clients || !m->instances[peer_id])
@@ -919,25 +920,18 @@
}
static int
-dco_parse_peer(struct nl_msg *msg, void *arg)
+ovpn_handle_peer(dco_context_t *dco, struct nlattr *attrs[])
{
- struct context *c = arg;
- struct nlattr *tb[OVPN_A_MAX + 1];
- struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
-
msg(D_DCO_DEBUG, "%s: parsing message...", __func__);
- nla_parse(tb, OVPN_A_MAX, genlmsg_attrdata(gnlh, 0),
- genlmsg_attrlen(gnlh, 0), NULL);
-
- if (!tb[OVPN_A_PEER])
+ if (!attrs[OVPN_A_PEER])
{
msg(D_DCO_DEBUG, "%s: malformed reply", __func__);
return NL_SKIP;
}
struct nlattr *tb_peer[OVPN_A_PEER_MAX + 1];
- nla_parse_nested(tb_peer, OVPN_A_PEER_MAX, tb[OVPN_A_PEER], NULL);
+ nla_parse_nested(tb_peer, OVPN_A_PEER_MAX, attrs[OVPN_A_PEER], NULL);
if (!tb_peer[OVPN_A_PEER_ID])
{
@@ -946,18 +940,39 @@
}
uint32_t peer_id = nla_get_u32(tb_peer[OVPN_A_PEER_ID]);
- if (c->c2.tls_multi->dco_peer_id != peer_id)
+ struct context_2 *c2;
+
+ if (dco->ifmode == OVPN_MODE_P2P)
+ {
+ c2 = &dco->c->c2;
+ }
+ else
+ {
+ struct multi_instance *mi = dco->c->multi->instances[peer_id];
+ if (!mi)
+ {
+ msg(M_WARN, "%s: received data for a non-existing peer %u", __func__, peer_id);
+ return NL_SKIP;
+ }
+
+ c2 = &mi->context.c2;
+ }
+
+ /* at this point this check should never fail for MP mode,
+ * but it's still fully valid for P2P mode
+ */
+ if (c2->tls_multi->dco_peer_id != peer_id)
{
return NL_SKIP;
}
- dco_update_peer_stat(&c->c2, tb_peer, peer_id);
+ dco_update_peer_stat(c2, tb_peer, peer_id);
return NL_OK;
}
-static int
-ovpn_handle_peer_del_ntf(dco_context_t *dco, struct nlattr *attrs[])
+static bool
+ovpn_iface_check(dco_context_t *dco, struct nlattr *attrs[])
{
/* we must know which interface this message is referring to in order to
* avoid mixing messages for other instances
@@ -965,6 +980,25 @@
if (!attrs[OVPN_A_IFINDEX])
{
msg(D_DCO, "ovpn-dco: Received message without ifindex");
+ return false;
+ }
+
+ uint32_t ifindex = nla_get_u32(attrs[OVPN_A_IFINDEX]);
+ if (ifindex != dco->ifindex)
+ {
+ msg(D_DCO_DEBUG,
+ "ovpn-dco: ignoring message for foreign ifindex %d", ifindex);
+ return false;
+ }
+
+ return true;
+}
+
+static int
+ovpn_handle_peer_del_ntf(dco_context_t *dco, struct nlattr *attrs[])
+{
+ if (!ovpn_iface_check(dco, attrs))
+ {
return NL_STOP;
}
@@ -1008,12 +1042,8 @@
static int
ovpn_handle_peer_float_ntf(dco_context_t *dco, struct nlattr *attrs[])
{
- /* we must know which interface this message is referring to in order to
- * avoid mixing messages for other instances
- */
- if (!attrs[OVPN_A_IFINDEX])
+ if (!ovpn_iface_check(dco, attrs))
{
- msg(D_DCO, "ovpn-dco: Received message without ifindex");
return NL_STOP;
}
@@ -1058,12 +1088,8 @@
static int
ovpn_handle_key_swap_ntf(dco_context_t *dco, struct nlattr *attrs[])
{
- /* we must know which interface this message is referring to in order to
- * avoid mixing messages for other instances
- */
- if (!attrs[OVPN_A_IFINDEX])
+ if (!ovpn_iface_check(dco, attrs))
{
- msg(D_DCO, "ovpn-dco: Received message without ifindex");
return NL_STOP;
}
@@ -1109,9 +1135,22 @@
{
dco_context_t *dco = arg;
- struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
struct nlattr *attrs[OVPN_A_MAX + 1];
struct nlmsghdr *nlh = nlmsg_hdr(msg);
+ struct genlmsghdr *gnlh = genlmsg_hdr(nlh);
+
+ msg(D_DCO_DEBUG, "ovpn-dco: received netlink message type=%u cmd=%u flags=%#.4x",
+ nlh->nlmsg_type, gnlh->cmd, nlh->nlmsg_flags);
+
+ /* if we get a message from the NLCTRL family, it means
+ * this is the reply to the mcast ID resolution request
+ * and we parse it accordingly.
+ */
+ if (nlh->nlmsg_type == dco->ctrlid)
+ {
+ msg(D_DCO_DEBUG, "ovpn-dco: received CTRLID message");
+ return mcast_family_handler(msg, dco);
+ }
if (!genlmsg_valid_hdr(nlh, 0))
{
@@ -1126,15 +1165,6 @@
return NL_STOP;
}
- uint32_t ifindex = nla_get_u32(attrs[OVPN_A_IFINDEX]);
- if (ifindex != dco->ifindex)
- {
- msg(D_DCO_DEBUG,
- "ovpn-dco: ignoring message (type=%d) for foreign ifindex %d",
- gnlh->cmd, ifindex);
- return NL_STOP;
- }
-
/* based on the message type, we parse the subobject contained in the
* message, that stores the type-specific attributes.
*
@@ -1144,6 +1174,21 @@
*/
switch (gnlh->cmd)
{
+ case OVPN_CMD_PEER_GET:
+ {
+ /* this message is part of a peer list dump, hence triggered
+ * by a MP/server instance
+ */
+ if (nlh->nlmsg_flags & NLM_F_MULTI)
+ {
+ return ovpn_handle_peer_multi(dco, attrs);
+ }
+ else
+ {
+ return ovpn_handle_peer(dco, attrs);
+ }
+ }
+
case OVPN_CMD_PEER_DEL_NTF:
{
return ovpn_handle_peer_del_ntf(dco, attrs);
@@ -1172,7 +1217,6 @@
dco_do_read(dco_context_t *dco)
{
msg(D_DCO_DEBUG, __func__);
- nl_cb_set(dco->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, ovpn_handle_msg, dco);
return ovpn_nl_recvmsgs(dco, __func__);
}
@@ -1187,7 +1231,7 @@
nlmsg_hdr(nl_msg)->nlmsg_flags |= NLM_F_DUMP;
- int ret = ovpn_nl_msg_send(dco, nl_msg, dco_parse_peer_multi, m, __func__);
+ int ret = ovpn_nl_msg_send(dco, nl_msg, __func__);
nlmsg_free(nl_msg);
@@ -1225,7 +1269,7 @@
NLA_PUT_U32(nl_msg, OVPN_A_PEER_ID, peer_id);
nla_nest_end(nl_msg, attr);
- ret = ovpn_nl_msg_send(dco, nl_msg, dco_parse_peer, c, __func__);
+ ret = ovpn_nl_msg_send(dco, nl_msg, __func__);
nla_put_failure:
nlmsg_free(nl_msg);
diff --git a/src/openvpn/dco_linux.h b/src/openvpn/dco_linux.h
index 5e61cf1..cc14f45 100644
--- a/src/openvpn/dco_linux.h
+++ b/src/openvpn/dco_linux.h
@@ -66,6 +66,7 @@
int status;
struct context *c;
+ int ctrlid;
enum ovpn_mode ifmode;
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1100?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I23ad79e14844aefde9ece34dadef0b75ff267201
Gerrit-Change-Number: 1100
Gerrit-PatchSet: 3
Gerrit-Owner: ordex <an...@ma...>
Gerrit-Reviewer: flichtenheld <fr...@li...>
Gerrit-Reviewer: plaisthos <arn...@rf...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-Attention: plaisthos <arn...@rf...>
Gerrit-Attention: flichtenheld <fr...@li...>
Gerrit-MessageType: newpatchset
|
|
From: ordex (C. Review) <ge...@op...> - 2025-07-23 09:59:56
|
Attention is currently required from: cron2, flichtenheld, ordex, plaisthos.
Hello cron2, flichtenheld, plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/1094?usp=email
to look at the new patch set (#3).
Change subject: dco: only pass struct context to init function
......................................................................
dco: only pass struct context to init function
Future DCO code will require accessing the `multi` member of the
context object.
For this reason a pointer to the context has to be stored in the
DCO context along with the rest.
At this point, rather than making the call to ovpn_dco_init()
longer with more and more parameters, pass the struct context
only and let the implementation extract the needed fields.
Change-Id: I673a17f8c5dec66cc6c28c1ed44780a7a63927d7
Signed-off-by: Antonio Quartulli <an...@ma...>
---
M src/openvpn/dco.h
M src/openvpn/dco_freebsd.c
M src/openvpn/dco_linux.c
M src/openvpn/dco_linux.h
M src/openvpn/dco_win.c
M src/openvpn/init.c
6 files changed, 20 insertions(+), 12 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/94/1094/3
diff --git a/src/openvpn/dco.h b/src/openvpn/dco.h
index f38316d..9078417 100644
--- a/src/openvpn/dco.h
+++ b/src/openvpn/dco.h
@@ -104,12 +104,10 @@
/**
* Initialize the DCO context
*
- * @param mode the instance operating mode (P2P or multi-peer)
- * @param dco the context to initialize
- * @param dev_node device node, used on Windows to specify certain DCO adapter
+ * @param c the main instance context
* @return true on success, false otherwise
*/
-bool ovpn_dco_init(int mode, dco_context_t *dco, const char *dev_node);
+bool ovpn_dco_init(struct context *c);
/**
* Open/create a DCO interface
@@ -297,7 +295,7 @@
}
static inline bool
-ovpn_dco_init(int mode, dco_context_t *dco, const char *dev_node)
+ovpn_dco_init(struct context *c)
{
return true;
}
diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c
index b8816c6..98d8fb5 100644
--- a/src/openvpn/dco_freebsd.c
+++ b/src/openvpn/dco_freebsd.c
@@ -165,9 +165,9 @@
}
bool
-ovpn_dco_init(int mode, dco_context_t *dco, const char *dev_node)
+ovpn_dco_init(struct context *c)
{
- if (open_fd(dco) < 0)
+ if (open_fd(&c->c1.tuntap->dco) < 0)
{
msg(M_ERR, "Failed to open socket");
return false;
diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c
index 3652a49..ec6efaa 100644
--- a/src/openvpn/dco_linux.c
+++ b/src/openvpn/dco_linux.c
@@ -438,9 +438,11 @@
}
bool
-ovpn_dco_init(int mode, dco_context_t *dco, const char *dev_node)
+ovpn_dco_init(struct context *c)
{
- switch (mode)
+ dco_context_t *dco = &c->c1.tuntap->dco;
+
+ switch (c->mode)
{
case CM_TOP:
dco->ifmode = OVPN_MODE_MP;
@@ -454,6 +456,10 @@
ASSERT(false);
}
+ /* store pointer to context as it may be required by message
+ * parsing routines
+ */
+ dco->c = c;
ovpn_dco_init_netlink(dco);
return true;
}
diff --git a/src/openvpn/dco_linux.h b/src/openvpn/dco_linux.h
index 676b8cd..5e61cf1 100644
--- a/src/openvpn/dco_linux.h
+++ b/src/openvpn/dco_linux.h
@@ -65,6 +65,8 @@
struct nl_cb *nl_cb;
int status;
+ struct context *c;
+
enum ovpn_mode ifmode;
int ovpn_dco_id;
diff --git a/src/openvpn/dco_win.c b/src/openvpn/dco_win.c
index 83db739..1d20247 100644
--- a/src/openvpn/dco_win.c
+++ b/src/openvpn/dco_win.c
@@ -188,8 +188,10 @@
* state. The server socket should be initialized later by dco_mp_start_vpn().
*/
bool
-ovpn_dco_init(int mode, dco_context_t *dco, const char *dev_node)
+ovpn_dco_init(struct context *c)
{
+ dco_context_t *dco = &c->c1.tuntap->dco;
+
switch (mode)
{
case MODE_POINT_TO_POINT:
@@ -198,7 +200,7 @@
break;
case MODE_SERVER:
- ovpn_dco_init_mp(dco, dev_node);
+ ovpn_dco_init_mp(dco, c->options.dev_node);
break;
default:
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 77747a2..aac8a6a 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -2007,7 +2007,7 @@
if (dco_enabled(&c->options))
{
- ovpn_dco_init(c->mode, &c->c1.tuntap->dco, c->options.dev_node);
+ ovpn_dco_init(c);
}
/* open the tun device */
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1094?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I673a17f8c5dec66cc6c28c1ed44780a7a63927d7
Gerrit-Change-Number: 1094
Gerrit-PatchSet: 3
Gerrit-Owner: ordex <an...@ma...>
Gerrit-Reviewer: cron2 <ge...@gr...>
Gerrit-Reviewer: flichtenheld <fr...@li...>
Gerrit-Reviewer: plaisthos <arn...@rf...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-CC: stipa <lst...@gm...>
Gerrit-Attention: plaisthos <arn...@rf...>
Gerrit-Attention: cron2 <ge...@gr...>
Gerrit-Attention: flichtenheld <fr...@li...>
Gerrit-Attention: ordex <an...@ma...>
Gerrit-MessageType: newpatchset
|
|
From: Kristof P. <kpr...@ne...> - 2025-07-23 09:42:29
|
Hi, Here's an implementation of the float notification handling for FreeBSD. The OpenVPN bits are pretty trivial because it just extends existing mechanisms. This does expect FreeBSD to actually send the notification, which requires this patch: https://reviews.freebsd.org/D51468 There's a test case in https://reviews.freebsd.org/D51469. Best regards, Kristof |
|
From: cron2 (C. Review) <ge...@op...> - 2025-07-23 09:40:22
|
cron2 has submitted this change. ( http://gerrit.openvpn.net/c/openvpn/+/1093?usp=email ) Change subject: multi: store multi_context address inside top instance ...................................................................... multi: store multi_context address inside top instance Future modifications to DCO require accessing the server multi_context object. Since it is currently a stack variable that is pointed by no one, we'd need to pass it to all kind of functions to ensure it can reach the DCO code. To make the implementation simpler, it is preferable to simply assign its address to a struct context's field. While at it, make some multi_* functions static as they used only inside multi.c, where they are defined. Change-Id: Ibf64c681e02ac572d339d4d98e75ceb0cd417c45 Signed-off-by: Antonio Quartulli <an...@ma...> Acked-by: Gert Doering <ge...@gr...> Message-Id: <202...@gr...> URL: https://www.mail-archive.com/ope...@li.../msg32266.html Signed-off-by: Gert Doering <ge...@gr...> --- M src/openvpn/multi.c M src/openvpn/multi.h M src/openvpn/openvpn.h 3 files changed, 15 insertions(+), 18 deletions(-) diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 4696686..ec260a2 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -290,9 +290,10 @@ /* * Main initialization function, init multi_context object. */ -void -multi_init(struct multi_context *m, struct context *t) +static void +multi_init(struct context *t) { + struct multi_context *m = t->multi; int dev = DEV_TYPE_UNDEF; msg(D_MULTI_LOW, "MULTI: multi_init called, r=%d v=%d", @@ -706,7 +707,7 @@ /* * Called on shutdown or restart. */ -void +static void multi_uninit(struct multi_context *m) { if (m->hash) @@ -3922,14 +3923,14 @@ } } -void -multi_top_init(struct multi_context *m, struct context *top) +static void +multi_top_init(struct context *top) { - inherit_context_top(&m->top, top); - m->top.c2.buffers = init_context_buffers(&top->c2.frame); + inherit_context_top(&top->multi->top, top); + top->multi->top.c2.buffers = init_context_buffers(&top->c2.frame); } -void +static void multi_top_free(struct multi_context *m) { close_context(&m->top, -1, CC_GC_FREE); @@ -4324,6 +4325,7 @@ struct multi_context multi; top->mode = CM_TOP; + top->multi = &multi; context_clear_2(top); /* initialize top-tunnel instance */ @@ -4334,10 +4336,10 @@ } /* initialize global multi_context object */ - multi_init(&multi, top); + multi_init(top); /* initialize our cloned top object */ - multi_top_init(&multi, top); + multi_top_init(top); /* initialize management interface */ init_management_callback_multi(&multi); diff --git a/src/openvpn/multi.h b/src/openvpn/multi.h index fe9e847..8b2704c 100644 --- a/src/openvpn/multi.h +++ b/src/openvpn/multi.h @@ -263,14 +263,6 @@ * Called by mtcp.c, mudp.c, or other (to be written) protocol drivers */ -void multi_init(struct multi_context *m, struct context *t); - -void multi_uninit(struct multi_context *m); - -void multi_top_init(struct multi_context *m, struct context *top); - -void multi_top_free(struct multi_context *m); - struct multi_instance *multi_create_instance(struct multi_context *m, const struct mroute_addr *real, struct link_socket *sock); diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h index 3c8ce39..7d48888 100644 --- a/src/openvpn/openvpn.h +++ b/src/openvpn/openvpn.h @@ -491,6 +491,9 @@ * CM_P2P, \c CM_TOP, \c CM_TOP_CLONE, * \c CM_CHILD_UDP, and \c CM_CHILD_TCP. */ + struct multi_context *multi; /**< Pointer to the main P2MP context. + * Non-NULL only when mode == CM_TOP. */ + struct gc_arena gc; /**< Garbage collection arena for * allocations done in the scope of this * context structure. */ -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1093?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ibf64c681e02ac572d339d4d98e75ceb0cd417c45 Gerrit-Change-Number: 1093 Gerrit-PatchSet: 2 Gerrit-Owner: ordex <an...@ma...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-MessageType: merged |
|
From: cron2 (C. Review) <ge...@op...> - 2025-07-23 09:40:22
|
cron2 has uploaded a new patch set (#2) to the change originally created by ordex. ( http://gerrit.openvpn.net/c/openvpn/+/1093?usp=email ) The following approvals got outdated and were removed: Code-Review+2 by cron2 Change subject: multi: store multi_context address inside top instance ...................................................................... multi: store multi_context address inside top instance Future modifications to DCO require accessing the server multi_context object. Since it is currently a stack variable that is pointed by no one, we'd need to pass it to all kind of functions to ensure it can reach the DCO code. To make the implementation simpler, it is preferable to simply assign its address to a struct context's field. While at it, make some multi_* functions static as they used only inside multi.c, where they are defined. Change-Id: Ibf64c681e02ac572d339d4d98e75ceb0cd417c45 Signed-off-by: Antonio Quartulli <an...@ma...> Acked-by: Gert Doering <ge...@gr...> Message-Id: <202...@gr...> URL: https://www.mail-archive.com/ope...@li.../msg32266.html Signed-off-by: Gert Doering <ge...@gr...> --- M src/openvpn/multi.c M src/openvpn/multi.h M src/openvpn/openvpn.h 3 files changed, 15 insertions(+), 18 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/93/1093/2 diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 4696686..ec260a2 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -290,9 +290,10 @@ /* * Main initialization function, init multi_context object. */ -void -multi_init(struct multi_context *m, struct context *t) +static void +multi_init(struct context *t) { + struct multi_context *m = t->multi; int dev = DEV_TYPE_UNDEF; msg(D_MULTI_LOW, "MULTI: multi_init called, r=%d v=%d", @@ -706,7 +707,7 @@ /* * Called on shutdown or restart. */ -void +static void multi_uninit(struct multi_context *m) { if (m->hash) @@ -3922,14 +3923,14 @@ } } -void -multi_top_init(struct multi_context *m, struct context *top) +static void +multi_top_init(struct context *top) { - inherit_context_top(&m->top, top); - m->top.c2.buffers = init_context_buffers(&top->c2.frame); + inherit_context_top(&top->multi->top, top); + top->multi->top.c2.buffers = init_context_buffers(&top->c2.frame); } -void +static void multi_top_free(struct multi_context *m) { close_context(&m->top, -1, CC_GC_FREE); @@ -4324,6 +4325,7 @@ struct multi_context multi; top->mode = CM_TOP; + top->multi = &multi; context_clear_2(top); /* initialize top-tunnel instance */ @@ -4334,10 +4336,10 @@ } /* initialize global multi_context object */ - multi_init(&multi, top); + multi_init(top); /* initialize our cloned top object */ - multi_top_init(&multi, top); + multi_top_init(top); /* initialize management interface */ init_management_callback_multi(&multi); diff --git a/src/openvpn/multi.h b/src/openvpn/multi.h index fe9e847..8b2704c 100644 --- a/src/openvpn/multi.h +++ b/src/openvpn/multi.h @@ -263,14 +263,6 @@ * Called by mtcp.c, mudp.c, or other (to be written) protocol drivers */ -void multi_init(struct multi_context *m, struct context *t); - -void multi_uninit(struct multi_context *m); - -void multi_top_init(struct multi_context *m, struct context *top); - -void multi_top_free(struct multi_context *m); - struct multi_instance *multi_create_instance(struct multi_context *m, const struct mroute_addr *real, struct link_socket *sock); diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h index 3c8ce39..7d48888 100644 --- a/src/openvpn/openvpn.h +++ b/src/openvpn/openvpn.h @@ -491,6 +491,9 @@ * CM_P2P, \c CM_TOP, \c CM_TOP_CLONE, * \c CM_CHILD_UDP, and \c CM_CHILD_TCP. */ + struct multi_context *multi; /**< Pointer to the main P2MP context. + * Non-NULL only when mode == CM_TOP. */ + struct gc_arena gc; /**< Garbage collection arena for * allocations done in the scope of this * context structure. */ -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1093?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ibf64c681e02ac572d339d4d98e75ceb0cd417c45 Gerrit-Change-Number: 1093 Gerrit-PatchSet: 2 Gerrit-Owner: ordex <an...@ma...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-MessageType: newpatchset |
|
From: Gert D. <ge...@gr...> - 2025-07-23 09:40:02
|
The change is fairly trivial, but helps basically all sort of
"async things that need to access the multi context" later on.
I do look forward to crashing the new DCO code by running it in
"non multi" mode, though :-) (which is the risk that code changes
relying on this commit bring with them - being run in a non-multi
environment).
Unlike the other patches in this series, *this* has been also subjected
to a full client/server side test run - it looks harmless, but sometimes
I overlook things a test run finds.
Your patch has been applied to the master branch.
commit 7f5a6deae33a338a23d7e8ff8526db8fdddf4bc2
Author: Antonio Quartulli
Date: Wed Jul 23 08:10:25 2025 +0200
multi: store multi_context address inside top instance
Signed-off-by: Antonio Quartulli <an...@ma...>
Acked-by: Gert Doering <ge...@gr...>
Message-Id: <202...@gr...>
URL: https://www.mail-archive.com/ope...@li.../msg32266.html
Signed-off-by: Gert Doering <ge...@gr...>
--
kind regards,
Gert Doering
|
|
From: Kristof P. <kpr...@ne...> - 2025-07-23 09:02:55
|
From: Kristof Provost <kp...@Fr...>
Signed-off-by: Kristof Provost <kpr...@ne...>
---
configure.ac | 9 +++++
src/openvpn/dco_freebsd.c | 68 ++++++++++++++++++++++++++++++++++
src/openvpn/dco_freebsd.h | 2 +
src/openvpn/multi.c | 2 +-
src/openvpn/ovpn_dco_freebsd.h | 1 +
5 files changed, 81 insertions(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 66cb79b1..50697b8e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -848,6 +848,15 @@ if test "$enable_dco" != "no"; then
else
AC_MSG_ERROR([DCO support can't be enabled])
fi
+ else
+ AC_CHECK_DECLS(
+ [OVPN_NOTIF_FLOAT],
+ [AC_DEFINE([ENABLE_DCO_FLOAT_FREEBSD], [1], [We have DCO float notifications on FreeBSD])],
+ ,
+ [[
+ #include <net/if_ovpn.h>
+ ]]
+ )
fi
;;
*-mingw*)
diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c
index b8816c63..b0cab389 100644
--- a/src/openvpn/dco_freebsd.c
+++ b/src/openvpn/dco_freebsd.c
@@ -72,6 +72,55 @@ sockaddr_to_nvlist(const struct sockaddr *sa)
return (nvl);
}
+#ifdef ENABLE_DCO_FLOAT_FREEBSD
+static bool
+nvlist_to_sockaddr(const nvlist_t *nvl, struct sockaddr_storage *ss)
+{
+ if (! nvlist_exists_number(nvl, "af"))
+ return (false);
+ if (! nvlist_exists_binary(nvl, "address"))
+ return (false);
+ if (! nvlist_exists_number(nvl, "port"))
+ return (false);
+
+ ss->ss_family = nvlist_get_number(nvl, "af");
+
+ switch (ss->ss_family)
+ {
+ case AF_INET:
+ {
+ struct sockaddr_in *in = (struct sockaddr_in *)ss;
+ const void *data;
+ size_t len;
+
+ in->sin_len = sizeof(*in);
+ data = nvlist_get_binary(nvl, "address", &len);
+ assert(len == sizeof(in->sin_addr));
+ memcpy(&in->sin_addr, data, sizeof(in->sin_addr));
+ in->sin_port = nvlist_get_number(nvl, "port");
+ break;
+ }
+ case AF_INET6:
+ {
+ struct sockaddr_in6 *in6 = (struct sockaddr_in6 *)ss;
+ const void *data;
+ size_t len;
+
+ in6->sin6_len = sizeof(*in6);
+ data = nvlist_get_binary(nvl, "address", &len);
+ assert(len == sizeof(in6->sin6_addr));
+ memcpy(&in6->sin6_addr, data, sizeof(in6->sin6_addr));
+ in6->sin6_port = nvlist_get_number(nvl, "port");
+ break;
+ }
+ default:
+ return (false);
+ }
+
+ return (true);
+}
+#endif
+
int
dco_new_peer(dco_context_t *dco, unsigned int peerid, int sd,
struct sockaddr *localaddr, struct sockaddr *remoteaddr,
@@ -571,6 +620,25 @@ dco_do_read(dco_context_t *dco)
dco->dco_message_type = OVPN_CMD_SWAP_KEYS;
break;
+#ifdef ENABLE_DCO_FLOAT_FREEBSD
+ case OVPN_NOTIF_FLOAT: {
+ const nvlist_t *address;
+
+ if (! nvlist_exists_nvlist(nvl, "address")) {
+ msg(M_WARN, "Float notification without address");
+ break;
+ }
+
+ address = nvlist_get_nvlist(nvl, "address");
+ if (! nvlist_to_sockaddr(address, &dco->dco_float_peer_ss)) {
+ msg(M_WARN, "Failed to parse float notification");
+ break;
+ }
+ dco->dco_message_type = OVPN_CMD_FLOAT_PEER;
+ break;
+ }
+#endif
+
default:
msg(M_WARN, "Unknown kernel notification %d", type);
break;
diff --git a/src/openvpn/dco_freebsd.h b/src/openvpn/dco_freebsd.h
index e1a054e0..ab5891e8 100644
--- a/src/openvpn/dco_freebsd.h
+++ b/src/openvpn/dco_freebsd.h
@@ -36,6 +36,7 @@ enum ovpn_message_type_t {
OVPN_CMD_DEL_PEER,
OVPN_CMD_PACKET,
OVPN_CMD_SWAP_KEYS,
+ OVPN_CMD_FLOAT_PEER,
};
enum ovpn_del_reason_t {
@@ -55,6 +56,7 @@ typedef struct dco_context {
int dco_message_type;
int dco_message_peer_id;
int dco_del_peer_reason;
+ struct sockaddr_storage dco_float_peer_ss;
uint64_t dco_read_bytes;
uint64_t dco_write_bytes;
} dco_context_t;
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index 46966863..8e712e44 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -3400,7 +3400,7 @@ multi_process_incoming_dco(struct multi_context *m)
{
process_incoming_del_peer(m, mi, dco);
}
-#if defined(TARGET_LINUX) || defined(TARGET_WIN32)
+#if defined(TARGET_LINUX) || defined(TARGET_WIN32) || defined(TARGET_FREEBSD)
else if (dco->dco_message_type == OVPN_CMD_FLOAT_PEER)
{
ASSERT(mi->context.c2.link_sockets[0]);
diff --git a/src/openvpn/ovpn_dco_freebsd.h b/src/openvpn/ovpn_dco_freebsd.h
index 53f94dfd..7eb643b4 100644
--- a/src/openvpn/ovpn_dco_freebsd.h
+++ b/src/openvpn/ovpn_dco_freebsd.h
@@ -37,6 +37,7 @@
enum ovpn_notif_type {
OVPN_NOTIF_DEL_PEER,
OVPN_NOTIF_ROTATE_KEY,
+ OVPN_NOTIF_FLOAT,
};
enum ovpn_del_reason {
--
2.50.1
|
|
From: cron2 (C. Review) <ge...@op...> - 2025-07-23 08:35:30
|
cron2 has uploaded a new patch set (#3) to the change originally created by ordex. ( http://gerrit.openvpn.net/c/openvpn/+/1098?usp=email ) The following approvals got outdated and were removed: Code-Review+2 by cron2 Change subject: dco_linux: rearrange functions ...................................................................... dco_linux: rearrange functions In preparation for the implementation of a generic netlink message parser, move all parsing functions above ovpn_handle_msg(). The latter is soon going to become a generic message parser which will invoke specific handlers, thus they are required to be defined earlier in the file. No functional change is intended. This patch is only meant to reduce entropy in the patch which will do the real netlink parser change. Better reviewed with: git show --color-moved Change-Id: I94004579aef4a1ccccdbcf8edd7b722e5a611c72 Signed-off-by: Antonio Quartulli <an...@ma...> Acked-by: Gert Doering <ge...@gr...> Message-Id: <202...@gr...> URL: https://www.mail-archive.com/ope...@li.../msg32263.html Signed-off-by: Gert Doering <ge...@gr...> --- M src/openvpn/dco_linux.c 1 file changed, 144 insertions(+), 144 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/98/1098/3 diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c index a04a164..3652a49 100644 --- a/src/openvpn/dco_linux.c +++ b/src/openvpn/dco_linux.c @@ -806,6 +806,150 @@ return false; } +/* libnl < 3.11.0 does not implement nla_get_uint() */ +static uint64_t +ovpn_nla_get_uint(struct nlattr *attr) +{ + if (nla_len(attr) == sizeof(uint32_t)) + { + return nla_get_u32(attr); + } + else + { + return nla_get_u64(attr); + } +} + +static void +dco_update_peer_stat(struct context_2 *c2, struct nlattr *tb[], uint32_t id) +{ + if (tb[OVPN_A_PEER_LINK_RX_BYTES]) + { + c2->dco_read_bytes = ovpn_nla_get_uint(tb[OVPN_A_PEER_LINK_RX_BYTES]); + msg(D_DCO_DEBUG, "%s / dco_read_bytes: " counter_format, __func__, + c2->dco_read_bytes); + } + else + { + msg(M_WARN, "%s: no link RX bytes provided in reply for peer %u", + __func__, id); + } + + if (tb[OVPN_A_PEER_LINK_TX_BYTES]) + { + c2->dco_write_bytes = ovpn_nla_get_uint(tb[OVPN_A_PEER_LINK_TX_BYTES]); + msg(D_DCO_DEBUG, "%s / dco_write_bytes: " counter_format, __func__, + c2->dco_write_bytes); + } + else + { + msg(M_WARN, "%s: no link TX bytes provided in reply for peer %u", + __func__, id); + } + + if (tb[OVPN_A_PEER_VPN_RX_BYTES]) + { + c2->tun_read_bytes = ovpn_nla_get_uint(tb[OVPN_A_PEER_VPN_RX_BYTES]); + msg(D_DCO_DEBUG, "%s / tun_read_bytes: " counter_format, __func__, + c2->tun_read_bytes); + } + else + { + msg(M_WARN, "%s: no VPN RX bytes provided in reply for peer %u", + __func__, id); + } + + if (tb[OVPN_A_PEER_VPN_TX_BYTES]) + { + c2->tun_write_bytes = ovpn_nla_get_uint(tb[OVPN_A_PEER_VPN_TX_BYTES]); + msg(D_DCO_DEBUG, "%s / tun_write_bytes: " counter_format, __func__, + c2->tun_write_bytes); + } + else + { + msg(M_WARN, "%s: no VPN TX bytes provided in reply for peer %u", + __func__, id); + } +} + +static int +dco_parse_peer_multi(struct nl_msg *msg, void *arg) +{ + struct nlattr *tb[OVPN_A_MAX + 1]; + struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); + + msg(D_DCO_DEBUG, "%s: parsing message...", __func__); + + nla_parse(tb, OVPN_A_MAX, genlmsg_attrdata(gnlh, 0), + genlmsg_attrlen(gnlh, 0), NULL); + + if (!tb[OVPN_A_PEER]) + { + return NL_SKIP; + } + + struct nlattr *tb_peer[OVPN_A_PEER_MAX + 1]; + nla_parse_nested(tb_peer, OVPN_A_PEER_MAX, tb[OVPN_A_PEER], NULL); + + if (!tb_peer[OVPN_A_PEER_ID]) + { + msg(M_WARN, "%s: no peer-id provided in reply", __func__); + return NL_SKIP; + } + + struct multi_context *m = arg; + uint32_t peer_id = nla_get_u32(tb_peer[OVPN_A_PEER_ID]); + + if (peer_id >= m->max_clients || !m->instances[peer_id]) + { + msg(M_WARN, "%s: cannot store DCO stats for peer %u", __func__, + peer_id); + return NL_SKIP; + } + + dco_update_peer_stat(&m->instances[peer_id]->context.c2, tb_peer, peer_id); + + return NL_OK; +} + +static int +dco_parse_peer(struct nl_msg *msg, void *arg) +{ + struct context *c = arg; + struct nlattr *tb[OVPN_A_MAX + 1]; + struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); + + msg(D_DCO_DEBUG, "%s: parsing message...", __func__); + + nla_parse(tb, OVPN_A_MAX, genlmsg_attrdata(gnlh, 0), + genlmsg_attrlen(gnlh, 0), NULL); + + if (!tb[OVPN_A_PEER]) + { + msg(D_DCO_DEBUG, "%s: malformed reply", __func__); + return NL_SKIP; + } + + struct nlattr *tb_peer[OVPN_A_PEER_MAX + 1]; + nla_parse_nested(tb_peer, OVPN_A_PEER_MAX, tb[OVPN_A_PEER], NULL); + + if (!tb_peer[OVPN_A_PEER_ID]) + { + msg(M_WARN, "%s: no peer-id provided in reply", __func__); + return NL_SKIP; + } + + uint32_t peer_id = nla_get_u32(tb_peer[OVPN_A_PEER_ID]); + if (c->c2.tls_multi->dco_peer_id != peer_id) + { + return NL_SKIP; + } + + dco_update_peer_stat(&c->c2, tb_peer, peer_id); + + return NL_OK; +} + /* This function parses any netlink message sent by ovpn-dco to userspace */ static int ovpn_handle_msg(struct nl_msg *msg, void *arg) @@ -988,112 +1132,6 @@ return ovpn_nl_recvmsgs(dco, __func__); } -/* libnl < 3.11.0 does not implement nla_get_uint() */ -static uint64_t -ovpn_nla_get_uint(struct nlattr *attr) -{ - if (nla_len(attr) == sizeof(uint32_t)) - { - return nla_get_u32(attr); - } - else - { - return nla_get_u64(attr); - } -} - -static void -dco_update_peer_stat(struct context_2 *c2, struct nlattr *tb[], uint32_t id) -{ - if (tb[OVPN_A_PEER_LINK_RX_BYTES]) - { - c2->dco_read_bytes = ovpn_nla_get_uint(tb[OVPN_A_PEER_LINK_RX_BYTES]); - msg(D_DCO_DEBUG, "%s / dco_read_bytes: " counter_format, __func__, - c2->dco_read_bytes); - } - else - { - msg(M_WARN, "%s: no link RX bytes provided in reply for peer %u", - __func__, id); - } - - if (tb[OVPN_A_PEER_LINK_TX_BYTES]) - { - c2->dco_write_bytes = ovpn_nla_get_uint(tb[OVPN_A_PEER_LINK_TX_BYTES]); - msg(D_DCO_DEBUG, "%s / dco_write_bytes: " counter_format, __func__, - c2->dco_write_bytes); - } - else - { - msg(M_WARN, "%s: no link TX bytes provided in reply for peer %u", - __func__, id); - } - - if (tb[OVPN_A_PEER_VPN_RX_BYTES]) - { - c2->tun_read_bytes = ovpn_nla_get_uint(tb[OVPN_A_PEER_VPN_RX_BYTES]); - msg(D_DCO_DEBUG, "%s / tun_read_bytes: " counter_format, __func__, - c2->tun_read_bytes); - } - else - { - msg(M_WARN, "%s: no VPN RX bytes provided in reply for peer %u", - __func__, id); - } - - if (tb[OVPN_A_PEER_VPN_TX_BYTES]) - { - c2->tun_write_bytes = ovpn_nla_get_uint(tb[OVPN_A_PEER_VPN_TX_BYTES]); - msg(D_DCO_DEBUG, "%s / tun_write_bytes: " counter_format, __func__, - c2->tun_write_bytes); - } - else - { - msg(M_WARN, "%s: no VPN TX bytes provided in reply for peer %u", - __func__, id); - } -} - -int -dco_parse_peer_multi(struct nl_msg *msg, void *arg) -{ - struct nlattr *tb[OVPN_A_MAX + 1]; - struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); - - msg(D_DCO_DEBUG, "%s: parsing message...", __func__); - - nla_parse(tb, OVPN_A_MAX, genlmsg_attrdata(gnlh, 0), - genlmsg_attrlen(gnlh, 0), NULL); - - if (!tb[OVPN_A_PEER]) - { - return NL_SKIP; - } - - struct nlattr *tb_peer[OVPN_A_PEER_MAX + 1]; - nla_parse_nested(tb_peer, OVPN_A_PEER_MAX, tb[OVPN_A_PEER], NULL); - - if (!tb_peer[OVPN_A_PEER_ID]) - { - msg(M_WARN, "%s: no peer-id provided in reply", __func__); - return NL_SKIP; - } - - struct multi_context *m = arg; - uint32_t peer_id = nla_get_u32(tb_peer[OVPN_A_PEER_ID]); - - if (peer_id >= m->max_clients || !m->instances[peer_id]) - { - msg(M_WARN, "%s: cannot store DCO stats for peer %u", __func__, - peer_id); - return NL_SKIP; - } - - dco_update_peer_stat(&m->instances[peer_id]->context.c2, tb_peer, peer_id); - - return NL_OK; -} - int dco_get_peer_stats_multi(dco_context_t *dco, struct multi_context *m, const bool raise_sigusr1_on_err) @@ -1118,44 +1156,6 @@ return ret; } -static int -dco_parse_peer(struct nl_msg *msg, void *arg) -{ - struct context *c = arg; - struct nlattr *tb[OVPN_A_MAX + 1]; - struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); - - msg(D_DCO_DEBUG, "%s: parsing message...", __func__); - - nla_parse(tb, OVPN_A_MAX, genlmsg_attrdata(gnlh, 0), - genlmsg_attrlen(gnlh, 0), NULL); - - if (!tb[OVPN_A_PEER]) - { - msg(D_DCO_DEBUG, "%s: malformed reply", __func__); - return NL_SKIP; - } - - struct nlattr *tb_peer[OVPN_A_PEER_MAX + 1]; - nla_parse_nested(tb_peer, OVPN_A_PEER_MAX, tb[OVPN_A_PEER], NULL); - - if (!tb_peer[OVPN_A_PEER_ID]) - { - msg(M_WARN, "%s: no peer-id provided in reply", __func__); - return NL_SKIP; - } - - uint32_t peer_id = nla_get_u32(tb_peer[OVPN_A_PEER_ID]); - if (c->c2.tls_multi->dco_peer_id != peer_id) - { - return NL_SKIP; - } - - dco_update_peer_stat(&c->c2, tb_peer, peer_id); - - return NL_OK; -} - int dco_get_peer_stats(struct context *c, const bool raise_sigusr1_on_err) { -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1098?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I94004579aef4a1ccccdbcf8edd7b722e5a611c72 Gerrit-Change-Number: 1098 Gerrit-PatchSet: 3 Gerrit-Owner: ordex <an...@ma...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-MessageType: newpatchset |
|
From: cron2 (C. Review) <ge...@op...> - 2025-07-23 08:35:27
|
cron2 has submitted this change. ( http://gerrit.openvpn.net/c/openvpn/+/1098?usp=email ) Change subject: dco_linux: rearrange functions ...................................................................... dco_linux: rearrange functions In preparation for the implementation of a generic netlink message parser, move all parsing functions above ovpn_handle_msg(). The latter is soon going to become a generic message parser which will invoke specific handlers, thus they are required to be defined earlier in the file. No functional change is intended. This patch is only meant to reduce entropy in the patch which will do the real netlink parser change. Better reviewed with: git show --color-moved Change-Id: I94004579aef4a1ccccdbcf8edd7b722e5a611c72 Signed-off-by: Antonio Quartulli <an...@ma...> Acked-by: Gert Doering <ge...@gr...> Message-Id: <202...@gr...> URL: https://www.mail-archive.com/ope...@li.../msg32263.html Signed-off-by: Gert Doering <ge...@gr...> --- M src/openvpn/dco_linux.c 1 file changed, 144 insertions(+), 144 deletions(-) diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c index a04a164..3652a49 100644 --- a/src/openvpn/dco_linux.c +++ b/src/openvpn/dco_linux.c @@ -806,6 +806,150 @@ return false; } +/* libnl < 3.11.0 does not implement nla_get_uint() */ +static uint64_t +ovpn_nla_get_uint(struct nlattr *attr) +{ + if (nla_len(attr) == sizeof(uint32_t)) + { + return nla_get_u32(attr); + } + else + { + return nla_get_u64(attr); + } +} + +static void +dco_update_peer_stat(struct context_2 *c2, struct nlattr *tb[], uint32_t id) +{ + if (tb[OVPN_A_PEER_LINK_RX_BYTES]) + { + c2->dco_read_bytes = ovpn_nla_get_uint(tb[OVPN_A_PEER_LINK_RX_BYTES]); + msg(D_DCO_DEBUG, "%s / dco_read_bytes: " counter_format, __func__, + c2->dco_read_bytes); + } + else + { + msg(M_WARN, "%s: no link RX bytes provided in reply for peer %u", + __func__, id); + } + + if (tb[OVPN_A_PEER_LINK_TX_BYTES]) + { + c2->dco_write_bytes = ovpn_nla_get_uint(tb[OVPN_A_PEER_LINK_TX_BYTES]); + msg(D_DCO_DEBUG, "%s / dco_write_bytes: " counter_format, __func__, + c2->dco_write_bytes); + } + else + { + msg(M_WARN, "%s: no link TX bytes provided in reply for peer %u", + __func__, id); + } + + if (tb[OVPN_A_PEER_VPN_RX_BYTES]) + { + c2->tun_read_bytes = ovpn_nla_get_uint(tb[OVPN_A_PEER_VPN_RX_BYTES]); + msg(D_DCO_DEBUG, "%s / tun_read_bytes: " counter_format, __func__, + c2->tun_read_bytes); + } + else + { + msg(M_WARN, "%s: no VPN RX bytes provided in reply for peer %u", + __func__, id); + } + + if (tb[OVPN_A_PEER_VPN_TX_BYTES]) + { + c2->tun_write_bytes = ovpn_nla_get_uint(tb[OVPN_A_PEER_VPN_TX_BYTES]); + msg(D_DCO_DEBUG, "%s / tun_write_bytes: " counter_format, __func__, + c2->tun_write_bytes); + } + else + { + msg(M_WARN, "%s: no VPN TX bytes provided in reply for peer %u", + __func__, id); + } +} + +static int +dco_parse_peer_multi(struct nl_msg *msg, void *arg) +{ + struct nlattr *tb[OVPN_A_MAX + 1]; + struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); + + msg(D_DCO_DEBUG, "%s: parsing message...", __func__); + + nla_parse(tb, OVPN_A_MAX, genlmsg_attrdata(gnlh, 0), + genlmsg_attrlen(gnlh, 0), NULL); + + if (!tb[OVPN_A_PEER]) + { + return NL_SKIP; + } + + struct nlattr *tb_peer[OVPN_A_PEER_MAX + 1]; + nla_parse_nested(tb_peer, OVPN_A_PEER_MAX, tb[OVPN_A_PEER], NULL); + + if (!tb_peer[OVPN_A_PEER_ID]) + { + msg(M_WARN, "%s: no peer-id provided in reply", __func__); + return NL_SKIP; + } + + struct multi_context *m = arg; + uint32_t peer_id = nla_get_u32(tb_peer[OVPN_A_PEER_ID]); + + if (peer_id >= m->max_clients || !m->instances[peer_id]) + { + msg(M_WARN, "%s: cannot store DCO stats for peer %u", __func__, + peer_id); + return NL_SKIP; + } + + dco_update_peer_stat(&m->instances[peer_id]->context.c2, tb_peer, peer_id); + + return NL_OK; +} + +static int +dco_parse_peer(struct nl_msg *msg, void *arg) +{ + struct context *c = arg; + struct nlattr *tb[OVPN_A_MAX + 1]; + struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); + + msg(D_DCO_DEBUG, "%s: parsing message...", __func__); + + nla_parse(tb, OVPN_A_MAX, genlmsg_attrdata(gnlh, 0), + genlmsg_attrlen(gnlh, 0), NULL); + + if (!tb[OVPN_A_PEER]) + { + msg(D_DCO_DEBUG, "%s: malformed reply", __func__); + return NL_SKIP; + } + + struct nlattr *tb_peer[OVPN_A_PEER_MAX + 1]; + nla_parse_nested(tb_peer, OVPN_A_PEER_MAX, tb[OVPN_A_PEER], NULL); + + if (!tb_peer[OVPN_A_PEER_ID]) + { + msg(M_WARN, "%s: no peer-id provided in reply", __func__); + return NL_SKIP; + } + + uint32_t peer_id = nla_get_u32(tb_peer[OVPN_A_PEER_ID]); + if (c->c2.tls_multi->dco_peer_id != peer_id) + { + return NL_SKIP; + } + + dco_update_peer_stat(&c->c2, tb_peer, peer_id); + + return NL_OK; +} + /* This function parses any netlink message sent by ovpn-dco to userspace */ static int ovpn_handle_msg(struct nl_msg *msg, void *arg) @@ -988,112 +1132,6 @@ return ovpn_nl_recvmsgs(dco, __func__); } -/* libnl < 3.11.0 does not implement nla_get_uint() */ -static uint64_t -ovpn_nla_get_uint(struct nlattr *attr) -{ - if (nla_len(attr) == sizeof(uint32_t)) - { - return nla_get_u32(attr); - } - else - { - return nla_get_u64(attr); - } -} - -static void -dco_update_peer_stat(struct context_2 *c2, struct nlattr *tb[], uint32_t id) -{ - if (tb[OVPN_A_PEER_LINK_RX_BYTES]) - { - c2->dco_read_bytes = ovpn_nla_get_uint(tb[OVPN_A_PEER_LINK_RX_BYTES]); - msg(D_DCO_DEBUG, "%s / dco_read_bytes: " counter_format, __func__, - c2->dco_read_bytes); - } - else - { - msg(M_WARN, "%s: no link RX bytes provided in reply for peer %u", - __func__, id); - } - - if (tb[OVPN_A_PEER_LINK_TX_BYTES]) - { - c2->dco_write_bytes = ovpn_nla_get_uint(tb[OVPN_A_PEER_LINK_TX_BYTES]); - msg(D_DCO_DEBUG, "%s / dco_write_bytes: " counter_format, __func__, - c2->dco_write_bytes); - } - else - { - msg(M_WARN, "%s: no link TX bytes provided in reply for peer %u", - __func__, id); - } - - if (tb[OVPN_A_PEER_VPN_RX_BYTES]) - { - c2->tun_read_bytes = ovpn_nla_get_uint(tb[OVPN_A_PEER_VPN_RX_BYTES]); - msg(D_DCO_DEBUG, "%s / tun_read_bytes: " counter_format, __func__, - c2->tun_read_bytes); - } - else - { - msg(M_WARN, "%s: no VPN RX bytes provided in reply for peer %u", - __func__, id); - } - - if (tb[OVPN_A_PEER_VPN_TX_BYTES]) - { - c2->tun_write_bytes = ovpn_nla_get_uint(tb[OVPN_A_PEER_VPN_TX_BYTES]); - msg(D_DCO_DEBUG, "%s / tun_write_bytes: " counter_format, __func__, - c2->tun_write_bytes); - } - else - { - msg(M_WARN, "%s: no VPN TX bytes provided in reply for peer %u", - __func__, id); - } -} - -int -dco_parse_peer_multi(struct nl_msg *msg, void *arg) -{ - struct nlattr *tb[OVPN_A_MAX + 1]; - struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); - - msg(D_DCO_DEBUG, "%s: parsing message...", __func__); - - nla_parse(tb, OVPN_A_MAX, genlmsg_attrdata(gnlh, 0), - genlmsg_attrlen(gnlh, 0), NULL); - - if (!tb[OVPN_A_PEER]) - { - return NL_SKIP; - } - - struct nlattr *tb_peer[OVPN_A_PEER_MAX + 1]; - nla_parse_nested(tb_peer, OVPN_A_PEER_MAX, tb[OVPN_A_PEER], NULL); - - if (!tb_peer[OVPN_A_PEER_ID]) - { - msg(M_WARN, "%s: no peer-id provided in reply", __func__); - return NL_SKIP; - } - - struct multi_context *m = arg; - uint32_t peer_id = nla_get_u32(tb_peer[OVPN_A_PEER_ID]); - - if (peer_id >= m->max_clients || !m->instances[peer_id]) - { - msg(M_WARN, "%s: cannot store DCO stats for peer %u", __func__, - peer_id); - return NL_SKIP; - } - - dco_update_peer_stat(&m->instances[peer_id]->context.c2, tb_peer, peer_id); - - return NL_OK; -} - int dco_get_peer_stats_multi(dco_context_t *dco, struct multi_context *m, const bool raise_sigusr1_on_err) @@ -1118,44 +1156,6 @@ return ret; } -static int -dco_parse_peer(struct nl_msg *msg, void *arg) -{ - struct context *c = arg; - struct nlattr *tb[OVPN_A_MAX + 1]; - struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); - - msg(D_DCO_DEBUG, "%s: parsing message...", __func__); - - nla_parse(tb, OVPN_A_MAX, genlmsg_attrdata(gnlh, 0), - genlmsg_attrlen(gnlh, 0), NULL); - - if (!tb[OVPN_A_PEER]) - { - msg(D_DCO_DEBUG, "%s: malformed reply", __func__); - return NL_SKIP; - } - - struct nlattr *tb_peer[OVPN_A_PEER_MAX + 1]; - nla_parse_nested(tb_peer, OVPN_A_PEER_MAX, tb[OVPN_A_PEER], NULL); - - if (!tb_peer[OVPN_A_PEER_ID]) - { - msg(M_WARN, "%s: no peer-id provided in reply", __func__); - return NL_SKIP; - } - - uint32_t peer_id = nla_get_u32(tb_peer[OVPN_A_PEER_ID]); - if (c->c2.tls_multi->dco_peer_id != peer_id) - { - return NL_SKIP; - } - - dco_update_peer_stat(&c->c2, tb_peer, peer_id); - - return NL_OK; -} - int dco_get_peer_stats(struct context *c, const bool raise_sigusr1_on_err) { -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1098?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I94004579aef4a1ccccdbcf8edd7b722e5a611c72 Gerrit-Change-Number: 1098 Gerrit-PatchSet: 3 Gerrit-Owner: ordex <an...@ma...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-MessageType: merged |
|
From: Gert D. <ge...@gr...> - 2025-07-23 08:35:01
|
As mentioned every now and then, I'm not a big fan of patches that
move code around - we frequently use "git blame" to figure out why
certain code pieces came to be, and this gets more annoying if code
gets moved. This said, *if* code needs to move, I do prefer a patch
that has "no other changes" so "--color-moved=zebra" can visually
prove that "nothing has changed". In this case, one "static" appeared,
but nothing else :-)
Test compiled, as usual.
Your patch has been applied to the master branch.
commit 7bcafb316ecea68b1acda9e137df9dce18afcc8c
Author: Antonio Quartulli
Date: Wed Jul 23 08:07:41 2025 +0200
dco_linux: rearrange functions
Signed-off-by: Antonio Quartulli <an...@ma...>
Acked-by: Gert Doering <ge...@gr...>
Message-Id: <202...@gr...>
URL: https://www.mail-archive.com/ope...@li.../msg32263.html
Signed-off-by: Gert Doering <ge...@gr...>
--
kind regards,
Gert Doering
|
|
From: cron2 (C. Review) <ge...@op...> - 2025-07-23 08:18:56
|
cron2 has submitted this change. ( http://gerrit.openvpn.net/c/openvpn/+/1096?usp=email ) Change subject: dco_linux: use M_FATAL instead of M_ERR in netlink error code paths ...................................................................... dco_linux: use M_FATAL instead of M_ERR in netlink error code paths Netlink code doesn't set errno upon error (with the exception of any *alloc() function which probably inherits the errno=ENOMEM from the underlying malloc call), therefore we should not print error messages with M_ERR, but rather rely on M_FATAL. M_ERR is equivalent to M_FATAL with the addition of appending ": $errno" to the error string. Since errno is not meaningful in this context, we can just opt for the less confusing M_FATAL. Change-Id: Ifc442b4426c02de7282d0f69629e8a10b679c589 Signed-off-by: Antonio Quartulli <an...@ma...> Acked-by: Gert Doering <ge...@gr...> Message-Id: <202...@gr...> URL: https://www.mail-archive.com/ope...@li.../msg32271.html Signed-off-by: Gert Doering <ge...@gr...> --- M src/openvpn/dco_linux.c 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c index 0a73882..a04a164 100644 --- a/src/openvpn/dco_linux.c +++ b/src/openvpn/dco_linux.c @@ -114,7 +114,7 @@ struct nl_msg *nl_msg = nlmsg_alloc(); if (!nl_msg) { - msg(M_ERR, "cannot allocate netlink message"); + msg(M_FATAL, "cannot allocate netlink message"); return NULL; } @@ -140,7 +140,7 @@ break; case -NLE_NOMEM: - msg(M_ERR, "%s: netlink out of memory error", prefix); + msg(M_FATAL, "%s: netlink out of memory error", prefix); break; case -NLE_AGAIN: @@ -148,7 +148,7 @@ break; case -NLE_NODEV: - msg(M_ERR, "%s: netlink reports device not found:", prefix); + msg(M_FATAL, "%s: netlink reports device not found:", prefix); break; case -NLE_OBJ_NOTFOUND: @@ -387,19 +387,19 @@ static void ovpn_dco_init_netlink(dco_context_t *dco) { - dco->ovpn_dco_id = resolve_ovpn_netlink_id(M_ERR); + dco->ovpn_dco_id = resolve_ovpn_netlink_id(M_FATAL); dco->nl_sock = nl_socket_alloc(); if (!dco->nl_sock) { - msg(M_ERR, "Cannot create netlink socket"); + msg(M_FATAL, "Cannot create netlink socket"); } int ret = genl_connect(dco->nl_sock); if (ret) { - msg(M_ERR, "Cannot connect to generic netlink: %s", + msg(M_FATAL, "Cannot connect to generic netlink: %s", nl_geterror(ret)); } @@ -415,7 +415,7 @@ dco->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); if (!dco->nl_cb) { - msg(M_ERR, "failed to allocate netlink callback"); + msg(M_FATAL, "failed to allocate netlink callback"); } nl_socket_set_cb(dco->nl_sock, dco->nl_cb); @@ -478,7 +478,7 @@ if (dco->ovpn_dco_mcast_id < 0) { - msg(M_ERR, "cannot get mcast group: %s", nl_geterror(dco->ovpn_dco_mcast_id)); + msg(M_FATAL, "cannot get mcast group: %s", nl_geterror(dco->ovpn_dco_mcast_id)); } /* Register for ovpn-dco specific multicast messages that the kernel may @@ -487,7 +487,7 @@ int ret = nl_socket_add_membership(dco->nl_sock, dco->ovpn_dco_mcast_id); if (ret) { - msg(M_ERR, "%s: failed to join groups: %d", __func__, ret); + msg(M_FATAL, "%s: failed to join groups: %d", __func__, ret); } } -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1096?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ifc442b4426c02de7282d0f69629e8a10b679c589 Gerrit-Change-Number: 1096 Gerrit-PatchSet: 3 Gerrit-Owner: ordex <an...@ma...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-MessageType: merged |
|
From: cron2 (C. Review) <ge...@op...> - 2025-07-23 08:18:55
|
cron2 has uploaded a new patch set (#3) to the change originally created by ordex. ( http://gerrit.openvpn.net/c/openvpn/+/1096?usp=email ) The following approvals got outdated and were removed: Code-Review+2 by cron2 Change subject: dco_linux: use M_FATAL instead of M_ERR in netlink error code paths ...................................................................... dco_linux: use M_FATAL instead of M_ERR in netlink error code paths Netlink code doesn't set errno upon error (with the exception of any *alloc() function which probably inherits the errno=ENOMEM from the underlying malloc call), therefore we should not print error messages with M_ERR, but rather rely on M_FATAL. M_ERR is equivalent to M_FATAL with the addition of appending ": $errno" to the error string. Since errno is not meaningful in this context, we can just opt for the less confusing M_FATAL. Change-Id: Ifc442b4426c02de7282d0f69629e8a10b679c589 Signed-off-by: Antonio Quartulli <an...@ma...> Acked-by: Gert Doering <ge...@gr...> Message-Id: <202...@gr...> URL: https://www.mail-archive.com/ope...@li.../msg32271.html Signed-off-by: Gert Doering <ge...@gr...> --- M src/openvpn/dco_linux.c 1 file changed, 9 insertions(+), 9 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/96/1096/3 diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c index 0a73882..a04a164 100644 --- a/src/openvpn/dco_linux.c +++ b/src/openvpn/dco_linux.c @@ -114,7 +114,7 @@ struct nl_msg *nl_msg = nlmsg_alloc(); if (!nl_msg) { - msg(M_ERR, "cannot allocate netlink message"); + msg(M_FATAL, "cannot allocate netlink message"); return NULL; } @@ -140,7 +140,7 @@ break; case -NLE_NOMEM: - msg(M_ERR, "%s: netlink out of memory error", prefix); + msg(M_FATAL, "%s: netlink out of memory error", prefix); break; case -NLE_AGAIN: @@ -148,7 +148,7 @@ break; case -NLE_NODEV: - msg(M_ERR, "%s: netlink reports device not found:", prefix); + msg(M_FATAL, "%s: netlink reports device not found:", prefix); break; case -NLE_OBJ_NOTFOUND: @@ -387,19 +387,19 @@ static void ovpn_dco_init_netlink(dco_context_t *dco) { - dco->ovpn_dco_id = resolve_ovpn_netlink_id(M_ERR); + dco->ovpn_dco_id = resolve_ovpn_netlink_id(M_FATAL); dco->nl_sock = nl_socket_alloc(); if (!dco->nl_sock) { - msg(M_ERR, "Cannot create netlink socket"); + msg(M_FATAL, "Cannot create netlink socket"); } int ret = genl_connect(dco->nl_sock); if (ret) { - msg(M_ERR, "Cannot connect to generic netlink: %s", + msg(M_FATAL, "Cannot connect to generic netlink: %s", nl_geterror(ret)); } @@ -415,7 +415,7 @@ dco->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); if (!dco->nl_cb) { - msg(M_ERR, "failed to allocate netlink callback"); + msg(M_FATAL, "failed to allocate netlink callback"); } nl_socket_set_cb(dco->nl_sock, dco->nl_cb); @@ -478,7 +478,7 @@ if (dco->ovpn_dco_mcast_id < 0) { - msg(M_ERR, "cannot get mcast group: %s", nl_geterror(dco->ovpn_dco_mcast_id)); + msg(M_FATAL, "cannot get mcast group: %s", nl_geterror(dco->ovpn_dco_mcast_id)); } /* Register for ovpn-dco specific multicast messages that the kernel may @@ -487,7 +487,7 @@ int ret = nl_socket_add_membership(dco->nl_sock, dco->ovpn_dco_mcast_id); if (ret) { - msg(M_ERR, "%s: failed to join groups: %d", __func__, ret); + msg(M_FATAL, "%s: failed to join groups: %d", __func__, ret); } } -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1096?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ifc442b4426c02de7282d0f69629e8a10b679c589 Gerrit-Change-Number: 1096 Gerrit-PatchSet: 3 Gerrit-Owner: ordex <an...@ma...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-MessageType: newpatchset |
|
From: Gert D. <ge...@gr...> - 2025-07-23 08:18:36
|
Stared at the code, this is all "in netlink error handling", so the
changes makes sense.
Your patch has been applied to the master branch.
commit dfe71b0a397273efffabbc01d1f6a9933f607933
Author: Antonio Quartulli
Date: Wed Jul 23 08:30:30 2025 +0200
dco_linux: use M_FATAL instead of M_ERR in netlink error code paths
Signed-off-by: Antonio Quartulli <an...@ma...>
Acked-by: Gert Doering <ge...@gr...>
Message-Id: <202...@gr...>
URL: https://www.mail-archive.com/ope...@li.../msg32271.html
Signed-off-by: Gert Doering <ge...@gr...>
--
kind regards,
Gert Doering
|
|
From: stipa (C. Review) <ge...@op...> - 2025-07-23 08:16:17
|
Attention is currently required from: cron2, flichtenheld, ordex, plaisthos. stipa has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1094?usp=email ) Change subject: dco: only pass struct context to init function ...................................................................... Patch Set 2: (1 comment) Patchset: PS2: > `dco.h` has […] Same goes to dco_win.c -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1094?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I673a17f8c5dec66cc6c28c1ed44780a7a63927d7 Gerrit-Change-Number: 1094 Gerrit-PatchSet: 2 Gerrit-Owner: ordex <an...@ma...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-CC: stipa <lst...@gm...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: cron2 <ge...@gr...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Attention: ordex <an...@ma...> Gerrit-Comment-Date: Wed, 23 Jul 2025 08:16:03 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: cron2 <ge...@gr...> Gerrit-MessageType: comment |
|
From: cron2 (C. Review) <ge...@op...> - 2025-07-23 08:15:32
|
cron2 has submitted this change. ( http://gerrit.openvpn.net/c/openvpn/+/1095?usp=email ) Change subject: dco_linux: fix case statement by using proper error value ...................................................................... dco_linux: fix case statement by using proper error value A M_ERR constant accidentally slipped in as possible netlink error value. Substitute it with the actual code matching the following error message. Change-Id: I18df6ef659cab9525dd7847b7dd3950fc1895dd5 Signed-off-by: Antonio Quartulli <an...@ma...> Acked-by: Gert Doering <ge...@gr...> Message-Id: <202...@gr...> URL: https://www.mail-archive.com/ope...@li.../msg32269.html Signed-off-by: Gert Doering <ge...@gr...> --- M src/openvpn/dco_linux.c 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c index f04ebfe..0a73882 100644 --- a/src/openvpn/dco_linux.c +++ b/src/openvpn/dco_linux.c @@ -143,7 +143,7 @@ msg(M_ERR, "%s: netlink out of memory error", prefix); break; - case -M_ERR: + case -NLE_AGAIN: msg(M_WARN, "%s: netlink reports blocking read - aborting wait", prefix); break; -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1095?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I18df6ef659cab9525dd7847b7dd3950fc1895dd5 Gerrit-Change-Number: 1095 Gerrit-PatchSet: 3 Gerrit-Owner: ordex <an...@ma...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-MessageType: merged |
|
From: cron2 (C. Review) <ge...@op...> - 2025-07-23 08:15:31
|
cron2 has uploaded a new patch set (#3) to the change originally created by ordex. ( http://gerrit.openvpn.net/c/openvpn/+/1095?usp=email ) The following approvals got outdated and were removed: Code-Review+2 by cron2 Change subject: dco_linux: fix case statement by using proper error value ...................................................................... dco_linux: fix case statement by using proper error value A M_ERR constant accidentally slipped in as possible netlink error value. Substitute it with the actual code matching the following error message. Change-Id: I18df6ef659cab9525dd7847b7dd3950fc1895dd5 Signed-off-by: Antonio Quartulli <an...@ma...> Acked-by: Gert Doering <ge...@gr...> Message-Id: <202...@gr...> URL: https://www.mail-archive.com/ope...@li.../msg32269.html Signed-off-by: Gert Doering <ge...@gr...> --- M src/openvpn/dco_linux.c 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/95/1095/3 diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c index f04ebfe..0a73882 100644 --- a/src/openvpn/dco_linux.c +++ b/src/openvpn/dco_linux.c @@ -143,7 +143,7 @@ msg(M_ERR, "%s: netlink out of memory error", prefix); break; - case -M_ERR: + case -NLE_AGAIN: msg(M_WARN, "%s: netlink reports blocking read - aborting wait", prefix); break; -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1095?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I18df6ef659cab9525dd7847b7dd3950fc1895dd5 Gerrit-Change-Number: 1095 Gerrit-PatchSet: 3 Gerrit-Owner: ordex <an...@ma...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-MessageType: newpatchset |
|
From: Gert D. <ge...@gr...> - 2025-07-23 08:15:18
|
Stared at the code, makes sense. Test compiled (after the explosion tonight,
you can never test enough :-) ).
Your patch has been applied to the master branch.
commit f1a2a37897a6517c4c321abb7bc343bf495c94e2
Author: Antonio Quartulli
Date: Wed Jul 23 08:20:06 2025 +0200
dco_linux: fix case statement by using proper error value
Signed-off-by: Antonio Quartulli <an...@ma...>
Acked-by: Gert Doering <ge...@gr...>
Message-Id: <202...@gr...>
URL: https://www.mail-archive.com/ope...@li.../msg32269.html
Signed-off-by: Gert Doering <ge...@gr...>
--
kind regards,
Gert Doering
|
|
From: Gert D. <ge...@gr...> - 2025-07-23 06:30:47
|
From: Antonio Quartulli <an...@ma...> Netlink code doesn't set errno upon error (with the exception of any *alloc() function which probably inherits the errno=ENOMEM from the underlying malloc call), therefore we should not print error messages with M_ERR, but rather rely on M_FATAL. M_ERR is equivalent to M_FATAL with the addition of appending ": $errno" to the error string. Since errno is not meaningful in this context, we can just opt for the less confusing M_FATAL. Change-Id: Ifc442b4426c02de7282d0f69629e8a10b679c589 Signed-off-by: Antonio Quartulli <an...@ma...> Acked-by: Gert Doering <ge...@gr...> --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1096 This mail reflects revision 2 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering <ge...@gr...> diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c index 58051f5..13506a1 100644 --- a/src/openvpn/dco_linux.c +++ b/src/openvpn/dco_linux.c @@ -114,7 +114,7 @@ struct nl_msg *nl_msg = nlmsg_alloc(); if (!nl_msg) { - msg(M_ERR, "cannot allocate netlink message"); + msg(M_FATAL, "cannot allocate netlink message"); return NULL; } @@ -140,7 +140,7 @@ break; case -NLE_NOMEM: - msg(M_ERR, "%s: netlink out of memory error", prefix); + msg(M_FATAL, "%s: netlink out of memory error", prefix); break; case -NLE_AGAIN: @@ -148,7 +148,7 @@ break; case -NLE_NODEV: - msg(M_ERR, "%s: netlink reports device not found:", prefix); + msg(M_FATAL, "%s: netlink reports device not found:", prefix); break; case -NLE_OBJ_NOTFOUND: @@ -387,19 +387,19 @@ static void ovpn_dco_init_netlink(dco_context_t *dco) { - dco->ovpn_dco_id = resolve_ovpn_netlink_id(M_ERR); + dco->ovpn_dco_id = resolve_ovpn_netlink_id(M_FATAL); dco->nl_sock = nl_socket_alloc(); if (!dco->nl_sock) { - msg(M_ERR, "Cannot create netlink socket"); + msg(M_FATAL, "Cannot create netlink socket"); } int ret = genl_connect(dco->nl_sock); if (ret) { - msg(M_ERR, "Cannot connect to generic netlink: %s", + msg(M_FATAL, "Cannot connect to generic netlink: %s", nl_geterror(ret)); } @@ -415,7 +415,7 @@ dco->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); if (!dco->nl_cb) { - msg(M_ERR, "failed to allocate netlink callback"); + msg(M_FATAL, "failed to allocate netlink callback"); } nl_socket_set_cb(dco->nl_sock, dco->nl_cb); @@ -484,7 +484,7 @@ if (dco->ovpn_dco_mcast_id < 0) { - msg(M_ERR, "cannot get mcast group: %s", nl_geterror(dco->ovpn_dco_mcast_id)); + msg(M_FATAL, "cannot get mcast group: %s", nl_geterror(dco->ovpn_dco_mcast_id)); } /* Register for ovpn-dco specific multicast messages that the kernel may @@ -493,7 +493,7 @@ int ret = nl_socket_add_membership(dco->nl_sock, dco->ovpn_dco_mcast_id); if (ret) { - msg(M_ERR, "%s: failed to join groups: %d", __func__, ret); + msg(M_FATAL, "%s: failed to join groups: %d", __func__, ret); } } |
|
From: cron2 (C. Review) <ge...@op...> - 2025-07-23 06:30:26
|
Attention is currently required from: flichtenheld, ordex, plaisthos. cron2 has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1096?usp=email ) Change subject: dco_linux: use M_FATAL instead of M_ERR in netlink error code paths ...................................................................... Patch Set 2: Code-Review+2 (1 comment) Patchset: PS2: makes sense -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1096?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ifc442b4426c02de7282d0f69629e8a10b679c589 Gerrit-Change-Number: 1096 Gerrit-PatchSet: 2 Gerrit-Owner: ordex <an...@ma...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Attention: ordex <an...@ma...> Gerrit-Comment-Date: Wed, 23 Jul 2025 06:30:12 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment |
|
From: Gert D. <ge...@gr...> - 2025-07-23 06:20:20
|
From: Antonio Quartulli <an...@ma...> A M_ERR constant accidentally slipped in as possible netlink error value. Substitute it with the actual code matching the following error message. Change-Id: I18df6ef659cab9525dd7847b7dd3950fc1895dd5 Signed-off-by: Antonio Quartulli <an...@ma...> Acked-by: Gert Doering <ge...@gr...> --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1095 This mail reflects revision 2 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering <ge...@gr...> diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c index c92c196..58051f5 100644 --- a/src/openvpn/dco_linux.c +++ b/src/openvpn/dco_linux.c @@ -143,7 +143,7 @@ msg(M_ERR, "%s: netlink out of memory error", prefix); break; - case -M_ERR: + case -NLE_AGAIN: msg(M_WARN, "%s: netlink reports blocking read - aborting wait", prefix); break; |
|
From: cron2 (C. Review) <ge...@op...> - 2025-07-23 06:19:58
|
Attention is currently required from: flichtenheld, ordex, plaisthos. cron2 has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1095?usp=email ) Change subject: dco_linux: fix case statement by using proper error value ...................................................................... Patch Set 2: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1095?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I18df6ef659cab9525dd7847b7dd3950fc1895dd5 Gerrit-Change-Number: 1095 Gerrit-PatchSet: 2 Gerrit-Owner: ordex <an...@ma...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Attention: ordex <an...@ma...> Gerrit-Comment-Date: Wed, 23 Jul 2025 06:19:49 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment |
|
From: cron2 (C. Review) <ge...@op...> - 2025-07-23 06:19:32
|
Attention is currently required from: flichtenheld, ordex, plaisthos. cron2 has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1094?usp=email ) Change subject: dco: only pass struct context to init function ...................................................................... Patch Set 2: Code-Review-2 (1 comment) Patchset: PS2: `dco.h` has ``` static inline bool ovpn_dco_init(int mode, dco_context_t *dco, const char *dev_node) { return true; } ``` which also needs to be adjusted... -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1094?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I673a17f8c5dec66cc6c28c1ed44780a7a63927d7 Gerrit-Change-Number: 1094 Gerrit-PatchSet: 2 Gerrit-Owner: ordex <an...@ma...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Attention: ordex <an...@ma...> Gerrit-Comment-Date: Wed, 23 Jul 2025 06:19:18 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment |
|
From: Gert D. <ge...@gr...> - 2025-07-23 06:10:46
|
From: Antonio Quartulli <an...@ma...> Future modifications to DCO require accessing the server multi_context object. Since it is currently a stack variable that is pointed by no one, we'd need to pass it to all kind of functions to ensure it can reach the DCO code. To make the implementation simpler, it is preferable to simply assign its address to a struct context's field. While at it, make some multi_* functions static as they used only inside multi.c, where they are defined. Change-Id: Ibf64c681e02ac572d339d4d98e75ceb0cd417c45 Signed-off-by: Antonio Quartulli <an...@ma...> Acked-by: Gert Doering <ge...@gr...> --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1093 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering <ge...@gr...> diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 4696686..ec260a2 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -290,9 +290,10 @@ /* * Main initialization function, init multi_context object. */ -void -multi_init(struct multi_context *m, struct context *t) +static void +multi_init(struct context *t) { + struct multi_context *m = t->multi; int dev = DEV_TYPE_UNDEF; msg(D_MULTI_LOW, "MULTI: multi_init called, r=%d v=%d", @@ -706,7 +707,7 @@ /* * Called on shutdown or restart. */ -void +static void multi_uninit(struct multi_context *m) { if (m->hash) @@ -3922,14 +3923,14 @@ } } -void -multi_top_init(struct multi_context *m, struct context *top) +static void +multi_top_init(struct context *top) { - inherit_context_top(&m->top, top); - m->top.c2.buffers = init_context_buffers(&top->c2.frame); + inherit_context_top(&top->multi->top, top); + top->multi->top.c2.buffers = init_context_buffers(&top->c2.frame); } -void +static void multi_top_free(struct multi_context *m) { close_context(&m->top, -1, CC_GC_FREE); @@ -4324,6 +4325,7 @@ struct multi_context multi; top->mode = CM_TOP; + top->multi = &multi; context_clear_2(top); /* initialize top-tunnel instance */ @@ -4334,10 +4336,10 @@ } /* initialize global multi_context object */ - multi_init(&multi, top); + multi_init(top); /* initialize our cloned top object */ - multi_top_init(&multi, top); + multi_top_init(top); /* initialize management interface */ init_management_callback_multi(&multi); diff --git a/src/openvpn/multi.h b/src/openvpn/multi.h index fe9e847..8b2704c 100644 --- a/src/openvpn/multi.h +++ b/src/openvpn/multi.h @@ -263,14 +263,6 @@ * Called by mtcp.c, mudp.c, or other (to be written) protocol drivers */ -void multi_init(struct multi_context *m, struct context *t); - -void multi_uninit(struct multi_context *m); - -void multi_top_init(struct multi_context *m, struct context *top); - -void multi_top_free(struct multi_context *m); - struct multi_instance *multi_create_instance(struct multi_context *m, const struct mroute_addr *real, struct link_socket *sock); diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h index 3c8ce39..7d48888 100644 --- a/src/openvpn/openvpn.h +++ b/src/openvpn/openvpn.h @@ -491,6 +491,9 @@ * CM_P2P, \c CM_TOP, \c CM_TOP_CLONE, * \c CM_CHILD_UDP, and \c CM_CHILD_TCP. */ + struct multi_context *multi; /**< Pointer to the main P2MP context. + * Non-NULL only when mode == CM_TOP. */ + struct gc_arena gc; /**< Garbage collection arena for * allocations done in the scope of this * context structure. */ |
|
From: cron2 (C. Review) <ge...@op...> - 2025-07-23 06:10:20
|
Attention is currently required from: flichtenheld, ordex, plaisthos. cron2 has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1093?usp=email ) Change subject: multi: store multi_context address inside top instance ...................................................................... Patch Set 1: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1093?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ibf64c681e02ac572d339d4d98e75ceb0cd417c45 Gerrit-Change-Number: 1093 Gerrit-PatchSet: 1 Gerrit-Owner: ordex <an...@ma...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Attention: ordex <an...@ma...> Gerrit-Comment-Date: Wed, 23 Jul 2025 06:10:11 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment |
|
From: Gert D. <ge...@gr...> - 2025-07-23 06:07:57
|
From: Antonio Quartulli <an...@ma...> In preparation for the implementation of a generic netlink message parser, move all parsing functions above ovpn_handle_msg(). The latter is soon going to become a generic message parser which will invoke specific handlers, thus they are required to be defined earlier in the file. No functional change is intended. This patch is only meant to reduce entropy in the patch which will do the real netlink parser change. Better reviewed with: git show --color-moved Change-Id: I94004579aef4a1ccccdbcf8edd7b722e5a611c72 Signed-off-by: Antonio Quartulli <an...@ma...> Acked-by: Gert Doering <ge...@gr...> --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1098 This mail reflects revision 2 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering <ge...@gr...> diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c index 13506a1..ec6efaa 100644 --- a/src/openvpn/dco_linux.c +++ b/src/openvpn/dco_linux.c @@ -812,6 +812,150 @@ return false; } +/* libnl < 3.11.0 does not implement nla_get_uint() */ +static uint64_t +ovpn_nla_get_uint(struct nlattr *attr) +{ + if (nla_len(attr) == sizeof(uint32_t)) + { + return nla_get_u32(attr); + } + else + { + return nla_get_u64(attr); + } +} + +static void +dco_update_peer_stat(struct context_2 *c2, struct nlattr *tb[], uint32_t id) +{ + if (tb[OVPN_A_PEER_LINK_RX_BYTES]) + { + c2->dco_read_bytes = ovpn_nla_get_uint(tb[OVPN_A_PEER_LINK_RX_BYTES]); + msg(D_DCO_DEBUG, "%s / dco_read_bytes: " counter_format, __func__, + c2->dco_read_bytes); + } + else + { + msg(M_WARN, "%s: no link RX bytes provided in reply for peer %u", + __func__, id); + } + + if (tb[OVPN_A_PEER_LINK_TX_BYTES]) + { + c2->dco_write_bytes = ovpn_nla_get_uint(tb[OVPN_A_PEER_LINK_TX_BYTES]); + msg(D_DCO_DEBUG, "%s / dco_write_bytes: " counter_format, __func__, + c2->dco_write_bytes); + } + else + { + msg(M_WARN, "%s: no link TX bytes provided in reply for peer %u", + __func__, id); + } + + if (tb[OVPN_A_PEER_VPN_RX_BYTES]) + { + c2->tun_read_bytes = ovpn_nla_get_uint(tb[OVPN_A_PEER_VPN_RX_BYTES]); + msg(D_DCO_DEBUG, "%s / tun_read_bytes: " counter_format, __func__, + c2->tun_read_bytes); + } + else + { + msg(M_WARN, "%s: no VPN RX bytes provided in reply for peer %u", + __func__, id); + } + + if (tb[OVPN_A_PEER_VPN_TX_BYTES]) + { + c2->tun_write_bytes = ovpn_nla_get_uint(tb[OVPN_A_PEER_VPN_TX_BYTES]); + msg(D_DCO_DEBUG, "%s / tun_write_bytes: " counter_format, __func__, + c2->tun_write_bytes); + } + else + { + msg(M_WARN, "%s: no VPN TX bytes provided in reply for peer %u", + __func__, id); + } +} + +static int +dco_parse_peer_multi(struct nl_msg *msg, void *arg) +{ + struct nlattr *tb[OVPN_A_MAX + 1]; + struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); + + msg(D_DCO_DEBUG, "%s: parsing message...", __func__); + + nla_parse(tb, OVPN_A_MAX, genlmsg_attrdata(gnlh, 0), + genlmsg_attrlen(gnlh, 0), NULL); + + if (!tb[OVPN_A_PEER]) + { + return NL_SKIP; + } + + struct nlattr *tb_peer[OVPN_A_PEER_MAX + 1]; + nla_parse_nested(tb_peer, OVPN_A_PEER_MAX, tb[OVPN_A_PEER], NULL); + + if (!tb_peer[OVPN_A_PEER_ID]) + { + msg(M_WARN, "%s: no peer-id provided in reply", __func__); + return NL_SKIP; + } + + struct multi_context *m = arg; + uint32_t peer_id = nla_get_u32(tb_peer[OVPN_A_PEER_ID]); + + if (peer_id >= m->max_clients || !m->instances[peer_id]) + { + msg(M_WARN, "%s: cannot store DCO stats for peer %u", __func__, + peer_id); + return NL_SKIP; + } + + dco_update_peer_stat(&m->instances[peer_id]->context.c2, tb_peer, peer_id); + + return NL_OK; +} + +static int +dco_parse_peer(struct nl_msg *msg, void *arg) +{ + struct context *c = arg; + struct nlattr *tb[OVPN_A_MAX + 1]; + struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); + + msg(D_DCO_DEBUG, "%s: parsing message...", __func__); + + nla_parse(tb, OVPN_A_MAX, genlmsg_attrdata(gnlh, 0), + genlmsg_attrlen(gnlh, 0), NULL); + + if (!tb[OVPN_A_PEER]) + { + msg(D_DCO_DEBUG, "%s: malformed reply", __func__); + return NL_SKIP; + } + + struct nlattr *tb_peer[OVPN_A_PEER_MAX + 1]; + nla_parse_nested(tb_peer, OVPN_A_PEER_MAX, tb[OVPN_A_PEER], NULL); + + if (!tb_peer[OVPN_A_PEER_ID]) + { + msg(M_WARN, "%s: no peer-id provided in reply", __func__); + return NL_SKIP; + } + + uint32_t peer_id = nla_get_u32(tb_peer[OVPN_A_PEER_ID]); + if (c->c2.tls_multi->dco_peer_id != peer_id) + { + return NL_SKIP; + } + + dco_update_peer_stat(&c->c2, tb_peer, peer_id); + + return NL_OK; +} + /* This function parses any netlink message sent by ovpn-dco to userspace */ static int ovpn_handle_msg(struct nl_msg *msg, void *arg) @@ -994,112 +1138,6 @@ return ovpn_nl_recvmsgs(dco, __func__); } -/* libnl < 3.11.0 does not implement nla_get_uint() */ -static uint64_t -ovpn_nla_get_uint(struct nlattr *attr) -{ - if (nla_len(attr) == sizeof(uint32_t)) - { - return nla_get_u32(attr); - } - else - { - return nla_get_u64(attr); - } -} - -static void -dco_update_peer_stat(struct context_2 *c2, struct nlattr *tb[], uint32_t id) -{ - if (tb[OVPN_A_PEER_LINK_RX_BYTES]) - { - c2->dco_read_bytes = ovpn_nla_get_uint(tb[OVPN_A_PEER_LINK_RX_BYTES]); - msg(D_DCO_DEBUG, "%s / dco_read_bytes: " counter_format, __func__, - c2->dco_read_bytes); - } - else - { - msg(M_WARN, "%s: no link RX bytes provided in reply for peer %u", - __func__, id); - } - - if (tb[OVPN_A_PEER_LINK_TX_BYTES]) - { - c2->dco_write_bytes = ovpn_nla_get_uint(tb[OVPN_A_PEER_LINK_TX_BYTES]); - msg(D_DCO_DEBUG, "%s / dco_write_bytes: " counter_format, __func__, - c2->dco_write_bytes); - } - else - { - msg(M_WARN, "%s: no link TX bytes provided in reply for peer %u", - __func__, id); - } - - if (tb[OVPN_A_PEER_VPN_RX_BYTES]) - { - c2->tun_read_bytes = ovpn_nla_get_uint(tb[OVPN_A_PEER_VPN_RX_BYTES]); - msg(D_DCO_DEBUG, "%s / tun_read_bytes: " counter_format, __func__, - c2->tun_read_bytes); - } - else - { - msg(M_WARN, "%s: no VPN RX bytes provided in reply for peer %u", - __func__, id); - } - - if (tb[OVPN_A_PEER_VPN_TX_BYTES]) - { - c2->tun_write_bytes = ovpn_nla_get_uint(tb[OVPN_A_PEER_VPN_TX_BYTES]); - msg(D_DCO_DEBUG, "%s / tun_write_bytes: " counter_format, __func__, - c2->tun_write_bytes); - } - else - { - msg(M_WARN, "%s: no VPN TX bytes provided in reply for peer %u", - __func__, id); - } -} - -int -dco_parse_peer_multi(struct nl_msg *msg, void *arg) -{ - struct nlattr *tb[OVPN_A_MAX + 1]; - struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); - - msg(D_DCO_DEBUG, "%s: parsing message...", __func__); - - nla_parse(tb, OVPN_A_MAX, genlmsg_attrdata(gnlh, 0), - genlmsg_attrlen(gnlh, 0), NULL); - - if (!tb[OVPN_A_PEER]) - { - return NL_SKIP; - } - - struct nlattr *tb_peer[OVPN_A_PEER_MAX + 1]; - nla_parse_nested(tb_peer, OVPN_A_PEER_MAX, tb[OVPN_A_PEER], NULL); - - if (!tb_peer[OVPN_A_PEER_ID]) - { - msg(M_WARN, "%s: no peer-id provided in reply", __func__); - return NL_SKIP; - } - - struct multi_context *m = arg; - uint32_t peer_id = nla_get_u32(tb_peer[OVPN_A_PEER_ID]); - - if (peer_id >= m->max_clients || !m->instances[peer_id]) - { - msg(M_WARN, "%s: cannot store DCO stats for peer %u", __func__, - peer_id); - return NL_SKIP; - } - - dco_update_peer_stat(&m->instances[peer_id]->context.c2, tb_peer, peer_id); - - return NL_OK; -} - int dco_get_peer_stats_multi(dco_context_t *dco, struct multi_context *m, const bool raise_sigusr1_on_err) @@ -1124,44 +1162,6 @@ return ret; } -static int -dco_parse_peer(struct nl_msg *msg, void *arg) -{ - struct context *c = arg; - struct nlattr *tb[OVPN_A_MAX + 1]; - struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); - - msg(D_DCO_DEBUG, "%s: parsing message...", __func__); - - nla_parse(tb, OVPN_A_MAX, genlmsg_attrdata(gnlh, 0), - genlmsg_attrlen(gnlh, 0), NULL); - - if (!tb[OVPN_A_PEER]) - { - msg(D_DCO_DEBUG, "%s: malformed reply", __func__); - return NL_SKIP; - } - - struct nlattr *tb_peer[OVPN_A_PEER_MAX + 1]; - nla_parse_nested(tb_peer, OVPN_A_PEER_MAX, tb[OVPN_A_PEER], NULL); - - if (!tb_peer[OVPN_A_PEER_ID]) - { - msg(M_WARN, "%s: no peer-id provided in reply", __func__); - return NL_SKIP; - } - - uint32_t peer_id = nla_get_u32(tb_peer[OVPN_A_PEER_ID]); - if (c->c2.tls_multi->dco_peer_id != peer_id) - { - return NL_SKIP; - } - - dco_update_peer_stat(&c->c2, tb_peer, peer_id); - - return NL_OK; -} - int dco_get_peer_stats(struct context *c, const bool raise_sigusr1_on_err) { |
153 messages has been excluded from this view by a project administrator.
