Currently, reading and processing of incoming DCO messages are
decoupled: notifications are read, parsed, and the relevant information
is stored in fields of dco_context_t for later processing (with the only
exception being stats). This approach is problematic on Linux, since
libnl does not allow reading a single netlink message at a time, which
can result in loss of information when multiple notifications are
available.
This change adopts a read -> parse -> process paradigm. On Linux,
processing is now invoked directly from within the parsing callback,
which libnl calls for each received netlink packet. The other interfaces
are adapted accordingly to unify the processing model across all
platforms.
On Linux, however, a DEL_PEER notification from the kernel triggers a
GET_PEER request from userspace, which clutters the netlink
communication logic and can lead to errors or even process exit when
multiple simultaneous DEL_PEER notifications are received. To avoid
this, introduce a lock that prevents requesting stats while we are still
busy parsing other messages.
Reported-by: Stefan Baranoff <stefan.baranoff@trinitycyber.com>
Github: OpenVPN/openvpn#900
Github: OpenVPN/openvpn#918
Github: fixes OpenVPN/openvpn#919
Change-Id: Iefc251cb4483c0b9fb9d6a5207db4445cd884d52
Signed-off-by: Ralf Lici <ralf@mandelbit.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1403
Message-Id: <
20251128112705.12613-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg34785.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
void close_tun_dco(struct tuntap *tt, openvpn_net_ctx_t *ctx);
/**
- * Read data from the DCO communication channel (i.e. a control packet)
+ * Read and process data from the DCO communication channel
+ * (i.e. a control packet)
*
* @param dco the DCO context
* @return 0 on success or a negative error code otherwise
*/
-int dco_do_read(dco_context_t *dco);
+int dco_read_and_process(dco_context_t *dco);
/**
* Install a DCO in the main event loop
}
static inline int
-dco_do_read(dco_context_t *dco)
+dco_read_and_process(dco_context_t *dco)
{
ASSERT(false);
return 0;
}
int
-dco_do_read(dco_context_t *dco)
+dco_read_and_process(dco_context_t *dco)
{
struct ifdrv drv;
uint8_t buf[4096];
default:
msg(M_WARN, "%s: unknown kernel notification %d", __func__, type);
+ dco->dco_message_type = 0;
break;
}
nvlist_destroy(nvl);
+ if (dco->c->mode == CM_TOP)
+ {
+ multi_process_incoming_dco(dco);
+ }
+ else
+ {
+ process_incoming_dco(dco);
+ }
+
return 0;
}
#include <netlink/genl/family.h>
#include <netlink/genl/ctrl.h>
+/* When parsing multiple DEL_PEER notifications, openvpn tries to request stats
+ * for each DEL_PEER message (see setenv_stats). This triggers a GET_PEER
+ * request-reply while we are still parsing the rest of the initial
+ * notifications, which can lead to NLE_BUSY or even NLE_NOMEM.
+ *
+ * This basic lock ensures we don't bite our own tail by issuing a dco_get_peer
+ * while still busy receiving and parsing other messages.
+ */
+static bool __is_locked = false;
/* libnl < 3.5.0 does not set the NLA_F_NESTED on its own, therefore we
* have to explicitly do it to prevent the kernel from failing upon
static int
ovpn_nl_recvmsgs(dco_context_t *dco, const char *prefix)
{
+ __is_locked = true;
int ret = nl_recvmsgs(dco->nl_sock, dco->nl_cb);
+ __is_locked = false;
switch (ret)
{
* message, that stores the type-specific attributes.
*
* the "dco" object is then filled accordingly with the information
- * retrieved from the message, so that the rest of the OpenVPN code can
- * react as need be.
+ * retrieved from the message, so that *process_incoming_dco can react
+ * as need be.
*/
+ int ret;
switch (gnlh->cmd)
{
case OVPN_CMD_PEER_GET:
{
+ /* return directly, there are no messages to pass to *process_incoming_dco() */
return ovpn_handle_peer(dco, attrs);
}
case OVPN_CMD_PEER_DEL_NTF:
{
- return ovpn_handle_peer_del_ntf(dco, attrs);
+ ret = ovpn_handle_peer_del_ntf(dco, attrs);
+ break;
}
case OVPN_CMD_PEER_FLOAT_NTF:
{
- return ovpn_handle_peer_float_ntf(dco, attrs);
+ ret = ovpn_handle_peer_float_ntf(dco, attrs);
+ break;
}
case OVPN_CMD_KEY_SWAP_NTF:
{
- return ovpn_handle_key_swap_ntf(dco, attrs);
+ ret = ovpn_handle_key_swap_ntf(dco, attrs);
+ break;
}
default:
return NL_STOP;
}
+ if (ret != NL_OK)
+ {
+ return ret;
+ }
+
+ if (dco->c->mode == CM_TOP)
+ {
+ multi_process_incoming_dco(dco);
+ }
+ else
+ {
+ process_incoming_dco(dco);
+ }
+
return NL_OK;
}
int
-dco_do_read(dco_context_t *dco)
+dco_read_and_process(dco_context_t *dco)
{
msg(D_DCO_DEBUG, __func__);
{
ASSERT(dco);
+ if (__is_locked)
+ {
+ msg(D_DCO_DEBUG, "%s: cannot request peer stats while parsing other messages", __func__);
+ return 0;
+ }
+
/* peer_id == -1 means "dump all peers", but this is allowed in MP mode only.
* If it happens in P2P mode it means that the DCO peer was deleted and we
* can simply bail out
}
int
-dco_do_read(dco_context_t *dco)
+dco_read_and_process(dco_context_t *dco)
{
if (dco->ifmode != DCO_MODE_MP)
{
break;
}
+ if (dco->c->mode == CM_TOP)
+ {
+ multi_process_incoming_dco(dco);
+ }
+ else
+ {
+ process_incoming_dco(dco);
+ }
+
return 0;
}
}
}
-static void
-process_incoming_dco(struct context *c)
+void
+process_incoming_dco(dco_context_t *dco)
{
#if defined(ENABLE_DCO) && (defined(TARGET_LINUX) || defined(TARGET_FREEBSD))
- dco_context_t *dco = &c->c1.tuntap->dco;
-
- dco_do_read(dco);
-
- /* no message for us to handle - platform specific code has logged details */
- if (dco->dco_message_type == 0)
- {
- return;
- }
+ struct context *c = dco->c;
/* FreeBSD currently sends us removal notifcation with the old peer-id in
* p2p mode with the ping timeout reason, so ignore that one to not shoot
{
if (!IS_SIG(c))
{
- process_incoming_dco(c);
+ dco_read_and_process(&c->c1.tuntap->dco);
}
}
}
void extract_dco_float_peer_addr(sa_family_t socket_family, struct openvpn_sockaddr *out_osaddr,
const struct sockaddr *float_sa);
+/**
+ * Process an incoming DCO message (from kernel space).
+ *
+ * @param dco - Pointer to the structure representing the DCO context.
+ */
+void process_incoming_dco(dco_context_t *dco);
+
/**
* Write a packet to the external network interface.
* @ingroup external_multiplexer
multi_signal_instance(m, mi, SIGTERM);
}
-bool
-multi_process_incoming_dco(struct multi_context *m)
+void
+multi_process_incoming_dco(dco_context_t *dco)
{
- dco_context_t *dco = &m->top.c1.tuntap->dco;
-
- struct multi_instance *mi = NULL;
+ ASSERT(dco->c->multi);
- int ret = dco_do_read(&m->top.c1.tuntap->dco);
+ struct multi_context *m = dco->c->multi;
int peer_id = dco->dco_message_peer_id;
*/
if (peer_id < 0)
{
- return ret > 0;
+ return;
}
if ((peer_id < m->max_clients) && (m->instances[peer_id]))
{
- mi = m->instances[peer_id];
+ struct multi_instance *mi = m->instances[peer_id];
set_prefix(mi);
if (dco->dco_message_type == OVPN_CMD_DEL_PEER)
{
"type %d, del_peer_reason %d",
peer_id, dco->dco_message_type, dco->dco_del_peer_reason);
}
-
- dco->dco_message_type = 0;
- dco->dco_message_peer_id = -1;
- dco->dco_del_peer_reason = -1;
- return ret > 0;
}
#endif /* if defined(ENABLE_DCO) */
return (!ipv6_net_contains_host(&ifconfig_local, o->ifconfig_ipv6_netbits,
dest));
-}
\ No newline at end of file
+}
/**
* Process an incoming DCO message (from kernel space).
*
- * @param m - The single \c multi_context structure.
- *
- * @return
- * - True, if the message was received correctly.
- * - False, if there was an error while reading the message.
+ * @param dco - Pointer to the structure representing the DCO context.
*/
-bool multi_process_incoming_dco(struct multi_context *m);
+void multi_process_incoming_dco(dco_context_t *dco);
/**************************************************************************/
/**
/* incoming data on DCO? */
else if (e->arg == MULTI_IO_DCO)
{
- multi_process_incoming_dco(m);
+ dco_read_and_process(&m->top.c1.tuntap->dco);
}
#endif
/* signal received? */
projects / 0xmirror / openvpn.git / commitdiff