Thanks! On 10 Aug 2022, at 18:32, Gert Doering wrote: > Test results: > > - running openvpn over TCP gives me a kernel panic - this is not so > nice... (see attached .png from the vmware console) - userland seems > to assume "kernel can do TCP", kernel panics on "if !udp, panic()" > (so intentional panic, not corruption panic). > > This is on freebsd git FreeBSD 14.0-CURRENT #1 main-n257130-c0665d5c824 > I think I see what the problem is. I’m writing up a test case to reproduce it and will commit a fix soon. Hopefully tomorrow.
> - running openvpn over UDP has issues with fragmentation - almost all > t_client tests that *do* use DCO fail the "big ping" test > I’m going to have to do some digging here. > - tcpdump'ing on the DCO interface gave me complains from the kernel > about locking on ctrl-c'ing > > Aug 10 17:28:41 fbsd14 kernel: lock order bpf global lock -> iflib ctx > lock attempted at: > Aug 10 17:28:41 fbsd14 kernel: #0 0xffffffff80c5c3dd at > witness_checkorder+0xbfd > Aug 10 17:28:41 fbsd14 kernel: #1 0xffffffff80bf5303 at _sx_xlock+0x63 > Aug 10 17:28:41 fbsd14 kernel: #2 0xffffffff80d3874f at > iflib_if_ioctl+0x2df > Aug 10 17:28:41 fbsd14 kernel: #3 0xffffffff80d19b5e at if_setflag+0xde > Aug 10 17:28:41 fbsd14 kernel: #4 0xffffffff80d19a2a at ifpromisc+0x2a > Aug 10 17:28:41 fbsd14 kernel: #5 0xffffffff80d0e72b at > bpf_detachd_locked+0x27b > Aug 10 17:28:41 fbsd14 kernel: #6 0xffffffff80d111f7 at bpf_dtor+0x87 > Aug 10 17:28:41 fbsd14 kernel: #7 0xffffffff80a7818b at > devfs_destroy_cdevpriv+0xab > Aug 10 17:28:41 fbsd14 kernel: #8 0xffffffff80a7bda4 at devfs_close_f+0x64 > Aug 10 17:28:41 fbsd14 kernel: #9 0xffffffff80b876eb at _fdrop+0x1b > Aug 10 17:28:41 fbsd14 kernel: #10 0xffffffff80b8af3b at closef+0x1db > Aug 10 17:28:41 fbsd14 kernel: #11 0xffffffff80b8ec97 at closefp_impl+0x77 > Aug 10 17:28:41 fbsd14 kernel: #12 0xffffffff810c733e at > amd64_syscall+0x12e > Aug 10 17:28:41 fbsd14 kernel: #13 0xffffffff8109ae0b at > fast_syscall_common+0xf8 > > ... so while this is outside "openvpn source code patches", it's > still something that smells like it needs to be addressed. > That appears to be unrelated to DCO. It’s a problem with iflib, and I think I’ve seen it before. Out of scope for DCO, at least. > Now, coding style ;-) - as promised, I went through the code for things > that need to be done in a certain way in OpenVPN land, due to agreed > convention... inline (things I do not comment could go in "as is"). > I’ll fix those once I’ve dealt with the panic and fragmentation issues. Thanks for the review. Kristof _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
