Re: [Openvpn-devel] [ovpn-dco] Can ovpn-dco use all cpu cores?

Hi Antonio, I think I need to test another platform. It may give us more information. I will choose one arm board to have a try when I'm free. Tony Antonio Quartulli 于2024年1月30日周二 19:02写道： > > Hi, > > On 29/01/2024 05:25, Tony He wrote: > > Hi Antonio, > > &g

[Openvpn-devel] [ovpn-dco] Can ovpn-dco use all cpu cores?

Hi Antonio, I'm using ovpn-dco which is backported to v4.14 based on your latest code. My topology is: LAN PC -- openwrt router running openvpn server -- WAN PC running openvpn client Router is with two mips64 cores. I use the iperf3 to test speed between LAN PC and WAN PC. The result is sometim

Re: [Openvpn-devel] [ovpn-dco] How to benchmark kernel crypto performance?

exit automatically) Tony Jan Just Keijser 于2022年4月5日周二 19:26写道： > > hi Tony, > > On 02/04/22 11:40, Tony He wrote: > > Hi Antonio, > > > > I am porting ovpn-dco to embedded ARMv8 device with hardware crypto > > engine. However the performance is not very good. > >

Re: [Openvpn-devel] [ovpn-dco] How to benchmark kernel crypto performance?

ta_usecs, mbits/delta_usecs); total_size = 0; delta_usecs = 0; } .. .. Tony Tony He 于2022年4月2日周六 17:40写道： > > Hi Antonio, > > I am porting ovpn-dco to embedded ARMv8 device with hardware crypto > engine. However the performance is not very go

[Openvpn-devel] [ovpn-dco] How to benchmark kernel crypto performance?

Hi Antonio, I am porting ovpn-dco to embedded ARMv8 device with hardware crypto engine. However the performance is not very good. It's about 130-140Mbps. I expect more. The SDK already provides kernel CryptoAPI(CFI) interface to access the crypto engine. I want to know if the crypto operation is

Re: [Openvpn-devel] [ovpn-dco] can not delete tun interface automatically if option "user nobody" is used

Timo Rothenpieler 于2022年3月29日周二 18:45写道： > > On 29.03.2022 12:21, Tony He wrote: > > Hi, > > > > 1. Add option "user nobody" to test ovpn-dco. > > 2. Start openvpn, below is the log. Then we will see tun0 is still > > there after openvpn exit. We

[Openvpn-devel] [ovpn-dco] can not delete tun interface automatically if option "user nobody" is used

Hi, 1. Add option "user nobody" to test ovpn-dco. 2. Start openvpn, below is the log. Then we will see tun0 is still there after openvpn exit. We must use the command "ip link del tunX" to delete. This is not friendly to end user. root@OpenWrt:/tmp/etc# openvpn test.conf 2022-03-29 18:12:43 Note:

[Openvpn-devel] [ovpn-dco] When will openvpn 2.6 be released

Hi Antonio, I am looking forward to official openvpn 2.6 which supports DCO. May I know what issues are blocking us? From Linux side or Windows side? Thank you! Tony ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sour

Re: [Openvpn-devel] [ovpn-dco] sudden network disconnection

(Ethernet) RX packets 10365932 bytes 6963820421 (6.9 GB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 11883693 bytes 11887431595 (11.8 GB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 Tony He 于2021年4月1日周四 下午3:01写道： > > > Antonio Qua

Re: [Openvpn-devel] [ovpn-dco] sudden network disconnection

Antonio Quartulli 于2021年4月1日周四 下午2:35写道： > Hi Tony, > > On 01/04/2021 04:38, Tony He wrote: > > Hi Antonio, Arne, > > > > According to the dump, this issue is caused by fragment. If I set > > link-mtu to 1472 in the condition of encryption "none", it&#x

[Openvpn-devel] [PATCH] ovpn-dco: ovpn-cli: properly set socket options

;. Refer to https://stackoverflow.com/questions/58599070/socket-programming-setsockopt-protocol-not-available Signed-off-by: Tony He --- tests/ovpn-cli.c | 9 +++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/tests/ovpn-cli.c b/tests/ovpn-cli.c index c1cf3b4..68d28b4 100644 --- a/tests/ovpn-

Re: [Openvpn-devel] [ovpn-dco] sudden network disconnection

in the low-end devices. It also consumes more CPU resource in low-end and high-end devices. If I'm not mistaken, we don't need to set link-mtu without dco. Is this a bug? Can you reproduce? Do I still need to upload my dump? If so, maybe I need to provide a link. Tony Tony He 于2021年3月31日周三

Re: [Openvpn-devel] [ovpn-dco] sudden network disconnection

Antonio Quartulli 于2021年3月31日周三 下午2:32写道： > Hi, > > On 31/03/2021 08:29, Antonio Quartulli wrote: > > A packet dump of the whole session may also help. > > Before taking the dump, I would switch to encryption "none", as it will > help understanding what is going on at all levels. (Assuming the pr

Re: [Openvpn-devel] [ovpn-dco] sudden network disconnection

Antonio Quartulli 于2021年3月31日周三 下午3:32写道： > Hi, > > On 31/03/2021 09:29, Tony He wrote: > > Hi Arne, > > > > I'm going to test encryption "none" to narrow down this issue, but I > > found your dco branch doesn't support this. > > Can yo

Re: [Openvpn-devel] [ovpn-dco] sudden network disconnection

Hi Arne, I'm going to test encryption "none" to narrow down this issue, but I found your dco branch doesn't support this. Can you support? Tony Antonio Quartulli 于2021年3月31日周三 下午2:32写道： > Hi, > > On 31/03/2021 08:29, Antonio Quartulli wrote: > > A packet dump of the whole session may also help

[Openvpn-devel] [ovpn-dco] sudden network disconnection

Hi Antonio, As you know I am porting opvn-dco to my router whose kernel is V4.14.76. After solving AF_NETLINK group issue we discussed yesterday. It finally works. But I encounter another issue :-( . When testing the performance with iperf3, disconnection occurs and recovers after a few seconds

Re: [Openvpn-devel] [ovpn-dco] try to port to kernel 4.14.76, but can not join AF_NETLINK group

ony Antonio Quartulli 于2021年3月30日周二 下午10:37写道： > Hi Tony, > > On 30/03/2021 12:23, Arne Schwabe wrote: > > Am 30.03.21 um 09:36 schrieb Tony He: > >> Hi Antonio, Arne, > >> > >> Sorry to bother you. I have a router based on Linux kernel > >> 4.14.

[Openvpn-devel] [ovpn-dco] try to port to kernel 4.14.76, but can not join AF_NETLINK group

Hi Antonio, Arne, Sorry to bother you. I have a router based on Linux kernel 4.14.76(4.14.x is LTS version). Because of some reasons, it's hard to upgrade to v5.x to play ovpn-dco. So I am porting ovpn-dco to 4.14.76 kernel. After some hacking, it's almost done. Now it seems that only one issue n

Re: [Openvpn-devel] Segmentation fault in OpenVPN 2.6_git [git:dco/fcc852a9b2ea832c]

Antonio Quartulli 于2021年3月4日周四 下午3:48写道： > Hi Tony, > > On 04/03/2021 03:10, Tony He wrote: > > > > Arne Schwabe mailto:a...@rfc2549.org>> 于2021年3月3日 > > 周三 下午7:56写道： > > > > Am 03.03.21 um 08:46 schrieb Tony He: > > > Hi Arne, > &

Re: [Openvpn-devel] Segmentation fault in OpenVPN 2.6_git [git:dco/fcc852a9b2ea832c]

Arne Schwabe 于2021年3月3日周三 下午7:56写道： > Am 03.03.21 um 08:46 schrieb Tony He: > > Hi Arne, > > > > I encountered segmentation fault in your dco branch. Master branch is > > OK. I reverted the commit "Linux data-channel offload support", but it > >

[Openvpn-devel] Segmentation fault in OpenVPN 2.6_git [git:dco/fcc852a9b2ea832c]

Hi Arne, I encountered segmentation fault in your dco branch. Master branch is OK. I reverted the commit "Linux data-channel offload support", but it still happens. Anything wrong? Can you reproduce? root@vm-ubuntu-2004:/project/openvpn/schwabe/openvpn# gdb ./src/openvpn/openvpn GNU gdb (Ubuntu 9

Re: [Openvpn-devel] compiling issue in openvpn 2.6.0+ supporting ovpn-dco

No, same error. This error happens on my Ubuntu 20.04 VM. Another Ubuntu 18.04 is fine. Checking. What's your Linux distribution? Tony Arne Schwabe 于2021年3月2日周二 下午4:18写道： > Am 02.03.21 um 05:12 schrieb Tony He: > > Hi Arne, > > > > I'm trying your working branch

Re: [Openvpn-devel] [ovpn-dco]compilation error in function ‘ovpn_peer_lookup_transp_addr’

ranch :-) > > > > The object pointed by sa6 is not large enough, hence triggering that > error. > > > > Will come up with a fix. > > > > Thanks! > > > > On 13/01/2021 11:17, Tony He wrote: > >> Hi Antonio, > >> > >> Yes, I

Re: [Openvpn-devel] [ovpn-dco] compilation error in function ‘ovpn_peer_lookup_transp_addr’

change the subject. Tony He 于2021年1月13日周三 下午5:03写道： > Sorry, clicked "send" button before adding subject and CC Openvpn-dev. I > will send a new mail. > > Tony He 于2021年1月13日周三 下午4:57写道： > >> Hi Antonio, >> >> I see you have pushed new commits to su

Re: [Openvpn-devel] [ovpn-dco]

Sorry, clicked "send" button before adding subject and CC Openvpn-dev. I will send a new mail. Tony He 于2021年1月13日周三 下午4:57写道： > Hi Antonio, > > I see you have pushed new commits to support multiple link to peers. So I > tried compiling, but encounter below error. My kern

Re: [Openvpn-devel] [ovpn-dco] AES-CCM available for testing

gt; > > To do so, just specify "aes-ccm" as algorithm when setting a new key. > > > > > excellent news! > Thank you very much for adding this so quickly; it won't help Tony He > though, as he is stuck using a rather old AL314 + R9000 chip which does not

Re: [Openvpn-devel] [ovpn-dco] Is cbc-hmac supported?

UTC ... type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes aes-128-ccm 18304.68k 32283.75k 40139.86k 42916.18k 43660.63k 43745.28k Tony Tony He 于2020年12月6日周日 上午10:57写道： > Hi Jan, > > The driver is open source. > https://github.com/SVoxel/R9000/tree/mas

Re: [Openvpn-devel] [ovpn-dco] Is cbc-hmac supported?

will implement this. > > > -- 原始邮件 -- > *发件人:* "Jan Just Keijser" ; > *发送时间:* 2020年12月4日(星期五) 晚上6:19 > *收件人:* "Tony He"; > *抄送:* "lev";"Antonio Quartulli" >;"openvpn-devel"; > *主题:* Re: [Openvpn-de

Re: [Openvpn-devel] [ovpn-dco] Is cbc-hmac supported?

ee the CCM performance is almost same. Tony Jan Just Keijser 于2020年12月4日周五 下午5:49写道： > Hi Tony, > > On 04/12/20 08:41, Tony He wrote: > > Hi Jan, > Yeah, need option " -elapsed" because OpenSSL counts user time instead of > total time(user+sys time) without this

Re: [Openvpn-devel] [ovpn-dco] Is cbc-hmac supported?

ocks: 198963 sha1's in 3.00s Doing sha1 for 3s on 8192 size blocks: 27380 sha1's in 3.00s ... type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes sha1 10013.71k 26677.82k 51463.68k 67912.70k 74765.65k Tony Jan Just Keijser 于2020年12月2日周三 下午11:24写道： > Hi Tony, > > O

Re: [Openvpn-devel] [ovpn-dco] Is cbc-hmac supported?

7:24写道： > hi Tony, > > On 01/12/20 02:50, Tony He wrote: > > Hi Arne, > > openssl speed -evp aes-128-cbc > type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-cbc > 20035.60k 123261.54k 267081.60k 1094764.09k 9181370.18k > openssl speed -evp aes-128-g

Re: [Openvpn-devel] [ovpn-dco] Is cbc-hmac supported?

1207364.27k openssl speed -evp chacha20-poly1305 chacha20-poly1305 is an unknown cipher or digest Using old openssl, so chacha20-poly1305 is not supported. Tony Arne Schwabe 于2020年11月26日周四 下午6:40写道： > Am 26.11.20 um 10:41 schrieb Tony He: > > Hi Arne, > > > >>Since the origin

Re: [Openvpn-devel] [ovpn-dco] Is cbc-hmac supported?

ony <383181...@qq.com> 于2020年11月26日周四 下午5:32写道： > > > > -- 原始邮件 -- > *发件人:* "Arne Schwabe" ; > *发送时间:* 2020年11月26日(星期四) 下午5:22 > *收件人:* "Tony He";"Antonio Quartulli"; > *抄送:* "lev";"openvpn-de

Re: [Openvpn-devel] [ovpn-dco] Is cbc-hmac supported?

Hi Gert, Because there is HW crypto engine in some embedded devices, the crypto engine maybe only supports hmac-sha256-cbc-aes. Tony Gert Doering 于2020年11月26日周四 下午4:56写道： > Hi, > > On Thu, Nov 26, 2020 at 04:53:14PM +0800, Tony He wrote: > > Understood. We have dicussed this

Re: [Openvpn-devel] [ovpn-dco] Is cbc-hmac supported?

： > Hi Tony, > > On 26/11/2020 01:46, Tony He wrote: > >>OpenSSL directly talks to the crypto engine via a proprietary interface > >>that the FW/driver exposes to userspace. The *data* flow does not cross > >>the linux kernel crypto API > > > > No, Ope

Re: [Openvpn-devel] [ovpn-dco] Is cbc-hmac supported?

>OpenSSL directly talks to the crypto engine via a proprietary interface >that the FW/driver exposes to userspace. The *data* flow does not cross >the linux kernel crypto API No, OpenSSL doesn't directly talk to the crypto engine via a proprietary interface that the FW/driver exposes to userspace

[Openvpn-devel] [ovpn-dco] question about the comment about AEAD nonce

Hi Antonio, I'm reading the source code to study this module driven by intertest. I'm new to crypto stuffs. In pktid.h: /* When the OpenVPN protocol is run in AEAD mode, use * the OpenVPN packet ID as the AEAD nonce: * *0005 521c3b01 4308c041 83ba3099 *[seq # ] [nonce_tail

Re: [Openvpn-devel] [ovpn-dco] Kernel NULL point derefence

v 22 16:13:17 2020 +0100 > > ovpn-dco: avoid potential out of bound access in aead_decrypt() > > > I have just pushed a fix to master to address the bug. > Could you please give it a go? > > Thanks a lot! > > On 24/11/2020 08:38, Tony He wrote: > > Hi Anton

Re: [Openvpn-devel] [ovpn-dco] Kernel NULL point derefence

Hi Antonio, Did more test. Just FYI. ba109be633f bad. 6eb6292a9d3 ? 0989291e816 good Tony Tony He 于2020年11月24日周二 上午9:19写道： > Hi Antonio, > > I'm using the latest commit 4b104be to test and encountered following > issue. I saw multi times in both peers. I never encountered th

[Openvpn-devel] [ovpn-dco] Kernel NULL point derefence

Hi Antonio, I'm using the latest commit 4b104be to test and encountered following issue. I saw multi times in both peers. I never encountered this issue before commit c56b9d0. Can you reproduce? [ 708.790419] ovpn_dco: module verification failed: signature and/or required key missing - tainting

[Openvpn-devel] [ovpn-dco] performance issue

Hi Antonio, I'm testing the performance of ovpn-dco. Topology: iperf client running in Ubuntu 20.04 VM with two cores(intel i7 6700) - iperf server running Ubuntu 18.04 HP EliteBook with four cores(intel i5-6300U). tunnel IP 5.5.5.1 tunnel IP 5.5.5.2 The issue I se

Re: [Openvpn-devel] ovpn-dco: nestns-test.sh - fix the issue that veth is not created successfully

Hi Antonio, To confirm, I installed a Ubuntu 20.04 VM and saw it supports these two formates. Tony Antonio Quartulli 于2020年11月18日周三 下午11:05写道： > Hi Tony, > > On 18/11/2020 15:54, Tony He wrote: > > > > Hi Antonio, > > > > Have you encountered this issue? Plea

[Openvpn-devel] ovpn-dco: nestns-test.sh - fix the issue that veth is not created successfully

Hi Antonio, Have you encountered this issue? Please help to review. Tony ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel