[Openvpn-devel] [PATCH] Support --inactive option for DCO

From: Lev Stipakov When DCO is in use, userland doesn't see any traffic which breaks --inactive option. Fix by adding inactivity check to inactivity timeout callback. Get the cumulative tun bytes count (ping packets are excluded) from DCO and compare it to the previous value stored in c2.inactiv

Re: [Openvpn-devel] [PATCH] Support --inactive option for DCO

Review happens at https://gerrit.openvpn.net/c/openvpn/+/143 ma 13. maalisk. 2023 klo 12.06 Lev Stipakov (lstipa...@gmail.com) kirjoitti: > > From: Lev Stipakov > > When DCO is in use, userland doesn't see any traffic > which breaks --inactive option. > > Fix by adding inactivity check to inactiv

[Openvpn-devel] [PATCH] Fix memory leaks in HMAC initial packet id and dco open tun

The open_tun_dco_generic already allocates the actual_name string, this shadows the allocation in the FreeBSD/Linux specific methods. The HMAC leaks are just forgotten frees/deinitialisations. Change-Id: I3c344af047abe94c0178bde1781eb450f10d157d Signed-off-by: Arne Schwabe --- src/openvpn/dco_f

[Openvpn-devel] [PATCH applied] Re: dco: don't use NetLink to exchange control packets

I have tested this on ubuntu 20.04 against the kernel DCO (v2) module from "next", commit 580608e. All client and server side tests pass (with and without DCO), and it survived UDP and TCP gremlin attacks for ~1h each. This is better than we ever had, so yay :-) UDP gremlins still seems to make

[Openvpn-devel] [PATCH v2] Fix memory leaks in HMAC initial packet id and dco open tun

The open_tun_dco_generic already allocates the actual_name string, this shadows the allocation in the FreeBSD/Linux specific methods. The HMAC leaks are just forgotten frees/deinitialisations. Found-By: clang with asan Patch v2: rebase. Include linux bits accidentially forgotten. Change-Id: I3c

[Openvpn-devel] [L] Change in openvpn[master]: dco: don't use NetLink to exchange control packets

plaisthos has uploaded a new patch set (#6) to the change originally created by ordex. ( http://gerrit.openvpn.net/c/openvpn/+/28?usp=email ) The following approvals got outdated and were removed: Code-Review+2 by plaisthos Change subject: dco: don't use NetLink to exchange control packets

[Openvpn-devel] [L] Change in openvpn[master]: dco: don't use NetLink to exchange control packets

plaisthos has submitted this change. ( http://gerrit.openvpn.net/c/openvpn/+/28?usp=email ) Change subject: dco: don't use NetLink to exchange control packets .. dco: don't use NetLink to exchange control packets Using NetLink

[Openvpn-devel] [PATCH applied] Re: dco: print version to log if available

I briefly tested this on a system with the dco-v2 kernel module (and with the module unloaded). It did what I expected: DCO version: 0.1.20230206-15-g580608e or DCO version: N/A On FreeBSD 12 (no DCO), it does not print anything, on FreeBSD 14 it prints DCO version: v0 (which will be addr

[Openvpn-devel] [PATCH applied] Re: dco: print FreeBSD version

Acked-by: Gert Doering Tested on FreeBSD 14 DCO version: FreeBSD 14.0-CURRENT #10 main-n259930-e898a3af97f9: Wed Jan 4 13:33:06 CET 2023 r...@fbsd14.ov.greenie.net:/usr/obj/usr/src/amd64.amd64/sys/GENERIC and on 12 (nothing, as expected). Learned about $UNAME_v today :-) I have added

Re: [Openvpn-devel] [PATCH v2] Fix memory leaks in HMAC initial packet id and dco open tun

Hi, On Mon, Mar 13, 2023 at 02:42:33PM +0100, Arne Schwabe wrote: > The open_tun_dco_generic already allocates the actual_name string, this > shadows the allocation in the FreeBSD/Linux specific methods. > > The HMAC leaks are just forgotten frees/deinitialisations. > > Found-By: clang with asan