dco: backport immediate message processing to 2.6 #945
+183
−60
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Backport of commit 7791f53 from master. Currently, reading and processing of incoming DCO messages are decoupled: notifications are read, parsed, and the relevant information is stored in fields of dco_context_t for later processing. This approach is problematic on Linux, since libnl does not allow reading a single netlink message at a time, which can result in loss of information when multiple notifications are available. This change adopts a read -> parse -> process paradigm. On Linux, processing is now invoked directly from within the parsing callback. On Linux, a DEL_PEER notification from the kernel triggers a GET_PEER request from userspace, which can lead to errors when multiple simultaneous DEL_PEER notifications are received. To avoid this, introduce a lock that prevents requesting stats while still busy parsing other messages. Note: The 2.6 backport requires additional changes not present in the master commit because the multi context linkage infrastructure differs: - Added multi pointer to struct context (openvpn.h) - Set context linkages in init.c, mtcp.c, mudp.c - Added dco_linux.h changes for context pointer Reported-by: Stefan Baranoff <stefan.baranoff@trinitycyber.com> Github: OpenVPN#900 Github: OpenVPN#918 Github: OpenVPN#931 Github: fixes OpenVPN#919 (backport of commit 7791f53) Signed-off-by: Nikolai Shelekhov <nickshv13@icloud.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport of commit 7791f53 from master.
Currently, reading and processing of incoming DCO messages are decoupled: notifications are read, parsed, and the relevant information is stored in fields of dco_context_t for later processing. This approach is problematic on Linux, since libnl does not allow reading a single netlink message at a time, which can result in loss of information when multiple notifications are available.
This change adopts a read -> parse -> process paradigm. On Linux, processing is now invoked directly from within the parsing callback.
On Linux, a DEL_PEER notification from the kernel triggers a GET_PEER request from userspace, which can lead to errors when multiple simultaneous DEL_PEER notifications are received. To avoid this, introduce a lock that prevents requesting stats while still busy parsing other messages.
Note: The 2.6 backport requires additional changes not present in the master commit because the multi context linkage infrastructure differs:
Reported-by: Stefan Baranoff stefan.baranoff@trinitycyber.com
Github: #900
Github: #918
Github: #931
Github: fixes #919
(backport of commit 7791f53)
Thank you for your contribution
You are welcome to open PR, but they are used for discussion only. All
patches must eventually go to the openvpn-devel mailing list for review:
Please send your patch using git-send-email. For example to send your latest commit to the list:
For details, see these Wiki articles: