Hi,
On 05/12/2022 17:41, Kristof Provost via Openvpn-devel wrote:
From: Kristof Provost
When DCO is active userspace doesn't see all of the traffic, so when we
access these stats we must update them.
Retrieve kernel statistics every time we access the
link_(read|write)_bytes values.
Hi,
On 13/12/2022 05:46, Gert Doering wrote:
Hi,
On Mon, Dec 12, 2022 at 09:53:36PM +0100, Antonio Quartulli wrote:
On 05/12/2022 17:41, Kristof Provost via Openvpn-devel wrote:
[cut]
+int
+dco_get_peer_stats(dco_context_t *dco, struct multi_context *m)
+{
+
+struct ifdrv drv;
+
Hi,
On Tue, Dec 13, 2022 at 01:12:30PM +0100, Antonio Quartulli wrote:
> Ideally a GET_PEER command is pretty standard and can also be used for
> any kind of state inspection (i.e. even for 'debugging', although it's
> not the primary usage)
[..]
> Like I said above, being this an API imho it
From: Lev Stipakov
BYTECOUNT on management interface is used to display client stats,
for example by openvpn-gui. At the moment BYTECOUNT is sent if
there is a traffic. With DCO, userspace process doesn't see data
channel traffic, BYTECOUNT is not sent and therefore stats
are not updated.
Fix
I've stared at the code for a bit (reasonable, with the enhancements
to come from Arne / Lev), and tested on Linux without DCO (client/server),
Linux with DCO (client/server) and FreeBSD with DCO (client/server),
and everything worked.
To make this new code work for the "configure --disable-dco"
Signed-off-by: Arne Schwabe
---
src/openvpn/dco.c | 7 ---
src/openvpn/dco_linux.c | 10 --
2 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index feb38cd02..5cce3f641 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
Hi,
On 13/12/2022 23:54, Arne Schwabe wrote:
We have 6 key slots but normally only consider 3 of them to be
active/valid keys. Especially the secondary key of TM_LAME_DUCK can
in rare corner cases have a key that is still installed in the kernel.
While this should not cause any issues since I
Signed-off-by: Arne Schwabe
---
src/openvpn/dco.c | 18 ++
src/openvpn/dco_linux.c | 10 --
2 files changed, 22 insertions(+), 6 deletions(-)
diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index feb38cd02..2396bcbf0 100644
--- a/src/openvpn/dco.c
+++
We have 6 key slots but normally only consider 3 of them to be
active/valid keys. Especially the secondary key of TM_LAME_DUCK can
in rare corner cases have a key that is still installed in the kernel.
While this should not cause any issues since I do not see way for this
key to become active
When dco_update_keys fails, we are in some weird state that we are
unlikely to recover since what userspace and kernel space think of
the keys is very likely to not in sync anymore. So abandon the
connection if this happens.
Signed-off-by: Arne Schwabe
---
src/openvpn/dco.c | 15
Hi,
I've managed to break p2p TLS again... not sure how I did this, but
anyway.
This is "master + kp 1/4" running on FreeBSD, in a p2p --tls-server
instance. It passed the first few tests, but then got left alone for
an hour, trying to reestablish the connection to the "missing --tls-client".
Hi,
On 13/12/2022 23:54, Arne Schwabe wrote:
When dco_update_keys fails, we are in some weird state that we are
unlikely to recover since what userspace and kernel space think of
the keys is very likely to not in sync anymore. So abandon the
connection if this happens.
Signed-off-by: Arne
Hi,
On Tue, Dec 13, 2022 at 10:37:32PM +0100, Gert Doering wrote:
> I've managed to break p2p TLS again... not sure how I did this, but
> anyway.
I now have a better theory. I was not able to make OpenVPN on Linux-DCO
ASSERT(), but it gets confused all the same.
So, the server side of this is
As instructed I have changed the wording a bit, it's now
"... currently %d keys installed"
which should make it clear that we are talking about the number of keys,
and not a key ID. "currently installed %d" is ambiguous here.
I have not tested this beyond "does it compile?", but since this
On 13/12/2022 23:54, Arne Schwabe wrote:
Signed-off-by: Arne Schwabe
---
src/openvpn/dco.c | 18 ++
src/openvpn/dco_linux.c | 10 --
2 files changed, 22 insertions(+), 6 deletions(-)
diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index
15 matches
Mail list logo