Attention is currently required from: flichtenheld, plaisthos, ralf_lici, stipa.
cron2 has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1084?usp=email ) Change subject: dco: Add support for float notifications ...................................................................... Patch Set 3: Code-Review-1 (1 comment) Patchset: PS3: *b00m* so this is the testbed: ununtu 20.04 server with backported float notification patch, commit 31aedd7fb plus this patch. one server instance, with 2 UDP sockets (one udp6/dual-stack, one udp4 only). Client connecting to the UDP4 socket (so v6 mapped is not relevant). Server has --reneg-sec 60, and in between renegotiations the client is made to roam between LAN and WiFi (by unplugging and replugging the LAN cable). It floats quite happily, and then explodes - it's something with timing, float, and server-triggered renegotiation, though I do not really know what sequence of things I need. `peer-id 2` is the floating client, `peer-id 1` is just sticking around. ``` 2025-07-17 17:45:32 us=32787 freebsd-74-amd64/udp6:194.97.140.3:61704 peer-id=1 Control Channel: TLSv1.2, cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, 2048 bit key 2025-07-17 17:45:32 us=32932 freebsd-74-amd64/udp6:194.97.140.3:61704 peer-id=1 dco_install_key: peer_id=1 keyid=6, currently 1 keys installed 2025-07-17 17:45:32 us=32963 freebsd-74-amd64/udp6:194.97.140.3:61704 peer-id=1 dco_new_key: slot 1, key-id 6, peer-id 1, cipher AES-256-GCM 2025-07-17 17:45:32 us=658862 cron2-freebsd-tc-amd64/udp4:193.149.48.172:63385 peer-id=2 Swapping primary and secondary keys to primary-id=6 secondary-id=5 2025-07-17 17:45:32 us=658933 cron2-freebsd-tc-amd64/udp4:193.149.48.172:63385 peer-id=2 dco_swap_keys: peer-id 2 2025-07-17 17:45:59 us=350653 dco_do_read 2025-07-17 17:45:59 us=350790 ovpn-dco: received CMD_PEER_FLOAT_NTF, ifindex: 5501, peer-id 2, address: [AF_INET]193.149.48.173:63385 2025-07-17 17:45:59 us=350937 peer 2 (cron2-freebsd-tc-amd64) floated from udp4:193.149.48.172:63385 to [AF_INET6]::ffff:193.149.48.173:63385 (via ::ffff:195.30.8.84%ens160) 2025-07-17 17:46:02 us=32434 cron2-freebsd-tc-amd64/udp6:193.149.48.173:63385 peer-id=2 TLS: soft reset sec=60/59 bytes=0/-1 pkts=0/0 aead_limit_send=0/60129542137 aead_limit_recv=0/60129542137 2025-07-17 17:46:02 us=32639 cron2-freebsd-tc-amd64/udp6:193.149.48.173:63385 peer-id=2 dco_del_key: peer-id 2, slot 1 2025-07-17 17:46:02 us=32911 cron2-freebsd-tc-amd64/udp6:193.149.48.173:63385 peer-id=2 UDPv4 WRITE [54] to [AF_INET6]::ffff:193.149.48.173:63385 (via ::ffff:195.30.8.84%ens160): P_CONTROL_SOFT_RESET_V1 kid=7 [ ] pid=12648 DATA len=40 2025-07-17 17:46:02 us=32981 cron2-freebsd-tc-amd64/udp6:193.149.48.173:63385 peer-id=2 write UDPv4 []: Address family not supported by protocol (fd=7,code=97) 2025-07-17 17:46:02 us=352420 dco_do_read 2025-07-17 17:46:02 us=352549 ovpn-dco: received CMD_PEER_FLOAT_NTF, ifindex: 5501, peer-id 2, address: [AF_INET]193.149.48.172:63385 2025-07-17 17:46:02 us=352705 peer 2 (cron2-freebsd-tc-amd64) floated from udp6:193.149.48.173:63385 to [AF_INET6]::ffff:193.149.48.172:63385 (via ::ffff:195.30.8.84%ens160) 2025-07-17 17:46:02 us=529069 freebsd-74-amd64/udp6:194.97.140.3:61704 peer-id=1 Swapping primary and secondary keys to primary-id=6 secondary-id=5 2025-07-17 17:46:02 us=529153 freebsd-74-amd64/udp6:194.97.140.3:61704 peer-id=1 dco_swap_keys: peer-id 1 2025-07-17 17:46:04 us=286241 cron2-freebsd-tc-amd64/udp6:193.149.48.172:63385 peer-id=2 UDPv4 WRITE [54] to [AF_INET6]::ffff:193.149.48.172:63385 (via ::ffff:195.30.8.84%ens160): P_CONTROL_SOFT_RESET_V1 kid=7 [ ] pid=12904 DATA len=40 2025-07-17 17:46:04 us=286325 cron2-freebsd-tc-amd64/udp6:193.149.48.172:63385 peer-id=2 write UDPv4 []: Address family not supported by protocol (fd=7,code=97) 2025-07-17 17:46:05 us=364294 dco_get_peer_stats_multi 2025-07-17 17:46:05 us=364768 dco_parse_peer_multi: parsing message... 2025-07-17 17:46:05 us=364822 dco_update_peer_stat: no link RX bytes provided in reply for peer 2 2025-07-17 17:46:05 us=364854 dco_update_peer_stat: no link TX bytes provided in reply for peer 2 2025-07-17 17:46:05 us=364913 dco_update_peer_stat: no VPN RX bytes provided in reply for peer 2 2025-07-17 17:46:05 us=364931 dco_update_peer_stat: no VPN TX bytes provided in reply for peer 2 2025-07-17 17:46:05 us=364994 dco_parse_peer_multi: parsing message... 2025-07-17 17:46:05 us=365028 dco_update_peer_stat / dco_read_bytes: 1648 2025-07-17 17:46:05 us=365057 dco_update_peer_stat / dco_write_bytes: 1440 2025-07-17 17:46:05 us=365103 dco_update_peer_stat / tun_read_bytes: 0 2025-07-17 17:46:05 us=365129 dco_update_peer_stat / tun_write_bytes: 0 2025-07-17 17:46:05 us=365145 dco_parse_peer_multi: parsing message... 2025-07-17 17:46:05 us=365180 dco_update_peer_stat / dco_read_bytes: 53648 2025-07-17 17:46:05 us=365208 dco_update_peer_stat / dco_write_bytes: 53248 2025-07-17 17:46:05 us=365269 dco_update_peer_stat / tun_read_bytes: 43264 2025-07-17 17:46:05 us=365304 dco_update_peer_stat / tun_write_bytes: 43264 2025-07-17 17:46:05 us=366195 dco_do_read 2025-07-17 17:46:05 us=366301 dco_do_read: netlink reports error (-4): Try again 2025-07-17 17:46:08 us=370284 dco_do_read 2025-07-17 17:46:08 us=370355 ovpn-dco: received CMD_PEER_FLOAT_NTF, ifindex: 5501, peer-id 2, address: [AF_INET]193.149.48.172:63385 2025-07-17 17:46:08 us=370416 closing instance cron2-freebsd-tc-amd64/udp6:193.149.48.172:63385 peer-id=2 2025-07-17 17:46:08 us=370469 dco_get_peer_stats_multi 2025-07-17 17:46:08 us=370666 dco_parse_peer_multi: parsing message... 2025-07-17 17:46:08 us=370811 dco_update_peer_stat / dco_read_bytes: 1648 2025-07-17 17:46:08 us=370856 dco_update_peer_stat / dco_write_bytes: 1440 2025-07-17 17:46:08 us=370887 dco_update_peer_stat / tun_read_bytes: 0 2025-07-17 17:46:08 us=370918 dco_update_peer_stat / tun_write_bytes: 0 2025-07-17 17:46:08 us=371212 dco_parse_peer_multi: parsing message... 2025-07-17 17:46:08 us=371249 dco_parse_peer_multi: cannot store DCO stats for peer 2 2025-07-17 17:46:08 us=371410 register signal: SIGTERM (close_context) 2025-07-17 17:46:08 us=371534 dco_del_peer: peer-id 2 ``` (why does it want to close peer 2? so something went fishy already at this point) ``` Program received signal SIGSEGV, Segmentation fault. 0x00005555555989b3 in multi_process_float (m=m@entry=0x7fffffffbb90, mi=mi@entry=0x555555772a70, sock=0x5555556c7a20) at multi.c:3258 3258 msg(D_MULTI_MEDIUM, "peer %" PRIu32 " (%s) floated from %s to %s", (gdb) where #0 0x00005555555989b3 in multi_process_float (m=m@entry=0x7fffffffbb90, mi=mi@entry=0x555555772a70, sock=0x5555556c7a20) at multi.c:3258 #1 0x0000555555598f53 in multi_process_incoming_dco (m=m@entry=0x7fffffffbb90) at multi.c:3393 #2 0x000055555559d7e0 in multi_io_process_io (m=m@entry=0x7fffffffbb90) at multi_io.c:534 #3 0x000055555559c740 in tunnel_server_loop (multi=0x7fffffffbb90) at multi.c:4287 #4 tunnel_server (top=0x7fffffffd0c0) at multi.c:4339 #5 0x00005555555a1f29 in openvpn_main (argc=5, argv=0x7fffffffe598) at openvpn.c:318 #6 0x00007ffff7d72083 in __libc_start_main (main=0x55555555fb70 <main>, argc=5, argv=0x7fffffffe598, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe588) at ../csu/libc-start.c:308 #7 0x000055555555fbae in _start () at openvpn.c:395 (gdb) list 3253 3254 msg(D_MULTI_MEDIUM, "closing instance %s", multi_instance_string(ex_mi, false, &gc)); 3255 multi_close_instance(m, ex_mi, false); 3256 } 3257 3258 msg(D_MULTI_MEDIUM, "peer %" PRIu32 " (%s) floated from %s to %s", 3259 mi->context.c2.tls_multi->peer_id, 3260 tls_common_name(mi->context.c2.tls_multi, false), 3261 mroute_addr_print(&mi->real, &gc), 3262 print_link_socket_actual(&m->top.c2.from, &gc)); (gdb) print mi->context.c2.tls_multi $1 = (struct tls_multi *) 0x0 ``` the kernel log around that time says ``` Jul 17 17:46:01 ubuntu2004 kernel: [3570425.002983] tun7: peer 2 floated to 193.149.48.173:63385 Jul 17 17:46:01 ubuntu2004 kernel: [3570426.825096] tun7: sending keepalive to peer 1 Jul 17 17:46:01 ubuntu2004 kernel: [3570426.825119] tun7: scheduling keepalive work: now=1752767170 next_run=1752767161 delta=9 Jul 17 17:46:02 ubuntu2004 kernel: [3570427.685495] deleting key slot 1, key_id=5 Jul 17 17:46:02 ubuntu2004 kernel: [3570428.004618] tun7: peer 2 floated to 193.149.48.172:63385 Jul 17 17:46:02 ubuntu2004 kernel: [3570428.182001] key swapped: (old primary) 5 <-> (new primary) 6 Jul 17 17:46:03 ubuntu2004 kernel: [3570429.235584] tun7: ping received from peer 1 Jul 17 17:46:08 ubuntu2004 kernel: [3570431.015784] tun7: peer 2 floated to 193.149.48.173:63385 Jul 17 17:46:08 ubuntu2004 kernel: [3570434.022364] tun7: peer 2 floated to 193.149.48.172:63385 Jul 17 17:46:08 ubuntu2004 kernel: [3570434.024151] tun7: del peer 2 Jul 17 17:46:08 ubuntu2004 kernel: [3570434.024169] tun7: deleting peer with id 2, reason 1 Jul 17 17:46:10 ubuntu2004 kernel: [3570436.040898] tun7: scheduling keepalive work: now=1752767171 next_run=1752767170 delta=1 Jul 17 17:46:11 ubuntu2004 kernel: [3570437.064852] tun7: sending keepalive to peer 1 ``` -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1084?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I33e9272b4196c7634db2fb33a75ae4261660867f Gerrit-Change-Number: 1084 Gerrit-PatchSet: 3 Gerrit-Owner: ralf_lici <r...@mandelbit.com> Gerrit-Reviewer: cron2 <g...@greenie.muc.de> Gerrit-Reviewer: flichtenheld <fr...@lichtenheld.com> Gerrit-Reviewer: ordex <anto...@mandelbit.com> Gerrit-Reviewer: plaisthos <arne-open...@rfc2549.org> Gerrit-Reviewer: stipa <lstipa...@gmail.com> Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net> Gerrit-Attention: plaisthos <arne-open...@rfc2549.org> Gerrit-Attention: flichtenheld <fr...@lichtenheld.com> Gerrit-Attention: ralf_lici <r...@mandelbit.com> Gerrit-Attention: stipa <lstipa...@gmail.com> Gerrit-Comment-Date: Thu, 17 Jul 2025 15:54:28 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
