openvpn / ovpn-dco Goto Github PK
View Code? Open in Web Editor NEWOpenVPN Data Channel Offload in the linux kernel
ovpn-dco's Introduction
OpenVPN -- A Secure tunneling daemon Copyright (C) 2002-2022 OpenVPN Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation. ************************************************************************* To get the latest release of OpenVPN, go to: https://openvpn.net/community-downloads/ To Build and Install, tar -zxf openvpn-<version>.tar.gz cd openvpn-<version> ./configure make make install or see the file INSTALL for more info. For information on how to build OpenVPN on/for Windows with MinGW or MSVC see README.cmake.md. ************************************************************************* For detailed information on OpenVPN, including examples, see the man page http://openvpn.net/man.html For a sample VPN configuration, see http://openvpn.net/howto.html To report an issue, see https://github.com/OpenVPN/openvpn/issues/new (Note: We recently switched to GitHub for reporting new issues, old issues can be found at: https://community.openvpn.net/openvpn/report) For a description of OpenVPN's underlying protocol, see the file ssl.h included in the source distribution. ************************************************************************* Other Files & Directories: * configure.ac -- script to rebuild our configure script and makefile. * sample/sample-scripts/verify-cn A sample perl script which can be used with OpenVPN's --tls-verify option to provide a customized authentication test on embedded X509 certificate fields. * sample/sample-keys/ Sample RSA keys and certificates. DON'T USE THESE FILES FOR ANYTHING OTHER THAN TESTING BECAUSE THEY ARE TOTALLY INSECURE. * sample/sample-config-files/ A collection of OpenVPN config files and scripts from the HOWTO at http://openvpn.net/howto.html ************************************************************************* Note that easy-rsa and tap-windows are now maintained in their own subprojects. Their source code is available here: https://github.com/OpenVPN/easy-rsa https://github.com/OpenVPN/tap-windows6 Community-provided Windows installers (MSI) and Debian packages are built from https://github.com/OpenVPN/openvpn-build See the INSTALL file for usage information.
ovpn-dco's People
Contributors
Stargazers
Watchers
Forkers
huangya90 isabella232 inste dylu6699 laashub-soa dalekzhangdong mattock zyp2015 challengerorlando toxi22 freshgreenb flichtenheld zhagoonet keenetic alexandrclick mandelbitdev leo5878 jordanjoewatson webstorage119 sempervictus x-wrt jeffmahoneyovpn-dco's Issues
master branch does not compile on kernel 6.2-rc4
git clone https://github.com/OpenVPN/ovpn-dco.git
Cloning into 'ovpn-dco'...
remote: Enumerating objects: 3240, done.
remote: Counting objects: 100% (692/692), done.
remote: Compressing objects: 100% (275/275), done.
remote: Total 3240 (delta 352), reused 665 (delta 328), pack-reused 2548
Receiving objects: 100% (3240/3240), 1008.00 KiB | 3.92 MiB/s, done.
Resolving deltas: 100% (1836/1836), done.
root@ghost:/usr/src# cd ovpn-dco
root@ghost:/usr/src/ovpn-dco# make KERNEL_SRC=/usr/src/linux-6.2-rc2
/usr/src/ovpn-dco/gen-compat-autoconf.sh /usr/src/ovpn-dco/compat-autoconf.h
make -C /usr/src/linux-6.2-rc2 M=/usr/src/ovpn-dco PWD=/usr/src/ovpn-dco REVISION=0.1.20221107 CONFIG_OVPN_DCO=m INSTALL_MOD_DIR=updates/ modules
make[1]: Entering directory '/usr/src/linux-6.2-rc2'
CC [M] /usr/src/ovpn-dco/drivers/net/ovpn-dco/main.o
CC [M] /usr/src/ovpn-dco/drivers/net/ovpn-dco/bind.o
CC [M] /usr/src/ovpn-dco/drivers/net/ovpn-dco/crypto.o
CC [M] /usr/src/ovpn-dco/drivers/net/ovpn-dco/ovpn.o
CC [M] /usr/src/ovpn-dco/drivers/net/ovpn-dco/peer.o
CC [M] /usr/src/ovpn-dco/drivers/net/ovpn-dco/sock.o
CC [M] /usr/src/ovpn-dco/drivers/net/ovpn-dco/stats.o
CC [M] /usr/src/ovpn-dco/drivers/net/ovpn-dco/netlink.o
/usr/src/ovpn-dco/drivers/net/ovpn-dco/netlink.c:950:21: error: initialization of 'int (*)(const struct genl_split_ops *, struct sk_buff *, struct genl_info )' from incompatible pointer type 'int ()(const struct genl_ops *, struct sk_buff *, struct genl_info )' [-Werror=incompatible-pointer-types]
950 | .pre_doit = ovpn_pre_doit,
| ^~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn-dco/netlink.c:950:21: note: (near initialization for 'ovpn_netlink_family.pre_doit')
/usr/src/ovpn-dco/drivers/net/ovpn-dco/netlink.c:951:22: error: initialization of 'void ()(const struct genl_split_ops *, struct sk_buff *, struct genl_info )' from incompatible pointer type 'void ()(const struct genl_ops *, struct sk_buff *, struct genl_info *)' [-Werror=incompatible-pointer-types]
951 | .post_doit = ovpn_post_doit,
| ^~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn-dco/netlink.c:951:22: note: (near initialization for 'ovpn_netlink_family.post_doit')
cc1: some warnings being treated as errors
make[3]: *** [scripts/Makefile.build:252: /usr/src/ovpn-dco/drivers/net/ovpn-dco/netlink.o] Error 1
make[2]: *** [scripts/Makefile.build:504: /usr/src/ovpn-dco/drivers/net/ovpn-dco] Error 2
make[1]: *** [Makefile:2008: /usr/src/ovpn-dco] Error 2
make[1]: Leaving directory '/usr/src/linux-6.2-rc2'
make: *** [Makefile:52: all] Error 2
netlink reports object not found
After three days of steady running, suddenly
2023-09-27 19:04:52 us=681004 CLIENT/XXXXXX:65165 dco_new_key: netlink reports object not found, ovpn-dco unloaded?
2023-09-27 19:04:52 us=681014 CLIENT/XXXXXX:65165 dco_new_key: failed to send netlink message: No such file or directory (-2)
2023-09-27 19:04:52 us=681020 CLIENT/XXXXXX:65165 Impossible to install key material in DCO: No such file or directory
2023-09-27 19:04:52 us=681023 CLIENT/XXXXXX:65165 Exiting due to fatal error
2023-09-27 19:04:52 us=681036 CLIENT/XXXXXX:65165 Closing DCO interface
2023-09-27 19:04:52 us=681041 CLIENT/XXXXXX:65165 net_addr_v4_del: 10.61.0.1 dev tun3
2023-09-27 19:04:52 us=683371 CLIENT/XXXXXX:65165 net_iface_del: delete tun3
Then consistently see kernel errors
Message from syslogd@ip-XXXXX at Sep 27 23:18:39 ...
kernel:[11843724.403314] unregister_netdevice: waiting for tun3 to become free. Usage count = 8
dmesg output
……
[11843714.323165] unregister_netdevice: waiting for tun3 to become free. Usage count = 8
[11843724.403314] unregister_netdevice: waiting for tun3 to become free. Usage count = 8
[11843734.483472] unregister_netdevice: waiting for tun3 to become free. Usage count = 8
[11843744.563620] unregister_netdevice: waiting for tun3 to become free. Usage count = 8
[11843754.643777] unregister_netdevice: waiting for tun3 to become free. Usage count = 8
[11843764.723930] unregister_netdevice: waiting for tun3 to become free. Usage count = 8
[11843774.836075] unregister_netdevice: waiting for tun3 to become free. Usage count = 8
[11843784.948232] unregister_netdevice: waiting for tun3 to become free. Usage count = 8
[11843795.060380] unregister_netdevice: waiting for tun3 to become free. Usage count = 8
[11843805.140526] unregister_netdevice: waiting for tun3 to become free. Usage count = 8
[11843815.220675] unregister_netdevice: waiting for tun3 to become free. Usage count = 8
[11843825.300839] unregister_netdevice: waiting for tun3 to become free. Usage count = 8
[11843835.412986] unregister_netdevice: waiting for tun3 to become free. Usage count = 8
[11843845.525133] unregister_netdevice: waiting for tun3 to become free. Usage count = 8
[11843855.637290] unregister_netdevice: waiting for tun3 to become free. Usage count = 8
[11843865.717444] unregister_netdevice: waiting for tun3 to become free. Usage count = 8
[11843875.797583] unregister_netdevice: waiting for tun3 to become free. Usage count = 8
……
What can I do about it?
ovpn_dco_v2 significantly slower
Upgrading our eduVPN node to OpenVPN 2.6.2 with ovpn_dco_v2 leads to significantly lower throughput than running without DCO or with DCOv1. Unfortunately I cannot get the test rig used for the first test running today and I'm going on vacation, but it is reproducible.
Speeds are downloads from the VPN client, so sending into the tunnel.
All with the same VM:
2.6.1 + DCOv1: 1,23 Gbit/s
2.6.1 without DCO: 374 Mbit/s
From another client (!), thus not comparable with the numbers above:
2.6.2 + DCOv2: 84 Mbit/s
2.6.2 without DCO: 450 Mbit/s
instruct DCO about expected residual data over the socket
When passing the socket to kernelspace, userspace may had already started reading a new (but not complete!) packet.
This means that now DCO will receive data which is not the beginning of a new packet, but rather the end of a previous one, that is partly buffered in userspace.
This goes against the current assumption made bvy DCO, that is "I expect new packets from the beginning".
To fix this scenario, userspace could pass a "residual length" parameter along with the socket telling DCO how many bytes should directly be passed to userspace before assuming that a new packet will begin.
This change should happen in the new-peer command.
vpn
OpenVPN 2.6.2 ubuntu 22.10 kinetic
Hi, in previous versions when I checked a file /var/log/openvpn/openvpn.log my openvpn server started with ovpn-dco. today when i upgrade to latest version 2.6.2 i have in first line this:
2023-03-25 13:52:53 us=217969 Note: Kernel support for ovpn-dco missing, disabling data channel offload.
2023-03-25 13:52:53 us=218083 Current Parameter Settings:
2023-03-25 13:52:53 us=218092 config = '/etc/openvpn/server.conf'
my kernel is:
Linux localhost 5.19.0-38-generic #39-Ubuntu SMP PREEMPT_DYNAMIC Fri Mar 17 17:33:16 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
and i have installed two packages: openvpn-dco-dkms and kmod-ovpn-dco
openvpn-dco-dkms is already the newest version (0.0+git20220816-1).
kmod-ovpn-dco is already the newest version (0.20220601~git2db65af+jammy).
info about module from modinfo
modinfo ovpn_dco
filename: /lib/modules/5.19.0-38-generic/updates/dkms/ovpn-dco.ko
alias: net-pf-16-proto-16-family-ovpn-dco
alias: rtnl-link-ovpn-dco
version: 0.0+git20220816
license: GPL
author: (C) 2020-2022 OpenVPN, Inc.
description: OpenVPN data channel offload (ovpn-dco)
srcversion: D9E21BC3C39384ACEAD8AC5
depends: ip6_udp_tunnel,udp_tunnel
retpoline: Y
name: ovpn_dco
vermagic: 5.19.0-38-generic SMP preempt mod_unload modversions
sig_id: PKCS#7
signer: localhost Secure Boot Module Signature key
sig_key: 47:32:C1:7B:87:C0:D4:67:82:7F:2F:A8:CF:3A:41:C9:33:32:5C:0A
sig_hashalgo: sha512
signature: 79:14:08:E5:AE:AA:04:60:DA:1E:E0:05:BE:9E:92:CC:A0:22:F1:F1:
75:80:6D:F7:FD:43:83:B1:A0:84:98:79:B0:B6:5A:EC:FC:F6:B5:CD:
57:B9:E7:E7:20:06:24:CC:38:32:2C:43:B4:16:CA:6A:52:78:74:31:
78:CD:F2:6A:1B:16:1B:32:31:62:16:26:FB:43:A3:32:CB:53:A2:94:
B6:C2:59:42:EF:9A:40:2E:F9:85:21:07:EB:AB:C5:DB:AA:38:E8:44:
AB:2A:E4:28:13:FB:D9:EE:7E:F3:61:30:F4:B4:AF:C5:0B:FB:B1:41:
3E:E7:3B:1A:92:9B:D3:34:5B:B8:C8:54:E4:77:0A:55:93:FB:9F:E2:
DE:A0:9A:D0:7E:F6:13:43:5F:A2:97:78:1D:74:B7:C5:5A:91:15:3D:
D8:EB:28:79:EE:E3:AF:BD:72:85:FF:D1:39:39:B5:38:BD:DB:D3:3E:
A7:43:3F:5D:E8:B6:BE:0A:D5:61:13:09:61:79:0D:AA:BB:D9:BF:08:
36:83:66:6D:F1:80:10:40:6E:2D:6B:CE:85:7E:3B:C4:BB:09:1C:DF:
16:ED:C9:C9:F6:BA:07:F6:A2:31:5B:AA:30:BF:87:A6:C9:EB:03:D8:
8A:68:CE:D1:78:D8:7F:6D:9D:08:B6:33:B3:33:E1:52
lsmod | grep ovpn_dco
ovpn_dco 73728 0
ip6_udp_tunnel 16384 1 ovpn_dco
udp_tunnel 28672 1 ovpn_dco
sudo dkms status
ovpn-dco/0.0+git20220816, 5.19.0-37-generic, x86_64: installed
ovpn-dco/0.0+git20220816, 5.19.0-38-generic, x86_64: installed
did i miss something in the new version? why dco is disabled when i have all packages in latest version
hard freeze during first client connects
This is a rather weird thing. It mostly happens if during startup of openvpn, the server is already bombarded with connections. The VM just hard freezes in this case. Not even a blinking cusor on the console anymore.
I also manged to get later but then also in the first second of clients connecting. But if ovpn-dco surves the first 1-2s I never seen this after it. The part of the log that is still available before the hard freeze:
(log attached since it is larger than the limit for the text)
log-hard-freeze.txt
ovpn-dco: kernel errors about use after free, memleak on Linux 6.1.12
Describe the bug
After many dozens of messages about “deleting peer”, mainly due to ”reason 1” and “reason 4”, some due to “reason 2” (said peer being a mobile phone during a train journey), with the last 18 of these messages being 12 times “reason 4”, once “reason 2”, and again five times “reason 4”, the kernel suddenly reported errors about “use after free” and “leaking memory”. dmesg output follows:
[540333.750165] ------------[ cut here ]------------
[540333.750184] refcount_t: underflow; use-after-free.
[540333.750337] WARNING: CPU: 2 PID: 246859 at lib/refcount.c:28 0xffffffff93084052
[540333.750346] Modules linked in: ovpn_dco(O)
[540333.750357] CPU: 2 PID: 246859 Comm: kworker/2:1 Tainted: G O T 6.1.12 OpenVPN/openvpn#1
[540333.750365] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1~nc9+4 04/01/2014
[540333.750367] Workqueue: ovpn-event-wq-vpn1 0xffffffffc0604dc0
[540333.750381] RIP: 0010:0xffffffff93084052
[540333.750383] Code: 0b 31 f6 31 ff c3 cc cc cc cc 80 3d ee 00 c2 00 00 0f 85 71 ff ff ff 48 c7 c7 50 68 b5 93 c6 05 da 00 c2 00 01 e8 72 a3 43 00 <0f> 0b 31 f6 31 ff c3 cc cc cc cc 80 3d c1 00 c2 00 00 0f 85 46 ff
[540333.750386] RSP: 0018:ffffa8c9c8abfdb0 EFLAGS: 00010246
[540333.750402] RAX: 0000000000000000 RBX: ffff9007eeb70800 RCX: 0000000000000000
[540333.750421] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[540333.750423] RBP: ffff900753fc07c0 R08: 0000000000000000 R09: 0000000000000000
[540333.750425] R10: 0000000000000000 R11: 0000000000000000 R12: ffff9007eeb70984
[540333.750427] R13: ffff9007fb38ae00 R14: ffff900973d21c80 R15: ffff9007eeb70da8
[540333.750438] FS: 0000000000000000(0000) GS:ffff900973d00000(0000) knlGS:0000000000000000
[540333.750443] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[540333.750445] CR2: 00007f4bcaff4dc8 CR3: 000000010bd96003 CR4: 0000000000370ea0
[540333.750447] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[540333.750448] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[540333.750450] Call Trace:
[540333.750488] <TASK>
[540333.750492] 0xffffffffc05fefb7
[540333.750528] 0xffffffffc0604d76
[540333.750530] 0xffffffffc0604ddd
[540333.750532] 0xffffffff92ccbd77
[540333.750575] 0xffffffff92ccbf0f
[540333.750577] ? 0xffffffff92ccbec0
[540333.750588] 0xffffffff92cd2d6b
[540333.750610] ? 0xffffffff92cd2cb0
[540333.750611] 0xffffffff92c01d02
[540333.750647] </TASK>
[540333.750648] ---[ end trace 0000000000000000 ]---
[540333.750665] ------------[ cut here ]------------
[540333.750666] refcount_t: saturated; leaking memory.
[540333.750676] WARNING: CPU: 2 PID: 246859 at lib/refcount.c:19 0xffffffff93084000
[540333.750679] Modules linked in: ovpn_dco(O)
[540333.750682] CPU: 2 PID: 246859 Comm: kworker/2:1 Tainted: G W O T 6.1.12 OpenVPN/openvpn#1
[540333.750685] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1~nc9+4 04/01/2014
[540333.750687] Workqueue: ovpn-event-wq-vpn1 0xffffffffc0604dc0
[540333.750689] RIP: 0010:0xffffffff93084000
[540333.750690] Code: a3 43 00 0f 0b 31 f6 31 ff c3 cc cc cc cc 80 3d 3f 01 c2 00 00 75 c3 48 c7 c7 f8 67 b5 93 c6 05 2f 01 c2 00 01 e8 c4 a3 43 00 <0f> 0b 31 f6 31 ff c3 cc cc cc cc 80 3d 16 01 c2 00 00 75 9c 48 c7
[540333.750692] RSP: 0018:ffffa8c9c8abfdd8 EFLAGS: 00010246
[540333.750694] RAX: 0000000000000000 RBX: ffff9007eeb70800 RCX: 0000000000000000
[540333.750696] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[540333.750697] RBP: 000000000000006c R08: 0000000000000000 R09: 0000000000000000
[540333.750699] R10: 0000000000000000 R11: 0000000000000000 R12: ffffc8c9bfd26600
[540333.750700] R13: 0000000000000000 R14: ffff900973d21c80 R15: ffff9007eeb70da8
[540333.750702] FS: 0000000000000000(0000) GS:ffff900973d00000(0000) knlGS:0000000000000000
[540333.750715] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[540333.750717] CR2: 00007f4bcaff4dc8 CR3: 000000010bd96003 CR4: 0000000000370ea0
[540333.750718] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[540333.750720] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[540333.750721] Call Trace:
[540333.750722] <TASK>
[540333.750723] 0xffffffffc0604d9b
[540333.750725] 0xffffffffc0604ddd
[540333.750727] 0xffffffff92ccbd77
[540333.750728] 0xffffffff92ccbf0f
[540333.750729] ? 0xffffffff92ccbec0
[540333.750731] 0xffffffff92cd2d6b
[540333.750732] ? 0xffffffff92cd2cb0
[540333.750733] 0xffffffff92c01d02
[540333.750735] </TASK>
[540333.750736] ---[ end trace 0000000000000000 ]---
Version information (please complete the following information):
- OS: Debian stable/testing with custom kernel 6.1.12 and openvpn-dco-dkms
- OpenVPN version: OpenVPN 2.6.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
- DCO module version: ovpn-dco-0.0+git20230125
- Compiler version: gcc (Debian 12.2.0-14) 12.2.0
I hope this helps you find the problem. I can give you access to my kernel config and headers on request.
ovpn-dco ubuntu Compilation failed
Failed to compile ovpn-dco on ubuntu, 5.4.0-122-generic #138~18.04.1-Ubuntu SMP.
./include/linux/build_bug.h:16:45: error: negative width in bit-field ‘<anonymous>’
#define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:(-!!(e)); }))
commit 4088343
This problem does not occur with previous commit
DCO and ipv6
Hello,
I tested to connect to my server through his ipv6 public address. The connexion has established without any issue, but the performance looks really bad ! It drop from 80mb/s to less than a mb/s in a simple speed test.
Simple question, is DCO limited to the ipv4 socket ?
One more information, my server is configured with "proto udp6", has both an ipv4 and an ipv6 and is fast when i'm connecting to the v4 address, slow on the v6.
Thanks
Anthony.
Unknown symbol
Even if I inserted ip6_udp_tunnel and udp_tunnel
[ 725.268866] ovpn_dco_v2: Unknown symbol udp_tunnel6_xmit_skb (err -2)
[ 725.268963] ovpn_dco_v2: Unknown symbol setup_udp_tunnel_sock (err -2)
[ 725.268992] ovpn_dco_v2: Unknown symbol udp_tunnel_xmit_skb (err -2)
[ 729.417092] ovpn_dco_v2: Unknown symbol udp_tunnel6_xmit_skb (err -2)
[ 729.417189] ovpn_dco_v2: Unknown symbol setup_udp_tunnel_sock (err -2)
[ 729.417217] ovpn_dco_v2: Unknown symbol udp_tunnel_xmit_skb (err -2)
Remote peer's TCP disconnect is not detected
Steps to reproduce:
- Run openvpn server with ovpn-dco (I used version
0.1.20221107) and proto tcp - Connect with the client
- Disconnect the client
Expected results:
- ovpn-dco module should send
OVPN_CMD_DEL_PEERto userspace with the reasonOVPN_DEL_PEER_REASON_TEARDOWNorOVPN_DEL_PEER_REASON_TRANSPORT_ERROR - userspace should handle that and remove client instance
Actual results:
- ovpn-dco doesn't detect connection termination and instead notifies userspace only when keepalive message cannot be sent (
cannot send TCP packet to peer 0: -104)
Client log:
2022-12-21 14:19:05 us=828000 ovpn-dco device [OpenVPN Data Channel Offload] opened
2022-12-21 14:19:05 us=875000 TCP_CLIENT link local: (not bound)
2022-12-21 14:19:05 us=875000 TCP_CLIENT link remote: [AF_INET]111.222.333.444:1194
2022-12-21 14:19:05 us=875000 MANAGEMENT: >STATE:1671625145,WAIT,,,,,,
2022-12-21 14:19:05 us=921000 MANAGEMENT: >STATE:1671625145,AUTH,,,,,,
2022-12-21 14:19:05 us=921000 TLS: Initial packet from [AF_INET]111.222.333.444:1194, sid=104a46b8 03896379
2022-12-21 14:19:06 us=15000 VERIFY OK: depth=1, CN=LeeviCA5
2022-12-21 14:19:06 us=31000 VERIFY OK: depth=0, CN=example.com
2022-12-21 14:19:06 us=171000 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2022-12-21 14:19:06 us=171000 [example.com] Peer Connection Initiated with [AF_INET]111.222.333.444:1194
2022-12-21 14:19:06 us=312000 PUSH: Received control message: 'PUSH_REPLY,tun-ipv6,route-gateway 10.58.0.1,topology subnet,ping 30,ping-restart 180,ifconfig-ipv6 2001:db8:0:456::1000/64 2001:db8:0:456::1,ifconfig 10.58.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM,protocol-flags cc-exit tls-ekm,tun-mtu 1500'
2022-12-21 14:19:06 us=312000 OPTIONS IMPORT: timers and/or timeouts modified
2022-12-21 14:19:06 us=312000 OPTIONS IMPORT: --ifconfig/up options modified
2022-12-21 14:19:06 us=312000 OPTIONS IMPORT: route-related options modified
2022-12-21 14:19:06 us=312000 OPTIONS IMPORT: peer-id set
2022-12-21 14:19:06 us=312000 OPTIONS IMPORT: data channel crypto options modified
2022-12-21 14:19:06 us=312000 OPTIONS IMPORT: tun-mtu set to 1500
2022-12-21 14:19:06 us=312000 interactive service msg_channel=164
2022-12-21 14:19:06 us=312000 do_ifconfig, ipv4=1, ipv6=1
2022-12-21 14:19:06 us=312000 MANAGEMENT: >STATE:1671625146,ASSIGN_IP,,10.58.0.2,,,,,2001:db8:0:456::1000
2022-12-21 14:19:06 us=312000 INET address service: add 10.58.0.2/24
2022-12-21 14:19:06 us=312000 IPv4 MTU set to 1500 on interface 36 using service
2022-12-21 14:19:06 us=312000 INET6 address service: add 2001:db8:0:456::1000/128
2022-12-21 14:19:06 us=312000 add_route_ipv6(2001:db8:0:456::/64 -> 2001:db8:0:456::1000 metric 0) dev OpenVPN Data Channel Offload
2022-12-21 14:19:06 us=312000 IPv6 route addition via service succeeded
2022-12-21 14:19:06 us=312000 IPv6 MTU set to 1500 on interface 36 using service
2022-12-21 14:19:06 us=312000 Data Channel: using negotiated cipher 'AES-256-GCM'
2022-12-21 14:19:06 us=312000 Data Channel MTU parms [ mss_fix:1386 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
2022-12-21 14:19:06 us=312000 Initialization Sequence Completed
2022-12-21 14:19:06 us=312000 MANAGEMENT: >STATE:1671625146,CONNECTED,SUCCESS,10.58.0.2,111.222.333.444,1194,,,2001:db8:0:456::1000
2022-12-21 14:19:14 us=406000 Closing DCO interface
2022-12-21 14:19:14 us=406000 delete_route_ipv6(2001:db8:0:456::/64)
2022-12-21 14:19:14 us=406000 IPv6 route deletion via service succeeded
2022-12-21 14:19:14 us=406000 INET6 address service: remove 2001:db8:0:456::1000/128
2022-12-21 14:19:14 us=406000 Deleting IPv4 dns servers on 'OpenVPN Data Channel Offload' (if_index = 36) using service
2022-12-21 14:19:14 us=546000 IPv4 dns servers deleted using service
2022-12-21 14:19:14 us=546000 INET address service: remove 10.58.0.2/24
2022-12-21 14:19:14 us=546000 SIGTERM[hard,] received, process exiting
2022-12-21 14:19:14 us=546000 MANAGEMENT: >STATE:1671625154,EXITING,SIGTERM,,,,,
Server log:
Dec 21 14:19:05 host openvpn[113195]: TCPv4_SERVER link remote: [AF_INET]111.222.333.444:56580
Dec 21 14:19:05 host openvpn[113195]: 111.222.333.444:56580 TLS: Initial packet from [AF_INET]111.222.333.444:56580, sid=19ddce8f eb423716
Dec 21 14:19:05 host openvpn[113195]: 111.222.333.444:56580 VERIFY OK: depth=1, CN=LeeviCA5
Dec 21 14:19:05 host openvpn[113195]: 111.222.333.444:56580 VERIFY OK: depth=0, CN=client40
Dec 21 14:19:05 host openvpn[113195]: 111.222.333.444:56580 peer info: IV_VER=2.6_beta1
Dec 21 14:19:05 host openvpn[113195]: 111.222.333.444:56580 peer info: IV_PLAT=win
Dec 21 14:19:05 host openvpn[113195]: 111.222.333.444:56580 peer info: IV_TCPNL=1
Dec 21 14:19:05 host openvpn[113195]: 111.222.333.444:56580 peer info: IV_MTU=1600
Dec 21 14:19:05 host openvpn[113195]: 111.222.333.444:56580 peer info: IV_NCP=2
Dec 21 14:19:05 host openvpn[113195]: 111.222.333.444:56580 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
Dec 21 14:19:05 host openvpn[113195]: 111.222.333.444:56580 peer info: IV_PROTO=478
Dec 21 14:19:05 host openvpn[113195]: 111.222.333.444:56580 peer info: IV_LZO_STUB=1
Dec 21 14:19:05 host openvpn[113195]: 111.222.333.444:56580 peer info: IV_COMP_STUB=1
Dec 21 14:19:05 host openvpn[113195]: 111.222.333.444:56580 peer info: IV_COMP_STUBv2=1
Dec 21 14:19:05 host openvpn[113195]: 111.222.333.444:56580 peer info: IV_GUI_VER=OpenVPN_GUI_11
Dec 21 14:19:05 host openvpn[113195]: 111.222.333.444:56580 peer info: IV_SSO=openurl,crtext
Dec 21 14:19:05 host openvpn[113195]: 111.222.333.444:56580 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
Dec 21 14:19:05 host openvpn[113195]: 111.222.333.444:56580 [client40] Peer Connection Initiated with [AF_INET]111.222.333.444:56580
Dec 21 14:19:05 host openvpn[113195]: client40/111.222.333.444:56580 MULTI_sva: pool returned IPv4=10.58.0.2, IPv6=2001:db8:0:456::1000
Dec 21 14:19:05 host kernel: [2598861.565751] tun0: ovpn_netlink_new_peer: adding peer with endpoint=(null)/TCP id=0 VPN-IPv4=10.58.0.2 VPN-IPv6=2001:db8:0:456::1000
Dec 21 14:19:05 host kernel: [2598861.565781] tun0: ovpn_peer_keepalive_set: scheduling keepalive for peer 0: interval=30 timeout=360
Dec 21 14:19:05 host kernel: [2598861.565873] ********* Cipher gcm(aes) (encrypt)
Dec 21 14:19:05 host kernel: [2598861.565873] *** IV size=12
Dec 21 14:19:05 host kernel: [2598861.565874] *** req size=88
Dec 21 14:19:05 host kernel: [2598861.565875] *** block size=1
Dec 21 14:19:05 host kernel: [2598861.565876] *** auth size=16
Dec 21 14:19:05 host kernel: [2598861.565876] *** alignmask=0xf
Dec 21 14:19:05 host kernel: [2598861.565879] ********* Cipher gcm(aes) (decrypt)
Dec 21 14:19:05 host kernel: [2598861.565880] *** IV size=12
Dec 21 14:19:05 host kernel: [2598861.565881] *** req size=88
Dec 21 14:19:05 host kernel: [2598861.565881] *** block size=1
Dec 21 14:19:05 host kernel: [2598861.565882] *** auth size=16
Dec 21 14:19:05 host kernel: [2598861.565882] *** alignmask=0xf
Dec 21 14:19:05 host kernel: [2598861.565883] tun0: ovpn_netlink_new_key: new key installed (id=0) for peer 0
Dec 21 14:19:05 host kernel: [2598861.566086] tun0: ovpn_netlink_packet: sending userspace packet to peer 0...
Dec 21 14:19:05 host openvpn[113195]: client40/111.222.333.444:56580 MULTI: Learn: 10.58.0.2 -> client40/111.222.333.444:56580
Dec 21 14:19:05 host openvpn[113195]: client40/111.222.333.444:56580 MULTI: primary virtual IP for client40/111.222.333.444:56580: 10.58.0.2
Dec 21 14:19:05 host openvpn[113195]: client40/111.222.333.444:56580 MULTI: Learn: 2001:db8:0:456::1000 -> client40/111.222.333.444:56580
Dec 21 14:19:05 host openvpn[113195]: client40/111.222.333.444:56580 MULTI: primary virtual IPv6 for client40/111.222.333.444:56580: 2001:db8:0:456::1000
Dec 21 14:19:05 host openvpn[113195]: client40/111.222.333.444:56580 Data Channel: using negotiated cipher 'AES-256-GCM'
Dec 21 14:19:05 host openvpn[113195]: client40/111.222.333.444:56580 Data Channel MTU parms [ mss_fix:1386 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
Dec 21 14:19:05 host openvpn[113195]: client40/111.222.333.444:56580 SENT CONTROL [client40]: 'PUSH_REPLY,tun-ipv6,route-gateway 10.58.0.1,topology subnet,ping 30,ping-restart 180,ifconfig-ipv6 2001:db8:0:456::1000/64 2001:db8:0:456::1,ifconfig 10.58.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM,protocol-flags cc-exit tls-ekm,tun-mtu 1500' (status=1)
Dec 21 14:19:05 host kernel: [2598861.617955] tun0: ovpn_netlink_send_packet: sending packet to userspace, len: 34
Dec 21 14:19:19 host kernel: [2598875.297775] tun0: no peer to send data to
Dec 21 14:19:35 host openvpn[113195]: client40/111.222.333.444:56580 SIGTERM[soft,ovpn-dco: transport error] received, client-instance exiting
Dec 21 14:19:35 host kernel: [2598891.680449] tun0: ovpn_peer_ping: sending ping to peer 0
Dec 21 14:19:35 host kernel: [2598891.680488] ovpn_tcp_tx_work: cannot send TCP packet to peer 0: -104
Dec 21 14:19:35 host kernel: [2598891.680511] tun0: tun0: deleting peer with id 0, reason 3
Dec 21 14:20:22 host kernel: [2598938.780711] tun0: no peer to send data to
Dec 21 14:22:27 host kernel: [2599063.698978] tun0: no peer to send data to
Dec 21 14:26:54 host kernel: [2599329.918418] tun0: no peer to send data to
Dec 21 14:35:21 host kernel: [2599837.782652] tun0: no peer to send data to
As it can be seen from the logs above, client disconnected at 14:19:14 and server removed client instance at 14:19:35 when ovpn-dco wasn't able to send keepalive message.
dco vs dpdk
Hi!
As far as I know,
The ovpn-dco works only for improving performance then can I use the same effect with dpdk
Is dco the same as dpdk in principle, what is the advantage over dpdk,
and is the effect better than dpdk
Openvpn 2.6.3 cras "nregister_netdevice: waiting for tun_0 to become free. Usage count = 1"
Describe the bug
Аfter restarting the openvpn service, it gives an error, the server does not restart, only hard reset works.
Message from syslogd@vpn at May 5 14:20:48 ...
kernel:[83842.337867] unregister_netdevice: waiting for tun_0 to become free. Usage count = 1
To Reproduce
service openvpn restart or reboot system
Version information :
- OS: Debian 10, kernel 5.10.0-21-amd64
- OpenVPN version: 2.6.3 x86_64-pc-linux-gnu
- DCO version: 0.2.20230323-5-g961c60d
Waiting for tunxxx to become free
As far as I understand this is already known?
When stopping an OpenVPN instance, the kernel log is getting messages like
Jan 5 10:14:12 eduvpn-n09 kernel: [94308.032155] unregister_netdevice: waiting for tun321 to become free. Usage count = 1
Jan 5 10:14:12 eduvpn-n09 kernel: [94308.416149] unregister_netdevice: waiting for tun263 to become free. Usage count = 2
compile for help
root@8adee85ab397:~/ovpn-dco-master# make KERNEL_SRC=../linux-6.4.1
/home/xxxx/ovpn-dco-master/gen-compat-autoconf.sh /home/xxxx/ovpn-dco-master/compat-autoconf.h
make -C ../linux-6.4.1 M=/home/xxxx/ovpn-dco-master PWD=/home/xxxx/ovpn-dco-master REVISION= CONFIG_OVPN_DCO_V2=m INSTALL_MOD_DIR=updates/ modules
make[1]: Entering directory '/home/xxxx/linux-6.4.1'
MODPOST /home/xxxx/ovpn-dco-master/Module.symvers
ERROR: modpost: "setup_udp_tunnel_sock" [/home/xxxx/ovpn-dco-master/drivers/net/ovpn-dco/ovpn-dco-v2.ko] undefined!
ERROR: modpost: "udp_tunnel_xmit_skb" [/home/xxxx/ovpn-dco-master/drivers/net/ovpn-dco/ovpn-dco-v2.ko] undefined!
ERROR: modpost: "udp_tunnel6_xmit_skb" [/home/xxxx/ovpn-dco-master/drivers/net/ovpn-dco/ovpn-dco-v2.ko] undefined!
make[2]: *** [scripts/Makefile.modpost:136: /home/xxxx/ovpn-dco-master/Module.symvers] Error 1
make[1]: *** [Makefile:1978: modpost] Error 2
make[1]: Leaving directory '/home/xxxx/linux-6.4.1'
make: *** [Makefile:59: all] Error 2Hangs on unloading
Sometimes on stopping openvpn, the interface deletion just "hangs":
2023-01-04 13:53:04 us=622820 2003:d0:270b:a600:215:5dff:fe02:811a [gremlin404326] Peer Connection Initiated with [AF_INET6]2003:d0:270b:a600:215:5dff:fe02:811a:52901
2023-01-04 13:53:04 us=622827 2003:d0:270b:a600:215:5dff:fe02:811a dco_update_keys: peer_id=-1
2023-01-04 13:53:04 us=623416 gremlin404326/2003:d0:270b:a600:215:5dff:fe02:811a MULTI_sva: pool returned IPv4=10.33.14.251, IPv6=fd00:f00f::1efa
2023-01-04 13:53:04 us=623456 gremlin404326/2003:d0:270b:a600:215:5dff:fe02:811a MULTI: Learn: 10.33.14.251 -> gremlin404326/2003:d0:270b:a600:215:5dff:fe02:811a
2023-01-04 13:53:04 us=623460 gremlin404326/2003:d0:270b:a600:215:5dff:fe02:811a MULTI: primary virtual IP for gremlin404326/2003:d0:270b:a600:215:5dff:fe02:811a: 10.33.14.251
2023-01-04 13:53:04 us=623468 gremlin404326/2003:d0:270b:a600:215:5dff:fe02:811a MULTI: Learn: fd00:f00f::1efa -> gremlin404326/2003:d0:270b:a600:215:5dff:fe02:811a
2023-01-04 13:53:04 us=623472 gremlin404326/2003:d0:270b:a600:215:5dff:fe02:811a MULTI: primary virtual IPv6 for gremlin404326/2003:d0:270b:a600:215:5dff:fe02:811a: fd00:f00f::1efa
2023-01-04 13:53:04 us=623480 gremlin404326/2003:d0:270b:a600:215:5dff:fe02:811a dco_new_peer: peer-id 828, fd 5, remote addr: [AF_INET6]2003:d0:270b:a600:215:5dff:fe02:811a:52901
2023-01-04 13:53:04 us=623516 gremlin404326/2003:d0:270b:a600:215:5dff:fe02:811a dco_new_peer: netlink out of memory error: No buffer space available (errno=105)
2023-01-04 13:53:04 us=623521 gremlin404326/2003:d0:270b:a600:215:5dff:fe02:811a Exiting due to fatal error
2023-01-04 13:53:04 us=623533 gremlin404326/2003:d0:270b:a600:215:5dff:fe02:811a Closing DCO interface
2023-01-04 13:53:04 us=623537 gremlin404326/2003:d0:270b:a600:215:5dff:fe02:811a net_addr_v4_del: 10.33.0.1 dev tun0
2023-01-04 13:53:04 us=624239 gremlin404326/2003:d0:270b:a600:215:5dff:fe02:811a sitnl_send: checking for received messages
2023-01-04 13:53:04 us=624272 gremlin404326/2003:d0:270b:a600:215:5dff:fe02:811a sitnl_send: rtnl: received 36 bytes
2023-01-04 13:53:04 us=624291 gremlin404326/2003:d0:270b:a600:215:5dff:fe02:811a net_addr_v6_del: fd00:f00f::2/64 dev tun0
2023-01-04 13:53:04 us=625271 gremlin404326/2003:d0:270b:a600:215:5dff:fe02:811a sitnl_send: checking for received messages
2023-01-04 13:53:04 us=625301 gremlin404326/2003:d0:270b:a600:215:5dff:fe02:811a sitnl_send: rtnl: received 36 bytes
2023-01-04 13:53:04 us=625319 gremlin404326/2003:d0:270b:a600:215:5dff:fe02:811a close_tun_dco
2023-01-04 13:53:04 us=625341 gremlin404326/2003:d0:270b:a600:215:5dff:fe02:811a net_iface_del: delete tun0
Build error with CentOS Stream release 8
Hellou,
few days ago, I want to install OpenVPN server with dco feature. I use tutorial below, because standard epel release for Centos Stream 8 does not have dco support:
https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos
So I use dsommers/openvpn3 repo for kmod-ovpn-dco. During dnf install (scriptlet), there was and error with building:
kernel 4.18.0-519.el8.
gcc version 8.5.0 20210514 (Red Hat 8.5.0-21).
dco.txt
So, there is a bug, or I doing something wrong? So far, openvpn was working fine (last month I upgraded from 2.4.12 to 2.5.9 and now 2.6.6), but I am interesting in dco module for more speed (my multithread CPU with conecting with AES-256-GCM allows max 1Gbps throughput).
Thank you for help or infromations.
Stanislav
DCO interface error after restarting the openvpn service or restarting the server.
Describe the bug
DCO interface error after restarting the openvpn service or restarting the server.
Version information:
- OS: [Ubuntu 22.04]
- OS kernel: [6.2.0-31-generic]
- OpenVPN version: [2.6.6]
- DCO version [0.2.20230426]
To Reproduce
- Install openvpn 2.6.6
- Install DCO
- Сonfiguring the server and client
- Run iperf3 on the server and client to create traffic simulation
- Stop the openvpn server service or restart the server .
Logs
root@nik-dev2:/dockers/openvpn# tail -f /var/log/syslog
2023-09-01T01:43:24.821835+00:00 nik-dev2 kernel: [ 908.327747] unregister_netdevice: waiting for tun_server to become free. Usage count = 2
2023-09-01T01:43:34.933863+00:00 nik-dev2 kernel: [ 918.438717] unregister_netdevice: waiting for tun_server to become free. Usage count = 2
2023-09-01T01:43:45.013758+00:00 nik-dev2 kernel: [ 928.517766] unregister_netdevice: waiting for tun_server to become free. Usage count = 2
2023-09-01T01:43:55.093742+00:00 nik-dev2 kernel: [ 938.596881] unregister_netdevice: waiting for tun_server to become free. Usage count = 2
2023-09-01T01:44:05.173766+00:00 nik-dev2 kernel: [ 948.675970] unregister_netdevice: waiting for tun_server to become free. Usage count = 2
2023-09-01T01:44:15.253735+00:00 nik-dev2 kernel: [ 958.755046] unregister_netdevice: waiting for tun_server to become free. Usage count = 2
2023-09-01T01:44:25.333731+00:00 nik-dev2 kernel: [ 968.834216] unregister_netdevice: waiting for tun_server to become free. Usage count = 2
2023-09-01T01:44:35.413907+00:00 nik-dev2 kernel: [ 978.913398] unregister_netdevice: waiting for tun_server to become free. Usage count = 2
2023-09-01T01:44:45.493730+00:00 nik-dev2 kernel: [ 988.992476] unregister_netdevice: waiting for tun_server to become free. Usage count = 2
2023-09-01T01:44:55.573813+00:00 nik-dev2 kernel: [ 999.071705] unregister_netdevice: waiting for tun_server to become free. Usage count = 2
Error when restarting the server , which lasts indefinitely
Build error with Fedora 37
Hi
Fedora 37
rpm from copr repo
kernel 6.2.8
gcc 12.2.1
Fri Mar 31 02:26:08 AM MSK 2023
make: Entering directory '/var/lib/dkms/ovpn-dco/0.20220905git3ba6c07.fc37/build'
/var/lib/dkms/ovpn-dco/0.20220905git3ba6c07.fc37/build/gen-compat-autoconf.sh /var/lib/dkms/ovpn-dco/0.20220905git3ba6c07.fc37/build/compat-autoconf.h
make -C /lib/modules/6.2.8-200.fc37.x86_64/build M=/var/lib/dkms/ovpn-dco/0.20220905git3ba6c07.fc37/build PWD=/var/lib/dkms/ovpn-dco/0.20220905git3ba6c07.fc37/build REVISION=copr:0.20220905git3ba6c07.fc37 CONFIG_OVPN_DCO=m INSTALL_MOD_DIR=updates/ modules
make[1]: Entering directory '/usr/src/kernels/6.2.8-200.fc37.x86_64'
CC [M] /var/lib/dkms/ovpn-dco/0.20220905git3ba6c07.fc37/build/drivers/net/ovpn-dco/main.o
CC [M] /var/lib/dkms/ovpn-dco/0.20220905git3ba6c07.fc37/build/drivers/net/ovpn-dco/bind.o
CC [M] /var/lib/dkms/ovpn-dco/0.20220905git3ba6c07.fc37/build/drivers/net/ovpn-dco/crypto.o
CC [M] /var/lib/dkms/ovpn-dco/0.20220905git3ba6c07.fc37/build/drivers/net/ovpn-dco/ovpn.o
CC [M] /var/lib/dkms/ovpn-dco/0.20220905git3ba6c07.fc37/build/drivers/net/ovpn-dco/peer.o
CC [M] /var/lib/dkms/ovpn-dco/0.20220905git3ba6c07.fc37/build/drivers/net/ovpn-dco/sock.o
CC [M] /var/lib/dkms/ovpn-dco/0.20220905git3ba6c07.fc37/build/drivers/net/ovpn-dco/stats.o
CC [M] /var/lib/dkms/ovpn-dco/0.20220905git3ba6c07.fc37/build/drivers/net/ovpn-dco/netlink.o
CC [M] /var/lib/dkms/ovpn-dco/0.20220905git3ba6c07.fc37/build/drivers/net/ovpn-dco/crypto_aead.o
CC [M] /var/lib/dkms/ovpn-dco/0.20220905git3ba6c07.fc37/build/drivers/net/ovpn-dco/pktid.o
CC [M] /var/lib/dkms/ovpn-dco/0.20220905git3ba6c07.fc37/build/drivers/net/ovpn-dco/tcp.o
CC [M] /var/lib/dkms/ovpn-dco/0.20220905git3ba6c07.fc37/build/drivers/net/ovpn-dco/udp.o
/var/lib/dkms/ovpn-dco/0.20220905git3ba6c07.fc37/build/drivers/net/ovpn-dco/netlink.c:950:21: error: initialization of ‘int (*)(const struct genl_split_ops *, struct sk_buff *, struct genl_info *)’ from incompatible pointer type ‘int (*)(const struct genl_ops *, struct sk_buff *, struct genl_info *)’ [-Werror=incompatible-pointer-types]
950 | .pre_doit = ovpn_pre_doit,
| ^~~~~~~~~~~~~
/var/lib/dkms/ovpn-dco/0.20220905git3ba6c07.fc37/build/drivers/net/ovpn-dco/netlink.c:950:21: note: (near initialization for ‘ovpn_netlink_family.pre_doit’)
/var/lib/dkms/ovpn-dco/0.20220905git3ba6c07.fc37/build/drivers/net/ovpn-dco/netlink.c:951:22: error: initialization of ‘void (*)(const struct genl_split_ops *, struct sk_buff *, struct genl_info *)’ from incompatible pointer type ‘void (*)(const struct genl_ops *, struct sk_buff *, struct genl_info *)’ [-Werror=incompatible-pointer-types]
951 | .post_doit = ovpn_post_doit,
| ^~~~~~~~~~~~~~
/var/lib/dkms/ovpn-dco/0.20220905git3ba6c07.fc37/build/drivers/net/ovpn-dco/netlink.c:951:22: note: (near initialization for ‘ovpn_netlink_family.post_doit’)
/var/lib/dkms/ovpn-dco/0.20220905git3ba6c07.fc37/build/drivers/net/ovpn-dco/peer.c: In function ‘ovpn_peer_create’:
/var/lib/dkms/ovpn-dco/0.20220905git3ba6c07.fc37/build/drivers/net/ovpn-dco/peer.c:91:9: error: implicit declaration of function ‘netif_tx_napi_add’; did you mean ‘netif_napi_add’? [-Werror=implicit-function-declaration]
91 | netif_tx_napi_add(ovpn->dev, &peer->napi, ovpn_napi_poll,
| ^~~~~~~~~~~~~~~~~
| netif_napi_add
cc1: some warnings being treated as errors
make[3]: *** [scripts/Makefile.build:252: /var/lib/dkms/ovpn-dco/0.20220905git3ba6c07.fc37/build/drivers/net/ovpn-dco/netlink.o] Error 1
make[3]: *** Waiting for unfinished jobs....
cc1: some warnings being treated as errors
make[3]: *** [scripts/Makefile.build:252: /var/lib/dkms/ovpn-dco/0.20220905git3ba6c07.fc37/build/drivers/net/ovpn-dco/peer.o] Error 1
make[2]: *** [scripts/Makefile.build:504: /var/lib/dkms/ovpn-dco/0.20220905git3ba6c07.fc37/build/drivers/net/ovpn-dco] Error 2
make[1]: *** [Makefile:2025: /var/lib/dkms/ovpn-dco/0.20220905git3ba6c07.fc37/build] Error 2
make[1]: Leaving directory '/usr/src/kernels/6.2.8-200.fc37.x86_64'
make: *** [Makefile:52: all] Error 2
make: Leaving directory '/var/lib/dkms/ovpn-dco/0.20220905git3ba6c07.fc37/build'```
Backtrace on first use (by openvpn-2.6.0rc2)
While modprobing causes no backtrace:
[ 106.031148] ovpn_dco: module verification failed: signature and/or required key missing - tainting kernel
[ 106.034095] OpenVPN data channel offload (ovpn-dco) 0.1.20221107-3-g2fbc4e8 -- (C) 2020-2022 OpenVPN, Inc.
I'm getting a backtrace when openvpn-2.6.0rc2 first starts using dco:
[ 174.474894] ------------[ cut here ]------------
[ 174.474903] WARNING: CPU: 0 PID: 5469 at lib/nlattr.c:117 nla_get_range_unsigned+0xe9/0x150
[ 174.474927] Modules linked in: ovpn_dco(OE) ip6_udp_tunnel udp_tunnel ccm rfcomm snd_seq_dummy snd_hrtimer cmac algif_hash algif_skcipher af_alg bnep binfmt_misc zfs(PO) zunicode(PO) zzstd(O) zlua(O) zavl(PO) icp(PO) zcommon(PO) znvpair(PO) spl(O) snd_hda_codec_hdmi snd_ctl_led snd_hda_codec_realtek snd_hda_codec_generic btusb uvcvideo btrtl btbcm videobuf2_vmalloc btintel videobuf2_memops btmtk videobuf2_v4l2 videobuf2_common bluetooth videodev mc ecdh_generic ecc snd_soc_avs snd_soc_skl snd_soc_hdac_hda snd_hda_ext_core snd_soc_sst_ipc snd_soc_sst_dsp snd_soc_acpi_intel_match snd_soc_acpi snd_soc_core snd_compress intel_tcc_cooling x86_pkg_temp_thermal ac97_bus dell_rbtn snd_pcm_dmaengine intel_powerclamp snd_hda_intel snd_intel_dspcfg coretemp snd_intel_sdw_acpi snd_hda_codec kvm_intel snd_hda_core snd_hwdep i915 mei_hdcp mei_pxp intel_rapl_msr snd_pcm joydev iwlmvm snd_seq_midi snd_seq_midi_event dell_laptop kvm snd_rawmidi drm_buddy crct10dif_pclmul mac80211 ttm ghash_clmulni_intel
[ 174.475148] dell_smm_hwmon snd_seq drm_display_helper aesni_intel libarc4 crypto_simd snd_seq_device cryptd cec snd_timer iwlwifi rc_core input_leds dell_wmi ledtrig_audio rapl drm_kms_helper snd dell_smbios i2c_algo_bit processor_thermal_device_pci_legacy dcdbas intel_cstate serio_raw dell_wmi_sysman fb_sys_fops processor_thermal_device soundcore ee1004 intel_wmi_thunderbolt cfg80211 processor_thermal_rfim syscopyarea dell_wmi_descriptor ucsi_acpi firmware_attributes_class wmi_bmof nls_iso8859_1 processor_thermal_mbox processor_thermal_rapl typec_ucsi mei_me sysfillrect intel_rapl_common hid_multitouch mei sysimgblt intel_pch_thermal intel_soc_dts_iosf intel_xhci_usb_role_switch typec int3403_thermal int340x_thermal_zone intel_hid int3400_thermal acpi_thermal_rel mac_hid dell_smo8800 acpi_pad sparse_keymap msr parport_pc ppdev lp parport ramoops drm reed_solomon pstore_blk pstore_zone efi_pstore ip_tables x_tables autofs4 usbhid hid_generic rtsx_pci_sdmmc crc32_pclmul e1000e i2c_i801
[ 174.475351] rtsx_pci ahci i2c_smbus intel_lpss_pci libahci intel_lpss xhci_pci idma64 i2c_hid_acpi xhci_pci_renesas i2c_hid wmi hid video
[ 174.475390] CPU: 0 PID: 5469 Comm: openvpn Tainted: P U OE 5.19.0-30-generic #31-Ubuntu
[ 174.475400] Hardware name: Dell Inc. Latitude 5590/0MM81M, BIOS 1.21.0 01/17/2022
[ 174.475405] RIP: 0010:nla_get_range_unsigned+0xe9/0x150
[ 174.475418] Code: ff ff 00 00 3c 0b 0f 84 72 ff ff ff 48 c7 c2 ff ff ff ff 3c 04 0f 84 63 ff ff ff 0f 0b 31 c0 31 d2 31 f6 31 ff c3 cc cc cc cc <0f> 0b 48 c7 06 00 00 00 00 0f b6 07 3c 03 0f 85 31 ff ff ff ba ff
[ 174.475425] RSP: 0018:ffffada201267700 EFLAGS: 00010286
[ 174.475434] RAX: 0000000000000000 RBX: 000000000000000b RCX: 000000000000003e
[ 174.475439] RDX: ffffada201267a78 RSI: ffffada201267718 RDI: ffffffffc0d46b70
[ 174.475445] RBP: ffffada201267758 R08: ffffada201267718 R09: 0000000000000001
[ 174.475450] R10: ffffada201267a78 R11: 0000000000000000 R12: ffffffffc0d46b70
[ 174.475455] R13: ffff9267e8505628 R14: ffffada201267a78 R15: 0000000000000000
[ 174.475461] FS: 00007eff7ca8e800(0000) GS:ffff926adf400000(0000) knlGS:0000000000000000
[ 174.475468] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 174.475474] CR2: 000055b48fb40330 CR3: 000000015f3ac002 CR4: 00000000003706f0
[ 174.475480] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 174.475485] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 174.475491] Call Trace:
[ 174.475495] <TASK>
[ 174.475499] ? nla_validate_int_range+0x81/0x2d0
[ 174.475522] validate_nla+0x4b3/0x790
[ 174.475534] ? cryptd_aead_setauthsize+0x12/0x20 [cryptd]
[ 174.475548] ? crypto_aead_setauthsize+0x30/0x70
[ 174.475560] __nla_validate_parse+0x11f/0x190
[ 174.475575] validate_nla+0x221/0x790
[ 174.475585] ? lock_timer_base+0x3b/0xe0
[ 174.475603] __nla_validate_parse+0x11f/0x190
[ 174.475615] __nla_parse+0x23/0x40
[ 174.475626] genl_family_rcv_msg_attrs_parse.constprop.0+0x93/0x100
[ 174.475642] genl_family_rcv_msg_doit+0x77/0x180
[ 174.475660] genl_rcv_msg+0xf0/0x200
[ 174.475671] ? ovpn_netlink_get_peer+0x1f0/0x1f0 [ovpn_dco]
[ 174.475692] ? genl_get_cmd+0x120/0x120
[ 174.475703] netlink_rcv_skb+0x54/0x110
[ 174.475718] genl_rcv+0x28/0x50
[ 174.475727] netlink_unicast+0x244/0x390
[ 174.475740] netlink_sendmsg+0x25e/0x4e0
[ 174.475755] sock_sendmsg+0x6a/0x70
[ 174.475767] ____sys_sendmsg+0x277/0x2c0
[ 174.475777] ? import_iovec+0x1b/0x30
[ 174.475794] ___sys_sendmsg+0x96/0xe0
[ 174.475817] __sys_sendmsg+0x86/0xf0
[ 174.475830] __x64_sys_sendmsg+0x1d/0x30
[ 174.475836] do_syscall_64+0x58/0x90
[ 174.475848] ? __x64_sys_poll+0xc7/0x150
[ 174.475859] ? exit_to_user_mode_prepare+0x30/0xb0
[ 174.475873] ? syscall_exit_to_user_mode+0x29/0x50
[ 174.475884] ? do_syscall_64+0x67/0x90
[ 174.475892] ? irqentry_exit_to_user_mode+0x9/0x20
[ 174.475902] ? irqentry_exit+0x43/0x50
[ 174.475912] ? exc_page_fault+0x91/0x1b0
[ 174.475923] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 174.475931] RIP: 0033:0x7eff7c9208d4
[ 174.475940] Code: 15 31 55 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 80 3d 0d dd 0d 00 00 74 13 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 28 89 54 24 1c 48 89
[ 174.475946] RSP: 002b:00007ffd507a5d08 EFLAGS: 00000202 ORIG_RAX: 000000000000002e
[ 174.475955] RAX: ffffffffffffffda RBX: 000055b48fbb8b90 RCX: 00007eff7c9208d4
[ 174.475961] RDX: 0000000000000000 RSI: 00007ffd507a5d40 RDI: 0000000000000004
[ 174.475966] RBP: 000055b48fbd1760 R08: 000055b48fbc57b8 R09: 0000000000000000
[ 174.475970] R10: 000000000000003e R11: 0000000000000202 R12: 000055b48fbc0b60
[ 174.475975] R13: 00007ffd507a5d40 R14: 00007ffd507a5f50 R15: 0000000000000001
[ 174.475988] </TASK>
[ 174.475992] ---[ end trace 0000000000000000 ]---
[ 390.808870] sctp: Hash tables configured (bind 256/256)
DCO interface should autodestroy (by default) if userland crashes
If OpenVPN crashes instead of exiting orderly (for example after hitting the --multihome --proto tcp bug) the kernel side tunX interface is kept around. On OpenVPN restart, OpenVPN will just allocate the next one, but routing is all messed up (same IP subnet configured on both tun interfaces), so it looks like it should be working but it isn't, and this is hard to diagnose ("openvpn log is all good").
tun(4) interfaces autodestruct on all platforms today (unless explicitly created in a persistent way), and so should dco(4) interfaces.
(We've discussed this in the past, and I thought I convinced you, but it seems the change still did not happen...)
Mainstream some day?
Hi! I've been fiddling with VPNs for some years now. Did you write this module due to performance reasons? Shall this be a mainstream module some day?
We had performance issues with OpenVPN some years back due to context-switching of the TUN/TAP devices having a syscall for every packet read op. An optimized userspace clone of OpenVPN was therefore created called fastd. It is faster than OpenVPN. But we still had the context switch bottleneck. Therefore I wrote a hacky patch for fastd to utilize io_uring. With that the context switch bottleneck is gone.
Maybe you could adopt this for the OpenVPN userspace version to reach a performance similar to the kernel module:
CodeFetch/fastd@059cdf7
DEL_PEER not delivered to userspace: netlink returns NLE_AGAIN
Hi,
I'm testing openvpn 2.6 + DCO on a Debian Bullseye:
ii openvpn 2.6.4-bullseye0 amd64 virtual private network daemon
ii openvpn-dco-dkms 0.2.20230426-bullseye0 all DCO (Data-Channel Offload) kernel module for OpenVPN)
This is a multi-user (UDP) setup and I'd like to clarify the behavior when a client disconnects.
As soon as a client disconnect, the server (userspace) process start to log "read UDPv4" errors. Then, I can see 2 behaviors.
sometimes, I've a ping expired :
May 16 16:35:41 vpn-otp openvpn[7952]: userxxx/10.8.22.175:50600 SIGTERM[soft,ovpn-dco: ping expired] received, client-instance exiting
May 16 16:35:41 vpn-otp kernel: [ 3634.184984] tunuppa: deleting peer with id 0, reason 2
but sometimes, there is a netlink error :
May 16 17:55:54 vpn-otp openvpn[14002]: dco_do_read: netlink reports error (-4): Try again
May 16 17:55:54 vpn-otp kernel: [ 8446.943728] tunuppa: deleting peer with id 0, reason 2
in this second case, the user is still "connected" on the server, then it is removed later by the tls_multi_process :
May 22 11:36:09 vpn-otp openvpn[63605]: userxxx/10.8.23.133:55261 TLS: tls_multi_process: killed expiring key
May 22 11:36:09 vpn-otp openvpn[63605]: userxxx/10.8.23.133:55261 No encryption key found. Purging data channel keys
May 22 11:36:09 vpn-otp openvpn[63605]: userxxx/10.8.23.133:55261 dco_del_key: netlink reports object not found, ovpn-dco unloaded?
May 22 11:36:09 vpn-otp openvpn[63605]: userxxx/10.8.23.133:55261 dco_del_key: failed to send netlink message: No such file or directory (-2)
May 22 11:36:09 vpn-otp openvpn[63605]: userxxx/10.8.23.133:55261 Cannot delete primary key during wipe: No such file or directory (-2)
May 22 11:36:09 vpn-otp openvpn[63605]: userxxx/10.8.23.133:55261 SIGUSR1[soft,dco update keys error] received, client-instance restarting
May 22 11:36:09 vpn-otp openvpn[63605]: dco_del_peer: netlink reports object not found, ovpn-dco unloaded?
May 22 11:36:09 vpn-otp openvpn[63605]: dco_del_peer: failed to send netlink message: No such file or directory (-2)
I tried to define the explicit-exit-notify on both server and client, but I'm not sure it has any effect.
Is it possible to help me to clarify how to properly handle client disconnections (and avoid the server to keep references of disconnected clients too long)
Thanks for help
Anthony.
What's the kernel version support for ovpn-dco?
as title
Backtrace on modprobe...
$ uname -a
Linux comet 5.19.0-28-generic #29-Ubuntu SMP PREEMPT_DYNAMIC Thu Dec 15 09:37:06 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
[ 114.066628] ------------[ cut here ]------------
[ 114.066635] WARNING: CPU: 2 PID: 15027 at lib/nlattr.c:117 nla_get_range_unsigned+0xe9/0x150
[ 114.066656] Modules linked in: sctp libcrc32c ovpn_dco(OE) ip6_udp_tunnel udp_tunnel ccm rfcomm snd_seq_dummy snd_hrtimer cmac algif_hash algif_skcipher af_alg bnep binfmt_misc zfs(PO) zunicode(PO) zzstd(O) zlua(O) zavl(PO) icp(PO) zcommon(PO) znvpair(PO) spl(O) snd_hda_codec_hdmi snd_ctl_led snd_hda_codec_realtek snd_hda_codec_generic btusb btrtl btbcm btintel btmtk bluetooth ecdh_generic ecc uvcvideo videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_common videodev mc dell_rbtn snd_soc_avs snd_soc_skl snd_soc_hdac_hda snd_hda_ext_core snd_soc_sst_ipc snd_soc_sst_dsp snd_soc_acpi_intel_match snd_soc_acpi snd_soc_core snd_compress ac97_bus snd_pcm_dmaengine snd_hda_intel intel_tcc_cooling x86_pkg_temp_thermal intel_powerclamp snd_intel_dspcfg coretemp snd_intel_sdw_acpi snd_hda_codec snd_hda_core kvm_intel snd_hwdep iwlmvm joydev dell_laptop mei_hdcp i915 mei_pxp kvm snd_pcm mac80211 intel_rapl_msr crct10dif_pclmul snd_seq_midi snd_seq_midi_event ghash_clmulni_intel
[ 114.066852] dell_smm_hwmon snd_rawmidi libarc4 aesni_intel drm_buddy ttm crypto_simd snd_seq cryptd drm_display_helper dell_wmi iwlwifi ledtrig_audio cec rapl processor_thermal_device_pci_legacy rc_core snd_seq_device dell_wmi_sysman processor_thermal_device intel_cstate input_leds intel_wmi_thunderbolt processor_thermal_rfim firmware_attributes_class snd_timer drm_kms_helper dell_smbios cfg80211 processor_thermal_mbox dcdbas processor_thermal_rapl i2c_algo_bit wmi_bmof serio_raw snd fb_sys_fops ucsi_acpi mei_me syscopyarea dell_wmi_descriptor ee1004 intel_rapl_common sysfillrect soundcore typec_ucsi hid_multitouch sysimgblt mei nls_iso8859_1 intel_xhci_usb_role_switch intel_soc_dts_iosf typec intel_pch_thermal int3400_thermal int3403_thermal acpi_thermal_rel int340x_thermal_zone dell_smo8800 acpi_pad mac_hid intel_hid sparse_keymap msr parport_pc ppdev lp parport drm pstore_blk ramoops pstore_zone reed_solomon efi_pstore ip_tables x_tables autofs4 usbhid hid_generic rtsx_pci_sdmmc
[ 114.067032] crc32_pclmul e1000e i2c_i801 ahci rtsx_pci i2c_smbus intel_lpss_pci xhci_pci intel_lpss libahci i2c_hid_acpi xhci_pci_renesas idma64 i2c_hid wmi hid video
[ 114.067074] CPU: 2 PID: 15027 Comm: openvpn Tainted: P U OE 5.19.0-28-generic #29-Ubuntu
[ 114.067082] Hardware name: Dell Inc. Latitude 5590/0MM81M, BIOS 1.21.0 01/17/2022
[ 114.067087] RIP: 0010:nla_get_range_unsigned+0xe9/0x150
[ 114.067098] Code: ff ff 00 00 3c 0b 0f 84 72 ff ff ff 48 c7 c2 ff ff ff ff 3c 04 0f 84 63 ff ff ff 0f 0b 31 c0 31 d2 31 f6 31 ff c3 cc cc cc cc <0f> 0b 48 c7 06 00 00 00 00 0f b6 07 3c 03 0f 85 31 ff ff ff ba ff
[ 114.067105] RSP: 0018:ffffb72c46e777a0 EFLAGS: 00010286
[ 114.067112] RAX: 0000000000000000 RBX: 000000000000000b RCX: 0000000000000069
[ 114.067117] RDX: ffffb72c46e77b18 RSI: ffffb72c46e777b8 RDI: ffffffffc128db70
[ 114.067122] RBP: ffffb72c46e777f8 R08: ffffb72c46e777b8 R09: 0000000000000001
[ 114.067127] R10: ffffb72c46e77b18 R11: 0000000000000000 R12: ffffffffc128db70
[ 114.067132] R13: ffff942e129ee428 R14: ffffb72c46e77b18 R15: 0000000000000000
[ 114.067137] FS: 00007f4df6e4f800(0000) GS:ffff94311f480000(0000) knlGS:0000000000000000
[ 114.067143] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 114.067148] CR2: 0000555e122f3ae0 CR3: 0000000150e02003 CR4: 00000000003706e0
[ 114.067154] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 114.067158] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 114.067163] Call Trace:
[ 114.067166]
[ 114.067170] ? nla_validate_int_range+0x81/0x2d0
[ 114.067191] validate_nla+0x4b3/0x790
[ 114.067201] ? __cgroup_account_cputime+0x2f/0x60
[ 114.067213] ? newidle_balance+0x325/0x4b0
[ 114.067226] __nla_validate_parse+0x11f/0x190
[ 114.067239] validate_nla+0x221/0x790
[ 114.067248] ? psi_task_switch+0xc9/0x240
[ 114.067257] ? raw_spin_rq_unlock+0x10/0x40
[ 114.067268] __nla_validate_parse+0x11f/0x190
[ 114.067280] __nla_parse+0x23/0x40
[ 114.067289] genl_family_rcv_msg_attrs_parse.constprop.0+0x93/0x100
[ 114.067304] genl_family_rcv_msg_doit+0x77/0x180
[ 114.067320] genl_rcv_msg+0xf0/0x200
[ 114.067330] ? ovpn_netlink_get_peer+0x1f0/0x1f0 [ovpn_dco]
[ 114.067349] ? genl_get_cmd+0x120/0x120
[ 114.067359] netlink_rcv_skb+0x54/0x110
[ 114.067372] genl_rcv+0x28/0x50
[ 114.067380] netlink_unicast+0x244/0x390
[ 114.067392] netlink_sendmsg+0x25e/0x4e0
[ 114.067405] sock_sendmsg+0x6a/0x70
[ 114.067416] ____sys_sendmsg+0x277/0x2c0
[ 114.067425] ? import_iovec+0x1b/0x30
[ 114.067440] ___sys_sendmsg+0x96/0xe0
[ 114.067460] __sys_sendmsg+0x86/0xf0
[ 114.067472] __x64_sys_sendmsg+0x1d/0x30
[ 114.067478] do_syscall_64+0x58/0x90
[ 114.067486] ? irqentry_exit+0x43/0x50
[ 114.067496] ? exc_page_fault+0x91/0x1b0
[ 114.067506] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 114.067517] RIP: 0033:0x7f4df6d208d4
[ 114.067525] Code: 15 31 55 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 80 3d 0d dd 0d 00 00 74 13 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 28 89 54 24 1c 48 89
[ 114.067530] RSP: 002b:00007ffc97ab1108 EFLAGS: 00000202 ORIG_RAX: 000000000000002e
[ 114.067538] RAX: ffffffffffffffda RBX: 0000555e1231d790 RCX: 00007f4df6d208d4
[ 114.067543] RDX: 0000000000000000 RSI: 00007ffc97ab1140 RDI: 0000000000000004
[ 114.067547] RBP: 0000555e123213d0 R08: 0000555e1232a828 R09: 0000000000000000
[ 114.067551] R10: 0000000000000000 R11: 0000000000000202 R12: 0000555e12320af0
[ 114.067555] R13: 00007ffc97ab1140 R14: 00007ffc97ab1340 R15: 0000000000000000
[ 114.067567]
[ 114.067570] ---[ end trace 0000000000000000 ]---
2.6.2: Kernel warning refcount_warn_saturate
We have upgraded our production eduVPN server to 2.6.2 + 1c2c84e . It looks a lot better than before, it has been running for close to 6 hours now. This is the only kernel WARNING we got so far
Mar 28 10:06:25 eduvpn-n09 kernel: ovpn_tcp_tx_work: cannot send TCP packet to peer 4: -101
Mar 28 10:06:25 eduvpn-n09 kernel: ------------[ cut here ]------------
Mar 28 10:06:25 eduvpn-n09 kernel: refcount_t: underflow; use-after-free.
Mar 28 10:06:25 eduvpn-n09 kernel: WARNING: CPU: 1 PID: 32192 at lib/refcount.c:28 refcount_warn_saturate+0xba/0x110
Mar 28 10:06:25 eduvpn-n09 kernel: Modules linked in: binfmt_misc rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace nfs_ssc fscache dm_mod ovpn_dco_v2(OE) ip6_udp_tunnel udp_tunnel vsock_loopback vmw_vsock_virtio_transport>
Mar 28 10:06:25 eduvpn-n09 kernel: CPU: 1 PID: 32192 Comm: kworker/1:1 Tainted: G OE 5.10.0-21-amd64 #1 Debian 5.10.162-1
Mar 28 10:06:25 eduvpn-n09 kernel: Hardware name: VMware, Inc. VMware7,1/440BX Desktop Reference Platform, BIOS VMW71.00V.18227214.B64.2106252220 06/25/2021
Mar 28 10:06:25 eduvpn-n09 kernel: Workqueue: ovpn-crypto-wq-tun263 ovpn_decrypt_work [ovpn_dco_v2]
Mar 28 10:06:25 eduvpn-n09 kernel: RIP: 0010:refcount_warn_saturate+0xba/0x110
Mar 28 10:06:25 eduvpn-n09 kernel: Code: 01 01 e8 43 50 43 00 0f 0b c3 cc cc cc cc 80 3d 6a c5 3b 01 00 75 85 48 c7 c7 10 08 72 b7 c6 05 5a c5 3b 01 01 e8 20 50 43 00 <0f> 0b c3 cc cc cc cc 80 3d 45 c5 3b 01 00 0f 85 5e ff ff ff 48 c7
Mar 28 10:06:25 eduvpn-n09 kernel: RSP: 0018:ffffbc3600ac3e90 EFLAGS: 00010286
Mar 28 10:06:25 eduvpn-n09 kernel: RAX: 0000000000000000 RBX: ffff9fe10b94f680 RCX: ffff9fe139e60908
Mar 28 10:06:25 eduvpn-n09 kernel: RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffff9fe139e60900
Mar 28 10:06:25 eduvpn-n09 kernel: RBP: ffff9fe0232b9080 R08: 0000000000000000 R09: ffffbc3600ac3cb0
Mar 28 10:06:25 eduvpn-n09 kernel: R10: ffffbc3600ac3ca8 R11: ffff9fe13fec45a8 R12: ffff9fe139e735c0
Mar 28 10:06:25 eduvpn-n09 kernel: R13: 0000000000000020 R14: ffffdc35fde50900 R15: 0000000000000000
Mar 28 10:06:25 eduvpn-n09 kernel: FS: 0000000000000000(0000) GS:ffff9fe139e40000(0000) knlGS:0000000000000000
Mar 28 10:06:25 eduvpn-n09 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Mar 28 10:06:25 eduvpn-n09 kernel: CR2: 0000557c82d774e8 CR3: 0000000104916003 CR4: 00000000007706e0
Mar 28 10:06:25 eduvpn-n09 kernel: PKRU: 55555554
Mar 28 10:06:25 eduvpn-n09 kernel: Call Trace:
Mar 28 10:06:25 eduvpn-n09 kernel: process_one_work+0x1b3/0x350
Mar 28 10:06:25 eduvpn-n09 kernel: worker_thread+0x53/0x3e0
Mar 28 10:06:25 eduvpn-n09 kernel: ? process_one_work+0x350/0x350
Mar 28 10:06:25 eduvpn-n09 kernel: kthread+0x118/0x140
Mar 28 10:06:25 eduvpn-n09 kernel: ? __kthread_bind_mask+0x60/0x60
Mar 28 10:06:25 eduvpn-n09 kernel: ret_from_fork+0x1f/0x30
Mar 28 10:06:25 eduvpn-n09 kernel: ---[ end trace b38473f5264f2b20 ]---
Mar 28 10:06:25 eduvpn-n09 kernel: ------------[ cut here ]------------
Mar 28 10:06:25 eduvpn-n09 kernel: refcount_t: saturated; leaking memory.
Mar 28 10:06:25 eduvpn-n09 kernel: WARNING: CPU: 1 PID: 0 at lib/refcount.c:19 refcount_warn_saturate+0x97/0x110
Mar 28 10:06:25 eduvpn-n09 kernel: Modules linked in: binfmt_misc rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace nfs_ssc fscache dm_mod ovpn_dco_v2(OE) ip6_udp_tunnel udp_tunnel vsock_loopback vmw_vsock_virtio_transport>
Mar 28 10:06:25 eduvpn-n09 kernel: CPU: 1 PID: 0 Comm: swapper/1 Tainted: G W OE 5.10.0-21-amd64 #1 Debian 5.10.162-1
Mar 28 10:06:25 eduvpn-n09 kernel: Hardware name: VMware, Inc. VMware7,1/440BX Desktop Reference Platform, BIOS VMW71.00V.18227214.B64.2106252220 06/25/2021
Mar 28 10:06:25 eduvpn-n09 kernel: RIP: 0010:refcount_warn_saturate+0x97/0x110
Mar 28 10:06:25 eduvpn-n09 kernel: Code: 01 01 e8 66 50 43 00 0f 0b c3 cc cc cc cc 80 3d 90 c5 3b 01 00 75 a8 48 c7 c7 b8 07 72 b7 c6 05 80 c5 3b 01 01 e8 43 50 43 00 <0f> 0b c3 cc cc cc cc 80 3d 6a c5 3b 01 00 75 85 48 c7 c7 10 08 72
Mar 28 10:06:25 eduvpn-n09 kernel: RSP: 0018:ffffbc36004c8a78 EFLAGS: 00010286
Mar 28 10:06:25 eduvpn-n09 kernel: RAX: 0000000000000000 RBX: 0000000000000002 RCX: ffff9fe139e60908
Mar 28 10:06:25 eduvpn-n09 kernel: RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffff9fe139e60900
Mar 28 10:06:25 eduvpn-n09 kernel: RBP: 0000000000000002 R08: 0000000000000000 R09: ffffbc36004c8898
Mar 28 10:06:25 eduvpn-n09 kernel: R10: ffffbc36004c8890 R11: ffff9fe13fec45a8 R12: 0000000000000064
Mar 28 10:06:25 eduvpn-n09 kernel: R13: 0000000000000064 R14: 0000000000000064 R15: ffff9fe0232b9000
Mar 28 10:06:25 eduvpn-n09 kernel: FS: 0000000000000000(0000) GS:ffff9fe139e40000(0000) knlGS:0000000000000000
Mar 28 10:06:25 eduvpn-n09 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Mar 28 10:06:25 eduvpn-n09 kernel: CR2: 0000557c82d774e8 CR3: 0000000104916003 CR4: 00000000007706e0
Mar 28 10:06:25 eduvpn-n09 kernel: PKRU: 55555554
Mar 28 10:06:25 eduvpn-n09 kernel: Call Trace:
Mar 28 10:06:25 eduvpn-n09 kernel: <IRQ>
Mar 28 10:06:25 eduvpn-n09 kernel: ovpn_tcp_read_sock+0x25e/0x340 [ovpn_dco_v2]
Mar 28 10:06:25 eduvpn-n09 kernel: ? ovpn_tcp_tx_work+0xf0/0xf0 [ovpn_dco_v2]
Mar 28 10:06:25 eduvpn-n09 kernel: tcp_read_sock+0xa0/0x280
Mar 28 10:06:25 eduvpn-n09 kernel: ovpn_tcp_data_ready+0x5a/0x80 [ovpn_dco_v2]
Mar 28 10:06:25 eduvpn-n09 kernel: tcp_rcv_established+0x5de/0x690
Mar 28 10:06:25 eduvpn-n09 kernel: tcp_v6_do_rcv+0xc6/0x3d0
Mar 28 10:06:25 eduvpn-n09 kernel: tcp_v6_rcv+0xcfe/0xe00
Mar 28 10:06:25 eduvpn-n09 kernel: ? nf_confirm+0xcb/0x100 [nf_conntrack]
Mar 28 10:06:25 eduvpn-n09 kernel: ip6_protocol_deliver_rcu+0xcc/0x4e0
Mar 28 10:06:25 eduvpn-n09 kernel: ip6_input+0xbb/0xd0
Mar 28 10:06:25 eduvpn-n09 kernel: ? ip6_protocol_deliver_rcu+0x4e0/0x4e0
Mar 28 10:06:25 eduvpn-n09 kernel: ip6_sublist_rcv_finish+0x54/0x70
Mar 28 10:06:25 eduvpn-n09 kernel: ip6_sublist_rcv+0x210/0x2b0
Mar 28 10:06:25 eduvpn-n09 kernel: ? ip6_sublist_rcv+0x2b0/0x2b0
Mar 28 10:06:25 eduvpn-n09 kernel: ? ip6_sublist_rcv+0x2b0/0x2b0
Mar 28 10:06:25 eduvpn-n09 kernel: ipv6_list_rcv+0x138/0x160
Mar 28 10:06:25 eduvpn-n09 kernel: __netif_receive_skb_list_core+0x204/0x2e0
Mar 28 10:06:25 eduvpn-n09 kernel: netif_receive_skb_list_internal+0x1b7/0x2f0
Mar 28 10:06:25 eduvpn-n09 kernel: ? vmxnet3_rq_rx_complete+0x95a/0xe90 [vmxnet3]
Mar 28 10:06:25 eduvpn-n09 kernel: napi_complete_done+0x6f/0x1a0
Mar 28 10:06:25 eduvpn-n09 kernel: vmxnet3_poll_rx_only+0x7f/0xb0 [vmxnet3]
Mar 28 10:06:25 eduvpn-n09 kernel: net_rx_action+0x142/0x3e0
Mar 28 10:06:25 eduvpn-n09 kernel: __do_softirq+0xc2/0x279
Mar 28 10:06:25 eduvpn-n09 kernel: asm_call_irq_on_stack+0xf/0x20
Mar 28 10:06:25 eduvpn-n09 kernel: </IRQ>
Mar 28 10:06:25 eduvpn-n09 kernel: do_softirq_own_stack+0x37/0x50
Mar 28 10:06:25 eduvpn-n09 kernel: irq_exit_rcu+0x92/0xc0
Mar 28 10:06:25 eduvpn-n09 kernel: common_interrupt+0x74/0x130
Mar 28 10:06:25 eduvpn-n09 kernel: asm_common_interrupt+0x1e/0x40
Mar 28 10:06:25 eduvpn-n09 kernel: RIP: 0010:native_safe_halt+0xe/0x20
Mar 28 10:06:25 eduvpn-n09 kernel: Code: 00 f0 80 48 02 20 48 8b 00 a8 08 75 c0 e9 77 ff ff ff cc cc cc cc cc cc cc cc cc cc 0f 1f 44 00 00 0f 00 2d b6 8e 50 00 fb f4 <c3> cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 0f 1f 44 00
Mar 28 10:06:25 eduvpn-n09 kernel: RSP: 0018:ffffbc36000a3e80 EFLAGS: 00000246
Mar 28 10:06:25 eduvpn-n09 kernel: RAX: 0000000000004000 RBX: 0000000000000001 RCX: ffff9fe139e74940
Mar 28 10:06:25 eduvpn-n09 kernel: RDX: ffff9fe139e40000 RSI: ffff9fe102382400 RDI: ffff9fe102382464
Mar 28 10:06:25 eduvpn-n09 kernel: RBP: ffff9fe102382464 R08: ffffffffb7db9440 R09: 0000000000000018
Mar 28 10:06:25 eduvpn-n09 kernel: R10: 00000000000001c5 R11: 0000000000000155 R12: 0000000000000001
Mar 28 10:06:25 eduvpn-n09 kernel: R13: ffffffffb7db94c0 R14: 0000000000000001 R15: 0000000000000000
Mar 28 10:06:25 eduvpn-n09 kernel: acpi_idle_do_entry+0x4a/0x60
Mar 28 10:06:25 eduvpn-n09 kernel: acpi_idle_enter+0x84/0xd0
Mar 28 10:06:25 eduvpn-n09 kernel: cpuidle_enter_state+0x86/0x350
Mar 28 10:06:25 eduvpn-n09 kernel: cpuidle_enter+0x29/0x40
Mar 28 10:06:25 eduvpn-n09 kernel: do_idle+0x1f3/0x2b0
Mar 28 10:06:25 eduvpn-n09 kernel: cpu_startup_entry+0x19/0x20
Mar 28 10:06:25 eduvpn-n09 kernel: secondary_startup_64_no_verify+0xb0/0xbb
Mar 28 10:06:25 eduvpn-n09 kernel: ---[ end trace b38473f5264f2b21 ]---
Unknown symbols
After git cloning this repository, running make and trying to load the module I get a module failed to load because of unknown symbols. This works on Ubuntu 22.10 and not on Kali 2023.2
> cd ./ovpn-dco
> make -j 8
/home/c0z/Gits/ovpn-dco/gen-compat-autoconf.sh /home/c0z/Gits/ovpn-dco/compat-autoconf.h
make -C /lib/modules/6.1.0-kali9-amd64/build M=/home/c0z/Gits/ovpn-dco PWD=/home/c0z/Gits/ovpn-dco REVISION=0.2.20230426 CONFIG_OVPN_DCO_V2=m INSTALL_MOD_DIR=updates/ modules
make[1]: Entering directory '/usr/src/linux-headers-6.1.0-kali9-amd64'
CC [M] /home/c0z/Gits/ovpn-dco/drivers/net/ovpn-dco/main.o
CC [M] /home/c0z/Gits/ovpn-dco/drivers/net/ovpn-dco/bind.o
CC [M] /home/c0z/Gits/ovpn-dco/drivers/net/ovpn-dco/crypto.o
CC [M] /home/c0z/Gits/ovpn-dco/drivers/net/ovpn-dco/ovpn.o
CC [M] /home/c0z/Gits/ovpn-dco/drivers/net/ovpn-dco/peer.o
CC [M] /home/c0z/Gits/ovpn-dco/drivers/net/ovpn-dco/sock.o
CC [M] /home/c0z/Gits/ovpn-dco/drivers/net/ovpn-dco/stats.o
CC [M] /home/c0z/Gits/ovpn-dco/drivers/net/ovpn-dco/netlink.o
CC [M] /home/c0z/Gits/ovpn-dco/drivers/net/ovpn-dco/crypto_aead.o
CC [M] /home/c0z/Gits/ovpn-dco/drivers/net/ovpn-dco/pktid.o
CC [M] /home/c0z/Gits/ovpn-dco/drivers/net/ovpn-dco/tcp.o
CC [M] /home/c0z/Gits/ovpn-dco/drivers/net/ovpn-dco/udp.o
LD [M] /home/c0z/Gits/ovpn-dco/drivers/net/ovpn-dco/ovpn-dco-v2.o
MODPOST /home/c0z/Gits/ovpn-dco/Module.symvers
CC [M] /home/c0z/Gits/ovpn-dco/drivers/net/ovpn-dco/ovpn-dco-v2.mod.o
LD [M] /home/c0z/Gits/ovpn-dco/drivers/net/ovpn-dco/ovpn-dco-v2.ko
BTF [M] /home/c0z/Gits/ovpn-dco/drivers/net/ovpn-dco/ovpn-dco-v2.ko
Skipping BTF generation for /home/c0z/Gits/ovpn-dco/drivers/net/ovpn-dco/ovpn-dco-v2.ko due to unavailability of vmlinux
make[1]: Leaving directory '/usr/src/linux-headers-6.1.0-kali9-amd64'
> cd ./drivers/net/ovpn-dco/
> sudo insmod ./ovpn-dco-v2.ko
insmod: ERROR: could not insert module ./ovpn-dco-v2.ko: Unknown symbol in module
> sudo dmesg | tail -n 10
[85614.308689] ovpn_dco_v2: Unknown symbol udp_tunnel6_xmit_skb (err -2)
[85614.308793] ovpn_dco_v2: Unknown symbol setup_udp_tunnel_sock (err -2)
[85614.308835] ovpn_dco_v2: Unknown symbol udp_tunnel_xmit_skb (err -2)Doing some digging around the kernel driver and around my system from kernel headers to looking at symbols from the kernel module itself between the kernel image vmlinuz-6.1.0-kali9-amd64 (Debian 6.1.27-1kali1) and vmlinuz-5.19.0-26-generic (5.19.0.26-generic #27-Ubuntu) it seems that the only difference is that in the 6.1.27-1 kernel compiled driver there is an extra symbol defined as 0000000000000000 r __func__.60.
Looking at the defined headers for the function deceleration udp_tunnel6_xmit_skb yields:
[c0z@cancer:11:36 src]$ rg 'udp_tunnel6_xmit_skb'
linux-headers-6.1.0-kali9-amd64/Module.symvers
23120:0x52b9aa14 udp_tunnel6_xmit_skb net/ipv6/ip6_udp_tunnel EXPORT_SYMBOL_GPL
linux-headers-6.1.0-9-amd64/Module.symvers
23124:0x77452419 udp_tunnel6_xmit_skb net/ipv6/ip6_udp_tunnel EXPORT_SYMBOL_GPL
linux-headers-6.1.0-9-common/include/net/udp_tunnel.h
155:int udp_tunnel6_xmit_skb(struct dst_entry *dst, struct sock *sk,
linux-headers-6.1.0-kali9-common/include/net/udp_tunnel.h
155:int udp_tunnel6_xmit_skb(struct dst_entry *dst, struct sock *sk,And just for reference the relevant nm output is:
00000000000039c0 T ovpn_from_udp_sock
0000000000007110 t ovpn_udp_encap_recv
00000000000006f4 t ovpn_udp_encap_recv.cold
0000000000007370 T ovpn_udp_send_skb
0000000000000745 t ovpn_udp_send_skb.cold
0000000000007940 T ovpn_udp_socket_attach
0000000000000775 t ovpn_udp_socket_attach.cold
0000000000007a20 T ovpn_udp_socket_detach
U setup_udp_tunnel_sock
U udp_tunnel6_xmit_skb
U udp_tunnel_xmit_skbThis is the same as for the Ubuntu VM that I was testing it on. My question is, without doing a giant diff between the kernel headers to try to weed out was is exactly the issue between this big jump in kernel versions, why does the loading the kernel module fail even when the symbols are definitely there?
SSL warning, problem with signing kernel module and "missing 'System.map'"
I have VPS with Ubuntu 22/04
I started making install of openvpn and ovpn-dco by this intsruction - https://github.com/purum-pum-pum/openvpn-DCO-conf
After compiling DCO module, I started installation/ I got an error:
root@srv1677959661:/home/ovpn-dco# sudo make install
/home/ovpn-dco/gen-compat-autoconf.sh /home/ovpn-dco/compat-autoconf.h
make -C /lib/modules/5.15.0-67-generic/build M=/home/ovpn-dco PWD=/home/ovpn-dco REVISION=0.2.20230313 CONFIG_OVPN_DCO_V2=m INSTALL_MOD_DIR=updates/ modules_install
make[1]: Entering directory '/usr/src/linux-headers-5.15.0-67-generic'
arch/x86/Makefile:142: CONFIG_X86_X32 enabled but no binutils support
INSTALL /lib/modules/5.15.0-67-generic/updates//drivers/net/ovpn-dco/ovpn-dco-v2.ko
SIGN /lib/modules/5.15.0-67-generic/updates//drivers/net/ovpn-dco/ovpn-dco-v2.ko
At main.c:167:
- SSL error:FFFFFFFF80000002:system library::No such file or directory: ../crypto/bio/bss_file.c:67
- SSL error:10000080:BIO routines::no such file: ../crypto/bio/bss_file.c:75
sign-file: certs/signing_key.pem: No such file or directory
DEPMOD /lib/modules/5.15.0-67-generic
Warning: modules_install: missing 'System.map' file. Skipping depmod.
make[1]: Leaving directory '/usr/src/linux-headers-5.15.0-67-generic'
depmod -a
Help me please. Maybe you can edit make configs to do more easy process of installation from src
Build error with kernel 6.5 / 6.4 (?) - implicit declaration of function 'skb_gso_segment'
see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043116 .
CC [M] /var/lib/dkms/ovpn-dco/0.0+git20230324/build/drivers/net/ovpn-dco/udp.o
/var/lib/dkms/ovpn-dco/0.0+git20230324/build/drivers/net/ovpn-dco/ovpn.c: In function 'ovpn_net_xmit':
/var/lib/dkms/ovpn-dco/0.0+git20230324/build/drivers/net/ovpn-dco/ovpn.c:432:28: error: implicit declaration of function 'skb_gso_segment'; did you mean 'skb_gso_reset'? [-Werror=implicit-function-declaration]
432 | segments = skb_gso_segment(skb, 0);
| ^~~~~~~~~~~~~~~
| skb_gso_reset
/var/lib/dkms/ovpn-dco/0.0+git20230324/build/drivers/net/ovpn-dco/ovpn.c:432:26: warning: assignment to 'struct sk_buff *' from 'int' makes pointer from integer without a cast [-Wint-conversion]
432 | segments = skb_gso_segment(skb, 0);
| ^
cc1: some warnings being treated as errors
make[4]: *** [/usr/src/linux-headers-6.5.0-0-common/scripts/Makefile.build:248: /var/lib/dkms/ovpn-dco/0.0+git20230324/build/drivers/net/ovpn-dco/ovpn.o] Error 1
Please note that according to the bug report the kernel change causing this has been backported to 6.4-stable.
dkms: autoinstall for kernel: 6.5.0-rc5 failed!
Dear Maintainers,
here is the fixed header with it the code compiles smoothly
Sadly the ovpn modules fails to compile under kernel 6.5-rc5
proposed fix
https://www.mail-archive.com/[email protected]/msg1919159.html
Followup-For: Bug #1043116
Control: tag -1 sid trixie
The fix may be as simple as adding
#if LINUX_VERSION_CODE >= KERNEL_VERSION(6,5,0)
#include <net/gso.h>
#endif
somewhere.
That's all I had to do for fixing r8168-dkms which had the same error.
Andreas
CC [M] /usr/src/ovpn-dco-0.0+git20230324/drivers/net/ovpn-dco/ovpn.o /usr/src/ovpn-dco-0.0+git20230324/drivers/net/ovpn-dco/ovpn.c: In function 'ovpn_net_xmit': /usr/src/ovpn-dco-0.0+git20230324/drivers/net/ovpn-dco/ovpn.c:432:28: error: implicit declaration of function 'skb_gso_segment'; did you mean 'skb_gso_reset'? [-Werror=implicit-function-declaration] 432 | segments = skb_gso_segment(skb, 0); | ^~~~~~~~~~~~~~~ | skb_gso_reset /usr/src/ovpn-dco-0.0+git20230324/drivers/net/ovpn-dco/ovpn.c:432:26: warning: assignment to 'struct sk_buff *' from 'int' makes pointer from integer without a cast [-Wint-conversion] 432 | segments = skb_gso_segment(skb, 0); | ^ cc1: some warnings being treated as errors make[4]: *** [scripts/Makefile.build:243: /usr/src/ovpn-dco-0.0+git20230324/drivers/net/ovpn-dco/ovpn.o] Error 1 make[3]: *** [scripts/Makefile.build:480: /usr/src/ovpn-dco-0.0+git20230324/drivers/net/ovpn-dco] Error 2 make[2]: *** [/usr/src/linux-headers-6.5.0-rc5/Makefile:2032: /usr/src/ovpn-dco-0.0+git20230324] Error 2 make[1]: *** [Makefile:234: __sub-make] Error 2 make[1]: Leaving directory '/usr/src/linux-headers-6.5.0-rc5' make: *** [Makefile:52: all] Error 2
gcc --version
gcc (Debian 13.2.0-1)
uname -a
Linux ghost 6.5.0-rc5 #1 SMP PREEMPT_DYNAMIC Wed Aug 9 14:43:13 CEST 2023 x86_64 GNU/Linux
Kind Regards and thanks for your effort
Kernel crash
Together with Gert we have been stress testing OpenVPN+DCO on one of our eduVPN nodes. It has been running for approximately 18 hours serving 10000 connections, before this kernel crash happened
Debian Bullseye, OpenVPN 2.6.0_rc1, ovpn-dco as of Oct 22th.
Jan 4 04:15:38 eduvpn-n09 kernel: [64024.293002] tun257: tun257: deleting peer with id 0, reason 2
Jan 4 04:15:38 eduvpn-n09 openvpn[8213]: read UDPv6 [ECONNREFUSED]: Connection refused (fd=6,code=111)
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.324986] list_del corruption. next->prev should be ffff9646a3de9460, but was dead000000000122
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.325046] ------------[ cut here ]------------
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.325048] kernel BUG at lib/list_debug.c:62!
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.326592] invalid opcode: 0000 [#1] SMP PTI
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.327252] CPU: 1 PID: 209725 Comm: kworker/1:1 Tainted: G W OE 5.10.0-20-amd64 #1 Debian 5.10.158-2
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.327926] Hardware name: VMware, Inc. VMware7,1/440BX Desktop Reference Platform, BIOS VMW71.00V.18227214.B64.2106252220 06/25/2021
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.329175] Workqueue: ovpn-event-wq-tun259 ovpn_peer_delete_work [ovpn_dco]
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.329843] RIP: 0010:__list_del_entry_valid.cold+0x1d/0x69
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.330438] Code: c7 c7 a0 08 f2 85 e8 59 12 ff ff 0f 0b 48 89 fe 48 c7 c7 b0 09 f2 85 e8 48 12 ff ff 0f 0b 48 c7 c7 c0 0a f2 85 e8 3a 12 ff ff <0f> 0b 48 89 f2 48 89 fe 48 c7 c7
80 0a f2 85 e8 26 12 ff ff 0f 0b
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.331755] RSP: 0018:ffffa97dc52b3e40 EFLAGS: 00010246
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.332422] RAX: 0000000000000054 RBX: ffff9646a3de9000 RCX: 0000000000000000
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.333107] RDX: 0000000000000000 RSI: ffff9647b9e60900 RDI: ffff9647b9e60900
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.333804] RBP: ffff9646a3de9300 R08: 0000000000000000 R09: ffffa97dc52b3c68
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.334552] R10: ffffa97dc52b3c60 R11: ffff9647bfe3e058 R12: ffff9646a3de9300
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.335259] R13: 0000000000000000 R14: ffffc97dbde50700 R15: 0000000000000000
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.335958] FS: 0000000000000000(0000) GS:ffff9647b9e40000(0000) knlGS:0000000000000000
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.336682] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.337419] CR2: 00005618e71db918 CR3: 00000001053ec006 CR4: 00000000007706e0
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.338202] PKRU: 55555554
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.338929] Call Trace:
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.339765] __netif_napi_del+0x70/0x110
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.340537] ovpn_peer_release+0x21/0x80 [ovpn_dco]
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.341304] ovpn_peer_delete_work+0x15/0x20 [ovpn_dco]
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.342100] process_one_work+0x1b3/0x350
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.342890] worker_thread+0x53/0x3e0
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.343692] ? process_one_work+0x350/0x350
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.344498] kthread+0x118/0x140
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.345311] ? __kthread_bind_mask+0x60/0x60
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.346139] ret_from_fork+0x1f/0x30
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.346928] Modules linked in: binfmt_misc rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace nfs_ssc fscache dm_mod ovpn_dco(OE) ip6_udp_tunnel udp_tunnel vsock_loopback vmw_vsock_virtio_transport_common vmw_vsock_vmci_transport vsock ip6t_REJECT nf_reject_ipv6 nft_chain_nat nf_nat nft_counter ipt_REJECT nf_reject_ipv4 xt_tcpudp xt_state xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nft_compat nf_tables intel_rapl_msr intel_rapl_common nfnetlink nfit libnvdimm ghash_clmulni_intel aesni_intel libaes crypto_simd cryptd glue_helper nls_ascii rapl nls_cp437 vfat fat vmwgfx joydev vmw_balloon evdev serio_raw ttm sg efi_pstore pcspkr vmw_vmci drm_kms_helper cec button ac drm sunrpc fuse configfs efivarfs ip_tables x_tables autofs4 xfs libcrc32c crc32c_generic sr_mod cdrom sd_mod t10_pi crc_t10dif crct10dif_generic crct10dif_pclmul crct10dif_common ata_generic ahci crc32_pclmul crc32c_intel psmouse libahci ata_piix vmxnet3 libata vmw_pvscsi scsi_mod i2c_piix4
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.351583] ---[ end trace 0e4217e449975ea8 ]---
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.559003] RIP: 0010:__list_del_entry_valid.cold+0x1d/0x69
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.559853] Code: c7 c7 a0 08 f2 85 e8 59 12 ff ff 0f 0b 48 89 fe 48 c7 c7 b0 09 f2 85 e8 48 12 ff ff 0f 0b 48 c7 c7 c0 0a f2 85 e8 3a 12 ff ff <0f> 0b 48 89 f2 48 89 fe 48 c7 c7 80 0a f2 85 e8 26 12 ff ff 0f 0b
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.561316] RSP: 0018:ffffa97dc52b3e40 EFLAGS: 00010246
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.561976] RAX: 0000000000000054 RBX: ffff9646a3de9000 RCX: 0000000000000000
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.562627] RDX: 0000000000000000 RSI: ffff9647b9e60900 RDI: ffff9647b9e60900
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.563313] RBP: ffff9646a3de9300 R08: 0000000000000000 R09: ffffa97dc52b3c68
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.563982] R10: ffffa97dc52b3c60 R11: ffff9647bfe3e058 R12: ffff9646a3de9300
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.564661] R13: 0000000000000000 R14: ffffc97dbde50700 R15: 0000000000000000
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.565352] FS: 0000000000000000(0000) GS:ffff9647b9e40000(0000) knlGS:0000000000000000
Jan 4 04:15:40 eduvpn-n09 openvpn[8213]: read UDPv6 [ECONNREFUSED]: Connection refused (fd=6,code=111)
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.566002] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.566645] CR2: 00005618e71db918 CR3: 00000001053ec006 CR4: 00000000007706e0
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.567326] PKRU: 55555554
Jan 4 04:15:40 eduvpn-n09 openvpn[8328]: Received packet for peer-id unknown to OpenVPN: -1, type 0, reason 2
Jan 4 04:15:40 eduvpn-n09 openvpn[8185]: Received packet for peer-id unknown to OpenVPN: -1, type 0, reason 2
Jan 4 04:15:40 eduvpn-n09 openvpn[8427]: Received packet for peer-id unknown to OpenVPN: -1, type 0, reason 2
Jan 4 04:15:40 eduvpn-n09 openvpn[8397]: Received packet for peer-id unknown to OpenVPN: -1, type 0, reason 2
Jan 4 04:15:40 eduvpn-n09 openvpn[8363]: Received packet for peer-id unknown to OpenVPN: -1, type 0, reason 2
Jan 4 04:15:40 eduvpn-n09 openvpn[8213]: Received packet for peer-id unknown to OpenVPN: -1, type 0, reason 2
Jan 4 04:15:40 eduvpn-n09 openvpn[8155]: Received packet for peer-id unknown to OpenVPN: -1, type 0, reason 2
Jan 4 04:15:40 eduvpn-n09 openvpn[8242]: Received packet for peer-id unknown to OpenVPN: -1, type 0, reason 2
Jan 4 04:15:40 eduvpn-n09 openvpn[8270]: Received packet for peer-id unknown to OpenVPN: -1, type 0, reason 2
Jan 4 04:15:40 eduvpn-n09 openvpn[8300]: 067345860c8d009e790a261a41d06ddb/2a02:810d:e80:4b4f:e8a1:e485:517:812a SIGTERM[soft,ovpn-dco: ping expired] received, client-instance exiting
Jan 4 04:15:40 eduvpn-n09 kernel: [64026.572943] tun259: tun259: deleting peer with id 0, reason 2
Note: Kernel support for ovpn-dco missing, disabling data channel offload.
Clone module from git. Compiled.
Run modprobe ovpn-dco-v2
Installed Openvpn 2.6.0 from deb repo (dco enabled)
And in anyway I've got "Note: Kernel support for ovpn-dco missing, disabling data channel offload."
error in openvpn log
Does not build on kernel < 6.4.10, net/gso.h: No such file or directory
Commit dba96d2 for #42 broke compilation for kernels < 6.4.10
CC [M] /var/lib/dkms/ovpn-dco/0.0+git20230816/build/drivers/net/ovpn-dco/tcp.o
CC [M] /var/lib/dkms/ovpn-dco/0.0+git20230816/build/drivers/net/ovpn-dco/udp.o
/var/lib/dkms/ovpn-dco/0.0+git20230816/build/drivers/net/ovpn-dco/ovpn.c:25:10: fatal error: net/gso.h: No such file or directory
25 | #include <net/gso.h>
| ^~~~~~~~~~~
compilation terminated.
Getting ENOMEM from ovpn-dco
When running a lot of connections against ovpn-dco the userspace daemon can get up getting a ENOMEM from the kernel module. I found this very easy to reproduce if you do pause the OpenVPN daemon (like with Ctrl-S and Ctrl-Q):
2023-01-04 13:27:23 us=465732 gremlin210711/2003:d0:270b:a600:215:5dff:fe02:811a dco_update_keys: peer_id=250
2023-01-04 13:27:23 us=480151 gremlin215853/192.168.188.69:54724 dco_update_keys: peer_id=152
2023-01-04 13:27:23 us=487360 gremlin220672/2003:d0:270b:a600:215:5dff:fe02:811a dco_update_keys: peer_id=256
2023-01-04 13:27:23 us=501837 dco_do_read
2023-01-04 13:27:23 us=501945 ovpn-dco: received CMD_DEL_PEER, ifindex: 4, peer-id 228, reason: 2
2023-01-04 13:27:23 us=501974 gremlin214534/192.168.188.69:38570 SIGTERM[soft,ovpn-dco: ping expired] received, client-instance exiting
2023-01-04 13:27:23 us=501993 MULTI: multi_close_instance called
2023-01-04 13:27:23 us=502089 PID packet_id_free
2023-01-04 13:27:23 us=502113 PID packet_id_free
2023-01-04 13:27:23 us=502222 PID packet_id_free
2023-01-04 13:27:23 us=502248 PID packet_id_free
2023-01-04 13:27:23 us=502272 PID packet_id_free
2023-01-04 13:27:23 us=502321 PID packet_id_free
2023-01-04 13:27:23 us=502344 PID packet_id_free
2023-01-04 13:27:23 us=502385 PID packet_id_free
2023-01-04 13:27:23 us=502406 PID packet_id_free
2023-01-04 13:27:23 us=502431 PID packet_id_free
2023-01-04 13:27:23 us=502479 dco_do_read
2023-01-04 13:27:23 us=502517 dco_do_read: netlink out of memory error: No buffer space available (errno=105)
2023-01-04 13:27:23 us=502539 Exiting due to fatal error
2023-01-04 13:27:23 us=502570 Closing DCO interface
I already checked with extra prints but none of the ENOMEM in ovpn-dco itself trigger this, so this must be some interaction with netlink stack or similar.
errors from ovpn_queue_skb and ovpn_udp_encap_recv
dmesg has a lot (>1000) of these 2 messages. What information can I provide to help figure out the issue?
ovpn_queue_skb: cannot queue packet to TX ring
ovpn_udp_encap_recv: cannot handle incoming packet: -28
Failed to tests during build
I tried to build ovpn-dco, but failed to run tests.
Here is the output of make tests.
make -C tests
make[1]: Entering directory '/opt/ovpn-dco/tests'
cc -Wall ovpn-cli.c -I../include/uapi \
`pkg-config --cflags --libs libnl-3.0 libnl-genl-3.0` \
-lmbedtls -lmbedcrypto -Wall -o ovpn-cli
ovpn-cli.c: In function ‘ovpn_handle_peer’:
ovpn-cli.c:745:24: error: ‘OVPN_GET_PEER_RESP_ATTR_RX_BYTES’ undeclared (first use in this function); did you mean ‘OVPN_GET_PEER_RESP_ATTR_VPN_RX_BYTES’?
745 | if (attrs_peer[OVPN_GET_PEER_RESP_ATTR_RX_BYTES])
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| OVPN_GET_PEER_RESP_ATTR_VPN_RX_BYTES
ovpn-cli.c:745:24: note: each undeclared identifier is reported only once for each function it appears in
ovpn-cli.c:749:24: error: ‘OVPN_GET_PEER_RESP_ATTR_TX_BYTES’ undeclared (first use in this function); did you mean ‘OVPN_GET_PEER_RESP_ATTR_VPN_TX_BYTES’?
749 | if (attrs_peer[OVPN_GET_PEER_RESP_ATTR_TX_BYTES])
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| OVPN_GET_PEER_RESP_ATTR_VPN_TX_BYTES
ovpn-cli.c:753:24: error: ‘OVPN_GET_PEER_RESP_ATTR_RX_PACKETS’ undeclared (first use in this function); did you mean ‘OVPN_GET_PEER_RESP_ATTR_VPN_RX_PACKETS’?
753 | if (attrs_peer[OVPN_GET_PEER_RESP_ATTR_RX_PACKETS])
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| OVPN_GET_PEER_RESP_ATTR_VPN_RX_PACKETS
ovpn-cli.c:757:24: error: ‘OVPN_GET_PEER_RESP_ATTR_TX_PACKETS’ undeclared (first use in this function); did you mean ‘OVPN_GET_PEER_RESP_ATTR_VPN_TX_PACKETS’?
757 | if (attrs_peer[OVPN_GET_PEER_RESP_ATTR_TX_PACKETS])
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| OVPN_GET_PEER_RESP_ATTR_VPN_TX_PACKETS
ovpn-cli.c: In function ‘ovpn_send_data’:
ovpn-cli.c:874:34: error: ‘OVPN_CMD_PACKET’ undeclared (first use in this function); did you mean ‘OVPN_CMD_DEL_KEY’?
874 | ctx = nl_ctx_alloc(ovpn, OVPN_CMD_PACKET);
| ^~~~~~~~~~~~~~~
| OVPN_CMD_DEL_KEY
ovpn-cli.c:878:44: error: ‘OVPN_ATTR_PACKET’ undeclared (first use in this function); did you mean ‘OVPN_ATTR_MAX’?
878 | attr = nla_nest_start(ctx->nl_msg, OVPN_ATTR_PACKET);
| ^~~~~~~~~~~~~~~~
ovpn-cli.c:37:31: note: in definition of macro ‘nla_nest_start’
37 | nla_nest_start(_msg, (_type) | NLA_F_NESTED)
| ^~~~~
make[1]: *** [Makefile:11: ovpn-cli] Error 1
make[1]: Leaving directory '/opt/ovpn-dco/tests'
make: *** [Makefile:75: tests] Error 2
I installed some dependencies according to the error messages.
It seemed to work well, but I got stuck here.
My environment is Rocky Linux release 9.1 (Blue Onyx).
I'm new to asking on GitHub.
I really appreciate any help you can provide.
cannot modprobe on kernel 6.2.0-rc4
[Fri Jan 20 17:32:39 2023] ovpn: can't register netlink family
[Fri Jan 20 17:32:39 2023] ovpn: initialization failed, error status=-22
Originally posted by @xevilstar in #12 (comment)
openvpn dco has a problem with the latest commit
Hi
When I click disconnect on the windows side, using the management interface on the server side, 'status', the client list cannot be exited in time, and even exists once.
status 2 TITLE,OpenVPN 2.6_git [git:dco/a503c91735538f21] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH/PKTINFO] [AEAD] [DCO] built on Apr 15 2022 TIME,2022-04-15 11:13:30,1649992410 HEADER,CLIENT_LIST,Common Name,Real Address,Virtual Address,Virtual IPv6 Address,Bytes Received,Bytes Sent,Connected Since,Connected Since (time_t),Username,Client ID,Peer ID,Data Channel Cipher CLIENT_LIST,client1,192.168.0.66:50522,172.16.0.2,,4159,5869,2022-04-15 10:59:48,1649991588,client1,7,0,AES-256-GCM HEADER,ROUTING_TABLE,Virtual Address,Common Name,Real Address,Last Ref,Last Ref (time_t) ROUTING_TABLE,172.16.0.2,client1,192.168.0.66:50522,2022-04-15 10:59:48,1649991588 GLOBAL_STATS,Max bcast/mcast queue length,0 END
It is now 11:14
Build failing on AlmaLinux 8.7
make -C /lib/modules/4.18.0-425.19.2.el8_7.x86_64/build M=/export/home/orion/redhat/kmod-ovpn-dco/ovpn-dco-0.2.20230323 PWD=/export/home/orion/redhat/kmod-ovpn-dco/ovpn-dco-0.2.20230323 REVISION= CONFIG_OVPN_DCO_V2=m INSTALL_MOD_DIR=updates/ modules
...
CC [M] /export/home/orion/redhat/kmod-ovpn-dco/ovpn-dco-0.2.20230323/drivers/net/ovpn-dco/netlink.o
In file included from /export/home/orion/redhat/kmod-ovpn-dco/ovpn-dco-0.2.20230323/drivers/net/ovpn-dco/netlink.c:25:
./include/net/genetlink.h:77:16: error: duplicate member ‘n_ops’
unsigned int n_ops;
^~~~~
In file included from ./include/linux/time.h:5,
from ./include/linux/skbuff.h:19,
from ./include/linux/ip.h:20,
from /export/home/orion/redhat/kmod-ovpn-dco/ovpn-dco-0.2.20230323/drivers/net/ovpn-dco/main.h:13,
from /export/home/orion/redhat/kmod-ovpn-dco/ovpn-dco-0.2.20230323/drivers/net/ovpn-dco/netlink.c:9:
/export/home/orion/redhat/kmod-ovpn-dco/ovpn-dco-0.2.20230323/linux-compat.h:70:19: error: duplicate member ‘ops’
#define small_ops ops
^~~
./include/linux/rh_kabi.h:424:3: note: in definition of macro ‘_RH_KABI_REPLACE’
_new; \
^~~~
./include/linux/rh_kabi.h:472:29: note: in expansion of macro ‘_RH_KABI_USE’
#define RH_KABI_USE(n, ...) _RH_KABI_USE(__PASTE(_RH_KABI_USE, COUNT_ARGS(__VA_ARGS__))(n, __VA_ARGS__));
^~~~~~~~~~~~
././include/linux/compiler_types.h:52:23: note: in expansion of macro ‘_RH_KABI_USE1’
#define ___PASTE(a,b) a##b
^
./include/net/genetlink.h:82:2: note: in expansion of macro ‘RH_KABI_USE’
RH_KABI_USE(1, const struct genl_small_ops *small_ops)
^~~~~~~~~~~
./include/net/genetlink.h:82:46: note: in expansion of macro ‘small_ops’
RH_KABI_USE(1, const struct genl_small_ops *small_ops)
^~~~~~~~~
In file included from /export/home/orion/redhat/kmod-ovpn-dco/ovpn-dco-0.2.20230323/drivers/net/ovpn-dco/netlink.c:25:
./include/net/genetlink.h:178:8: error: redefinition of ‘struct genl_ops’
struct genl_ops {
^~~~~~~~
In file included from <command-line>:
/export/home/orion/redhat/kmod-ovpn-dco/ovpn-dco-0.2.20230323/linux-compat.h:69:24: note: originally defined here
#define genl_small_ops genl_ops
^~~~~~~~
./include/net/genetlink.h:154:8: note: in expansion of macro ‘genl_small_ops’
struct genl_small_ops {
^~~~~~~~~~~~~~
/export/home/orion/redhat/kmod-ovpn-dco/ovpn-dco-0.2.20230323/drivers/net/ovpn-dco/netlink.c:848:14: error: initialization of ‘int (*)(const struct genl_ops *, struct sk_buff *, struct genl_info *)’ from incompatible pointer type ‘int (*)(const struct genl_ops *, struct sk_buff *, struct genl_info *)’ [-Werror=incompatible-pointer-types]
.pre_doit = ovpn_pre_doit,
^~~~~~~~~~~~~
/export/home/orion/redhat/kmod-ovpn-dco/ovpn-dco-0.2.20230323/drivers/net/ovpn-dco/netlink.c:848:14: note: (near initialization for ‘ovpn_netlink_family.pre_doit’)
/export/home/orion/redhat/kmod-ovpn-dco/ovpn-dco-0.2.20230323/drivers/net/ovpn-dco/netlink.c:849:15: error: initialization of ‘void (*)(const struct genl_ops *, struct sk_buff *, struct genl_info *)’ from incompatible pointer type ‘void (*)(const struct genl_ops *, struct sk_buff *, struct genl_info *)’ [-Werror=incompatible-pointer-types]
.post_doit = ovpn_post_doit,
^~~~~~~~~~~~~~
/export/home/orion/redhat/kmod-ovpn-dco/ovpn-dco-0.2.20230323/drivers/net/ovpn-dco/netlink.c:849:15: note: (near initialization for ‘ovpn_netlink_family.post_doit’)
/export/home/orion/redhat/kmod-ovpn-dco/ovpn-dco-0.2.20230323/drivers/net/ovpn-dco/netlink.c:851:15: error: initialization of ‘const struct genl_ops *’ from incompatible pointer type ‘const struct genl_ops *’ [-Werror=incompatible-pointer-types]
.small_ops = ovpn_netlink_ops,
^~~~~~~~~~~~~~~~
/export/home/orion/redhat/kmod-ovpn-dco/ovpn-dco-0.2.20230323/drivers/net/ovpn-dco/netlink.c:851:15: note: (near initialization for ‘ovpn_netlink_family.ops’)
cc1: some warnings being treated as errors
Hide info messages "deleting peer with id" from dmesg
Hi
How can I hide dmesg/syslog messages such as tun*: deleting peer with id 0, reason 2 or move it to openvpn.log?
tcp.c:482:31: error: assignment to ‘int (*)(struct sock *, struct msghdr *, size_t, int, int, int *)’
While compiling I get this error:
/home/prchal/cdubian/ovpn-dco/drivers/net/ovpn-dco/tcp.c: In function ‘ovpn_tcp_init’:
/home/prchal/cdubian/ovpn-dco/drivers/net/ovpn-dco/tcp.c:482:31: error: assignment to ‘int (*)(struct sock *, struct msghdr *, size_t, int, int, int )’ {aka ‘int ()(struct sock *, struct msghdr *, unsigned int, int, int, int )’} from incompatible pointer type ‘int ()(struct sock *, struct msghdr *, size_t, int, int )’ {aka ‘int ()(struct sock *, struct msghdr *, unsigned int, int, int *)’} [-Werror=incompatible-pointer-types]
482 | ovpn_tcp_prot.recvmsg = ovpn_tcp_recvmsg;
| ^
cc1: some warnings being treated as errors
I did crosscompilation on Ubuntu 22.04:
ARCH=arm CROSS_COMPILE=/usr/bin/arm-linux-gnueabi- make KERNEL_SRC=/home/prchal/cdubian/linux/
UDP mode, exit problems
Describe the bug
When a SIGTERM is sent to the openvpn process requesting a graceful exit, the process exits normally, but the interface listen is not released and clients already connected remain available.
There are many kworker processes when generating heavy traffic.
New clients cannot connect.
At the same time, the port is occupied
To Reproduce
Start a DCO-enabled server and initiate a client connection.
Closing the server can be reproduced.
Expected behavior
Destroy all client sessions. Release port occupancy.
Version information (please complete the following information):
- OS: debian 11.2
- OpenVPN version: OpenVPN 2.6.6 x86_64-pc-linux-gnu
- DCO version: 0.0+git20230816
Kernel crash in ovpn_tcp_rx_one
Dez 22 15:19:11 bionic-client kernel: ------------[ cut here ]------------
Dez 22 15:19:11 bionic-client kernel: refcount_t: underflow; use-after-free.
Dez 22 15:19:11 bionic-client kernel: WARNING: CPU: 5 PID: 4158 at lib/refcount.c:28 refcount_warn_saturate+0xa3/0x150
Dez 22 15:19:11 bionic-client kernel: Modules linked in: poly1305_generic libpoly1305 poly1305_x86_64 chacha_generic chacha_x86_64 libchacha chacha20poly1305 ovpn_dco(OE) ip6_udp_tunnel udp_tunnel xt_conntrack nft_chain_nat xt_MASQUERADE nf_nat nf_conntrack_netlink nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xfrm_user xfrm_algo xt_addrtype nft_compat nf_tables nfnetlink br_netfilter bridge stp llc overlay cfg80211 intel_rapl_msr binfmt_misc intel_rapl_common nls_iso8859_1 joydev serio_raw hv_balloon hyperv_fb vmgenid mac_hid ramoops reed_solomon pstore_blk pstore_zone efi_pstore ip_tables x_tables autofs4 btrfs blake2b_generic raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear hyperv_drm drm_shmem_helper drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops hid_generic hid_hyperv hv_storvsc hv_netvsc drm scsi_transport_fc hid hv_utils hyperv_keyboard crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel crypto_simd cryptd
Dez 22 15:19:11 bionic-client kernel: hv_vmbus
Dez 22 15:19:11 bionic-client kernel: CPU: 5 PID: 4158 Comm: kworker/5:12 Tainted: G OE 5.19.0-26-generic #27-Ubuntu
Dez 22 15:19:11 bionic-client kernel: Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 05/05/2021
Dez 22 15:19:11 bionic-client kernel: Workqueue: ovpn-event-wq-tun1 ovpn_tcp_rx_work [ovpn_dco]
Dez 22 15:19:11 bionic-client kernel: RIP: 0010:refcount_warn_saturate+0xa3/0x150
Dez 22 15:19:11 bionic-client kernel: Code: b1 00 0f b6 1d 3c 07 cb 01 80 fb 01 0f 87 a3 85 7a 00 83 e3 01 75 dd 48 c7 c7 98 cf 05 94 c6 05 20 07 cb 01 01 e8 c2 7f 76 00 <0f> 0b eb c6 0f b6 1d 13 07 cb 01 80 fb 01 0f 87 63 85 7a 00 83 e3
Dez 22 15:19:11 bionic-client kernel: RSP: 0018:ffffbab6caed3d80 EFLAGS: 00010246
Dez 22 15:19:11 bionic-client kernel: RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
Dez 22 15:19:11 bionic-client kernel: RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
Dez 22 15:19:11 bionic-client kernel: RBP: ffffbab6caed3d88 R08: 0000000000000000 R09: 0000000000000000
Dez 22 15:19:11 bionic-client kernel: R10: 0000000000000000 R11: 0000000000000000 R12: ffff92a1060609c0
Dez 22 15:19:11 bionic-client kernel: R13: ffff92a117587a00 R14: ffff92a1084a6da0 R15: ffff92a10f9c3140
Dez 22 15:19:11 bionic-client kernel: FS: 0000000000000000(0000) GS:ffff92a203740000(0000) knlGS:0000000000000000
Dez 22 15:19:11 bionic-client kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Dez 22 15:19:11 bionic-client kernel: CR2: 00007ffff7ce2fc0 CR3: 0000000016ca4000 CR4: 00000000003506e0
Dez 22 15:19:11 bionic-client kernel: Call Trace:
Dez 22 15:19:11 bionic-client kernel: <TASK>
Dez 22 15:19:11 bionic-client kernel: ovpn_recv+0x117/0x180 [ovpn_dco]
Dez 22 15:19:11 bionic-client kernel: ovpn_tcp_rx_one+0x1dd/0x220 [ovpn_dco]
Dez 22 15:19:11 bionic-client kernel: ovpn_tcp_rx_work+0x23/0x50 [ovpn_dco]
Dez 22 15:19:11 bionic-client kernel: process_one_work+0x225/0x400
Dez 22 15:19:11 bionic-client kernel: worker_thread+0x50/0x3e0
Dez 22 15:19:11 bionic-client kernel: ? rescuer_thread+0x3c0/0x3c0
Dez 22 15:19:11 bionic-client kernel: kthread+0xe9/0x110
Dez 22 15:19:11 bionic-client kernel: ? kthread_complete_and_exit+0x20/0x20
Dez 22 15:19:11 bionic-client kernel: ret_from_fork+0x22/0x30
Dez 22 15:19:11 bionic-client kernel: </TASK>
Dez 22 15:19:11 bionic-client kernel: ---[ end trace 0000000000000000 ]---
report "rekeying needed" to userspace
Makefile does not recognize CentOS Stream 8 as EL8
The check is:
cat /etc/redhat-release 2>/dev/null | grep -c " 8."
but /etc/redhat-release has:
CentOS Stream release 8
without a trailing . so it fails.
Confusing README related to KERNEL_SRC
I attempted to build ovpn-dco with a kernel different to that running on my system (6.3.0).
The README states:
If you want to build ovpn-dco against a kernel different from the one
running on the host, run:
$ make KERNEL_SRC=/path/to/the/kernel/tree
However it omits to mention that it should be a built kernel tree, rather than just the source code.
Suggestion:
If you want to build ovpn-dco against a kernel different from the one running on the host, ensure you have a built Linux kernel checked out at the desired version:
$ git clone https://github.com/OpenVPN/ovpn-dco.git
$ git clone git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
$ cd linux/
$ git checkout ...
$ make
$ cd ../ovpn-dco/
$ make KERNEL_SRC=../linux/
Can the old kernel version (4.4.x) not be supported?
I cannot compile and pass in the kernel on 4.4.x.
I am not a kernel developer and found that ptr_ring is not supported.
How to adapt this?
netlink reports object not found
After three days of steady running, suddenly
2023-09-27 19:04:52 us=681004 CLIENT/XXXXXX:65165 dco_new_key: netlink reports object not found, ovpn-dco unloaded?
2023-09-27 19:04:52 us=681014 CLIENT/XXXXXX:65165 dco_new_key: failed to send netlink message: No such file or directory (-2)
2023-09-27 19:04:52 us=681020 CLIENT/XXXXXX:65165 Impossible to install key material in DCO: No such file or directory
2023-09-27 19:04:52 us=681023 CLIENT/XXXXXX:65165 Exiting due to fatal error
2023-09-27 19:04:52 us=681036 CLIENT/XXXXXX:65165 Closing DCO interface
2023-09-27 19:04:52 us=681041 CLIENT/XXXXXX:65165 net_addr_v4_del: 10.61.0.1 dev tun3
2023-09-27 19:04:52 us=683371 CLIENT/XXXXXX:65165 net_iface_del: delete tun3
Then consistently see kernel errors
Message from syslogd@ip-XXXXX at Sep 27 23:18:39 ...
kernel:[11843724.403314] unregister_netdevice: waiting for tun3 to become free. Usage count = 8
dmesg output
……
[11843714.323165] unregister_netdevice: waiting for tun3 to become free. Usage count = 8
[11843724.403314] unregister_netdevice: waiting for tun3 to become free. Usage count = 8
[11843734.483472] unregister_netdevice: waiting for tun3 to become free. Usage count = 8
[11843744.563620] unregister_netdevice: waiting for tun3 to become free. Usage count = 8
[11843754.643777] unregister_netdevice: waiting for tun3 to become free. Usage count = 8
[11843764.723930] unregister_netdevice: waiting for tun3 to become free. Usage count = 8
[11843774.836075] unregister_netdevice: waiting for tun3 to become free. Usage count = 8
[11843784.948232] unregister_netdevice: waiting for tun3 to become free. Usage count = 8
[11843795.060380] unregister_netdevice: waiting for tun3 to become free. Usage count = 8
[11843805.140526] unregister_netdevice: waiting for tun3 to become free. Usage count = 8
[11843815.220675] unregister_netdevice: waiting for tun3 to become free. Usage count = 8
[11843825.300839] unregister_netdevice: waiting for tun3 to become free. Usage count = 8
[11843835.412986] unregister_netdevice: waiting for tun3 to become free. Usage count = 8
[11843845.525133] unregister_netdevice: waiting for tun3 to become free. Usage count = 8
[11843855.637290] unregister_netdevice: waiting for tun3 to become free. Usage count = 8
[11843865.717444] unregister_netdevice: waiting for tun3 to become free. Usage count = 8
[11843875.797583] unregister_netdevice: waiting for tun3 to become free. Usage count = 8
……
What can I do about it?
dev branch does not compile on kernel 6.2-rc4
root@ghost:/usr/src/ovpn-dco# git checkout dev
branch 'dev' set up to track 'origin/dev'.
Switched to a new branch 'dev'
root@ghost:/usr/src/ovpn-dco# git fetch
root@ghost:/usr/src/ovpn-dco# make KERNEL_SRC=/usr/src/linux-6.2-rc2
/usr/src/ovpn-dco/gen-compat-autoconf.sh /usr/src/ovpn-dco/compat-autoconf.h
make -C /usr/src/linux-6.2-rc2 M=/usr/src/ovpn-dco PWD=/usr/src/ovpn-dco REVISION=0.1.20221107-3-gad23dcb CONFIG_OVPN=m INSTALL_MOD_DIR=updates/ modules
make[1]: Entering directory '/usr/src/linux-6.2-rc2'
CC [M] /usr/src/ovpn-dco/drivers/net/ovpn/main.o
CC [M] /usr/src/ovpn-dco/drivers/net/ovpn/bind.o
CC [M] /usr/src/ovpn-dco/drivers/net/ovpn/crypto.o
CC [M] /usr/src/ovpn-dco/drivers/net/ovpn/io.o
CC [M] /usr/src/ovpn-dco/drivers/net/ovpn/peer.o
CC [M] /usr/src/ovpn-dco/drivers/net/ovpn/sock.o
CC [M] /usr/src/ovpn-dco/drivers/net/ovpn/stats.o
CC [M] /usr/src/ovpn-dco/drivers/net/ovpn/netlink.o
In file included from ./include/net/rtnetlink.h:6,
from ./include/net/neighbour.h:31,
from ./include/net/dst.h:19,
from ./include/net/sock.h:66,
from ./include/linux/tcp.h:19,
from ./include/linux/ipv6.h:93,
from /usr/src/ovpn-dco/drivers/net/ovpn/main.h:14,
from /usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:9:
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:49:50: error: 'NUM_OVPN_A_KEY_SLOT' undeclared here (not in a function); did you mean 'NUM_OVPN_KEY_SLOT'?
49 | NUM_OVPN_A_KEY_SLOT - 1),
| ^~~~~~~~~~~~~~~~~~~
./include/net/netlink.h:411:16: note: in definition of macro 'NLA_POLICY_RANGE'
411 | .max = _max
| ^~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:52:58: error: 'ovpn_netlink_policy_keydir' undeclared here (not in a function); did you mean 'ovpn_nl_policy_keydir'?
52 | [OVPN_A_KEYCONF_ENCRYPT_DIR] = NLA_POLICY_NESTED(ovpn_netlink_policy_keydir),
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
./include/net/netlink.h:367:48: note: in definition of macro '_NLA_POLICY_NESTED'
367 | { .type = NLA_NESTED, .nested_policy = policy, .len = maxattr }
| ^~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:52:40: note: in expansion of macro 'NLA_POLICY_NESTED'
52 | [OVPN_A_KEYCONF_ENCRYPT_DIR] = NLA_POLICY_NESTED(ovpn_netlink_policy_keydir),
| ^~~~~~~~~~~~~~~~~
./include/linux/build_bug.h:16:51: error: bit-field '' width not an integer constant
16 | #define BUILD_BUG_ON_ZERO(e) ((int)(sizeof(struct { int:(-!!(e)); })))
| ^
./include/net/netlink.h:367:63: note: in definition of macro '_NLA_POLICY_NESTED'
367 | { .type = NLA_NESTED, .nested_policy = policy, .len = maxattr }
| ^~~~~~~
./include/linux/compiler.h:232:33: note: in expansion of macro 'BUILD_BUG_ON_ZERO'
232 | #define __must_be_array(a) BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0]))
| ^~~~~~~~~~~~~~~~~
./include/linux/kernel.h:55:59: note: in expansion of macro '__must_be_array'
55 | #define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]) + __must_be_array(arr))
| ^~~~~~~~~~~~~~~
./include/net/netlink.h:371:28: note: in expansion of macro 'ARRAY_SIZE'
371 | _NLA_POLICY_NESTED(ARRAY_SIZE(policy) - 1, policy)
| ^~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:52:40: note: in expansion of macro 'NLA_POLICY_NESTED'
52 | [OVPN_A_KEYCONF_ENCRYPT_DIR] = NLA_POLICY_NESTED(ovpn_netlink_policy_keydir),
| ^~~~~~~~~~~~~~~~~
./include/linux/build_bug.h:16:51: error: bit-field '' width not an integer constant
16 | #define BUILD_BUG_ON_ZERO(e) ((int)(sizeof(struct { int:(-!!(e)); })))
| ^
./include/net/netlink.h:367:63: note: in definition of macro '_NLA_POLICY_NESTED'
367 | { .type = NLA_NESTED, .nested_policy = policy, .len = maxattr }
| ^~~~~~~
./include/linux/compiler.h:232:33: note: in expansion of macro 'BUILD_BUG_ON_ZERO'
232 | #define __must_be_array(a) BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0]))
| ^~~~~~~~~~~~~~~~~
./include/linux/kernel.h:55:59: note: in expansion of macro '__must_be_array'
55 | #define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]) + __must_be_array(arr))
| ^~~~~~~~~~~~~~~
./include/net/netlink.h:371:28: note: in expansion of macro 'ARRAY_SIZE'
371 | _NLA_POLICY_NESTED(ARRAY_SIZE(policy) - 1, policy)
| ^~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:53:40: note: in expansion of macro 'NLA_POLICY_NESTED'
53 | [OVPN_A_KEYCONF_DECRYPT_DIR] = NLA_POLICY_NESTED(ovpn_netlink_policy_keydir),
| ^~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:61:10: error: 'OVPN_A_PEER_IPV4' undeclared here (not in a function); did you mean 'OVPN_A_PEER_ID'?
61 | [OVPN_A_PEER_IPV4] = { .type = NLA_U32 },
| ^~~~~~~~~~~~~~~~
| OVPN_A_PEER_ID
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:61:10: error: array index in initializer not of integer type
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:61:10: note: (near initialization for 'ovpn_nl_policy_peer')
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:62:10: error: 'OVPN_A_PEER_IPV6' undeclared here (not in a function); did you mean 'OVPN_A_PEER_ID'?
62 | [OVPN_A_PEER_IPV6] = NLA_POLICY_EXACT_LEN(sizeof(struct in6_addr)),
| ^~~~~~~~~~~~~~~~
| OVPN_A_PEER_ID
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:62:10: error: array index in initializer not of integer type
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:62:10: note: (near initialization for 'ovpn_nl_policy_peer')
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:70:52: error: 'ovpn_nl_policy_stats' undeclared here (not in a function); did you mean 'ovpn_nl_policy_peer'?
70 | [OVPN_A_PEER_RX_STATS] = NLA_POLICY_NESTED(ovpn_nl_policy_stats),
| ^~~~~~~~~~~~~~~~~~~~
./include/net/netlink.h:367:48: note: in definition of macro '_NLA_POLICY_NESTED'
367 | { .type = NLA_NESTED, .nested_policy = policy, .len = maxattr }
| ^~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:70:34: note: in expansion of macro 'NLA_POLICY_NESTED'
70 | [OVPN_A_PEER_RX_STATS] = NLA_POLICY_NESTED(ovpn_nl_policy_stats),
| ^~~~~~~~~~~~~~~~~
./include/linux/build_bug.h:16:51: error: bit-field '' width not an integer constant
16 | #define BUILD_BUG_ON_ZERO(e) ((int)(sizeof(struct { int:(-!!(e)); })))
| ^
./include/net/netlink.h:367:63: note: in definition of macro '_NLA_POLICY_NESTED'
367 | { .type = NLA_NESTED, .nested_policy = policy, .len = maxattr }
| ^~~~~~~
./include/linux/compiler.h:232:33: note: in expansion of macro 'BUILD_BUG_ON_ZERO'
232 | #define __must_be_array(a) BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0]))
| ^~~~~~~~~~~~~~~~~
./include/linux/kernel.h:55:59: note: in expansion of macro '__must_be_array'
55 | #define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]) + __must_be_array(arr))
| ^~~~~~~~~~~~~~~
./include/net/netlink.h:371:28: note: in expansion of macro 'ARRAY_SIZE'
371 | _NLA_POLICY_NESTED(ARRAY_SIZE(policy) - 1, policy)
| ^~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:70:34: note: in expansion of macro 'NLA_POLICY_NESTED'
70 | [OVPN_A_PEER_RX_STATS] = NLA_POLICY_NESTED(ovpn_nl_policy_stats),
| ^~~~~~~~~~~~~~~~~
./include/linux/build_bug.h:16:51: error: bit-field '' width not an integer constant
16 | #define BUILD_BUG_ON_ZERO(e) ((int)(sizeof(struct { int:(-!!(e)); })))
| ^
./include/net/netlink.h:367:63: note: in definition of macro '_NLA_POLICY_NESTED'
367 | { .type = NLA_NESTED, .nested_policy = policy, .len = maxattr }
| ^~~~~~~
./include/linux/compiler.h:232:33: note: in expansion of macro 'BUILD_BUG_ON_ZERO'
232 | #define __must_be_array(a) BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0]))
| ^~~~~~~~~~~~~~~~~
./include/linux/kernel.h:55:59: note: in expansion of macro '__must_be_array'
55 | #define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]) + __must_be_array(arr))
| ^~~~~~~~~~~~~~~
./include/net/netlink.h:371:28: note: in expansion of macro 'ARRAY_SIZE'
371 | _NLA_POLICY_NESTED(ARRAY_SIZE(policy) - 1, policy)
| ^~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:71:34: note: in expansion of macro 'NLA_POLICY_NESTED'
71 | [OVPN_A_PEER_TX_STATS] = NLA_POLICY_NESTED(ovpn_nl_policy_stats),
| ^~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c: In function 'ovpn_pre_doit':
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:124:26: error: 'info->genlhdr' is a pointer; did you mean to use '->'?
124 | if (info->genlhdr.cmd == OVPN_CMD_NEW_IFACE) {
| ^
| ->
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c: In function 'ovpn_netlink_get_key_dir':
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:160:37: error: 'OVPN_KEY_DIR_ATTR_MAX' undeclared (first use in this function); did you mean 'OVPN_KEY_ID_MAX'?
160 | struct nlattr *attr, *attrs[OVPN_KEY_DIR_ATTR_MAX + 1];
| ^~~~~~~~~~~~~~~~~~~~~
| OVPN_KEY_ID_MAX
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:160:37: note: each undeclared identifier is reported only once for each function it appears in
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:170:30: error: 'OVPN_KEY_DIR_ATTR_CIPHER_KEY' undeclared (first use in this function); did you mean 'OVPN_A_KEYDIR_CIPHER_KEY'?
170 | attr = attrs[OVPN_KEY_DIR_ATTR_CIPHER_KEY];
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
| OVPN_A_KEYDIR_CIPHER_KEY
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:177:30: error: 'OVPN_KEY_DIR_ATTR_NONCE_TAIL' undeclared (first use in this function); did you mean 'OVPN_A_KEYDIR_NONCE_TAIL'?
177 | attr = attrs[OVPN_KEY_DIR_ATTR_NONCE_TAIL];
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
| OVPN_A_KEYDIR_NONCE_TAIL
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:160:31: warning: unused variable 'attrs' [-Wunused-variable]
160 | struct nlattr *attr, *attrs[OVPN_KEY_DIR_ATTR_MAX + 1];
| ^~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c: In function 'ovpn_netlink_new_key':
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:197:30: error: 'OVPN_NEW_KEY_ATTR_MAX' undeclared (first use in this function)
197 | struct nlattr *attrs[OVPN_NEW_KEY_ATTR_MAX + 1];
| ^~~~~~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:204:26: error: 'OVPN_ATTR_NEW_KEY' undeclared (first use in this function)
204 | if (!info->attrs[OVPN_ATTR_NEW_KEY])
| ^~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:212:20: error: 'OVPN_NEW_KEY_ATTR_PEER_ID' undeclared (first use in this function)
212 | if (!attrs[OVPN_NEW_KEY_ATTR_PEER_ID] ||
| ^~~~~~~~~~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:213:20: error: 'OVPN_NEW_KEY_ATTR_KEY_SLOT' undeclared (first use in this function)
213 | !attrs[OVPN_NEW_KEY_ATTR_KEY_SLOT] ||
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:214:20: error: 'OVPN_NEW_KEY_ATTR_KEY_ID' undeclared (first use in this function); did you mean 'OVPN_A_KEYCONF_KEY_ID'?
214 | !attrs[OVPN_NEW_KEY_ATTR_KEY_ID] ||
| ^~~~~~~~~~~~~~~~~~~~~~~~
| OVPN_A_KEYCONF_KEY_ID
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:215:20: error: 'OVPN_NEW_KEY_ATTR_CIPHER_ALG' undeclared (first use in this function); did you mean 'OVPN_A_KEYCONF_CIPHER_ALG'?
215 | !attrs[OVPN_NEW_KEY_ATTR_CIPHER_ALG] ||
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
| OVPN_A_KEYCONF_CIPHER_ALG
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:216:20: error: 'OVPN_NEW_KEY_ATTR_ENCRYPT_KEY' undeclared (first use in this function)
216 | !attrs[OVPN_NEW_KEY_ATTR_ENCRYPT_KEY] ||
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:217:20: error: 'OVPN_NEW_KEY_ATTR_DECRYPT_KEY' undeclared (first use in this function)
217 | !attrs[OVPN_NEW_KEY_ATTR_DECRYPT_KEY])
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:197:24: warning: unused variable 'attrs' [-Wunused-variable]
197 | struct nlattr *attrs[OVPN_NEW_KEY_ATTR_MAX + 1];
| ^~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c: In function 'ovpn_netlink_del_key':
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:260:30: error: 'OVPN_DEL_KEY_ATTR_MAX' undeclared (first use in this function)
260 | struct nlattr *attrs[OVPN_DEL_KEY_ATTR_MAX + 1];
| ^~~~~~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:267:26: error: 'OVPN_ATTR_DEL_KEY' undeclared (first use in this function); did you mean 'OVPN_CMD_DEL_KEY'?
267 | if (!info->attrs[OVPN_ATTR_DEL_KEY])
| ^~~~~~~~~~~~~~~~~
| OVPN_CMD_DEL_KEY
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:275:20: error: 'OVPN_DEL_KEY_ATTR_PEER_ID' undeclared (first use in this function)
275 | if (!attrs[OVPN_DEL_KEY_ATTR_PEER_ID] || !attrs[OVPN_DEL_KEY_ATTR_KEY_SLOT])
| ^~~~~~~~~~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:275:57: error: 'OVPN_DEL_KEY_ATTR_KEY_SLOT' undeclared (first use in this function)
275 | if (!attrs[OVPN_DEL_KEY_ATTR_PEER_ID] || !attrs[OVPN_DEL_KEY_ATTR_KEY_SLOT])
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:260:24: warning: unused variable 'attrs' [-Wunused-variable]
260 | struct nlattr *attrs[OVPN_DEL_KEY_ATTR_MAX + 1];
| ^~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c: In function 'ovpn_netlink_swap_keys':
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:293:30: error: 'OVPN_SWAP_KEYS_ATTR_MAX' undeclared (first use in this function)
293 | struct nlattr *attrs[OVPN_SWAP_KEYS_ATTR_MAX + 1];
| ^~~~~~~~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:299:26: error: 'OVPN_ATTR_SWAP_KEYS' undeclared (first use in this function); did you mean 'OVPN_CMD_SWAP_KEYS'?
299 | if (!info->attrs[OVPN_ATTR_SWAP_KEYS])
| ^~~~~~~~~~~~~~~~~~~
| OVPN_CMD_SWAP_KEYS
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:307:20: error: 'OVPN_SWAP_KEYS_ATTR_PEER_ID' undeclared (first use in this function)
307 | if (!attrs[OVPN_SWAP_KEYS_ATTR_PEER_ID])
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:293:24: warning: unused variable 'attrs' [-Wunused-variable]
293 | struct nlattr *attrs[OVPN_SWAP_KEYS_ATTR_MAX + 1];
| ^~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c: In function 'ovpn_netlink_new_peer':
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:324:30: error: 'OVPN_NEW_PEER_ATTR_MAX' undeclared (first use in this function)
324 | struct nlattr *attrs[OVPN_NEW_PEER_ATTR_MAX + 1];
| ^~~~~~~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:336:26: error: 'OVPN_ATTR_NEW_PEER' undeclared (first use in this function); did you mean 'OVPN_CMD_DEL_PEER'?
336 | if (!info->attrs[OVPN_ATTR_NEW_PEER])
| ^~~~~~~~~~~~~~~~~~
| OVPN_CMD_DEL_PEER
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:344:20: error: 'OVPN_NEW_PEER_ATTR_PEER_ID' undeclared (first use in this function)
344 | if (!attrs[OVPN_NEW_PEER_ATTR_PEER_ID] || !attrs[OVPN_NEW_PEER_ATTR_SOCKET]) {
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:344:58: error: 'OVPN_NEW_PEER_ATTR_SOCKET' undeclared (first use in this function); did you mean 'OVPN_A_PEER_SOCKET'?
344 | if (!attrs[OVPN_NEW_PEER_ATTR_PEER_ID] || !attrs[OVPN_NEW_PEER_ATTR_SOCKET]) {
| ^~~~~~~~~~~~~~~~~~~~~~~~~
| OVPN_A_PEER_SOCKET
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:350:50: error: 'OVPN_NEW_PEER_ATTR_IPV4' undeclared (first use in this function); did you mean 'OVPN_A_PEER_VPN_IPV4'?
350 | if (ovpn->mode == OVPN_MODE_MP && !attrs[OVPN_NEW_PEER_ATTR_IPV4] &&
| ^~~~~~~~~~~~~~~~~~~~~~~
| OVPN_A_PEER_VPN_IPV4
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:351:20: error: 'OVPN_NEW_PEER_ATTR_IPV6' undeclared (first use in this function); did you mean 'OVPN_A_PEER_VPN_IPV6'?
351 | !attrs[OVPN_NEW_PEER_ATTR_IPV6]) {
| ^~~~~~~~~~~~~~~~~~~~~~~
| OVPN_A_PEER_VPN_IPV6
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:376:28: error: 'OVPN_NEW_PEER_ATTR_SOCKADDR_REMOTE' undeclared (first use in this function); did you mean 'OVPN_A_PEER_SOCKADDR_REMOTE'?
376 | if (!attrs[OVPN_NEW_PEER_ATTR_SOCKADDR_REMOTE]) {
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| OVPN_A_PEER_SOCKADDR_REMOTE
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:425:27: error: 'OVPN_NEW_PEER_ATTR_LOCAL_IP' undeclared (first use in this function); did you mean 'OVPN_A_PEER_LOCAL_IP'?
425 | if (attrs[OVPN_NEW_PEER_ATTR_LOCAL_IP]) {
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
| OVPN_A_PEER_LOCAL_IP
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:324:24: warning: unused variable 'attrs' [-Wunused-variable]
324 | struct nlattr *attrs[OVPN_NEW_PEER_ATTR_MAX + 1];
| ^~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c: In function 'ovpn_netlink_set_peer':
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:518:30: error: 'OVPN_SET_PEER_ATTR_MAX' undeclared (first use in this function)
518 | struct nlattr *attrs[OVPN_SET_PEER_ATTR_MAX + 1];
| ^~~~~~~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:525:26: error: 'OVPN_ATTR_SET_PEER' undeclared (first use in this function); did you mean 'OVPN_CMD_SET_PEER'?
525 | if (!info->attrs[OVPN_ATTR_SET_PEER])
| ^~~~~~~~~~~~~~~~~~
| OVPN_CMD_SET_PEER
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:533:20: error: 'OVPN_SET_PEER_ATTR_PEER_ID' undeclared (first use in this function)
533 | if (!attrs[OVPN_SET_PEER_ATTR_PEER_ID])
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:543:19: error: 'OVPN_SET_PEER_ATTR_KEEPALIVE_INTERVAL' undeclared (first use in this function); did you mean 'OVPN_A_PEER_KEEPALIVE_INTERVAL'?
543 | if (attrs[OVPN_SET_PEER_ATTR_KEEPALIVE_INTERVAL] &&
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| OVPN_A_PEER_KEEPALIVE_INTERVAL
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:544:19: error: 'OVPN_SET_PEER_ATTR_KEEPALIVE_TIMEOUT' undeclared (first use in this function); did you mean 'OVPN_A_PEER_KEEPALIVE_TIMEOUT'?
544 | attrs[OVPN_SET_PEER_ATTR_KEEPALIVE_TIMEOUT]) {
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| OVPN_A_PEER_KEEPALIVE_TIMEOUT
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:518:24: warning: unused variable 'attrs' [-Wunused-variable]
518 | struct nlattr *attrs[OVPN_SET_PEER_ATTR_MAX + 1];
| ^~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c: In function 'ovpn_netlink_send_peer':
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:570:36: error: 'OVPN_ATTR_GET_PEER' undeclared (first use in this function); did you mean 'OVPN_CMD_GET_PEER'?
570 | attr = nla_nest_start(skb, OVPN_ATTR_GET_PEER);
| ^~~~~~~~~~~~~~~~~~
| OVPN_CMD_GET_PEER
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:576:30: error: 'OVPN_GET_PEER_RESP_ATTR_PEER_ID' undeclared (first use in this function)
576 | if (nla_put_u32(skb, OVPN_GET_PEER_RESP_ATTR_PEER_ID, peer->id))
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:580:34: error: 'OVPN_GET_PEER_RESP_ATTR_IPV4' undeclared (first use in this function)
580 | if (nla_put(skb, OVPN_GET_PEER_RESP_ATTR_IPV4, sizeof(peer->vpn_addrs.ipv4),
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:585:34: error: 'OVPN_GET_PEER_RESP_ATTR_IPV6' undeclared (first use in this function)
585 | if (nla_put(skb, OVPN_GET_PEER_RESP_ATTR_IPV6, sizeof(peer->vpn_addrs.ipv6),
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:589:30: error: 'OVPN_GET_PEER_RESP_ATTR_KEEPALIVE_INTERVAL' undeclared (first use in this function); did you mean 'OVPN_A_PEER_KEEPALIVE_INTERVAL'?
589 | if (nla_put_u32(skb, OVPN_GET_PEER_RESP_ATTR_KEEPALIVE_INTERVAL,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| OVPN_A_PEER_KEEPALIVE_INTERVAL
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:591:30: error: 'OVPN_GET_PEER_RESP_ATTR_KEEPALIVE_TIMEOUT' undeclared (first use in this function); did you mean 'OVPN_A_PEER_KEEPALIVE_TIMEOUT'?
591 | nla_put_u32(skb, OVPN_GET_PEER_RESP_ATTR_KEEPALIVE_TIMEOUT,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| OVPN_A_PEER_KEEPALIVE_TIMEOUT
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:599:42: error: 'OVPN_GET_PEER_RESP_ATTR_SOCKADDR_REMOTE' undeclared (first use in this function); did you mean 'OVPN_A_PEER_SOCKADDR_REMOTE'?
599 | if (nla_put(skb, OVPN_GET_PEER_RESP_ATTR_SOCKADDR_REMOTE,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| OVPN_A_PEER_SOCKADDR_REMOTE
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:601:42: error: 'OVPN_GET_PEER_RESP_ATTR_LOCAL_IP' undeclared (first use in this function)
601 | nla_put(skb, OVPN_GET_PEER_RESP_ATTR_LOCAL_IP,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:614:32: error: 'OVPN_GET_PEER_RESP_ATTR_LOCAL_PORT' undeclared (first use in this function)
614 | if (nla_put_net16(skb, OVPN_GET_PEER_RESP_ATTR_LOCAL_PORT,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:617:36: error: 'OVPN_GET_PEER_RESP_ATTR_RX_BYTES' undeclared (first use in this function)
617 | nla_put_u64_64bit(skb, OVPN_GET_PEER_RESP_ATTR_RX_BYTES,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:619:31: error: 'OVPN_GET_PEER_RESP_ATTR_UNSPEC' undeclared (first use in this function)
619 | OVPN_GET_PEER_RESP_ATTR_UNSPEC) ||
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:620:30: error: 'OVPN_GET_PEER_RESP_ATTR_RX_PACKETS' undeclared (first use in this function)
620 | nla_put_u32(skb, OVPN_GET_PEER_RESP_ATTR_RX_PACKETS,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:623:36: error: 'OVPN_GET_PEER_RESP_ATTR_TX_BYTES' undeclared (first use in this function)
623 | nla_put_u64_64bit(skb, OVPN_GET_PEER_RESP_ATTR_TX_BYTES,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:626:30: error: 'OVPN_GET_PEER_RESP_ATTR_TX_PACKETS' undeclared (first use in this function)
626 | nla_put_u32(skb, OVPN_GET_PEER_RESP_ATTR_TX_PACKETS,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c: In function 'ovpn_netlink_get_peer':
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:643:30: error: 'OVPN_SET_PEER_ATTR_MAX' undeclared (first use in this function)
643 | struct nlattr *attrs[OVPN_SET_PEER_ATTR_MAX + 1];
| ^~~~~~~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:650:26: error: 'OVPN_ATTR_GET_PEER' undeclared (first use in this function); did you mean 'OVPN_CMD_GET_PEER'?
650 | if (!info->attrs[OVPN_ATTR_GET_PEER])
| ^~~~~~~~~~~~~~~~~~
| OVPN_CMD_GET_PEER
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:653:39: error: 'OVPN_GET_PEER_ATTR_MAX' undeclared (first use in this function)
653 | ret = nla_parse_nested(attrs, OVPN_GET_PEER_ATTR_MAX, info->attrs[OVPN_ATTR_GET_PEER], NULL,
| ^~~~~~~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:658:20: error: 'OVPN_GET_PEER_ATTR_PEER_ID' undeclared (first use in this function)
658 | if (!attrs[OVPN_GET_PEER_ATTR_PEER_ID])
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:643:24: warning: unused variable 'attrs' [-Wunused-variable]
643 | struct nlattr *attrs[OVPN_SET_PEER_ATTR_MAX + 1];
| ^~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c: In function 'ovpn_netlink_dump_prepare':
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:697:27: error: 'OVPN_ATTR_MAX' undeclared (first use in this function); did you mean 'DCB_ATTR_MAX'?
697 | attrbuf = kcalloc(OVPN_ATTR_MAX + 1, sizeof(*attrbuf), GFP_KERNEL);
| ^~~~~~~~~~~~~
| DCB_ATTR_MAX
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:702:38: error: 'ovpn_netlink_policy' undeclared (first use in this function); did you mean 'ovpn_netlink_family'?
702 | ovpn_netlink_policy, NULL);
| ^~~~~~~~~~~~~~~~~~~
| ovpn_netlink_family
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c: In function 'ovpn_netlink_del_peer':
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:762:30: error: 'OVPN_SET_PEER_ATTR_MAX' undeclared (first use in this function)
762 | struct nlattr *attrs[OVPN_SET_PEER_ATTR_MAX + 1];
| ^~~~~~~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:768:26: error: 'OVPN_ATTR_DEL_PEER' undeclared (first use in this function); did you mean 'OVPN_CMD_DEL_PEER'?
768 | if (!info->attrs[OVPN_ATTR_DEL_PEER])
| ^~~~~~~~~~~~~~~~~~
| OVPN_CMD_DEL_PEER
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:771:39: error: 'OVPN_DEL_PEER_ATTR_MAX' undeclared (first use in this function)
771 | ret = nla_parse_nested(attrs, OVPN_DEL_PEER_ATTR_MAX, info->attrs[OVPN_ATTR_DEL_PEER], NULL,
| ^~~~~~~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:776:20: error: 'OVPN_DEL_PEER_ATTR_PEER_ID' undeclared (first use in this function)
776 | if (!attrs[OVPN_DEL_PEER_ATTR_PEER_ID])
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:762:24: warning: unused variable 'attrs' [-Wunused-variable]
762 | struct nlattr *attrs[OVPN_SET_PEER_ATTR_MAX + 1];
| ^~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c: In function 'ovpn_netlink_packet':
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:813:30: error: 'OVPN_PACKET_ATTR_MAX' undeclared (first use in this function)
813 | struct nlattr *attrs[OVPN_PACKET_ATTR_MAX + 1];
| ^~~~~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:821:26: error: 'OVPN_ATTR_PACKET' undeclared (first use in this function); did you mean 'OVPN_A_PEER_SOCKET'?
821 | if (!info->attrs[OVPN_ATTR_PACKET])
| ^~~~~~~~~~~~~~~~
| OVPN_A_PEER_SOCKET
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:829:20: error: 'OVPN_PACKET_ATTR_PACKET' undeclared (first use in this function)
829 | if (!attrs[OVPN_PACKET_ATTR_PACKET] || !attrs[OVPN_PACKET_ATTR_PEER_ID]) {
| ^~~~~~~~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:829:55: error: 'OVPN_PACKET_ATTR_PEER_ID' undeclared (first use in this function)
829 | if (!attrs[OVPN_PACKET_ATTR_PACKET] || !attrs[OVPN_PACKET_ATTR_PEER_ID]) {
| ^~~~~~~~~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:813:24: warning: unused variable 'attrs' [-Wunused-variable]
813 | struct nlattr *attrs[OVPN_PACKET_ATTR_MAX + 1];
| ^~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c: At top level:
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:859:44: error: 'IFLA_OVPN_MAX' undeclared here (not in a function); did you mean 'IFLA_TUN_MAX'?
859 | static const struct nla_policy ovpn_policy[IFLA_OVPN_MAX + 1] = {
| ^~~~~~~~~~~~~
| IFLA_TUN_MAX
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:860:10: error: 'IFLA_OVPN_MODE' undeclared here (not in a function); did you mean 'NUM_OVPN_MODE'?
860 | [IFLA_OVPN_MODE] = NLA_POLICY_RANGE(NLA_U8, __OVPN_MODE_FIRST,
| ^~~~~~~~~~~~~~
| NUM_OVPN_MODE
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:861:45: error: '__OVPN_MODE_AFTER_LAST' undeclared here (not in a function); did you mean '__OVPN_MODE_FIRST'?
861 | __OVPN_MODE_AFTER_LAST - 1),
| ^~~~~~~~~~~~~~~~~~~~~~
./include/net/netlink.h:411:16: note: in definition of macro 'NLA_POLICY_RANGE'
411 | .max = _max
| ^~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c: In function 'ovpn_netlink_new_iface':
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:866:30: error: 'OVPN_ATTR_MAX' undeclared (first use in this function); did you mean 'DCB_ATTR_MAX'?
866 | struct nlattr *attrs[OVPN_ATTR_MAX + 1];
| ^~~~~~~~~~~~~
| DCB_ATTR_MAX
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:871:26: error: 'OVPN_IFNAME' undeclared (first use in this function); did you mean 'OVPN_A_IFNAME'?
871 | if (!info->attrs[OVPN_IFNAME])
| ^~~~~~~~~~~
| OVPN_A_IFNAME
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:883:25: error: 'OVPN_MODE' undeclared (first use in this function); did you mean 'OVPN_MODE_MP'?
883 | if (info->attrs[OVPN_MODE]) {
| ^~~~~~~~~
| OVPN_MODE_MP
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:866:24: warning: unused variable 'attrs' [-Wunused-variable]
866 | struct nlattr *attrs[OVPN_ATTR_MAX + 1];
| ^~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c: In function 'ovpn_netlink_del_iface':
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:894:30: error: 'OVPN_ATTR_MAX' undeclared (first use in this function); did you mean 'DCB_ATTR_MAX'?
894 | struct nlattr *attrs[OVPN_ATTR_MAX + 1];
| ^~~~~~~~~~~~~
| DCB_ATTR_MAX
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:897:29: error: redefinition of 'ovpn'
897 | struct ovpn_struct *ovpn = netdev_priv(dev);
| ^~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:895:29: note: previous definition of 'ovpn' with type 'struct ovpn_struct *'
895 | struct ovpn_struct *ovpn = info->user_ptr[0];
| ^~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:897:48: error: 'dev' undeclared (first use in this function); did you mean 'cdev'?
897 | struct ovpn_struct *ovpn = netdev_priv(dev);
| ^~~
| cdev
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:908:41: error: 'head' undeclared (first use in this function)
908 | unregister_netdevice_queue(dev, head);
| ^~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:894:24: warning: unused variable 'attrs' [-Wunused-variable]
894 | struct nlattr attrs[OVPN_ATTR_MAX + 1];
| ^~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c: At top level:
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:914:24: error: 'OVPN_CMD_NEW_PEER' undeclared here (not in a function); did you mean 'OVPN_CMD_DEL_PEER'?
914 | .cmd = OVPN_CMD_NEW_PEER,
| ^~~~~~~~~~~~~~~~~
| OVPN_CMD_DEL_PEER
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:940:24: error: 'OVPN_CMD_NEW_KEY' undeclared here (not in a function); did you mean 'OVPN_CMD_DEL_KEY'?
940 | .cmd = OVPN_CMD_NEW_KEY,
| ^~~~~~~~~~~~~~~~
| OVPN_CMD_DEL_KEY
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:958:24: error: 'OVPN_CMD_REGISTER_PACKET' undeclared here (not in a function)
958 | .cmd = OVPN_CMD_REGISTER_PACKET,
| ^~~~~~~~~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:964:24: error: 'OVPN_CMD_PACKET' undeclared here (not in a function); did you mean 'OVPN_CMD_DEL_KEY'?
964 | .cmd = OVPN_CMD_PACKET,
| ^~~~~~~~~~~~~~~
| OVPN_CMD_DEL_KEY
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:975:20: error: 'OVPN_ATTR_MAX' undeclared here (not in a function); did you mean 'DCB_ATTR_MAX'?
975 | .maxattr = OVPN_ATTR_MAX,
| ^~~~~~~~~~~~~
| DCB_ATTR_MAX
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:976:19: error: 'ovpn_netlink_policy' undeclared here (not in a function); did you mean 'ovpn_netlink_family'?
976 | .policy = ovpn_netlink_policy,
| ^~~~~~~~~~~~~~~~~~~
| ovpn_netlink_family
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:978:21: error: initialization of 'int ()(const struct genl_split_ops *, struct sk_buff *, struct genl_info )' from incompatible pointer type 'int ()(const struct genl_ops *, struct sk_buff *, struct genl_info )' [-Werror=incompatible-pointer-types]
978 | .pre_doit = ovpn_pre_doit,
| ^~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:978:21: note: (near initialization for 'ovpn_netlink_family.pre_doit')
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:979:22: error: initialization of 'void ()(const struct genl_split_ops *, struct sk_buff *, struct genl_info )' from incompatible pointer type 'void ()(const struct genl_ops *, struct sk_buff *, struct genl_info *)' [-Werror=incompatible-pointer-types]
979 | .post_doit = ovpn_post_doit,
| ^~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:979:22: note: (near initialization for 'ovpn_netlink_family.post_doit')
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c: In function 'ovpn_netlink_notify_del_peer':
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:1008:30: error: 'OVPN_ATTR_IFINDEX' undeclared (first use in this function); did you mean 'OVPN_A_IFINDEX'?
1008 | if (nla_put_u32(msg, OVPN_ATTR_IFINDEX, peer->ovpn->dev->ifindex)) {
| ^~~~~~~~~~~~~~~~~
| OVPN_A_IFINDEX
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:1013:36: error: 'OVPN_ATTR_DEL_PEER' undeclared (first use in this function); did you mean 'OVPN_CMD_DEL_PEER'?
1013 | attr = nla_nest_start(msg, OVPN_ATTR_DEL_PEER);
| ^~~~~~~~~~~~~~~~~~
| OVPN_CMD_DEL_PEER
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:1019:29: error: 'OVPN_DEL_PEER_ATTR_REASON' undeclared (first use in this function); did you mean 'OVPN_A_PEER_DEL_REASON'?
1019 | if (nla_put_u8(msg, OVPN_DEL_PEER_ATTR_REASON, peer->delete_reason)) {
| ^~~~~~~~~~~~~~~~~~~~~~~~~
| OVPN_A_PEER_DEL_REASON
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:1024:30: error: 'OVPN_DEL_PEER_ATTR_PEER_ID' undeclared (first use in this function)
1024 | if (nla_put_u32(msg, OVPN_DEL_PEER_ATTR_PEER_ID, peer->id)) {
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c: In function 'ovpn_netlink_send_packet':
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:1069:30: error: 'OVPN_ATTR_IFINDEX' undeclared (first use in this function); did you mean 'OVPN_A_IFINDEX'?
1069 | if (nla_put_u32(msg, OVPN_ATTR_IFINDEX, ovpn->dev->ifindex)) {
| ^~~~~~~~~~~~~~~~~
| OVPN_A_IFINDEX
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:1074:36: error: 'OVPN_ATTR_PACKET' undeclared (first use in this function); did you mean 'OVPN_A_PEER_SOCKET'?
1074 | attr = nla_nest_start(msg, OVPN_ATTR_PACKET);
| ^~~~~~~~~~~~~~~~
| OVPN_A_PEER_SOCKET
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:1080:26: error: 'OVPN_PACKET_ATTR_PACKET' undeclared (first use in this function)
1080 | if (nla_put(msg, OVPN_PACKET_ATTR_PACKET, len, buf)) {
| ^~~~~~~~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:1085:30: error: 'OVPN_PACKET_ATTR_PEER_ID' undeclared (first use in this function)
1085 | if (nla_put_u32(msg, OVPN_PACKET_ATTR_PEER_ID, peer->id)) {
| ^~~~~~~~~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c: At top level:
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:892:13: warning: 'ovpn_netlink_del_iface' defined but not used [-Wunused-function]
892 | static void ovpn_netlink_del_iface(struct sk_buff *skb, struct genl_info *info)
| ^~~~~~~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:864:12: warning: 'ovpn_netlink_new_iface' defined but not used [-Wunused-function]
864 | static int ovpn_netlink_new_iface(struct sk_buff *skb, struct genl_info *info)
| ^~~~~~~~~~~~~~~~~~~~~~
/usr/src/ovpn-dco/drivers/net/ovpn/netlink.c:859:32: warning: 'ovpn_policy' defined but not used [-Wunused-variable]
859 | static const struct nla_policy ovpn_policy[IFLA_OVPN_MAX + 1] = {
| ^~~~~~~~~~~
cc1: some warnings being treated as errors
make[3]: *** [scripts/Makefile.build:252: /usr/src/ovpn-dco/drivers/net/ovpn/netlink.o] Error 1
make[2]: *** [scripts/Makefile.build:504: /usr/src/ovpn-dco/drivers/net/ovpn] Error 2
make[1]: *** [Makefile:2008: /usr/src/ovpn-dco] Error 2
make[1]: Leaving directory '/usr/src/linux-6.2-rc2'
make: *** [Makefile:52: all] Error 2`
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.