Opened 3 years ago

Closed 15 months ago

#158 closed Bug / Defect (fixed)

TCP_NODELAY not detected properly on FreeBSD 8.0-RELEASE-p6

Reported by: Onepamopa Owned by:
Priority: major Milestone:
Component: Generic / unclassified Version: 2.1.0 / 2.1.1
Severity: Not set (if unsure, select this one) Keywords:
Cc:

Description

OS: FreeBSD 8.0-RELEASE-p6 x64
OpenVPN version installed from ports:
[root@server /usr/local/etc/openvpn]# openvpn --version
OpenVPN 2.1.1 amd64-portbld-freebsd8.0 [SSL] [LZO2] built on Mar 2 2011

Check if tcp_nodelay is enabled:
[root@server ~]# sysctl -a |grep net.inet.tcp.delayed_ack
net.inet.tcp.delayed_ack: 1

Enable tcp-nodelay @ openvpn server config.
tcp-nodelay (also tested with tcp-nodelay 1)
verb 4

Start openvpn server and look for message:
NOTE: setsockopt TCP_NODELAY=1 failed (No kernel support)

According to guys @ #freebsd, tcp_nodelay is enabled but openvpn doesn't know how to detect/use it.

Change History (5)

comment:1 Changed 20 months ago by heloo

This defect is still active under FreeBSD 8.3-RELEASE with openvpn 2.2.2 .

HAVE_SETSOCKOPT seems not to be defined in base system libraries included by openvpn and won't be set by configure, so the right branch gets excluded by preprocessor.

./socket.c

...
#if defined(WIN32) || (defined(HAVE_SETSOCKOPT) && defined(IPPROTO_TCP) && defined(TCP_NODELAY))
  if (setsockopt (sd, IPPROTO_TCP, TCP_NODELAY, (void *) &state, sizeof (state)) != 0)
    {
      msg (M_WARN, "NOTE: setsockopt TCP_NODELAY=%d failed", state);
      return false;
    }
  else
    {
      dmsg (D_OSBUF, "Socket flags: TCP_NODELAY=%d succeeded", state);
      return true;
    }
#else
  msg (M_WARN, "NOTE: setsockopt TCP_NODELAY=%d failed (No kernel support)", state);
  return false;
#endif
}
...

comment:2 Changed 16 months ago by mnottebrock

The problem is that the TCP_NODELAY definition is missing rather than HAVE_SETSOCKOPT. OpenVPN does not include the necessary system header on FreeBSD.

Fix:

--- syshead.h.orig
+++ syshead.h
@@ -295,12 +295,16 @@
 #endif

 #ifdef HAVE_NETINET_IP_H
 #include <netinet/ip.h>
 #endif

+#ifdef HAVE_NETINET_TCP_H
+#include <netinet/tcp.h>
+#endif
+
 #ifdef HAVE_NET_IF_TUN_H
 #include <net/if_tun.h>
 #endif

 #endif /* TARGET_FREEBSD */

comment:3 Changed 15 months ago by mandree

Bug persists in OpenVPN 2.3.0

comment:4 Changed 15 months ago by mandree

Patch coming up in FreeBSD ports:

  • upcoming new port security/openvpn22 as of openvpn-2.2.2_1
  • security/openvpn as of upcoming upgrade to openvpn-2.3.0

comment:5 Changed 15 months ago by cron2

  • Resolution set to fixed
  • Status changed from new to closed

yeah, sorry for sitting on this too long.

Patch applied to 2.3.0 and master. It's on the "if we ever do a 2.2.3 release, it could go in" list, but unless something security critical hits, we might not do another 2.2.x release

Note: See TracTickets for help on using tickets.