Opened 12 years ago
Closed 10 years ago
#158 closed Bug / Defect (fixed)
TCP_NODELAY not detected properly on FreeBSD 8.0-RELEASE-p6
| Reported by: | Onepamopa | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | Generic / unclassified | Version: | OpenVPN 2.1.0 / 2.1.1 (Community Ed) |
| Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
| Cc: |
Description
OS: FreeBSD 8.0-RELEASE-p6 x64
OpenVPN version installed from ports:
[root@server /usr/local/etc/openvpn]# openvpn --version
OpenVPN 2.1.1 amd64-portbld-freebsd8.0 [SSL] [LZO2] built on Mar 2 2011
Check if tcp_nodelay is enabled:
[root@server ~]# sysctl -a |grep net.inet.tcp.delayed_ack
net.inet.tcp.delayed_ack: 1
Enable tcp-nodelay @ openvpn server config.
tcp-nodelay (also tested with tcp-nodelay 1)
verb 4
Start openvpn server and look for message:
NOTE: setsockopt TCP_NODELAY=1 failed (No kernel support)
According to guys @ #freebsd, tcp_nodelay is enabled but openvpn doesn't know how to detect/use it.
Change History (5)
comment:1 Changed 11 years ago by
comment:2 Changed 10 years ago by
The problem is that the TCP_NODELAY definition is missing rather than HAVE_SETSOCKOPT. OpenVPN does not include the necessary system header on FreeBSD.
Fix:
--- syshead.h.orig +++ syshead.h @@ -295,12 +295,16 @@ #endif #ifdef HAVE_NETINET_IP_H #include <netinet/ip.h> #endif +#ifdef HAVE_NETINET_TCP_H +#include <netinet/tcp.h> +#endif + #ifdef HAVE_NET_IF_TUN_H #include <net/if_tun.h> #endif #endif /* TARGET_FREEBSD */
comment:4 Changed 10 years ago by
Patch coming up in FreeBSD ports:
- upcoming new port security/openvpn22 as of openvpn-2.2.2_1
- security/openvpn as of upcoming upgrade to openvpn-2.3.0
comment:5 Changed 10 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
yeah, sorry for sitting on this too long.
Patch applied to 2.3.0 and master. It's on the "if we ever do a 2.2.3 release, it could go in" list, but unless something security critical hits, we might not do another 2.2.x release
This defect is still active under FreeBSD 8.3-RELEASE with openvpn 2.2.2 .
HAVE_SETSOCKOPT seems not to be defined in base system libraries included by openvpn and won't be set by configure, so the right branch gets excluded by preprocessor.
./socket.c
... #if defined(WIN32) || (defined(HAVE_SETSOCKOPT) && defined(IPPROTO_TCP) && defined(TCP_NODELAY)) if (setsockopt (sd, IPPROTO_TCP, TCP_NODELAY, (void *) &state, sizeof (state)) != 0) { msg (M_WARN, "NOTE: setsockopt TCP_NODELAY=%d failed", state); return false; } else { dmsg (D_OSBUF, "Socket flags: TCP_NODELAY=%d succeeded", state); return true; } #else msg (M_WARN, "NOTE: setsockopt TCP_NODELAY=%d failed (No kernel support)", state); return false; #endif } ...