From nobody Wed Nov 29 19:57:24 2023 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SgVTx08PLz52B4b for ; Wed, 29 Nov 2023 19:57:25 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SgVTw3lZ1z4YFS for ; Wed, 29 Nov 2023 19:57:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1701287844; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=lcUnNhV1VP7bTFR8m+4Fn2cgIlkAWV3buQllKrMnwAw=; b=W4Xwd8cAfuN0EzK4xxqKd7EsJm9vv8u/zp6/DipQxY+hm+fgepf7jxEckrqXOjKEHj7BsD /uflFPCNcZDzE242hlc2+4HNfg41uWRns1giuDkVH//cPbuX2UaPQeiftb+azZQgdmFsF2 RlXW7Kxcsfbuy4Svue6+9QQiJUlPrUqpbwHOp3qn129L70iRpWs8dGqDIiDqsFAncQuXdr fm+KNjGhgecoNg1Td0h3IcqCH9vm9cuyQTyBtSDmr1C4kqKsDb5OAK2E387vyC1g/vhfEq MI63o1igyeyJFk395hDIi0gyLfkxQN9EXyoWZPbs2jNMvSU/5HsjL7E+l3t9Xg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1701287844; a=rsa-sha256; cv=none; b=Esb1XqQjKk3zErsgLeRfPH6ufbT09ur0ecbcrMggRqoFgssucN3cgt9Zcz9dB/n3BLwFFg rnFpmYffbU/+Rgu4Js/4GxXtFETJND6iHnNAQIKksD3XC/YP6rBTiPKFvgV9ckGFFJ0jPs /95RClVjgEchdvCTzEOHzP/2nzHN4s6bUhXXBLnyPnxH5a7FICOByGmJevN6j+jteCUO1J opoukcQKKCg8hsBUtqhyZwgST8Q0oS5UMXrMFVc01brNL4FtQbeHbyYUHFMbX4ph+6ruct Yz5ozinQ2z/YLdh6segm8dXDUemyFp/rAcnrv3EVd3PaNSvle4Bc6ff8m768hg== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4SgVTw2pSBz4mt for ; Wed, 29 Nov 2023 19:57:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 3ATJvO6E088788 for ; Wed, 29 Nov 2023 19:57:24 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 3ATJvOX6088787 for net@FreeBSD.org; Wed, 29 Nov 2023 19:57:24 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 275323] OpenVPN topology subnet crash on initiate FreeBSD 14.0 Date: Wed, 29 Nov 2023 19:57:24 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: zarychtam@plan-b.pwste.edu.pl X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D275323 --- Comment #10 from Marek Zarychta --- I tried to reproduce this issue running OpenVPN 2.6.8 on 14.0-STABLE #2 stable/14-n265718-e4fb49e867ae: Sat Nov 11 12:59:50 CET 2023 but I was able= to do it only partially. I can confirm, that running the OpenVPN daemon as an ordinary user, or rather dropping privileges in the process after initialization is still possible on FreeBSD 14. On the other hand, DCO acceleration requires running the daemon as root which is expected behaviou= r, though not documented much. Since version 2.6.1 DCO, if available, is the default mode of OpenVPN[1]. FreeBSD 14.0 provides us with the required modu= le thanks to the effort of kp@, so upgrading to 14.0 activates this mode if config options are compatible with DCO. Some configs seemingly compatible w= ith DCO might break though, but that's pretty normal since our implementation is only 99.9% compatible with the one used on Linux (see for example bug 27366= 4). TL;DR - that PR wasn't describing any bug, just reported a misused new feat= ure which makes OpenVPN on FreeBSD 14 a lot more performant 1. https://github.com/OpenVPN/openvpn/blob/release/2.6/ChangeLog --=20 You are receiving this mail because: You are the assignee for the bug.=