[Openvpn-devel,RFC,0/8] Introduce ovpn-dco(-win) support

Message ID 20211207121137.3221-1-a@unstable.cc
Headers show
Series
  • Introduce ovpn-dco(-win) support
Related show

Message

Antonio Quartulli Dec. 7, 2021, 12:11 p.m.
This is a first implementation of the ovpn-dco support in OpenVPN2.
It is sent as RFC because it is not intended for final review/merge, but
rather to collect additional feedback and allow users to test it.

This implementation supports both dco for Linux and for Windows.
* For Linux, please get the ovpn-dco kernel module source at:
https://gitlab.com/openvpn/ovpn-dco
(alternatively, it is also packaged on various distributions along with
OpenVPN3-for-Linux)

* For Windows, a snapshot of the driver can be found on:
https://github.com/OpenVPN/ovpn-dco-win/actions
(note that "test signing" must be enabled on your Windows box, for the
driver to be accepted. Instructions to enable this mode are here:
https://github.com/OpenVPN/ovpn-dco-win/blob/master/README.md#installation
DO IT AT YOUR OWN RISK)

In the meantime the code is still being rearranged a bit and a newer
version, including all collected feedback, will be sent later on.

Known expected changes are:
* refactoring of the networking API implementation
* tun open logic (i.e. merge it with the current logic used by other
  platforms)
* options handling

When running ./configure, if --enable-dco is specified, then
DCO_INCLUDEDIR must be defined and should point to where the ovpn-dco
header can be found.

For example, it can be configure'd like this:

./configure --enable-dco DCO_INCLUDEDIR=/path/to/include/uapi/

ovpn-dco is enabled opportunistically, which means that it is always on,
unless some conflicting option has been chosen (because ovpn-dco does not
support all known openvpn options) or if disabled explicitly.

Feel free to test/break/comment. Any input is highly appreciated.

Best Regards,




Antonio Quartulli (2):
  networking: silence warnings about unused arguments
  ovpn-dco: force user to set DCO_INCLUDEDIR

Arne Schwabe (5):
  networking: remove duplicate methods from networking_sitnl.c
  sitnl: implement net_iface_new and net_iface_del
  ovpn-dco: introduce linux data-channel offload support
  tun: extract close_tun_handle into its own fucntion and print correct
    type
  ovpn-dco-win: introduce windows data-channel offload support

Lev Stipakov (1):
  ovpn-dco-win: fix mingw i686 build

 Changes.rst                                   |   7 +
 README.dco.md                                 | 132 +++
 config-msvc.h                                 |  12 +-
 configure.ac                                  |  66 ++
 doc/man-sections/advanced-options.rst         |  13 +
 src/compat/Makefile.am                        |   3 +-
 src/compat/compat-dco_get_overlapped_result.c |  44 +
 src/compat/compat.h                           |   6 +
 src/compat/compat.vcxproj                     |   1 +
 src/compat/compat.vcxproj.filters             |   3 +
 src/openvpn/Makefile.am                       |   9 +-
 src/openvpn/crypto.c                          |  10 +
 src/openvpn/crypto.h                          |   6 +
 src/openvpn/dco.c                             | 272 ++++++
 src/openvpn/dco.h                             | 119 +++
 src/openvpn/errlevel.h                        |   2 +
 src/openvpn/event.h                           |   3 +
 src/openvpn/forward.c                         |  66 +-
 src/openvpn/init.c                            | 195 +++-
 src/openvpn/init.h                            |   2 +-
 src/openvpn/mtcp.c                            |  61 +-
 src/openvpn/mudp.c                            |  13 +
 src/openvpn/multi.c                           | 278 +++++-
 src/openvpn/multi.h                           |   6 +-
 src/openvpn/networking.h                      |  11 +-
 src/openvpn/networking_linuxdco.c             | 848 ++++++++++++++++++
 src/openvpn/networking_linuxdco.h             |  85 ++
 src/openvpn/networking_sitnl.c                | 116 ++-
 src/openvpn/networking_sitnl.h                |  28 +
 src/openvpn/networking_windco.c               | 306 +++++++
 src/openvpn/networking_windco.h               |  47 +
 src/openvpn/openvpn.vcxproj                   |   6 +-
 src/openvpn/openvpn.vcxproj.filters           |  12 +
 src/openvpn/options.c                         | 181 +++-
 src/openvpn/options.h                         |  41 +
 src/openvpn/socket.c                          | 125 ++-
 src/openvpn/socket.h                          |  58 +-
 src/openvpn/ssl.c                             |   6 +-
 src/openvpn/ssl_common.h                      |  13 +
 src/openvpn/ssl_ncp.c                         |   2 +-
 src/openvpn/tun.c                             | 130 ++-
 src/openvpn/tun.h                             |  60 +-
 tests/unit_tests/openvpn/test_networking.c    |  27 +-
 43 files changed, 3265 insertions(+), 166 deletions(-)
 create mode 100644 README.dco.md
 create mode 100644 src/compat/compat-dco_get_overlapped_result.c
 create mode 100644 src/openvpn/dco.c
 create mode 100644 src/openvpn/dco.h
 create mode 100644 src/openvpn/networking_linuxdco.c
 create mode 100644 src/openvpn/networking_linuxdco.h
 create mode 100644 src/openvpn/networking_windco.c
 create mode 100644 src/openvpn/networking_windco.h

Comments

Lev Stipakov Dec. 8, 2021, 7:49 a.m. | #1
Hi,

1) 7/8 should be squashed into 6/8, because 6/8 "ovpn-dco-win:
introduce windows data-channel offload support" breaks mingw i686
build, which 7/8 "ovpn-dco-win: fix mingw i686 build" fixes.

2)  Patch 6/8 "ovpn-dco-win: introduce windows data-channel offload
support" has commented out certain msvc defines - this was needed
because back then (when patch was originally written) MSVC didn't
support lzo/pkcs11, but now everything is supported
(we build releases with MSVC) and those defines needed to be brought
back. I have fixed that in my branch:
https://github.com/lstipakov/openvpn/commit/5f09bce8a50778fca9904f916f5b1073046aee84
and this needs to be squashed into 6/8

3) At the moment this doesn't compile with GitHub actions because of
a) missing ovpn-dco-win vcpkg port and b) "generic" build system code
has a bug in regards to ovpn-dco-win support. This is the fix for
MSVC/vcpkg: https://github.com/lstipakov/openvpn/commit/96a38f88254ae6ffee1cc262a295e62edecb213a
and this is for generic build system:
https://github.com/lstipakov/openvpn/commit/3058675e63a84e93bd5612238ecbd41cca463a0a
As before they needed to be squashed into "feature" commits and not
added separately as "fixes"

All those fixes are in my repo and GitHub Actions are green:
https://github.com/lstipakov/openvpn/actions/runs/1551278629

-Lev
Antonio Quartulli Dec. 13, 2021, 9:15 a.m. | #2
Hi,

On 08/12/2021 08:49, Lev Stipakov wrote:
> All those fixes are in my repo and GitHub Actions are green:
> https://github.com/lstipakov/openvpn/actions/runs/1551278629
> 

Thanks for providing these fixes, Lev.

I have squashed all your new patches and I have also applied some minor 
corrections to make sure everything would still build.

Now GH Actions are all green again.

Thanks a lot.

Best Regards,