From patchwork Tue Dec 7 01:11:29 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 2114 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director8.mail.ord1d.rsapps.net ([172.28.255.1]) by backend41.mail.ord1d.rsapps.net with LMTP id YDclOtdPr2E1LgAAqwncew (envelope-from ) for ; Tue, 07 Dec 2021 07:13:11 -0500 Received: from proxy3.mail.ord1c.rsapps.net ([172.28.255.1]) by director8.mail.ord1d.rsapps.net with LMTP id UMuBDdhPr2G8RgAAfY0hYg (envelope-from ) for ; Tue, 07 Dec 2021 07:13:12 -0500 Received: from smtp39.gate.ord1c ([172.28.255.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy3.mail.ord1c.rsapps.net with LMTPS id QNMRDdhPr2FURwAANIxBXg (envelope-from ) for ; Tue, 07 Dec 2021 07:13:12 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp39.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: 0bc79834-5757-11ec-9615-5452006c005a-1-1 Received: from [216.105.38.7] ([216.105.38.7:43886] helo=lists.sourceforge.net) by smtp39.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 66/E4-19324-7DF4FA16; Tue, 07 Dec 2021 07:13:11 -0500 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1muZKU-0004pp-KZ; Tue, 07 Dec 2021 12:12:19 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1muZKN-0004oq-2c for openvpn-devel@lists.sourceforge.net; Tue, 07 Dec 2021 12:12:12 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=PwBlF4bnNUT41SMRa7lsk4C/Kt4ezN26n39GdgPAXYo=; b=knDq7iMl5LQFfEsW8+DFZdkLvj H2ixHUszvl3CMlFOFURGhI168/wuGNdXVflt8+7VDp79ZN2bjEeCb542T431IuJr1z86eo4yjCnRZ SPn3oT7FMHkajasg3EDnYDf2Vnx7eo075qTk7JQaS99MBy/Gu1dNS0dqM8jIc8PkV/ro=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=PwBlF4bnNUT41SMRa7lsk4C/Kt4ezN26n39GdgPAXYo=; b=P Zw2thZqRr5/CK7wsDjZ/OooMwXhZXDURTr47tfpFrHVRc/ZcV/iFwMKBB9atow9A2ZnJLEW0pvSrI KtoFc8/1r4t8jf3m9NeVIglxKyjYB25WyYGTNXQCZMZX/zGHrvUX2JLh4/jx5mVkMu5XV2KrmR06o vSDq/iiuIbUu2VPU=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1muZKG-007MQE-VS for openvpn-devel@lists.sourceforge.net; Tue, 07 Dec 2021 12:12:12 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Tue, 7 Dec 2021 13:11:29 +0100 Message-Id: <20211207121137.3221-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This is a first implementation of the ovpn-dco support in OpenVPN2. It is sent as RFC because it is not intended for final review/merge, but rather to collect additional feedback and allow users to te [...] Content analysis details: (0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1muZKG-007MQE-VS Subject: [Openvpn-devel] [RFC 0/8] Introduce ovpn-dco(-win) support X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This is a first implementation of the ovpn-dco support in OpenVPN2. It is sent as RFC because it is not intended for final review/merge, but rather to collect additional feedback and allow users to test it. This implementation supports both dco for Linux and for Windows. * For Linux, please get the ovpn-dco kernel module source at: https://gitlab.com/openvpn/ovpn-dco (alternatively, it is also packaged on various distributions along with OpenVPN3-for-Linux) * For Windows, a snapshot of the driver can be found on: https://github.com/OpenVPN/ovpn-dco-win/actions (note that "test signing" must be enabled on your Windows box, for the driver to be accepted. Instructions to enable this mode are here: https://github.com/OpenVPN/ovpn-dco-win/blob/master/README.md#installation DO IT AT YOUR OWN RISK) In the meantime the code is still being rearranged a bit and a newer version, including all collected feedback, will be sent later on. Known expected changes are: * refactoring of the networking API implementation * tun open logic (i.e. merge it with the current logic used by other platforms) * options handling When running ./configure, if --enable-dco is specified, then DCO_INCLUDEDIR must be defined and should point to where the ovpn-dco header can be found. For example, it can be configure'd like this: ./configure --enable-dco DCO_INCLUDEDIR=/path/to/include/uapi/ ovpn-dco is enabled opportunistically, which means that it is always on, unless some conflicting option has been chosen (because ovpn-dco does not support all known openvpn options) or if disabled explicitly. Feel free to test/break/comment. Any input is highly appreciated. Best Regards, Antonio Quartulli (2): networking: silence warnings about unused arguments ovpn-dco: force user to set DCO_INCLUDEDIR Arne Schwabe (5): networking: remove duplicate methods from networking_sitnl.c sitnl: implement net_iface_new and net_iface_del ovpn-dco: introduce linux data-channel offload support tun: extract close_tun_handle into its own fucntion and print correct type ovpn-dco-win: introduce windows data-channel offload support Lev Stipakov (1): ovpn-dco-win: fix mingw i686 build Changes.rst | 7 + README.dco.md | 132 +++ config-msvc.h | 12 +- configure.ac | 66 ++ doc/man-sections/advanced-options.rst | 13 + src/compat/Makefile.am | 3 +- src/compat/compat-dco_get_overlapped_result.c | 44 + src/compat/compat.h | 6 + src/compat/compat.vcxproj | 1 + src/compat/compat.vcxproj.filters | 3 + src/openvpn/Makefile.am | 9 +- src/openvpn/crypto.c | 10 + src/openvpn/crypto.h | 6 + src/openvpn/dco.c | 272 ++++++ src/openvpn/dco.h | 119 +++ src/openvpn/errlevel.h | 2 + src/openvpn/event.h | 3 + src/openvpn/forward.c | 66 +- src/openvpn/init.c | 195 +++- src/openvpn/init.h | 2 +- src/openvpn/mtcp.c | 61 +- src/openvpn/mudp.c | 13 + src/openvpn/multi.c | 278 +++++- src/openvpn/multi.h | 6 +- src/openvpn/networking.h | 11 +- src/openvpn/networking_linuxdco.c | 848 ++++++++++++++++++ src/openvpn/networking_linuxdco.h | 85 ++ src/openvpn/networking_sitnl.c | 116 ++- src/openvpn/networking_sitnl.h | 28 + src/openvpn/networking_windco.c | 306 +++++++ src/openvpn/networking_windco.h | 47 + src/openvpn/openvpn.vcxproj | 6 +- src/openvpn/openvpn.vcxproj.filters | 12 + src/openvpn/options.c | 181 +++- src/openvpn/options.h | 41 + src/openvpn/socket.c | 125 ++- src/openvpn/socket.h | 58 +- src/openvpn/ssl.c | 6 +- src/openvpn/ssl_common.h | 13 + src/openvpn/ssl_ncp.c | 2 +- src/openvpn/tun.c | 130 ++- src/openvpn/tun.h | 60 +- tests/unit_tests/openvpn/test_networking.c | 27 +- 43 files changed, 3265 insertions(+), 166 deletions(-) create mode 100644 README.dco.md create mode 100644 src/compat/compat-dco_get_overlapped_result.c create mode 100644 src/openvpn/dco.c create mode 100644 src/openvpn/dco.h create mode 100644 src/openvpn/networking_linuxdco.c create mode 100644 src/openvpn/networking_linuxdco.h create mode 100644 src/openvpn/networking_windco.c create mode 100644 src/openvpn/networking_windco.h