From patchwork Fri Jan 14 06:14:39 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 2228 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director9.mail.ord1d.rsapps.net ([172.30.191.6]) by backend41.mail.ord1d.rsapps.net with LMTP id gJrGFN+x4WHaHgAAqwncew (envelope-from ) for ; Fri, 14 Jan 2022 12:24:47 -0500 Received: from proxy19.mail.ord1d.rsapps.net ([172.30.191.6]) by director9.mail.ord1d.rsapps.net with LMTP id KMHMJt+x4WFWTgAAalYnBA (envelope-from ) for ; Fri, 14 Jan 2022 12:24:47 -0500 Received: from smtp22.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy19.mail.ord1d.rsapps.net with LMTPS id uDB4Jt+x4WEncQAAyH2SIw (envelope-from ) for ; Fri, 14 Jan 2022 12:24:47 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp22.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: d31c83fc-755e-11ec-abac-5254001a15c2-1-1 Received: from [216.105.38.7] ([216.105.38.7:45130] helo=lists.sourceforge.net) by smtp22.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id F4/B8-14080-9D1B1E16; Fri, 14 Jan 2022 12:24:46 -0500 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1n8QGx-0006Ok-6g; Fri, 14 Jan 2022 17:21:53 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1n8QGv-0006Mv-VG for openvpn-devel@lists.sourceforge.net; Fri, 14 Jan 2022 17:21:52 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=4a6YJakSb41rRjZo78ct3DehE8x0uZHDz9amg27oWqU=; b=ispBQ71R6aAHlZX3nbbkjFAgfH TCOPuS+GtGAo8U6vxTz4UGfcFocD0fhlub9xyFNMFIVh23pYZ0a1MGkwIbp+SyDGR1q/adJ+vI3zu sEyrOeKJitYqd6ZFqhDOVqvQOF83Zoa4UUzgF9eJO2jrziAyLDxpzGyIh/p2Oht483h4=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=4a6YJakSb41rRjZo78ct3DehE8x0uZHDz9amg27oWqU=; b=M idJZ6TMAW+HS3z6Qvss6Gp2k75f59mweNqWL30sgegJQ9ZJxGj19lHzkvDPKxHqIytKLHgwksFdkc kh3eS6TO674JmalQB2FQXZU3QC+exR8+WJsgx5Iv4GNqwV9wKcP6wWsU41xUQS/CVep6AASCDpK0k 5gl2mAKwzzQiASH4=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1n8QAC-00FlJu-DN for openvpn-devel@lists.sourceforge.net; Fri, 14 Jan 2022 17:15:03 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Fri, 14 Jan 2022 18:14:39 +0100 Message-Id: <20220114171446.26446-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Hi all, I am happy to publish the second version of the RFC ovpn-dco support! This is going to be the *last RFC prototype* before submitting the code for official review and (possible) merge. Content analysis details: (0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_TEMPERROR SPF: test of record failed (temperror) 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-Headers-End: 1n8QAC-00FlJu-DN Subject: [Openvpn-devel] [RFC v2 0/7] Introduce ovpn-dco(-win) support X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Hi all, I am happy to publish the second version of the RFC ovpn-dco support! This is going to be the *last RFC prototype* before submitting the code for official review and (possible) merge. For this reason, please have a look, test and speak up any concern you may have! The code has changed quite a lot compared to the previous RFC: * DCO key handling has been refactored so that we now have two different functions for: - installing a new key into DCO - swapping keys after the new key is promoted to primary These two mechanisms were earlier combined in a key-dance function that now does not exist anymore. * the DCO API has been cleaned up: - dco.h contains the DCO API that the rest of the OpenVPN code is supposed to invoke. These functions are some kind of glue code between OpenVPN and the real ovpn-dco(-win). - dco_internal.h contains the actual driver API. Its implementation is platform dependant and can be found in dco_win.c or dco_linux.c. * DCO should happily work with both iproute2 and sitnl as it does not directly depend on either one. net_iface_new/del are now implemented in both backends. * added Linux DCO build in our GitHub Actions script. NOTE: the 'none' cipher is still supported but we're discussing whether to drop support in ovpn-dco before the release. NOTE2: this patchset requires the patch "tun: remove tun_finalize()" to be applied on master first. Linux DCO supports both client and server mode, while Windows DCO works in client mode only. Please test, break and have fun!! Happy weekend! ---------------- As mentioned in the previous version: This implementation supports both dco for Linux and for Windows. * For Linux, please get the ovpn-dco kernel module source at: https://gitlab.com/openvpn/ovpn-dco (alternatively, it is also packaged on various distributions along with OpenVPN3-for-Linux) * For Windows, a snapshot of the driver can be found on: https://github.com/OpenVPN/ovpn-dco-win/actions (note that "test signing" must be enabled on your Windows box, for the driver to be accepted. Instructions to enable this mode are here: https://github.com/OpenVPN/ovpn-dco-win/blob/master/README.md#installation DO IT AT YOUR OWN RISK) ----------------- Antonio Quartulli (4): networking: silence warnings about unused arguments networking: implement net_iface_new and net_iface_del APIs ovpn-dco: introduce linux data-channel offload support GitHub Actions: add Linux DCO build (on Ubuntu 20.04) Arne Schwabe (3): networking: remove duplicate methods from networking_sitnl.c tun: extract close_tun_handle into its own fucntion and print correct type ovpn-dco-win: introduce windows data-channel offload support .github/workflows/build.yaml | 19 +- Changes.rst | 7 + README.dco.md | 131 +++ config-msvc.h | 2 + configure.ac | 34 + contrib/vcpkg-ports/ovpn-dco-win/CONTROL | 3 + .../vcpkg-ports/ovpn-dco-win/portfile.cmake | 14 + doc/man-sections/advanced-options.rst | 13 + src/compat/Makefile.am | 3 +- src/compat/compat-dco_get_overlapped_result.c | 44 + src/compat/compat.h | 6 + src/compat/compat.vcxproj | 1 + src/compat/compat.vcxproj.filters | 3 + src/openvpn/Makefile.am | 3 + src/openvpn/crypto.c | 1 + src/openvpn/dco.c | 631 +++++++++++++ src/openvpn/dco.h | 279 ++++++ src/openvpn/dco_internal.h | 85 ++ src/openvpn/dco_linux.c | 869 ++++++++++++++++++ src/openvpn/dco_linux.h | 60 ++ src/openvpn/dco_win.c | 354 +++++++ src/openvpn/dco_win.h | 59 ++ src/openvpn/errlevel.h | 2 + src/openvpn/event.h | 3 + src/openvpn/forward.c | 59 +- src/openvpn/init.c | 163 +++- src/openvpn/init.h | 2 +- src/openvpn/misc.h | 3 +- src/openvpn/mtcp.c | 61 +- src/openvpn/mudp.c | 13 + src/openvpn/multi.c | 169 +++- src/openvpn/multi.h | 6 +- src/openvpn/networking.h | 36 +- src/openvpn/networking_iproute2.c | 34 + src/openvpn/networking_sitnl.c | 78 +- src/openvpn/openvpn.vcxproj | 8 +- src/openvpn/openvpn.vcxproj.filters | 17 +- src/openvpn/options.c | 37 +- src/openvpn/options.h | 15 + src/openvpn/ovpn-dco-win.h | 107 +++ src/openvpn/ovpn_dco_linux.h | 240 +++++ src/openvpn/socket.c | 105 ++- src/openvpn/socket.h | 21 +- src/openvpn/ssl.c | 81 +- src/openvpn/ssl.h | 7 +- src/openvpn/ssl_common.h | 23 + src/openvpn/ssl_ncp.c | 2 +- src/openvpn/tun.c | 243 +++-- src/openvpn/tun.h | 62 +- tests/unit_tests/openvpn/test_networking.c | 25 +- 50 files changed, 4005 insertions(+), 238 deletions(-) create mode 100644 README.dco.md create mode 100644 contrib/vcpkg-ports/ovpn-dco-win/CONTROL create mode 100644 contrib/vcpkg-ports/ovpn-dco-win/portfile.cmake create mode 100644 src/compat/compat-dco_get_overlapped_result.c create mode 100644 src/openvpn/dco.c create mode 100644 src/openvpn/dco.h create mode 100644 src/openvpn/dco_internal.h create mode 100644 src/openvpn/dco_linux.c create mode 100644 src/openvpn/dco_linux.h create mode 100644 src/openvpn/dco_win.c create mode 100644 src/openvpn/dco_win.h create mode 100644 src/openvpn/ovpn-dco-win.h create mode 100644 src/openvpn/ovpn_dco_linux.h