From patchwork Fri Apr 20 01:16:16 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 315 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director10.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net (Dovecot) with LMTP id 46GnHK7M2VoBNAAAIUCqbw for ; Fri, 20 Apr 2018 07:19:10 -0400 Received: from proxy13.mail.ord1d.rsapps.net ([172.30.191.6]) by director10.mail.ord1d.rsapps.net (Dovecot) with LMTP id yQVmBK7M2VrdTAAApN4f7A ; Fri, 20 Apr 2018 07:19:10 -0400 Received: from smtp1.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy13.mail.ord1d.rsapps.net with LMTP id YFZBHK7M2VpgdwAAgjf6aA ; Fri, 20 Apr 2018 07:19:10 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp1.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: a533b980-448c-11e8-88dd-5254002d775b-1-1 Received: from [216.105.38.7] ([216.105.38.7:13923] helo=lists.sourceforge.net) by smtp1.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id BA/3B-02840-DACC9DA5; Fri, 20 Apr 2018 07:19:09 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1f9U3E-0005FD-7T; Fri, 20 Apr 2018 11:18:00 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1f9U39-0005Em-Do for openvpn-devel@lists.sourceforge.net; Fri, 20 Apr 2018 11:17:55 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=77qnqWKTHM49f9WVeZWsm7qRpQf3lCwCUqK2W8igyYM=; b=KGIC/5EgF31WH8AykfR4LStQTf 9LixGTctFWeH/TFjvLuYmsBsCLy4p0uWRON/5lMKzw81WORQlBFvDIWwluHkDfSzmv4sd4osHW+zD Xl6QRbPhX/1xO/+xhDOcKWGj46C6WaVYcHG/pVZv+5IfjKOyQ1JtJfAS6Zk1EmTJRZH8=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=77qnqWKTHM49f9WVeZWsm7qRpQf3lCwCUqK2W8igyYM=; b=Dn9olfRS9uLLepIsE6CNVIDzUj r3H7vK5e+R0Z5ERqA3shePUM+chRtvn3xszYT0Lb99tk2CAHwtaXMns6YMAF4Zln7vUynSgkJa3iF YyJ4FlVt3I9IRvY7jB+0n0y+ME4w4T5t8BD6wW1w1bh/+P2KOpo2IdTrVNSU4ZwIzoGw=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-3.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) id 1f9U35-004bge-OL for openvpn-devel@lists.sourceforge.net; Fri, 20 Apr 2018 11:17:55 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Fri, 20 Apr 2018 19:16:16 +0800 Message-Id: <20180420111624.7230-1-a@unstable.cc> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [5.148.176.60 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1f9U35-004bge-OL Subject: [Openvpn-devel] [PATCH 0/4] add netlink support for Linux X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Hi all, finally this is the first "real" patchset that introduces native netlink support for the Linux platform. - Description: At the moment openvpn operates on the tun interface and on the routing table by directly invoking the "ip" command (or ifconfig/route if nettools is selected at compile time). With this patchset, openvpn would not need to fork new processes to run the "ip" binary any longer, but would directly talk to the kernel by means of the netlink interface. This means simpler/cleaner code and, possibly, faster execution. Another important advantage of this change is that the openvpn process will be in charge of directly working with the kernel, thus it can be granted special capabilities so that interfaces/routes operations can be carried out even when running as non-root. Christian Hesse is working on a follow-up patch to properly allow the above. This patchset also offers a first step towards a refactoring of the tun.c and route.c code. The idea moving forward is to drop nettools support once this patchset is merged, but to retain support for ip and the --ifconfig/route-noexec options. The last patch implements a little framework to test sitnl functionalities. Some functions are actually tested in the framework, but more should be added in the future. - Git: This code can also be found on GitHub (based on latest master) at: https://github.com/ordex/openvpn/tree/sitnl Regards, Antonio Quartulli (8): implement platform generic networking API implement networking API for iproute2 tun.c: use new networking API to handle tun interface on Linux route.c: use new networking API to handle routing table on Linux introduce sitnl: Simplified Interface To NetLink configure: don't check for route/ifconfig on linux route.c: use sitnl to implement get_default_gateway_ipv6() unit tests: implement test for sitnl configure.ac | 5 +- src/openvpn/Makefile.am | 1 + src/openvpn/errlevel.h | 1 + src/openvpn/networking.h | 225 ++++ src/openvpn/networking_ip.c | 368 ++++++ src/openvpn/networking_sitnl.c | 1206 ++++++++++++++++++++ src/openvpn/route.c | 364 ++---- src/openvpn/sitnl.h | 217 ++++ src/openvpn/tun.c | 199 +--- tests/Makefile.am | 3 +- tests/t_net.sh | 170 +++ tests/unit_tests/openvpn/Makefile.am | 23 +- tests/unit_tests/openvpn/test_networking.c | 217 ++++ 13 files changed, 2559 insertions(+), 440 deletions(-) create mode 100644 src/openvpn/networking.h create mode 100644 src/openvpn/networking_ip.c create mode 100644 src/openvpn/networking_sitnl.c create mode 100644 src/openvpn/sitnl.h create mode 100755 tests/t_net.sh create mode 100644 tests/unit_tests/openvpn/test_networking.c