From patchwork Wed Apr 25 09:57:14 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 323 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director11.mail.ord1d.rsapps.net ([172.27.255.8]) by backend30.mail.ord1d.rsapps.net (Dovecot) with LMTP id Wx3aKDXe4FqfPwAAIUCqbw for ; Wed, 25 Apr 2018 15:59:49 -0400 Received: from proxy17.mail.iad3a.rsapps.net ([172.27.255.8]) by director11.mail.ord1d.rsapps.net (Dovecot) with LMTP id q1h0ITXe4FrBNgAAvGGmqA ; Wed, 25 Apr 2018 15:59:49 -0400 Received: from smtp21.gate.iad3a ([172.27.255.8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy17.mail.iad3a.rsapps.net with LMTP id sCLwHjXe4FpXPwAAR4KW9A ; Wed, 25 Apr 2018 15:59:49 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp21.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: 352b203e-48c3-11e8-8017-525400e75841-1-1 Received: from [216.105.38.7] ([216.105.38.7:55528] helo=lists.sourceforge.net) by smtp21.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id EA/FB-21855-43ED0EA5; Wed, 25 Apr 2018 15:59:49 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1fBQZ3-00015b-NS; Wed, 25 Apr 2018 19:58:53 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1fBQZ1-00015P-Li for openvpn-devel@lists.sourceforge.net; Wed, 25 Apr 2018 19:58:51 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=38MzOGisEgqKlKqy0F/5NDj53mSQUSvfLSIxpq9cTPU=; b=f0kO+Q+TZuizfHmrIbC39MrAOI waStynJ9oKooddqgCZCR2Rt1SBDZfEkA5IOPt/o6TcFBmVdkUU7pUVxBdmqo0eoxwtIP8l2BxyOMa st3Kx8wuXfcSqzw+4lLg64LFUx7qhwvzJBK/8dGTW02a2cn5vqrdMY6dC0ZeG7J1rAyc=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=38MzOGisEgqKlKqy0F/5NDj53mSQUSvfLSIxpq9cTPU=; b=fU5HMaaqNMQ24AJBuMnPGFG4gc zb2YyFEkMm4bbw/nvCi/DmADbCjGqrHgeVFZQpuEzor44L2wFbTnjHh6LIfX0NbHCTNMFgrHFutHU JtcEmzh119jKunFLBsYzIh/g7pLvqOLBPncveYRQT0KHEAyC/Ur0vaSmoJCT91Zyz+6Q=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-4.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) id 1fBQYz-00EwZ7-Bs for openvpn-devel@lists.sourceforge.net; Wed, 25 Apr 2018 19:58:51 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Thu, 26 Apr 2018 03:57:14 +0800 Message-Id: <20180425195722.20744-1-a@unstable.cc> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [5.148.176.60 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1fBQYz-00EwZ7-Bs Subject: [Openvpn-devel] [RFC 0/8] server: support listening on multiple ports/IPs X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This patchset allows a server to listen on multiple sockets concurrently. Practically this means that an admin can configure his/her server to listen on multiple IPs and/or multiple ports at the same time. The new behaviour can be configured by using an extension of the current "--local" option. In particular, the new directive syntax is "--local IP [port]" and it can appear multiple times in the same server config. Each occurrence represents a single socket. "IP" can be an IPv4, IPv6, an hostname or *. Multiple "--local" directives can combine all of the above. The special case "*" will mimic what currently happens on a server when no "--local" is specified, but in this case it gives a chance to specify a port. The special addresses 0.0.0.0 and :: are also allowed and they can be used to explicitly bind only IPv4 o v6. If no port is specified, the value coming from "lport" is used (1194 by default). At the moment the protocol cannot be customized and the one specified by the "--proto" directive will always be used. Future development will aim at making the protocol part of the "--local" directive and finally have multi protocol support on the same instance. This patchset is an RFC because it requires feedback and testing, especially when used in client mode with all kind of weird options. It currently passes "make check" and our "internal buildbot" tests. Interested users can also get this code branch from: https://github.com/ordex/openvpn/tree/multiport Cheers, Antonio Quartulli (8): event/multi: add event_arg object to make event handling more generic pass link_socket object to i/o functions io_work: convert shift argument to uintptr_t io_work: pass event_arg object to event handler in case of socket event allow tcp/udp server to listen on multiple ports at the same time if a local IPv6 address is provided, socket must be v6-only allow user to specify 'local' multiple times in config files override ai_family if 'local' numeric address was specified doc/openvpn.8 | 10 +- src/openvpn/event.h | 22 ++++ src/openvpn/forward-inline.h | 15 ++- src/openvpn/forward.c | 137 +++++++++++++++--------- src/openvpn/forward.h | 35 ++++--- src/openvpn/init.c | 198 +++++++++++++++++++++++------------ src/openvpn/init.h | 3 +- src/openvpn/mtcp.c | 113 ++++++++++++-------- src/openvpn/mudp.c | 19 +++- src/openvpn/mudp.h | 6 +- src/openvpn/multi.c | 27 +++-- src/openvpn/multi.h | 15 ++- src/openvpn/openvpn.c | 2 +- src/openvpn/openvpn.h | 9 +- src/openvpn/options.c | 162 +++++++++++++++++++++++----- src/openvpn/options.h | 15 ++- src/openvpn/ping-inline.h | 2 +- src/openvpn/socket.c | 55 ++++++++-- src/openvpn/socket.h | 8 +- 19 files changed, 602 insertions(+), 251 deletions(-)