From patchwork Sun Apr  1 03:16:11 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Antonio Quartulli <a@unstable.cc>
X-Patchwork-Id: 279
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director12.mail.ord1d.rsapps.net ([172.27.255.8])
	by backend30.mail.ord1d.rsapps.net (Dovecot) with LMTP id
 +5XpLf/hwFqJagAAIUCqbw
	for <patchwork@openvpn.net>; Sun, 01 Apr 2018 09:43:27 -0400
Received: from proxy7.mail.iad3a.rsapps.net ([172.27.255.8])
	by director12.mail.ord1d.rsapps.net (Dovecot) with LMTP id
 98/SAf/hwFrnNgAAIasKDg
	; Sun, 01 Apr 2018 09:43:27 -0400
Received: from smtp52.gate.iad3a ([172.27.255.8])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy7.mail.iad3a.rsapps.net with LMTP id 4JfGJf/hwFqhWwAAnPvY+A
	; Sun, 01 Apr 2018 09:43:27 -0400
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: openvpnslackdevel@openvpn.net
X-Originating-Ip: [216.105.38.7]
Authentication-Results: smtp52.gate.iad3a.rsapps.net;
 iprev=pass policy.iprev="216.105.38.7";
 spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net"
 smtp.helo="lists.sourceforge.net";
 dkim=fail (signature verification failed) header.d=sourceforge.net;
 dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil;
 dis=none) header.from=unstable.cc
X-Suspicious-Flag: YES
X-Classification-ID: a7848e64-35b2-11e8-96ea-525400a7d0a1-1-1
Received: from [216.105.38.7] ([216.105.38.7:61502]
 helo=lists.sourceforge.net)
	by smtp52.gate.iad3a.rsapps.net (envelope-from
 <openvpn-devel-bounces@lists.sourceforge.net>)
	(ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS
 (cipher=DHE-RSA-AES256-GCM-SHA384)
	id 20/E8-16988-FF1E0CA5; Sun, 01 Apr 2018 09:43:27 -0400
Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com)
	by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1f2dG1-0007mU-52; Sun, 01 Apr 2018 13:42:53 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
 by sfs-ml-1.v29.lw.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1)
 (envelope-from <a@unstable.cc>) id 1f2dG0-0007mG-5A
 for openvpn-devel@lists.sourceforge.net; Sun, 01 Apr 2018 13:42:52 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:
 MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=nzCjbt41jer/80sq3pSRRfxkARf1OLmHIuQeeqtYFWE=; b=enXixhqQ23vkx2cAQq8FGQNAQl
 hzM1gV+f0itjNRBlwlGKdrMGlKrhhAKEHs0VhzLAuy+Ag5MkzAjZKXBeTzEntNg2auzCpXETLvc3S
 oKt+KYd2aetqgP2wXxfHHQNTawraRGqgsew5UlkYPR0KH/xVDH5XEyVLeoJ2umNHmtgE=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:MIME-Version:
 Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:
 Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
 In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=nzCjbt41jer/80sq3pSRRfxkARf1OLmHIuQeeqtYFWE=; b=Ptn8ysCfrlOcppfT4S8lSpCiOj
 PqLnTUvptHCLkWN4ONEwSHEPaicXND8wwk7Nav6qoW6O8eXixNsXnzNbdolLXoPw+L4kPJ6wGguIH
 dLzQJN4QyZH2/O5lrM1E6D31LaUofrS/N6kjnk8YiazcOgoErJoEZhphSaHt3VjZ+iSs=;
Received: from s2.neomailbox.net ([5.148.176.60])
 by sfi-mx-2.v28.lw.sourceforge.com with esmtps
 (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1)
 id 1f2dFv-0056se-7d
 for openvpn-devel@lists.sourceforge.net; Sun, 01 Apr 2018 13:42:52 +0000
From: Antonio Quartulli <a@unstable.cc>
To: openvpn-devel@lists.sourceforge.net
Date: Sun,  1 Apr 2018 21:16:11 +0800
Message-Id: <20180401131615.12567-1-a@unstable.cc>
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
 See http://spamassassin.org/tag/ for more details.
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at http://www.dnswl.org/, no
 trust [5.148.176.60 listed in list.dnswl.org]
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 -0.0 SPF_PASS               SPF: sender matches SPF record
X-Headers-End: 1f2dFv-0056se-7d
Subject: [Openvpn-devel] [RFC 0/4] add netlink support for Linux
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Cc: Antonio Quartulli <a@unstable.cc>
MIME-Version: 1.0
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox

Hi all,

this patchset introduces native netlink support for the Linux platform.

At the moment openvpn operates on the tun interface and on the routing
table by directly invoking the "ip" command (or ifconfig/route if
nettools is selected at compile time).

With this patchset, openvpn would not need to fork new processes to
run the "ip" binary any longer, but would directly talk to the kernel
by means of the netlink interface.
This means simpler/cleaner code and, possibly, faster execution.

Another important advantage of this change is that the openvpn
process will be in charge of directly working with the kernel, thus
it can be granted special capabilities so that interfaces/routes
operations can be carried out even when running as non-root.

Christian Hesse is working on a follow-up patch to properly allow the
above.

This patchset also offers a first step towards a refactoring
of the tun.c and route.c code.


The idea moving forward is to drop nettools support once this patchset
is merged, but to retain support for ip and the --ifconfig/route-noexec
options.


Feedback of any type is of course welcome.


This patch is posted as RFC because, as agreed during the last
Hackathon, it will be considered for merging only when unit-tests
will also be available. On to pof that, several aspects (like
allowing iproute2 to be still used) have to be properly implemented.


This code can also be found on GitHub (based on latest master) at:
https://github.com/ordex/openvpn/tree/sitnl


Regards,


Antonio Quartulli (4):
  configure: add LINUX conditional variable
  introduce sitnl: Simplified Interface To NetLink
  tun.c: use sitnl to handle tun configuration on Linux
  route.c: use sitnl to handle route configuration on Linux

 configure.ac            |    2 +
 src/openvpn/Makefile.am |    3 +
 src/openvpn/errlevel.h  |    1 +
 src/openvpn/route.c     |  364 +++------------
 src/openvpn/sitnl.c     | 1195 +++++++++++++++++++++++++++++++++++++++++++++++
 src/openvpn/sitnl.h     |  217 +++++++++
 src/openvpn/tun.c       |  199 +++-----
 7 files changed, 1547 insertions(+), 434 deletions(-)
 create mode 100644 src/openvpn/sitnl.c
 create mode 100644 src/openvpn/sitnl.h