From patchwork Sun Dec 30 00:28:57 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 654 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director7.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id APAfCZisKFyRSAAAIUCqbw for ; Sun, 30 Dec 2018 06:31:36 -0500 Received: from proxy3.mail.ord1d.rsapps.net ([172.30.191.6]) by director7.mail.ord1d.rsapps.net with LMTP id 6H0JCZisKFwfPQAAovjBpQ ; Sun, 30 Dec 2018 06:31:36 -0500 Received: from smtp10.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy3.mail.ord1d.rsapps.net with LMTP id GGHOCJisKFw0UAAA7WKfLA ; Sun, 30 Dec 2018 06:31:36 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp10.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: 76d4f15a-0c26-11e9-ae2c-52540013bccb-1-1 Received: from [216.105.38.7] ([216.105.38.7:24302] helo=lists.sourceforge.net) by smtp10.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 73/B0-26478-79CA82C5; Sun, 30 Dec 2018 06:31:36 -0500 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1gdZIQ-0004Zx-3x; Sun, 30 Dec 2018 11:30:18 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1gdZIO-0004Zq-G7 for openvpn-devel@lists.sourceforge.net; Sun, 30 Dec 2018 11:30:16 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=A0z22EpK6Uvrk3rsz/YuM6ua7wZ/7RNyKmYXy7v0i6I=; b=Ajh93S8Z5TkojMLU29ZY5eKzpj /0Qq5Xfen6p2D8xU7KnyMPDItAv2T9LDQSnNJ8nnE9EPUuO5IqV5LmHz3WO/r+XALJyG3swNyq+pX rgPb0r8HemoNZjNJw2DEky365j3p3ZptfHRjMnX0zHG0s0bidGZhnDIjX1VOWRCI6FXg=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=A0z22EpK6Uvrk3rsz/YuM6ua7wZ/7RNyKmYXy7v0i6I=; b=S MNYRPSkee6GmAI8pk5NvURFOcg8REYQcuDHpd6RSftFakIr2od6LlY0gBTAXE5aoZ6ctqQI5fKEtE rTRxvgWnQl1v9qWOzv/o3hkAGFt3zqQ+fEWarBScjDJOTHLbNV/QsTwNqv+7XCfg3LOp8DxXhxJbw G9UpzJ/J7Dzpoyco=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-4.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) id 1gdZIK-006SBw-Rh for openvpn-devel@lists.sourceforge.net; Sun, 30 Dec 2018 11:30:16 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Sun, 30 Dec 2018 21:28:57 +1000 Message-Id: <20181230112901.29241-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [5.148.176.60 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1gdZIK-006SBw-Rh Subject: [Openvpn-devel] [PATCH 0/4] Transport API: offload traffic manipulation to plugins X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: antonio@openvpn.net, Brandon Wiley Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Antonio Quartulli Dear all, This patchset implements a new API called "Transport API" which allows the core codebase to offload traffic/socket manipulations to an external plugin. To understand its potential, imagine you want to apply a specific "mutation" on any packet going out and apply the its inverse, on the receiver side, for any incoming packet. Without this patchset, achieving this result would require a big surgery through the OpenVPN code, and it would be the same for any new mutation one wants to implements. Thanks to this new API the deemed effort is drastically reduced. In a few words, OpenVPN becomes extendible on a new front, by cutting the need to touch the core codebase any longer. An easy to imagine use case for this new API would be any "traffic obfuscation technique": instead of patching the core code (like the famous "xor patch"), a developer is now allowed to implement an external obfuscation plugin and distribute/maintain it indepdendently. This patchset comes with a sample plugin (obfs-test) which can be used as starting point for new implementations. Any feedback is welcome! Note: the code has gone through the following tests with positive outcome: - uncrustify - GitLab-CI (with my configs) - openvpn community buildbots Since it is quite a change (even though most of the new code is fairly isolated in its own module - transport.c/h), I expect more comments/discussion/bugs to spark from here. In any case, please consider myself as direct contact point to discuss further changes and improvements (even though I am not the signer of the patches). I'll be in responsible for ensuring this code gets merged sooner rather than later. Thanks a lot!! == Credits == This code has been developed by the Operator Foundation[1], under the umbrella project called "Jigsaw"[2], mainly promoted/sponsored by Google, Inc. Brandon, reading this email in CC, has been the contact point on the Operator Foundation's side, while Justin (in CC as well), managed the task on Google's behalf. OpenVPN, Inc. has offered its support to the cause by allowing its devs to allocate a number of hours to follow the project and ensure it could get all the guidance it required. [1] https://operatorfoundation.org/ [2] https://jigsaw.google.com/ Best Regards, Robin Tarsiger (4): transport: introduce tranport API plugin codebase socket: introduce INDIRECT transport protocol abstraction options: add support for --transport-plugin transport-plugin: add sample obfs-test plugin configure.ac | 9 + doc/openvpn.8 | 40 ++ include/Makefile.am | 1 + include/openvpn-plugin.h.in | 31 +- include/openvpn-transport.h | 240 +++++++++ src/openvpn/Makefile.am | 1 + src/openvpn/forward.c | 5 + src/openvpn/init.c | 1 + src/openvpn/options.c | 31 ++ src/openvpn/options.h | 1 + src/openvpn/plugin.c | 4 + src/openvpn/plugin.h | 1 + src/openvpn/socket.c | 148 +++++- src/openvpn/socket.h | 74 +++ src/openvpn/transport.c | 303 +++++++++++ src/openvpn/transport.h | 99 ++++ src/plugins/Makefile.am | 2 +- src/plugins/obfs-test/Makefile.am | 29 ++ src/plugins/obfs-test/README.obfs-test | 26 + src/plugins/obfs-test/obfs-test-args.c | 60 +++ src/plugins/obfs-test/obfs-test-munging.c | 129 +++++ src/plugins/obfs-test/obfs-test-posix.c | 207 ++++++++ src/plugins/obfs-test/obfs-test-win32.c | 579 ++++++++++++++++++++++ src/plugins/obfs-test/obfs-test.c | 94 ++++ src/plugins/obfs-test/obfs-test.exports | 4 + src/plugins/obfs-test/obfs-test.h | 42 ++ 26 files changed, 2155 insertions(+), 6 deletions(-) create mode 100644 include/openvpn-transport.h create mode 100644 src/openvpn/transport.c create mode 100644 src/openvpn/transport.h create mode 100644 src/plugins/obfs-test/Makefile.am create mode 100644 src/plugins/obfs-test/README.obfs-test create mode 100644 src/plugins/obfs-test/obfs-test-args.c create mode 100644 src/plugins/obfs-test/obfs-test-munging.c create mode 100644 src/plugins/obfs-test/obfs-test-posix.c create mode 100644 src/plugins/obfs-test/obfs-test-win32.c create mode 100644 src/plugins/obfs-test/obfs-test.c create mode 100644 src/plugins/obfs-test/obfs-test.exports create mode 100644 src/plugins/obfs-test/obfs-test.h