From patchwork Wed Oct 9 03:34:13 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 858 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director7.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id GKOHEujwnV2yUAAAIUCqbw for ; Wed, 09 Oct 2019 10:38:32 -0400 Received: from proxy5.mail.ord1d.rsapps.net ([172.30.191.6]) by director7.mail.ord1d.rsapps.net with LMTP id 8BMcEujwnV22OQAAovjBpQ ; Wed, 09 Oct 2019 10:38:32 -0400 Received: from smtp25.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy5.mail.ord1d.rsapps.net with LMTP id UO71EejwnV2bewAA8Zzt7w ; Wed, 09 Oct 2019 10:38:32 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp25.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: 771c1188-eaa2-11e9-8e55-52540081550e-1-1 Received: from [216.105.38.7] ([216.105.38.7:49778] helo=lists.sourceforge.net) by smtp25.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 33/C4-17961-7E0FD9D5; Wed, 09 Oct 2019 10:38:32 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1iID5q-0004Vn-J4; Wed, 09 Oct 2019 14:37:34 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1iID5p-0004VW-LT for openvpn-devel@lists.sourceforge.net; Wed, 09 Oct 2019 14:37:33 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=6eH3zDY543I+RDGvaMK/TkRzCNpO2a5jJohGeoe3D8k=; b=VL0kBwrn4yTGa9P6JjRadA6OjE liJ24JwH6UCl0dtcGpA73mRcI8V5j0vHhmpcK1Y5gaTVa8pOlHcwBVyE0WujgqdkRFm7v+8iAvfiR TiddCE4PdjOZVb+dRPkoDMxUqaKwmggf6QA6OEbGhDOYdF81p/pswd9mta9LGv9BMy+0=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=6eH3zDY543I+RDGvaMK/TkRzCNpO2a5jJohGeoe3D8k=; b=Q 9yp01y4grgRmiogty7F22hr3FLKPnHAGHkFa6diRj8KFxQ/uuBDf76Stmj2yE3RYj9+mwO9LFrBak R5mKqD6ke6hcle4toDfEzwEPJ/P0NyVKGnCivWjvqWsv2dwgDUQUEIT9rol4BXIQ5U6+YJO2agTvo uvtaC7lS5QljgnUs=; Received: from [5.148.176.60] (helo=s2.neomailbox.net) by sfi-mx-3.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1iID5l-003zYi-RY for openvpn-devel@lists.sourceforge.net; Wed, 09 Oct 2019 14:37:33 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Wed, 9 Oct 2019 16:34:13 +0200 Message-Id: <20191009143422.9419-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: openvpn.net] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [5.148.176.60 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 1.0 RDNS_NONE Delivered to internal network by a host with no rDNS -0.3 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1iID5l-003zYi-RY Subject: [Openvpn-devel] [PATCH 0/9] support VLANs in TAP mode X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This patchset is the restyled, adjusted and (partly) re-worked version of the patchset that can be found in this GitHub PR https://github.com/OpenVPN/openvpn/pull/76 originally authored by Fabian Knittel. The status of this new patchset is tracked here: https://community.openvpn.net/openvpn/ticket/6#comment:5 These new patches have already gone through a first round of review by Gert and are now being posted on the mailing list for broader scrutinity. In a nutshell, this new feature allows to assign each client to a VLAN (like if it was a host plugged into a switch, with OpenVPN server being the switch). This will ensure proper isolation between clients on different VLANs. On top of that, depending on the configuration, clients can be bridged with different networks on the server side, thanks to the VLAN tagging applied to their outgoing packets (more is explained in the additional manpage content). A specific document explaining more in details how this feature can be useful in common setups is planned to be drafted after the patchset has been merged. Feedback is welcome! Regards, Antonio Quartulli (9): maddr: create helper function to populate maddr object from eth_addr VLAN: add basic VLAN tagging support maddr: export VLAN ID from client context to maddr object VLAN: filter multicast and client-to-client unicast traffic is_ipv_X: add support for parsing IP header inside a 802.1q frame VLAN: implement support for forwarding only pre-tagged VLAN packets VLAN: allow forwarding tagged and untagged packets on the server TAP device VLAN: add documentation to manpage VLAN: allow user to avoid compiling VLAN handling code configure.ac | 12 ++ doc/openvpn.8 | 99 +++++++++++- src/openvpn/Makefile.am | 4 + src/openvpn/errlevel.h | 2 + src/openvpn/mroute.c | 66 +++++--- src/openvpn/mroute.h | 13 +- src/openvpn/multi.c | 47 +++++- src/openvpn/multi.h | 2 + src/openvpn/options.c | 99 ++++++++++++ src/openvpn/options.h | 13 ++ src/openvpn/proto.c | 42 +++-- src/openvpn/proto.h | 25 +++ src/openvpn/vlan.c | 337 ++++++++++++++++++++++++++++++++++++++++ src/openvpn/vlan.h | 131 ++++++++++++++++ 14 files changed, 852 insertions(+), 40 deletions(-) create mode 100644 src/openvpn/vlan.c create mode 100644 src/openvpn/vlan.h