From patchwork Thu Apr  8 04:02:25 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Arne Schwabe <arne@rfc2549.org>
X-Patchwork-Id: 1727
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director14.mail.ord1d.rsapps.net ([172.31.255.6])
	by backend30.mail.ord1d.rsapps.net with LMTP
	id cIMhNjcNb2A8bAAAIUCqbw
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Thu, 08 Apr 2021 10:03:35 -0400
Received: from proxy9.mail.iad3b.rsapps.net ([172.31.255.6])
	by director14.mail.ord1d.rsapps.net with LMTP
	id mJWSNTcNb2BqPAAAeJ7fFg
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Thu, 08 Apr 2021 10:03:35 -0400
Received: from smtp2.gate.iad3b ([172.31.255.6])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy9.mail.iad3b.rsapps.net with LMTPS
	id +Bd1LzcNb2AhawAAC4PSzw
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Thu, 08 Apr 2021 10:03:35 -0400
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: openvpnslackdevel@openvpn.net
X-Originating-Ip: [216.105.38.7]
Authentication-Results: smtp2.gate.iad3b.rsapps.net;
 iprev=pass policy.iprev="216.105.38.7";
 spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net"
 smtp.helo="lists.sourceforge.net";
 dkim=fail (signature verification failed) header.d=sourceforge.net;
 dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil;
 dis=none) header.from=rfc2549.org
X-Suspicious-Flag: YES
X-Classification-ID: 3502dc02-9873-11eb-ac77-5254000fbace-1-1
Received: from [216.105.38.7] ([216.105.38.7:53686]
 helo=lists.sourceforge.net)
	by smtp2.gate.iad3b.rsapps.net (envelope-from
 <openvpn-devel-bounces@lists.sourceforge.net>)
	(ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384)
	id 39/E0-28034-63D0F606; Thu, 08 Apr 2021 10:03:35 -0400
Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com)
	by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.92.3)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1lUVFJ-0005JR-EQ; Thu, 08 Apr 2021 14:02:57 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
 by sfs-ml-2.v29.lw.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3)
 (envelope-from <arne@kamera.blinkt.de>) id 1lUVFH-0005J9-Th
 for openvpn-devel@lists.sourceforge.net; Thu, 08 Apr 2021 14:02:55 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:
 MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=+pcXuZvyskH2B9TPU7nDiHf3P1VK9ktjCnF89g/LpB0=; b=MwjTgfnE83ydUu3ffURuHKXpZC
 +VM+9Bl20hHpHIG5LidTLPimFvtfOzCY8vWzPo5jGElkpIhPyKIZA5aiP1Lz/cb9TfwRsGVN0An6I
 ackbY334aMYpm5XOJL0U6pKoCjUias13vTq0fLsG2aqCoFCta98jrfNZFfkp6Pbmb23Q=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:MIME-Version:
 Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:
 Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
 In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=+pcXuZvyskH2B9TPU7nDiHf3P1VK9ktjCnF89g/LpB0=; b=RSZ/S+FaAixc1ojC+6apW3sEkj
 rIb6BLqzniz4MnEk3zctddbNbLZgIHUDJkrViOPR92mmDDHrCS8teROK3hHHlppPnpmIx3Ah43i6i
 ZktjKhVQaJLhDtIBV+C+mvVKGPjPT4lQykKXlDS0PhGsoRmTwQ822CMJnjpC/Iq6hDk4=;
Received: from mail.blinkt.de ([192.26.174.232])
 by sfi-mx-1.v28.lw.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2)
 id 1lUVEy-004oUE-Hf
 for openvpn-devel@lists.sourceforge.net; Thu, 08 Apr 2021 14:02:55 +0000
Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c])
 by mail.blinkt.de with smtp (Exim 4.94 (FreeBSD))
 (envelope-from <arne@kamera.blinkt.de>) id 1lUVEr-000DZB-7E
 for openvpn-devel@lists.sourceforge.net; Thu, 08 Apr 2021 16:02:29 +0200
Received: (nullmailer pid 31869 invoked by uid 10006);
 Thu, 08 Apr 2021 14:02:29 -0000
From: Arne Schwabe <arne@rfc2549.org>
To: openvpn-devel@lists.sourceforge.net
Date: Thu,  8 Apr 2021 16:02:25 +0200
Message-Id: <20210408140229.31824-1-arne@rfc2549.org>
X-Mailer: git-send-email 2.17.1
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
 See http://spamassassin.org/tag/ for more details.
 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
 domains are different
 0.0 SPF_NONE               SPF: sender does not publish an SPF Record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.0 TIME_LIMIT_EXCEEDED    Exceeded time limit / deadline
X-Headers-End: 1lUVEy-004oUE-Hf
Subject: [Openvpn-devel] [PATCH 0/3] P2P NCP support patch set
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
MIME-Version: 1.0
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox

Note: this patchset requires the "Move context_auth from context_2 
to tls_multi and name it multi_state" patch to be applied first.

Our P2P mode is currently lacking in features compared to the
P2MP mode. Especially EKM, DATA_v2 and NCP cannot be used with
P2P mode. And the differences increase code complexity as we
need to maintain two code paths. As we don't intend to
deprecate P2P mode, this patchset implements NCP for P2P mode.

P2P NCP is lot less ambigous than normal NCP and will only
be activated if both peers support it and avoids all the
edge cases of different level of support for different
versions.

Arne Schwabe (3):
  Change options->data_channel_use_ekm to flags
  Remove --ncp-disable option
  Support NCP in pure P2P VPN setups

 Changes.rst                           |   4 +
 doc/man-sections/protocol-options.rst |   8 +-
 src/openvpn/init.c                    | 113 +++++++++++++----
 src/openvpn/multi.c                   |   9 +-
 src/openvpn/options.c                 |  48 ++-----
 src/openvpn/options.h                 |   5 +-
 src/openvpn/push.c                    |   2 +-
 src/openvpn/ssl.c                     | 173 ++++++++++++++++++--------
 src/openvpn/ssl.h                     |   5 +
 src/openvpn/ssl_backend.h             |   1 +
 src/openvpn/ssl_common.h              |  11 +-
 src/openvpn/ssl_ncp.c                 | 149 +++++++++++++++++++++-
 src/openvpn/ssl_ncp.h                 |  25 ++++
 tests/unit_tests/openvpn/test_ncp.c   |  11 ++
 14 files changed, 426 insertions(+), 138 deletions(-)