From patchwork Fri Apr 1 20:08:55 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 2360 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director11.mail.ord1d.rsapps.net ([172.27.255.52]) by backend41.mail.ord1d.rsapps.net with LMTP id 6MAvJ5v2R2JICQAAqwncew (envelope-from ) for ; Sat, 02 Apr 2022 03:09:15 -0400 Received: from proxy11.mail.iad3a.rsapps.net ([172.27.255.52]) by director11.mail.ord1d.rsapps.net with LMTP id YPbGMpv2R2L6FgAAvGGmqA (envelope-from ) for ; Sat, 02 Apr 2022 03:09:15 -0400 Received: from smtp35.gate.iad3a ([172.27.255.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy11.mail.iad3a.rsapps.net with LMTPS id qOOJK5v2R2JXNQAAxCvdqw (envelope-from ) for ; Sat, 02 Apr 2022 03:09:15 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp35.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: cdbf4656-b253-11ec-9bc5-52540083445f-1-1 Received: from [216.105.38.7] ([216.105.38.7:51774] helo=lists.sourceforge.net) by smtp35.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id DC/27-02491-B96F7426; Sat, 02 Apr 2022 03:09:15 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1naXrt-0004Op-Gj; Sat, 02 Apr 2022 07:08:16 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1naXrq-0004Oc-TL for openvpn-devel@lists.sourceforge.net; Sat, 02 Apr 2022 07:08:13 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=+HOT3ktqIPdc/CKpHM1XIhRzcNsUzYWfgd7IPauqISg=; b=hUgVGcduNRkYimSIwJSgl5VMwX rAl+8pz9IyvgQXPZRA6ZF1FQG1RrbVh2s1XVcsFjqr/mGT4T/lBImrlS/Tdpl4fHKXXZRBgT2rwYH LRhJAqD6Oz34zVe3bYLyD8eYkXltYXBE6Scfb5FwODZb98DXwnelrl9zHmEqpNtuvAC8=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=+HOT3ktqIPdc/CKpHM1XIhRzcNsUzYWfgd7IPauqISg=; b=i IX5NoR31jpWvjsiCwsHQur4axokve+IF7t9OhLRKs+5PoIo3JtP04f/qpmI5Srtnm5ja+Uo1qprE2 3QAv4IOIMxRkGUv2LRfx0V/4va0f+e3KhCweu5/HET3nJLpSjaMpnnaTSKuMDR7PuhLqwvde9FO2x 182VJxdf7iUJ5zps=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1naXrn-0003Ze-R6 for openvpn-devel@lists.sourceforge.net; Sat, 02 Apr 2022 07:08:13 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Sat, 2 Apr 2022 09:08:55 +0200 Message-Id: <20220402070902.30282-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Hi all, this is the first official submission of the ovpn-dco support for OpenVPN 2. This patchset is ready for review (and possible merge). Please have a look, test and try to break it! Content analysis details: (-0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1naXrn-0003Ze-R6 Subject: [Openvpn-devel] [PATCH 0/7] Introduce ovpn-dco(-win) support X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Hi all, this is the first official submission of the ovpn-dco support for OpenVPN 2. This patchset is ready for review (and possible merge). Please have a look, test and try to break it! What has changed from the RFCv2 (sent on Jan 14th): * DCO API has been modified to allow specifying a value for mssfix. However only ovpn-dco-win will pick up this value and do something meaningful. On linux is yet to be decided how to handle it. * peer_add() and peer_set() have been decoupled so that the latter can be invoked at the right time, after some parameters have been computed (i.e. mssfix). * routes and iroutes are now installed with a default metric of 200 for the former and 100 for the latter. this guarantees that iroutes always have higher priority (iroutes are basically routes with a specific nexthop). * The ovpn-dco interface is now configured in p2p mode when launching OpenVPN as client or p2p, while it is configured in mp (multipeer) mode when launching OpenVPN in server mode. * Reverse Path Filtering is now enabled automatically when the interface is configured in mp mode (this is a change in ovpn-dco itself). * some more intra-OpenVPN DCO API polishing. * a few minor things I may not be recalling now... A working copy of this patchset, always based on top of laest master, is available in the OpenVPN repo in the "dco" branch. Thanks a lot! Regards, Antonio Quartulli (4): networking: silence warnings about unused arguments networking: implement net_iface_new and net_iface_del APIs ovpn-dco: introduce linux data-channel offload support GitHub Actions: add Linux DCO build (on Ubuntu 20.04) Arne Schwabe (3): networking: remove duplicate methods from networking_sitnl.c tun: extract close_tun_handle into its own fucntion and print correct type ovpn-dco-win: introduce windows data-channel offload support .github/workflows/build.yaml | 16 +- Changes.rst | 7 + README.dco.md | 138 +++ config-msvc.h | 2 + configure.ac | 35 + doc/man-sections/advanced-options.rst | 13 + doc/man-sections/server-options.rst | 6 + src/compat/Makefile.am | 3 +- src/compat/compat-dco_get_overlapped_result.c | 44 + src/compat/compat.h | 6 + src/compat/compat.vcxproj | 1 + src/compat/compat.vcxproj.filters | 3 + src/openvpn/Makefile.am | 5 +- src/openvpn/crypto.c | 1 + src/openvpn/dco.c | 631 +++++++++++++ src/openvpn/dco.h | 310 ++++++ src/openvpn/dco_internal.h | 81 ++ src/openvpn/dco_linux.c | 888 ++++++++++++++++++ src/openvpn/dco_linux.h | 61 ++ src/openvpn/dco_win.c | 397 ++++++++ src/openvpn/dco_win.h | 57 ++ src/openvpn/errlevel.h | 2 + src/openvpn/event.h | 3 + src/openvpn/forward.c | 79 +- src/openvpn/init.c | 204 +++- src/openvpn/init.h | 2 +- src/openvpn/misc.h | 3 +- src/openvpn/mtcp.c | 61 +- src/openvpn/mudp.c | 13 + src/openvpn/multi.c | 227 ++++- src/openvpn/multi.h | 6 +- src/openvpn/networking.h | 37 +- src/openvpn/networking_iproute2.c | 35 + src/openvpn/networking_sitnl.c | 100 +- src/openvpn/openvpn.vcxproj | 6 +- src/openvpn/openvpn.vcxproj.filters | 15 + src/openvpn/options.c | 51 +- src/openvpn/options.h | 15 + src/openvpn/ovpn-dco-win.h | 108 +++ src/openvpn/ovpn_dco_linux.h | 265 ++++++ src/openvpn/socket.c | 105 ++- src/openvpn/socket.h | 21 +- src/openvpn/ssl.c | 80 +- src/openvpn/ssl.h | 7 +- src/openvpn/ssl_common.h | 23 + src/openvpn/ssl_ncp.c | 2 +- src/openvpn/tun.c | 245 +++-- src/openvpn/tun.h | 62 +- tests/unit_tests/openvpn/test_networking.c | 25 +- 49 files changed, 4239 insertions(+), 268 deletions(-) create mode 100644 README.dco.md create mode 100644 src/compat/compat-dco_get_overlapped_result.c create mode 100644 src/openvpn/dco.c create mode 100644 src/openvpn/dco.h create mode 100644 src/openvpn/dco_internal.h create mode 100644 src/openvpn/dco_linux.c create mode 100644 src/openvpn/dco_linux.h create mode 100644 src/openvpn/dco_win.c create mode 100644 src/openvpn/dco_win.h create mode 100644 src/openvpn/ovpn-dco-win.h create mode 100644 src/openvpn/ovpn_dco_linux.h