mbox

[Openvpn-devel,0/3] P2P NCP support patch set

Message ID 20210408140229.31824-1-arne@rfc2549.org
Headers show

Message

Arne Schwabe April 8, 2021, 4:02 a.m. UTC
Note: this patchset requires the "Move context_auth from context_2 
to tls_multi and name it multi_state" patch to be applied first.

Our P2P mode is currently lacking in features compared to the
P2MP mode. Especially EKM, DATA_v2 and NCP cannot be used with
P2P mode. And the differences increase code complexity as we
need to maintain two code paths. As we don't intend to
deprecate P2P mode, this patchset implements NCP for P2P mode.

P2P NCP is lot less ambigous than normal NCP and will only
be activated if both peers support it and avoids all the
edge cases of different level of support for different
versions.

Arne Schwabe (3):
  Change options->data_channel_use_ekm to flags
  Remove --ncp-disable option
  Support NCP in pure P2P VPN setups

 Changes.rst                           |   4 +
 doc/man-sections/protocol-options.rst |   8 +-
 src/openvpn/init.c                    | 113 +++++++++++++----
 src/openvpn/multi.c                   |   9 +-
 src/openvpn/options.c                 |  48 ++-----
 src/openvpn/options.h                 |   5 +-
 src/openvpn/push.c                    |   2 +-
 src/openvpn/ssl.c                     | 173 ++++++++++++++++++--------
 src/openvpn/ssl.h                     |   5 +
 src/openvpn/ssl_backend.h             |   1 +
 src/openvpn/ssl_common.h              |  11 +-
 src/openvpn/ssl_ncp.c                 | 149 +++++++++++++++++++++-
 src/openvpn/ssl_ncp.h                 |  25 ++++
 tests/unit_tests/openvpn/test_ncp.c   |  11 ++
 14 files changed, 426 insertions(+), 138 deletions(-)