From patchwork Fri Aug 12 03:06:48 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 2657 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director9.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id SKevC7BQ9mK6MwAAIUCqbw (envelope-from ) for ; Fri, 12 Aug 2022 09:08:00 -0400 Received: from proxy2.mail.ord1d.rsapps.net ([172.30.191.6]) by director9.mail.ord1d.rsapps.net with LMTP id cKKMC7BQ9mIqbQAAalYnBA (envelope-from ) for ; Fri, 12 Aug 2022 09:08:00 -0400 Received: from smtp13.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy2.mail.ord1d.rsapps.net with LMTPS id YK5FC7BQ9mKvcwAAfawv4w (envelope-from ) for ; Fri, 12 Aug 2022 09:08:00 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp13.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=fail (p=none; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: c9db1c14-1a3f-11ed-92ed-525400b197d9-1-1 Received: from [216.105.38.7] ([216.105.38.7:39234] helo=lists.sourceforge.net) by smtp13.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 9F/7C-28767-FA056F26; Fri, 12 Aug 2022 09:07:59 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1oMUNS-0001qc-Jo; Fri, 12 Aug 2022 13:07:02 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1oMUNP-0001pd-TT for openvpn-devel@lists.sourceforge.net; Fri, 12 Aug 2022 13:06:59 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=5udL6xA7kpkSykMPhB7NqQt8gg0f0QNiiZyAAnL7+VM=; b=X50tRjFN/nwIBs+VYLUKn2qKQq m3Epi2H6uuHE/kMmIeA2kpmSiEN7LTCTENAGWdOgLWcTvAFy2yNMAfF47GnIb6QK5KKRNpDjbgyHS 5xcwMz16ttfHkctAppP/mqsLcb5Jylhkq1f5U+WF77cHSa359Gf0H7/jOHuIjq4WqTEI=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=5udL6xA7kpkSykMPhB7NqQt8gg0f0QNiiZyAAnL7+VM=; b=fuiXLVZAWx2zVI9IoQSp42Or5e eT1kEO/dxIlE9jVv/aXg+XnUOPbMzsaP+YvfUG1LKmS0Iu0tpWbqtbBVvuY5zzEx0NgYJ5PvdCAuN 1+rYKloAC0/GBgMLLVrtur18XJ6uWej9GWj2w61ZU7WtqDvwAW7yFpxxXnkbwOaY8LLE=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1oMUMu-0002Jq-Sn for openvpn-devel@lists.sourceforge.net; Fri, 12 Aug 2022 13:06:40 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Fri, 12 Aug 2022 15:06:48 +0200 Message-Id: <20220812130657.29899-2-a@unstable.cc> In-Reply-To: <20220812130657.29899-1-a@unstable.cc> References: <20220812130657.29899-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: The current condition checking if the TUN interface was preserved is dependant on the platform being Android or not. This makes the code reasonably ugly, especially because uncrustify can't indent pro [...] Content analysis details: (1.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) X-Headers-End: 1oMUMu-0002Jq-Sn Subject: [Openvpn-devel] [PATCH v100 01/10] do_open_tun: restyle "can preserve TUN" check X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox The current condition checking if the TUN interface was preserved is dependant on the platform being Android or not. This makes the code reasonably ugly, especially because uncrustify can't indent properly. On top of that, we will require an extra condition only for windows+DCO, which will make the check even uglier. For this reason, factor out the check in a separate function which can keep the ifdefs craziness well hidden, while do_open_tun becomes (a bit) cleaner. Signed-off-by: Antonio Quartulli Acked-by: Lev Stipakov --- src/openvpn/init.c | 282 +++++++++++++++++++++++---------------------- 1 file changed, 144 insertions(+), 138 deletions(-) diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 82a57bef..4d4c7192 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -1716,161 +1716,120 @@ do_init_tun(struct context *c) * Open tun/tap device, ifconfig, call up script, etc. */ + +static bool +can_preserve_tun(struct tuntap *tt) +{ +#ifdef TARGET_ANDROID + return false; +#else + return tt; +#endif +} + static bool do_open_tun(struct context *c) { struct gc_arena gc = gc_new(); bool ret = false; -#ifndef TARGET_ANDROID - if (!c->c1.tuntap) + if (!can_preserve_tun(c->c1.tuntap)) { -#endif - #ifdef TARGET_ANDROID - /* If we emulate persist-tun on android we still have to open a new tun and - * then close the old */ - int oldtunfd = -1; - if (c->c1.tuntap) - { - oldtunfd = c->c1.tuntap->fd; - free(c->c1.tuntap); - c->c1.tuntap = NULL; - c->c1.tuntap_owned = false; - } + /* If we emulate persist-tun on android we still have to open a new tun and + * then close the old */ + int oldtunfd = -1; + if (c->c1.tuntap) + { + oldtunfd = c->c1.tuntap->fd; + free(c->c1.tuntap); + c->c1.tuntap = NULL; + c->c1.tuntap_owned = false; + } #endif - /* initialize (but do not open) tun/tap object */ - do_init_tun(c); + /* initialize (but do not open) tun/tap object */ + do_init_tun(c); - /* inherit the dco context from the tuntap object */ - if (c->c2.tls_multi) - { - c->c2.tls_multi->dco = &c->c1.tuntap->dco; - } + /* inherit the dco context from the tuntap object */ + if (c->c2.tls_multi) + { + c->c2.tls_multi->dco = &c->c1.tuntap->dco; + } #ifdef _WIN32 - /* store (hide) interactive service handle in tuntap_options */ - c->c1.tuntap->options.msg_channel = c->options.msg_channel; - msg(D_ROUTE, "interactive service msg_channel=%" PRIu64, (unsigned long long) c->options.msg_channel); + /* store (hide) interactive service handle in tuntap_options */ + c->c1.tuntap->options.msg_channel = c->options.msg_channel; + msg(D_ROUTE, "interactive service msg_channel=%" PRIu64, (unsigned long long) c->options.msg_channel); #endif - /* allocate route list structure */ - do_alloc_route_list(c); + /* allocate route list structure */ + do_alloc_route_list(c); - /* parse and resolve the route option list */ - ASSERT(c->c2.link_socket); - if (c->options.routes && c->c1.route_list) - { - do_init_route_list(&c->options, c->c1.route_list, - &c->c2.link_socket->info, c->c2.es, &c->net_ctx); - } - if (c->options.routes_ipv6 && c->c1.route_ipv6_list) - { - do_init_route_ipv6_list(&c->options, c->c1.route_ipv6_list, - &c->c2.link_socket->info, c->c2.es, - &c->net_ctx); - } + /* parse and resolve the route option list */ + ASSERT(c->c2.link_socket); + if (c->options.routes && c->c1.route_list) + { + do_init_route_list(&c->options, c->c1.route_list, + &c->c2.link_socket->info, c->c2.es, &c->net_ctx); + } + if (c->options.routes_ipv6 && c->c1.route_ipv6_list) + { + do_init_route_ipv6_list(&c->options, c->c1.route_ipv6_list, + &c->c2.link_socket->info, c->c2.es, + &c->net_ctx); + } - /* do ifconfig */ - if (!c->options.ifconfig_noexec - && ifconfig_order() == IFCONFIG_BEFORE_TUN_OPEN) - { - /* guess actual tun/tap unit number that will be returned - * by open_tun */ - const char *guess = guess_tuntap_dev(c->options.dev, - c->options.dev_type, - c->options.dev_node, - &gc); - do_ifconfig(c->c1.tuntap, guess, c->c2.frame.tun_mtu, c->c2.es, - &c->net_ctx); - } + /* do ifconfig */ + if (!c->options.ifconfig_noexec + && ifconfig_order() == IFCONFIG_BEFORE_TUN_OPEN) + { + /* guess actual tun/tap unit number that will be returned + * by open_tun */ + const char *guess = guess_tuntap_dev(c->options.dev, + c->options.dev_type, + c->options.dev_node, + &gc); + do_ifconfig(c->c1.tuntap, guess, c->c2.frame.tun_mtu, c->c2.es, + &c->net_ctx); + } - /* possibly add routes */ - if (route_order() == ROUTE_BEFORE_TUN) - { - /* Ignore route_delay, would cause ROUTE_BEFORE_TUN to be ignored */ - do_route(&c->options, c->c1.route_list, c->c1.route_ipv6_list, - c->c1.tuntap, c->plugins, c->c2.es, &c->net_ctx); - } + /* possibly add routes */ + if (route_order() == ROUTE_BEFORE_TUN) + { + /* Ignore route_delay, would cause ROUTE_BEFORE_TUN to be ignored */ + do_route(&c->options, c->c1.route_list, c->c1.route_ipv6_list, + c->c1.tuntap, c->plugins, c->c2.es, &c->net_ctx); + } #ifdef TARGET_ANDROID - /* Store the old fd inside the fd so open_tun can use it */ - c->c1.tuntap->fd = oldtunfd; -#endif - if (dco_enabled(&c->options)) - { - ovpn_dco_init(c->mode, &c->c1.tuntap->dco); - } - - /* open the tun device */ - open_tun(c->options.dev, c->options.dev_type, c->options.dev_node, - c->c1.tuntap, &c->net_ctx); - - /* set the hardware address */ - if (c->options.lladdr) - { - set_lladdr(&c->net_ctx, c->c1.tuntap->actual_name, c->options.lladdr, - c->c2.es); - } - - /* do ifconfig */ - if (!c->options.ifconfig_noexec - && ifconfig_order() == IFCONFIG_AFTER_TUN_OPEN) - { - do_ifconfig(c->c1.tuntap, c->c1.tuntap->actual_name, - c->c2.frame.tun_mtu, c->c2.es, &c->net_ctx); - } - - /* run the up script */ - run_up_down(c->options.up_script, - c->plugins, - OPENVPN_PLUGIN_UP, - c->c1.tuntap->actual_name, -#ifdef _WIN32 - c->c1.tuntap->adapter_index, + /* Store the old fd inside the fd so open_tun can use it */ + c->c1.tuntap->fd = oldtunfd; #endif - dev_type_string(c->options.dev, c->options.dev_type), - c->c2.frame.tun_mtu, - print_in_addr_t(c->c1.tuntap->local, IA_EMPTY_IF_UNDEF, &gc), - print_in_addr_t(c->c1.tuntap->remote_netmask, IA_EMPTY_IF_UNDEF, &gc), - "init", - NULL, - "up", - c->c2.es); - -#if defined(_WIN32) - if (c->options.block_outside_dns) - { - dmsg(D_LOW, "Blocking outside DNS"); - if (!win_wfp_block_dns(c->c1.tuntap->adapter_index, c->options.msg_channel)) + if (dco_enabled(&c->options)) { - msg(M_FATAL, "Blocking DNS failed!"); + ovpn_dco_init(c->mode, &c->c1.tuntap->dco); } - } -#endif - /* possibly add routes */ - if ((route_order() == ROUTE_AFTER_TUN) && (!c->options.route_delay_defined)) - { - do_route(&c->options, c->c1.route_list, c->c1.route_ipv6_list, - c->c1.tuntap, c->plugins, c->c2.es, &c->net_ctx); - } + /* open the tun device */ + open_tun(c->options.dev, c->options.dev_type, c->options.dev_node, + c->c1.tuntap, &c->net_ctx); - ret = true; - static_context = c; -#ifndef TARGET_ANDROID -} -else -{ - msg(M_INFO, "Preserving previous TUN/TAP instance: %s", - c->c1.tuntap->actual_name); + /* set the hardware address */ + if (c->options.lladdr) + { + set_lladdr(&c->net_ctx, c->c1.tuntap->actual_name, c->options.lladdr, + c->c2.es); + } - /* explicitly set the ifconfig_* env vars */ - do_ifconfig_setenv(c->c1.tuntap, c->c2.es); + /* do ifconfig */ + if (!c->options.ifconfig_noexec + && ifconfig_order() == IFCONFIG_AFTER_TUN_OPEN) + { + do_ifconfig(c->c1.tuntap, c->c1.tuntap->actual_name, + c->c2.frame.tun_mtu, c->c2.es, &c->net_ctx); + } - /* run the up script if user specified --up-restart */ - if (c->options.up_restart) - { + /* run the up script */ run_up_down(c->options.up_script, c->plugins, OPENVPN_PLUGIN_UP, @@ -1882,24 +1841,71 @@ else c->c2.frame.tun_mtu, print_in_addr_t(c->c1.tuntap->local, IA_EMPTY_IF_UNDEF, &gc), print_in_addr_t(c->c1.tuntap->remote_netmask, IA_EMPTY_IF_UNDEF, &gc), - "restart", + "init", NULL, "up", c->c2.es); - } + #if defined(_WIN32) - if (c->options.block_outside_dns) - { - dmsg(D_LOW, "Blocking outside DNS"); - if (!win_wfp_block_dns(c->c1.tuntap->adapter_index, c->options.msg_channel)) + if (c->options.block_outside_dns) + { + dmsg(D_LOW, "Blocking outside DNS"); + if (!win_wfp_block_dns(c->c1.tuntap->adapter_index, c->options.msg_channel)) + { + msg(M_FATAL, "Blocking DNS failed!"); + } + } +#endif + + /* possibly add routes */ + if ((route_order() == ROUTE_AFTER_TUN) && (!c->options.route_delay_defined)) { - msg(M_FATAL, "Blocking DNS failed!"); + do_route(&c->options, c->c1.route_list, c->c1.route_ipv6_list, + c->c1.tuntap, c->plugins, c->c2.es, &c->net_ctx); } + + ret = true; + static_context = c; } + else + { + msg(M_INFO, "Preserving previous TUN/TAP instance: %s", + c->c1.tuntap->actual_name); + + /* explicitly set the ifconfig_* env vars */ + do_ifconfig_setenv(c->c1.tuntap, c->c2.es); + + /* run the up script if user specified --up-restart */ + if (c->options.up_restart) + { + run_up_down(c->options.up_script, + c->plugins, + OPENVPN_PLUGIN_UP, + c->c1.tuntap->actual_name, +#ifdef _WIN32 + c->c1.tuntap->adapter_index, +#endif + dev_type_string(c->options.dev, c->options.dev_type), + c->c2.frame.tun_mtu, + print_in_addr_t(c->c1.tuntap->local, IA_EMPTY_IF_UNDEF, &gc), + print_in_addr_t(c->c1.tuntap->remote_netmask, IA_EMPTY_IF_UNDEF, &gc), + "restart", + NULL, + "up", + c->c2.es); + } +#if defined(_WIN32) + if (c->options.block_outside_dns) + { + dmsg(D_LOW, "Blocking outside DNS"); + if (!win_wfp_block_dns(c->c1.tuntap->adapter_index, c->options.msg_channel)) + { + msg(M_FATAL, "Blocking DNS failed!"); + } + } #endif -} -#endif /* ifndef TARGET_ANDROID */ + } gc_free(&gc); return ret; } From patchwork Fri Aug 12 03:06:49 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 2660 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director7.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id MJXCCMJQ9mJLNAAAIUCqbw (envelope-from ) for ; Fri, 12 Aug 2022 09:08:18 -0400 Received: from proxy4.mail.ord1d.rsapps.net ([172.30.191.6]) by director7.mail.ord1d.rsapps.net with LMTP id QC0hCMJQ9mL0RgAAovjBpQ (envelope-from ) for ; Fri, 12 Aug 2022 09:08:18 -0400 Received: from smtp36.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy4.mail.ord1d.rsapps.net with LMTPS id 2IPJB8JQ9mLdLwAAiYrejw (envelope-from ) for ; Fri, 12 Aug 2022 09:08:18 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp36.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=fail (p=none; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: d4a62422-1a3f-11ed-8ec0-525400c11307-1-1 Received: from [216.105.38.7] ([216.105.38.7:48504] helo=lists.sourceforge.net) by smtp36.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id C2/04-04453-1C056F26; Fri, 12 Aug 2022 09:08:17 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1oMUNQ-0004mT-LM; Fri, 12 Aug 2022 13:07:00 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1oMUNP-0004mF-5m for openvpn-devel@lists.sourceforge.net; Fri, 12 Aug 2022 13:06:59 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=IA0iDg254+C/vJeiLOkVLnZ7RicGuwqWD6mHM4aU9Jo=; b=UpEbVhbIS4ytp4J7uf8CRi5D0W +9bIloGpsnWgRExjahr4pUKxbupj+UfZqSGXvKfaJaXsW1bJqvywmQ87zDAEDxv0RpfCRgNBdE9Fw Un2QDMuEaKTS5EnAwVE7dvXCZ0NFixrXBxh6K8CuN9k1PDlfqZGgEe2OHAgMfzmNxYTI=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=IA0iDg254+C/vJeiLOkVLnZ7RicGuwqWD6mHM4aU9Jo=; b=Atre8Lpt0g+ifWDDeyBWSEsm4o W8H5h+jXqaVXe9ZCDAIma6AVi+D43gKkZOpzIrkHzWhOdE+ix1TGuGqXmDDmFPi+mbt96EG6wSQ54 A7ay+Zoo8J+mmkoDGSM3fV1StrSDlByGFSfabNpaFOQz8X7xfccddGYr7hOYdcPJ7f6E=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1oMUMt-0002KF-TZ for openvpn-devel@lists.sourceforge.net; Fri, 12 Aug 2022 13:06:39 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Fri, 12 Aug 2022 15:06:49 +0200 Message-Id: <20220812130657.29899-3-a@unstable.cc> In-Reply-To: <20220812130657.29899-1-a@unstable.cc> References: <20220812130657.29899-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Signed-off-by: Arne Schwabe Signed-off-by: Lev Stipakov Signed-off-by: Antonio Quartulli --- config-msvc.h | 2 + configure.ac | 9 +- dev-tools/spec [...] Content analysis details: (1.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) X-Headers-End: 1oMUMt-0002KF-TZ Subject: [Openvpn-devel] [PATCH v100 02/10] dco-win: introduce low-level code for handling ovpn-dco-win in Windows X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Lev Stipakov , Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Signed-off-by: Arne Schwabe Signed-off-by: Lev Stipakov Signed-off-by: Antonio Quartulli --- config-msvc.h | 2 + configure.ac | 9 +- dev-tools/special-files.lst | 1 + src/openvpn/Makefile.am | 4 +- src/openvpn/dco_internal.h | 1 + src/openvpn/dco_win.c | 397 ++++++++++++++++++++++++++++ src/openvpn/dco_win.h | 58 ++++ src/openvpn/openvpn.vcxproj | 3 + src/openvpn/openvpn.vcxproj.filters | 9 + src/openvpn/ovpn-dco-win.h | 108 ++++++++ src/openvpn/tun.h | 3 +- 11 files changed, 590 insertions(+), 5 deletions(-) create mode 100644 src/openvpn/dco_win.c create mode 100644 src/openvpn/dco_win.h create mode 100644 src/openvpn/ovpn-dco-win.h diff --git a/config-msvc.h b/config-msvc.h index b08beb52..b621f3fb 100644 --- a/config-msvc.h +++ b/config-msvc.h @@ -87,3 +87,5 @@ typedef uint16_t in_port_t; #ifdef HAVE_CONFIG_MSVC_LOCAL_H #include #endif + +#define ENABLE_DCO 1 diff --git a/configure.ac b/configure.ac index 9466fe15..0de0fbbe 100644 --- a/configure.ac +++ b/configure.ac @@ -144,7 +144,7 @@ AC_ARG_ENABLE( AC_ARG_ENABLE( [dco], - [AS_HELP_STRING([--enable-dco], [enable data channel offload support using ovpn-dco kernel module @<:@default=no@:>@])], + [AS_HELP_STRING([--enable-dco], [enable data channel offload support using the ovpn-dco kernel module (always enabled on Windows) @<:@default=no@:>@])], , [enable_dco="no"] ) @@ -328,6 +328,7 @@ case "$host" in ;; *-mingw*) AC_DEFINE([TARGET_WIN32], [1], [Are we running WIN32?]) + AC_DEFINE([ENABLE_DCO], [1], [DCO is always enabled on Windows]) AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["W"], [Target prefix]) CPPFLAGS="${CPPFLAGS} -DWIN32_LEAN_AND_MEAN" CPPFLAGS="${CPPFLAGS} -DNTDDI_VERSION=NTDDI_VISTA -D_WIN32_WINNT=_WIN32_WINNT_VISTA" @@ -772,7 +773,6 @@ if test "$enable_dco" = "yes"; then dnl dnl Include generic netlink library used to talk to ovpn-dco dnl - case "$host" in *-*-linux*) PKG_CHECK_MODULES([LIBNL_GENL], @@ -787,8 +787,11 @@ dnl AC_DEFINE(ENABLE_DCO, 1, [Enable shared data channel offload]) AC_MSG_NOTICE([Enabled ovpn-dco support for Linux]) ;; + *-mingw*) + AC_MSG_NOTICE([NOTE: --enable-dco ignored on Windows because it's always enabled]) + ;; *) - AC_MSG_NOTICE([Ignoring --enable-dco on non Linux platform]) + AC_MSG_NOTICE([Ignoring --enable-dco on non supported platform]) ;; esac fi diff --git a/dev-tools/special-files.lst b/dev-tools/special-files.lst index 33e830d7..6d0bc055 100644 --- a/dev-tools/special-files.lst +++ b/dev-tools/special-files.lst @@ -2,3 +2,4 @@ E:doc/doxygen/doc_key_generation.h # @verbatim section gets mistreated, excl E:src/compat/compat-lz4.c # Preserve LZ4 upstream formatting E:src/compat/compat-lz4.h # Preserve LZ4 upstream formatting E:src/openvpn/ovpn_dco_linux.h # Preserve ovpn-dco upstream formatting +E:src/openvpn/ovpn-dco-win.h # Preserve ovpn-dco-win upstream formatting diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am index aaa1dbce..8d0e66b4 100644 --- a/src/openvpn/Makefile.am +++ b/src/openvpn/Makefile.am @@ -55,6 +55,7 @@ openvpn_SOURCES = \ crypto_mbedtls.c crypto_mbedtls.h \ dco.c dco.h dco_internal.h \ dco_linux.c dco_linux.h \ + dco_win.c dco_win.h \ dhcp.c dhcp.h \ dns.c dns.h \ env_set.c env_set.h \ @@ -77,6 +78,7 @@ openvpn_SOURCES = \ mbuf.c mbuf.h \ memdbg.h \ misc.c misc.h \ + ovpn-dco-win.h \ ovpn_dco_linux.h \ platform.c platform.h \ console.c console.h console_builtin.c console_systemd.c \ @@ -151,5 +153,5 @@ openvpn_LDADD = \ $(OPTIONAL_INOTIFY_LIBS) if WIN32 openvpn_SOURCES += openvpn_win32_resources.rc block_dns.c block_dns.h ring_buffer.h -openvpn_LDADD += -lgdi32 -lws2_32 -lwininet -lcrypt32 -liphlpapi -lwinmm -lfwpuclnt -lrpcrt4 -lncrypt -lsetupapi +openvpn_LDADD += -lgdi32 -lws2_32 -lwininet -lcrypt32 -liphlpapi -lwinmm -lfwpuclnt -lrpcrt4 -lncrypt -lsetupapi -lbcrypt endif diff --git a/src/openvpn/dco_internal.h b/src/openvpn/dco_internal.h index 3ceb26d6..968d4042 100644 --- a/src/openvpn/dco_internal.h +++ b/src/openvpn/dco_internal.h @@ -28,6 +28,7 @@ #if defined(ENABLE_DCO) #include "dco_linux.h" +#include "dco_win.h" /** * This file contains the internal DCO API definition. diff --git a/src/openvpn/dco_win.c b/src/openvpn/dco_win.c new file mode 100644 index 00000000..f1160c7d --- /dev/null +++ b/src/openvpn/dco_win.c @@ -0,0 +1,397 @@ +/* + * Interface to ovpn-win-dco networking code + * + * Copyright (C) 2020-2022 Arne Schwabe + * Copyright (C) 2020-2022 OpenVPN Inc + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program (see the file COPYING included with this + * distribution); if not, write to the Free Software Foundation, Inc., + * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#elif defined(_MSC_VER) +#include "config-msvc.h" +#endif + +#if defined(_WIN32) + +#include "syshead.h" + +#include "dco.h" +#include "tun.h" +#include "crypto.h" +#include "ssl_common.h" + +#include +#include +#include + +#if defined(__MINGW32__) +const IN_ADDR in4addr_any = { 0 }; +#endif + +static struct tuntap +create_dco_handle(const char *devname, struct gc_arena *gc) +{ + struct tuntap tt = { .windows_driver = WINDOWS_DRIVER_DCO }; + const char *device_guid; + + tun_open_device(&tt, devname, &device_guid, gc); + + return tt; +} + +bool +ovpn_dco_init(int mode, dco_context_t *dco) +{ + return true; +} + +int +open_tun_dco(struct tuntap *tt, openvpn_net_ctx_t *ctx, const char *dev) +{ + ASSERT(0); + return 0; +} + +static void +dco_wait_ready(DWORD idx) +{ + for (int i = 0; i < 20; ++i) + { + MIB_IPINTERFACE_ROW row = {.InterfaceIndex = idx, .Family = AF_INET}; + if (GetIpInterfaceEntry(&row) != ERROR_NOT_FOUND) + { + break; + } + msg(D_DCO_DEBUG, "interface %ld not yet ready, retrying", idx); + Sleep(50); + } +} + +void +dco_start_tun(struct tuntap *tt) +{ + msg(D_DCO_DEBUG, "%s", __func__); + + /* reference the tt object inside the DCO context, because the latter will + * be passed around + */ + tt->dco.tt = tt; + + DWORD bytes_returned = 0; + if (!DeviceIoControl(tt->hand, OVPN_IOCTL_START_VPN, NULL, 0, NULL, 0, + &bytes_returned, NULL)) + { + msg(M_ERR, "DeviceIoControl(OVPN_IOCTL_START_VPN) failed"); + } + + /* Sometimes IP Helper API, which we use for setting IP address etc, + * complains that interface is not found. Give it some time to settle + */ + dco_wait_ready(tt->adapter_index); +} + +static int +dco_connect_wait(HANDLE handle, OVERLAPPED *ov, int timeout, volatile int *signal_received) +{ + DWORD timeout_msec = timeout * 1000; + const int poll_interval_ms = 50; + + while (timeout_msec > 0) + { + timeout_msec -= poll_interval_ms; + + DWORD transferred; + if (GetOverlappedResultEx(handle, ov, &transferred, poll_interval_ms, FALSE) != 0) + { + /* TCP connection established by dco */ + return 0; + } + + DWORD err = GetLastError(); + if ((err != WAIT_TIMEOUT) && (err != ERROR_IO_INCOMPLETE)) + { + /* dco reported connection error */ + msg(M_NONFATAL | M_ERRNO, "dco connect error"); + *signal_received = SIGUSR1; + return -1; + } + + get_signal(signal_received); + if (*signal_received) + { + return -1; + } + + management_sleep(0); + } + + /* we end up here when timeout occurs in userspace */ + msg(M_NONFATAL, "dco connect timeout"); + *signal_received = SIGUSR1; + + return -1; +} + +struct tuntap +dco_create_socket(struct addrinfo *remoteaddr, bool bind_local, + struct addrinfo *bind, const char *devname, + struct gc_arena *gc, int timeout, + volatile int *signal_received) +{ + msg(D_DCO_DEBUG, "%s", __func__); + + OVPN_NEW_PEER peer = { 0 }; + + struct sockaddr *local = NULL; + struct sockaddr *remote = remoteaddr->ai_addr; + + if (remoteaddr->ai_protocol == IPPROTO_TCP + || remoteaddr->ai_socktype == SOCK_STREAM) + { + peer.Proto = OVPN_PROTO_TCP; + } + else + { + peer.Proto = OVPN_PROTO_UDP; + } + + if (bind_local) + { + /* Use first local address with correct address family */ + while (bind && !local) + { + if (bind->ai_family == remote->sa_family) + { + local = bind->ai_addr; + } + bind = bind->ai_next; + } + } + + if (bind_local && !local) + { + msg(M_FATAL, "DCO: Socket bind failed: Address to bind lacks %s record", + addr_family_name(remote->sa_family)); + } + + if (remote->sa_family == AF_INET6) + { + peer.Remote.Addr6 = *((SOCKADDR_IN6 *)(remoteaddr->ai_addr)); + if (local) + { + peer.Local.Addr6 = *((SOCKADDR_IN6 *)local); + } + else + { + peer.Local.Addr6.sin6_addr = in6addr_any; + peer.Local.Addr6.sin6_port = 0; + peer.Local.Addr6.sin6_family = AF_INET6; + } + } + else if (remote->sa_family == AF_INET) + { + peer.Remote.Addr4 = *((SOCKADDR_IN *)(remoteaddr->ai_addr)); + if (local) + { + peer.Local.Addr4 = *((SOCKADDR_IN *)local); + } + else + { + peer.Local.Addr4.sin_addr = in4addr_any; + peer.Local.Addr4.sin_port = 0; + peer.Local.Addr4.sin_family = AF_INET; + } + } + else + { + ASSERT(0); + } + + struct tuntap tt = create_dco_handle(devname, gc); + + OVERLAPPED ov = { 0 }; + if (!DeviceIoControl(tt.hand, OVPN_IOCTL_NEW_PEER, &peer, sizeof(peer), NULL, 0, NULL, &ov)) + { + DWORD err = GetLastError(); + if (err != ERROR_IO_PENDING) + { + msg(M_ERR, "DeviceIoControl(OVPN_IOCTL_NEW_PEER) failed"); + } + else + { + if (dco_connect_wait(tt.hand, &ov, timeout, signal_received) < 0) + { + close_tun_handle(&tt); + } + } + } + return tt; +} + +int +dco_new_peer(dco_context_t *dco, unsigned int peerid, int sd, + struct sockaddr *localaddr, struct sockaddr *remoteaddr, + struct in_addr *remote_in4, struct in6_addr *remote_in6) +{ + msg(D_DCO_DEBUG, "%s: peer-id %d, fd %d", __func__, peerid, sd); + return 0; +} + +int +dco_del_peer(dco_context_t *dco, unsigned int peerid) +{ + msg(D_DCO_DEBUG, "%s: peer-id %d - not implemented", __func__, peerid); + return 0; +} + +int +dco_set_peer(dco_context_t *dco, unsigned int peerid, + int keepalive_interval, int keepalive_timeout, int mss) +{ + msg(D_DCO_DEBUG, "%s: peer-id %d, keepalive %d/%d, mss %d", __func__, + peerid, keepalive_interval, keepalive_timeout, mss); + + OVPN_SET_PEER peer; + + peer.KeepaliveInterval = keepalive_interval; + peer.KeepaliveTimeout = keepalive_timeout; + peer.MSS = mss; + + DWORD bytes_returned = 0; + if (!DeviceIoControl(dco->tt->hand, OVPN_IOCTL_SET_PEER, &peer, + sizeof(peer), NULL, 0, &bytes_returned, NULL)) + { + msg(M_WARN | M_ERRNO, "DeviceIoControl(OVPN_IOCTL_SET_PEER) failed"); + return -1; + } + return 0; +} + +int +dco_new_key(dco_context_t *dco, unsigned int peerid, int keyid, + dco_key_slot_t slot, + const uint8_t *encrypt_key, const uint8_t *encrypt_iv, + const uint8_t *decrypt_key, const uint8_t *decrypt_iv, + const char *ciphername) +{ + msg(D_DCO_DEBUG, "%s: slot %d, key-id %d, peer-id %d, cipher %s", + __func__, slot, keyid, peerid, ciphername); + + const int nonce_len = 8; + size_t key_len = cipher_kt_key_size(ciphername); + + OVPN_CRYPTO_DATA crypto_data; + ZeroMemory(&crypto_data, sizeof(crypto_data)); + + crypto_data.CipherAlg = dco_get_cipher(ciphername); + crypto_data.KeyId = keyid; + crypto_data.PeerId = peerid; + crypto_data.KeySlot = slot; + + CopyMemory(crypto_data.Encrypt.Key, encrypt_key, key_len); + crypto_data.Encrypt.KeyLen = (char)key_len; + CopyMemory(crypto_data.Encrypt.NonceTail, encrypt_iv, nonce_len); + + CopyMemory(crypto_data.Decrypt.Key, decrypt_key, key_len); + crypto_data.Decrypt.KeyLen = (char)key_len; + CopyMemory(crypto_data.Decrypt.NonceTail, decrypt_iv, nonce_len); + + ASSERT(crypto_data.CipherAlg > 0); + + DWORD bytes_returned = 0; + + if (!DeviceIoControl(dco->tt->hand, OVPN_IOCTL_NEW_KEY, &crypto_data, + sizeof(crypto_data), NULL, 0, &bytes_returned, NULL)) + { + msg(M_ERR, "DeviceIoControl(OVPN_IOCTL_NEW_KEY) failed"); + return -1; + } + return 0; +} +int +dco_del_key(dco_context_t *dco, unsigned int peerid, dco_key_slot_t slot) +{ + msg(D_DCO, "%s: peer-id %d, slot %d called but ignored", __func__, peerid, + slot); + /* FIXME: Implement in driver first */ + return 0; +} + +int +dco_swap_keys(dco_context_t *dco, unsigned int peer_id) +{ + msg(D_DCO_DEBUG, "%s: peer-id %d", __func__, peer_id); + + DWORD bytes_returned = 0; + if (!DeviceIoControl(dco->tt->hand, OVPN_IOCTL_SWAP_KEYS, NULL, 0, NULL, 0, + &bytes_returned, NULL)) + { + msg(M_ERR, "DeviceIoControl(OVPN_IOCTL_SWAP_KEYS) failed"); + return -1; + } + return 0; +} + +bool +dco_available(int msglevel) +{ + return true; +} + +int +dco_do_read(dco_context_t *dco) +{ + /* no-op on windows */ + return 0; +} + +int +dco_do_write(dco_context_t *dco, int peer_id, struct buffer *buf) +{ + /* no-op on windows */ + return 0; +} + +void +dco_event_set(dco_context_t *dco, struct event_set *es, void *arg) +{ + /* no-op on windows */ +} + +const char * +dco_get_supported_ciphers() +{ + /* + * this API can be called either from user mode or kernel mode, + * which enables us to probe driver's chachapoly support + * (available starting from Windows 11) + */ + + BCRYPT_ALG_HANDLE h; + NTSTATUS status = BCryptOpenAlgorithmProvider(&h, L"CHACHA20_POLY1305", NULL, 0); + if (BCRYPT_SUCCESS(status)) + { + BCryptCloseAlgorithmProvider(h, 0); + return "AES-128-GCM:AES-256-GCM:AES-192-GCM:CHACHA20-POLY1305"; + } + else + { + return "AES-128-GCM:AES-256-GCM:AES-192-GCM"; + } +} + +#endif /* defined(_WIN32) */ diff --git a/src/openvpn/dco_win.h b/src/openvpn/dco_win.h new file mode 100644 index 00000000..3b746dd8 --- /dev/null +++ b/src/openvpn/dco_win.h @@ -0,0 +1,58 @@ +/* + * Interface to ovpn-win-dco networking code + * + * Copyright (C) 2020-2022 Arne Schwabe + * Copyright (C) 2020-2022 OpenVPN Inc + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program (see the file COPYING included with this + * distribution); if not, write to the Free Software Foundation, Inc., + * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#ifndef DCO_WIN_H +#define DCO_WIN_H + +#if defined(ENABLE_DCO) && defined(_WIN32) + +#include "buffer.h" +#include "ovpn-dco-win.h" + +typedef OVPN_KEY_SLOT dco_key_slot_t; +typedef OVPN_CIPHER_ALG dco_cipher_t; + +struct dco_context { + bool real_tun_init; + struct tuntap *tt; +}; + +typedef struct dco_context dco_context_t; + +struct tuntap +dco_create_socket(struct addrinfo *remoteaddr, bool bind_local, + struct addrinfo *bind, const char *devname, + struct gc_arena *gc, int timeout, + volatile int *signal_received); + +void +dco_start_tun(struct tuntap *tt); + +#else /* if defined(ENABLE_DCO) && defined(_WIN32) */ + +static inline void +dco_start_tun(struct tuntap *tt) +{ + ASSERT(false); +} + +#endif /* defined(_WIN32) */ +#endif /* ifndef DCO_H */ diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj index 0b3db7c7..51e8fe79 100644 --- a/src/openvpn/openvpn.vcxproj +++ b/src/openvpn/openvpn.vcxproj @@ -278,6 +278,7 @@ + @@ -367,6 +368,7 @@ + @@ -401,6 +403,7 @@ + diff --git a/src/openvpn/openvpn.vcxproj.filters b/src/openvpn/openvpn.vcxproj.filters index 16905079..117270bb 100644 --- a/src/openvpn/openvpn.vcxproj.filters +++ b/src/openvpn/openvpn.vcxproj.filters @@ -42,6 +42,9 @@ Source Files + + Source Files + Source Files @@ -314,6 +317,9 @@ Header Files + + Header Files + Header Files @@ -413,6 +419,9 @@ Header Files + + Header Files + Header Files diff --git a/src/openvpn/ovpn-dco-win.h b/src/openvpn/ovpn-dco-win.h new file mode 100644 index 00000000..1ebd51a7 --- /dev/null +++ b/src/openvpn/ovpn-dco-win.h @@ -0,0 +1,108 @@ +/* + * ovpn-dco-win OpenVPN protocol accelerator for Windows + * + * Copyright (C) 2020-2021 OpenVPN Inc + * + * Author: Lev Stipakov + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * This particular file (uapi.h) is also licensed using the MIT license (see COPYRIGHT.MIT). + */ + +#pragma once +#ifndef _KERNEL_MODE +#include +#endif +#include +#include + +typedef enum { + OVPN_PROTO_UDP, + OVPN_PROTO_TCP +} OVPN_PROTO; + +typedef struct _OVPN_NEW_PEER { + union { + SOCKADDR_IN Addr4; + SOCKADDR_IN6 Addr6; + } Local; + + union { + SOCKADDR_IN Addr4; + SOCKADDR_IN6 Addr6; + } Remote; + + OVPN_PROTO Proto; +} OVPN_NEW_PEER, * POVPN_NEW_PEER; + +typedef struct _OVPN_STATS { + LONG LostInControlPackets; + LONG LostOutControlPackets; + + LONG LostInDataPackets; + LONG LostOutDataPackets; + + LONG ReceivedDataPackets; + LONG ReceivedControlPackets; + + LONG SentControlPackets; + LONG SentDataPackets; + + LONG64 TransportBytesSent; + LONG64 TransportBytesReceived; + + LONG64 TunBytesSent; + LONG64 TunBytesReceived; +} OVPN_STATS, * POVPN_STATS; + +typedef enum _OVPN_KEY_SLOT { + OVPN_KEY_SLOT_PRIMARY, + OVPN_KEY_SLOT_SECONDARY +} OVPN_KEY_SLOT; + +typedef enum _OVPN_CIPHER_ALG { + OVPN_CIPHER_ALG_NONE, + OVPN_CIPHER_ALG_AES_GCM, + OVPN_CIPHER_ALG_CHACHA20_POLY1305 +} OVPN_CIPHER_ALG; + +typedef struct _OVPN_KEY_DIRECTION +{ + unsigned char Key[32]; + unsigned char KeyLen; // 16/24/32 -> AES-128-GCM/AES-192-GCM/AES-256-GCM + unsigned char NonceTail[8]; +} OVPN_KEY_DIRECTION; + +typedef struct _OVPN_CRYPTO_DATA { + OVPN_KEY_DIRECTION Encrypt; + OVPN_KEY_DIRECTION Decrypt; + OVPN_KEY_SLOT KeySlot; + OVPN_CIPHER_ALG CipherAlg; + unsigned char KeyId; + int PeerId; +} OVPN_CRYPTO_DATA, * POVPN_CRYPTO_DATA; + +typedef struct _OVPN_SET_PEER { + LONG KeepaliveInterval; + LONG KeepaliveTimeout; + LONG MSS; +} OVPN_SET_PEER, * POVPN_SET_PEER; + +#define OVPN_IOCTL_NEW_PEER CTL_CODE(FILE_DEVICE_UNKNOWN, 1, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define OVPN_IOCTL_GET_STATS CTL_CODE(FILE_DEVICE_UNKNOWN, 2, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define OVPN_IOCTL_NEW_KEY CTL_CODE(FILE_DEVICE_UNKNOWN, 3, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define OVPN_IOCTL_SWAP_KEYS CTL_CODE(FILE_DEVICE_UNKNOWN, 4, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define OVPN_IOCTL_SET_PEER CTL_CODE(FILE_DEVICE_UNKNOWN, 5, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define OVPN_IOCTL_START_VPN CTL_CODE(FILE_DEVICE_UNKNOWN, 6, METHOD_BUFFERED, FILE_ANY_ACCESS) diff --git a/src/openvpn/tun.h b/src/openvpn/tun.h index f55315ee..0ee01bde 100644 --- a/src/openvpn/tun.h +++ b/src/openvpn/tun.h @@ -48,7 +48,8 @@ enum windows_driver_type { WINDOWS_DRIVER_UNSPECIFIED, WINDOWS_DRIVER_TAP_WINDOWS6, - WINDOWS_DRIVER_WINTUN + WINDOWS_DRIVER_WINTUN, + WINDOWS_DRIVER_DCO }; #endif From patchwork Fri Aug 12 03:06:50 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 2655 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director15.mail.ord1d.rsapps.net ([172.27.255.56]) by backend30.mail.ord1d.rsapps.net with LMTP id KeSTOKlQ9mJ3MwAAIUCqbw (envelope-from ) for ; Fri, 12 Aug 2022 09:07:53 -0400 Received: from proxy3.mail.iad3a.rsapps.net ([172.27.255.56]) by director15.mail.ord1d.rsapps.net with LMTP id EFl4N6lQ9mJUUwAAIcMcQg (envelope-from ) for ; Fri, 12 Aug 2022 09:07:53 -0400 Received: from smtp18.gate.iad3a ([172.27.255.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy3.mail.iad3a.rsapps.net with LMTPS id 6NacMKlQ9mJWbQAAYaqY3Q (envelope-from ) for ; Fri, 12 Aug 2022 09:07:53 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp18.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=fail (p=none; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: c5ded772-1a3f-11ed-bc4c-5254008b8116-1-1 Received: from [216.105.38.7] ([216.105.38.7:60412] helo=lists.sourceforge.net) by smtp18.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 09/77-08730-8A056F26; Fri, 12 Aug 2022 09:07:53 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1oMUMw-0001l1-61; Fri, 12 Aug 2022 13:06:30 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1oMUMu-0001ki-Fo for openvpn-devel@lists.sourceforge.net; Fri, 12 Aug 2022 13:06:28 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=I+JFJ0+Ue5g8NsspfTSNoWN8nmDFYqYB6EqpkKyLOZk=; b=GNk39G1QYBMW8ST557zfk/oehk 3vryytppuTlGmkXGmBsyWyW5DBlt86uooroctioLpKKtSG4OoHUquvbUrBImLIMsF6bBnjbxGkKkA ybO0ylPnJbLyMndGf4TJPwg8gPU23vhzfHvCACHIzgD5sDOhqzAsZg27f9ubSHkrD93s=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=I+JFJ0+Ue5g8NsspfTSNoWN8nmDFYqYB6EqpkKyLOZk=; b=bWDn3YXZDgZCGqOCY4Zmbxlhrb TPu2pNnpJR5NHUK/N19SZR2vzgScCjGzN0z7A24j0o3QKyA/hH+DD0jQJTCNFmFXqpAwBWNeXwkuj hblbhE9hZfBrOAqKB/p4Qv5YliJhqmob2BAX5MbWcRSTsRPdNcwhedoYlez8/ax4L6l8=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1oMUMt-00DFWw-FP for openvpn-devel@lists.sourceforge.net; Fri, 12 Aug 2022 13:06:28 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Fri, 12 Aug 2022 15:06:50 +0200 Message-Id: <20220812130657.29899-4-a@unstable.cc> In-Reply-To: <20220812130657.29899-1-a@unstable.cc> References: <20220812130657.29899-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Some platforms may have different constraints in terms of incompatible opions, therefore we add a function that explicitly checks those. Also, add generic option check for when ovpn-dco-win is in use. Content analysis details: (1.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) X-Headers-End: 1oMUMt-00DFWw-FP Subject: [Openvpn-devel] [PATCH v100 03/10] dco-win: add platform dependant check on incompatible options X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Lev Stipakov , Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Some platforms may have different constraints in terms of incompatible opions, therefore we add a function that explicitly checks those. Also, add generic option check for when ovpn-dco-win is in use. Signed-off-by: Antonio Quartulli Signed-off-by: Lev Stipakov --- src/openvpn/dco.c | 17 +++++++++++++++-- src/openvpn/options.c | 5 +++++ 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c index ac694d18..d330d917 100644 --- a/src/openvpn/dco.c +++ b/src/openvpn/dco.c @@ -221,7 +221,20 @@ dco_update_keys(dco_context_t *dco, struct tls_multi *multi) static bool dco_check_option_conflict_platform(int msglevel, const struct options *o) { -#if defined(TARGET_LINUX) +#if defined(_WIN32) + if (o->mode == MODE_SERVER) + { + msg(msglevel, "Only client and p2p data channel offload is supported " + "with ovpn-dco-win."); + return false; + } + + if (o->persist_tun) + { + msg(msglevel, "--persist-tun is not supported with ovpn-dco-win."); + return false; + } +#elif defined(TARGET_LINUX) /* if the device name is fixed, we need to check if an interface with this * name already exists. IF it does, it must be a DCO interface, otherwise * DCO has to be disabled in order to continue. @@ -246,7 +259,7 @@ dco_check_option_conflict_platform(int msglevel, const struct options *o) strerror(-ret), ret); } } -#endif /* if defined(TARGET_LINUX) */ +#endif /* if defined(_WIN32) */ return true; } diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 0ce3158b..90e59582 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -2450,6 +2450,11 @@ options_postprocess_verify_ce(const struct options *options, { msg(M_USAGE, "--windows-driver wintun requires --dev tun"); } + + if (options->windows_driver == WINDOWS_DRIVER_DCO) + { + dco_check_option_conflict(M_USAGE, options); + } #endif /* ifdef _WIN32 */ /* From patchwork Fri Aug 12 03:06:51 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 2661 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director14.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id IF2yFsNQ9mJLNAAAIUCqbw (envelope-from ) for ; Fri, 12 Aug 2022 09:08:19 -0400 Received: from proxy9.mail.ord1d.rsapps.net ([172.30.191.6]) by director14.mail.ord1d.rsapps.net with LMTP id cECEFsNQ9mLHGwAAeJ7fFg (envelope-from ) for ; Fri, 12 Aug 2022 09:08:19 -0400 Received: from smtp13.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy9.mail.ord1d.rsapps.net with LMTPS id WAVQFsNQ9mJqHwAA7h+8OQ (envelope-from ) for ; Fri, 12 Aug 2022 09:08:19 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp13.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=fail (p=none; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: d5294a78-1a3f-11ed-92ed-525400b197d9-1-1 Received: from [216.105.38.7] ([216.105.38.7:39412] helo=lists.sourceforge.net) by smtp13.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 9B/AC-28767-2C056F26; Fri, 12 Aug 2022 09:08:18 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1oMUNS-0001qt-Vo; Fri, 12 Aug 2022 13:07:02 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1oMUNP-0001pc-TT for openvpn-devel@lists.sourceforge.net; Fri, 12 Aug 2022 13:06:59 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=qZWsWFHaGpGwc6XatFrMSKkBxqEKU2+IwhZ5XBQ28FU=; b=FMCeLcAvE+jc5PuMyT7NULyOnM vxC4jNU87xQhyCDvyepyCxzF2afFaVNlSipDZ33HDRcQ479Ko78hvUPFTdmbHo1P+iH18BxuSQcR6 8v8HVRRDO83OYzfn5kc/t6yDIzZ+i0ljw7wry9HIwfcy35Z9G2KX4IHRHT4es8sED1KU=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=qZWsWFHaGpGwc6XatFrMSKkBxqEKU2+IwhZ5XBQ28FU=; b=Jk91m6jseA4/0mxuSjuMMocgEV LNv3OCHyXf8gauB72ZFzmmqOq3TE5aRnMKSw7ynZekhvEBwM1E5WxBxUjSPxy7tNOWmjG8Y4WRJ9/ 39e0IWWY5JMrdQDuTSlrHYHSU1UmUf7lNaCdIAgBRAihgy5Ofes6XteyMmYiUJREvgeY=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1oMUMv-0002LJ-Kd for openvpn-devel@lists.sourceforge.net; Fri, 12 Aug 2022 13:06:41 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Fri, 12 Aug 2022 15:06:51 +0200 Message-Id: <20220812130657.29899-5-a@unstable.cc> In-Reply-To: <20220812130657.29899-1-a@unstable.cc> References: <20220812130657.29899-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: With this change it is possible to use ovpn-dco-win when running OpenVPN in client or P2P mode. Signed-off-by: Arne Schwabe Signed-off-by: Lev Stipakov Signed-off-by: Antonio Quartulli --- Changes from v3: * rename WINDOWS_DRIVER_WINDCO to WIN [...] Content analysis details: (1.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) X-Headers-End: 1oMUMv-0002LJ-Kd Subject: [Openvpn-devel] [PATCH v100 04/10] dco-win: implement ovpn-dco support in P2P Windows code path X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Lev Stipakov , Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox With this change it is possible to use ovpn-dco-win when running OpenVPN in client or P2P mode. Signed-off-by: Arne Schwabe Signed-off-by: Lev Stipakov Signed-off-by: Antonio Quartulli --- Changes from v3: * rename WINDOWS_DRIVER_WINDCO to WINDOWS_DRIVER_DCO * add reference string check Changes from v2: * added is_tun_type_set() and removed real_tun_init flag * moved link-close to do_close_tun() Changes from v1: * use suffix _dco_win instead of _windco * create helper function to retrieve last error from socket object --- src/openvpn/dco_win.h | 1 - src/openvpn/forward.c | 8 ++++ src/openvpn/init.c | 33 ++++++++++++--- src/openvpn/options.c | 23 ++++++++--- src/openvpn/options.h | 15 +++---- src/openvpn/socket.c | 93 ++++++++++++++++++++++++++++++++++++++++--- src/openvpn/socket.h | 25 ++++++++---- src/openvpn/tun.c | 56 ++++++++++++++++++++------ src/openvpn/tun.h | 74 +++++++++++++++++++++++++++------- 9 files changed, 265 insertions(+), 63 deletions(-) diff --git a/src/openvpn/dco_win.h b/src/openvpn/dco_win.h index 3b746dd8..f2232644 100644 --- a/src/openvpn/dco_win.h +++ b/src/openvpn/dco_win.h @@ -31,7 +31,6 @@ typedef OVPN_KEY_SLOT dco_key_slot_t; typedef OVPN_CIPHER_ALG dco_cipher_t; struct dco_context { - bool real_tun_init; struct tuntap *tt; }; diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 55c939c4..650f7c59 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -864,9 +864,17 @@ read_incoming_link(struct context *c) return; } + /* check_status() call below resets last-error code */ + bool dco_win_timeout = tuntap_is_dco_win_timeout(c->c1.tuntap, status); + /* check recvfrom status */ check_status(status, "read", c->c2.link_socket, NULL); + if (dco_win_timeout) + { + trigger_ping_timeout_signal(c); + } + /* Remove socks header if applicable */ socks_postprocess_incoming_link(c); diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 4d4c7192..0610f070 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -1699,7 +1699,8 @@ do_init_tun(struct context *c) c->c1.link_socket_addr.remote_list, !c->options.ifconfig_nowarn, c->c2.es, - &c->net_ctx); + &c->net_ctx, + c->c1.tuntap); #ifdef _WIN32 c->c1.tuntap->windows_driver = c->options.windows_driver; @@ -1723,7 +1724,7 @@ can_preserve_tun(struct tuntap *tt) #ifdef TARGET_ANDROID return false; #else - return tt; + return is_tun_type_set(tt); #endif } @@ -1810,9 +1811,12 @@ do_open_tun(struct context *c) ovpn_dco_init(c->mode, &c->c1.tuntap->dco); } - /* open the tun device */ - open_tun(c->options.dev, c->options.dev_type, c->options.dev_node, - c->c1.tuntap, &c->net_ctx); + /* open the tun device (ovpn-dco-win already opened the device for the socket) */ + if (!tuntap_is_dco_win(c->c1.tuntap)) + { + open_tun(c->options.dev, c->options.dev_type, c->options.dev_node, + c->c1.tuntap, &c->net_ctx); + } /* set the hardware address */ if (c->options.lladdr) @@ -1930,6 +1934,16 @@ do_close_tun_simple(struct context *c) static void do_close_tun(struct context *c, bool force) { + /* With dco-win we open tun handle in the very beginning. + * In case when tun wasn't opened - like we haven't connected, + * we still need to close tun handle + */ + if (tuntap_is_dco_win(c->c1.tuntap) && !is_tun_type_set(c->c1.tuntap)) + { + do_close_tun_simple(c); + return; + } + if (!c->c1.tuntap || !c->c1.tuntap_owned) { return; @@ -3570,6 +3584,15 @@ do_close_free_key_schedule(struct context *c, bool free_ssl_ctx) static void do_close_link_socket(struct context *c) { + /* in dco-win case, link socket is a tun handle which is + * closed in do_close_tun(). Set it to UNDEFINED so + * we won't use WinSock API to close it. */ + if (tuntap_is_dco_win(c->c1.tuntap) && c->c2.link_socket + && c->c2.link_socket->info.dco_installed) + { + c->c2.link_socket->sd = SOCKET_UNDEFINED; + } + if (c->c2.link_socket && c->c2.link_socket_owned) { link_socket_close(c->c2.link_socket); diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 90e59582..f66f54ba 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -3343,9 +3343,11 @@ options_postprocess_mutate_invariant(struct options *options) #ifdef _WIN32 const int dev = dev_type_enum(options->dev, options->dev_type); - /* when using wintun, kernel doesn't send DHCP requests, so don't use it */ - if (options->windows_driver == WINDOWS_DRIVER_WINTUN - && (options->tuntap_options.ip_win32_type == IPW32_SET_DHCP_MASQ || options->tuntap_options.ip_win32_type == IPW32_SET_ADAPTIVE)) + /* when using wintun/ovpn-dco-win, kernel doesn't send DHCP requests, so don't use it */ + if ((options->windows_driver == WINDOWS_DRIVER_WINTUN + || options->windows_driver == WINDOWS_DRIVER_DCO) + && (options->tuntap_options.ip_win32_type == IPW32_SET_DHCP_MASQ + || options->tuntap_options.ip_win32_type == IPW32_SET_ADAPTIVE)) { options->tuntap_options.ip_win32_type = IPW32_SET_NETSH; } @@ -3439,10 +3441,12 @@ options_postprocess_setdefault_ncpciphers(struct options *o) /* custom --data-ciphers set, keep list */ return; } +#if !defined(_WIN32) else if (cipher_valid("CHACHA20-POLY1305")) { o->ncp_ciphers = "AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305"; } +#endif else { o->ncp_ciphers = "AES-256-GCM:AES-128-GCM"; @@ -4165,7 +4169,8 @@ options_string(const struct options *o, NULL, false, NULL, - ctx); + ctx, + NULL); if (tt) { tt_local = true; @@ -4552,13 +4557,19 @@ parse_windows_driver(const char *str, const int msglevel) { return WINDOWS_DRIVER_WINTUN; } + + else if (streq(str, "ovpn-dco-win")) + { + return WINDOWS_DRIVER_DCO; + } else { - msg(msglevel, "--windows-driver must be tap-windows6 or wintun"); + msg(msglevel, "--windows-driver must be tap-windows6, wintun " + "or ovpn-dco-win"); return WINDOWS_DRIVER_UNSPECIFIED; } } -#endif +#endif /* ifdef _WIN32 */ /* * parse/print topology coding diff --git a/src/openvpn/options.h b/src/openvpn/options.h index ec3c44b1..64731db0 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -876,24 +876,19 @@ void options_string_import(struct options *options, bool key_is_external(const struct options *options); -#if defined(ENABLE_DCO) && defined(TARGET_LINUX) - /** * Returns whether the current configuration has dco enabled. */ static inline bool dco_enabled(const struct options *o) { +#if defined(_WIN32) + return o->windows_driver == WINDOWS_DRIVER_DCO; +#elif defined(ENABLE_DCO) return !o->tuntap_options.disable_dco; -} - -#else /* if defined(ENABLE_DCO) && defined(TARGET_LINUX) */ - -static inline bool -dco_enabled(const struct options *o) -{ +#else return false; +#endif /* defined(_WIN32) */ } -#endif #endif /* ifndef OPTIONS_H */ diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index b4c20f69..db73b35d 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -2123,6 +2123,41 @@ phase2_socks_client(struct link_socket *sock, struct signal_info *sig_info) resolve_remote(sock, 1, NULL, &sig_info->signal_received); } +#if defined(_WIN32) +static void +create_socket_dco_win(struct context *c, struct link_socket *sock, + volatile int *signal_received) +{ + struct tuntap *tt; + /* In this case persist-tun is enabled, which we don't support yet */ + ASSERT(!c->c1.tuntap); + + ALLOC_OBJ(tt, struct tuntap); + + *tt = dco_create_socket(sock->info.lsa->current_remote, + sock->bind_local, + sock->info.lsa->bind_local, + c->options.dev_node, + &c->gc, + get_server_poll_remaining_time(sock->server_poll_timeout), + signal_received); + + /* This state is used by signal handler which does teardown, + * so it has to be set before return */ + c->c1.tuntap = tt; + sock->info.dco_installed = true; + + if (*signal_received) + { + return; + } + + /* Ensure we can "safely" cast the handle to a socket */ + static_assert(sizeof(sock->sd) == sizeof(tt->hand), "HANDLE and SOCKET size differs"); + sock->sd = (SOCKET)tt->hand; +} +#endif /* if defined(_WIN32) */ + /* finalize socket initialization */ void link_socket_init_phase2(struct context *c) @@ -2162,7 +2197,24 @@ link_socket_init_phase2(struct context *c) /* If a valid remote has been found, create the socket with its addrinfo */ if (sock->info.lsa->current_remote) { - create_socket(sock, sock->info.lsa->current_remote); +#if defined(_WIN32) + if (dco_enabled(&c->options)) + { + create_socket_dco_win(c, sock, &sig_info->signal_received); + if (sig_info->signal_received) + { + goto done; + } + + linksock_print_addr(sock); + goto done; + } + else +#endif + { + create_socket(sock, sock->info.lsa->current_remote); + } + } /* If socket has not already been created create it now */ @@ -3430,6 +3482,17 @@ link_socket_write_udp_posix_sendmsg(struct link_socket *sock, #ifdef _WIN32 +static int +socket_get_last_error(const struct link_socket *sock) +{ + if (sock->info.dco_installed) + { + return GetLastError(); + } + + return WSAGetLastError(); +} + int socket_recv_queue(struct link_socket *sock, int maxsize) { @@ -3463,7 +3526,14 @@ socket_recv_queue(struct link_socket *sock, int maxsize) ASSERT(ResetEvent(sock->reads.overlapped.hEvent)); sock->reads.flags = 0; - if (proto_is_udp(sock->info.proto)) + if (sock->info.dco_installed) + { + status = ReadFile((HANDLE)sock->sd, wsabuf[0].buf, wsabuf[0].len, + &sock->reads.size, &sock->reads.overlapped); + /* Readfile status is inverted from WSARecv */ + status = !status; + } + else if (proto_is_udp(sock->info.proto)) { sock->reads.addr_defined = true; sock->reads.addrlen = sizeof(sock->reads.addr6); @@ -3516,7 +3586,7 @@ socket_recv_queue(struct link_socket *sock, int maxsize) } else { - status = WSAGetLastError(); + status = socket_get_last_error(sock); if (status == WSA_IO_PENDING) /* operation queued? */ { sock->reads.iostate = IOSTATE_QUEUED; @@ -3561,7 +3631,16 @@ socket_send_queue(struct link_socket *sock, struct buffer *buf, const struct lin ASSERT(ResetEvent(sock->writes.overlapped.hEvent)); sock->writes.flags = 0; - if (proto_is_udp(sock->info.proto)) + if (sock->info.dco_installed) + { + status = WriteFile((HANDLE)sock->sd, wsabuf[0].buf, wsabuf[0].len, + &sock->writes.size, &sock->writes.overlapped); + + /* WriteFile status is inverted from WSASendTo */ + status = !status; + + } + else if (proto_is_udp(sock->info.proto)) { /* set destination address for UDP writes */ sock->writes.addr_defined = true; @@ -3622,8 +3701,9 @@ socket_send_queue(struct link_socket *sock, struct buffer *buf, const struct lin } else { - status = WSAGetLastError(); - if (status == WSA_IO_PENDING) /* operation queued? */ + status = socket_get_last_error(sock); + /* both status code have the identical value */ + if (status == WSA_IO_PENDING || status == ERROR_IO_PENDING) /* operation queued? */ { sock->writes.iostate = IOSTATE_QUEUED; sock->writes.status = status; @@ -3648,6 +3728,7 @@ socket_send_queue(struct link_socket *sock, struct buffer *buf, const struct lin return sock->writes.iostate; } +/* Returns the number of bytes successfully read */ int sockethandle_finalize(sockethandle_t sh, struct overlapped_io *io, diff --git a/src/openvpn/socket.h b/src/openvpn/socket.h index 0d521d22..462afa31 100644 --- a/src/openvpn/socket.h +++ b/src/openvpn/socket.h @@ -34,6 +34,7 @@ #include "proxy.h" #include "socks.h" #include "misc.h" +#include "tun.h" /* * OpenVPN's default port number as assigned by IANA. @@ -937,7 +938,8 @@ socket_connection_reset(const struct link_socket *sock, int status) { const int err = openvpn_errno(); #ifdef _WIN32 - return err == WSAECONNRESET || err == WSAECONNABORTED; + return err == WSAECONNRESET || err == WSAECONNABORTED + || err == ERROR_CONNECTION_ABORTED; #else return err == ECONNRESET; #endif @@ -1048,6 +1050,11 @@ link_socket_read_udp_win32(struct link_socket *sock, struct link_socket_actual *from) { sockethandle_t sh = { .s = sock->sd }; + if (sock->info.dco_installed) + { + addr_copy_sa(&from->dest, &sock->info.lsa->actual.dest); + sh.is_handle = true; + } return sockethandle_finalize(sh, &sock->reads, buf, from); } @@ -1057,7 +1064,7 @@ int link_socket_read_udp_posix(struct link_socket *sock, struct buffer *buf, struct link_socket_actual *from); -#endif +#endif /* ifdef _WIN32 */ /* read a TCP or UDP packet from link */ static inline int @@ -1065,7 +1072,10 @@ link_socket_read(struct link_socket *sock, struct buffer *buf, struct link_socket_actual *from) { - if (proto_is_udp(sock->info.proto)) /* unified UDPv4 and UDPv6 */ + if (proto_is_udp(sock->info.proto) + || sock->info.dco_installed) + /* unified UDPv4 and UDPv6, for DCO the kernel + * will strip the length header */ { int res; @@ -1106,19 +1116,19 @@ link_socket_write_win32(struct link_socket *sock, { int err = 0; int status = 0; - sockethandle_t sh = { .s = sock->sd }; + sockethandle_t sh = { .s = sock->sd, .is_handle = sock->info.dco_installed }; if (overlapped_io_active(&sock->writes)) { status = sockethandle_finalize(sh, &sock->writes, NULL, NULL); if (status < 0) { - err = WSAGetLastError(); + err = SocketHandleGetLastError(sh); } } socket_send_queue(sock, buf, to); if (status < 0) { - WSASetLastError(err); + SocketHandleSetLastError(sh, err); return status; } else @@ -1180,8 +1190,9 @@ link_socket_write(struct link_socket *sock, struct buffer *buf, struct link_socket_actual *to) { - if (proto_is_udp(sock->info.proto)) /* unified UDPv4 and UDPv6 */ + if (proto_is_udp(sock->info.proto) || sock->info.dco_installed) { + /* unified UDPv4 and UDPv6 and DCO (kernel adds size header) */ return link_socket_write_udp(sock, buf, to); } else if (proto_is_tcp(sock->info.proto)) /* unified TCPv4 and TCPv6 */ diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index 5a5a3f45..876071f6 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -743,12 +743,14 @@ init_tun(const char *dev, /* --dev option */ struct addrinfo *remote_public, const bool strict_warn, struct env_set *es, - openvpn_net_ctx_t *ctx) + openvpn_net_ctx_t *ctx, + struct tuntap *tt) { - struct tuntap *tt; - - ALLOC_OBJ(tt, struct tuntap); - clear_tuntap(tt); + if (!tt) + { + ALLOC_OBJ(tt, struct tuntap); + clear_tuntap(tt); + } tt->type = dev_type_enum(dev, dev_type); tt->topology = topology; @@ -890,6 +892,12 @@ init_tun_post(struct tuntap *tt, { tt->options = *options; #ifdef _WIN32 + if (tt->windows_driver == WINDOWS_DRIVER_DCO) + { + dco_start_tun(tt); + return; + } + overlapped_io_init(&tt->reads, frame, FALSE, true); overlapped_io_init(&tt->writes, frame, TRUE, true); tt->adapter_index = TUN_ADAPTER_INDEX_INVALID; @@ -3529,6 +3537,9 @@ print_windows_driver(enum windows_driver_type windows_driver) case WINDOWS_DRIVER_WINTUN: return "wintun"; + case WINDOWS_DRIVER_DCO: + return "ovpn-dco-win"; + default: return "unspecified"; } @@ -3916,6 +3927,10 @@ get_tap_reg(struct gc_arena *gc) { windows_driver = WINDOWS_DRIVER_WINTUN; } + else if (strcasecmp(component_id, "ovpn-dco") == 0) + { + windows_driver = WINDOWS_DRIVER_DCO; + } if (windows_driver != WINDOWS_DRIVER_UNSPECIFIED) { @@ -4270,7 +4285,9 @@ at_least_one_tap_win(const struct tap_reg *tap_reg) { if (!tap_reg) { - msg(M_FATAL, "There are no TAP-Windows nor Wintun adapters on this system. You should be able to create an adapter by using tapctl.exe utility."); + msg(M_FATAL, "There are no TAP-Windows, Wintun or ovpn-dco-win adapters " + "on this system. You should be able to create an adapter " + "by using tapctl.exe utility."); } } @@ -6470,17 +6487,30 @@ tun_try_open_device(struct tuntap *tt, const char *device_guid, const struct dev const char *path = NULL; char tuntap_device_path[256]; - if (tt->windows_driver == WINDOWS_DRIVER_WINTUN) + if (tt->windows_driver == WINDOWS_DRIVER_WINTUN + || tt->windows_driver == WINDOWS_DRIVER_DCO) { const struct device_instance_id_interface *dev_if; for (dev_if = device_instance_id_interface; dev_if != NULL; dev_if = dev_if->next) { - if (strcmp((const char *)dev_if->net_cfg_instance_id, device_guid) == 0) + if (strcmp((const char *)dev_if->net_cfg_instance_id, device_guid) != 0) { - path = dev_if->device_interface; - break; + continue; + } + + if (tt->windows_driver == WINDOWS_DRIVER_DCO) + { + char *last_sep = strrchr(dev_if->device_interface, '\\'); + if (!last_sep + || strcmp(last_sep + 1, DCO_WIN_REFERENCE_STRING) != 0) + { + continue; + } } + + path = dev_if->device_interface; + break; } if (path == NULL) { @@ -6489,7 +6519,7 @@ tun_try_open_device(struct tuntap *tt, const char *device_guid, const struct dev } else { - /* Open TAP-Windows adapter */ + /* Open TAP-Windows */ openvpn_snprintf(tuntap_device_path, sizeof(tuntap_device_path), "%s%s%s", USERMODEDEVICEDIR, device_guid, @@ -6525,7 +6555,7 @@ tun_try_open_device(struct tuntap *tt, const char *device_guid, const struct dev return true; } -static void +void tun_open_device(struct tuntap *tt, const char *dev_node, const char **device_guid, struct gc_arena *gc) { const struct tap_reg *tap_reg = get_tap_reg(gc); @@ -6817,7 +6847,7 @@ netsh_delete_address_dns(const struct tuntap *tt, bool ipv6, struct gc_arena *gc argv_free(&argv); } -static void +void close_tun_handle(struct tuntap *tt) { const char *adaptertype = print_windows_driver(tt->windows_driver); diff --git a/src/openvpn/tun.h b/src/openvpn/tun.h index 0ee01bde..e8a40c16 100644 --- a/src/openvpn/tun.h +++ b/src/openvpn/tun.h @@ -44,6 +44,7 @@ #ifdef _WIN32 #define WINTUN_COMPONENT_ID "wintun" +#define DCO_WIN_REFERENCE_STRING "ovpn-dco" enum windows_driver_type { WINDOWS_DRIVER_UNSPECIFIED, @@ -65,6 +66,8 @@ struct tuntap_options { /* --ip-win32 options */ bool ip_win32_defined; + bool disable_dco; + #define IPW32_SET_MANUAL 0 /* "--ip-win32 manual" */ #define IPW32_SET_NETSH 1 /* "--ip-win32 netsh" */ #define IPW32_SET_IPAPI 2 /* "--ip-win32 ipapi" */ @@ -243,6 +246,10 @@ tuntap_ring_empty(struct tuntap *tt) { return tuntap_is_wintun(tt) && (tt->wintun_send_ring->head == tt->wintun_send_ring->tail); } + +/* Low level function to open tun handle, used by DCO to create a handle for DCO*/ +void +tun_open_device(struct tuntap *tt, const char *dev_node, const char **device_guid, struct gc_arena *gc); #endif /* @@ -254,6 +261,8 @@ void open_tun(const char *dev, const char *dev_type, const char *dev_node, void close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx); +void close_tun_handle(struct tuntap *tt); + int write_tun(struct tuntap *tt, uint8_t *buf, int len); int read_tun(struct tuntap *tt, uint8_t *buf, int len); @@ -280,7 +289,8 @@ struct tuntap *init_tun(const char *dev, /* --dev option */ struct addrinfo *remote_public, const bool strict_warn, struct env_set *es, - openvpn_net_ctx_t *ctx); + openvpn_net_ctx_t *ctx, + struct tuntap *tt); void init_tun_post(struct tuntap *tt, const struct frame *frame, @@ -625,6 +635,18 @@ write_tun_buffered(struct tuntap *tt, struct buffer *buf) } } +static inline bool +tuntap_is_dco_win(struct tuntap *tt) +{ + return tt && tt->windows_driver == WINDOWS_DRIVER_DCO; +} + +static inline bool +tuntap_is_dco_win_timeout(struct tuntap *tt, int status) +{ + return tuntap_is_dco_win(tt) && (status < 0) && (openvpn_errno() == ERROR_NETNAME_DELETED); +} + #else /* ifdef _WIN32 */ static inline bool @@ -650,6 +672,19 @@ tun_standby(struct tuntap *tt) return true; } + +static inline bool +tuntap_is_dco_win(struct tuntap *tt) +{ + return false; +} + +static inline bool +tuntap_is_dco_win_timeout(struct tuntap *tt, int status) +{ + return false; +} + #endif /* ifdef _WIN32 */ /* @@ -673,28 +708,37 @@ tun_set(struct tuntap *tt, void *arg, unsigned int *persistent) { - if (tuntap_defined(tt)) + if (!tuntap_defined(tt) || tuntap_is_dco_win(tt)) + { + return; + } + + /* if persistent is defined, call event_ctl only if rwflags has changed since last call */ + if (!persistent || *persistent != rwflags) { - /* if persistent is defined, call event_ctl only if rwflags has changed since last call */ - if (!persistent || *persistent != rwflags) + event_ctl(es, tun_event_handle(tt), rwflags, arg); + if (persistent) { - event_ctl(es, tun_event_handle(tt), rwflags, arg); - if (persistent) - { - *persistent = rwflags; - } + *persistent = rwflags; } + } #ifdef _WIN32 - if (tt->windows_driver == WINDOWS_DRIVER_TAP_WINDOWS6 && (rwflags & EVENT_READ)) - { - tun_read_queue(tt, 0); - } -#endif - tt->rwflags_debug = rwflags; + if (tt->windows_driver == WINDOWS_DRIVER_TAP_WINDOWS6 && (rwflags & EVENT_READ)) + { + tun_read_queue(tt, 0); } +#endif + tt->rwflags_debug = rwflags; + } const char *tun_stat(const struct tuntap *tt, unsigned int rwflags, struct gc_arena *gc); bool tun_name_is_fixed(const char *dev); +static inline bool +is_tun_type_set(const struct tuntap *tt) +{ + return tt && tt->type != DEV_TYPE_UNDEF; +} + #endif /* TUN_H */ From patchwork Fri Aug 12 03:06:52 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 2654 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director11.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id wKIVBZRQ9mK6MgAAIUCqbw (envelope-from ) for ; Fri, 12 Aug 2022 09:07:32 -0400 Received: from proxy16.mail.ord1d.rsapps.net ([172.30.191.6]) by director11.mail.ord1d.rsapps.net with LMTP id uD8DBZRQ9mJcAgAAvGGmqA (envelope-from ) for ; Fri, 12 Aug 2022 09:07:32 -0400 Received: from smtp17.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy16.mail.ord1d.rsapps.net with LMTPS id 6H6PBJRQ9mJGTwAAetu3IA (envelope-from ) for ; Fri, 12 Aug 2022 09:07:32 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp17.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=fail (p=none; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: b90cd5c6-1a3f-11ed-89ed-5254008de1cb-1-1 Received: from [216.105.38.7] ([216.105.38.7:48164] helo=lists.sourceforge.net) by smtp17.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 71/41-23984-39056F26; Fri, 12 Aug 2022 09:07:31 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1oMUN0-0004lB-BC; Fri, 12 Aug 2022 13:06:34 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1oMUMy-0004l4-Jl for openvpn-devel@lists.sourceforge.net; Fri, 12 Aug 2022 13:06:32 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=ANUO2kjaqNFAznajYdjGP/y9GZ/4pR1Hl52/XLUfPyc=; b=BQrOYsIUnfo8DXxyW3UqfKbeC3 uZuWNFVDXdaWWlAxcLQJvQlfMkcSRNmjTvsxy3gpptupbRVH1WKG2ODlbL5/yEGoC9ZzEtGH7y22Y 4QUo1sYoQI08bhvy7MKiD1T1N4DEkSnZKHcQRcw4DITkAqrtjO+n5TeZOMouq0r7Q5qo=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=ANUO2kjaqNFAznajYdjGP/y9GZ/4pR1Hl52/XLUfPyc=; b=Ydl4nDd1fZqkON0USdNfzhA6Ym TnkJF7wqJjbJn6iSaU8JkgeV1nMKDei4eYIymzk2MkIw/GNwvu8XawY48SVQcgdzbic+Zkfhjs9U8 MpnPt/2cwte/+w+slOMDv4zyveX03AAcW+hhefJ8YYHOP8qS7BHw4wFzAvQHgDMmbZNE=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1oMUMx-00DFXc-Aw for openvpn-devel@lists.sourceforge.net; Fri, 12 Aug 2022 13:06:32 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Fri, 12 Aug 2022 15:06:52 +0200 Message-Id: <20220812130657.29899-6-a@unstable.cc> In-Reply-To: <20220812130657.29899-1-a@unstable.cc> References: <20220812130657.29899-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Signed-off-by: Arne Schwabe Signed-off-by: Lev Stipakov Signed-off-by: Antonio Quartulli --- README.dco.md | 11 ++++++++++- 1 file changed, 10 inse [...] Content analysis details: (1.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) X-Headers-End: 1oMUMx-00DFXc-Aw Subject: [Openvpn-devel] [PATCH v100 05/10] dco-win: add documentation to README.dco.md X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Lev Stipakov , Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Signed-off-by: Arne Schwabe Signed-off-by: Lev Stipakov Signed-off-by: Antonio Quartulli --- README.dco.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/README.dco.md b/README.dco.md index c38d3de3..d67f6e7e 100644 --- a/README.dco.md +++ b/README.dco.md @@ -57,6 +57,13 @@ see a message like in your log. +Getting started (Windows) +------------------------- +Getting started under windows is currently for brave people having experience +with windows development. You need to compile openvpn yourself and also need +to get the test driver installed on your system. + + DCO and P2P mode ---------------- DCO is also available when running OpenVPN in P2P mode without `--pull` / @@ -111,7 +118,9 @@ Limitations by design - older versions are missing support for the AEAD ciphers; - topology subnet is the only supported `--topology` for servers; - iroute directives install routes on the host operating system, see also - Routing with ovpn-dco. + Routing with ovpn-dco; +- (ovpn-dco-win) client and p2p mode only; +- (ovpn-dco-win) Chacha20-Poly1305 support available starting with Windows 11. Current implementation limitations From patchwork Fri Aug 12 03:06:53 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 2658 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director15.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id iEsHIMBQ9mIuNAAAIUCqbw (envelope-from ) for ; Fri, 12 Aug 2022 09:08:16 -0400 Received: from proxy18.mail.ord1d.rsapps.net ([172.30.191.6]) by director15.mail.ord1d.rsapps.net with LMTP id mErkH8BQ9mKFVAAAIcMcQg (envelope-from ) for ; Fri, 12 Aug 2022 09:08:16 -0400 Received: from smtp33.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy18.mail.ord1d.rsapps.net with LMTPS id +IuYH8BQ9mJUYwAATCaURg (envelope-from ) for ; Fri, 12 Aug 2022 09:08:16 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp33.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=fail (p=none; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: d39f939c-1a3f-11ed-a807-525400041ef2-1-1 Received: from [216.105.38.7] ([216.105.38.7:48490] helo=lists.sourceforge.net) by smtp33.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 1B/1C-04742-FB056F26; Fri, 12 Aug 2022 09:08:15 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1oMUNR-0004mn-6I; Fri, 12 Aug 2022 13:07:01 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1oMUNQ-0004mN-4y for openvpn-devel@lists.sourceforge.net; Fri, 12 Aug 2022 13:07:00 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=N4TMXrEZEx1ZCzxH5FMuAqH3uLfVV7S9eeOKEZ2jirA=; b=OlWNJMtqTr15L5ESvhbfQ+9s6x jbK1UF6V2tB41Vtmtqtmk746USqQaru7lJyuzYGtjogL2iwafxL5STroPFx1NkSDoT3wyYQOFrK+5 NSGX4yCa1D+kWW1U5jgBXGw+3H0Gnop3HVDzjetji1WvWJdAUF4Z6u9zz5JOBT+zFevo=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=N4TMXrEZEx1ZCzxH5FMuAqH3uLfVV7S9eeOKEZ2jirA=; b=FNn0N/l/YGRU2PqP4LSa/o85W3 tArBjio7jpCfrcQx3xx9KvrX0+VelcwSpyWTmFkNiJOWdjJO0pzarPzvwgb9hiHpnWS040nmHNkJ3 sXMa7ZhXl+5XjUtYHVSnM0aCxKgYhR8bSpCWADtm7YwelpKslwb3+ncVYKzFCtgHDn1U=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1oMUN0-0002M3-9I for openvpn-devel@lists.sourceforge.net; Fri, 12 Aug 2022 13:06:55 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Fri, 12 Aug 2022 15:06:53 +0200 Message-Id: <20220812130657.29899-7-a@unstable.cc> In-Reply-To: <20220812130657.29899-1-a@unstable.cc> References: <20220812130657.29899-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Signed-off-by: Lev Stipakov Signed-off-by: Antonio Quartulli --- .github/workflows/build.yaml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index c89d3c8c..6bd108b9 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -59,11 +59,6 @@ jobs: [...] Content analysis details: (1.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) X-Headers-End: 1oMUN0-0002M3-9I Subject: [Openvpn-devel] [PATCH v100 06/10] dco-win: update GH Actions config file X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Lev Stipakov , Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Signed-off-by: Lev Stipakov Signed-off-by: Antonio Quartulli --- .github/workflows/build.yaml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index c89d3c8c..6bd108b9 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -59,11 +59,6 @@ jobs: steps: - name: Install dependencies run: sudo apt update && sudo apt install -y mingw-w64 libtool automake autoconf man2html unzip - - name: Checkout ovpn-dco-win - uses: actions/checkout@v2 - with: - repository: OpenVPN/ovpn-dco-win - path: ovpn-dco-win - name: Checkout OpenVPN uses: actions/checkout@v2 with: @@ -151,7 +146,7 @@ jobs: run: cp ./tap-windows-${TAP_WINDOWS_VERSION}/include/tap-windows.h ${HOME}/mingw/opt/include/ - name: configure OpenVPN - run: PKG_CONFIG_PATH=${HOME}/mingw/opt/lib/pkgconfig DCO_SOURCEDIR=$(realpath ../ovpn-dco-win) LDFLAGS=-L$HOME/mingw/opt/lib CFLAGS=-I$HOME/mingw/opt/include OPENSSL_LIBS="-L${HOME}/opt/lib -lssl -lcrypto" OPENSSL_CFLAGS=-I$HOME/mingw/opt/include PREFIX=$HOME/mingw/opt LZO_CFLAGS=-I$HOME/mingw/opt/include LZO_LIBS="-L${HOME}/mingw/opt/lib -llzo2" ./configure --host=${CHOST} --disable-lz4 --enable-dco + run: PKG_CONFIG_PATH=${HOME}/mingw/opt/lib/pkgconfig LDFLAGS=-L$HOME/mingw/opt/lib CFLAGS=-I$HOME/mingw/opt/include OPENSSL_LIBS="-L${HOME}/opt/lib -lssl -lcrypto" OPENSSL_CFLAGS=-I$HOME/mingw/opt/include PREFIX=$HOME/mingw/opt LZO_CFLAGS=-I$HOME/mingw/opt/include LZO_LIBS="-L${HOME}/mingw/opt/lib -llzo2" ./configure --host=${CHOST} --disable-lz4 working-directory: openvpn - name: build OpenVPN From patchwork Fri Aug 12 03:06:54 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 2656 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director13.mail.ord1d.rsapps.net ([172.27.255.58]) by backend30.mail.ord1d.rsapps.net with LMTP id 6J+FJKtQ9mJdMwAAIUCqbw (envelope-from ) for ; Fri, 12 Aug 2022 09:07:55 -0400 Received: from proxy18.mail.iad3a.rsapps.net ([172.27.255.58]) by director13.mail.ord1d.rsapps.net with LMTP id ACZvJKtQ9mI0YQAA91zNiA (envelope-from ) for ; Fri, 12 Aug 2022 09:07:55 -0400 Received: from smtp16.gate.iad3a ([172.27.255.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy18.mail.iad3a.rsapps.net with LMTPS id 4E04HKtQ9mJTGgAAon3hFg (envelope-from ) for ; Fri, 12 Aug 2022 09:07:55 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp16.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=fail (p=none; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: c6eff1f0-1a3f-11ed-b777-5254004ee196-1-1 Received: from [216.105.38.7] ([216.105.38.7:60426] helo=lists.sourceforge.net) by smtp16.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id F8/EF-22520-AA056F26; Fri, 12 Aug 2022 09:07:55 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1oMUN0-0001lg-Qe; Fri, 12 Aug 2022 13:06:34 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1oMUMz-0001lM-7A for openvpn-devel@lists.sourceforge.net; Fri, 12 Aug 2022 13:06:33 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=zJQJ5U1Hzz3miLQwSoS4A08PNks6DlV9DF1qkoN64wc=; b=Sl8gGVwERPvNzjb67sF7YdAPkP +7Q65STSo+FmBVT96hUkxEw8ZlarppqqaZZ/9BfNeZkZLrdAH/0Fcd4GgfQWxQanMwoMol69hBMsj 47V4PgxHbzciGcZ3+bJmnLK/kYToOvFO72g/nd1KjCxZNFtmi7DL27jMs3wwLsCisZ38=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=zJQJ5U1Hzz3miLQwSoS4A08PNks6DlV9DF1qkoN64wc=; b=T31ijOo8OkkHFzvqddZwCIJfEw ydD39Vm7JnWgKxsNnI8dnev++8wks3MdeshZNJDLEdGsD34yip9Zluk2Y6mSeryGeHdZt5E4M/OrR QSlQ2q3xl8b2udIdiXJLICGSpWmcuqOdeqP8phJELW97QGgem+R85cuX7GmGA2EhxFCQ=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1oMUMy-00DFXp-8U for openvpn-devel@lists.sourceforge.net; Fri, 12 Aug 2022 13:06:32 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Fri, 12 Aug 2022 15:06:54 +0200 Message-Id: <20220812130657.29899-8-a@unstable.cc> In-Reply-To: <20220812130657.29899-1-a@unstable.cc> References: <20220812130657.29899-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: On Windows the high level API should still use the link_socket object to read and write packets. For this reason, even if dco_installed is true, we still need to rely on the classic link_socket object [...] Content analysis details: (1.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) X-Headers-End: 1oMUMy-00DFXp-8U Subject: [Openvpn-devel] [PATCH v100 07/10] dco-win: ensure the DCO API is not used when running on Windows X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox On Windows the high level API should still use the link_socket object to read and write packets. For this reason, even if dco_installed is true, we still need to rely on the classic link_socket object. Signed-off-by: Antonio Quartulli --- src/openvpn/dco_win.c | 4 ++-- src/openvpn/forward.c | 23 ++++++++++++++++++++++- 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/src/openvpn/dco_win.c b/src/openvpn/dco_win.c index f1160c7d..18ce9f3a 100644 --- a/src/openvpn/dco_win.c +++ b/src/openvpn/dco_win.c @@ -355,14 +355,14 @@ dco_available(int msglevel) int dco_do_read(dco_context_t *dco) { - /* no-op on windows */ + ASSERT(false); return 0; } int dco_do_write(dco_context_t *dco, int peer_id, struct buffer *buf) { - /* no-op on windows */ + ASSERT(false); return 0; } diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 650f7c59..8af41072 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -1601,6 +1601,27 @@ process_ip_header(struct context *c, unsigned int flags, struct buffer *buf) } } +/* Depending on the platform, we may have to not use the DCO socket, even if DCO + * is being used for a specific link. + * + * This happens with Windows, where the standard link_socket API have to be used + * also with DCO. + * + * For this reason we must make the right decision and not always look at + * dco_installed. Note that on Windows the dco_installed field is still supposed + * to be true, because it is used in the lower level code to use the proper API + * (socket vs handle). This is why we need this function with some ifdef sauce + */ +static bool +should_use_dco_socket(struct link_socket *sock) +{ +#if defined(TARGET_LINUX) + return sock->info.dco_installed; +#else + return false; +#endif +} + /* * Input: c->c2.to_link */ @@ -1674,7 +1695,7 @@ process_outgoing_link(struct context *c) socks_preprocess_outgoing_link(c, &to_addr, &size_delta); /* Send packet */ - if (c->c2.link_socket->info.dco_installed) + if (should_use_dco_socket(c->c2.link_socket)) { size = dco_do_write(&c->c1.tuntap->dco, c->c2.tls_multi->peer_id, From patchwork Fri Aug 12 03:06:55 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 2659 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director14.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id ONbhI8FQ9mI8NAAAIUCqbw (envelope-from ) for ; Fri, 12 Aug 2022 09:08:17 -0400 Received: from proxy6.mail.ord1d.rsapps.net ([172.30.191.6]) by director14.mail.ord1d.rsapps.net with LMTP id oDmeI8FQ9mIuHgAAeJ7fFg (envelope-from ) for ; Fri, 12 Aug 2022 09:08:17 -0400 Received: from smtp40.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy6.mail.ord1d.rsapps.net with LMTPS id +DcRI8FQ9mIKNwAAQyIf0w (envelope-from ) for ; Fri, 12 Aug 2022 09:08:17 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp40.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=fail (p=none; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: d44ae51c-1a3f-11ed-8464-525400f204c2-1-1 Received: from [216.105.38.7] ([216.105.38.7:49714] helo=lists.sourceforge.net) by smtp40.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 98/37-23997-0C056F26; Fri, 12 Aug 2022 09:08:17 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1oMUNV-0000th-CN; Fri, 12 Aug 2022 13:07:05 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1oMUNP-0000sp-W0 for openvpn-devel@lists.sourceforge.net; Fri, 12 Aug 2022 13:07:00 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=AcwjARYDBg8dXAwYVx7n6OL+faR7Bm/sPtNj2YXE/1w=; b=fsouwAQByOe1elzd6tovoMhh/Z EQ36pGmDHZLlyiZWhOmk5HbFSuQVvc+Va7+ovc/TbQM7dBMK+z8/ips47FLSKdYrFinNGlcyTCvRU qHUdJdYLvt6xCba+y0vCRUgpOw+3M13OC2cddHN0StQ0zO42qJ55itB0R7xWeXEuo0lw=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=AcwjARYDBg8dXAwYVx7n6OL+faR7Bm/sPtNj2YXE/1w=; b=i/8idYUimcPpQWoaH5YcVqlkFG ITd7LHT03k3cqsdvzOy39cagO4Yb3/7Yhm36hx3+RO/GtgLEUjLgZDeRtSv8YuNfXqjDEj339qLqN Yev24ZsqqOabeb9DJZAglekNVr9b7duxqOaieGtzaGRI/H0qfGqw5FTb++oHM7fAkPOc=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1oMUN0-0002MJ-9o for openvpn-devel@lists.sourceforge.net; Fri, 12 Aug 2022 13:06:49 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Fri, 12 Aug 2022 15:06:55 +0200 Message-Id: <20220812130657.29899-9-a@unstable.cc> In-Reply-To: <20220812130657.29899-1-a@unstable.cc> References: <20220812130657.29899-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Netlink errors detected during dco availability detection are not really required and can confuse the user. Have them printed to the dco debug level. Signed-off-by: Antonio Quartulli --- src/openvpn/dco_linux.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Content analysis details: (1.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1oMUN0-0002MJ-9o Subject: [Openvpn-devel] [PATCH v100 08/10] ovpn-dco: print some netlink messages to debug level X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Netlink errors detected during dco availability detection are not really required and can confuse the user. Have them printed to the dco debug level. Signed-off-by: Antonio Quartulli Acked-by: Gert Doering --- src/openvpn/dco_linux.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c index f86ea819..9212339e 100644 --- a/src/openvpn/dco_linux.c +++ b/src/openvpn/dco_linux.c @@ -913,7 +913,7 @@ nla_put_failure: bool dco_available(int msglevel) { - if (resolve_ovpn_netlink_id(msglevel) < 0) + if (resolve_ovpn_netlink_id(D_DCO_DEBUG) < 0) { msg(msglevel, "Note: Kernel support for ovpn-dco missing, disabling data channel offload."); From patchwork Fri Aug 12 03:06:56 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 2662 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director7.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id SGKBH+FQ9mI3NQAAIUCqbw (envelope-from ) for ; Fri, 12 Aug 2022 09:08:49 -0400 Received: from proxy3.mail.ord1d.rsapps.net ([172.30.191.6]) by director7.mail.ord1d.rsapps.net with LMTP id SNptH+FQ9mKORAAAovjBpQ (envelope-from ) for ; Fri, 12 Aug 2022 09:08:49 -0400 Received: from smtp19.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy3.mail.ord1d.rsapps.net with LMTPS id cBgrH+FQ9mI5GQAA7WKfLA (envelope-from ) for ; Fri, 12 Aug 2022 09:08:49 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp19.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=fail (p=none; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: e7163f3e-1a3f-11ed-b745-525400d67fa8-1-1 Received: from [216.105.38.7] ([216.105.38.7:49856] helo=lists.sourceforge.net) by smtp19.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 24/5A-19238-0E056F26; Fri, 12 Aug 2022 09:08:48 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1oMUNV-0000tW-02; Fri, 12 Aug 2022 13:07:05 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1oMUN5-0000sY-7G for openvpn-devel@lists.sourceforge.net; Fri, 12 Aug 2022 13:06:54 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=GdObcquAz6cyvzqSlDg6Kx58OinQEEGq0GuRqXbbNCQ=; b=UfV2n2tZ07ND+VuK23AuyrSjaC sipbVXn4D1K2tgTHNOBUckdrSoDf9jRntfJlZoMX/kKeRHSVndxLVwhY0e4v80Xnx4owRPfSe6/yR FI0FH3XC4yP5QrzUyIRNkvPNZF4lfYK8xzRVKdIwp9JMvmetNoSg2+pg5FzAAhWQ6a8E=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=GdObcquAz6cyvzqSlDg6Kx58OinQEEGq0GuRqXbbNCQ=; b=UeXjRkfC2SvC3WZPiVFCMKLzAx fYyUL98Ou1iSimXezaLvFEj8n72xv+4QzDKcLosTkdBKlfSmLX79vWVZvdfhwhtz/QnTkwnuXlJ3Q TNmgrQp/JwDrJfBHw3LD4w7/JoIj06kwc3hjmN34muEERQnLzKbAcevsyRWGVnTWy5M8=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1oMUN1-00DFYu-Ci for openvpn-devel@lists.sourceforge.net; Fri, 12 Aug 2022 13:06:38 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Fri, 12 Aug 2022 15:06:56 +0200 Message-Id: <20220812130657.29899-10-a@unstable.cc> In-Reply-To: <20220812130657.29899-1-a@unstable.cc> References: <20220812130657.29899-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: renamed remote_addrX variables to vpn_addrX to make it clear that they refer to the address over the VPN/tunnel Signed-off-by: Antonio Quartulli --- src/openvpn/dco.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) Content analysis details: (1.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) X-Headers-End: 1oMUN1-00DFYu-Ci Subject: [Openvpn-devel] [PATCH v100 09/10] dco: properly name variables X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox renamed remote_addrX variables to vpn_addrX to make it clear that they refer to the address over the VPN/tunnel Signed-off-by: Antonio Quartulli --- src/openvpn/dco.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c index d330d917..2b7b742a 100644 --- a/src/openvpn/dco.c +++ b/src/openvpn/dco.c @@ -553,19 +553,20 @@ dco_multi_add_new_peer(struct multi_context *m, struct multi_instance *mi) remoteaddr = &c->c2.link_socket_info->lsa->actual.dest.addr.sa; } - struct in_addr remote_ip4 = { 0 }; - struct in6_addr *remote_addr6 = NULL; - struct in_addr *remote_addr4 = NULL; - /* In server mode we need to fetch the remote addresses from the push config */ + + struct in_addr vpn_ip4 = { 0 }; + struct in_addr *vpn_addr4 = NULL; if (c->c2.push_ifconfig_defined) { - remote_ip4.s_addr = htonl(c->c2.push_ifconfig_local); - remote_addr4 = &remote_ip4; + vpn_ip4.s_addr = htonl(c->c2.push_ifconfig_local); + vpn_addr4 = &vpn_ip4; } + + struct in6_addr *vpn_addr6 = NULL; if (c->c2.push_ifconfig_ipv6_defined) { - remote_addr6 = &c->c2.push_ifconfig_ipv6_local; + vpn_addr6 = &c->c2.push_ifconfig_ipv6_local; } if (dco_multi_get_localaddr(m, mi, &local)) @@ -574,7 +575,7 @@ dco_multi_add_new_peer(struct multi_context *m, struct multi_instance *mi) } int ret = dco_new_peer(&c->c1.tuntap->dco, peer_id, sd, localaddr, - remoteaddr, remote_addr4, remote_addr6); + remoteaddr, vpn_addr4, vpn_addr6); if (ret < 0) { return ret; From patchwork Fri Aug 12 03:06:57 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 2664 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director9.mail.ord1d.rsapps.net ([172.31.255.6]) by backend30.mail.ord1d.rsapps.net with LMTP id CCfIDTBS9mJWPgAAIUCqbw (envelope-from ) for ; Fri, 12 Aug 2022 09:14:24 -0400 Received: from proxy10.mail.iad3b.rsapps.net ([172.31.255.6]) by director9.mail.ord1d.rsapps.net with LMTP id OCGeDTBS9mK2fQAAalYnBA (envelope-from ) for ; Fri, 12 Aug 2022 09:14:24 -0400 Received: from smtp38.gate.iad3b ([172.31.255.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy10.mail.iad3b.rsapps.net with LMTPS id gD84CDBS9mJ3FAAA/F5p9A (envelope-from ) for ; Fri, 12 Aug 2022 09:14:24 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp38.gate.iad3b.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=fail (p=none; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: aea35a64-1a40-11ed-acbe-5254006f0979-1-1 Received: from [216.105.38.7] ([216.105.38.7:35836] helo=lists.sourceforge.net) by smtp38.gate.iad3b.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 5D/27-30867-F2256F26; Fri, 12 Aug 2022 09:14:23 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1oMUTA-00015l-Ov; Fri, 12 Aug 2022 13:12:56 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1oMUT1-00015Y-Cc for openvpn-devel@lists.sourceforge.net; Fri, 12 Aug 2022 13:12:47 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=jO+Y1PpakNrrF4GC63uLbtsLi8OPjGGLCZbfxlstW3w=; b=X+lc2KoqTVdLlPdQlLIKu2rO+w ajlpTLOHJEtT6uqsP7h51D3/nHPdC1Q9a0dWgEHv3u86btFf8oRbcXj78hJHZCd3doibOf1Zb+QjH t/s5jaEPUDhOuTpsCm7CFOOD4Vvjpf9B215J1EhFYKig+uQLOVrkf4cJkfXuPvhAsK1A=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=jO+Y1PpakNrrF4GC63uLbtsLi8OPjGGLCZbfxlstW3w=; b=NIFQGllpjkD+vMXWyBQpD15a+i 2sYCtYy2KfOtz11qM+AN6XaUL9buJNFeAcuG+bKkYlDsW7a0G9UtmNJYYQlJTAiV0M21j8mPy/UUp SILZUgW976GpG0FjOKA5Pd8bp8F/FhYJD/kZahotw+l5z8bhSGJR9cJ4QmbHsI1KkDbY=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1oMUT0-0003W3-IO for openvpn-devel@lists.sourceforge.net; Fri, 12 Aug 2022 13:12:47 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Fri, 12 Aug 2022 15:06:57 +0200 Message-Id: <20220812130657.29899-11-a@unstable.cc> In-Reply-To: <20220812130657.29899-1-a@unstable.cc> References: <20220812130657.29899-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This message is purely a debug message, so it should go to the appropriate log level. At the same time make it more clear. Signed-off-by: Antonio Quartulli --- src/openvpn/dco_linux.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) Content analysis details: (1.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1oMUT0-0003W3-IO Subject: [Openvpn-devel] [PATCH v100 10/10] dco: move message to DCO debug level and reword a bit X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This message is purely a debug message, so it should go to the appropriate log level. At the same time make it more clear. Signed-off-by: Antonio Quartulli Acked-by: Gert Doering --- src/openvpn/dco_linux.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c index 9212339e..98e10507 100644 --- a/src/openvpn/dco_linux.c +++ b/src/openvpn/dco_linux.c @@ -760,7 +760,8 @@ ovpn_handle_msg(struct nl_msg *msg, void *arg) uint32_t ifindex = nla_get_u32(attrs[OVPN_ATTR_IFINDEX]); if (ifindex != dco->ifindex) { - msg(D_DCO, "ovpn-dco: received message type %d with mismatched ifindex %d\n", + msg(D_DCO_DEBUG, + "ovpn-dco: ignoring message (type=%d) for foreign ifindex %d", gnlh->cmd, ifindex); return NL_SKIP; }