Hi,

Agree.  This is the first thought I had when I heard about "you must
> have privileges to access wintun" - just use our existing privilege
> handling mechanism.  I have no idea how to actually *do* that (= pass
> a handle to wintun over our service pipe), but I'm all willing to
> review and test :-)
>

Seems that we have a consensus here.


> I wonder if we couldn't do this with tap-windows6 as well - read/write
> multiple packets at once.  The driver should handle this - from what
> I saw when reading patches "all is done using NBL lists"...
>

Not sure what is missing in OpenVPN 2.x to do multi-packet read/write,
> not sure if there is anything missing in the tap6-driver.
>

We would have to modify tap-windows6 to write multiple packets
to userspace with some encapsulation. Maybe Wintun / tap-windows6
could employ scatter / gather IO and return list of per-packet buffers.

Is Steffan's code available somewhere? On openvpn2 we would need a list of
link write buffers. WSASend / WSASendTo methods, which we use to write to
link on Windows,
already support multiple buffers (but we do not use that feature):

        WSABUF wsabuf[1];

        wsabuf[0].buf = BPTR(&sock->writes.buf);
        wsabuf[0].len = BLEN(&sock->writes.buf);

        status = WSASendTo(
                sock->sd,
                wsabuf,
                1,             // The number of WSABUF structures in the
lpBuffers array.


What does OpenVPN 3 do on Windows?
>


Basically the same what openvpn2 does - processes IP packets one by one.
I'll try this approach
on openvpn3/wintun first to see what happens.

-- 
-Lev
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to