Agree.  This is the first thought I had when I heard about "you must
> have privileges to access wintun" - just use our existing privilege
> handling mechanism.  I have no idea how to actually *do* that (= pass
> a handle to wintun over our service pipe), but I'm all willing to
> review and test :-)

Seems that we have a consensus here.

> I wonder if we couldn't do this with tap-windows6 as well - read/write
> multiple packets at once.  The driver should handle this - from what
> I saw when reading patches "all is done using NBL lists"...

Not sure what is missing in OpenVPN 2.x to do multi-packet read/write,
> not sure if there is anything missing in the tap6-driver.

We would have to modify tap-windows6 to write multiple packets
to userspace with some encapsulation. Maybe Wintun / tap-windows6
could employ scatter / gather IO and return list of per-packet buffers.

Is Steffan's code available somewhere? On openvpn2 we would need a list of
link write buffers. WSASend / WSASendTo methods, which we use to write to
link on Windows,
already support multiple buffers (but we do not use that feature):

        WSABUF wsabuf[1];

        wsabuf[0].buf = BPTR(&sock->writes.buf);
        wsabuf[0].len = BLEN(&sock->writes.buf);

        status = WSASendTo(
                1,             // The number of WSABUF structures in the
lpBuffers array.

What does OpenVPN 3 do on Windows?

Basically the same what openvpn2 does - processes IP packets one by one.
I'll try this approach
on openvpn3/wintun first to see what happens.

Openvpn-devel mailing list

Reply via email to