[Openvpn-devel] using arm64 on travis ?
hello, https://docs.travis-ci.com/user/multi-cpu-architectures we can switch some builds to arm64. any suggestions ? Cheers, Ilya Shipitsin ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH applied] Re: is_ipv_X: add support for parsing IP header inside a 802.1q frame
Acked-by: Gert Doering Stared at code, and ran the full t_client/t_server test suite, but mostly for completeness. Since we do not have tagged packets yet (with the appropriate ether type), this code does not change anything. Again, only TAP code paths are touched. Your patch has been applied to the master branch. commit def3f32d216d16c3bf5a203a2162256203686a34 Author: Antonio Quartulli Date: Wed Oct 9 16:34:18 2019 +0200 is_ipv_X: add support for parsing IP header inside a 802.1q frame Signed-off-by: Fabian Knittel Signed-off-by: Antonio Quartulli Acked-by: Gert Doering Message-Id: <20191009143422.9419-...@unstable.cc> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18916.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH applied] Re: VLAN: add basic VLAN tagging support
Hi, It's lots of text that is totally uninteresting if it succeeds, but that > you need to scroll over when looking for the reason why a build fails - > which is the reason why it is the way it is today. > I have sent v2 which doesn't change the behavior for non-Windows builds. If you volunteer to update MSVC every time we add or change a source file, > I'm happy to send you a HEADS UP notice. But I am not doing it, and I will > not request it from any contributor who is not using windows. > All right, that would work for me. We don't add C files that often, I could take care of fixing Visual Studio build after getting a mail from travis / buildbot (when we'll have MSVC there). v2: https://patchwork.openvpn.net/patch/886/ happy travis: https://travis-ci.org/lstipakov/openvpn/builds/608949725 -- -Lev ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH v2] travis: add Visual Studio build
From: Lev Stipakov Signed-off-by: Lev Stipakov --- v2; do not unconditionally print dependencies build output for non-Windows builds .travis.yml | 9 - .travis/build-check.sh| 5 + .travis/build-deps.sh | 9 + .travis/run-build-deps.sh | 10 ++ 4 files changed, 32 insertions(+), 1 deletion(-) create mode 100755 .travis/run-build-deps.sh diff --git a/.travis.yml b/.travis.yml index 2d07cdc..61be17c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -24,6 +24,13 @@ env: matrix: include: +- env: + - SSLLIB="openssl" + - OPENSSL_VERSION="1.1.1d" + - P7Z="c:\Program Files\7-Zip\7z.exe" + - CC="cl" + os: windows + compiler: cl - env: SSLLIB="openssl" RUN_COVERITY="1" os: linux compiler: gcc @@ -89,7 +96,7 @@ cache: install: - if [ ! -z "${CHOST}" ]; then unset CC; fi - - .travis/build-deps.sh > build-deps.log 2>&1 || (cat build-deps.log && exit 1) + - .travis/run-build-deps.sh before_script: - .travis/coverity.sh diff --git a/.travis/build-check.sh b/.travis/build-check.sh index 74f3ae1..d2d2e8a 100755 --- a/.travis/build-check.sh +++ b/.travis/build-check.sh @@ -1,6 +1,11 @@ #!/bin/sh set -eux +if [ "${TRAVIS_OS_NAME}" = "windows" ]; then + PATH="/c/Program Files (x86)/Microsoft Visual Studio/2017/BuildTools/MSBuild/15.0/Bin/":$PATH + MSBuild.exe openvpn.sln //p:Platform=x64 && exit 0 +fi + if [ "${TRAVIS_OS_NAME}" = "linux" ]; then export LD_LIBRARY_PATH="${PREFIX}/lib:${LD_LIBRARY_PATH:-}" fi diff --git a/.travis/build-deps.sh b/.travis/build-deps.sh index 391b35e..724ff30 100755 --- a/.travis/build-deps.sh +++ b/.travis/build-deps.sh @@ -1,6 +1,15 @@ #!/bin/sh set -eux +if [ "${TRAVIS_OS_NAME}" = "windows" ]; then +choco install strawberryperl nasm +cd .. +git clone https://github.com/openvpn/openvpn-build.git +cd openvpn-build +PATH="/c/Strawberry/perl/bin:":$PATH MODE=DEPS msvc/build.bat +exit 0 +fi + # Set defaults PREFIX="${PREFIX:-${HOME}/opt}" diff --git a/.travis/run-build-deps.sh b/.travis/run-build-deps.sh new file mode 100755 index 000..b8eb41c --- /dev/null +++ b/.travis/run-build-deps.sh @@ -0,0 +1,10 @@ +#!/bin/sh +set -eux + +if [ "${TRAVIS_OS_NAME}" = "windows" ]; then +# for windows we need to print output since openssl build +# might take more than 10 minutes, which causes build abort +.travis/build-deps.sh +else +.travis/build-deps.sh > build-deps.log 2>&1 || (cat build-deps.log && exit 1) +fi -- 2.7.4 ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH applied] Re: VLAN: filter multicast and client-to-client unicast traffic
Acked-by: Gert Doering Your patch has been applied to the master branch. Stared at the code, did quite a bit of testing, found interesting effects. What this patch does is "client-to-client isolation according to pvid" (so if you have clients with "vlan-pvid 200" in their ccd/ file, and other clients with "vlan-pvid 207", only those with the same ID can talk to each other). This is as desired. What it also does is completely break TAP-to-client communication if "--vlan-tagging" is enabled - broadcasts ("...incoming_tun()") are broadcasted everywhere, but unicast packets are never delivered as they are looked up with a dst PVID of "0" while the "...incoming_link()" part has learned then with the correct per-client pvid (defaulting to "@1"). The necessary adjustments for this are coming in a later patch in the series, but it makes testing individual bits a bit more complex (I hacked multi.c to use a non-0 server pvid and that made tap<->client work again, so the basics are sound). If --vlan-tagging is disabled, all tests pass. So this is not breaking existing functionality, just not adding all required new bits yet. (And it's not touching any non-TAP code paths anyway) commit 1c57ea76a256330314d53999bce3e09644b420f9 Author: Antonio Quartulli Date: Wed Oct 9 16:34:17 2019 +0200 VLAN: filter multicast and client-to-client unicast traffic Signed-off-by: Fabian Knittel Signed-off-by: Antonio Quartulli Acked-by: Gert Doering Message-Id: <20191009143422.9419-...@unstable.cc> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18922.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH v2 1/7] Visual Studio: upgrade project files to VS2019
Last version of openvpn for xp/Vista is 2.3, so dropping support for it in the build system is a no brainer to me. JM2CW, JJK Gert Doering wrote: >Hi, > >On Thu, Nov 07, 2019 at 07:28:36PM +0100, Lev Stipakov wrote: >> With VS2019 you cannot build for XP, you would need to install build tools >> from VS2017 for that. >> >> On the other hand, we do not build releases with VS, so it should not be an >> issue. > >Not sure right now about 2.4, but for master/2.5, we dropped support for >XP/Vista long ago. > >So "not being able to build for XP" would not be a problem. > >gert >-- >"If was one thing all people took for granted, was conviction that if you > feed honest figures into a computer, honest figures come out. Never doubted > it myself till I met a computer with a sense of humor." > Robert A. Heinlein, The Moon is a Harsh Mistress > >Gert Doering - Munich, Germany g...@greenie.muc.de > >___ >Openvpn-devel mailing list >Openvpn-devel@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/openvpn-devel ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH v2 1/7] Visual Studio: upgrade project files to VS2019
Hi, On Thu, Nov 07, 2019 at 07:28:36PM +0100, Lev Stipakov wrote: > With VS2019 you cannot build for XP, you would need to install build tools > from VS2017 for that. > > On the other hand, we do not build releases with VS, so it should not be an > issue. Not sure right now about 2.4, but for master/2.5, we dropped support for XP/Vista long ago. So "not being able to build for XP" would not be a problem. gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH v2 1/7] Visual Studio: upgrade project files to VS2019
With VS2019 you cannot build for XP, you would need to install build tools from VS2017 for that. On the other hand, we do not build releases with VS, so it should not be an issue. to 7. marrask. 2019 klo 18.52 Илья Шипицин kirjoitti: > > > чт, 7 нояб. 2019 г. в 22:49, Lev Stipakov : > >> From: Lev Stipakov >> >> Signed-off-by: Lev Stipakov >> --- >> src/compat/compat.vcxproj | 12 ++-- >> src/openvpn/openvpn.vcxproj | 12 ++-- >> src/openvpnmsica/openvpnmsica.vcxproj | 14 +++--- >> src/openvpnserv/openvpnserv.vcxproj | 12 ++-- >> src/tapctl/tapctl.vcxproj | 14 +++--- >> 5 files changed, 32 insertions(+), 32 deletions(-) >> >> diff --git a/src/compat/compat.vcxproj b/src/compat/compat.vcxproj >> index 111dacd..e388008 100644 >> --- a/src/compat/compat.vcxproj >> +++ b/src/compat/compat.vcxproj >> @@ -22,30 +22,30 @@ >> {4B2E2719-E661-45D7-9203-F6F456B22F19} >> compat >> Win32Proj >> - >> 10.0.17134.0 >> +10.0 >> >> >>> Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" >> Label="Configuration"> >> StaticLibrary >> MultiByte >> true >> -v141 >> +v142 >> >>> Condition="'$(Configuration)|$(Platform)'=='Release|x64'" >> Label="Configuration"> >> StaticLibrary >> MultiByte >> true >> -v141 >> +v142 >> > > > does it limit target platform ? > can we build for Vista ? XP ? 7 ? does this setting affect that ? > > > >> >>> Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" >> Label="Configuration"> >> StaticLibrary >> MultiByte >> -v141 >> +v142 >> >>> Label="Configuration"> >> StaticLibrary >> MultiByte >> -v141 >> +v142 >> >> >> >> @@ -115,4 +115,4 @@ >> >> >> >> - >> + >> \ No newline at end of file >> diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj >> index 42b..e77f026 100644 >> --- a/src/openvpn/openvpn.vcxproj >> +++ b/src/openvpn/openvpn.vcxproj >> @@ -22,30 +22,30 @@ >> {29DF226E-4D4E-440F-ADAF-5829CFD4CA94} >> openvpn >> Win32Proj >> - >> 10.0.17134.0 >> +10.0 >> >> >>> Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" >> Label="Configuration"> >> Application >> true >> Unicode >> -v141 >> +v142 >> >>> Condition="'$(Configuration)|$(Platform)'=='Release|x64'" >> Label="Configuration"> >> Application >> true >> Unicode >> -v141 >> +v142 >> >>> Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" >> Label="Configuration"> >> Application >> Unicode >> -v141 >> +v142 >> >>> Label="Configuration"> >> Application >> Unicode >> -v141 >> +v142 >> >> >> >> @@ -301,4 +301,4 @@ >> >> >> >> - >> + >> \ No newline at end of file >> diff --git a/src/openvpnmsica/openvpnmsica.vcxproj >> b/src/openvpnmsica/openvpnmsica.vcxproj >> index 5f1d699..afa4fae 100644 >> --- a/src/openvpnmsica/openvpnmsica.vcxproj >> +++ b/src/openvpnmsica/openvpnmsica.vcxproj >> @@ -31,32 +31,32 @@ >> {D41AA9D6-B818-476E-992E-0E16EB86BEE2} >> Win32Proj >> openvpnmsica >> - >> 10.0.17134.0 >> +10.0 >> >> >>> Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" >> Label="Configuration"> >> DynamicLibrary >> true >> -v141 >> +v142 >> Unicode >> true >> >>> Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" >> Label="Configuration"> >> DynamicLibrary >> true >> -v141 >> +v142 >> Unicode >> >>> Label="Configuration"> >> DynamicLibrary >> true >> -v141 >> +v142 >> Unicode >> >>> Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" >> Label="Configuration"> >> DynamicLibrary >> false >> -v141 >> +v142 >> true >> Unicode >> true >> @@ -64,14 +64,14 @@ >>> Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" >> Label="Configuration"> >> DynamicLibrary >> false >> -v141 >> +v142 >> true >> Unicode >> >>> Condition="'$(Configuration)|$(Platform)'=='Release|x64'" >> Label="Configuration"> >> DynamicLibrary >> false >> -v141 >> +v142 >> true >> Unicode >> >> diff --git a/src/openvpnserv/openvpnserv.vcxproj >> b/src/openvpnserv/openvpnserv.vcxproj >> index 7407757..7061b7b 100644 >> --- a/src/openvpnserv/openvpnserv.vcxproj >> +++ b/src/openvpnserv/openvpnserv.vcxproj >> @@ -22,30 +22,30 @@ >> {9C91EE0B-817D-420A-A1E6-15A5A9D98BAD} >> openvpnserv >> Win32Proj >> - >> 10.0.17134.0 >> +10.0 >> >> >>> Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" >> Label="Configuration"> >> Application >> Unicode >> true >> -v141 >> +v142 >> >>>
Re: [Openvpn-devel] [PATCH v2 1/7] Visual Studio: upgrade project files to VS2019
чт, 7 нояб. 2019 г. в 22:49, Lev Stipakov : > From: Lev Stipakov > > Signed-off-by: Lev Stipakov > --- > src/compat/compat.vcxproj | 12 ++-- > src/openvpn/openvpn.vcxproj | 12 ++-- > src/openvpnmsica/openvpnmsica.vcxproj | 14 +++--- > src/openvpnserv/openvpnserv.vcxproj | 12 ++-- > src/tapctl/tapctl.vcxproj | 14 +++--- > 5 files changed, 32 insertions(+), 32 deletions(-) > > diff --git a/src/compat/compat.vcxproj b/src/compat/compat.vcxproj > index 111dacd..e388008 100644 > --- a/src/compat/compat.vcxproj > +++ b/src/compat/compat.vcxproj > @@ -22,30 +22,30 @@ > {4B2E2719-E661-45D7-9203-F6F456B22F19} > compat > Win32Proj > - > 10.0.17134.0 > +10.0 > > > Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" > Label="Configuration"> > StaticLibrary > MultiByte > true > -v141 > +v142 > > Condition="'$(Configuration)|$(Platform)'=='Release|x64'" > Label="Configuration"> > StaticLibrary > MultiByte > true > -v141 > +v142 > does it limit target platform ? can we build for Vista ? XP ? 7 ? does this setting affect that ? > > Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" > Label="Configuration"> > StaticLibrary > MultiByte > -v141 > +v142 > > Label="Configuration"> > StaticLibrary > MultiByte > -v141 > +v142 > > > > @@ -115,4 +115,4 @@ > > > > - > + > \ No newline at end of file > diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj > index 42b..e77f026 100644 > --- a/src/openvpn/openvpn.vcxproj > +++ b/src/openvpn/openvpn.vcxproj > @@ -22,30 +22,30 @@ > {29DF226E-4D4E-440F-ADAF-5829CFD4CA94} > openvpn > Win32Proj > - > 10.0.17134.0 > +10.0 > > > Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" > Label="Configuration"> > Application > true > Unicode > -v141 > +v142 > > Condition="'$(Configuration)|$(Platform)'=='Release|x64'" > Label="Configuration"> > Application > true > Unicode > -v141 > +v142 > > Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" > Label="Configuration"> > Application > Unicode > -v141 > +v142 > > Label="Configuration"> > Application > Unicode > -v141 > +v142 > > > > @@ -301,4 +301,4 @@ > > > > - > + > \ No newline at end of file > diff --git a/src/openvpnmsica/openvpnmsica.vcxproj > b/src/openvpnmsica/openvpnmsica.vcxproj > index 5f1d699..afa4fae 100644 > --- a/src/openvpnmsica/openvpnmsica.vcxproj > +++ b/src/openvpnmsica/openvpnmsica.vcxproj > @@ -31,32 +31,32 @@ > {D41AA9D6-B818-476E-992E-0E16EB86BEE2} > Win32Proj > openvpnmsica > - > 10.0.17134.0 > +10.0 > > > Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" > Label="Configuration"> > DynamicLibrary > true > -v141 > +v142 > Unicode > true > > Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" > Label="Configuration"> > DynamicLibrary > true > -v141 > +v142 > Unicode > > Label="Configuration"> > DynamicLibrary > true > -v141 > +v142 > Unicode > > Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" > Label="Configuration"> > DynamicLibrary > false > -v141 > +v142 > true > Unicode > true > @@ -64,14 +64,14 @@ > Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" > Label="Configuration"> > DynamicLibrary > false > -v141 > +v142 > true > Unicode > > Condition="'$(Configuration)|$(Platform)'=='Release|x64'" > Label="Configuration"> > DynamicLibrary > false > -v141 > +v142 > true > Unicode > > diff --git a/src/openvpnserv/openvpnserv.vcxproj > b/src/openvpnserv/openvpnserv.vcxproj > index 7407757..7061b7b 100644 > --- a/src/openvpnserv/openvpnserv.vcxproj > +++ b/src/openvpnserv/openvpnserv.vcxproj > @@ -22,30 +22,30 @@ > {9C91EE0B-817D-420A-A1E6-15A5A9D98BAD} > openvpnserv > Win32Proj > - > 10.0.17134.0 > +10.0 > > > Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" > Label="Configuration"> > Application > Unicode > true > -v141 > +v142 > > Condition="'$(Configuration)|$(Platform)'=='Release|x64'" > Label="Configuration"> > Application > Unicode > true > -v141 > +v142 > > Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" > Label="Configuration"> > Application > Unicode > -v141 > +v142 > > Label="Configuration"> > Application > Unicode > -v141 > +v142 > > > > @@ -139,4 +139,4 @@ > > > > - > + > \ No newline at end of file > diff --git
[Openvpn-devel] [PATCH v2 7/7] wintun: clear adapter settings on tun close
From: Lev Stipakov With tap-windows6 we clear adapter settings with DHCP, but since wintun doesn't do DHCP we do it with netsh. Signed-off-by: Lev Stipakov --- src/openvpn/tun.c | 79 +++ 1 file changed, 50 insertions(+), 29 deletions(-) diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index c3ea4a8..9bdd707 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -6369,6 +6369,50 @@ tun_show_debug(struct tuntap *tt) } } +static void +netsh_delete_address_dns(const struct tuntap *tt, bool ipv6, struct gc_arena *gc) +{ +const char* ifconfig_ip_local; +struct argv argv = argv_new(); + +/* "store=active" is needed in Windows 8(.1) to delete the + * address we added (pointed out by Cedric Tabary). + */ + + /* netsh interface ipvX delete address \"%s\" %s */ +if (ipv6) +{ +ifconfig_ip_local = print_in6_addr(tt->local_ipv6, 0, gc); +} +else +{ +ifconfig_ip_local = print_in_addr_t(tt->local, 0, gc); +} +argv_printf(, +"%s%sc interface %s delete address %s %s store=active", +get_win_sys_path(), +NETSH_PATH_SUFFIX, +ipv6 ? "ipv6" : "ipv4", +tt->actual_name, +ifconfig_ip_local); + +netsh_command(, 1, M_WARN); + +/* delete ipvX dns servers if any were set */ +int len = ipv6 ? tt->options.dns6_len : tt->options.dns_len; +if (len > 0) +{ +argv_printf(, +"%s%sc interface %s delete dns %s all", +get_win_sys_path(), +NETSH_PATH_SUFFIX, +ipv6 ? "ipv6" : "ipv4", +tt->actual_name); +netsh_command(, 1, M_WARN); +} +argv_reset(); +} + void close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx) { @@ -6391,35 +6435,7 @@ close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx) } else { -const char *ifconfig_ipv6_local; -struct argv argv = argv_new(); - -/* "store=active" is needed in Windows 8(.1) to delete the - * address we added (pointed out by Cedric Tabary). - */ - -/* netsh interface ipv6 delete address \"%s\" %s */ -ifconfig_ipv6_local = print_in6_addr(tt->local_ipv6, 0, ); -argv_printf(, -"%s%sc interface ipv6 delete address %s %s store=active", -get_win_sys_path(), -NETSH_PATH_SUFFIX, -tt->actual_name, -ifconfig_ipv6_local); - -netsh_command(, 1, M_WARN); - -/* delete ipv6 dns servers if any were set */ -if (tt->options.dns6_len > 0) -{ -argv_printf(, -"%s%sc interface ipv6 delete dns %s all", -get_win_sys_path(), -NETSH_PATH_SUFFIX, -tt->actual_name); -netsh_command(, 1, M_WARN); -} -argv_reset(); +netsh_delete_address_dns(tt, true, ); } } #if 1 @@ -6441,6 +6457,11 @@ close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx) strerror_win32(status, )); } } +else +if (tt->wintun) +{ +netsh_delete_address_dns(tt, false, ); +} #endif dhcp_release(tt); -- 2.7.4 ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH v2 3/7] wintun: implement opening wintun device
From: Lev Stipakov To open wintun device, we cannot use "\\.\Global\Wintun" path as before. To get device path which we supply to CreateFile, we have to use SetupAPI to: - enumerate network adapters with "wintun" as component id - for each adapter save its guid - open device information set - for each item in set - open corresponding registry key to get net_cfg_instance_id - get symbolic link name of device interface by instance id - path will be symbolic link name of device instance matched with adapter's guid See https://github.com/OpenVPN/openvpn3/blob/master/openvpn/tun/win/tunutil.hpp and https://github.com/WireGuard/wireguard-go/blob/master/tun/wintun/wintun_windows.go for implementation examples. Signed-off-by: Lev Stipakov --- src/openvpn/Makefile.am | 2 +- src/openvpn/openvpn.vcxproj | 6 +- src/openvpn/tun.c | 244 +--- src/openvpn/tun.h | 14 +++ 4 files changed, 223 insertions(+), 43 deletions(-) diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am index fbb86ad..a091ffc 100644 --- a/src/openvpn/Makefile.am +++ b/src/openvpn/Makefile.am @@ -139,5 +139,5 @@ openvpn_LDADD = \ $(OPTIONAL_DL_LIBS) if WIN32 openvpn_SOURCES += openvpn_win32_resources.rc block_dns.c block_dns.h -openvpn_LDADD += -lgdi32 -lws2_32 -lwininet -lcrypt32 -liphlpapi -lwinmm -lfwpuclnt -lrpcrt4 -lncrypt +openvpn_LDADD += -lgdi32 -lws2_32 -lwininet -lcrypt32 -liphlpapi -lwinmm -lfwpuclnt -lrpcrt4 -lncrypt -lsetupapi endif diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj index e77f026..9ffef9f 100644 --- a/src/openvpn/openvpn.vcxproj +++ b/src/openvpn/openvpn.vcxproj @@ -91,7 +91,7 @@ - legacy_stdio_definitions.lib;Ncrypt.lib;libssl.lib;libcrypto.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;%(AdditionalDependencies) + legacy_stdio_definitions.lib;Ncrypt.lib;libssl.lib;libcrypto.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;%(AdditionalDependencies) $(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories) Console @@ -117,7 +117,7 @@ - legacy_stdio_definitions.lib;Ncrypt.lib;libssl.lib;libcrypto.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;%(AdditionalDependencies) + legacy_stdio_definitions.lib;Ncrypt.lib;libssl.lib;libcrypto.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;%(AdditionalDependencies) $(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories) Console @@ -301,4 +301,4 @@ - \ No newline at end of file + diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index ce23eb6..37bf065 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -58,6 +58,9 @@ #ifdef _WIN32 +const static GUID GUID_DEVCLASS_NET = { 0x4d36e972L, 0xe325, 0x11ce, { 0xbf, 0xc1, 0x08, 0x00, 0x2b, 0xe1, 0x03, 0x18 } }; +const static GUID GUID_DEVINTERFACE_NET = { 0xcac88484, 0x7515, 0x4c03, { 0x82, 0xe6, 0x71, 0xa8, 0x7a, 0xba, 0xc3, 0x61 } }; + /* #define SIMULATE_DHCP_FAILED */ /* simulate bad DHCP negotiation */ #define NI_TEST_FIRST (1<<0) @@ -3444,7 +3447,123 @@ tun_finalize( return ret; } -const struct tap_reg * +static const struct device_instance_id_interface * +get_device_instance_id_interface(struct gc_arena* gc) +{ +HDEVINFO dev_info_set; +DWORD err; +struct device_instance_id_interface *first = NULL; +struct device_instance_id_interface *last = NULL; + +dev_info_set = SetupDiGetClassDevsEx(_DEVCLASS_NET, NULL, NULL, DIGCF_PRESENT, NULL, NULL, NULL); +if (dev_info_set == INVALID_HANDLE_VALUE) +{ +err = GetLastError(); +msg(M_FATAL, "Error [%u] opening device information set key: %s", (unsigned int)err, strerror_win32(err, gc)); +} + +for (DWORD i = 0;; ++i) +{ +SP_DEVINFO_DATA device_info_data; +BOOL res; +HKEY dev_key; +char net_cfg_instance_id_string[] = "NetCfgInstanceId"; +char net_cfg_instance_id[256]; +char device_instance_id[256]; +DWORD len; +DWORD data_type; +LONG status; +ULONG dev_interface_list_size; +CONFIGRET cr; +struct buffer dev_interface_list; + +ZeroMemory(_info_data, sizeof(SP_DEVINFO_DATA)); +device_info_data.cbSize = sizeof(SP_DEVINFO_DATA); +res = SetupDiEnumDeviceInfo(dev_info_set, i, _info_data); +if (!res) +{ +if (GetLastError() == ERROR_NO_MORE_ITEMS) +{ +break; +} +else +{ +
[Openvpn-devel] [PATCH v2 5/7] wintun: interactive service support
From: Lev Stipakov Wintun requires ring buffers registration to be performed by privileged process. In order to use openvpn with wintun by non-Administrator, we need to use interactive service and shared memory to register buffers. Openvpn process creates memory mapping object and event for send and receive ring and passes handles to interactive service. There handles are duplicated and memory mapped object is mapped into the address space of service process. Then address of mapped view and event handle is passed to wintun kernel driver. After interactive service preformed registration, openvpn process maps memory mapped object into own address space. Thus mapped views in openvpn and service process represent the same memory region. Signed-off-by: Lev Stipakov --- include/openvpn-msg.h | 10 ++ src/openvpn/Makefile.am | 2 +- src/openvpn/openvpn.vcxproj | 2 + src/openvpn/openvpn.vcxproj.filters | 8 +- src/openvpn/ring_buffer.c | 54 +++ src/openvpn/ring_buffer.h | 79 src/openvpn/tun.c | 89 +++--- src/openvpn/tun.h | 3 + src/openvpn/win32.c | 25 - src/openvpn/win32.h | 43 - src/openvpnserv/Makefile.am | 3 +- src/openvpnserv/interactive.c | 141 ++-- src/openvpnserv/openvpnserv.vcxproj | 2 + src/openvpnserv/openvpnserv.vcxproj.filters | 6 ++ 14 files changed, 375 insertions(+), 92 deletions(-) create mode 100644 src/openvpn/ring_buffer.c create mode 100644 src/openvpn/ring_buffer.h diff --git a/include/openvpn-msg.h b/include/openvpn-msg.h index 66177a2..3ed6206 100644 --- a/include/openvpn-msg.h +++ b/include/openvpn-msg.h @@ -39,6 +39,7 @@ typedef enum { msg_del_block_dns, msg_register_dns, msg_enable_dhcp, +msg_register_ring_buffers } message_type_t; typedef struct { @@ -117,4 +118,13 @@ typedef struct { interface_t iface; } enable_dhcp_message_t; +typedef struct { +message_header_t header; +HANDLE device; +HANDLE send_ring_handle; +HANDLE receive_ring_handle; +HANDLE send_tail_moved; +HANDLE receive_tail_moved; +} register_ring_buffers_message_t; + #endif /* ifndef OPENVPN_MSG_H_ */ diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am index a091ffc..d1bb99c 100644 --- a/src/openvpn/Makefile.am +++ b/src/openvpn/Makefile.am @@ -138,6 +138,6 @@ openvpn_LDADD = \ $(OPTIONAL_SYSTEMD_LIBS) \ $(OPTIONAL_DL_LIBS) if WIN32 -openvpn_SOURCES += openvpn_win32_resources.rc block_dns.c block_dns.h +openvpn_SOURCES += openvpn_win32_resources.rc block_dns.c block_dns.h ring_buffer.c ring_buffer.h openvpn_LDADD += -lgdi32 -lws2_32 -lwininet -lcrypt32 -liphlpapi -lwinmm -lfwpuclnt -lrpcrt4 -lncrypt -lsetupapi endif diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj index 9ffef9f..61e634e 100644 --- a/src/openvpn/openvpn.vcxproj +++ b/src/openvpn/openvpn.vcxproj @@ -181,6 +181,7 @@ + @@ -264,6 +265,7 @@ + diff --git a/src/openvpn/openvpn.vcxproj.filters b/src/openvpn/openvpn.vcxproj.filters index e6068af..8f1b9e0 100644 --- a/src/openvpn/openvpn.vcxproj.filters +++ b/src/openvpn/openvpn.vcxproj.filters @@ -237,6 +237,9 @@ Source Files + + Source Files + @@ -494,10 +497,13 @@ Header Files + + Header Files + Resource Files - \ No newline at end of file + diff --git a/src/openvpn/ring_buffer.c b/src/openvpn/ring_buffer.c new file mode 100644 index 000..482e333 --- /dev/null +++ b/src/openvpn/ring_buffer.c @@ -0,0 +1,54 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2002-2019 OpenVPN Inc + *2019 Lev Stipakov + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include
[Openvpn-devel] [PATCH v2 1/7] Visual Studio: upgrade project files to VS2019
From: Lev Stipakov Signed-off-by: Lev Stipakov --- src/compat/compat.vcxproj | 12 ++-- src/openvpn/openvpn.vcxproj | 12 ++-- src/openvpnmsica/openvpnmsica.vcxproj | 14 +++--- src/openvpnserv/openvpnserv.vcxproj | 12 ++-- src/tapctl/tapctl.vcxproj | 14 +++--- 5 files changed, 32 insertions(+), 32 deletions(-) diff --git a/src/compat/compat.vcxproj b/src/compat/compat.vcxproj index 111dacd..e388008 100644 --- a/src/compat/compat.vcxproj +++ b/src/compat/compat.vcxproj @@ -22,30 +22,30 @@ {4B2E2719-E661-45D7-9203-F6F456B22F19} compat Win32Proj -10.0.17134.0 +10.0 StaticLibrary MultiByte true -v141 +v142 StaticLibrary MultiByte true -v141 +v142 StaticLibrary MultiByte -v141 +v142 StaticLibrary MultiByte -v141 +v142 @@ -115,4 +115,4 @@ - + \ No newline at end of file diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj index 42b..e77f026 100644 --- a/src/openvpn/openvpn.vcxproj +++ b/src/openvpn/openvpn.vcxproj @@ -22,30 +22,30 @@ {29DF226E-4D4E-440F-ADAF-5829CFD4CA94} openvpn Win32Proj -10.0.17134.0 +10.0 Application true Unicode -v141 +v142 Application true Unicode -v141 +v142 Application Unicode -v141 +v142 Application Unicode -v141 +v142 @@ -301,4 +301,4 @@ - + \ No newline at end of file diff --git a/src/openvpnmsica/openvpnmsica.vcxproj b/src/openvpnmsica/openvpnmsica.vcxproj index 5f1d699..afa4fae 100644 --- a/src/openvpnmsica/openvpnmsica.vcxproj +++ b/src/openvpnmsica/openvpnmsica.vcxproj @@ -31,32 +31,32 @@ {D41AA9D6-B818-476E-992E-0E16EB86BEE2} Win32Proj openvpnmsica -10.0.17134.0 +10.0 DynamicLibrary true -v141 +v142 Unicode true DynamicLibrary true -v141 +v142 Unicode DynamicLibrary true -v141 +v142 Unicode DynamicLibrary false -v141 +v142 true Unicode true @@ -64,14 +64,14 @@ DynamicLibrary false -v141 +v142 true Unicode DynamicLibrary false -v141 +v142 true Unicode diff --git a/src/openvpnserv/openvpnserv.vcxproj b/src/openvpnserv/openvpnserv.vcxproj index 7407757..7061b7b 100644 --- a/src/openvpnserv/openvpnserv.vcxproj +++ b/src/openvpnserv/openvpnserv.vcxproj @@ -22,30 +22,30 @@ {9C91EE0B-817D-420A-A1E6-15A5A9D98BAD} openvpnserv Win32Proj -10.0.17134.0 +10.0 Application Unicode true -v141 +v142 Application Unicode true -v141 +v142 Application Unicode -v141 +v142 Application Unicode -v141 +v142 @@ -139,4 +139,4 @@ - + \ No newline at end of file diff --git a/src/tapctl/tapctl.vcxproj b/src/tapctl/tapctl.vcxproj index 5c1983b..1d593fc 100644 --- a/src/tapctl/tapctl.vcxproj +++ b/src/tapctl/tapctl.vcxproj @@ -31,32 +31,32 @@ {A06436E7-D576-490D-8BA0-0751D920334A} Win32Proj tapctl -10.0.17134.0 +10.0 Application true -v141 +v142 Unicode true Application true -v141 +v142 Unicode Application true -v141 +v142 Unicode Application false -v141 +v142 true Unicode true @@ -64,14 +64,14 @@ Application false -v141 +v142 true Unicode Application false -v141 +v142 true Unicode -- 2.7.4 ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH v2 4/7] wintun: ring buffers based I/O
From: Lev Stipakov Implemented according to Wintun documentation and reference client code. Wintun uses ring buffers to communicate between kernel driver and user process. Client allocates send and receive ring buffers, creates events and passes it to kernel driver under LocalSystem privileges. When data is available for read, wintun modifies "tail" pointer of send ring and signals via event. User process reads data from "head" to "tail" and updates "head" pointer. When user process is ready to write, it writes to receive ring, updates "tail" pointer and signals to kernel via event. In openvpn code we add send ring's event to event loop. Before performing io wait, we compare "head" and "tail" pointers of send ring and if they're different, we skip io wait and perform read. This also adds ring buffers support to tcp and udp server code. Signed-off-by: Lev Stipakov --- src/openvpn/forward.c | 42 +++--- src/openvpn/forward.h | 47 +++- src/openvpn/mtcp.c| 28 +++- src/openvpn/mudp.c| 14 ++ src/openvpn/options.c | 4 +- src/openvpn/syshead.h | 1 + src/openvpn/tun.c | 45 +++ src/openvpn/tun.h | 121 +- src/openvpn/win32.c | 120 + src/openvpn/win32.h | 47 10 files changed, 458 insertions(+), 11 deletions(-) diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 8451706..0be8b6d 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -1256,12 +1256,30 @@ read_incoming_tun(struct context *c) perf_push(PERF_READ_IN_TUN); c->c2.buf = c->c2.buffers->read_tun_buf; + #ifdef _WIN32 -read_tun_buffered(c->c1.tuntap, >c2.buf); +if (c->c1.tuntap->wintun) +{ +read_wintun(c->c1.tuntap, >c2.buf); +if (c->c2.buf.len == -1) +{ +register_signal(c, SIGHUP, "tun-abort"); +c->persist.restart_sleep_seconds = 1; +msg(M_INFO, "Wintun read error, restarting"); +perf_pop(); +return; +} +} +else +{ +read_tun_buffered(c->c1.tuntap, >c2.buf); #else -ASSERT(buf_init(>c2.buf, FRAME_HEADROOM(>c2.frame))); -ASSERT(buf_safe(>c2.buf, MAX_RW_SIZE_TUN(>c2.frame))); -c->c2.buf.len = read_tun(c->c1.tuntap, BPTR(>c2.buf), MAX_RW_SIZE_TUN(>c2.frame)); +ASSERT(buf_init(>c2.buf, FRAME_HEADROOM(>c2.frame))); +ASSERT(buf_safe(>c2.buf, MAX_RW_SIZE_TUN(>c2.frame))); +c->c2.buf.len = read_tun(c->c1.tuntap, BPTR(>c2.buf), MAX_RW_SIZE_TUN(>c2.frame)); +#endif +#ifdef _WIN32 +} #endif #ifdef PACKET_TRUNCATION_CHECK @@ -2103,7 +2121,21 @@ io_wait_dowork(struct context *c, const unsigned int flags) * Configure event wait based on socket, tuntap flags. */ socket_set(c->c2.link_socket, c->c2.event_set, socket, (void *)_shift, NULL); -tun_set(c->c1.tuntap, c->c2.event_set, tuntap, (void *)_shift, NULL); + +#ifdef _WIN32 +if (c->c1.tuntap && c->c1.tuntap->wintun) +{ +/* add ring buffer event */ +struct rw_handle rw = {.read = c->c1.tuntap->send_tail_moved }; +event_ctl(c->c2.event_set, , EVENT_READ, (void *)_shift); +} +else +{ +#endif +tun_set(c->c1.tuntap, c->c2.event_set, tuntap, (void *)_shift, NULL); +#ifdef _WIN32 +} +#endif #ifdef ENABLE_MANAGEMENT if (management) diff --git a/src/openvpn/forward.h b/src/openvpn/forward.h index 48202c0..6096fa8 100644 --- a/src/openvpn/forward.h +++ b/src/openvpn/forward.h @@ -375,6 +375,19 @@ p2p_iow_flags(const struct context *c) { flags |= IOW_TO_TUN; } +#ifdef _WIN32 +{ +struct tuntap *tt = c->c1.tuntap; +if (tt && tt->wintun) +{ +if (tt->send_ring->head == tt->send_ring->tail) +{ +/* nothing to read from tun -> remove tun read flag set by IOW_READ */ +flags &= ~IOW_READ_TUN; +} +} +} +#endif return flags; } @@ -403,8 +416,38 @@ io_wait(struct context *c, const unsigned int flags) } else { -/* slow path */ -io_wait_dowork(c, flags); +#ifdef _WIN32 +bool skip_iowait = flags & IOW_TO_TUN; +if (flags & IOW_READ_TUN) +{ +/* + * don't read from tun if we have pending write to link, + * since every tun read overwrites to_link buffer filled + * by previous tun read + */ +skip_iowait = !(flags & IOW_TO_LINK); +} +if (c->c1.tuntap && c->c1.tuntap->wintun && skip_iowait) +{ +unsigned int ret = 0; +if (flags & IOW_TO_TUN) +{ +ret |= TUN_WRITE; +} +if (flags & IOW_READ_TUN) +{ +ret |= TUN_READ; +} +c->c2.event_set_status =
[Openvpn-devel] [PATCH v2 2/7] wintun: add --windows-driver config option
From: Lev Stipakov This allows to specify which tun driver openvpn should use, tap-windows6 (default) or wintun. Note than wintun support will be added in follow-up patches. Signed-off-by: Lev Stipakov --- src/openvpn/init.c| 7 +++ src/openvpn/options.c | 37 + src/openvpn/options.h | 1 + src/openvpn/tun.h | 1 + 4 files changed, 46 insertions(+) diff --git a/src/openvpn/init.c b/src/openvpn/init.c index ae7bd63..c6d4953 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -1733,6 +1733,10 @@ do_init_tun(struct context *c) c->c2.es, >net_ctx); +#ifdef _WIN32 +c->c1.tuntap->wintun = c->options.wintun; +#endif + init_tun_post(c->c1.tuntap, >c2.frame, >options.tuntap_options); @@ -1775,6 +1779,9 @@ do_open_tun(struct context *c) /* store (hide) interactive service handle in tuntap_options */ c->c1.tuntap->options.msg_channel = c->options.msg_channel; msg(D_ROUTE, "interactive service msg_channel=%u", (unsigned int) c->options.msg_channel); + +c->c1.tuntap->wintun = c->options.wintun; + #endif /* allocate route list structure */ diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 1838a69..5c5033e 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -747,6 +747,9 @@ static const char usage_message[] = " optional parameter controls the initial state of ex.\n" "--show-net-up : Show " PACKAGE_NAME "'s view of routing table and net adapter list\n" " after TAP adapter is up and routes have been added.\n" +"--windows-driver : Which tun driver to use?\n" +" tap-windows6 (default)\n" +" wintun\n" #ifdef _WIN32 "--block-outside-dns : Block DNS on other network adapters to prevent DNS leaks\n" #endif @@ -851,6 +854,7 @@ init_options(struct options *o, const bool init_gc) o->tuntap_options.dhcp_masq_offset = 0; /* use network address as internal DHCP server address */ o->route_method = ROUTE_METHOD_ADAPTIVE; o->block_outside_dns = false; +o->wintun = false; #endif o->vlan_accept = VLAN_ONLY_UNTAGGED_OR_PRIORITY; o->vlan_pvid = 1; @@ -2994,6 +2998,12 @@ options_postprocess_mutate_invariant(struct options *options) options->ifconfig_noexec = false; } +/* for wintun kernel doesn't send DHCP requests, so use ipapi to set IP address and netmask */ +if (options->wintun) +{ +options->tuntap_options.ip_win32_type = IPW32_SET_IPAPI; +} + remap_redirect_gateway_flags(options); #endif @@ -4039,6 +4049,26 @@ foreign_option(struct options *o, char *argv[], int len, struct env_set *es) } } +#ifdef _WIN32 +bool +parse_windows_driver(const char *str, const int msglevel) +{ +if (streq(str, "tap-windows6")) +{ +return false; +} +else if (streq(str, "wintun")) +{ +return true; +} +else +{ +msg(msglevel, "--windows-driver must be tap-windows6 or wintun"); +return false; +} +} +#endif + /* * parse/print topology coding */ @@ -5281,6 +5311,13 @@ add_option(struct options *options, VERIFY_PERMISSION(OPT_P_GENERAL); options->dev_type = p[1]; } +#ifdef _WIN32 +else if (streq(p[0], "windows-driver") && p[1] && !p[2]) +{ +VERIFY_PERMISSION(OPT_P_GENERAL); +options->wintun = parse_windows_driver(p[1], M_FATAL); +} +#endif else if (streq(p[0], "dev-node") && p[1] && !p[2]) { VERIFY_PERMISSION(OPT_P_GENERAL); diff --git a/src/openvpn/options.h b/src/openvpn/options.h index ff7a5bb..0a24e5e 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -632,6 +632,7 @@ struct options bool show_net_up; int route_method; bool block_outside_dns; +bool wintun; #endif bool use_peer_id; diff --git a/src/openvpn/tun.h b/src/openvpn/tun.h index 5a0a933..df935f6 100644 --- a/src/openvpn/tun.h +++ b/src/openvpn/tun.h @@ -175,6 +175,7 @@ struct tuntap * ~0 if undefined */ DWORD adapter_index; +bool wintun; /* true if wintun is used instead of tap-windows6 */ int standby_iter; #else /* ifdef _WIN32 */ int fd; /* file descriptor for TUN/TAP dev */ -- 2.7.4 ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH v2 6/7] wintun: set adapter properties via interactive service
From: Lev Stipakov Since Wintun doesn't do DHCP, use interactive service calls to set up adapter properties. This also fixes bug in previously unused IPv4 code of do_address_service(): - ipv4 address must be in network byte order - prefix length cannot be hardcoded /32 but must be calculated from netmask Signed-off-by: Lev Stipakov --- src/openvpn/route.c | 2 +- src/openvpn/route.h | 3 ++- src/openvpn/tun.c | 77 + 3 files changed, 63 insertions(+), 19 deletions(-) diff --git a/src/openvpn/route.c b/src/openvpn/route.c index 97e90e5..cc6d551 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -3019,7 +3019,7 @@ out: return ret; } -static bool +bool do_route_ipv4_service(const bool add, const struct route_ipv4 *r, const struct tuntap *tt) { DWORD if_index = windows_route_find_if_index(r, tt); diff --git a/src/openvpn/route.h b/src/openvpn/route.h index 2e68091..27b652c 100644 --- a/src/openvpn/route.h +++ b/src/openvpn/route.h @@ -321,7 +321,8 @@ void setenv_routes(struct env_set *es, const struct route_list *rl); void setenv_routes_ipv6(struct env_set *es, const struct route_ipv6_list *rl6); - +bool do_route_ipv4_service(const bool add, const struct route_ipv4 *r, + const struct tuntap *tt); bool is_special_addr(const char *addr_str); diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index ef1415c..c3ea4a8 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -109,8 +109,8 @@ do_address_service(const bool add, const short family, const struct tuntap *tt) if (addr.family == AF_INET) { -addr.address.ipv4.s_addr = tt->local; -addr.prefix_len = 32; +addr.address.ipv4.s_addr = htonl(tt->local); +addr.prefix_len = netmask_to_netbits2(tt->adapter_netmask); } else { @@ -139,13 +139,17 @@ out: } static bool -do_dns6_service(bool add, const struct tuntap *tt) +do_dns_service(bool add, const short family, const struct tuntap *tt) { bool ret = false; ack_message_t ack; struct gc_arena gc = gc_new(); HANDLE pipe = tt->options.msg_channel; -int addr_len = add ? tt->options.dns6_len : 0; +int len = family == AF_INET6 ? tt->options.dns6_len : tt->options.dns_len; +int addr_len = add ? len : 0; +char ip_proto_name[5]; + +strcpy(ip_proto_name, family == AF_INET6 ? "IPv6" : "IPv4"); if (addr_len == 0 && add) /* no addresses to add */ { @@ -160,7 +164,7 @@ do_dns6_service(bool add, const struct tuntap *tt) }, .iface = { .index = tt->adapter_index, .name = "" }, .domains = "", -.family = AF_INET6, +.family = family, .addr_len = addr_len }; @@ -172,17 +176,24 @@ do_dns6_service(bool add, const struct tuntap *tt) { addr_len = _countof(dns.addr); dns.addr_len = addr_len; -msg(M_WARN, "Number of IPv6 DNS addresses sent to service truncated to %d", -addr_len); +msg(M_WARN, "Number of %s DNS addresses sent to service truncated to %d", +ip_proto_name, addr_len); } for (int i = 0; i < addr_len; ++i) { -dns.addr[i].ipv6 = tt->options.dns6[i]; +if (family == AF_INET6) +{ +dns.addr[i].ipv6 = tt->options.dns6[i]; +} +else +{ +dns.addr[i].ipv4.s_addr = htonl(tt->options.dns[i]); +} } -msg(D_LOW, "%s IPv6 dns servers on '%s' (if_index = %d) using service", -(add ? "Setting" : "Deleting"), dns.iface.name, dns.iface.index); +msg(D_LOW, "%s %s dns servers on '%s' (if_index = %d) using service", +(add ? "Setting" : "Deleting"), ip_proto_name, dns.iface.name, dns.iface.index); if (!send_msg_iservice(pipe, , sizeof(dns), , "TUN")) { @@ -191,13 +202,13 @@ do_dns6_service(bool add, const struct tuntap *tt) if (ack.error_number != NO_ERROR) { -msg(M_WARN, "TUN: %s IPv6 dns failed using service: %s [status=%u if_name=%s]", -(add ? "adding" : "deleting"), strerror_win32(ack.error_number, ), +msg(M_WARN, "TUN: %s %s dns failed using service: %s [status=%u if_name=%s]", +(add ? "adding" : "deleting"), ip_proto_name, strerror_win32(ack.error_number, ), ack.error_number, dns.iface.name); goto out; } -msg(M_INFO, "IPv6 dns servers %s using service", (add ? "set" : "deleted")); +msg(M_INFO, "%s dns servers %s using service", ip_proto_name, (add ? "set" : "deleted")); ret = true; out: @@ -830,7 +841,7 @@ init_tun_post(struct tuntap *tt, * an extra call to "route add..." * -> helper function to simplify code below */ -void +static void add_route_connected_v6_net(struct tuntap *tt, const struct env_set *es) { @@ -862,6 +873,21 @@ delete_route_connected_v6_net(struct tuntap *tt, } #endif /* if defined(_WIN32) ||
[Openvpn-devel] [PATCH v2 0/7] Wintun support
This set of patches adds support of wintun kernel driver (https://www.wintun.net) to OpenVPN Windows client and server. While wintun is in beta (currently used version is 0.7), it performs significantly faster comparison to tap-windows6. Below are download bandwidth stats reported by iperf3 running on client: > iperf3 -c -t 60 Server - community openvpn2 (2.4.4) tap-windows6 - 396Mbit/s wintun- 677Mbit/s Server - propietary openvpn3 with kernel acceleration (in development) tap-windows6 - 386Mbit/s wintun- 840Mbit/s Client version used for tap-windows6 tests is 2.4.8. To use wintun driver instead of tap-window6, add "windows-driver wintun" to your VPN config file or openvpn.exe command line. Ready-made Windows client installer (signed by OpenVPN Inc) with wintun support could be found here: from http://staging.openvpn.net/openvpn2/. To build installer yourself, you need a patched version of openvpn-build, see https://github.com/OpenVPN/openvpn-build/pull/154. Changes from v1: - rebased on top of latest master (2b11e57) Lev Stipakov (7): Visual Studio: upgrade project files to VS2019 wintun: add --windows-driver config option wintun: implement opening wintun device wintun: ring buffers based I/O wintun: interactive service support wintun: set adapter properties via interactive service wintun: clear adapter settings on tun close include/openvpn-msg.h | 10 + src/compat/compat.vcxproj | 12 +- src/openvpn/Makefile.am | 4 +- src/openvpn/forward.c | 42 ++- src/openvpn/forward.h | 47 ++- src/openvpn/init.c | 7 + src/openvpn/mtcp.c | 28 +- src/openvpn/mudp.c | 14 + src/openvpn/openvpn.vcxproj | 16 +- src/openvpn/openvpn.vcxproj.filters | 8 +- src/openvpn/options.c | 37 ++ src/openvpn/options.h | 1 + src/openvpn/ring_buffer.c | 54 +++ src/openvpn/ring_buffer.h | 79 + src/openvpn/route.c | 2 +- src/openvpn/route.h | 3 +- src/openvpn/syshead.h | 1 + src/openvpn/tun.c | 504 +++- src/openvpn/tun.h | 139 +++- src/openvpn/win32.c | 95 ++ src/openvpn/win32.h | 4 + src/openvpnmsica/openvpnmsica.vcxproj | 14 +- src/openvpnserv/Makefile.am | 3 +- src/openvpnserv/interactive.c | 141 +++- src/openvpnserv/openvpnserv.vcxproj | 14 +- src/openvpnserv/openvpnserv.vcxproj.filters | 6 + src/tapctl/tapctl.vcxproj | 14 +- 27 files changed, 1160 insertions(+), 139 deletions(-) create mode 100644 src/openvpn/ring_buffer.c create mode 100644 src/openvpn/ring_buffer.h -- 2.7.4 ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH applied] Re: VLAN: add basic VLAN tagging support
Hi On Thu, Nov 7, 2019 at 7:43 AM Lev Stipakov wrote: > Hi, > > >> I'm a bit unhappy with that one, as it changes behaviour for all >> non-windows >> builds (including all the openssl build output even if it succeeds). >> > > The only place it changes behavior is this > > install: >- if [ ! -z "${CHOST}" ]; then unset CC; fi > - - .travis/build-deps.sh > build-deps.log 2>&1 || (cat build-deps.log && > exit 1) > + - .travis/build-deps.sh > > I don't see it as an issue to print output when building dependencies. The > reason why > it is done is that travis aborts build if there is no output for more than > 10 minutes. > > >> Besides this, we need to fix this whole MSVC mess - all other platforms >> are just done with "add new source file to the Makefile.ac" and done >> (including mingw builds), and then MSVC is broken again, and this will >> happen again and again. > > >> Is there no reasonable way to build these project files from Makefile.ac? >> > > I see no reasonable way. Selva, Simon - opinions? > Personally, I come from the Unix world, work on Windows only out of necessity, and either avoid MSVC or leave it to others to figure out as far as possible. So my opinion may not count for much. That said, short of moving to a more Windows-friendly build system such as CMake, I see no good options. But the status quo looks good enough to me -- i.e., just do a patch to fix the project files when you notice a missing entry. Selva ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH applied] Re: msvc: Add vlan.c/h
Thanks! Your patch has been applied to the master branch. commit 2b11e57c02b2d21e384a2fc860fea1209f55 Author: Simon Rozman Date: Thu Nov 7 14:29:01 2019 +0100 msvc: Add vlan.c/h Signed-off-by: Simon Rozman Acked-by: Lev Stipakov Message-Id: <20191107132901.1280-1-si...@rozman.si> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg19015.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH applied] Re: VLAN: add basic VLAN tagging support
Hi, On 07/11/2019 14:36, Simon Rozman wrote: > I revoke this “master.c” idea. It makes incremental compiling ridiculously > slow. It might work for production builds, but definitely not for development. It also breaks scoping of variables/function. So, I am glad you found your own reason to reject that :-) -- Antonio Quartulli ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH applied] Re: VLAN: add basic VLAN tagging support
I revoke this “master.c” idea. It makes incremental compiling ridiculously slow. It might work for production builds, but definitely not for development. Best regards, Simon From: Simon Rozman [mailto:si...@rozman.si] Sent: Thursday, November 7, 2019 2:06 PM To: 'Lev Stipakov' ; 'Gert Doering' Cc: 'Antonio Quartulli' ; 'openvpn-devel' Subject: Re: [Openvpn-devel] [PATCH applied] Re: VLAN: add basic VLAN tagging support We could introduce a master.c file which would include: #include "argv.c" #include "auth_token.c" #include "base64.c" #include "block_dns.c" #include "buffer.c" . . . #include "status.c" #include "tls_crypt.c" #include "tun.c" #include "win32.c" And then have Makefile.ac and MSVC project files compile the master.c only. Best regards, Simon Besides this, we need to fix this whole MSVC mess - all other platforms are just done with "add new source file to the Makefile.ac" and done (including mingw builds), and then MSVC is broken again, and this will happen again and again. Is there no reasonable way to build these project files from Makefile.ac? I see no reasonable way. Selva, Simon - opinions? We could probably have a templatized project file and script which inserts source files to there based on content of Makefile.ac, but I don't like it. I consider necessity of modifying VS project a lesser evil. (you open it and it just works) -Lev smime.p7s Description: S/MIME cryptographic signature ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH] msvc: Add vlan.c/h
Acked-by: Lev Stipakov to 7. marrask. 2019 klo 15.30 Simon Rozman (si...@rozman.si) kirjoitti: > This upgrades 99f28081477ca325a14b13c38abec2c9b619eb01 to support MSVC > building. > > Signed-off-by: Simon Rozman > --- > src/openvpn/openvpn.vcxproj | 2 ++ > src/openvpn/openvpn.vcxproj.filters | 6 ++ > 2 files changed, 8 insertions(+) > > diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj > index 85af466f..48e8e140 100644 > --- a/src/openvpn/openvpn.vcxproj > +++ b/src/openvpn/openvpn.vcxproj > @@ -196,6 +196,7 @@ > > > > + > > > > @@ -283,6 +284,7 @@ > > > > + > > > > diff --git a/src/openvpn/openvpn.vcxproj.filters > b/src/openvpn/openvpn.vcxproj.filters > index e6068aff..653e892c 100644 > --- a/src/openvpn/openvpn.vcxproj.filters > +++ b/src/openvpn/openvpn.vcxproj.filters > @@ -237,6 +237,9 @@ > >Source Files > > + > + Source Files > + > > > > @@ -494,6 +497,9 @@ > >Header Files > > + > + Header Files > + > > > > -- > 2.23.0.windows.1 > > > > ___ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel > -- -Lev ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH applied] Re: VLAN: add basic VLAN tagging support
Hi, On 07/11/2019 12:42, Lev Stipakov wrote: Hi, I'm a bit unhappy with that one, as it changes behaviour for all non-windows builds (including all the openssl build output even if it succeeds). The only place it changes behavior is this install: - if [ ! -z "${CHOST}" ]; then unset CC; fi - - .travis/build-deps.sh > build-deps.log 2>&1 || (cat build-deps.log && exit 1) + - .travis/build-deps.sh I don't see it as an issue to print output when building dependencies. The reason why it is done is that travis aborts build if there is no output for more than 10 minutes. Can travis be instructed to wait longer ? ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH] msvc: Add vlan.c/h
This upgrades 99f28081477ca325a14b13c38abec2c9b619eb01 to support MSVC building. Signed-off-by: Simon Rozman --- src/openvpn/openvpn.vcxproj | 2 ++ src/openvpn/openvpn.vcxproj.filters | 6 ++ 2 files changed, 8 insertions(+) diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj index 85af466f..48e8e140 100644 --- a/src/openvpn/openvpn.vcxproj +++ b/src/openvpn/openvpn.vcxproj @@ -196,6 +196,7 @@ + @@ -283,6 +284,7 @@ + diff --git a/src/openvpn/openvpn.vcxproj.filters b/src/openvpn/openvpn.vcxproj.filters index e6068aff..653e892c 100644 --- a/src/openvpn/openvpn.vcxproj.filters +++ b/src/openvpn/openvpn.vcxproj.filters @@ -237,6 +237,9 @@ Source Files + + Source Files + @@ -494,6 +497,9 @@ Header Files + + Header Files + -- 2.23.0.windows.1 ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH applied] Re: VLAN: add basic VLAN tagging support
We could introduce a master.c file which would include: #include "argv.c" #include "auth_token.c" #include "base64.c" #include "block_dns.c" #include "buffer.c" . . . #include "status.c" #include "tls_crypt.c" #include "tun.c" #include "win32.c" And then have Makefile.ac and MSVC project files compile the master.c only. Best regards, Simon Besides this, we need to fix this whole MSVC mess - all other platforms are just done with "add new source file to the Makefile.ac" and done (including mingw builds), and then MSVC is broken again, and this will happen again and again. Is there no reasonable way to build these project files from Makefile.ac? I see no reasonable way. Selva, Simon - opinions? We could probably have a templatized project file and script which inserts source files to there based on content of Makefile.ac, but I don't like it. I consider necessity of modifying VS project a lesser evil. (you open it and it just works) -Lev smime.p7s Description: S/MIME cryptographic signature ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH applied] Re: VLAN: add basic VLAN tagging support
Hi, On Thu, Nov 07, 2019 at 02:42:17PM +0200, Lev Stipakov wrote: > > I'm a bit unhappy with that one, as it changes behaviour for all > > non-windows > > builds (including all the openssl build output even if it succeeds). > > The only place it changes behavior is this > > install: >- if [ ! -z "${CHOST}" ]; then unset CC; fi > - - .travis/build-deps.sh > build-deps.log 2>&1 || (cat build-deps.log && > exit 1) > + - .travis/build-deps.sh > > I don't see it as an issue to print output when building dependencies. The > reason why > it is done is that travis aborts build if there is no output for more than > 10 minutes. It's lots of text that is totally uninteresting if it succeeds, but that you need to scroll over when looking for the reason why a build fails - which is the reason why it is the way it is today. [..] > We could probably have a templatized project file and script which inserts > source files to there > based on content of Makefile.ac, but I don't like it. I consider necessity > of modifying VS project a lesser evil. > > (you open it and it just works) I'm not taking responsibility for not breaking MSVC builds. This is a world alien to me - if you want me to not break things, it needs to be "without fiddling XML files". If you volunteer to update MSVC every time we add or change a source file, I'm happy to send you a HEADS UP notice. But I am not doing it, and I will not request it from any contributor who is not using windows. gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH applied] Re: VLAN: add basic VLAN tagging support
Hi, > I'm a bit unhappy with that one, as it changes behaviour for all > non-windows > builds (including all the openssl build output even if it succeeds). > The only place it changes behavior is this install: - if [ ! -z "${CHOST}" ]; then unset CC; fi - - .travis/build-deps.sh > build-deps.log 2>&1 || (cat build-deps.log && exit 1) + - .travis/build-deps.sh I don't see it as an issue to print output when building dependencies. The reason why it is done is that travis aborts build if there is no output for more than 10 minutes. > Besides this, we need to fix this whole MSVC mess - all other platforms > are just done with "add new source file to the Makefile.ac" and done > (including mingw builds), and then MSVC is broken again, and this will > happen again and again. > Is there no reasonable way to build these project files from Makefile.ac? > I see no reasonable way. Selva, Simon - opinions? We could probably have a templatized project file and script which inserts source files to there based on content of Makefile.ac, but I don't like it. I consider necessity of modifying VS project a lesser evil. (you open it and it just works) -Lev ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH applied] Re: VLAN: add basic VLAN tagging support
Hi, On Thu, Nov 07, 2019 at 02:18:25PM +0200, Lev Stipakov wrote: > This broke (again) Visual Studio build: > > > error LNK2019: unresolved external symbol vlan_process_outgoing_tun > referenced in function multi_process_outgoing_tun Can you please send a patch that adds vlan.c to the list of source code modules to be compiled and linked? > Can we please ack and merge this patch > https://patchwork.openvpn.net/patch/868/ to catch these things earlier? I'm a bit unhappy with that one, as it changes behaviour for all non-windows builds (including all the openssl build output even if it succeeds). Besides this, we need to fix this whole MSVC mess - all other platforms are just done with "add new source file to the Makefile.ac" and done (including mingw builds), and then MSVC is broken again, and this will happen again and again. Is there no reasonable way to build these project files from Makefile.ac? gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH applied] Re: VLAN: add basic VLAN tagging support
This broke (again) Visual Studio build: > error LNK2019: unresolved external symbol vlan_process_outgoing_tun referenced in function multi_process_outgoing_tun Can we please ack and merge this patch https://patchwork.openvpn.net/patch/868/ to catch these things earlier? ke 6. marrask. 2019 klo 22.42 Gert Doering (g...@greenie.muc.de) kirjoitti: > Acked-by: Gert Doering > > Stared at the code (twice now), run t_client and t_server tests. > > This patch does not really *do* much yet, but it lays the groundwork > for future work - the "broadcast only to clients in the same vlan" > part is there, but it's always called with "0" (= all clients). As > far as I can see, the only notable behavioural change we have so far > is "if a client is assigned a pvid (!= the global pvid), it will not > be able to communicate with the TAP interface" (check in vlan.c, > vlan_process_outgoing_tun()), but client-to-client is still allowed, > and there is no per-vlan MAC learning yet either. > > (Most notably, it only adds options and code relevant for TAP mode) > > Your patch has been applied to the master branch. > > commit 99f28081477ca325a14b13c38abec2c9b619eb01 > Author: Antonio Quartulli > Date: Wed Oct 9 16:34:15 2019 +0200 > > VLAN: add basic VLAN tagging support > > Signed-off-by: Fabian Knittel > Signed-off-by: Antonio Quartulli > Acked-by: Gert Doering > Message-Id: <20191009143422.9419-...@unstable.cc> > URL: > https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18924.html > Signed-off-by: Gert Doering > > > -- > kind regards, > > Gert Doering > > > > ___ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel > -- -Lev ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel