Re: [Openvpn-devel] [PATCH v3 6/7] wintun: stop sending TAP-Windows6 ioctls to NDIS device

[Lev Stipakov]

Compiled and tested on MSVC.

Acked-by: Lev Stipakov 
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v3 6/7] wintun: stop sending TAP-Windows6 ioctls to NDIS device

[Simon Rozman]

Wintun doesn't have its own I/O device. Rather, it taps on existing
Windows-provided NDIS device. Sending TAP-Windows6 IOCTL requests to it
is risky, as TAP-Windows6 is using one of the well-known device types
(FILE_DEVICE_UNKNOWN) with function IDs as 1, 2, 3 etc. raising a chance
of collision as NDIS might react to one of these IOCTLs.

Signed-off-by: Simon Rozman 
---
 src/openvpn/error.c | 5 -
 src/openvpn/sig.c   | 7 +--
 src/openvpn/tun.c   | 4 ++--
 3 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/src/openvpn/error.c b/src/openvpn/error.c
index b2492f2b..ad4f0ef4 100644
--- a/src/openvpn/error.c
+++ b/src/openvpn/error.c
@@ -688,7 +688,10 @@ x_check_status(int status,
 }
 #elif defined(_WIN32)
 /* get possible driver error from TAP-Windows driver */
-extended_msg = tap_win_getinfo(tt, &gc);
+if (tuntap_defined(tt))
+{
+extended_msg = tap_win_getinfo(tt, &gc);
+}
 #endif
 if (!ignore_sys_error(my_errno))
 {
diff --git a/src/openvpn/sig.c b/src/openvpn/sig.c
index d7f2abb8..6e3379fe 100644
--- a/src/openvpn/sig.c
+++ b/src/openvpn/sig.c
@@ -317,8 +317,11 @@ print_status(const struct context *c, struct status_output 
*so)
 #ifdef _WIN32
 if (tuntap_defined(c->c1.tuntap))
 {
-status_printf(so, "TAP-WIN32 driver status,\"%s\"",
-  tap_win_getinfo(c->c1.tuntap, &gc));
+const char *extended_msg = tap_win_getinfo(c->c1.tuntap, &gc);
+if (extended_msg)
+{
+status_printf(so, "TAP-WIN32 driver status,\"%s\"", extended_msg);
+}
 }
 #endif
 
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 30fb78b2..e36c49b1 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -6411,7 +6411,7 @@ open_tun(const char *dev, const char *dev_type, const 
char *dev_node, struct tun
 const char *
 tap_win_getinfo(const struct tuntap *tt, struct gc_arena *gc)
 {
-if (tt && tt->hand != NULL)
+if (!tt->wintun)
 {
 struct buffer out = alloc_buf_gc(256, gc);
 DWORD len;
@@ -6429,7 +6429,7 @@ tap_win_getinfo(const struct tuntap *tt, struct gc_arena 
*gc)
 void
 tun_show_debug(struct tuntap *tt)
 {
-if (tt && tt->hand != NULL)
+if (!tt->wintun)
 {
 struct buffer out = alloc_buf(1024);
 DWORD len;
-- 
2.24.1.windows.2

v3 changes:
* tuntap_defined() checks revised according to Lev's recommendations


___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] Summary of the community meeting (8th Jan 2020)

[Samuli Seppänen]

Hi,

Here's the summary of the IRC meeting.

---

COMMUNITY MEETING

Place: #openvpn-meeting on irc.freenode.net
Date: Wed 8th January 2020
Time: 11:30 CET (10:30 UTC)

Planned meeting topics for this meeting were here:



Your local meeting time is easy to check from services such as



SUMMARY

cron2, lev, mattock, plaisthos and rozmansi participated in this meeting.

---

Discussed status of OpenVPN 2.5:



Identified the missing parts and their current owners:

win buildslave: mattock
wintun: rozmansi, lev, mattock
do NCP right:   syzzer, cron
2FA patch set:  dazo, plaisthos
async-cc:   ordex, plaisthos
ipv6-only:  cron
argv:   plaisthos
msi:rozmansi, mattock

Mattock decided to put the Windows buildslave on the top of his queue.

Agreed that with the current level of involvement there is no way we can
make the January 31st 2020 deadline. Decided to try to get dazo more
actively involved in 2.5 release process - he can then pull the strings
to get OpenVPN 3 core team involved in completing the remaining pieces
of 2.5.

--

Full chatlog attached
(12:33:41) mattock: howdy
(12:37:13) mattock: quiet today?
(12:37:22) rozmansi: cron2: I have a v3 version of 
https://patchwork.openvpn.net/patch/960/, but forgot to send it...
(12:37:24) cron2: you joined late :)
(12:38:08) cron2: rozmansi: please re-send so lev__ can ACK :)
(12:38:10) mattock: hi guys!
(12:38:36) rozmansi: hi
(12:39:20) cron2: everyone else still on vacation?
(12:39:31) mattock: don't know
(12:39:44) mattock: dazo does not seem to be as he's been sending internal 
emails
(12:40:08) cron2: I've seen plaisthos in #openvpn-devel yesterday
(12:42:07) mattock: I've actually been sick for a week and doing only the bare 
minimum amount of work I have to
(12:42:17) mattock: throat infection if you're wondering
(12:42:38) mattock: the current horse medicine seems to be working through, 
which is very nice
(12:43:19) cron2: eww... 
(12:44:54) mattock: anyways, so what are the blockers for 2.5 now?
(12:45:05) mattock: "where are we at?"
(12:45:15) cron2: nothing has happened since last meeting
(12:45:49) mattock: let me poke at dazo et al internally and see if he could 
join
(12:46:31) mattock: done
(12:47:17) cron2: async-cc, msi, wintun, ipv6-only, argv, ...
(12:47:51) mattock: ordex was active about an hour ago
(12:47:57) mattock: no other discussion from the other guys
(12:51:09) mattock: who is responsible for what? if nobody else appears soon 
the best we can do is compile as list of "who should do what" and start putting 
some pressure on people :)
(12:51:13) lev__: hello
(12:51:22) mattock: hi lev!
(12:51:25) cron2: hi lev
(12:51:29) rozmansi: hi
(12:51:36) mattock: good to have at least one from the openvpn3 team here :)
(12:51:37) cron2: msi is on rozmansi and mattock, it seems :-)
(12:51:42) lev__: yes, please send V3 and I'll ack it
(12:51:49) cron2: wintun is on lev and rozmansi
(12:51:54) plaisthos: mattock: get well soon
(12:51:55) rozmansi: msi is on me
(12:52:02) cron2: windows buildslave / snapshot builder is on mattock
(12:52:09) lev__: also maybe rozmansi can look at 
https://patchwork.openvpn.net/patch/946/
(12:52:10) vpnHelper: Title: [Openvpn-devel] options.c: do not force route 
delay when not using DHCP - Patchwork (at patchwork.openvpn.net)
(12:52:12) mattock: plaishos: I'm doing my best :)
(12:52:17) plaisthos: argv review is on me
(12:52:52) mattock: cron2: yep, that is high up my queue - actually I could put 
it on the top now, just finished something else
(12:52:53) cron2: the "do NCP right" stuff is not on the list, but needs to go 
in - syzzer/dazo/me?
(12:53:35) plaisthos: syzzer reviewed the first patch of the series and that 
got almost an ACK
(12:53:48) cron2: saw that :)
(12:54:34) cron2: ISTR the "2FA patch set" is on dazo
(12:55:18) plaisthos: the ncp v2 sounds  like crypto but is actually not :D
(12:55:27) plaisthos: it is more comparing lists etc.
(12:55:46) cron2: I can certainly have a look on that
(12:56:18) plaisthos: okay 4/4 is a bit crypto related (normalising of cipher 
names)
(12:57:02) cron2: "two step authentication methods" is the name of the patchset
(12:57:27) cron2: v1 is on the list, and dazo&plaisthos agreed to work on a v2 
that is "ready for merge", if I recall...
(12:57:57) cron2: given work load, I assume it's sitting on dazo's queue
(13:04:35) mattock: async-cc, ipv6-only, argv?
(13:05:04) cron2: ipv6-only is on me, argv is on plaisthos ("he just said so"), 
async-cc on plaisthos+ordex
(13:05:41) mattock: ok, so here's the current list - looks good?
(13:05:47) mattock: win buildslave: mattock
(13:05:47) mattock: wintun: rozmansi, lev, mattock
(13:05:47) mattock: do NCP right:   syzzer  
(13:05:47) mattock: 2FA patch set:  dazo, plaisthos
(13:05:47) mattock: async-cc:   ordex, plai