mit b6f7b285767e66f5cbd3854cf0ff918e87b31202
Author: Antonio Quartulli
Date: Thu Aug 4 09:14:01 2022 +0200
dco: implement dco support for p2p/client code path
Signed-off-by: Antonio Quartulli
Acked-by: Gert Doering
Message-Id: <20220804071401.12410-...@unstable.cc>
URL:
https://www.mail-ar
Darn - must have missed this during the patch split up.
Thanks for pointing this out.
Cheers,
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
the correct errno, and the
sitnl code already prints the error.
v2: use "else if"
Signed-off-by: Gert Doering
Acked-by: Antonio Quartulli
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourc
With this change we introduce ovpn-dco support only along the p2p/client
code path. Server codebase is still unchanged.
Signed-off-by: Antonio Quartulli
---
Changes from v1:
* rebased
---
src/openvpn/dco.c | 91 +++
src/openvpn/dco.h | 48
A server may push options that are not compatible with DCO.
In this case we should log a message and bail out.
Signed-off-by: Antonio Quartulli
---
Changes from v3:
* move pull-option-check to before opening the tun device, for earlier
bail out
* fix typ0 in error message (missing blank
uot; block.
Fixes: ("Cleanup receive_auth_failed and simplify method")
Cc: Arne Schwabe
Signed-off-by: Antonio Quartulli
---
src/openvpn/push.c | 11 +--
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/src/openvpn/push.c b/src/openvpn/push.c
index d0038795..51dc8
on.
At the same time we split the parsing code, so that we can ensure that
the NEW_PEER call can happen after the received peer-id has been parsed
(it is required by all DCO API calls).
Signed-off-by: Antonio Quartulli
---
Changes from v3:
* call do_deferred_options_part2() only if !pulled_options
on.
At the same time we split the parsing code, so that we can ensure that
the NEW_PEER call can happen after the received peer-id has been parsed
(it is required by all DCO API calls).
Signed-off-by: Antonio Quartulli
---
Changes from v2:
* rename finish_options() to do_deferred_options_part2
Data channel keys are periodically regenarated and installed in
ovpn-dco.
However, there is a certain moment when keys are rotated in order
to elect the new primary one.
Check the key status in userspace so that kernelspace can be informed as
well when rotations happen.
Signed-off-by: Antonio
their
configuration first and, when everything is fixed, they will see if DCO
is available or not.
While at it, compress the first check in just one if to make the code
simpler.
Signed-off-by: Antonio Quartulli
---
Changes from v1:
* pass proper argument to dco_available()
---
src/openvpn/dco.c | 22
their
configuration first and, when everything is fixed, they will see if DCO
is available or not.
While at it, compress the first check in just one if to make the code
simpler.
Signed-off-by: Antonio Quartulli
---
src/openvpn/dco.c | 22 +-
1 file changed, 9 insertions(+), 13
Hi,
On 01/08/2022 17:44, Frank Lichtenheld wrote:
On Thu, Jul 28, 2022 at 09:35:42PM +0200, Antonio Quartulli wrote:
Data channel keys are periodically regenarated and installed in
ovpn-dco.
However, there is a certain moment when keys are rotated in order
to elect the new primary one.
Check
Signed-off-by: Antonio Quartulli
---
src/openvpn/dco.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index b3fd135f..a3a081b2 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -109,6 +109,11 @@ dco_check_option_conflict(int msglevel, const
Hi,
On 29/07/2022 09:41, Frank Lichtenheld wrote:
On Thu, Jul 28, 2022 at 09:35:42PM +0200, Antonio Quartulli wrote:
Data channel keys are periodically regenarated and installed in
ovpn-dco.
However, there is a certain moment when keys are rotated in order
to elect the new primary one.
Check
This change introduces ovpn-dco support along the p2mp/server code path.
Some code seems to be duplicate of the p2p version, but details are
different, so it couldn't be shared.
Signed-off-by: Antonio Quartulli
---
Changes from v1:
* fix if condition P_DATA_V2 -> P_DATA_V1
* fix unknown rea
on.
At the same time we split the parsing code, so that we can ensure that
the NEW_PEER call can happen after the received peer-id has been parsed
(it is required by all DCO API calls).
Signed-off-by: Antonio Quartulli
---
Changes from v1:
* removed error message in case of failure of finish_options
Data channel keys are periodically regenarated and installed in
ovpn-dco.
However, there is a certain moment when keys are rotated in order
to elect the new primary one.
Check the key status in userspace so that kernelspace can be informed as
well when rotations happen.
Signed-off-by: Antonio
The ovpn-dco kernel module needs to be informed about the keys to be
used to encrypt/decrypt data traffic to/from a peer.
Configure keys in DCO right afte they are generated by the SSL code, to
avoid keeping them in memory longer than needed.
Signed-off-by: Antonio Quartulli
---
Changes from
ork the way it is right now, I wanted to at least
disable it.
Once implemented on the control channel it could then be re-enabled again.
Cheers,
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Hi,
On 21/07/2022 20:24, Gert Doering wrote:
From: Antonio Quartulli
This function is similar to the essence of open_tun_generic(), but
calling open_tun_dco() instead of trying to do a file open on
"/dev/%s"
Previous attempts to save code duplication by including this into
open_t
The ovpn-dco kernel module needs to be informed about the keys to be
used to encrypt/decrypt data traffic to/from a peer.
Configure keys in DCO right afte they are generated by the SSL code, to
avoid keeping them in memory longer than needed.
Signed-off-by: Antonio Quartulli
---
Changes from
Signed-off-by: Antonio Quartulli
---
Changes from v1:
* renamed disable_dco to dco_enabled
src/openvpn/init.c | 49
src/openvpn/ssl_common.h | 23 +++
2 files changed, 63 insertions(+), 9 deletions(-)
diff --git a/src/openvpn
open_tun_generic already contains the logic required to find a device
name when not specified b the user. For this reason the DCO case can
easily leverage on function and avoid code duplication.
Signed-off-by: Antonio Quartulli
---
Changes from v9:
* rebased on top of latest master
Changes
A server may push options that are not compatible with DCO.
In this case we should log a message and bail out.
Signed-off-by: Antonio Quartulli
---
Changes from v2:
* split if condition on two lines
Changes from v1:
* move check_dco_pull_options() to dco.c (renamed to
dco_check_pull_options
A server may push options that are not compatible with DCO.
In this case we should log a message and bail out.
Signed-off-by: Antonio Quartulli
---
Changes from v1:
* move check_dco_pull_options() to dco.c (renamed to
dco_check_pull_options())
* make options argument const
* add msglevel
Hi,
On 14/07/2022 22:14, Gert Doering wrote:
Hi,
On Fri, Jun 24, 2022 at 10:37:56AM +0200, Antonio Quartulli wrote:
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index b0a4b252..091cbd24 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -2219,6 +2219,19 @@ do_deferred_p2p_ncp
Hi,
On 14/07/2022 16:27, Gert Doering wrote:
Hi,
On Fri, Jun 24, 2022 at 10:37:50AM +0200, Antonio Quartulli wrote:
Signed-off-by: Antonio Quartulli
---
src/openvpn/init.c | 49
src/openvpn/ssl_common.h | 23 +++
2 files
Signed-off-by: Antonio Quartulli
---
Changes from v1:
* removed "--dco-disable" option: we just need "--disable-dco"
* added text to manpage about --client-to-client being no-op
* added text to manpage about --disable-dco
* rebased on top of master+"dco: add o
Signed-off-by: Antonio Quartulli
---
** this patch should be applied before 05/27 **
Changes from v2:
* add actual invocation to dco_check_option_conflict() in options.c
* add missing '}' in dco_check_option_conflict_ce()
Changes from v1:
* add 'already existing device check
Hi,
On 05/07/2022 14:32, Heiko Hund wrote:
On Freitag, 24. Juni 2022 10:37:52 CEST Antonio Quartulli wrote:
+else if (streq(p[0], "disable-dco") || streq(p[0], "dco-disable"))
Don't think we need to be backwards compatible here, or do we?
There's nothing to be
networking unit-test by using the newly
introduced API in conjunction with iface_new and iface_del.
The t_net.sh script has been slightly adapted to allow running these
tests in standalone (as they don't require any iproute2 counterpart).
Signed-off-by: Antonio Quartulli
---
Changes from v2:
The API is designed to always return a negative error code in case of
failure, therefore we should return '-errno' when ifindex has failed.
Signed-off-by: Antonio Quartulli
---
** This patch should also go to 2.5 **
src/openvpn/networking_sitnl.c | 2 +-
1 file changed, 1 insertion(+), 1
Hi,
let's drop this patch as using errno after another syscall has been made
is not clean.
Will send a patch that fixes the errno/-errno alone.
Cheers,
On 13/07/2022 00:09, Antonio Quartulli wrote:
if_nametoindex() sets errno to the related error code in case of
failure.
For this reason
Hi,
On 13/07/2022 12:53, Gert Doering wrote:
Hi,
close, but NAK, due to...
On Mon, Jul 11, 2022 at 10:10:19AM +0200, Antonio Quartulli wrote:
This new API can be used to retrieve the type of a specific interface.
It's mostly platform dependant, but right now expected values are
"ovp
signed (also isdigit() accepts a signed argument).
Signed-off-by: Antonio Quartulli
---
src/openvpn/buffer.h | 4 ++--
src/openvpn/tun.c| 7 ++-
src/openvpn/tun.h| 1 +
3 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/src/openvpn/buffer.h b/src/openvpn/buffer.h
index
Signed-off-by: Antonio Quartulli
---
Changes from v1:
* add 'already existing device check' to dco_check_option_conflict_platform()
so that DCO can be pre-emptively disabled if the following are true:
- an iface with the same name as provided by the user exists
- the iface is non-DCO
src
the same and always return -errno in case of
failure. Most common error will still be -ENODEV, when no device with
the provided name could be found.
Signed-off-by: Antonio Quartulli
---
src/openvpn/networking_sitnl.c | 20 ++--
1 file changed, 10 insertions(+), 10 deletions(-)
diff
open_tun_generic already contains the logic required to find a device
name when not specified b the user. For this reason the DCO case can
easily leverage on function and avoid code duplication.
Signed-off-by: Antonio Quartulli
---
Changes from v8:
* remove disabling DCO from within do_open_tun
ctx);
+
bool is_dev_type(const char *dev, const char *dev_type, const char
*match_type);
int dev_type_enum(const char *dev, const char *dev_type);
Other than the nitpicks above, it looks good to me.
On top of that, most of the issues I highlighted already exist in the
c
With this change it is possible to use ovpn-dco-win when running OpenVPN
in client or P2P mode.
Signed-off-by: Arne Schwabe
Signed-off-by: Lev Stipakov
Signed-off-by: Antonio Quartulli
---
Changes from v1:
* use suffix _dco_win instead of _windco
* create helper function to retrieve last
open_tun_generic already contains the logic required to find a device
name when not specified b the user. For this reason the DCO case can
easily leverage on function and avoid code duplication.
Signed-off-by: Antonio Quartulli
---
Changes from v7:
* enclose setting 'disable_dco' field within
open_tun_generic already contains the logic required to find a device
name when not specified b the user. For this reason the DCO case can
easily leverage on function and avoid code duplication.
Signed-off-by: Antonio Quartulli
---
Changes from v6:
* do not touch tls_multi in do_open_tun
The pre_connect_save() function is not used outside of options.c,
therefore it should not be exported.
Make it static and move definition before its invocation.
Move also pre_connect_restore() along with it in order to keep the two
close to each other.
Cc: Arne Schwabe
Signed-off-by: Antonio
networking unit-test by using the newly
introduced API in conjunction with iface_new and iface_del.
The t_next.sh script has been slightly adapted to allow running these
tests in standalone (as they don't require any iproute2 counterpart).
Signed-off-by: Antonio Quartulli
---
Changes from v1:
* adde
This new API can be used to retrieve the type of a specific interface.
It's mostly platform dependant, but right now expected values are
"ovpn-dco", "tun" or "tap".
Other values are possible too, but they are not of interest to us.
Signed-off-by: Antonio Quartull
open_tun_generic already contains the logic required to find a device
name when not specified b the user. For this reason the DCO case can
easily leverage on function and avoid code duplication.
Signed-off-by: Antonio Quartulli
---
Changes from v5:
* create TUN device when invoking --mktun
Hi,
On 05/07/2022 14:31, Heiko Hund wrote:
On Freitag, 24. Juni 2022 10:38:05 CEST Antonio Quartulli wrote:
The current condition checking if the TUN interface was preserved is
dependant on the platform being Android or not. This makes the code
reasonably ugly, especially because uncrustify
Hi,
On 05/07/2022 14:31, Heiko Hund wrote:
On Freitag, 24. Juni 2022 10:37:58 CEST Antonio Quartulli wrote:
+uint8_t *ptr = BPTR(>dco_packet_in);
+uint8_t op = ptr[0] >> P_OPCODE_SHIFT;
+if (op == P_DATA_V2 || op == P_DATA_V2)
This looks odd. Seems you wanted
Hi,
On 05/07/2022 14:31, Heiko Hund wrote:
On Freitag, 24. Juni 2022 10:37:59 CEST Antonio Quartulli wrote:
+application. Note that DCO will use DATA_V2 packets
in P2P mode, therefore,
+this implies that peers must be running 2.6.0+
in order to have P2P-NCP
+which brings DATA_V2
Hi,
On 05/07/2022 14:32, Heiko Hund wrote:
On Freitag, 24. Juni 2022 10:38:06 CEST Antonio Quartulli wrote:
+int
+dco_del_key(dco_context_t *dco, unsigned int peerid, dco_key_slot_t slot)
+{
+msg(D_DCO, "%s: peer-id %d, slot %d called but ignored", __func__,
peerid, +
Hi,
On 05/07/2022 14:30, Heiko Hund wrote:
On Freitag, 24. Juni 2022 10:37:57 CEST Antonio Quartulli wrote:
+/* These inet_pton conversion are fatal since options.c already
implements
+ * checks to have only valid addresses when setting the
options */
+if (c
. There is no DCO code yet in master but somehow we have the
GH action for that :-D
Anyway, can add a sentence to explain what is going on.
Cheers,
On Fri, Jun 24, 2022 at 10:38:09AM +0200, Antonio Quartulli wrote:
Signed-off-by: Lev Stipakov
Signed-off-by: Antonio Quartulli
---
.github/workflows
Some auto correction must have sneaked in.
Restore proper wording.
Signed-off-by: Antonio Quartulli
---
src/openvpn/networking.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/openvpn/networking.h b/src/openvpn/networking.h
index 647718e0..79963756 100644
--- a/src
Hi,
On 04/07/2022 10:29, Frank Lichtenheld wrote:
On Fri, Jun 24, 2022 at 10:37:59AM +0200, Antonio Quartulli wrote:
[...]
+Current implementation limitations
+---
+- --persistent-tun not tested/supported
+- fallback to non-dco in client mode missing
+- IPv6 mapped IPv4
open_tun_generic already contains the logic required to find a device
name when not specified b the user. For this reason the DCO case can
easily leverage on function and avoid code duplication.
Signed-off-by: Antonio Quartulli
---
Changes from v4:
* in open_tun_generic() use sizeof(tunname
On 30/06/2022 15:44, Heiko Hund wrote:
On Mittwoch, 29. Juni 2022 14:49:45 CEST Antonio Quartulli wrote:
name when not specified b the user. For this reason the DCO case can
nit: b -> by
thanks
+strncpynt(tunname, dynamic_n
?
Thanks!
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
open_tun_generic already contains the logic required to find a device
name when not specified b the user. For this reason the DCO case can
easily leverage on function and avoid code duplication.
Signed-off-by: Antonio Quartulli
---
Changes from v3:
* explicitly mention "DCO" in messag
open_tun_generic already contains the logic required to find a device
name when not specified b the user. For this reason the DCO case can
easily leverage on function and avoid code duplication.
Signed-off-by: Antonio Quartulli
---
Changes from v2:
* do not abuse the dynamic_name variable
:-)
Thanks a lot for bearing with us.
Relatedly, the kernel side of that support has just landed in FreeBSD's
repo:
https://cgit.freebsd.org/src/commit/?id=ab91feabcc6f9da21d5c75028153af16d06e679a
Wonderful news! Congratulations!!
Cheers,
--
Antonio Quartulli
open_tun_generic already contains the logic required to find a device
name when not specified b the user. For this reason the DCO case can
easily leverage on function and avoid code duplication.
Signed-off-by: Antonio Quartulli
---
Changes from v1:
* improved INFO message when device already
When using DCO iroutes and routes all live in the same routing table,
However, the latter should always come after the former.
for this reason assign a default metric of 200 to routes. iroutes will
later get a metric of 100.
Signed-off-by: Antonio Quartulli
---
Changes from v1:
* added
The tls-crypt-v2 key should be at least 2 bytes long in order to read
the actual length.
Bail out if the key is too short.
Failing to do so will lead to a read out of the buffer boundary.
While at it improve the error message a bit.
Signed-off-by: Antonio Quartulli
---
src/openvpn/tls_crypt.c
-by: Antonio Quartulli
---
Changes from v1:
* add "&& o->iroutes{,_ipv6}" check before attempting to traverse
iroutes list. This way we avoid executing getaddr or get_ipv6_addr if
we already know that we have no iroutes to compare to.
src/openvpn/push.c | 28 ++
Hi,
On 27/06/2022 23:52, Heiko Hund wrote:
On Mittwoch, 23. Mai 2018 21:28:02 CEST Antonio Quartulli wrote:
-if (o && o->push_list.head && o->iroutes)
+if (o && o->push_list.head && (o->iroutes || o->iroutes_ipv6))
[...]
+
' branch has been modified accordingly:
* compat patch 19/25 removed;
* code now uses GetOverlappedResultEx() directly.
Cheers,
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists
Hi,
On 27/06/2022 13:09, Arne Schwabe wrote:
Am 24.06.22 um 10:37 schrieb Antonio Quartulli:
+ int ret = open_tun_dco(tt, ctx, dynamic_name);
+ if (ret == -EEXIST)
+ {
+ msg(M_INFO, "TUN/TAP device %s exists previously,
Hi,
do we still need this patch after having merged Arne's HMAC feature?
Regards,
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Signed-off-by: Lev Stipakov
Signed-off-by: Antonio Quartulli
---
.github/workflows/build.yaml | 7 +--
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index b905c0d2..536dd9d6 100644
--- a/.github/workflows/build.yaml
Data channel keys are periodically regenarated and installed in
ovpn-dco.
However, there is a certain moment when keys are rotated in order
to elect the new primary one.
Check the key status in userspace so that kernelspace can be informed as
well when rotations happen.
Signed-off-by: Antonio
A server may push options that are not compatible with DCO.
In this case we should log a message and bail out.
Signed-off-by: Antonio Quartulli
---
src/openvpn/init.c | 23 +++
1 file changed, 23 insertions(+)
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index
Signed-off-by: Arne Schwabe
Signed-off-by: Lev Stipakov
Signed-off-by: Antonio Quartulli
---
config-msvc.h | 2 +
configure.ac| 9 +-
dev-tools/special-files.lst | 1 +
src/openvpn/Makefile.am | 4 +-
src/openvpn
the check even uglier.
For this reason, factor out the check in a separate function which can
keep the ifdefs craziness well hidden, while do_open_tun becomes
(a bit) cleaner.
Signed-off-by: Antonio Quartulli
---
src/openvpn/init.c | 283 +++--
1 file
With this change it is possible to use ovpn-dco-win when running OpenVPN
in client or P2P mode.
Signed-off-by: Arne Schwabe
Signed-off-by: Lev Stipakov
Signed-off-by: Antonio Quartulli
---
src/openvpn/forward.c | 7
src/openvpn/init.c| 29 +++--
src/openvpn/options.c | 19
GetOverlappedResultEx is not available on ming32 therefore we must
provide some compat layer before being able to use this function.
Signed-off-by: Antonio Quartulli
Signed-off-by: Lev Stipakov
---
src/compat/Makefile.am| 3 +-
src/compat/compat
With this change we introduce ovpn-dco support only along the p2p/client
code path. Server codebase is still unchanged.
Signed-off-by: Antonio Quartulli
---
src/openvpn/dco.c | 90 +++
src/openvpn/dco.h | 48 +++
src/openvpn
-off-by: Arne Schwabe
Signed-off-by: Antonio Quartulli
---
src/openvpn/tun.c | 76 ++-
1 file changed, 42 insertions(+), 34 deletions(-)
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 5eefb0c6..f324ac91 100644
--- a/src/openvpn/tun.c
+++ b
Other platforms may need more complex logic to decide whether a cipher
is supported or not, therefore turn hardcoded list into a function that
can be implemented by each platform independently.
Signed-off-by: Lev Stipakov
Signed-off-by: Antonio Quartulli
---
src/openvpn/dco.c | 4
This change introduces ovpn-dco support along the p2mp/server code path.
Some code seems to be duplicate of the p2p version, but details are
different, so it couldn't be shared.
Signed-off-by: Antonio Quartulli
---
src/openvpn/dco.c | 203 ++
src
Some platforms may have different constraints in terms of incompatible
opions, therefore we add a function that explicitly checks those.
Also, add generic option check for when ovpn-dco-win is in use.
Signed-off-by: Antonio Quartulli
Signed-off-by: Lev Stipakov
---
src/openvpn/dco.c | 25
Signed-off-by: Antonio Quartulli
---
.github/workflows/build.yaml | 9 -
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 6c267a61..b905c0d2 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows
on.
At the same time we split the parsing code, so that we can ensure that
the NEW_PEER call can happen after the received peer-id has been parsed
(it is required by all DCO API calls).
Signed-off-by: Antonio Quartulli
---
src/openvpn/init.c | 59 -
src
Signed-off-by: Antonio Quartulli
---
Changes.rst | 9 ++
README.dco.md | 123 ++
doc/man-sections/advanced-options.rst | 13 +++
doc/man-sections/server-options.rst | 6 ++
4 files changed, 151 insertions(+)
create
Signed-off-by: Arne Schwabe
Signed-off-by: Lev Stipakov
Signed-off-by: Antonio Quartulli
---
README.dco.md | 9 +
1 file changed, 9 insertions(+)
diff --git a/README.dco.md b/README.dco.md
index e73e0fc2..ef56f0fe 100644
--- a/README.dco.md
+++ b/README.dco.md
@@ -58,6 +58,13 @@ see
BACKGROUND: read
error on command channel: code=%d, exiting",
command);
@@ -970,6 +986,7 @@ pam_server(int fd, const char *service, int verb, const
struct name_value_list *
up.username, up.password);
#else
plu
Signed-off-by: Antonio Quartulli
---
src/openvpn/Makefile.am | 2 +-
src/openvpn/dco.c | 149
src/openvpn/openvpn.vcxproj | 1 +
src/openvpn/openvpn.vcxproj.filters | 3 +
4 files changed, 154 insertions(+), 1 deletion
things have been fixed/changed..so
hopefully splitting patches has already paid off a bit..
I hope this will help with getting this new functionality merged soon.
This patchset reflects what is currently pushed to the "dco" branch.
Best Regards,
Antonio Quartulli (24):
dco: introduce low-
Signed-off-by: Antonio Quartulli
---
src/openvpn/networking_sitnl.c | 11 +++
1 file changed, 11 insertions(+)
diff --git a/src/openvpn/networking_sitnl.c b/src/openvpn/networking_sitnl.c
index bffcb067..0944ad0a 100644
--- a/src/openvpn/networking_sitnl.c
+++ b/src/openvpn
Signed-off-by: Antonio Quartulli
---
src/openvpn/options.h | 20
src/openvpn/tun.h | 1 +
2 files changed, 21 insertions(+)
diff --git a/src/openvpn/options.h b/src/openvpn/options.h
index c2937dc3..8152e755 100644
--- a/src/openvpn/options.h
+++ b/src/openvpn
Signed-off-by: Antonio Quartulli
---
configure.ac| 34 +
dev-tools/special-files.lst | 1 +
src/openvpn/Makefile.am | 3 +
src/openvpn/dco.h | 165 +
src/openvpn/dco_internal.h | 78 +++
src/openvpn/dco_linux.c
open_tun_generic already contains the logic required to find a device
name when not specified b the user. For this reason the DCO case can
easily leverage on function and avoid code duplication.
Signed-off-by: Antonio Quartulli
---
src/openvpn/init.c | 2 +-
src/openvpn/tun.c | 133
Signed-off-by: Antonio Quartulli
---
src/openvpn/options.c | 29 +
1 file changed, 29 insertions(+)
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 9a0634a5..7b450296 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -61,6 +61,7
When using DCO iroutes and routes all live in the same routing table,
However, the latter should always come after the former.
for this reason assign a default metric of 200 to routes. iroutes will
later get a metric of 100.
Signed-off-by: Antonio Quartulli
---
src/openvpn/dco.h | 2 ++
src
The ovpn-dco kernel module needs to be informed about the keys to be
used to encrypt/decrypt data traffic to/from a peer.
Configure keys in DCO right afte they are generated by the SSL code, to
avoid keeping them in memory longer than needed.
Signed-off-by: Antonio Quartulli
---
src/openvpn
Signed-off-by: Antonio Quartulli
---
src/openvpn/init.c | 49
src/openvpn/ssl_common.h | 23 +++
2 files changed, 63 insertions(+), 9 deletions(-)
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 7099eba4..7ab2c9a2 100644
rks as
expected.
Acked-by: Antonio Quartulli
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
== DEV_TYPE_TUN)
Exit due to fatal error
I don't have dco support in the linux kernel.
openvpn --disable-dco --mktun --dev-type tap --dev tap2
works as a workaround, but I think --mktun --dev-type tap should
continue to work without it.
Regards,
--
Antonio Quartulli
for returning the name with
Same as for the patch for master:
something is missing here ^
...table for lookup", but" only for returning...
Same change should be applied to the in-code comment.
md_kt_name
Signed-off-by: Arne Schwabe
Acked-by: Antonio Quartulli
---
src/openvp
for returning the name with
something is missing here ^
...table for lookup", but" only for returning...
Same change should be applied to the in-code comment.
md_kt_name
Signed-off-by: Arne Schwabe
Patch looks good and it's as small as it could be.
Acked-by: Antonio Quartul
Hi,
please ignore this patch - it was sent by accident.
Regards,
On 19/05/2022 11:31, Antonio Quartulli wrote:
Signed-off-by: Antonio Quartulli
---
.gitlab-ci.yml | 182 +
.gitlab/build-check.sh | 23 ++
.gitlab/build-deps.sh | 157
201 - 300 of 1325 matches
Mail list logo