subject:"\[Openvpn\-devel\] \[PATCH 13\/25\] dco\: implement dco support for p2p\/client code path"

Re: [Openvpn-devel] [PATCH 13/25] dco: implement dco support for p2p/client code path

2022-07-05 Thread Antonio Quartulli


Hi,

On 05/07/2022 14:30, Heiko Hund wrote:

On Freitag, 24. Juni 2022 10:37:57 CEST Antonio Quartulli wrote:

+/* These inet_pton conversion are fatal since options.c already
implements
+ * checks to have only valid addresses when setting the
options */
+if (c->options.ifconfig_ipv6_remote)
+{
+if (inet_pton(AF_INET6, c->options.ifconfig_ipv6_remote,
_ip6) != 1) +{
+msg(M_FATAL,
+"DCO peer init: problem converting IPv6 ifconfig remote
address %s to binary", +c->options.ifconfig_ipv6_remote);
+}
+remote_addr6 = _ip6;
+}


I'm undecided if these fatal errors are justified with respect to defensive
programming or overly paranoid, because they will never appear.


I'd say they are simply ASSERTs in disguise :-)

When a function returns an error I think it is always good habit to 
check it..then why not printing something meaningful at this point?


Cheers,







___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel



--
Antonio Quartulli


___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH 13/25] dco: implement dco support for p2p/client code path

2022-07-05 Thread Heiko Hund

On Freitag, 24. Juni 2022 10:37:57 CEST Antonio Quartulli wrote:
> +/* These inet_pton conversion are fatal since options.c already
> implements 
> + * checks to have only valid addresses when setting the
> options */ 
> +if (c->options.ifconfig_ipv6_remote)
> +{
> +if (inet_pton(AF_INET6, c->options.ifconfig_ipv6_remote,
> _ip6) != 1) +{
> +msg(M_FATAL,
> +"DCO peer init: problem converting IPv6 ifconfig remote
> address %s to binary", +c->options.ifconfig_ipv6_remote);
> +}
> +remote_addr6 = _ip6;
> +}

I'm undecided if these fatal errors are justified with respect to defensive 
programming or overly paranoid, because they will never appear.




___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 13/25] dco: implement dco support for p2p/client code path

2022-06-24 Thread Antonio Quartulli

With this change we introduce ovpn-dco support only along the p2p/client
code path. Server codebase is still unchanged.

Signed-off-by: Antonio Quartulli 
---
 src/openvpn/dco.c | 90 +++
 src/openvpn/dco.h | 48 +++
 src/openvpn/event.h   |  3 ++
 src/openvpn/forward.c | 63 --
 src/openvpn/init.c| 34 +++-
 src/openvpn/init.h|  2 +-
 src/openvpn/socket.h  |  1 +
 7 files changed, 236 insertions(+), 5 deletions(-)

diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index 473eb564..2919c46d 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -300,4 +300,94 @@ dco_check_option_conflict(int msglevel, const struct 
options *o)
 return true;
 }
 
+int
+dco_p2p_add_new_peer(struct context *c)
+{
+if (!dco_enabled(>options))
+{
+return 0;
+}
+
+
+struct tls_multi *multi = c->c2.tls_multi;
+struct link_socket *ls = c->c2.link_socket;
+
+struct in6_addr remote_ip6 = { 0 };
+struct in_addr remote_ip4 = { 0 };
+
+struct in6_addr *remote_addr6 = NULL;
+struct in_addr *remote_addr4 = NULL;
+
+const char *gw = NULL;
+
+ASSERT(ls->info.connection_established);
+
+/* In client mode if a P2P style topology is used we assume the
+ * remote-gateway is the IP of the peer */
+if (c->options.topology == TOP_NET30 || c->options.topology == TOP_P2P)
+{
+gw = c->options.ifconfig_remote_netmask;
+}
+if (c->options.route_default_gateway)
+{
+gw = c->options.route_default_gateway;
+}
+
+/* These inet_pton conversion are fatal since options.c already implements
+ * checks to have only valid addresses when setting the options */
+if (c->options.ifconfig_ipv6_remote)
+{
+if (inet_pton(AF_INET6, c->options.ifconfig_ipv6_remote, _ip6) 
!= 1)
+{
+msg(M_FATAL,
+"DCO peer init: problem converting IPv6 ifconfig remote 
address %s to binary",
+c->options.ifconfig_ipv6_remote);
+}
+remote_addr6 = _ip6;
+}
+
+if (gw)
+{
+if (inet_pton(AF_INET, gw, _ip4) != 1)
+{
+msg(M_FATAL, "DCO peer init: problem converting IPv4 ifconfig 
gateway address %s to binary", gw);
+}
+remote_addr4 = _ip4;
+}
+else if (c->options.ifconfig_local)
+{
+msg(M_INFO, "DCO peer init: Need a peer VPN addresss to setup IPv4 
(set --route-gateway)");
+}
+
+struct sockaddr *remoteaddr = >info.lsa->actual.dest.addr.sa;
+
+int ret = dco_new_peer(>c1.tuntap->dco, multi->peer_id,
+   c->c2.link_socket->sd, NULL, remoteaddr,
+   remote_addr4, remote_addr6);
+if (ret < 0)
+{
+return ret;
+}
+
+c->c2.tls_multi->dco_peer_added = true;
+c->c2.link_socket->info.dco_installed = true;
+
+return 0;
+}
+
+void
+dco_remove_peer(struct context *c)
+{
+if (!dco_enabled(>options))
+{
+return;
+}
+
+if (c->c1.tuntap && c->c2.tls_multi && c->c2.tls_multi->dco_peer_added)
+{
+dco_del_peer(>c1.tuntap->dco, c->c2.tls_multi->peer_id);
+c->c2.tls_multi->dco_peer_added = false;
+}
+}
+
 #endif /* defined(ENABLE_DCO) */
diff --git a/src/openvpn/dco.h b/src/openvpn/dco.h
index cb7f7e4f..33b91e29 100644
--- a/src/openvpn/dco.h
+++ b/src/openvpn/dco.h
@@ -138,6 +138,36 @@ int init_key_dco_bi(struct tls_multi *multi, struct 
key_state *ks,
  */
 void dco_update_keys(dco_context_t *dco, struct tls_multi *multi);
 
+/**
+ * Install a new peer in DCO - to be called by a CLIENT (or P2P) instance
+ *
+ * @param c the main instance context
+ * @return  0 on success or a negative error code otherwise
+ */
+int dco_p2p_add_new_peer(struct context *c);
+
+/**
+ * Modify DCO peer options. Special values are 0 (disable)
+ * and -1 (do not touch).
+ *
+ * @param dcoDCO device context
+ * @param peer_idthe ID of the peer to be modified
+ * @param keepalive_interval keepalive interval in seconds
+ * @param keepalive_timeout  keepalive timeout in seconds
+ * @param mssTCP MSS value
+ *
+ * @return   0 on success or a negative error code otherwise
+ */
+int dco_set_peer(dco_context_t *dco, unsigned int peerid,
+ int keepalive_interval, int keepalive_timeout, int mss);
+
+/**
+ * Remove a peer from DCO
+ *
+ * @param c the main instance context of the peer to remove
+ */
+void dco_remove_peer(struct context *c);
+
 #else /* if defined(ENABLE_DCO) */
 
 typedef void *dco_context_t;
@@ -204,5 +234,23 @@ dco_update_keys(dco_context_t *dco, struct tls_multi 
*multi)
 ASSERT(false);
 }
 
+static inline bool
+dco_p2p_add_new_peer(struct context *c)
+{
+return true;
+}
+
+static inline int
+dco_set_peer(dco_context_t *dco, unsigned int peerid,
+ int keepalive_interval, int keepalive_timeout,

Re: [Openvpn-devel] [PATCH 13/25] dco: implement dco support for p2p/client code path

Re: [Openvpn-devel] [PATCH 13/25] dco: implement dco support for p2p/client code path

[Openvpn-devel] [PATCH 13/25] dco: implement dco support for p2p/client code path

3 matches

Site Navigation

Mail list logo

Footer information