On 12 Oct 2022, at 16:38, Gert Doering wrote:
> people have alreadycomplained at me that I write so long e-mails today,
> so I can write more...
>
> On Wed, Oct 12, 2022 at 08:39:31AM +0200, Gert Doering wrote:
>> Factor 1: single-peer (client or p2p) vs. multi-peer
>>
>> single-peer -> DCO has only 1 peer, all packets that go into the
>> tun/dco interface are sent out to the single peer
>> ("dumb pipe mode") - exactly like tun(4) behaves
>>
>> If a subnet is configured on the interface, packets to
>> ALL IPs (!= local) in that subnet are sent to the other
>> side. No next-hop lookup is done.
>
> This is "sort of" handled in if_ovpn.c today
>
> ovpn_route_peer(struct ovpn_softc *sc, struct mbuf **m0,
> const struct sockaddr *dst)
> {
> ...
> /* Shortcut if we're a client (or are a server and have only one
> client). */
> if (sc->peercount == 1)
> return (ovpn_find_only_peer(sc));
>
>
> ... so this works for the client, but has one interesting drawback on the
> server - if there is only a single client connected, the server will send
> ALL to-be-tunneled packets to that client. As soon as client #2 connects,
> packets are properly sorted.
>
> [..]
>> Factor 2: IFF_POINTOPOINT vs. IFF_BROADCAST
>>
>> This seems to be a *BSD-specific thing, aka "there is nothing in the
>> Linux specific code that seems to bother with this".
>
> I've whacked at if_ovpn.c and dco_freebsd.c a bit now, and I seem
> to have working code for both ends. I am not a FreeBSD kernel coder,
> so I have no idea how many behavioural standards I am violating,
> but it makes "real subnet mode in OpenVPN" work for me, with DCO.
>
> Kernel patch attached, OpenVPN patches will follow soonish (outside
> of this e-mail thread).
>
I’m happy with that, and will commit (modulo one small style tweak) that patch
in FreeBSD.
Best regards,
Kristof
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
