On 20 Aug 2022, at 16:33, Gert Doering wrote:
- iroute installation works for the easy cases (--route in
server.conf,
--iroute with a more-specific of that in ccd/). It does not work
for the nasty cases (--route and --iroute with same netbits).
I will send a followup e-mail with more
On 22 Aug 2022, at 20:16, Gert Doering wrote:
> On Mon, Aug 22, 2022 at 02:55:09PM +0200, Kristof Provost wrote:
>>> Now, back to FreeBSD.
>>>
>>> - our code does not try to set metrics on FreeBSD
>>> - my reading of route(8) does not show me any
Hi Gert,
On 6 Oct 2022, at 16:39, Gert Doering wrote:
> FreeBSD DCO has the open issue of "iroute with the same netmask as
> route, so we want metric/weight/... to differenciate"
>
I’ll try to dig into that, but it’ll be late next week at the earliest.
Best regards,
Kristof
Hi Gert,
I’m still travelling today (and am due for my 5G chip update tomorrow), so
it’ll be another day or two before I can look at this in any detail, but at
first glance this looks sane.
Best regards,
Kristof
On 12 Oct 2022, at 15:38, Gert Doering wrote:
> Hi,
>
> people have alreadycomplai
On 12 Oct 2022, at 16:38, Gert Doering wrote:
> people have alreadycomplained at me that I write so long e-mails today,
> so I can write more...
>
> On Wed, Oct 12, 2022 at 08:39:31AM +0200, Gert Doering wrote:
>> Factor 1: single-peer (client or p2p) vs. multi-peer
>>
>> single-peer -> DCO has on
On 13 Jan 2023, at 20:35, Gert Doering wrote:
On Thu, Jan 12, 2023 at 12:50:52AM +0100, Antonio Quartulli wrote:
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index 77dcaa60..99123c39 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -3244,6 +3244,10 @@ process_incoming_del_
> just one line of code).
>
> Adapt the dco-freebsd code to do so.
>
> Cc: Kristof Provost
> Change-Id: I8d8af6f872146604a9710edf443db65df48ac3cb
> Signed-off-by: Antonio Quartulli
> ---
> NOTE: not tested because I have no FreeBSD environment
>
> Changes from v1:
>
been applied to the master and release/2.6 branch
> (this is somewhere between "bugfix" and "long-term compatibility",
> and less of a "new feature").
>
> commit ec71489bfc7c1d798f5f6de8e9fc187b9127072c (master)
> commit c468af2cd90c9f682519eff38a21fac8a
On 17 May 2023, at 16:01, Ilya Shipitsin wrote:
> malloc was not checked against NULL, I was able
> to get core dump in case of failure
>
> Signed-off-by: Ilya Shipitsin
> ---
> src/openvpn/dco_freebsd.c | 5 +
> 1 file changed, 5 insertions(+)
>
> diff --git a/src/openvpn/dco_freebsd.c b/src
On 17 May 2023, at 16:58, Илья Шипицин wrote:
> ср, 17 мая 2023 г. в 22:43, Kristof Provost :
>
>> On 17 May 2023, at 16:01, Ilya Shipitsin wrote:
>>> malloc was not checked against NULL, I was able
>>> to get core dump in case of failure
>>>
>>>
On 17 May 2023, at 17:06, Илья Шипицин wrote:
> ср, 17 мая 2023 г. в 23:04, Kristof Provost :
>
>> On 17 May 2023, at 16:58, Илья Шипицин wrote:
>>> ср, 17 мая 2023 г. в 22:43, Kristof Provost :
>>>
>>>> On 17 May 2023, at 16:01, Ilya Shipitsin wrote:
&g
On 8 Jun 2023, at 21:52, Gert Doering wrote:
> Hi,
>
> On Mon, May 08, 2023 at 06:15:52PM +0200, Kristof Provost wrote:
>> I???ve also landed the (FreeBSD) kernel side of that:
>> https://cgit.freebsd.org/src/commit/?id=f7ee28e755820375d5f441e19c1f1376a200e834
>
> I now
Ping?
Does this need anything else before it can land?
Best regards,
Kristof
On 24 Jan 2024, at 8:27, Kristof Provost via Openvpn-devel wrote:
> From: Kristof Provost
>
> It's possible for the buffer we provude for OVPN_GET_PEER_STATS to be
> too small. Handle the error, re-
Hi,
I’m working on adding OpenVPN DCO support on FreeBSD (primarily for use in
pfSense).
I have a few questions, mostly around what’s planned for DCO in OpenVPN 2. I’m
currently working based on https://github.com/schwabe/openvpn.git but intend to
rebase to https://github.com/OpenVPN/openvpn/t
From: Kristof Provost
Implement data-channel offload for FreeBSD. The implementation and flow
is very similar to that of the Linux DCO support.
Signed-off-by: Kristof Provost
---
configure.ac | 5 +
src/openvpn/Makefile.am| 1 +
src/openvpn/dco_freebsd.c
Hi,
Here's the most recent version of the FreeBSD DCO patch.
This is based on top of the dco branch, at
480fa1c983aba9b0790ea94df209e1686f08336b.
Relatedly, the kernel side of that support has just landed in FreeBSD's
repo:
https://cgit.freebsd.org/src/commit/?id=ab91feabcc6f9da21d5c75028153af16
On 28 Jun 2022, at 21:05, Antonio Quartulli wrote:
> On 28/06/2022 18:28, Kristof Provost via Openvpn-devel wrote:
>> Hi,
>>
>> Here's the most recent version of the FreeBSD DCO patch.
>> This is based on top of the dco branch, at
>> 480fa1c983aba9b0790ea9
On 29 Jun 2022, at 17:15, Arne Schwabe wrote:
> Am 28.06.22 um 18:28 schrieb Kristof Provost via Openvpn-devel:
>> Hi,
>>
>> Here's the most recent version of the FreeBSD DCO patch.
>> This is based on top of the dco branch, at
>> 480fa1c983aba9b0790ea94d
On 29 Jun 2022, at 21:08, Arne Schwabe wrote:
> Am 29.06.2022 um 19:40 schrieb Kristof Provost:
>> On 29 Jun 2022, at 17:15, Arne Schwabe wrote:
>>> Am 28.06.22 um 18:28 schrieb Kristof Provost via Openvpn-devel:
>>>> Hi,
>>>>
>>>> Here's
This patch fixes a crash we've seen on server instances when one more
client than 'max-clients' connects.
I believe this affects both master and DCO branches, and I think it was
introduced with this commit:
commit b364711486dc6371ad2659a5aa190941136f4f04
Author: Arne Schwabe
From: Kristof Provost
If 'max-clients' is set multi_create_instance() can return NULL (for any
client that would take us over the client limit).
If mi is NULL we don't add it to the hash map, but we do potentially
dereference it to increment the session count.
Do not attempt
From: Kristof Provost
Signed-off-by: Kristof Provost
---
src/openvpn/Makefile.am | 1 +
src/openvpn/dco.c| 8 +--
src/openvpn/dco_freebsd.h| 2 +
src/openvpn/networking.h | 9 +++
src/openvpn/networking_freebsd.c | 101
From: Kristof Provost
Implement data-channel offload for FreeBSD. The implementation and flow
is very similar to that of the Linux DCO support.
Signed-off-by: Kristof Provost
---
configure.ac | 5 +
src/openvpn/Makefile.am| 1 +
src/openvpn/dco_freebsd.c
From: Kristof Provost
If 'max-clients' is set multi_create_instance() can return NULL (for any
client that would take us over the client limit).
If mi is NULL we don't add it to the hash map, but we do potentially
dereference it to increment the session count.
Do not attempt
Hi,
Now that the Linux DCO support has landed in the master tree I've
re-based the FreeBSD DCO support code.
This patch series also includes a patch to support adding iroutes on
FreeBSD.
Best regards,
Kristof
___
Openvpn-devel mailing list
Openvpn-d
Apologies,
This patch isn’t part of the series (and has in fact already landed), but got
sent because of a stray patch file in my working tree.
Kristof
On 8 Aug 2022, at 16:34, Kristof Provost wrote:
> From: Kristof Provost
>
> If 'max-clients' is set multi_create_instanc
Thanks!
On 10 Aug 2022, at 18:32, Gert Doering wrote:
> Test results:
>
> - running openvpn over TCP gives me a kernel panic - this is not so
>nice... (see attached .png from the vmware console) - userland seems
>to assume "kernel can do TCP", kernel panics on "if !udp, panic()"
>(so
On 10 Aug 2022, at 18:32, Gert Doering wrote:
> as promised, here's test results and code review.
>
> Test results:
>
> - running openvpn over TCP gives me a kernel panic - this is not so
>nice... (see attached .png from the vmware console) - userland seems
>to assume "kernel can do TCP",
From: Kristof Provost
Implement data-channel offload for FreeBSD. The implementation and flow
is very similar to that of the Linux DCO support.
Signed-off-by: Kristof Provost
---
configure.ac | 5 +
src/openvpn/Makefile.am| 1 +
src/openvpn/dco.c
From: Kristof Provost
Signed-off-by: Kristof Provost
---
src/openvpn/Makefile.am | 1 +
src/openvpn/dco.c| 8 +--
src/openvpn/dco_freebsd.h| 2 +
src/openvpn/networking.h | 9 +++
src/openvpn/networking_freebsd.c | 101
Hi,
Here's the updated version of the FreeBSD DCO patch. It should address
all remarks on the userspace side of things.
I'm still trying to reproduce the fragmentation issue. I've gotten
Gert's additional information, but I've not yet been able to act on it.
I'm fairly certain that any bug is goi
Remarks inline. Mostly ACK.
I’ll post an updated version soon. (I’ve also added a check for UDP in
dco_check_option_conflict_ce().
On 10 Aug 2022, at 18:32, Gert Doering wrote:
> On Mon, Aug 08, 2022 at 04:34:23PM +0200, Kristof Provost via Openvpn-devel
> wrote:
>> diff --git a
On 13 Aug 2022, at 10:10, Gert Doering wrote:
> On Thu, Aug 11, 2022 at 05:25:05PM +0200, Kristof Provost via Openvpn-devel
> wrote:
>>> - running openvpn over TCP gives me a kernel panic - this is not so
>>>nice... (see attached .png from the vmware console) -
On 11 Aug 2022, at 23:11, Gert Doering wrote:
> If you're interested, I can unicast you the full file I use for
> my DCO client tests, with different ciphers, some instances with
> compression (= does it properly fall back?), some with http/socks
> proxy, etc., plus a set of client+ca certificates
Acked-by: Kristof Provost
Thanks!
Kristof
On 19 Aug 2022, at 20:24, Gert Doering wrote:
> During review/update phase, FreeBSD/DCO's ability to find the first
> free tun interface on "--dev tun" got broken, due to two issues:
>
> - create_interface() called msg(M
From: Kristof Provost
Address a few minor code review remarks:
- use constants for the inet_ntop() buffers
- replace argv_printf() + argv_printf_cat() with a single argv_printf()
- net_route_v4/6 both add and remove, so adjust the error message to
reflect that.
Signed-off-by: Kristof
I’ll post a patch.
> - any particular reason you used argv_printf() + argv_printf_cat(),
>instead of just putting all into a single argv_printf() call?
>
Mostly that that’s what src/openvpn/networking_iproute2.c does too. I
don’t have particularly strong feelings either way, so I’ll add that
ute_ipv6() never differenciated). Since
> netmask_to_netbits() also insists on "-1" for host routes, change
> to netmask_to_netbits2().
>
> Remove all the extra MR_WITH_NETBITS logic from dco.c, where it should
> have never appeared.
>
> Signed-off-by: Gert Doering
Seems s
Ds anyway,
> so is not the best model.
>
> Adjust open_tun_dco_generic() to document expected behaviour and
> do the thing.
>
> Signed-off-by: Gert Doering
Acked-by: Kristof Provost
Kristof
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
On 12 Sep 2022, at 14:09, Gert Doering wrote:
> it *does* bump the outside packet length up by +16 bytes ("bad length 1512" ->
> "1528"). Smells cipher algorithm padding or so - but why 16? And why pad
> at all (AES-256-GCM used, so I think we should not pad)?
>
I would still expect padding. AES
On 12 Sep 2022, at 14:36, Gert Doering wrote:
> On Mon, Sep 12, 2022 at 02:27:57PM +0200, Gert Doering wrote:
>> trying to load my newly-instrumented if_ovpn.ko, I kldunload'ed the
>> existing one - without shutting down *all* OpenVPN instances first.
>>
>> *Boom*...
>>
>> Console attached.
>
> Ah,
On 12 Sep 2022, at 14:45, Gert Doering wrote:
> Hi,
>
> On Mon, Sep 12, 2022 at 02:09:52PM +0200, Gert Doering wrote:
>> So, observation suggests "it's happening inside the DCO module". I'll
>> go instrument my kernel with printf()'s now... and will report if I find
>> anything useful.
>
> ok... s
Signed-off-by: Kristof Provost
On 12 Oct 2022, at 16:59, Gert Doering wrote:
> To be able to configure a FreeBSD interface to "subnet" mode
> (as opposed to point-to-point mode), it needs to have its
> if_iflags set to IFF_BROADCAST. For tun(4) interface this is
> do
Signed-off-by: Kristof Provost
On 12 Oct 2022, at 16:59, Gert Doering wrote:
> For reasons unknown, OpenVPN has always put FreeBSD tun(4) interfaces
> into point-to-point mode (IFF_POINTOPOINT), which means "local and
> remote address, no on-link subnet".
>
> "--to
Minor update, but FreeBSD's if_ovpn now also supports AES-192-GCM.
We may as well announce this support.
Best regards,
Kristof
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-de
On 11 Nov 2022, at 11:36, Arne Schwabe wrote:
Am 11.11.2022 um 11:20 schrieb Kristof Provost via Openvpn-devel:
Minor update, but FreeBSD's if_ovpn now also supports AES-192-GCM.
We may as well announce this support.
This seems to be missing the patch.
Git’s send-email sent it as a sep
From: Kristof Provost
As of 2c58d0cb3bb3e3a5b714ffac940500efbe5303ca FreeBSD also allows
AES-192-GCM in DCO. Announce this support.
Signed-off-by: Kristof Provost
---
src/openvpn/dco_freebsd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/openvpn/dco_freebsd.c b/src
Hi,
The next e-mail has a patch to teach OpenVPN it can pass control packets
through the socket on FreeBSD. This patch does that, and also removes
the now unused dco_do_write() implementation.
Best regards,
Kristof
___
Openvpn-devel mailing list
Ope
From: Kristof Provost
FreeBSD allows packets to be sent through the socket even when the
if_dco driver is active, so prefer that path.
Also remove the FreeBSD dco_do_write() implementation, as this function
will never be called any more on FreeBSD. Assert this.
Signed-off-by: Kristof Provost
From: Kristof Provost
FreeBSD allows packets to be sent through the socket even when the
if_dco driver is active, so prefer that path.
Also remove the FreeBSD dco_do_write() implementation, as this function
will never be called any more on FreeBSD. Assert this.
Signed-off-by: Kristof Provost
Hi,
Here's an initial draft for how I'd approach getting traffic statistics
in DCO mode.
Userspace doesn't see all of the traffic, so we need to ask the kernel
too.
I've added new variables for the kernel numbers so that we can keep the
userspace numbers, for the control packets which go through
From: Kristof Provost
When DCO is active userspace doesn't see all of the traffic, so when we
access these stats we must update them.
Retrieve kernel statistics every time we access the
link_(read|write)_bytes values.
Introduce a dco_(read|write)_bytes so that we don't clobber th
From: Kristof Provost
When the kernel module (Linux or FreeBSD) notifies us that a peer has
disconnected we'd like to get a final count of the in/out bytes for that
peer.
We can't request that information any more, because the kernel has
already removed the peer at that point.
Have
Hi,
This patch series is version two of the "Read DCO traffic stats from the
kernel" patch. This version should build for FreeBSD, Linux and Windows
now (although I've not tested Windows builds, because I lack Windows
machines).
It also adds the ability for DCO drivers to include counters in the
From: Kristof Provost
Remove support for reading packets through the control interface.
FreeBSD no longer does this, so there's no point in keeping the code for
it.
While here also check that we know what type of notification we're
getting. There's currently only one, but we shou
From: Kristof Provost
Recent FreeBSD kernels supply a reason for the OVPN_NOTIF_DEL_PEER
notification. Parse this from the nvlist so we can distinguish
user-requested removals from timeouts.
Signed-off-by: Kristof Provost
---
src/openvpn/dco_freebsd.c | 13 +
src/openvpn
From: Kristof Provost
When DCO is active userspace doesn't see all of the traffic, so when we
access these stats we must update them.
Retrieve kernel statistics every time we access the
link_(read|write)_bytes values.
Introduce a dco_(read|write)_bytes so that we don't clobber th
From: Kristof Provost
Very low values for 'fragment' can result in a division by zero in
optimal_fragment_size() (because it rounds max_frag_size down with
FRAG_SIZE_ROUND_MASK).
Enforce a minimal fragment size of 68 bytes, based on RFC 791 ("Every
internet module must be ab
From: Kristof Provost
The libnv check doesn't work as expected on FreeBSD 14.x, because
FreeBSD has namespaced libnv to avoid conflicts with libnvpair.
This means that the naive check generated by AC_CHECK_LIB() fails to
detect libnv even though it's present.
Instead check for the
From: Kristof Provost
FreeBSD's if_ovpn will never emit this as a peer deletion reason
(because it doesn't support TCP), but this allows us to align the
defines between Linux and FreeBSD, and remove a Linux-specific case from
process_incoming_del_peer().
---
src/openvpn/dco_freebsd.h
On 3 Mar 2023, at 12:48, Antonio Quartulli wrote:
> On 03/03/2023 12:27, Antonio Quartulli wrote:
>> Hi,
>>
>> On 03/03/2023 12:05, Kristof Provost via Openvpn-devel wrote:
>>> From: Kristof Provost
>>>
>>> FreeBSD's if_ovpn will never emit t
On 9 Mar 2023, at 1:52, Antonio Quartulli wrote:
> In order to provide better support in case of troubleshooting issues,
> it's important to know what exact DCO version is loaded on the user
> system.
>
> Therefore print the DCO version during bootup.
>
> For Windows and FreeBSD we currently implem
On 9 Mar 2023, at 9:57, Antonio Quartulli wrote:
> On 09/03/2023 09:36, Kristof Provost wrote:
>> On 9 Mar 2023, at 1:52, Antonio Quartulli wrote:
>>> In order to provide better support in case of troubleshooting issues,
>>> it's important to know what exact D
From: Kristof Provost
Implement dco_version_string() for FreeBSD.
Unlike Linux and Windows the DCO driver is built into the operating
system itself, so we log the OS version as a proxy for the DCO version.
---
src/openvpn/dco_freebsd.c | 14 +-
1 file changed, 13 insertions(+), 1
On 9 Mar 2023, at 13:06, Arne Schwabe wrote:
> Am 09.03.23 um 10:26 schrieb Kristof Provost via Openvpn-devel:
>> From: Kristof Provost
>>
>> Implement dco_version_string() for FreeBSD.
>> Unlike Linux and Windows the DCO driver is built into the operating
>>
From: Kristof Provost
Implement dco_version_string() for FreeBSD.
Unlike Linux and Windows the DCO driver is built into the operating
system itself, so we log the OS version as a proxy for the DCO version.
---
src/openvpn/dco_freebsd.c | 12 +++-
1 file changed, 11 insertions(+), 1
From: Kristof Provost
Allow the kernel driver to notify us that it's time to renegotiate keys.
The intent is to avoid IV re-use after 2^32 packets.
This is a first draft intended for discussion. The accompanying kernel
change for FreeBSD can be found in https://reviews.freebsd.org/D
From: Kristof Provost
It's possible for the buffer we provude for OVPN_GET_PEER_STATS to be
too small. Handle the error, re-allocate a larger buffer and try again
rather than failing.
Signed-off-by: Kristof Provost
---
src/openvpn/dco_freebsd.c | 16 ++--
1 file change
Hi,
As said in my e-mail (from k...@freebsd.org, Feb 17th), I'm working on
adding DCO support for FreeBSD.
I ran into a few minor issues that are not directly related, but should
be addressed anyway.
These patches are all against https://github.com/OpenVPN/ovpn-dco
Best regards,
Kristof
From: Kristof Provost
If IP_RECVDSTADDR exists we'll define ENABLE_IP_PKTINFO, but that
doesn't actually mean we have struct in_pktinfo. We need to check
HAVE_IN_PKTINFO for that.
This fixes DCO builds on FreeBSD.
Signed-off-by: Kristof Provost
---
src/openvpn/dco.c | 2 +-
1 file
From: Kristof Provost
It seems clear that the intent here is to special case the EEXIST error,
not the consider anything else (i.e. 0) to also be an error.
Signed-off-by: Kristof Provost
---
src/openvpn/tun.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/openvpn
From: Kristof Provost
Fix typo in variable name.
Signed-off-by: Kristof Provost
---
src/openvpn/dco_linux.c | 6 +++---
src/openvpn/dco_linux.h | 2 +-
src/openvpn/multi.c | 6 +++---
3 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/openvpn/dco_linux.c b/src/openvpn
From: Kristof Provost
It seems clear that the intent here is to special case the EEXIST error,
not the consider anything else (i.e. 0) to also be an error.
Signed-off-by: Kristof Provost
---
src/openvpn/tun.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/openvpn
From: Kristof Provost
If IP_RECVDSTADDR exists we'll define ENABLE_IP_PKTINFO, but that
doesn't actually mean we have struct in_pktinfo. We need to check
HAVE_IN_PKTINFO for that.
This fixes DCO builds on FreeBSD.
Signed-off-by: Kristof Provost
---
src/openvpn/dco.c | 2 +-
1 file
Hi,
As said in my e-mail (from k...@freebsd.org, Feb 17th), I'm working on
adding DCO support for FreeBSD.
I ran into a few minor issues that are not directly related, but should
be addressed anyway.
These patches are all against https://github.com/OpenVPN/ovpn-dco
Best regards,
Kristof
From: Kristof Provost
Fix typo in variable name.
Signed-off-by: Kristof Provost
---
src/openvpn/dco_linux.c | 6 +++---
src/openvpn/dco_linux.h | 2 +-
src/openvpn/multi.c | 6 +++---
3 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/openvpn/dco_linux.c b/src/openvpn
Hi,
Here's the current version of the patch to add FreeBSD DCO support.
The first patch isn't strictly related to FreeBSD, but fixes what I
think is a generic issue. It doesn't manifest with Linux because the
Linux DCO driver allows control packets to continue through normal UDP
processing. We do
From: Kristof Provost
If control packets come in through the DCO interface (i.e. via
dco_do_read()) we must process them through process_incoming_link().
This doesn't currently manifest, because Linux passes control packets
through the regular socket, not via the DCO netlink interface, but
From: Kristof Provost
Implement data-channel offload for FreeBSD. The implementation and flow
is very similar to that of the Linux DCO support.
Signed-off-by: Kristof Provost
---
configure.ac | 15 +-
src/openvpn/Makefile.am| 1 +
src/openvpn/dco_freebsd.c | 559
On 8 Mar 2022, at 15:16, Antonio Quartulli wrote:
> Hi Kristof,
>
> A quick question for you, see below
>
> On 24/02/2022 17:55, Kristof Provost via Openvpn-devel wrote:
>> --- a/configure.ac
>> +++ b/configure.ac
>> @@ -787,7 +787,20 @@ dnl
>>
On 8 Mar 2022, at 15:23, Antonio Quartulli wrote:
> On 24/02/2022 17:55, Kristof Provost via Openvpn-devel wrote:
>> I've had to add a lot of '|| defined(TARGET_FREEBSD)', and I think the
>> code could be a bit cleaner if we'd make these calls conditional
On 8 Mar 2022, at 15:36, Antonio Quartulli wrote:
> On 08/03/2022 15:29, Kristof Provost wrote:
>> Theoretically I’d prefer to use the OS header, but I can certainly see the
>> upside of not having that dependency. We’ll always have to do the runtime
>> check (dco_availabl
From: Kristof Provost
Implement data-channel offload for FreeBSD. The implementation and flow
is very similar to that of the Linux DCO support.
Signed-off-by: Kristof Provost
---
configure.ac | 6 +-
src/openvpn/Makefile.am| 1 +
src/openvpn/dco_freebsd.c
Hi,
Here's an updated version of the FreeBSD DCO patch. It addresses a few
code style issues, moves the if_ovpn.h header into the tree and is
rebased on top of the latest DCO branch version.
Best regards,
Kristof
___
Openvpn-devel mailing list
Openv
From: Kristof Provost
Implement data-channel offload for FreeBSD. The implementation and flow
is very similar to that of the Linux DCO support.
Signed-off-by: Kristof Provost
---
configure.ac | 6 +-
src/openvpn/Makefile.am| 1 +
src/openvpn/dco_freebsd.c
Hi,
Here's an updated version of the FreeBSD DCO patch.
It rebases on top of the latest dco branch version (mostly trivial
changes) and adds support for timing out peers.
That requires the latest version of the kernel driver:
https://reviews.freebsd.org/D34340
Best regards,
Kristof
__
Hi,
Here's an updated and rebased patch for FreeBSD DCO support.
The main difference to the previous version is that is passes the
peer_id in most calls. There's been some changes on the driver side to
improve server mode support, which required this information.
Best regards,
Kristof
___
From: Kristof Provost
---
src/openvpn/dco_freebsd.c | 11 +++
1 file changed, 11 insertions(+)
diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c
index 3f8b39e0..8c300639 100644
--- a/src/openvpn/dco_freebsd.c
+++ b/src/openvpn/dco_freebsd.c
@@ -91,6 +91,17
From: Kristof Provost
Implement data-channel offload for FreeBSD. The implementation and flow
is very similar to that of the Linux DCO support.
Signed-off-by: Kristof Provost
---
configure.ac | 6 +-
src/openvpn/Makefile.am| 1 +
src/openvpn/dco_freebsd.c
Hi,
This is my second attempt at sending in the updated FreeBSD DCO support
patch. (The previous version had a cleanup patch but nothing else).
The main difference to the previous version is that is passes the
peer_id in most calls. There have been some changes on the driver side
to improve serve
Hi,
During testing of FreeBSD DCO support we discovered that a DCO enabled
client does not detect that the server has gone away, even if
'keepalive' is set.
This turns out to be because we only handle DCO notification messages in
the multi-instance (i.e. server) code path.
I'm not 100% sure this
From: Kristof Provost
Handle the DCO driver telling us that the peer went away, even if we're
not running in multi-instance mode.
Signed-off-by: Kristof Provost
---
src/openvpn/forward.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/src/openvpn/forward.c b/src/openvpn/forw
Updated version of the timeout fix for client mode.
This time with trigger_ping_timeout_signal() as suggested by Arne.
Best regards,
Kristof
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listin
From: Kristof Provost
Handle the DCO driver telling us that the peer went away, even if we're
not running in multi-instance mode.
Signed-off-by: Kristof Provost
---
src/openvpn/forward.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/src/openvpn/forward.c b/src/openvpn/forw
On 27 Apr 2022, at 9:55, Antonio Quartulli wrote:
> Hi Kristof,
>
> On 27/04/2022 09:48, Kristof Provost via Openvpn-devel wrote:
>> From: Kristof Provost
>>
>> Handle the DCO driver telling us that the peer went away, even if we're
>> not running in multi-
From: Kristof Provost
Handle the DCO driver telling us that the peer went away, even if we're
not running in multi-instance mode.
Signed-off-by: Kristof Provost
---
src/openvpn/forward.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/src/openvpn/forward.c b/src/openvpn/forw
From: Kristof Provost
We must create the peer before we can dco_set_peer or dco_new_key.
On the other hand, we must first process options, because those may
change our peer id and we should create the peer with the correct id.
Split up do_deferred_options() in do_deferred_options() and
From: Kristof Provost
It's always used for open_tun_dco(), so we must ensure it's populated,
even if 'dev_node' is set.
Signed-off-by: Kristof Provost
---
src/openvpn/tun.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
inde
Hi,
Here's the latest revision of the FreeBSD DCO patch, as well as three
DCO-related fixes.
Best regards,
Kristof
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
From: Kristof Provost
Implement data-channel offload for FreeBSD. The implementation and flow
is very similar to that of the Linux DCO support.
Signed-off-by: Kristof Provost
---
configure.ac | 6 +-
src/openvpn/Makefile.am| 1 +
src/openvpn/dco_freebsd.c
1 - 100 of 108 matches
Mail list logo
