- add tunbuilder support to OvpnDcoClient
Linux client uses core library in non-privileged
process which cannot do modify routing, add/remove interfaces etc.
Those operartions are executed in separate privileged
process via tunbuilder API.
- pass data between userspace/kernel via pipe
In Linux client, control channel packets are handled by
unprivileged process, which doesn't have direct access to netlink
socket to talk directly to kernel module. In order to enable
communication with kernel by unprivileged process, receiving side
of tunbuilder API, which itself is ran in privileged process,
creates socketpair and connects netlink socket with another socket,
which is passed back to unprivileged process. Unpriviled process
uses that socket to communicate with kernel module instead of GeNL
object.
- remove remnants of kovpn support from tunbuilder and tunbuilder
support from kovpn tun/transport client.
Kovpn doesn't need tunbuilder support, so relevant code is removed.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Since userspace doesn't know anything about data
channel traffic, keepalive should be handled in kernel.
Disable keepalive in userspace and implement
OVPN_CMD_SET_PEER ovpn-dco command, which sets
keepalive settings in kernel.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Implement OvpnDcoRekey, which parses key info
into format consumed by ovpn-dco.
Use KoRekey abstractions to hook into protocol layer
and get notified about rekeying events.
Pass new key to kernel or swap keys when commanded by
protocol layer.
Implement ovpn-dco netlink commands:
- OVPN_CMD_NEW_KEY
- OVPN_CMD_DEL_KEY
- OVPN_CMD_SWAP_KEYS
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Add dependency to libnl-genl, which is C library
for generic netlink communication.
Implement C++ wrapper for libnl-genl, inspired by
ovpn-cli - a test client for ovpn-dco kernel module.
Implement ovpn-dco netlink commands:
- OVPN_CMD_START_VPN - pass transport socket,
protocol (UDP) and mode (client).
- OVPN_CMD_NEW_PEER - pass local and remote
endpoint info.
- OVPN_CMD_PACKET - move (control channel) packets
between userspace and kernel.
- OVPN_CMD_DEL_PEER - sent by kernel when peer is deleted
due to keepalive timeout (causes reconnect) or any other
reason (considered as fatal).
This change allows to perform openvpn handshake and
establish connection which doesn't work, since data channel
keys are not passed to kernel yet.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Add tun/transport client skeleton for ovpn-dco,
which doesn't do any work except creating/removing
ovpn-dco device.
Signed-off-by: Lev Stipakov <lev@openvpn.net>