wiki:LvivHackathon2018

Version 30 (modified by Gert Döring, 5 years ago) (diff)

--

OpenVPN Hackathon 2018

This year's hackathon is organized by Andriy Revin and David Sommerseth

We will stick to the format of the previous years, which means attendance is in principle limited to "active developers that are also regularly contributing to #openvpn-devel or the mailing list". We should have enough space in the meeting room for 10-14 devs.

Who is coming?

Name Topics Arrival Departure Hotel
Andriy Revin - @home
David Sommerseth clean-ups, plug-ins, OpenVPN 3 client Thu evening (LO482/LO763) Tue (LO766/LO483) Ibis
Antonio Quartulli remaining IPv6-only work, VLAN patches, netlink, multi-socket/multi-protocol, transport API(?) Fri Tue Ibis
Steffan Karger Performance, clean ups, crypto stuff Thu (OS381, ETA 15:20 @ airport) Sun Ibis
Gert Döring VLAN Patches / Architecture, Challenge / Plugin stuff, Performance (Threading?) Fri (LH2550, ETA 11:30 @airport) Mon (LH2551) Ibis
Samuli Seppänen Packaging (MSI, DEB, RPM), HackerOne tuning Fri late evening Mon early morning  Ibis
James Yonan
Arne Schwabe random stuff Thu (LO410/LO765) Tue (LO766/LO407) Ibis
Johan Draaisma things 3 oct 8 oct somewhere
Lev Stipakov things Fri evening (TK443) Tue Ibis

Where?

The meeting is held at the OpenVPN office in Lviv (Ukraine): Shevchenka Ave 5.

Lviv Danylo Halytskyi International Airport is quite close to the city. Best way of public transport is via Uber.

If you have any questions - please contact Andriy Revin (andriy @ openvpn.net).

When?

The hackathon will take place from Friday October 5th 2018 to Sunday October 7th.

What?

  1. What features do we want in 2.5? Set the timeline accordingly. (See the OpenVPN 2.5 status page).
    • tls-crypt v2, sitnl, vlan patches, ipv6-only, transport plug-in?
    • MSI packaging?
    • EasyRSA 3 for Windows (NSIS/MSI) installers?
  2. Should OpenVPN be a "swiss army knife" or "secure vpn client for dummies"
    • Could the split between OpenVPN 2.x and 3.x reflect these two roles?
  3. Feature changes
    • Do we need --opt-verify? Is this a feature strictly needed these days?
  4. MSI packaging
    • Available for testing for tap-windows6, but not yet for OpenVPN 2

Input

TBD

Internet

Free wifi network is available at the office

Accommodation

There are many options with hotels and Airbnb alternatives in walking distance from the office (5-10 minutes). Most reasonably priced hotels are fairly small and availability is varying a lot, but double check against hotels.com, booking.com, trivago.com or similar sites to ensure you get a good price.

Some hotels close by (4-8 minutes walk):

Hotel URL Comments
Ibis Styles Lviv Center https://www.accorhotels.com/gb/hotel-9709-ibis-styles-lviv-center/index.shtml Most likely one of the bigger ones, small rooms but decent
Swiss Hotel http://swiss-hotel.lviv.ua/en/ Reasonable hotel when getting good price offers
ANTARES Apart hotel https://antares-apart.com.ua/en/ -
Danylo Inn http://www.danyloinn.com/ -

Results

(informal notes on some of the discussions that benefit from writing down)

2.4.7

  • we need to do a 2.4.7 release "soonish", to fix the --opt-verify issue Lev and Johan have encountered with NCP (patch has been merged in master+release/2.4)
  • we want the "asymmetric compression" change from Arne in there as well
  • 2.4.7 will be inintially released with the old TAP6 driver, and then we can do a re-release with the new TAP6 driver after sufficient testing (when our new approach can get all testing/signing issues fixed, estimated ~4-6 weeks)
  • TLS1.3 related patches are acceptable for 2.4.7 if they do not change existing behaviour (unless you use --tls-ciphersuite

T-Shirts

  • are buggy
  • 30 day refund policy

features in 2.5 that we want

  • we have a page in the wiki so people can read up on this
  • MSI packaging (Simon, Samuli) must have
    • TAP6 changes -> TAP6 MSI installer
    • Samuli is reading books about MSI
    • possibly drop NSIS, or offer both options
  • tls-cryptv2 must have
    • Antonio is reviewing, goal: this weekend
  • IPv6-only really nice to have
    • client side is already finished(!)
    • server side needs brains to closely check disentanglement of ipv4/ipv6 server pools for unexpected side effects
    • Gert needs to finish review and test bed
  • netlink / sitnl refactoring of tun.c, route.c must have/
    • Arne volunteers to review, but is entangled in ipv6-only changes (so might need rebasing) -> Antonio to check
    • code is there, but needs better coordination
    • blocker
  • transport plugin (obfuscation or others) nice to have
    • operator foundation, founded by google
    • coordinating with Antonio
    • patches based on 2.4 - asked to rebase on master
    • "nice to have"?
  • "make VPN fast again" (Antonio) - nice to have
    • split control/data channel -> separate threads
      • "client connect" activity will no longer interfere with "forwarding packets for other clients"
      • going from there to multiple workers for data channel
      • "all the complicated event handling" -> control thread
    • send/receive multi-messages
    • use tun driver more efficiently
    • tap6 on server 2016 - maybe slow because driver reports attributes wrongly?
    • initial connect speed of 2.x clients compared to 3.x clients
      • there is one "1 second" coarse timer left in the 2.x code base
      • Gert and Steffan did not dare to remove this one yet
    • OpenVPN3 offload API?
    • ongoing activity...
  • VLAN patchset must have
    • Antonio volunteers to rebase + adjust the code to master
    • Arne volunteers to review
    • Gert to build test infrastructure
    • David: suggest to checkout the code tree "right before the uncrustify changes", apply Fabian's v2 patch set, and proceed from there
  • asynchronous client-connect (?) patchset from Fabian Kittel - must have
  • multi-listen / multi-port / multi-ip patch set
    • multi-port is done, with multi-ip (if same protocol) (first chunk) "in beta" must have
    • multi-protocol (TCP+UDP) "not even alpha" postpone to 2.6, too early code
    • Arne feels like he needs to review this
  • dynamic-route (routes in CCD/)
    • today: OpenVPN only adds route at startup
    • adding routes at client-connect time needs to be done "outside"
    • nice to have(!!) - it can be done with --client-connect or in plugin code - but easier debugged if "built in"
  • enable --enable-async-push by default
    • it is tested fairly well now
    • get rid of extra #ifdef
    • cross-plattform - today this depends on inotify, which is not available on most platforms we support (Linux, maybe FreeBSD, nothing else)

features we want in 2.6

  • asynchronous netlink (= do not block waiting for kernel ACK)
  • performance enhancements on multi-CPU machines
    • multithreading? Do we want to just go for 3.0 here?