Socket Rework

The current state of socket handling of openvpn is suboptimal. It lacks proper support of dual stack environments. There are some design decisions to be made beforehand. This a first list of things that should be discussed before beginning a rewrite.

  • Meaning of udp, udp6. At the moment udp forces AF_INET and udp6 AF_INET6. If no udp/tcp is specified the client will guess ipv4/ipv6 and stick to that guess
    • Remove udp6, add --ipv4 and --ipv6 options to force a protocol

  • tcp design is straightfoward
    • tcp-server resolves address with AI_PASSIVE, bind to all returned results
    • tcp-client resolve all adresses, iterate through them in the returned order

  • Behaviour of udp sockets if --mode client/server is specified
    • Same behavior as tcp-server/client
  • Behaviour of p2p udp peers without --mode client/server , now it is simply only socket is open for both peers, in dual stack this assumption breaks
    • introduce udp-server and udp-client. Let udp-server bind/listen on all socket and udp-client only on the one currently trying to connect
    • Both peer bind on all sockets but iterate through the socket when trying to connect
    • alternatively: explicit binding on a single IPv4 or IPv6 address for each side is needed, no failover to the other protocol family ("he who uses p2p mode knows what works")
  • behaviour of bind/remote if they different in the returned protocols
    • bind only IPv4 but remote IPv4/IPv6, issue warning
    • bind only IPv4 and remote IPv6, exit with error
  • Bind mode with --mode client
    • Default to --nobind
    • if --bind is specified, only bind the socket family that is currently connected, e.g. do not bind/listen on a IPv6 udp local socket if connecting to IPv4 socket.
  • Listening on multiple sockets is needed for dual stack anyway. So simultaneous udp/tcp is possible too:
    • <listen> like <connection> but uses all <listen> blocks at the same time
  • allow sockets to be created by plugins.
    • Remove http-proxy and socks proxy from main code path
    • add http-proxy plugin and socks proxy plugins
Last modified 6 years ago Last modified on 06/21/12 10:26:14