wiki:SocketRework

Socket Rework

The current state of socket handling of openvpn is suboptimal. It lacks proper support of dual stack environments. There are some design decisions to be made beforehand. This a first list of things that should be discussed before beginning a rewrite.

  • Meaning of udp, udp6. At the moment udp forces AF_INET and udp6 AF_INET6. If no udp/tcp is specified the client will guess ipv4/ipv6 and stick to that guess
    • Remove udp6, add --ipv4 and --ipv6 options to force a protocol

  • tcp design is straightfoward
    • tcp-server resolves address with AI_PASSIVE, bind to all returned results
    • tcp-client resolve all adresses, iterate through them in the returned order

  • Behaviour of udp sockets if --mode client/server is specified
    • Same behavior as tcp-server/client
  • Behaviour of p2p udp peers without --mode client/server , now it is simply only socket is open for both peers, in dual stack this assumption breaks
    • introduce udp-server and udp-client. Let udp-server bind/listen on all socket and udp-client only on the one currently trying to connect
    • Both peer bind on all sockets but iterate through the socket when trying to connect
    • alternatively: explicit binding on a single IPv4 or IPv6 address for each side is needed, no failover to the other protocol family ("he who uses p2p mode knows what works")
  • behaviour of bind/remote if they different in the returned protocols
    • bind only IPv4 but remote IPv4/IPv6, issue warning
    • bind only IPv4 and remote IPv6, exit with error
  • Bind mode with --mode client
    • Default to --nobind
    • if --bind is specified, only bind the socket family that is currently connected, e.g. do not bind/listen on a IPv6 udp local socket if connecting to IPv4 socket.
  • Listening on multiple sockets is needed for dual stack anyway. So simultaneous udp/tcp is possible too:
    • <listen> like <connection> but uses all <listen> blocks at the same time
  • allow sockets to be created by plugins.
    • Remove http-proxy and socks proxy from main code path
    • add http-proxy plugin and socks proxy plugins
Last modified 6 years ago Last modified on 06/21/12 10:26:14