Re: [Openvpn-devel] OpenVPN multi instancing

[James Yonan]

Matthias Andree  said:

> On Sun, 29 Feb 2004, Christian Daniel wrote:
> 
> > Hello everybody!
> > 
> > For a student research project I'm trying to add multi instance capability 
> > to 
> > OpenVPN. The basic idea is to rip the main openvpn()-function apart, put 
> > all 
> > variables in a struct and then have only one select()-call for all open 
> > tunnels at once.
> 
> Oh. You're in for plentiful fun with the various select()
> "features"^Wbugs across the various operating system kernels.
> 
> Better check out poll() and epoll() where available. These happen to
> (usually) be more scalable as the number of fds increases.

Luckily, UDP scales up fairly well without hitting up against the limitations
of select() since a single UDP socket can be used to communicate with an
unlimited number of clients.  TCP will be harder to scale with select()
because every incoming client will need its own socket.

I don't see how poll() is that much of an improvement over select() because it
still requires that you scan all the FDs to see which ones require service.

epoll() looks like a real improvement, and has obviously been designed with
scalability in mind.

It's too bad that poll and epoll move the timeout from microsecond to
millisecond resolution, as that makes things like traffic shaping harder to
implement.

James

Re: [Openvpn-devel] --redirect-gateway on FreeBSD

[James Yonan]

Juan Rodriguez Hervella  said:

> Hello,
> 
> I've just subscribed to this list, but I've read on the
> archives that the --redirect-gateway function is not
> working yet on FreeBSD because of the problem of
> retreiving the address of the default gateway.
> 
> I've just written a small program which makes that,
> looking at /usr/src/sbin/route.c
> 
> Hope this helps, I've tested it on both FreeBSD-4.9
> and FreeBSD-5.2
> 
> It uses PF_ROUTE sockets.
> 
> hope this helps!
> -- 
> **
> JFRH
> **
> 
> Go climb a gravity well!

Juan,

It would be ideal if you could code this into OpenVPN's route.c, following the
form of the other platforms, i.e.:

..

#elif defined(TARGET_FREEBSD)

static bool
get_default_gateway (in_addr_t *ret)
{
  /* code me -- put gateway address into *ret */
}

#else

..

James

[Openvpn-devel] --redirect-gateway on FreeBSD

[Juan Rodriguez Hervella]

Hello,

I've just subscribed to this list, but I've read on the
archives that the --redirect-gateway function is not
working yet on FreeBSD because of the problem of
retreiving the address of the default gateway.

I've just written a small program which makes that,
looking at /usr/src/sbin/route.c

Hope this helps, I've tested it on both FreeBSD-4.9
and FreeBSD-5.2

It uses PF_ROUTE sockets.

hope this helps!
-- 
**
JFRH
**

Go climb a gravity well!
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 

#include 
#include 
#include 

struct {
struct rt_msghdr m_rtm;
char   m_space[512];
} m_rtmsg;

#define ROUNDUP(a) \
((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long))

#define ADVANCE(x, n) (x += ROUNDUP((n)->sa_len))

char aux[INET_ADDRSTRLEN];
struct sockaddr so_dst, so_mask;


char *routename( struct sockaddr *sa )
{
inet_ntop( AF_INET, &((struct sockaddr_in *)sa)->sin_addr, aux, 
INET_ADDRSTRLEN );

return aux;
}


void print_getmsg(struct rt_msghdr *rtm, int msglen)   
{
struct sockaddr *dst = NULL, *gate = NULL, *mask = NULL;
struct sockaddr *sa;
char *cp;
int i;

(void) printf("   route to: %s\n", routename(_dst));
if (rtm->rtm_version != RTM_VERSION) {
warnx("routing message version %d not understood",
 rtm->rtm_version);
return;
}
if (rtm->rtm_msglen > msglen) {
warnx("message length mismatch, in packet %d, returned %d",
  rtm->rtm_msglen, msglen);
}
if (rtm->rtm_errno)  {
errno = rtm->rtm_errno;
warn("message indicates error %d", errno);
return;
}
cp = ((char *)(rtm + 1));
if (rtm->rtm_addrs)
for (i = 1; i; i <<= 1)
if (i & rtm->rtm_addrs) {
sa = (struct sockaddr *)cp;
switch (i) {
case RTA_DST:
dst = sa;
break;
case RTA_GATEWAY:
gate = sa;
break;
case RTA_NETMASK:
mask = sa;
break;
}
ADVANCE(cp, sa);
}

if (dst)
(void)printf("destination: %s\n", routename(dst));

if (mask)
(void)printf("   mask: %s\n", routename(mask)); 
   

if (gate && rtm->rtm_flags & RTF_GATEWAY)
(void)printf("gateway: %s\n", routename(gate));
}



int main()
{
  int s, seq, l, pid, rtm_addrs;
  char *cp = m_rtmsg.m_space; 

#define NEXTADDR(w, u) \
if (rtm_addrs & (w)) {\
l = ROUNDUP(u.sa_len); memmove(cp, &(u), l); cp += l;\
}

#define rtm m_rtmsg.m_rtm

  pid = getpid();
  seq = 0;
  rtm_addrs = RTA_DST | RTA_NETMASK;

  bzero(_dst, sizeof(so_dst));
  bzero(_mask, sizeof(so_mask));
  bzero(, sizeof(struct rt_msghdr));

  rtm.rtm_type = RTM_GET;
  rtm.rtm_flags = RTF_UP | RTF_GATEWAY;
  rtm.rtm_version = RTM_VERSION;
  rtm.rtm_seq = ++seq;
  rtm.rtm_addrs = rtm_addrs; 

  NEXTADDR(RTA_DST, so_dst);
  NEXTADDR(RTA_NETMASK, so_mask);

  rtm.rtm_msglen = l = cp - (char *)_rtmsg;

  s = socket(PF_ROUTE, SOCK_RAW, 0);

  if (write(s, (char *)_rtmsg, l) < 0) {
warn("writing to routing socket");
return (-1);
  }

  do {
l = read(s, (char *)_rtmsg, sizeof(m_rtmsg));
  } while (l > 0 && (rtm.rtm_seq != seq || rtm.rtm_pid != pid));


  print_getmsg(, l);

  return 0;
}