Re: [Openvpn-devel] sctp in openvpn

2011-02-28 Thread Jan Just Keijser 

David Sommerseth wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 26/02/11 12:25, Gert Doering wrote:
| Hi,
|
| On Sat, Feb 26, 2011 at 11:19:19AM +, Olivier Van Acker wrote:
|>> The code parts in question inside OpenVPN (socket.c) are somewhat
|>> complicated due to lots of existing options and lots of existing
|>> operating systems being supported, so this will not be a trivial
|>> task.
|>
|> Would it be a good idea to limit the scope of this project by concentrating
|> on one OS first? I was thinking FreeBSD first since that contains the
|> reference implementation of SCTP.
|
| Well, you'd certainly start with one OS, but in the long run, you'd want
| the mainstream OSes (Linux and Windows) as well...

I second this.  SCTP is really interesting for OpenVPN in my perspective, but
we should rather quickly after having "something which works" support other
OSes as well.  When we reach that point, merging SCTP support into 'allmerged'
for broader testing gets interesting.  If Linux gets support quickly, I'm able
to test this out pretty soonish in a limited prod environment.

Some practical details.  General info about the development process can be
found here:
, including
git repositories.

For the git branch to look at, JJO's IPv6 transport patches is called
feat_ipv6_transport.  *But* as soon as we manage to get the OpenVPN 2.2
release out the door (I'm hope I'll be able to finalise the beta2.2 branch
today for the RC release), we're going to merge stuff, including JJO's branch
and Gert's feat_ipv6_payload branches officially and get started with the
OpenVPN 2.3 cycle.  So what I'm saying, please base your stuff on JJO's branch
now, but be sure your changes can be merged against the feat_ipv6_payload
branch too.  As I'm the one going to do the merges, I'm going to be noisy if
it doesn't go smooth ;-)

And just let me state that, if someone got time to do a real overhaul of
socket.c, that would really be beneficial.  That source file is confusing at
best to read.  However, we do have some source documentation patches is the
wild somewhere, waiting to go in soonish too - which I'd like to see go into
the 2.3 cycle.  So - there's a little coordination needed to be done here with
such an overhaul too.

  
there seems to be a freely available SCTP implementation for Windows 
XP/Vista/7:

 http://www.bluestop.org/SctpDrv/

Sources for an older version of this driver are available, but I am not 
sure under what conditions/license is released.


As for adding SCTP support: if I read the 'socat' sources it should be 
dead-easy: just open the socket using the protocol IPP_SCTP4 and that's 
about it.
The real question is whether we'd want to support some of the niftier 
features that SCTP has to offer (e.g. opening multiple channels via a 
single connections).


cheers,

JJK

Re: [Openvpn-devel] sctp in openvpn

2011-02-26 Thread Gert Doering 
Hi,

On Sat, Feb 26, 2011 at 11:31:20AM +, Olivier Van Acker wrote:
> > This doesn't help me a single bit if I'm sitting behind a firewall that
> 
> Ah, sorry, I re-read what you were saying, I cherry picked the word
> paralelI without reading the rest :-P No, SCTP won't help with this

... and I agree that it's not directly SCTP related - it's just that 
"these bits of the code would need to be changed anyway, so maybe this
can be done in a nicely extensible way".

gert
-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


pgp6MKlH6GJHf.pgp
Description: PGP signature

Re: [Openvpn-devel] sctp in openvpn

2011-02-26 Thread David Sommerseth 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 26/02/11 12:25, Gert Doering wrote:
| Hi,
|
| On Sat, Feb 26, 2011 at 11:19:19AM +, Olivier Van Acker wrote:
|>> The code parts in question inside OpenVPN (socket.c) are somewhat
|>> complicated due to lots of existing options and lots of existing
|>> operating systems being supported, so this will not be a trivial
|>> task.
|>
|> Would it be a good idea to limit the scope of this project by concentrating
|> on one OS first? I was thinking FreeBSD first since that contains the
|> reference implementation of SCTP.
|
| Well, you'd certainly start with one OS, but in the long run, you'd want
| the mainstream OSes (Linux and Windows) as well...

I second this.  SCTP is really interesting for OpenVPN in my perspective, but
we should rather quickly after having "something which works" support other
OSes as well.  When we reach that point, merging SCTP support into 'allmerged'
for broader testing gets interesting.  If Linux gets support quickly, I'm able
to test this out pretty soonish in a limited prod environment.

Some practical details.  General info about the development process can be
found here:
, including
git repositories.

For the git branch to look at, JJO's IPv6 transport patches is called
feat_ipv6_transport.  *But* as soon as we manage to get the OpenVPN 2.2
release out the door (I'm hope I'll be able to finalise the beta2.2 branch
today for the RC release), we're going to merge stuff, including JJO's branch
and Gert's feat_ipv6_payload branches officially and get started with the
OpenVPN 2.3 cycle.  So what I'm saying, please base your stuff on JJO's branch
now, but be sure your changes can be merged against the feat_ipv6_payload
branch too.  As I'm the one going to do the merges, I'm going to be noisy if
it doesn't go smooth ;-)

And just let me state that, if someone got time to do a real overhaul of
socket.c, that would really be beneficial.  That source file is confusing at
best to read.  However, we do have some source documentation patches is the
wild somewhere, waiting to go in soonish too - which I'd like to see go into
the 2.3 cycle.  So - there's a little coordination needed to be done here with
such an overhaul too.


kind regards,

David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk1o6G0ACgkQDC186MBRfrrnPACgg5MNumXBR0McuTEip6/c76lY
BacAoIANCG/ZGas/yhiGEbw4U7xqDYeI
=PMoQ
-END PGP SIGNATURE-

Re: [Openvpn-devel] sctp in openvpn

2011-02-26 Thread Olivier Van Acker 
>
>
> This doesn't help me a single bit if I'm sitting behind a firewall that
>

Ah, sorry, I re-read what you were saying, I cherry picked the word
paralelI without reading the rest :-P No, SCTP won't help with this


Olivier






> gert
> --
> USENET is *not* the non-clickable part of WWW!
>   //
> www.muc.de/~gert/
> Gert Doering - Munich, Germany
> g...@greenie.muc.de
> fax: +49-89-35655025
> g...@net.informatik.tu-muenchen.de
>



-- 
“If you know what you're doing, three layers is enough; if you don't, even
seventeen levels won't help”. ~ Padlipsky

Re: [Openvpn-devel] sctp in openvpn

2011-02-26 Thread Gert Doering 
Hi,

On Sat, Feb 26, 2011 at 11:19:19AM +, Olivier Van Acker wrote:
> > The code parts in question inside OpenVPN (socket.c) are somewhat
> > complicated due to lots of existing options and lots of existing
> > operating systems being supported, so this will not be a trivial
> > task.
>
> Would it be a good idea to limit the scope of this project by concentrating
> on one OS first? I was thinking FreeBSD first since that contains the
> reference implementation of SCTP.

Well, you'd certainly start with one OS, but in the long run, you'd want
the mainstream OSes (Linux and Windows) as well...

[..]
> > functionality to listen on multiple sockets in parallel,
> 
> This is somethings SCTP has build in.
> One SCTP association (connection over one or more nodes) can contain
> multiple independent data streams.

This doesn't help me a single bit if I'm sitting behind a firewall that
doesn't even let UDP/1194 pass - listening on SCTP *and* UDP/TCP in parallel
will be necesary, because too many clients won't be able to use SCTP, at
least when starting this.

Or are you implying that by listening on a SCTP socket, the kernel
machinery will also handle incoming "plain UDP" and "plain TCP" connects
via that SCTP socket?

gert
-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


pgpEP3POWQCL4.pgp
Description: PGP signature

Re: [Openvpn-devel] sctp in openvpn

2011-02-26 Thread Olivier Van Acker 
Hi,

Thanks for the quick reply,


>
> I would find that a useful thing, but admit that I have only theoretical
> knowledge about SCTP (and have no time to work on it).
>
>
I've been reading up on SCTP and making test apps with it, I'm also in
contact
with Randy Stewart who is the main person behind the spec and Michael
Tuexen
who's done a lot of research on it, both are very helpful.
I won't say I'm an expert but I think I know my way around and I'll be happy
to give it a serious try.



> The code parts in question inside OpenVPN (socket.c) are somewhat
> complicated due to lots of existing options and lots of existing
> operating systems being supported, so this will not be a trivial
> task.
>
>
Would it be a good idea to limit the scope of this project by concentrating
on
one OS first? I was thinking FreeBSD first since that contains the
reference
implementation of SCTP.




> What I'd definitely recommend to do is base your work on JJO's IPv6
> transport patches, because he already changed large parts of socket.c
> - so if you base your work on "plain 2.2", there will be endless conflicts.
>
>
Yes, I'll have a closer look at the IPv6 work.



> functionality to listen on multiple sockets in parallel,


This is somethings SCTP has build in.
One SCTP association (connection over one or more nodes) can contain
multiple independent data streams.


Regards,


Olivier






>


> gert
>
> --
> USENET is *not* the non-clickable part of WWW!
>   //
> www.muc.de/~gert/
> Gert Doering - Munich, Germany
> g...@greenie.muc.de
> fax: +49-89-35655025
> g...@net.informatik.tu-muenchen.de
>



-- 
“If you know what you're doing, three layers is enough; if you don't, even
seventeen levels won't help”. ~ Padlipsky

Re: [Openvpn-devel] sctp in openvpn

2011-02-26 Thread Gert Doering 
Hi,

On Sat, Feb 26, 2011 at 10:05:58AM +, Olivier Van Acker wrote:
> Are there any plans to support the sctp protocol in openvpn?

I would find that a useful thing, but admit that I have only theoretical
knowledge about SCTP (and have no time to work on it).

The code parts in question inside OpenVPN (socket.c) are somewhat
complicated due to lots of existing options and lots of existing 
operating systems being supported, so this will not be a trivial
task.

What I'd definitely recommend to do is base your work on JJO's IPv6 
transport patches, because he already changed large parts of socket.c
- so if you base your work on "plain 2.2", there will be endless conflicts.

(Personally, I hope that such an overhaul of socket.c would bring in
functionality to listen on multiple sockets in parallel, like "listen on
udp/1194 for normal connections, plus tcp/443 for those behind too-strict
firewalls").

gert

-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


pgp1iwNTX0g1Y.pgp
Description: PGP signature

[Openvpn-devel] sctp in openvpn

2011-02-26 Thread Olivier Van Acker 
Hi,

Are there any plans to support the sctp protocol in openvpn?
I'm especially interested in the multihoming functionality of sctp, this
would enable openvpn to keep a single (sctp) socket open over multiple
network interfaces.
If there are no plans to implement this I wouldn't mind having a go at it
myself.

Regards,

Olivier

PS I'm already hanging out in #openvpn-devel (cyberroadie) but am not sure
when is a good time to ask this question




-- 
“If you know what you're doing, three layers is enough; if you don't, even
seventeen levels won't help”. ~ Padlipsky