#
4d846d26 |
|
10-May-2023 |
Warner Losh <imp@FreeBSD.org> |
spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch up to that fact and revert to their recommended match of BSD-2-Clause. Discussed with: pfg MFC After: 3 days Sponsored by: Netflix
|
#
f7ee28e7 |
|
08-May-2023 |
Kristof Provost <kp@FreeBSD.org> |
if_ovpn: notify userspace when we've used half of the sequence numbers OpenVPN uses the sequence number (as well as a userspace supplied nonce) to build the IV. This means we should avoid re-using sequence numbers. However, userspace doesn't know how many packets we've sent (and thus what sequence number we're up to). Notify userspace when we've used half of the available sequence numbers to tell it that it's time for a key renegotiaton. Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D39570
|
#
8b630fa9 |
|
26-Nov-2022 |
Kristof Provost <kp@FreeBSD.org> |
if_ovpn: implement OVPN_GET_PEER_STATS Allow userspace to retrieve per-peer traffic stats. Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D37604
|
#
66de89d4 |
|
26-Nov-2022 |
Kristof Provost <kp@FreeBSD.org> |
if_ovpn: remove OVPN_SEND_PKT OpenVPN userspace no longer uses the ioctl interface to send control packets. It instead uses the socket directly. The use of OVPN_SEND_PKT was never released, so we can remove this without worrying about compatibility. Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D37602
|
#
da69782b |
|
01-Dec-2022 |
Kristof Provost <kp@FreeBSD.org> |
if_ovpn: extend notifications with a reason Extend peer deleted notifications (which are the only type right now) to include the reason the peer was deleted. This can be either because userspace requested it, or because the peer timed out. Reviewed by: zlei Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D37583
|
#
2e797555 |
|
12-Oct-2022 |
Gert Doering <gert@greenie.muc.de> |
if_ovpn(4): implement ioctl() to set if_flags Fully working openvpn(8) --iroute support needs real subnet config on ovpn(4) interfaces (IFF_BROADCAST), while client-side/p2p configs need IFF_POINTOPOINT setting. So make this configurable. Reviewed by: kp
|
#
ab91feab |
|
22-Feb-2022 |
Kristof Provost <kp@FreeBSD.org> |
ovpn: Introduce OpenVPN DCO support OpenVPN Data Channel Offload (DCO) moves OpenVPN data plane processing (i.e. tunneling and cryptography) into the kernel, rather than using tap devices. This avoids significant copying and context switching overhead between kernel and user space and improves OpenVPN throughput. In my test setup throughput improved from around 660Mbit/s to around 2Gbit/s. Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D34340
|