DCO: feature negotiation with kernel

[cron2]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289303

"--- Comment #35 from Kristof Provost [email protected] --- (In reply to Gert Doering from comment #34)
At some point we're going to be forced to add a feature flag negotiation feature to the kernel/userspace interface. I've had a quick look at dco_linux
and dco_win. As far as I can see there's no generic mechanism yet. Ideally we'd come up with something that works for everyone, so it might be best for that to be driven from OpenVPN's side. I'm sure I can implement whatever you come up with for FreeBSD fairly easily. "

so, opening an issue here that we do not forget.

So far Windows managed to avoid a true "feature negotiation" by only adding things and increasing the dco-win version number.

Linux managed to avoid this by having a fully incompatible "new DCO" module which wants a fully new "userland" - but at this point we're frozen with what the "new ovpn.ko" can do at birth. When Linux adds epoch data format, we're at the point where we need to query the kernel and ask it "what can you do?"

FreeBSD bit us because the kernel grew "float notification" support without any other changes to the API, so old 2.6 OpenVPN received messages it did not expect and killed the peer ("I do not understand this message from DCO, SIGUSR1 to the rescue").