NE link writes are blocking and don't support timeout. When shutting
down a UDP session, the OCCPacket may fail to send and lock the session
in a stale state ("Active" but dead), with an infinite loop of "Failed
TUN read" messages in the log.
- First, [add cancellation handlers to NE UDP/TCP
sockets](https://github.com/passepartoutvpn/passepartoutkit-source/pull/464)
- Then, rather than writing the exit packet in the foreground and
scheduling cancellation:
- Write the packet in a background task
- Wait until timeout in the actor
- Cancel the pending write and go ahead
This may still leak if NE socket cancellation doesn't work, but will
prevent deadlock.
The new OpenVPN parser was painfully slow due to allocating
NSRegularExpression zillion times, which resulted in poor performance
(4x time!) when processing long PUSH_REPLY messages. This is a hard
regression from v2 because [TunnelKit created the regexes
statically](339b509ddf/Sources/TunnelKitOpenVPNCore/ConfigurationParser.swift (L42)).
Solution: pre-allocate the regular expressions at parser creation time.
Optimize long fragmented replies further by catching PUSH_REPLY
continuations early, rather than parsing line by line.
Clean up the naive abuse of async/await in OpenVPNSession. Encapsulate
the instances of ControlChannel/DataChannel inside the Negotiator actor,
so that actor-isolation for them becomes automatically unnecessary.
Synchronous methods inside the actor are the way to go.
After that, handle control packets in orderly fashion, because this is
not being done and may spoil negotiation very easily. Probably also
happening in TunnelKit.
Ultimately, skip some unnecessary XOR processing in UDP when no XOR
method is actually set.
### OpenVPN
- Make CPassepartoutCryptoOpenSSL agnostic of PassepartoutKit
- Move Allocation/ZeroingData from PassepartoutKit to package for
internal use
- Rename ZeroingData.count to .length for consistency with NSData
- Duplicate some Data manipulation code in CryptoOpenSSL
- Retain a simplified version of ZeroingData in PassepartoutKit
(AutoerasingData)
### WireGuard
- Make WireGuardKit imports `internal`
Simplify development and maintenance immensely by making this a
monorepository:
- Convert PassepartoutKit and VPN bindings to local packages
- OpenVPN/OpenSSL
- WireGuard/Go
- Make PassepartoutKit available via
- Source submodule for production (private)
- [Binary XCFramework for
development](https://github.com/passepartoutvpn/passepartoutkit)
- Add PassepartoutKit Demo in root
- Deploy package later
