On 08/08/2016 11:34 AM, David Sommerseth wrote: > > On 07/08/16 13:44, ValdikSS wrote: > > It's possible to have so much routes that they won't fit into stack > > and execve would fail with E2BIG (Argument list too long). > > > This commit fixes this issue by not adding route information into > > execve'd application env. --- src/openvpn/lladdr.c | 2 +- > > src/openvpn/route.c | 8 ++++---- src/openvpn/tun.c | 12 > > ++++++------ 3 files changed, 11 insertions(+), 11 deletions(-) > > > diff --git a/src/openvpn/lladdr.c b/src/openvpn/lladdr.c index > > 57f447b..d537379 100644 --- a/src/openvpn/lladdr.c +++ > > b/src/openvpn/lladdr.c @@ -58,7 +58,7 @@ int set_lladdr(const char > > *ifname, const char *lladdr, #endif > > > argv_msg (M_INFO, &argv); - r = openvpn_execve_check (&argv, es, > > M_WARN, "ERROR: Unable to set link layer address."); + r = > > openvpn_execve_check (&argv, NULL, M_WARN, "ERROR: Unable to set > > link layer address."); > > > I have just very quickly looked through this, and in most cases this > seems fine. openvpn_execve_check() most of the cases are calling a > somewhat hard coded path to a binary. > > Except ... on Linux, configured with --enable-iprout2, OpenVPN can use > the --iproute option which redefines at runtime which iproute2 binary > it should use. Removing the environment table in these cases may > actually break some setups where the system can have a iproute2 > compatible wrapper which needs some of the environment variables. > > I have also seen the IRC discussion, where Gert argues that something > else is not optimal when the environment variable space is exhausted. > I think a better fix would be to consider a way to filter out > unneeded noise instead.
I'm afraid that's nearly impossible for me. These routes are IP addresses and ranges of blacklisted websites in Russia. They are already merged into bigger subnets which shrank 25000+ IP addresses into ≈22000 IP ranges. I probably can proxy non-blocked IP addresses to make the list even smaller, but it won't be dramatically smaller, expect 15000+ addresses, which still breaks OS X for example. Any ideas? > > > > ------------------------------------------------------------------------------
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
