Re: [Openvpn-devel] [PATCH v2] More broadly enforce Allman style and braces-around-conditionals

2016-12-24 Thread Gert Doering 
Hi,

On Fri, Dec 23, 2016 at 11:40:54PM +0100, Steffan Karger wrote:
> This patch replaces the "Add nl_for_brace=add to uncrustify.conf" patch.
> 
> v2: also add nl_do_brace=add and mod_full_brace_do=add
> 
>  dev-tools/uncrustify.conf  |  8 +
[..]
> diff --git a/dev-tools/uncrustify.conf b/dev-tools/uncrustify.conf
> index 95e0b2a..d8ea870 100644
> --- a/dev-tools/uncrustify.conf
> +++ b/dev-tools/uncrustify.conf
> @@ -9,6 +9,11 @@ nl_brace_else=add
>  nl_elseif_brace=add
>  nl_else_brace=add
>  nl_else_if=remove
> +nl_for_brace=add
> +nl_while_brace=add
> +nl_switch_brace=add
> +nl_fdef_brace=add
> +nl_do_brace=add
>  sp_func_proto_paren=Remove
>  sp_func_def_paren=Remove
>  sp_func_call_paren=Remove
> @@ -44,6 +49,9 @@ nl_after_func_proto=2
>  # Always use scoping braces for conditionals
>  mod_full_brace_if=add
>  mod_full_brace_if_chain=false
> +mod_full_brace_while=add
> +mod_full_brace_for=add
> +mod_full_brace_do=add
>  
>  # Annotate #else and #endif statements
>  mod_add_long_ifdef_endif_comment=20

Both the conceptual change / uncrustify.conf and the actual code changes
look reasonable and "fully according to how I interpret our CodingStyle
wiki".  So ACK.

As per the previous reformatting discussions, lets put this into master
and 2.4-after-2.4.0

gert
-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


signature.asc
Description: PGP signature
--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/intel___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] Feedback wanted: proof-of-concept recvmmsg() support

2016-12-24 Thread Steffan Karger 
This patch is not done, but I would like to get some early feedback
because I'm not very familiar with this part of the code, nor with the
APIs involved.  So I expect to have made some rooky mistakes.

A while back, I experimented a bit with recvmmsg(), to see if using it
would yield some performance gain.  Simple tests (I don't have a good
stress test setup handy) indicate that this improves throughput by a few
percent.  I would expect more gain on the server side for P2MP servers
though, where multiple client can be spamming the server at once.

What definitely still needs to be done:
 * Improve error messages
 * Improve documentation (doxygen, openvpn.8, Changes.rst)
 * Figure out good default values

So, please, let me know what you think of the code.  And if you do have
a good setup for performance testing, I'd love to hear what this change
does for you.

XXX step towards dynamic allocation (still working)

further move towards dynamic alloc

init more-or-less-properly (no alloc yet)

dynamic alloc

refactor1

Signed-off-by: Steffan Karger 

refactor2

Signed-off-by: Steffan Karger 

refactor3

Finish prototype code
---
 configure.ac  |   2 +-
 src/openvpn/forward.c |   3 +-
 src/openvpn/init.c|   7 +++
 src/openvpn/integer.h |   7 +++
 src/openvpn/options.c |   6 ++
 src/openvpn/options.h |   1 +
 src/openvpn/socket.c  | 152 +++---
 src/openvpn/socket.h  |  43 ++
 8 files changed, 210 insertions(+), 11 deletions(-)

diff --git a/configure.ac b/configure.ac
index 43487b0..6bfb600 100644
--- a/configure.ac
+++ b/configure.ac
@@ -672,7 +672,7 @@ AC_SUBST([SOCKETS_LIBS])
 
 old_LIBS="${LIBS}"
 LIBS="${LIBS} ${SOCKETS_LIBS}"
-AC_CHECK_FUNCS([sendmsg recvmsg])
+AC_CHECK_FUNCS([sendmsg recvmsg sendmmsg recvmmsg])
 # Windows use stdcall for winsock so we cannot auto detect these
 m4_define(
[SOCKET_FUNCS],
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 8102e94..0c6af66 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -1754,7 +1754,8 @@ io_wait_dowork(struct context *c, const unsigned int 
flags)
 
 if (!c->sig->signal_received)
 {
-if (!(flags & IOW_CHECK_RESIDUAL) || 
!socket_read_residual(c->c2.link_socket))
+if ((!(flags & IOW_CHECK_RESIDUAL) || 
!socket_read_residual(c->c2.link_socket))
+&& !openvpn_mmsg_ctx_available(>c2.link_socket->recvmmsg_ctx))
 {
 int status;
 
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 4ff7725..1996d4d 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -3157,6 +3157,13 @@ do_init_socket_2(struct context *c)
 {
 link_socket_init_phase2(c->c2.link_socket, >c2.frame,
 c->sig);
+
+if (c->options.sockflags | SF_USE_IP_PKTINFO)
+{
+openvpn_mmsg_ctx_init(>c2.link_socket->recvmmsg_ctx,
+  BUF_SIZE(>c2.frame),
+  c->options.recvmmsg_buf_count);
+}
 }
 
 /*
diff --git a/src/openvpn/integer.h b/src/openvpn/integer.h
index 5ea32c4..8ea6708 100644
--- a/src/openvpn/integer.h
+++ b/src/openvpn/integer.h
@@ -31,6 +31,13 @@
  * min/max functions
  */
 
+#ifndef MIN
+#define MIN(a,b) (((a)<(b)) ? (a) : (b))
+#endif
+#ifndef MAX
+#define MAX(a,b) (((a)>(b)) ? (a) : (b))
+#endif
+
 static inline int
 max_int(int x, int y)
 {
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 953e376..cf08186 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -811,6 +811,7 @@ init_options(struct options *o, const bool init_gc)
 o->resolve_retry_seconds = RESOLV_RETRY_INFINITE;
 o->resolve_in_advance = false;
 o->proto_force = -1;
+o->recvmmsg_buf_count = 16;
 #ifdef ENABLE_OCC
 o->occ = true;
 #endif
@@ -5655,6 +5656,11 @@ add_option(struct options *options,
 VERIFY_PERMISSION(OPT_P_GENERAL);
 options->sockflags |= SF_USE_IP_PKTINFO;
 }
+else if (streq(p[0], "recvmmsg-buf-count") && p[1] && !p[2])
+{
+VERIFY_PERMISSION(OPT_P_GENERAL);
+options->recvmmsg_buf_count = strtoul(p[1], NULL, 10);
+}
 #endif
 else if (streq(p[0], "verb") && p[1] && !p[2])
 {
diff --git a/src/openvpn/options.h b/src/openvpn/options.h
index b3ab029..9b3897e 100644
--- a/src/openvpn/options.h
+++ b/src/openvpn/options.h
@@ -325,6 +325,7 @@ struct options
 
 /* socket flags */
 unsigned int sockflags;
+size_t recvmmsg_buf_count;
 
 /* route management */
 const char *route_script;
diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c
index ae12832..c0fa8d4 100644
--- a/src/openvpn/socket.c
+++ b/src/openvpn/socket.c
@@ -55,6 +55,13 @@ const int proto_overhead[] = { /* indexed by PROTO_x */
 IPv6_TCP_HEADER_SIZE,
 };
 
+#ifdef HAVE_RECVMMSG
+/** Free all memory allocated within ctx */
+void openvpn_mmsg_ctx_cleanup(struct openvpn_mmsg_ctx *ctx);
+#else
+#define

Re: [Openvpn-devel] [PATCH applied] docs: Further enhance the documentation related to SWEET32

2016-12-24 Thread David Sommerseth 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Your patch has been applied to the following branches

commit a256aee8e70ceb7059b9da69bc3e7cccbd094916  (master)
commit 203d7c8b1fdab065aa0b2a522abe00dc39fa433a  (release/2.4)
Author: David Sommerseth
Date:   Fri Dec 23 17:07:44 2016 +0100

 docs: Further enhance the documentation related to SWEET32

 Signed-off-by: David Sommerseth 
 Acked-by: Steffan Karger 
 Message-Id: <1482509264-24550-1-git-send-email-dav...@openvpn.net>
 URL: 
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13682.html


- --
kind regards,

David Sommerseth

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBAgAGBQJYXmKAAAoJEIbPlEyWcf3yLuEP/0dhBpaqRi07Uw26CJ3dEoF/
B4/Xe9wAxth+/NQDh5x+XUAQEr5aOH8bDi7NMn+ZZ+oA180CudK4nJm9xZOA7jCS
Po/BeQf6zeEgfNxOtrKELMrJpquM5sH4+RV33Do4RJjbdA9e9TEt/mMa049C+N88
IRZ7z4Fx+F40do9Zp7Kw6SYJixfZHiPi0hutKaXb9NQ8KLvHAz5GApeuXILCy7Js
N1DiSgzccS3eTLuzviLQRj1iUvNipgHkU0Wy7FtJ6x8oY9XuWiorQn8q+wuDwWqr
IR8BHRDqklJNLYe1nP0WebPBRIcCKUqDW3NXsSY2eqRoXZWSUTMO/KPQ4Z2BLfJc
2S3Ttl+9L9PMN/KL7/a0yeX/Qbj3+i0yzSQx9I3Tk7M0bQPsf4avnyfpBtrbEK5D
+KWZI+UR+YOuYUvnjCzfuogiJCcxS4UX5P6ags3xQ7rnzZY5ns5SeDAlach0sGKZ
EpnLbOLr5FTVsMGHL2iuTvDX3cdYFzrK6q/q1vPY7De9313UgciPT6afNslPLNKR
3Ilvx7EBrCv4IzVONHouRkoQ13kJ3+m6ULk/riH+YYmGHZqfXhfoTRrax/XGOmCl
DamG2Dz46E5osu1ZDRQlt9vqdANH2Xs26ygNmz7W1d/90GqMSxSIGaRnMJKvgyyN
5d6xi5m6svD91twiFL0i
=8kEi
-END PGP SIGNATURE-

--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/intel
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH 1/1] do not race on RuntimeDirectory

2016-12-24 Thread debbie10t 


On 16/12/16 22:00, Christian Hesse wrote:
> From: Christian Hesse 
>
> Different unit instances create and destroy the same RuntimeDirectory.
> This leads to running instances where the status file (and possibly
> more runtime data) is no longer accessible.
>
> So do not handle this in unit files but provide a tmpfiles.d
> configuration and let systemd-tmpfiles do the work.
> Nobody will (unintentionally) delete the directories and its content.
> As /run is volatile we do not have to care about cleanup.
>
> Signed-off-by: Christian Hesse 
> ---
>  distro/systemd/openvpn-client@.service | 2 --
>  distro/systemd/openvpn-server@.service | 2 --
>  distro/systemd/openvpn.conf| 2 ++
>  3 files changed, 2 insertions(+), 4 deletions(-)
>  create mode 100644 distro/systemd/openvpn.conf
>
> diff --git a/distro/systemd/openvpn-client@.service 
> b/distro/systemd/openvpn-client@.service
> index 5618af3..1187ee8 100644
> --- a/distro/systemd/openvpn-client@.service
> +++ b/distro/systemd/openvpn-client@.service
> @@ -9,8 +9,6 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
>  [Service]
>  Type=notify
>  PrivateTmp=true
> -RuntimeDirectory=openvpn-client
> -RuntimeDirectoryMode=0710
>  WorkingDirectory=/etc/openvpn/client
>  ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config %i.conf
>  CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID 
> CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
> diff --git a/distro/systemd/openvpn-server@.service 
> b/distro/systemd/openvpn-server@.service
> index b9b4dba..25a6bb7 100644
> --- a/distro/systemd/openvpn-server@.service
> +++ b/distro/systemd/openvpn-server@.service
> @@ -9,8 +9,6 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
>  [Service]
>  Type=notify
>  PrivateTmp=true
> -RuntimeDirectory=openvpn-server
> -RuntimeDirectoryMode=0710
>  WorkingDirectory=/etc/openvpn/server
>  ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log 
> --status-version 2 --suppress-timestamps --config %i.conf
>  CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE 
> CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
> diff --git a/distro/systemd/openvpn.conf b/distro/systemd/openvpn.conf
> new file mode 100644
> index 000..bb79671
> --- /dev/null
> +++ b/distro/systemd/openvpn.conf
> @@ -0,0 +1,2 @@
> +d /run/openvpn-client 0710 root root -
> +d /run/openvpn-server 0710 root root -
>

ACK

This works as expected from debian8/systemd 215 to arch/systemd 232

-- 

--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/intel
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel